Authorization; Accounting; System And Administration Configuration - Nortel 2350 User Manual

Authorization

Authorization is the method for providing users with specific rights to the network by associating attribute-value (AV)
pairs to the user. AAA authorization works by assembling a set of attributes that describe what the user is authorized to
perform. These attributes are compared to the information contained in a local database or on a RADIUS server for a
given user and the result is returned to the WSS to determine the user's actual capabilities and restrictions.
You can configure attributes, such as the time of day or specific VLAN access. You can also control access using
security access control lists (ACLs), Mobility Profiles
based on IP protocol, IP addresses and, optionally, TCP or UDP port. They also can be used to set class-of-service (CoS)
values in a packet. Mobility Profiles contain attributes to allow or deny access to specific parts of the network for a
specific user or group of users. Location Policies are an ordered list of location policy rules based on a user glob, VLAN,
and/or ports. A Location Policy can be configured if you need to override the configured AAA user authorization
attributes locally for a specific WSS.

Accounting

Accounting collects and sends information used for billing, auditing, and reporting—for example, user identities,
connection start and stop times, the number of packets received and sent, and the number of bytes transferred. You can
track sessions through accounting information stored locally or on a remote RADIUS server. As network users roam
throughout the network, accounting records track them and their network usage.

System and Administration Configuration

A Mobility Domain is a collection of WSSs that work together to support roaming users. One of the WSSs is defined as
a seed device, which distributes information to the other WSSs defined in the Mobility Domain.
A Mobility Domain allows users to roam geographically from one WSS to another without losing network connectivity.
Users connect as a member of a VLAN through their authorized identities.
You can add switches to a network plan as members of a Mobility Domain or as standalone switches. After a switch is
added, you can move it into or out of a Mobility Domain.
You can create the following kinds of switches:
• 2382 —Provides two gigabit Ethernet ports. Each port has a miniature Gigabit interface converter (mini-GBIC) slot
for insertion of a small form-factor pluggable (SFP) 1000BASE-SX or 1000BASE-LX fiber-optic interface. One
10/100 Ethernet port for out-of-band management (without PoE).
• 2380 —Provides four dual-interface gigabit Ethernet ports. Each port has a 1000BASE-TX copper interface and a
Gigabit interface converter (GBIC) slot for insertion of a 1000BASE-SX or 1000BASE-LX fiber-optic interface.
• 2360—Provides eight 10/100 Ethernet ports, six of which support PoE.
• 2350 —Provides two 10/100 Ethernet ports, one of which supports PoE.
Perform the following tasks to create and initially configure a WSS:
• Configure basic WSS properties.
• Configure WSS connection information.
• Configure boot information.
Planning and Managing Your Wireless Network with WMS 45
TM
, and Location Policies. Security ACLs permit or deny traffic
Nortel WLAN Management Software 2300 Series User Guide