Internal authentication with radius, Authentication procedure, Internal – Proxim ORiNOCO AP-2500 User Manual

Page 51: Authentication with radius, Ap-2500 authentication methods

Advertising
background image

51

AP-2500 Authentication Methods

Internal Authentication with RADIUS

In this configuration, the AP-2500 provides all of the authentication services described in

Internal Authentication

, but it

also communicates with a Remote Authentication Dial-In User Service (RADIUS) server on the network to determine if
a user is valid. RADIUS is an authentication and accounting protocol that is used by many ISPs. The RADIUS server
maintains a large central list of subscribers and their attributes (such as the maximum bandwidth allowed for a specific
customer) that it communicates back to the AP-2500. The RADIUS server can also perform accounting functions to
record a user’s login activity to facilitate billing.
RADIUS is a proven carrier-class protocol to perform accurate time and volume-based billing. The RADIUS protocols
are defined in RFCs 2865 (Authentication) and 2866 (Accounting). These RFCs are available at

http://www.rfc-editor.org/

.

NOTE

In RADIUS terminology, the AP is referred to as a RADIUS Client or as a Network Access Server (NAS).

Authentication Procedure

The following diagram illustrates how a client is authenticated when the AP’s RADIUS client is enabled.

Figure 3-3

Internal Authentication with RADIUS

1. Client connects to AP and launches Web browser. The AP adds the client to its

Current Subscribers Table

with

State set to “Pending”.

2. AP redirects client to the AP’s internal login page or to a

Portal Page

.

The AP redirects the customer when it receives an HTTP request from the customer’s browser.

If the browser’s default home page is loaded in the browser’s cache, the customer may not be redirected to
the login screen. But the customer will be redirected the first time he tries to access a new Web site.

The customer must try to access a valid Web site to call up the login screen. Entering an unreachable URL or
invalid Web address will not bring up the login screen.

Customers who try to access e-mail first will not have a connection. Customers need to login via a Web
browser first.

Advertising
Popular Brands
Popular manuals