ICC Link Series страница 55 Скачать руководство пользователя

Страница: 55 / 125

Wireless Web Interface User’s Manual

•

Conﬁgured De-Authentication Requests Rate Test – enables or disables the de-authentication requests frame flood attacks
detection.

•

Maximum Authentication Failures Test – enables or disables detection of the maximum failed authentications.

•

Rogue Detected Trap Interval – identiﬁes the periodic rate that the AC sends a trap to detect rogue clients in the network.

•

Dynamic Blacklist Mode – enables or disables the dynamic blacklist function.

•

Dynamic Blacklist Life time – identiﬁes the length of time for the dynamic blacklist.

•

Client Threat Mitigation – enables or disables the known client protection function.

11.3 Known client

Open the

Known Client

conﬁguration page to conﬁgure the MAC authentication mode and add, delete, or modify the black and white list.

11.3.1 MAC authentication mode

Enter into the

Known Client->MAC Authentication

Mode

to choose the white or black list as the MAC authentication mode of known

client.

Select the MAC Authentication Mode as

Black-list

, and then click

Submit

Select the MAC Authentication Mode as

White-list

, and then click

Submit

Содержание Link Series

Страница 1: ...Access Control System Web User Guide Link1000ACS Link2000ACS Link Series Access Control System Web User Guide Link1000ACS Link2000ACS www intcomcorp com 2017 All rights reserved International Communic...

Страница 2: ...between different parts of their networks The examples used in this manual applies to both products ICC Networking s industry leading flexible unified Access Control System ACS platform with enhanced...

Страница 3: ...cts Contact information Phone 951 934 0531 E mail support intcomcorp com sales intcomcorp com ICONS This is the Link Series ACS Wireless Web Interface User s Manual It contains instructions to con gur...

Страница 4: ...nitions Table 0 2 Safety precautions Icon Description Before working on this equipment be aware of good safety practices and the hazards involved with electrical circuits To reduce risk of re hazard a...

Страница 5: ...n mode 16 4 4 AP validation method 16 4 5 Radius authentication server 17 4 6 Radius accounting mode 17 4 7 Radius accounting server 17 4 8 Client QoS global mode 17 4 9 Country code 18 4 10 Peer grou...

Страница 6: ...rce con guration 52 12 5 MAC portal con guration 53 12 6 Portal instance con guration 54 Chapter 13 Con guration push 56 13 1 Con guration push 56 13 2 Con guration push option 56 Chapter 14 AP image...

Страница 7: ...SNMP Authentication 95 21 2 2 SNMP management 99 21 2 3 Community managers 99 21 2 4 Con gure SNMP manager security IP 100 21 2 5 SNMP Statistics 101 21 3 SSH management 101 21 3 1 Switch on off SSH 1...

Страница 8: ...Web browser IE 8 9 10 11 Google Chrome Firefox Safari 1 1 2 The Link2000ACS management through Web To con gure the Link2000ACS locally the PC s and the Link2000ACS s IP addresses should be con gured...

Страница 9: ...Click View network status and tasks and then click Local Area Connection The Local Area Connection Status dialog box will appear as shown in Figure 1 2 Figure 1 2 Local area connection status Click P...

Страница 10: ...operties Step 3 Use PING command to ensure the connection status between the PC and the Link2000ACS Click Start and then type CMD in the text box Press ENTER to generate the Command Prompt window Type...

Страница 11: ...able the proxy server 1 In Internet Explorer select Tools and then select Internet Options to open the Internet Options window 2 Select Connections in the Internet Options window and then click LAN Se...

Страница 12: ...ame is admin and the password is admin click Login or press ENTER to open the Web Con guration page The figure is shown as follows 1 2 2 Web interface introduction Upon logging in the dashboard will a...

Страница 13: ...o retain the running configuration This saved configuration will be used by the Link2000ACS after a reboot Logout Click Logout to exit the current configuration session Users can check the connected c...

Страница 14: ...NMP Authentication SNMP Management Community Managers Con gure SNMP Manager Security IP SNMP Statistics SSH Management Switch on off SSH SSH Management Firmware Update TFTP Service FTP Service Telnet...

Страница 15: ...ge solution To properly access the advanced configuration options for a particular feature the feature must first be enabled by following the configuration steps for that feature as described in this...

Страница 16: ...ws The information in the gure is as follows Name the name of the Link2000ACS is Link2000ACS IP Address the wireless address of the Link2000ACS is 192 168 1 1 MAC Address the MAC address of the Link20...

Страница 17: ...at the AP belongs to Software Version version of AP Status AP s current management status Con guration Status AP s current con guration status Age AP keep alive age will only increment on AP failure C...

Страница 18: ...on is submitted to the Link2000ACS Note Fast Con guration is a simple way to perform initial con gurations on the Link2000ACS However using the Fast Con guration option will overwrite all previous con...

Страница 19: ...ion will be lost 3 3 Network con guration Network Con guration con gures the network used by AP The network con guration can con gure SSID and security settings for Network1 which are applied to the V...

Страница 20: ...con guration as WLAN Con guration Network Con g detailed in Chapter 5 Networks Select WEP IEEE802 1x to con gure it Example Type the Radius Group Name as radius Type the Authentication Host Address an...

Страница 21: ...hoose the WPA Enterprise button to enter into the con guration Example Type the Radius as radius Type the Authentication Host Address and Accounting Host Address as 192 168 1 100 Enter the Radius Serv...

Страница 22: ...all WLAN functions on the Link2000ACS will be disabled and WLAN service will be stopped Note Default setting is WLAN disable Fast Configuration will automatically update to WLAN enabled 4 2 Auto IP a...

Страница 23: ...an join the cluster when the Link2000ACS or the AP automatically connects MAC sets the MAC address authentication mode The AP database needs to be set manually and then the AP can join the Link2000ACS...

Страница 24: ...radius 4 6 Radius accounting mode Select the Radius Accounting Mode check box to enable the Radius accounting function 4 7 Radius accounting server Con gure the Radius Accounting Server by typing RAD...

Страница 25: ...reate a WLAN cluster and transmit information to each other The Link2000ACSs with different group IDs cannot communicate with each other The default peer group ID is 1 and the range is from 1 to 255 4...

Страница 26: ...ion Networks and choose a network For example modify the SSID of network 8 as wlan 5 2 Con gure authentication mode The network includes multiple authentication modes 5 2 1 Open authentication mode No...

Страница 27: ...ype as ASCII and the Length as 64 Type the WEP Key as 12345 The figure is as follows 5 2 3 WEP 802 1x WEP 802 1x sets the configuration as security mode wep dot1x This authentication mode needs the ra...

Страница 28: ...mode wpa enterprise It authenticates and accounts through the Radius server The cipher and WPA version in WPA enterprise are the same as in the cipher and WPA version in WPA personal However WPA ente...

Страница 29: ...ied Binding in this instance means tying a VLAN ID to a particular IP network This VLAN ID is the data VLAN that the client uses 5 4 MAC authentication Click MAC Authentication Mode to enable MAC auth...

Страница 30: ...ient QoS controls the client s rate and access through the network con guration There are three forms 1 Client QoS bandwidth limit up and down 2 Client QoS access control up and down 3 Client QoS Diff...

Страница 31: ...roup Management page The user can con gure each of the AP group items and submit them to the Link2000ACS 6 1 Add modify delete AP group The New and Modify links and the Delete button can con gure the...

Страница 32: ...is the default value which means that there is no corresponding AP Details of load balance template creation can be found in Chapter 14 In this example the load balance template is bound to Group2 6...

Страница 33: ...to be con gured can be selected here Switching the radio will cause any unsaved changes to be lost Submit changes before switching the radio Example Select the Enable check box and then select the Rad...

Страница 34: ...n select the network name Click Edit to con gure the network detailed in Chapter 5 Networks Click OK VAP Abbreviation for Virtual Access Point VAPs segment the wireless LAN into multiple broadcast dom...

Страница 35: ...rs are con gured as the default value Click OK Template The user can select Custom Factory Default or Voice EDCA parameters can only be configured when Custom is selected AP EDCA Parameters The user c...

Страница 36: ...elect Enable for the TSPEC Mode Select Enable for the Voice ACM Mode and Video ACM Mode Type the limit and timeout as the default values and click OK 6 2 Copy AP group Copying allows users to quickly...

Страница 37: ...con guration will be the same as AP group 2 6 3 Apply AP group Click Apply to the right of the AP group to send the con guration to the APs After con guring the AP group click OK Configurations will...

Страница 38: ...unting and authentication servers select the Radius Authentication Status check box to enable the Radius function This corresponds to the aaa enable command Select the Radius Accounting Status check b...

Страница 39: ...Server Port is 1812 To delete the server select it and then click Delete Prior to deleting the last authentication server the Radius Authentication Server must be disabled Click Submit to save the co...

Страница 40: ...ple Con gure two Radius groups of wlan1 and wlan2 Type the group names in the Radius Group Name text box and then click Add 7 1 5 Radius con guration Radius Con guration will bind the Radius server ad...

Страница 41: ...r attribute on the LDAP server User Object Type type of the LDAP server Authentication Mode simple and anonymous authentication simple authentication requires user name and password User Name the appo...

Страница 42: ...35 Wireless Web Interface User s Manual After con guring select Modify to modify the con gured LDAP server The user can also delete the con gured LDAP server by clicking Delete...

Страница 43: ...will be disabled 8 1 2 Add IP of L3 IP discovery Type the IP address in the Destination IP Address box and then click Add to add it into the discovery list 8 1 3 Delete IP address from L3 IP discover...

Страница 44: ...VLAN of L2 VLAN discovery Type the VLAN in the VLAN text box and then click Add to add it into the discovery list 8 2 3 Delete VLAN from L2 VLAN discovery list Select the VLAN that needs to be delete...

Страница 45: ...e certi cate needed to authenticate will be transmitted in the cluster automatically which will allow provisioning to begin Example Click Modify and type the new Primary IP Address and the new Backup...

Страница 46: ...ve the certi cate transit among the Link2000ACSs Example 1 Select AC Provisioning and click Submit to enable this function 2 Type 192 168 100 1 the IP address of the Link2000ACS to be added to the clu...

Страница 47: ...e cluster by issuing the X 509 certi cate Example 1 Select the Mutual Authentication Mode check box and then click Submit to enable this mode Click Refresh to view the status of the last network mutua...

Страница 48: ...the one central location or Network Operations Center and communicate with icXchange access points in remote locations The icXchange solution essentially virtualizes the Internet cloud as a direct li...

Страница 49: ...ss point NAT configuration Configure the icXchange Access Point in Fit mode by selecting Advanced Configuration AP Mode and choosing Mode Fit Under Configure Managed AP Administrative Mode enter the g...

Страница 50: ...S s default controller IP address it is not necessary to perform the port opening configuration There is no NAT firewall gateway and or Virtual Server present between the Link2000ACS and the Internet...

Страница 51: ...c route configuration Example In this example the next hop IP address 192 168 1 2 is used based on the controller IP address of 192 168 1 1 Type 0 0 0 0 in the Destination IP address field 0 0 0 0 in...

Страница 52: ...WIDS Security to open the WIDS Security page which includes three modules WIDS AP Configuration WIDS Client Configuration and Known Client Every module occupies one rectangular box and they can be use...

Страница 53: ...e AP with unexpected con guration Unmanaged AP detected on wired network enables or disables detection of unmanaged AP accessing the wired network Wired Network Detection interval seconds con gures th...

Страница 54: ...sables the OUI detection OUI Database Mode Identifies OUI database mode Not Present in Known Client Database Test enables or disables the detection of a known client Known Client Database Lookup Metho...

Страница 55: ...namic blacklist function Dynamic Blacklist Life time identifies the length of time for the dynamic blacklist Client Threat Mitigation enables or disables the known client protection function 11 3 Know...

Страница 56: ...he client will be granted or denied authentication regardless of black list or white list mode Only when the action is con gured as Global Action will the MAC authentication mode be effective It will...

Страница 57: ...aptive Portal Con guration page The parameters of portal access authentication can be con gured 12 1 Global con guration Select the Enable check box to enable the captive portal function globally Clea...

Страница 58: ...Key Server Name the name of the appointed portal server IP Address the portal server s IP address Port the port that is monitored when the portal server receives the packet must be con gured accordin...

Страница 59: ...ws a speci c client to access the speci c network resource without portal authentication Free Resource ID free resource rule number ranges from 1 to 32 Source IP Mask Length source IP address eld in t...

Страница 60: ...is used for special users in the network The administrator can con gure some users to let them connect to the network without portal authentiction Only the MAC authentication is needed to access all...

Страница 61: ...ng Server Group Name appoints the Radius accounting server to be used Radius Accounting Update Interval secs con gures the updating interval of the Radius accounting IPv4 Portal Server appoints the IP...

Страница 62: ...ault value is 0 which means that there is no byte limit Listen Packet Port con gures the port that is listened to when portal server receives the packet Example 1 Click Add and type the Instance ID an...

Страница 63: ...IP address of the Link2000ACSs in the cluster One Link2000ACS can be selected to run the Con guration Push clicking All Push can update all ACs in the current cluster IP Address is for the peer switch...

Страница 64: ...57 Wireless Web Interface User s Manual After opening the Con guration Push Option select Enable or Disable for each option Click Submit and the con guration will be saved...

Страница 65: ...n guration the controller loads an AP firmware version file directly to single or multiple APs to perform firmware updates 1 Click The Table for AP Hardware Type Supported by Image Type link to determ...

Страница 66: ...ick Add to start the AP image URL Configuration The following page will generate Select an image type from the AP Image Type drop down list From the Server Type drop down list select FTP or TFTP The f...

Страница 67: ...s configuration The following figure shows the TFTP con guration Con gure the Server Address and File Name If the le is in the server root directory it cannot be typed If it is not in the root directo...

Страница 68: ...e drop down list includes none 1 5 and all images Image type will default to all images by clicking the Submit button none will upgrade only one AP all images will upgrade all types of images other op...

Страница 69: ...62 Wireless Web Interface User s Manual When the upgrade is complete the following window will appear...

Страница 70: ...revious figure Session mode displays the allowed client association based on the number of associated users Traffic mode displays the allowed client association based on the maximum bandwidth utilizat...

Страница 71: ...bound to the load balance and then click Modify Scroll down to Load Balance Template and select the template ID created previously from the drop down list Click Save to save the modi cation After modi...

Страница 72: ...r to con gure the Centralized L2 Tunnel Con guration 16 1 Centralized L2 tunnel con guration 16 1 1 VLAN con g Add the data VLAN into the centralized tunnel through VLAN Con g to achieve the centraliz...

Страница 73: ...st first exist in the centralized VLAN and then it can be created and added From the Station Isolation VLAN drop down list select Add Remove or Delete All Add the VLAN must have been in the centralize...

Страница 74: ...MM DD 17 1 Network time limit con guration Select the Network ID from the drop down list to con gure the time limit policy under the network to be accessed and con gure the Start Time and End Time of...

Страница 75: ...access in this time When con guring the UTC policy the user can select Up or Down for the radio status allowing the radio to be enabled or disabled Example Con gure radio 21 under pro le 1 to disable...

Страница 76: ...r OUI 18 1 Add OUI Click WLAN Con guration WLAN Advanced Con guration OUI to type the OUI Value its format is xx xx xx Type the OUI Description and then click Add 18 2 Delete OUI Click WLAN Con gurati...

Страница 77: ...e Management SNMP Con guration SNMP Management page select Open for the SNMP Agent state and then click Apply to enable the SNMP management on off 19 1 1 Wireless global traps On the SNMP Trap Con gur...

Страница 78: ...e drop down menu to enable disable the wireless syslog After con guring click Submit to save the con guration Users can view the con gured wireless syslog on the syslog server 19 2 2 Captive portal sy...

Страница 79: ...ce User s Manual Chapter 20 Monitor Click Monitor to view and monitor the AC AP Wireless Client and RF Scan 20 1 AC Click Monitor Link2000ACS to open the Link2000ACS Monitor page to monitor the cluste...

Страница 80: ...ick Monitor Link2000ACS to open the Link2000ACS Monitor page to view the cluster information including the Link2000ACS Operational Status Cluster Controller Basic Information Global Statistics Distrib...

Страница 81: ...luster Controller displays Yes or No Yes indicates that the local Link2000ACS is the cluster controller No indicates that it is not the cluster controller Cluster Controller IP Address the wireless ad...

Страница 82: ...00ACS is shown as follows 20 1 1 5 Distributed tunnel statistics The Distributed Tunnel Statistics of the local Link2000ACS is shown as follows 20 1 1 6 TSPEC status The TSPEC Status of the Link2000AC...

Страница 83: ...stics Use the drop down box to access clustered ACs Infomation includes basic AC information AC statistics TSPEC status and TSPEC statistics It can monitor the Link2000ACS status 20 1 2 1 AC selection...

Страница 84: ...AP Connection Failed AP Maximum Managed AP Total Clients Cluster Priority AP Image Download Mode WLAN Utilization etc as shown in the following figure 20 1 2 3 AC statistics AC Statistics are shown a...

Страница 85: ...user can delete the failed managed AP 20 2 1 Basic AP information Basic AP Information includes MAC Address Peer Managed Location IP Address AP Group Software Version Status Con guration Status and A...

Страница 86: ...the AP Detail page 20 2 2 1 Managed AP status From the Managed AP MAC Address list select the MAC address and view the corresponding AP status detail The Managed AP Status includes IP Address Managing...

Страница 87: ...annel Indicator Fixed Power Indicator Manual Channel Adjustment Status Manual Power Adjustment Status WLAN Utilization Total Neighbors TSPEC Status etc Select either 1 off for Radio 1 or 2 802 11a n f...

Страница 88: ...cted AP MAC SSID SSID of AP network RSSI received signal strength indication of AP Status includes Managed Standalone fat AP Unknown and Rogue Age how long in terms of days hours minutes and seconds t...

Страница 89: ...iation AP terminal 20 2 3 Failure AP list The Failure AP List shows the failed authentication AP details If the Link2000ACS is the cluster controller the failed authentication AP information of the ot...

Страница 90: ...MAC address with asterisk is the address of the associated client on the peer switch Detected IP Address the IP address of the client NETBIOS Name the name of the client under the NETBIOS protocol SSI...

Страница 91: ...isassociated click Disassociate and then click Refresh This client will be disassociated Note The disassociated client may become associated again automatically 20 3 2 Associated client detail Click V...

Страница 92: ...P associated with itself but did not scan the other AP 20 3 3 Detected client list The Detected Client List includes the client associated with AP and the scanned client The detected client list is as...

Страница 93: ...status Select the client in the MAC Address drop down list to view Detected Client Status If this client is rogue click Acknowledge to clear this client 20 3 4 2 WIDS client s rogue classi cation For...

Страница 94: ...story If the detected client has the authentication history it displays the information as follows 20 3 4 4 Detected client s triangulation The client s approximate location can be detected by the acc...

Страница 95: ...cally to the associated AC MAC Address the MAC address of the scanned AP SSID the network SSID sent by the scanned AP Physical Mode the detected radio mode of the scanned AP Channel the detecte channe...

Страница 96: ...1n Mode the current transmission mode of the AP Initial Status the status when the access point was initially detected Beacon Interval the current beacon interval assigned in the AP configuration Tran...

Страница 97: ...4 2 3 WIDS AP rogue classi cation The scanned AP can determine if the AP is rogue AP through WIDS The Rogue Classi cation is as follows If the scanned AP con rms any of the items it will determine tha...

Страница 98: ...aving the current configuration 21 1 1 Login user con guration Click Management Switch basic con guration Login user con guration to add or delete the user information Example Con gure a user with a N...

Страница 99: ...authentication server for authentication There is no need to authenticate in console method as default the Authentication methods of VTY and Web are Local authentication by default Example Con gure a...

Страница 100: ...ng from a security IP address can log in to the switch for con guration Up to 32 security IP addresses can be configured Example Type 192 168 1 21 as the Security IP address and click Apply to complet...

Страница 101: ...on guration Example Type the Switch Name as Switch and click Apply to configure a switch name Operation Configuration or Default 21 1 5 Save current running con guration Click Management Switch Basic...

Страница 102: ...start the switch to factory default 21 2 SNMP con guration Click Management SNMP Con guration to con gure the SNMP function Note Prior to configuration SNMP must be enabled Con gure the SNMP managemen...

Страница 103: ...password of the current user range is from 8 to 32 characters Privacy protocol uses the DES for packet privacy This can only be con gured when the security level is selected as AuthPriv Privacy Passwo...

