Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inter WISP WLAN roaming

Published byAmia Bentley Modified over 10 years ago

Similar presentations

Presentation on theme: "Inter WISP WLAN roaming"— Presentation transcript:

1 Inter WISP WLAN roaming
A service concept by Wirlab © Wirlab Research Center

2 Inter-WISP roaming most of RADIUS servers support domain-based AAA proxying capabilities increasing number of RADIUS servers support 802.1X via different authentication methods (EAP-MD5, EAP-TLS, EAP-TTLS ...) Access Controllers and wireless access points are hardware that support RADIUS protocol for AAA purposes Standard based equipment should be used in order to achieve vendor independency and easier management © Wirlab Research Center

3 RADIUS How does the RADIUS server work in inter-WISP roaming?
it checks the domain part of the authenticating username visiting a foreign domain (operator.fi) based on the domain name it decides whether to authenticate the user locally or proxy the request to an external server a specific Clearing House Proxy handles all the AAA-messages between WISPs after the username has been authenticated from its home server, reply messages are delivered back to the originating server via the Clearing House each RADIUS server along the path keeps track of its own messages, but the Clearing House processes all inter-WISP messages, too

4 AAA Beside the authentication for roaming users, the Clearing House Proxy stores accounting information timestamps, amount of transferred data, start-alive-stop messages and authenticator IP-addresses are stored into a database from which all roaming reports are generated the organization taking care of the Clearing provides all participants with the roaming statistics for billing RADIUS servers can also be used for authorization of services

5 802.1X Fairly new, port-based authentication scheme
a user logs on to the network with a separate authentication client on his/her PC client comes bundled with Windows XP, other OS’s have third party clients available multiple methods are underway and implemented: MD5, EAP-TLS, TTLS, LEAP, PEAP ...

6 Access Controllers Multiple WLAN vendors have integrated 802.1X / RADIUS support in their hardware Cisco, Nokia, Avaya, 3Com ... Separate Access Controllers are available also from multiple vendors Nokia, USG, Vernier, Cisco ... these AC’s use HTTP-authentication via web browser to authenticate the users to the network. No separate clients needed for the user! Separate Access Controllers can also be used in traditional wired environments where existing network can easily be turned to inter ISP roaming service

7 From theory to practise
Although there are a lot of white papers about inter-WISP roaming, no standard based service has been announced Wirlab has built a working environment with 802.1X WLAN access-points and separate Access Controllers combined with an efficient RADIUS server The solution has been in testing for the last six months and no major problems have occured

8 Example Internet CLEARING HOUSE RADIUS ISP DB operator.fi RADIUS
wirlab.net RADIUS Access Controller User DB User DB Client: Client:

9 Example – RADIUS messages
CLEARING HOUSE RADIUS 1. Access-Request 2. Access-Challenge 3. Access-Request 4. Access-Accept operator.fi RADIUS 5. Accounting-Request wirlab.net RADIUS 6. Accounting-Response 1. Access-Request 1. Access-Request 2. Access-Challenge 2. Access-Challenge 3. Access-Request 3. Access-Request 4. Access-Accept 4. Access-Accept 5. Accounting-Request 5. Accounting-Request 6. Accounting-Response 6. Accounting-Response

10 User’s view / 802.1X On a 802.1X enabled OS
As soon as the wireless client is associated to the access point, the AP prompts the user for username and password

11 User’s view / 802.1X A new window opens for the required information

12 User’s view / 802.1X After the information is sent and the user is authenticated by the RADIUS-servers, the view in the Network Connections changes as follows. The user is authenticated and the network session can begin

13 User’s view / HTTP When authenticating via HTTP, the user has to open his/her browser and then be redirected to the authentication page. After entering the username and password the user is granted access to the network Example: Cisco BBSM

14 User’s view / HTTP A pop-up window containing a ”Logoff” or ”Disconnect” button is usually initialized after login. Until the user logs off, all traffic is passed through the Access Controller. This enables accounting for the session

15 Clearing House Inter WISP traffic logs per given timeframe
Displays information of usernames, visited and visiting domains, timestamps, in/out bytes and number of accounting messages

16 Clearing House (contd.)
Collect balance information from current time Balance figures per operator reflected against others

17 CH Management (contd.) Administrate WISP RADIUS-servers via browser

18

Download ppt "Inter WISP WLAN roaming"

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.
The Internet Useful Definitions and Concepts About the Internet.

The Internet Useful Definitions and Concepts About the Internet.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Similar presentations

Ads by Google