Customer Authentication; Location Aware; Authentication Methods - Colubris Networks CN3000 Administrator's Manual

Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How it works - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2

Customer authentication

Note: This manual uses the term customer to refer to any person or device that logs in
to the public access network created by the CN3000.

Location aware

This powerful feature enables you to control logins to the public access network based
on the wireless access point a customer is associated with. Once a customer is
authenticated, this feature can also be used to monitor and control roaming to other
access points that are part of the network.
For more information, see
Authentication The CN3000 supports the following methods for authenticating customers.
methods
RADIUS server
This method enables you to use the services of a RADIUS server to manage your
customers, track and manage connection time, and generate billing information.
Once the customer is authenticated, configuration information is retrieved for the
customer. This information can include settings for:
• Connection time limit for the customer's session.
• Idle time limit for the customer's session.
• Access list for the customer.
• Address of the e-mail server to use for redirection of the customer's e-mail.
• URLs specifying the location of customized Welcome and Goodbye pages for the
When you create a profile for each customer on the RADIUS server you define this
information in the form of regular RADIUS attributes and a Colubris Network vendor-
specific attribute. For a complete list of all supported values see
profiles on the RADIUS server" on page
Local user list
The CN3000 enables you to create local accounts that bypass RADIUS authentication.
To login, customers use the public access interface, but instead of using the RADIUS
server, authentication is handled directly by the CN3000. These accounts are useful for
system administrators and management personnel.
Note: If a RADIUS is available, accounting information will be sent for all local users.
This enables you to authenticate locally but still log accounting information on the
RADIUS server.
Note: Local user accounts can only be used to support customers that log in via HTML.
Customers using WPA/802.1x must be authenticated via RADIUS.
To setup these accounts:
• On the Security > Authentication page, enable Local authentication in the HTML-
• On the Security > User List page, define usernames and passwords for all
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Location-aware authentication" on page 125
customer.
based authentication box.
customers.
"Creating customer
164.