Configuring RADIUS forwarding

The following configuration steps allow you to specify the different manners in which internal users and guests are processed.
  1. In the Public Spot, adapt the pattern of user names such that a unique realm can be suffixed.
    For example, if the pattern is "user%n@PSpot", the Public Spot generates usernames with the format "user12345@PSpot".
    • LANconfig: Public-Spot > Wizard > Add user wizard




  2. In the WLAN controller's RADIUS server, define an "empty realm" (e.g., "COMPANY.EU").
    This realm is attached to all user names which request authentication from the WLAN controller and which do not already have a realm. In this application, the internal users have no realm defined. In order to prevent the WLAN controller's RADIUS server from attaching a realm, you must leave the "Default realm" field blank.
    • LANconfig: RADIUS > Server > Extended configuration > Forwarding > RADIUS forwarding > Forwarding server




  3. In order for the WLAN controller to forward authentication requests from internal users to the external RADIUS server, suitable entries must be made in the forwarding settings.
    All incoming RADIUS requests which have the realm "COMPANY.EU" will be forwarded to the specified IP address.




  4. Authentication requests from Public Spot users have the realm "@PSpot" and are received by the WLAN Controller. With no forwarding defined for this realm, the usernames are automatically checked with the internal RADIUS database. Because the Public Spot access accounts created with the Wizard are stored in this database, these requests can be authenticated as required.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo