Lancom Wlc-4006 User manual

110787/0110

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Würselen

Germany

E-Mail: [email protected]

Internet www.lancom.eu

LANCOM WLC-4006

LANCOM WLC-4025+

LANCOM WLC-4100

LANCOM WLC-4025+ 쮿LANCOM WLC-4100

쮿Handbuch

쮿Manual

...connecting your business

110787_LC-WLC-MANUAL_cover.indd 1110787_LC-WLC-MANUAL_cover.indd 1 04.01.2010 05:56:4704.01.2010 05:56:47

LANCOM WLC-4006

LANCOM WLC-4025+

LANCOM WLC-4100

While the information in this manual has been compiled with great care, it may not be deemed an assurance of product

characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.

The reproduction and distribution of the documentation and software supplied with this product and the use of its contents

is subject to written authorization from LANCOM Systems. We reserve the right to make any alterations that arise as the

result of technical development.

Windows®, Windows Vista™, Windows NT® and Microsoft® are registered trademarks of Microsoft, Corp.

The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other

names or descriptions used may be trademarks or registered trademarks of their owners.

Subject to change without notice. No liability for technical errors or omissions.

Products from LANCOM Systems include software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:/

/www.openssl.org/).

Products from LANCOM Systems include cryptographic software written by Eric Young ([email protected]).

Products from LANCOM Systems include software developed by the NetBSD Foundation, Inc. and its contributors.

Products from LANCOM Systems contain the LZMA SDK developed by Igor Pavlov.

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Wuerselen

Germany

www.lancom.eu

Wuerselen, January 2010

LANCOM WLC series

Preface

Preface

Thank you for your confidence in us!

The WLAN Controllers LANCOM WLC-4006, LANCOM WLC-4025+ and

LANCOM WLC-4100 are state-of-the-art hardware components for medium-

and large-scale WLAN-installation management that is just as simple as it is

secure. All settings are entered just once into a central profile in the WLAN

Controller—the rest is pure and simple "Plug&Play". New Access Points are

found automatically. All of the configuration settings required for optimized

wireless network operations, such as the channel settings and security poli-

cies, are automatically transferred to all of the Access Points. Operations are

also monitored centrally (e.g. background scanning) by the WLAN Controller.

Greatly simplified WLAN management offers significant costs savings. WLAN

networks are extended easily and securely simply by "plugging in" new access

points. Even remote sites can be seamlessly integrated—any IP connection

will do. Smaller sites also benefit from the RADIUS/EAP server integrated into

the LANCOM WLAN Controller.

At the same time the LANCOM WLAN Controllers ensure maximum security as

all of the LANCOM Access Points in the network strictly observe corporate

security policies automatically. Potential security loopholes are eliminated by

permanent monitoring across all company sites.

Special highlights of the LANCOM WLAN Controller include, among others:

""Smart controller" for application-related or user-related WLAN net-

working

Reliability due to self-sufficient operations

No separate cabling necessary—any IP connection will do

"Split management" for LANCOM WLAN Routers

Automatic discovery and commissioning of access points and WLAN rout-

ers

Central administration of WLAN configuration profiles

Monitoring and assurance of encryption and QoS policy

Integrated RF optimization

Full support of VLAN, RADIUS and 802.x/EAP functions

Integrated router, firewall and VPN gateway

Scalable by adding Controllers; redundancy included

LANCOM WLC series

Preface

Unparalleled operational reliability which prevents "single points of fail-

ure"

Security settings

To maximize the security available from your product, we recommend that you

undertake all of the security settings (e.g. firewall, encryption, access protec-

tion) that were not already activated when you purchased the product. The

LANconfig Wizard 'Security Settings' will help you with this task. Further infor-

mation is also available in the chapter 'Security settings'.

We would additionally like to ask you to refer to our Internet site

www.lancom.eu for the latest information about your product and technical

developments, and also to download our latest software versions.

Components of the documentation

The documentation of your device consists of the following parts:

Installation Guide

User manual

Reference manual

Menu Reference Guide

You are now reading the user manual. It contains all information you need to

put your device into operation. It also contains all of the important technical

specifications.

The Reference Manual is to be found as an Acrobat document (PDF file) at

www.lancom.eu/download or on the CD supplied. It is designed as a supple-

ment to the user manual and goes into detail on topics that apply to a variety

of models. These include, for example:

The system design of the operating system LCOS

Configuration

Management

Diagnosis

Security

Routing and WAN functions

Firewall

Quality of Service (QoS)

Virtual Private Networks (VPN)

Virtual Local Networks (VLAN)

LANCOM WLC series

Preface

Wireless networks (WLAN)

Backup solutions

Further server services (DHCP, DNS, charge management)

The Menu Reference Guide (also available at www.lancom.eu/download or on

the CD supplied) describes all of the parameters in LCOS, the operating system

used by LANCOM products. This guide is an aid to users during the configu-

ration of devices by means of WEBconfig or the telnet console.

This documentation was created by …

... several members of our staff from a variety of departments in order to

ensure you the best possible support when using your LANCOM product.

Should you find any errors, or if you would like to suggest improvements,

please do not hesitate to send an e-mail directly to:

[email protected]

Our online services www.lancom.eu are available to you around the

clock if you have any questions on the content in this manual, or if you

require any further support. The area 'Support' will help you with

many answers to frequently asked questions (FAQs). Furthermore, the

knowledgebase offers you a large reserve of information. The latest

drivers, firmware, utilities and documentation are constantly available

for download.

In addition, LANCOM Support is available. For telephone numbers

and contact addresses for LANCOM Support, please refer to the

enclosed leaflet or the LANCOM Systems Web site.

Information symbols

Very important instructions. Failure to observe these may result in damage.

Important instruction that should be observed.

Additional information that may be helpful but is not essential.

