ADTRAN BlueSecure Controller Instruction Manual
BlueSecure™ Controller
Setup and Administration Guide
Software Release Version: 6.5
Document Version: 6.5
Bluesocket, Inc.
10 North Avenue
Burlington, MA 01803 USA
+1 781-328-0888
http://www.bluesocket.com
ii
Copyright Notice
Copyright © 2001- 2009 Bluesocket, Inc. All rights reserved.
No part of this document may be reproduced in any form or by any means, electronic or manual, including
photocopying without the written permission of Bluesocket, Inc.
The products described in this document may be protected by one or more U.S. patents, foreign patents, or pending
patents.
This document is provided “as is” without warranty of any kind, either express or implied, including, but not limited to,
the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This publication could
include technical inaccuracies or typographical errors. Changes are periodically added to the information herein; these
changes will be incorporated in new editions of the document. Bluesocket inc. may make improvements or changes in the
products or the programs described in this document at any time.
Publication Date: December 4, 2009
Trademarks
Bluesocket, The Bluesocket Logo, Secure Mobility, BlueView, BlueSecure, DynamicRF, HighDataDensity and CellularLAN
are trademarks or registered trademarks of Bluesocket, Inc.
Bluetooth is a trademark owned by Bluetooth SIG, Inc., U.S.A. and is licensed to Bluesocket, Inc.
All other trademarks, trade names and company names referenced herein are used for identification purposes only and
are the property of their respective owners.
Caution: This product contains a lithium battery. There is a danger of explosion if the
battery is incorrectly replaced. The battery should only be replaced by the BlueSecure™
Controller manufacturer and only with same or equivalent type recommended by the
battery's manufacturer. Dispose of unused batteries according to the battery manufacturer's
instructions.
BlueSecure™ Controller Setup and Administration Guide iii
Contents
Figures ........................................................................................ x
Tables ....................................................................................... xiv
About This Guide
Audience ..........................................................................................xv
Document Organization......................................................................xv
Notational Conventions .................................................................... xvii
Related Documentation ..................................................................... xvii
Terminology .................................................................................... xvii
Chapter 1
An Overview of the BlueSecure Controller
An Introduction to the BlueSecure WLAN Solution ................................ 1-2
User Authentication....................................................................... 1-2
RADIUS Accounting and Hotspot Support ........................................ 1-2
Role-based Authorization ............................................................... 1-3
Remote Management .................................................................... 1-3
Scalability.................................................................................... 1-3
Intrusion Detection and Worm Protection ......................................... 1-3
BlueSecure Access Points ............................................................... 1-3
RF Management ........................................................................... 1-4
RF Intrusion Detection/RF Containment ............................................ 1-4
VoIP Protocols/VoWLAN Support ................................................... 1-5
Secure Mobility® MatriX ............................................................... 1-5
The BlueSecure WLAN Solution End-user Experience ............................ 1-5
Transparent Authentication............................................................. 1-5
Web-based User Logins................................................................. 1-6
BlueSecure Controller Models ............................................................ 1-7
Bluesocket BSC-2200/3200/5200 ................................................ 1-7
Bluesocket BSC-2100 .................................................................... 1-8
Bluesocket BSC-1200 .................................................................... 1-8
Bluesocket BSC-600 ...................................................................... 1-8
Bluesocket BSC Model Specifications .............................................. 1-9
Typical BlueSecure WLAN Solution Network Configurations................ 1-10
Single BSC Configuration ............................................................ 1-10
Multiple BSCs............................................................................. 1-11
Failover BSCs............................................................................. 1-11
Chapter 2
Installation
Overview of the Installation Procedure ................................................ 2-2
Safety Precautions ............................................................................ 2-2
BSC-2200/3200/5200 Displays, Controls, and Connectors................. 2-4
iv
Contents
BSC-2100 Displays, Controls, and Connectors .................................... 2-5
BSC-1200 Displays, Controls, and Connectors .................................... 2-6
BSC-600 Controls and Connectors ..................................................... 2-8
Preparing Your Network ................................................................... 2-9
Environmental, Rack, Space, and Power Requirements........................ 2-10
Mounting the BlueSecure Controller Chassis ...................................... 2-10
BSC-600/BSC-1200 Desktop Mounting ........................................ 2-10
BSC-2100 and BSC-2200/3200/5200 Desktop Mounting ............. 2-11
Rack-mounting the BlueSecure Controller........................................ 2-12
Connecting the BlueSecure Controller to Your Network ....................... 2-13
Connecting the BSC to its Power Source............................................ 2-13
Powering Down Your BSC............................................................... 2-14
Enabling Power over Ethernet on the BSC-600 and BSC-1200............. 2-14
LED Run Time Mode for BSC-600 and BSC-1200 ............................... 2-15
Basic POE LED Functionality for BSC-600 and BSC-1200.................... 2-15
Chapter 3
Administrator Console
Logging Into the Administrator Console for the First Time....................... 3-2
Logging Out of the Administrator Console........................................ 3-3
Using and Managing Administrator Accounts ...................................... 3-3
Adding a New Administrator Account............................................. 3-4
Changing an Administrator Password.............................................. 3-5
Changing Your Login Password...................................................... 3-6
Deleting Administrator Accounts ..................................................... 3-6
Installing the Bluesocket SSL Certificate ............................................... 3-6
An Overview of the Tabs on the Console............................................. 3-8
Read-only Pages (Replication Nodes only) ....................................... 3-9
Obtaining Online Help ..................................................................... 3-9
Site Map ....................................................................................... 3-10
Error Checking on Page Forms......................................................... 3-11
Using Command Buttons and Icons................................................... 3-11
Sorting and Filtering Table Data....................................................... 3-12
Customizing the Presentation of Table Data ....................................... 3-12
Paging Through Data...................................................................... 3-13
Console Fonts ................................................................................ 3-13
Downloading Administrator Console Data......................................... 3-14
Entering IP Addresses and Fully Qualified Domain Names .................. 3-14
Restarting the BSC to Activate Configuration Information..................... 3-15
Chapter 4
Networks
Defining the BSC Protected Physical Interface....................................... 4-2
Creating a VLAN on the Protected Side (Optional)............................ 4-5
Configuring a Protected Virtual Interface (Optional) .......................... 4-7
Configuring the BSC Managed Interface ............................................. 4-7
Configuring Wireless Client IP Address Assignment .......................... 4-9
Creating a VLAN on the Managed Side of Your Network................ 4-17
Configuring a Managed Remote Subnet ........................................ 4-19
Configuring a Managed Virtual Interface....................................... 4-23
Configuring the Admin Interface....................................................... 4-24
Configuring Failover Parameters ...................................................... 4-25
Normal Operation ...................................................................... 4-26
Failover State ............................................................................. 4-26
Contents
BlueSecure™ Controller Setup and Administration Guide v
Recovery State............................................................................ 4-26
Configuring the Primary BSC........................................................ 4-26
Completing the Failover Setup...................................................... 4-28
Configuring Static Routes ................................................................ 4-28
Configuring Multicast Routing .......................................................... 4-30
Configuring AppleTalk Routing ........................................................ 4-31
AppleTalk Networks: Key Concepts .............................................. 4-31
Configuration Procedure.............................................................. 4-33
Chapter 5
Authentication Using Internal Database
Local BSC User Authentication ........................................................... 5-2
Creating/Editing/Deleting a Local User Account.................................. 5-2
Defining MAC Address Authentication ................................................ 5-5
Chapter 6
Authentication Using External Servers
An Overview of External User Authentication....................................... 6-2
RADIUS Authentication...................................................................... 6-2
LDAP/Active Directory Authentication ................................................. 6-6
SIP2 Authentication ........................................................................ 6-10
NTLM Authentication ...................................................................... 6-12
Transparent NTLM Authentication..................................................... 6-14
Transparent 802.1x Authentication................................................... 6-17
The BSC Internal 802.1x Authentication Server .................................. 6-19
Kerberos Authentication .................................................................. 6-23
Cosign Authentication..................................................................... 6-24
Pubcookie Authentication ................................................................ 6-27
CAS Authentication ........................................................................ 6-30
iPass Client Authentication............................................................... 6-32
Transparent Certificate Authentication............................................... 6-32
Testing an External Authentication Server .......................................... 6-34
Chapter 7
RADIUS Accounting
Defining a RADIUS Accounting Server ................................................ 7-2
Attributes Sent to External RADIUS Accounting Server by BSC................ 7-3
Chapter 8
Roles and Role Elements
Defining User Roles to Enforce Network Usage Policies......................... 8-2
An Overview of Roles ....................................................................... 8-2
An Example of Role-based Authorization............................................. 8-2
Role Inheritance ............................................................................... 8-3
Defining a Role ................................................................................ 8-4
Modifying a Role ........................................................................... 8-10
Creating Role Elements ................................................................... 8-10
Creating Destinations and Destination Groups ................................... 8-10
Creating a Single Device Destination ............................................ 8-11
Creating a Network Space Destination.......................................... 8-12
Creating Destination Groups ........................................................ 8-12
Creating Network Services and Services Groups................................ 8-13
Creating a Network Service......................................................... 8-14
Creating Network Service Groups ................................................ 8-16
Creating Schedules and Schedule Groups ......................................... 8-17
vi
Contents
Creating a Schedule ................................................................... 8-17
Creating Schedule Groups........................................................... 8-19
Creating Locations and Location Groups ........................................... 8-19
Creating a User Location ............................................................. 8-20
Creating User Location Groups..................................................... 8-20
Chapter 9
Voice Over WLAN Support
Configuring General VoWLAN Settings .............................................. 9-2
Configuring Vendor-specific IP Phone Support...................................... 9-2
Configuring VoWLAN QoS ............................................................... 9-3
Chapter 10
General BSC Operational Settings
HTTP Server Settings ....................................................................... 10-2
Intrusion Detection System ............................................................... 10-5
Configuration Procedure.............................................................. 10-7
SNMP Agent ................................................................................. 10-8
Automatic Backup of the BSC Database ............................................ 10-9
System Time and Date Settings....................................................... 10-10
Mail Server Access....................................................................... 10-11
Public Access Networks ................................................................ 10-12
Event Logging and Connection Tracking.......................................... 10-14
Threshold Values .......................................................................... 10-17
Domain Name System (DNS) Settings ............................................. 10-18
Digital Certificates........................................................................ 10-20
Overview................................................................................. 10-20
How the BSC Uses Certificates ................................................... 10-20
Configuring External Server Authentication Over SSL .................... 10-21
Requesting and Installing an IPSec Authentication Certificate.......... 10-22
Miscellaneous BSC Options........................................................... 10-24
Chapter 11
Web Logins
Customizing the User Login Page ..................................................... 11-2
The Appearance of the User Login Page ........................................ 11-2
Customizing the Login Form and HTML Body of Login Page ............. 11-3
Customizing the Right Side of the User Login Page.......................... 11-6
Redirecting Clients to an External Server for Authentication ............ 11-10
Configuring Hotspot Account Generation..................................... 11-10
Uploading Image/Media Files for the User Login Page ..................... 11-17
Translating User Login Pages ......................................................... 11-18
Defining a User Login Page Language......................................... 11-20
Editing a User Login Page Language ........................................... 11-22
Installing a Custom SSL Login Certificate ......................................... 11-22
Requesting a Certificate............................................................. 11-23
Uploading a Replacement SSL Certificate You Already Have.......... 11-25
Recovering the Private Key......................................................... 11-26
Renewing a Custom SSL Certificate ............................................. 11-27
Installing a Wildcard (*) SSL Certificate on Multiple BSCs.............. 11-28
Chapter 12
BlueSecure Access Points
Overview ...................................................................................... 12-2
RF Management ......................................................................... 12-3
Contents
BlueSecure™ Controller Setup and Administration Guide vii
RF Intrusion Detection/RF Containment .......................................... 12-3
Deploying BSAPs on the Same Layer-2 Subnet as the BSC................... 12-3
Deploying BSAPs with Layer-3 Connectivity to the BSC........................ 12-4
How a BSAP Discovers BSCs ........................................................... 12-5
How a BSAP Selects a Home BSC .................................................... 12-6
Uploading BSAP Firmware Files ....................................................... 12-6
Configuring Global Miscellaneous Non-Radio Settings........................ 12-8
Configuring Global Radio Settings ................................................. 12-10
802.11b/g/n Radio Configuration............................................. 12-10
802.11a/n Radio Configuration ................................................ 12-18
Editing Settings for an Individual BSAP............................................ 12-19
Creating SSIDs............................................................................. 12-20
BSAP Authentication Options ..................................................... 12-20
BSAP Data Encryption Options ................................................... 12-21
SSID Configuration Procedure .................................................... 12-22
Creating BSAPs............................................................................ 12-24
Enabling BSAP Service.................................................................. 12-26
Displaying Configured BSAPs ........................................................ 12-29
Chapter 13
RF Intrusion Detection and Containment
Identifying Authorized RF Stations on Your Network ........................... 13-2
Configuring RF Alarms.................................................................... 13-3
Configuring Manual Containment .................................................... 13-6
Configuring Autocontainment........................................................... 13-6
Chapter 14
Secure Mobility® MatriX
An Overview of the Secure Mobility MatriX ....................................... 14-2
Reasons for Deploying a Secure Mobility MatriX ............................ 14-2
General Configuration Procedure ................................................. 14-3
Secure Mobility® ........................................................................... 14-3
How Secure Mobility Works ........................................................ 14-4
Network Requirements................................................................. 14-5
Step 1: Designate and Set Up the Mobility Node List Master............ 14-6
Step 2: Create a List of Nodes ..................................................... 14-7
Step 3: Set Up Secure Mobility® on the Nodes .............................. 14-8
Step 4: Restart Services on the Mobility Master and All Nodes ......... 14-9
Tracking Secure Mobility Status .................................................... 14-9
Enabling VLAN Roaming Across LSG BSCs.................................. 14-10
Replication .................................................................................. 14-10
A Comparison of Standard and Cascaded Replication.................. 14-11
Step 1: Set Up Replication on the Master..................................... 14-12
Step 2: Create a List of Replication Nodes on Master.................... 14-12
Step 3: Set Up Replication on the Nodes ..................................... 14-13
Step 4: Set Up Cascaded Replication (More than Ten BSCs) .......... 14-14
Step 5: Restart Services on the Master and All Nodes ................... 14-15
Configuring a Replication Override............................................. 14-15
Tracking Replication Status ........................................................ 14-16
Load Sharing ............................................................................... 14-17
Typical Configuration ................................................................ 14-17
Network Requirements............................................................... 14-18
Configuring BSC Load Sharing (Single Subnet, NAT Enabled)........ 14-18
Configuring BSC Load Sharing (No NAT) .................................... 14-22
viii
Contents
Verifying Your Load Sharing Configuration .................................. 14-23
Chapter 15
Status
Monitoring Active User Connections ................................................. 15-2
Displaying Active User Status ....................................................... 15-2
Forcing a User Logout ................................................................. 15-3
Monitoring a User’s IDS Status ..................................................... 15-3
Monitoring Connected Access Points............................................. 15-4
Monitoring RF IDS Alarms............................................................ 15-6
Monitoring Devices in RF Autocontainment..................................... 15-7
Monitoring User Connections Graphically...................................... 15-7
Viewing the BSC Event Log............................................................ 15-10
Displaying a BSC Status Summary.................................................. 15-11
Displaying BSC Secure Mobility® Status ......................................... 15-12
Displaying Load Sharing Status ...................................................... 15-12
Displaying Power over Ethernet (PoE) Status..................................... 15-13
Generating and Displaying BSC Reports ......................................... 15-13
Using Pre-defined Report Definitions ............................................ 15-14
Creating a Custom Report Definition ........................................... 15-14
Creating a BSC Report .............................................................. 15-15
Displaying or Delivering a Report ............................................... 15-16
Performing Standard Network Diagnostic Tests ................................ 15-17
Capturing Network Traffic Data ..................................................... 15-20
Chapter 16
Maintenance
Restarting, Rebooting, and Shutting Down the BSC............................. 16-2
Configuration Backup and Restore.................................................... 16-2
Backup...................................................................................... 16-3
Restore ...................................................................................... 16-3
Show Tech ................................................................................. 16-4
Resetting the BSC to its Default Settings ......................................... 16-4
Save DHCP Leases...................................................................... 16-5
Export Firewall Policies................................................................ 16-5
Export BSAP-1840 Licenses.......................................................... 16-6
Upgrading to a New Version of Runtime Software.............................. 16-6
Upgrading a Single BSC Network ................................................ 16-6
Upgrading Multiple BSCs in a Replication Configuration ................. 16-7
Upgrading a Failover BSC Configuration....................................... 16-8
Software Patches............................................................................ 16-8
Installing a Patch ........................................................................ 16-8
Uninstalling a Patch .................................................................... 16-9
Switching Between BSC Runtime Software Versions ............................ 16-9
Exporting and Importing BSC Bulk Data Files ................................... 16-10
Exporting Data Files .................................................................. 16-10
Importing Data Files .................................................................. 16-11
Exporting BSC Log Records ........................................................... 16-12
Licenses ...................................................................................... 16-12
BlueProtect ............................................................................... 16-13
BSC ........................................................................................ 16-13
BSAP 1840.............................................................................. 16-14
Appendix A
An Overview of Virtual LANs
Contents
BlueSecure™ Controller Setup and Administration Guide ix
LANs vs. VLANs ............................................................................... A-2
Tagging Formats .............................................................................. A-2
The Bluesocket BSC VLAN Implementation........................................... A-2
Pass-Through VLANs ..................................................................... A-3
Termination VLANs ....................................................................... A-3
Initiation/Switched VLANs ............................................................. A-4
Enforcing Network Usage Policies with VLANs..................................... A-5
Appendix B
Provisioning Network DHCP Servers to Support BSAPs
Overview ........................................................................................ B-2
Provisioning a Microsoft DHCP Server ................................................ B-2
Provisioning an Internet Systems Consortium (ISC) DHCP Server............. B-6
Configuring a Cisco IOS DHCP Server................................................ B-7
Appendix C
Endpoint Scanning
Overview ........................................................................................ C-2
About Rules ..................................................................................... C-2
Client Browser Requirements..............................................................C-3
Java Agent ......................................................................................C-3
Agent Platform Support..................................................................C-3
Applet Loader Page ......................................................................C-4
Entering BlueProtect License on the BSC’s Manage License Page ............C-4
Configuring Landing Page Text ..........................................................C-4
Creating a BlueProtect Policy .............................................................C-5
Remediation ....................................................................................C-8
Assigning a BlueProtect Policy to a User Role.......................................C-9
Mobility Matrix ................................................................................C-9
Client Examples ...............................................................................C-9
Appendix D
Serial Port Access to Essential Functions
Listing of Accessible Functions............................................................ D-2
Access Procedure ............................................................................. D-2
Appendix E
Contacting Bluesocket, Inc.
Obtaining Technical Support ............................................................. E-2
Contacting Bluesocket Customer Support............................................. E-2
x
Contents
Figures
Figures x
Figure 1-1: The Role of the Bluesocket BSC in a Wireless LAN ............................ 1-2
Figure 1-2: The Bluesocket Secure Mobility MatriX Architecture........................... 1-5
Figure 1-3: A Sample BSC User Login Page...................................................... 1-6
Figure 1-4: Bluesocket BSC-5200 .................................................................... 1-7
Figure 1-5: Bluesocket BSC-2100 .................................................................... 1-8
Figure 1-6: Bluesocket BSC-1200 .................................................................... 1-8
Figure 1-7: Bluesocket BSC-600 ...................................................................... 1-9
Figure 1-8: Failover BSCs............................................................................. 1-11
Figure 1-9: Failover within a BSC Pair ........................................................... 1-12
Figure 1-10: Recovery of the Failed BSC .......................................................... 1-12
Figure 2-1: BSC-2200/3200/5200 Displays, Controls, and Connectors ............. 2-4
Figure 2-2: BSC-2100 Displays, Controls, and Connectors ................................. 2-5
Figure 2-3: BSC-1200 Displays, Controls, and Connectors ................................. 2-7
Figure 2-4: BSC-600 LEDs, Controls, and Connectors ........................................ 2-8
Figure 2-5: Attaching a Rubber Pad to a BSC-2100/5200 Bumper ................... 2-11
Figure 2-6: Attaching the BSC-2100/5200 Chassis Desktop Bumper................. 2-11
Figure 2-7: Attaching the BSC-2100/5200 Chassis Cap ................................. 2-12
Figure 2-8: Attaching the Mounting Brackets to the BSC Chassis ....................... 2-12
Figure 2-9: Location of BSC-600 PoE Power Supply Connector ......................... 2-15
Figure 3-1: BSC Administrator Login Page........................................................ 3-2
Figure 3-2: The BSC Administrator Console ...................................................... 3-3
Figure 3-3: New Admin User Page.................................................................. 3-5
Figure 3-4: Changing Your Login Password...................................................... 3-6
Figure 3-5: Security Certificate Alert ................................................................ 3-7
Figure 3-6: SSL Certificate Dialog.................................................................... 3-7
Figure 3-7: Navigating the Administrator Console ............................................. 3-8
Figure 3-8: Site Map ................................................................................... 3-10
Figure 3-9: Customizing the Presentation of Table Data.................................... 3-13
Figure 3-10: Using the Pop Up List Feature ....................................................... 3-15
Figure 4-1: Edit Protected Interface (eth0) Page ................................................. 4-2
Figure 4-2: Link Aggregation Interfaces on the BSC-5200 .................................. 4-5
Figure 4-3: Create a Protected VLAN Page....................................................... 4-6
Figure 4-4: Create a Protected Virtual Interface Page......................................... 4-7
Figure 4-5: Edit Managed Interface (eth1) Page ................................................ 4-8
Figure 4-6: Completed DHCP Relay Options................................................... 4-10
Figure 4-7: Enabling the BSC DHCP Server .................................................... 4-12
Figure 4-8: DHCP Settings for Managed Interface (eth1) Page .......................... 4-13
Figure 4-9: Fixed IP Address Assignments for Wireless Clients .......................... 4-16
Figure 4-10: NAT Settings for Managed Interface Page ..................................... 4-17
Figure 4-11: Create a Managed VLAN Page.................................................... 4-18
Figure 4-12: A Sample Managed Remote Subnet.............................................. 4-19
Figure 4-13: Create a Managed Remote Subnet Page ....................................... 4-20
Figure 4-14: DHCP Settings for New Managed Remote Subnet Page................... 4-21
Figure 4-15: Create a Managed Virtual Interface Page ...................................... 4-23
Figure 4-16: Edit Admin Interface Page............................................................ 4-25
Figure 4-17: Failover - Normal State................................................................ 4-26
Figure 4-18: Failover - Failover State ............................................................... 4-27
Figure 4-19: Failover - Recovery State.............................................................. 4-27
Figure 4-20: Edit Failover (Eth2) Page.............................................................. 4-28
Figure 4-21: Sample BSC Routing Table........................................................... 4-29
Figure 4-22: Create a Static Route Entry........................................................... 4-29
Contents
BlueSecure™ Controller Setup and Administration Guide xi
Figure 4-23:
Admin Interface in Network Routing Table ..................................... 4-30
Figure 4-24: Enabling Multicast Routing ........................................................... 4-31
Figure 4-25: Enabling AppleTalk Routing ......................................................... 4-33
Figure 5-1: New Local User Page.................................................................... 5-3
Figure 5-2: New MAC Device Page ................................................................ 5-5
Figure 6-1: New RADIUS Server Page ............................................................. 6-3
Figure 6-2: New LDAP/Active Directory Server Page......................................... 6-7
Figure 6-3: New SIP2 Server Page ................................................................ 6-11
Figure 6-4: New NTLM Server Page .............................................................. 6-12
Figure 6-5: New Transparent NTLM Windows Server Page .............................. 6-15
Figure 6-6: User Authentication in an 802.1x Environment ............................... 6-17
Figure 6-7: New Transparent 802.1x Server Page .......................................... 6-18
Figure 6-8: Edit the Local 802.1x Server Page ................................................ 6-20
Figure 6-9: New Kerberos Server Page.......................................................... 6-23
Figure 6-10: New Cosign Server Page ............................................................ 6-25
Figure 6-11: New Pubcookie Server Page ........................................................ 6-28
Figure 6-12: New CAS Server Page ................................................................ 6-30
Figure 6-13: Enabling Transparent Certificate Authentication.............................. 6-33
Figure 6-14: External Authentication Server Test Page........................................ 6-35
Figure 7-1: New RADIUS Accounting Page ...................................................... 7-2
Figure 8-1: Role-based Authorization for a Registered User ................................ 8-3
Figure 8-2: Role-based Authorization for an Unregistered User ........................... 8-3
Figure 8-3: Create a Role Page....................................................................... 8-5
Figure 8-4: Enabling Machine Authentication on Windows Zero-Config Supplicant8-7
Figure 8-6: Mapping Role Placement Based on Username.................................. 8-8
Figure 8-7: Successful Machine Authentication.................................................. 8-8
Figure 8-8: Successful User Login .................................................................... 8-8
Figure 8-9: Failed User Login because Machine Authentication Failed ................. 8-8
Figure 8-10: Log Message upon Failure ............................................................. 8-8
Figure 8-5: Enabling Prerequisite Machine Authentication Role ........................... 8-8
Figure 8-11: Create a (Destination) Host Page .................................................. 8-11
Figure 8-12: Create a (Destination) Network Page ............................................ 8-12
Figure 8-13: Create a (Destination) Group Page ............................................... 8-13
Figure 8-14: Create a Service Page................................................................. 8-15
Figure 8-15: Create a (Service) Group Page..................................................... 8-17
Figure 8-16: Create a Schedule Page .............................................................. 8-18
Figure 8-17: Create a (Schedule) Group Page .................................................. 8-19
Figure 8-18: Create a User Location Page........................................................ 8-20
Figure 8-19: Create a (Location) Group Page ................................................... 8-21
Figure 9-1: VoWLAN General Settings Page .................................................... 9-2
Figure 9-2: IP Phones Settings Page ................................................................. 9-2
Figure 10-1: HTTP Settings Page ..................................................................... 10-2
Figure 10-2: BSC IDS Host State Model ........................................................... 10-6
Figure 10-3: Intrusion Detection System Settings Page........................................ 10-8
Figure 10-4: SNMP Settings Page ................................................................... 10-9
Figure 10-5: Auto Backups Page ................................................................... 10-10
Figure 10-6: BSC Time Settings Page............................................................. 10-11
Figure 10-7: BSC Email Settings Page............................................................ 10-12
Figure 10-8: Public Access Settings Page ....................................................... 10-12
Figure 10-9: Logging Settings Page ............................................................... 10-15
Figure 10-10: Thresholds Page ....................................................................... 10-17
Figure 10-11: DNS Proxy Page....................................................................... 10-19
Figure 10-12: Certificate Management Page .................................................... 10-21
Figure 10-13: IPSec Certificate Signing Request Generation Page ....................... 10-23
xii
Contents
Figure 10-14: IPSec CSR Generated Page........................................................ 10-23
Figure 10-15: Miscellaneous Settings Page ...................................................... 10-24
Figure 11-1: Default User Login Page .............................................................. 11-2
Figure 11-2: Elements of the User Login Page You Can Customize ...................... 11-3
Figure 11-3: Create New Custom Login Page................................................... 11-4
Figure 11-4: Custom Login Page - Edit HTML .................................................... 11-7
Figure 11-5: Custom Login Page - Edit Redirection........................................... 11-10
Figure 11-6: Create New Account Link .......................................................... 11-11
Figure 11-7: Sample Account Selections Page ................................................ 11-12
Figure 11-8: Hotspot Account Generation Page .............................................. 11-14
Figure 11-9: Friends and Family Freespot....................................................... 11-16
Figure 11-10: Guest DNA .............................................................................. 11-17
Figure 11-11: File Uploads Page..................................................................... 11-18
Figure 11-12: Create a User Login Page Language Page ................................... 11-20
Figure 11-13: SSL Certificate Generation Page ................................................. 11-23
Figure 11-14: SSL CSR Generated Page .......................................................... 11-24
Figure 11-15: Uploaded Certificate................................................................. 11-25
Figure 11-16: Certificate Management Page .................................................... 11-25
Figure 11-17: SSL Certificate Generation Page ................................................. 11-27
Figure 12-1: BSAPs Automatically Discover BSCs Across L2/L3 Networks ............ 12-2
Figure 12-2: Deploying BSAPs on the Same Layer-2 Subnet as the BSC ............... 12-4
Figure 12-3: Deploying BSAPs Across a Routed Network ................................... 12-4
Figure 12-4: AP Firmware Page ...................................................................... 12-6
Figure 12-5: Edit AP Firmware Page ................................................................ 12-7
Figure 12-6: Edit AP System Settings - Global Page ........................................... 12-8
Figure 12-7: Edit 802.11b/g/n Settings - Global Page ................................... 12-13
Figure 12-8: Edit 802.11a/n Settings - Global Page ....................................... 12-18
Figure 12-9: Create new SSID Page .............................................................. 12-22
Figure 12-10: Create New AP Page ................................................................ 12-25
Figure 12-11: Enable BSAP Service Page......................................................... 12-26
Figure 12-12: Configured BSAPs Page ............................................................ 12-29
Figure 13-1: Create new Station Page ............................................................. 13-2
Figure 13-2: Configured BSAP Sensor Alarms................................................... 13-5
Figure 13-3: Alarm Configuration Page ........................................................... 13-6
Figure 13-4: Autocontainment Configuration Page ............................................ 13-7
Figure 14-1: The Bluesocket Secure Mobility MatriX Architecture......................... 14-2
Figure 14-2: Secure Mobility: Phase 1 ............................................................. 14-4
Figure 14-3: Secure Mobility: Phase 2 ............................................................. 14-4
Figure 14-5: Secure Mobility: Phase 4 ............................................................. 14-5
Figure 14-4: Secure Mobility: Phase 3 ............................................................. 14-5
Figure 14-6: BSC Interface Requirements for Secure Mobility® ........................... 14-6
Figure 14-8: Edit the Secure Mobility Node Page.............................................. 14-7
Figure 14-7: BSC Secure Mobility Setup Page .................................................. 14-7
Figure 14-9: BSC Secure Mobility Setup Page .................................................. 14-8
Figure 14-10: Standard and Cascaded Replication Configurations ..................... 14-11
Figure 14-11: Configuring Replication on the Master BSC.................................. 14-12
Figure 14-12: Create a Node Page................................................................. 14-13
Figure 14-13: Configuring Replication on a Node BSC ..................................... 14-14
Figure 14-15: BSC Replicated Data Override Page ........................................... 14-15
