3 on-board radius server authentication, 4 hotspot support, On-board radius server authentication – Symbol Technologies AP-5131 User Manual

Page 20: Hotspot support

Advertising
background image

AP-5131 Access Point Product Reference Guide

1-4

1.1.3 On-board Radius Server Authentication

The AP-5131 now has the ability to work as a Radius Server to provide user database information and
user authentication. Several new screens have been added to the AP-5131’s menu tree to configure
Radius server authentication and configure the local user database and access policies. A new Radius
Server screen allows an administrator to define the data source, authentication type and associate
digital certificates with the authentication scheme. The LDAP screen allows the administrator to
configure an external LDAP Server for use with the AP-5131. A new Access Policy screen enables the
administrator to set WLAN access based on user groups defined within the User Database screen.
Each user is authorized based on the access policies applicable to that user. Access policies allow an
administrator to control access to a user groups based on the WLAN configurations.

For detailed information on configuring the AP-5131 for AAA Radius Server support, see

Configuring

User Authentication on page 6-62

.

1.1.4 Hotspot Support

The AP-5131 now allows hotspot operators to provide user authentication and accounting without a
special client application. The AP-5131 uses a traditional Internet browser as a secure authentication
device. Rather than rely on built-in 802.11security features to control AP-5131 association privileges,
you can configure a WLAN with no WEP (an open network). The AP-5131 issues an IP address to the
user using a DHCP server, authenticates the user and grants the user to access the Internet.

If a tourist visits a public hotspot and wants to browse a Web page, they boot their laptop and
associate with a local Wi-Fi network by entering a valid SSID. They start a browser, and the hotspot’s
access controller forces the un-authenticated user to a Welcome page (from the hotspot operator)
that allows the user to login with a username and password. In order to send a redirected page (a
login page), a TCP termination exists locally on the AP-5131. Once the login page displays, the user
enters their credentials. The AP-5131 connects to the Radius server and determines the identity of
the connected wireless user. Thus, allowing the user to access the Internet once successfully
authenticated.

For detailed information on configuring the AP-5131 for Hotspot support, see

Configuring WLAN

Hotspot Support on page 5-40

.

Advertising
Popular Brands
Popular manuals