- DL manuals
- Lancom
- Network Hardware
- WLC-4006
- Manual
Lancom WLC-4006 Manual
110787/0110
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Würselen
Germany
E-Mail: info@lancom.eu
Internet www.lancom.eu
LANCOM WLC-4006
LANCOM WLC-4025+
LANCOM WLC-4100
LANCOM
WL
C-4025+
쮿
LANCOM
WL
C-4100
쮿
Handbuch
쮿
Manual
.
.
.
c
o
n
n
e
c
t
i
n
g
y
o
u
r
b
u
s
i
n
e
s
s
110787_LC-WLC-MANUAL_cover.indd 1
110787_LC-WLC-MANUAL_cover.indd 1
04.01.2010 05:56:47
04.01.2010 05:56:47
Summary of WLC-4006
Page 1
110787/0110 lancom systems gmbh adenauerstr. 20/b2 52146 würselen germany e-mail: info@lancom.Eu internet www.Lancom.Eu lancom wlc-4006 lancom wlc-4025+ lancom wlc-4100 lancom wl c-4025+ 쮿 lancom wl c-4100 쮿 handbuch 쮿 manual . . . C o n n e c t i n g y o u r b u s i n e s s 110787_lc-wlc-manual_cov...
Page 2: Lancom Wlc-4006
Lancom wlc-4006 lancom wlc-4025+ lancom wlc-4100
Page 3
© 2010 lancom systems gmbh, wuerselen (germany). All rights reserved. While the information in this manual has been compiled with great care, it may not be deemed an assurance of product characteristics. Lancom systems shall be liable only to the degree specified in the terms of sale and delivery. T...
Page 4: Preface
Lancom wlc series preface 3 en preface thank you for your confidence in us! The wlan controllers lancom wlc-4006, lancom wlc-4025+ and lancom wlc-4100 are state-of-the-art hardware components for medium- and large-scale wlan-installation management that is just as simple as it is secure. All setting...
Page 5
Lancom wlc series preface 4 en unparalleled operational reliability which prevents "single points of fail- ure" security settings to maximize the security available from your product, we recommend that you undertake all of the security settings (e.G. Firewall, encryption, access protec- tion) that w...
Page 6
Lancom wlc series preface 5 en wireless networks (wlan) backup solutions further server services (dhcp, dns, charge management) the menu reference guide (also available at www.Lancom.Eu/download or on the cd supplied) describes all of the parameters in lcos, the operating system used by lancom produ...
Page 7: Content
Lancom wlc series content 6 en content 1 centralized wlan management 10 1.1 introduction 10 1.2 technical concepts 11 1.2.1 the capwap standard 11 1.2.2 smart controller technology 11 1.2.3 communication between the access point and the wlan controller 13 1.2.4 zero-touch management 16 1.2.5 split m...
Page 8
Lancom wlc series content 7 en 4 configuring the wlan controller 42 4.1 basic configuration of the lancom wlan controller 42 4.1.1 setting the time on the lancom wlan controller 42 4.1.2 generating a default configuration 43 4.1.3 assigning the default configuration to the new access points 47 4.2 e...
Page 9
Lancom wlc series content 8 en 5 security settings 117 5.1 security in the wireless lan 117 5.1.1 encrypted data transfer 117 5.1.2 802.1x / eap 118 5.1.3 lancom enhanced passphrase security 118 5.1.4 access control by mac address 119 5.1.5 ipsec over wlan 119 5.2 tips for the proper treatment of ke...
Page 10
Lancom wlc series content 9 en 9 appendix 140 9.1 performance and characteristics 140 9.2 connector wiring 141 9.2.1 ethernet interface 10/100/1000base-tx, dsl interface 141 9.2.2 configuration interface (outband) 141 9.3 ce-declarations of conformity 142 10 index 143.
Page 11: 1.1
Lancom wlc series chapter 1: centralized wlan management 10 en 1 centralized wlan management 1.1 introduction the widespread use of wireless access points and wireless routers provides great convenience and flexibility in network access for businesses, universities and other organizations. Yet in sp...
Page 12: 1.2
Lancom wlc series chapter 1: centralized wlan management 11 en figuration optionally saved for a defined period to flash memory (in an area that cannot be read out with lanconfig or other tools). 1.2 technical concepts 1.2.1 the capwap standard the capwap protocol (control and provisioning of wirele...
Page 13
Lancom wlc series chapter 1: centralized wlan management 12 en a radius or eap server can be added as a third component for authenti- cation of wlan clients (which can also be the case in stand-alone wlans). Capwap describes different scenarios for the relocation of wlan functions to the central wla...
Page 14: 1.2.3
Lancom wlc series chapter 1: centralized wlan management 13 en 1.2.3 communication between the access point and the wlan controller as of firmware version lcos 7.20 there is a difference between lancom access points (such as the lancom l-54ag) and lancom wireless routers (such as the lancom 1811n wi...
Page 15
Lancom wlc series chapter 1: centralized wlan management 14 en a lancom access point is already configured; at least one wlan module is manually set to operate as 'managed' ('configuring the access points'). The access point searches for a wlan controller in the network on behalf of the one or more ...
