Table of Contents
Advertisement
For an overview on mesh networking as well as details on configuring the Access Point's mesh
networking functionality, see
"Configuring Mesh Networking" on page
577.
Additional LAN Subnet
In a typical retail or small office environment (wherein a wireless network is available along with a
production WLAN) it is often necessary to segment a LAN into two subnets. Consequently, a second
LAN is required to "segregate" wireless traffic.
The Access Point has a second LAN subnet enabling administrators to segment the Access Point's LAN
connection into two separate networks. The main Access Point LAN screen now allows the user to
select either LAN1 or LAN2 as the active LAN over the Access Point's Ethernet port. Both LANs can
still be active at any given time, but only one can transmit over the Access Point's physical LAN
connection. Each LAN has a separate configuration screen (called LAN 1 and LAN 2 by default)
accessible under the main LAN screen. The user can rename each LAN as necessary. Additionally, each
LAN can have its own Ethernet Type Filter configuration, and subnet access (HTTP, SSH, SNMP and
telnet) configuration.
For detailed information on configuring the Access Point for additional LAN subnet support, see
"Configuring the LAN Interface" on page
123.
On-board RADIUS Server Authentication
The Access Point can function as a RADIUS Server to provide user database information and user
authentication. Several new screens have been added to the Access Point's menu tree to configure
RADIUS server authentication and configure the local user database and access policies. The new
RADIUS Server functionality allows an administrator to define the data source, authentication type and
associate digital certificates with the authentication scheme. The LDAP screen allows the administrator
to configure an external LDAP Server for use with the Access Point. A new Access Policy screen enables
the administrator to set WLAN access based on user groups defined within the User Database screen.
Each user is authorized based on the access policies applicable to that user. Access policies allow an
administrator to control access to a user groups based on the WLAN configurations.
For detailed information on configuring the Access Point for AAA RADIUS Server support, see
"Configuring User Authentication" on page
250.
Hotspot Support
The Access Point allows hotspot operators to provide user authentication and accounting without a
special client application. The Access Point uses a traditional Internet browser as a secure authentication
device. Rather than rely on built-in 802.11 security features to control Access Point association
privileges, you can configure a WLAN with no WEP (an open network). The Access Point issues an IP
address to the user using a DHCP server, authenticates the user, and grants the user access to the
Internet.
If a tourist visits a public hotspot and wants to browse a Web page, they boot their laptop and associate
with a local Wi-Fi network by entering a valid SSID. They start a browser, and the hotspot's access
controller forces the un-authenticated user to a Welcome page (from the hotspot operator) that allows
the user to login with a username and password. In order to send a redirected page (a login page), a
TCP termination exists locally on the Access Point. Once the login page displays, the user enters their
credentials. The Access Point connects to the RADIUS server and determines the identity of the
connected wireless user. Thus, allowing the user access to the Internet once successfully authenticated.
Altitude 4700 Series Access Point Product Reference Guide
35
Advertisement
Table of Contents
