Detailed instructions for use are in the User's Guide.
[. . . ] .
ELITECONNECT WLAN SECURITY SYSTEM
Full authentication support--supports RADIUS, LDAP, 802. 1x, Kerberos, Windows NT/2000 domain and built-in database. VPN support allows secure wireless communications to and from wireless clients. Rights-based network access increases network security by providing network administrators full control on users' access to a network, based on user identification, location, and time. Web-based configuration is easy-to-use, convenient and provides simple configuration management. [. . . ] Connecting the WLAN Secure Server Through the Uplink Port
SMC EliteConnect WLAN Security System Installation Manual
3-17
Step 16.
Verify that you can access the web administration interface from a browser running on a computer system connected to your network through either the fully-qualified hostname:
https://<fully-qualified hostname>
or, if you choose not to assign a hostname, through the IP address:
https://<IP address>
You will be prompted for the Username and Password (Figure 3-2).
Step 17. Step 18.
For both the login ID and password, enter admin, and click Login. Complete the configuration of the following items according to instructions in the User Manual--syslog, time and date, SNMP, and location information. Complete the installation as described in Section 3. 5, "Completing the Installation. "
Step 19.
3-18
WLAN Secure Server Network Installation
WLAN Security System
3. 5
Completing the Installation
After configuring the WLAN Secure Server, you must complete the installation by connecting one or more wireless access points to the WLAN Secure Server ports using crossover 10Base-T/100Base-TX Ethernet cables. Note that the ports on the WLAN Secure Server are labeled 1 to 4, reading from left to right (Figure 3-16).
Figure 3-16. Port Labeling on WLAN Secure Server
The table shows for each LED state (On, Off, or Blinking), the meaning for the Left LED, the Right LED, and the Cluster LED corresponding to that port.
SMC EliteConnect WLAN Security System Installation Manual
3-19
3-20
WLAN Secure Server Network Installation
WLAN ACCESS MANAGER NETWORK INSTALLATION
4
This chapter describes the network installation of your WLAN Access Manager on an existing network to allow interoperability and proper network security between all equipment. It consists of the following sections: 4. 1 4. 2 4. 3 4. 4 4. 5 Getting Started . 4-16
4-1
4. 1
Getting Started
The network installation procedures in this chapter are performed after the hardware has been installed, as described in Chapter 2, Hardware Installation. The network installation procedures described in this chapter make an SMC WLAN Access Manager usable on a network. Configuration, or the process of customizing the function of a SMC system to a particular end-user environment, is not described in the manual. Configuration, performed after network installation is completed, is described in another manual, entitled EliteConnect WLAN Security System User Manual.
4. 1. 1
Information Required
Note:
The information you gather here is required during configuration and is a reminder to find it while installing your SMC product--before beginning the network installation.
To perform network installation on a WLAN Access Manager, the following information is required: IP address Subnet Mask (netmask) Gateway IP address Primary and Secondary DNS IP addresses Hostname (optional) Secure Server IP Address Secure Server Shared Secret
Note: Note:
A hostname is optional for WLAN Access Managers. Each WLAN Access Manager needs to know the IP address of its WLAN Secure Server and the shared secret that it uses to prove to the WLAN Secure Server that it is in fact a trusted WLAN Access Manager. A Secure Server that controls one or more Access Managers requires entry of that same shared secret.
4-2
WLAN Access Manager Network Installation
WLAN Security System
Table 4-1 summarizes the information required.
Table 4-1 Information Required for WLAN Access Manager Installation
Parameter IP address Subnet Mask Gateway IP address Primary and Secondary DNS IP addresses Hostname (fully qualified) Secure Server IP Address Secure Server Shared Secret
Form XXX. XXX. XXX. XXX XXX. XXX. XXX. XXX XXX. XXX. XXX. XXX XXX. XXX. XXX. XXX Alphanumeric XXX. XXX. XXX. XXX Alphanumeric
Example 123. 234. 124. 1 255. 255. 255. 0 123. 0. 0. 1 28. 23. 45. 19 and 28. 23. 45. 20 Pythagoras. company. com 192. 168. 2. 100 ness10ch
4. 1. 2
Access Manager Installation Alternatives
SMC WLAN Access Managers and WLAN Secure Servers all ship with DHCP client enabled by default to obtain an IP address (and other information) from a Dynamic Host Configuration Protocol (DHCP) server. This means that a WLAN Access Manager, or Secure Server will attempt to use DHCP to acquire their IP address, Subnet Mask, Gateway IP address, DNS IP addresses, and Hostname by default. You must first decide if you want to use DHCP or if you prefer to enter the information manually. A WLAN Secure Server that controls at least one Access Manager requires a stable IP address so that any Access Managers under control can readily identify and communicate with the server. You can either arrange for DHCP to always assign the same IP address to a WLAN Secure Server, or you can manually enter a static IP address. The Access Manager function of a WLAN Secure Server need not be separately configured; it shares the WLAN Secure Server Configuration. You can perform the network installation of the WLAN Access Manager in one of three ways--by DHCP, using the Command Line Interface (CLI) through the serial console port, or using a web browser and the administrative user interface. Your personal experience with similar networking equipment will define your preference. Caution: It is not safe to broadcast the shared secret over your network if there is any chance at all of an unauthorized person sniffing the shared secret. Only use this method if you are absolutely sure you have a secure network and a trustworthy user community.
SMC EliteConnect WLAN Security System Installation Manual
4-3
4. 2
Installation Using DHCP
If you choose to install the WLAN Access Manager using DHCP, you must be familiar with the configuration of your DHCP server. [. . . ] Some administrators will prefer to configure the Access Manager with a static IP address. A static IP address requires that you configure using the CLI.
Note:
Instructions are provided here for two DHCP servers--the ISC DHCP Package, Version 3. X and the Microsoft Windows 2000 DHCP Server.
B. 2
ISC DHCP Package, Version 3. X
Step 1.
If you are using version 3. 0 or higher of the ISC DHCP server, you may add the following in the file dhcpd. conf:
# Here are the SMC Networks specific options. A user must edit # the values of cs-address and shared secret to set up a # SMC Networks AM
option space SMC Networks; option SMC Networks. cs-address code 2 = <control server IP address here>; option SMC Networks. shared-secret code 3 = "<shared secret here>";
class "vendor-classes" { match option vendor-class-identifier;
B-2
Configuring a DHCP Server
WLAN Security System
}
if substring(option vendor-class-identifier, 0, 7) = "SMC Networks" { vendor-option-space SMC Networks; }
Step 2.
Save the dhcpd. conf file and restart the DHCP server as required.
B. 3
Using Microsoft Windows 2000 DHCP Server
A Microsoft DHCP server using the Windows 2000TM Server operating system is capable of specifying vendor-specific options. The basic method is to create a SMC Networks scope and then create vendor-specific options for this scope. [. . . ]