Page 16
Lancom wlc series chapter 1: centralized wlan management 15 en the access point is provided with the configuration for the integrated scep client via the secure dtls connection – the access point is then able to retrieve its certificate from the scep ca via scep. Once this is done, the assigned con-...
Page 17: 1.2.4
Lancom wlc series chapter 1: centralized wlan management 16 en 1.2.4 zero- touch management with their ability to automatically assign a certificate and configurations to the requesting access points, lancom wlan controllers implement true "zero-touch management". Simply connect new access points to...
Page 18: 1.3
Lancom wlc series chapter 1: centralized wlan management 17 en 1.3 just what can your lancom wlan controller do? The following table provides a comparison of the properties and functions of your device depending on the model. Lancom wlc- 4006 lancom wlc- 4025+ lancom wlc- 4100 wlan controlling numbe...
Page 19
Lancom wlc series chapter 1: centralized wlan management 18 en ras server (over vpn) ✔ ✔ ✔ ip router ✔ ✔ ✔ dhcp and dns server (separate for all arf networks) ✔ ✔ ✔ n:n mapping for routing networks with the same ip-address ranges over vpn ✔ ✔ ✔ lan port can be configured to be a wan port ✔ ✔ ✔ polic...
Page 20
Lancom wlc series chapter 1: centralized wlan management 19 en protection of the configuration from brute-force attacks. ✔ ✔ ✔ configuration configuration with lanconfig or via web browser; additional terminal mode for telnet or equivalent terminal programs; snmp interface and tftp server function. ...
Page 21: 2 Installation
Lancom wlc series chapter 2: installation 20 en 2 installation this chapter will assist you to quickly install hardware and software. First, check the package contents and system requirements. The device can be installed and configured quickly and easily if all prerequisites are fulfilled. 2.1 packa...
Page 22: 2.2.2
Lancom wlc series chapter 2: installation 21 en the lantools also require a windows operating system. A web browser under any operating system provides access to webconfig. 2.2.2 operating access points in managed mode lancom wireless routers and lancom access points can be operated either as self-s...
Page 23: 2.3.1
Lancom wlc series chapter 2: installation 22 en 2.3.1 status displays the lancom wlan controllers are equipped with the following status dis- plays: lancom wlc-4025+ lancom wlc-4100 lancom wlc-4006 lancom wlc- 4006 only the two top-mounted leds enable the main function status to be assessed even if ...
Page 24
Lancom wlc series chapter 2: installation 23 en the power led blinks alternately in red/green until a configuration password has been set. Without a configuration password, the con- figuration data in the lancom is unprotected. Normally you would set a configuration password during the basic configu...
Page 25
Lancom wlc series chapter 2: installation 24 en 쐏 wlan provides information on the operational state of the device and the connected access point. The wlan display can show the following: the reason for non-operability is shown in more detail in the display. 쐄 new aps provides information on new acc...
Page 26
Lancom wlc series chapter 2: installation 25 en 쐊 vpn status of a vpn connection. 쐎 lcd display the lc display has two lines of 16 characters each to display the following information in rotation: device name firmware version device temperature date and time cpu load memory load number of vpn tunnel...
Page 27
Lancom wlc series chapter 2: installation 26 en 쐅 ap status (lancom wlc-4006 only) provides information on the operational state of the device and the connected access point. The ap status display can show the following: 쐈 uplink provide information on the connection to the wan and to the lan. The w...
Page 28: 2.3.2
Lancom wlc series chapter 2: installation 27 en 쐉 eth lan connector status in the integrated switch: 2.3.2 device connectors the lancom wlan controllers are equipped with the following device con- nectors: lancom wlc-4025+ lancom wlc-4100 lancom wlc-4006 쐃 com connector for the serial configuration ...
Page 29
Lancom wlc series chapter 2: installation 28 en each ethernet socket has two leds (green and yellow). 쐋 usb usb connector (usb host) 쐏 reset reset button (see 'reset button functions') 쐄 power switch switch for detaching the device from the power supply. 쐂 power connec- tion connector for the iec ca...
Page 30: 2.4
Lancom wlc series chapter 2: installation 29 en a hard reset causes the device to start with the default factory set- tings; all previous settings are lost! Any access points managed from this wlan controller could lose their configuration, depending on how standalone operation has been set up ('sta...
Page 31: 2.5
Lancom wlc series chapter 2: installation 30 en ethernet port on the device 쐇 , and the other end into an available net- work connector socket in your local network. Lancom wlc- 4006 햴 lan – first of all connect your lancom wlan controller to the lan. Plug in one end of the supplied network cable (g...
Page 32: 2.5.2
Lancom wlc series chapter 2: installation 31 en in setup, select install software. The following selection menus will appear on screen: 2.5.2 which software should i install? Lanconfig is the windows configuration program for all lancom devices. Webconfig can be used alternatively or in addition via...
Page 33: 3 Basic Configuration
Lancom wlc series chapter 3: basic configuration 32 en 3 basic configuration the basic configuration is conducted with a convenient setup wizard that provides step-by-step guidance through the configuration and that requests any necessary information. First of all this chapter presents the informati...
Page 34
Lancom wlc series chapter 3: basic configuration 33 en new lan – fully automatic configuration possible the setup wizard offers to configure tcp/ip fully automatically if no network devices connected have yet been configured. This usually happens in the fol- lowing situations: only a single pc is go...
Page 35: 3.1.2
Lancom wlc series chapter 3: basic configuration 34 en ip address and network mask for the wlan controller assign the wlan controller a free ip address from your lan's address range and enter the network mask. Gateway address enter the gateway's ip address if you have selected 'off' as the dhcp mode...
Page 36
Lancom wlc series chapter 3: basic configuration 35 en on your behalf (assuming that the appropriate networking environment exists). If you cannot access an unconfigured wlan controller, the problem may be the lan netmask: in case there are less than 254 potential hosts available (netmask >'255.255....
Page 37: 3.3
Lancom wlc series chapter 3: basic configuration 36 en 3.3 instructions for webconfig device settings can be configured from any web browser. Webconfig config- uration software is an integral component of the lancom. A web browser is all that is required to access webconfig. Webconfig offers similar...
Page 38
Lancom wlc series chapter 3: basic configuration 37 en network without a dhcp server not for centrally managed lancom wireless routers or lancom access points in a network without a dhcp server, unconfigured lancom devices enable their own dhcp server service when switched on and assign ip addresses...
Page 39
Lancom wlc series chapter 3: basic configuration 38 en network with dhcp server if a dhcp server for the assignment of ip addresses is active in the lan, an unconfigured lancom device disables its own dhcp server, switches to dhcp client mode and retrieves an ip address from the dhcp server in the l...
Page 40
Lancom wlc series chapter 3: basic configuration 39 en as an alternative, the login dialog provides a link for an encrypted connection over https. Always use the https connection for increased security whenever possible. Setup wizards the setup wizards allow quick and easy configuration of the most ...
Page 41: 3.4
Lancom wlc series chapter 3: basic configuration 40 en if the access point is to retreive an ip address from a dhcp server but the server is unobtainable, then an access point which is restarting may not have an ip address, und thus be unable to communicate with the wlan controller. 3.4 tcp/ip setti...
Page 42
Lancom wlc series chapter 3: basic configuration 41 en ip address allocation by a separate dhcp server for this reason, the workstation pcs have to be set up to automatically retrieve their own ip address and those of the standard gateway and dns server via dhcp. The dhcp server is to be programmed ...
Page 43: 4.1
Lancom wlc series chapter 4: configuring the wlan controller 42 en 4 configuring the wlan controller lancom wlan controllers handle the management of access points in larger wlan infrastructures. The configuration data of the access points is stored in profiles in the wlan controller and, from there...
Page 44: 4.1.2
Lancom wlc series chapter 4: configuring the wlan controller 43 en the lancom wlan controller can only check the temporal validity of these certificates if it is set with the current time. If the time is not set in the wlan controller, the wlan led illuminates in red and the device is not operationa...
Page 45
Lancom wlc series chapter 4: configuring the wlan controller 44 en 햳 in the configuration section 'wlan controller' on the 'general' tab, acti- vate the options for the automatic acceptance of new access points and the provision of a default configuration. Automatically accept new access points: ena...
Page 46
Lancom wlc series chapter 4: configuring the wlan controller 45 en (network) name: give the wlan a name. This name is used only for administrative purposes in the lancom wlan controller. Ssid: this ssid is used for the wlan clients to connect. Encryption: select the encryption method suitable for th...
Page 47
Lancom wlc series chapter 4: configuring the wlan controller 46 en 햶 create a new wlan profile, give it an unique name, and assign the above logical wlan network and physical wlan parameters to it..
Page 48: 4.1.3
Lancom wlc series chapter 4: configuring the wlan controller 47 en 햷 change to the ''ap config.' tab and add a new entry by clicking on the default button. Assign the wlan profile defined above to it. You can leave 'ap name' and 'location' empty. The 'mac address' is set to 'ffffffffffff' for the de...
Page 49: 4.2
Lancom wlc series chapter 4: configuring the wlan controller 48 en the option 'automatically accept new aps' can remain active so that, after a reset, the wlan controller can automatically provide expected access points—as entered into the ap table—with valid certificates. 4.2 extended settings most...
Page 50
Lancom wlc series chapter 4: configuring the wlan controller 49 en lanconfig: wlan controller general wlan profiles webconfig: lcos menu tree setup wlan management automatically accept new aps (auto-accept) enables the wlan controller to provide a certificate to all new access points without a valid...
Page 51: 4.2.2
Lancom wlc series chapter 4: configuring the wlan controller 50 en synchronize the main device password activating this function sets the main device password for the access point each time it registers. This ensures that the password is synchronized with that of the wlan controller. If this functio...
Page 52
Lancom wlc series chapter 4: configuring the wlan controller 51 en lanconfig: wlan controller profiles logical wlan networks webconfig: lcos menu tree setup wlan management ap configu- ration network profiles name name of the logical wlan network under which the settings are saved. This name is only...
Page 53
Lancom wlc series chapter 4: configuring the wlan controller 52 en default: blank inheritance selection of a logical wlan network defined earlier and from which the settings are to be inherited (’inheritance of parameters’ → page 76). Network name (ssid) define an unambiguous ssid (the network name)...
Page 54
Lancom wlc series chapter 4: configuring the wlan controller 53 en to lanconfig or other tools). Should the connection to the wlan controller be interrupted, the access point will continue to operate with the configuration stored in flash for the time period entered here. The access point can also c...
Page 55
Lancom wlc series chapter 4: configuring the wlan controller 54 en physical wlan parameters here the physical wlan parameters are set for assignment to the access points. The following parameters can be defined for each set of physical wlan parameters: for normal access point applications you should...
Page 56
Lancom wlc series chapter 4: configuring the wlan controller 55 en inheritance selection of a logical wlan network defined earlier and from which the settings are to be inherited (’inheritance of parameters’ → page 76). Country the country in which the access point is to be operated. This informatio...
Page 57
Lancom wlc series chapter 4: configuring the wlan controller 56 en 1: switches the use of vlan on; the management network remains untagged, however. 2 to 4094: switches the use of vlan on; the management network uses the vlan id set here. Vlan activation only applies to wlan networks which are conne...
Page 58
Lancom wlc series chapter 4: configuring the wlan controller 57 en possible values: maximum of 16 wlan networks, multiple values separated by com- mas or activated in the selection list. Default: blank from this list, access points use only the first eight entries that are compatible with their own ...
Page 59: 4.2.3
Lancom wlc series chapter 4: configuring the wlan controller 58 en 4.2.3 access point configuration this area contains a list of all available access points and the ip parameter profiles. You can use these profiles if certain access points should not receive their ip addresses via dhcp. Ip parameter...
Page 60
Lancom wlc series chapter 4: configuring the wlan controller 59 en max. 63 characters default: blank network mask netmask of the profile possible values: valid netmask default: blank default gateway the gateway to be used by the profile as standard. Possible values: valid ip address default: blank d...
Page 61
Lancom wlc series chapter 4: configuring the wlan controller 60 en to connect to a wlan controller. The following parameters can be defined for every access point: lanconfig: wlan controller ap config. Access-point table webconfig: lcos menu tree setup wlan management ap configu- ration access point...
Page 62
Lancom wlc series chapter 4: configuring the wlan controller 61 en yes, no default: yes mac address mac address of the ethernet interface of each access point. Possible values: 12 hexadecimal characters. Special values: ffffffffffff defines the default configuration (’automatic provision of the defa...
Page 63
Lancom wlc series chapter 4: configuring the wlan controller 62 en wlan interface 1 frequency of the first wlan module. This parameter can also be used to deactivate the wlan module. Possible values: 2.4 ghz, 5 ghz, off, default special values: 'default' makes use of the frequency setting defined in...
Page 64
Lancom wlc series chapter 4: configuring the wlan controller 63 en auto. Channel selection lfc 2 automatic channel selection for the second wlan module. Settings for the second wlan module are ignored if the managed device has only one wlan module. Encryption encryption of communications over the co...
Page 65
Lancom wlc series chapter 4: configuring the wlan controller 64 en antenna grouping lancom access points with 802.11 support can use up to three antennas for transmitting and receiving data. Depending on the application the use of the antennas can be set. Possible values: 1+2+3: when using the devic...
Page 66: 4.2.4
Lancom wlc series chapter 4: configuring the wlan controller 65 en dhcp 4.2.4 ap update lancom wlan controllers allow the configurations of multiple lancom access points to be managed from a central location in a consistent and con- venient manner. With central firmware and script management, upload...
Page 67
Lancom wlc series chapter 4: configuring the wlan controller 66 en lanconfig: wan controller ap update webconfig: setup wlan management central firmware management general settings for firmware management firmware url the path to the directory with the firmware files. Possible values: url in the for...
Page 68
Lancom wlc series chapter 4: configuring the wlan controller 67 en possible values: 1 to 10 default: 5 firmware sender ip address this is where you can configure an optional sender address for use instead of the one automatically selected for the destination address. Possible values: name of a defin...
Page 69
Lancom wlc series chapter 4: configuring the wlan controller 68 en mac address select here the device (identified by its mac address) that the firmware version specified here is to be used for. Possible values: valid mac address default: blank version firmware version that is to be used for the devi...
Page 70
Lancom wlc series chapter 4: configuring the wlan controller 69 en blank if the list of ip networks or loopback addresses contains an entry named 'int' or 'dmz', the associated ip address of the ip network or the loopback address named 'int' or 'dmz' is used. Script management table table with the n...
Page 71: 4.2.5
Lancom wlc series chapter 4: configuring the wlan controller 70 en each to be stored. If script requirements do not exceed this volume, an http server does not need to be configured for this purpose. Script files are simply loaded from the designated storage location using webconfig. After upload th...
Page 72
Lancom wlc series chapter 4: configuring the wlan controller 71 en to use the station table, it is imperative that the radius server is activated in the wlan controller. As an alternative, requests can be forwarded to another radius server. More information on radius is available under 'radius'. For...
Page 73
Lancom wlc series chapter 4: configuring the wlan controller 72 en stored in the '802.11i/wep' area will be used for each logical wireless lan network (on the wlan controller in the definitions of logical wlans (ssids)). Possible values: ascii character string with a length of 8 to 63 characters def...
Page 74: 4.2.6
Lancom wlc series chapter 4: configuring the wlan controller 73 en possible values: 0 to 4096 default: 0 special values: in case of vlan-id 0, the station is not assigned a specific vlan id. Instead, the vlan id for the radio cell (ssid) applies. 4.2.6 radius server by default the wlan controller fo...
Page 75: 4.2.7
Lancom wlc series chapter 4: configuring the wlan controller 74 en ip address ip address of the radius server that is communicated to the ap in order for it to reach the radius server. If no value is entered the controller's ip address is taken as default. Possible values: valid ip address default: ...
Page 76
Lancom wlc series chapter 4: configuring the wlan controller 75 en lanconfig: wlan controller options event notification webconfig: lcos menu tree setup wlan management notification syslog activates notification by syslog. Possible values: on or off default: off e- mail activates notification by e-m...
Page 77: 4.2.8
Lancom wlc series chapter 4: configuring the wlan controller 76 en default parameters for some parameters, default values can be defined centrally and these serve as reference default values for other parts of the configuration. Lanconfig: wlan controller options default parameters webconfig: lcos m...
Page 78
Lancom wlc series chapter 4: configuring the wlan controller 77 en in order to avoid having to maintain multiple redundant wlan profiles to cater for countries or device types, it is possible to "inherit" selected properties from the logical wlan networks and the physical wlan parameters. 햲 you shou...
Page 79: 4.3
Lancom wlc series chapter 4: configuring the wlan controller 78 en changes to the parent entry take immediate effect on all entries which inherit from it. The parent entry itself may also inherit values from other entries. Complex inheritances of this type should be employed with great care, as this...
Page 80
Lancom wlc series chapter 4: configuring the wlan controller 79 en due to this, the newly accepted access point is briefly signaled as a "lost ap" by the red lost ap led, in the device's display, and in lanmonitor until assignment of the certificate is completed. Accepting access points via webconfi...
Page 81: 4.3.2
Lancom wlc series chapter 4: configuring the wlan controller 80 en 햳 click on this link to start the wizard. Select the desired access point by means of its mac address and choose the wlan configuration that is to be assigned to the access point. Assignment of the configuration causes the access poi...
Page 82
Lancom wlc series chapter 4: configuring the wlan controller 81 en manually removing access points from the wlan infrastructure the following actions are required to remove an access point under manage- ment of the wlan controller from the wlan infrastructure: 햲 in the access point, switch the wlan ...
Page 83: 4.3.3
Lancom wlc series chapter 4: configuring the wlan controller 82 en if the connection to a deactivated access point is broken (either unintentionally due to a failure or intentionally by the administrator) then the access point begins a new search for a suitable wlan controller. Although the former w...
Page 84
Lancom wlc series chapter 4: configuring the wlan controller 83 en the scep-ca'). To ensure that this confidential information remains protected even when exported from the device, it is initially stored to a password-pro- tected pcks12 container. 햲 open the configuration of the lancom wlan controll...
Page 85
Lancom wlc series chapter 4: configuring the wlan controller 84 en the backup file is then stored to your data medium. The passphrase will be required is when uploading the backup to a lancom wlan controller. Uploading a certificate backup into the device 햲 on the webconfig entry page select the com...
Page 86: 4.3.4
Lancom wlc series chapter 4: configuring the wlan controller 85 en 4.3.4 backing up and restoring further files from the scep- ca to be able to fully restore the scep-ca, it is important to have the information on the device certificates issued for the individual access points by the scep- ca. If th...
Page 87: 4.3.5
Lancom wlc series chapter 4: configuring the wlan controller 86 en after installing a new certificate list, expired certificates are removed and a new crl is created. Furthermore, the ca reinitializes itself auto- matically if certificates and keys are successfully extracted after load- ing the cert...
Page 88
Lancom wlc series chapter 4: configuring the wlan controller 87 en 햲 set the same time on the two lancom wlan controllers 쐃 and 쐇 . 햳 transfer the ca and ra certificates from a wlan controller 쐃 to the sec- ond and backup controller 쐇 . 햴 configure the first wlan controller 쐃 according to your requi...
Page 89
Lancom wlc series chapter 4: configuring the wlan controller 88 en also entered into the backup controller's ap table along with their mac addresses, the backup controller can fully take over the management of the access points. Changes to the wlan profiles in the backup controller will directly aff...
Page 90: 4.3.6
Lancom wlc series chapter 4: configuring the wlan controller 89 en 4.3.6 load balancing between wlan controllers if multiple wlan controllers are available in a network, the access points are automatically distributed evenly between the wlan controllers. At the beginning of communications, the acces...
Page 91: 4.3.7
Lancom wlc series chapter 4: configuring the wlan controller 90 en figuration'), all wlan controllers can be "filled" with equal numbers of con- figurations from a portion of the access points. If a second wlan controller is to be integrated into a network in addition to an existing wlan controller,...
Page 92
Lancom wlc series chapter 4: configuring the wlan controller 91 en certain network and logically separated from the other users, independent of the wlan network they are currently using. Unlike the situation where vlan ids are statically configured for a certain ssid ('vlan id'), in this case a radi...
Page 93
Lancom wlc series chapter 4: configuring the wlan controller 92 en 햲 activate vlan tagging for the wlan controller. This is done in the phys- ical parameters of the profile by entering a value greater than '0' (man- agement vlan id) for the management vlan id. 햳 for authentication via 802.1x, go to ...
Page 94: 4.3.8
Lancom wlc series chapter 4: configuring the wlan controller 93 en section 'radius servers' on the 'forwarding' tab. Alternatively, external radius servers can be entered in webconfig under lcos menu tree setup radius server forward server. Also, set the standard realm and the empty realm to be able...
Page 95
Lancom wlc series chapter 4: configuring the wlan controller 94 en the vlan management of access points is handled by the lancom wlc. The vlan management of the switches is handled separately by the switch configuration. The access points operate within the internal vlans. Wireless lan configuration...
Page 96
Lancom wlc series chapter 4: configuring the wlan controller 95 en 햳 create a set of physical parameters for the access points. The manage- ment vlan id is set to '1', which serves to activate the vlan function (but without a separate management vlan for the device; the management data traffic is tr...
Page 97
Lancom wlc series chapter 4: configuring the wlan controller 96 en 햵 assign this wlan profile to the access points managed by the controller. Do this either by entering the individual access points with their mac addresses or, alternatively, you can use the default profile..
Page 98
Lancom wlc series chapter 4: configuring the wlan controller 97 en configuring the switch a switch configuration is demonstrated with the example of a lancom es- 2126+. 햲 set the vlan mode to "tag based", as the access points handle the assignment of vlan tags. 햳 to differentiate between the vlans i...
Page 99
Lancom wlc series chapter 4: configuring the wlan controller 98 en 햵 the guests' vlan group uses the vlan id '100' and is valid only for the ports connected to the wlan controller and access points (ports 10 to 16 in our example). Tags are not removed from outgoing data packets. 햶 the port vlan id (...
Page 100
Lancom wlc series chapter 4: configuring the wlan controller 99 en configuring the ip networks in the wlan controller to separate the data streams on layer 3, two different ip networks are employed (arf – advanced routing and forwarding). 햲 the first step is to define the required ip networks. For t...
Page 101
Lancom wlc series chapter 4: configuring the wlan controller 100 en 햳 for both ip networks, an entry is created in the dhcp networks to perma- nently activate the dhcp server. 햴 with these settings, the wlan clients of the internal employees and guests are assigned to the appropriate networks..
Page 102
Lancom wlc series chapter 4: configuring the wlan controller 101 en configuring public spot access the public spot allows you to provide a strictly controlled point of access to your wireless lan. User authentication is handled by a web interface. If desired, access can be subject to time limits. 햲 ...
Page 103
Lancom wlc series chapter 4: configuring the wlan controller 102 en 햳 activate user authentication for the controller's interface that is con- nected to the switch. 햴 by entering the vlan id of '100' for the guest network into the vlan table, the data packets for public spot users are restricted to ...
Page 104
Lancom wlc series chapter 4: configuring the wlan controller 103 en 햵 in the public spot module, activate the "cleanup user table automatically" option to ensure that unwanted entries are automatically deleted. Configuring the radius server to operate a public spot in lcos versions prior to 7.70, pu...
Page 105
Lancom wlc series chapter 4: configuring the wlan controller 104 en 햲 in order to use the user database in the internal radius server, the radius server in the lancom must be activated first. Activate the radius server by entering authentication and accounting ports. Use the authentication port 1,81...
Page 106
Lancom wlc series chapter 4: configuring the wlan controller 105 en after updating to lcos 7.70, user accounts created in the public spot module's user list with previous versions of lcos remain valid. Configuring internet access for the guest network 햲 in order to provide users of the guest network...
Page 107: 4.3.9
Lancom wlc series chapter 4: configuring the wlan controller 106 en 4.3.9 checking wlan clients with radius (mac filter) to use radius to authenticate wlan clients and grant them wlan access based on their mac address, an external radius server can be used, as can the internal user table in the lanc...
Page 108: 4.3.10
Lancom wlc series chapter 4: configuring the wlan controller 107 en the mac address is entered as 'user name' and as 'password' in the written form 'aabbcc-ddeeff'. 4.3.10 internal and external radius servers combined some companies use an external radius server to authenticate internal wlan users b...
Page 109
Lancom wlc series chapter 4: configuring the wlan controller 108 en radius server can change the realms in the user names for the purpose of radius forwarding: the value defined for "standard realm" replaces an existing realm of an incoming request if no forwarding is defined for that existing realm...
Page 110
Lancom wlc series chapter 4: configuring the wlan controller 109 en of the company "company.Eu". The information specified in the forward- ing table allows all authentication requests with this realm to be for- warded to the external radius server. Configuring radius forwarding the following configu...
Page 111
Lancom wlc series chapter 4: configuring the wlan controller 110 en 햳 in the wlan controller's radius server, define an "empty realm" (e.G. "company.Eu"). This realm is attached to all user names which request authentication from the wlan controller and which do not already have a realm. In this app...
Page 112: 4.4
Lancom wlc series chapter 4: configuring the wlan controller 111 en 햴 in order for authentication requests from internal users to be forwarded to the external radius server, suitable entries must be entered into the forwarding settings. The realm "company.Eu" causes all incoming radius requests to b...
Page 113
Lancom wlc series chapter 4: configuring the wlan controller 112 en active wlan networks with the logged-on wlan clients and the descrip- tor of the access points that the wlan clients are associated with. Display of new access points with ip and mac address display of missing access points with ip ...
Page 114: 4.5
Lancom wlc series chapter 4: configuring the wlan controller 113 en points from a backup controller and to redirect them to the correct wlan controller. Update updates lanmonitor's display. 4.5 automatic rf optimization with lancom wlan controllers selecting the channel from the channel list defines...
Page 115
Lancom wlc series chapter 4: configuring the wlan controller 114 en optimization is then carried out in the following stages: 햲 the wlan controller deletes the ap channel list in all of the access points in the 2.4-ghz range. Because the channel list for the access points is then empty, the channel ...
Page 116: 4.6
Lancom wlc series chapter 4: configuring the wlan controller 115 en 4.6 configuring the access points please note that the access points must have an ip address in order to com- municate with the wlan controller. The ip address can either be entered into the access point as a fixed value, or retriev...
Page 117
Lancom wlc series chapter 4: configuring the wlan controller 116 en if you need to change the operating mode for multiple devices, you can use a simple script on the devices with the following lines: # script (7.22 / 23.08.2007) lang english flash 0 cd setup/interfaces/wlan/operational set wlan-1 0 ...
Page 118: 5 Security Settings
Lancom wlc series chapter 5: security settings 117 en 5 security settings your lancom features numerous security functions. This chapter provides you with all of the information you need to optimally protect your device. You can carry out the configuration of security settings very quickly and conve...
Page 119: 5.1.2
Lancom wlc series chapter 5: security settings 118 en the passphrases for 802.11i or wpa do not have to be changed quite so regularly as new keys are generated for each connection anyway. This is not the only reason that the encryption with 802.11i/aes or wpa/tkip is so much more secure than the now...
Page 120: 5.1.4
Lancom wlc series chapter 5: security settings 119 en leps can be used locally in the device and can also be centrally managed with the help of a radius server, and it works with all wlan client adapters cur- rently available on the market without modification. Full compatibility to third-party prod...
Page 121: 5.3
Lancom wlc series chapter 5: security settings 120 en if you suspect anything, change the key immediately. When an employee with access to a key leaves the company, then it is high time to change the wireless lan key. Even if there is the slightest sus- picion of a leak, renew the key. Leps avoids t...
Page 122: 5.3.2
Lancom wlc series chapter 5: security settings 121 en 햳 in the selection menu, select the setup wizard, check security settings and confirm the selection with next. 햴 in the dialogs that follow you can set the password and select the proto- cols to be available for accessing the configuration from l...
Page 123
Lancom wlc series chapter 5: security settings 122 en function in your device is activated, and that at least one passphrase or wep key has been entered and selected for application. For security reasons, lancom systems strongly advises you not to use wep! You should only ever use wep under exceptio...
Page 124
Lancom wlc series chapter 5: security settings 123 en have you activated the firewall? The firewall in the lancom wlan controller only comes into effect if the wlan controller is operated as a public spot and provides direct internet access. When operated for wlan management only, the fire- wall in ...
Page 125
Lancom wlc series chapter 5: security settings 124 en icmp). It is especially convenient to set up the filters with the aid of lanconfig. Under 'firewall/qos', the 'rules' tab contains the functions for defining and editing filter rules. Have you excluded certain stations from accessing the device? ...
Page 126
Lancom wlc series chapter 5: security settings 125 en can be set so that a press is either ignored or it causes a re-start, depend- ing on the time for which it is held pressed..
Page 127: 6.1
Lancom wlc series chapter 6: setting up internet access 126 en 6 setting up internet access lancom wlan controllers also provide routing and firewall functions. If required, these devices can also operate as internet access routers. 6.1 the internet connection wizard 6.1.1 instructions for lanconfig...
Page 128: 6.1.2
Lancom wlc series chapter 6: setting up internet access 127 en 6.1.2 instructions for webconfig 햲 select the entry set up internet connection from the main menu. 햳 in the following windows you select your country, your internet provider if possible, and you enter your access data. 햴 depending on ava...
Page 129: 7 Connecting Two Networks
Lancom wlc series chapter 7: connecting two networks 128 en 7 connecting two networks network connectivity, also known as lan-lan connectivity, with the lancom router is used for interconnecting two local area networks. Con- necting lans over vpn ensures that the internet-based connection between th...
Page 130
Lancom wlc series chapter 7: connecting two networks 129 en for further information on vpn-based network connectivity by other methods, refer to the lancom reference manual. Notes on the different settings: for vpn connections over the internet, the type of ip address at each end must be specified. ...
Page 131: 7.1.2
Lancom wlc series chapter 7: connecting two networks 130 en the shared secret is the central password for the vpn connection's secu- rity. It must be entered identically at both ends. 7.1.2 settings for the tcp/ip router in the tcp/ip network, correct addressing is of extreme importance. For net- wo...
