User's Manual
hwc_vnsconfiguration.fm
Virtual Network configuration
Authentication for a VNS
A31003-W1050-U100-2-7619,
March 2008
HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide 177
• If network assignment is by SSID, authentication can be:
• none
• by Captive Portal using internal Captive Portal
• by Captive Portal using external Captive Portal
• by MAC-based authentication
• If network assignment is by AAA (802.1x), authentication can be:
• by 802.1x authentication, the wireless device user must be authenticated
before gaining network access
• by MAC-based authentication
The first step for any type of authentication is to select RADIUS servers for:
• Authentication
• Accounting
• MAC-based authentication
MAC-based authentication enables network access to be restricted to specific
devices by MAC address. In addition to the other types of authentication, when
MAC-based authentication is employed the HiPath Wireless Controller queries a
RADIUS server to determine if the wireless client's MAC address is authorized to
access the network.
6.6.1 Vendor Specific Attributes
In addition to the standard RADIUS message, you can include Vendor Specific
Attributes (VSAs). The Controller, Access Points and Convergence Software
authentication mechanism provides six VSAs for RADIUS and other
authentication mechanisms.
Attribute Name ID Type Messages Description
Siemens-URL-
Redirection
1 string Returned from
RADIUS server
A URL that can be returned to
redirect a session to a specific Web
page.
Siemens-AP-
Name
2 string Sent to
RADIUS server
The name of the AP the client is
associating to. It can be used to
assign policy based on AP name or
location.
Siemens-AP-
Serial
3 string Sent to
RADIUS server
The AP serial number. It can be
used instead of (or in addition to)
the AP name.
Table 14 Vendor Specific Attributes