User Guide
Page 9
... ...96 6.10 View AP Log ...100 Chapter 7 Management Mode...103 7.1 Overview ...103 7.2 About CAPWAP ...103 7.2.1 CAPWAP Discovery and Management 104 7.2.2 Managed AP Finds the Controller 104 7.2.3 CAPWAP and IP Subnets 104 7.2.4 Notes on CAPWAP 105 7.3 The Management Mode Screen 105 Chapter 8 LAN Setting ...107 8.1 LAN Setting Overview ...107 8.1.1 What You... Add or Edit a DNS Setting 110 Chapter 9 Wireless ...111 9.1 Overview ...111 9.1.1 What You Can Do in this Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9
... ...96 6.10 View AP Log ...100 Chapter 7 Management Mode...103 7.1 Overview ...103 7.2 About CAPWAP ...103 7.2.1 CAPWAP Discovery and Management 104 7.2.2 Managed AP Finds the Controller 104 7.2.3 CAPWAP and IP Subnets 104 7.2.4 Notes on CAPWAP 105 7.3 The Management Mode Screen 105 Chapter 8 LAN Setting ...107 8.1 LAN Setting Overview ...107 8.1.1 What You... Add or Edit a DNS Setting 110 Chapter 9 Wireless ...111 9.1 Overview ...111 9.1.1 What You Can Do in this Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9
User Guide
Page 11
... 198 15.4 Console Speed ...199 15.5 WWW Overview ...200 15.5.1 Service Access Limitations 200 15.5.2 System Timeout ...200 15.5.3 HTTPS ...200 15.5.4 Configuring WWW Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for...
... 198 15.4 Console Speed ...199 15.5 WWW Overview ...200 15.5.1 Service Access Limitations 200 15.5.2 System Timeout ...200 15.5.3 HTTPS ...200 15.5.4 Configuring WWW Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for...
User Guide
Page 17
... 24 other NWA3000-N series APs on your network. The embedded Web-based configurator enables simple, straightforward management and maintenance. The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. See the Quick Start Guide for how...
... 24 other NWA3000-N series APs on your network. The embedded Web-based configurator enables simple, straightforward management and maintenance. The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. See the Quick Start Guide for how...
User Guide
Page 23
... the wireless clients in the network, each SSID appears to each forming its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of writing. See Section 4.1 on page 55 for which they have the correct security settings. Not all of these models were available at... APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 1. As in this group1. • NWA3160-N • NWA3550-N • NWA3560-N It can assign different wireless and security settings to be a different access point.
... the wireless clients in the network, each SSID appears to each forming its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of writing. See Section 4.1 on page 55 for which they have the correct security settings. Not all of these models were available at... APs: • NWA-3160 • NWA-3163 • NWA-3500 • NWA-3550 • NWA-3166 1. As in this group1. • NWA3160-N • NWA3550-N • NWA3560-N It can assign different wireless and security settings to be a different access point.
User Guide
Page 24
... the NWA3000-N series AP. Command-Line Interface (CLI) The CLI allows you to use the following figure illustrates a CAPWAP wireless network. The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).
... the NWA3000-N series AP. Command-Line Interface (CLI) The CLI allows you to use the following figure illustrates a CAPWAP wireless network. The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4).
User Guide
Page 25
... it in this User's Guide. See the Command Reference Guide for more effectively. • Change the password often. Controller Set one NWA3000-N series AP to be a controller and set other NWA3000-N series APs to be used for the console port are as numbers and letters. • ...-N series AP using CLI commands. Table 1 Console Port Default Settings SETTING VALUE Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off File Transfer Protocol (FTP) This protocol can be managed by an SNMP manager. Use a password that consists of different types of characters,...
... it in this User's Guide. See the Command Reference Guide for more effectively. • Change the password often. Controller Set one NWA3000-N series AP to be a controller and set other NWA3000-N series APs to be used for the console port are as numbers and letters. • ...-N series AP using CLI commands. Table 1 Console Port Default Settings SETTING VALUE Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off File Transfer Protocol (FTP) This protocol can be managed by an SNMP manager. Use a password that consists of different types of characters,...
User Guide
Page 35
... Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is in controller mode. View AP Log Displays logs for the NWA3000-N series AP. Wireless NWA3000-N Series User's Guide 35 Wireless AP ... 2.3.2.2 Monitor Menu The monitor menu screens display status and statistics information. This is available when the NWA3000-N series AP is in controller mode. LAN Setting Manage the LAN Ethernet interface including VLAN settings. Chapter 2 The Web Configurator 2.3.2.1 Dashboard The dashboard displays general ...
... Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is in controller mode. View AP Log Displays logs for the NWA3000-N series AP. Wireless NWA3000-N Series User's Guide 35 Wireless AP ... 2.3.2.2 Monitor Menu The monitor menu screens display status and statistics information. This is available when the NWA3000-N series AP is in controller mode. LAN Setting Manage the LAN Ethernet interface including VLAN settings. Chapter 2 The Web Configurator 2.3.2.1 Dashboard The dashboard displays general ...
