User's Manual
Table Of Contents
- About This Document
- System Overview of BelAir Networks APs
- AP Configuration Interfaces
- Command Line Interface Basics
- Connecting to the AP
- Starting a CLI Session
- Command Modes
- Abbreviating Commands
- Command History
- Special CLI Keys
- Help Command
- Saving your Changes
- Common CLI Commands
- Terminating your CLI Session
- Changing Your Password
- Clearing the Console Display
- Locking the Console Display
- Displaying the Current Software Version
- Displaying the Current Date and Time
- Displaying Current User
- Switching User Accounts
- Replacing a Token by a String
- Pinging a Host or Switch
- Starting a Telnet Session
- Radio Configuration Summary
- AP Access Methods
- User and Session Administration
- IP Settings
- System Settings
- Country of Operation
- System Identification Parameters
- Custom Fields
- Configuring the System Date and Time
- GPS Coordinates
- LED Control
- Setting the Network Egress Point
- Enabling Wi-Fi Band Steering
- Limiting Broadcast Packets
- Limiting DHCP Packets from Clients
- Displaying AP Inventory Information
- Defining a Maintenance Window
- Temperature Display
- Displaying System Up Time
- Displaying the Running Configuration
- Restarting the AP
- Creating and Using Script Files
- Enabling or Disabling Session Logging
- Local and Remote Configuration
- AP Auto-configuration
- Card Settings
- Ethernet or LAN Interface Settings
- Cable Modem Configuration
- Wi-Fi Radio Configuration Overview
- Configuring Wi-Fi Radio Parameters
- Displaying Wi-Fi Radio Configuration
- Displaying Configuration Options
- Operating Channel
- Antenna Gain
- Transmit Power Level
- Link Distance
- Dynamic Frequency Selection
- Collision Aware Rate Adaptation
- WCS Duty Cycle Control
- Rate Aware Fairness
- Enhanced Throughput
- 802.11n Aggregation
- Minimum Association Thresholds
- Doing an RF Survey
- Changing Wi-Fi Interface Admin State
- Wi-Fi Interface Statistics
- Wi-Fi Performance Monitoring Statistics
- Configuring Wi-Fi Access Point Parameters
- Displaying AP Configuration
- AP Custom Rates
- Displaying Associated Wireless Clients
- Displaying Wireless Client Details
- Disconnecting a Wireless Client
- Wireless Client Load Balancing
- Configuring RTS-CTS Handshaking
- Specifying the Beacon Period
- Displaying Client Association Records
- Changing AP Admin State
- AP Service Set Identifiers
- Out-of-service Advertising
- Filtering Broadcast and Multicast Packets
- Broadcast to Unicast Packet Conversion
- ARP Filtering
- ARP to Unicast Conversion
- 802.11b Protection
- Wi-Fi Client Statistics
- Wi-Fi AP Security
- Wi-Fi Backhaul Link Configuration
- Mobile Backhaul Mesh
- Mobile Backhaul Point-to-point Links
- Scanning Process
- Sample Subscriber Station Configuration
- Sample Base Station Configuration
- Mobile Backhaul Point-to-point Commands
- Displaying Mobile Backhaul Point-to-point Configuration
- Displaying Link Status
- Displaying Scan Results
- Managing Interfaces
- Managing the Scan List
- Associating a Scan List to an Interface
- Configuring RSSI Threshold
- Primary Link Drop
- Mobile Link Identifier
- Home Check
- Base Station Out-of-service Check
- Release 7 Compatibility
- Single Channel Mesh
- Operating in High Capacity and Interference Environments
- Modulation Rate Control
- VLAN based QOS
- Traffic Priority Based on Modulation Rate
- No SSID on Egress Down
- Ethernet Port Statistics
- Access Receive and Transmit Error Statistics with SNMP Support
- Noise Floor Support
- Access Packet RSSI Filter
- Effective Mesh Path Selection
- Blacklist SNMP Support
- Client Association Records
- CTS-to-Self Control
- DHCP to Attached Clients Only
- ARP to Attached Clients Only
- Upstream Broadcast Filter
- Secure Port Mode
- Wireless Bridging
- Client Load Balancing
- Client Authentication History
- Automatic Mesh Connect
- Traffic Test Tool
- DHCP Relay Settings
- Network Address Translation
- Displaying the Operational Status
- Displaying the Current DHCP Lease Status
- Displaying the DHCP Lease History
- Configuring Network Address Translation
- Choosing an Egress Interface
- Preventing AP Management from within the Scope
- Enabling or Disabling Individual Scopes
- Changing NAT Admin State
- Managing APs in a NAT Cluster
- Universal Access Method
