Datasheet
2
4
the client session is inactive. Trapeze has solved
this problem, by maintaining a form of device
cookie which is used to maintain wireless ses-
sion persistence.
Open APIs for System Integration
SmartPass is designed to work with external
applications such as credit card billing, guest
registration, facility management, and custom
reporting systems. This allows ad-hoc granting
of secure wireless access to be safely automated
within other business processes. SmartPass
ships with published, open, standards-based,
Web-based open Application Programming
Interfaces (APIs) to make it easy to integrate
its functionality with other systems. Likely 3rd
party applications for such integration include
credit card billing systems, facility management
systems, hospitality registration systems, IPS/IDS
systems and custom reporting systems.
RADIUS Accounting and Reporting
SmartPass uses standards-based RADIUS
accounting to calculate and utilize per user
statistics including lifetime session counts and
total traffic passed for session. Reports can be
generated based on these statistics in SmartPass
or RingMaster or from a 3rd party application.
Unified Services Management
As wireless LANs become more pervasive, there
is a growing need to bring services together
under common management, so they can lever-
age thier collective network intelligence.
SmartPass is now tightly integrated with
RingMaster. This enables user, location informa-
tion and activity history to be correlated, and
this allows all manner of custom reporting and
visualization capabilities not previous possible
with either tool on its own. Simple examples
include: Show me the current location of all
guests; Report all users with call detail records
between 10am and 11:00am yesterday.
In future, wired policy managers will be able to
use RFC 3576 and emerging standards such as
IF-MAP to combine policies across both wired
and wireles networks and tap into unified
mobility services.
Key Applications
The applications for such granular and dynamic
access control are unlimited but are illustrated
in the following examples.
Prevent Students from Cheating
A professor giving a test from 2pm - 3pm in
Classroom 230, has the ability to change wire-
less access for students instantly to deny access
to the Internet during that time from that
specific location. At the professors’ option,
the students could still have access to relevant
classroom materials on the LAN.
Restrict Corporate Guest Access
A large company wants to provide a hired con-
sultant access to the Internet and certain LAN
resources but only while working in an assigned
building or areas of the building. If the consul-
tant tries to access the network from another
location, he will be denied access even with
valid log-in credentials.
Lock-Down Bandwidth Abuser
A user on the network is consuming an exces-
sive amount of bandwidth. After a utilization
threshold is crossed within a time window,
SmartPass throttles down bandwidth and
priority for that user. For example, a rule can
be set that for any given user, after 10 MB
of download in any given hour, the user is
restricted to only 100 Kbps maximum.
Provide “Free” Access in Lobby
In Hotels, Wi-Fi access is fast becoming an
expected service. SmartPass makes it possible
for Hotel management to offer tiered services
based on where someone is, or perhaps based
on the accommodation or conference package
they purchased. For example, one could offer
FREE rate-limited access in public areas, while
offering higher-bandwidth services for a daily
rate, in rooms, while simultaneoulsy offering
a metered service for conference attendees.
Extra Security for Sensitive Networks
All users can be prevented from accessing the
network from unauthorized locations even
with legitimate credentials. This adds an
extra layer of security against offsite attack-
ers who may have stolen legitimate creden-
tials, e.g., “the parking lot hacker”.
Key Features
User Access Control
• Creation of custom policies – Access control rules – based on a combination of filters such as:
• SSID
• User Name pattern (e.g. domain\username)
• User Type
• Location
• Accounting (lifetime or session)
• Time of Day
• VLAN
• Disconnect or change access attributes such as ACLs, bandwidth restrictions, or quality of service markings dynamically
for any user session on the network
• Location based policy control with ability to apply various policies based on identity in the same location
• Adds additional layer of security