Страница 104: ...authentication but no privacy AuthPriv is authentication and privacy Read SNMP view con gures the SNMP view community name with read permission Write SNMP view con gures the SNMP view community name...

Страница 105: ...des Add or Delete Example Type the SNMP view as max and the OID as 1 3 6 1 4 1 41721 2 2 1 Select the type as Include and the Operation as Add Click Apply 21 2 1 4 SNMP engineid con guration Click Man...

Страница 106: ...h Trap State open or close the function that the device receives the Trap information SecurityIP State open or close the security IP address checking function of the NMS management station 21 2 3 Comm...

Страница 107: ...l If version is equal to 3 noAuthNoPriv authNoPriv or authPriv Operation Add or Remove Example Type the Trap receiver as 192 168 1 100 Community string as trap Click Apply to complete the con guration...

Страница 108: ...root certificates These certificates serve as trusted third parties and work instantly to provide seamless usability The icXchange solution accepts root SSL certificates from all browsers for a secur...

Страница 109: ...guring Select Switch on off SSH as Open and then click Apply 21 3 1 Switch on off SSH Click Management SSH management Switch on off SSH to open or close the SSH function 21 3 2 SSH management Click Ma...

Страница 110: ...econds SSH reauthentication management con gures SSH reauthentication management the range is from 1 to 10 and the default value is 3 SSH RSA key the algorithm for the host key the range is from 768 t...

Страница 111: ...Manual 1 TFTP service includes TFTP client service con gures the TFTP client TFTP server service con gures the TFTP server 2 FTP service includes FTP client service con gures the FTP client FTP server...

Страница 112: ...ource le name the range is from 1 to 100 characters Operation type includes Upload and Download Transmission type ascii uses ASCII to transmit the le binary uses binary to transmit the le Click Apply...

Страница 113: ...ice Click Manage Firmware update TFTP service TFTP server service to open the con guration page TFTP server state the server state includes Open and Close TFTP timeout the timeout TFTP retransmit time...

Страница 114: ...0 characters Local le name destination le name range is from 1 to 100 characters Server le name source le name range is from 1 to 100 characters Operation type includes Upload and Download Transmissio...

Страница 115: ...follows User name the user name range is from 1 to 32 characters Password the appointed password range is from 1 to 16 characters State the password showing includes plain text and encrypted text The...

Страница 116: ...ent Telnet server con guration Telnet server state to con gure Example Select the Telnet server state as Open and then click Apply to start the Telnet server 21 5 2 Max numbers of telnet access connec...

Страница 117: ...the current running status show memory usage the memory usage information under the current running status show ash the flash le information show running con guration the current parameters con gurat...

Страница 118: ...guration PING and traceroute 1 Basic con guration con gures the mapping between the switch and the IP address Example Type the Host name as AC and the IP address as 192 168 1 1 Select Operation Add an...

Страница 119: ...ut 21 6 2 Others The other con gurations in the Maintenance and Debugging Command are simpler Users can click the con guration tab to retrieve the corresponding information they will not be listed one...

Страница 120: ...113 Wireless Web Interface User s Manual 4 Show the flash le as follows...

Страница 121: ...di cations will invalidate ICC s warranty and all applicable regulatory certi cations and approvals Only antennas speci ed for your region by ICC can be used with this product The use of external ampl...

Страница 122: ...h the receiver is connected Consult the dealer or an experienced radio TV technician for help The user may nd the following booklet prepared by the Federal Communications Commission helpful The Interf...

Страница 123: ...nce notice This device has been tested and certi ed according to the following safety standards and is intended for use only in information technology equipment which has been tested to these or other...

Страница 124: ...sible for these items if they are returned to ICC with the product Prior to returning any defective product Customers must contact ICC for a Return Material Authorization number RMA Proof of the origi...

Страница 125: ...a registered trademark of Apple Inc Windows Windows Server 2003 Windows Vista and Microsoft Internet Explorer are registered trademarks of Microsoft Cisco is a registered trademark of Cisco Inc IBM i...

Результаты поиска

Содержание Link Series

Отзывы:

Похожие инструкции для Link Series

Бренды по названию

Популярные бренды

ICC Link Series, Руководство пользователя для веб

Результаты поиска

Содержание Link Series

Отзывы:

Похожие инструкции для Link Series

Бренды по названию

Популярные бренды