background image

LANCOM 1811n Wireless – LANCOM 1821n Wireless

 Chapter 8: Security settings

75

EN

The passphrases for 802.11i or WPA do not have to be changed quite so
regularly as new keys are generated for each connection anyway. This is
not the only reason that the encryption with 802.11i/AES or WPA/TKIP is
so much more secure than the now obsolete WEP method. If you use WEP
encryption to maintain compatibility with older WLAN clients, regularly
change the WEP key in your access point. 

If the data is of a high security nature, further improvements include addi-
tionally authenticating the client with the 802.1x method (’802.1x / EAP’

page 77) or activate an additional encryption of the WLAN connection

as used for VPN tunnels (’IPSec over WLAN’ 

page 78). In special cases,

a combination of these two mechanisms is possible.

Detailed information about WLAN security and the various encryption
methods are to be found in the LCOS reference manual.

Please also observe the information in the "Standard WEP encryption"
box.

Summary of Contents for 1811n Wireless

Page 1: ...om eu Internet www lancom eu LANCOM 1811n Wireless LANCOM 1821n Wireless LANCOM 1811n Wireless LANCOM 1821n Wireless Handbuch Manual c o n n e c t i n g y o u r b u s i n e s s 110752_LC 18x1n MANUAL...

Page 2: ...LANCOM 1811n Wireless LANCOM 1821n Wireless...

Page 3: ...d trademarks of Microsoft Corp The LANCOM Systems logo LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH All other names or descriptions used may be trademarks or registered tr...

Page 4: ...es The LANCOM 1811n Wirelessand LANCOM 1821n Wireless provide a maximum wireless LAN performance of up to 300 Mbps thanks to the support of the IEEE 802 11n standard The 802 11n standard includes many...

Page 5: ...ould additionally like to ask you to refer to our Internet site www lan com eu for the latest information about your product and technical develop ments and also to download our latest software versio...

Page 6: ...ur staff from a variety of departments in order to ensure you the best possible support when using your LANCOM product Should you find any errors or if you would like to suggest improvements ple ase d...

Page 7: ...821n Wireless Preface 6 EN Information symbols Very important instructions Failure to observe these may result in damage Important instruction that should be observed Additional information that may b...

Page 8: ...System requirements 26 2 2 1 Configuring the LANCOM devices 26 2 2 2 Operating access points in managed mode 26 2 3 Status displays and interfaces 26 2 3 1 Device connectors 33 2 4 Hardware installati...

Page 9: ...ructions for WEBconfig 61 6 Providing dial in access 62 6 1 Which details are necessary 62 6 1 1 General information 63 6 1 2 Settings for TCP IP 64 6 1 3 Settings for NetBIOS routing 65 6 2 Settings...

Page 10: ...sories 85 9 1 Optional AirLancer Extender antennas 85 9 1 1 Antenna diversity 86 9 1 2 Polarization diversity 86 9 1 3 MIMO 86 9 1 4 Installing the AirLancer Extender antennas 86 9 2 LANCOM Public Spo...

Page 11: ...al You can see from the table What your LANCOM can do further below which functions your device supports Please refer to the reference manual for further information on this topic A wireless LAN conne...

Page 12: ...he main office Please observe the corresponding notices to this in this documenta tion or in the LCOS reference manual 1 1 1 Modes of operation of wireless LANs and access points Wireless LAN technolo...

Page 13: ...gross data rates of up to 54 Mbps which turn out to be approx 22 Mbps net Networks based on 802 11n currently achieve a gross data throughput of up to 300 Mbps in reality approx 120 to 130 Mbps net th...

Page 14: ...ical layers describes how data must be transformed in order for them to be transmitted as individual bits over the physical medium In this process the following steps are performed in a wireless LAN d...

Page 15: ...increase the maximum useable bandwidth of 54 Mbps for 802 11a g to 65 Mbps for 802 11n This increase is not exactly spectacular but it can be further improved by using the following features MIMO tec...

Page 16: ...ese electromagnetic waves are reflected by the surrounding surfaces causing a broadcast signal to reach the WLAN cli ent s antenna over many different paths this is also referred to as multipath propa...

Page 17: ...eceiver decides for itself which of the incoming signals is to be processed thus avoiding loss from interference MIMO thus allows the simultaneous transmission of several signals over one shared mediu...

Page 18: ...mployed that use polarization channels turned through 90 to each other These so called dual slant antennas are really two antennas in one housing Since a third signal does not offer additional reliabi...

Page 19: ...or two channels should be employed As the implementation of 40 MHz with separate control and extension chan nels is more efficient in the 802 11n standard than in the conventional turbo mode more tha...

Page 20: ...data each data packet in a wireless LAN system contains additional information such as a preamble and MAC address information Time is lost to the management events that occur when the transmission med...

Page 21: ...that the packet was received correctly and does not need to be repeated This principle also applies to aggregated frames in 802 11n Two different methods are used for frame aggregation These are not e...

Page 22: ...et access LAN LAN coupling over VPN LAN LAN coupling over ISDN RAS server over VPN RAS server over ISDN IP router NetBIOS proxy for coupling Microsoft peer to peer networks over ISDN DHCP and DNS serv...

Page 23: ...short guard interval Internal antennas 1 1 External antennas and connectors for AirLancer Extender antennas 2 2 Access point mode Client mode Managed mode for central configuration of WLAN modules by...

Page 24: ...y switchable as a WAN interface for connecting SDSL modems 4 4 USB connector USB 2 0 host port full speed 12 Mbps for connecting a USB printer and for future extensions Security functions IPSec encryp...

Page 25: ...s Dial Up Networking Serial configuration interface Call back function with PPP authentication mechanisms allowing only predefined ISDN call numbers FirmSafe for no risk firmware updates Optional soft...

Page 26: ...tarting the installation In addition to the base station itself the package should contain the following accessories If anything is missing please contact your retailer or the address stated on the de...

Page 27: ...de or as components in a WLAN infrastructure which is controlled from a central WLAN Controller managed mode Split management can be used to separate the WLAN configuration from the rest of the router...

Page 28: ...front panel LANCOM 1811n Wireless LANCOM 1821n Wireless Top The two top mounted LEDs enable the main function status to be assessed even if the device is positioned vertically VPN LANCOM 1811n Wireles...

Page 29: ...perma nently Device operational Red green Blinking alterna tely Device insecure Configuration password not set Orange green In the housing cover blinking alternately with the online LED At least one W...

Page 30: ...Bconfig charge protection and all parameters are to be found under LCOS menu tree Setup Charges Reset budgets Power Power Signal that a charge or time limit has been reached Off No active connection G...

Page 31: ...red constantly on Error while establishing connection off No network device connected green constantly on Connection to network device operational no data traffic green flickering Data traffic send o...

Page 32: ...tatus WLAN Link Provides information about the WLAN connections via the internal WLAN module Off Not connected or no S0 voltage no error message Green Blinking D channel initialization establishing co...

Page 33: ...ted WLAN stati ons and P2P wireless connections followed by a pause default Alternatively the frequency of the flashed can indicate the received signal strength of a P2P link or the received signal st...

Page 34: ...ot have an external con nector Second Ethernet socket 10 100Base Tx for connection to the LAN Both 10 Mbit or 100 Mbit connections are supported The available transfer rate is detected automatically a...

Page 35: ...evice Pressing the button for 5 seconds or longer restarts the device and resets the configuration to its factory settings All LEDs on the device light up continuously Once the switch is released the...

Page 36: ...o the threshold values LAN First connect the LANCOM Router base station to your LAN or to an individual PC For that purpose plug the included network cable green plugs into the LAN connector of the de...

Page 37: ...iguration of the print server can be found in the LCOS reference manual Configuration port you may optionally connect the router directly to the serial port RS 232 V 24 of a PC Use the cable supplied...

Page 38: ...p this section if you use your LANCOM Wireless Router exclusively with computers running operating systems other than Windows 2 5 1 Starting the software setup Place the product CD into your drive The...

Page 39: ...ndows computer to monitor all of your LANCOM routers and LANCOM access points WLANmonitor enables the observation and surveillance of wireless LAN networks Clients connected to the access points are s...

Page 40: ...ease At the end of this chapter we show you the necessary settings for the work place computers in the LAN so that they can access the device without pro blem 3 1 Details you will need The Basic Sett...

Page 41: ...address 172 23 56 254 network mask 255 255 255 0 The integrated DHCP server is also activated so that the LANCOM Wireless Router can assign the devices in the LAN IP addresses automatically Should yo...

Page 42: ...main names if you have selected Off as the DHCP mode of operation or if another network device is assuming the role of DNS server in the Server mode of operation 3 1 2 Configuration protection Using a...

Page 43: ...attempting to register with the network name ANY Selecting a radio channel The access point operates in a specific radio channel The radio channel is selected from a list of up to 13 channels in the 2...

Page 44: ...Router for cost budgets and the accounting function 3 1 5 Charge protection Charge protection prevents DSL connections being established above and beyond a predefined amount and therefore protects you...

Page 45: ...ation you can continue with step Give the LANCOM an address from the applicable IP address range Con firm with Next In the window that follows you first set the password to the configura tion Entries...

Page 46: ...e maximum security Accessing the device with WEBconfig To carry out a configuration with WEBconfig you need to know how to con tact the device Device behavior and accessibility for configuration via a...

Page 47: ...56 254 With the factory settings and an activated DHCP server the device for wards all incoming DNS requests to the internal Web server This means that a connection can easily be made to set set up a...

Page 48: ...ase of the device If there is no DNS server in the LAN or if it is not coupled to the DHCP server the device cannot be reached via the name In this case the follo wing options remain Under LANconfig u...

Page 49: ...er HTTPS Always use the HTTPS connection for increa sed security whenever possible Setup Wizards The setup Wizards allow quick and easy configuration of the most common device settings Select the Wiza...

Page 50: ...and WLAN for devices with a radio module but it also communicates its own IP address as the standard gateway and DNS server For this reason the PCs have to be set up to automatically retrieve their ow...

Page 51: ...to be connected to one of the device s ETH ports When set ting up the Internet access you define which ETH port the ADLS modem has been connected to Does the Setup Wizard know your Internet provider...

Page 52: ...in such cases can close the connection before the hold time expires In case of flatrate billing you can also set up line polling to monitor the function of the remote site Apart from that you can opt...

Page 53: ...ne select Extras Setup Wizard In the selection menu select the Setup Wizard Set up Internet connec tion and confirm the selection with Next In the following windows you select your country your Intern...

Page 54: ...our UMTS provider for informa tion on limitations that may apply The Wizard will inform you as soon as the entries are complete Close the configuration with Finish 4 1 2 Instructions for WEBconfig Sel...

Page 55: ...tivity must be configured Note that the configuration information at both ends must match The following instructions assume that LANCOM Routers are being operated at both ends It is possible to set up...

Page 56: ...is required via VPN simple method with pre shared keys and or via ISDN For further information on VPN based network connectivity by other methods refer to the LANCOM Reference Manual Connecti vity En...

Page 57: ...will cause your LANCOM to be renamed Ensure that you give different names to the two remote devices The name of the remote site is required for identifying the devices In the field ISDN number the tel...

Page 58: ...for the TCP IP router In the TCP IP network correct addressing is of extreme importance For net work connectivity it should be observed that both networks are logically separated For this reason they...

Page 59: ...e visible from the remote LAN not with their own IP address but with a freely definable address such as that of the VPN gateway This avoids giving stations in a remote LAN direct access to the compute...

Page 60: ...of both routers you can start testing the network connection Try to communicate with a computer in the remote LAN e g with ping The LANCOM Router should automatically connect to the remote site and m...

Page 61: ...zard It is even possible to simultaneously couple multiple routers to a central network In LANconfig mark the routers at branch offices which are to be coupled to a central router via VPN Use drag dro...

Page 62: ...e device properties 5 4 Instructions for WEBconfig In WEBconfig VPN based network connectivity cannot be set up in the Wizard The manual configuration has to be used instead Refer to the reference man...

Page 63: ...The dial in computer needs an ISDN adapter or an ISDN modem The protocol of data transfer is PPP This ensures that all normal devices and operating systems are supported Setting up dial in access is...

Page 64: ...dialing in Incoming number The optional ISDN calling line ID is used by the LANCOM Router for additional user authentication This security function should not be employed if the user will be dialing i...

Page 65: ...both manual and automatic IP address assignment ensure that the addresses are freely available in your local network In our example the PC is assigned with the IP address 10 0 1 101 when it dials in T...

Page 66: ...you a 30 day test version of the LANCOM Advanced VPN Client on the CD supplied A precise description of the VPN client and notes on its setup are also to be found on the CD The Wizard then requests th...

Page 67: ...Finish Configure the access account on the dial in PC as described Subsequently test the connection see box Ping the quick test of a TCP IP connec tion 6 4 1 Click VPN for LANCOM Advanced VPN Client...

Page 68: ...can be used by other appli cations to send e mails When setting up the VPN access certain settings are made to optimize ope rations with the LANCOM Advanced VPN Client including Gateway If defined in...

Page 69: ...tructions for WEBconfig In the main menu launch the Wizard Provide remote access RAS Fol low the Wizard s instructions and enter the necessary data Configure the access account on the dial in PC as de...

Page 70: ...ing machines online banking and eurofile transfer All functions are supplied via the network without the necessity of additional hardware at each individual workstation thus eliminating the costs of e...

Page 71: ...OM CAPI Faxmodem and MS Win dows fax service 7 1 Installation of the LANCOM CAPI Faxmodem Select the entry Install LANCOM software in the setup program of your LANCOM CD Highlight the option CAPI Faxm...

Page 72: ...o the Phone and Modem Options of the control panel 7 2 Installation of the MS Windows fax service Select the option Printers and Faxes from the control panel Select the option Set up faxing from the w...

Page 73: ...e you can send it directly from your respective application If you only want to send a short message select the MS Windows fax service You can use of course any other fax software alternatively 7 3 1...

Page 74: ...1811n Wireless LANCOM 1821n Wireless Chapter 7 Sending faxes with LANCAPI 73 EN The fax client console will open Select the menu item Send a Fax A wizard will assist you through the remaining sending...

Page 75: ...ase Security LEPS Access control by MAC address Optional IPSec over WLAN VPN 8 1 1 Encrypted data transfer Encryption takes on a special role in the transfer of data in wireless LANs Wireless communic...

Page 76: ...y with older WLAN clients regularly change the WEP key in your access point If the data is of a high security nature further improvements include addi tionally authenticating the client with the 802 1...

Page 77: ...on consists of the first letter L follo wed by the LAN MAC address of the access point in ASCII characters The LAN MAC addresses of the LANCOM devices always begin with the character string 00A057 You...

Page 78: ...additional column in the ACL to assign an individual passphrase consisting of any 4 to 64 ASCII characters to each MAC address The connection to the access point and the subsequent encryp tion with IE...

Page 79: ...N support and the LANCOM Advanced VPN Client that operates under Windows 2000 XP and Windows Vista Client software from third parties is available for other operating systems 8 2 Tips for the proper t...

Page 80: ...configuration for a fixed period You can modify the critical number of attempts and also the duration of the lock By default the device locks for five minutes after five incorrect entries of the pass...

Page 81: ...security settings Wizard to check and change any settings The following values are edited Device password The protocols to be available for accessing the configuration from local and remote networks T...

Page 82: ...permit or prevent individual cli ents accessing your wireless LAN The decision is based on the MAC address that is permanently programmed into wireless network adapters To check the access control lis...

Page 83: ...The stateful inspection firewall of LANCOM devices ensures that you local network cannot be attacked from the outside Activate the firewall in LANconfig under Firewall QoS on the General tab Note that...

Page 84: ...ation sessions via LANconfig WEBconfig Telnet or TFTP As standard this table contains no entries meaning that computers with any IP address can use TCP IP and Telnet or TFTP to commence accessing the...

Page 85: ...g switched on the device calls itself at the corresponding telephone number to check that it is still con nected to the correct ISDN connection for further information see the reference manual The scr...

Page 86: ...s An over view of the supported antennas is available from the LANCOM Web site under www lancom eu You will also find further information on calculating the best configu ration for AirLancer Extender...

Page 87: ...ame unit for the transmission to the client Antenna diversity ensures that the various clients associated with the Access Point always use the send receive unit with the best signal 9 1 2 Polarization...

Page 88: ...ernet Wireless LAN technology is ideal for offering wireless Internet services to the public in locations such as airports railway stations restaurants or cafes via so called HotSpots The LANCOM Publi...

Page 89: ...entication authorization accounting This is remedied by the LANCOM Systems Open User Authentication OUA the core component of the LANCOM Public Spot Option OUA implements the authentication of all wir...

Page 90: ...LANCOM 1811n Wireless LANCOM 1821n Wireless Chapter 9 Options and accessories 89 EN...

Page 91: ...iders If your DSL provider is unknown to the Wizard you have to set the protocol yourself The protocol specified by your DSL provider should work without pro blem You can check and adjust your protoco...

Page 92: ...s attempt to update the time by acces sing a time server in the Internet For this reason Windows XP computers booting in the WLAN cause the LANCOM to connect to the Internet To prevent Windows XP comp...

Page 93: ...dual interfaces are show up in a list The following results can occur OK Cable plugged in correctly line ok open with distance 0m No cable plugged in or interruption within less than 10 meters distanc...

Page 94: ...your country for operating antenna systems Information about the calculation of conforming antenna configurations under www lancom eu Outband serial V 24 V 28 port 8 pol mini DIN Power supply 12V DC o...

Page 95: ...Art no 61214 AirLancer Extender O 30 2 4 GHz outdoor antenna Art no 60478 AirLancer Extender O 70 2 4 GHz outdoor antenna Art no 60469 AirLancer Extender O D80g 2 4GHz polarizations diversity outdoor...

Page 96: ...2 Connector wiring 11 2 1 Ethernet interface 10 100Base TX 8 pin RJ45 sockets ISO 8877 EN 60603 7 11 2 2 ADSL interface Only LANCOM 1821n Wireless 6 pin RJ11 socket Connector Pin Line 1 T 2 T 3 R 4 P...

Page 97: ...ter 11 Appendix 96 EN 11 2 3 DSL interface LANCOM 1811n Wireless only 6 pin RJ45 socket 11 2 4 ISDN S0 interface 8 pin RJ45 socket ISO 8877 EN 60603 7 Connector Pin IAE 1 T 2 T 3 R 4 5 6 R Connector P...

Page 98: ...s herewith declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995 5 EC directive The CE declarati...

Page 99: ...on ISDN Application Programming Interface CAPI 69 Configuration access 44 Configuration file 83 Configuration interface 24 Connector cable 25 Configuration password 81 Configuration port 33 Configurat...

Page 100: ...Dial in number 51 Dynamic channel bundling 51 MSN 43 S0 port 33 ISDN calling line ID 56 63 64 ISDN connection Basic settings 43 ISDN data compression 51 ISDN leased line option 22 ISDN modem 62 ISDN...

Page 101: ...65 Server 21 Setup 62 Specify MSN 43 TCP IP 64 User name 63 Windows workgroup search 65 Remote configuration 44 Remote configuration via ISDN 24 Reset switch 33 Reset the toll protection 29 Routing t...

Page 102: ...EN Turbo Mode 22 U UDP 83 V Virtual Private Networks VPN 21 VPN client 65 W WAN Connector cable 25 WAN Anschluss 33 WEBconfig 45 HTTPS 45 System requirements 26 WEP 22 74 79 80 Windows workgroup searc...

Reviews: