3com WX4400 3CRWX440095A Manual De Usuario
36
C
HAPTER
2: P
LANNING
AND
M
ANAGING
Y
OUR
W
IRELESS
N
ETWORK
WITH
3WXM
If the services are being used to advertise multiple wireless service
providers (WISP), such as T-Mobile
providers (WISP), such as T-Mobile
TM
, Wayport
®
, and Boingo Wireless
TM
,
then these services would probably be completely open. However, they
would likely be assigned to their own dedicated subnet containing their
proxy server/billing gateway.
would likely be assigned to their own dedicated subnet containing their
proxy server/billing gateway.
AAA Security
Configuration
An administrator can control the way in which users access the network.
For each service you provide, you can configure unique authentication,
authorization, and accounting (AAA) security features, creating an
entirely virtualized wireless service. For each service, you configure:
For each service you provide, you can configure unique authentication,
authorization, and accounting (AAA) security features, creating an
entirely virtualized wireless service. For each service, you configure:
Multiple authentication choices (802.1X, Web, AAA, MAC
authentication, Bonded Auth, open)
authentication, Bonded Auth, open)
AAA methods (up to four RADIUS server groups, or a local database
on the WX switch)
on the WX switch)
Authentication
Authentication is the method of determining whether a user is allowed
access to your network. Users can be authenticated by a RADIUS server
(pass-through) or by the WX switch local database (local). The WX switch
can also assist the RADIUS server by performing the Extensible
Authentication Protocol (EAP) processing for the server (offload).
access to your network. Users can be authenticated by a RADIUS server
(pass-through) or by the WX switch local database (local). The WX switch
can also assist the RADIUS server by performing the Extensible
Authentication Protocol (EAP) processing for the server (offload).
To authenticate users, you will need to configure users either in the local
database or on RADIUS servers. Each user will have a username,
password, and RADIUS and/or vendor-specific attributes (VSAs). You will
also need to configure authentication rules (802.1X, MAC, last-resort, or
web authentication).
database or on RADIUS servers. Each user will have a username,
password, and RADIUS and/or vendor-specific attributes (VSAs). You will
also need to configure authentication rules (802.1X, MAC, last-resort, or
web authentication).
See Figure 6 on page 37 to see a flowchart representing the
authentication process. Generally, 802.1X authentication is attempted
first. If the user fails, then MAC authentication is attempted. If this fails,
then last resort and web authentication is used. For a service profile, you
specify either web authentication, last-resort, or none in the
auth-fall-thru box. You can only select one.
authentication process. Generally, 802.1X authentication is attempted
first. If the user fails, then MAC authentication is attempted. If this fails,
then last resort and web authentication is used. For a service profile, you
specify either web authentication, last-resort, or none in the
auth-fall-thru box. You can only select one.