Table of Contents
Advertisement
User Access Plan
The user access plan should analyze the enterprise network and identify which users should have
access to which areas of the network. What areas of the network should be separated? Which users can
go out to the World Wide Web?
The Summit WM Controller, Access Points and Software system relies on authenticating users via a
RADIUS server (or other authentication server). To make use of this feature, an authentication server on
the network is required. Make sure that the server's database of registered users, with login
identification and passwords, is current.
In the case of certificate-based installations, you must ensure that the proper user certificate profiles are
setup on the RADIUS server.
NOTE
To deploy Summit WM Controller, Access Points and Software without a RADIUS server (and without authentication
of users on the network), select SSID for network assignment (in the Topology screen). In the Authentication -
Configure Captive Portal screen, select the No Captive Portal radio button. There will be no authentication of users,
but Summit WM Controller, Access Points and Software is otherwise operational.
The user access plan should also identify the user groups in your enterprise, and the business structure
of the enterprise network, such as:
Department (such as Engineering, Sales, Finance)
●
Role (such as student, teacher, library user)
●
Status (such as guest, administration, technician)
●
For each user group, you should set up a filter ID attribute in the RADIUS server, and then associate
each user in the RADIUS server to at least one filter ID name. You can define specific filtering rules, by
filter ID attribute, that will be applied to user groups to control network access. Filtering is applied by
the controller. Filter ID assignments is a configuration option, and not a requirement to setup per user
filter ID definitions. If a filter is not returned by the Access-Accept confirmation for a particular user,
the controller uses the default filter profile for the WM-AD as the applicable filter set.
Topology of a WM-AD
Before you decide if a WM-AD will participate in a VLAN and configure a WM-AD, define the global
settings that will apply to all WM-AD definitions. For example, global settings can include identifying
the location of the RADIUS servers and enabling priority traffic handling for voice-over-internet traffic
and dynamic authorization server support.
The type of network assignment determines all the other factors of the WM-AD. There are two options
for network assignment:
SSID:
●
Has Captive Portal authentication, or no authentication
●
Requires restricted filtering rules before authentication
●
Requires filtering rules for group filter IDs after authentication. A default filter applies if a more
●
specific filter is not indicated by the RADIUS Access-Accept response.
Used for a WM-AD supporting wireless voice traffic (QoS)
●
Summit WM20 User Guide, Software Release 4.2
Topology of a WM-AD
87
Advertisement
Table of Contents
