8/9/2019 Colubris Config Guide En
1/112
Colubris NetworksConfiguration Guide
8/9/2019 Colubris Config Guide En
2/112
8/9/2019 Colubris Config Guide En
3/112
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Contents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Contents
Chapter 1Introduction 5About this guide...........................................................................................6
Software compatibility matrix ......................................................................8
Typographical conventions ..........................................................................9
Warnings, cautions, and notes ...................................................................10
Related documents ....................................................................................11
Chapter 2Management 13In this chapter............................................................................................14
Management Tool overview .......................................................................15Management station ............................................................................15Administrator account .........................................................................15Security................................................................................................15
Validating administrator logins using a RADIUS server .............................16
Remote management.................................................................................17How it works........................................................................................17
Configuration road map .......................................................................18
Chapter 3Public access deployment 21In this chapter............................................................................................22
Scenario 1a: Hotspot with Internet access (local mode) ............................23How it works........................................................................................23Configuration road map .......................................................................24
Scenario 1b: Hotspot with custom interface (local mode) .........................26How it works........................................................................................26Configuration road map .......................................................................27
Scenario 1c: Hotspot with satellites and roaming (local mode) .................29How it works........................................................................................29
Configuration road map .......................................................................30Scenario 1d: Hotspot with layer 2 security (local mode)............................32
How it works........................................................................................32Configuration road map .......................................................................33
Scenario 2a: Hotspot with Internet access (AAA server)............................35How it works........................................................................................35Configuration road map .......................................................................36
Scenario 2b: Hotspot with custom interface (AAA server).........................39How it works........................................................................................39Configuration road map .......................................................................40
Scenario 2c: Hotspot with satellites and roaming (AAA server).................42How it works........................................................................................42Configuration road map .......................................................................43
Scenario 2d: Hotspot with layer 2 security (AAA server) ...........................45How it works........................................................................................45Configuration road map .......................................................................46
Scenario 2e: Using dual radios to support A+B+G traffic ...........................49How it works........................................................................................49Configuration road map .......................................................................49
Scenario 3: Shared hotspot for public and private traffic ...........................50How it works........................................................................................50Configuration road map .......................................................................51
Scenario 4: Delivering custom HTML pages using VLANs (AAA server)....54 How it works.......................................................................................54Configuration road map .......................................................................55
Scenario 5: Custom HTML pages on each MAP (local mode)....................59 How it works.......................................................................................59Configuration road map .......................................................................60
Chapter 4Enterprise deployment 63In this chapter............................................................................................64
Scenario 1: Adding secure wireless networking.........................................65How it works........................................................................................65Configuration road map .......................................................................65
Scenario 2a: Integrating wireless networking with authentication .............67How it works........................................................................................67Configuration road map .......................................................................67
Scenario 2b: Using multiple wireless profiles and QoS..............................69How it works........................................................................................69Configuration road map .......................................................................70
Scenario 2c: Supporting wireless phones..................................................71How it works........................................................................................71Configure the VSC................................................................................72
Scenario 3: Adding wireless networking to a segmented network .............73How it works........................................................................................73Configuration road map .......................................................................74
Scenario 4: Roaming across different subnets (single MSC).....................77How it works........................................................................................77Configuration road map .......................................................................78
Scenario 5: Roaming across different subnets (multiple MSCs)................80How it works........................................................................................80Configuration road map .......................................................................81
Scenario 6: Access-controlled VSCs and roaming.....................................83How it works........................................................................................83Configuration road map .......................................................................85
Chapter 5
WDS scenarios 91In this chapter............................................................................................92
Wireless bridging considerations...............................................................93Single or dual radios? ..........................................................................93Using 802.1a for WDS .........................................................................93
Scenario 1: Using RF extension to expand a wired network.......................94How it works........................................................................................94Configuration road map .......................................................................95
Scenario 2: Deploying a point-to-point wireless link..................................98How it works........................................................................................98Configuration road map—single radio .................................................99Configuration road map—dual radios................................................101
Scenario 3: Setting up multi-hop wireless links .......................................104How it works......................................................................................104Configuration road map .....................................................................105
Chapter 6More from Colubris 109Colubris.com ...........................................................................................110
For registered customers...................................................................110For Annual Maintenance Support Program customers ......................110
Information by telephone and e-mail .......................................................111
8/9/2019 Colubris Config Guide En
4/112
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Contents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8/9/2019 Colubris Config Guide En
5/112
Chapter 1 : Introduction
Chapter 1Introduction
In this chapter you can find an explanation of the conventions used inthis guide and an overview of its contents. For information on usingdifferent software revisions in your Colubris subnetwork, see the“Software compatibility matrix” on page 8 .
8/9/2019 Colubris Config Guide En
6/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
About this guide
This guide contains a number of detailed scenarios for using Colubris ® NetworksMultiService Access Points (MAPs) and MultiService Controllers (MSCs) in a widerange of applications.
Although detailed configuration steps are provided with each scenario, the guide doesnot cover the basic procedures for operating and configuring Colubris Networks devices.This information can be found in the Administrator’s Guide for each device (For a list seepage 11 .) You should be familiar with this information before attempting to use thescenarios in this guide.
The scenarios are grouped according to functionality as follows:
Chapter 2 : Management
Chapter 3 : Public access deployment
Scenario/Topic See page
Management Tool overview 15
Validating administrator logins using a RADIUS server 16
Remote management 17
Scenario/Topic See page
Scenario 1a: Hotspot with Internet access (local mode) 23
Scenario 1b: Hotspot with custom interface (local mode) 26
Scenario 1c: Hotspot with satellites and roaming (local mode) 29
Scenario 1d: Hotspot with layer 2 security (local mode) 32
Scenario 2a: Hotspot with Internet access (AAA server) 35
Scenario 2b: Hotspot with custom interface (AAA server) 39
Scenario 2c: Hotspot with satellites and roaming (AAA server) 42
Scenario 2d: Hotspot with layer 2 security (AAA server) 45
Scenario 2e: Using dual radios to support A+B+G traffic 49
Scenario 3: Shared hotspot for public and private traffic 50
Scenario 4: Delivering custom HTML pages using VLANs (AAA server) 54
Scenario 5: Custom HTML pages on each MAP (local mode) 59
8/9/2019 Colubris Config Guide En
7/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Chapter 4 : Enterprise deployment
Chapter 5 : WDS scenarios
Scenario/Topic See page
Scenario 1: Adding secure wireless networking 65
Scenario 2a: Integrating wireless networking with authentication 67
Scenario 2b: Using multiple wireless profiles and QoS 69
Scenario 2c: Supporting wireless phones 71
Scenario 3: Adding wireless networking to a segmented network 73
Scenario 4: Roaming across different subnets (single MSC) 77
Scenario 5: Roaming across different subnets (multiple MSCs) 80
Scenario 6: Access-controlled VSCs and roaming 83
Scenario/Topic See page
Wireless bridging considerations 93
Scenario 1: Using RF extension to expand a wired network 94
Scenario 2: Deploying a point-to-point wireless link 98
Scenario 3: Setting up multi-hop wireless links 104
8/9/2019 Colubris Config Guide En
8/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Software compatibility matrix
As part of the Colubris Intelligent MultiService System (CIMS), InCharge™ MultiServiceControllers (MSCs) and MGW-3500 MultiService Gateways must be configured withcompatible InReach™ MultiService Access Points and Colubris Networks wirelessclient bridges.
Following is a software release compatibility matrix that shows you which softwareversions can be mixed in your CIMS. In general, MSCs and MGWs support access pointproducts that are at the same software release or one software release behind.
Note: If you upgrade your Colubris Networks access controller products to the 4.1.0release, all managed access points must be at either 4.1.0 or 3.1.x. Stand-alone accesspoints can run any firmware version. However, Colubris strongly recommends that youdeploy the same firmware release for all access points in your network.
Supported softwareversion on Colubrisaccess controllers
Supported software version onColubris access points and client bridges
WAP-200 MAP-320a MAP-330b MAP-330 Sensorc WCB-200c
MSC-3200d
MSC-3300e
MGW-3500MSC-5200
2.4.x Not supported 2.4.x 2.4.x N/A N/A
3.1.x 3.1.x 3.1.x, 2.4.x 3.1.x, 2.4.x N/A N/A
4.1.x 4.1.x, 3.1.x 4.1.x, 3.1.x 4.1.x, 3.1.x N/A N/A
MSC-55003.1.x 3.1.x 3.1.x, 2.4.x 3.1.x, 2.4.x N/A N/A
4.1.x 4.1.x, 3.1.x 4.1.x, 3.1.x 4.1.x, 3.1.x N/A N/A
MSC-5200/MSC-5500plus
COS Services Pack f
4.1.x N/A 4.1 only 4.1 only N/A N/A
a. Includes product variants MAP-320R and MAP-320S.b. Includes ruggedized product variant MAP-330R.c. MAP-330 Sensors and WCB-200 wireless client bridges do not interact with an MSC or MGW and can be
used in these networks at any supported software version.d. Includes ruggedized product variant MSC-3200R.e. Includes ruggedized product variant MSC-3300R.f. In order to use the mobility services features in 4.1.0—including both Layer 2 fast and secure authentication
and Layer 3 mobility—you must upgrade associated MAPs to the 4.1.0 release.
8/9/2019 Colubris Config Guide En
9/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Typographical conventions
The following table gives the typographical conventions used in Colubris Networkstechnical documentation.
Note: The Management Tool web interface is an element management system that isdistinct from the Colubris Networks InCharge ™ network management system, CNMS.
Example Description
Network > Ports When referring to the Management Tool web interface, items in boldidentify menu commands or input fields. Submenus are indicated by the> sign. The example refers to the Ports submenu, which is found underthe Network menu.
ip_address Items in italics identify parameters for which you must supply a value.
use-access-list= usename Monospaced text identifies command-line output, program listings, orcommands that you enter into configuration files or profiles.
ssl-certificate= URL [ %s ] Square brackets identify optional arguments. That is, you can decidewhether to enter the argument. Do not enter the brackets.
[ ONE | TWO ] A vertical line indicates mutually-exclusive choices. That is, you canspecify only one item.
{ ONE | TWO } Curly brackets group required arguments.
8/9/2019 Colubris Config Guide En
10/112
8/9/2019 Colubris Config Guide En
11/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Related documents
The following documents provide additional information. You can find instructions onhow to download additional documentation on the copyright page.
Document Provides you with . . .
Quickstart Guides Hardware and startup information for the Colubris Networksdevices mentioned in this guide.
Administrator Guides Hardware and configuration information for the ColubrisNetworks devices mentioned in this guide.
Public AccessAdministrator Guide
Detailed discussions on configuring the public accessinterface provided by MSC devices.
Engineering ReleaseNotes
Specific information about the latest release of ColubrisNetworks firmware, including the newest features, fixes, andknown issues.
8/9/2019 Colubris Config Guide En
12/112
Chapter 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Introduction- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8/9/2019 Colubris Config Guide En
13/112
Chapter 2 : Management
Chapter 2Management
In this chapter you can find scenarios that illustrate strategies formanaging one or more devices across various network topologies.
8/9/2019 Colubris Config Guide En
14/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In this chapter
This chapter contains the following topics.
Scenario/Topic See page
Management Tool overview 15
Validating administrator logins using a RADIUS server 16
Remote management 17
8/9/2019 Colubris Config Guide En
15/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Management Tool overview
The Management Tool is a Web-based interface to the MAP/MSC that provides easyaccess to all configuration functions.
Note: The Management Tool web interface is an element management system that is
distinct from the Colubris Networks InCharge ™ network management system.
Managementstation
Management station refers to the computer that an administrator uses to connect to theManagement Tool. To act as a management station, a computer must
• Have a JavaScript-enabled Web browser installed; that is, Netscape 7.01 or higher, orInternet Explorer 6.0 or higher, including all updates
• Be able to establish an IP connection with the MAP/MSC, either through the wirelessport or LAN ports
Administratoraccount Administrator passwordAccess to the Management Tool is protected by a username and password. Thefactory default setting for both is admin . Colubris Networks recommends that youchange both on the Management tool configuration page, which you can access byselecting Management > Management tool.
Caution! If you forget the administrator password, the only way to gain access to theManagement Tool is to reset the MAP/MSC to factory default settings.
Account policyTo maintain the integrity of configuration settings, only one administrator can beconnected to the Management Tool at a given time. To prevent the Management Tool
from being locked up by an idle administrator, two mechanisms are in place:• If a administrator’s connection to the Management Tool remains idle for more than
ten minutes, the MAP/MSC automatically logs the administrator out.
• If a second administrator connects to the Management Tool and logs in with thecorrect username and password, the first administrator’s session is terminated.(Default setting) If required, you can disable this mechanism on the Managementtool configuration page, which you can access by selecting Management >Management tool.
Security The Management Tool is protected by the following security features:• HTTPS: Communications between the management station and the MAP/MSC
occurs through HTTPS. Before logging on to the Management Tool, administratorsmust accept a Colubris Networks certificate. You can replace this certificate with yourown.
• Port blocking: Access to the Management Tool can be explicitly enabled or disabledfor a variety of interfaces depending on the type of unit. Available options may include:wireless port, LAN port, Internet port, VLAN, GRE, or WDS.
8/9/2019 Colubris Config Guide En
16/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Validating administrator logins using a RADIUS server
You can use a RADIUS server to authenticate logins to the Management Tool. Oneadvantage of this method is that it enables you to create several administrator accounts,each with its own username and password.
Caution! Ensure that the RADIUS profile you select is configured and that theadministrator account is defined on a functioning RADIUS server. If not, you will not beable to log back into the MAP because the administrator password cannot beauthenticated.
Use the following steps to configure RADIUS authentication.
1. Create a RADIUS profile to use for administrator authentication:
• Select Security > RADIUS.
• Click Add New Profile .
• Define settings for the RADIUS server that you want to use to validateadministrator logins.
• Click Save .2. Specify this RADIUS profile for administrator authentication:
• Select Management > Management tool .
• Under Administrator authentication Authenticate via, select the RADIUSprofile that you created in the first step.
• Under Username, enter the login name for the administrator. Default is admin .
• Under Current password, enter the administrator password. Default is admin .
• Under New password, enter the new administrator password. New passwordsmust be at least six characters long and contain at least four different characters.
• Under Confirm new password, retype the new administrator password.• As a precaution, you can enable the Try local account if RADIUS is
unreachable feature to allow access if the RAIDUS server is down.
• Click the Test button to verify that authentication is working.
• Click Save .
8/9/2019 Colubris Config Guide En
17/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Remote management
This scenario shows you how to set up an MSC to provide remote management of theMAPs connected to it.
How it works When a MAP is installed behind an MSC, enabling remote access to its managementtool requires configuration settings to be defined on the MSC and the RADIUS server.
This section explains how to configure remote management for the following twotopologies:
192.168.10.0
192.168.1.0
192.168.20.0
192.168.1.0
30.2
30.1
30.3
10.1
1.21.2 1.31.3
VPN tunnel
VPN server
192.168.20.0
20.120.2
20.1
20.3
20.4
RADIUSserver
Managementstation
Topology A Topology B
P U B L I C W L A NP U B L I C W L A
N P U B L I C W L A NP U B L I C W L A
N
A AB B
MAP
1.1 1.1
RADIUSserver
Managementstation
(address in VPN tunnel)
(address in VPN tunnel)
(address in VPN tunnel)
MAP MAP MAP
M S C SMSC
M S C SMSC
Router
8/9/2019 Colubris Config Guide En
18/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configurationroad map
On the management stationTo reach the management tool on the MAPs, the management station must specify thefollowing addresses in its web browser:
Topology A• To reach MAP A: HTTPS://192.168.10.1:5002
• To reach MAP B: HTTPS://192.168.10.1:5003
Topology B• To reach MAP A: HTTPS://192.168.30.2:5002
• To reach MAP B: HTTPS://192.168.30.2:5003
Static NAT mappings are used on the MSC to direct traffic to the proper MAP. MACaddress authentication enables the MAPs to log into the public access network. Accesslist definitions allow traffic to be sent from the MSCs to the management stations.
Configure the MSCsCreate static NAT mappingsTo direct management traffic to the proper MAP, you need to create static NATmappings (on the Network > NAT page) to redirect HTTPS traffic to the new ports youdefined on the MAPs.
• Map traffic on port 5002 to IP address 192.168.1.2 and port 443.
• Map traffic on port 5003 to IP address 192.168.1.3 and port 443.
Configure the RADIUS serverCreate an MSC profileCreate a RADIUS profile for the MSC as follows:
MAC address authenticationFor the MAP to communicate with the management station, it must log into the publicaccess network provided by the MSC. To accomplish this, add a MAC address attributeto the MSC’s RADIUS profile for each MAP. This attribute enables the access controllerto authenticate devices (such as the MAPs) based on their MAC address. For example:
mac-address= address [, username [, password ]]
Replace address and username with the MAC address of the MAP. Replace password with the same password that the MSC uses to communicate with the RADIUS server.
8/9/2019 Colubris Config Guide En
19/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A note about security
Access listIn both topology A and B it makes sense to protect access to the RADIUS server andmanagement station. This is required because once logged in, public access customersgain access to all resources connected to the MSCs Internet port.
An access list definition can be used to block all traffic to 192.168.20.0, for topology A,and 192.168.30.0, for topology B.
However, to enable the MAPs and the management station to communicate, anadditional access list definition must be created as follows:
• Topology A: Create an access list that permits HTTPS traffic to address 192.168.20.4.This is the IP address of the management station. For example:
access-list=320,ACCEPT,tcp,192.168.20.4,443
• Topology B: The list should permit HTTPS traffic to address 192.168.30.3. This is theIP address of the management station inside the VPN tunnel.
access-list=320,ACCEPT,tcp,192.168.30.3,443
Create a MAP profileDefine a RADIUS profile for each MAP. The profile should activate the access list thatwas defined in the MSC’s RADIUS profile. For example:use-access-list=320
Create a user account for each MSCDefine a RADIUS user account for each MSC. Define a unique username and passwordfor each device.
8/9/2019 Colubris Config Guide En
20/112
Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
8/9/2019 Colubris Config Guide En
21/112
Chapter 3 : Public access deployment
Chapter 3Public access deployment
In this chapter you can find sample deployment strategies for commonpublic access scenarios. These scenarios can give you a good idea abouthow to approach your installation.
8/9/2019 Colubris Config Guide En
22/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
In this chapter
This chapter contains the following scenarios.
Scenario/Topic See page
Scenario 1a: Hotspot with Internet access (local mode) 23
Scenario 1b: Hotspot with custom interface (local mode) 26
Scenario 1c: Hotspot with satellites and roaming (local mode) 29
Scenario 1d: Hotspot with layer 2 security (local mode) 32
Scenario 2a: Hotspot with Internet access (AAA server) 35
Scenario 2b: Hotspot with custom interface (AAA server) 39
Scenario 2c: Hotspot with satellites and roaming (AAA server) 42
Scenario 2d: Hotspot with layer 2 security (AAA server) 45Scenario 2e: Using dual radios to support A+B+G traffic 49
Scenario 3: Shared hotspot for public and private traffic 50
Scenario 4: Delivering custom HTML pages using VLANs (AAA server) 54
Scenario 5: Custom HTML pages on each MAP (local mode) 59
8/9/2019 Colubris Config Guide En
23/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 1a: Hotspot with Internet access (local mode)
This installation shows you how to quickly deploy and test the MSC without installing aRADIUS server. Instead, customer authentication is handled locally on the MSC.
How it works In this scenario a single MSC (with radio) is installed to provide a wireless network andaccess to the Internet. The MSC is connected to the Internet by way of a broadbandmodem, and the Internet connection is protected by the MSC’s firewall and NAT features(which are enabled by default).
A local area network is connected to the MSC’s LAN port to support wired customers.The MSC acts as the DHCP server on both the wireless and wired networks which arebridged together on subnet 192.168.1.0.
The MSC is operating in local mode, which means that:
• Customer authentication is handled locally by the MSC and accounts are created onthe MSC for each customer. There is no support for accounting.
• A RADIUS server is not required to activate the public access interface. Instead, thedefault public access interface resident on the MSC is used by customers to login andmanage their sessions.
P U B L I C W L A N
LAN
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
MSC
8/9/2019 Colubris Config Guide En
24/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configurationroad map
Install the MSC1. Install the MSC as described in its Quickstart guide.
2. Connect the Internet port to a broadband modem and then restart the modem.
3. Connect the LAN port to the local area network.
4. Start the management tool.
Configure the wireless network By default the MSC is configured to:
• automatically choose the best operating channel (frequency)
• support 802.11b/g clients
• create a wireless network named Colubris Networks
There is no need to change these settings for this scenario.
Note: By default, one radio on the MSC-3300 is used to provide the wireless networkand the other is placed into Monitor mode.
Configure the Internet connection1. Select Network > Ports > Internet port.
2. Select the addressing option supported by your ISP and click Configure .
3. Define all settings as required by your ISP.
Define the list of users1. Select Security > Users .
2. Add usernames and passwords for all users/customers.
Test the public access interfaceTo test your installation, use a wireless client station to log onto the public accessinterface. (For this to work, the MSC must be configured as the client’s default gateway.This is done by default if the wireless client is using DHCP.)
1. Start the client station’s web browser and enter the IP address (or domain name) ofa web site on the Internet.
2. The MSC should intercept the URL and display the Login page. (Depending on thetype of certificate that is installed on the MSC, you may see a security warning first.)
8/9/2019 Colubris Config Guide En
25/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3. Specify a valid customer name and password to login.
4. The Session page will open.
5. Next, you are automatically redirected to the web site you originally requested.
8/9/2019 Colubris Config Guide En
26/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 1b: Hotspot with custom interface (local mode)
This scenario adds custom settings to the default public access interface used inScenario 1a.
This installation illustrates how to customize the operation of the public access interface
while running in local mode.
How it works In this scenario, a web server is used to store custom pages for the public accessinterface. The MSC loads these pages each time it is restarted.
There are two ways to deploy this scenario.
Topology 1In this version, the web server is located on the Internet.
Web server
P U B L I C W L A N
LAN
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
L A N
p o r t
I n t e r n e t p o r t
1.1
MSC
8/9/2019 Colubris Config Guide En
27/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2In this version the web server is located on local LAN B. Instead of being directlyconnected to the Internet, the MSC is also connected to local LAN B which provides arouter/firewall to handle the connection to the Internet.
In this scenario, the web server is also the DHCP server for LAN B, operating on subnet192.168.5.0. The MSC’s Internet port is set to operate as a DHCP client.
Configurationroad map
Important: Start with the configuration defined in Scenario 1a.
Configure the Internet port (Topology 2 only)1. Select Network > Ports > Internet port.
2. Select DHCP Client and click Save .
Customize the login page and logo1. Create a folder called newpages on the web server.
2. Create a file called logo.gif that contains your logo and place it in the newpages folder (recommended size less than 20K). This same image file is shared by allpages.
3. Download the current QuickSetup.zip file from the Colubris Support website. (Go towww.colubris.com and on the home page at left select Support > ProductRegistration. )
P U B L I C W L A N
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
RouterFirewall
Web server
LAN B
192.168.5.0
5.1
5.21.1
LAN A
MSC
http://www.colubris.com/http://www.colubris.com/
8/9/2019 Colubris Config Guide En
28/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4. Copy the following files from the current QuickSetup.zip file and place them in thenewpages folder.
• login.html
• transport.html
• session.html
• fail.html
5. Edit login.html to meet the requirements of your site, keeping the followingrestrictions in mind:
• Do not alter the ID tags “” & “” located at the top ofthe page.
• Do not alter any JavaScript code.
6. Open the Security > Local config page and define the following attributes:
login-page= web_server_URL /newpages/login.html
transport-page= web_server_URL /newpages/transport.html
session-page= web_server_URL /newpages/session.html
fail-page= web_server_URL /newpages/fail.html
logo= web_server_URL /newpages/logo.gif
Test the public access interfaceTo test your installation, use a wireless client station to log onto the public accessinterface. (For this to work, the MSC must be configured as the client’s default gateway.This is done by default if the wireless client is using DHCP.)
1. Start the client station’s web browser and enter the IP address (or domain name) ofa web site on the Internet.
2. The MSC should intercept the URL and display the modified Login page.(Depending on the type of cer tificate that is installed on the MSC, you may see asecurity warning first.)
3. To login, specify a valid customer name and password. The Session page shouldopen.
4. Next, you are automatically redirected to the web site you originally requested.
8/9/2019 Colubris Config Guide En
29/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 1c: Hotspot with satellites and roaming (local mode)
This scenario adds multiple MAPs to extend the wireless network in Scenario 1b.
MAP devices can be used to extend the reach of the public access network created byan InMotion MultiService Controller (MSC).
How it works In this scenario several MAP devices are connected to an MSC by way of a backboneLAN to provide multiple wireless cells for large physical location.
Customers can log into the public access network at any location and can roambetween access points without losing their connection.
By default, each MAP is configured as a DHCP client and obtains its address from theMSC, which by default is configured as the DHCP server.
Customer authentication is handled locally by the MSC, and accounts are created onthe MSC for each customer. There is no support for accounting.
