Manualshelf

User's Manual

ManualsBrandsAerohive Networks ManualsElectronics802.11 a/b/g/n access point
31323334353637383940
Table Of Contents
Deployment Guide 129
EXAMPLE 9: CREATING WLAN POLICIES
•RADIUS UP Rule: def-radius-user-profile-rule (default)
This setting essentially controls which users authenticated by a RADIUS server can access the SSID.
Because the voip SSID does not use RADIUS authentication, the setting is not applicable.
•Radio Mode: 11ng(b/g)
In this example, you want to use IEEE 802.11b/g for network access traffic because a broader range of
wireless clients support IEEE 802.11b than IEEE 802.11a, which came out two years later (despite its
alphabetical precedence), and it provides slightly greater coverage.
The three choices in the Radio Mode drop-down list are as follows:
11na+11ng(a+b/g): This binds the SSID to two subinterfaces, each linked to a different radio
operating in separate frequency bands. Radio 1 supports IEEE 802.11b/g and operates in the 2.4
GHz band, and radio 2 supports IEEE 802.11a and operates in the 5 GHz band.
This is a good approach if the HiveAPs need to interoperate with some wireless clients that only
support 802.11b/g and others that only support 802.11a. In this case, both of the wifi
interfaces—wifi0 and wifi1—must be in access mode. On the other hand, if hive members need to
support wireless backhaul communications, then you cannot take this approach because one
interface (wifi1 by default) will need to be in backhaul mode and its subinterfaces (wifi1.1 –
wifi1.4), therefore, cannot support an SSID.
11ng(b/g): This binds the SSID to a subinterface linked to a radio operating at 2.4 GHz for the IEEE
802.11b or IEEE 802.11g standards.
11na(a): This binds the SSID to a subinterface using an antenna operating at 5 GHz for the IEEE
802.11a standard.
•User Profile: VoIP
2. After you click Apply, a drop-down list appears for the user profile type. Choose Default.
SSID: corp
1. Click New, enter the following to define the WLAN mappings for the corp SSID, and then click Apply:
SSID Profile: corp
•MGT Service Filter: def-service-filter (default)
AAA Servers: (leave empty; you want to use the RADIUS servers set on the previous page)
•RADIUS UP Rule: def-radius-user-profile-rule (default)
The default RADIUS user profile rule allows all users authenticated by the same RADIUS server to access
the SSID. In this example, only corporate employee accounts are stored on the RADIUS server, so there
is no need to restrict access to a smaller set of users.
•Radio Mode: 11ng(b/g)
•User Profile: IT and Emp (SHIFT-click or CTRL-click to make multiple selections.)
2. After you click Apply, a drop-down list appears for the user profile type. Choose RADIUS for IT, and choose
Default for Emp.
When authenticating users through 802.1X to a RADIUS server, there can be multiple user profiles, and the
RADIUS server will indicate which one the HiveAP applies to each user. However, if the RADIUS server does
not have a set of attributes configured for some users, then the HiveAP applies the user profile that you
mark as the default. One of the two user profile types must be marked as default and the other as RADIUS.