Lancom WLC-4006 Скачать руководство пользователя страница 120 | Manualshive

Страница: 120 / 148

Lancom WLC-4006 Скачать руководство пользователя страница 120

LANCOM WLC series

Chapter 5: Security settings

119

EN

LEPS can be used locally in the device and can also be centrally managed with
the help of a RADIUS server, and it works with all WLAN client adapters cur-
rently available on the market without modification. Full compatibility to
third-party products is assured as LEPS only involves configuration in the
access point.

5.1.4

Access control by MAC address

Every network device has a unique identification number. This identification
number is known as the MAC address (

M

edia

A

ccess

C

ontrol) and it is unique

worldwide.

The MAC address is programmed into the hardware. Wireless LAN devices
from LANCOM Systems display their MAC number on the housing.

Access to an infrastructure network can be limited to certain wireless LAN
devices by defining MAC addresses. The WLAN controllers have a filter list
(ACL – access control list) for storing authorized MAC addresses.

5.1.5

IPSec over WLAN

With the help of the IPSec-over-WLAN technology in addition to the security
measures described already, a wireless network for the exchange of especially
sensitive data can be optimally secured. Generally speaking this requires an
external VPN gateway and the LANCOM Advanced VPN Client (for Windows
2000, XP and Vista™). The LANCOM WLAN Controller itself provides only a
small number of VPN tunnels, such as those used for site-to-site connectivity.
Client software from third parties is available for other operating systems.

5.2

Tips for the proper treatment of keys and pass-
phrases

By observing a few vital rules on the treatment of keys you can significantly
increase the security of encryption techniques.

Keep your keys as secret as possible.

Never write down a key. Popular but completely unsuitable are, for exam-
ple: Notebooks, wallets and text files on the computer. Do not pass on a
key unless it is absolutely necessary.

Choose a random key.

Use long random strings that combine letters and numbers (at least 32 to
a maximum of 63 characters). Keys that are normal words are not secure.

«
...
118
119
120
121
122
...
»

Содержание WLC-4006

Страница 1: ...LANCOM WLC 4006 LANCOM WLC 4025 LANCOM WLC 4100 c o n n e c t i n g y o u r b u s i n e s s...

Страница 2: ...LANCOM WLC 4006 LANCOM WLC 4025 LANCOM WLC 4100...

Страница 3: ...trademarks of Microsoft Corp The LANCOM Systems logo LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH All other names or descriptions used may be trademarks or registered trad...

Страница 4: ...Even remote sites can be seamlessly integrated any IP connection will do Smaller sites also benefit from the RADIUS EAP server integrated into the LANCOM WLAN Controller At the same time the LANCOM WL...

Страница 5: ...also to download our latest software versions Components of the documentation The documentation of your device consists of the following parts Installation Guide User manual Reference manual Menu Refe...

Страница 6: ...se do not hesitate to send an e mail directly to info lancom eu Our online services www lancom eu are available to you around the clock if you have any questions on the content in this manual or if yo...

Страница 7: ...2 2 System requirements 20 2 2 1 Configuring the LANCOM devices 20 2 2 2 Operating access points in managed mode 21 2 3 Status displays and interfaces 21 2 3 1 Status displays 22 2 3 2 Device connecto...

Страница 8: ...ple configurations 78 4 3 1 Accepting new Access Points into the WLAN infrastruc ture manually 78 4 3 2 Deactivating Access Points or permanently removing them from the WLAN infrastructure 80 4 3 3 Ba...

Страница 9: ...zard 126 6 1 1 Instructions for LANconfig 126 6 1 2 Instructions for WEBconfig 127 7 Connecting two networks 128 7 1 Which details are necessary 128 7 1 1 General information 128 7 1 2 Settings for th...

Страница 10: ...Appendix 140 9 1 Performance and characteristics 140 9 2 Connector wiring 141 9 2 1 Ethernet interface 10 100 1000Base TX DSL interface 141 9 2 2 Configuration interface outband 141 9 3 CE declaration...

Страница 11: ...ch will result in inconsistent configurations Combined utilization of the shared communications medium air requires effective coordination of the Access Points to avoid frequency interference and opti...

Страница 12: ...such as UDP DTLS therefore combines the advantages of the high security provided by TLS with the fast transfer via UDP This also makes DTLS suitable for the transfer of VoIP packets unlike TLS because...

Страница 13: ...ty At the same time infrastructure of this type prevents the WLAN Controller which has to process large portions of the overall data traf fic from becoming a central bottleneck In remote MAC and split...

Страница 14: ...TTP for SCEP Communication between an Access Point and the WLAN Controller is always initiated by the Access Point In the following cases the devices search for a WLAN Controller that can assign a con...

Страница 15: ...hat a DNS server can resolve this name to a LANCOM WLAN Controller The same applies to the DNS suffixes learned via DHCP In this way a DNS server can automatically suffix the controller s standard nam...

Страница 16: ...otected by a one time only challenge password The Access Point uses this certificate for authentication at the WLAN Controller to collect the certificate Authentication and configuration can both be c...

Страница 17: ...the remote locations 1 2 5 Split management LANCOM Access Points can locate your WLAN Controller in remote net works a simple IP connection such as via a VPN path is all that you need As the WLAN Con...

Страница 18: ...operations for continued operation even when the connec tion to the WLAN Controller is interrupted Advanced routing and forwarding ARF with customized DHCP DNS routing firewall and VPN functions for t...

Страница 19: ...necting an SDSL modem 1 Individual Gigabit Ethernet LAN ports auto crossover individually switch able for example as LAN or DMZ ports Alternatively switchable as a WAN interface for connecting an ext...

Страница 20: ...et or equivalent terminal programs SNMP interface and TFTP server function Serial configuration interface FirmSafe for no risk firmware updates Optional software extensions LANCOM WLC PSPOT Option for...

Страница 21: ...ing be missing please take up immediate contact to your dealer or to the address on the delivery note supplied with your device 2 2 System requirements 2 2 1 Configuring the LANCOM devices Computers t...

Страница 22: ...usted locally for example in a branch office or home office installa tion and the WLAN configuration is regulated by a LANCOM WLAN Controller at the main office 2 3 Status displays and interfaces Mean...

Страница 23: ...The two top mounted LEDs enable the main function status to be assessed even if the device is positioned vertically Power This LED provides information on the device s operating state Power Fan COM WL...

Страница 24: ...he hardware this LED is complemented by an acoustic signal If the fan is blocked or the CPU temperature exceeds 60 a pulsed acoustic signal is emitted COM Connection status of the serial configuration...

Страница 25: ...Internal CA status Red On permanently The LANCOM WLAN Controller is not yet operational one of the following elements is missing Root certificate Device certificate Current time Red blinking The devic...

Страница 26: ...authenticated Access Points Number of expected Access Points actively configured Number of new discovered and as yet unauthenticated Access Points Number of unfound expected Access Points If the WLAN...

Страница 27: ...number for the DTLS encryption Red Blinking At least one of the expected Access Points is missing Green orange Blinking At least one new Access Point Green On permanently At least one active access po...

Страница 28: ...tion cable ETH 1 to 4 Ethernet sockets 10 100 1000Base Tx for connection to the LAN 10 Mbit 100 Mbit or 1000 Mbit connections are supported The available transfer rate is detected automatically autose...

Страница 29: ...s conse quently a risk that the configuration will be deleted by mistake if a co worker presses the reset button too long You can define the behavior of the reset but ton with a setting in WEBconfig L...

Страница 30: ...nnot be directly accessed via the WLAN interface 2 4 Hardware installation Installing the LANCOM WLAN Controller involves the following steps LANCOM WLC 4025 LANCOM WLC 4100 Mounting The device is des...

Страница 31: ...twork devices to the LAN interfaces Configuration interface optionally the LANCOM WLAN Controller can be connected directly to the serial interface RS 232 V 24 of a PC Use the connection cable supplie...

Страница 32: ...h LANmonitor you can use a Windows computer to monitor all of your LANCOM devices WLANmonitor enables the observation and surveillance of wireless LAN networks Clients connected to the access points a...

Страница 33: ...place computers in the LAN so that they can access the device without prob lem 3 1 Details you will need The Basic Settings Wizard is used to set the WLAN Controllers basic TCP IP parameters and to pr...

Страница 34: ...n is optional Instead of this you can select manual configuration Make this selection after considering the following Select automatic configuration if you are not familiar with networks and IP addres...

Страница 35: ...ification The device s configuration contains a great deal of sensitive data such as data for Internet access and should be protected by a password in all cases Multiple administrators can be set up i...

Страница 36: ...to the configura tion Entries are case sensitive and should be at least 6 characters long You also define whether the device can be configured from the local net work only or if remote configuration...

Страница 37: ...device Device behavior and accessibility for configuration via a Web browser depend on whether the DHCP server and DNS server are active in the LAN already and whether these two server processes shar...

Страница 38: ...the factory settings and an activated DHCP server the device for wards all incoming DNS requests to the internal Web server This means that a connection can easily be made to set set up an uncon figur...

Страница 39: ...vice If there is no DNS server in the LAN or if it is not coupled to the DHCP server the device cannot be reached via the name In this case the follow ing options remain Under LANconfig use the functi...

Страница 40: ...iguration of the most common device settings Select the Wizard and enter the appropriate data on the fol lowing screens The settings are not stored in the device until inputs are confirmed on the last...

Страница 41: ...Also all of these computers must know the IP addresses of two central stations in the LAN Standard gateway receives all packets which are not addressed to com puters in the local network DNS server tr...

Страница 42: ...the LAN as the standard gateway The DHCP server should also communicate that the LANCOM is the DNS server Manual IP address assignment If IP addresses in a network are statically assigned then the IP...

Страница 43: ...operating mode for WLAN modules are to be found under Configuring the Access Points page 115 4 1 Basic configuration of the LANCOM WLAN Controller To get started a LANCOM WLAN Controller requires the...

Страница 44: ...t begins with the generation of the certificates root and device certificate and it determines a random number Once the necessary certificates have been generated the LANCOM WLAN Controller indicates...

Страница 45: ...be entered into the AP table or Automatically provide APs with a default configuration has to be activated Automatic provision of the default configuration This enables the WLAN Controller to assign...

Страница 46: ...cable Deactivate the MAC check Instructions on the use of MAC filter lists in managed WLAN infrastructures can be found under Checking WLAN clients with RADIUS MAC filter page 106 A new entry also has...

Страница 47: ...LANCOM WLC series Chapter 4 Configuring the WLAN Controller 46 EN Create a new WLAN profile give it an unique name and assign the above logical WLAN network and physical WLAN parameters to it...

Страница 48: ...ary values for the WLAN Controller to provide theAccess Points with the required WLAN parameters Upon assignment of the configuration the Access Points change their status in the WLAN Controller manag...

Страница 49: ...tes 4 2 Extended settings Most of the parameters for configuring the LANCOM WLAN Controller corre spond with those of the Access Points For this reason this documentation does not explicitly describe...

Страница 50: ...c provision of the default configuration This enables the WLAN Controller to assign a default configuration to every new Access Point if no explicit configuration has been stored for it In combination...

Страница 51: ...re the logical WLAN networks are set for assignment to the Access Points The following parameters can be defined for each logical WLAN network Combining the settings for auto accept and default config...

Страница 52: ...iles Logical WLAN networks WEBconfig LCOS menu tree Setup WLAN management AP configu ration Network profiles Name Name of the logical WLAN network under which the settings are saved This name is only...

Страница 53: ...1 to 4096 Default 0 Special values 1 Logical wireless LAN works untagged no VLAN tag 2 to 4096 Logical wireless LAN uses the VLAN with the specified ID assuming that the management VLAN ID is not equ...

Страница 54: ...ontroller is temporarily interrupted Furthermore this represents an effective measure against data theft as all security rela ted configuration parameters are automatically deleted after this time has...

Страница 55: ...rameters For normal access point applications you should use only the 5 GHz subbands 1 and 2 Subband 3 is for special applications only e g BFWA Broadband Fixed Wireless Access LANconfig WLAN Controll...

Страница 56: ...makes use of the country setting defined in the Options area Automatic channel selection As standard the Access Points can use all of the channels permitted in the country of operation To limit the s...

Страница 57: ...ration of Access Points WLAN profiles WLAN profiles are collections of the various settings that are to be assigned to the Access Points The allocation of WLAN profiles to the Access Points is set in...

Страница 58: ...t logical WLAN networks Physical WLAN parameters A set of physical parameters that the Access Point WLAN modules are supposed to work with Possible values Selection from the list of physical WLAN netw...

Страница 59: ...ot retrieve an IP address by means of DHCP This allows you to define pre cisely the IP parameters to be used by an Access Point LANconfig WLAN Controller AP config IP parameter profiles WEBconfig LCOS...

Страница 60: ...me System to be used by the profile Possible values Valid IP address Default Blank DNS backup Second alternative DNS if the first is unavailable Possible values Valid IP address Default Blank List of...

Страница 61: ...s Point LANconfig WLAN Controller AP config Access point table WEBconfig LCOS menu tree Setup WLAN management AP configu ration Access points Update management active Activating update management for...

Страница 62: ...tomatic provision of the default configuration page 49 Default Blank AP name Name of the Access Point in managed mode Possible values Maximum 16 ASCII characters Default Blank Location Location of the...

Страница 63: ...ection by the first WLAN module If just one channel is defined here then this channel only will be used and no automatic selection takes place For this reason you should ensure that the channels enter...

Страница 64: ...ethod defined in the Options area Double bandwidth LANCOM Access Points compliant with IEEE 802 11n optionally offer the activation of double the bandwidth A wireless LAN module normally uses a freque...

Страница 65: ...d antenna port is deactivated 1 For applications with only one antenna for example an outdoor application with just one antenna the antenna is connected to port 1 and ports 2 and 3 are deactivated Aut...

Страница 66: ...f the Access Point is not running the desired firmware version then the WLAN Controller downloads the file from the Web server and uploads it to the appropriate Access Points The configuration of firm...

Страница 67: ...gement Firmware URL The path to the directory with the firmware files Possible values URL in the form Server Directory or http Server Direc tory Default Blank Simultaneously loaded FW The number of fi...

Страница 68: ...Blank If the list of IP networks or loopback addresses contains an entry named INT or DMZ the associated IP address of the IP network or the loopback address named INT or DMZ is used Firmware managem...

Страница 69: ...ttings for script management Script URL The path to the directory with the script files Possible values URL in the form Server Directory or http Server Direc tory Default Blank Script sender IP addres...

Страница 70: ...WLC configuration also use the same script As only one script file can be defined per WLAN profile versioning is not pos sible here However when distributing a script to an Access Point an MD5 checksu...

Страница 71: ...are Update Firmware and Script Infor mation The internal scripts can be referenced from the script management table using the relevant names WLC_Script_1 lcs WLC_Script_2 lcs or WLC_Script_3 lcs Pleas...

Страница 72: ...ntroller Stations Stations WEBconfig LCOS menu tree Setup WLAN management Access list MAC address MAC address of the WLAN client for this entry Possible values Valid MAC address Default Blank Name You...

Страница 73: ...n logging in The Access Point uses these values to set the minimum bandwidth Possible values 0 to 65535 kbps Default 0 Special values 0 No limit RX bandwidth limit Bandwidth restriction for registerin...

Страница 74: ...res that the RADIUS application continues to function even if the WLAN Controller is unavailable However the settings for each individual access point must be entered into the RADIUS server and the ma...

Страница 75: ...the controller itself will be used as the RADIUS server Possible values Valid port number generally 1812 for access management and 1813 for account management Default 0 Secret Password for the RADIUS...

Страница 76: ...WLAN management Notification SYSLOG Activates notification by SYSLOG Possible values On or off Default Off E mail Activates notification by e mail Possible values On or off Default Off Events Selects...

Страница 77: ...of the first WLAN module This parameter can also be used to deactivate the WLAN module WLAN interface 2 Frequency of the second WLAN module This parameter can also be used to deactivate the WLAN modul...

Страница 78: ...e clients Select the entry from which the values are to be inherited and mark the values for inheritance Parameters inherited in this way are displayed in the configuration dialog in gray and they can...

Страница 79: ...nts into the WLAN infrastructure auto matically auto accept Automatically accept new APs Auto accept you can accept Access Points manually Accepting Access Point via LANmonitor It is very easy to acce...

Страница 80: ...ig Under LCOS menu tree Setup WLAN management select the action Accept AP When requested for additional arguments enter the MAC address of the Access Point to be accepted and confirm with Execute Acce...

Страница 81: ...ccepted Access Point is briefly signaled as a Lost AP by the red Lost AP LED in the device s display and in LANmonitor until assignment of the certificate is completed A number of administrator accoun...

Страница 82: ...n requested for additional arguments enter the ethernet MAC address of the Access Point to be disconnected and confirm with Execute Deactivating an Access Point To deactivate an Access Point set its c...

Страница 83: ...by changing to Status Certificates SCEP CA Certificates and accessing the Certificate status table Here you delete the certificate for the MAC address of the Access Points which are to be removed fro...

Страница 84: ...A CA certificates Select the command Create PKCS12 backup files and enter the pass phrase for the PKCS12 container as the additional argument This command backs up the certificates and private keys to...

Страница 85: ...er the other PKCS12 container with CA backup PKCS12 container with RA backup For each upload enter the file name storage location and the passphrase that was defined when the backup file was created C...

Страница 86: ...d in addition to the certifi cates themselves SCEP CA certificate list List of all certificates ever issued by the SCEP CA SCEP CA serial number Contains the next available serial number for the next...

Страница 87: ...which reason the organization of a backup solution in case of temporary WLAN Controller failure is in many cases indispensable In case of a backup event a managed Access Point should connect to an alt...

Страница 88: ...LANconfig In this configuration file assign an appro priate IP address for the backup controller Transfer this modified configuration to the backup controller The pro files and the AP tables with the...

Страница 89: ...ntroller until this itself becomes unavailable or is man ually disconnected Disconnect Access Point page 112 If the Access Points are set up for standalone operation Self suffi cient operation page 52...

Страница 90: ...st Message to find any available WLAN Controllers From the available WLAN Controllers the Access Point selects the one with the lowest load i e that with the lowest ratio of managed Access Points to t...

Страница 91: ...tables with the Access Point MAC addresses are transferred to the new controller at the same time Switch the former controller off The access points now search for an avail able controller They find t...

Страница 92: ...n check the access rights of the WLAN clients It can also use the MAC address or user names when using 802 1x to assign a certain VLAN ID for example for a certain department The WLAN client in Mar ke...

Страница 93: ...operate authentication via 802 1x and MAC address checks The WLAN Controller automatically defines itself as the RADIUS server in the Access Points that it is managing all RADIUS requests sent to the...

Страница 94: ...y companies wish to offer Internet access to their visitors via WLAN In larger installations the required settings apply to multiple access points and these can be programmed centrally in the WLAN Con...

Страница 95: ...ith the physical WLAN settings are assigned to the access points managed by the controller Create a logical WLAN for guests and one for the internal employees The WLAN with the SSID GUESTS uses the VL...

Страница 96: ...N ID is set to 1 which serves to activate the VLAN function but without a separate management VLAN for the device the management data traffic is transmitted untagged Create a WLAN profile to be assign...

Страница 97: ...uring the WLAN Controller 96 EN Assign this WLAN profile to the access points managed by the controller Do this either by entering the individual access points with their MAC addresses or alternativel...

Страница 98: ...signment of VLAN tags To differentiate between the VLANs in the switch two groups are used The internal network for the employees is mapped to the default group and a dedicated group is set up for the...

Страница 99: ...d only for the ports connected to the WLAN controller and access points ports 10 to 16 in our example Tags are not removed from outgoing data packets The port VLAN ID PVID is set to 1 for all ports to...

Страница 100: ...ntranet to the address 192 168 1 1 This IP network uses the VLAN ID 0 This assigns all untagged data packets to this network the VLAN module in the con troller itself must be activated for this The in...

Страница 101: ...e WLAN Controller 100 EN For both IP networks an entry is created in the DHCP networks to perma nently activate the DHCP server With these settings the WLAN clients of the internal employees and guest...

Страница 102: ...Public Spot access The Public Spot allows you to provide a strictly controlled point of access to your wireless LAN User authentication is handled by a Web interface If desired access can be subject...

Страница 103: ...kets for Public Spot users are restricted to this virtual LAN Other data packets from other VLANs will be forwarded without a Public Spot login Note that access to WEBconfig via the Public Spot inter...

Страница 104: ...In LCOS versions prior to 7 70 Public Spot access accounts were defined by entering users into into the Public Spot module s user list by using the Wizard As of LCOS version 7 70 the Wizard no longer...

Страница 105: ...counts to be authenticated by the LANCOM s internal RADIUS server the Public Spot must know the address of the RADIUS server To ensure that this is the case create a new entry to define the internal R...

Страница 106: ...e guest network with Internet access the wizards can be used to create access to the provider network In order for this access to be available to users of the guest network only the corresponding rout...

Страница 107: ...nal RADIUS server can be used as can the internal user table in the LANCOM WLAN Controller In LANconfig enter the approved MAC addresses into the RADIUS database in the configuration section RADIUS se...

Страница 108: ...ssary if you are operating an external RADIUS server in addition to the Public Spot in the LANCOM A Public Spot providing guest access accounts requires the following settings Authentication requests...

Страница 109: ...lows different RADIUS servers to be targeted with requests The way in which the LANCOM s RADIUS server makes decisions for the two requests is shown in the diagram Because the user names for guest acc...

Страница 110: ...rent manners in which internal users and guests are processed In the Public Spot adapt the pattern of user names such that a unique realm can be suffixed For example the pattern GUEST n PSpot gen erat...

Страница 111: ...g COMPANY EU This realm is attached to all user names which request authentication from the WLAN controller and which do not already have a realm In this application the internal users have no realm...

Страница 112: ...c Spot users have the realm PSpot and are received by the WLAN Controller With no forwarding defined for this realm the usernames are automatically checked with the internal RADIUS database Because th...

Страница 113: ...s the utilized frequency band and channel Using the right hand mouse key a context menu can be opened for the Access Points and the following commands are available Assign new Access Point to profile...

Страница 114: ...participating WLANs have to share the channel s bandwidth With a completely empty channel list the access points could auto matically select channels which overlap in some areas so reducing signal qua...

Страница 115: ...t suitable channel from the list To determine which chan nel is the best the access point scans for interference to determine the signal strengths and channels occupied by other access points Because...

Страница 116: ...e In this mode LANCOM Access Points search for a central WLAN Controller that can provide them with a config uration and they remain in search mode until they discover a suitable WLAN Controller or un...

Страница 117: ...er 116 EN If you need to change the operating mode for multiple devices you can use a simple script on the devices with the following lines Script 7 22 23 08 2007 lang English flash 0 cd Setup Interfa...

Страница 118: ...ss control by MAC address Optional IPSec over WLAN VPN 5 1 1 Encrypted data transfer Encryption takes on a special role in the transfer of data in wireless LANs Wireless communication with IEEE 802 11...

Страница 119: ...ry standard IEEE 802 1x and the Extensible Authenti cation Protocol EAP enable access points to carry out reliable and secure access checks The access data can be managed centrally on a RADIUS server...

Страница 120: ...5 1 5 IPSec over WLAN With the help of the IPSec over WLAN technology in addition to the security measures described already a wireless network for the exchange of especially sensitive data can be op...

Страница 121: ...that set tings for security functions e g the firewall can be altered Unauthorized access is not just a risk for the device itself but for the entire network Your LANCOM offers password protected acce...

Страница 122: ...on from local and remote networks The parameters for locking the configuration the number of incorrect password entries and the duration of the lock 5 4 The security checklist The following checklists...

Страница 123: ...ion of passphrase and MAC address Have you protected the configuration with a password The simplest way of protecting the configuration is to agree upon a pass word If no password has been agreed for...

Страница 124: ...ures that Trojan horses and certain types of e mail virus are denied communication to the outside Activate the firewall rules in LANconfig under Firewall QoS on the Rules tab Instructions on this are...

Страница 125: ...location Protect your saved configurations in a location that is safe from unauthor ized access Otherwise byway of example an unauthorized person may load your stored configuration file into another d...

Страница 126: ...LANCOM WLC series Chapter 5 Security settings 125 EN can be set so that a press is either ignored or it causes a re start depend ing on the time for which it is held pressed...

Страница 127: ...p Wizard In the selection menu select the Setup Wizard Set up Internet connec tion and confirm the selection with Next In the following windows you select your country your Internet provider if possib...

Страница 128: ...nection from the main menu In the following windows you select your country your Internet provider if possible and you enter your access data Depending on availability the Wizard provides further opti...

Страница 129: ...ntly requires far reaching modifications to both devices In cases like this refer to the Reference Manual Security aspects Of course your LAN has to be protected from unauthorized access For this reas...

Страница 130: ...your LANCOM to be renamed Ensure that you give different names to the two remote devices The name of the remote site is required for identifying the devices Entry Gateway 1 Gateway 2 Type of local IP...

Страница 131: ...e main office and with the appropriate rights has access to it The same applies in the other direction DNS access to the remote LAN Remote computers in a TCP IP network can be accessed not only with t...

Страница 132: ...server 10 10 1 2 the server receives a request from the IP 10 10 2 100 The actual address of the computer is masked If LAN connectivity uses the extranet mode the remote site does not receive the act...

Страница 133: ...contact to the requested computer 7 3 1 Click VPN for networks site to site The site to site to site connectivity of networks is now very simple with the help of the 1 Click VPN wizard It is even pos...

Страница 134: ...ter a name for this access and select the address under which the router is accessible from the Internet Enter the address and or name of the central router The final step is to define how the network...

Страница 135: ...y out the configuration on both routers one after the other In the main menu launch the Wizard Connect two local area networks Follow the Wizard s instructions and enter the necessary data The Wizard...

Страница 136: ...Wizard Security aspects Of course your LAN has to be protected from unauthorized access VPN based connectivity relies on IPsec for transferring data The encryption methods employed are 3 DES AES or B...

Страница 137: ...he addresses are freely available in your local network In our example the PC is assigned with the IP address 10 0 1 101 when it dials in This IP address allows the PC to fully participate in the LAN...

Страница 138: ...description of the VPN client and notes on its setup are also to be found on the CD The Wizard then requests the parameters that were specified when setting up the RAS access in the LANCOM Router 8 3...

Страница 139: ...be entered Save profile as an import file for the LANCOM Advanced VPN Client Send profile via e mail Print out profile Sending a profile via e mail could be a security risk should the e mail be inter...

Страница 140: ...sed is Aggressive Mode IKE config mode The IKE config mode is activated the IP address infor mation for the LANCOM Advanced VPN Client is automatically assigned by the LANCOM VPN Router 8 5 Instructio...

Страница 141: ...als EU CE certification EN 55022 EN 55024 EN 60950 Environment Temperature 41 00 F to 95 00 F at 80 max humidity non condensing 41 00 F to 104 00 F at 80 max humidity non condensing Package con tent L...

Страница 142: ...pin RJ45 sockets ISO 8877 EN 60603 7 BI_DA stands for bi directional pair A 9 2 2 Configuration interface outband 8 pin Mini DIN socket Connector Pin Fast Ethernet Gigabit Ethernet 1 T BI_DA 2 T BI_DA...

Страница 143: ...declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995 5 EC directive The CE declarations of conf...

Страница 144: ...oadcast 57 C CA 15 CAPWAP 11 13 15 17 CAPWAP tunneling 13 Certificate 42 43 49 78 79 82 Certificates Backup 82 Certification Authority 15 Charge protection 35 Configuration 49 Configuration access 35...

Страница 145: ...lter 123 IP address 33 34 124 IP masquerading 18 123 IP router 18 IPsec 128 135 IPSec over WLAN 117 IPX router 17 L LAN Connector cable 20 LAN connection 27 LANCOM Enhanced Passphrase Security 117 LAN...

Страница 146: ...uration 35 Routing table 123 S Scalability 12 SCEP 15 42 SCEP status 25 Script Central management 65 SDSL modem 18 Security Protecting the configuration 117 Security checklist 121 self sufficient 21 S...

Страница 147: ...17 VLAN 3 VLAN ID 52 91 VPN client 137 W WEBconfig 36 HTTPS 36 System requirements 21 WEP 117 120 121 Windows workgroup search 131 Wireless LAN Controllers 3 10 Firmware management 65 Script managemen...

Страница 148: ...LANCOM WLC series Index 147 EN...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды