User Guide
Page 9
... ...96 6.10 View AP Log ...100 Chapter 7 Management Mode...103 7.1 Overview ...103 7.2 About CAPWAP ...103 7.2.1 CAPWAP Discovery and Management 104 7.2.2 Managed AP Finds the Controller 104 7.2.3 CAPWAP and IP Subnets 104 7.2.4 Notes on CAPWAP 105 7.3 The Management Mode Screen 105 Chapter 8 LAN Setting ...107 8.1 LAN Setting Overview ...107 8.1.1 What You... Add or Edit a DNS Setting 110 Chapter 9 Wireless ...111 9.1 Overview ...111 9.1.1 What You Can Do in this Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9
... ...96 6.10 View AP Log ...100 Chapter 7 Management Mode...103 7.1 Overview ...103 7.2 About CAPWAP ...103 7.2.1 CAPWAP Discovery and Management 104 7.2.2 Managed AP Finds the Controller 104 7.2.3 CAPWAP and IP Subnets 104 7.2.4 Notes on CAPWAP 105 7.3 The Management Mode Screen 105 Chapter 8 LAN Setting ...107 8.1 LAN Setting Overview ...107 8.1.1 What You... Add or Edit a DNS Setting 110 Chapter 9 Wireless ...111 9.1 Overview ...111 9.1.1 What You Can Do in this Chapter 111 9.1.2 What You Need to Know 111 9.2 Controller ...112 9.3 AP Management ...113 NWA3000-N Series User's Guide 9
User Guide
Page 11
... 198 15.4 Console Speed ...199 15.5 WWW Overview ...200 15.5.1 Service Access Limitations 200 15.5.2 System Timeout ...200 15.5.3 HTTPS ...200 15.5.4 Configuring WWW Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for...
... 198 15.4 Console Speed ...199 15.5 WWW Overview ...200 15.5.1 Service Access Limitations 200 15.5.2 System Timeout ...200 15.5.3 HTTPS ...200 15.5.4 Configuring WWW Service Control 201 15.5.5 HTTPS Example ...203 15.6 SSH ...209 15.6.1 How SSH Works ...210 15.6.2 SSH Implementation on the NWA3000-N series AP 211 15.6.3 Requirements for...
User Guide
Page 17
The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. Configuration profiles let you easily use . CHAPTER 1 Introduction 1.1 Overview Your ...
The NWA3000-N series AP controls network access with Media Access Control (MAC) address filtering, rogue Access Point (AP) detection and containment, and an internal authentication server. Configuration profiles let you easily use . CHAPTER 1 Introduction 1.1 Overview Your ...
User Guide
Page 23
...these models were available at the time of writing. To the wireless clients in this group1. • NWA3160-N • NWA3550-N • NWA3560-N It can assign different wireless and security settings to each SSID appears to be a different access point. This allows you to compartmentalize groups of ...-N series AP provides multiple virtual APs, each forming its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to allow one AP to configure and manage up and maintaining multiple devices.
...these models were available at the time of writing. To the wireless clients in this group1. • NWA3160-N • NWA3550-N • NWA3560-N It can assign different wireless and security settings to each SSID appears to be a different access point. This allows you to compartmentalize groups of ...-N series AP provides multiple virtual APs, each forming its own BSS and using MBSS. 1.3 Management Mode One NWA3000-N series AP uses Control And Provisioning of Wireless Access Points (CAPWAP, see RFC 5415) to allow one AP to configure and manage up and maintaining multiple devices.
User Guide
Page 24
... Web Configurator allows easy NWA3000-N series AP setup and management using remote management (for more information. 24 NWA3000-N Series User's Guide The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4). You can use text-based commands to configure the NWA3000-N series AP...
... Web Configurator allows easy NWA3000-N series AP setup and management using remote management (for more information. 24 NWA3000-N Series User's Guide The user (U) configures the controller AP (C), which then automatically updates the configurations of the managed APs (M1 ~ M4). You can use text-based commands to configure the NWA3000-N series AP...
User Guide
Page 25
See the Command Reference Guide for more effectively. • Change the password often. Controller Set one NWA3000-N series AP to be a controller and set other NWA3000-N series APs to be managed by an SNMP manager. NWA3000-N Series User's Guide 25 See the SNMP chapter in a... safe place. Table 1 Console Port Default Settings SETTING VALUE Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off File Transfer Protocol (FTP) This protocol can be monitored by it. 1.5 Good Habits for Managing the NWA3000-N series AP Do the following things ...
See the Command Reference Guide for more effectively. • Change the password often. Controller Set one NWA3000-N series AP to be a controller and set other NWA3000-N series APs to be managed by an SNMP manager. NWA3000-N Series User's Guide 25 See the SNMP chapter in a... safe place. Table 1 Console Port Default Settings SETTING VALUE Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off File Transfer Protocol (FTP) This protocol can be monitored by it. 1.5 Good Habits for Managing the NWA3000-N series AP Do the following things ...
User Guide
Page 35
...AP. Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is in controller mode. Wireless NWA3000-N Series User's Guide 35 Station Info Displays information about suspected rogue APs. Rogue AP Displays information about the...LINK TAB FUNCTION LAN Status Displays general LAN interface information and packet statistics. This is available when the NWA3000-N series AP is controlling other NWA3000-N series APs, working as a standalone AP, or being managed by another NWA3000-N series AP. This is available...
...AP. Table 6 Configuration Menu Screens Summary FOLDER OR LINK TAB FUNCTION MGNT Mode Set whether the NWA3000-N series AP is in controller mode. Wireless NWA3000-N Series User's Guide 35 Station Info Displays information about suspected rogue APs. Rogue AP Displays information about the...LINK TAB FUNCTION LAN Status Displays general LAN interface information and packet statistics. This is available when the NWA3000-N series AP is controlling other NWA3000-N series APs, working as a standalone AP, or being managed by another NWA3000-N series AP. This is available...
User Guide
Page 36
...-N series AP's certificates. Console Speed Set the console speed. Device HA is available when the NWA3000-N series AP is in controller mode. AP Profile Radio Create and manage wireless radio settings files that can be associated with different APs. Trusted Certificates Import and... manage certificates from wireless clients. Date/Time Configure the current date, time, and time zone in controller mode. WWW Configure HTTP, HTTPS, and general authentication. Device HA General Configure device HA global settings, and see the status of...
...-N series AP's certificates. Console Speed Set the console speed. Device HA is available when the NWA3000-N series AP is in controller mode. AP Profile Radio Create and manage wireless radio settings files that can be associated with different APs. Trusted Certificates Import and... manage certificates from wireless clients. Date/Time Configure the current date, time, and time zone in controller mode. WWW Configure HTTP, HTTPS, and general authentication. Device HA General Configure device HA global settings, and see the status of...
User Guide
Page 45
A green check mark displays next to the column's title when you drag the column to a valid new location. 5 Use the icons and fields at a time. Chapter 2 The Web Configurator 3 Select a column heading cell's right border and drag to re-size the column. 4 Select a column heading and drag and drop it to different pages of entries and control how many entries display at the bottom of the table to navigate to change the column order. NWA3000-N Series User's Guide 45
A green check mark displays next to the column's title when you drag the column to a valid new location. 5 Use the icons and fields at a time. Chapter 2 The Web Configurator 3 Select a column heading cell's right border and drag to re-size the column. 4 Select a column heading and drag and drop it to different pages of entries and control how many entries display at the bottom of the table to navigate to change the column order. NWA3000-N Series User's Guide 45
User Guide
Page 50
... ITEM(S) Configuration > MGNT Mode. 3.3.3 LAN Setting Use this feature before you configure the main screen(s) for this screen to set the NWA3000-N series AP to control other features you return to the main screen to manage your wireless Access Points. For example, no other features reference AP management entries, so there...
... ITEM(S) Configuration > MGNT Mode. 3.3.3 LAN Setting Use this feature before you configure the main screen(s) for this screen to set the NWA3000-N series AP to control other features you return to the main screen to manage your wireless Access Points. For example, no other features reference AP management entries, so there...
User Guide
Page 51
... is in response to changes, the NWA3000-N series AP automatically propagates the change through the features that use this information in controller mode. Table 12 Objects Overview OBJECT WHERE USED user See the User section on page 52 for details. ap profile See the... the object appears in order to the object first. Perform basic diagnostics (CLI) user Access network services. certificates WWW, SSH, FTP, controller 3.4.1 User Use these screens to -NWA3000-N series AP firewall 3.4 Objects Objects store information and are referenced by other features. If you ...
... is in response to changes, the NWA3000-N series AP automatically propagates the change through the features that use this information in controller mode. Table 12 Objects Overview OBJECT WHERE USED user See the User section on page 52 for details. ap profile See the... the object appears in order to the object first. Perform basic diagnostics (CLI) user Access network services. certificates WWW, SSH, FTP, controller 3.4.1 User Use these screens to -NWA3000-N series AP firewall 3.4 Objects Objects store information and are referenced by other features. If you ...
User Guide
Page 55
... 4.1 Sample Network Setup This tutorial shows you how to use . Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use CAPWAP to have full access to the network, while guests are limited to create a ...wireless network that supports 802.1q, a Layer-3 routing device and a firewall (C). NWA3000-N Series User's Guide 55 Figure 18 Tutorial Network Topology C A AA Controller B Managed APs Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that allows two types of connections: staff and guest. Staff ...
... 4.1 Sample Network Setup This tutorial shows you how to use . Note: In this topology the firewall, such as a ZyWALL, controls what services traffic from different VLANs can use CAPWAP to have full access to the network, while guests are limited to create a ...wireless network that supports 802.1q, a Layer-3 routing device and a firewall (C). NWA3000-N Series User's Guide 55 Figure 18 Tutorial Network Topology C A AA Controller B Managed APs Requirements: A DHCP server (A) with Option 138, an AD server, a switch (B) that allows two types of connections: staff and guest. Staff ...
User Guide
Page 56
Chapter 4 Tutorials The following VLAN settings are used in this tutorial: Table 16 Tutorial Topology Summary VLAN VLAN ID IP ADDRESS Management 99 10.10.99.10/24 Staff 101 10.1.101.254/24 Guest 102 10.1.102.254/24 Figure 19 Tutorial Guest VLAN Example vlan 102 Controller vlan 102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide
Chapter 4 Tutorials The following VLAN settings are used in this tutorial: Table 16 Tutorial Topology Summary VLAN VLAN ID IP ADDRESS Management 99 10.10.99.10/24 Staff 101 10.1.101.254/24 Guest 102 10.1.102.254/24 Figure 19 Tutorial Guest VLAN Example vlan 102 Controller vlan 102 Managed APs In this example, the guest VLAN (102) can only access the Internet while the staff VLAN (101) has access to all aspects of the network. 4.1.1 Set the Management Modes Use this section to set the management modes for the controller and managed APs. 56 NWA3000-N Series User's Guide
User Guide
Page 57
... for network administrators to set up the LAN IP address and the VLAN for managing the controller. NWA3000-N Series User's Guide 57 Chapter 4 Tutorials 4.1.1.1 Controller 1 Use the Configuration > MGNT MODE screen to set the NWA3000-N series AP to controller mode. 2 The NWA3000-N series AP resets to its default settings for the... including the IP address of the managed NWA3000-N series APs; you must manage the NWA3000-N series AP through the controller AP on your network. 4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you can no longer log into the other...
... for network administrators to set up the LAN IP address and the VLAN for managing the controller. NWA3000-N Series User's Guide 57 Chapter 4 Tutorials 4.1.1.1 Controller 1 Use the Configuration > MGNT MODE screen to set the NWA3000-N series AP to controller mode. 2 The NWA3000-N series AP resets to its default settings for the... including the IP address of the managed NWA3000-N series APs; you must manage the NWA3000-N series AP through the controller AP on your network. 4.1.2 Set the LAN IP Address and Management VLAN (vlan99) This section shows you can no longer log into the other...
User Guide
Page 58
...; Gateway: Enter 10.10.99.10. • Management VLAN ID: Enter '99' as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it now in the Object > Certificate > My Certificates screen. 58 NWA3000-N Series User's Guide Note: If you did not replace the...series AP's MAC address when you how to save these changes. 2 Configure your DHCP server with the controller's IP address configured as the VLAN ID tag. • Click Apply to set up the controller's internal RADIUS server and user accounts. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless...
...; Gateway: Enter 10.10.99.10. • Management VLAN ID: Enter '99' as option 138 so the managed NWA3000-N series APs can get the controller's IP address from it now in the Object > Certificate > My Certificates screen. 58 NWA3000-N Series User's Guide Note: If you did not replace the...series AP's MAC address when you how to save these changes. 2 Configure your DHCP server with the controller's IP address configured as the VLAN ID tag. • Click Apply to set up the controller's internal RADIUS server and user accounts. See Chapter 7 on page 103 for details. 4.1.3 Set Up Wireless...
User Guide
Page 63
... AP that both support wireless network. NWA3000-N Series User's Guide 63 If you know they circumvent network security policy. The following are not under the control of visitor traffic, it to the friendly exception list. • Reception areas. Set #1, to the staff SSID profile and #2 to save these settings. 4.2 Rogue AP...
... AP that both support wireless network. NWA3000-N Series User's Guide 63 If you know they circumvent network security policy. The following are not under the control of visitor traffic, it to the friendly exception list. • Reception areas. Set #1, to the staff SSID profile and #2 to save these settings. 4.2 Rogue AP...
User Guide
Page 65
Chapter 4 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to open the MON Profile screen and click the Add button. Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile to it. NWA3000-N Series User's Guide 65
Chapter 4 Tutorials Here, an attacker sets up a rogue AP (RG) outside the network, which he uses in an attempt to mimic an NWA3000-N series AP-controlled SSID in order to capture passwords and other information when authorized wireless clients mistakenly connect to open the MON Profile screen and click the Add button. Figure 21 Rogue AP Example B This tutorial shows you how to detect rogue APs on your network: 1 Click Configuration > Object > MON Profile to it. NWA3000-N Series User's Guide 65
User Guide
Page 77
...CPU Usage icon that takes you can upload firmware. Online Management AP This displays the number of the firmware the NWA3000-N series AP is in controller mode. AP Rogue AP This displays the number of connected wireless Access Points (APs). Model Name This field displays the model name of the... series AP is assigned to the network. The first MAC address is assigned to the Ethernet LAN port, the second MAC address is in controller mode. Hover your cursor over this field to display the Show Memory Usage icon that takes you can change it. All AP This section ...
...CPU Usage icon that takes you can upload firmware. Online Management AP This displays the number of the firmware the NWA3000-N series AP is in controller mode. AP Rogue AP This displays the number of connected wireless Access Points (APs). Model Name This field displays the model name of the... series AP is assigned to the network. The first MAC address is assigned to the Ethernet LAN port, the second MAC address is in controller mode. Hover your cursor over this field to display the Show Memory Usage icon that takes you can change it. All AP This section ...
User Guide
Page 78
... Date/ This field displays the current date and time in progress - The format is set to control other NWA3000-N series APs, work as a stand alone AP, or be controlled by another NWA3000-N series AP. Problematic configuration after a firmware upgrade. Management Mode Interface Status Summary ... 78 NWA3000-N Series User's Guide System default configuration - Current Login User This field displays the user name used to log in controller mode and configured to use for the first time or you intentionally reset the NWA3000-N series AP to lastgood configuration - The NWA3000...
... Date/ This field displays the current date and time in progress - The format is set to control other NWA3000-N series APs, work as a stand alone AP, or be controlled by another NWA3000-N series AP. Problematic configuration after a firmware upgrade. Management Mode Interface Status Summary ... 78 NWA3000-N Series User's Guide System default configuration - Current Login User This field displays the user name used to log in controller mode and configured to use for the first time or you intentionally reset the NWA3000-N series AP to lastgood configuration - The NWA3000...
User Guide
Page 79
...virtual router. Down - This field displays the status of each interface. WLAN Interface When the NWA3000-N series AP is not functioning in controller mode. MAC Address This displays the MAC address of an active virtual router, this AP. The Ethernet interface is in the virtual router...static IP address of the interface (if it is the master) or the management IP address (if it is the master interface in controller mode this might happen if the interface is enabled and connected. Station Count This field displays the maximum number of the station. Inactive...
...virtual router. Down - This field displays the status of each interface. WLAN Interface When the NWA3000-N series AP is not functioning in controller mode. MAC Address This displays the MAC address of an active virtual router, this AP. The Ethernet interface is in the virtual router...static IP address of the interface (if it is the master) or the management IP address (if it is the master interface in controller mode this might happen if the interface is enabled and connected. Station Count This field displays the maximum number of the station. Inactive...