beautypg.com

On-board radius server authentication, Hotspot support – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

Page 32

background image

20

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

1

The access point has a second LAN subnet enabling administrators to segment the access point’s
LAN connection into two separate networks. The main access point LAN screen now allows the user
to select either LAN1 or LAN2 as the active LAN over the access point’s Ethernet port. Both LANs
can still be active at any given time, but only one can transmit over the access point’s physical LAN
connection. Each LAN has a separate configuration screen (called LAN 1 and LAN 2 by default)
accessible under the main LAN screen. The user can rename each LAN as necessary. Additionally,
each LAN can have its own Ethernet Type Filter configuration, and subnet access (HTTP, SSH,
SNMP and telnet) configuration.

For detailed information on configuring the access point for additional LAN subnet support, see
Configuring the LAN Interface on page 5-115.

On-board Radius Server Authentication

The access point can function as a Radius Server to provide user database information and user
authentication. Several new screens have been added to the access point’s menu tree to configure
Radius server authentication and configure the local user database and access policies. The new
Radius Server functionality allows an administrator to define the data source, authentication type
and associate digital certificates with the authentication scheme. The LDAP screen allows the
administrator to configure an external LDAP Server for use with the access point. A new Access
Policy screen enables the administrator to set WLAN access based on user groups defined within
the User Database screen. Each user is authorized based on the access policies applicable to that
user. Access policies allow an administrator to control access to a user groups based on the WLAN
configurations.

For detailed information on configuring the access point for AAA Radius Server support, see
Configuring User Authentication on page 6-240.

Hotspot Support

The access point allows hotspot operators to provide user authentication and accounting without a
special client application. The access point uses a traditional Internet browser as a secure
authentication device. Rather than rely on built-in 802.11security features to control access point
association privileges, you can configure a WLAN with no WEP (an open network). The access point
issues an IP address to the user using a DHCP server, authenticates the user and grants the user to
access the Internet.

If a tourist visits a public hotspot and wants to browse a Web page, they boot their laptop and
associate with a local Wi-Fi network by entering a valid SSID. They start a browser, and the
hotspot’s access controller forces the un-authenticated user to a Welcome page (from the hotspot
operator) that allows the user to login with a username and password. In order to send a redirected
page (a login page), a TCP termination exists locally on the access point. Once the login page
displays, the user enters their credentials. The access point connects to the Radius server and
determines the identity of the connected wireless user. Thus, allowing the user to access the
Internet once successfully authenticated.

For detailed information on configuring the access point for Hotspot support, see Configuring
WLAN Hotspot Support on page 5-152.

See also other documents in the category Brocade Computer Accessories: