Administration Guide
Page 3
... Addressing 55 Default settings 55 DNS ...55 Layer 2 security 56 Session limits 56 Authentication 56 Security options 56 Do not broadcast wireless network name 57 Wireless bridging 58 RF extension 58 Building-to-building connections 58 Guidelines 59 Setting up a wireless link 60 VLAN support 62 Creating VLANs 62 Default VLAN 63 Assigning traffic to VLANs 63 VLAN bridging 63 Firmware management 64 Manual update 64 Scheduled install 65 Using cURL 65 Configuration management 66 Manual management 66 Using cURL 68 Using a RADIUS server...
... Addressing 55 Default settings 55 DNS ...55 Layer 2 security 56 Session limits 56 Authentication 56 Security options 56 Do not broadcast wireless network name 57 Wireless bridging 58 RF extension 58 Building-to-building connections 58 Guidelines 59 Setting up a wireless link 60 VLAN support 62 Creating VLANs 62 Default VLAN 63 Assigning traffic to VLANs 63 VLAN bridging 63 Firmware management 64 Manual update 64 Scheduled install 65 Using cURL 65 Configuration management 66 Manual management 66 Using cURL 68 Using a RADIUS server...
Administration Guide
Page 10
... release the button quickly to its factory default settings, do the following operational information. Ethernet on LED comes on the WAP-200 back panel will restart with factory default settings. flashing Indicates that are available are not connected or there is fully operational. Wireless flashing Wireless port is assigned to the WAP-200, the power light will restart immediately. Reset button Use the end of operating values for a short period when the link is transmitting...
... release the button quickly to its factory default settings, do the following operational information. Ethernet on LED comes on the WAP-200 back panel will restart with factory default settings. flashing Indicates that are available are not connected or there is fully operational. Wireless flashing Wireless port is assigned to the WAP-200, the power light will restart immediately. Reset button Use the end of operating values for a short period when the link is transmitting...
Administration Guide
Page 22
... connected to either through a secure connection. Chapter 2 How it works Chapter 2 Management Tool The Management Tool is a Web-based interface to the WAP-200 that is distinct from the Colubris Networks network management system. During installation ensure that • Encryption is disabled • TCP/IP is installed and configured with it. Start your browser. By default Username and Password are both set to DHCP • The management station is , Netscape 7.01 or higher, or Internet...
... connected to either through a secure connection. Chapter 2 How it works Chapter 2 Management Tool The Management Tool is a Web-based interface to the WAP-200 that is distinct from the Colubris Networks network management system. During installation ensure that • Encryption is disabled • TCP/IP is installed and configured with it. Start your browser. By default Username and Password are both set to DHCP • The management station is , Netscape 7.01 or higher, or Internet...
Administration Guide
Page 23
... you forget the administrator password, the only way to gain access to the Management Tool is that the RADIUS profile you want to use to use a RADIUS server to authenticate logins to configure RADIUS authentication. 1. Caution! Default is admin. • Under New password, enter the new administrator password. Validating administrator logins using a RADIUS server You can access by a username and password. Chapter 2 How it enables you created in place: • If a administrator's connection to the Management Tool remains idle for...
... you forget the administrator password, the only way to gain access to the Management Tool is that the RADIUS profile you want to use to use a RADIUS server to authenticate logins to configure RADIUS authentication. 1. Caution! Default is admin. • Under New password, enter the new administrator password. Validating administrator logins using a RADIUS server You can access by a username and password. Chapter 2 How it enables you created in place: • If a administrator's connection to the Management Tool remains idle for...
Administration Guide
Page 31
... they connect. Chapter 2 How it works Chapter 2 Broadcast WLAN name (SSID) When this option is enabled, the WAP-200 will broadcast its current transmit power setting in the customer's RADIUS account (if using 802.1x/WPA or MAC authentication, the WAP-200 handles all security features that your VLAN has the appropriate security installed to protect access to the Networks > VLANs page. To add VLANs to the list, go to the network. Most wireless adapter cards have...
... they connect. Chapter 2 How it works Chapter 2 Broadcast WLAN name (SSID) When this option is enabled, the WAP-200 will broadcast its current transmit power setting in the customer's RADIUS account (if using 802.1x/WPA or MAC authentication, the WAP-200 handles all security features that your VLAN has the appropriate security installed to protect access to the Networks > VLANs page. To add VLANs to the list, go to the network. Most wireless adapter cards have...
Administration Guide
Page 36
... authentication is connected. Filter behavior • Allow: Only client stations whose MAC addresses appear in the MAC address list are blocked from accessing the wireless network. 36 For details see the documentation that customer. Group name Specify a group name for each user authentication. The WAP-200 respects the RADIUS interim-updateinterval attribute if present inside the RADIUS access accept of MAC addresses to more than one access point. Address list Construct a list of the authentication. Chapter 2 How it works...
... authentication is connected. Filter behavior • Allow: Only client stations whose MAC addresses appear in the MAC address list are blocked from accessing the wireless network. 36 For details see the documentation that customer. Group name Specify a group name for each user authentication. The WAP-200 respects the RADIUS interim-updateinterval attribute if present inside the RADIUS access accept of MAC addresses to more than one access point. Address list Construct a list of the authentication. Chapter 2 How it works...
Administration Guide
Page 39
... installed in this section. Select Security > 802.1x to authenticate them. Dynamic key rotation is associated with a Colubris Networks access controller such as described in conjunction with . The WAP-200 supports 802.1x client software that you to control logins to the public access network based on to the WAP-200. WPA/802.1x The WAP-200 provides full support for authenticating devices that logs on the wireless access point a customer is useful for users with a Colubris Networks access controller. These devices...
... installed in this section. Select Security > 802.1x to authenticate them. Dynamic key rotation is associated with a Colubris Networks access controller such as described in conjunction with . The WAP-200 supports 802.1x client software that you to control logins to the public access network based on to the WAP-200. WPA/802.1x The WAP-200 provides full support for authenticating devices that logs on the wireless access point a customer is useful for users with a Colubris Networks access controller. These devices...
Administration Guide
Page 42
... world determine the maximum power output of transmission supported by the following sections provide information on page 51 for the WAP-200. If it works Chapter 2 Wireless coverage As a starting point for the antennas you can help simplify planning a secure wireless network. Note: Governmental regulations in the 5 GHz frequency band. For more information see the RF Planner Administrator's Guide. Also, when multiple access points are using to determine how...
... world determine the maximum power output of transmission supported by the following sections provide information on page 51 for the WAP-200. If it works Chapter 2 Wireless coverage As a starting point for the antennas you can help simplify planning a secure wireless network. Note: Governmental regulations in the 5 GHz frequency band. For more information see the RF Planner Administrator's Guide. Also, when multiple access points are using to determine how...
Administration Guide
Page 43
... same frequency band as possible. It also makes it easy to diagnose wireless problems. • Status > Client data rate matrix: This page lists the data rates for recommendations on all connected client stations. The WAP-200 provides advanced wireless configuration features to automatically eliminate this information to find rogue access points. Physical characteristics of the location To maximize coverage of the wireless cell, wireless access points are best installed in concrete...
... same frequency band as possible. It also makes it easy to diagnose wireless problems. • Status > Client data rate matrix: This page lists the data rates for recommendations on all connected client stations. The WAP-200 provides advanced wireless configuration features to automatically eliminate this information to find rogue access points. Physical characteristics of the location To maximize coverage of the wireless cell, wireless access points are best installed in concrete...
Administration Guide
Page 47
... 4 channel 1 Reset Reset Reset Reset Reset Reset Reset Reset cell 5 channel = 11 cell 6 channel = 1 cell 7 channel = 6 cell 8 channel 11 Using three frequencies to avoid causing interference with neighboring Colubris Networks access points. 47 Note: The distance between WAP-200s more frequently. The areas in gray indicate where two cells using reduced settings is that it will switch between access points option provides the best performance benefit when client stations are equipped with wireless adapters that are installing multiple WAP-200s...
... 4 channel 1 Reset Reset Reset Reset Reset Reset Reset Reset cell 5 channel = 11 cell 6 channel = 1 cell 7 channel = 6 cell 8 channel 11 Using three frequencies to avoid causing interference with neighboring Colubris Networks access points. 47 Note: The distance between WAP-200s more frequently. The areas in gray indicate where two cells using reduced settings is that it will switch between access points option provides the best performance benefit when client stations are equipped with wireless adapters that are installing multiple WAP-200s...
Administration Guide
Page 51
... at maximum power so not all channels are determined by the wireless card installed in the WAP-200, and may not support a data rate of access points currently operating in the 5 GHz frequency band. Note: You cannot use automatic channel selection when creating wireless links with other access points. If operating in your area. This feature works best when the entire network uses only Colubris Network access points, as required. How it works Chapter 2 Wireless mode Select...
... at maximum power so not all channels are determined by the wireless card installed in the WAP-200, and may not support a data rate of access points currently operating in the 5 GHz frequency band. Note: You cannot use automatic channel selection when creating wireless links with other access points. If operating in your area. This feature works best when the entire network uses only Colubris Network access points, as required. How it works Chapter 2 Wireless mode Select...
Administration Guide
Page 52
... use Distance between wireless stations, in order to -point wireless bridge, Colubris Networks recommends that using the radio. • If a single antenna is not available in Monitor mode. By reducing receiver sensitivity, client stations are reduced or eliminated. This is a fixed rate, which means that can be connected to either Main or Aux. • For maximum wireless coverage, use the Main antenna to connect with the nearest access point. Change...
... use Distance between wireless stations, in order to -point wireless bridge, Colubris Networks recommends that using the radio. • If a single antenna is not available in Monitor mode. By reducing receiver sensitivity, client stations are reduced or eliminated. This is a fixed rate, which means that can be connected to either Main or Aux. • For maximum wireless coverage, use the Main antenna to connect with the nearest access point. Change...
Administration Guide
Page 53
Alternatively, you defined-maximum or up to the percentage of maximum specified earlier. Guidelines for configuring transmit power Transmit power control works best when the entire network uses only Colubris Networks access points, as third-party products will still transmit at maximum power, not all interference can configure this parameter by selecting Wireless > Radio(s), which is the default. Note: Some older wireless client cards may not support a data rate of 2 Mbps and thus may...
Alternatively, you defined-maximum or up to the percentage of maximum specified earlier. Guidelines for configuring transmit power Transmit power control works best when the entire network uses only Colubris Networks access points, as third-party products will still transmit at maximum power, not all interference can configure this parameter by selecting Wireless > Radio(s), which is the default. Note: Some older wireless client cards may not support a data rate of 2 Mbps and thus may...
Administration Guide
Page 56
... networks without enabling dynamic WEP encryption. It communicates with key rotation: Each user is managed by the RADIUS server. The login process is assigned their own key by 802.1x client software which in turn uses the services of a RADIUS server to the wireless network, they must be configured to accept connections from stations using EAP-SIM, EAP-TLS, EAP-TTLS and PEAP. The WAP-200 supports 802.1x clients using static WEP keys if required. 56 Authentication The following table lists the available authentication...
... networks without enabling dynamic WEP encryption. It communicates with key rotation: Each user is managed by the RADIUS server. The login process is assigned their own key by 802.1x client software which in turn uses the services of a RADIUS server to the wireless network, they must be configured to accept connections from stations using EAP-SIM, EAP-TLS, EAP-TTLS and PEAP. The WAP-200 supports 802.1x clients using static WEP keys if required. 56 Authentication The following table lists the available authentication...
Administration Guide
Page 58
... situations where it works Chapter 2 Wireless bridging The wireless bridging feature enables you to use the wireless radio to create point-topoint wireless links to other access points. Note: When a directional antenna is used to create point-to-point links over longer distances. MSC-3200 MSC-3300 wireless bridge WAP-200 Reset Building-tobuilding connections The wireless bridging feature can operate at the same time as the network serving wireless customers. For a complete wireless bridging scenario, see the Colubris Networks Configuration Guide. Chapter 2 How...
... situations where it works Chapter 2 Wireless bridging The wireless bridging feature enables you to use the wireless radio to create point-topoint wireless links to other access points. Note: When a directional antenna is used to create point-to-point links over longer distances. MSC-3200 MSC-3300 wireless bridge WAP-200 Reset Building-tobuilding connections The wireless bridging feature can operate at the same time as the network serving wireless customers. For a complete wireless bridging scenario, see the Colubris Networks Configuration Guide. Chapter 2 How...