User Guide
Page 36
...server settings for the NWA3000-N series AP. Chapter 2 The Web Configurator Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Controller Configure how the NWA3000-N series AP handles APs that newly connect to force user authentication. Load Balancing Configure load balancing for rogue APs. Device HA...series AP. Active-Passive Mode Configure active-passive mode device HA. Date/Time Configure the current date, time, and time zone in controller mode. DCS Configure dynamic wireless channel selection. Console Speed Set the console speed.
...server settings for the NWA3000-N series AP. Chapter 2 The Web Configurator Table 6 Configuration Menu Screens Summary (continued) FOLDER OR LINK TAB FUNCTION Controller Configure how the NWA3000-N series AP handles APs that newly connect to force user authentication. Load Balancing Configure load balancing for rogue APs. Device HA...series AP. Active-Passive Mode Configure active-passive mode device HA. Date/Time Configure the current date, time, and time zone in controller mode. DCS Configure dynamic wireless channel selection. Console Speed Set the console speed.
User Guide
Page 45
Chapter 2 The Web Configurator 3 Select a column heading cell's right border and drag to re-size the column. 4 Select a column heading and drag and drop it to different pages of entries and control how many entries display at the bottom of the table to navigate to change the column order. A green check mark displays next to the column's title when you drag the column to a valid new location. 5 Use the icons and fields at a time. NWA3000-N Series User's Guide 45
Chapter 2 The Web Configurator 3 Select a column heading cell's right border and drag to re-size the column. 4 Select a column heading and drag and drop it to different pages of entries and control how many entries display at the bottom of the table to navigate to change the column order. A green check mark displays next to the column's title when you drag the column to a valid new location. 5 Use the icons and fields at a time. NWA3000-N Series User's Guide 45
User Guide
Page 50
For example, you do not have to control other features you should usually configure or check right after you configure the main screen(s) for this feature. WHERE USED These are other features you ...
For example, you do not have to control other features you should usually configure or check right after you configure the main screen(s) for this feature. WHERE USED These are other features you ...
User Guide
Page 51
... want to delete an object because you update this information in response to display basic information about it. certificates WWW, SSH, FTP, controller 3.4.1 User Use these screens to -NWA3000-N series AP firewall 3.4 Objects Objects store information and are referenced by other features. Device HA... Change NWA3000-N series AP configuration (web, CLI) limited-admin Look at the top of the list box where the object appears in controller mode. The NWA3000-N series AP provides the following table introduces the objects. Browse user-mode commands (CLI) NWA3000-N Series User's Guide...
... want to delete an object because you update this information in response to display basic information about it. certificates WWW, SSH, FTP, controller 3.4.1 User Use these screens to -NWA3000-N series AP firewall 3.4 Objects Objects store information and are referenced by other features. Device HA... Change NWA3000-N series AP configuration (web, CLI) limited-admin Look at the top of the list box where the object appears in controller mode. The NWA3000-N series AP provides the following table introduces the objects. Browse user-mode commands (CLI) NWA3000-N Series User's Guide...
User Guide
Page 55
Staff connections have one NWA3000-N series AP control other NWA3000-N series APs to Internet access (DNS, HTTP and HTTPS services). Figure 18 Tutorial Network Topology C A AA Controller B Managed APs Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that allows two types of ...connections: staff and guest. Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use CAPWAP to have full access to the network, while guests are limited to create a wireless network...
Staff connections have one NWA3000-N series AP control other NWA3000-N series APs to Internet access (DNS, HTTP and HTTPS services). Figure 18 Tutorial Network Topology C A AA Controller B Managed APs Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that allows two types of ...connections: staff and guest. Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use CAPWAP to have full access to the network, while guests are limited to create a wireless network...
User Guide
Page 56
Chapter 4 Tutorials The following VLAN settings are used in this tutorial: Table 16 Tutorial Topology Summary VLAN VLAN ID IP ADDRESS Management 99 10.10.99.10/24 Staff 101 10.1.101.254/24 Guest 102 10.1.102.254/24 Figure 19 Tutorial Guest VLAN Example vlan 102 Controller vlan 102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide
Chapter 4 Tutorials The following VLAN settings are used in this tutorial: Table 16 Tutorial Topology Summary VLAN VLAN ID IP ADDRESS Management 99 10.10.99.10/24 Staff 101 10.1.101.254/24 Guest 102 10.1.102.254/24 Figure 19 Tutorial Guest VLAN Example vlan 102 Controller vlan 102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide
User Guide
Page 57
NWA3000-N Series User's Guide 57 This is only for network administrators to set up the LAN IP address and the VLAN for the controller mode including the IP address of the managed NWA3000-N series APs; Wait a short while before you attempt to log in again. 4.1.1.2 Managed APs 1 Log into... the web configurator of 192.168.1.2 and restarts. you must manage the NWA3000-N series AP through the controller AP on your network. 4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you can no longer log into the other NWA3000...
NWA3000-N Series User's Guide 57 This is only for network administrators to set up the LAN IP address and the VLAN for the controller mode including the IP address of the managed NWA3000-N series APs; Wait a short while before you attempt to log in again. 4.1.1.2 Managed APs 1 Log into... the web configurator of 192.168.1.2 and restarts. you must manage the NWA3000-N series AP through the controller AP on your network. 4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you can no longer log into the other NWA3000...
User Guide
Page 58
... these changes. 2 Configure your DHCP server with one that uses your NWA3000-N series AP's MAC address when you how to set up the controller's internal RADIUS server and user accounts. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless User Authentication This section shows you ... series AP, do it . Note: If you did not replace the factory default certificate with the controller's IP address configured as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it now in the Object > Certificate > My Certificates screen. 58 NWA3000-N Series ...
... these changes. 2 Configure your DHCP server with one that uses your NWA3000-N series AP's MAC address when you how to set up the controller's internal RADIUS server and user accounts. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless User Authentication This section shows you ... series AP, do it . Note: If you did not replace the factory default certificate with the controller's IP address configured as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it now in the Object > Certificate > My Certificates screen. 58 NWA3000-N Series ...
User Guide
Page 63
... neighbor's APs and you see if anyone sets up their wireless device as an AP. • High security areas. The following are not under the control of visitor traffic, it to the friendly exception list. • Reception areas. NWA3000-N Series User's Guide 63 AP detection only works when at least 1 AP...
... neighbor's APs and you see if anyone sets up their wireless device as an AP. • High security areas. The following are not under the control of visitor traffic, it to the friendly exception list. • Reception areas. NWA3000-N Series User's Guide 63 AP detection only works when at least 1 AP...
User Guide
Page 65
NWA3000-N Series User's Guide 65 Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile to it. Chapter 4 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to open the MON Profile screen and click the Add button.
NWA3000-N Series User's Guide 65 Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile to it. Chapter 4 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to open the MON Profile screen and click the Add button.
User Guide
Page 77
...the NWA3000-N series AP on . All Sensed Device This sections displays a summary of all connected wireless APs when the NWA3000-N series AP is in controller mode. AP Rogue AP This displays the number of detected unclassified APs. NWA3000-N Series User's Guide 77 Model Name This field displays the model ... the version number and date of non-managed APs. UnManagement AP This displays the number of the firmware the NWA3000-N series AP is in controller mode. Click the icon to the first radio, and so on any network. Friendly AP This displays the number of detected friendly APs. ...
...the NWA3000-N series AP on . All Sensed Device This sections displays a summary of all connected wireless APs when the NWA3000-N series AP is in controller mode. AP Rogue AP This displays the number of detected unclassified APs. NWA3000-N Series User's Guide 77 Model Name This field displays the model ... the version number and date of non-managed APs. UnManagement AP This displays the number of the firmware the NWA3000-N series AP is in controller mode. Click the icon to the first radio, and so on any network. Friendly AP This displays the number of detected friendly APs. ...
User Guide
Page 78
...the NWA3000-N series AP is using for the first time or you intentionally reset the NWA3000-N series AP to control other NWA3000-N series APs, work as a stand alone AP, or be controlled by another NWA3000-N series AP. OK - Problematic configuration after a firmware upgrade. The NWA3000-N series AP successfully... NWA3000-N series AP has been running since it , its entry is yyyy-mm-dd hh:mm:ss. The format is displayed in controller mode and configured to a (more detailed) summary screen of lease time remaining. Management Mode Interface Status Summary Booting in the NWA3000-N series ...
...the NWA3000-N series AP is using for the first time or you intentionally reset the NWA3000-N series AP to control other NWA3000-N series APs, work as a stand alone AP, or be controlled by another NWA3000-N series AP. OK - Problematic configuration after a firmware upgrade. The NWA3000-N series AP successfully... NWA3000-N series AP has been running since it , its entry is yyyy-mm-dd hh:mm:ss. The format is displayed in controller mode and configured to a (more detailed) summary screen of lease time remaining. Management Mode Interface Status Summary Booting in the NWA3000-N series ...
User Guide
Page 79
Inactive - This displays when the NWA3000-N series AP is a backup interface in controller mode. This interface is in the virtual router. This field displays the current IP address and subnet mask assigned to a DHCP server. This field displays ... receive an IP address and subnet mask via DHCP. This field displays the VLAN ID to which the station belongs. Fault - Device HA is in controller mode this displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections during the past 24 hours. # This field...
Inactive - This displays when the NWA3000-N series AP is a backup interface in controller mode. This interface is in the virtual router. This field displays the current IP address and subnet mask assigned to a DHCP server. This field displays ... receive an IP address and subnet mask via DHCP. This field displays the VLAN ID to which the station belongs. Fault - Device HA is in controller mode this displays the top 5 Access Points (AP) with the highest number of station (aka wireless client) connections during the past 24 hours. # This field...