Cyberoam Wireless Protection Guide

Cyberoam Wireless Protection Guide
Cyberoam Wireless Protection Guide
Version 10
Document version 1.0 – 10.6.3.260 - 29/05/2015
Cyberoam Wireless Protection Guide
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but
is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any
products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document.
Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications.
Information is subject to change without notice.
USER’S LICENSE
P
a
g
e
Use of this product and document is subject to acceptance of the terms and conditions
of Cyberoam End User License
|
Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.
2
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html
and the Warranty Policy for
Cyberoam UTM Appliances at http://kb.cyberoam.com.
RESTRICTED RIGHTS
Copyright 1999 - 2015 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of
Cyberoam Technologies Pvt. Ltd.
Corporate Headquarters
Cyberoam House,
Saigulshan Complex, Opp. Sanskruti,
Beside White House, Panchwati Cross Road,
Ahmedabad - 380006, GUJARAT, INDIA.
Tel: +91-79-66216666
Fax: +91-79-26407640 Web site: www.cyberoam.com
C
y
b
e
r
o
a
m
C
e
n
t
r
a
l
Page 2 of 34
C
o
n
s
o
l
e
Cyberoam Wireless Protection Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your
registration status, or similar issues to Customer care/service department
at the following address:
P
Corporate Office
Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower
Off C.G. Road
Ahmedabad 380006
Gujarat, India.
Phone: +91-79-66065606
Fax: +91-79-26407640
Web site: www.cyberoam.com
a
g
e
|
3
Cyberoam contact:
Technical support (Corporate Office): +91-79-66065777
Email: support@cyberoam.com
Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Page 3 of 34
Cyberoam Wireless Protection Guide
Contents
Introduction....................................................................................................................... 5
Appliance Administrative Interfaces ............................................................................... 6
P
Web Admin Console ........................................................................................................................
a
6
Command Line Interface (CLI) Console ..........................................................................................
g
7
e
Cyberoam Central Console (CCC) ..................................................................................................
7
Web Admin Console .......................................................................................................................... 8
Web Admin Language .....................................................................................................................
|
8
Supported Browsers ........................................................................................................................ 9
Login procedure .............................................................................................................................
4
10
Log out procedure .......................................................................................................................... 11
Menus and Pages .......................................................................................................................... 12
Page ............................................................................................................................................... 14
Icon bar .......................................................................................................................................... 15
List Navigation Controls ................................................................................................................. 16
Tool Tips ........................................................................................................................................ 16
Status Bar ...................................................................................................................................... 16
Common Operations ...................................................................................................................... 17
Cyberoam Wireless Protection ...................................................................................... 19
Overview ........................................................................................................................................... 19
Global Settings ................................................................................................................................ 21
Wireless Networks ........................................................................................................................... 23
Manage Wireless Networks ........................................................................................................... 23
Wireless Network Parameters ....................................................................................................... 24
Access Point .................................................................................................................................... 27
Edit Access Points ......................................................................................................................... 28
Grouping ........................................................................................................................................ 30
Mesh Networks ................................................................................................................................ 32
Manage Mesh Networks ................................................................................................................ 32
Add Mesh Networks ....................................................................................................................... 32
Configure Mesh Network Role ....................................................................................................... 34
Page 4 of 34
Cyberoam Wireless Protection Guide
Introduction
The Appliances use Layer 8 technology to help organizations maintain a state of readiness against
P
today's blended threats and offer real-time protection.
a
g
e
Unified Threat Management Appliances offer identity-based
comprehensive security to
organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats
| protocols viz. HTTPS; and more.
over applications viz. Instant Messengers; threats over secure
They also offer wireless security (WLAN) and 3G wireless broadband. Analog modem support can
5 continuity.
be used as either Active or Backup WAN connection for business
The Appliance integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and
Anti- Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering,
Data Leakage Prevention, IM Management and Control, Layer 7 visibility, Web Application
Firewall, Bandwidth Management, Multiple Link Management and Comprehensive Reporting over
a single platform.
The Appliance has enhanced security by adding an 8th layer (User Identity) to the protocol stack.
Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic,
enabling Administrators to apply access and bandwidth policies far beyond the controls that
traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without
compromising productivity and connectivity.
The Appliance accelerates unified security by enabling single-point control of all its security
features through a Web 2.0-based GUI. An extensible architecture and an ‘IPv6 Ready’ Gold logo
provide Appliance the readiness to deliver on future security requirements.
The Appliances provides increased LAN security by providing separate port for connecting to the
publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are
visible the external world and still have firewall protection.
Layer 8 Security:
The Appliance’s features are built around its patent pending Layer 8 technology. The Layer 8
technology implements the human layer of networking by allowing organizations control
traffic based on users instead of mere IP Addresses. Layer 8 technology keeps organizations a
step ahead of conventional security solutions by providing full business flexibility and security in
any environment including WI-FI and DHCP.
Note
All the screen shots in this Guide are taken from NG series of Appliances. The feature and functionalities
however remains unchanged across all Cyberoam Appliances.
Page 5 of 34
Cyberoam Wireless Protection Guide
Appliance Administrative
Interfaces
Appliance can be accessed and administered through:
1. Web Admin Console
2. Command Line Interface Console
3. Cyberoam Central Console
P
a
g
e
|
6
Administrative Access: An administrator can connect and access the Appliance through HTTP,
HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for
access, an administrator can access number of Administrative Interfaces and Web Admin Console
configuration pages.
Appliance is shipped with two administrator accounts and four administrator profiles.
Administrator
Type
Login Credentials
Console Access
Privileges
Super
Administrator
admin/admin
Web
Admin
Console
CLI console
Full privileges for both the
consoles. It provides readwrite permission for all the
configuration
performed
through either of the
consoles.
Default
cyberoam/cyber
Web
Admin
console only
Full privileges. It provides
read-write permission for
all the configuration pages
of Web Admin console.
Note
We recommend that you change the password of both the users immediately on deployment.
Web Admin Console
Web Admin Console is a web-based application that an Administrator can use to configure,
monitor, and manage the Appliance.
You can connect to and access Web Admin Console of the Appliance using HTTP or a HTTPS
connection from any management computer using web browser:
1. HTTP login: http://<LAN IP Address of the Appliance>
2. HTTPS login: https://<LAN IP Address of the Appliance>
For more details, refer section Web Admin Console.
Page 6 of 34
Cyberoam Wireless Protection Guide
Command Line Interface (CLI) Console
Appliance CLI console provides a collection of tools to administer, monitor and control certain
Appliance component. The Appliance can be accessed remotely using the following connections:
P
a
1. Remote login Utility – TELNET login
g
To access Appliance from command prompt using remote e
login utility – Telnet, use command
TELNET <LAN IP Address of the Appliance>. Use default password “admin”.
|
2. SSH Client (Serial Console)
7
SSH client securely connects to the Appliance and performs command-line operations. CLI
console of the Appliance can be accessed via any of the SSH client using LAN IP Address of the
Appliance and providing Administrator credentials for authentication.
Note
Start SSH client and create new Connection with the following parameters:
Host – <LAN IP Address of the Appliance>
Username – admin
Password – admin
Use CLI console for troubleshooting and diagnose network problems in details. For more details,
refer version specific Console Guide available on http://docs.cyberoam.com/.
Cyberoam Central Console (CCC)
Distributed Cyberoam Appliances can be centrally managed using a single Cyberoam Central
Console (CCC) Appliance, enabling high levels of security for Managed Security Service Provider
(MSSPs) and large enterprises. To monitor and manage Cyberoam using CCC Appliance you
must:
1. Configure CCC Appliance in Cyberoam
2. Integrate Cyberoam Appliance with CCC using: Auto Discovery or Manually
Once you have added the Appliances and organized them into groups, you can configure single
Appliance or groups of Appliances.
For more information, please refer CCC Administrator Guide.
Page 7 of 34
Cyberoam Wireless Protection Guide
Web Admin Console
CyberoamOS uses a Web 2.0 based easy-to-use graphical interface termed as Web Admin
Console to configure and manage the Appliance.
P
You can access the Appliance for HTTP and HTTPS web browser-based
administration from any
a
of the interfaces. Appliance when connected and powered gup for the first time, it will have a
following default Web Admin Console Access configuration foreHTTP and HTTPS services.
Services
Interface/Zones
HTTP
LAN, WAN
HTTPS
WAN
|
8
Default Port
TCP Port 80
TCP Port 443
The administrator can update the default ports for HTTP and HTTPS services from System >
Administration > Settings.
Web Admin Language
The Web Admin Console supports multiple languages, but by default appears in English. To cater
to its non-English customers, apart from English, Chinese-Simplified, Chinese-Traditional, Hindi,
Japanese and French languages are also supported. Administrator can choose the preferred GUI
language at the time of logging on.
Listed elements of Web Admin Console will be displayed in the configured language:
 Dashboard Doclet contents
 Navigation menu
 Screen elements including field & button labels and tips
 Error messages
Page 8 of 34
Cyberoam Wireless Protection Guide
Supported Browsers
You can connect to the Web Admin Console of the Appliance using HTTP or a secure HTTPS
connection from any management computer using one of the following web browsers:
P is 1024 X 768 and 32-bit true xxThe minimum screen resolution for the management computer
a
color.
g
Browser
Supported
e Version
Microsoft Internet Explorer
|
Version 8+
Mozilla Firefox
9
Version 3+
Google Chrome
Safari
Opera
All versions
5.1.2(7534.52.7)+
15.0.1147.141+
The Administrator can also specify the description for firewall rule, various policies, services and
various custom categories in any of the supported languages.
All the configuration done using Web Admin Console takes effect immediately. To assist you in
configuring the Appliance, the Appliance includes a detailed context-sensitive online help.
Page 9 of 34
Cyberoam Wireless Protection Guide
Login procedure
The log on procedure authenticates the user and creates a session with the Appliance until the
user logs-off.
P
To get to the login window, open the browser and type the LAN
IP Address of Cyberoam in the
a username and password.
browser’s URL box. A dialog box appears prompting you to enter
g
e
|
1
0
Screen – Login Screen
Screen Element
Description
Enter user login name.
Username
If you are logging on for the first time after installation,
use the default username.
Specify user account password.
Password
Dots are the placeholders in the password field.
If you are logging on for the first time after installation
with the default username, use the default password.
Language
Select the language. The available options are ChineseSimplified, Chinese-Traditional, English, French, and
Hindi.
Default – English
To administer Cyberoam, select ‘Web Admin Console’
Log on to
To view logs and reports, select “Reports”.
To login into your account, select “My Account”.
Login button
Click to log on the Web Admin Console.
Table – Login Screen
The Dashboard appears as soon as you log on to the Web Admin Console. It provides a quick and
fast overview of all the important parameters of your Appliance.
Page 10 of 34
Cyberoam Wireless Protection Guide
Log out procedure
To avoid un-authorized users from accessing Cyberoam, log off after you have finished working.
This will end the session and exit from Cyberoam.
To log off from the Appliance, click the
Admin Console pages.
button located
P at the top right of any of the Web
a
g
e
|
1
1
Page 11 of 34
Cyberoam Wireless Protection Guide
Menus and Pages
The Navigation bar on the leftmost side provides access to various configuration pages. This menu
consists of sub-menus and tabs. On clicking the menu item in the navigation bar, related
management functions are displayed as submenu items in the navigation bar itself. On clicking
submenu item, all the associated tabs are displayed as the horizontal menu bar on the top of the
P tab.
page. To view a page associated with the tab, click the required
a
g
e clicked on without navigating to a
The left navigation bar expands and contracts dynamically when
submenu. When you click on a top-level heading in the left navigation bar, it automatically expands
|
that heading and contracts the heading for the page you are currently
on, but it does not navigate
away from the current page. To navigate to a new page, first click on the heading, and then click
1
on the submenu you want navigate to. On hovering the cursor upon the up-scroll icon
or the
2
down-scroll icon
, automatically scrolls the navigation bar up or down respectively.
The navigation menu includes following modules:
 System – System administration and configuration, firmware maintenance, backup - restore
Page 12 of 34
Cyberoam Wireless Protection Guide
 Objects – Configuration of various policies for hosts, services, schedules and file type
 Networks – Network specific configuration viz., Interface speed, MTU and MSS settings,
Gateway, DDNS
 Wireless Protection – Configuration and management of Sophos Access Points.
 Identity – Configuration and management of User and user groups
 Firewall – Firewall Rule Management
P
a
g
 IPS – IPS policies and signature
e
 Web Filter – Web filtering categories and policies configuration
 VPN – VPN and SSL VPN access configuration
| configuration
 Application Filter – Application filtering categories and policies
 WAF – Web Application Filtering policies configuration. Available in all the models except
1
CR15iNG and CR15wiNG.
3
 IM – IM controls
 QoS – Policy management viz., surfing quota, QoS, access time, data transfer
 Anti Virus – Antivirus filtering policies configuration
 Anti Spam – Anti Spam filtering policies configuration
 Traffic Discovery – Traffic monitoring
 Logs & Reports – Logs and reports configuration
Note
Use F1 key for page-specific help.
Use F10 key to return to Dashboard.
Each section in this guide shows the menu path to the configuration page. For example, to reach
the Zone page, choose the Network menu, then choose Interface sub-menu from the navigation
bar, and then choose Zone tab. Guide mentions this path as Network > Interface > Zone.
Page 13 of 34
Cyberoam Wireless Protection Guide
Page
A typical page looks as shown in the below given image:
P
a
g
e
|
1
4
Screen – Page
Page 14 of 34
Cyberoam Wireless Protection Guide
Icon bar
P
a
g
e
|
1
5
The Icon bar on the upper rightmost corner of every page provides access to several commonly
used functions like:
1. Dashboard – Click to view the Dashboard
2. Wizard – Opens a Network Configuration Wizard for a step-by-step configuration of the
network parameters like IP Address, subnet mask and default gateway for your Appliance.
3. Report – Opens a Reports page for viewing various usage reports. Integrated Logging and
Reporting solution - iView, to offer wide spectrum of 1000+ unique user identity-based
reporting across applications and protocols and provide in-depth network visibility to help
organizations take corrective and preventive measures.
This feature is not available for CR15xxxx series of Appliances.
4. Console – Provides immediate access to CLI by initiating a telnet connection with CLI without
closing Web Admin console.
5. Logout – Click to log off from the Web Admin Console.
6. More Options
follows:
– Provides options for further assistance. The available options are as

