Black Box LWN600CM-1 Betriebsanweisung PDF herunterladen (Seite 111)

724-746-5500 | blackbox.com

Page 111

Chapter 9: Common Configuration Examples

3. To create a VLAN object for IT staff traffic, select the check box for the newly created VLAN object “VLAN-10” in the list on

the Configuration > Advanced Configuration > Network Objects > VLANs page, and then click Clone.

The VLANs dialog box appears with the settings for VLAN-10.

4.ForVLANName,enterVLAN-20;intheVLANIDfield,change10to20;modifytheDescriptionfieldtoVLANforITstaff;and

then click “Save.”

You can see the two newly created VLAN objects on the Configuration > Advanced Configuration > Network Objects >

VLANs page.

5. To create a user profile for employees, click “Configuration > User Profiles > New,” enter the following, leave the other settings

as they are, and then click “Save:”

Name: Emp(1)

Including the attribute number "(1)" as part of the user profile name is helpful when troubleshooting and when

configuring the RADIUS server. The name "Emp(1)" serves as reminder to use 1 as the Tunnel-Private-Group-ID attribute

when configuring the RADIUS server. SmartPath APs use a combination of three RADIUS attributes to determine which

user profile to assign to an authenticated user: Tunnel-Type = GRE (10), Tunnel-Medium-Type = IP (1), and Tunnel-Private-

Group-ID = <number>. If a SmartPath AP receives all three attributes and the third one matches a user profile attribute,

it then applies that user profile to traffic from the authenticated user. Including the attribute number in the user profile

name makes configuring the RADIUS server a bit simpler.

Attribute Number: 1

Default VLAN: VLAN-10

Description: For employees to use VLAN 10

6. To create a user profile for IT staff, select the check box of the user profile that you just created, "Emp(1)", and then click

Clone.

The User Profiles dialog box appears with the settings for Emp(1).

7. For Name, enter IT(2); for Attribute Number, enter 2; for Default VLAN, choose VLAN-20, modify the text in the Description

field to For IT staff to use VLAN 20, and then click Save.

SmartPath APs as RADIUS Authenticators

SmartPath AP RADIUS authenticators provide network access to wireless clients and pass authentication requests between the

wireless clients acting as RADIUS supplicants and a RADIUS authentication server. In this section, you configure the settings that

control how the SmartPath APs communicate with the RADIUS authentication server.

Click Configuration > Advanced Configuration > Authentication > AAA Client Settings > New, and enter the following:

RADIUS Name: RADIUS-10.1.1.10

This is a name for the RADIUS configuration object on SmartPath EMS VMA. Provide it with a useful name that easily

identifies it to you. The name can be up to 32 characters and cannot contain spaces.

Description:HQRADIUSserverwithemployeeaccounts

 Enterausefulcommentabouttheconfiguration.Itcanbeupto64characters,includingspaces.

In the RADIUS Servers section, enter the following to define the necessary network and security settings for making secure

connections with the RADIUS authentication server:

Click the New icon to the right of the IP Address/Domain Name drop-down list, and define the IP address of the RADIUS

authenticationserverintheIPObjects/HostNamesdialogboxthatappears:

IP Address: (select; this setting automatically applies a netmask of 255.255.255.255)

1 2 ... 106 107 108 109 110 111 112 113 114 115 116 ... 191 192

Keine Kommentare

Black Box LWN600CM-1 Betriebsanweisung Seite 111