Guide to configuring eduroam using a Cisco wireless controller Best ...

More documents

Recommendations

Info

Under Security AAA Servers we select the previously defined RADIUS servers for Authentication and Accounting. 24
What one selects under QoS depends to some extent on how the organisation otherwise supports QoS in its network. The first QoS options are TOS (Type Of Service) values for IP tagging. Unfortunately this tagging will apply to all clients in this WLAN and therefore in practice is not applicable to eduroam. On the other hand, WMM depends on the relationship between the controller (access point) and clients, and may provide measurable benefits for real-time applications, so “WMM Policy Allowed” is recommended. Under Advanced there are certain options to which one must give some thought, but as a rule these are: Allow AAA Override: Enabled – This makes it possible to let RADIUS override the VLAN which has been assigned to the WLAN. In other words, a user of a different category is assigned to another VLAN. Failure to override will result in the user being assigned to the VLAN which is defined for the WLAN. In this way, it is possible to assign users to separate VLANs depending on their class, such as employee, student or guest, without using different wireless profiles. Aironet IE: Enabled – Useful for those clients with this type of support. P2P Blocking Action: Disabled – This determines whether wireless clients are able to communicate directly with each other (via WLC) or not. For security reasons it is not advisable to allow clients to do this, so we recommend “Disabled”, but it is up to each organisation to consider this. 25
Page 1 and 2: Guide to configuring eduroam using
Page 3 and 4: Table of Contents Executive Summary
Page 5 and 6: Executive Summary UFS127 is a UNINE
Page 7 and 8: 1 Network planning 1.1 Necessary co
Page 9 and 10: established by means of the Managem
Page 11 and 12: http://www.cisco.com/en/US/tech/tk7
Page 13 and 14: authentication can be completed. He
Page 15 and 16: Management Interface Netmask: 255.2
Page 17 and 18: 3.2 Further configuration via web b
Page 19 and 20: Path: Security → RADIUS → Accou
Page 21 and 22: Under General, the WLAN can be enab
Page 23: Security Layer 3 shall be “None
Page 27 and 28: 3.2.4 Connecting access points Afte
Page 29 and 30: 3.2.5 Further details Once a access
Page 31 and 32: operating and/or the cabling is not
Page 33 and 34: A. Configuration using autonomous a
Page 35 and 36: A.3 RADIUS configuration Go to SECU
Page 37 and 38: B. Configuring Microsoft RADIUS ser
Page 39 and 40: Step 3: Adding clients in IAS The c
Page 41 and 42: Step 5: Connection Request Policies
Page 43 and 44: Create a Connection Request Policy
Page 45 and 46: • Click on “OK”, then “Next
Page 47 and 48: User ola.nordmann was granted acces
Page 49 and 50: • Type in a “Friendly Name”
Page 51 and 52: Step 4: Connection Request Policies
Page 53 and 54: Step 5: Network Policies Remote Acc
Page 55 and 56: Step 7: Logging NPS adds log entrie
Page 57 and 58: oot@sirius:~/tmp$ openssl x509 -noo
Page 59 and 60: Glossary CAPWAP Control And Provisi

Guide to configuring eduroam using a Cisco wireless controller Best ...

Create successful ePaper yourself

Delete template?

Save as template?