Providing Guest Access in the Enterprise Environment Using the Cisco WLAN Controller

Size: px
Start display at page:

Download "Providing Guest Access in the Enterprise Environment Using the Cisco WLAN Controller"

Transcription

1 Providing Guest Access in the Enterprise Environment Using the Cisco WLAN Controller Author: Marcus Jones, Senior Wireless Training Specialist, CCSI, CCNA and CWNA

2 Providing Guest Access in the Enterprise Environment Using the Cisco WLAN Controller Introduction Imagine inviting a customer to your organization for a meeting. In the course of the meeting, your guest wishes to use your company s new service web site to check on the status of a shipment, or perhaps, check during a break. Without access to the Internet, your customer is unable to do these things. A guest network that provides the customer with access to the Internet would have been very helpful. While a guest network is important to your current and potential customers, it is imperative to create one that does not compromise the corporate network. This white paper, written by GigaWave s senior wireless training specialist, will reflect on the design and deployment of a guest network using the Cisco WLAN controller, isolated from the corporate network, that will provide both wired and wireless guest access. Guest Access Overview A guest network should be able to utilize, as much as possible, the existing network, both wired and wireless. A wireless guest network will need to provide a dedicated SSID for wireless guests. This SSID should be available throughout the corporate campus. Guest traffic should be isolated from the corporate network by the use of Layer 2 or Layer 3 techniques. Wired access from conference rooms or visitor stations should meet the same requirements. Access to the guest network should be managed so that the network is restricted to guests and does not become a public Wi-Fi network. Access should be able to be controlled by a guest host or lobby ambassador to prevent burdening the IT staff with creating and managing temporary guest access. Using the Cisco WLAN Controller to provide Guest Access Cisco s 4400 series WLAN controller can act as an anchor for the guest network. Utilizing Ethernet in IP (RFC3378) tunnels between the foreign WLAN controller to which the guest is connected and an anchor WLAN controller in the enterprise DMZ, a Layer three tunnel is created that isolates guest traffic from the corporate network without requiring additional access control lists (ACLs) and protocols making the implementation easier to accomplish. Wired guests can be configured so that they are passed through the foreign WLAN controller and utilize the same Ethernet in IP tunnel mechanism. In addition to providing the guest tunneling function, the WLAN controller can be configured to provide WEB access. This allows the guest to be provided with user credentials that are requested from either the internal WEB service on the WLAN controller or passed through to an external WEB service. The credentials can be entered into the system by a lobby ambassador using either direct connection to the controller or via the Cisco Wireless Control System (WCS). A lobby ambassador account provides limited access to the WLAN controller for the express purpose of creating and managing user names and passwords for guests. For long-term visitors, such as contract vendors, a user account can be entered into a AAA server database and managed by the IT staff. Page 1

3 The following diagram shows a guest network using foreign and anchor controllers. In the example above, a Wireless LAN Controller (WLC) is placed in the enterprise DMZ where it anchors the guest access. This anchor controller terminates the EoIP tunnels that originate on other controllers throughout the campus. Data received on the access point, using the GUEST SSID, is transported from the access point to the foreign controller in a Lightweight Access Point Protocol (LWAPP) tunnel and, from there, transported via an EoIP tunnel to the anchor controller. A wired guest is connected to a port on a Layer 2 access switch or a switch port with a virtual LAN (VLAN) interface designated for guest access traffic. All data on this VLAN is trunked to the controller. From the controller, the traffic is tunneled to the anchor controller which places the data on the guest VLAN just as it would a wireless client. In either case, by implementing WEB access, when the guest opens a browser to the Internet, he or she is presented with a log-in screen. Deploying the Anchor Controller The anchor controller is normally placed in the enterprise Internet DMZ. The firewall should be configured with rules to manage communications between the authorized foreign controllers and the anchor controller. To restrict communications so that all traffic must flow between the anchor controller and the foreign controllers, ACLs that filter on the source or destination of the controller address could be added to the firewalls. In addition, rules allowing UDP port or inter-controller communication and UDP port 97 for Ethernet in IP traffic could be added. Using a topology that would allow the firewall to protect the anchor controller from outside attacks is a possibility as well. Because the anchor controller is placed in the DMZ, it is recommended that it be dedicated to guest access only and not used for providing wireless access to the corporate network. Page 2

4 Guest access points do not have to be joined to the anchor controller. The most cost effective controller to use is the Cisco 4402 series controller. This controller can support up to 40 connections to foreign controllers, 2500 guest clients and provide two gigabits of forwarding capacity. For management of the controller, the rules for the following ports may need to be added: TCP 161 and 162 for SNMP UDP 69 for TFTP TCP 80 or 443 for HTTP, or HTTPS for GUI access (default is HTTPS) TCP 23 or 22 for Telnet, or SSH for CLI access (default is SSH) DHCP Services The first point at which DHCP can be applied is at the anchor controller. The anchor controller can be configured to provide DHCP services to the clients or can be configured to point to an external DHCP server using a configured DHCP relay address. Routing All guest traffic enters the network at the anchor controller. If the trunk port on the anchor controller is connected directly to an interface on the Internet border router, the gateway address of the clients will be the IP address of the router interface. If the trunk port of the anchor controller is connected to the firewall, the gateway address of the guest clients will be the IP address of the firewall interface. For incoming traffic to the guest client, the guest VLAN is seen as a directly connected network and advertised by the network as such. Anchor Controller Redundancy More than one controller can be designated as an anchor controller for the Guest SSID. In this configuration, the foreign controller will alternate between the controllers on a per user basis. The foreign controller will continuously ping the anchor controllers to verify connectivity. If an anchor controller becomes unreachable, the foreign controller will disassociate any wireless clients connected to the unreachable anchor and reassociate them to an alternate anchor controller. If web authentication is being used, the clients will be presented with the log-in screen and must re-enter their credentials. Web Portal Authentication There is a built-in web portal that can be used to request log-in credentials from a guest. This portal offers simple branding capabilities and is able to display an acceptable use policy. This web portal is available on any WLAN configured for web authentication. It is possible to import a more customized page to be stored locally on the controller or to redirect the guest client to an external web server. When using web authentication, the guest user is redirected to the web authentication page when they open a web browser session. The guest user requests a DNS lookup for his or her homepage or other URL. The DNS response is redirected to either the log-in or acceptance page. Upon entering the correct credentials or accepting the acceptable use credentials is pass-through mode, the user is redirected to either his or her original DNS request or to a web page that he or she chooses. Page 3

5 In order for web authentication to work, the guest must open a browser that can be resolved by the DNS server and be to a URL that accepts the default HTTP port 80. Guest Credentials The WLAN controllers have a lobby ambassador management account that can be created by the network administrator that restricts access to the creation and managing of guest credentials. This account can only create accounts for WLANs that have been created by the network administrator that provide web authentication. The user s name is entered into the local database as a guest user and a lifetime is set. When the lifetime of the username ends, it is automatically deleted from the controller. The Cisco WCS also supports a lobby ambassador account. When using the WCS, the lobby ambassador can apply the user account to multiple WLAN controllers using a WCS template. It also allows the lobby ambassador to create accounts prior to the guest s arrival. When using this template, the lobby ambassador can create not only a start and end date, but restrict the number of hours each day the account is available. In addition, this information can be configured to new credentials each day to guests who are visiting over multiple days. This template also allows the guest access to be limited to specific campuses, buildings and floors. When using the lobby ambassador, the guest accounts are stored on the anchor controller for WLANs or guest LANs that are configured for web authentication. Configuring the WLAN Controllers for Guest Access: Step-by-Step Instructions The following tasks need to be accomplished to create guest access: 1. Create a mobility group that includes the anchor controller and all the foreign controllers that will connect to it. 2. Configure the controllers with the interface that will provide access to the Internet. If you are using a wired guest LAN, you will need to create a guest interface on each of the controllers. 3. Create a WLAN or Guest wired LAN on the foreign and anchor controllers that use web authentication. 4. Create a lobby ambassador account on the controller or on the WCS. Create the guest accounts. To create a mobility group, each controller must be configured with the following: 1. All controllers must be configured for the same LWAPP transport mode (Layer 2 or Layer 3) 2. Each controller must be able to reach the management interface of all other controllers in the mobility group via IP. 3. All controllers must have the same mobility group name. 4. All controllers must be running the same version of controller software. 5. All controllers must be configured with the same virtual interface IP address. Each controller must be configured with the IP address and MAC address of all the other controllers in the mobility group. Page 4

6 To configure the controllers with the interface that will provide access to the Internet, do the following: 1. Create a new dynamic interface. When creating the new dynamic interface, enter the name and VLAN ID. 2. Now add the following: a. VLAN Identifier b. Fixed IP address, IP network mask and default gateway. c. Physical port assignment. (Not necessary if Link Aggregation has been configured on the controller.) d. Primary and secondary DHCP servers. Access control list name if ACLs have been defined for the interface. To create a guest WLAN, complete the following: (Note It is assumed that the WLAN will provide web authentication and no data encryption.) 1. Create a WLAN on the controllers. Give it a name and SSID that you wish to use for guest access. 2. Under the General Tab: a. Select the Enabled box for Status. b. Select the Radio Policy, a/n, b/g/n or all Select the Interface you created for guest access. Under the Security Tab, select Layer 3 Security and select the Web Policy check box and the authentication option. To enable the anchor controller, choose the guest SSID you have created and select the controller that will be the anchor controller. More than one controller can be chosen. To create a Guest LAN for wired access, complete the following: 1. Create an interface on the controllers and designate it as a Guest LAN. This will restrict this interface to ingress into the controller. Wired guest ports should be assigned to this VLAN. 2. Create a Wired LAN in the WLAN configuration area. Give it a name and SSID that you wish to use for guest access. 3. Under the General Tab: a. Select the Enabled box for Status. b. Choose the Guest WLAN you created as the Ingress Interface. c. Choose the interface you created for guest access as the Egress Interface. Web authentication is the default security policy To enable the anchor controller, choose the Wired LAN you have created and select the controller that will be the anchor controller. More than one controller can be chosen. For further reference to design and configuration for WLAN controllers, refer to the Cisco Enterprise Mobility 4.1 Design Guide available at Page 5

7 About the Author Marcus Jones is the Senior Wireless Training Specialist at GigaWave Technologies. Marcus has over 25 years experience in data communications with more than 12 years in wireless data communications. Marcus joined GigaWave Technologies in July 2000, and has trained Cisco Employees, Cisco distributors, Cisco premier partners, Cisco resellers and Cisco end-users. He holds a CCSI, CCNA and CWNA. Suggested Cisco Unified Wireless Courses and Technical Training Cisco Unified Wireless Networking (CUWN) The Cisco Unified Wireless Networking (CUWN) course covers the design, install, configure, and maintain a wireless network both as an add-on to an existing wireless LAN and as a new Cisco Unified Wireless Network solution. For a detailed course description and current training schedule, visit About GigaWave Technologies GigaWave Technologies offers innovative wireless networking workshops for IT professionals who want to know how to design, install, secure or sell high performance Wireless Local Area Network (WLAN) and bridging technologies. As a leading provider of WLAN training, curriculum development and wireless services, GigaWave provides its trademark, high-caliber, hands-on training techniques to progressive organizations across the globe. GigaWave specializes in wireless networking and has attained an unrivaled level of WLAN expertise. As an authorized Cisco Learning Partner, GigaWave Technologies develops and delivers the Cisco wireless networking classes. For the most current training schedule and to view full course descriptions, go to or call GigaWave is a division TESSCO Technologies. About TESSCO TESSCO Technologies Incorporated is a provider of the product and supply chain solutions needed to build, operate and use wireless systems. TESSCO is committed to delivering, fast and complete, the product needs of wireless system operators, program managers, contractors, resellers, and self-maintained utility, transportation, enterprise and government organizations. As Your Total Source provider of mobile and fixed-wireless network infrastructure products, mobile devices and accessories, and installation, test and maintenance equipment and supplies, TESSCO assures customers of on-time availability, while streamlining their supply chain process and lowering inventories and total costs. To learn more, please visit Gulfdale San Antonio, Texas Phone Fax Page 6

Conducting a WLAN Site Survey and Implementation for the Cisco Unified Wireless Network

Conducting a WLAN Site Survey and Implementation for the Cisco Unified Wireless Network Conducting a WLAN Site Survey and Implementation for the Cisco Unified Wireless Network Author: Keven Dech, Director of Training Services, CCSI, CCDA All content is the property of GigaWave Technologies

More information

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller August 2006 Contents Overview section on page 1 Configuring Guest Access on the Cisco Wireless LAN Controller section on page

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4 1. APPLE AIRPORT EXTREME 1.1 Product Description The following are device specific configuration settings for the Apple Airport Extreme. Navigation through the management screens will be similar but may

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Web Authentication Proxy on a Wireless LAN Controller Configuration Example Web Authentication Proxy on a Wireless LAN Controller Configuration Example Document ID: 113151 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Proxy on

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

NETGEAR ProSAFE WC7520 Wireless Controller

NETGEAR ProSAFE WC7520 Wireless Controller NETGEAR ProSAFE WC7520 Wireless Controller Confi guring Offi ce and Guest SSIDs Using a Layer 3 Switch on Separate Layer 3 Subnets APPLICATION NOTES INTRODUCTION Business environments are dynamic in nature,

More information

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Objectives Organize the CCENT objectives by which layer or layers they address. Background / Preparation In this lab, you associate the objectives of

More information

Skills Assessment Student Training Exam

Skills Assessment Student Training Exam Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (8 points, 5 minutes) Part 2: Configure Device Basic Settings (28 points, 30 minutes) Part 3: Configure

More information

WiNG 5.X How-To Guide

WiNG 5.X How-To Guide WiNG 5.X How-To Guide Captive Portals Part No. TME-12-2012-01 Rev. A MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC

More information

Cisco Networking Professional-6Months Project Based Training

Cisco Networking Professional-6Months Project Based Training Cisco Networking Professional-6Months Project Based Training Core Topics Cisco Certified Networking Associate (CCNA) 1. ICND1 2. ICND2 Cisco Certified Networking Professional (CCNP) 1. CCNP-ROUTE 2. CCNP-SWITCH

More information

How To - Deploy Cyberoam in Bridge Mode

How To - Deploy Cyberoam in Bridge Mode How To - Deploy Cyberoam in Bridge Mode Cyberoam appliance can be deployed in a network in two modes: Bridge mode. Popularly known as Transparent mode Gateway mode. Popularly known as Route mode Article

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007 ProCurve Wireless Edge Services xl Module v.2 Software NPI Technical Training NPI Technical Training Version: 1.5 12 June 2007 2007 Hewlett-Packard Development Company, L.P. The information contained herein

More information

150-420. Brocade Certified Layer 4-7 Professional 2010. Version: Demo. Page <<1/8>>

150-420. Brocade Certified Layer 4-7 Professional 2010. Version: Demo. Page <<1/8>> 150-420 Brocade Certified Layer 4-7 Professional 2010 Version: Demo Page QUESTION NO: 1 Given the command shown below, which statement is true? aaa authentication enable default radius local A.

More information

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note Captive Portal with QR Code Copyright 2015 ZyXEL Communications Corporation Captive Portal with QR Code What is Captive Portal with QR code?

More information

APPENDIX 3 LOT 3: WIRELESS NETWORK

APPENDIX 3 LOT 3: WIRELESS NETWORK APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

NETVIGATOR Wireless Modem Setup Guide

NETVIGATOR Wireless Modem Setup Guide Configure the NETVIGATOR Wireless Modem Make sure that system meets the following requirement prior to NETVIGATOR Wireless Modem usage: - Subscribers who have applied for this service - One or more computers

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

How To - Deploy Cyberoam in Gateway Mode

How To - Deploy Cyberoam in Gateway Mode How To - Deploy Cyberoam in Gateway Mode Cyberoam appliance can be deployed in a network in two modes: Gateway mode. Popularly known as Route mode Bridge mode. Popularly known as Transparent mode Article

More information

Cisco TrustSec How-To Guide: Guest Services

Cisco TrustSec How-To Guide: Guest Services Cisco TrustSec How-To Guide: Guest Services For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

NETVIGATOR Wireless Modem Setup Guide. (TG789Pvn)

NETVIGATOR Wireless Modem Setup Guide. (TG789Pvn) NETVIGATOR Wireless Modem Setup Guide (TG789Pvn) Configure the NETVIGATOR Wireless Modem Make sure that system meets the following requirement prior to NETVIGATOR Wireless Modem usage: - Subscribers who

More information

Wireless Local Area Networks (WLANs)

Wireless Local Area Networks (WLANs) 4 Wireless Local Area Networks (WLANs) Contents Overview...................................................... 4-3 Configuration Options: Normal Versus Advanced Mode.............. 4-4 Normal Mode Configuration..................................

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

2Wire IG 2700 ADSL Router. RJ45 connecting cable

2Wire IG 2700 ADSL Router. RJ45 connecting cable Technical Support Information Case 2. BT ADSL Routers IG2700 (BT Business Hub) configuration to allow a BT Versatility Broadband Module (BBM) IP Gateway connection for IP Extensions (VoIP) when the Broadband

More information

On-boarding and Provisioning with Cisco Identity Services Engine

On-boarding and Provisioning with Cisco Identity Services Engine On-boarding and Provisioning with Cisco Identity Services Engine Secure Access How-To Guide Series Date: April 2012 Author: Imran Bashir Table of Contents Overview... 3 Scenario Overview... 4 Dual SSID

More information

Integrating a Hitachi IP5000 Wireless IP Phone

Integrating a Hitachi IP5000 Wireless IP Phone November, 2007 Avaya Quick Edition Integrating a Hitachi IP5000 Wireless IP Phone This application note explains how to configure the Hitachi IP5000 wireless IP telephone to connect with Avaya Quick Edition

More information

Hotspot Manager. Configuration guide for Cisco WLC. ADIPSYS SAS 2405 route des Dolines 06560 Valbonne Sophia-Antipolis

Hotspot Manager. Configuration guide for Cisco WLC. ADIPSYS SAS 2405 route des Dolines 06560 Valbonne Sophia-Antipolis Hotspot Manager Configuration guide for Cisco WLC ADIPSYS SAS 2405 route des Dolines 06560 Valbonne Sophia-Antipolis http://www.adipsys.com Copyright @ ADIPSYS - 2016 Configuration guide for Cisco WLC

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Microsoft Lync Certification Configuration Guide for WiNG 5.5

Microsoft Lync Certification Configuration Guide for WiNG 5.5 Microsoft Lync Certification Configuration Guide for WiNG 5.5 December 2013 Revision 1 MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Designing Unified Guest Access, Wired and Wireless BRKEWN-2016

Designing Unified Guest Access, Wired and Wireless BRKEWN-2016 1 Designing Unified Guest Access, Wired and Wireless BRKEWN-2016 Agenda Overview : Guest Access as a Supplementary User Authentication Wireless Guest Access Control & Path Isolation Wired Guest Access

More information

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Syslog Server Configuration on Wireless LAN Controllers (WLCs) Syslog Server Configuration on Wireless LAN Controllers (WLCs) Document ID: 107252 Contents Introduction Prerequisites Requirements Components Used Conventions Syslog Server Support on Wireless LAN Controllers

More information

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering? FAQs: MATRIX NAVAN CNX200 Q: How to configure port triggering? Port triggering is a type of port forwarding where outbound traffic on predetermined ports sends inbound traffic to specific incoming ports.

