Description:
Thi=
s document describes how to configure a wireless network supported by multi=
ple LANCOM access points, where guest users have to enter their user creden=
tials at the central gateway in order to communicate with the Internet (Pub=
lic Spot).
Scenario:
- After logging in to the Public Spot via the LAN and/or WLAN, gues=
ts should be able to communicate with the Internet.
- Employees should be able to use the LAN and/or WLAN to communicat=
e with the Internet and intranet without having to login.
- No communication is allowed between the guest <=
/strong>and company networks.
The following steps describe how to configure the central LANCOM gateway wi=
th its Public Spot option, and also the configuration of the LANCOM switch =
and a LANCOM access point. To operate more than one LANCOM access point, th=
e steps taken for the configuration can be repeated for any number of APs.
Procedure:
1) Configuring the local networks an=
d VLANs on the gateway router:
1.1) Open the configuration of the gateway router in LANconfig and go to th=
e menu IPv4 =E2=86=92 General =E2=86=92 IP networks.
1.2) In the IP networks dialog, click the Add=
button to create a new network.
1.3) Change the following parameters for the GUEST network=
:
- Network name: Enter a descriptive name for the guest network (in this case GUEST).
- IP address: Enter an IP address from an IP addres=
s range which is not already in use.
- Netmask: Enter the subnet mask which is =
associated with the IP address.
1.4) The table IP networks has to appear as follows a=
fterwards:
1.5) Go to the menu IPv4 =E2=86=92 =
DHCPv4 =E2=86=92 DHCP networks.
1.6) Click Add to enter a new entry in the table D=
HCP networks.
1.7) Edit the following parameters:
- Network name: In the dropdown menu select the <=
strong>network created in step 1.3) (in this=
example the network GUEST).
- DHCP server enabled: In the dropdown menu selec=
t Yes to activate the DHCP server.
1.8) The table DHCP networks has to appear as follows=
afterwards:
1.9) Go to the menu Interfaces =E2=86=92 VLAN and activate=
the VLAN module.
1.10) Go to the menu Network table.
1.11) Select the entry Default_VLAN and click on the =
Edit button.
1.12) Click on the Select button next to <=
strong>Port list to select the interface LAN-1.
1.13) Create a new entry and change the following parameters:
- VLAN name: Enter a d=
escriptive name for the VLAN (in this example GUEST=
strong>).
- VLAN ID: Enter the V=
LAN ID 2.
- Port list: Select the=
locial interface LAN-1.
1.14) The Network table has to appear as follows afte=
rwards:
1.15) Go to the menu Port table.
1.16) Select the VLAN port LAN-1: Local area =
network 1 and click Edit.
1.17) Change the following parameters:
- VLAN tagging mode: Make sure=
that the tagging mode Hybrid (Mixed) is selecte=
d.
- Port VLAN ID: Make sure=
that the VLAN ID 1 is used.
1.18) Go to the menu IPv4 =E2=86=92 General =E2=86=92 IP =
networks to add the VLAN IDs to the networks=
.
1.19) Select the network INTRANET and click Edit.
1.20) Enter the VLAN-ID 1 since it =
belongs to the company network (INTRANET)=
.
1.21) Edit the network GUEST and cha=
nge the following parameters:
- VLAN ID: Enter the VLAN ID 2.
- Interface tag: Enter an Interface tag unequal 0, so that the communication bet=
ween the network GUEST and the network INTRANET is prevented (in t=
his example the tag 1 is used).
1.22) The table IP networks has to appear as follows =
afterwards:
1.23) The network and VLAN configuration is complete. Write the configurati=
on back into the router.
2) Confi=
guring the Public Spot and the RADIUS server on the gateway router
2.1) Go to the menu Public-Spot =E2=86=
=92 Authentication and select the mode Authenticate w=
ith name and password.
2.2) Go to the menu Public Spot =E2=86=92 Server =E2=86=92 Ope=
rational settings.
2.3) Go to the menu Interfaces.
2.4) Select the Interface for the Public Spot authent=
ication (in this example the interface LAN-1), and cl=
ick Edit.
2.5) Activate the User Authentication for the interface LAN-1: Local area network 1.
2.6) Go to the menu Network table to=
specify which VLAN ID should be used in conjunction with =
the Public Spot.
2.7) Click Add to create a new entry.
2.8) Select the VLAN ID 2.
2.9) Go to the menu Public Spot =E2=86=92 Users =E2=86=92 RADI=
US server to point to the integrated RADIUS server.
