MAGNIA Software Access Point User’s Guide V2.
………………………………………………………………………………………………………… 1. No part of this document may be transcribed or reproduced without the express permission of the publisher. 2. The contents of this document may be revised without prior notice. 3. Every possible effort was made to secure the contents of this document. However, should you find any doubt or fault, please notify the publisher. 4. Notwithstanding item 3 above, the publisher assumes no responsibility for any result arising from the use of this document.
Important Alert Messages This document contains important information to be observed for preventing damage to users and bystanders or their property and using the purchased product safely. The alert messages and symbols used in this document are shown below with their meanings. Please understand them thoroughly before proceeding to the text.
Preface This manual describes how to install and operate the MAGNIA Software Access Point. This manual consists of the following four: Chapter 1 Outline of Software Access Point Chapter 2 Installation Procedure Chapter 3 Utilities Chapter 4 802.1X Function Appendixes For the latest information about the explanation, read readme.txt.
……… · Trademark …………………………………………………………………………… Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the United States and other countries. · Linux is a registered trademark of Mr. Linus Torvalds in the United States and other countries. · Red Hat is a registered trademark of Red Hat Software, Inc. of the Unite States. · Turbolinux is a registered trademark of Turbolinux, Inc. · RPM is a trademark of Red Hat, Inc.
Contents Applicable Versions and Technical Revisions Notations Used in This Document OUTLINE OF SOFTWARE ACCESS POINT............................................................................................... 12 1.1 Outline ......................................................................................................................................... 13 1.2 Operating Environment................................................................................................................
02.1X FUNCTION....................................................................................................................................... 73 4.1 Overview ...................................................................................................................................... 74 4.2 802.1X Function........................................................................................................................... 75 4.2.1 Required Environment .............................
Applicable Versions and Technical Revisions Summary of Revision First edition Date 2001-07-07 Windows Version MAGNIA Software Access Point V1.0 Second edition 2001-12-26 Linux Version MAGNIA Software Access Point V1.0 Windows Version MAGNIA Software Access Point V2.0 2002-01-31 Linux Version MAGNIA Software Access Point V2.
Notations Used in This Document This document uses the following notations: Symbols Notice : Provides information that the user should observe to prevent data loss, faults, and performance deterioration and information about the specifications and functions that the user should know. Memo : Provides tips and supplementary information. [[ ]] : Refers to another manual. { } : Refers to a reference within the document. Keying in Type “XXXX.
Screen For convenience of explanation, only part of screen needed for operation is shown. The user should key in the bold element shown. C:\>dir The screen images provided in this document may be different from the actual display. The use of the screen images in this document is permitted by Microsoft Corporation.
Chapter1 Outline of Software Access Point
1.1 Outline The MAGNIA Software Access Point is a software product that facilitates the Toshiba Intel Architecture server to work as a wireless LAN access point. The basic functions of this product are as follows: Communication between a wireless LAN network and wired LAN network This function enables a wireless or wired LAN PC to be connected to the resources in a wired or wireless LAN network via an access point. Enhanced security by encryption (WEP) Using the WEP function can enhance network security.
1.2 Operating Environment The requirements for the MAGNIA Software Access Point to run are as follows: Server MAGNIA Z series PC card TOSHIBA Wireless LAN PC Card (WEP64, WEP128) Operating System Windows NT 4.0 Server (Service Pack 6a) Windows 2000 Server/Advanced Server (Service Pack 1 or later) Red Hat Linux 7.2 Red Hat Linux 7.
1.3 Configuration This section explains basic constitution of wireless LAN network. For details on 802.1X function, see the following chapter. [4 802.1X Function] 1.3.1 Consisting of only wireless LAN The simplest system consists of only a wireless LAN. Each station communicates via a server (Software Access Point).
1.3.2 Consisting of Wireless and Wired LANs A wireless LAN network and wired LAN network can be connected via a server (Software Access Point). PCs on the wireless and wired LAN networks can communicate with each other seamlessly.
1.3.3 Consisting of multiple access points Combining multiple access points can make up a flexible network. When two access points are provided as shown below, a station is connected to a nearby access point. After a connection is set up, the station may move and come closer to another access point than the first nearby access point. In this case, the station automatically changes the access point and continues communication. This function is called roaming.
2 Installation Procedure Chapter2 Installation Procedure
2.1 Software Access Point This section explains the procedure for installing and uninstalling the MAGNIA Software Access Point. If you use the Seamless Office, refer to the user’s guide of the Seamless Office. 2.1.1 Installing the Software Access Point This section describes the procedure for installing the MAGNIA Software Access Point. 2.1.1.1 For installation in Windows NT Before starting the installation, check that a wireless LAN card has been mounted.
3. On this screen, select the components to be installed. Press the [Next] button to start to copy the files. Memo The SNMP Extension Agent is required to set up access point information from the remote system, using the Access Point Configuration Utility. [3.3 Access Point Configuration Utility] [Appendix 1 SNMP Settings] To install the SNMP Extension Agent, the SNMP service must be installed in advance. The SNMP service is provided by the OS. For details, refer to the OS manual or online Help. 4.
Memo Some protocol components, such as NWLink protocol, demand a setup like a TCP/IP protocol. Please perform and continue a required setup similarly. 5. When the installation is completed, the following screen is displayed. system. Reboot the 6. Set up the required items in the Access Point Configuration Utility. By the default, WEP and MAC address filtering are enabled. [3.
2.1.1.2 For installation in Windows 2000 Before starting the installation, check that the wireless LAN card has been mounted. Refer to the server manual for the mounting procedure. When a wireless LAN card driver or software for other than this product is installed, uninstall it. 1. 2. Log on as the user with administrator authority. The system detects the wireless LAN card as a new device and requests its driver. Press the [Next] button. 3.
4. On the following screen, select "Specify location" and press the [Next] button. 5. On the following screen, specify \Public\LAN\Toshiba\TSAP\AP\Win2000\Miniport folder on the Server Setup Tool and Documentation CD as the file copy source, and press the [OK] button. .
6. The system searches for the driver file and displays the following screen. Press the [Next] button. 7. If following screen is appeared, Press the [Yes] button.
8. The file is copied and the driver installation is completed. Press the [Finish] button. 9. Activate Setup.exe in the \Public\LAN\Toshiba\TSAP\AP on the Server Setup Tool and Documentation CD. The following screen is displayed. Press the [Next] button.
10. On this screen, select the components to be installed. Press the [Next] button to start to copy the files. Memo The SNMP Extension Agent is required to set up access point information from the remote system, using the Access Point Configuration Utility. [3.3 Access Point Configuration Utility (Remote)] [Appendix 1 SNMP Settings] To install the SNMP Extension Agent, the SNMP service must be installed in advance. The SNMP service is provided by the Operating System.
11. When the installation is completed, the following screen is displayed. [Finish] button. Press the 12. Set up the required items in the Access Point Configuration Utility. By the default, WEP and MAC address filtering are enabled. [3.2 Access Point Configuration Utility (Local)] Select the wired LAN network that you want to connect to in the Wired LAN Selection Utility. [3.
2.1.1.3 For installation in Linux This section describes the procedure for installing the Linux-version MAGNIA Software Access Point. For information about a general operation procedure for using Linux by login by root, refer to general documents related to Linux or the Red Hat WEB site. To install the Linux-version MAGNIA Software Access Point, use the rpm command. The specific procedure is as follows. Step 1 Log in by root. Step 2 Mount Server Setup Tool CD.
In the case of upgrade, execute the following command. upgrading 2.0-0, installed in Step 4, to 2.1-0 is given. Here, the example of for Red Hat 7.2 # rpm -U tsap-2.4.7-10-2.1-0.i386.rpm for Turbolinux 7 # rpm -U tsap-2.4.9-3-1.1-0.i586.rpm Step 5 To operate the Linux-version MAGNIA Software Access Point, execute the following command. Notice When Step 5 is executed, the service of the network including the wireless LAN may become abnormal.
2.1.2 Uninstalling the Software Access Point This section describes the uninstallation procedure for the MAGNIA Software Access Point. 2.1.2.1 For Windows NT/2000 1. 2. 3. Activate the [Add/Remove Programs] icon on the Control Panel. Delete "MAGNIA Software Access Point" by selecting it. Subsequently, follow the uninstaller's instructions. In the case of Windows NT, the uninstallation is completed here. In the case of Windows 2000, delete the wireless LAN card driver subsequently.
Names of files to be saved as setup files /etc/sysconfig/tsb/.
2.1.3 Upgrading the Software Access Point This section describes the upgrading procedure for the MAGNIA Software Access Point V1.0. 2.1.3.1 For Windows NT 1. 2. 3. Log on as the user with administrator authority. Activate Setup.exe in the \Public\LAN\Toshiba\TSAP\AP on the Server Setup Tool CD. The following screen is displayed. Press the [Yes] button. 4. When the installation is completed, the following screen is displayed. system. 5.
2.1.3.2 For Windows 2000 1. 2. 3. 4. 5. Log on as the user with administrator authority. Using Network And Dial-Up Connections in Control Panel, display the "TOSHIBA Wireless LAN Card (AP)" properties. The following screen is displayed. Press the [Configure] button. [TOSHIBA Wireless LAN Card (AP) Properties] screen is displayed. Then push [Update Driver] button on the [Driver] tab. The following screen is displayed. Press the [Next] button.
6. On the following screen, select "Display a list of the known drivers for this device so that I can choose a specific driver" and press the [Next] button. 7. On the following screen, select "TOSHIBA Wireless LAN Card(AP)" , "Show compatible hardware" and press the [Have Disk] button.
8. On the following screen, specify \Public\LAN\Toshiba\TSAP\AP\Win2000\Miniport folder on the Server Setup Tool CD as the file copy source, and press the [OK] button. 9. On the following screen, select "TOSHIBA Wireless LAN Card(AP)" and press the [Next] button.
10. On the following screen, Press the [Next] button. 11. If following screen is appeared, Press the [Yes] button.
12. When upgrade the driver files is completed, the following screen is displayed. Push the [Finish] button. 13. The following screen is displayed. Reboot the system. 14. Activate the [Add/Remove Programs] icon on the Control Panel. Remove the MAGNIA Software Access Point. 15. Activate Setup.exe in the \Public\LAN\Toshiba\TSAP\AP on the Server Setup Tool installation CD. Subsequently, follow the installer’s instructions. 16. Set up the required items in the Access Point Configuration Utility. [3.
2.2 Access Point Configuration Utility If you install the Access Point Configuration Utility, you can set up the MAGNIA Software Access Point from the remote system. For details on using the Access Point Configuration Utility, see the following section. [3.3 Access Point Configuration Utility (Remote) If you use the Seamless Office, refer to the user’s guide of the Seamless Office. 2.2.1 Installing Access Point Configuration Utility 1. Activate Setup.
3. Specify the program folder and press the [Next] button. 4. The following screen is displayed and the installation is completed. Press the [Finish] button.
2.2.2 Uninstalling the Access Point Configuration Utility The following describes the uninstallation procedure. 1. 2. Activate the [Add/Remove Programs] icon on the Control Panel. Delete "MAGNIA Software Access Point Configuration Utility" by selecting it. Subsequently, follow the uninstaller's instructions. 2.2.3 Upgrading the Access Point Configuration Utility The following describes the upgrading procedure. 1. Activate Setup.
3 Utilities Chapter3 Utilities
3.1 Outline of Utilities The utilities prepared by this product are as follows. 1. Access Point Configuration Utility This utility sets up the access point. This utility has two modes, "Local (used on a server)" and "Remote (used from a PC). 2. Wired LAN Selection Utility This utility connects to the wired LAN network and releases it. This utility can be used only at the Windows-version MAGNIA Software Access Point. 3.
3.2 Access Point Configuration Utility (Local) Use the Access Point Configuration Utility to set up the MAGNIA Software Access Point. This utility is installed simultaneously when the MAGNIA Software Access Point of the Windows version is installed. 3.2.1 Starting the utility [Windows NT] 1. Double-click [Network] on the Control Panel on the server in which the Software Access Point is installed. 2. Select the [Adapters] tab. 3.
[Windows 2000] 1. Double-click [Software Access Point] on the Control Panel on the server in which the Software Access Point is installed.
3.2.2 Using the utility When the Access Point Configuration Utility is activated, the main screen having the following four pages: [Basic Setting] [WEP] [Access Restriction] [Hardware Resource](displayed only when Windows NT is used) Immediately after the utility starts, the current settings of the MAGNIA Software Access Point are displayed on the respective pages. Buttons common to all pages Item Explanation [Connect to] button Displays the connection destination setting screen.
3.2.2.1 [Basic Setting] page Make basic settings of the MAGNIA Software Access Point. [Basic Setting] page Item Explanation [Access Point Name] Specifies the name to identify the access point. edit box Specify the name with up to 32 ASCII characters. The default is MAGNIA Software AP. [Network Name (ESSID)] Specifies the name of the logical network configured by the edit box access point. The same setting item is provided on the station that runs in infrastructure mode.
[Don’t accept station with network name "ANY"] check box Specifies whether to accept a connection request from a network having a special “network name (ESSID).” If the check box is not selected, a station having network name ANY or a null character " can be connected. If the check box is selected, a station can be connected only when the network name matches. The check box is cleared by default. See the following section too.
3.2.2.2 [WEP] page Make settings for the WEP key and 802.1X function. See the following section too. [Appendix 2 Security] For details on 802.1X function, see the following chapter. [4 802.1X Function] [WEP] page Item Description [802.1X] Specify whether to use the 802.1X function. combo box The following three items are prepared. [Not used] [Used] [Used (non-802.1X stations are permitted to coexist.)] The default value is [Not used].
[Distribute WEP key] Specify whether to dynamically distribute the WEP key. check box This check box is enabled when the 802.1X function is used. By default, this check box is unchecked. [Reauthenticate before WEP key distribution] Specify whether to make authentication when distributing the WEP key. check box By default, this check box is unchecked.
3.2.2.3 [Access Restriction] page You can restrain specific wireless LAN stations from accessing the network by registering permissible MAC addresses. See the following section too. [Appendix 2 Security] [Access Restriction] page Item Explanation [Enable MAC address Specifies whether to enable access restraints on wireless LAN filtering] stations by registering permissible MAC addresses. check box This check is selected by default.
[Add New] button Used to manually add MAC addresses to be permitted to access the network. Use one of the following formats to specify a MAC address: XXXXXXXXXXXX XX:XX:XX:XX:XX:XX XX-XX-XX-XX-XX-XX (X is 0 to 9 or A to F.) [Delete] button Used to remove an access-enabled MAC address. A MAC address selected from the [Access permitted MAC address] list can be removed. [Import from File] button Used to select a MAC address from a MAC addresses list file and add it.
3.2.2.4 [Hardware Resource] page You can set hardware resource items on this page. This page is displayed only when you use Windows NT. [Hardware Resource] page Item Explanation [IRQ Number] Specifies the identification number used for the wireless LAN card to post an interrupt to the OS. The default is 3. [I/O Base Address] Specifies the I/O address space used for the wireless LAN card to perform I/O with the OS. The default is 0x0400.
3.3 Access Point Configuration Utility (Remote) You can set up the MAGNIA Software Access Point from the remote PC. Connection to both Windows-version and Linux-version Software Access Point are possible. Because communication is made by SNMP during the connection, the SNMP Extension Agent needs to operate on the server (access point). For information on installing and setting up the SNMP Extension Agent, see the following sections. [2.1.1.1 For installation in Windows NT] [2.1.1.
3. 4. 5. In the [Computer Name] field, enter the computer name or IP address of the server (access point). In the [Community Name] field, enter the name of the community to be used. Press the [Connect] button. 3.3.2 Using the utility The method for using the utility is the same as when you use the Access Point Configuration Utility in local mode (on the server). However, the [Hardware resource] page is not displayed. For details, see the following section. [3.
3.4 Wired LAN Selection Utility This utility connects wireless and wired LAN networks with each other (or releases the connection). When the wireless and wired LAN networks are connected, the PC on each network can communicate with the other. When the Windows-version MAGNIA Software Access Point is installed, this utility is installed together. This utility can be used only at the Windows-version MAGNIA Software Access Point. 3.4.1 Starting the utility [Windows NT] 1.
[Windows 2000] 1. Activate [Selection of Wired LAN] on the Control Panel on the server in which the Software Access Point is installed.
3.4.2 Selection screen When the Wired LAN Selection Utility is started, the following screen is displayed. Select the wired LAN card that you want to connect to, and press the [OK] button. If you do not want to connect to it, select "Not selected." Wired LAN Selection Utility main screen Item Explanation Selection list box Displays the wired LAN cards that you can select. Select the wired LAN card that you want to connect to.
When AFT/ALB of Intel LAN card is used When using the AFT (Adapter Fault Tolerance)/ALB (Adaptive Load Balancing) function of the Intel LAN card driver, note the following item. · When newly composing the AFT/ALB team or changing the composition, temporarily select "Not selected" in the Wired LAN Selection Utility. After completing the AFT/ALB composition, reselect the wired LAN card to be connected.
3.5 Setup from the WEB Browser This section introduces the setting method that is specific to the Linux-version MAGNIA Software Access Point. Setup from the WEB browser can be used only at the Linux-version MAGNIA Software Access Point. Notice When you use from a wireless LAN station, do not write the information to the access point which the station has connected. 3.5.1 Setting change of the WEB browser At the Linux-version MAGNIA Software Access Point, use the WEB browser to change the settings.
Next, select the "LAN Setting" from the "Connections" tab in the Internet option dialog box to display the "Local Area Network (LAN) Settings" dialog box. Lastly, uncheck "Automatically detect settings (A)," "Use automatic configuration script (S)," and "Use a proxy server (X)" in the "Local Area Network (LAN) Settings" dialog box as shown below if they are selected, and press the [OK] button. This completes the setting change of the Internet Explorer.
3.5.1.2 When using Netscape navigator This section describes how to cancel the proxy server setting when the Netscape navigator is used as the WEB browser. As an example, the setting method in version 4.75 is introduced. First, select "Preferences (E)" from the "Edit (E)" menu shown below to display the settings dialog box. When the settings dialog box is displayed, select "Proxies" from "Advanced" and select "Direct connection to the (D)" (shown below). Lastly, press [OK] to complete the setting change.
3.5.2 User authentication for access to setup pages When accessing the setup page that sets up the Linux-version MAGNIA Software Access Point, you need to undergo the user authentication using the function that the WEB server (apache) provides. This section describes the user authentication procedure and how to set up the information such as a password for authentication.
Memo Once you finish the authentication, it becomes valid until the WEB browser terminates. Therefore, the authentication is required only when you first access the setup page. It is not executed when you accessed another setup page after finishing the user authentication to access the first setup page. Memo As explained in 3.5.2, the user name and password are used only to access the setup page of the Linux-version MAGNIA Software Access Point. 3.5.2.
3.5.3 Access point setup page This page is for the settings that correspond to Windows-version "Access Point Configuration Utility." See the following section too. [Appendix 2 Security] To display the access point setup page, access the following URL. http://(server IP address)/tsb/tsap_basic.cgi Memo As explained above, you need to undergo user authentication before accessing this page.
[Basic] setup page Item Explanation [Network Name (ESSID)] Specifies the name of the logical network configured by the access point. The same setting item is provided on the station that runs in infrastructure mode. The same name as the access point to be connected to must be specified in the setting item. Specify the name with up to 32 ASCII characters. The default is MAGNIA. If it is still default, a third person may connect to the access point carelessly. Please change it.
One or more MAC addresses can be selected. [All remove] button Clears all MAC addresses from the [Access rejected MAC address] list. [Apply] button Ends up saving the selected item. [Reset] button Ends up without saving the selected item. 3.5.3.2 [WEP] setup page From "WEP" link on the left pane, it jumps to WEP and 802.1X function setting page, For details on 802.1X function, see the following chapter. [4 802.1X Function] The followings are items of the combo box under the "WEP" link.
[Use 802.1X (Distribute WEP)] [Use 802.
[Use 802.1X (Permit non-802.1X STA, Distribute WEP)] [Use 802.1X (Permit non-802.
[WEP] setup page Item Description [Reauthenticate before Specify whether to make authentication when distributing the WEP key distribution] WEP key. By default, this check box is unchecked. [WEP key change interval Specify in seconds the interval with which the WEP key is (seconds)] changed and distributed to each station The default value is 600 seconds. [Key Length] Specify the length of the WEP key to be distributed. The default value is 5 bytes.
3.5.3.3 [Advanced] setup page Jump to the [Advanced] setup page shown below by the “Advanced” link on the left pane. Memo As explained above, you need to undergo the user authentication before accessing this page. Notice The setup items of the details setup page are not required for the usual operation. To change the setup items of the details setup page, you need a detailed knowledge about the network; therefore, do no change them unless required.
3.5.4 Wired LAN selection page This page is for the settings that correspond to Windows-version "Wired LAN Selection Utility." To display the wired LAN selection page, access the following URL while the MAGNIA Software Access Point is active. http://(server IP address)/tsb/tsb_bridge.cgi Memo As explained above, you need to undergo user authentication before accessing this page.
Notice When the command is executed, the network shuts down temporarily as explained above; therefore, the service of the network including the wired LAN may become abnormal. Before executing the command, fully check the operation status of another network service. For information on executing the command, consult with your server administrator.
4 802.1X Function Chapter4 802.
4.1 Overview The 802.1X function restricts the connection of unauthorized stations by authenticating each station. The 802.1X function has the following advantages in security and administration. Security 1. 2. Administration 3. The function makes authentication during station connection and permits only the station that has passed the authentication to communicate. This function makes it difficult for an unauthorized station to get in the network. The function can dynamically distribute the WEP key.
4.2 802.1X Function This section explains the 802.1X function more specifically. 4.2.1 Required Environment The following environment is required to use the 802.1X function. AP RADIUS CA STA AP STA RADIUS CA Access point (this product). It operates on the MAGNIA server. Radio LAN station The 802.1X function needs to be supported even on the station side. Abbreviation of Remote Authentication Dial In User Service. This server authenticates STAs. Abbreviation of Certificate Authority.
4.2.2 Authentication and Distribution of WEP Key This section explains authentication (reauthentication) and the distribution of the WEP key. 4.2.2.1 Authentication Authentication starts when a radio LAN station connects to the access point. When the station connects, the access point issues a request to start authentication for that station.
4.2.2.2 Authentication type Several types of authentication are prepared. The radio LAN station and RADIUS server need to predetermine which type of authentication to use mutually. If different types of authentication are set, the authentication procedure cannot be performed and the authentication of the station fails. Whether the WEP key can be distributed depends on the authentication type. The following lists the typical types of authentication.
4.2.2.4 Reauthentication Security can be enhanced by periodically making reauthentication even after the station has passed the authentication. The reauthentication timing can be set in the following method. Making reauthentication when the WEP key is distributed Although this product has the function that periodically changes and distributes the WEP key, it can be set so that reauthentication is made at that timing. For details on the setting method, see the following section. [3.
4.2.3 Coexistence of Station Not Supporting the 802.1X Function A station that supports the 802.1X function (hereinafter called the 802.1X station) and one that does not support that function (hereinafter called a non-802.1X station) can be used together. Even when the two stations are used together, the WEP key can be distributed to the 802.1X station. In this case, however, settings must be made so that communication is performed with the specified WEP key for a non-802.1X station.
4.3 Configuration Example This section explains how to establish the 802.1X environment, giving specific examples. 4.3.1 Configuration Example (1) The environment is established, based on the following scenario. · All stations support the 802.1X function. (Windows XP is used.) · The WEP key is changed and distributed in 10 minutes. EAP-TLS is used as the authentication type. · The WEP key to be distributed is 13 bytes. · The CA uses "Certificate Services" of Windows 2000 Server.
4.3.1.3 RADIUS server Install Internet Authentication Service in MAGNA Z500. For details on Internet Authentication Service, refer to the online Help of Windows 2000. Step 1 Client setting Make client settings in the following procedure. 1. 2. 3. 4. Start [Internet authentication service] in [Administrative Tools]. Select [Client] in the [Tree] tab and press the right mouse button. Select [New Client] from the menu. Set [Friendly name]. In this example, Z300AP is set.
5. Set [Client address]. Enter the IP address of the access point and RADIUS server. In this example, 127.0.0.1 is set. Set [Shared secret]. Enter the password for communication between the access point and the RADIUS server. In this example, "my shared secret" is set. Leave the others in the default setting. End up pressing the [Complete] button. Step 2. Setting remote access policy 1. 2. 3. Select [Remote Access Policies] in the [Tree] tab and press the right mouse button.
4. 5. Add a [Conditions] by pressing the [Add] button. This example defines that this policy should be used when [Client-Friendly-Name] is “Z300AP.” Various conditions are available. For details, refer to Windows 2000 Online Help. Press the [Next] button. Select [Grant remote access permission]. Press the [Next] button.
6. Press the [Edit Profile] button and select the [Authentication] tab. Place a check mark in the [Extensible Authentication Protocol] check box. Select [Smart card or other certificates] for the EAP type. Finish the editing by pressing the OK] button. End up pressing the [Complete] button.
4.3.1.4 Access point The following is the setting procedure for the access point. Step 1 Setting the 802.1X function at the access point Make settings for the 802.1X function. The following procedure is to enable the 802.1X function. The other settings of the [Basic setting] and [Access restriction] tabs are omitted. 1. 2. 3. 4. Start the access point setting utility. Select the [WEP] tab. 802.1X group Select [Used] in the [802.1X] component box. Place a check mark in the [Distribute WEP key] check box.
4.3.1.5 Radio LAN station The following provides the setting procedure for the radio LAN station. Step 1 Certificate issuance and installation First, have the certificate organization issue a certificate and store it in the local machine. 1 2 Temporarily, have the station join the wired LAN network. Start the Internet Explorer and connect to the following URL. http://(the CA’s IP address)/certsrv Then, install the certificate according to instructions on the screen.
Step 2. Setting the 802.1X function in the radio LAN station Next, set the 802.1X function. The following procedure is to enable the 802.1X function. The other settings for the radio LAN network are omitted. For details on each item, refer to the online Help of Windows XP. 1. 2 Open [Wireless Network Connection Properties]. Select the [Authentication] tab. Place a check mark in the [Enable network access control using IEEE 802.1X] check box.
3. Select the [Use a certificate on this computer] radio button. Place a check mark in the [Validate server certificate] check box. Select a reliable certificate authority from the [Trusted root certificate authority] combo box. In this example, select the certificate authority, which was installed in MAGNIA Z500. 4.3.1.6 Check items Check whether authentication ended successfully as follows. · Check the MAGNIA Z500 application log for source name "TSASVC".
4.3.2 Configuration Example (2) Establish the environment, based on the following scenario. · Some stations are not supporting the 802.1X function. · Change and distribute the WEP key in 10 minutes. Use EAP-TLS as the authentication type. Make reauthentication when distributing the WEP key. · Set the WEP key in 13 bytes. · The CA has already been prepared. · The RADIUS has already been prepared. 4.3.2.1 Device configuration The following is the device block diagram. MAGNIA Z500 STA 802.
4.3.2.2 Access point The following is the setting procedure for the access point. Step 1 Setting the 802.1X function at the access point Make settings for the 802.1X function. The following procedure is to enable the 802.1X function. The other settings of the [Basic setting] and [Access restriction] tabs are omitted. 1. 2. 3. 4. Start the access point setting utility. Select the [WEP] tab. 802.1X group Select [Make 802.1X authentication (permit non-802.1X station to coexist] in the [802.1X] component box.
5. RADIUS group Place a check mark in the [RADIUS server 1] check box. Set a value in the [IP address] edit box. Specify the IP address of the RADIUS server. Set a value in the [Port] edit box. In this example, set 1,812. Set a value in the [Shared key] edit box. Specify the shared key that is set on the RADIUS server. Set a value in the [Time-out] edit box. In this example, set 20.
4.3.2.3 Radio LAN station The following is the setting procedure for the radio LAN station. Step 1 Setting the 802.1X station See "Configuration Example (1)." [4.3.1.5 Radio LAN station] Step 2. Setting a non-802.1X station Enable the WEP function and specify in the first key the value that is the same as that of [Key 1] set at the AP. Memo More than one WEP key cannot be set, depending on the setting utility of the radio LAN station. In this case, the radio LAN station may not be able to be connected.
