manualshive.com logo in svg

ICC Link Series, Web User Manual

Share
Download
ICC Link Series Web User Manual Download Page 54

47

Wireless Web Interface User’s Manual

• 

Rogue Detected Trap Interval (seconds) – default value is 300s.

• 

AP De-Authentication Attack – enables or disables the rogue AP mitigation function.

• 

AP De-Authentication Attack Lifetime (seconds) – configures the AP de-authentication attack lifetime; default value is 600s

11.2 WIDS client configuration

Click 

WLAN Configuration->

WIDS Security->WIDS Client Configuration

 to configure. This enables the WIDS client detection and 

configures the items’ parameters.

• 

Authentication with Unknown AP Test – enables or disables the detection of lawful client associating with an unknown AP.

• 

Not Present in OUI Database Test – enables or disables the OUI detection.

• 

OUI Database Mode – Identifies OUI database mode.

• 

Not Present in Known Client Database Test – enables or disables the detection of a known client.

• 

Known Client Database Lookup Method – configures the method of the known client database lookup; it includes two methods: 
local and radius.

• 

Known Client Database Radius Server name – configures the method of the known client database server name.

• 

Configured Probe Requests Rate Test – enables or disables the probe requests frame flood attacks detection.

• 

Configured Association Rate Test – enables or disables the association requests frame flood attacks detection.

• 

Configured Disassociation Rate Test – enables or disables the disassociation requests frame flood attacks detection.

• 

Configured Authentication Rate Test – enables or disables authentication requests frame flood attacks detection.

Summary of Contents for Link Series

Page 1: ...Access Control System Web User Guide Link1000ACS Link2000ACS Link Series Access Control System Web User Guide Link1000ACS Link2000ACS www intcomcorp com 2017 All rights reserved International Communic...

Page 2: ...between different parts of their networks The examples used in this manual applies to both products ICC Networking s industry leading flexible unified Access Control System ACS platform with enhanced...

Page 3: ...cts Contact information Phone 951 934 0531 E mail support intcomcorp com sales intcomcorp com ICONS This is the Link Series ACS Wireless Web Interface User s Manual It contains instructions to con gur...

Page 4: ...nitions Table 0 2 Safety precautions Icon Description Before working on this equipment be aware of good safety practices and the hazards involved with electrical circuits To reduce risk of re hazard a...

Page 5: ...n mode 16 4 4 AP validation method 16 4 5 Radius authentication server 17 4 6 Radius accounting mode 17 4 7 Radius accounting server 17 4 8 Client QoS global mode 17 4 9 Country code 18 4 10 Peer grou...

Page 6: ...rce con guration 52 12 5 MAC portal con guration 53 12 6 Portal instance con guration 54 Chapter 13 Con guration push 56 13 1 Con guration push 56 13 2 Con guration push option 56 Chapter 14 AP image...

Page 7: ...SNMP Authentication 95 21 2 2 SNMP management 99 21 2 3 Community managers 99 21 2 4 Con gure SNMP manager security IP 100 21 2 5 SNMP Statistics 101 21 3 SSH management 101 21 3 1 Switch on off SSH 1...

Page 8: ...Web browser IE 8 9 10 11 Google Chrome Firefox Safari 1 1 2 The Link2000ACS management through Web To con gure the Link2000ACS locally the PC s and the Link2000ACS s IP addresses should be con gured...

Page 9: ...Click View network status and tasks and then click Local Area Connection The Local Area Connection Status dialog box will appear as shown in Figure 1 2 Figure 1 2 Local area connection status Click P...

Page 10: ...operties Step 3 Use PING command to ensure the connection status between the PC and the Link2000ACS Click Start and then type CMD in the text box Press ENTER to generate the Command Prompt window Type...

Page 11: ...able the proxy server 1 In Internet Explorer select Tools and then select Internet Options to open the Internet Options window 2 Select Connections in the Internet Options window and then click LAN Se...

Page 12: ...ame is admin and the password is admin click Login or press ENTER to open the Web Con guration page The figure is shown as follows 1 2 2 Web interface introduction Upon logging in the dashboard will a...

Page 13: ...o retain the running configuration This saved configuration will be used by the Link2000ACS after a reboot Logout Click Logout to exit the current configuration session Users can check the connected c...

Page 14: ...NMP Authentication SNMP Management Community Managers Con gure SNMP Manager Security IP SNMP Statistics SSH Management Switch on off SSH SSH Management Firmware Update TFTP Service FTP Service Telnet...

Page 15: ...ge solution To properly access the advanced configuration options for a particular feature the feature must first be enabled by following the configuration steps for that feature as described in this...

Page 16: ...ws The information in the gure is as follows Name the name of the Link2000ACS is Link2000ACS IP Address the wireless address of the Link2000ACS is 192 168 1 1 MAC Address the MAC address of the Link20...

Page 17: ...at the AP belongs to Software Version version of AP Status AP s current management status Con guration Status AP s current con guration status Age AP keep alive age will only increment on AP failure C...

Page 18: ...on is submitted to the Link2000ACS Note Fast Con guration is a simple way to perform initial con gurations on the Link2000ACS However using the Fast Con guration option will overwrite all previous con...

Page 19: ...ion will be lost 3 3 Network con guration Network Con guration con gures the network used by AP The network con guration can con gure SSID and security settings for Network1 which are applied to the V...

Page 20: ...con guration as WLAN Con guration Network Con g detailed in Chapter 5 Networks Select WEP IEEE802 1x to con gure it Example Type the Radius Group Name as radius Type the Authentication Host Address an...

Page 21: ...hoose the WPA Enterprise button to enter into the con guration Example Type the Radius as radius Type the Authentication Host Address and Accounting Host Address as 192 168 1 100 Enter the Radius Serv...

Page 22: ...all WLAN functions on the Link2000ACS will be disabled and WLAN service will be stopped Note Default setting is WLAN disable Fast Configuration will automatically update to WLAN enabled 4 2 Auto IP a...

Page 23: ...an join the cluster when the Link2000ACS or the AP automatically connects MAC sets the MAC address authentication mode The AP database needs to be set manually and then the AP can join the Link2000ACS...

Page 24: ...radius 4 6 Radius accounting mode Select the Radius Accounting Mode check box to enable the Radius accounting function 4 7 Radius accounting server Con gure the Radius Accounting Server by typing RAD...

Page 25: ...reate a WLAN cluster and transmit information to each other The Link2000ACSs with different group IDs cannot communicate with each other The default peer group ID is 1 and the range is from 1 to 255 4...

Page 26: ...ion Networks and choose a network For example modify the SSID of network 8 as wlan 5 2 Con gure authentication mode The network includes multiple authentication modes 5 2 1 Open authentication mode No...

Page 27: ...ype as ASCII and the Length as 64 Type the WEP Key as 12345 The figure is as follows 5 2 3 WEP 802 1x WEP 802 1x sets the configuration as security mode wep dot1x This authentication mode needs the ra...

Page 28: ...mode wpa enterprise It authenticates and accounts through the Radius server The cipher and WPA version in WPA enterprise are the same as in the cipher and WPA version in WPA personal However WPA ente...

Page 29: ...ied Binding in this instance means tying a VLAN ID to a particular IP network This VLAN ID is the data VLAN that the client uses 5 4 MAC authentication Click MAC Authentication Mode to enable MAC auth...

Page 30: ...ient QoS controls the client s rate and access through the network con guration There are three forms 1 Client QoS bandwidth limit up and down 2 Client QoS access control up and down 3 Client QoS Diff...

Page 31: ...roup Management page The user can con gure each of the AP group items and submit them to the Link2000ACS 6 1 Add modify delete AP group The New and Modify links and the Delete button can con gure the...

Page 32: ...is the default value which means that there is no corresponding AP Details of load balance template creation can be found in Chapter 14 In this example the load balance template is bound to Group2 6...

Page 33: ...to be con gured can be selected here Switching the radio will cause any unsaved changes to be lost Submit changes before switching the radio Example Select the Enable check box and then select the Rad...

Page 34: ...n select the network name Click Edit to con gure the network detailed in Chapter 5 Networks Click OK VAP Abbreviation for Virtual Access Point VAPs segment the wireless LAN into multiple broadcast dom...

Page 35: ...rs are con gured as the default value Click OK Template The user can select Custom Factory Default or Voice EDCA parameters can only be configured when Custom is selected AP EDCA Parameters The user c...

Page 36: ...elect Enable for the TSPEC Mode Select Enable for the Voice ACM Mode and Video ACM Mode Type the limit and timeout as the default values and click OK 6 2 Copy AP group Copying allows users to quickly...

Page 37: ...con guration will be the same as AP group 2 6 3 Apply AP group Click Apply to the right of the AP group to send the con guration to the APs After con guring the AP group click OK Configurations will...

Page 38: ...unting and authentication servers select the Radius Authentication Status check box to enable the Radius function This corresponds to the aaa enable command Select the Radius Accounting Status check b...

Page 39: ...Server Port is 1812 To delete the server select it and then click Delete Prior to deleting the last authentication server the Radius Authentication Server must be disabled Click Submit to save the co...

Page 40: ...ple Con gure two Radius groups of wlan1 and wlan2 Type the group names in the Radius Group Name text box and then click Add 7 1 5 Radius con guration Radius Con guration will bind the Radius server ad...

Page 41: ...r attribute on the LDAP server User Object Type type of the LDAP server Authentication Mode simple and anonymous authentication simple authentication requires user name and password User Name the appo...

Page 42: ...35 Wireless Web Interface User s Manual After con guring select Modify to modify the con gured LDAP server The user can also delete the con gured LDAP server by clicking Delete...

Page 43: ...will be disabled 8 1 2 Add IP of L3 IP discovery Type the IP address in the Destination IP Address box and then click Add to add it into the discovery list 8 1 3 Delete IP address from L3 IP discover...

Page 44: ...VLAN of L2 VLAN discovery Type the VLAN in the VLAN text box and then click Add to add it into the discovery list 8 2 3 Delete VLAN from L2 VLAN discovery list Select the VLAN that needs to be delete...

Page 45: ...e certi cate needed to authenticate will be transmitted in the cluster automatically which will allow provisioning to begin Example Click Modify and type the new Primary IP Address and the new Backup...

Page 46: ...ve the certi cate transit among the Link2000ACSs Example 1 Select AC Provisioning and click Submit to enable this function 2 Type 192 168 100 1 the IP address of the Link2000ACS to be added to the clu...

Page 47: ...e cluster by issuing the X 509 certi cate Example 1 Select the Mutual Authentication Mode check box and then click Submit to enable this mode Click Refresh to view the status of the last network mutua...

Page 48: ...the one central location or Network Operations Center and communicate with icXchange access points in remote locations The icXchange solution essentially virtualizes the Internet cloud as a direct li...

Page 49: ...ss point NAT configuration Configure the icXchange Access Point in Fit mode by selecting Advanced Configuration AP Mode and choosing Mode Fit Under Configure Managed AP Administrative Mode enter the g...

Page 50: ...S s default controller IP address it is not necessary to perform the port opening configuration There is no NAT firewall gateway and or Virtual Server present between the Link2000ACS and the Internet...

Page 51: ...c route configuration Example In this example the next hop IP address 192 168 1 2 is used based on the controller IP address of 192 168 1 1 Type 0 0 0 0 in the Destination IP address field 0 0 0 0 in...

Page 52: ...WIDS Security to open the WIDS Security page which includes three modules WIDS AP Configuration WIDS Client Configuration and Known Client Every module occupies one rectangular box and they can be use...

Page 53: ...e AP with unexpected con guration Unmanaged AP detected on wired network enables or disables detection of unmanaged AP accessing the wired network Wired Network Detection interval seconds con gures th...

Page 54: ...sables the OUI detection OUI Database Mode Identifies OUI database mode Not Present in Known Client Database Test enables or disables the detection of a known client Known Client Database Lookup Metho...

Page 55: ...namic blacklist function Dynamic Blacklist Life time identifies the length of time for the dynamic blacklist Client Threat Mitigation enables or disables the known client protection function 11 3 Know...

Page 56: ...he client will be granted or denied authentication regardless of black list or white list mode Only when the action is con gured as Global Action will the MAC authentication mode be effective It will...

Page 57: ...aptive Portal Con guration page The parameters of portal access authentication can be con gured 12 1 Global con guration Select the Enable check box to enable the captive portal function globally Clea...

Page 58: ...Key Server Name the name of the appointed portal server IP Address the portal server s IP address Port the port that is monitored when the portal server receives the packet must be con gured accordin...

Page 59: ...ws a speci c client to access the speci c network resource without portal authentication Free Resource ID free resource rule number ranges from 1 to 32 Source IP Mask Length source IP address eld in t...

Page 60: ...is used for special users in the network The administrator can con gure some users to let them connect to the network without portal authentiction Only the MAC authentication is needed to access all...

Page 61: ...ng Server Group Name appoints the Radius accounting server to be used Radius Accounting Update Interval secs con gures the updating interval of the Radius accounting IPv4 Portal Server appoints the IP...

Page 62: ...ault value is 0 which means that there is no byte limit Listen Packet Port con gures the port that is listened to when portal server receives the packet Example 1 Click Add and type the Instance ID an...

Page 63: ...IP address of the Link2000ACSs in the cluster One Link2000ACS can be selected to run the Con guration Push clicking All Push can update all ACs in the current cluster IP Address is for the peer switch...

Page 64: ...57 Wireless Web Interface User s Manual After opening the Con guration Push Option select Enable or Disable for each option Click Submit and the con guration will be saved...

Page 65: ...n guration the controller loads an AP firmware version file directly to single or multiple APs to perform firmware updates 1 Click The Table for AP Hardware Type Supported by Image Type link to determ...

Page 66: ...ick Add to start the AP image URL Configuration The following page will generate Select an image type from the AP Image Type drop down list From the Server Type drop down list select FTP or TFTP The f...

Page 67: ...s configuration The following figure shows the TFTP con guration Con gure the Server Address and File Name If the le is in the server root directory it cannot be typed If it is not in the root directo...

Page 68: ...e drop down list includes none 1 5 and all images Image type will default to all images by clicking the Submit button none will upgrade only one AP all images will upgrade all types of images other op...

Page 69: ...62 Wireless Web Interface User s Manual When the upgrade is complete the following window will appear...

Page 70: ...revious figure Session mode displays the allowed client association based on the number of associated users Traffic mode displays the allowed client association based on the maximum bandwidth utilizat...

Page 71: ...bound to the load balance and then click Modify Scroll down to Load Balance Template and select the template ID created previously from the drop down list Click Save to save the modi cation After modi...

Page 72: ...r to con gure the Centralized L2 Tunnel Con guration 16 1 Centralized L2 tunnel con guration 16 1 1 VLAN con g Add the data VLAN into the centralized tunnel through VLAN Con g to achieve the centraliz...

Page 73: ...st first exist in the centralized VLAN and then it can be created and added From the Station Isolation VLAN drop down list select Add Remove or Delete All Add the VLAN must have been in the centralize...

Page 74: ...MM DD 17 1 Network time limit con guration Select the Network ID from the drop down list to con gure the time limit policy under the network to be accessed and con gure the Start Time and End Time of...

Page 75: ...access in this time When con guring the UTC policy the user can select Up or Down for the radio status allowing the radio to be enabled or disabled Example Con gure radio 21 under pro le 1 to disable...

Page 76: ...r OUI 18 1 Add OUI Click WLAN Con guration WLAN Advanced Con guration OUI to type the OUI Value its format is xx xx xx Type the OUI Description and then click Add 18 2 Delete OUI Click WLAN Con gurati...

Page 77: ...e Management SNMP Con guration SNMP Management page select Open for the SNMP Agent state and then click Apply to enable the SNMP management on off 19 1 1 Wireless global traps On the SNMP Trap Con gur...

Page 78: ...e drop down menu to enable disable the wireless syslog After con guring click Submit to save the con guration Users can view the con gured wireless syslog on the syslog server 19 2 2 Captive portal sy...

Page 79: ...ce User s Manual Chapter 20 Monitor Click Monitor to view and monitor the AC AP Wireless Client and RF Scan 20 1 AC Click Monitor Link2000ACS to open the Link2000ACS Monitor page to monitor the cluste...

Page 80: ...ick Monitor Link2000ACS to open the Link2000ACS Monitor page to view the cluster information including the Link2000ACS Operational Status Cluster Controller Basic Information Global Statistics Distrib...

Page 81: ...luster Controller displays Yes or No Yes indicates that the local Link2000ACS is the cluster controller No indicates that it is not the cluster controller Cluster Controller IP Address the wireless ad...

Page 82: ...00ACS is shown as follows 20 1 1 5 Distributed tunnel statistics The Distributed Tunnel Statistics of the local Link2000ACS is shown as follows 20 1 1 6 TSPEC status The TSPEC Status of the Link2000AC...

Page 83: ...stics Use the drop down box to access clustered ACs Infomation includes basic AC information AC statistics TSPEC status and TSPEC statistics It can monitor the Link2000ACS status 20 1 2 1 AC selection...

Page 84: ...AP Connection Failed AP Maximum Managed AP Total Clients Cluster Priority AP Image Download Mode WLAN Utilization etc as shown in the following figure 20 1 2 3 AC statistics AC Statistics are shown a...

Page 85: ...user can delete the failed managed AP 20 2 1 Basic AP information Basic AP Information includes MAC Address Peer Managed Location IP Address AP Group Software Version Status Con guration Status and A...

Page 86: ...the AP Detail page 20 2 2 1 Managed AP status From the Managed AP MAC Address list select the MAC address and view the corresponding AP status detail The Managed AP Status includes IP Address Managing...

Page 87: ...annel Indicator Fixed Power Indicator Manual Channel Adjustment Status Manual Power Adjustment Status WLAN Utilization Total Neighbors TSPEC Status etc Select either 1 off for Radio 1 or 2 802 11a n f...

Page 88: ...cted AP MAC SSID SSID of AP network RSSI received signal strength indication of AP Status includes Managed Standalone fat AP Unknown and Rogue Age how long in terms of days hours minutes and seconds t...

Page 89: ...iation AP terminal 20 2 3 Failure AP list The Failure AP List shows the failed authentication AP details If the Link2000ACS is the cluster controller the failed authentication AP information of the ot...

Page 90: ...MAC address with asterisk is the address of the associated client on the peer switch Detected IP Address the IP address of the client NETBIOS Name the name of the client under the NETBIOS protocol SSI...

Page 91: ...isassociated click Disassociate and then click Refresh This client will be disassociated Note The disassociated client may become associated again automatically 20 3 2 Associated client detail Click V...

Page 92: ...P associated with itself but did not scan the other AP 20 3 3 Detected client list The Detected Client List includes the client associated with AP and the scanned client The detected client list is as...

Page 93: ...status Select the client in the MAC Address drop down list to view Detected Client Status If this client is rogue click Acknowledge to clear this client 20 3 4 2 WIDS client s rogue classi cation For...

Page 94: ...story If the detected client has the authentication history it displays the information as follows 20 3 4 4 Detected client s triangulation The client s approximate location can be detected by the acc...

Page 95: ...cally to the associated AC MAC Address the MAC address of the scanned AP SSID the network SSID sent by the scanned AP Physical Mode the detected radio mode of the scanned AP Channel the detecte channe...

Page 96: ...1n Mode the current transmission mode of the AP Initial Status the status when the access point was initially detected Beacon Interval the current beacon interval assigned in the AP configuration Tran...

Page 97: ...4 2 3 WIDS AP rogue classi cation The scanned AP can determine if the AP is rogue AP through WIDS The Rogue Classi cation is as follows If the scanned AP con rms any of the items it will determine tha...

Page 98: ...aving the current configuration 21 1 1 Login user con guration Click Management Switch basic con guration Login user con guration to add or delete the user information Example Con gure a user with a N...

Page 99: ...authentication server for authentication There is no need to authenticate in console method as default the Authentication methods of VTY and Web are Local authentication by default Example Con gure a...

Page 100: ...ng from a security IP address can log in to the switch for con guration Up to 32 security IP addresses can be configured Example Type 192 168 1 21 as the Security IP address and click Apply to complet...

Page 101: ...on guration Example Type the Switch Name as Switch and click Apply to configure a switch name Operation Configuration or Default 21 1 5 Save current running con guration Click Management Switch Basic...

Page 102: ...start the switch to factory default 21 2 SNMP con guration Click Management SNMP Con guration to con gure the SNMP function Note Prior to configuration SNMP must be enabled Con gure the SNMP managemen...

Page 103: ...password of the current user range is from 8 to 32 characters Privacy protocol uses the DES for packet privacy This can only be con gured when the security level is selected as AuthPriv Privacy Passwo...

Page 104: ...authentication but no privacy AuthPriv is authentication and privacy Read SNMP view con gures the SNMP view community name with read permission Write SNMP view con gures the SNMP view community name...

Page 105: ...des Add or Delete Example Type the SNMP view as max and the OID as 1 3 6 1 4 1 41721 2 2 1 Select the type as Include and the Operation as Add Click Apply 21 2 1 4 SNMP engineid con guration Click Man...

Page 106: ...h Trap State open or close the function that the device receives the Trap information SecurityIP State open or close the security IP address checking function of the NMS management station 21 2 3 Comm...

Page 107: ...l If version is equal to 3 noAuthNoPriv authNoPriv or authPriv Operation Add or Remove Example Type the Trap receiver as 192 168 1 100 Community string as trap Click Apply to complete the con guration...

Page 108: ...root certificates These certificates serve as trusted third parties and work instantly to provide seamless usability The icXchange solution accepts root SSL certificates from all browsers for a secur...

Page 109: ...guring Select Switch on off SSH as Open and then click Apply 21 3 1 Switch on off SSH Click Management SSH management Switch on off SSH to open or close the SSH function 21 3 2 SSH management Click Ma...

Page 110: ...econds SSH reauthentication management con gures SSH reauthentication management the range is from 1 to 10 and the default value is 3 SSH RSA key the algorithm for the host key the range is from 768 t...

Page 111: ...Manual 1 TFTP service includes TFTP client service con gures the TFTP client TFTP server service con gures the TFTP server 2 FTP service includes FTP client service con gures the FTP client FTP server...

Page 112: ...ource le name the range is from 1 to 100 characters Operation type includes Upload and Download Transmission type ascii uses ASCII to transmit the le binary uses binary to transmit the le Click Apply...

Page 113: ...ice Click Manage Firmware update TFTP service TFTP server service to open the con guration page TFTP server state the server state includes Open and Close TFTP timeout the timeout TFTP retransmit time...

Page 114: ...0 characters Local le name destination le name range is from 1 to 100 characters Server le name source le name range is from 1 to 100 characters Operation type includes Upload and Download Transmissio...

Page 115: ...follows User name the user name range is from 1 to 32 characters Password the appointed password range is from 1 to 16 characters State the password showing includes plain text and encrypted text The...

Page 116: ...ent Telnet server con guration Telnet server state to con gure Example Select the Telnet server state as Open and then click Apply to start the Telnet server 21 5 2 Max numbers of telnet access connec...

Page 117: ...the current running status show memory usage the memory usage information under the current running status show ash the flash le information show running con guration the current parameters con gurat...

Page 118: ...guration PING and traceroute 1 Basic con guration con gures the mapping between the switch and the IP address Example Type the Host name as AC and the IP address as 192 168 1 1 Select Operation Add an...

Page 119: ...ut 21 6 2 Others The other con gurations in the Maintenance and Debugging Command are simpler Users can click the con guration tab to retrieve the corresponding information they will not be listed one...

Page 120: ...113 Wireless Web Interface User s Manual 4 Show the flash le as follows...

Page 121: ...di cations will invalidate ICC s warranty and all applicable regulatory certi cations and approvals Only antennas speci ed for your region by ICC can be used with this product The use of external ampl...

Page 122: ...h the receiver is connected Consult the dealer or an experienced radio TV technician for help The user may nd the following booklet prepared by the Federal Communications Commission helpful The Interf...

Page 123: ...nce notice This device has been tested and certi ed according to the following safety standards and is intended for use only in information technology equipment which has been tested to these or other...

Page 124: ...sible for these items if they are returned to ICC with the product Prior to returning any defective product Customers must contact ICC for a Return Material Authorization number RMA Proof of the origi...

Page 125: ...a registered trademark of Apple Inc Windows Windows Server 2003 Windows Vista and Microsoft Internet Explorer are registered trademarks of Microsoft Cisco is a registered trademark of Cisco Inc IBM i...

Reviews:

No comments

Brands by name

Popular brands

Load more brands