Figure 14-14: Configuring a Replication Master/Node...................................... 14-15
Figure 14-16: A Typical Load Sharing Configuration......................................... 14-17
Figure 14-17: Load Sharing Nodes Page ......................................................... 14-19
Figure 14-18: Defining LSG Member Settings ................................................... 14-20
Figure 14-19: Configuring Load Sharing on the Master ..................................... 14-21
Contents
BlueSecure™ Controller Setup and Administration Guide xiii
Figure 14-20: Configuring Load Sharing on a Node ......................................... 14-22
Figure 14-21: Verifying the Protected Interface Address Settings ......................... 14-24
Figure 14-22: Load Sharing Setup on the Load Sharing Master........................... 14-24
Figure 14-25: Status Summary for an Operational LSG...................................... 14-25
Figure 14-26: Status Summary for a Load Sharing Failover Event ........................ 14-25
Figure 14-23: Load Sharing Setup on the Load Sharing Node ............................ 14-25
Figure 14-24: Verifying the Load Sharing Failover Event .................................... 14-25
Figure 15-1: Active Connections Page ............................................................. 15-2
Figure 15-2: Monitoring Connected Access Points............................................. 15-4
Figure 15-3: Displaying Detailed Access Point Information ................................. 15-5
Figure 15-4: Received Sensor Alarms .............................................................. 15-6
Figure 15-6: A Sample Graphical Monitor Display............................................ 15-8
Figure 15-5: Contained Devices Page.............................................................. 15-8
Figure 15-7: Filter Users Dialog....................................................................... 15-9
Figure 15-8: BSC Event Log Page.................................................................. 15-10
Figure 15-9: BSC Summary Page .................................................................. 15-11
Figure 15-10: Load Sharing Status Summary .................................................... 15-13
Figure 15-11: Power over Ethernet (PoE) Status Summary................................... 15-13
Figure 15-12: Create a Report Definition Page ................................................. 15-14
Figure 15-13: Create a Report Page................................................................ 15-15
Figure 15-14: Reports Page............................................................................ 15-16
Figure 15-15: Task Execution Menu Page ........................................................ 15-18
Figure 15-16: Traffic Capture Page ................................................................. 15-20
Figure 16-1: BSC Restart Page........................................................................ 16-2
Figure 16-2: BSC Configuration Backup and Restore Page (Backup).................... 16-3
Figure 16-3: BSC Configuration Backup and Restore Page (Restore).................... 16-4
Figure 16-4: Restore Default Settings Dialog ..................................................... 16-5
Figure 16-5: BSC Update Page....................................................................... 16-7
Figure 16-6: Manage Patches for BSC Page..................................................... 16-9
Figure 16-7: BSC Switch Tool Page ............................................................... 16-10
Figure 16-8: BSC Bulk Export Page ............................................................... 16-10
Figure 16-9: BSC Bulk Export Page ............................................................... 16-11
Figure 16-10: Confirm Import Page ................................................................. 16-11
Figure 16-11: BSC Log Record Export Page ..................................................... 16-12
Figure 16-12: Manage Licenses page.............................................................. 16-13
Figure 16-13: BSAP 1840 Possible Models ...................................................... 16-14
Figure A-1: Sample VLANs ............................................................................. A-2
Figure A-2: A Pass-through VLAN .................................................................... A-3
Figure A-3: A Termination VLAN ..................................................................... A-3
Figure A-4: An Initiation VLAN ........................................................................ A-4
Figure B-1: Deploying BSAPs Across a Routed Network ..................................... B-2
Figure B-3: Entering DHCP Vendor Class Information......................................... B-3
Figure B-2: Defining the BSAP Vendor Class..................................................... B-3
Figure B-4: The BSAP Vendor Class is Now Listed ............................................. B-4
Figure B-5: The Predefined Options and Values Dialog ...................................... B-4
Figure B-6: The Option Type Dialog ................................................................ B-4
Figure B-7: Configuring Scope Options............................................................ B-5
Figure B-8: The Scope Options Dialog ............................................................. B-5
Figure B-9: The Defined Scope Option............................................................. B-6
Figure C-1: HTTP Settings Page - BlueProtect Endpoint Scanning..........................C-5
Figure C-2: Edit BlueProtect Policy ...................................................................C-7
Figure C-3: Client Display when Required Products Not Installed ....................... C-10
Figure C-4: Overriding a Client Role.............................................................. C-10
Figure D-1: Recommended Null-modem Serial Cable Pinout................................ D-3
xiv
Contents
Tables
Table 1-1: Bluesocket BSC Model Specifications .............................................. 1-9
Table 2-1: BSC-1200 Status LEDs................................................................... 2-7
Table 2-2: BSC-600 Status LEDs..................................................................... 2-8
Table 3-1: Administrator Console Command Buttons and Icons........................ 3-11
Table 3-2: Sorting and Filtering Administrator Console Table Data ................... 3-12
Table 3-3: Administrator Console Page Controls ............................................ 3-13
Table 3-4: Administrator Console Font Controls.............................................. 3-13
Table 7-1: RADIUS Accounting Attributes Sent from the BSC.............................. 7-3
Table 11-1: Required Authorize.net Settings .................................................. 11-12
Table 13-1: BSAP Sensor Alarms ................................................................... 13-3
Table 15-1: Report Display and Delivery Icons............................................... 15-17
BlueSecure™ Controller Setup and Administration Guide xv
About This Guide
The
BlueSecure™ Controller Setup and Administration Guide
provides
complete instructions for installing, powering up, configuring, and managing
the BlueSecure Controller. This section introduces the document and describes:
•Audience
• Document Organization
• Notational Conventions
• Related Documentation
• Terminology
Audience
The
BlueSecure™ Controller Setup and Administration Guide
is written for
network administrators who will physically install and power up the BlueSecure
Controller (BSC), and then use its HTML-based administrator interface to
configure the Controller for use in their network.
