HOTSPOT GATEWAY
Introduction 17
RADIUS Proxy
The RADIUS Proxy feature relays authentication and accounting packets between
the parties performing the authentication process. Different realms can be set up to
directly channel RADIUS messages to the various RADIUS servers. This
functionality can be effectively deployed to:
z Support a wholesale WISP model directly from the edge without the need
for any centralized AAA proxy infrastructure.
z Support EAP authenticators (for example, WLAN APs) on the subscriber-
side of the NSE to transparently proxy all EAP types (TLS, SIM, etc.) and to
allow for the distribution of per-session keys to EAP authenticators and
supplicants.
Complementing the RADIUS Proxy functionality is the ability to route RADIUS
messages depending on the Network Access Identifier (NAI). Both prefix-based (for
example, ISP/username@ISP.net) and suffix-based (username@ISP.net) NAI routing
mechanisms are supported. Together, the RADIUS Proxy and NAI Routing further
support the deployment of the Wholesale Wi-Fi™ model allowing multiple providers
to service one location. See also, “RADIUS Client” on page 16.
Remember Me and RADIUS Re-Authentication
The NSE’s Internal Web Server (IWS) stores encrypted login cookies in the browser
to remember logins, using Usernames and Passwords between Access Points. This
“Remember Me” functionality creates a more efficient and better user experience in
wireless networks.
The RADIUS Re-Authentication buffer has been expanded to 720 hours, allowing an
even more seamless and transparent connection experience for repeat users.
To Next Page
Loading...
