registration
Configures settings enabling dynamic
registration and validation of devices by their MAC addresses. When configured, this option
registers a device‘s MAC address, and allows direct access to a previously registered
device.
This command also configures the external guest registration and validation server
details. If using an external server to perform guest registration, authentication and
accounting, use this command to configure the external server‘s IP address/hostname. When
configured, access points and controllers forward guest registration requests to the
specified registration server. In case of EGuest deployment, this external resource should
point to the EGuest registration server.
Supported in the following platforms:
- Access Points —
AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502,
AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662,
AP8163, AP8543, AP8533.
- Service Platforms
— NX5500, NX7500, NX9500, NX9600, VX9000
Syntax
registration [device|device-OTP|external|user]
registration [device|device-OTP|user] group-name <RAD-GROUP-NAME> {agreement-refresh <0-144000>|
expiry-time <1-43800>}
registration external [follow-aaa|host]
registration external follow-aaa {send-mode [http|https|udp]}
registration external host <IP/HOSTNAME> {proxy-mode|send-mode}
registration external host <IP/HOSTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager|through-centralized-controller]|send-mode [https|https|udp]}
Parameters
registration external follow-aaa {send-mode [http|https|udp]}
| registration |
Enables dynamic guest-user registration and validation. This option is disabled
by default. |
| external |
Specifies that the guest registration is handled by an external resource.
Access points/controllers send registration requests to the external registration
server. |
| follow-aaa |
Uses an AAA policy to point to the guest registration, authentication, and
accounting server. When used, guest registration is handled by the RADIUS server
specified in the AAA policy used in the WLAN context. In case of EGuest
deployment, the RADIUS authentication and accounting server configuration in the
AAA policy should point to the EGuest server. The use of ‘follow-aaa‘ option is
recommended in EGuest replica-set deployments.
For more information on
enabling the EGuest server, see eguest-server (VX9000 only) (profile config mode).
For more information on configuring
an EGuest deployment, see configuring ExtremeGuest captive portal.
|
| send-mode [https|https|udp] |
Optional. Specifies the protocol used to forward registration requests to the
external AAA policy servers. The options are:
- HTTPS – Sends registration
requests as HTTPS packet
- HTTP – Sends registration
requests as HTTP packet
- UDP – Sends registration
requests as UDP packet, using the UPD port 12322. This is the default
setting.
|
|
registration external host <IP/HOSTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager|through-centralized-controller]|send-mode [https|https|udp]}
| registration |
Configures dynamic guest registration and validation
parameters. This option is disabled by default. |
| external |
Specifies that the guest registration is handled by an
external resource. Access points/controllers send registration requests to the
external registration server. |
| host <IP/HOSTNAME> |
Specifies the external registration server‘s IP address
or hostname. When configured, access points/ controllers forward guest registration
requests to the external registration server specified here. |
| proxy-mode {none| through-controller|
through-rf-domain-manager|through-centralized-controller} |
Optional. Specifies the proxy mode. If a proxy is needed
for connection, specify the proxy mode as through-controller, through-rf-domain. If
no proxy is needed, select none.
- none – Optional. Requests are sent directly to the controller from the
requesting device
- through-controller – Optional. Requests are proxied through the controller
configuring the device
- through-rf-domain-manager – Optional. Requests are proxied through the local
RF Domain manager
- through-centralized-controller – Optional. Requests are proxied through one of
the controllers in a cluster, operating as the designated forwarder. Select this
option if capture and redirection is on a cluster of wireless controller/service
platforms managing dependent/independent access points when redundancy is
required.
After specifying the proxy-mode, optionally specify the protocol used to
send the requests to the external registration server host.
|
| send-mode [https|https|udp] |
Optional. Specifies the communication protocol used. The
options are;
- HTTPS – Sends registration requests as HTTPS packets
- HTTP – Sends registration requests as HTTP packets
- UDP – Sends registration requests as UDP packet, using the UPD port 12322.
This is the default setting.
|
|
registration [device|device-OTP|user] group-name <RAD-GROUP-NAME>
{agreement-refresh <0-144000>|expiry-time <1-43800>}
| registration |
Configures dynamic guest registration and validation
parameters. This option is disabled by default. |
| [device|device-OTP| user] |
Configures the mode used to register guest users of this
WLAN. Options include device, external, user, and device-OTP
- device-OTP – Registers a device
by its MAC address. During registration, the user, using the registered device,
has to provide the e-mail address, mobile number, or member id, and the
one-time-passcode (OTP)sent to the registered e-mail id or mobile
number to complete registration. On subsequent logins, the user has to enter the
OTP. If the MAC address of the device attempting login and the OTP combination
matches, the user is allowed access. If using this option, set the WLAN
authentication type as MAC authentication.
- device – Registers a device by its MAC address. On subsequent logins, already
registered MAC addresses are allowed access. If using this option, set the WLAN
authentication type as MAC authentication.
- user – Registers guest users using one of the following options: e-mail
address, mobile-number, or member-id.
If using any one of the above modes of registration, specify the RADIUS
group to which the registered device or user is to be assigned post
authentication.
|
| group-name <RAD-GROUP-NAME> |
Configures the RADIUS group name to which registered
users are associated. When left blank, users are not associated with a RADIUS group.
- <RAD-GROUP-NAME> – Specify the RADIUS group name (should not exceed 64
characters).
|
| expiry-time <1-43800> |
Optional. Configures the amount of time, in hours,
before registered addresses expire and must be re-entered
- <1-43800> – Specify a value from 1 - 43800 hrs. The default is 1500
hrs.
|
| agreement-refresh <0-144000> |
Optional. Sets the time, in minutes, after which an
inactive user has to refresh the WLAN‘s terms of agreement. For example, if the
agreement refresh period is set to 1440 minutes, a user, who has been inactive for
more than 1440 minutes (1 day) is served the agreement page, and is allowed access
only after refreshing the terms of agreement.
- <0-100> – Specify a value from 0 - 144000. The default is 0 minutes.
|
|
Examples
nx9500-6C8809(config-wlan-test)#registration user group-name guest agreement-ref
resh 14400 expiry-time 2000
nx9500-6C8809(config-wlan-test)#show context
wlan test
ssid test
bridging-mode local
encryption-type none
authentication-type none
registration user group-name guest expiry-time 2000 agreement-refresh 14400
nx9500-6C8809(config-wlan-test)#
Related Commands
| no (wlan-config-mode) |
Disables dynamic user registration and removes associated configurations. Also
disables forwarding of user information to an external device. |
|
Print
this page
Email this topic
Feedback
View PDF
Download EPUB