H OT S POT G ATEWAY ™22 IntroductionPort MappingThis feature allows the network administrator to setup a port mapping scheme thatforwards packets received on a specific port to a particular static IP (typically privateand misconfigured) and port number on the subscriber side of the NSE. Theadvantage for the network administrator is that free private IP addresses can be usedto manage devices (such as Access Points) on the subscriber side of the NSE withoutsetting them up with Public IP addresses.RADIUS-driven Auto ConfigurationNomadix’ unique RADIUS-driven Auto Configuration functionality utilizes theexisting infrastructure of a mobile operator to provide an effortless and rapid methodfor configuring devices for fast network roll-outs. Once configured, this methodologycan also be effectively used to centrally manage configuration profiles for allNomadix devices in the public access network.Two subsequent events drive the automatic configuration of Nomadix devices:1. A flow of RADIUS Authentication Request and Reply messages betweenthe Nomadix gateway and the centralized RADIUS server that specifies thelocation of the meta configuration file (containing a listing of the individualconfiguration files and their download frequency status) are downloadedfrom an FTP server into the flash of the Nomadix device.2. Defines the automated login into the centralized FTP server and the actualdownload process into the flash.Optionally, the RADIUS authentication process and FTP download can be secured bysending the traffic through a peer-to-peer IPSec tunnel established by the Nomadixgateway and terminated at the NOC (Network Operations Center). See also, “SecureManagement” on page 23.RADIUS ClientNomadix offers an integrated RADIUS (Remote Authentication Dial-In UserService) client with the NSE allowing service providers to track or bill users based onthe number of connections, location of the connection, bytes sent and received,connect time, etc. The customer database can exist in a central RADIUS server, alongwith associated attributes for each user. When a customer connects into the network,the RADIUS client authenticates the customer with the RADIUS server, appliesassociated attributes stored in that customer's profile, and logs their activity(including bytes transferred, connect time, etc.). The NSE's RADIUS implementationalso handles vendor specific attributes (VSAs), required by WISPs that want toenable more advanced services and billing schemes, such as a per device/per monthconnectivity fee. See also, “RADIUS Proxy” on page 23.