We assume our audience is knowledgeable of and has experience
administering switches, routers, or similar computer hardware.
Document Organization
The information in this guide is organized as follows:
•Chapter1,
"An Overview of the BlueSecure Controller"
, describes
BlueSecure Controller features and functions and provides an overview of
how the Controller can be used to secure and manage 802.11 wireless
networks.
•Chapter2,
"Installation"
, provides complete procedures for mounting the
BlueSecure Controller, connecting the Controller to your network, and
powering up the Controller.
•Chapter3,
"Administrator Console"
, gives an overview of the BlueSecure
Controller’s HTML-based administrator console and its use to configure and
monitor a BlueSecure Controller.
•Chapter4,
"Networks"
, discusses the BSC Protected Physical Interface, the
BSC Managed Interface, failover parameters, static routes, multicast
routing, and AppleTalk routing.
•Chapter5,
"Authentication Using Internal Database"
, discusses using the
BSC's internal database for user authentication and authenticating and
assigning a role using media access control (MAC) addresses for wireless
devices do not support login via web browser. It also describes creating,
editing, and deleting local user accounts.
•Chapter6,
"Authentication Using External Servers"
, discusses iPass client
authentication, RADIUS authentication, LDAP/active directory
About This Guide
xvi
authentication, NTLM authentication, transparent NTLM authentication, transparent
802.1x authentication, the BSC internal 802.1x authentication server, Kerberos
authentication, cosign authentication, pubcookie authentication, CAS authentication,
transparent certificate authentication, and testing an external authentication server.
• Chapter 7,
"RADIUS Accounting"
, discusses how to set up RADIUS accounting, used
to record network activity and statistics including tracking user logins. It also
discusses the attributes sent to an external RADIUS accounting server by the BSC.
• Chapter 8,
"Roles and Role Elements"
, discusses defining user roles to enforce
network usage policies, role-based authorization, role inheritance, defining/
modifying a role, and creating role elements, destinations, network services,
schedules, and locations.
• Chapter 9,
"Voice Over WLAN Support"
, discusses general VoWLAN settings,
vendor-specific IP phone support, and VoWLAN QoS.
• Chapter 10,
"General BSC Operational Settings"
, discusses HTTP server settings,
intrusion detection system, the SNMP agent, automatic backup of the BSC database,
system time and date settings, public access networks, mail server access, event
logging and connection tracking, threshold values, domain name system (DNS)
settings, and miscellaneous BSC options.
• Chapter 11,
"Web Logins"
, discusses customizing the user login page, translating
user login pages, installing a custom SSL login certificate, and configuring hotspot
account generation.
• Chapter 12,
"BlueSecure Access Points"
, discusses deploying BSAPs on the same
layer-2 subnet as the BSC, deploying BSAPs with layer-3, connectivity to the BSC,
how a BSAP discovers BSCs, how a BSAP selects a home BSC, uploading BSAP
firmware files, configuring global miscellaneous non-radio settings, configuring
global radio settings, editing settings for an individual BSAP, creating SSIDs, creating
BSAPs, enabling BSAP service, and displaying configured BSAPs.
• Chapter 13,
"RF Intrusion Detection and Containment"
, discusses identifying
authorized RF stations on your network, configuring RF alarms, and configuring
autocontainment.
• Chapter 14,
"Secure Mobility® MatriX"
, provides complete procedures for
configuring multiple BlueSecure Controllers for use in relatively larger networks that
may be segmented in different subnets and physical locations. Setup and use of
Bluesocket’s Replication, Load Sharing, and Secure Mobility®features for multiple-
BSC networks are described.
• Chapter 15,
"Status"
, provides procedures for performing common network
administration tasks such as: monitoring user activity and connection status, viewing
the Controller’s summary log, exporting Controller database information, performing
standard network diagnostics, and managing user accounts.
• Chapter 16,
"Maintenance"
, describes how to perform common system software
administrative tasks such as: restarting Controller services, backing up and restoring
the Controller database, upgrading the system software to a new version, installing
or removing system software patches, customizing the user login page, installing a
custom secure sockets layer (SSL) certificate for user login, and hotspot account
generation (i.e., end user credit card billing services).
• Appendix A,
"An Overview of Virtual LANs,"
describes the BlueSecure Controller
implementation of virtual LANs (VLANs) on both the managed and protected sides of
the network.
• Appendix B,
"Provisioning Network DHCP Servers to Support BSAPs,"
provides
procedures for configuring the DHCP servers on your network to send BSC IP
addresses to BSAPs using DHCP vendor-specific option 43.