Administration Guide
Page 60
.... 12. Open the Status > Wireless page. 3. The Radio(s) configuration page opens-see page 50. 9. Under Settings, select Enabled. 3. Click Save. 8. Set the Operating mode to the same value as the other access point. 11. Do not use the Advanced Encryption Standard with Counter Mode Cipher Block Chaining Message Authentication Code Protocol encryption defined by 802.11i. A value greater than 20 is the MAC address of the following: • WEP: Specifies to use the Wired...
.... 12. Open the Status > Wireless page. 3. The Radio(s) configuration page opens-see page 50. 9. Under Settings, select Enabled. 3. Click Save. 8. Set the Operating mode to the same value as the other access point. 11. Do not use the Advanced Encryption Standard with Counter Mode Cipher Block Chaining Message Authentication Code Protocol encryption defined by 802.11i. A value greater than 20 is the MAC address of the following: • WEP: Specifies to use the Wired...
Administration Guide
Page 65
... management interface. Configuration settings are used to get/send files to secure the connection with the WAP-200 using certificates, you must use version 7.10 or higher. Using cURL It is available for multiple units. The following cURL commands illustrate how to determine if it works Chapter 2 Scheduled install The WAP-200 can automatically retrieve and install firmware from a server using a number of the WAP-200's Ethernet port is 24.28.15.22. • Management access via a DNS server...
... management interface. Configuration settings are used to get/send files to secure the connection with the WAP-200 using certificates, you must use version 7.10 or higher. Using cURL It is available for multiple units. The following cURL commands illustrate how to determine if it works Chapter 2 Scheduled install The WAP-200 can automatically retrieve and install firmware from a server using a number of the WAP-200's Ethernet port is 24.28.15.22. • Management access via a DNS server...
Administration Guide
Page 68
... is a software client that you must be used authentication), but data traffic is still encrypted. These examples are non-secure (no certificates are located on your computer. Prepare the WAP-200 to the management interface. Login to receive the configuration update. It is designed to work without user interaction or any kind of different protocols. The following cURL commands illustrate how to manage the configuration file. curl...
... is a software client that you must be used authentication), but data traffic is still encrypted. These examples are non-secure (no certificates are located on your computer. Prepare the WAP-200 to the management interface. Login to receive the configuration update. It is designed to work without user interaction or any kind of different protocols. The following cURL commands illustrate how to manage the configuration file. curl...
Administration Guide
Page 70
... a RADIUS client and you must define client settings on some systems). Configuration settings You may need to supply the following information when setting up a RADIUS client entry: • Client IP address: This is called a RADIUS client (or RAS client on the RADIUS server for users authenticated via MAC/WPA/802.1x when not working in conjunction with a Colubris Networks access controller. Creating a RADIUS client entry for the WAP-200 Any device that you intend to install. • Create a RADIUS profile for the WAP...
... a RADIUS client and you must define client settings on some systems). Configuration settings You may need to supply the following information when setting up a RADIUS client entry: • Client IP address: This is called a RADIUS client (or RAS client on the RADIUS server for users authenticated via MAC/WPA/802.1x when not working in conjunction with a Colubris Networks access controller. Creating a RADIUS client entry for the WAP-200 Any device that you intend to install. • Create a RADIUS profile for the WAP...
Administration Guide
Page 78
... WAP-200 to manage them. Access Reject None. Make sure that of a standard user account is not Administrative. Access Accept None. Supported RADIUS attributes Following are supported RADIUS attributes. Accounting Request None. Access Request • User-Name (string): The username assigned to the user or a device when using MAC authentication. • NAS-Identifier (string): The NAS ID set on the RADIUS server If you want to support multiple administrator names and passwords, you must use a RADIUS server to access...
... WAP-200 to manage them. Access Reject None. Make sure that of a standard user account is not Administrative. Access Accept None. Supported RADIUS attributes Following are supported RADIUS attributes. Accounting Request None. Access Request • User-Name (string): The username assigned to the user or a device when using MAC authentication. • NAS-Identifier (string): The NAS ID set on the RADIUS server If you want to support multiple administrator names and passwords, you must use a RADIUS server to access...