Proxim Orinoco AP-2500 User Manual page 56

AP-2500 Authentication Methods
• First identify the default RADIUS service profile. Note that you must first configure a RADIUS service profile on
the Public Space > AAA > Profile tab.
• Place a check mark in the AAA Radius box to enable the feature.
• The AP can reauthenticate repeat subscribers who return to the system without 720 hours. To enable this
feature place a check mark in the Enable Automatic Subscriber Reauthentication box.
• Select the RADIUS Username Type. When using the AP-2500, you can authenticate subscribers using the
following credentials:
— UserInput (that is, User Name and Password)
— MAC-MAC (Enter the MAC address as both the user name and the password)
— MAC-Key (Enter the MAC address as the user name and the AP/RADIUS Shared Secret as the
password)
If using MAC-MAC or MAC-Key, enter the MAC address in the following format: 123456-7890ab (6 digits, a
dash, final 6 digits).
• Place a check mark in the Radius Idle Timeout box to have the AP time out users who are inactive for the
specified number of seconds.
— The AP only uses this parameter if the Idle-Timeout attribute is not set or if the attribute specifies an
amount of time that is greater than this setting. See
details.
— When set to 0, a user never times out (assuming that the Idle-Timeout attribute is not set).
• Place a check mark in the Send NAS Identifier box if you want to include the AP's NAS Identifier in the
messages sent to the RADIUS server.
• Configure the RADIUS NAS ID if you enabled Send NAS Identifier. (In RADIUS terminology, the AP is the
NAS or Network Access Server.)
— You can use this parameter to differentiate between multiple APs in the RADIUS accounting logs.
— Also, the RADIUS server can alter a user's access policy depending on the NAS identifier. For example,
the maximum session time could be reduced if the NAS identifier is "restaurant" instead of "library."
• To send the NAS IP address with your account request, place a check mark in the Send NAS IP box.
• To send a NAS port type with your account request, check the box for Send NAS Port Type, then define the
NAS port in the RADIUS NAS Port Type field.
• Place a check mark in the Send Framed IP box if you want to include the IP address assigned to the client in
the messages sent to RADIUS server.
— You can use this parameter to help identify the IP address assigned to clients in the RADIUS accounting
logs. If using IP Upsell, you can also see how many clients are using public IP addresses.
• Place a check mark in the Enable URL Redirection box if you configured the Nomadix-URL-Redirection
VSA.
• Place a check mark in the Goodbye URL On box to enable the display of a post-session Goodbye page. The
Goodbye page can be defined as a Radius VSA or through the Internal Web Server.
• If required, check the box for AAA RADIUS Terminate End of Day to allow business policies that want to
terminate the session at midnight of every day.
• If required, check the box for AAA Enable Byte Count Reset on Acct Start to reset the transmitted and
received byte count for a subscriber once an "accounting start" is sent. This function prevents granting Walled
Garden traffic if the billing plan is using bytes sent/recevied as a charge criterion.
5. Click PublicSpace > AAA > Internal.
6. Confirm that there is check mark next to the Enable User Names box if you are authenticating users based on
User name/Password.
7. Place a check mark in the Enable Smart Client box if you are a partner with a hotspot aggregator, such as
Boingo, iPass, or GRIC, and you want to support subscribers who have the aggregator's Smart Client application
installed on their computers. In this case, the RADIUS settings you configured should point to the aggregator's
RADIUS servers. See
8. Click OK if you made any changes.
9. Reboot the AP.
Smart Client for details.
RADIUS Messages and RADIUS Attributes for
56