Authentication | 3Com CRWXR10095A, 3CRWX440095A, 3CRWX120695A

38CHAPTER 2: PLANNING AND MANAGING YOUR WIRELESS NETWORK WITH 3WXM

If services are being used for customer corporate entities (e.g. different airlines on an airport wireless net), then they would probably use 802.1X and strong encryption with web guest access for their airport club guests. If the services are being used to advertise multiple wireless service providers (WISP), such as T-MobileTM, Wayport ®, and Boingo WirelessTM, then these services would probably be completely open. However, they would likely be assigned to their own dedicated subnet containing their proxy server/billing gateway.

AAASecurity An administrator can control the way in which users access the network. Configuration For each service you provide, you can configure unique authentication,

authorization, and accounting (AAA) security features, creating an entirely virtualized wireless service. For each service, you configure:

Multiple authentication choices (802.1X, Web, AAA, MAC authentication, Bonded Auth, open)

AAA methods (up to four RADIUS server groups, or a local database on the WX switch)

Authentication

Authentication is the method of determining whether a user is allowed access to your network. Users can be authenticated by a RADIUS server (pass-through) or by the WX switch local database (local). The WX switch can also assist the RADIUS server by performing the Extensible Authentication Protocol (EAP) processing for the server (offload).

To authenticate users, you will need to configure users either in the local database or on RADIUS servers. Each user will have a username, password, and RADIUS and/or vendor-specific attributes (VSAs). You will also need to configure authentication rules (802.1X, MAC, last-resort, or web authentication).

See Figure 8 on page 39 to see a flowchart representing the authentication process. Generally, 802.1X authentication is attempted first. If the user fails, then MAC authentication is attempted. If this fails, then last resort and web authentication is used. For a service profile, you specify either web authentication, last-resort, or none in the auth-fall-thru box. You can only select one.

Image 38

3Com CRWXR10095A, 3CRWX440095A, 3CRWX120695A manual Authentication

Contents

Wireless LAN Mobility System 3CRWXR10095A, 3CRWX120695A, 3CRWX440095A 3Com Corporation 350 Campus Drive Marlborough, MA USA United States Government Legend Contents Configure WX Switch Connection Information Overview Task Table Step Summary Create a Service Profile Create a Radio ProfileSet Up VLANs on WX Switches What’s Next? 122 Assign Channel Settings 136 Calculate Optimal Power 138121 134 148 Overview Deploy Your Configuration 144148 Distributing WX Configuration Files 149 155 Display User Activity 157 Index Icon Description ConventionsList conventions that are used throughout this guide Documentation Comments Pddtechpubscomments@3com.com Chapter about this Guide 3WXM Client HardwareRequirements for 3WXM client in Windows Hardware Requirements for Running 3WXM Services in Windows 3WXM Services3WXM Services in Windows Software Installation Preparing for Number Radios WX Switches 50+ WX Switches 1000 3WXM Services in Shared Mode Start the 3WXM Services Wizard Configure 3WXM Services Connect 3WXM Clients to 3WXM ServicesTo connect the client to Services You can change the properties of 3WXM Services Getting Started User Privilege Levels To select monitoring settingsPrivilege Level Access Control Configuration Monitoring Getting Started 3WXM Main Window Menu Bar with Dropdown Menu Preferences Wizard 3WXM Interface Properties 3WXM Interface Getting Started Process is described in this chapter OverviewWith flexible tools to assist with network planning Planning and Managing Your Wireless Network with 3WXM Network Plan RF Coverage Area Planning and Managing Your Wireless Network with 3WXM RF Coverage Area Planning Techniques to Use Concern If yes, use If No, use Also create a basic configuration for the WX switch ConfigurationSupport the services you require Baseline values for planning Radio and Service Profiles Configuration Authentication Authentication Flowchart for Network Users Authorization Accounting Configure Basic WX Switch Properties Equipment Configure WX Switch Connection InformationConfigure Boot Information Changes to a single WX switch Deployment is when WX configuration information in the 3WXMNetwork plan is sent to your WX switch Deployment Planning and Managing Your Wireless Network with 3WXM „ Rssi Planning and Managing Your Wireless Network with 3WXM Management and Monitoring Monitoring Reports Report Description Configuration Reports3WXM Reports Model to improve the accuracy of the model RF PlanOptimization Ability to more accurately plan for and improve network Planning and Managing Your Wireless Network with 3WXM Multi-hosted access, or Voice over Wireless IP VoWIP access Potential encryptions 802.11i, WPA, WEP, or unencrypted Services ConfigureEmployee Access Task Table Creating a Service for Employee Access Click New Radius Server Group From Radius Server tabFrom Radius Server Group tab Access From 802.1X Network AccessAccess Rules Network Access Rules From Vlan Setup tab Configuring Wireless Services Create a Service Profile Configuring Wireless Services Create a Radio Profile Right-clickRadio Profiles Insert Configure Radius Servers Click Finish to save the changes and close the wizard Click New Radius Server Group 3Com VSAs Specify Network Access Rules 3Com VSAs Configure Employee Access Services Set Up VLANs on WX Switches Configure Employee Access Services Configuring Wireless Services Encryption Configure GuestAccess Services Creating a Service for Guest Access Creating a Service for Guest Access Configure local authentication „ Click Authentication. Select Choose Available Local server Click New Mobility Profile Ports list, specify ports to include in the Mobility Profile Click Choose Available You can create two types of users in the local database Create User Group wizard is displayed Configuring Wireless Services Service Configure VoiceOver Wireless IP From Radio Profile tab Creating a Service for VoWIP AccessFrom Encryption tab From User Attributes tab Select New MAC Address UserEdit click Local User Database Edit Radius From Spanning Tree Port Setup tab Access Rules Insert MACNetwork Access Select Choose Available Radius or Local „ From Authentication tab, select Choose Available Local You can create two types of users in the local database Click Local User Database Configuring Wireless Services Example Creating an ACL for SpectraLink Wireless Phones Configuring Wireless Services Example Creating an ACL for Avaya Wireless Phones Configuring Wireless Services Configure Voice over Wireless IP Service Configuring Wireless Services Auto-Tuning on AutoTune feature to set MAP channels and power settingsTo learn more about the benefits of RF Auto-Tuning, see RF To networks containing fewer MAPs Switch Configure InitialWX Switch Configuration into 3WXM Network Plan Upload the WX Switch Configuration into a 3WXM Network Plan Services, see Which Services To Provide? on Create a ServiceFor more information about service profiles, see Wireless Profile Profile and Map Service Profile to It Create a Radio Click the Service Profile Selection tab Create Your MAPs Radio Apply a RadioProfile to Each To each radio on the MAP Modelling Your network plan Add Site Information Add Site Information Using RF AUTO-TUNING with Modelling Add Site Information Using RF AUTO-TUNING with Modelling Insert RF Obstacles Coverage Area Switch portsCreate Your RF Closet From the Modify Building wizard, click Plan RF coverage Create Your RF To create your RF coverage areaCoverage Area Enter a name for the area Click Next Create Your RF Coverage Area On the floor Select the Area Associations tab Click Choose Available Create Your RF Coverage Area Using RF AUTO-TUNING with Modelling Using the RF Auto-Tuning with modelling technique Common country code for the WX switches contained in it Prepare Floor Drawings Reliability of the users Define SiteOther editing tools in the Building wizard To create a network plan You must select a country code before continuing To add site information Using RF Planning To configure building information Using RF Planning Define Site Information Click OK Define Site Information Using RF Planning Common AutoCAD Layer Terminology AutoCAD Layer Name Commonly Represents Using RF Planning Survey Add Wiring ClosetsImport a Site Plan RF Coverage Using RF Planning Plan RF Coverage Using RF Planning Plan RF Coverage Using RF Planning Click Finish RF coverage area is displayed on the floor plan Using RF Planning Click Next Using RF Planning Plan RF Coverage Using RF Planning Plan RF Coverage Using RF Planning Generate a Work Order Install Considered in the work order, too Provides you with information about configuring WX switch Management and Monitoring on Deploy Your WX switchClick Deploy Now to deploy the configuration Changes are only local to 3WXM Deploy Your Configuration Perform Basic AdministrativeConfiguring WX Management Services Tasks Perform Basic Administrative Tasks Using the Image Repository Distributing System Images Distributing WX Configuration Files Click Distribute Select Distribute Config Click Distribute Select File Save As Configuration Files Managing and Monitoring Your Network Examples Select Export DefaultsMonitoring Find the User Select the Client Sessions tab Place User on Watch ListLocate the User Managing and Monitoring Your Network Display User Activity View Long-Term User Statistics Monitoring Examples Managing and Monitoring Your Network Monitoring Examples Managing and Monitoring Your Network Monitoring Examples Managing and Monitoring Your Network Monitoring Examples Configuring Countermeasures Monitoring Examples Managing and Monitoring Your Network „ You want to verify your network RF coverage „ You have a reported coverage problem in your networkYour network plan because From MAPs Using RFMeasurements Using RF Measurements from MAPs Using RF Measurements from an Ekahau Site Survey Using RF Measurements from an Ekahau Site Survey Click Generate Using RF Measurements from an Ekahau Site Survey Optimizing a Network Plan Click Import Measurements Click Next Optimizing the RF Coverage Model Optimizing a Network Plan Locating and Fixing Coverage Holes Optimizing a Network Plan Locating and Fixing Coverage Holes Optimizing a Network Plan What’s Next? Optimizing a Network Plan Index Numbers Index Saving Index