2.10) Ex factory there is an entry named LOCAL. It po=
ints to the integrated RADIUS and Accoun=
ting server.
Make=
sure that the following parameters are used:
- Auth. server address: 127.0.0.1
- Auth. server port: 1=
812
- Acc. server address:
127.0.0.1
- Acc. server port: 18=
13
2.11) Go to the menu Public Spot =E2=86=92 Wizard =E2=86=
=92 Public Spot SSIDs.
2.12) Create a new entry and change the following parameters:
- SSID: Enter the SSID=
for the guest network created in =
step 4.4) (in this example Guest), t=
o print the name of the SSID on the Public Spot voucher.
- SSID selected: Set this opti=
on to Yes, in order for the SSID to be printed on the Publ=
ic Spot voucher whenever a Public Spot user is created and the voucher prin=
ted via the setup wizard Create Public Spot Account.
2.13) Go to the menu RADIUS =E2=86=92 Server and=
activate the functions RADIUS authentication and RADIUS accounting.
2.14) Go to the menu RADIUS services ports.
2.15) Make sure that the Authentication port is set to 1812 and the Accounting port to 1813=
.
2.16) The configuration of the Public Spot and the RADIUS server is complet=
e. Write the configuration back into the router.
3) Configuring the VLAN on the LANCO=
M switch:
3.1) Open the configuration of the LANCOM switch in a web browser and go to=
the menu Configuration =E2=86=92 VLAN =E2=86=92 VLA=
N Membership.
3.2) In this example the switch ports should be configured as follows:
- LANCOM Access Point at Port 1
- LANCOM gateway router at Port 3
- Port 23 is used for access to the company netw=
ork (192.168.0.0/24) via LAN.
- Port 24 is used for access to the guest n=
etwork (192.168.1.0/24) via LAN. The authen=
tication is controlled via the Public Spot.
3.3) Edit the existing Default VLAN and enter the nam=
e of the network (in this example COMPANY).
3.4) Add a new VLAN via the button Add N=
ew VLAN. Enter the name of the network (in this e=
xample GUEST) and enter the VLAN ID 2.
3.5) Tick the checkboxes with the Ports 1, 3 and 24 for th=
e VLAN GUEST.
3.6) Go to the menu Ports and edit the port configura=
tion for the p orts 1, 3, 23 and 24:
- Make sure, that the Egress Rule is set to
Hybrid for the Ports 1 and 3 and that =
the PVID is set to 1.
- For the Port 23 set the Egress Rule<=
/strong> to Access and make sure, that the=
PVID is set to 1.
- For the Port 24 set the Egress =
Rule to Access and make sure, tha=
t the PVID is set to 2.
3.7) The VLAN configuration of the switch is complete. Write the configurat=
ion back into the device.
4)=
Configuring a LANCOM access point
4.1) Go to the menu IPv4 =E2=86=92 General =E2=86=92 IP n=
etworks.
4.2) Assign an IP address from the company network to the =
Access Point (in this example the network 192.168.0.0/24) and enter th=
e VLAN ID 1.
4.3) Go to the menu Wireless-LAN =E2=86=92 General =E2=86=
=92 Logical WLAN settings.
4.4) Create a WLAN for the company network and the guest network for each radio module and edit the encryption param=
eters.
WLAN interface 1 - Network 1:
Network tab:
- Make sure, that the checkbox WLAN net=
work enabled is ticked.
- Enter a descriptive name for the SSID=
(in this example the name Comp).
Encryption tab:
- Enter a WPA key for Key 1/passphrase.=
It has to be entered in WLAN devices to be able to connect to the WLAN.&nb=
sp;
WLAN interface 1 - Network 2:
Network tab:
- Make sure, that the checkbox WLAN net=
work enabled is ticked.
- Enter a descriptive name for the SSID=
(in this example the name Guest).
Encryption tab:
- Deactivate the encryption. WLAN devices should authenticate themselves =
at the Public Spot via login credentials.
WLAN-Interface 2 - Netzwerk 1:
Network tab:
- Make sure, that the checkbox WLAN net=
work enabled is ticked.
- Enter a descriptive name for the SSID=
(in this example the name Comp).
Encryption tab:
- Enter the same WPA key for Key 1/passphra=
se you used for the interface WLAN interface 1 -=
Network 1.
