Defining Accounting Methods for a WLAN Service

1. From the top menu, click VNS.
2. In the left pane expand the WLAN Services pane, then click the WLAN Service you want to define accounting methods for. The WLAN Services configuration page is displayed.
3. Click the Auth & Acct tab.
4. Click Enable MAC-based authentication.
   

   Defining Accounting Methods

   
5. Click the Configure button to open the MAC-Based Authorization dialog.
   

   MAC-Based Authorization Configuration

   

   

   MAC-Based Authorization Configuration - Fields and Buttons

   Field/Button	Description
   MAC-based authorization on roam	Select method for MAC-based authorization: Never: disables the feature On inter-AP roam: enables MAC-based authorization on roam. On inter-Area roam: enables MAC-based authorization sent to the RADIUS server on area roams.
   Automatically Authenticate Authorized Users	Select to automatically authenticate authorized users. When set, a station that passes MAC-based authentication is treated as fully authorized. For example, its authentication state is set to fully authenticated. This can trigger a change to the role applied to the station. If Captive Portal authentication is also configured on the WLAN Service, a station that passes MAC-based authentication will not have to pass Captive Portal authentication as well.
   Allow Un-Authorized Users	Select to allow un-authorized users which permits stations that do not pass MAC-based authentication to stay on the network in an un-authorized state. The station can be confined to a “Walled Garden” by its assigned role. If Captive Portal authentication is also configured on the WLAN Service, a station that fails MAC-based authentication can still become authorized by passing Captive Portal authentication. Note: Only select this checkbox if you want your clients to be authorized every time they roam to another AP. If this option is not enabled, and MAC-based authentication is in use, the client is authenticated only at the start of a session.
   RADIUS accounting begins after MAC-based authorization completes	Select to delay RADIUS accounting until after MAC-based authorization is complete.
   RADIUS Server Timeout Role	Select a Radius Server Timeout Role from the drop-down list.

6. To enable Controller accounting, select Collect Accounting Information of Wireless Controller.
7. To enable RADIUS accounting, from the RADIUS Servers drop-down list, click the RADIUS server you want to use for RADIUS accounting, and then click Use.

   The server name is added to the Server table of assigned RADIUS servers. The selected server is no longer available in the RADIUS servers drop-down list.

   The RADIUS servers are defined on the Global Settings screen. For more information, see Defining RADIUS Servers and MAC Address Format.

8. In the Server table, select the checkbox in the Acct column to enable accounting for each applicable RADIUS server.
9. In the Server table click the RADIUS server, and then click Configure.The RADIUS Parameters dialog is displayed.

   The configured values for the selected server are displayed in the table at the top.

   

   RADIUS Parameters dialog

   
10. For NAS IP Address, accept the default of “Use VNS IP address” or de-select the checkbox and type the IP address of a Network Access Server (NAS).
11. For NAS Identifier, accept the default of “Use VNS name” or type the Network Access Server (NAS) identifier. The NAS identifier is a RADIUS attribute that identifies the server responsible for passing information to designated RADIUS servers and then acting on the response returned.
12. For Auth. type, select the Protocol using the drop down list. Choices are PAP, CHAP, MS-CHAP, or MS-CHAP2.
13. In the Password box, type the password that will be passed to RADIUS for wireless MAC authentication.

    To proofread your shared secret key, click Unmask. The password is displayed.

14. Click OK.
15. To save your changes, click Save.