LANCOM WLC series

Content

Content

1 Centralized WLAN management 10

1.1 Introduction 10

1.2 Technical concepts 11

1.2.1 The CAPWAP standard 11

1.2.2 Smart controller technology 11

1.2.3 Communication between the Access Point and the WLAN

Controller 13

1.2.4 Zero-touch management 16

1.2.5 Split management 16

1.3 Just what can your LANCOM WLAN Controller do? 17

2 Installation 20

2.1 Package content 20

2.2 System requirements 20

2.2.1 Configuring the LANCOM devices 20

2.2.2 Operating access points in managed mode 21

2.3 Status displays and interfaces 21

2.3.1 Status displays 22

2.3.2 Device connectors 27

2.4 Hardware installation 29

2.5 Software installation 30

2.5.1 Starting the software setup 30

2.5.2 Which software should I install? 31

3 Basic configuration 32

3.1 Details you will need 32

3.1.1 TCP/IP settings 32

3.1.2 Configuration protection 34

3.2 Instructions for LANconfig 34

3.3 Instructions for WEBconfig 36

3.4 TCP/IP settings for Access Points 40

3.5 TCP/IP settings for PC workstations 40

LANCOM WLC series

Content

4 Configuring the WLAN Controller 42

4.1 Basic configuration of the LANCOM WLAN Controller 42

4.1.1 Setting the time on the LANCOM WLAN Controller 42

4.1.2 Generating a default configuration 43

4.1.3 Assigning the default configuration to the new Access

Points 47

4.2 Extended settings 48

4.2.1 General settings 48

4.2.2 Profiles 50

4.2.3 Access point configuration 58

4.2.4 AP update 65

4.2.5 Stations 70

4.2.6 RADIUS server 73

4.2.7 Options for the WLAN Controller 74

4.2.8 Inheritance of parameters 76

4.3 Sample configurations 78

4.3.1 Accepting new Access Points into the WLAN infrastruc-

ture manually 78

4.3.2 Deactivating Access Points or permanently removing

them from the WLAN infrastructure 80

4.3.3 Backing up the certificates 82

4.3.4 Backing up and restoring further files from the SCEP-CA

4.3.5 LANCOM WLAN Controller backup 86

4.3.6 Load balancing between WLAN Controllers 89

4.3.7 Dynamic VLAN assignment 90

4.3.8 Virtualization and guess access via the LANCOM WLAN

Controller 93

4.3.9 Checking WLAN clients with RADIUS (MAC filter) 106

4.3.10 Internal and external RADIUS servers combined 107

4.4 Displays and commands in LANmonitor 111

4.5 Automatic RF optimization with LANCOM WLAN Controllers 113

4.6 Configuring the Access Points 115

LANCOM WLC series

Content

5 Security settings 117

5.1 Security in the wireless LAN 117

5.1.1 Encrypted data transfer 117

5.1.2 802.1x / EAP 118

5.1.3 LANCOM Enhanced Passphrase Security 118

5.1.4 Access control by MAC address 119

5.1.5 IPSec over WLAN 119

5.2 Tips for the proper treatment of keys and passphrases 119

5.3 Security settings Wizard 120

5.3.1 LANconfig Wizard 120

5.3.2 WEBconfig Wizard 121

5.4 The security checklist 121

6 Setting up Internet access 126

6.1 The Internet Connection Wizard 126

6.1.1 Instructions for LANconfig 126

6.1.2 Instructions for WEBconfig 127

7 Connecting two networks 128

7.1 Which details are necessary? 128

7.1.1 General information 128

7.1.2 Settings for the TCP/IP router 130

7.1.3 Settings for NetBIOS routing 131

7.2 Instructions for LANconfig 131

7.3 1-Click-VPN for networks (site-to-site) 132

7.4 Instructions for WEBconfig 134

8 Providing dial-in access 135

8.1 Which details are necessary? 135

8.1.1 General information 135

8.1.2 Settings for TCP/IP 136

8.1.3 Settings for NetBIOS routing 136

8.2 Settings on the dial-in computer 137

8.3 Instructions for LANconfig 137

8.4 1-Click-VPN for LANCOM Advanced VPN Client 138

8.5 Instructions for WEBconfig 139

LANCOM WLC series

Content

9 Appendix 140

9.1 Performance and characteristics 140

9.2 Connector wiring 141

9.2.1 Ethernet interface 10/100/1000Base-TX, DSL interface

141

9.2.2 Configuration interface (outband) 141

9.3 CE-declarations of conformity 142

10 Index 143

Other manuals for WLC-4006

This manual suits for next models

Table of contents

Other Lancom Network Hardware manuals

Lancom

Lancom 7100 VPN User manual

Lancom

Lancom WLC-4006 User manual

Popular Network Hardware manuals by other brands

socomec

socomec SNMP Card II quick start guide

NVR SYSTEMS

NVR SYSTEMS 4-CH user manual

Draytek

Draytek VigorSwitch G1240 quick start guide

Westermo

Westermo TD-34 LV installation manual

LaCie

LaCie Network Space MAX Quick install guide

ZoneVu

ZoneVu ZSI-450-IP Installation guide & user manual

QNAP

QNAP Turbo NAS Application notes

OpenEye

OpenEye MV Series quick start guide

Huawei

Huawei SmartAX MT880a quick start guide

Proxim

Proxim Tsunami QuickBridge 2454-R installation guide

Bay Networks

Bay Networks CLAM quick start guide

Innodisk

Innodisk SATADOM-SH 3SE Series manual

Cisco

Cisco CGR 1000 Series Getting connected guide

Matrix Switch Corporation

Matrix Switch Corporation MSC-HD161DEL product manual

National Instruments

National Instruments NI 653x user manual

B&B Electronics

B&B Electronics ZXT9-IO-222R2 product manual

Yudor

Yudor YDS-16 user manual

D-Link

D-Link ShareCenter DNS-320L datasheet