1 / 114

Secure WLAN Solution

Secure WLAN Solution. WHG Product Training Oct 2011 For authorized partners only. Agenda. WHG Overview, Installation and Application EAP Overview, Installation and Application. Overview. About WHG

aira
Télécharger la présentation

Secure WLAN Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure WLAN Solution WHG Product Training Oct 2011 For authorized partners only

  2. Agenda • WHG Overview, Installation and Application • EAP Overview, Installation and Application

  3. Overview • About WHG • WHG Series is designed for wired and wireless network environments with multi-functional, enterprise-class, and high performance network management devices. Different models are suitable for different scale of WLAN (wireless local area network) environments. • All models support Gigabit interface can manage a large number of users and services quickly and effectively. • The product combines integrated management, security, data transfer, billing and payment functions, with a simple built-in web-based management interface for system administrators to monitor wired and wireless users effectively. • With a centralized management interface from wireless AP management function, administrators can easily search, set, monitor and upgrade all managed AP devices.

  4. Overview • Product features-1 • Customizable certification standards, including Web-based login (UAM) and 802.1X (RADIUS), customizable portal and Walled-Garden Ads. • Establishment and management of user groups. • Support for multiple authentication methods  (Local, On-demand, RADIUS, POP3, LDAP, NTDS). • Virtual local area network (Service Zone) and Policy Management. • On-demand Account (accounting by time or volume ) • Integration of external payment gateways, including PayPal, Authorize.net, SecurePay and WorldPay. • User account roaming

  5. Overview • Product features - 2 • Support wireless roaming between APs and AP management. • Virtual Private Network (VPN) tunneling technology. • Support Quality of Service (QoS) • Dual Uplink (WAN) to improve reliability and Load Balancing • Firewall, DoS (Denial of Service) attack protection • Status monitoring and reporting of network and on-line users • Support as a network gateway, including NAT, DHCP, DMZ, Firewall and Port Forwarding

  6. Overview • System Overview - 1 WHG-401

  7. Overview • System Overview - 2 • AAA Gateway Authentication, Authorization and Accounting • Authentication: Support for internal or external database servers • Authorization : User Group policy • Accounting: User Account management and Billing • Built-in multiple Service Zones • AP centralized management system

  8. Setup and Maintenance Instruction • WHG support web management interface To access the web management interface, connect a PC to any LAN Port, and then launch a browser. Make sure you have set DHCP in TCP/IP of your PC to get an IP address automatically. The default gateway IP address is “http://192.168.1.254” Access the web management interface via LAN port

  9. Setup and Maintenance Instruction • For the first time, there will be a “Certificate Error”

  10. Setup and Maintenance Instruction • The administrator login page will appear.

  11. Setup and Maintenance Instruction • After a successful login, a System Home page will appear on the screen.

  12. Setup and Maintenance Instruction • Setup Wizard - 1 • To quickly configure WHG311 by using the Setup Wizard to set up New Password, Time Zone, WAN1 Interface and Local User Account.

  13. Setup and Maintenance Instruction • Setup Wizard - 2

  14. Setup and Maintenance Instruction • Setup Wizard - 3

  15. Setup and Maintenance Instruction • Setup Wizard - 4

  16. Setup and Maintenance Instruction • System Overview • An Integration of the overall status of the current system

  17. Setup and Maintenance Instruction • Quick Links page • Provides administrator with frequently used links.

  18. Setup and Maintenance Instruction • System Main Menu

  19. Setup and Maintenance Instruction • Main Menu –System – WAN1 • Static -1

  20. Setup and Maintenance Instruction • Main Menu – System – WAN1 • Dynamic -1

  21. Setup and Maintenance Instruction • Main Menu –System – WAN1 • PPPoE -1

  22. Service Zone

  23. The Concept of Service Zone 9 Service Zones in total • A Service Zone is acting like a virtual Gateway. • Multiple Service Zones are equal to multiple virtual Gateways.

  24. The Concept of Service Zone • Under LAN Port Mapping, there are two modes for Service Zone: • Port-based • Tag-based

  25. LANPort Configuration • Port Based: For each LAN port, select a Service Zone to which the LAN port is to be mapped from the drop-down list box.

  26. LANPort Configuration • Port-Based Application Example

  27. LAN Port Configuration • Configure LAN Port Mapping as Tag-Based

  28. LANPort Configuration • Tag-Based: A Service Zone can be associated with multiple VLAN Tags

  29. LANPort Configuration • Tag-Based Application Example

  30. LANPort Configuration *Deploy two Service Zones: Employee and Guest Service Zone 2 – Guest: • SSID: SZ2-Guest • VLAN Tag: 2222 • Default Authentication: On-Demand User • Applied Policy: #2 Service Zone 1 – Employee: • SSID: SZ1-Employee • VLAN Tag: 1111 • Default Authentication: Radius server • Applied Policy: #1 WHG-401

  31. Setup and Maintenance Instruction • Configuration of Server Zone

  32. Setup and Maintenance Instruction • SZ1 - Basic Settings • IP, DHCP, VLAN Tag • Customize Login Page

  33. Setup and Maintenance Instruction • SZ1 - Basic Settings - 2 • DHCP Server (Enable DHCP Server – DHCP Server Configuration)

  34. Setup and Maintenance Instruction • SZ1 - Authentication Settings • Authentication Required For the Zone & Authentication Options

  35. Setup and Maintenance Instruction • SZ1 -Authentication Settings - 2 • Custom Pages

  36. Setup and Maintenance Instruction • SZ1 - Authentication Settings -3 • Login Page of Custom Pages (Default Page)

  37. Setup and Maintenance Instruction • SZ1 - Authentication Settings - 4 • Login Page of Custom Pages (Template Page)

  38. Setup and Maintenance Instruction • SZ1 -Authentication Settings- 5 • Login Page of Custom Pages (Upload Page)

  39. Setup and Maintenance Instruction • SZ1 -Authentication Settings - 6 • Login Page of Custom Pages (External Page)

  40. Setup and Maintenance Instruction • SZ1 - Wireless Settings • SSID • Security • Access Control

  41. Setup and Maintenance Instruction • SZ1 - Managed AP(s) in this Service Zone

  42. Group & Policy

  43. The Concept of Policy • In addition to Global Policy, the Policy contains four functions of other • Firewall Profile: Click Setting for Firewall Profile. The Firewall Configuration will appear. Click Predefined and Custom Service Protocols to edit the protocol list. Click Firewall Rules to edit the rules. • Specific Route Profile: The default gateway of WAN1, WAN2, or a desired IP address can be defined in a policy. When Specific Default Route is enabled, all clients applied this policy will access the Internet through this default gateway. • Schedule Profile:The Schedule table in a 7X24 format is used to control the clients’ login time. When Schedule is enabled, clients applied policies are only allowed to login the system at the time which is checked in the applied policy. • Maximum Concurrent Sessions: Set the maximum concurrent sessions for each client .

  44. The Concept of Policy • Policy Configuration Page

  45. The Concept of Group • A Group which is allowed to access a Service Zone can be applied with a Policy within this zone. • Group Configuration supports: • QoS Profile: Configure QoS (Quality of Service ) • Privilege Profile : When Change Password Privilege is enabled, the authenticated local users within this Group are allowed to change their password via the Login Success Page

  46. The Concept of Group • The relation between Group and Service Zone from the perspective of Group

  47. The Concept of Group

  48. The Concept of Group • The relation between Group and Policy from the perspective of Service Zone

  49. The Concept of Group

  50. Case Study Any Perfect Solutions? Tom owns a SMB with 40 employees Environment: Wide wireless environment Questions: 1. How to prevent employees in the workplace spending too much time surfing on the internet rather then working? 2. The staff in Jimmy’s department have more authority than other departments.

More Related