Location-Aware Authentication - Colubris Networks CN3000 Administrator's Manual

Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
• must not be using a proxy server on port 21, 23, 25, 110, 443, 8080, or 8090. To
• must be using the same proxy server address and port number for both HTTP and
• must not be using 802.1x.
Enabling this feature reduces the maximum number of wireless customers the CN3000
can support to 50 from 100.
Support authentication on SMTP proxy server
When enabled, the CN3000 sends a username and password to log the customer into
the SMTP proxy server. The username and password can be defined in the RADIUS
account for the CN3000
Query if active
The CN3000 continuously polls authenticated client stations to ensure they are active. If
no response is received and the number of retries is reached, the client station is
disconnected.
This feature enables the CN3000 to detect if two client stations are using the same IP
address but have different MAC addresses. If this occurs, access is terminated for this
IP address removing both stations from the network.
Changing these values may have security implications. A large interval provides a
greater opportunity for a session to be hijacked.
• Interval: Specify how long to wait between polls.
• Retries: Specify how many polls a client station can fail to reply to before it is
The initial query is always done after the client station has been idle for 60 seconds. If
there is no answer to this query, the settings for Interval and Retries are used to control
additional retries.
Location-aware This feature enables you to control logins to the public access network based on the
wireless access point a customer is connected to. When enabled, the CN3000 will
authentication
return the value you specify in the Called-Station-ID when it generates a RADIUS
access request for a customer login.
Group name
Specify a group name for the access point. This name is used to identify customer
logins via the Called-Station-ID. You can assign the same group name to more than one
access point.
Called-Station-ID content
Choose the value that you want the CN3000 to return in the Called-Station-ID when it
generates a RADIUS access request for a customer login.
Note: If a customer is connected via a wired connection, the value returned is always
the MAC address of the CN3000's wireless/LAN port in IEEE format. To use the MAC
address of the Internet port, you must edit the config file and change the setting of
radius-called-station-id-port to WAN in the <ACCESS-CONTROLLER> section.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 248 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
support ports 8080 and 8090 change the settings for Security > Authentication >
Advanced Settings > Access controller ports.
HTTPS.
(page
disconnected.
• MAC address: Returns the MAC address of the wireless port the customer is
associated with. This is the MAC address of the wvlan0 interface as displayed by
Tools > System Tools > Interface info.
• SSID: SSID of the access point the customer is associated with.
• Group: Group name of the access point the customer is associated with. Group
names are assigned on the Security > Authentication > Advanced page.
161) or the customer (page 170).