52
AP-2500 Authentication Methods
3. Client sends AP its login credentials (User name/password or MAC address).
4. AP checks its Authorized Subscribers Table. If the client is not listed, the AP forwards the authentication request to
the RADIUS server.
5. The RADIUS server authenticates the user based on the client’s login credentials and notifies AP of successful
authentication.
6. AP changes the client’s State to “Valid” in its Current Subscribers Table and redirects the client to the requested
Web page or to the site specified by Home Page Redirection settings.
7. AP sends an accounting “start” message to the RADIUS server.
• This assumes that RADIUS accounting is enabled.
• Note that you can use the same server for RADIUS authentication and accounting or two different RADIUS
servers: one for authentication and one for accounting).
8. RADIUS server sends an acknowledgment back to the AP that the accounting message was successfully
received.
• This assumes that RADIUS accounting is enabled.
• In addition to sending an accounting “start” message when a subscriber logs in, the AP also sends an
accounting “stop” message when the subscriber logs out or times out. Also, the AP can send interim
accounting messages at a specified interval (but not less than every two minutes).
Notes Concerning RADIUS
• Subscribers authenticated by RADIUS can logout of their Internet sessions in one of three ways:
– By clicking the Logout button found on the ICC (if enabled).
• See Information and Control Console (ICC) and Potential End User Issues for more information and a list
of known issues.
– By typing http://1.1.1.1/ in their Web browser.
– By clicking a link to http://1.1.1.1/ that you add to a custom Portal Page.
• Subscribers authenticated by RADIUS are logged out automatically in one of two ways:
– Idle timer expires.
– Session timer expires.
(These two timers are RADIUS attributes that you can configure for the subscribers in your RADIUS database. See
RADIUS Messages and RADIUS Attributes for details.)
•See RADIUS for more information on the AP’s RADIUS implementation.
Configuration Instructions
The configuration instructions are divided into two topics:
• Install and Configure RADIUS
• Configure the AP-2500
Install and Configure RADIUS
Before you install or configure the AP-2500, you should first install and configure the RADIUS server on your network.
There are multiple RADIUS applications available. Popular RADIUS servers include Microsoft’s Internet Authentication
Service (IAS), Funk’s Steel-belted RADIUS, and Lucent Navis RADIUS. Microsoft’s IAS server is included with
Windows 2000 Server.
Since your specific installation and configuration steps will vary based on the RADIUS server you select, the following
instructions are only an overview of the process. Refer to the documentation included with your RADIUS server for
detailed instructions.
NOTE
Contact your RADIUS server manufacturer if you have problems configuring the server or have problems
using RADIUS authentication and/or accounting.