Table of Contents
Advertisement
A
G
CCESS
ATEWAY
RADIUS messages to the various RADIUS servers. This functionality can be effectively
deployed to:
Support a wholesale WISP model directly from the edge without the need for any
centralized AAA proxy infrastructure.
Support EAP authenticators (for example, WLAN APs) on the subscriber-side of the
NSE to transparently proxy all EAP types (TLS, SIM, etc.) and to allow for the
distribution of per-session keys to EAP authenticators and supplicants.
Complementing the RADIUS Proxy functionality is the ability to route RADIUS messages
depending on the Network Access Identifier (NAI). Both prefix-based (for example, ISP/
username@ISP.net) and suffix-based (username@ISP.net) NAI routing mechanisms are
supported. Together, the RADIUS Proxy and Realm-Based Routing further support the
deployment of the Wholesale Wi-Fi™ model allowing multiple providers to service one
location. See also,
Realm-Based Routing
Realm-Based Routing provides advanced NAI (Network Access Identifier) routing
capabilities, enabling multiple service providers to share a HotSpot location, further supporting
a Wi-Fi wholesale model. This functionality allows users to interact only with their chosen
provider in a seamless and transparent manner.
Remember Me and RADIUS Re-Authentication
The NSE's Internal Web Server (IWS) stores encrypted login cookies in the browser to
remember logins, using usernames and passwords. This "Remember Me" functionality creates
a more efficient and better user experience in wireless networks.
The RADIUS Re-Authentication buffer has been expanded to 720 hours, allowing an even
more seamless and transparent connection experience for repeat users.
Secure Management
There are many different ways to configure, manage and monitor the performance and up-time
of network devices. SNMP, Telnet, HTTP and ICMP are all common protocols to accomplish
network management objectives. And within those objectives is the requirement to provide the
highest level of security possible.
While several network protocols have evolved that offer some level of security and data
encryption, the preferred method for attaining maximum security across all network devices is
to establish an IPSec tunnel between the NOC (Network Operations Center) and the edge
device (early VPN protocols such as PPTP have been widely discredited as a secure tunneling
method).
Introduction
"RADIUS Client" on page
20.
21
- Quick Links:
- Access Control
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Access gateway and is the answer not in the manual?
Questions and answers