ACCESS GATEWAY
22 Introduction
terminated at the NOC (Network Operations Center). See also, “Secure Management” on
page 23.
The NSE provides a Radius VSA that supports assigning specific users to specific WAN
interface. See “Defining Automatic Configuration Settings {Auto Configuration}” on page 94.
RADIUS Client
Nomadix offers an integrated RADIUS (Remote Authentication Dial-In User Service) client
with the NSE allowing service providers to track or bill users based on the number of
connections, location of the connection, bytes sent and received, connect time, etc. The
customer database can exist in a central RADIUS server, along with associated attributes for
each user. When a customer connects into the network, the RADIUS client authenticates the
customer with the RADIUS server, applies associated attributes stored in that customer's
profile, and logs their activity (including bytes transferred, connect time, etc.). The NSE's
RADIUS implementation also handles vendor specific attributes (VSAs), required by WISPs
that want to enable more advanced services and billing schemes, such as a per device/per
month connectivity fee. See also, “RADIUS Proxy” on page 22.
RADIUS Proxy
The RADIUS Proxy feature relays authentication and accounting packets between the parties
performing the authentication process. Different realms can be set up to directly channel
RADIUS messages to the various RADIUS servers. This functionality can be effectively
deployed to:
Support a wholesale WISP model directly from the edge without the need for any
centralized AAA proxy infrastructure.
Support EAP authenticators (for example, WLAN APs) on the subscriber-side of the
NSE to transparently proxy all EAP types (TLS, SIM, etc.) and to allow for the
distribution of per-session keys to EAP authenticators and supplicants.
Complementing the RADIUS Proxy functionality is the ability to route RADIUS messages
depending on the Network Access Identifier (NAI). Both prefix-based (for example, ISP/
username@ISP.net) and suffix-based (username@ISP.net) NAI routing mechanisms are
supported. Together, the RADIUS Proxy and Realm-Based Routing further support the
deployment of the Wholesale Wi-Fi™ model allowing multiple providers to service one
location. See also, “RADIUS Client” on page 22.
Realm-Based Routing
Realm-Based Routing provides advanced NAI (Network Access Identifier) routing
capabilities, enabling multiple service providers to share a HotSpot location, further supporting
To Next Page
Loading...
