Aaa Security Configuration - 3Com Wireless LAN Controller WX2200 User Manual

38 C 2: P
HAPTER LANNING AND
AAA Security
Configuration
M Y W
ANAGING OUR IRELESS
If the services are being used to advertise multiple wireless service
providers (WISP), such as T-Mobile
then these services would probably be completely open. However, they
would likely be assigned to their own dedicated subnet containing their
proxy server/billing gateway.
An administrator can control the way in which users access the network.
For each service you provide, you can configure unique authentication,
authorization, and accounting (AAA) security features, creating an
entirely virtualized wireless service. For each service, you configure:
Multiple authentication choices (802.1X, Web, AAA, MAC
authentication, Bonded Auth, open)
AAA methods (up to four RADIUS server groups, or a local database
on the WX switch)
Authentication
Authentication is the method of determining whether a user is allowed
access to your network. Users can be authenticated by a RADIUS server
(pass-through) or by the WX switch local database (local). The WX switch
can also assist the RADIUS server by performing the Extensible
Authentication Protocol (EAP) processing for the server (offload).
To authenticate users, you will need to configure users either in the local
database or on RADIUS servers. Each user will have a username,
password, and RADIUS and/or vendor-specific attributes (VSAs). You will
also need to configure authentication rules (802.1X, MAC, last-resort, or
web authentication).
See Figure 6 on page 39 to see a flowchart representing the
authentication process. Generally, 802.1X authentication is attempted
first. If the user fails, then MAC authentication is attempted. If this fails,
then last resort and web authentication is used. For a service profile, you
specify either web authentication, last-resort, or none in the
auth-fall-thru box. You can only select one.
N 3WXM
ETWORK WITH
, Wayport
TM
®
, and Boingo Wireless ,
TM