Symbol Technologies WS 2000 manual Field Office Example

Page 111

A Field Office Example

Chapter 7. A Field Office Example

Background

Leo is the network administrator, system administrator, and IT professional for a field office with 60 employees. The users include sales people, sales engineers, office administration and customer support people. All of the sales personnel have laptops and many of them have personal digital assistants (PDAs).

The office is connected to the Internet and to Corporate through a frame relay link. Between the office network and the frame relay, there is a router and a virtual private network (VPN) appliance. The VPN appliance encrypts all traffic to Corporate. Traffic to other addresses passes straight through.

Leo installed a wireless access point about six months ago and quickly found that many employees preferred to use it. However, the throughput of the lone unit was not enough to service 40 or so users and coverage was weak in many areas of the building. In addition, Leo was doing user authentication by maintaining a list of permissible user MAC addresses on the access point. This required modifications to the list once or twice a week. Recently, when a laptop was stolen, Leo could not determine which MAC address to remove from the list for several hours. He concluded that he needed to use a better method of user authentication. Also, the data encryption on the old access point was WEP and WEP encryption can be broken with several hours of data encrypted with the same key. Leo changes the key every week, but some users complain when last week’s key does not work anymore.

Leo has decided to upgrade to a WS 2000 wireless switch. He will have four Access Ports, one in the administration office area, one in the sales office area, one in the sales engineering area, and one in the engineers’ demonstration room. Throughput and coverage will increase significantly. Leo will convert to 802.1x/EAP-TTLS user authentication through the corporate RADIUS server and convert to WPA encryption, improving security considerably and reducing maintenance significantly.

The following links show the tasks that Leo will carry out to complete the wireless upgrade.

The Plan

Configuring the System Settings

Configuring the LAN

Configuring the WAN

Setting up NAT

Confirming the Firewall

Adopting the Access Ports

Configuring the WLANs

Configuring the Access Ports

Specify Subnet Access

Install Access Ports and Test

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

111

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 110 Page 112
Image 111
Page 110 Page 112
Contents WS 2000 Wireless Switch Version System Reference72E-67701-01 Rev a March Patents CopyrightTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 WS 2000 Wireless Switch System Reference Guide About this DocumentDocument Conventions Firewall Security Management of Access PortsWireless LAN Wlan Security System OverviewTechnical Specifications Physical SpecificationsHardware Overview Environmental Specifications Operating System OS ServicesCell Controller Services Power SpecificationsGateway Services 802.11b Support 802.11a SupportAccess Ports Gateway Services WS 2000 Wireless Switch FirewallNetwork Address Translation NAT Overview Layer 3 RoutingSnmp Management Support Dhcp Client and Server802.1x with Radius Authentication WEP 64 40-bit keyWEP 128 104-bit Key Kerberos Authentication 802.1x with Shared Key AuthenticationKeyGuard-MCM Support Wireless Protected Access WPAInstalling the Switch Set up Communication to the SwitchGetting Started Overview Getting Started Overview Changing the Administrator Password Configuring the Switch Configure the LAN InterfaceField Description Defining the SubnetsInterfaces Configure SubnetsDhcp Configuration Advanced Dhcp Settings Communicating with the Outside World Configure the WAN InterfaceSetting Up Point-to-Point over Ethernet PPPoE Communication Chap Enable Wireless LANs WLANsWireless Summary Area Access Port Adoption Configure WLANsConfigure Wlan Security Field Description NameSubnet 802.1x EAP Authentication Setting the Authentication MethodSetting the Encryption Method Kerberos AuthenticationConfiguring WEP Encryption Configuring WPA-TKIP Configure Wlan Security No Encryption KeyGuard-MCMMobile Unit Access Control List ACL Configure Access PortsConfigure Access Ports Name Configure Subnet AccessYellow Access Overview TableAccess Exception Area Color Access Type Description GreenHttp Protocol Transport Description Port UsedALL Transport DescriptionWLAN-How to Configure Advanced Settings Advanced ConfigurationWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Dtim Period Beacon IntervalWLAN-Advanced Access Port Settings Primary WlanSecurity Beacon WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Always On Firewall Filters Gateway-How to Configure the WS 2000 FirewallConfigurable Firewall Filters Mime Flood Attack Check Gateway-How to Configure Static RoutesRIP Setting the RIP ConfigurationDefining Routes No RIPNone Security-How to Configure 802.1x EAP AuthenticationRIP v2 CompatSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server Location Description Switch SettingsWS 2000 Wireless Switch LED Functions OverviewChanging the Name of the Switch Location field Change the Location and Country Settings of the WSUpdating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless SwitchPerforming the Firmware Update Checking for and Downloading Firmware updatesExporting and Importing Wireless Switch Settings System ConfigurationTo Import or Export Settings to an FTP Site To Import Settings to a Local FileTo Export Settings to a Local File How to Restore Default Configuration Settings Property Value Setting Up Snmp v1/v2c Community Definitions Remote AdministrationHow to Configure Snmp Traps Setting the Snmp Version ConfigurationAuthPriv Setting Up Snmp v3 Community DefinitionsNoAuth AuthNoPrivSetting the Trap Configuration Setting Up the Access Control ListCold Start AuthenticationConfiguration Trap Trap Name Generates a Trap when… CategorySetting the Trap Configuration for Snmp v1/v2c Setting the Trap Configuration for Snmp Configure Administrator AccessAccess Port Description Configure Management AccessStatistics and Logs Access Port StatisticsSetup AirBEAM Software Access Changing the Administrator and Manager PasswordsGeneral Access Port Information Associated Mobile Units Received and Transmitted TablesSubnet Statistics Transmitted Description Field Received Field DescriptionInterfaces WAN StatisticsReceived Field Description Viewing the Log on the Switch Setting Up and Viewing the System LogSetting Up a Log Server Background Retail Use CasesPlan Contacting the Wireless Switch Configuring the System SettingsEntering the Basic System Settings Setting Access Control Configuring the Subnets IP Address PlanSubnet IP Address Range For each subnet Configuring POS SubnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Inspecting the Firewall Configuring the Access PortsSetting Access Port Defaults Switch Port Connected toNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the Cafe Wlan Configuring the WLANsName Printer Configuring the Printer WlanFor the POS WLAN, she makes the following choices Configuring the POS WlanSetting Subnet Access Retail Use Cases Client IP Address Subnet Mask Gateway Port Testing ConnectionsConfiguring the Clients Wireless Authentication Encryption ChannelField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the Engineering LAN Configuring the LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Adoption List Label Confirm Firewall ConfigurationAdopting Access Ports MAC Address LocationField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents