Nortel 2350 用户指南
42 Planning and Managing Your Wireless Network with WMS
NN47250-101 (320665-G Version 02.01)
with each SSID being matched with its own service profile. If services are being used for customer corporate entities
(e.g. different airlines on an airport wireless net), then they would probably use 802.1X and strong encryption with Web
guest access for their airport club guests. If the services are being used to advertise multiple wireless service providers
(e.g. different airlines on an airport wireless net), then they would probably use 802.1X and strong encryption with Web
guest access for their airport club guests. If the services are being used to advertise multiple wireless service providers
(WISP), such as T-Mobile
TM
, Wayport ®, and Boingo Wireless
TM
, then these services would probably be completely
open. However, they would likely be assigned to their own dedicated subnet containing their proxy server/billing
gateway.
gateway.
AAA Security Configuration
An administrator can control the way in which users access the network. For each service you provide, you can
configure unique authentication, authorization, and accounting (AAA) security features, creating an entirely virtualized
wireless service. For each service, configure the following items:
configure unique authentication, authorization, and accounting (AAA) security features, creating an entirely virtualized
wireless service. For each service, configure the following items:
•
Multiple authentication choices (802.1X, Web, AAA, MAC authentication, Bonded Auth, open)
•
AAA methods (up to four RADIUS server groups, or a local database on the WSS)
Authentication
Authentication is the method of determining whether a user is allowed access to your network. Users can be authenti-
cated by a RADIUS server (pass-through) or by the WSS local database (local). The WSS can also assist the RADIUS
server by performing the Extensible Authentication Protocol (EAP) processing for the server (off load).
cated by a RADIUS server (pass-through) or by the WSS local database (local). The WSS can also assist the RADIUS
server by performing the Extensible Authentication Protocol (EAP) processing for the server (off load).
To authenticate users, you will need to configure users either in the local database or on RADIUS servers. Each user will
have a username, password, and RADIUS and/or vendor-specific attributes (VSAs). You will also need to configure
authentication rules (802.1X, MAC, last-resort, or Web authentication).
have a username, password, and RADIUS and/or vendor-specific attributes (VSAs). You will also need to configure
authentication rules (802.1X, MAC, last-resort, or Web authentication).
See
to view a flowchart representing the authentication process. Generally, 802.1X authentication is
attempted first. If the user fails, then MAC authentication is attempted. If this fails, then last resort and Web authentica-
tion is used. For a service profile, you specify either Web authentication, last-resort, or none in the auth-fall-thru box.
You can only select one.
tion is used. For a service profile, you specify either Web authentication, last-resort, or none in the auth-fall-thru box.
You can only select one.