- Displaying the Current Configuration
- Displaying the Operational Status
- Displaying the Client Session Information
- Specifying the Web Server
- Specifying Redirection Variable Pairs
- Specifying the RADIUS Server
- Managing White List Entries
- Associating VLAN Traffic to a Scope
- Performing MAC Address Authentication
- Collecting Accounting Information
- Operating in WAN Mode
- Changing UAM Admin State
- Using Layer 2 Tunnels
- Configuring the AP for Layer 2 Tunneling
- Displaying Tunnel Configuration and Status
- Starting and Stopping Layer 2 Tunneling
- Configuring Layer 2 Tunnels
- Setting Tunnel Engine Parameters
- Configuring Tunnel Advanced Parameters
- Enabling Backhaul Protection for Tunnels
- Bandwidth Limits
- Configuring Tunnels for the RedBack SmartEdge Router
- Configuring Tunnels for a Router using GRE
- Configuring Tunnels for PMIP Implementations
- Mapping User Traffic
- Configuring Authentication
- Configuring a Tunnel Group Name
- Relaying Traffic QOS Settings
- Setting the Tunnel Down Alarm Threshold
- Layer 2 Tunnel Performance Monitoring Statistics
- Configuring the Network Central Router for Layer 2 Tunneling
- Configuring the AP for Layer 2 Tunneling
- Quality of Service Settings
- Layer 2 Network Configuration
- Spanning Tree Protocol Overview
- RSTP Commands
- Displaying the RSTP Configuration Settings
- Displaying the RSTP Topology Information
- Displaying RSTP Port Roles and States
- Configuring the Bridge Aging Time
- RSTP Priority
- RSTP Version
- Transmit Hold Count
- Max Age, Hello Time and Forward Delay
- RSTP Link Priority
- RSTP Static Path Cost
- Dynamic Path Cost
- RSTP Protocol Migration on an Interface
- RSTP Edge Port Status
- RSTP Point-To-Point Status of an Interface
- Interface RSTP Configuration
- Changing RSTP Admin State
- RSTP Statistics
- Performing a Software Upgrade
- Alarm and Event Reporting
- Using Syslog
- Gathering Additional Troubleshooting Information
- Troubleshooting Wireless Client Connections
- Running Link Diagnostics
- Web Radio Troubleshooting Tools
- AP LED Descriptions
- For More Information
- Technical Support
- Definitions and Acronyms
- Appendix A: AP Configuration Sheets
- Appendix B: Mesh Auto-connection Example
- Appendix C: Scripting Guidelines
- Appendix D: Alarm and Event Definitions
- Appendix E: Resetting to Factory Defaults
- Detailed Table of Contents
BelAirOS User Guide Universal Access Method
April 22, 2012 Confidential Page 201 of 362
Document Number BDTM00000-A02 Draft
Universal Access Method
The Universal Access Method (UAM) is key element of BelAir Networks’ Policy
Enforcement Point (PEP) module. UAM is a simple authentication method
where a user needs only a Web browser. When a user requests a URL, the
request is checked against a series of white lists containing hosts, MAC
addresses and protocols.
The user’s request is granted if any of the following conditions are met:
• The requested URL or its equivalent IP address is on the host white list.
• The MAC address of the user’s client is on the MAC white list.
• The user’s request uses DHCP, DNS, ARP or any protocol you put on the
protocol white list with the
add scope <n> protocol-white-list
command.
Otherwise, the user is redirected to a Web server that displays a page
requesting credentials. The supplied credentials are then sent to a RADIUS
authentication server. Once authenticated, the user is redirected to the URL
they originally requested. The user can terminate their authenticated session by
using functions provided by the Web server (such as a logout button) or by
entering the
http://1.1.1.1
URL.
Note: UAM requires the use of a DNS server to resolve supplied URLs to IP
addresses.
Finally, through correct provisioning of the RADIUS server, the AP’s
implementation of UAM also allows you to enforce client access policies:
• It can perform client MAC address authentication when a client associates
to the AP, even before the user supplies a URL.
• It can enforce policies based on the attributes listed in Table 13
.
Table 13: Attributes for UAM Client Access Policy Enforcement
RADIUS Attribute Value used if unspecified by RADIUS
Session idle timeout 5 minutes
Client session timeout Unlimited
Total client traffic Unlimited
Maximum downstream client traffic Unlimited