More information

Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Example

Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Example Restrict WLAN Access based on SSID with WLC and Cisco Secure ACS Configuration Example Document ID: 71811 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

Configuring Security Solutions

Configuring Security Solutions CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

Case Study - Configuration between NXC2500 and LDAP Server

Case Study - Configuration between NXC2500 and LDAP Server Case Study - Configuration between NXC2500 and LDAP Server 1 1. Scenario:... 3 2. Topology:... 4 3. Step-by-step Configurations:...4 a. Configure NXC2500:...4 b. Configure LDAP setting on NXC2500:...10

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

ProSafe 16 AP Wireless Management System WMS5316

ProSafe 16 AP Wireless Management System WMS5316 ProSafe 16 AP Wireless Management System WMS5316 Reference Manual 350 East Plumeria Drive San Jose, CA 95134 USA July 2010 202-10601-02 v1.0 2010 NETGEAR, Inc. All rights reserved. No part of this publication

More information

OvisLink OV804WVA Quick Installation Guide

OvisLink OV804WVA Quick Installation Guide OvisLink OV804WVA Quick Installation Guide 1 Indicators and Interfaces 1.1 Front Panel LED Color Status Description Power Red DSL Internet Red WAN LAN4-1 Off Power off. The initialization is normal. Initiating.

More information

Aruba Instant IAP Setup Notes June 2012 Version 3

Aruba Instant IAP Setup Notes June 2012 Version 3 Aruba Instant IAP Setup Notes June 2012 Version 3 Aruba Instant (or IAP) is a simple to deploy turn-key WLAN solution consisting of one or more access points. As long as you have an Ethernet port with

More information

Topic 7 DHCP and NAT. Networking BAsics.

Topic 7 DHCP and NAT. Networking BAsics. Topic 7 DHCP and NAT Networking BAsics. 1 Dynamic Host Configuration Protocol (DHCP) IP address assignment Default Gateway assignment Network services discovery I just booted. What network is this? What

More information

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) 100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.

More information

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues... 5 Release Purpose SonicOS 6.1.1.5 is a maintenance

More information

Linksys Wireless Router Configuration and Installation Guide Version 1.0

Linksys Wireless Router Configuration and Installation Guide Version 1.0 Linksys Wireless Router Configuration and Installation Guide Version 1.0 Author: Alan Damon Please send any questions or comments to consult@rpi.edu or call x7777 Page 1 of 22 Table of Contents 1. Cover

More information

Configuring DHCP Snooping

Configuring DHCP Snooping CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on Catalyst 4500 series switches. It provides guidelines, procedures, and configuration examples.

More information

Steps for Basic Configuration

Steps for Basic Configuration 1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

Meraki MX60 Hardware Installation Guide

Meraki MX60 Hardware Installation Guide Meraki MX60 Hardware Installation Guide August 2011 Copyright 2010, Meraki, Inc. www.meraki.com 660 Alabama St. San Francisco, California 94110 Phone: +1 415 632 5800 Fax: +1 415 632 5899 Copyright: 2010

More information

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led Course Description This 3-day instructor-led, hands-on course provides learners with skills and resources required to successfully

More information

Configuring a customer owned router to function as a switch with Ultra TV

Configuring a customer owned router to function as a switch with Ultra TV Configuring a customer owned router to function as a switch with Ultra TV This method will turn the customer router into a wireless switch and allow the Ultra Gateway to perform routing functions and allow

More information

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 COURSE OVERVIEW: Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0 is a five-day, instructor-led training course that teaches learners

More information

Knowledgebase Solution

Knowledgebase Solution Knowledgebase Solution Goal Enable coexistence of a 3 rd -party VPN / Firewall with an EdgeMarc appliance. Describe characteristics and tradeoffs of different topologies. Provide configuration information

