CATEGORII DOCUMENTE |
Asp | Autocad | C | Dot net | Excel | Fox pro | Html | Java |
Linux | Mathcad | Photoshop | Php | Sql | Visual studio | Windows | Xml |
DOCUMENTE SIMILARE |
||||
|
||||
The Internet connection process with
When a new customer connects to an
The
customer discovers the
The customer authenticates as guest
The client is provisioned with the
The customer selects a WISP and establishes an account
The customer is authenticated with the new account credentials
In the next section we will look at these stages in more detail.
When a customer arrives at the
The Wireless Auto Configuration service on the client computer detects the beacon information from the access point, which is enabled with broadcast Secure Set Identifier (SSID). The SSID is equivalent to the network name.
The customer is informed by Windows XP that a wireless network is available. The customer views information in Windows XP, and if interested, the customer clicks Connect.
Wireless Auto Configuration uses 802.1X
and PEAP guest authentication to connect to the
The IAS proxy is configured both as a proxy and as an IAS server. The IAS proxy/server is configured to locally process users that authenticate as guest, and to forward other messages to the WISP IAS servers based on the value of the User-Name attribute in the Access-Request message.
The
Server authentication is performed when the
The
The
The customer client computer receives an IP address lease
from the
The
Windows displays to the customer a list of WISPs whose services are offered by the HSP.
For this example, the customer selects services from WISP 1.
After the customer selects the WISP, Windows XP connects to the WISP and, using the Background Intelligent Transfer Service, downloads the WISP XML master file and subfiles. When the XML sign-up schema is downloaded, the sign-up wizard is opened on the client to allow the customer to create and pay for an account with the WISP.
Using the sign-up wizard on the client computer, the customer steps through the process of signing up for an account with WISP 1. The data entered by the customer is converted by Windows XP into an XML document.
The XML document containing the customer's sign-up data is sent by Windows XP to the Web application on the WISP 1 provisioning server.
The Web application processes the customer payment information. Once payment is verified and sign-up information is completed successfully, the Web application creates a user account in Active Directory, and permissions are applied to the user account by assigning group membership based on the account type chosen by the customer.
An XML document containing the new account credentials is sent from the WISP provisioning server to the client computer. The client computer uses the credentials to configure Wireless Auto Configuration and 802.1X under the name of the WISP.
Wireless Auto Configuration restarts the association to the
SSID for the
Wireless Auto Configuration finds the correct 802.11 profile which was downloaded with the other WISP information. Wireless Auto Configuration re-associates using the correct profile.
802.1X restarts the authentication process using PEAP-MS-CHAP v2 and the new account credentials.
As the client starts the authentication process, the
In the first stage of PEAP-MS-CHAP v2 authentication, a
In the second stage of PEAP-MS-CHAP v2 authentication, the
WISP 1 IAS server authenticates and authorizes the connection request against
the new account in the user accounts database. The WISP IAS server sends an
Access-Accept message that is forwarded by the
Because IP filters are used to isolate the client, the IAS server message causes the access server to remove the IP filters from the client connection, granting the customer access to the Internet.
Each WISP that offers connectivity through an
It is important for IAS to determine whether a connecting or
connected client computer has a valid account, and to take the appropriate
action if the customer's account is expired. The following example illustrates
how IAS determines that a twenty-four hour account is current, and how
When the customer arrives at the
In the Access-Accept message sent by the WISP 1 IAS server, the IAS server sets a session timeout of 60 minutes for the client computer connection to the access point.
After 60 minutes, the access point requests that the client reauthenticate. The client reauthenticates successfully and the customer's session is not interrupted.
Each 60 minutes thereafter, the access point requests that the client reauthenticate. During each authentication the IAS server checks the current time against the expiry time for the user account to discover whether the customer is authorized to access the network.
On the last re-authentication, at hour 23 in the account lifespan and before 24 hours have passed, the IAS authorization check fails and the IAS server sends a URL PEAP-TLV message to the client that contains the account renewal action parameter and an HTTPS URL for an XML master file. The URL PEAP-TLV supplies the customer with the location of the provisioning server where the customer can renew the account.
Upon receiving the URL in the URL PEAP-TLV, 802.1X requests that Windows XP display the account renewal application to the customer.
The customer renews the account and 802.1X initiates authentication using the account credentials.
During authentication with the WISP 1 IAS server, the IAS server authenticates and authorizes the customer against the user accounts database, and sends an Access-Accept message containing a session timeout of 60 minutes to the access point.
During this process, because the account has not expired, the customer maintains connection to the Internet.
If the customer does not complete the renewal process before the 24 hour account lifespan is reached, then the access point reapplies IP filters and customer access to the Internet is terminated. The customer is then provided with the option of renewing the account for continued access.
Note This scenario is currently in development and has not been
implemented or tested. It is provided as a general depiction of a possible
implementation of |
Politica de confidentialitate | Termeni si conditii de utilizare |
Vizualizari: 853
Importanta:
Termeni si conditii de utilizare | Contact
© SCRIGROUP 2024 . All rights reserved