A CCESS GATEWAYIntroduction 17 Support EAP authenticators (for example, WLAN APs) on the subscriber-side of theNSE to transparently proxy all EAP types (TLS, SIM, etc.) and to allow for thedistribution of per-session keys to EAP authenticators and supplicants.Complementing the RADIUS Proxy functionality is the ability to route RADIUS messagesdepending on the Network Access Identifier (NAI). Both prefix-based (for example, ISP/username@ISP.net) and suffix-based (username@ISP.net) NAI routing mechanisms aresupported. Together, the RADIUS Proxy and Realm-Based Routing further support thedeployment of the Wholesale Wi-Fi™ model allowing multiple providers to service onelocation. See also, RADIUS Client.Realm-Based RoutingRealm-Based Routing provides advanced NAI (Network Access Identifier) routingcapabilities, enabling multiple service providers to share a HotSpot location, further supportinga Wi-Fi wholesale model. This functionality allows users to interact only with their chosenprovider in a seamless and transparent manner.Remember Me and RADIUS Re-AuthenticationThe NSE’s Internal Web Server (IWS) stores encrypted login cookies in the browser toremember logins, using usernames and passwords. This “Remember Me” functionality createsa more efficient and better user experience in wireless networks.The RADIUS Re-Authentication buffer has been expanded to 720 hours, allowing an evenmore seamless and transparent connection experience for repeat users.Secure ManagementThere are many different ways to configure, manage and monitor the performance and up-timeof network devices. SNMP, Telnet, HTTP and ICMP are all common protocols to accomplishnetwork management objectives. And within those objectives is the requirement to provide thehighest level of security possible.While several network protocols have evolved that offer some level of security and dataencryption, the preferred method for attaining maximum security across all network devices isto establish an IPSec tunnel between the NOC (Network Operations Center) and the edgedevice (early VPN protocols such as PPTP have been widely discredited as a secure tunnelingmethod).As part of Nomadix’ commitment to provide outstanding carrier-class network managementcapabilities to its family of public access gateways, we offer secure management through theNSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption.Establishing the IPSec tunnel not only allows for the secure management of the Nomadix