&nb=
sp;
WLAN interface 2 - Netzwerk 2:
Network tab:
- Make sure, that the checkbox WLAN net=
work enabled is ticked.
- Enter a descriptive name for the SSID=
(in this example the name Guest).
Encryption tab:
- Deactivate the encryption. WLAN devices should authenticate themselves =
at the Public Spot via login credentials.
&nb=
sp;
4.5) Go to the menu Interfaces =E2=86=92 VLAN and activate=
the VLAN module.
4.6) Go to the menu Network table.
4.7) Select the entry Default_VLAN and click =
Edit.
4.8) In the Port list click Select t=
o add the logical interfaces for the company network. =
;
4.9) Select all logical interfaces, which should c=
ommunicate via the company network (in this example the interfaces=
LAN-1, WLAN-1 and WLAN-2).
4.10) Create a new entry and enter the following parameters:
- VLAN name: Enter a d=
escriptive name for this VLAN (in this example G=
UEST).
- VLAN ID: Enter the VLAN ID 2.
- Afterwards click on Select i=
n the Port list to add the logical interfaces for the guest network .
4.11) Select all l=
ogical interfaces, which should communicate via the guest =
network (in this example the interfaces LAN-1, WLAN-1-2 and WLAN-2-2).
4.12) The Network table&n=
bsp;has to appear as follows afterwards:
4.13) Go to the menu Port table.
4.14) Edit the individual logical interfaces as follows:
LAN-1:
- VLAN tagging mode: Make sure=
, that the tagging mode Hybrid (Mixed) is used.
- Port VLAN ID: Make sure, tha=
t the Port VLAN ID 1 is used.
=
WLAN-1:
- VLAN tagging mode: In the dr=
opdown menu select the tagging mode Access (Never).
- Port VLAN ID: Make sure=
, that the Port VLAN ID 1 is used.
WLAN-2:
- VLAN tagging mode: In t=
he dropdown menu select the tagging mode Access (Never).=
li>
- Port VLAN ID: Make sure=
, that the Port VLAN ID 1 is used.
=
&nb=
sp;
WLAN-1-2:
- VLAN tagging mode: In t=
he dropdown menu select the tagging mode Access (Never).=
li>
- Port VLAN ID: Enter the =
;Port VLAN ID 2.
WLAN-2-2:
- VLAN tagging mode: In t=
he dropdown menu select the tagging mode Access (Never).=
li>
- Port VLAN ID: Enter the=
Port VLAN ID 2.
=
4.15) The Port table has to appear as follows afterwa=
rds:
4.16) The configuration of the access point is complete. Write the configur=
ation back into the device.
5) Configuring a further administrat=
or for adding and managing Public Spot users:
5.1) Open the configuration of the gateway router in LANconfig and go to th=
e menu Management =E2=86=92 Admin =E2=86=92 Further =
administrators.
5.2) Create a further administrator and edit the following=
parameters:
- Administrator: Enter a descriptive name for the further administrator.
- Password: Enter a pa=
ssword for the administrator.
- Access rights: Select None in the dropdown menu.
- Deactivate all Function rights except Public spot wizard (add user) and Public=
spot wizard (manage user), so that the further administra=
tor is able to add and manage Public Spot users.
5.3) The configuration of the further administrator is com=
plete. Write the configuration back into the device.
6) Adding and managing Public Spot u=
sers in WEBconfig:
6.1) Invoke the IP address of the gateway router in a web browser and login=
with the login credentials of the further administrator (see step 5.2)).
6.2) It is possible to carry out the following actions in the menu =
Create Public Spot Account:
- Create one or several Public Spot users by cl=
icking on the button Create and Print.
- Create one or several Public Spot users by clicking on the button Create and CSV-Expor. Additionally the user d=
ata will be exported into a CSV file so that it can be processed further.=
li>
- By clicking on the button User Management you can invo=
ke the menu Manage Public Spot Account.
6.3) It is possible to carry out the following actions in the menu =
Manage Public Spot Account:
- The button Show/Hide column allows to mask individual =
columns. In the default setting all columns are displayed.
- By clicking Save as CSV a CSV file can be saved which =
contains all Public Spot users in the database.
- It is possible to change individual parameters (e.g. the Passwo=
rd or Expiry-Type) and save them=
.
- By clicking the button Delete you can delete individua=
l users.
- By clicking on the button Print you can print vouchers=
for Public Spot users after creating them.
- By clicking on the button Add user you can invoke=
the menu Create Public Spot Account.
|