5 Appendixes Appendixes
Appendix 1 SNMP Settings When you set up the Software Access Point from the remote PC, using the Access Point Configuration Utility, the SNMP Extension Agent must be active on the server (access point). The following explains the settings for SNMP for Windows NT, Windows 2000, and Linux, respectively [For Windows NT] For information on installing the SNMP Extension Agent, see the following section. [2.1.1.
[For Windows 2000] For information on installing the SNMP Extension Agent, see the following section. [2.1.1.2 For installation in Windows 2000] The following describes the settings to be made after the SNMP Extension Agent is installed. 1. 2. 3. Open [Management tool] on the Control Panel on the server (access point). Open the [Service] icon. Select [SNMP Service] from the service list and open its property. When the [Security] tab is selected, the page explained in [For Windows NT] above is displayed.
[For Linux] In order to communicate with an Access Point Configuration Utility (the Windows version), it is necessary to install SNMP Agent. SNMP Agent is installed simultaneously when the OS is installed with full installation type. The settings for communication with the Access Point Configuration Utility are as follows. 1. Access the following URL from the WEB browser. http://(server IP address)/tsb/tsb_snmp.cgi Then, the following setup page is displayed.
2. Enter a community name in the text box at the left of [Community name] and press the [Add] button. This community name is used to connect the Access Point Configuration Utility to the server (access point).
3. The access authority for the entered community name is set to "READ ONLY." When changing it to "READ WRITE," select the entered community name and select the "READ WRITE" radio button at right. 4. Lastly, press the [Apply] button to change the setting. Notice The SNMP setup page is used to update the setup page but not to change the settings during operation.
Appendix 2 Security Because it is difficult to define the communication area of a wireless LAN network because of the wireless (radio) characteristic, the definition is likely to be vague. Depending on where the equipment is installed or how the office is constructed, the network area may extend over to the outside of the site. This means that communication data leaks to the outside of the site, and illegal access from outside the site is allowed.
For the configuration, see the following chapter. [4 802.
· Communication area After the equipment is installed, it is recommended to investigate the communication-enabled area by using the station. · Security enhancement using a firewall Security can be enhanced by combining an upper-level protocol having the encryption function, such as IPSec or PPTP, and a firewall. Example of configuration using a firewall Intranet Firewall Access Point Access Point Station 1.
Appendix 3 Trouble-shooting General Problem Problem Correction Communication between wireless LAN stations is · Check whether the wireless LAN card is correctly not possible. inserted. · Check whether the driver is normally operating on the server (access point). · Check whether the station is operating in infrastructure mode. · Check whether both station and access point have the same network name (ESSID). · When WEP is enabled, check whether both station and access point have the same WEP key.
Access Point Configuration Utility Problem Correction When the Access Point Configuration Utility starts, · The utility may be incorrectly installed. Reinstall the the message "Loading of the library required for utility. communication with access point failed" is displayed. When the Access Point Configuration Utility starts, · Check whether the driver is normally operating on the message "The access point is disabled. The the server (access point).
Problem Correction When the denied MAC address is cleared in the · The access point may be busy. Wait a while and Access Point Configuration Utility, the message reexecute the utility. "The deletion of history failed" is displayed. · By using the ping command, check whether the network is disconnected. · When the network is used from the remote PC, it must be connected with a community name with writing authority.
Appendix 4 Glossary Term Explanation 802.1X IEEE standard. Port-Based Network Access Control. This protocol is to control access in units of ports. Access point Device that relays interstation communication. Usually, this device has a function that makes a bridge to a wired LAN network. Ad hoc mode In this mode, stations communicate directly with each other, not via the access point. AP Acronym of Access Point. See "Access point." Authentication Server Term defined in 802.1X.
STA Acronym of STAtion. See "Station." Term Explanation Station Wireless LAN device that conforms to IEEE 802.11. It may simply refer to a wireless LAN PC. Supplicant Term defined in 802.1X. PC with an authentication request. In this product, it corresponds to the radio LAN station. TLS Abbreviation of Transport Layer Security. Successor of SSL (Secure Socket Layer).