Kerberos, Windows NT/2000 domain and built-in database.
♦VPN support allows secure wireless communications to and from
wireless clients.
♦Rights-based network access increases network security by
providing network administrators full control on users’ access to a
network, based on user identification, location, and time.
♦Web-based configuration is easy-to-use, convenient and provides
simple configuration management.
♦Network access and usage policies can be set for trusted users and
guests by user identification, location, and time.
♦Roaming across different subnets and persistent session roaming
eliminates the need for re-authentication by roaming users.
User Manual
SMC2504W
SMC2502W
ELITECONNECT
WLAN SECURITY SYSTEM
USER MANUAL
From SMC’s EliteConnect line of enterprise wireless LAN solutions
38 TeslaMarch 2002
Irvine, CA 92618Part No. 01-111343-006
Phone: (949) 679-8000
Copyrights and Trademarks
Copyright
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and
reliable. However, no responsibility is assumed by SMC for its use, nor for any
infringements of patents or other rights of third parties which may result from its
use. No license is granted by implication or otherwise under any patent or patent
rights of SMC. SMC reserves the right to change specifications at any time without
notice.
This publication is protected by federal copyright law. No part of this publication
may be copied or distributed, stored in a retrieval system, or translated into any
human or computer language in any form or by any means electronic, mechanical,
manual, magnetic, or otherwise, or disclosed to third parties without the express
written permission of SMC Networks Incorporated, located at 38 Tesla, Irvine, CA
92618.
SMC is a registered trademark; and EliteConnect is a trademark of SMC Networks,
Inc. Other product and company names are trademarks or registered trademarks
of their respective holders.
Licensed users and authorized distributors of SMC Networks products may copy
this document for use with SMC Networks products provided that the copyright
notice above is included in all reproductions.
All other brand and product names are claimed or registered marks of their
respective companies.
Limited Warranty
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products
to be free from defects in workmanship and materials, under normal use and
service, for the applicable warranty term. All SMC products carry a standard 90day limited warranty from the date of purchase from SMC or its Authorized
Reseller. SMC may, at its own discretion, repair or replace any product not
operating as warranted with a similar or functionally equivalent product, during
the applicable warranty term. SMC will endeavor to repair or replace any product
returned under warranty within 30 days of receipt of the product.
SMC EliteConnect WLAN Security System User Manualv
The standard limited warranty can be upgraded to a Limited Lifetime* warranty
by registering new products within 30 days of purchase from SMC or its
Authorized Reseller. Registration can be accomplished online via the SMC web
site. Failure to register will not affect the standard limited warranty. The Limited
Lifetime warranty covers a product during the Life of that Product, which is
defined as the period of time during which the product is an “Active” SMC
product. A product is considered to be “Active” while it is listed on the current
SMC price list. As new technologies emerge, older technologies become obsolete
and SMC will, at its discretion, replace an older product in its product line with
one that incorporates these newer technologies. At that point, the obsolete product
is discontinued and is no longer an “Active” SMC product. A list of discontinued
products with their respective dates of discontinuance can be found at:
All products that are replaced become the property of SMC. Replacement products
may be either new or reconditioned. Any replaced or repaired product carries
either a 30-day limited warranty or the remainder of the initial warranty,
whichever is longer. SMC is not responsible for any custom software or firmware,
configuration information, or memory data of Customer contained in, stored on,
or integrated with any products returned to SMC pursuant to any warranty.
Products returned to SMC should have any customer-installed accessory or addon components, such as expansion modules, removed prior to returning the
product for replacement. SMC is not responsible for these items if they are
returned with the product.
Customers must contact SMC for a Return Material Authorization number prior to
returning any product to SMC. Proof of purchase may be required. Any product
returned to SMC without a valid Return Material Authorization (RMA) number
clearly marked on the outside of the package will be returned to customer at
customer's expense. For warranty claims within North America, please call our
toll-free customer support number at (800) 762-4968. Customers are responsible for
all shipping charges from their facility to SMC. SMC is responsible for return
shipping charges from SMC to customer.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED,
EITHERIN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR
AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER
LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE
UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE
THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS
vi
CAUSED BY CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT,
IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO
REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED
USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD. LIMITATION
OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT
(INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL,
CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY
KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER
FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE,
INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from
the active SMC price list. Under the limited lifetime warranty, internal and external
power supplies, fans, and cables are covered by a standard one-year warranty from
date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
SMC EliteConnect WLAN Security System User Manualvii
Compliances
FCC - Class A
This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation.
This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with instructions, may cause harmful interference
to radio communications. However, there is no guarantee that the interference will
not occur in a particular installation. If this equipment does cause harmful
interference to radio or television reception, which can be determined by turning
the equipment off and on, the user is encouraged to try to correct the interference
by one or more of the following measures:
Reorient the receiving antenna
Increase the separation between the equipment and receiver
Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected
Consult the dealer or an experienced radio/TV technician for help
Industry Canada - Class A
This digital apparatus does not exceed the Class A limits for radio noise emissions
from digital apparatus as set out in the interference-causing equipment standard
entitled “Digital Apparatus,” ICES-003 of the Department of Communications.
Cet appareil numérique respecte les limites de bruits radioélectriques applicables
aux appareils numériques de Classe B prescrites dans la norme sur le matériel
brouilleur: “Appareils Numériques,” NMB-003 édictée par le ministère des
Communications.
viii
Preface -vii
Introduction 1-1
Overview 1-2
The EliteConnect WLAN Security System 1-3
WLAN Access Manager 1-4
Control Server 1-4
Rights Manager 1-5
Administrative Login 2-2
Changing Your Network Configuration 2-4
Advanced Network Settings 2-6
Setting the Shared Secret 2-10
Authorizing the Shared Secret on the WLAN Secure Server 2-10
Setting the Secure Server IP Address and Shared Secret 2-11
Configuring SNMP 2-11
Specifying Location Description 2-13
Specifying Session Logging 2-14
Configuring the Time and Date 2-15
Viewing Online Documentation and Help 2-16
Restoring a Backed-Up Image 4-5
Updating the System Software 4-7
Rebooting or Shutting Down the System 4-9
Viewing System Status 5-1
Viewing Status Information 5-2
Viewing WLAN Access Managers 5-3
Viewing the Active Client List 5-4
Viewing Active Session Information 5-6
Viewing Log Files 5-7
Informational Logs 5-7
Session logs 5-8
Viewing Version and License Information 5-9
Configuring the Rights Manager 6-1
Rights Manager Terminology 6-2
About the Rights Manager 6-3
Two Simple Rights Examples 6-4
Example 1: Visiting Professor 6- 4
Example 2: Contractors with Extended Hours 6- 4
Getting to the Rights Manager 6-5
Changing Rights Associated with Locations 6-6
Why Change Rights 6-6
Adding a Location 6-7
Modifying a Location 6-11
Deleting a Location 6-12
Changing WLAN Access Manager Rights 6-13
Adding a WLAN Access Manager 6- 13
Modifying a WLAN Access Manager 6- 19
Changing Other Where Properties 6- 20
Deleting a Where 6- 21
Changing Group Properties 6-22
Adding a New Group 6-22
Modifying a Group’s Rights 6-26
Initially Configuring Valid Times or Whens 6- 26
Changing the Time that a Group is Valid 6- 30
x
Modifying the Group/Allows Column 6- 31
Deleting a Group 6-33
Adding, Modifying, or Deleting a User 6-34
Adding a New User 6-34
Modifying a User’s Characteristics 6-36
Deleting a User 6-36
Adding a MAC Address as a User 6-38
Enforcing Authentication 6-40
To use the Built-in Authentication service: 6- 42
To use the LDAP Authentication Service: 6- 42
To use the RADIUS Authentication Service: 6- 43
To use the Kerberos Authentication Service: 6- 44
To use the Advanced Authentication Service: 6- 46
Creating a New Authentication Realm 6- 47
Changing the Default Realm 6-47
Changing Rights-Allows in Groups 6-50
Adding Rights-Allows 6-50
Modifying a Rights-Allow 6-53
Deleting a Rights-Allow 6-53
Redirecting Packets 6-54
Creating or Modifying a Redirect 6-54
Deleting a Redirect 6-58
Changing Allows and Redirect Rights 6- 59
Changing a Group’s Redirect Rights 6- 60
Displaying Rights 6-63
Rights Manager Logs 6-67
Viewing the Rights Manager Log 6-67
Changing the Rights Manager Log Display 6-68
Importing and Exporting Rights 6-68
Importing Rights 6- 68
Exporting a Set of Rights 6- 69
Creating a new Rights Image 6- 69
Downloading the XML Schema 6- 70
Customizing the Logon Screen Appearance 6-70
Customizing the Logon Screen 6-71
Generating an SSL Certificate Signing Request 6-73
Syntax of Client Rights A-1
Command Line Interface B-1
Syntax for Command Line Interface B-2
EliteConnect WLAN Security System User Manualxi
CLI Help Commands B-2
CLI Access Control Commands B-2
Diagnostic Commands B-3
System Status Commands B-4
Diagnostic Log Commands B-5
Active Client Management Commands B-6
System Configuration and Control Commands B-6
Upgrading the System Software B-6
Stopping and Restarting the System B-7
Network Configuration B-8
Access Manager Configuration B-9
Control Server Configuration B-11
Time Configuration B-11
Backup and Restore B-12
SNMP Configuration and Reporting Commands B-12
Rights Tutorial C-1
Starting with Locations C-2
Group Editor C-4
Logon Expire Times for Groups C-5
Default Groups C-6
Logon Rights C-6
Guest Rights C-7
User Rights C-9
Required Rights C-11
Built-in Users C-11
Example 1, Rights Debugger C-12
Example 2, Allowed User Groups C-17
Example 3, Public Location C-24
Time-Based Rights C-28
Time-Based Logon Rights C-29
Example 4, Wired Interface C-29
Example 5, MAC Address User C-32
Example 6, Differentiated Access by Groups C-35
Denying Access to a Subnet C-35
Getting Access to the Subnet C-37
Adding Users C-41
Creating a Location C-42
Example 7, Trap Known Port C-47
Example 8, SOCKS Proxy C-50
Example 9, Public Kiosk Location C-51
xii
Simple Network Management Protocol D-1
Introduction to WLAN Security System SNMP D-2
Supported Management Information Base Objects D-3
MIB Objects D-3
System MIB D-4
Hardware Description MIB Object D-5
Hardware Version MIB Object D-5
Software Version MIB Object D-5
Serial Number MIB Object D-5
Environmental Monitoring Objects D-6
Cooling Fan Registry MIB Objects D-6
Traps D-7
Glossary E-1
Index 1-1
EliteConnect WLAN Security System User Manualxiii
xiv
PREFACE
This preface describes the objective, audience, use, and organization of the
EliteConnect WLAN Security System User Manual. It also outlines the document
conventions, safety advisories, compliance information, comments, ordering
process, related documentation, support information, and revision history.
Audience
The primary audience for this document are network administrators who want to
enable their network users to communicate using the EliteConnect WLAN Security
System. This document is intended for authorized personnel who have previous
experience working with network telecommunications systems or similar
equipment. It is assumed that the personnel using this document have the
appropriate background and knowledge to complete the procedures described in
this document.
How To Use This Document
This document contains procedural information describing all configuration and
management of the SMC2504W EliteConnect WLAN Secure Server and SMC2502W
WLAN Access Manager. Each procedure is written in a task-oriented format
consisting of numbered step-by-step instructions, that enable you to perform a
series of actions to accomplish a stated objective. In most cases, several different
procedures are required to complete one overall task. All procedures should be
performed in the order they appear in this document, unless otherwise instructed.
Where applicable, navigation aids also refer you to supplemental information such
as figures, tables, and other procedures in this document or another document.
Main chapters are followed by supplemental information such as appendices and
an index.
vii
Document Conventions
ConventionDefinition
Boldface PalatinoScreen menus that you click to select, commands that you select,
and emphasized terms are in boldface Palatino.
Italic Palatino
Courier
New terms that are defined in the Glossary are in italic Palatino.
Filenames and text that you type are in Courier.
Organization
This document is organized as follows:
Chapter 1—Introduction
This chapter provides an overview EliteConnect WLAN Security System and
describes how the components operate.
Chapter 2—Configuration
This chapter explains how to configure your EliteConnect WLAN Security System
system.
Chapter 3—Airwave Security
This chapter describes how to enforce security using IPSec, L2TP, and PPTP.
Chapter 4—Controlling the System Functions
This chapter explains how to install new software, backup your system, and
shutdown and reboot.
Chapter 5—Viewing Status Information
This chapter explains how to view the status of the components of the EliteConnect
WLAN Security System.
Chapter 6—Configuring the Rights Manager
This chapter describes how to allocate rights to clients based on their location,
groups, and time and date. It includes a definition of frequently used terms for
managing rights.
Appendix A—Syntax of Client’s Rights
This appendix explains client’s rights based on the tcpdump utility.
viii Preface
Appendix B—Command Line Interface
This appendix provides a description of the command line interface.
Appendix C—Rights Tutorial Appendix
This appendix explains Rights Management through examples.
Appendix D—Simple Network Management Protocol
This appendix describes the Management Information Base modules used in
EliteConnect WLAN Security System.
Glossary
The Glossary explains terms that are specific to the EliteConnect WLAN Security
System. These terms are shown in italics when first used.
EliteConnect WLAN Security System User Manual ix
x Preface
INTRODUCTION
This chapter gives a brief description of the SMC EliteConnect WLAN Security
System Solution products. It consists of the following sections
1.2 The EliteConnect WLAN Security System . . . . . . . . . . . . . 1-3
11
1-1
1.1Overview
The WLAN Security System permits fine-grained access control and transparent
Layer 3 roaming capabilities for wireless and wired IP networks. The IP traffic of
each user machine or client can be individually authenticated, controlled,
redirected, and logged for auditing or billing purposes. When clients move
through the enterprise, their open sessions are transparently forwarded so that the
sessions are not terminated. Almost any user authentication scheme can be
supported thanks to WLAN Security System’s fully customizable Rights Manager
component.
In addition, the Airwave Security feature can encrypt all client traffic using standard
encryption technology including PPTP, L2TP, or IPSec.
The WLAN Security System addresses the following mandatory network
infrastructure functions:
• Security that includes the following functions:
•
User authentication
• User-based access and resource control
• Airwave Security: PPTP, L2TP, or IPSec
• Management: tracking of wireless access points and users
• Accounting: information for accounting, logging, and billing
The WLAN Security System also addresses the following mobility functions:
• Address Mobility: no need to re-authenticate or acquire a new address when
roaming
• Connection Mobility: sessions remain open when roaming
1-2Introduction
1.2The EliteConnect WLAN Security System
Figure 1-1 shows the EliteConnect WLAN Security System.
Figure 1-1. The SMC EliteConnect WLAN Security System Solution
The EliteConnect WLAN Security System consists of three logical functions:
• WLAN Access Manager
• Control Server
• Rights Manager
There are two physical components of the EliteConnect WLAN Security System:
• The WLAN Secure Server consists of a Control Server, Rights Manager, and
WLAN Access Manager with four RJ-45 ports
• The WLAN Access Manager consists of the WLAN Access Manager function
with four RJ-45 ports
The next section explains the three logical functions.
SMC EliteConnect WLAN Security System User Manual1-3
1.2.1WLAN Access Manager
The WLAN Access Manager is positioned between each access point and the
network. It inspects and filters each packet arriving from the wireless client
through the access point, deciding whether to allow or deny forwarding of the
packet. The WLAN Access Manager applies a set of rules to each packet. Allowed
packets can be redirected based on other rule sets.
Initially, the WLAN Access Manager knows of no connected devices. As a user
sends a packet through a wireless access point, it forwards the packet to the
network through the WLAN Access Manager. The WLAN Access Manager uses
the received packet to determine the hardware MAC address of the client device,
and requests an initial set of rights from the Rights Manager through the WLAN
Secure Server.
The Rights Manager supplies a set of logon rights that allow DHCP, DNS, and
HTTP requests, additionally redirecting HTTP requests to the Rights Manager. The
Rights Manager uses the first HTTP request to require user authentication by
means of an SSL-protected HTTP connection. After verifying a user’s identity
through the HTTPS connection, the Rights Manager sends a new rights package
through the WLAN Secure Server, to the WLAN Access Manager. This rights
package is based on the user’s identity, location, and the time and date.
In addition to filtering and redirecting packets, the WLAN Access Manager
coordinates with other Access Managers through the WLAN Secure Server to
maintain connections as a client device roams from one access point to another.
The Access Manager is also responsible for maintaining Airwave Security
encryption using PPTP, L2TP, or IPSec protocols.
Scalability is ensured by concentrating all packet-level inspection and rewriting
functions and encryption at the WLAN Access Manager. An individual Control
Server can easily supervise several WLAN Access Managers.
1.2.2Control Server
Each WLAN Secure Server administrative domain requires only one Control
Server, which is embedded in the WLAN Secure Server. The Control Server in the
WLAN Secure Server performs two functions:
•
Coordinates between the WLAN Access Managers and the Rights Manager
• Coordinates WLAN Access Manager-to-WLAN Access Manager communications, such
as a roaming handoff.
To ensure scalability, all per-packet operations are confined to the WLAN Access
Managers. The WLAN Secure Server merely coordinates the client metainformation among the WLAN Access Managers.
All policy and user database entries are kept in the Rights Manager, which is part
of the WLAN Secure Server.
1-4Introduction
Command and control communication between the WLAN Access Manager and
the WLAN Secure Server is through an encrypted connection. Command and
control communication between WLAN Access Managers is also through an
encrypted connection. User packets that must be tunneled between WLAN Access
Managers to ensure transparent Layer 3 roaming are not encrypted.
1.2.3Rights Manager
The Rights Manager, which is part of the WLAN Secure Server, enables the
network administrator to edit rights for users, groups, locations, and times. It
supplies the WLAN Access Managers with appropriate rights based on who, when,
and where. The Rights Manager also authenticates users.
Users and Authentication
Active Authentication
As described earlier in WLAN Access Manager, the initial set of rights sent by the
Rights Manager to the WLAN Access Manager limits the packets allowed into the
network. Additionally, any HTTP requests from the end-user are redirected to the
Rights Manager. The Rights Manager sets up an HTTPS connection with the user,
and presents a logon screen.
The user types their username and password, or requests guest rights. Users are
authenticated, while guests are given a set of pre-defined rights that limit network
access to the external Internet.
The Rights Manager supports four methods of authentication:
• A built-in database of user-password pairs
• An interface to an external LDAP authentication service
• An interface to an external RADIUS service
• An interface to a Kerberos service
After performing the appropriate authentication, the Rights Manager determines
the correct set of rights for that particular user based on group membership,
geographic location of the client, day, and time of day. The Rights Manager also
offers an advanced authentication option in which multiple authentication
methods can be used.
SMC EliteConnect WLAN Security System User Manual1-5
Passive Authentication
Alternatively, you can choose one of the following passive methods for user-level
authentication. The following all require user-level authentication and the
EliteConnect WLAN Security System can use these authentication services for its
own user authentication:
• NT/2000 domain login
• 802.1x authentication
• PPTP MS-CHAP, or MS-CHAP v2 authentication
• L2TP MS-CHAP or MS-CHAP v2 authentication
1.2.4Rights
At any given time, for each client attached to a WLAN Access Manager, a certain
set of rights is in effect. These rights are based on the powerful packet-matching
language of the tcpdump utility program. A rights package contains the following
main components: Network Address Translation (NAT) setting, Mode Setting,
Packet Filters, and Session Redirectors. Each set of rights has a valid time.
Network Address Translation
A WLAN Access Manager provides Network Address Translation (NAT) services
for users who request DHCP IP address when they initiate connection to the
Access Manager.
When a client sends a packet through the WLAN Access Manager, the WLAN
Access Manager rewrites the IP address field and the port number field to a value
that is unique and that will identify any return packet.
Depending on the application, you can choose to use the NAT service or you can
choose to assign your own IP address. Following are some points in favor of and
against using NAT:
• NAT makes roaming much more efficient. The WLAN Security System can move
the entire connection state from one WLAN Access Manager to the roamed-to
WLAN Access Manager, and only tunnel open sessions back through the
original WLAN Access Manager. MobileIP as a solution to roaming suffers
because every connection has to be tunneled back through the original
connection point.
• NAT provides some amount of protection to a client since no device other than
the WLAN Access Manager can talk directly to the client. This provides
rudimentary firewall protection.
• Certain applications require a host or server system to know the actual IP
address of a client. Some examples include multi-player games, file transfer in
Instant Messenger applications, and other peer-to-peer applications.
1-6Introduction
NAT is enabled by default. You can choose to disable NAT based on individual
user’s needs. See Configuring the Rights Manager for more information about
configuring NAT.
Packet Filters
Each set of client rights has an associated set of packet filters that determine what
traffic the client is allowed to generate. Any packets generated by the client that
do not match one or more of the filters are quietly rejected. You can base filters for
packets on protocol, IP address, port, or other considerations. You can specify
packet filters to be as granular as you want, even to the point of specifying
individual bit patterns in the client’s packet.
Session Redirectors
Client TCP and UDP sessions can be redirected from their original destination IP
address or port. This is useful, for example, to force HTTP clients to login, or to
ensure that certain requests for network services, such as DNS, are directed to the
appropriate servers.
Some important notes about configuring rights:
• Filters and redirectors match packets using the powerful pattern matching
language introduced by the tcpdump utility program.
• If NAT is not enabled for a set of rights, then these rights should also include a
filter allowing clients to renew their DHCP leases.
• Often a session redirector will match client DNS requests and redirect them to a
known DNS server allowing for client misconfiguration of DNS.
Valid Times
A set of rights is valid for some time periods as specified by the system
administrator when configuring the rights. When the rights valid time expires, the
WLAN Access Manager queries the Rights Manager for a new set of rights, but
does not require re-authentication.
1.2.5Timers
There are two important timers maintained by the WLAN Security System:
• Expire
• Linger
The Expire timer specifies how long before a user is required to re-authenticate.
The Linger time specifies how long a user has to roam once he disappears from
one WLAN Access Manager and before he reappears at another WLAN Access
Manager. A WLAN Access Manager periodically probes for a client after that client
is idle for a while. If the client does not respond to the probe (an ARP request) after
a period of idleness, the WLAN Access Manager removes the client’s data from its
SMC EliteConnect WLAN Security System User Manual1-7
internal tables and informs the Rights Manager. The Rights Manager starts the
linger timer. If the linger timer expires, the user must re-authenticate.
1-8Introduction
CONFIGURINGTHE WLAN SECURITY SYSTEM
This chapter describes how to configure the WLAN Secure Server and WLAN
Access Manager so that they work with your enterprise network after you have
installed it, as described in the EliteConnect WLAN Security System Installation Guide. It includes the following sections:
2.8 Configuring the Time and Date . . . . . . . . . . . . . . . . . . . . . 2-15
2.9 Viewing Online Documentation and Help . . . . . . . . . . . . 2-16
2
Note:You can also use the EliteConnect WLAN Security System command-line interface for
configuration, which is described in
Command Line Interface.
March 18, 2002 3:12 pm2-1
2.1Administrative Login
To log in:
Step 1.Set your browser to the IP address or hostname of the WLAN Secure
Server or WLAN Access Manager
Step 2.Press Enter.
The Administrator Login Screen appears, as shown in Figure 2-1
Any system connected through a WLAN Access Manager’s or WLAN Secure
Server’s ports can access the web interface through the specially recognized URL:
http://42.0.0.1.
Note:Your browser must accept cookies to log in.
Figure 2-1. Administrator’s Login
Note:The text is adjusted appropriately depending on whether the component you are
connected to is a WLAN Secure Server or a WLAN Access Manager.
Step 3.
Note:By default, the system ships with the user name admin and password admin.
Step 4.
Step 5.Click Login.
Enter your username.
Enter your password.
The Main Menu appears. Figure 2-2 shows the Main Menu for the WLAN Secure
Server. Figure 2-3 shows the Main Menu for the WLAN Access Manager.
2-2Configuring the WLAN Security System
Figure 2-2. Main Menu for the WLAN Secure Server
Figure 2-3. Main Menu for the WLAN Access Manager
EliteConnect WLAN Security System User Manual2-3
This chapter explains the Configuration functions of the Main Menu; other topics
are discussed in other chapters, as shown in Table 2-1.
Table 2-1 Topics in Other Chapters
Top icChapter
Airwave Security3
System Functions4
Viewing the System5
2.2Changing Your Network Configuration
The WLAN Security System Installation Manual explains initial network installation.
Refer to this section if you need to change your network configuration.
To change your network configuration:
Step 1.Click Network from the Main Menu.
Figure 2-4 shows the Network Configuration screen for the WLAN Secure Server.
Figure 2-5 shows the Network Configuration screen for the WLAN Access
Manager.
Figure 2-4. Network Configuration for the WLAN Secure Server
2-4Configuring the WLAN Security System
Loading...
+ 212 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.