AP-VPN Deployment
20.2 Configuring AP and Controller for AP-VPN Operations
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
337
If you are using the Windows 2003 server, perform the following steps to configure the
external whitelist database on it. There are equivalent steps available for the Windows
Server 2008 and other RADIUS servers.
1.
Add the MAC addresses of all the APs in the Active Directory of the RADIUS server:
–
Open the Active Directory and Computers window, add a new user and specify the
MAC address (without the colon delimiter) of the AP for the username and password,
respectively.
–
Right-click the user that you have just created and click Properties.
–
On the Dial-in tab, select Allow access in the Remote Access Permission section and
click OK.
–
Repeat Step a through Step c for all APs.
–
Define the remote access policy in the Internet Authentication Service:
–
In the Internet Authentication Service window, select Remote Access Policies.
–
Launch the wizard to configure a new remote access policy.
2.
Define filters and select grant remote access permission in the Permissions window.
–
Right-click the policy that you have just created and select Properties.
–
In the Settings tab, select the policy condition, and click Edit Profile....
–
In the Advanced tab, select Vendor Specific, and click Add to add new vendor-specific
attributes.
–
Add new vendor-specific attributes and click OK.
–
In the IP tab, provide the IP address of the AP and click OK.
VPN Local Pool Configuration
The VPN local pool is used to assign an IP address to the AP after successful XAUTH VPN.
(scalance) # ip local pool "rapngpool" <startip> <endip>
Role Assignment for the Authenticated APs
Define a role that includes an Source-NAT rule to allow connections to the RADIUS server
and for the Dynamic RADIUS Proxy in the AP to work. This role is assigned to APs after
successful authentication.
(scalance) (config) #ip access-list session iaprole
(scalance) (config-sess-iaprole)#any host <radius-server-ip> any src-nat (scalance)
(config-sess-iaprole)#any any any permit
(scalance) (config-sess-iaprole)#! (scalance) (config) #user-role iaprole
(scalance) (config-role) #session-acl iaprole
VPN Profile Configuration
The VPN profile configuration defines the server used to authenticate the AP (internal or an
external server) and the role assigned to the AP after successful authentication.
(scalance) (config) #aaa authentication vpn default-iap
(scalance) (VPN Authentication Profile "default-iap") #server-group default
(scalance) (VPN Authentication Profile "default-iap") #default-role iaprole
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...