AirTight SS-300-AT-C-60, Installation Manual

Page: 15 / 29

SS ‐ 300 ‐ AT ‐ C ‐ 60 Installation Guide
Chapter 4 Installing SS ‐ 300 ‐ AT ‐ C60
When the SS ‐ 300 ‐ AT ‐ C ‐ 60 functions as a WIPS sensor, it monitors your network and communicates with the Server to guard
your corporate network against over ‐ the ‐ air attacks.
When the SS ‐ 300 ‐ AT ‐ C ‐ 60 functions as an access point(AP), clients can connect to your corporate network in wireless mode
through the APs.
The SS ‐ 300 ‐ AT ‐ C ‐ 60 must be plugged to your corporate network to perform the above operations.
As a WIPS sensor, SS ‐ 300 ‐ AT ‐ C ‐ 60 can be configured in one of the following two modes:
•
Sensor Mode: This is the default mode. In this mode, the Sensor should be connected into a trunk port (802.1Q
capable) on a switch. It then monitors multiple VLANs that are configured on that trunk port and are chosen by the
user using the ND CLI. The wireless interface of the Sensor is enabled. Similarly, a SS ‐ 300 ‐ AT ‐ C ‐ 60 can monitor up to
16 VLANs.
•
Network Detector (ND) Mode: This mode needs to be explicitly configured. In this mode, the ND should be
connected into a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on
that trunk port and are chosen by the user using the ND CLI. The wireless interface of the ND is disabled. A SS ‐ 300 ‐
AT ‐ C ‐ 60 can monitor upto 100 VLANs.
Important: To prevent abuse and intrusion by Non ‐ authorized personnel, it is extremely important to install the Sensor such that it is
difficult to unplug the device from the network or from the power outlet.
4.1 Zero Configuration of SS ‐ 300 ‐ AT ‐ C ‐ 60 as Sensor
Zero configuration is supported if the following conditions are satisfied:
•
The device is in ‘Sensor’ mode.
•
A DNS entry ‘wifi ‐ security ‐ server’ is set up on all DNS Servers. This entry should point to the IP address of the Server.
By default, the device looks for the Server DNS entry ‘wifi ‐ security ‐ server’.
Sensor is placed on a subnet that is DHCP enabled.
Important: If a Sensor is placed on a network segment that is separated from the Server by a firewall, you must first open port 3851 for
User Datagram Protocol (UDP) and Transport Control Protocol (TCP) bidirectional traffic on that firewall. This port number is assigned
to AirTight ® Networks. If multiple Sensors are set up to connect to multiple Servers, zero configuration is not possible. In this case manual
configuration of Sensors is needed. Refer to Manually Configuring the Sensor for details.
The steps to install the Sensor with no configuration (zero configuration) are as follows.
•
Mount the Sensor
•
Power up the Sensor
•
Connect the Sensor to the network
4.2 Connecting SS ‐ 300 ‐ AT ‐ C ‐ 60
This involves mounting the Sensor/AP Combo, powering it up, and connecting it to the network.
4.2.1 Mount SS ‐ 300 ‐ AT ‐ C ‐ 60
Take a configured SS ‐ 300 ‐ AT ‐ C ‐ 60, that is, make sure that the device is given a static IP or the settings have been changed for
DHCP. Note the MAC address and the IP address of the device in a safe place before it is installed in a hard ‐ to ‐ reach location.
The MAC address of the device is printed on a label at the bottom of the product.
Recommended : You should label the devices using MAC addresses or at least your own convention. For example, use serial numbers, so
that you can easily identify the devices.
4.2.1.1
Ceiling Mounting
Use the mounting bracket to install the SS ‐ 300 ‐ AT ‐ C ‐ 60 on the ceiling.
To mount the device: