Go to page of
Similar user manuals
-
Network Card
Gateway L110
87 pages 4.1 mb -
Network Card
Gateway PLU-300
68 pages 2.28 mb -
Network Card
Gateway E-9220T
124 pages 0.3 mb -
Network Card
Gateway E-3200
90 pages 0.89 mb -
Network Card
Gateway 820 LTO
72 pages 1.09 mb -
Network Card
Gateway LWGC-220
48 pages 2.64 mb -
Network Card
Gateway E-2500D
110 pages 3.46 mb -
Network Card
Gateway E-826R
116 pages 1.93 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Gateway 7001 Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Gateway 7001 Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Gateway 7001 Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Gateway 7001 Series should contain:
- informations concerning technical data of Gateway 7001 Series
- name of the manufacturer and a year of construction of the Gateway 7001 Series item
- rules of operation, control and maintenance of the Gateway 7001 Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Gateway 7001 Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Gateway 7001 Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Gateway service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Gateway 7001 Series.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Gateway 7001 Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
U ser Guide Gatewa y 7001 Ser ies Acc ess P oint[...]
-
Page 2
i www .gate wa y .com Co n t e n t s 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Overview of the G ateway 7001 Series of self-m anaged AP s . . . . . . . . . . . . . . . . . . . . . . . . 2 Features a nd benef its . . . . . . . . . . . . . . . . . . . . . .[...]
-
Page 3
ii www .gate way . com Cluster mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Standalo ne mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4 Cluster formation . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Page 4
iii www .gate wa y .com Enablin g or disa bling a network time p rotocol (NTP) se rver . . . . . . . . . . . . . . . . . . . . 79 Configu ring network security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Understandi ng securi ty issues o n wireless networks . . . . . . . . . . . . . . . . . . .[...]
-
Page 5
iv www .gate way . com A Glossa ry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 B Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 7 C Safety, R egulatory, and Legal Information . . . . [...]
-
Page 6
Chapter 1 1 Introduc tion ■ Features and benefits ■ Netwo rking ■ Maintainability ■ Default settin gs and supported administrator/client platforms[...]
-
Page 7
2 ww w . g at eway . c om Ov er view of the Gate wa y 7001 Series of self-managed AP s The Gateway 7001 Series of self-m anaged APs (access po ints) provide conti nuous, high-speed acc ess between your wi reless and Ethernet dev ices. They are advanced, turnkey solutions for wireless networking in sma ll and medium-sized busine sses. The Gateway 70[...]
-
Page 8
3 www .gate wa y .com F eatures and benefits IEEE st andards supp or t an d Wi-Fi compliance ■ Support f o r IEEE 802.1 1a, 802.11b, and 802.11 g wireless networking standa rd s (depending on model) ■ Provides bandwid th of up to 54 Mbps for 802.1 1a or 802.11g (11 Mbps for 80 2.11b, 108 Mbps for 8 02.11a T urbo) ■ W i-Fi certified Wireless f[...]
-
Page 9
4 ww w . g at eway . c om Out- of-th e-Box guest inter f ace ■ Unique network name (SSID ) for the Guest interface ■ Captive portal to guide guests to custom ized, guest-only W eb page ■ VLAN and dual Ethernet options Clusteri ng and auto-managem ent ■ Automatic setup with K ickstart. ■ Provisioning and p lug-and-play through automat ic c[...]
-
Page 10
5 www .gate wa y .com Defaul t settings and supported administra tor/client pla tforms Before you plug in and boot a new access poin t, review the following sections for a quick check of required hardware co mponents, softwa re, client confi gurations, and compatibility issues. Make sure you have everything you need ready to go for a successful lau[...]
-
Page 11
6 ww w . g at eway . c om P assw ord admin “Provid ing administr ator pass word an d wireless netwo r k name ” on page 32 “Configu ring security settin gs on wirele ss client s” on page 121 Network Nam e (SSID) “Gate wa y 7001 AP Netw ork” for th e Internal interf ace “Gate wa y 7001 AP Guest Netwo rk” for the Guest in terface “Re[...]
-
Page 12
7 www .gate wa y .com IEEE 802.11 M ode 802.11g pr 8 02.11a+g “Co nfig uri ng rad io settings ” on page 104 802.11g C hannel A uto “Co nfig uri ng rad io settings ” on page 104 Beacon Inte r val 100 “Co nfig uri ng rad io settings ” on page 104 DTIM P erio d 2 “Co nfig uri ng rad io settings ” on page 104 F ragme ntation Threshold 2[...]
-
Page 13
8 ww w . g at eway . c om Wha t the access poin t does not pro vide The Gateway 7001 S e ries self-mana ged AP is no t designed to function as a gateway to the Internet. T o connect your LAN to other LANs or the Internet, you need a gateway device, such as a rou ter or a sw itch. MA C Filtering Allow an y station unless in li st “Controll ing acc[...]
-
Page 14
9 www .gate wa y .com A dministra tor ’ s c omputer Configuratio n and administratio n of the Gateway 7001 Series self-managed AP is accomplished w ith the K ic kStar t utility (which you run from the CD ) and through a W eb-based user interface (UI). The following table describes the minimum r equirements for the administrator’ s computer . Re[...]
-
Page 15
10 ww w . g at eway . c om Kic kStar t Wizard on CD Y ou can run the KickSta r t CD on an y laptop or compute r that is connec ted to the access point (through Wired or Wireles s connec tion). It dete cts Gatew ay 7001 Series se lf-managed APs on th e ne twor k. Th e wiz ard step s you th roug h in itia l co nfigu ratio n of new a ccess poin ts, an[...]
-
Page 16
11 www .gate wa y .com W ireless client c omput ers The Gateway 7001 Series self-mana ged AP provides wirel e ss acce ss to any client with a correctly configured W i-Fi client adapter for the 802.11 mo de in which the access point is running. Multiple client operating systems are suppor ted. Clients can be laptops or desktops, personal digita l as[...]
-
Page 17
12 ww w . g at eway . c om Understanding dynamic and static IP addressing Gateway 7001 Series self-managed APs ar e built t o auto-configure, with very little se tup required for the first access point and no configuration required for additional access points subsequently joining a preconfigured cluster . How does the access poi nt obtain an IP ad[...]
-
Page 18
13 www .gate wa y .com Sta tic IP addressing The Gateway 7001 Series self-mana ged AP ships with a defa ult Static IP Address o f 192.168.1.1. ( See the default set tings for the AP in “Gateway 7 001 Seri es self-m anage d AP” on page 5 .) If no DHCP ser ver is found on the network, the AP retains this static IP address at first-time st a rtup.[...]
-
Page 19
14 ww w . g at eway . c om[...]
-
Page 20
Chapter 2 15 Quick Setup ■ Unpacking the access p o int ■ Connecting the access point to network and p ower ■ T urning on the access point ■ Running KickStart to find acces s points and assign IP addresses ■ Configuring bas ic settings and starting the wireless network[...]
-
Page 21
16 ww w . g at eway . c om Setting up th e access point Set ting up an d depl oying one or mor e Gatewa y 7001 Series self-managed APs is in effect creating and launching a wireles s network . The KickStart W izard and corresponding Basic Settings Administra tion W e b page simplify thi s process. Here is a step-by-step guide to setting up your Gat[...]
-
Page 22
17 www .gate wa y .com Wh at’ s inside the acc ess poin t? An access point is a single-purpose c omputer designed to functi on as a wireless hub. Inside the access point is a W i-Fi radio system, a mi croprocessor , and sometimes a mini- PC card. The access point boo ts from FlashROM that contains firmware with the c onfigurable, runtime features[...]
-
Page 23
18 ww w . g at eway . c om C onnec ting the a cc ess point to netw ork and po wer The next step is to set up the network and power connections. T o set up the network and power connections: 1 Connect one end of an Ethernet cable to the network port on the access point and the other end to the s a me hub where your computer is co nnec ted. OR - Conn[...]
-
Page 24
19 www .gate wa y .com 2 Connect the power adapter to the power port on the back of the access point, then plug the other end of the power cord into a power outlet (preferably , using a surge protect or). Setting up connections for a guest net w ork The Gateway 7001 Series self-managed AP offers an out-of-the- bo x Guest Interface that lets you con[...]
-
Page 25
20 ww w . g at eway . c om Hardw are conn ec tions f or a phy sically separ ate guest ne twork If you plan to configure a p hysically separa te guest network, you need to set up your network connections differently a t this point. The Gateway 7001 S e ries self-mana ged AP ships with an extra network port to support configuration of a physically se[...]
-
Page 26
21 www .gate wa y .com Run the KickStart CD on a laptop or computer that is connected to the same network as your access points and use it to step through the discovery process. Important K eep in min d that Kic kStar t (and the other Gate wa y adminis tration tools ) recogniz es and confi gures only Gate wa y 7001 Series sel f-managed APs . KickSt[...]
-
Page 27
22 ww w . g at eway . c om T o run KickStart: 1 Insert the KickSt a rt W izard CD into the CD drive on yo ur computer . If the KickStart window is not displa yed automatically , navigate to the CD dri ve and double-click the Kickstart executa ble file to activate the KickSta rt utility on the CD. The KickSt art We l c o m e screen is displayed.[...]
-
Page 28
23 www .gate wa y .com 2 Click Next to search for access points. W a it for t he sea r ch to complete, or unti l KickStart has found your new access points. 3 R e v i e w t h e l i s t o f a c c e s s p o i n t s f o u n d . KickStart will detect the IP addresses of Gateway 7001 S eries self-managed APs. Access points are listed with their location[...]
-
Page 29
24 ww w . g at eway . c om Logg ing on to the administra tion W eb pages When you follo w the link from KickStart to the Gateway 7001 S e ries sel f-managed AP administration W eb pages, you are pr ompted f or a user n ame and pa ssword. The defaults for user na me and password are as follows. Important Kic kStar t provide s a link to the Adminis t[...]
-
Page 30
25 www .gate wa y .com T ype the user name and password and click OK .[...]
-
Page 31
26 ww w . g at eway . c om Viewi ng basic settin gs for Gatew ay 7001 S eries se lf-managed acces s points When you log i n, the Basic Settings page for Gateway 7001 Series self-manage d AP administration is displayed . These are globa l settings for a ll access points tha t are members of the cluster and, i f automatic configuratio n is specified,[...]
-
Page 32
27 www .gate wa y .com C onfiguring basic settings and star ting the wireless networ k Provide a minimal set of c onfiguration information by defining the basic settings for your wireless network. These settings are all available on the Basic Settings page of the Administratio n W eb in terface, and are ca tegorized into steps 1-4 on the W eb page.[...]
-
Page 33
28 ww w . g at eway . c om What ’ s n ex t? Make sure the access point is connected to th e LAN and access some wireless clients. After you have tested the basics of y o ur wireless network, you can enable more security and fine-tune by mod ifying advanced configuration fea tures. Mak e sure the acc ess point is co nnected to the LAN If you confi[...]
-
Page 34
Chapter 3 29 C onfiguring Ba sic Net work Settings ■ Navigating to bas ic settings ■ Reviewing and describing the access point ■ Setting configuration policy for new access points ■ Understanding ba sic settings for a standalon e access point ■ Understandi ng indicator ico ns[...]
-
Page 35
30 ww w . g at eway . c om Na viga ting to basic settings T o configure basic Network settings, clic k Network , t hen c lick B asic Settings . If you use Kickst art to link to the Administratio n W e b pages, the Bas ic Settings page is displayed by default . Fill in the boxes on t he Basic Settings pa ge a s described in th e following section.[...]
-
Page 36
31 www .gate wa y .com Reviewing and descri bing the access point Field A ctio n IP Addre ss This box i s not editab le becaus e the IP address is already assigned (eithe r through DHCP , or static ally through th e Ether net (Wired ) settings as d escribed in “Configuri ng Guest interf ace Ethernet sett ings” on page 73 ). MA C Address A MA C [...]
-
Page 37
32 ww w . g at eway . c om P ro viding administra tor passw ord and wir eless ne tw ork name Caution The Ga tewa y 7001 Se ries self-manage d AP is not desig ned fo r multip le, si multaneou s configur ation chan ges. If y ou ha ve a network that includ es multipl e access poi nts, and mo re than one admi nistrato r is logged on to the Administra t[...]
-
Page 38
33 www .gate wa y .com Wire less Network Name (SSID) T ype a na me for the wireless network as a char acter string. Thi s name will appl y to all access points on this netw or k. As y ou add more access poi nts, the y will share this SSID . The Service Se t Identifier ( SSID ) is an alphan umeric str ing o f up t o 32 charac ters Note: If yo u are [...]
-
Page 39
34 ww w . g at eway . c om Setting c onfigur ation polic y for ne w access points[...]
-
Page 40
35 www .gate wa y .com Field A ctio n New Access Po i n t s Choos e the policy y ou wa nt to put in eff ect f or adding New Ac cess P oints to the n etwork. • If y ou choose are configu red automatica lly , then when a new acces s points is added to the net work it automat ically j oins the e xisting clus ter . The clust er configu ration is copi[...]
-
Page 41
36 ww w . g at eway . c om Upda ting basic settings When you have reviewed the new configura tion, click Update to apply the settings and deploy the access points as a wireless network.[...]
-
Page 42
37 www .gate wa y .com Understanding basi c sett ings for a standalone acc e ss point The Basic Se ttings tab for a standalone access point in dicates only that the curren t mode is standalone and pro vides a button for adding the access point to a cluster (group). If you click on a ny of the Cluster tabs on the Administ ration pages for an access [...]
-
Page 43
38 ww w . g at eway . c om Understanding indicator ic ons All the network setting s tabs on the Administration W eb pages include visua l indicator icons showing current ne twork activity Icon Description The clu stering icon in dicates whether the current acce ss point is “Clustered” or “N ot Clustered” (tha t is, standal one). The nu mber[...]
-
Page 44
Chapter 4 39 Ma naging Access P oints and Clusters ■ Navigating to ac cess points manage ment ■ Understandi ng clustering and acces s points ■ Modifying the location description ■ Adding and r emoving an acce ss point ■ Navigating to an AP by us ing its IP address in a URL[...]
-
Page 45
40 ww w . g at eway . c om Introduc tion The Gateway 7001 Series self-managed APs show c urrent basic configuration settings for clus tered access points (l ocati on, IP ad dress, MAC addr ess, st atus, and avai labil ity) and provide a way of navigating to the ful l configuration for specific APs if they are cluster members. Standalone acces s poi[...]
-
Page 46
41 www .gate wa y .com Na viga ting to acce ss points management T o view or edit information on access points in a cluster , click Cluster > Acc ess Po ints on the Administra tion W e b page. The Manage access points in the cluster screen opens.[...]
-
Page 47
42 ww w . g at eway . c om Understanding clustering A key feature of the Gateway 7001 Series self-manage d AP is the ability t o form a dynamic, configu ration-awa re group (called a c luster) wit h other Ga teway acces s points in a netw ork in the same subnet. Access points ca n participate in a peer-to-peer cluster whic h makes it easier for you[...]
-
Page 48
43 www .gate wa y .com Having a mix of APs on the network does not adversely affect Gateway 7001 Se ries self-managed AP clustering i n any way , however it is helpful to understa nd the clustering behavior for administration purposes: ■ Gateway 7001 Series self-managed APs of the same model will form a cluster . The dual-band APs will form one c[...]
-
Page 49
44 ww w . g at eway . c om Settings that a re not shared m ust be configured individua lly on the Admi nistration pages for each access point. T o get to the Administration pages fo r an access point th at is a member of the current cluster , click on its IP Address link on the Clust er > Ac cess P oint s page of the current AP . Clust er mode W[...]
-
Page 50
45 www .gate wa y .com Y ou can re-enable cluster mode o n a sta ndalone access point. (See “Addin g an access point to a cluster” on page 52 .) Clust er formation A cluster is formed when the first Gateway 7001 S eries self-managed AP is configured . (See “Quick Setup” o n page 15 and “Configuring Basic Network Settings” on page 29 .) [...]
-
Page 51
46 ww w . g at eway . c om Note that auto-synchronization always occurs during configu ration updates that affect the cluster , but the p rocessing time is usuall y negligible. The a uto-synch progress bar is displayed only for longer-than-usua l wait times. Clu ste r re cover y In cases where the access points in a cluster become out of syn c for [...]
-
Page 52
47 www .gate wa y .com The Stop Clustering page for t hi s access point opens. 2 Click the Stop Clustering button. 3 Repeat steps 1 and 2 for every access point in the cluster . 4 Reset each access poi nt by going to the Administration W eb pages of the access point you want to reset by entering its URL into the address bar of your W eb browser: ht[...]
-
Page 53
48 ww w . g at eway . c om 5 On the Administrat ion UI left-hand tabs, click Adv anced > Reset Configur ation to open the Res et page . Th e Reset pa ge opens. 6 Click Reset to restore the factory defaults on the access point . (This will clear all of your previous setting s, including updated passwords.) 7 Repeat steps 4 through 6 for ever y ac[...]
-
Page 54
49 www .gate wa y .com 8 Refresh the cluster view by clicking C luster > Acces s Point s o n t h e A d m i n i s t r a ti o n W e b pages for any one of the a ccess points. The Access Points clu ster management page ope ns. 9 Click Refresh . At this point you should see all previous cluster members displayed in the list. Before proceeding to the[...]
-
Page 55
50 ww w . g at eway . c om Understanding access point settings The Acces s Poi nts tab on the Administ ration W eb page provid es information about all access points on the wireless network. From this tab, you can view location descriptions, IP addresses, enable (activate) or disa ble (deactivate) clustered access p o ints, and remove a c cess poin[...]
-
Page 56
51 www .gate wa y .com W o rking with access poin ts in a cluster Modifying the location description T o make modifications to the location description: 1 Click Basi c Settings on the Administration W eb p age. 2 Update the location description in sec tion 1 under “Review Description of this Access Point.” 3 Click Updat e to app ly th e cha nge[...]
-
Page 57
52 ww w . g at eway . c om A dding an access point t o a cluster T o add an access point that is currently in standalone mode back into a cluster: 1 Go to the Admin istration W eb pages for the standalone a ccess point. (See “N avig ating t o a n A P b y u s i n g i t s I P a d d r e s s i n a U R L ” o n p a g e 5 3 .) The Administration W eb [...]
-
Page 58
53 www .gate wa y .com Na viga ting to informa t ion for a specific AP and managing standalone APs In general, Ga teway 7001 Series self-mana ged APs are designed for ce ntral management of clustered access po ints. For access points in a c luster , all access points in the cl uster reflect the same configura tion. In this case, it does not matter [...]
-
Page 59
54 ww w . g at eway . c om[...]
-
Page 60
Chapter 5 55 Mana ging User A ccounts ■ Navig ating to user manage ment for clustered ac cess points ■ V iewing and changing user accounts ■ Adding a user ■ Editing a user accountt ■ Enabling and disabling user a cco unts ■ Removing a user[...]
-
Page 61
56 ww w . g at eway . c om Introduc tion The Gateway 7001 Series self-managed APs in clude user management capabilities for controlling clien t a ccess to access points. User management and a uthentication must always be used in con j unction wi th the following two security m odes, which require us e of a RADIUS server for user authentication and [...]
-
Page 62
57 www .gate wa y .com Na viga ting to user management f or cluster ed access p oints T o set up or modify user accounts, c lick Cluster > User Mana gement on th e Administration We b p a g e . T h e Manage us er acc ounts sc re en opens.[...]
-
Page 63
58 ww w . g at eway . c om Viewing and changing user acc ounts Viewing user acc ounts User accounts are show n at the top of the Ma na ge user accounts sc reen under User Accounts. User name, re al name and st atus (enabled o r disabled) are sho wn. Y ou can mak e modifications to a n existing user account by first selecting th e checkbox next to a[...]
-
Page 64
59 www .gate wa y .com E d iting a user acco unt After you have created a user acc ount, it is displayed under User Account s at the top of the User Management W eb page. T o make modificati o ns to an existing user account, first click the checkbox next to the user name so that a checkmark is displayed in the box. Then, choos e an acti on such as [...]
-
Page 65
60 ww w . g at eway . c om T o disable a user account: ■ On the User Management W eb p a ge, under User Accounts, clic k the box next to the user name, then click Disable . A user with an acc o unt that is disabled cannot log on to the wireless access point s in your network as a client. H o wever , the user remains in the databas e and can be en[...]
-
Page 66
Chapter 6 61 Session Monit oring ■ Navigating to sess io n monitoring ■ Understanding sess io n monitoring information ■ V iewing session information for access poi nts ■ Sorting se ssion information ■ Refreshin g session information[...]
-
Page 67
62 ww w . g at eway . c om Na viga ting to session monito ring T o view session monito ri ng information, click Cluster > Sessio ns on the Administration We b p a g e . T h e Monitor active client sta tion sessions page o pens.[...]
-
Page 68
63 www .gate wa y .com Understanding session monitoring inf o rma tion The Monitor ac tive client station sessions page shows the stations associated with a c cess points in the cluster . A session in this context is the period of time in which a user on a client device (station) with a unique MAC a ddress maintains a connec ti on with the wireless[...]
-
Page 69
64 ww w . g at eway . c om Signal Indicates the strength o f the ra dio frequency (RF) signal th e client rec eives from the a ccess point. The meas ure used f or this is an IEEE 8 02.1x v alue know n as Received Signal Stren gth Indicatio n (RSSI), and will be a v alue betw een 0 and 100. RSSI is de ter mined by a an I EEE 802.1x me chanism impl e[...]
-
Page 70
65 www .gate wa y .com Viewing session inf ormation f or acc ess points Y ou can view session informa tion for all access po ints on the network at th e same time, or set the display to show session informat ion for a spec ified access point chosen from the list at the t o p of the screen. T o view information on all access points, select the Sho w[...]
-
Page 71
66 ww w . g at eway . c om[...]
-
Page 72
Chapter 7 67 Adv anc ed Configur ation ■ Configuring an Ethernet (wired) interface ■ Configuring a wireless interface ■ Configuring network security ■ Configuring radio settings[...]
-
Page 73
68 ww w . g at eway . c om C onfiguring an E thernet (wir ed) inter face Ethernet (W ired) Settings describe the configuration of your Ethernet lo cal ar ea netw ork ( LAN ) Caution The Ethernet Setti ngs, incl uding Gues t Access, are n ot shared ac ross the clus ter . These setti ngs must b e configure d individual ly on the Admi nistration p age[...]
-
Page 74
69 www .gate wa y .com Na vigating to Ethernet (wired) settings T o set the wired address for an acces s point, Advanc ed > Ethernet (Wired) Settin gs on the Administratio n W eb page, and update the boxes as described in the following section. Setting the DNS name Field D escr iptio n DNS Name T ype a DNS name for the access poin t i n the te x[...]
-
Page 75
70 ww w . g at eway . c om Enabling or Disabling Guest Acc ess Y ou can p rovide co ntroll ed gues t acces s over an isol ated netw ork an d a secu re inter nal LAN on the same Ga teway 7001 Series se lf-managed AP . C onfigur ing an int ernal LAN and a gue st network A Local Area Network (LAN) is a communications network covering a li mited area, [...]
-
Page 76
71 www .gate wa y .com Choose either physically sepa ra te or virtually separate interna l a nd guest LANs as described in the following section. C onfiguring Internal inter face E thernet settings T o configure Ethernet (Wired) set tings for the internal LAN, fill in the boxes as described in the following table. Field D escr iptio n F or Internal[...]
-
Page 77
72 ww w . g at eway . c om Connection T ype Y ou can select “DHCP Client” or “Static IP”. The Dynamic Host Config uration Protocol (DHCP) is a protocol spe cifying how a centrali zed server can provi de network co nfiguration inf or mation t o clients. A DHCP server “off er s” a “lease” to the client system. The inf orm ation suppli[...]
-
Page 78
73 www .gate wa y .com C onfiguring Guest inter fac e Ethern et settings T o configure Ethernet (Wired) setti ngs for the “Guest” int e rface, fill i n the boxes as described in the following table. Updating settings T o ap ply you r chang es, click Update . Field D escr iptio n MA C Address Show s the MA C address for the guest interf ace f or[...]
-
Page 79
74 ww w . g at eway . c om C onfiguring a wireless inter face Na vigating to wireless settings T o set the wireless address for an access point, click Adv anced > Wirel ess Settings on the Administratio n W eb page, and update the boxes as described in the following section. C onfiguring the radio int er f ace The radio inte rface lets you set t[...]
-
Page 80
75 www .gate wa y .com Field D escr iptio n MA C Addr esses (Shown on dual-ban d AP only ) Indicat es the Media Ac cess Control ( MAC) a ddresses f or the inte rface . On the du al band AP only , the MA C address es for Rad io Interf ace One (Internal/Gues t) and Radio Interf ace T wo (Internal/Gues t) are shown . A MA C address is a permanent, uni[...]
-
Page 81
76 ww w . g at eway . c om C onfiguring internal LAN wireless settings The internal settings describe the MAC Address (re ad-only) and Networ k Name (also known as the SSID) for the internal W ireless LAN (W LAN) as described in the following section. C onfiguring guest network wir e less settings The Guest Settings describe the MAC Add ress (read-[...]
-
Page 82
77 www .gate wa y .com Updating settings T o ap ply you r chang es, click Update . SSID T ype the SSID for the internal WLAN. The Service Set Identif ier (SSID) is an alphanu mer ic string of up to 32 chara cters that uniq uely identif ies a wirele ss local area net work. It is als o ref erred to as the N etwork Name. Th ere are no restriction s on[...]
-
Page 83
78 ww w . g at eway . c om Enabling a netw ork time pr otoc ol ser v er The Netwo rk Tim e Prot ocol ( NTP ) is an Internet stan dard protoco l that synchro nizes computer clock times o n your network. NTP servers transmit C oordi nate d Uni ver sal Time (UTC, also known as Greenwich Mean T ime ) to their client systems. NTP sends periodic t ime re[...]
-
Page 84
79 www .gate wa y .com Enabling or disabling a network time protoc ol (NTP) ser v er T o configure your access point t o use a network time protocol (NTP) server , first enable the use of NTP , then selec t the NTP server you want to use. (T o shut down NTP service on the network, disable NTP on the access point.) Updating settings T o ap ply you r[...]
-
Page 85
80 ww w . g at eway . c om C onfiguring netw ork security Understanding security issues on wireless networks W ireless mediums are inherently less secure than wired mediums. For example, an Ethernet NIC transmits its p ackets over a physical medium such as coaxial cable or twisted pair . A wireless NIC bro adcasts radio sign als over the ai r allow[...]
-
Page 86
81 www .gate wa y .com C omparison of secur ity modes for k ey manageme nt, authen tication, and encryption algorithms The three major factors that determine th e effectiveness of a security p r otocol are: ■ How the protoc ol manages keys ■ Presence or absence of integrated user auth entication in the protocol ■ Encryp tion algorithm or form[...]
-
Page 87
82 ww w . g at eway . c om Recommendations Static WEP was designed to provide security equivalent of sending unencrypted data through an Etherne t connection, however it has ma jor flaws and it does not p rovide even this intended level of security . Therefore, Static WEP is no t recommended as a secure mode. The o nly time to use Sta tic WEP is wh[...]
-
Page 88
83 www .gate wa y .com Recommendations IEEE 802.1x mo d e is a b e tter choic e than Static WEP because keys are d y namically generated and changed periodically . Howe ver , the encryption algorithm used is the same as that of Static WEP and is therefore not as reliable as the more ad vanced enc ryption methods such as TKIP and CCMP ( AES) used in[...]
-
Page 89
84 ww w . g at eway . c om Recommendations WP A with RADIUS mode is the recommended mode . The CCMP (AES) and TKIP encryption algorithms used with WP A modes are far superior to the R C4 algorithm used for Stati c WEP or IEEE 802.1x modes . Therefore, CCMP (AES) or TKIP should be used whenever possible. All WP A modes allow you to use these encrypt[...]
-
Page 90
85 www .gate wa y .com For information o n how to configure WP A with RA DIUS security mode, see “WP A with RADIUS” o n page 95 . When to use WP A-PSK W i-Fi Protected Access (WP A) with Pre-Shared K ey (PSK) is a W i-Fi Alliance su bset of IEEE 802.11i, which inclu des T emp oral Key Integrity Protoco l (TKIP) and 802.1x me chanisms. This mode[...]
-
Page 91
86 ww w . g at eway . c om For example, some devices on your network may not support WP A with EAP talking to a RADIUS server . Embedded printer servers o r ot her small client devices with ver y limited space for implementation may no t support RA DIUS. For such cases, we recommend that you use WP A-PSK. For information on how to configure WP A-PS[...]
-
Page 92
87 www .gate wa y .com Na vigating to security settings T o set the sec urity mode, click Advan ced > Security o n the Administrati o n W eb page. The Modify security se ttings that apply to the inte r nal net work screen o pens. Update the boxes as described in the following section. C onfiguring security settings The following configuration in[...]
-
Page 93
88 ww w . g at eway . c om Broad cast SSID and Security Mode T o configure security on the access point , selec t a security mode a nd fill in t he re lated boxes as described in the following table. (Not e you can a lso allow or prohibit the Broa dcast SSID as an extra precaution a s mentioned in the following section.) Plain-text Plain T ext mean[...]
-
Page 94
89 www .gate wa y .com For a minimum level of p rotection on a guest network, you can c hoose to suppress (prohibit) the broadc a st of the SSID ( netwo rk name) to discourage client st ations from automaticall y discovering your access p oint. (See also “Does Prohibiting the Broadcast SSID Enhance Security ?” on page 86 .) (For more about the [...]
-
Page 95
90 ww w . g at eway . c om Field D escr iptio n T ransfer K ey Inde x Sele ct a key index from the l ist. Key index e s 1 thro ugh 4 a re available. T he defaul t is 1. The T ransf er Ke y Inde x indica tes which WEP k ey the access poi nt will use to encrypt the dat a it trans mits. K ey Length Spec ify the length of the ke y by clicki ng one of t[...]
-
Page 96
91 www .gate wa y .com Rules to Reme mber for Static WEP ■ All client stations m ust have the Wireless LA N (WLAN) security set to WEP and all clients must hav e one of the WEP keys spec ified o n the AP in order to de-crypt AP-to-station data transmi ssions. ■ The AP must have all keys used by clients for station-to-AP tra nsmit so that it can[...]
-
Page 97
92 ww w . g at eway . c om Example of Using St atic WEP For a simple example, supp ose you configure three WEP keys on the ac cess point. In our example, the T ransfer Key Index for the AP is set to 3 . This mea ns that the WEP key in slot 3 is the k e y the access poi nt will use to encryp t the data it se nds. Y ou must then set all client statio[...]
-
Page 98
93 www .gate wa y .com If you have a second client s tation , that st ation al so need s to hav e one of the WEP k eys defined on th e AP . Y o u could g ive it the same WEP key you ga ve to the first station. Or for a more secure solutio n, you could give th e second station a different WEP key (key 2, for example) so that the two stations cannot [...]
-
Page 99
94 ww w . g at eway . c om When configurin g IEEE 802.1x mode, you have a ch o ice of whethe r to use the embedded RADIUS server or an external RADIUS server that yo u provide . The Gateway 7001 Series self-managed AP embedde d RADIUS server su pports Protected EAP (PEAP) and MSCHAP V2. If you use your own RADIUS server , you have t he o ption of u[...]
-
Page 100
95 www .gate wa y .com WP A with RADIU S W i-Fi Protec ted Access (WP A) wit h Remote Authe ntication Dial-In Use r Service ( R A D I U S ) i s a W i-Fi Alliance subset of IEEE 802.11i, whic h includes T emporal Key Int egrity Protocol (TKIP), Co unter mode/ CBC-MAC Protoc ol (CCM P) Advanced Enc ryptio n Standard (AES ), and 802.1x me chanisms. Th[...]
-
Page 101
96 ww w . g at eway . c om Field D escr iptio n Ciphe r Suites Select th e cipher y ou want to use from the l ist: • TKIP • CCMP (AES) • Both T emporal Key I ntegrity Prot ocol (TKIP) is the def ault. TKIP provide s a more secure encryption so lution than WEP k eys. The TKIP process more frequent ly changes th e encryption ke y used a nd bett[...]
-
Page 102
97 www .gate wa y .com WP A-PSK W i-Fi Protected Access (WP A) with Pre-Shared K ey (PSK) is a W i-Fi Alliance su bset of IEEE 802.11i, which inc ludes T emporal Key Integrit y Protocol (TKIP), Advanced Enc r yption Algorithm (AES) , Counter mode/CBC-MAC Pr otocol (CCMP) 802 .1x mechan isms. PSK employs a pre-shared key . This is used for an initia[...]
-
Page 103
98 ww w . g at eway . c om Updating settings T o ap ply you r chang es, click Update . Field D escr iptio n Ciphe r Suites Select th e cipher y ou want to use from the l ist: • TKIP • CCMP (AES) • Both T emporal Key I ntegrity Prot ocol (TKIP) is the def ault. TKIP provide s a more secure encryption so lution than WEP k eys. The TKIP process [...]
-
Page 104
99 www .gate wa y .com Sett ing up Gu est A ccess Out- of- th e-b ox gu est in ter face fe atur es a llo w yo u to conf ig ure the G ate wa y 700 1 S erie s self-managed AP for controlled guest a ccess to an isolated network. Y ou can configure the same access point to broadc ast and function as two differen t wireless networks: a secure Internal L[...]
-
Page 105
100 ww w . g at eway . c om C onfiguring the guest inter face T o configure the Guest interface: 1 Do one of th e foll owin g: Configure the access point to represent two ph ysically separate networks as described in the following section, see “Configurin g a physically separate guest network” on page 10 0 . OR - Configure the access point to r[...]
-
Page 106
101 www .gate wa y .com (Start b y cho osing For Interna l and Guest access, us e two: Ethernet P orts as described in “Specifying a p hysical or virtual Guest network” on page 70 .) 3 Provide the radio interfac e settings and network names (S SIDs) for both internal and guest networks as described in “Configuring a wireless interface” on p[...]
-
Page 107
102 ww w . g at eway . c om T o set up the captive portal: 1 Click Advanc ed > Guest Login on the Administrati on We b p a g e . T h e Modif y guest welcome screen sett ings screen opens. 2 Cho ose Enabled to a ctivate the welcom e screen. 3 In the Welcom e Scre en Te xt box, type the text message you would like g ue st clients to see on the cap[...]
-
Page 108
103 www .gate wa y .com 3 The guest client chooses Guest SSID . The guest client s tarts a W e b browser an d receiv es a Guest W elcome Screen. The Gu est W elcome Screen provides a button for the cli e nt to click to con tinue. The guest cl ient can now use the “gue st” network. Deplo yment example In the figure, the dotted red lines indic at[...]
-
Page 109
104 ww w . g at eway . c om C onfiguring r adio settings Understanding ra dio settings Radio settings direc tly control the behavior of the radio de vice in the access point and its interaction with the physical medium, specifically how and w hat type of electromagnetic waves the AP emits. Y ou can specify whether the radio is on or off, radio freq[...]
-
Page 110
105 www .gate wa y .com Na vigating to r adio settings T o specify radio settings, click Ad vanced > Radio on th e Administratio n W e b page. The Modify radio set tings screen o pens. Update the boxes as descr ibed in the following section.[...]
-
Page 111
106 ww w . g at eway . c om C onfiguring radio settings Field D escr iptio n Radio The Gatew ay 700 1 Series self-manage d AP is av ailab le in a dual band and single band ve rsion. Single-Band AP : If y ou ha ve the single ba nd ve rsion of th e Gatew ay 7001 AP , this b ox i s not includ ed on the Radi o tab . Dual-Band AP : The dual band access [...]
-
Page 112
107 www .gate wa y .com Beacon In ter v al Beacon fra mes are transm itted by a n access point at regular interva ls to announc e the e xistence of t he wireless net work. The def ault beh avior is to send a be acon frame once e very 100 mill iseconds (or 10 p er second). The Beaco n Interval v alue is se t in milli seconds . T ype a value from 20 [...]
-
Page 113
108 ww w . g at eway . c om RTS Thres hol d Speci fy an RTS Thres hol d value be tween 0 an d 2347 . The R TS thresho ld specifies th e pack et size of a req uest to send (R TS) trans missio n. This hel ps control tr affic flo w through the ac cess point, e specially o ne with a lot of c lient s. If yo u specify a lo w threshold v alue , RTS pac ke[...]
-
Page 114
109 www .gate wa y .com Updating settings T o ap ply you r chang es, click Update . Important If y ou are using th e dual band v ersion of th e Gatew ay 70 01 Series self-m anaged AP , k eep in m ind that b oth Radio O ne and Radio T wo are configure d on this tab . The displa y ed settin gs apply to ei ther Radio O ne or Radio T wo , depe ndi ng o[...]
-
Page 115
110 ww w . g at eway . c om C ontr olling acc ess by MA C address filtering A Media Access Control (MAC) address is a hardware address that uniquely identifies each node of a network. All IEEE 802 network devices share a common 48-bit MAC address format, usually displayed a s a string of 12 hexadecimal digits separ ated by colons, for example FE:DC[...]
-
Page 116
111 www .gate wa y .com U sing MA C address filtering This page le ts you control access to G ateway 7001 Series self-m anaged AP based on Media Access Control (MAC) addresses. Based on how you set the filter , you can allow only client stations with a listed MAC address or prevent access to the statio ns listed. For the guest interface, MAC fi lte[...]
-
Page 117
112 ww w . g at eway . c om C onfiguring a W ireless Distr ibution Sys te m ( W DS ) The Gateway 7001 Series self-managed AP lets you connect multiple access poin ts using a W ireless Distribution Syst e m (WDS). WDS l ets access points commun icate with one another wirelessly in a standardized way . This capability is c ritical in providing a seam[...]
-
Page 118
113 www .gate wa y .com Conferenc e Room (LAN 1), and another Ethern et-wired access point ser ving stations in the W est Wing off ices (L AN 2). Y o u can bridge the C onference Room and W est Wing acce ss points with a WDS l ink to create a single network for clients in both areas. Usi ng WDS to extend th e network be yond th e wired co ver age a[...]
-
Page 119
114 ww w . g at eway . c om by p lacing a s econd ac cess po int clos er to se cond grou p of stati ons (“ Poolside ” in our example) and bridge the two APs with a WDS link. This extends your network w irelessly by providing a n extra hop to get to dista nt stations. Backu p links and unwant ed loo ps in WDS bridg es Another use for WDS bridgin[...]
-
Page 120
115 www .gate wa y .com Sec uri ty con side rations related to WD S brid ges Stati c W ired E q uivale nt Privacy (WEP) is a data encryption protocol for 802.1 1 wirele ss networks. Both a ccess points in a give n WDS link must be co nfigured with the same security settings. For static WEP , either a static 64-bit (40-bit secret key + 24-bit init i[...]
-
Page 121
116 ww w . g at eway . c om Important The f ollo wing figure shows the WDS settings page f or the dual band AP ( Gatew ay 70 01 802.11 A+G Wi reless Access P oint). The Administr ation We b page for the single band AP (Ga tewa y 7001 8 02.11 G Wirel ess Access P oint) will loo k slightly diff erent.[...]
-
Page 122
117 www .gate wa y .com C onfiguring WDS settings The following notes summarize so me critical guidelines regard ing WDS configura tion. Read all the notes befo re proceeding with WDS c onfiguration. T o configure WDS on this access point , descri be each AP intended to receive hand-offs and send information to this AP . Each destination AP needs t[...]
-
Page 123
118 ww w . g at eway . c om Field D escr iptio n Radio The Gatew a y 7001 AP is a v ailable in a dual ban d and single ba nd vers ion. Single-Band AP : On the single b and v ersion of the Gatew a y® 7001 AP , this box is not i ncluded on th e WDS tab. Dual-Band AP : F or each WDS link on a du al-band AP , select R adio One or R adio T wo . The res[...]
-
Page 124
119 www .gate wa y .com Example of c onfiguring a WDS link When using WDS, be sure to confi gure WDS settings on both access points on the WDS link. T o create a WDS link between a pair of access points: 1 Open the Administration W eb pages for MyAP1 (for example), by typ ing the IP address for MyAP1 as a URL in the W eb browse r address bar in the[...]
-
Page 125
120 ww w . g at eway . c om 3 Configure a WDS in terface for data exch ange with MyAP2 (for exam ple). Start by typi ng the MAC address for MyAP2 as the “Remote Address” and fill in the rest of the boxes to specify the network (gue st or internal), security , and so on. Save the settings (click Update ). 4 Click Adv anced—>Radio on the Adm[...]
-
Page 126
121 www .gate wa y .com C onfiguring security se ttings on wireless clients T ypically , users will configure security on thei r wireless clients for a ccess to many different networks (access po ints). The list of “Availa ble Netwo rks” will c hange depending on the location of the cl ient and which APs are online and detectable in that loc at[...]
-
Page 127
122 ww w . g at eway . c om ■ “Configuring a cl ient to access an unsecure n e t w o r k ( p l a i n t e x t m o d e ) ” o n p a g e 1 2 5 ■ “Configuring sta tic WEP security on a client” on page 126 ■ “Configuring IEEE 802.1x securi ty on a client” on page 129 ■ “Configuring WP A with RADIUS security o n a c lient” on page [...]
-
Page 128
123 www .gate wa y .com ■ “IEEE 802.1x client u sing EAP-TLS certificate” on p age 133 ■ “WP A with RADI US client using EAP-TLS c e rtificate” on page 141 ■ “Configuring a n external RADIUS server to recognize the Gateway 7001 AP” on page 14 6 ■ “Obtaining a TLS-EA P certificate for a client” on page 151 Details on how t o [...]
-
Page 129
124 ww w . g at eway . c om d Select the SSID of the network to which you want to connec t, then c lick Advanced. The Wir eless Network Connection Pr operties dialog box, which lists available networks and preferred n etworks, opens. 2 From the list of A v ailable n e tworks select the SSID of the network to whi ch you want to connect, th en click [...]
-
Page 130
125 www .gate wa y .com Use this dialog box for configuring all the different types of client security de sc ribed in the following sections. Make sure that the W ireless Net work Prope rt ies dialo g box you are working in pertains to the Network Name (SSID) for th e network yo u want to reach on the wireless client y o u are configuring . C onfig[...]
-
Page 131
126 ww w . g at eway . c om C o nfiguring stat ic WEP securit y on a clie nt Stati c W ired Equivalent Privacy (WEP) encrypts data moving across a wireless network based on a static (non-changing) key . The encryption algorithm is a “stream” cipher called RC4. The access point uses a key to transmit data to the client statio ns. Each client mus[...]
-
Page 132
127 www .gate wa y .com T o configure WEP secur ity on each client: 1 On the Net work Prop ert ies dialog box, selec t the Association tab. The Associat ion dialog box opens. 2 Sele ct Open or Shar ed in the Network Authentication list , then select WEP in the Data encry ption list. 3 T ype a Ne twor k key in t he bo x pro vide d. Make sure the net[...]
-
Page 133
128 ww w . g at eway . c om C onnecting t o the wi reless network with a st atic WEP client Stat ic WEP cli ents shou ld now be abl e to associ ate and aut hentic ate with the access po int. As a client, y ou will not be prompted for a W EP key . The WEP key configured on the client security settings is automa tically used when you connect. Associa[...]
-
Page 134
129 www .gate wa y .com C o nfiguring IEEE 80 2.1x securit y on a cl ient IEEE 802.1x is the standard d efining port-based authentication and infrastructure for doing key management. Extensible Authentica tion Protoco l (EAP) messages are sent over an IEEE 802.11 wireless n etwork using a protocol calle d EAP Encap sulation Over LANs (EAPOL). IEEE [...]
-
Page 135
130 ww w . g at eway . c om T o configure the clients with IEEE 802.1x security with PEAP authentication: 1 On the Net work Prop ert ies dialog box, selec t the Association tab. The Ass ociation dialo g box opens. 2 Sele ct Op en in the Network Authentication list, select WEP i n the Data Encryption list, then cli c k to select the Th e key is pr o[...]
-
Page 136
131 www .gate wa y .com 4 Click to select the Enable IEEE 802.1x authenticat ion for this network check box, sel ect Pr otected EAP (PEAP) from the EAP type list, t he n click Properties . The Protected EAP Proper ties dialog box op ens. 5 Click to clear the V alidate server certificate che ck box, sele ct Secured pass wor d (EAP-MSCHAP v2) from th[...]
-
Page 137
132 ww w . g at eway . c om Logging on to the Wireles s Network with an IEEE 802.1x PEAP Client IEEE 802.1x PEAP c lients should now be able to associ ate with the access point. Client users will be prompted for a user na me a nd password to authentic ate with the network. Associat ion T a b Network A uthentic ation Open Data E ncr yption WEP Note:[...]
-
Page 138
133 www .gate wa y .com IEEE 802 .1x client using EAP-T LS cer tificate Extensible Authenticati on Protocol (EAP) T ransport Lay e r Security (TLS ), or EAP-TLS, is an authentication proto c ol that supports the use of smart cards and certificates. Y ou have the option of using EAP-T LS with both WP A with RAD IUS and IEEE 802.1x modes if y o u hav[...]
-
Page 139
134 ww w . g at eway . c om If you configured the Gateway 7001 AP to use IEEE 802.1x security mode with an external RADIUS server , you need to configure IEEE 802.1x security with certificate authentic ation on ea ch client. T o configure each client for IEEE 802.1x security with certificate authentication: 1 On the Net work Prop ert ies dialog box[...]
-
Page 140
135 www .gate wa y .com 3 Click the Authenticatio n tab. The Authenti cation dialog box op ens. 4 Click to selec t the Enable IEEE 802.1 x authentication f or this netw ork check bo x, sele ct Smart Card or other Cer tificate from the EAP type list, then click Properties . The Smart Card or other Certificate Properties dialog box opens.[...]
-
Page 141
136 ww w . g at eway . c om 5 Enable the V ali dat e ser ver cer ti fica te option, th e n select th e name o f the certificate you downloaded for t his client in step 4 of the previous procedure. For more information, see “Obtaining a TLS-EAP certificate for a client” on page 151 . 6 Click OK on each dialog box to close and sa ve the settings.[...]
-
Page 142
137 www .gate wa y .com C o nfiguring W P A with RADIUS se curity on a client W i-Fi Protec ted Access (WP A) with Remote Authentication Dial-In User Service (R ADIUS) is a W i-Fi Alliance subset of IEEE 802.11i, which includes T emporal Key Integrity Protocol (TKIP), and Cou nter mode/ CBC-MAC Protocol me chanisms. This mod e requires the use of a[...]
-
Page 143
138 ww w . g at eway . c om T o set up user accounts on the access point: 1 Access the Administ ra tion W eb page for the access p o int ( “Navigating to basic settings” on p age 30 ), then click Cluster > User Manageme nt . The Man age user accounts screen opens. 2 Set up us e r accounts as necessary . T o configure WP A security with PEAP [...]
-
Page 144
139 www .gate wa y .com 2 Sele ct WP A in the Network Authentication list, and TKIP or AES in th e Data Encryption list, then click t he Authentica tion tab. The Authenticatio n dialog bo x opens. 3 Sele ct Protected EAP (PEAP) from the EAP type list, then click Pr operties . The Protected EAP Proper ties dialog box opens .[...]
-
Page 145
140 ww w . g at eway . c om 4 Disable the V alidate s erver certificate op tion, sel ect Secured pass wor d (EAP-M SCHAP v2) from the Select Authentic ation Method list, then click Configu r e . The EAP MSCHAP v2 Propert ies dialo g box opens. 5 Click (to uncheck) the A utomaticall y use m y Windows login name and pas swo rd (and domain, if a ny) b[...]
-
Page 146
141 www .gate wa y .com WP A wit h RADIUS c lient us ing EAP-TL S cert ificate Extensible Authenticati on Protocol (EAP) T ransport Lay e r Security (TLS ), or EAP-TLS, is an authentication protocol that supports the use o f sma rt cards and certifica tes. Y ou have the option of using EAP-T LS with both WP A with RAD IUS and IEEE 802.1x modes if y[...]
-
Page 147
142 ww w . g at eway . c om If you configured the G ateway 7001 AP to use WP A with RADIUS security mode with an external RADIUS server , you must configure WP A security with certificate authentication on ea ch client. T o configure WP A security with certificate authentication on each client: 1 On the Net work Prop ert ies dialog box, selec t the[...]
-
Page 148
143 www .gate wa y .com 3 Sele ct S mar t Card or ot he r Ce rt ifi cat e from the EAP T ype list, click to select the A uthenticate as computer when com puter inf ormation is av ailable check box , then click Properties. The Sm art Card or other Certificate Properties dialog box op ens. 4 Sele ct th e V alidate serv er certificate option, then sel[...]
-
Page 149
144 ww w . g at eway . c om Logging on to the wireless network with a WP A client usin g a certific ate WP A clients should no w be able to connect to the access poi nt using their TLS certificates. The certificate you installed is used when you connect, so you will not be prompted for login information. Th e certificate is auto ma tically sent to [...]
-
Page 150
145 www .gate wa y .com C onnecting t o the wi reless network with a WP A-PSK clie nt WP A-PSK cli ents should now be able to associate and authenticate with the access point. As a client, you will not be prompted for a key . The TKIP or AES key you configured on the client security s ettings is automatically used when y ou connect. Associat ion T [...]
-
Page 151
146 ww w . g at eway . c om Configu ring a n ex tern al R ADIUS ser ver to re cogn ize th e G ateway 7001 AP An external Remo te Authentication Dial-in Us er Server (RADI US) server running o n the network can supp o rt of E AP-TLS smart card/certificate distributio n to clients in a Public Key Infrastructure (PKI) a s well as EAP-PEAP user account[...]
-
Page 152
147 www .gate wa y .com Keep in mind that the information you need to provide to the RADIUS server about the access point corresponds to settings on the a ccess point ( Advanced > Sec urity ) and v ice vers a. Y ou should have already provided the RADIUS server IP Address to the AP . In the steps that follow you will provide the a ccess point IP[...]
-
Page 153
148 ww w . g at eway . c om T o identify your Gateway 7001 AP as a client to the RADIUS ser ver: 1 Log on to the system hosting your RAD IUS server and open the Internet Authentication Service. 2 In the left panel, right- click the RA DIUS Clients no de and choose New > Radius Client from the menu. 3 On the initial sc reen of the New RADIUS Clie[...]
-
Page 154
149 www .gate wa y .com ■ A logical (friendly) name for the acce ss point. (Y ou might want to use the DNS name or location.) ■ IP address for the access point. 4 Click Nex t . 5 For the “S hared secret” enter the RAD IUS Key you provid ed to t he access point ( on the Advanced > Security pa ge). Re-type the key to confirm.[...]
-
Page 155
150 ww w . g at eway . c om 6 Click Finish . The access point is now displayed as a client of the Authentication S er ver .[...]
-
Page 156
151 www .gate wa y .com Obtain ing a TLS-EAP cer tif icate for a client W ireless clients configured to use either “W P A with RADI US” or “IEEE 802.1x” security modes with an external R ADIUS serv er that supports TL S-EAP certificates must obtain a TLS certific a te from the RADIUS server . This is an initial one-time step t hat must be c[...]
-
Page 157
152 ww w . g at eway . c om Click Ye s to proceed to the secure W eb page for the serve r . The We l c o m e screen for the Cer tificat e Serve r is displa yed in th e browser . 2 Click Request a certifica te to get t he l ogi n pro mp t for the R ADI US ser ve r . 3 Provide a valid user name and password to access the RADIUS server, t hen click OK[...]
-
Page 158
153 www .gate wa y .com The Requ est a Cer tif icat e dialog box opens. 4 Click User C er tificate . A Security W ar ning opens. 5 Click Ye s on the dialog box display e d to install the ce rtificate. The User Ce rtifica te - Ident ifyi ng In for mat ion dialog box opens.[...]
-
Page 159
154 ww w . g at eway . c om 6 Click Submit to com ple te . A Potential Security Violat ion dialog box opens. 7 Cli ck Ye s to confirm the submittal. The Certificate Issued dialog box opens. 8 Click In stall this ce r tificate to install the newly issued certificate on your client sta tion, Then click Ye s on the p opup w indows that appe ar to c on[...]
-
Page 160
155 www .gate wa y .com S etting the administra tor password The administrator p assword controls access to the Administra tion W e b pages fo r the Gateway 7001 Series self-managed AP . This setting is also available on the Basic Settings administration p age. When you set the administrator passwo rd in either place and apply the change, the new p[...]
-
Page 161
156 ww w . g at eway . c om Updating settings T o ap ply you r chang es, click Update . Field D escr iptio n Existin g Pa s sw o r d T ype a new ad ministrato r pass word. The te xt yo u type will be displ ay ed as “*” char acters to pre ve nt others from seei ng your p assw ord as y ou type. Ne w P ass word Re-typ e the new administr ator pass[...]
-
Page 162
Chapter 8 157 Maint enanc e and Monit oring ■ Interfa ces ■ Event log ■ T ransmit/receive statistics ■ Associ ated wireless cli ents ■ Rebooting the access point ■ Resetting the configuration ■ Upgra ding the firmware[...]
-
Page 163
158 ww w . g at eway . c om Introduc tion The maintena nc e and monit oring tasks describe d he re all pert ain to view ing and mo difyin g settings on specific access points, and not on a cluster configuration tha t is automatical ly shared by mul tiple access points. Th erefore, it is important to ensure that you are acce ssing the Administratio [...]
-
Page 164
159 www .gate wa y .com Int er faces T o monitor wired LAN and wireless LAN (WLAN) settings, select the access point you want to monitor on the Adminis tration W eb page, then click Status > Interfaces . The Vi e w se t t i n gs for networ k interfaces screen opens. This page disp lays the current settings of t he Gateway 7001 Series se lf-manag[...]
-
Page 165
160 ww w . g at eway . c om Ethernet ( Wir ed) settings The internal interface includes th e MAC Address, IP Address, Subnet Mask, and Assoc ia ted Network Wireless Name (SSID). The guest interface includes the MAC Address, VLAN ID, and Associated Network Wireless Name (SSI D). If you want to change any of th ese settings, click Configure . W irele[...]
-
Page 166
161 www .gate wa y .com Even t l o g T o view transmit/receive statistics for a partic ular access point, select the access point you want to monit o r on the Administratio n W e b page, then c lick Status > Events . Th e V iew eve nts generated b y this access poin t screen opens. This page lis ts the most recent events generated by thi s acces[...]
-
Page 167
162 ww w . g at eway . c om T ransmi t/rec eiv e sta tistics T o view transmit/receive statistics for a partic ular access point, select the access point you want to monit o r on the Administratio n W e b page, then c lick Status > T ransmit/Re ceive Statistics . T he Vi ew transmit and re ceive statistics for thi s access point screen opens. Th[...]
-
Page 168
163 www .gate wa y .com Field Descrip tion IP Address IP Addres s for the access poi nt. MA C Address Gate wa y 7001 AP Admi nistrators Gui de MA C Address Medi a Access Control (M AC) addre ss fo r the specified in terface . A MA C address is a permanent, unique hardware address f or any de vice tha t represents a n interf ace to the ne twork. The[...]
-
Page 169
164 ww w . g at eway . c om Associa ted wireless client s T o view the client st ations associated with a partic ular access point, selec t the access point you want to monitor on the Administration W eb page, then click Status > Clien t Associations . The V iew list of currently asso ciated client stations sc ree n opens. The associ ated stat i[...]
-
Page 170
165 www .gate wa y .com Rebooting the acc ess poin t For maintenan ce purposes or as a troubleshoo ting measure, yo u can reboot the Gateway 7001 AP as follo ws. T o reboot the access point: 1 From the Adm inis tra tio n W eb page, click Ad vanced > Reb oot . The Reboot pa ge opens. 2 Click Reboot . Th e AP reboots.[...]
-
Page 171
166 ww w . g at eway . c om Resetting the configura tion If you are exp eriencing extreme pr oblems with the Gateway 7001 Series self-manage d AP and have tried all other t roubleshooting measures, use the Reset Configuration func tion. This will restore factory defaults and clear all settings , including settings such as a new password or wireless[...]
-
Page 172
167 www .gate wa y .com 2 Click Rese t . Fact ory defaul ts are restor ed. Important K eep in min d that if y ou do reset the c onfigur ation from this page , you are doing so f or this a ccess point on ly , and not f or other acces s points in the c luster . F or inf or mation o n the f actory def ault settings , see “De fault settin gs and supp[...]
-
Page 173
168 ww w . g at eway . c om Upgr ading the firmwar e As new versions of the Gateway 7001 Series self-man aged AP firmware become available, you can upgrade the firmwa re on your access po ints to take advantages of new features and enha ncements. T o upgrade the firmware on a particular access point: 1 Select the access p oint to upgrade from the A[...]
-
Page 174
169 www .gate wa y .com When clicking Update for the firmware upgrade, a popup confirmation window is displayed that de scribes the upgrade proc ess. Click OK to confirm the upgrade, a nd start the process 4 Repeat steps 1 to 3 for each access point you want to upgrade. Important T o v erify that the firmwa re upgrade completed su ccessf ully , che[...]
-
Page 175
170 ww w . g at eway . c om[...]
-
Page 176
Chapter 9 171 T roubleshoot ing and G etting Help ■ Known proble ms ■ T echnical s upport[...]
-
Page 177
172 ww w . g at eway . c om Kno wn problems The follo w ing table summarizes p roblems that ha ve been identifi ed in the Gatewa y 7001 AP software. Bug Numbers Description Workaround 2690, 27 03 IP address f or access p oint ma y change when Gu est Access is ena bled or when the DNS na me is change d. Use Kickstart or ch ec k DHCP logs to determin[...]
-
Page 178
173 www .gate wa y .com T echnical Suppor t Gateway offers a wide range of customer service, technical support, and information services. T elephone numbers Y ou can access the following services through your telephone to get a nswer s to your questi ons: Resource Service description How to reach Gatewa y T echni cal Suppor t T alk to a Gatew a y T[...]
-
Page 179
174 ww w . g at eway . c om[...]
-
Page 180
App end ix A 175 Glossar y[...]
-
Page 181
176 ww w . g at eway . c om 802 IEEE 802 ( IEEE Std. 802-2001 ) is a family of standards fo r peer-to-pe er communic ation over a LAN . These technologies use a shared-medium, wi th information broadcast for a ll stations to re ceive. T he basic communic ations ca pabiliti es pro vided are packet-based . The basic unit of transmission is a sequence[...]
-
Page 182
177 www .gate wa y .com 802.11b IEEE 802.11b ( IEEE Std. 8 02.11b-1999 ) is an enhancement of the initial 802.11 PHY to include 5.5 Mbps and 11 Mbps data rat e s. It uses direct sequence spread spectrum (DSSS) or frequency hoppi ng spread spectrum (FHSS) in th e 2.4 GHz ISM band as well as complementary code keying (CCK) to provi de the higher da t[...]
-
Page 183
178 ww w . g at eway . c om 802.1Q IEEE 802.1Q is the IEEE standard for Virtua l Loca l Area N etwor ks ( VLAN s) specific to wireless technologie s. (See http://www .ieee802.org/1/pages/802.1Q.html .) The standard addresses th e problem of how to break large networks i nto smaller parts to prevent broadcast a nd multicast data traffic from co nsum[...]
-
Page 184
179 www .gate wa y .com ■ The Beacon int er val defines the amount of time be tween transmitting beacon frames. Before entering power save mode, a station needs the beacon interval to know when to wake up to receive the beacon. ■ The Capability Informati on lists requirements of statio ns that want to join the WLAN. For example, it indicates th[...]
-
Page 185
180 ww w . g at eway . c om CCM P Coun ter mo de/C BC -MAC Protoc ol (CCMP) is an encryption meth od for 802.11i that uses AES . It employs a CCM mo de of operation, combining the Cip her Block Chaining Co unter mode (CBC-CTR) a nd the Cipher Block Cha ining Message Authentication Code (CBC-MAC) for encry ption and messag e integrity . AES-CCMP req[...]
-
Page 186
181 www .gate wa y .com DCF The Distribu tion Control Fu nction is a component of t he IEEE 802.11e Quality of Service (QoS) techno logy standard. The D CF coordinates c hannel access amon g multiple stations on a wireless network by controlling wait times f or channel access. W ait times are determined by a random backoff timer which is configurab[...]
-
Page 187
182 ww w . g at eway . c om EAP The Extens ible Authentic ation Protocol ( EAP) is a n authenticati on protocol that supports multiple methods, such as token cards, Kerberos, one-time passwords, certificates, public key authenticatio n, and smart cards. V ariations on EAP include EAP Cisco Wireless (L EAP), Protected EAP (PEAP), EAP-TLS, and EAP T [...]
-
Page 188
183 www .gate wa y .com Before a h ost on a LAN can access the Internet, it needs to know the address of its default gatew ay . HTML The Hypertext Markup Language ( HTML ) defines the structure of a documen t on the W orld W ide W eb. It uses tags and attributes to hint about a layout for the document. An HTML do cument starts with an <html> [...]
-
Page 189
184 ww w . g at eway . c om An infrastructure mo d e framework can be prov id ed by a singl e access point ( BSS ) or a number of access po ints ( ESS ). Intrusion D etection The Intrusion Detecti on System (IDS) i nspects all inbound network activity and reports suspicious pa tterns that may indicate a network or system att ack from someone attemp[...]
-
Page 190
185 www .gate wa y .com IPSe c IP Se curi ty (IPSec) is a set of protocols to support the secure exchange of packets at the IP layer . It uses sha red public keys. There are two encryption m odes: T ra nsport and T u nnel. ■ Tr a n s p o r t m o d e encrypts only the da ta portion (payload) of each packet, but leaves the headers untouched. ■ Th[...]
-
Page 191
186 ww w . g at eway . c om Lease Time The Lease T ime specifies the period o f time the DHCP Server gives its clients an IP Address and other required information. When the lease expire s, the client must request a new lease. If the lease is set to a short sp an, you can update your network information and prop agate th e info rmatio n provide d t[...]
-
Page 192
187 www .gate wa y .com NA T Network Addr ess T ran slation is an Internet st andard that masks the internal IP addresses being used in a LAN . A NA T server running on a gateway mai ntains a translation table that maps all internal IP addresses in outbound requests to its own address and converts all inbound requests to the c orr ect internal ho s[...]
-
Page 193
188 ww w . g at eway . c om ■ Layer 5, the Session layer , defines protocols for initiating, maint a ining, and ending communica tion and tran sactions across t he network. Some common ex amples of protocols that operate o n this layer are network file system (NFS) and struct ured query language (SQL). Also part of this l ayer are communication f[...]
-
Page 194
189 www .gate wa y .com PPP The Point- to-Point Pr otocol is a standard for t ransmittin g network l ayer datagra ms ( IP packets) over serial point-to-point links. PPP is designed to operate both over asynchronous connections and bit-oriented synchronous systems. PPPoE Point-t o-Point Protoco l over Ethernet (PPPoE) is a specification for connecti[...]
-
Page 195
190 ww w . g at eway . c om RC4 A symmetric stream cipher provided by RS A Sec urity . It is a variable key-size strea m cipher with byte orient ed operations. It allows keys up to 2048 bits in length. Router A rou te r is a ne twor k d evic e wh ich for war ds pack et s between networks. It is connected to at least two networks, commonly between t[...]
-
Page 196
191 www .gate wa y .com SSID The Service Set Identifier (SSID) is a thirty-two character alphanumeric key that uni quely i d e n t i f i e s a w i r e l e s s l o c a l a r e a n e t w o r k . I t i s a l s o r e f e r r e d t o a s t h e Network Name . There are no restric tions on t he charact ers that m ay be used in an SSID. Static IP Address S[...]
-
Page 197
192 ww w . g at eway . c om TCP The T r ansmi ssion Control Protoc ol (TCP) is built on top of Internet Protocol ( IP ). It add s reliable communication (guarantees delivery of data), flow-control, multiplexin g (more than one simultaneous c o nnection), and conn ection-oriented transmission (requires the receiver of a packet to acknowledge r eceip[...]
-
Page 198
193 www .gate wa y .com UDP neither guarantees delivery nor does it require a connection. It is lightweight and efficient. All error processing and retransmi ssion must be performed by the application progr am. Unicast A Unic ast sends a message to a single , specified receiver . In wireless networks, unic a st usually refers to an interaction in w[...]
-
Page 199
194 ww w . g at eway . c om Ty p i c a l ly, a n Access Point is connected to a wired LAN . WDS lets access p o ints b e connected wirelessly . The access points ca n functi on as wireless repeaters or bridges. WEP W ired Equivalent Privacy (W EP) i s a d ata encrypt ion p rotoc ol f or 802 .11 wirele ss networks. All wireless stations and access p[...]
-
Page 200
195 www .gate wa y .com WRAP Wireless Robu st Aut hentic ation Protoc ol (WRAP) is an enc ryption m ethod for 802.11i that uses AES but anoth er encry ption mode ( OC B ) for encr yption an d integrity . XML The Extensible Markup Language (XML) is a specification developed by the W3C. XML is a simple, flexible text format derived from St andard Gen[...]
-
Page 201
196 ww w . g at eway . c om[...]
-
Page 202
Appe nd ix B 197 Specifications[...]
-
Page 203
198 ww w . g at eway . c om Gateway Y es No Comments Supports Infrastructure M ode X Supports Ad-Hoc Mode X Consol e P or t X Access th rough W eb-based con nection only Detacha ble Anten na(s) X 802.11g/b radio has de tachabl e antenna usi ng rev erse SMA co nnector , f or antenna replac ements provid ed by G atewa y . 802.11a d oes not allo w det[...]
-
Page 204
199 www .gate wa y .com Wireless data rate s with Au to m at i c Fal lb a ck X 54 Mbps , 48 Mbps , 36 Mbps , 24 Mbps , 18 Mbps , 12 Mbps , 11 Mbps , 9 Mbps , 6 Mbps, 5.5 M bps, 2 Mbps , 1 Mbps Exte r nal Ante nna T ype X Singl e Det ach able Di pole Wireless F requency Ran ge X 802.11b&g L AN uses 2.40 00-2.4825 GH z band, 802.11a LAN uses 5.15[...]
-
Page 205
200 ww w . g at eway . c om TFTP capab le X None 802.1q VLAN capable X Multiple SSID per radio X Suppor ts diff erent SSID for 802 .11a & 802.11b/g SSID Broadcas t Enable/Dis able X P er RF Radio MA C Filtering X Support for Al low or Den y Listing. Rad io En able/Di sable X Per RF Ra dio T urbo Mode X Increases data rat es to 72Mbps ( 802.11A [...]
-
Page 206
Append ix C 201 Safe t y , Regulatory , and L egal Information[...]
-
Page 207
202 ww w . g at eway . c om Impor tant safe t y inf ormation Y our Gateway access point i s designed and tested to meet the latest st andards for safety of information technology equ ipment. However , to ensure safe use of thi s product, it is impor tant that the safety instruc tions marked on the product and in th e documentation are foll owed. S [...]
-
Page 208
203 www .gate wa y .com Pr eventing static electricity disc harge The components inside your AP are extremely se nsitive to static electr icity , also known as electrosta tic discharg e (ESD) . Ca re during use ■ D o n o t w a l k o n t h e p o w e r c o r d o r a l l o w a n y t h i n g t o r e s t o n i t . ■ Do not spill an ything on the acc[...]
-
Page 209
204 ww w . g at eway . c om Regulat or y compl iance s tatem ents Wir eles s Guidance The Gateway 7 001 Series AP s, (low pow er Radio Frequen cy , RF , transmitting device) , operate in the 24 00-2483.5 MHz band fo r 802.11B&G and 5 GHz bands for 802.11 A. The follo wing section is a general overvi ew of considerations whi le operating the wir[...]
-
Page 210
205 www .gate wa y .com United States of Americ a F ederal C ommunications C ommission (FC C) Intentional emi tter per FC C Par t 15 The power output of the AP is well below the RF exposure limits as kno wn at this time. Because this wireless device emits less ener gy than is allowed in radio frequency safety standards and recom mendations, Gateway[...]
-
Page 211
206 ww w . g at eway . c om FC C declaration of c onformity Respo nsible pa rty: Gateway Companie s, Inc. 610 Gateway Drive, North Siou x City , SD 5704 9 (605) 232-2000 Fax: (605 ) 232-2023 Products: ■ Gateway 7001 AP For uniqu e identif ication of the produc t configuratio n, please submit the 10 -digit serial number fo und on the prod uct to t[...]
-
Page 212
207 www .gate wa y .com Noti ces Copy r ight © 2004 Gate way , I nc. All Rights Reserved 14303 Gatewa y Place P owa y , CA 92064 USA All Ri ghts Reserv ed This publication is protected by copyright and all rights are re ser ved. No part of it ma y be reproduced or transmitted by any means or in any f or m, without prior consent in writing from Gat[...]
-
Page 213
208 ww w . g at eway . c om[...]
-
Page 214
209 www .gate wa y .com Inde x A access point adding to cluster 52 connecti ng to a network 18 definition 17 IP address 40 removing from cluster 51 setting up 16 turning on 20 unpackin g 16 access point settin gs understanding 50 access points clustered 57 finding 20 access poin ts management navigating to 41 adding a user 58 adding an acce ss poin[...]
-
Page 215
210 ww w . g at eway . c om configuring g uest interface wired settings 73 configuring sec urity settings 87 configuring the g uest interface 10 0 configuring WD S settings 117 conne cting th e access p oint 18 D default conf iguration 27 default settings 5 def inition of ac cess po int 17 DHCP, understandi ng 12 disabling user accou nts 59 E editi[...]
-
Page 216
211 www .gate wa y .com disabling 79 network time protocol settin gs navigating to 78 O operating system 9 P password admini strator 24 password, administrator 155 physically separate guest network 20 plain text s e curity mod e 81 progress bar for cluster auto-synch 45 providing a wireless network name 32 providing an administrator password 32 R r[...]
-
Page 217
212 ww w . g at eway . c om understanding t he wire less distributi on system 112 unpacking the a ccess point 16 unwanted loops, WDS 113 , 114 upgrading the fi rmware 168 user adding 58 user account editing 59 user accounts disabling 59 enabling 59 removing 60 viewing 58 viewing a nd changing 58 user name administra tor 24 using guest network as a [...]
-
Page 218
A MAN 7001 SRS ACC PTS GDE R1 05/04[...]