Proxim AP-2500 - page 56

AP-2500 Authentication Methods

5. Configure the Retransmission Options.

• Select a Retransmission Method. This option is only valid if you have configured settings for a Secondary

Server.

—Failover: The AP make multiple attempts to reach the Primary Server. If the Primary Server fails to

respond (after the specified number of Retransmission Attempts), the AP falls over to the Secondary

Server.

—Round-Robin: The AP first attempts to reach the Primary Server. If the Primary Server fails to respond,

the AP tries the Secondary Server. If the Secondary Server fails to respond, the AP again tries the

Primary Server.

• Enter the number of seconds between retransmission attempts in the Retransmission Frequency field.

• Enter the number of retransmission attempts (per server) in the Retransmission Attempts field.

• Enter the number of seconds after which a retransmission attempt times out in the Retransmission Timeouts

field.

6. Configure the ISP Account Creation options (if applicable).

• This option is provided for demo purposes. It acts as a portal page HTTP redirection to allow new users to sign

up for service with an ISP.

— You can specify a URL to redirect new customers (i.e., a portal page) and a URL to containing an account

creation form, and the ISP Server’s IP Address.

NOTE

If you enable this feature for demo purposes, you must also add the ISP Server’s IP address to the

Passthrough IP Table.

7. Configure the miscellaneous RADIUS Options.

• Select a User Name/Password Type. This option determines what credentials the RADIUS server uses to

authenticate subscribers.

—User-Input (that is, User Name and Password)

—MAC-MAC (The wireless card’s MAC address is used as both the user name and the password)

—MAC-Key (The wireless card’s MAC address is the user name and the AP/RADIUS Shared Secret is the

password)

— If using MAC-MAC or MAC-Key, enter the MAC address in the following format: 123456-7890ab (6 digits,

a dash, final 6 digits).

• Place a check mark in the Enable RADIUS Profile Caching box, if desired.

— When enabled, the AP maintains the user’s information in the Current Subscribers Table (State:

Pending) after a user logs out or times out. If the user attempts to re-connect, he can access the service

again without being prompted to re-enter his user name and password.

— This option uses the subscriber card’s MAC address to re-validate the user. For security reasons, you

may not want to enable this option. It is theoretically possible that an unauthorized individual could

capture the user’s MAC address and use it to spoof the AP to connect to the network when the actual

user is not logged in.

• Place a check mark in the Enable URL Redirection box if you configured the Nomadix-URL-Redirection

VSA.

• Place a check mark in the Send Framed IP box if you want to include the IP address assigned to the client in

the messages sent to RADIUS server.

— You can use this parameter to help identify the IP address assigned to clients in the RADIUS accounting

logs. If using IP Upsell, you can also see how many clients are using public IP addresses.

• Place a check mark in the Send NAS Identifier box if you want to include the AP’s NAS Identifier in the

messages sent to the RADIUS server.

• Configure the NAS Indentifier if you enabled Send NAS Identifier. (In RADIUS terminology, the AP is the

NAS or Network Access Server.)

— You can use this parameter to differentiate between multiple APs in the RADIUS accounting logs.

— Also, the RADIUS server can alter a user’s access policy depending on the NAS identifier. For example,

the maximum session time could be reduced if the NAS identifier is “restaurant” instead of “library.”