Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inter WISP WLAN roaming

Similar presentations

Presentation on theme: "Inter WISP WLAN roaming"— Presentation transcript:

1 Inter WISP WLAN roaming
A service concept by Wirlab © Wirlab Research Center

2 Inter-WISP roaming most of RADIUS servers support domain-based AAA proxying capabilities increasing number of RADIUS servers support 802.1X via different authentication methods (EAP-MD5, EAP-TLS, EAP-TTLS ...) Access Controllers and wireless access points are hardware that support RADIUS protocol for AAA purposes Standard based equipment should be used in order to achieve vendor independency and easier management © Wirlab Research Center

3 RADIUS How does the RADIUS server work in inter-WISP roaming?
it checks the domain part of the authenticating username visiting a foreign domain ( based on the domain name it decides whether to authenticate the user locally or proxy the request to an external server a specific Clearing House Proxy handles all the AAA-messages between WISPs after the username has been authenticated from its home server, reply messages are delivered back to the originating server via the Clearing House each RADIUS server along the path keeps track of its own messages, but the Clearing House processes all inter-WISP messages, too

4 AAA Beside the authentication for roaming users, the Clearing House Proxy stores accounting information timestamps, amount of transferred data, start-alive-stop messages and authenticator IP-addresses are stored into a database from which all roaming reports are generated the organization taking care of the Clearing provides all participants with the roaming statistics for billing RADIUS servers can also be used for authorization of services

5 802.1X Fairly new, port-based authentication scheme
a user logs on to the network with a separate authentication client on his/her PC client comes bundled with Windows XP, other OS’s have third party clients available multiple methods are underway and implemented: MD5, EAP-TLS, TTLS, LEAP, PEAP ...

6 Access Controllers Multiple WLAN vendors have integrated 802.1X / RADIUS support in their hardware Cisco, Nokia, Avaya, 3Com ... Separate Access Controllers are available also from multiple vendors Nokia, USG, Vernier, Cisco ... these AC’s use HTTP-authentication via web browser to authenticate the users to the network. No separate clients needed for the user! Separate Access Controllers can also be used in traditional wired environments where existing network can easily be turned to inter ISP roaming service

7 From theory to practise
Although there are a lot of white papers about inter-WISP roaming, no standard based service has been announced Wirlab has built a working environment with 802.1X WLAN access-points and separate Access Controllers combined with an efficient RADIUS server The solution has been in testing for the last six months and no major problems have occured

8 Example Internet CLEARING HOUSE RADIUS ISP DB RADIUS RADIUS Access Controller User DB User DB Client: Client:

9 Example – RADIUS messages
CLEARING HOUSE RADIUS 1. Access-Request 2. Access-Challenge 3. Access-Request 4. Access-Accept RADIUS 5. Accounting-Request RADIUS 6. Accounting-Response 1. Access-Request 1. Access-Request 2. Access-Challenge 2. Access-Challenge 3. Access-Request 3. Access-Request 4. Access-Accept 4. Access-Accept 5. Accounting-Request 5. Accounting-Request 6. Accounting-Response 6. Accounting-Response

10 User’s view / 802.1X On a 802.1X enabled OS
As soon as the wireless client is associated to the access point, the AP prompts the user for username and password

11 User’s view / 802.1X A new window opens for the required information

12 User’s view / 802.1X After the information is sent and the user is authenticated by the RADIUS-servers, the view in the Network Connections changes as follows. The user is authenticated and the network session can begin

13 User’s view / HTTP When authenticating via HTTP, the user has to open his/her browser and then be redirected to the authentication page. After entering the username and password the user is granted access to the network Example: Cisco BBSM

14 User’s view / HTTP A pop-up window containing a ”Logoff” or ”Disconnect” button is usually initialized after login. Until the user logs off, all traffic is passed through the Access Controller. This enables accounting for the session

15 Clearing House Inter WISP traffic logs per given timeframe
Displays information of usernames, visited and visiting domains, timestamps, in/out bytes and number of accounting messages

16 Clearing House (contd.)
Collect balance information from current time Balance figures per operator reflected against others

17 CH Management (contd.) Administrate WISP RADIUS-servers via browser


Download ppt "Inter WISP WLAN roaming"

Similar presentations

Ads by Google