Page 132: 7.1.3
Lancom wlc series chapter 7: connecting two networks 131 en figuration. Refer to the lancom router reference manual for more detailed information. Vpn extranet in the case of lan-lan connectivity via vpn, you can mask the individual computers behind another ip address. The operating mode referred to...
Page 133: 7.3
Lancom wlc series chapter 7: connecting two networks 132 en 햳 the wizard will inform you when the required information is complete. You can then close the wizard with finish. 햴 once you have completed the set-up of both routers, you can start testing the network connection. Try to communicate with a...
Page 134
Lancom wlc series chapter 7: connecting two networks 133 en 햳 use drag&drop by mouse to place the devices onto the entry for the cen- tral router. 햴 the 1-click-vpn site-to-site wizard will be started. Enter a name for this access and select the address under which the router is accessible from the ...
Page 135: 7.4
Lancom wlc series chapter 7: connecting two networks 134 en all entries for the central device are made just once and are then stored to the device properties. 7.4 instructions for webconfig in webconfig, vpn-based network connectivity cannot be set up in the wizard. The expert configuration has to ...
Page 136: 8.1
Lancom wlc series chapter 8: providing dial- in access 135 en 8 providing dial- in access your lancom can be set up with dial-in access accounts enabling individual computers to dial-in to your lan and fully participate in the network for the duration of the connection. This service is called ras (r...
Page 137: 8.1.2
Lancom wlc series chapter 8: providing dial- in access 136 en notes on the different settings: user name and password: this access data serves to identify the user when dialing in. 8.1.2 settings for tcp/ip tcp/ip requires that every active ras is assigned an ip address. This ip address can be manua...
Page 138: 8.2
Lancom wlc series chapter 8: providing dial- in access 137 en lished, the computer can access and search the other network (click on search computer, do not use the network neighborhood). 8.2 settings on the dial-in computer for dialing-in to a network via vpn, a computer needs: internet access a vp...
Page 139: 8.4
Lancom wlc series chapter 8: providing dial- in access 138 en 8.4 1-click-vpn for lancom advanced vpn client vpn accesses for employees who dial into the network with the lancom advanced vpn client are very easy to set up with the setup wizard and exported to a file. This file can then be imported a...
Page 140: 8.5
Lancom wlc series chapter 8: providing dial- in access 139 en preshared key: randomly generated key 16 ascii characters long. Connection medium: the lan is used to establish connections. Voip prioritization: voip prioritization is activated as standard. Exchange mode: the exchange mode to be used is...
Page 141: 9 Appendix
Lancom wlc series chapter 9: appendix 140 en 9 appendix 9.1 performance and characteristics lancom wlc-4006 lancom wlc-4025+ lancom wlc-4100 connectors ethernet lan 5x 10/100base-tx, auto- sensing, switch with node/ hub autosensing 4x 10/100/1000base-tx, autosensing, node/hub auto- sensing wan any e...
Page 142: 9.2
Lancom wlc series chapter 9: appendix 141 en 9.2 connector wiring 9.2.1 ethernet interface 10/100/1000base-tx, dsl interface 8-pin rj45 sockets (iso 8877, en 60603-7) *bi_da+ stands for "bi-directional pair +a" 9.2.2 configuration interface (outband) 8-pin mini din socket connector pin fast ethernet...
Page 143: 9.3
Lancom wlc series chapter 9: appendix 142 en 9.3 ce-declarations of conformity lancom systems herewith declares that the devices of the type described in this documentation are in agreement with the basic requirements and other relevant regulations of the 1995/5/ec directive. The ce declarations of ...
Page 144: Index
Lancom wlc series index 143 en index numerics 10/100base-tx 27 100-mbit network 27 3 des 128 , 135 802.11i 117 , 118 , 121 802.11i/ 118 802.1p 17 802.1x 3 , 117 , 118 a access point 3 , 10 access point mode 21 access-control list 119 acl 118 , 119 advanced routing and forwarding 17 aes 117 , 128 , 1...
Page 145
Lancom wlc series index 144 en dtls 11 , 14 , 17 , 26 dynamic vlan assignment 17 , 90 e eap 12 , 17 , 117 , 118 e-mail 74 encryption 17 , 45 , 63 , 76 , 128 , 135 expected access point 47 f fast roaming 17 firewall 18 , 123 block stations 124 firmsafe 19 firmware 5 central management 65 firmware ver...
Page 146
Lancom wlc series index 145 en security aspects 128 , 135 network mask 33 , 34 , 124 network name 45 network time protocol 43 new access point 47 new ap led 24 ntp 43 number of vpn tunnels 25 p password 34 , 35 pat – see ip masquerading pcks12 container 83 phy layer 11 ping 132 pmk caching 17 power ...
Page 147
Lancom wlc series index 146 en u udp 123 usb connector 28 v virtual private networks (vpn) 17 vlan 3 vlan id 52 , 91 vpn client 137 w webconfig 36 https 36 system requirements 21 wep 117 , 120 , 121 windows workgroup search 131 wireless lan controllers 3 , 10 firmware management 65 script management...
Page 148
Lancom wlc series index 147 en.