Quelle anzeigen

Description:

This document describes how to set up WLAN access restrictions on a LANCOM WLAN router or access point where the MAC addresses of the authorized WLAN clients are entered into a RADIUS server.

This configuration example uses the internal RADIUS server on the LANCOM WLAN router or access point. An external RADIUS server can be used as an alternative.

Requirements:

LCOS as of version 7.80 (download latest version)
LANtools as of version 7.80 (download latest version)

Procedure:

1) Open the configuration of the LANCOM router or access point with LANconfig.

2) Switch to the menu item Wireless LAN → Stations. Here you activate the option Transfer data from the listed stations.

3) In the section Authentication via RADIUS, enter the IP address of the RADIUS server and the server port 1812.

This example uses the internal RADIUS server of the LANCOM router or access point, therefore the IP address of the localhost is entered, 127.0.0.1. If you are using an external RADIUS server, you must enter the local IP address of the external server.

If you want the shared secret to be used as the password for user accounts of authorized WLAN clients (see step 8), you can configure this here.

Using the shared secret as the password is impractical if you are using multiple access points which use different shared secrets to communicate with the RADIUS server. In this configuration example we do not use a shared secret, and instead in configuration step 8 we use the MAC address of a WLAN client as the password.

4) Switch to the menu item RADIUS server → General.

5) In the Authentication port field, enter the value 1812.

6) Click on the User table button in order to set the MAC addresses of the authorized WLAN clients in the following dialog.

7) In the field Name/MAC address, enter the MAC address of an authorized WLAN client with the following syntax: aabbcc-ddeeff.

8) In the field Password, enter the MAC address of an authorized WLAN client with the following syntax: aabbcc-ddeeff.

If you defined a shared secret in step 3, you must enter this into the password fieldinstead of the MAC address.

9) Once you have entered all authorized WLAN clients into the user table, you can write the configuration back to the LANCOM WLAN router or access point.

If you entered a shared secret in step 3, you have completed the configuration at this point.

If you did not enter a shared secret in step 3 and you entered the MAC address of the authorized WLAN clients into the password field in step 8, you must additionally perform the following configuration steps.

10) Using WEBconfig, open the configuration of the LANCOM WLAN router or access point and navigate to the menu LCOS menu tree → Setup → WLAN → RADIUS access check → Password source.

11) Change the value from Secret to MAC address and click the button Send.