Note: This scenario can also be created using an MSC with no radio, in which case
wireless cells are only provided by the MAP devices. When using non-radio MSC units,the DHCP server option must be enabled manually on the MSC.
The following diagrams illustrate how the two topologies described in Scenario 1b canbe modified to support satellites and roaming. In both cases the configuration procedureis the same.
Topology 1
P U B L I C W L A N P U B L I C W L A
N
MAP MAP
Web server
P
U B L I C W L A N
LAN
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
L A N
p o r t
I n t e r n e t p o r t
1.1MSC
1.81.9
8/9/2019 Colubris Config Guide En
30/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2
Configurationroad map
Important: Start with the configuration defined in Scenario 1a.
Install the MAPs1. Install the MAPs as described in the appropriate quickstart guide.
2. Before you connect each unit to the LAN, start the Management Tool and configureeach unit as described in the sections that follow.
Configure the wireless network By default the MAPs are configured to:
• support 802.11b/g clients• automatically choose the best operating channel (frequency)
• create a wireless network named Colubris Networks
There is no need to change these settings for this scenario.
Note: All wireless networks must have the same name in order to support roaming.
Set the shared secret on the MSC1. Select Security > Authentication > Advanced Settings .
2. In the Access controller shared secret box, set Shared secret and Confirmshared secret to a unique string. For example: xr2t56. This password will be usedby the MAPs to connect to the MSC when they send authentication requests.
3. Click Save .
P U B L I C W L A N P U B L I C W L A
N
MAP MAP
192.168.1.0
P U B L I C W L A N
L A N
p o r t
I n t e r n e t p o r t
1.2 1.3
1.4
1.5 1.6
1.7
RouterFirewall
Web server
LAN B
192.168.5.0
5.1
5.21.1
LAN A
1.81.9
MSC
8/9/2019 Colubris Config Guide En
31/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configure the connection to the MSC on the MAPsEach MAP will use the services of the MSC to authenticate customer logins. Do thefollowing on each MAP.
1. Select VSC > Profiles.
2. Click the Colubris Networks profile to edit it.
3. In the General box , select the Use Colubris access controller check box.
4. Click Save.
5. Select Security > Access controller
6. Set the Access controller shared secret to match the secret set on the MSC.
7. Click Save.
Note: By default the MAP is set up to use the default gateway assigned by DHCP as theaccess controller. Do not change this setting.
8/9/2019 Colubris Config Guide En
32/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 1d: Hotspot with layer 2 security (local mode)
This scenario adds support for WEP and WPA clients to scenario 1c.
Enabling support for WEP and WPA helps to protect wireless transmissions againsteavesdropping.
How it works This scenario creates three virtual service communities (VSCs) on each device. EachVSC provides support for a different security option: WEP, WPA (with preshared key),and none.
To connect with the wireless network, customers must select the SSID of the VSC thatmatches the option that they want to use. Roaming is supported, since the same VSCsare defined on all access points.
The following diagrams illustrate how the two topologies described in Scenario 1c canbe modified to support layer 2 security. In both cases the configuration procedure is thesame.
Topology 1
MAP MAP
Web server
LAN
192.168.1.0
1.2 1.3
L A N
p o r t
I n t e r n e t p o r t
1.1MSC
1.41.5
SSIDNone
SSIDWEP
SSIDWPA SSID
None
SSIDWEP
SSIDWPA
SSIDNone
SSIDWEP
SSIDWPA
8/9/2019 Colubris Config Guide En
33/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2
Configurationroad map
Important: Start with the configuration defined in Scenario 1c.
Create VSCs on the MAPsUse the following steps to create three virtual service communities on all MAPs.
1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as None.• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as None.
• Click Save.
4. On the Virtual Service Communities page, click Add new profile.
5. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as WEP.
• Under General, enable the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as WEP.
• Under Wireless protection:
• Select the checkbox and choose WEP.
• For Key, specify 13 ASCII characters as the key.
• Click Save.
6. On the Virtual Service Communities page, click Add new profile.
192.168.1.0
L A N
p
o r t
I n t e r n
e t p o r t
1.2 1.3
RouterFirewall
Web server
LAN B
192.168.5.0
5.1
5.21.1
LAN A
1.4MAP MAPMSC
1.41.5
SSIDNone
SSIDWEP
SSIDWPA SSID
None
SSIDWEP
SSIDWPA
SSIDNone
SSIDWEP
SSIDWPA
8/9/2019 Colubris Config Guide En
34/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as WPA.
• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as WPA.
• Under Wireless protection:
• Select the checkbox and leave the default setting of WPA .
• For Mode, select WPA or WPA2.
• For Key source , select Preshared key.
• For Key and Confirm key , set a unique key value.
• Click Save.
Create VSCs on the MSCUse the following steps to create virtual service communities on the MSC that matcheach VSC you configured on the MAPs:
1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page :
• Under General, enter the Name as None.
• Under Virtual AP, enter the WLAN name (SSID) as None.
• Click Save.
4. On the Virtual Service Communities page, click Add new profile.
5. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as WEP.
• Under Virtual AP, enter the WLAN name (SSID) as WEP.• Under Wireless protection:
• Select the checkbox and choose WEP.
• For Key, specify the same 13 ASCII characters you defined on the MAPs.
• Click Save.
6. On the Virtual Service Communities page, click Add new profile.
7. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as WPA.
• Under Virtual AP, enter the WLAN name (SSID) as WPA.
• Under Wireless protection:
• Select the checkbox and leave the default setting of WPA .
• For Mode, select WPA or WPA2.
• For Key source , select Preshared key.
• For Key and Confirm key , set the same unique key value you defined on theMAPs.
• Click Save.
8/9/2019 Colubris Config Guide En
35/112
8/9/2019 Colubris Config Guide En
36/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2In this version the RADIUS server is located on local LAN B. Instead of being directlyconnected to the Internet, the MSC is also connected to local LAN B which provides arouter/firewall to handle the connection to the Internet.
Configuration
road map
On the RADIUS serverDefine RADIUS accounts for all customers that will use the public access network.
Install the MSC1. Install the MSC as described in its Quickstart guide.
2. If setting up Topology 1, connect the Internet port to a broadband modem and thenrestart the modem.
If setting up Topology 2, connect the Internet port to LAN B.
3. Connect the LAN port to the local area network.
4. Start the management tool.
Configure the wireless network By default the MSC is configured to:
• support 802.11b/g clients
• automatically choose the best operating channel (frequency)
• create a wireless network named “Colubris Networks”
There is no need to change these settings for this scenario.
