About bring your own device (BYOD)
The Smoothwall makes use of RADIUS accounting to allow users to connect their own wireless devices to the network, known as “bring your own device” (BYOD), and authenticate unobtrusively. This has the added advantage of not having to install additional software on the users’ device.
The Smoothwall links your organization's directory service to its RADIUS server. As a network administrator, you can configure your wireless network infrastructure to authenticate users using the RADIUS server so that users can use their directory service accounts as wireless device logon details.
The following RADIUS requests can be processed by the Smoothwall Filter and Firewall, depending on the BYOD network implementation:
|A request to inform that the user has connected to or disconnected from the wireless network. Typically, this is sent by the network access server (NAS) acting as the RADIUS client. The Smoothwall Filter and Firewall uses this request to physically log the user on or off the network.
|A request to confirm that the supplied user credentials are valid, and that the user is authorized to connect to the wireless network. Typically, this is sent by the network access server acting as the RADIUS client. The Smoothwall Filter and Firewall can only receive requests via an Extensible Authentication Protocol (EAP) tunnel, with a Microsoft Challenge-Handshake Authentication Protocol (MSCHAP).
You can define groups to explicitly allow or reject the authorization requests.
The following RADIUS attributes are used within account requests:
|This is an optional attribute, used to supply the authentication group of the user. Typically, the group assignment is used by the Smoothwall when there's no directory service configured to use for group mapping.
|This contains the IP address of the client that has been authorized to connect to the wireless network. This attribute is essential to the BYOD service.
|This is a status update received from the network access server, advising of the status of the client’s session. If the Smoothwall doesn't receive this at least once an hour, it assumes the session has ended and logs the client out.