This section provides information on how to implement a Wi-Fi network based on Enterprise access points and a WLC (vWLC) series Wi-Fi controller by Eltex. Different options of configuring key network components under a Wi-Fi controller will be explained.
AP – Enterprise access point by Eltex.
VAP (virtual access point) – virtual air interface that transmits a specific SSID.
SSID (Service Set Identifier) – wireless network identifier.
DHCP server – network server that allows assigning IP addresses to network devices and passing additional network parameters: server addresses, network gateway addresses, etc. In this guide, it is also used to issue suboptions for building SoftGRE data tunnels and including access points in the controller. Placing a DHCP server on the controller provides a complete solution for LAN support.
RADIUS server – AAA (authentication, authorization, accounting) server. Responsible for receiving client requests, identifying users and returning to the client all configuration parameters required to provide the user with the appropriate services.
The main functions of the protocol are:
NAS (Network Access Server) – a device at network boundary that provides controlled access to that network based on identification (authentication) of a user and access policies (authorization). Acting as a RADIUS client, NAS is responsible for interacting with a RADIUS server and transmitting client authentication data received from the client (wpa-supplicant), as well as providing access to the network based on access policies provided by the RADIUS server. In Eltex solutions, the access point acts as the NAS.
Proxying – mechanism that sends a request from client to server (in our case, to the external RADIUS server) through a proxy server. Proxy server acts as an intermediary, sending requests from the client to a target server and sending back server responses. In this guide, proxying is used for redirecting requests from a local to an external RADIUS server in order to authorize clients.
RADIUS proxy – proxy server between NAS and RADIUS. In this guide, RADIUS proxy is a RADIUS server of a WLC controller. NAS is an access point. RADIUS server is a third-party solution functioning as an AAA server (FreeRADIUS, Microsoft NPS, Cisco ISE, etc.).
SSID (Service Set Identifier) – identifier (name) of a Wi-Fi network. It can be hidden: in that case, a broadcasting network won't announce its name on the air, and a client device will have to be manually configured to connect to this network.
Enterprise authorization – network access management method used mainly in an enterprise environment and based on 802.1X protocol. The method is based on EAPOL exchange between the client (wpa_supplicant), NAS (access point) and AAA server (RADIUS server). Different EAP methods (PEAP, TLS, TEAP, etc.) can be used within enterprise authorization.
Captive Portal – independent registration, authentication and authorization of users in open Wi-Fi networks to get Internet access. This technology redirects new (unknown) users to a specially created HTTP/HTTPS portal (Captive portal) that has a registration form and allows confirmation of registration data:
A confirmation code can be sent by SMS, incoming/outgoing call, e-mail, etc.
Object-group – allows creating groups of objects, which then can be used in different configuration modules (for example, access-list, firewall rules, etc.) on WLC. This makes configuring policies and rules easier, making it possible to apply them to entire groups instead of separate elements.
Local switching – Eltex AP switching scheme that allows implementing client release locally at the AP connection point without using GRE tunneling. Tunnel or local switching mode can be selected for each SSID.
Central switching – mode that directs user traffic through a controller.
Airtune – service, the main function of which is to optimize the characteristics (TPC/DCA) of access points depending on current conditions, as well as to provide seamless roaming (support for 802.11 k/r/v standards).
Dynamic Channel Assignment (DCA) – algorithm for automatic distribution of frequency channels of each access point within a network.
Dynamic Channel Assignment (DCA) – an algorithm that automatically assigns frequency channels to each access point in the network to avoid interference between them.
Transmit Power Control (TPC) – an algorithm that manages the power of transmitters to ensure optimal network coverage area and minimize "conflict" areas where the client is inside the reception area of multiple neighboring access points.
