Manuals / National Instruments / Computer Equipment / Network Router

National Instruments WAP-3711 IEEE 802.1X/RADIUS AP mode only, NI WAP-3701/3711 User’s Manual

Models: WAP-3701 WAP-3711

1 47

Download 47 pages 51.22 Kb

Page 33

Sample MAC ACL file

NI WAP-3701/3711 User’s Manual		Web Console Configuration

Sample MAC ACL file

To download a MAC ACL file from a TFTP server:

1.Specify the IP address of the TFTP server in the TFTP server IP address text box.

2.Specify the name of the MAC ACL file on the TFTP server in the MAC ACL file name text box.

3.Click Download.

IEEE 802.1X/RADIUS (AP mode only)

IEEE 802.1X Port-Based Network Access Control is a new standard for solving some security issues associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key distribution. With IEEE 802.1X and the help of a RADIUS (Remote Authentication Dial-In User Service) server and a user account database, an enterprise or ISP (Internet Service Provider) can manage its mobile users’ access to its wireless LANs. Before being granted access to a wireless LAN supporting IEEE 802.1X, a user needs to issue his or her user name and password or digital certificate to the backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server can record accounting information, such as when a user logs on to the wireless LAN and logs off from the wireless LAN for monitoring or billing purposes.

The IEEE 802.1X functionality of the access point is controlled by the security mode. So far, the wireless access point supports two authentication mechanisms—EAP-MD5 (Message Digest version 5), EAP-TLS (Transport Layer Security). If EAP-MD5 is used, the user must give his or her user name and password for authentication. If EAP-TLS is used, the wireless client computer automatically gives the user’s digital certificate that is stored in the computer hard disk or a smart card for authentication. And after a successful EAP-TLS authentication, a session key is generated automatically for encrypting wireless packets sent between the wireless client computer and the associated wireless access point. In short, EAP-MD5 only supports user authentication, whereas EAP-TLS supports both user authentication and dynamic encryption key distribution.

3-19

Image 33

National Instruments WAP-3711 IEEE 802.1X/RADIUS AP mode only, NI WAP-3701/3711 User’s Manual, Web Console Configuration

Contents

First Edition, Sept NI WAP-3701/3711 User’s ManualTrademarks Copyright NoticeDisclaimer NI WAP-3701/3711 User’s ManualTable of Contents Appendix C Technical Support and Professional ServicesRegulatory Statement Appendix DIntroduction ‰ Overview ‰ Package Checklist ‰ Product Features‰ Product Specifications Product Features Package ChecklistProduct Specifications OverviewPower Software FeaturesNI WAP-3701/3711 User’s Manual Introduction‰ First-Time Installation and Configuration Getting Started‰ Deploying the Access Point AP ‰ Setting up Client Computers ‰ Confirming the Settings of the AP and Client ComputersStep 1 Select the Power Source First-Time Installation and ConfigurationStep 3 Set up the computer’s IP address Step 4 Use the web-based manager to configure the NI WAP-3701/3711Getting Started NI WAP-3701/3711 User’s Manualinstructions Step 5 Select the Operational Mode for NI WAP-3701/3711Step 7 Review and Apply Settings Step 6 Configure the NI WAP-3701/3711’s IEEE 802.11 settingsNI WAP-3701/3711 User’s Manual Getting StartedSetting up Client Computers Deploying the Access Point APConfiguring IEEE 802.11g-related Settings To adjust the alignments of a pair of bridges’ directional antennasConfiguring TCP/IP-related Settings Confirming the Settings of the AP and Client ComputersChecking if the IEEE 802.11g-related Settings Work Checking if the TCP/IP-related Settings Work3. Type “ping defaultgateway”, where defaultgateway is the IP address of the default gateway of the wireless client computer, and then press Enter. If the gateway responds, go to the next step otherwise, see Appendix B, “TCP/IP Settings Problems,” to troubleshoot the problem NI WAP-3701/3711 User’s ManualGetting Started ‰ Configuring TCP/IP-related Settings Web Console Configuration‰ Configuring IEEE 802.11g-related Settings ‰ Configuring Advanced SettingsWeb Console Configuration Menu StructureOverview NI WAP-3701/3711 User’s ManualAssociated Wireless Clients Save, Save & Restart, and Cancel ButtonsViewing Status Home and Refresh ButtonsSystem Log Current DHCP MappingsLink Monitor AP Client mode only Web Console ConfigurationSpecifying the Operational Mode General OperationsWeb Console Configuration NI WAP-3701/3711 User’s ManualManaging the Firmware Administrative PasswordUpgrading the Firmware by HTTP Web Console ConfigurationUpgrading Firmware by TFTP Backing up and Restoring Configuration Settings by HTTPWeb Console Configuration NI WAP-3701/3711 User’s ManualWeb Console Configuration NI WAP-3701/3711 User’s Manual6. Choose TFTP as the Firmware management protocol Web Console Configuration Backing up and Restoring Configuration Settings by TFTPNI WAP-3701/3711 User’s Manual 6. Choose TFTP as the Firmware management protocolResetting the Configuration to Factory Defaults Configuring TCP/IP-related SettingsAddressing Web Console ConfigurationBasic DHCP Server AP/Bridge modes onlyStatic DHCP Mappings Web Console ConfigurationCommunication Configuring IEEE 802.11g-related SettingsLink Integrity Web Console ConfigurationAssociation Control Wireless Distribution SystemAP Load Balancing Web Console ConfigurationSample wireless bridge network topology Web Console ConfigurationNI WAP-3701/3711 User’s Manual 3-14Web Console Configuration SecurityBasic NI WAP-3701/3711 User’s ManualBehavior of the “This AP Only” wireless client isolation option Web Console ConfigurationWhen AP 1 and AP 2 are using the “This AP Only” option, wireless traffic between STA 1 and STA 2 is blocked by AP 1, whereas wireless traffic between STA 2 and STA 3 which are associated with different APs is still allowed. If the “All APs in This Subnet” option is used as shown in the above figure, AP 1 and AP 2 communicate with each other via an inter-AP protocol to share their STA association information to block wireless traffic among all the STAs NI WAP-3701/3711 User’s Manualy Open System. No authentication, no data encryption Web Console ConfigurationNI WAP-3701/3711 User’s Manual Shared Key , and AutoWeb Console Configuration MAC-Address-Based Access Control2. Set the Access control type to exclusive 2. Set the Access control type to inclusiveWeb Console Configuration IEEE 802.1X/RADIUS AP mode onlyNI WAP-3701/3711 User’s Manual Sample MAC ACL fileInternet Web Console ConfigurationNI WAP-3701/3711 User’s Manual IEEE 802.1X and RADIUSPacket Filters Configuring Advanced SettingsEthernet Type Filters IP Protocol FiltersTCP/UDP Port Filters ManagementUPnP System LogWeb Console Configuration SNMPNI WAP-3701/3711 User’s Manual 3-23Setting Name Default SettingsDefault Value MAC-Address-Based Access ControlNI WAP-3701/3711 User’s Manual Default SettingsLAN Interface ManagementWireless Settings Problems TroubleshootingTroubleshooting TCP/IP Settings ProblemsInternet NI WAP-3701/3711 User’s ManualTroubleshooting Unknown ProblemsWireless Router/AP Browser NI WAP-3701/3711 User’s ManualTroubleshooting NI WAP-3701/3711 User’s Manualy The firmware of the AP may be stuck in an incorrect state Federal Communication Commission Interference Statement Regulatory StatementR&TTE Compliance Statement FCC Radiation Exposure StatementNI WAP-3701/3711 User’s Manual SafetyRegulatory Statement EU Countries Intended for UseTechnical Support and Professional Services NI AirWorks NI-WAP-3701/3711 User’s Manual Service InformationWorldwide Technical Support and Product Information National Instruments Corporate Headquarters