Siemens HiPath AP2620 - Topology of a VNS

To Next Page

To Previous Page

Virtual Network Services

A31003-W1040-U101-1-7619, July 2006 DRAFT

110 HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide

hwc_vnsintro.fm

Topology of a VNS

● Department (such as Engineering, Sales, Finance)

● Role (such as student, teacher, library user)

● Status (such as guest, administration, technician)

For each user group, you should set up a filter ID attribute in the RADIUS server, and then

associate each user in the RADIUS server to at least one filter ID name. You can define specific

filtering rules, by filter ID attribute, that will be applied to user groups to control network access.

Filtering is applied by the controller. Filter ID assignments is a configuration option, and not a

requirement to setup per user filter ID definitions. If a filter is not returned by the Access-Accept

confirmation for a particular user, the controller uses the default filter profile for the VNS as the

applicable filter set.

6.3 Topology of a VNS

Before you decide if a VNS will participate in a VLAN and configure a VNS, define the global

settings that will apply to all VNS definitions. For example, global settings can include

identifying the location of the RADIUS servers and enabling priority traffic handling for voice-

over-internet traffic and dynamic authorization server support.

The type of network assignment determines all the other factors of the VNS. There are two

options for network assignment:

● SSID:

● Has Captive Portal authentication, or no authentication

● Requires restricted filtering rules before authentication

● Requires filtering rules for group filter IDs after authentication. A default filter applies if

a more specific filter is not indicated by the RADIUS Access-Accept response.

● Used for a VNS supporting wireless voice traffic (QoS)

● Used for a VNS supporting third-party APs

● Has WEP and WPA-PSK privacy

● AAA:

● Has 802.1x authentication

● Requires filtering rules for group filter IDs and default filter. A definition of group filter

IDs is optional. If a filter is not specified or not returned by the Access-Accept

response, the default filter group is applied.

● Has WEP and WPA privacy

● Controller is involved in authenticating users. 802.1x packets for AAA assignment are

forwarded by the AP to the controller, through to the RADIUS server.

Related product manuals