registration

Configures settings enabling dynamic registration and validation of devices by their MAC addresses. When configured, this option registers a device‘s MAC address, and allows direct access to a previously registered device.

This command also configures the external guest registration and validation server details. If using an external server to perform guest registration, authentication and accounting, use this command to configure the external server‘s IP address/hostname. When configured, access points and controllers forward guest registration requests to the specified registration server. In case of EGuest deployment, this external resource should point to the EGuest registration server.

Supported on the following devices:

Syntax

registration [device|device-OTP|external|user]
registration [device|device-OTP|user] group-name <RAD-GROUP-NAME> {agreement-refresh <0-144000>|
expiry-time <1-43800>}
registration external [follow-aaa|host]
registration external follow-aaa {send-mode [http|https|udp]}
registration external host <IP/HOSTNAME> {proxy-mode|send-mode}
registration external host <IP/HOSTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager|through-centralized-controller]|send-mode [https|https|udp]}

Parameters

registration external follow-aaa {send-mode [http|https|udp]}
registration Enables dynamic guest-user registration and validation. This option is disabled by default.
external Specifies that the guest registration is handled by an external resource. Access points/controllers send registration requests to the external registration server.
follow-aaa Uses an AAA policy to point to the guest registration, authentication, and accounting server. When used, guest registration is handled by the RADIUS server specified in the AAA policy used in the WLAN context.

In case of EGuest deployment, the RADIUS authentication and accounting server configuration in the AAA policy should point to the EGuest server. The use of ‘follow-aaa‘ option is recommended in EGuest replica-set deployments.

For more information on enabling the EGuest server, see eguest-server (VX9000 only) (profile config mode).

For more information on configuring an EGuest deployment, see configuring ExtremeGuest captive portal.

send-mode [https|https|udp] Optional. Specifies the protocol used to forward registration requests to the external AAA policy servers. The options are:
  • HTTPS – Sends registration requests as HTTPS packet
  • HTTP – Sends registration requests as HTTP packet
  • UDP – Sends registration requests as UDP packet, using the UPD port 12322. This is the default setting.
registration external host <IP/HOSTNAME> {proxy-mode [none|through-controller|
through-rf-domain-manager|through-centralized-controller]|send-mode [https|https|udp]}
registration Configures dynamic guest registration and validation parameters. This option is disabled by default.
external Specifies that the guest registration is handled by an external resource. Access points/controllers send registration requests to the external registration server.
host <IP/HOSTNAME> Specifies the external registration server‘s IP address or hostname. When configured, access points/ controllers forward guest registration requests to the external registration server specified here.
proxy-mode {none| through-controller| through-rf-domain-manager|through-centralized-controller} Optional. Specifies the proxy mode. If a proxy is needed for connection, specify the proxy mode as through-controller, through-rf-domain. If no proxy is needed, select none.
  • none – Optional. Requests are sent directly to the controller from the requesting device
  • through-controller – Optional. Requests are proxied through the controller configuring the device
  • through-rf-domain-manager – Optional. Requests are proxied through the local RF Domain manager
  • through-centralized-controller – Optional. Requests are proxied through one of the controllers in a cluster, operating as the designated forwarder. Select this option if capture and redirection is on a cluster of wireless controller/service platforms managing dependent/independent access points when redundancy is required.

After specifying the proxy-mode, optionally specify the protocol used to send the requests to the external registration server host.

send-mode [https|https|udp] Optional. Specifies the communication protocol used. The options are;
  • HTTPS – Sends registration requests as HTTPS packets
  • HTTP – Sends registration requests as HTTP packets
  • UDP – Sends registration requests as UDP packet, using the UPD port 12322. This is the default setting.
registration [device|device-OTP|user] group-name <RAD-GROUP-NAME> 
{agreement-refresh <0-144000>|expiry-time <1-43800>}
registration Configures dynamic guest registration and validation parameters. This option is disabled by default.
[device|device-OTP| user] Configures the mode used to register guest users of this WLAN. Options include device, external, user, and device-OTP
  • device-OTP – Registers a device by its MAC address. During registration, the user, using the registered device, has to provide the e-mail address, mobile number, or member id, and the one-time-passcode (OTP)sent to the registered e-mail id or mobile number to complete registration. On subsequent logins, the user has to enter the OTP. If the MAC address of the device attempting login and the OTP combination matches, the user is allowed access. If using this option, set the WLAN authentication type as MAC authentication.
  • device – Registers a device by its MAC address. On subsequent logins, already registered MAC addresses are allowed access. If using this option, set the WLAN authentication type as MAC authentication.
  • user – Registers guest users using one of the following options: e-mail address, mobile-number, or member-id.

If using any one of the above modes of registration, specify the RADIUS group to which the registered device or user is to be assigned post authentication.

group-name <RAD-GROUP-NAME> Configures the RADIUS group name to which registered users are associated. When left blank, users are not associated with a RADIUS group.
  • <RAD-GROUP-NAME> – Specify the RADIUS group name (should not exceed 64 characters).
expiry-time <1-43800> Optional. Configures the amount of time, in hours, before registered addresses expire and must be re-entered
  • <1-43800> – Specify a value from 1 - 43800 hrs. The default is 1500 hrs.
agreement-refresh <0-144000> Optional. Sets the time, in minutes, after which an inactive user has to refresh the WLAN‘s terms of agreement. For example, if the agreement refresh period is set to 1440 minutes, a user, who has been inactive for more than 1440 minutes (1 day) is served the agreement page, and is allowed access only after refreshing the terms of agreement.
  • <0-100> – Specify a value from 0 - 144000. The default is 0 minutes.

Examples

nx9500-6C8809(config-wlan-test)#registration user group-name guest agreement-ref
resh 14400 expiry-time 2000
nx9500-6C8809(config-wlan-test)#show context
wlan test
 ssid test
 bridging-mode local
 encryption-type none
 authentication-type none
 registration user group-name guest expiry-time 2000 agreement-refresh 14400
nx9500-6C8809(config-wlan-test)#

Related Commands

no (wlan-config-mode) Disables dynamic user registration and removes associated configurations. Also disables forwarding of user information to an external device.