More information

Controller Management

Controller Management Controller Management - Setup & Provisioning - 1 PRONTO SERVICE CONTROLLER (PN-CPP-A-1422) 2 PSC Key Features Fully interoperable with IEEE802.11b/g compliant products External AP support and management

More information

Using Templates. Information About Templates. Accessing the Controller Template Launch Pad CHAPTER

Using Templates. Information About Templates. Accessing the Controller Template Launch Pad CHAPTER CHAPTER 11 This chapter describes how to add and apply templates. Templates allow you to set fields that you can then apply to multiple devices without having to reenter the common information. This chapter

More information

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW) Page 1 of 20 Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW) Document ID: 50036 Contents Introduction Prerequisites Requirements Components Used Network Diagram The Role of Switched

More information

The All-in-one Guest Access Solution of

The All-in-one Guest Access Solution of The All-in-one Guest Access Solution of Redefining Networking Integration Tomorrow, Delivered Today Application Guide Series Series Application Guide Providing access in hospitality venues is not the same

More information

WAN Failover Scenarios Using Digi Wireless WAN Routers

WAN Failover Scenarios Using Digi Wireless WAN Routers WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another

More information

TrustSec How-To Guide: On-boarding and Provisioning

TrustSec How-To Guide: On-boarding and Provisioning TrustSec How-To Guide: On-boarding and Provisioning For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...

More information

Networking Guide Redwood Manager 3.0 August 2013

Networking Guide Redwood Manager 3.0 August 2013 Networking Guide Redwood Manager 3.0 August 2013 Table of Contents 1 Introduction... 3 1.1 IP Addresses... 3 1.1.1 Static vs. DHCP... 3 1.2 Required Ports... 4 2 Adding the Redwood Engine to the Network...

More information

GregSowell.com. Mikrotik Basics

GregSowell.com. Mikrotik Basics Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied

More information

Features Description Benefit AP-7131N support Adaptive AP Support for the AP7131N-GR and AP7131N- GRN

Features Description Benefit AP-7131N support Adaptive AP Support for the AP7131N-GR and AP7131N- GRN Release Notes for RFS7000 v4.1.0.0-040gr Contents 1. Introduction to New Features 2. Features Added for FIPS Compliance 3. Features Disabled or Modified for FIPS Compliance 4. Firmware Versions & Compatibility

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

Lab 4.5.2 Diagramming Intranet Traffic Flows

Lab 4.5.2 Diagramming Intranet Traffic Flows Lab 4.5.2 Diagramming Intranet Traffic Flows Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

More information

NAC Guest. Lab Exercises

NAC Guest. Lab Exercises NAC Guest Lab Exercises November 25 th, 2008 2 Table of Contents Introduction... 3 Logical Topology... 4 Exercise 1 Verify Initial Connectivity... 6 Exercise 2 Provision Contractor VPN Access... 7 Exercise

More information

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

WLAN Security: Identifying Client and AP Security

WLAN Security: Identifying Client and AP Security WLAN Security: Identifying Client and AP Security 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0 4-1 Lesson Overview & Objectives Overview This lesson provides detailed discussions on the Cisco

More information

Configure Workgroup Bridge on the WAP351

Configure Workgroup Bridge on the WAP351 Article ID: 5047 Configure Workgroup Bridge on the WAP351 Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless LAN that

More information

Enterprise WLAN Architecture

Enterprise WLAN Architecture Enterprise WLAN Architecture Steve Acker Wireless Network Consulting Engineer CCIE #14097 CISSP #86844 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Wireless LAN Mobility Services Security

More information

UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation

UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation UTM (Unified Threat Management) in a multi-ssid multi-vlan network with traffic separation This document describes the steps to undertake in configuring a UTM 10 (Firmware version 1.0.16-0) and a WNDAP330

More information

Mikrotik Router. Setup Guide

Mikrotik Router. Setup Guide Mikrotik Router Setup Guide Disclaimer THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN ( MATERIAL ) IS PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY. GLOBAL REACH AND ITS LICENSORS MAKE NO WARRANTY

