Extricom Series WLAN System Installation and User Guide
7
other security methods such as EAP-PEAP. In an enterprise environment, several RADIUS
servers may be used for backup and also for serving different geographical locations. Up to four
different RADIUS servers can be defined for each ESSID. RADIUS redundancy is based on the
assumption that the user database is identical in all RADIUS servers and that users are listed in all
servers with the same credentials. Switchover from one RADIUS server to another takes place
after consecutive failures of the server. The order of priority is 1 to 4.
Network Time Protocol (NTP)
The Extricom Series system supports synchronization of the system clock over the network,
thereby ensuring accurate local time-keeping with reference to radio and atomic clocks located on
the Intranet and/or Internet.
Fast Handoff (Opportunistic Key Caching)
- WLAN clients roaming between APs of the same
Channel Blanket within a single switch’s coverage area experience zero-latency mobility. Clients
roaming between different Extricom Series WLAN switches use the standard 802.11 handoff
mechanism, which is further facilitated by the opportunistic key caching mechanism in the
802.11i standard. In addition to this, the Extricom Series system speeds up 802.11i handoff
between Extricom Series switches by use of Extricom’s inter-switch protocol. This permits the
client to avoid repetitive 802.1x authentications, thereby enabling faster transition between access
points connected to different switches, with minimal session interruption.
Real-time location services –
Based on
AeroScout
or
Ekahau
technology, Real-Time Location
Services (RTLS) technology provides the ability to locate and position mobile wireless network
devices (or any user equipment specifically equipped with an AeroScout or Ekahau active RFID
tag device) within the Extricom Series wireless network infrastructure. Extricom Series products
are enhanced to provide support for RTLS by integration with AeroScout and Ekahau active RFID
technology. Generally, device location is determined based on several APs picking up a radio
transmission attribute from an AeroScout or Ekahau Tag device or any Wi-Fi client, performing
measurements and reporting the measurements to an AeroScout or Ekahau Location Engine.
AeroScout and Ekahau positioning algorithms use Received Signal Strength Indicator (RSSI) to
determine object location.
Captive Portal –
The Captive Portal technique compels any HTTP client to view a special web
page (usually for authentication purposes) before accessing the rest of the network. Captive Portal
turns a web browser into a secure authentication device. This is done by intercepting an internet
access request and redirecting it to an Extricom local logging web page which may require
authentication, or simply display an acceptable use policy and require the user to agree.
MAC authentication –
MAC authentication
enables the Extricom Series switch to authenticate
WLAN devices via RADIUS server even if they have no native support for 802.1x. This
mechanism is normally used in “dumb” device WLAN topology (such as barcode readers) in
which WLAN client authentication must be managed via a central RADIUS server.
WMM –
Wi-Fi Alliance WMM is an 802.11 quality of service (QoS) implementation based on a
subset of the draft 802.11e standard supplement. The WMM specification provides basic
prioritization of data packets based on four categories - voice, video, best effort, and background.
Prioritization is based on the original Carrier Sense Multiple Access/Collision Avoidance Protocol
in the 802.11 standard. In 802.11, the Distributed Coordination Function (DCF) mechanism uses a
simple
listen-before-talk
algorithm to minimize the chance of packet collisions caused by more
than one device accessing the wireless medium at the same time. A client must wait for a
randomly selected time period and then "listen" to find whether any other device is
communicating before starting to transmit. The random back-off period gives all devices a fair
opportunity to transmit.