The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
st3jackson
New Contributor

BSC-600 and MAC devices

I currently run 8 BSC-600 across multiple divisions with different ISP's. The wireless is to accomodate guest user logins for our courtrooms at each location. We have a generic login at each location that we hand out to general public users. In addition to this I have been manually adding MAC devices of our staff (ie. iPhones, Droids, iPads) to allow internet use at each location. This has worked great, but the issue I am starting to run into is management with traveling users. Example, If my MAC device is added in one location and I travel to another i must add it to that location as well. It's almost a full time job logging into each location to manage users. My question, Is is possible to create a profile of some sort on the iPhone to manually log into a BSC under a standard user account at each location? Could I eliminate the MAC devices altogether and have all devices use the same login at each location?  

0 Kudos
6 Replies
Anonymous
Not applicable

Re: BSC-600 and MAC devices

We would typically recommend 802.1X authentication for employee devices such as this. This would mean deploying a central RADIUS server that all the BSC's can talk to if you don't already have one in place. Most customers use NPS/IAS, Microsoft's RADIUS server component built into Windows Server 2008/2003. That would talk to AD as the user database. You could authenticate the devices using username and password (PEAP-MSCHAPv2) or certificates (EAP-TLS). Apple has tools available to create "profiles" for the devices. For example the iPhone Configuration Utility (ICU).

I might also suggest you consider vWLAN. With vWLAN you could likely support all divisions on just 1 vWLAN Appliance (Hardware) and or Virtual Appliance (VMware).

Re: BSC-600 and MAC devices

It would be difficult using a RADIUS server as each wireless network is seperate from our business network. Each location is connected to a centralized network, but the wireless is on a seperate backbone for protection.

I like the idea of creating a profile with ICU, but i'm curious if you have had any luck with it.

Anonymous
Not applicable

Re: BSC-600 and MAC devices

The BSC-600's have a shared admin/failover port. If you are not using failover, perhaps you could configure this as an admin port. Then you could connect that to your internal network and add a route to the radius server. You could then send employee radius traffic only out that to the corporate radius server while everything else goes out the protected interface. You could also setup a protected side vlan and do something similar logically rather than physically if you happen to already be using the shared port for failover.

Many of our customers are using ICU to create profiles successfully. Many customers just email off the "profile" and the end user downloads via web mail to autmatically set up exchange mail, wireless, etc.

Re: BSC-600 and MAC devices

Is there any documentation on ICU configuration profile? Do I enable the Internal 802.1x server? What EAP mode if any is enabled? I have tried searching this KB as well as google in general without much success.

Anonymous
Not applicable

Re: BSC-600 and MAC devices

Here's a guide that walks you through how to setup transparent 802.1X on the BSC. For documentation on ICU specifically, please refer to Apple.

Anonymous
Not applicable

Re: BSC-600 and MAC devices

I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily as well as award points to the users that helped you. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply