Trapeze-SmartPass

Your Price: Email us for pricing

Item Number: TRPZSP

Manufacturer: Trapeze Networks

Manufacturer Part No: TRPZSP

Click here to email us for pricing

SmartPass: Advanced access control with dynamic authorization for wireless clients and devices.

SmartPass is a software tool that gives IT managers full control over client access to the wireless LAN. Network managers can fine tune access and authorization on the wireless LAN to an extent never before possible, both for primary users on the network and for guests. With SmartPass, you not only permit or deny access, but can also change authorization attributes – what resources the user has access to – on the fly, based on changing conditions.

SmartPass is an entire software platform and ecosystem, which works seamlessly with other Trapeze components such as the LA-200 Location Appliance and the award-winning RingMaster network management suite. It is also designed to work with external applications such as credit card billing systems, guest registration systems, facility management systems, and custom reporting systems.

Dynamic Authorization
SmartPass works with your other networking infrastructure equipment such as RADIUS to enable you to change access to network resources for users based on dynamically changing conditions or events. Such conditions include the user’s physical location or change in location, the user’s SSID (wireless network name), after roaming to a new access point, or based on meeting certain conditions from RADIUS accounting, such as session life or amount of traffic passed. A user’s access privileges can be adjusted during the middle of a networking session if desired.

Access Control Rules
SmartPass introduces sophisticated Access Control Rules (ACRs) to enact dynamic authorization. With ACRs the IT manager has extensive flexibility over how they control and change access for a user. Using a standardsbased approach (RFC 3576) SmartPass augments the existing RADIUS server to change the client’s access to various network resources based on location, time of day, identity of user, SSID, VLAN, and accounting data, and more.

SmartPass can change authorization attributes even during active networking sessions, and invoke ACRs on demand, via the API from another application, or by time or date via the built-in scheduler.

Location Integration
SmartPass integrates seamlessly with the Trapeze LA-200 Location Appliance to provide access control and dynamic authorization based on a user’s physical location. The LA-200 provides real time location positioning for any Wi-Fi device accurate to within three meters. SmartPass adds location information to the user’s RADIUS accounting data enabling the network manager to invoke policies such as accept/deny, change bandwidth, or change allowed resources based on the physical location or “locale” of the client.

Guest Access
As with previous version of SmartPass, it provides industry leading guest access functionality with precise guest access control by timeof- day, day-of-week, date range, and duration. SmartPass includes pre-defined profiles templates for different types of guests including guest passes for 1 hour, 12 hour, 24 hour, 5 days, 5 days - Business Hours only, and the ability to create custom templates. SmartPass provides the ability to create guest accounts in bulk, with intuitive or random usernames (passwords are always random). A pre-existing list of usernames can be imported.

While providing rich functionality for IT, SmartPass also makes it easy for non-technical front desk staff to use the system. They are given provisioner access which allows them to create guest passes, but unlike other guest systems carries no risk to the integrity of production network. No provisioner has access to WLAN controllers or other networking gear. The provisioner needs no networking knowledge. They can be assigned only certain guest types to manage, and can manage only the guest accounts they created. With up to 10,000 users per SmartPass server, it’s ideal for conventions, universities, and large enterprise.

Open APIs for System Integration
SmartPass ships with published, open, standards- based, Web-based open Application Programming Interfaces (APIs) to make it easy to integrate its functionality with other systems. Likely 3rd party applications for such integration include credit card billing systems, facility management systems, hospitality registration systems, IPS/IDS systems and custom reporting systems.

RADIUS Accounting and Reporting
SmartPass uses standards-based RADIUS accounting to calculate and utilize per user statistics including lifetime session counts and total traffic passed for session. Reports can be generated based on these statistics in SmartPass or from a 3rd party application.

Setting up Access Control Rules
To set up an ACR, the IT manager would first name the rule, then construct match filters based on any combination of SSID, User Name pattern (e.g. domain\username), physical location, and other criteria. Next, IT determines the actions to take against the matched sessions, such as changing the authorization attributes or disconnecting the user. Next, they decide what event should trigger the insession update, such as client roam, location change or RADIUS accounting update. Finally, IT decides when and how the ACRs should be invoked, whether they should happen automatically upon meeting the conditions, or scheduled to run at set times.

Easy to Use for Non-technical Staff
Guest access is one of the most prevalent applications of wireless networking. But due to limitations and complexity of current guest access solutions, most enterprises deploy wireless guest access with little or no control over who is using it—or when, where, and how it is being used. In contrast, SmartPass is so easy to use, it allows you to offload provisioning to non-IT staff, and avoid it becoming a disruptive network administrator chore. A highly intuitive, easy-to-use interface completely shields front-desk personnel from the underlying complexities of network access control. Non-technical staff — such as receptionists and clerks — can easily and quickly provision guest access accounts without any networking knowledge. The provisioning user can also print the guest access credentials, along with other information such as usage disclaimers, using a customizable template with graphics.

Scalable Centralized Architecture
Different from other solutions, which write each guest account to every WLAN controller’s local database, SmartPass uses a centralized guest account database. While other solutions actually change controller configurations—by adding, modifying, or deleting guest credentials on individual WLAN controllers throughout the network—SmartPass never stores guest data to any WLAN controller. This centralized approach is not only cleaner and more efficient, but also prevents potentially harmful configuration changes from being made to critical network hardware by individuals with no domain expertise, and ensures that all access security operates independently of which controllers are in service.

Key Applications
The applications for such granular and dynamic access control are unlimited but are illustrated in the following examples.

Prevent Students from Cheating
A professor giving a test from 2pm - 3pm in Classroom 230, has the ability to change wireless access for students instantly to deny access to the Internet during that time from that specific location. At the professors’ option, the students could still have access to relevant classroom materials on the LAN.

Restrict Corporate Guest Access
A large company wants to provide a hired consultant access to the Internet and certain LAN resources but only while working in an assigned building or areas of the building. If the consultant tries to access the network from another location, he will be denied access even with valid log-in credentials.

Lock-Down Bandwidth Abuser
A user on the network is consuming an excessive amount of bandwidth. After a set traffic threshold is crossed within a set period of time, SmartPass throttles down bandwidth and priority for that user. For example, a rule can be set that for any given user, after 10 MB of download in any given hour, the user is restricted to only 100 Kbps maximum. graphics.

Extra Security for Sensitive Networks
All users can be prevented from accessing the network from unauthorized locations even with legitimate credentials. This adds an extra layer of security against offsite attackers who may have stolen legitimate credentials, e.g., “the parking lot hacker”.