Alvarion Technologies Ltd. BMAX-BA36 Manuale Utente
Base Station Menu
BreezeMAX Modular Base Station System Manual
113
4.5.4
RADIUS
Managing a large number of users creates the need for significant administrative
support together with careful attention to security, authorization and accounting.
The use of RADIUS (Remote Authentication Dial In User Service) enables
operators to manage a single database of users, supporting authentication
(verifying user name and password) as well as configuration information detailing
the type of service to deliver to the user and the traffic that the user transmitted
and received, for billing proposes.
support together with careful attention to security, authorization and accounting.
The use of RADIUS (Remote Authentication Dial In User Service) enables
operators to manage a single database of users, supporting authentication
(verifying user name and password) as well as configuration information detailing
the type of service to deliver to the user and the traffic that the user transmitted
and received, for billing proposes.
RADIUS is a protocol for carrying authentication, authorization, and configuration
information between a Network Access Server (NAS), which desires to
authenticate its links, and a shared Authentication server. A Network Access
Server operates as a client of RADIUS. The client is responsible for passing user
information to designated RADIUS server(s(, and then acting on the response.
RADIUS servers are responsible for receiving user connection requests,
authenticating the user, and then returning all configuration information
necessary for the client to deliver service to the user.
information between a Network Access Server (NAS), which desires to
authenticate its links, and a shared Authentication server. A Network Access
Server operates as a client of RADIUS. The client is responsible for passing user
information to designated RADIUS server(s(, and then acting on the response.
RADIUS servers are responsible for receiving user connection requests,
authenticating the user, and then returning all configuration information
necessary for the client to deliver service to the user.
In BreezeMAX systems, a RADIUS NAS is implemented in each Base Station.
Transactions between the client and RADIUS server are authenticated using
Password Authentication Protocol (PAP) through encryption based on RSA
Message Digest Algorithm MD5 and a Shared Secret, which is never sent over the
network.
Transactions between the client and RADIUS server are authenticated using
Password Authentication Protocol (PAP) through encryption based on RSA
Message Digest Algorithm MD5 and a Shared Secret, which is never sent over the
network.
The Access-Request is submitted to the RADIUS server via the network. If no
response is returned within a length of time, the request is re-sent a number of
times. Once the RADIUS server receives the request, it validates the sending
client. A request from a client for which the RADIUS server does not have a shared
secret must be silently discarded. If the client is valid, the RADIUS server consults
a database of users to find the user whose User Name matches the request. The
user entry in the database contains the User Password that must be verified.
response is returned within a length of time, the request is re-sent a number of
times. Once the RADIUS server receives the request, it validates the sending
client. A request from a client for which the RADIUS server does not have a shared
secret must be silently discarded. If the client is valid, the RADIUS server consults
a database of users to find the user whose User Name matches the request. The
user entry in the database contains the User Password that must be verified.
The SU authentication is a part of the network entry process:
1
User Name and Password should be configured in the SU.
2
All required Service Profiles and theitr components should be configured in the
NPU (see
NPU (see
.
3
The RADIUS Authentication server(s) should be configured with the relevant
SU’s details (User Name and Password) and their corresponding services (see
SU’s details (User Name and Password) and their corresponding services (see
.