BlueSecure™ Controller Setup and Administration Guide xvii
• Appendix C,
"Endpoint Scanning,"
provides procedures for configuring endpoint
scanning on the BCS using the fully integrated Check Point Integrity Clientless
Security product.
• Appendix D,
"Serial Port Access to Essential Functions,"
describes how to use the
serial port to access essential functions if you misplace a password or experience an
ISP service outage.
• Appendix E,
"Contacting Bluesocket, Inc.,"
describes how to contact Bluesocket for
additional product information or support.
Notational Conventions
This guide uses the following notational conventions to convey information:
)Note: Notes call attention to important information.
Caution: Cautionary statements call attention to a condition that could result in the loss of
data, damage to equipment, or physical injury.
Italic
text indicates emphasis or highlights the titles of books used in cross-references.
Monospace text represents information displayed on the local BlueSecure Controller
command console or on other computer displays.
Bold monospace text represents information that you enter at the BlueSecure Controller
command console or at other computer terminals.
Related Documentation
Please refer to these other related documents for information about your BlueSecure
Controller:
•
BlueSecure Controller Quick Start Guide
- Refer to this document included with your
BSC distribution for a concise overview of how to get up and running quickly with
your BSC.
•
BlueView™ Management System User Guide
- Refer to this document for procedures
to manage the BlueSecure Controllers installed on your network from a remote central
location using the Bluesocket BlueView Management System.
•
BlueSecure Access Point 1500 Installation Guide
- Refer to this document included
with your BSAP distribution for a concise overview of how to get up and running
quickly with the Bluesocket BlueSecure 1500 Access Point.
•
BlueSecure Access Point 1540 Installation Guide
- Refer to this document included
with your BSAP distribution for a concise overview of how to get up and running
quickly with the Bluesocket BlueSecure 1540 Access Point.
•
BlueSecure Intrusion Protection System Centralized Sensor Installation Guide
- Refer
to this document included with your BIPS Centralized Sensor distribution for
instructions on physically installing the sensor, connecting it to your network, and
configuring it with an IP address.
Terminology
For brevity, we use the term BSC to refer to the BlueSecure Controller product family as a
whole, unless reference to a specific model is required.
We use the term BSAP to refer to the BlueSecure Access Point product family as a whole,
unless reference to a specific model is required.
About This Guide
xviii
A
Glossary
is included in this document that defines many terms and acronyms
associated with the BlueSecure Controller, the BlueSecure Access Point, and wireless
networks.
BlueSecure™ Controller Setup and Administration Guide 1-1
1
An Overview of the BlueSecure Controller
This chapter introduces you to the BlueSecure family of Controllers and Access
Points:
• An Introduction to the BlueSecure WLAN Solution
• The BlueSecure WLAN Solution End-user Experience
• BlueSecure Controller Models
• Typical BlueSecure WLAN Solution Network Configurations
Chapter 1: An Overview of the BlueSecure Controller
1-2
An Introduction to the BlueSecure WLAN Solution
The BlueSecure Controller (BSC) product family—BSC-600, BSC-1200, BSC-2100, and
BSC-2200/3200/5200 —provides a single scalable solution to the security, Quality of
Service (QoS), and WLAN management issues facing institutions, enterprises, and
service providers who deploy 802.11-based wireless networks.
The BSC hardware resides between the Wireless LAN (WLAN) access points and the
wired LAN, and requires no changes to the existing wired LAN or user client software as
shown in Figure 1-1.
The BSC mediates access between the wireless access points (i.e, the
managed
side of
the network) and the enterprise network or Internet (i.e., the
protected
side of the
network).
Two BSCs may be coupled to provide failover operation, and multiple BSCs may be
installed for large sites with higher data density requirements.
User Authentication
To verify the identity of a user, the BSC uses authentication. The user submits a username
and password, or other credential from his or her wireless device. The BSC checks its
internal user database or other authentication server in turn for a valid match.
Upon successful authentication, the BSC grants the user access to the network. If the BSC
cannot authenticate the user, the user is denied network access.
If 802.1x Transparent or NTLM/Transparent Windows authentication is available on the
network, the BSC passively monitors the connection and then transparently authenticates
the user into a role without the need for the user to first log into the BSC.
The BSC supports use of multiple authentication methods simultaneously.
RADIUS Accounting and Hotspot Support
Bluesocket allows accounting of bandwidth usage and the option for enterprises to
manage fee-based services to generate new sources of income “from the air.” Along with
support of RADIUS accounting to track access and usage statistics, the BlueSecure
Controllers can also direct appropriate users to secured “walled-garden” access areas,
via web pages customized to each location or customer.
Figure 1-1: The Role of the Bluesocket BSC in a Wireless LAN
Third-party
802.11a/b/g/n AP
Switch/Hub
Internet
Campus/Corporate
Network
Firewall
LDAP/RADIUS/Kerberos/
Windows Domain
Authentication Server
Managed Side
(WLAN)
Protected Side
(LAN)
BlueSecure
Controller
BlueSecure 1500/1540
802.11 a/b/g/n
Access Point
BlueSecure 1500/1540
802.11 a/b/g/n
Access Point
Existing
LAN Wiring
Table of contents
Other ADTRAN Controllers manuals
ADTRAN
ADTRAN NetVanta 5305 User manual
ADTRAN
ADTRAN ATLAS 890 User manual
ADTRAN
ADTRAN Total Access 750 Owner's manual
ADTRAN
ADTRAN Total Access 750 BCU DSX-1 Instruction Manual
ADTRAN
ADTRAN Total Access 850 Owner's manual
ADTRAN
ADTRAN Total Access 1500 SCU Instruction Manual
ADTRAN
ADTRAN Total Access OPTI-3 CPE OPTI-3 CPE User manual
ADTRAN
ADTRAN Tracer 2210 User manual
ADTRAN
ADTRAN MX3216 User guide
ADTRAN
ADTRAN NetVanta 5305 User manual
