56
AP-2500 Authentication Methods
5. Configure the Retransmission Options.
• Select a Retransmission Method. This option is only valid if you have configured settings for a Secondary
Server.
—Failover: The AP make multiple attempts to reach the Primary Server. If the Primary Server fails to
respond (after the specified number of Retransmission Attempts), the AP falls over to the Secondary
Server.
—Round-Robin: The AP first attempts to reach the Primary Server. If the Primary Server fails to respond,
the AP tries the Secondary Server. If the Secondary Server fails to respond, the AP again tries the
Primary Server.
• Enter the number of seconds between retransmission attempts in the Retransmission Frequency field.
• Enter the number of retransmission attempts (per server) in the Retransmission Attempts field.
• Enter the number of seconds after which a retransmission attempt times out in the Retransmission Timeouts
field.
6. Configure the ISP Account Creation options (if applicable).
• This option is provided for demo purposes. It acts as a portal page HTTP redirection to allow new users to sign
up for service with an ISP.
— You can specify a URL to redirect new customers (i.e., a portal page) and a URL to containing an account
creation form, and the ISP Server’s IP Address.
NOTE
If you enable this feature for demo purposes, you must also add the ISP Server’s IP address to the
Passthrough IP Table.
7. Configure the miscellaneous RADIUS Options.
• Select a User Name/Password Type. This option determines what credentials the RADIUS server uses to
authenticate subscribers.
—User-Input (that is, User Name and Password)
—MAC-MAC (The wireless card’s MAC address is used as both the user name and the password)
—MAC-Key (The wireless card’s MAC address is the user name and the AP/RADIUS Shared Secret is the
password)
— If using MAC-MAC or MAC-Key, enter the MAC address in the following format: 123456-7890ab (6 digits,
a dash, final 6 digits).
• Place a check mark in the Enable RADIUS Profile Caching box, if desired.
— When enabled, the AP maintains the user’s information in the Current Subscribers Table (State:
Pending) after a user logs out or times out. If the user attempts to re-connect, he can access the service
again without being prompted to re-enter his user name and password.
— This option uses the subscriber card’s MAC address to re-validate the user. For security reasons, you
may not want to enable this option. It is theoretically possible that an unauthorized individual could
capture the user’s MAC address and use it to spoof the AP to connect to the network when the actual
user is not logged in.
• Place a check mark in the Enable URL Redirection box if you configured the Nomadix-URL-Redirection
VSA.
• Place a check mark in the Send Framed IP box if you want to include the IP address assigned to the client in
the messages sent to RADIUS server.
— You can use this parameter to help identify the IP address assigned to clients in the RADIUS accounting
logs. If using IP Upsell, you can also see how many clients are using public IP addresses.
• Place a check mark in the Send NAS Identifier box if you want to include the AP’s NAS Identifier in the
messages sent to the RADIUS server.
• Configure the NAS Indentifier if you enabled Send NAS Identifier. (In RADIUS terminology, the AP is the
NAS or Network Access Server.)
— You can use this parameter to differentiate between multiple APs in the RADIUS accounting logs.
— Also, the RADIUS server can alter a user’s access policy depending on the NAS identifier. For example,
the maximum session time could be reduced if the NAS identifier is “restaurant” instead of “library.”