Manuals / Proxim / Computer Equipment / Network Card

Proxim AP-4000 manual VLANs and Security Profiles, Configuring Security Profiles

Models: AP-4000

1 235

Download 235 pages 20.04 Kb

Page 119

Advanced Configuration

AP-4000 Series User Guide

SSID/VLAN/Security

VLANs and Security Profiles

The AP-4000/4000M/4900M allows you to segment wireless networks into multiple sub-networks based on Network Name (SSID) and VLAN membership. A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share an SSID. During installation, the Setup Wizard prompts you to configure a Primary Network Name for each wireless interface.

After initial setup and once VLAN is enabled, the AP can be configured to support up to 16 SSIDs per wireless interface to segment wireless networks based on VLAN membership.

Each VLAN can associated to a Security Profile and RADIUS Server Profiles. A Security Profile defines the allowed wireless clients, and authentication and encryption types. See the following sections for configuration details.

Configuring Security Profiles

Security policies can be configured and applied on the AP as a whole, or on a per VLAN basis. When VLAN is disabled on the AP, the user can configure a security profile for each interface of the AP. When VLANs are enabled and Security per SSID is enabled, the user can configure a security profile for each VLAN.

The user defines a security policy by specifying one or more values for the following parameters:

•Wireless STA types (WPA station, 802.11i (WPA2) station, 802.1x station, WEP station, WPA-PSK, and 802.11i-PSK) that can associate to the AP.

•Authentication mechanisms (802.1x, RADIUS MAC authentication) that are used to authenticate clients for each type of station.

•Cipher Suites (CCMP, TKIP, WEP, None) used for encapsulating the wireless data for each type of station.

Up to 16 security profiles can be configured per wireless interface.

NOTE: Mesh security is configured on the Mesh (AP-4000M/AP-4900M Only) tab.

1.Click Configure > SSID/VLAN/Security > Security Profile.

Figure 4-41 Security Profile Configuration

119

Image 119

Proxim AP-4000 manual VLANs and Security Profiles, Configuring Security Profiles

Contents

ORiNOCO AP-4000 Series Access Points User Guide AP-4000 Series User Guide CopyrightTrademarks OpenSSL License NoteContents Contents AP-4000 Series User Guide System Status 4 Advanced ConfigurationMonitoring CommandsTroubleshooting Recovery Procedures Command Line Interface CLITechnical Support Ascii Character Chart C SpecificationsStatement of Warranty Regulatory Compliance Product Description Products Covered in this User GuideDocument Conventions Introduction AP-4000 Series User Guide Introduction to Wireless NetworkingMesh Network Convergence Mesh Networking AP-4000M/4900M OnlyMesh Startup Topology Example Step Mesh Network Configuration Guidelines for Roaming HTTP/HTTPS Interface Ieee 802.11 SpecificationsCommand Line Interface Management and Monitoring CapabilitiesSNMPv3 Secure Management Snmp ManagementSSH Secure Shell Management Overview AP-4000 Series Hardware DescriptionExternal Antennas AntennasGHz Antenna Installation and Initialization AP-4000 Series User GuideActive Ethernet LED Indicators on the AP-4000/4000M/4900M Top Panel LED IndicatorsGeneral Prerequisites PrerequisitesMesh Prerequisites System Requirements Product PackageCabling the AP-4000/4000M/4900M Hardware InstallationRequired Materials Mounting the AP-4000/4000M/4900M Installing the Security CoverMounting the AP-4900M in a Vehicle Mounting the AP-4000/4000M/4900M to a CeilingOpening the Antenna Compartment Installing External AntennasAttaching Antennas to the AP-4900M for 4.9 GHz Operation Installing the AP in a PlenumPage ScanTool Instructions Using ScanToolInitialization Scan List Select Tools Internet Options Click LAN SettingsLogging 11 Enter Network Password 12 System Status Screen Using the Setup WizardPage Download the Software Installing the SoftwareClick Commands Update AP via Http Install Software with Http InterfaceInstall Software with Tftp Server Click Commands RebootRelated Topics Install Updates from your Tftp Server using the CLISystem Status Advanced Configuration Configure Main Screen Advanced Configuration AP-4000 Series User GuideDynamic DNS Support SystemPage Network IP ConfigurationAdvanced Dhcp ServerDNS Client Comment optional Advanced Configuration AP-4000 Series User Guide NetworkStart IP Address End IP Address Dhcp Relay Agent Dhcp Server IP Address Table Dhcp Relay AgentTarget IP Address Comment optional Link IntegritySntp Simple Network Time Protocol Link Integrity Configuration ScreenSntp Configuration Screen Advanced Configuration AP-4000 Series User Guide Network Interfaces Operational ModeIeee 802.11d Support for Additional Regulatory Domains Advanced Configuration AP-4000 Series User Guide InterfacesSuper Mode and Turbo Mode Configuring TX Power Control Configuring 802.11d SupportTX Power Control/Transmit Power Level 10 Wireless Interface a Wireless-A 802.11a Radio and Wireless-B 802.11b/g RadioAdvanced Configuration AP-4000 Series User Guide Interfaces Dynamic Frequency Selection/Radar Detection DFS/RD RTS/CTS Medium Reservation Wireless Service StatusAffected Countries Channel Blacklist Table Traps Generated During Wireless Service Shutdown and ResumeClick on Configure Interfaces Wireless a or Wireless B 13 WDS Example Bridging WDS WDS Setup Procedure15 Adding WDS Links Ethernet16 Ethernet Sub-tab 17 Mesh Sub-tab AP-4000M/AP-4900M Mesh AP-4000M/AP-4900M Only18 Mesh Sub-tab AP-4000 Mesh Software KitManagement PasswordsSecure Management IP Access TableServices Accessing the AP through the Https interface Advanced Configuration AP-4000 Series User Guide ManagementHttps Access Secure Socket Layer 19 Management Services Configuration Screen SSH Clients SSH Session SetupConfiguring SSH Uploading Externally Generated Host Keys Click Commands Update AP via Http or via TftpRadius Based Management Access Serial Configuration SettingsSet up Automatic Configuration for Static IP Automatic Configuration AutoConfigAuto Configuration and the CLI Batch File Set up Automatic Configuration for Dynamic IP 21 Automatic Configuration Screen22 Dhcp Options Setting the Boot Server Host Name Hardware Configuration Reset ChrdClick Configure Management Chrd Configuration Reset via Serial Port During BootupConfiguring Hardware Configuration Reset Procedure to Reset Configuration via the Serial Interface Select the Filter Operation Type FilteringEthernet Protocol Static MACAdvanced Configuration AP-4000 Series User Guide Filtering Wireless MAC Address 0020A6124E38 Wired MAC Address 0040F41CDB6AWireless MAC Address 00022D5194E4 Wired MAC AddressClick Add under the TCP/UDP Port Filter Table heading AdvancedTCP/UDP Port NumberClick Edit under the TCP/UDP Port Filter Table heading Editing TCP/UDP Port FiltersGroups AlarmsOperational Trap Group Trap Name Description Severity Level Security Trap Group Trap Name Description Severity LevelFlash Memory Trap Group Trap Name Description Severity Level Trap Name Description Severity LevelGeneric Trap Group Trap Name Description Severity Level Tftp Trap Group Trap Name Description Severity LevelImage Trap Group Trap Name Description Severity Level Sntp Trap Group Trap Name Description Severity LevelRFC 1215-Trap Trap Name Description Severity Level Alarm Host TableEvent Priority Description Configuring Syslog Event NotificationsSyslog Syslog Message Name Priority Severity Description Advanced Configuration AP-4000 Series User Guide AlarmsSyslog Messages Advanced Configuration AP-4000 Series User Guide Rogue Scan Multi-Band Scanning Continuous Scanning ModeBackground Scanning Mode Rogue Scan Click Configure Alarms Rogue ScanRogue Scan Data Collection 28 Rogue Scan Screen Spanning Tree BridgeStorm Threshold Advanced Configuration AP-4000 Series User Guide BridgePacket Forwarding Configuring Interfaces for Packet ForwardingIntra BSS Enabling QoS and Adding QoS policies Wireless Multimedia Extensions WME/Quality of Service QoSClick Configure QoS Policy QoS101 Advanced Configuration AP-4000 Series User Guide QoSEnter the Priority Mapping Index 102 Click Configure QoS Priority MappingPriority Mapping 103 Enhanced Distributed Channel Access EdcaSTA Edca Table and AP Edca Table 104 Click Configure QoS Edca105 106 Radius Servers per Authentication Mode and per VlanRadius Profiles 107 Configuring Radius ProfilesRadius Servers Enforcing Vlan Access Control 108 109 37 Add Radius Server ProfileSession Length MAC Access Control Via Radius Authentication802.1x Authentication using Radius Radius Accounting111 Authentication AttributesAccounting Attributes 112 113 SSID/VLAN/SecurityVlan Overview 114 Management Vlan Typical User Vlan ConfigurationsControl Access to the AP Click Configure SSID/VLAN/Security Mgmt VlanSecurity Profile Provide Access to a Wireless Host in the Same WorkgroupDisable Vlan Tagging 117 Authentication ProcessWi-Fi Protected Access WPA/802.11i WPA2 118 Authentication Protocol HierarchyVLANs and Security Profiles Configuring Security ProfilesClick Configure SSID/VLAN/Security Security Profile WPA Station Non Secure StationWEP Station 802.1x Station121 802.11i-PSK Station42 Security Profile Table Add Entries 122 123 MAC AccessWireless-A or Wireless-B 124 Configuring an SSID/VLAN with Vlan Tagging Disabled125 45 SSID/VLAN Edit Entries Screen Vlan Tagging Disabled126 Configuring SSID/VLANs with Vlan Tagging EnabledClick SSID/VLAN/Security Wireless-A or Wireless-B 127 47 SSID/VLAN Edit Entries Screen Vlan Tagging Enabled128 Broadcast Ssid and Closed System129 Monitor Main ScreenMonitoring AP-4000 Series User Guide VersionIcmp Monitoring Tab IP/ARP TableLearn Table Monitoring Tab Learn TableRadius 134 135 Monitoring AP-4000 Series User Guide Interfaces136 137 Station StatisticsMonitoring AP-4000 Series User Guide Station Statistics Mesh Statistics139 Introduction to File Transfer via Tftp or Http140 Image Error Checking During File TransferTftp File Transfer Guidelines Http File Transfer Guidelines141 Update APUpdate AP via Tftp Commands AP-4000 Series User Guide142 Update AP via HttpCommands AP-4000 Series User Guide Update AP 143 Commands AP-4000 Series User Guide Retrieve FileRetrieve File Retrieve File via Tftp144 Retrieve File via HttpRetrieve File via Http Command Screen Commands AP-4000 Series User Guide Reboot RebootReset Help Link 13 Help Link Configuration Screen 147AP Unit Will Not Boot No LED Activity Troubleshooting ConceptsSymptoms and Solutions Connectivity IssuesBasic Software Setup and Configuration Problems Client Connection Problems Active Ethernet AE Vlan Operation IssuesForced Reload Procedure Recovery ProceduresReset to Factory Default Procedure 153 Download a New Image Using ScanToolDownload Procedure Preparing to Download the AP Image154 Download a New Image Using the Bootloader CLIAttaching the Serial Port Cable Setting IP Address using Serial PortInitializing the IP Address using CLI Hardware and Software Requirements156 Radius Authentication ServerRelated Applications 157 Tftp ServerImportant Terminology General NotesPrerequisite Skills and Knowledge Notation ConventionsKey Combination Operation CLI Error MessagesError Message Description Navigation and Special Keys160 Command Line Interface CLI VariationsBootloader CLI Command Line Interface CLI AP-4000 Series User GuideExample 1. Display Command list CLI Command TypesOperational CLI Commands Example 3a. Display every parameter that can be changed Example 2. Display specific CommandsExample 3. Display parameters for set and show Download Example 3b. Display parameters based on letter sequenceExample 4. Display Prompts for Successive Parameters Done, exit, quit164 HelpHistory Passwd165 Parameter Control CommandsShow CLI Command SearchExamples Set CLI CommandConfiguring Objects that Require Reboot Set and show Command ExamplesExample 3 Modify a table entry or row Example 1 Set the Access Point IP Address ParameterExample 4 Enable, Disable, or Delete a table entry or row Example 2 Create a table entry or row168 Example 5 Show the Group ParametersExample 6 Show Individual and Table Parameters 169 Using Tables and StringsUsing Strings Working with TablesLog into the AP using Telnet Configuring the AP using CLI commandsSet Basic Configuration Parameters using CLI Commands Log into the AP using HyperTerminal171 Change PasswordsSet Network Names for the Wireless Interface Set System Name, Location and Contact Information172 Country Code173 Configure SSIDs Network Names, VLANs, and Profiles174 Download an AP Configuration File from your Tftp ServerBackup your AP Configuration File Set up Auto ConfigurationConfigure the DNS Client Other Network SettingsConfigure the AP as a Dhcp Server Autochannel Select ACS Operational ModeEnable/Disable Turbo Mode 802.11a/g only Enable/Disable Closed SystemShutdown/Resume Wireless Service Enable/Disable Super Mode 802.11a/g onlySet the Distance Between APs Edit Management IP Access TableConfigure Management Ports Set Communication Ports Configure Secure Socket Layer HttpsSet Telnet Session Timeouts Configure Serial Port InterfaceAdd an Entry to the MAC Access Control Table Create/Enable WDSEnable/Disable WDS Setup MAC Address Access Control181 Configure Radius Authentication serversSet Radius Parameters 182 Set Hardware Configuration Reset ParametersConfigure a Security Profile with WEP Security Mode Enable Vlan ManagementDisable Vlan Management Configure a Security Profile with Non Secure Security ModeParameter Tables Configure a Security Profile with 802.11i Security ModeConfigure a Security Profile with 802.11i-PSK Security Mode CLI Monitoring Parameters185 Serial Port Parameters Serial Port setup186 187 Name Type Value Access CLI ParameterSet sysresettodefaults System Parameters188 DNS Client for Radius Name ResolutionDhcp Server Parameters Name Type Value Access CLI Parameter Network Parameters189 Dhcp Server table for IP poolsDhcp Relay Group Dhcp Relay Server Table190 Sntp Parameters Name Type Value Access CLI ParameterLink Integrity IP Target Table 191 Wireless Interface ParametersInterface Parameters Common Parameters to 802.11a/b/g192 802.11a Only Parameters193 802.11b Only Parameters802.11b/g Only Parameters Mode For 802.11g-only modeFor 802.11b/g mode For 802.11b-only195 Wireless Distribution System WDS ParametersWireless Interface SSID/VLAN/Profile Parameters Channel Blacklist Parameters196 Wireless Distribution System WDS Security Table Parameters197 Snmp Parameters Name Type Value Access CLI ParameterManagement Parameters 198 199 Http Parameters Name Type Value Access CLI ParameterTelnet Parameters Name Type Value Access CLI Parameter 200 Serial Port Parameters Name Type Value Access CLI ParameterRadius Based Management Access Parameters SSH Parameters201 IP Access Table ParametersTftp Server Parameters 202 Filtering ParametersEthernet Filtering Table 203 Proxy ARP Parameters Name Type Value Access CLI ParameterTCP/UDP Port Filtering TCP/UDP Port Filtering Table204 Alarms ParametersSnmp Table Host Table Parameters 205 Syslog ParametersSyslog Host Table 206 Bridge ParametersSpanning Tree Priority and Path Cost Table 207 Storm Threshold TableIntra BSS Subscriber Blocking Packet Forwarding Parameters208 Radius Server Configuration ParametersRadius Parameters General Radius ParametersSecurity Parameters MAC Access Control Table210 Security Profile Table211 Iapp Parameters Name Type Value Access CLI ParameterVLAN/SSID Parameters Other Parameters212 Enabling QoS Name Type Value Access CLI ParameterConfiguring QoS Policies Specifying the Mapping between 802.1p and 802.1D Priorities213 QoS Enhanced Distributed Channel Access Edca ParametersSample CLI Batch File Auto Configuration and the CLI Batch FileCLI Batch File CLI Batch File Format and Syntax215 Reboot BehaviorCLI Batch File Error Log Charact Equival Ent 216 HexNumber of Stations per BSS Software FeaturesFeature Supported by AP-4000 Series Radius Based Management Access 217Security Functions Medium Access Control MAC FunctionsSpecifications AP-4000 Series User Guide Software Features Advanced Bridging Functions219 Specifications AP-4000 Series User GuideNetwork Functions Hardware Specifications 221 Available ChannelsAP-4000/4000M Channels 222 AP-4900M Channels 4.9 GHz Public Safety ModeAP-4900M Channels AP-4900M Channels a/b/g Modes223 Software and Documentation Downloads Knowledgebase 224 Online SupportInternational 225 Telephone SupportSupport Procedures Warranty CoverageRepair or Replacement Limitations of WarrantyOther Adapter Cards Ask a Question or Open an IssueOther Information Search Knowledgebase228 Product Model Numbers229 Regulatory Compliance AP-4000 Series User Guide230 Safety Information USA, Canada, & European Union231 Federal Communications Commission FCC AP-4000/4000M232 Modifications233 Industry Canada IC AP-4000/4000M only234 European Union AP-4000/4000M only235 Regulatory Compliance Certifications Summary AP-4000/4000MRegulatory Compliance Certifications Summary AP-4900M Country Certification/Reference No