Note: By default one radio on the MSC-3300 is used to provide the wireless networkand the other is placed into Monitor mode.
P U B L I C W L A N
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
RouterFirewall
RADIUS server
LAN B
192.168.5.0
5.1
5.21.1
LAN A
MSC
8/9/2019 Colubris Config Guide En
37/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configure the Internet port1. Select Network > Ports > Internet port.
2. Select the proper addressing option:
• For topology 1, select the option supported by your ISP (Topology 1) and clickConfigure. Define all settings as required.
• For topology 2, select DHCP client and click Save .
Create a VPN connection (Topology 1 only)1. Select Security > PPTP client .
2. Under Connection , set the PPTP server address to the address of the VPN server(in this example, myVPN.com .
3. Under Account , set Username and Password as required by the VPN server.
4. Click Save .
Create a RADIUS profile1. Select Security > RADIUS .2. Click Add New Profile .
3. In the Profile name box, assign RADIUS Profile 1 to the new profile.
4. In the Settings box, use the defaults except for Authentication method which mustmatch the method supported by the RADIUS server.
5. In the Primary RADIUS server box, specify the address of the RADIUS server andthe secret the MSC will use.
Enable RADIUS authentication of customers1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page:
• Under HTML-based user logins,:
• Clear the Local authentication checkbox .
• Select the RADIUS authentication checkbox .
• For RADIUS profile, select RADIUS Profile 1.
• Select the RADIUS accounting checkbox .
• Click Save.
8/9/2019 Colubris Config Guide En
38/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Test the public access interfaceTo test your installation, use a wireless client station to log onto the public accessinterface. (For this to work, the MSC must be configured as the client’s default gateway.(This is done by default if the wireless client is using DHCP.)
1. Start the client station’s web browser and enter the IP address (or domain name) ofa web site on the Internet.
2. The MSC should intercept the URL and display the Login page opens. Specify avalid customer name and password.
3. The Session page will open.
4. Next, you are automatically redirected to the web site you originally requested.
8/9/2019 Colubris Config Guide En
39/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 2b: Hotspot with custom interface (AAA server)
This scenario adds custom settings to the default public access interface used inScenario 2a.
This installation illustrates how to customize the operation of the public access interface
when using a AAA RADIUS server.
How it works In this scenario a web server is used to store custom pages for the public accessinterface. The MSC loads these pages each time it is restarted.
The following diagrams show how the two topologies described in Scenario 2a can bemodified to support layer 2 security. In both cases the configuration procedure is thesame.
Topology 1In this version the Web server is located at a remote site and is accessed through theInternet. by way of a VPN tunnel.
P U B L I C W L A N
LAN
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
VPN tunnel
Web serverRADIUS server
VPN server
myVPN.com
MSC
8/9/2019 Colubris Config Guide En
40/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2In this version the Web server is located on local LAN B.
Configurationroad map
Important: Start with the configuration defined in Scenario 2a.
Customize the login page and logo1. Create a folder called newpages on the web sever.2. Create a file called logo.gif that contains your logo and place it in the newpages
folder (recommended size less than 20K). This same image file is shared by allpages.
3. Download the current QuickSetup.zip file from the Colubris Support website. (Go towww.colubris.com and on the home page at left select Support > ProductRegistration. )
4. Copy the following files from the current QuickSetup.zip file and place them in thenewpages folder.
• login.html
• transport.html
• session.html
• fail.html
5. Edit login.html to meet the requirements of your site, keeping the followingrestrictions in mind:
• Do not alter the ID tags “” & “” located at the top ofthe page.
• Do not alter any JavaScript code.
P U B L I C W L A N
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.41.7
RouterFirewall
RADIUSserver
LAN B
192.168.5.0
5.1
5.21.1
LAN A
Webserver
5.3
MSC
http://www.colubris.com/http://www.colubris.com/
8/9/2019 Colubris Config Guide En
41/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 41 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Define attributes on the RADIUS serverDefine a RADIUS account for the MSC and add the following entries to it.login-page= web_server_URL /newpages/login.html
transport-page= web_server_URL /newpages/transport.html
session-page= web_server_URL /newpages/session.html
fail-page= web_server_URL /newpages/fail.htmllogo= web_server_ URL/newpages/logo.gif
For more information on these attributes, consult the Public Access Administrator Guide.
Enable RADIUS authentication of the MSCThe MSC will retrieve the configuration attributes defined on the RADIUS server eachtime it authenticates with the server.
1. Select Security > Authentication .
2. Enable the RADIUS authentication option.
3. Select the RADIUS profile you just defined ( RADIUS Profile 1) .4. Specify the username and password the MSC will use to login to the RADIUS
server.
5. Click Force authentication . The light should turn green, indicating that the MSChas been successfully authenticated.
6. Click Save .
Test the public access interfaceTo test your installation, use a wireless client station to log onto the public accessinterface. (For this to work, the MSC must be configured as the client’s default gateway.
This is done by default if the wireless client is using DHCP.)1. Start the client station’s web browser and enter the IP address (or domain name) of
a web site on the Internet.
2. The MSC should intercept the URL and display the modified Login page.(Depending on the type of cer tificate that is installed on the MSC, you may see asecurity warning first.)
3. To login, specify a valid customer name and password. The Session page shouldopen.
4. Next, you are automatically redirected to the web site you originally requested.
8/9/2019 Colubris Config Guide En
42/112
8/9/2019 Colubris Config Guide En
43/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 43 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2
Configurationroad map
Important: Start with the configuration defined in Scenario 2b.
Install the MAPs1. Install the MAPs as described in the appropriate quickstart guide.
2. Before you connect each unit to the LAN, start the Management Tool and configureeach unit as described in the sections that follow.
Configure the wireless network By default the MAPs are configured to:
• support 802.11b/g clients
• automatically choose the best operating channel (frequency)
• create a wireless network named Colubris Networks
There is no need to change these settings for this scenario.
Note: By default, one radio on the MAP-330 and the MSC-3300 is used to provide thewireless network, and the other is placed into Monitor mode.
Set the shared secret on the MSC1. Select Security > Authentication > Advanced Settings .
2. In the Access controller shared secret box, set Shared secret and Confirmshared secret to a unique string. For example: xr2t56. This password will be usedby the MAPs to send authentication requests to the MSC.
