Specifications
OmniAccess Reference: AOS-W System Reference
248 Part 031652-00 May 2005
staticWep deny-bcast enable
virtual-ap “Guest” vlan-id 63 opmode opensystem deny-
bcast disable
AP Configuration
Users associating to each AP are mapped into a VLAN. For scalability purposes
and to prevent broadcast issues caused by too many users on a single
network, two different user VLANs have been set up. Membership in the VLAN
is determined by the initial AP to which the user associates. As users roams
between different APs, they will keep their original VLAN assignment
regardless of which AP they are currently associated with. Currently, APs are
mapped to VLANs based on the floor on which the AP has been deployed.
Guest users have an ESSID-specific VLAN configuration which overrides the
default config below. Guest users will be mapped into VLAN 63.
ap location 1.1.0
vlan-id 60
!
ap location 1.2.0
vlan-id 61
Microsoft Active Directory Server Configuration
The Active Directory database serves as the master authentication database
for both the wired and wireless networks. The IAS authentication server bases
all authentication decisions on information in the Active Directory database.
The server is configured in a conventional fashion as a domain controller.
Wireless authentication depends on two specific parameters in Active
Directory:
1. Remote access permission
2. Windows group membership configuration
Remote Access Permission
Microsoft IAS is normally used as an authentication server for remote access
(dialup or VPN) and thus looks to the Active Directory “Remote Access”
property to determine whether authentication requests should be allowed or
denied. This property is set on a per-user or per-computer basis. For a user or
computer to be allowed access to the wireless network, the remote access
property must be set to “Allow access”.