BelAir20E User Guide
Universal Access Method
April 2, 2012
Confidential
Document Number BDTM02201-A01 Standard
Universal Access Method
The Universal Access Method (UAM) is key element of BelAir’s Policy
Enforcement Point (PEP) module. UAM is a simple authentication method
where a user needs only a Web browser. When a user requests a URL, the
request is checked against a series of white lists containing hosts, MAC
addresses and protocols.
The user’s request is granted if any of the following conditions are met:
• The requested URL or its equivalent IP address is on the host white list.
• The MAC address of the user’s client is on the MAC white list.
• The user’s request uses DHCP, DNS, ARP or any protocol you put on the
protocol white list with the
add scope <n> protocol-white-list
command.
Otherwise, the user is redirected to a Web server that displays a page
requesting credentials. The supplied credentials are then sent to a RADIUS
authentication server. Once authenticated, the user is redirected to the URL
they originally requested. The user can terminate their authenticated session by
using functions provided by the Web server (such as a logout button) or by
entering the
http://1.1.1.1
URL.
Note: UAM requires the use of a DNS server to resolve supplied URLs to IP
addresses.
Finally, through correct provisioning of the RADIUS server, the BelAir20E’s
implementation of UAM also allows you to enforce client access policies:
• It can perform client MAC address authentication when a client associates
to the AP, even before the user supplies a URL.
• It can enforce policies based on the attributes listed in
.
Table 12: Attributes for UAM Client Access Policy Enforcement
RADIUS Attribute
Value used if unspecified by RADIUS
Session idle timeout
5 minutes
Client session timeout
Unlimited
Total client traffic
Unlimited
Maximum downstream client traffic
Unlimited