3. Click Save .
P U B L I C W L A N
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3
1.4
1.5 1.6
1.7
RouterFirewall
RADIUSserver
LAN B
192.168.5.0
5.1
5.21.1
LAN A
Webserver
5.3
P U B L I C W L A N P U B L I C W L A
N
MAP MAP
LAN
192.168.1.0
1.81.9
MSC
8/9/2019 Colubris Config Guide En
44/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configure the connection to the MSC on the MAPsConfigure the following on each MAP.
1. Select VSC > Profiles.
2. Click the Colubris Networks profile to edit it.
3. In the General box , select the Use Colubris access controller check box.
4. Click Save.
1. Select Security > Access controller.
2. Set the Access controller shared secret to match the secret set on the MSC.
3. Click Save.
Note: By default the MAP is set up to use the default gateway assigned by DHCP as theaccess controller. Do not change this setting.
8/9/2019 Colubris Config Guide En
45/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 2d: Hotspot with layer 2 security (AAA server)
This scenario adds support for 802.1x and WPA clients to scenario 2c.
Enabling support for 802.1x (with WEP encryption) and WPA protects all wirelesstransmissions against eavesdropping.
How it works This scenario creates three virtual service communities (VSCs) on each device. EachVSC provides support for a different security option: 802.1x (with WEP), WPA, andnone.
To connect with the wireless network, customers must select the SSID that matches theoption that they want to use. Roaming between MAPs is supported, since the sameVSCs are defined on all access points.
Authentication of client stations occurs as follows:
• On the SSIDs 8021x and WPA, authentication is handled by way of 802.1x by theMSC using accounts defined on the RADIUS server. These stations do not see thepublic access interface.
• On the SSID None, client stations must login through the public access interface andare authenticated by the MSC by way of accounts defined on the RADIUS server.
The following diagrams show how the two topologies described in Scenario 2c can bemodified to support layer 2 security. In both cases the configuration procedure is thesame.
Topology 1
L A N
p o r t
I n t e r n e t p o r t
192.168.1.0
1.2 1.3VPN tunnel
Web serverRADIUS server
VPN server
myVPN.com
MAP
LAN
192.168.1.0
1.81.9MAP
5.21.1
SSIDNone
SSID8021x
SSIDWPA
SSIDNone
SSID8021x
SSIDWPASSID
None
SSID8021x
SSIDWPA
MSC
8/9/2019 Colubris Config Guide En
46/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topology 2
Configurationroad map
Important: Start with the configuration defined in Scenario 2c.
Create VSCs on the MAPUse the following steps to create three virtual service communities on all MAPs.
1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as None.• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as None.
• Click Save.
4. On the Virtual Service Communities page, click Add new profile.
5. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as WPA.
• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as WPA.
• Under Wireless protection:
• Select the checkbox and leave the default setting of WPA .
• For Mode, select WPA or WPA2.
• Leave Key source as RADIUS.
• Click Save.
6. On the Virtual Service Communities page, click Add new profile.
L A N
p o r t
I n t e r n e t p
o r t
192.168.1.0
1.2 1.3
RouterFirewall
RADIUSserver
LAN B
192.168.5.0
5.1
5.21.1
LAN A
Webserver
5.3
MAP MAP
LAN
192.168.1.0
1.81.9
SSIDNone
SSID8021x
SSIDWPA
SSIDNone
SSID8021x
SSIDWPASSID
None
SSID8021x
SSIDWPA
MSC
8/9/2019 Colubris Config Guide En
47/112
8/9/2019 Colubris Config Guide En
48/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 48 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as 8021x.
• Under Virtual AP, enter the WLAN name (SSID) as 8021x.
• Under Wireless protection:
• Select the checkbox and select 802.1x.
• For RADIUS profile , select RADIUS Profile 1 (which was defined in Scenario
2a).• Select the Mandatory authentication checkbox.
• Select the WEP encryption checkbox.
• Clear the HTML-based user logins checkbox.
• Under Access controlled , clear the Redirect HTML users to login pagecheckbox.
• Click Save.
8/9/2019 Colubris Config Guide En
49/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 49 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 2e: Using dual radios to support A+B+G traffic
This scenario adds support for 802.11a wireless clients to Scenario 2d.
Colubris Networks’ dual radio products can be configured to support the same SSID ontwo different radios. This enables a single device to support wireless clients regardless
of the type of radio they have: 802.11a, b, or g.Important: This scenario is supported by dual-radio units only.
How it works In this scenario an MSC 3300 is used in conjunction with two MAP-330s. Both productssupport dual radios.
The radios on all these devices are to operate as follows:
• Radio 1: 802.11b/g mode
• Radio 2: 802.11a mode
The three wireless profiles created in Scenario 2d are changed to transmit and receiveon both radio 1 and radio 2.
Customers are now able to connect with regardless of their radio type: 802.11a/b/g.Since 802.11a customers are on a separate radio, they do not share bandwidth with theb/g customers.
Note: See scenario 2d for a diagram of the network topology.
Configurationroad map
Important: Start with the configuration defined in Scenario 2d.
Configure radio 21. Select Wireless > Radios .
2. Under Radio 2 :• Change Operating mode to Access point only .
• Change Wireless mode to 802.11a .
3. Click Save .
Configure VSC profiles1. Select Virtual AP > Profiles
2. Edit each VSC created in Scenario 2d (8021x, WPA, and none) as follows:
• Click the profile name.
• Under Virtual AP , set Transmit/receive on to Radio 1 and 2 .• Click Save .
8/9/2019 Colubris Config Guide En
50/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 50 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 3: Shared hotspot for public and private traffic
In this scenario VLANs and multiple SSIDs are used to enable public and private usersto share the same infrastructure with complete security.
How it works This scenario shows you how to deploy a wireless network so that it can be sharedbetween company employees and paying customers. It enables you to leverage a singlewireless infrastructure to build a hotspot and provide easy access for mobile employees.
• Employees connect using the SSID Private and are routed to the corporate networkon VLAN 50. The MSC authenticates employees using the Corporate RADIUS server.Once authenticated, customer traffic is forwarded on VLAN 50 so that it can reach thecorporate intranet.
• Customers connect using the SSID Public and login using the MSC’s public accessinterface. The MSC authenticates customers using the ISP RADIUS server. Onceauthenticated, customer traffic is forwarded on VLAN 60 so that it can reach theInternet.
SSID = Public
MAPEmployee
SSID = Private
192.168.5.1
Guest
Switch
VLAN 60VLAN 50
192.168.5.5
CorporateIntranet
CorporateRADIUS server
Firewall
ISPRADIUS server
VLAN 60VLAN 50
Employees
MSC
8/9/2019 Colubris Config Guide En
51/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configurationroad map
Define settings on the RADIUS servers1. On ISPRADIUS create accounts for public users.
2. On CorporateRADIUS create accounts for employees.
Install the MSC and MAP
1. Install the MSC and MAP as described in the appropriate quickstart guide.2. Before you connect each unit to the LAN, start the Management Tool and configure
each unit as described in the sections that follow.
Configure the MSC
Configure the Internet port1. Select Network > Ports > Internet port.
2. Select No address (Support VLAN traffic only .
3. Click Save .
Create two RADIUS profiles1. Select Security > RADIUS .
2. Click Add New Profile .
• In the Profile name box, assign CorporateRADIUS to the new profile.
• In the Settings box, use the defaults except for Authentication method whichmust match the method supported by the RADIUS server.
• In the Primary RADIUS server box, specify the address of the RADIUS serverand the secret the MSC will use.
• Click Save .
3. Click Add New Profile .
• In the Profile name box, assign ISPRADIUS to the new profile.
• In the Settings box, use the defaults except for Authentication method whichmust match the method supported by the RADIUS server.
• In the Primary RADIUS server box, specify the address of the RADIUS serverand the secret the MSC will use.
• Click Save .
Create VLANs1. Select Network > Ports.
2. Under VLAN configuration , click Add New VLAN .
• Under General
• Leave the Port selection as Internet port .
• Set VLAN ID to 50 .
• Set VLAN name to Private .
8/9/2019 Colubris Config Guide En
52/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
• Under Assign IP address via, select Static.
• Set IP address to 192.168.5.1 .
• Set Mask to 255.255.255.0 .
• Leave Gateway blank.
• Click Save .
3. Under VLAN configuration , click Add New VLAN .
• Under General
• Leave the Port selection as Internet port .
• Set VLAN ID to 60 .
• Set VLAN name to Public .
• Under Assign IP address via, select DHCP client.
• Click Save .
Create VSCsUse the following steps to create two virtual service communities on the MSC:
Note: This Private profile must be defined first to enable it to also support wiredemployees, since untagged incoming traffic on the LAN port is always sent to the firstVSC profile.
1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page :
• Under General, enter the Name as Private.
• Under General, select the Provide access control checkbox.
• Under Virtual AP, enter the WLAN name (SSID) as Private.
• Under VSC ingress mapping, select SSID .
• Under VSC egress mapping, for Authenticated select Private .
• Enable HTML-based user logins .
• Select the RADIUS authentication checkbox.
• For RADIUS Profile, select CorporateRADIUS.
• Click Save.
4. On the Virtual Service Communities page, click Add new profile.
5. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as Public.• Under Virtual AP, enter the WLAN name (SSID) as Public.
• Under VSC ingress mapping, select SSID .
• Under VSC egress mapping, for Authenticated select Public .
• Enable HTML-based user logins .
• Select the RADIUS authentication checkbox.
• For RADIUS Profile, select ISPRADIUS.
• Click Save.
8/9/2019 Colubris Config Guide En
53/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 53 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Set the shared secret1. Select Security > Authentication > Advanced Settings .
2. In the Access controller shared secret box, set Shared secret and Confirmshared secret to a unique string. For example: xr2t56. This password will be usedby the MAP to send authentication requests to the MSC.
3. Click Save .
Configure the MAPCreate VSCs1. Select VSC > Profiles.
2. On the Virtual Service Communities page, click the Colubris Networks profile toedit it.
3. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as Public.
• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as Public.
• Click Save.
4. On the Virtual Service Communities page, click Add new profile.
5. On the Add/Edit Virtual Service Community page:
• Under General, enter the Name as Private.
• Under General, select the Use Colubris access controller check box.
• Under Virtual AP, enter the WLAN name (SSID) as Private.
• Click Save.
Configure the connection to the MSC1. Select Security > Access controller.2. Set the Access controller shared secret to match the secret set on the MSC.
3. Click Save.
Note: By default the MAP is set up to use the default gateway assigned by DHCP as theaccess controller. Do not change this setting.
8/9/2019 Colubris Config Guide En
54/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 54 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Scenario 4: Delivering custom HTML pages using VLANs (AAA server)
This scenario shows you how to split customers onto different VLANs and use this todeliver a customized user experience.
How it works In this scenario a hotel assigns customer traffic to a different VLAN based on an accesspoint’s location within the building.
• The MAPs serving the hotel rooms on each floor are configured to return customertraffic on VLAN 40.
• The MAPs serving the hotel lobby, terrace, and restaurant are configured to returncustomer traffic on VLAN 50.
• VLAN 30 is defined for management purposes. It is used by the network administratorto reach the management tool on the MSC and MAPs.
One advantage to this strategy is that it enables all devices to have the same SSID(Hotspot , for example), making it easy for customers to connect.
Custom content is triggered based on the VLAN ID that customer traffic is mapped to.
In this scenario the MSC is used to provide access control only and does supportwireless clients.
Floor 1Floor 2 Floor 3
Hotel Rooms
Restaurant Terasse
Public Spaces
VLAN 30VLAN 40
VLAN 30VLAN 40
VLAN 30VLAN 40
VLAN 30VLAN 50
VLAN 30VLAN 50
VLAN 30VLAN 40VLAN 50
SSID = Hotspot
SSID = Hotspot
SSID = Hotspot
SSID = Hotspot
SSID = Hotspot
RADIUS Server
MSC
MAP MAP MAP MAP MAP
8/9/2019 Colubris Config Guide En
55/112
Chapter 3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Public access deployment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 55 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configurationroad map
On the RADIUS serverDefine accounts for the all customers and the MSC.
To deliver custom content based on the VLAN, add the following entry to the RADIUSprofile for the MSC.
welcome-url= web_server_URL /premium/welcome.html ?VLAN=%v
Create a server-side script to retrieve the VLAN value and then display a custom Loginpage as follows:
• If VLAN = 40, display the customer Login page.
• If VLAN = 50, display the public access Login page.
Install the MSC and the MAPs1. Install the devices as described in the appropriate quickstart guide.
2. Before you connect each unit to the LAN, start the Management Tool and configureeach unit as described in the sections that follow.
Configure the wireless network By default the MSC is configured to:• support 802.11b/g clients
• automatically