Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 11 Nächste Version anzeigen »


Description:
This document describes how to configure a wireless network supported by multiple LANCOM access points, where guest users have to enter their user credentials at the central gateway in order to communicate with the Internet (Public Spot).

Requirements:

The use of the device with active Public Spot as gateway and DNS server in the Public Spot network is mandatory!

The management ports for HTTP (port 80) and HTTPS (port 443) must not be changed and have to be left on the default values! Please refer to this article in our Knowledge Base (see steps 1.8) - 1.9)).

If the integrated SSL certificate is used, a warning is displayed when invoking an HTTPS website due to an unknown certificate! Please refer to this article in our Knowledge Base (see "Security notice for the SSL-HTTPS certificate"). 


Scenario:
  • After logging in to the Public Spot via the LAN and/or WLAN, guests should be able to communicate with the Internet.
  • Employees should be able to use the LAN and/or WLAN to communicate with the Internet and intranet without having to login.
  • No communication is allowed between the networks GUEST and COMPANY.
The following steps describe how to configure the central LANCOM gateway with its Public Spot option, and also the configuration of the LANCOM switch and a LANCOM access point.
To operate more than one LANCOM access point, the steps taken for the configuration can be repeated for any number of APs.


Procedure:
1) Configuring the local networks and VLANs on the gateway router:
1.1) Open the configuration of the gateway router in LANconfig and go to the menu IPv4 → General → IP networks.
1.2) In the IP networks dialog, click the Add... button to create a new network.
1.3) Change the following parameters for the GUEST network:
  • Network name: Enter a descriptive name for the guest network (in this case GUEST).
  • IP addressEnter an IP address from an IP address range which is not already in use.
  • NetmaskEnter the subnet mask which is associated with the IP address.

1.4 Die Tabelle IP-Netzwerke muss anschließend wie folgt aussehen:
1.5 Go to the menu IPv4 → DHCPv4 → DHCP networks.
1.6 Click Add to enter a new entry in the table DHCP networks.
1.7 Passen Sie folgende Parameter an:
  • Network name: In the dropdown menu select the network created in step 1.3) (in this example the network GUEST). 
  • DHCP server enabled: In the dropdown menu select Yes to activate the DHCP server.

If the address 0.0.0.0 is stored for each parameter in the configuration items Addresses for DHCP clients and Name server addresses, the router assigns its own IP address in this network as gateway and DNS server. Furthermore all free IP addresses within this network are used for assigning IP addresses. If necessary you can change the parameters.

1.8 Die Tabelle DHCP-Netzwerke muss anschließend wie folgt aussehen:
1.9 Go to the menu Interfaces → VLAN and activate the VLAN module.
1.10 Go to the menu Network table.
1.11 Select the entry Default_VLAN and click on the button Edit.
1.12 Click on the button Select next to Port list to select the interface LAN-1.

The VLAN ID 1 is assigned to the company network.

1.13 Create a new entry and change the following parameters:
  • VLAN name: Enter a descriptive name for the VLAN (in this example GUEST).
  • VLAN ID: Enter the VLAN ID 2.
  • Port list: Select the locial interface LAN-1
1.14 Die VLAN-Tabelle muss anschließend wie folgt aussehen:
1.15 Go to the menu Port table.
1.16 Select the VLAN port LAN-1: Local area network 1 and click Edit.
1.17 Change the following parameters:
  • VLAN tagging mode: Make sure that the tagging mode Hybrid (Mixed) is selected.
  • Port VLAN ID: Make sure that the VLAN ID 1 is used.

1.18 Go to the menu IPv4 → General → IP networks to add the VLAN IDs to the networks.
1.19 Select the network INTRANET and click Edit.
1.20 Enter the VLAN-ID 1 since it belongs to the network INTRANET.
1.21 Edit the network GUEST and change tje following parameters:
  • VLAN ID: Enter the VLAN ID 2.
  • Interface tag: Enter an Interface tag unequal 0, so that the communication between the network GUEST and the network INTRANET is prevented (in this example the tag 1 is used).

Networks that have been given an interface tag can only communicate with networks that share the same interface tag.

This also means that the network INTRANET, which has the interface tag 0, is able to communicate with all networks, whatever interface tag they have.

This makes it easier to access the guest network from the company network. It is not possible to communicate from the guest network to the company network.

1.22 Die Tabelle IP-Netzwerke muss anschließend wie folgt aussehen:  
1.23 The network and VLAN configuration is complete. Write the configuration back into the router.


2) Configuring the Public Spot and the RADIUS server on the gateway router
2.1 Go to the menu Public-Spot → Authentication and select the mode Authenticate with name and password.
2.2 Go to the menu Public Spot → Server → Operational settings
2.3 Go to the menu Interfaces.
2.4 Select the Interface for the Public Spot authentication (in this example the interface LAN-1), and click Edit.
2.5 Activate the User Authentication for the interface LAN-1: Local area network 1.
2.6 Go to the menu Network table to specify which VLAN ID should be used in conjunction with the Public Spot.
2.7 Click Add to create a new entry.
2.8 Select the VLAN ID 2.
2.9 Go to the menu Public Spot → Users → RADIUS server to point to the integrated RADIUS server.
2.10 Ex factory there is an entry named LOCAL. It points to the integrated RADIUS and Accounting server.

If the entry LOCAL doesn't exist, create an entry and enter any name.

Make sure that the following parameters are used:

  • Auth. server address: 127.0.0.1
  • Auth. server port: 1812
  • Acc. server address127.0.0.1
  • Acc. server port: 1813

2.11 Go to the menu Public Spot → Wizard → Public Spot SSIDs.
2.12 Create a new entry and change the following parameters:
  • SSID: Enter the SSID created in step 4.4) (in this example Guest), to print the name of the SSID on the Public Spot voucher.
  • SSID selected: Set this option to Yes, in order for the SSID to be printed on the Public Spot voucher whenever the setup wizard Create Public Spot Account is used.

2.13 Go to the menu RADIUS → Server and activate the functions RADIUS authentication and RADIUS accounting.
2.14 Go to the menu RADIUS services ports.
2.15 Make sure that the Authentication port is set to 1812 and the Accounting port to 1813.
2.16 The configuration of the Public Spot and the RADIUS server is complete. Write the configuration back into the router.


3. VLAN-Konfiguration auf dem LANCOM Switch:
3.1 Open the configuration of the LANCOM switch in a web browser and go to the menu Configuration → VLAN → VLAN Membership.
3.2. In this example the switch ports should be configured as follows:
  • LANCOM Access Point at Port 1
  • LANCOM gateway router at Port 3
  • Port 23 is used for access to the company network (192.168.0.0/24) via LAN.
  • Port 24 is used for access to the guest network (192.168.1.0/24) via LAN. The authentication is controlled via the Public Spot.
3.3 Edit the existing Default VLAN and enter the name of the network (in this example COMPANY).
3.4 Add a new VLAN via the button Add New VLAN. Enter the name of the network (in this example GUEST) and enter the VLAN ID 2.
3.5 Tick the checkboxes with the Ports 1, 3 and 24 for the VLAN GUEST.
3.6 Go to the menu Ports and nehmen Sie die Port-Konfiguration für die verwendeten Ports 1, 3, 23 und 24 vor:
  • Make sure, that the Egress Rule is set to Hybrid for the Ports 1 and 3 and that the PVID is set to 1.

  • For the Port 23 set the Egress Rule to  Access and make sure, that the PVID is set to 1.
  • For the Port 24 set the Egress Rule to  Access and make sure, that the PVID is set to 2.
3.7 The VLAN configuration of the switch is complete. Write the configuration back into the device.


4) Configuring a LANCOM access point
4.1 Go to the menu IPv4 → General → IP networks.
4.2 Assign an IP address from the company network to the Access Point (in this example the network 192.168.0.0/24) and enter the VLAN ID 1.
4.3 Go to the menu Wireless-LAN → General → Logical WLAN settings.
4.4 Create a WLAN for the company network and the guest network for each radio module and edit the encryption parameters.
WLAN interface 1 - Network 1:
Network tab:
  • Make sure, that the checkbox WLAN network enabled is ticked.
  • Enter a descriptive name for the SSID (in this example the name Comp).

Encryption tab:

  • Enter a WPA key for Key 1/passphrase. It has to be entered in WLAN devices to be able to connect to the WLAN. 

   


WLAN interface 1 - Network 2:
Network tab:
  • Make sure, that the checkbox WLAN network enabled is ticked.
  • Enter a descriptive name for the SSID (in this example the name Guest).

Encryption tab:

  • Deactivate the encryption. WLAN devices should authenticate themselves at the Public Spot via login credentials.

   


WLAN-Interface 2 - Netzwerk 1:
Network tab:
  • Make sure, that the checkbox WLAN network enabled is ticked.
  • Enter a descriptive name for the SSID (in this example the name Comp).

Encryption tab:

  • Enter the same WPA key for Key 1/passphrase you used for the interface WLAN interface 1 - Network 1
   

WLAN interface 2 - Netzwerk 2:
Network tab:
  • Make sure, that the checkbox WLAN network enabled is ticked.
  • Enter a descriptive name for the SSID (in this example the name Guest).

Encryption tab:

  • Deactivate the encryption. WLAN devices should authenticate themselves at the Public Spot via login credentials.
   
4.5 Go to the menu Interfaces → VLAN and activate the VLAN module.
4.6 Go to the menu Network table.
4.7 Select the entry Default_VLAN and click Edit.
4.8 In the Port list click Select to add the logical interfaces for the company network

If the Port list contains the wildcard *-* which stands for all logical interfaces, it is recommended to delete it and enter the interfaces which are used.

4.9 Select all logical interfaces, which should communicate via the company network (in this example the interfaces LAN-1, WLAN-1 and WLAN-2).
4.10 Create a new entry and enter the following parameters:
  • VLAN name: Enter a descriptive name for this VLAN (in this example GUAST).
  • VLAN ID: Enter the VLAN ID 2.
  • Afterwards click on Select in the Port list to add the logical interfaces for the guest network

4.11 Select all logical interfaces, which should communicate via the guest network (in this example the interfaces LAN-1, WLAN-1-2 and WLAN-2-2).

4.12 Die VLAN-Tabelle muss anschließend wie folgt aussehen:

4.13 Go to the menu Port table.
4.14 Edit the individual logical interfaces as follows:
LAN-1:
  • VLAN tagging mode: Make sure, that the tagging mode Hybrid (Mixed) is used.
  • Port VLAN ID: Make sure, that the Port VLAN ID 1 is used. 

 

WLAN-1:
  • VLAN tagging mode: In the dropdown menu select the tagging mode Access (Never).
  • Port VLAN ID: Make sure, that the Port VLAN ID 1 is used. 

WLAN-2:

  • VLAN tagging mode: In the dropdown menu select the tagging mode Access (Never).
  • Port VLAN ID: Make sure, that the Port VLAN ID 1 is used. 

    

WLAN-1-2:
  • VLAN tagging mode: In the dropdown menu select the tagging mode Access (Never).
  • Port VLAN ID: Enter the Port VLAN ID 2

WLAN-2-2:

  • VLAN tagging mode: In the dropdown menu select the tagging mode Access (Never).
  • Port VLAN ID: Enter the Port VLAN ID 2

  

4.15 Die Port-Tabelle muss anschließend wie folgt aussehen:
4.16 The configuration of the access point is complete. Write the configuration back into the device.


5. Configuring a further administrator for adding and managing Public Spot users:
5.1 Open the configuration of the gateway router in LANconfig and go to the menu Management → Admin → Further administrators.
5.2 Create a further administrator and edit the following parameters:
  • Administrator: Enter a descriptive name for the further administrator.
  • Password: Enter a password for the administrator.
  • Access rights: Select None in the dropdown menu.
  • Deactivate all Function rights except Public spot wizard (add user) and Public spot wizard (manage user), so that the further administrator is able to add and manage Public Spot users.

5.3 The configuration of the further administrator is complete. Write the configuration back into the device.


6. Adding and managing Public Spot users in Wg:
6.1 Rufen Sie die IP-Adresse des Gateway-Routers in in einem Browser auf und loggen sich mit den Login-Daten des weiteren Administrators ein (siehe Schritt 5.2).
 
6.2 In dem Menü Public-Spot-Benutzer einrichten können Sie folgende Aktionen vornehmen:
  • Erstellen Sie einen oder mehrere neue Public Spot Benutzer, indem Sie auf die Schaltfläche Anlegen und Drucken klicken.
  • Erstellen Sie einen oder mehrere neue Public Spot Benutzer, indem Sie auf die Schaltfläche Anlegen und CSV-Export klicken. Zusätzlich werden die Benutzer-Daten in eine CSV-Datei exportiert, damit diese anschließend weiter bearbeitet werden können.
  • Mit einem Klick auf die Schaltfläche Benutzerverwaltung aufrufen gelangen Sie in das Menü Public-Spot-Benutzer verwalten.

6.3 In dem Menü Public-Spot-Benutzer verwalten können Sie folgende Aktionen vornehmen:
  • Unter Spalte zeigen/verstecken können Sie einzelne Spalten ausblenden. Im Standard werden alle Spalten angezeigt.
  • Mit einem Klick auf Als CSV speichern wird eine CSV-Datei mit allen aktuell angelegten Benutzern abgespeichert.
  • Einzelne Parameter wie z.B. das Passwort oder der Ablauf-Typ können abgeändert und dann gespeichert werden.
  • Mit einem Klick auf Löschen können einzelne Benutzer gelöscht werden.
  • Mit einem Klick auf die Schaltfläche Benutzer anlegen gelangen Sie in das Menü Public-Spot-Benutzer einrichten.





  • Keine Stichwörter