Configuring Authentication for a WLAN Service

  • 802.1x Authentication — If 802.1x authentication mode is configured, the wireless device must successfully complete the user authentication verification prior to being granted network access. This enforcement is performed by both the user's client and the AP. The wireless device's client utility must support 802.1x. The user's EAP packets request for network access along with login identification or a user profile is forwarded by the controller to a RADIUS server.
  • Captive Portal Authentication — For Captive Portal authentication, the wireless device connects to the network, but can only access the specific network destinations defined in the non-authenticated filter. For more information, see Policy Rules. One of these destinations should be a server, either internal or external, which presents a Web login page — the Captive Portal. The wireless device user must input an ID and a password. This request for authentication is sent by the controller to a RADIUS server or other authentication server. Based on the permissions returned from the authentication server, the controller implements role and allows the appropriate network access.

    Captive Portal authentication relies on a RADIUS server on the enterprise network. There are three mechanisms by which Captive Portal authentication can be carried out:

    • Internal Captive Portal — The controller displays the Captive Portal Web page, carries out the authentication, and implements role.
    • External Captive Portal — After an external server displays the Captive Portal Web page and carries out the authentication, the controller implements role.
    • External Captive Portal with internal authentication — After an external server displays the Captive Portal Web page, the controller carries out the authentication and implements role.
  • RADIUS servers — RADIUS servers can perform the following for a WLAN (Wireless Local Area Network) Service:
    • Authentication — RADIUS servers are configured to provide authentication.
    • MAC authentication — RADIUS servers are configured to provide MAC-based authentication.
    • Accounting — RADIUS servers are configured to provide accounting services.