A CCESS G ATEWAY18 Introductiongateway using any preferred management protocol, but also the secure management of thirdparty devices (for example, WLAN Access Points and 802.3 switches) on private subnets onthe subscriber side of the Nomadix gateway. See also, Defining IPSec Tunnel Settings.Two subsequent events drive the secure management function of the Nomadix gateway and thedevices behind it:1. Establishing an IPSec tunnel to a centralized IPSec termination server (for example, NortelContivity). As part of the session establishment process, key tunnel parameters areexchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).2. The exchange of management traffic, either originating at the NOC or from the edgedevice through the IPSec tunnel. Alternatively, AAA data such as RADIUSAuthentication and Accounting traffic can be sent through the IPSec tunnel. See also,RADIUS-driven Auto Configuration.The advantage of using IPSec is that all types of management traffic are supported, includingthe following typical examples: ICMP - PING from NOC to edge devices Telnet - Telnet from NOC to edge devices Web Management - HTTP access from NOC to edge devices SNMP SNMP GET from NOC to subscriber-side device (for example, AP) SNMP SET from NOC to subscriber-side device (for example, AP) SNMP Trap from subscriber-side device (for example, AP) to NOCSecure Socket Layer (SSL)This feature allows for the creation of an end-to-end encrypted link between your NSE-powered product and wireless clients by enabling the Internal Web Server (IWS) to displaypages under a secure link—important when transmitting AAA information in a wirelessnetwork when using RADIUS.SSL requires service providers to obtain digital certificates to create HTTPS pages.Instructions for obtaining certificates are provided by Nomadix.Secure XML APIXML (eXtensible Markup Language) is used by the subscriber management module for useradministration. The XML interface allows the NSE to accept and process XML commandsfrom an external source. XML commands are sent over the network to your NSE-poweredproduct which executes the commands, and returns data to the system that initiated the