More information

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT Avaya CAD-SV Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0 Issue 1.0 30th October 2009 ABSTRACT These Application Notes describe the steps to configure the Cisco VPN 3000 Concentrator

More information

642 552 Securing Cisco Network Devices (SND)

642 552 Securing Cisco Network Devices (SND) 642 552 Securing Cisco Network Devices (SND) Course Number: 642 552 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional, Cisco Firewall Specialist,

More information

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction.... 3 What Is the Cisco TrustSec System?...

More information

Application Note User Groups

Application Note User Groups Application Note User Groups Application Note User Groups Table of Contents Background... 3 Description... 3 Benefits... 4 Theory of Operation... 4 Interaction with Other Features... 6 Configuration...

More information

ClickShare Network Integration

ClickShare Network Integration ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network

More information

axsguard Gatekeeper Internet Redundancy How To v1.2

axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 Legal Notice VASCO Products VASCO data Security, Inc. and/or VASCO data Security International GmbH

More information

Smart Care Guide to Troubleshooting Appliance Registration

Smart Care Guide to Troubleshooting Appliance Registration Smart Care Guide to Troubleshooting Appliance Registration Revised: September 2008 Contents Troubleshooting Appliance Registration Verify the registration of the Partner CCO account Verify that the Customer

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business

Quick Start Guide. WRV210 Wireless-G VPN Router with RangeBooster. Cisco Small Business Quick Start Guide Cisco Small Business WRV210 Wireless-G VPN Router with RangeBooster Package Contents WRV210 Router Ethernet Cable Power Adapter Product CD-ROM Quick Start Guide Welcome Thank you for

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

AT-S95 Version 1.0.0.35 AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes

AT-S95 Version 1.0.0.35 AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes AT-S95 Version 1.0.0.35 AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes Please read this document before you begin to use the management software. Supported Platforms The following

More information

Portal Authentication Technology White Paper

Portal Authentication Technology White Paper Portal Authentication Technology White Paper Keywords: Portal, CAMS, security, authentication Abstract: Portal authentication is also called Web authentication. It authenticates users by username and password

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Lab - Using IOS CLI with Switch MAC Address Tables

Lab - Using IOS CLI with Switch MAC Address Tables Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 S2 VLAN 1 192.168.1.12

More information

User Manual. Page 2 of 38

User Manual. Page 2 of 38 DSL1215FUN(L) Page 2 of 38 Contents About the Device...4 Minimum System Requirements...5 Package Contents...5 Device Overview...6 Front Panel...6 Side Panel...6 Back Panel...7 Hardware Setup Diagram...8

More information

Wireless LAN Controller (WLC) Design and Features FAQ

Wireless LAN Controller (WLC) Design and Features FAQ Wireless LAN Controller (WLC) Design and Features FAQ Document ID: 98673 Contents Introduction Design FAQ Features FAQ Related Information Introduction This document provides information on the most frequently

More information

Netcomm NB604N. Modem Configuration Guide. Netcomm NB604N. Configuring in Layer2 PPPoE for Windows XP and 2000 IMPORTANT MESSAGE

Netcomm NB604N. Modem Configuration Guide. Netcomm NB604N. Configuring in Layer2 PPPoE for Windows XP and 2000 IMPORTANT MESSAGE Configuring in Layer2 PPPoE for Windows XP and 2000 IMPORTANT MESSAGE Your modem has been pre-configured, you do not need to follow each step of the set-up guide but should retain this document in case

More information

Application Note Startup Tool - Getting Started Guide

Application Note Startup Tool - Getting Started Guide Application Note Startup Tool - Getting Started Guide 1 April 2012 Startup Tool Table of Contents 1 INGATE STARTUP TOOL... 1 2 STARTUP TOOL INSTALLATION... 2 3 CONNECTING THE INGATE FIREWALL/SIPARATOR...

More information