Symbol Technologies WS 2000 manual Plan

Page 87

Retail Use Cases

The Plan

Clarisa is the employee assigned to implement the new network in San Jose. She needs three very different security policies. Wireless security policies are part of a WLAN configuration, so she will need three different WLANs.

WLAN #1: Confidential information, such as credit card numbers and customer purchases, will travel over the links to wireless POS terminals. For these, she wants the strongest security measures possible. The two components of a wireless security policy are user authentication and data encryption. The corporation has a RADIUS server for user authentication and it is a logical choice for this application. If the corporation did not have a RADIUS server, an alternative would have been to install Kerberos on the in- store server and use Kerberos user authentication. As for data encryption, WEP is not secure enough for this traffic. A survey of the wireless POS terminals reveals that they all support WPA-TKIP, so Clarisa will use WPA-TKIP for data encryption.

WLAN #2: The wireless printers are difficult to misuse - no keyboards - and the data stream to them does not include any information that needs strong encryption. On this WLAN, Clarisa can limit user access by limiting connections to just those devices have their MAC addresses entered in the switch. The data will be WEP encrypted.

WLAN #3: In the cafe, Clarisa wants an open network - no authentication or encryption. She believes that otherwise the support problems will be too difficult. But management wants to be absolutely certain that users of the cafe net cannot get access to the store computers or POS terminals. The WS 2000 allows the administrator to restrict access from one subnet to another, so Clarisa will create a subnet that is just for WLAN #3, and then restrict access from that subnet to the other subnets.

This plan covers all of the wireless devices — the POS terminals, the printers, and the customer laptops — except the wireless handheld terminals. Clarisa decides to put them on the WLAN with the POS terminals.

There are also some conventional, 100baseT wired devices to consider. There is the store server and two wired POS terminals. Clarisa will put all of these on the 100baseT ports on the WS 2000.

To keep things simple, Clarisa decides to define one subnet for each WLAN and assign one Access Port to each WLAN. The wired devices will be part of the POS subnet.

The WS 2000 will connect to the Internet through a DSL line.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

87

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 86 Page 88
Image 87
Page 86 Page 88
Contents WS 2000 Wireless Switch Version System Reference72E-67701-01 Rev a March Patents CopyrightTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 WS 2000 Wireless Switch System Reference Guide About this DocumentDocument Conventions Firewall Security Management of Access PortsWireless LAN Wlan Security System OverviewTechnical Specifications Physical SpecificationsHardware Overview Environmental Specifications Operating System OS ServicesCell Controller Services Power SpecificationsGateway Services 802.11b Support 802.11a SupportAccess Ports Gateway Services WS 2000 Wireless Switch FirewallNetwork Address Translation NAT Overview Layer 3 RoutingSnmp Management Support Dhcp Client and Server802.1x with Radius Authentication WEP 64 40-bit keyWEP 128 104-bit Key Kerberos Authentication 802.1x with Shared Key AuthenticationKeyGuard-MCM Support Wireless Protected Access WPAInstalling the Switch Set up Communication to the SwitchGetting Started Overview Getting Started Overview Changing the Administrator Password Configuring the Switch Configure the LAN InterfaceField Description Defining the SubnetsInterfaces Configure SubnetsDhcp Configuration Advanced Dhcp Settings Communicating with the Outside World Configure the WAN InterfaceSetting Up Point-to-Point over Ethernet PPPoE Communication Chap Enable Wireless LANs WLANsWireless Summary Area Access Port Adoption Configure WLANsConfigure Wlan Security Field Description NameSubnet 802.1x EAP Authentication Setting the Authentication MethodSetting the Encryption Method Kerberos AuthenticationConfiguring WEP Encryption Configuring WPA-TKIP Configure Wlan Security No Encryption KeyGuard-MCMMobile Unit Access Control List ACL Configure Access PortsConfigure Access Ports Name Configure Subnet AccessYellow Access Overview TableAccess Exception Area Color Access Type Description GreenHttp Protocol Transport Description Port UsedALL Transport DescriptionWLAN-How to Configure Advanced Settings Advanced ConfigurationWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Dtim Period Beacon IntervalWLAN-Advanced Access Port Settings Primary WlanSecurity Beacon WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Always On Firewall Filters Gateway-How to Configure the WS 2000 FirewallConfigurable Firewall Filters Mime Flood Attack Check Gateway-How to Configure Static RoutesRIP Setting the RIP ConfigurationDefining Routes No RIPNone Security-How to Configure 802.1x EAP AuthenticationRIP v2 CompatSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server Location Description Switch SettingsWS 2000 Wireless Switch LED Functions OverviewChanging the Name of the Switch Location field Change the Location and Country Settings of the WSUpdating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless SwitchPerforming the Firmware Update Checking for and Downloading Firmware updatesExporting and Importing Wireless Switch Settings System ConfigurationTo Import or Export Settings to an FTP Site To Import Settings to a Local FileTo Export Settings to a Local File How to Restore Default Configuration Settings Property Value Setting Up Snmp v1/v2c Community Definitions Remote AdministrationHow to Configure Snmp Traps Setting the Snmp Version ConfigurationAuthPriv Setting Up Snmp v3 Community DefinitionsNoAuth AuthNoPrivSetting the Trap Configuration Setting Up the Access Control ListCold Start AuthenticationConfiguration Trap Trap Name Generates a Trap when… CategorySetting the Trap Configuration for Snmp v1/v2c Setting the Trap Configuration for Snmp Configure Administrator AccessAccess Port Description Configure Management AccessStatistics and Logs Access Port StatisticsSetup AirBEAM Software Access Changing the Administrator and Manager PasswordsGeneral Access Port Information Associated Mobile Units Received and Transmitted TablesSubnet Statistics Transmitted Description Field Received Field DescriptionInterfaces WAN StatisticsReceived Field Description Viewing the Log on the Switch Setting Up and Viewing the System LogSetting Up a Log Server Background Retail Use CasesPlan Contacting the Wireless Switch Configuring the System SettingsEntering the Basic System Settings Setting Access Control Configuring the Subnets IP Address PlanSubnet IP Address Range For each subnet Configuring POS SubnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Inspecting the Firewall Configuring the Access PortsSetting Access Port Defaults Switch Port Connected toNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the Cafe Wlan Configuring the WLANsName Printer Configuring the Printer WlanFor the POS WLAN, she makes the following choices Configuring the POS WlanSetting Subnet Access Retail Use Cases Client IP Address Subnet Mask Gateway Port Testing ConnectionsConfiguring the Clients Wireless Authentication Encryption ChannelField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the Engineering LAN Configuring the LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Adoption List Label Confirm Firewall ConfigurationAdopting Access Ports MAC Address LocationField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents