Atel IWE1200A-G Скачать руководство пользователя | Manualshive

Страница: 62 / 87

background image

3.5.2.3. IEEE 802.1x

IEEE 802.1x

Port-Based Network Access Control

is a new standard for solving some security issues

associated with IEEE 802.11, such as lack of user-based authentication and dynamic encryption key
distribution. With IEEE 802.1x and the help of a RADIUS (Remote Authentication Dial-In User Ser-
vice) server and a user account database, an enterprise or ISP (Internet Service Provider) can manage
its mobile users’ access to its wireless LANs. Before granted access to a wireless LAN supporting
IEEE 802.1x, a user has to issue his or her

user name

and

password

or

digital

certificate

to the

backend RADIUS server by EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS
server can record accounting information such as when a user logs on to the wireless LAN and logs
off from the wireless LAN for monitoring or billing purposes.

The IEEE 802.1x functionality of the wireless access gateway is controlled by the

security mode

(see

Section 3.5.2.1). So far, the wireless access gateway supports two authentication mecha-
nisms—EAP-MD5 (Message Digest version 5) and EAP-TLS (Transport Layer Security) for IEEE
802.1x. If EAP-MD5 is used, the user has to give his or her

user name

and

password

for authentica-

tion. If EAP-TLS is used, the wireless client computer automatically gives the user’s

digital certifi-

cate

that is stored in the computer hard disk or a smart card for authentication. And after a successful

EAP-TLS authentication, a session key is automatically generated for wireless packets encryption
between the wireless client computer and its associated wireless access gateway. To sum up,
EAP-MD5 supports only user authentication, while EAP-TLS supports user authentication as well as
dynamic encryption key distribution.

Fig. 77. IEEE 802.1x and RADIUS.

TIP:

Go to the

Authentication, RADIUS

section of the Web management UI to configure RADIUS

settings (see Section 3.6.2).

TIP:

Refer to the IEEE 802.1x-related white papers on the accompanying CD-ROM for more infor-

mation about deploying secure WLANs with IEEE 802.1x support.

55

«
...
60
61
62
63
64
...
»

Содержание IWE1200A-G

Страница 1: ...USER S MANUAL...

Страница 2: ...IEEE 802 11b Hotspot Access Gateway Wired and Wireless Editions User s Guide Version 1 8 Last Updated 11 24 2004...

Страница 3: ...e receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is con nected Consult the dea...

Страница 4: ...he safety of those who install and use it How ever special attention must be paid to the dangers of electric shock and static electricity when work ing with electrical equipment All guidelines of this...

Страница 5: ...Step 4 Reviewing and Applying Settings 16 2 4 6 Configuring User Authentication Settings 17 2 4 6 1 Web Redirection 17 2 4 6 2 IEEE 802 1x 17 2 4 7 Configuring RADIUS Settings 18 2 5 Deploying the WLA...

Страница 6: ...2 Client Bandwidth Control 46 3 4 7 PPTP Client 48 3 4 7 1 Basic 49 3 4 7 2 Virtual Second LAN 49 3 4 8 Zero Client Reconfiguration 49 3 5 Configuring IEEE 802 11b Related Settings 50 3 5 1 Communica...

Страница 7: ...grity Detection 70 3 7 3 2 Periodical Restart 71 3 7 4 LAN Device Management 71 Appendix A Default Settings 73 Appendix B Troubleshooting 75 B 1 TCP IP Settings Problems 75 B 2 Other Problems 77 Appen...

Страница 8: ...way Following the steps the WLAN hotspot access gateway can be quickly set up to work In Chapter 3 detailed explanations of each Web management page are given for the user to understand how to fine tu...

Страница 9: ...s IEEE 802 11b Access point The wireless access gateway is equipped with a built in Access Point AP which bridges packets between the wireless IEEE 802 11b network interface and the wired Ethernet int...

Страница 10: ...ng current DHCP mappings Showing which IP address is assigned to which host identified by an MAC address NAT server Client computers can share a public IP address provided by an ISP Internet Service P...

Страница 11: ...rs is blocked WAN ICMP requests blocking Some DoS Denial of Service attacks are based on ICMP requests with large payloads Such kind of attacks can be blocked Stateful Packet Inspection SPI Analyzing...

Страница 12: ...firmware of the WLAN hotspot access gateway can be up graded in the following methods Xmodem based Upgrading firmware over RS232 TFTP based Upgrading firmware by TFTP Trivial File Transfer Protocol H...

Страница 13: ...arts the access gateway automatically This mechanism is aimed at solving lockup caused by firm ware bugs in the OS operating system of the access gateway LAN WAN Configurable Ethernet Switch Ports The...

Страница 14: ...7...

Страница 15: ...ay on a Wall The WLAN hotspot access gateway is wall mountable 1 Stick the supplied sticker for wall mounting 2 Use a 7 0mm driller to drill a 25mm deep hole at each of the cross marks 3 Plug in a sup...

Страница 16: ...2 Connecting a managing computer and a WLAN hotspot access gateway via Ethernet Since the DHCP server functionality is factory set to be enabled it s recommended that there are no other computers conn...

Страница 17: ...nu item File click Preferences click File types and edit the MIME type text html to add a file extension sht so that Opera can work properly with the Web management pages of the gate way TIP For maint...

Страница 18: ...kly change the configuration of the gateway Fig 4 The Start page The first page of the configuration wizard is a welcome page This page gives a brief description of the configuration process Click Nex...

Страница 19: ...terface is achieved by DHCP select Gateway with a DHCP Based DSL Cable Connection If the gateway is to be used with a DSL or cable modem and the IP address of the Ethernet WAN interface has to be manu...

Страница 20: ...established Your PPPoE connec tion can be established and torn down manually Manual by clicking the Connect and Disconnect buttons on the Start page respectively Or you can choose to let the device a...

Страница 21: ...DSL Cable Connection mode If the gateway was set to be in Gateway with a Static IP DSL Cable Connection mode two IP ad dresses are needed one for the Ethernet LAN interface and the other for the WAN...

Страница 22: ...espectively As a result refer to Sections 2 4 3 1 2 4 3 2 and 2 4 3 3 for more informa tion 2 4 4 ConfigWizard Step 3 Configuring IEEE 802 11 Set tings IEEE 802 11b related communication settings incl...

Страница 23: ...an review all the settings you have made Changes are highlighted in red If they are OK click Save Restart to apply the new settings Or you can go back to previous pages to make modifications Or you ca...

Страница 24: ...go to the Authentication Web Redi rection section and then enable the Web Redirection functionality by choosing Enabled with Au thentication from the Functionality drop down list and choose a RADIUS...

Страница 25: ...rver Shared key and Identifier of this NAS settings And leave other settings to their default values Click Save Restart when fin ished Fig 15 RADIUS settings NOTE When configured for EAP authenticatio...

Страница 26: ...nnected to the LAN 4 port of the gateway The gateway works together with the RADIUS server to decide whether a wireless client the notebook computer or the PDA is allowed to access the Internet throug...

Страница 27: ...ing CD ROM for more information on setting up the wireless client computer 2 6 2 Configuring TCP IP Related Settings If a wireless user use a Windows computer he she can use Windows Network Control Pa...

Страница 28: ...the requested page a log on page is shown Click Log On for authentication Fig 17 Log on page 4 Type a correct user name and password that has been registered on the RADIUS server Fig 18 User name and...

Страница 29: ...you will be prompted to try again or cancel the authen tication process Fig 21 Authentication failure NOTE If IEEE 802 1x capability of the Wireless Advanced edition of access gateway is enabled the...

Страница 30: ...3 1 1 Menu Structure The left side of the start page contains a menu for you to carry out commands Here is a brief descrip tion of the hyperlinks on the menu Home For going back to the start page Con...

Страница 31: ...ss settings for the gateway to work with TCP IP or user name and password provided by the ISP DNS Proxy Server DNS Domain Name System proxy and server settings NAT Server Settings for the NAT Network...

Страница 32: ...ettings for automatic recovery from lockup situations LAN Device Management Settings for the gateway to know what LAN devices it has to manage 3 1 2 Save Save Restart and Cancel Commands Fig 23 Save S...

Страница 33: ...efresh Commands Fig 25 Home and Refresh At the bottom of each status page that shows read only information there are two buttons Home and Refresh Clicking Home brings you back to the start page Clicki...

Страница 34: ...eless access gate way s built in AP For a wired edition of access gateway this page is missing 3 2 2 Authenticated Users Fig 27 Authenticated users On this page the status information of each RADIUS a...

Страница 35: ...mappings are shown A DHCP mapping is a correspondence relationship between an IP address assigned by the DHCP server and a computer or device that obtains the IP address A computer or device that acts...

Страница 36: ...can be easily spotted by inspecting the system log The system events are divided into several categories and you can select which categories of events to log See Section 3 7 2 3 for more information 3...

Страница 37: ...can specify the operational mode for the gateway Currently 5 modes are available Gateway with a PPPoE based DSL Cable Connection In this mode the gateway as sumes that a DSL or cable modem is connect...

Страница 38: ...ddressing section of the management UI see Section 3 4 1 to configure the addressing settings of the WAN and LAN interfaces NOTE Since the WAN load balancing algorithm is based on the TCP session rath...

Страница 39: ...e Firmware file name text box 2 Click Upgrade to begin the upgrade process 3 3 3 2 Backing up and Restoring Configuration Settings by HTTP Fig 39 Firmware backup by HTTP To back up configuration of th...

Страница 40: ...red a TFTP server program TftpSrvr exe for firmware upgrade Run this program on the computer that is to serve as a TFTP server Fig 42 Firmware upgrade by TFTP To upgrade firmware of the access gateway...

Страница 41: ...t and on the same LAN so that the upgrade process would be smooth NOTE After the firmware is upgraded be sure to delete the contents of the Web browser cache so that the Web management pages can be sh...

Страница 42: ...access gateway by TFTP 1 Get a computer that will be used as a TFTP server and as a managing computer to trigger the restoring process 2 Connect the computer and one of the LAN Ethernet switch port w...

Страница 43: ...icate and private key issued by a third party CA Certificate Authority that you trust To upload a certificate file and private key file to the access gateway 1 Click Browse next to the Certificate fil...

Страница 44: ...ault set tings need no change As for the WAN IP address it is obtained automatically by PPPoE from the ISP Consult your ISP for the correct User name Password and Service name settings The Trigger mod...

Страница 45: ...es care of everything In Manual mode there are two buttons on the Start page for you to manually release an obtained IP address Release and re obtain a new one from a DHCP server Renew Custom MAC Addr...

Страница 46: ...ts MAC address to the Ethernet card s MAC address 3 4 1 4 Gateway with Multiple DSL Cable Connections Fig 51 TCP IP settings for Gateway with Multiple DSL Cable Connections mode Since the Internet con...

Страница 47: ...an access the server by its domain name instead of by its IP address For example an internal Web server for the intranet say 192 168 0 2 may be associated with the domain name www company name com To...

Страница 48: ...mpatibility with NAT To specify the DMZ host Enter the private IP address of the computer to be used as a DMZ host and select the corre sponding check box 3 4 3 2 Static NAT Mappings Fig 55 Static NAT...

Страница 49: ...pings Fig 56 Virtual server mappings The gateway enables you to expose internal servers on the intranet through NAT to the Internet for public use The exposed internal servers are called virtual serve...

Страница 50: ...DNS server and Secondary DNS server settings that will be sent to a client at its request Additionally you can specify the first IP address that will be assigned to the clients and the number of allo...

Страница 51: ...client and the IP address to be assigned to it Then give a description for this mapping 2 Select the corresponding Enabled check box 3 4 5 Dynamic DNS Fig 59 Dynamic DNS settings With the help of dyna...

Страница 52: ...ss range NOTE A by port range policy has priority over a by IP address range policy from the perspective of the load balancing engine Policy by Port Range Fig 60 By port range policy settings for LAN...

Страница 53: ...idth The bandwidth control policy can be all users wide or on a per user basis To specify a bandwidth control policy you specify a Max upload rate and a Max download rate for upstream and downstream t...

Страница 54: ...ress Fig 64 By MAC address policy for client bandwidth control To specify a by MAC address policy 5 Specify the MAC address Max upload rate and Max download rate for the client to limit its maximum ba...

Страница 55: ...tworks This way a hacker on the 192 168 0 xxx network cannot attack ac cess points on the 10 0 0 xxx network After the PPTP client of the access gateway establishes a PPTP tunnel with a remote PPTP se...

Страница 56: ...o enable the virtual second LAN 3 4 8 Zero Client Reconfiguration Fig 68 Zero client reconfiguration settings When Zero Client Reconfiguration function is enabled the gateway ignores IP DNS Client IP...

Страница 57: ...communicate with each other The maximum data rate of IEEE 802 11b is 11Mbps In case there is RF interference you may want to reduce the data rate to 5 5Mbps 2Mbps or 1Mbps We suggest this setting be...

Страница 58: ...mputers In this way the wireless access gateway plays a role of AP repeater NOTE The wireless access gateway can have up to 6 WDS links to other wireless AP bridge Fig 72 Wireless Distribution System...

Страница 59: ...client isolation setting is set to This AP only wireless clients of this wireless ac cess gateway as an AP cannot see each other and wireless to wireless traffic is blocked When the setting is set to...

Страница 60: ...nt Pri vacy 128 bit WEP Authentication and data encryption based on 128 bit WEP Wired Equivalent Privacy and 128 bit keys are used 802 1x EAP MD5 The IEEE 802 1x functionality is enabled and the user...

Страница 61: ...able are permitted to associate with the wireless access gateway When the table type is set to exclusive entries in the table are not permitted to associate with the wireless access gateway To deny wi...

Страница 62: ...d by the security mode see Section 3 5 2 1 So far the wireless access gateway supports two authentication mecha nisms EAP MD5 Message Digest version 5 and EAP TLS Transport Layer Security for IEEE 802...

Страница 63: ...mation is sent to a back end RADIUS Remote Authentication User Dial In Service server to see if the wireless user is allowed to access the Internet The authentication mechanism employed for RADIUS is...

Страница 64: ...file both of which issued by a CA Certificate Authority that you trust Section 3 3 3 6 describes how to upload a certificate file and a private key file to the gateway TIP If you have uploaded a cert...

Страница 65: ...server have to contain specific HTML JavaScript code so that Web redirection can work without error Use the source of the default pages as templates for design your own authentication pages NOTE Beca...

Страница 66: ...uncontrolled computers within an IP address range 1 Specify the Stating IP and End IP addresses of the IP address range 2 Click Add Then you ll see the newly entered IP address range appear in the IP...

Страница 67: ...is feature is useful for WISPs to do advertisement For example a WISP can set up a Web server to contain adver tisement information for users who have not subscribed to its wireless Internet access se...

Страница 68: ...htm www interepoch com tw 8080 subdir index htm 110 1024 1285 3 6 2 RADIUS 3 6 2 1 Basic Fig 87 RADIUS basic settings For the advanced wireless access gateway the RADIUS client component of the gatewa...

Страница 69: ...S identifier 3 6 2 2 Robustness Fig 88 RADIUS robustness settings The gateway can be configured to notify the RADIUS server after it reboots The RADIUS server can make use of the notification to clean...

Страница 70: ...t Explorer To support Windows CE based clients you have to disable the keep alive mechanism otherwise the clients will be terminated unexpectedly 3 6 4 Authentication Page Customization 3 6 4 1 Select...

Страница 71: ...og off page customization settings Furthermore Banner images and Hyperlinks can be added to the Log Off window for advertisement purposes The banner images are shown in sequence at an interval specifi...

Страница 72: ...Fig 95 Advertisement links settings Fig 96 Advertisement links in action 65...

Страница 73: ...etting A rule is composed of 5 parts What to do if a packet meets this rule Action Protocol type All ICMP TCP UDP Source IP address range Source IP Address AND Source Subnet Mask Destination IP addres...

Страница 74: ...een the Ethernet WAN interface and the wireless network interface 3 7 1 3 Firewall Fig 99 Packet filters and firewall settings SPI analyzes incoming and outgoing packets based on a set of criteria for...

Страница 75: ...m the LAN side remotely from the WAN side or from both sides If the management type is WAN Only or WAN and LAN be sure to specify the port 8080 when typing a URL for managing a gateway within a Web br...

Страница 76: ...n be logged to the on board RAM of the access gateway Local log or sent to a re mote computer on which an SNMP trap monitor program runs Remote log by SNMP trap See the next subsection for more inform...

Страница 77: ...n invalid state due to bugs in the firmware and the access gateway appears to be locked up from end user perspective The access gateway is equipped with two software based auto recovery mechanisms to...

Страница 78: ...specially useful for a WISP to remotely manage deployed APs that are usually invisible from the Internet due to the employment of NAT for IP address space conservation A management server from the Int...

Страница 79: ...Choose whether the gateway communicates with the device wirelessly by WDS Wireless or by Ethernet Wired from the Interface drop down list 5 Select the corresponding check box next to the Device Name...

Страница 80: ...access gateway Security Mode Open System Selected WEP Key Key 1 WEP Key 1 00 00 00 00 00 WEP Key 2 00 00 00 00 00 WEP Key 3 00 00 00 00 00 WEP Key 4 00 00 00 00 00 MAC Address Based Access Control Di...

Страница 81: ...AT Server Functionality Enabled Virtual Server Mappings Disabled DMZ Host Not set Static NAT Mappings Not set DNS Proxy Static DNS Mappings Not set Filters Firewall Packet Filters Not set URL Filters...

Страница 82: ...s correspondent host For a client computer to communicate with a correspondent host on the Internet by the host s domain name e g http www wi fi com it first sends a DNS request to a DNS server on the...

Страница 83: ...less or wired installed on the client computer Use the OS provided command line network tool route exe to modify the contents of the routing table Use Windows provided Device Manager to disable unnece...

Страница 84: ...access gateway the default gateway of the WLAN hotspot access gateway may be really down or there are other communication problems on the network backbone Cannot access the Internet Solve the precedi...

Страница 85: ...gateway or un plug the power connector from the power jack and then re plug the connector to re start the WLAN hotspot access gateway Contact our technical support representatives to report this probl...

Страница 86: ...Null Modem cable 3 Select the serial port COM1 or COM2 you use for connecting the device from the Serial port drop down list and click Connect 4 Chose the folder in which the firmware files reside by...

Страница 87: ...ironmental Condition Speed and Distance Ranges 11 Mbps 5 5 Mbps 2 Mbps 1 Mbps Open Environment A line of sight environment with no interference or obstruc tions between Access Point and Users 160 m 52...

Отзывы:

Нет отзывов

Похожие инструкции для IWE1200A-G

Бренд: Patton electronics Страницы: 2

Voice Gateway H3C VG 10-10

Бренд: H3C Страницы: 31

SR6602-I AI Series

Бренд: H3C Страницы: 80

SR6602-I AI Series

Бренд: H3C Страницы: 33

SecPath M9000 Series

Бренд: H3C Страницы: 4

SecPath M9000 Series

Бренд: H3C Страницы: 15

MSR3610-I Series

Бренд: H3C Страницы: 5

SecPath M9000 Series

Бренд: H3C Страницы: 57

Бренд: ADTRAN Страницы: 2

Anybus Modbus-TCP/RTU Gateway

Бренд: HMS Страницы: 20

Serial GSM Gateway

Бренд: SmartSavy Страницы: 48

Бренд: Eaton Страницы: 2

Бренд: Pathway connectivity solutions Страницы: 14

Бренд: Pace Страницы: 19

Бренд: B meters Страницы: 29

easyconnect ec350

Бренд: Netbiter Страницы: 40

Бренд: BURG WATCHER Страницы: 21

Бренд: ABB Страницы: 45

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды