VLANs and Security Profiles | Proxim AP-4000 guide

Advanced Configuration

AP-4000 Series User Guide

SSID/VLAN/Security

VLANs and Security Profiles

The AP-4000/4000M/4900M allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID. During installation, the Setup Wizard prompts you to configure a Primary Network Name for each wireless interface.

After initial setup and once VLAN is enabled, the AP can be configured to support up to 16 SSIDs per wireless interface to segment wireless networks based on VLAN membership.

Each VLAN can associated to a Security Profile and RADIUS Server Profiles. A Security Profile defines the allowed wireless clients, and authentication and encryption types. See the following sections for configuration details.

Configuring Security Profiles

Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled on the AP, the user can configure a security profile for each interface of the AP. When VLANs are enabled and Security per SSID is enabled, the user can configure a security profile for each VLAN.

The user defines a security policy by specifying one or more values for the following parameters:

•Wireless STA types (WPA station, 802.11i (WPA2) station, 802.1x station, WEP station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.

•Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to authenticate clients for each type of station.

•Cipher Suites (CCMP, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.

Up to 16 security profiles can be configured per wireless interface.

NOTE: Mesh security is configured on the Mesh (AP-4000M/AP-4900M Only) tab.

1.Click Configure > SSID/VLAN/Security > Security Profile.

Figure 4-41 Security Profile Configuration

119

Image 119

Proxim AP-4000 manual VLANs and Security Profiles, Configuring Security Profiles

Contents

ORiNOCO AP-4000 Series Access Points User Guide AP-4000 Series User Guide CopyrightTrademarks OpenSSL License Note Contents Contents AP-4000 Series User Guide System Status 4 Advanced Configuration Monitoring CommandsTroubleshooting Recovery Procedures Command Line Interface CLI Technical Support Ascii Character Chart C SpecificationsStatement of Warranty Regulatory Compliance Product Description Products Covered in this User GuideDocument Conventions Introduction AP-4000 Series User Guide Introduction to Wireless Networking Mesh Network Convergence Mesh Networking AP-4000M/4900M Only Mesh Startup Topology Example Step Mesh Network Configuration Guidelines for Roaming HTTP/HTTPS Interface Ieee 802.11 SpecificationsCommand Line Interface Management and Monitoring Capabilities SNMPv3 Secure Management Snmp Management SSH Secure Shell Management Overview AP-4000 Series Hardware Description External Antennas Antennas GHz Antenna Installation and Initialization AP-4000 Series User GuideActive Ethernet LED Indicators on the AP-4000/4000M/4900M Top Panel LED Indicators General Prerequisites Prerequisites Mesh Prerequisites System Requirements Product Package Cabling the AP-4000/4000M/4900M Hardware InstallationRequired Materials Mounting the AP-4000/4000M/4900M Installing the Security Cover Mounting the AP-4900M in a Vehicle Mounting the AP-4000/4000M/4900M to a Ceiling Opening the Antenna Compartment Installing External Antennas Attaching Antennas to the AP-4900M for 4.9 GHz Operation Installing the AP in a PlenumPage ScanTool Instructions Using ScanToolInitialization Scan List Select Tools Internet Options Click LAN SettingsLogging 11 Enter Network Password 12 System Status Screen Using the Setup WizardPage Download the Software Installing the Software Click Commands Update AP via Http Install Software with Http Interface Install Software with Tftp Server Click Commands Reboot Related Topics Install Updates from your Tftp Server using the CLI System Status Advanced Configuration Configure Main Screen Advanced Configuration AP-4000 Series User Guide Dynamic DNS Support SystemPage Network IP Configuration Advanced Dhcp ServerDNS Client Comment optional Advanced Configuration AP-4000 Series User Guide NetworkStart IP Address End IP Address Dhcp Relay Agent Dhcp Server IP Address Table Dhcp Relay Agent Target IP Address Comment optional Link Integrity Sntp Simple Network Time Protocol Link Integrity Configuration Screen Sntp Configuration Screen Advanced Configuration AP-4000 Series User Guide Network Interfaces Operational Mode Ieee 802.11d Support for Additional Regulatory Domains Advanced Configuration AP-4000 Series User Guide InterfacesSuper Mode and Turbo Mode Configuring TX Power Control Configuring 802.11d SupportTX Power Control/Transmit Power Level 10 Wireless Interface a Wireless-A 802.11a Radio and Wireless-B 802.11b/g Radio Advanced Configuration AP-4000 Series User Guide Interfaces Dynamic Frequency Selection/Radar Detection DFS/RD RTS/CTS Medium Reservation Wireless Service StatusAffected Countries Channel Blacklist Table Traps Generated During Wireless Service Shutdown and ResumeClick on Configure Interfaces Wireless a or Wireless B 13 WDS Example Bridging WDS WDS Setup Procedure 15 Adding WDS Links Ethernet 16 Ethernet Sub-tab 17 Mesh Sub-tab AP-4000M/AP-4900M Mesh AP-4000M/AP-4900M Only 18 Mesh Sub-tab AP-4000 Mesh Software Kit Management Passwords Secure Management IP Access TableServices Accessing the AP through the Https interface Advanced Configuration AP-4000 Series User Guide ManagementHttps Access Secure Socket Layer 19 Management Services Configuration Screen SSH Clients SSH Session SetupConfiguring SSH Uploading Externally Generated Host Keys Click Commands Update AP via Http or via Tftp Radius Based Management Access Serial Configuration Settings Set up Automatic Configuration for Static IP Automatic Configuration AutoConfigAuto Configuration and the CLI Batch File Set up Automatic Configuration for Dynamic IP 21 Automatic Configuration Screen 22 Dhcp Options Setting the Boot Server Host Name Hardware Configuration Reset Chrd Click Configure Management Chrd Configuration Reset via Serial Port During BootupConfiguring Hardware Configuration Reset Procedure to Reset Configuration via the Serial Interface Select the Filter Operation Type FilteringEthernet Protocol Static MAC Advanced Configuration AP-4000 Series User Guide Filtering Wireless MAC Address 0020A6124E38 Wired MAC Address 0040F41CDB6AWireless MAC Address 00022D5194E4 Wired MAC Address Click Add under the TCP/UDP Port Filter Table heading AdvancedTCP/UDP Port Number Click Edit under the TCP/UDP Port Filter Table heading Editing TCP/UDP Port Filters Groups Alarms Operational Trap Group Trap Name Description Severity Level Security Trap Group Trap Name Description Severity Level Flash Memory Trap Group Trap Name Description Severity Level Trap Name Description Severity Level Generic Trap Group Trap Name Description Severity Level Tftp Trap Group Trap Name Description Severity LevelImage Trap Group Trap Name Description Severity Level Sntp Trap Group Trap Name Description Severity Level RFC 1215-Trap Trap Name Description Severity Level Alarm Host Table Event Priority Description Configuring Syslog Event NotificationsSyslog Syslog Message Name Priority Severity Description Advanced Configuration AP-4000 Series User Guide AlarmsSyslog Messages Advanced Configuration AP-4000 Series User Guide Rogue Scan Multi-Band Scanning Continuous Scanning ModeBackground Scanning Mode Rogue Scan Click Configure Alarms Rogue ScanRogue Scan Data Collection 28 Rogue Scan Screen Spanning Tree Bridge Storm Threshold Advanced Configuration AP-4000 Series User Guide Bridge Packet Forwarding Configuring Interfaces for Packet ForwardingIntra BSS Enabling QoS and Adding QoS policies Wireless Multimedia Extensions WME/Quality of Service QoSClick Configure QoS Policy QoS 101 Advanced Configuration AP-4000 Series User Guide QoSEnter the Priority Mapping Index 102 Click Configure QoS Priority MappingPriority Mapping 103 Enhanced Distributed Channel Access EdcaSTA Edca Table and AP Edca Table 104 Click Configure QoS Edca 105 106 Radius Servers per Authentication Mode and per VlanRadius Profiles 107 Configuring Radius ProfilesRadius Servers Enforcing Vlan Access Control 108 109 37 Add Radius Server Profile Session Length MAC Access Control Via Radius Authentication802.1x Authentication using Radius Radius Accounting 111 Authentication AttributesAccounting Attributes 112 113 SSID/VLAN/SecurityVlan Overview 114 Management Vlan Typical User Vlan ConfigurationsControl Access to the AP Click Configure SSID/VLAN/Security Mgmt Vlan Security Profile Provide Access to a Wireless Host in the Same WorkgroupDisable Vlan Tagging 117 Authentication ProcessWi-Fi Protected Access WPA/802.11i WPA2 118 Authentication Protocol Hierarchy VLANs and Security Profiles Configuring Security ProfilesClick Configure SSID/VLAN/Security Security Profile WPA Station Non Secure StationWEP Station 802.1x Station 121 802.11i-PSK Station 42 Security Profile Table Add Entries 122 123 MAC AccessWireless-A or Wireless-B 124 Configuring an SSID/VLAN with Vlan Tagging Disabled 125 45 SSID/VLAN Edit Entries Screen Vlan Tagging Disabled 126 Configuring SSID/VLANs with Vlan Tagging EnabledClick SSID/VLAN/Security Wireless-A or Wireless-B 127 47 SSID/VLAN Edit Entries Screen Vlan Tagging Enabled 128 Broadcast Ssid and Closed System 129 Monitor Main Screen Monitoring AP-4000 Series User Guide Version Icmp Monitoring Tab IP/ARP Table Learn Table Monitoring Tab Learn Table Radius 134 135 Monitoring AP-4000 Series User Guide Interfaces 136 137 Station Statistics Monitoring AP-4000 Series User Guide Station Statistics Mesh Statistics 139 Introduction to File Transfer via Tftp or Http 140 Image Error Checking During File TransferTftp File Transfer Guidelines Http File Transfer Guidelines 141 Update APUpdate AP via Tftp Commands AP-4000 Series User Guide 142 Update AP via HttpCommands AP-4000 Series User Guide Update AP 143 Commands AP-4000 Series User Guide Retrieve FileRetrieve File Retrieve File via Tftp 144 Retrieve File via Http Retrieve File via Http Command Screen Commands AP-4000 Series User Guide Reboot RebootReset Help Link 13 Help Link Configuration Screen 147 AP Unit Will Not Boot No LED Activity Troubleshooting ConceptsSymptoms and Solutions Connectivity Issues Basic Software Setup and Configuration Problems Client Connection Problems Active Ethernet AE Vlan Operation Issues Forced Reload Procedure Recovery ProceduresReset to Factory Default Procedure 153 Download a New Image Using ScanToolDownload Procedure Preparing to Download the AP Image 154 Download a New Image Using the Bootloader CLI Attaching the Serial Port Cable Setting IP Address using Serial PortInitializing the IP Address using CLI Hardware and Software Requirements 156 Radius Authentication ServerRelated Applications 157 Tftp Server Important Terminology General NotesPrerequisite Skills and Knowledge Notation Conventions Key Combination Operation CLI Error MessagesError Message Description Navigation and Special Keys 160 Command Line Interface CLI VariationsBootloader CLI Command Line Interface CLI AP-4000 Series User Guide Example 1. Display Command list CLI Command TypesOperational CLI Commands Example 3a. Display every parameter that can be changed Example 2. Display specific CommandsExample 3. Display parameters for set and show Download Example 3b. Display parameters based on letter sequenceExample 4. Display Prompts for Successive Parameters Done, exit, quit 164 HelpHistory Passwd 165 Parameter Control CommandsShow CLI Command Search Examples Set CLI CommandConfiguring Objects that Require Reboot Set and show Command Examples Example 3 Modify a table entry or row Example 1 Set the Access Point IP Address ParameterExample 4 Enable, Disable, or Delete a table entry or row Example 2 Create a table entry or row 168 Example 5 Show the Group ParametersExample 6 Show Individual and Table Parameters 169 Using Tables and StringsUsing Strings Working with Tables Log into the AP using Telnet Configuring the AP using CLI commandsSet Basic Configuration Parameters using CLI Commands Log into the AP using HyperTerminal 171 Change PasswordsSet Network Names for the Wireless Interface Set System Name, Location and Contact Information 172 Country Code 173 Configure SSIDs Network Names, VLANs, and Profiles 174 Download an AP Configuration File from your Tftp ServerBackup your AP Configuration File Set up Auto Configuration Configure the DNS Client Other Network SettingsConfigure the AP as a Dhcp Server Autochannel Select ACS Operational Mode Enable/Disable Turbo Mode 802.11a/g only Enable/Disable Closed SystemShutdown/Resume Wireless Service Enable/Disable Super Mode 802.11a/g only Set the Distance Between APs Edit Management IP Access TableConfigure Management Ports Set Communication Ports Configure Secure Socket Layer HttpsSet Telnet Session Timeouts Configure Serial Port Interface Add an Entry to the MAC Access Control Table Create/Enable WDSEnable/Disable WDS Setup MAC Address Access Control 181 Configure Radius Authentication serversSet Radius Parameters 182 Set Hardware Configuration Reset Parameters Configure a Security Profile with WEP Security Mode Enable Vlan ManagementDisable Vlan Management Configure a Security Profile with Non Secure Security Mode Parameter Tables Configure a Security Profile with 802.11i Security ModeConfigure a Security Profile with 802.11i-PSK Security Mode CLI Monitoring Parameters 185 Serial Port Parameters Serial Port setup 186 187 Name Type Value Access CLI ParameterSet sysresettodefaults System Parameters 188 DNS Client for Radius Name ResolutionDhcp Server Parameters Name Type Value Access CLI Parameter Network Parameters 189 Dhcp Server table for IP poolsDhcp Relay Group Dhcp Relay Server Table 190 Sntp Parameters Name Type Value Access CLI ParameterLink Integrity IP Target Table 191 Wireless Interface ParametersInterface Parameters Common Parameters to 802.11a/b/g 192 802.11a Only Parameters 193 802.11b Only Parameters802.11b/g Only Parameters Mode For 802.11g-only modeFor 802.11b/g mode For 802.11b-only 195 Wireless Distribution System WDS ParametersWireless Interface SSID/VLAN/Profile Parameters Channel Blacklist Parameters 196 Wireless Distribution System WDS Security Table Parameters 197 Snmp Parameters Name Type Value Access CLI ParameterManagement Parameters 198 199 Http Parameters Name Type Value Access CLI ParameterTelnet Parameters Name Type Value Access CLI Parameter 200 Serial Port Parameters Name Type Value Access CLI ParameterRadius Based Management Access Parameters SSH Parameters 201 IP Access Table ParametersTftp Server Parameters 202 Filtering ParametersEthernet Filtering Table 203 Proxy ARP Parameters Name Type Value Access CLI ParameterTCP/UDP Port Filtering TCP/UDP Port Filtering Table 204 Alarms ParametersSnmp Table Host Table Parameters 205 Syslog ParametersSyslog Host Table 206 Bridge ParametersSpanning Tree Priority and Path Cost Table 207 Storm Threshold TableIntra BSS Subscriber Blocking Packet Forwarding Parameters 208 Radius Server Configuration ParametersRadius Parameters General Radius Parameters Security Parameters MAC Access Control Table 210 Security Profile Table 211 Iapp Parameters Name Type Value Access CLI ParameterVLAN/SSID Parameters Other Parameters 212 Enabling QoS Name Type Value Access CLI ParameterConfiguring QoS Policies Specifying the Mapping between 802.1p and 802.1D Priorities 213 QoS Enhanced Distributed Channel Access Edca Parameters Sample CLI Batch File Auto Configuration and the CLI Batch FileCLI Batch File CLI Batch File Format and Syntax 215 Reboot BehaviorCLI Batch File Error Log Charact Equival Ent 216 Hex Number of Stations per BSS Software FeaturesFeature Supported by AP-4000 Series Radius Based Management Access 217 Security Functions Medium Access Control MAC FunctionsSpecifications AP-4000 Series User Guide Software Features Advanced Bridging Functions 219 Specifications AP-4000 Series User GuideNetwork Functions Hardware Specifications 221 Available ChannelsAP-4000/4000M Channels 222 AP-4900M Channels 4.9 GHz Public Safety ModeAP-4900M Channels AP-4900M Channels a/b/g Modes 223 Software and Documentation Downloads Knowledgebase 224 Online Support International 225 Telephone Support Support Procedures Warranty CoverageRepair or Replacement Limitations of Warranty Other Adapter Cards Ask a Question or Open an IssueOther Information Search Knowledgebase 228 Product Model Numbers 229 Regulatory Compliance AP-4000 Series User Guide 230 Safety Information USA, Canada, & European Union 231 Federal Communications Commission FCC AP-4000/4000M 232 Modifications 233 Industry Canada IC AP-4000/4000M only 234 European Union AP-4000/4000M only 235 Regulatory Compliance Certifications Summary AP-4000/4000MRegulatory Compliance Certifications Summary AP-4900M Country Certification/Reference No