Support – Opens the customer login page for creating a Technical Support Ticket. It is
fast, easy and puts your case right into the Technical Support queue.

About Product – Opens the Appliance registration information page.

Help – Opens the context – sensitive help page.

Reset Dashboard – Resets the Dashboard to factory default settings.

Lock – Locks the Web Admin Console. Web Admin Console is automatically locked if the
Appliance is in inactive state for more than 3 minutes. To unlock the Web Admin Console
you need to re-login. By default, Lock functionality is disabled. Enable Admin Session Lock
from System > Administration > Settings.

Reboot Appliance – Reboots the Appliance.

Shutdown Appliance – Shut downs the Appliance .
Page 15 of 34
Cyberoam Wireless Protection Guide
List Navigation Controls
The Web Admin Console pages display information in the form of lists that are spread across the
multiple pages. Page Navigation Control Bar on the upper right top corner of the list provides
navigation buttons for moving through the list of pages with a large number of entries. It also
includes an option to specify the number entries/records displayed per page.
P
a
g
e
|
1
6
Tool Tips
To view the additional configuration information use tool tip. Tool tip is provided for many
configurable fields. Move the pointer over the icon
to view the brief configuration summary.
Status Bar
The Status bar at the bottom of the page displays the action status.
Page 16 of 34
Cyberoam Wireless Protection Guide
Common Operations
Adding an Entity
You can add a new entity like policy, group, user, rule, ir host by clicking the Add button available
on most of the configuration pages. Clicking this button either opens a new page or a pop-up
P
window.
a
g
e
|
1
7
Editing an Entity
All the editable entities are hyperlinked. You can edit any entity by clicking either the hyperlink or
the Edit icon
under the Manage column.
Deleting an Entity
You can delete an entity by selecting the checkbox and clicking the Delete button or Delete icon.
To delete multiple entities, select
To delete all the entities, select
individual entity and click the Delete button.
in the heading column and click the Delete button.
Page 17 of 34
Cyberoam Wireless Protection Guide
P
a
g
e
Sorting Lists
|
To organize a list spread over multiple pages, sort the list in 1ascending or descending order of a
column attribute. You can sort a list by clicking a column heading.
8
 Ascending Order icon
in a column heading indicates that the list is sorted in ascending
order of the column attribute.
 Descending Order icon
in a column heading indicates that the list is sorted descending
order of the column attribute.
Filtering Lists
To search specific information within the long list spread over multiple pages, filter the lists.
Filtering criteria vary depending on a column data and can be a number or an IP address or part of
an address, or any text string combination.
To create filter, click the Filter
the Filter icon changes to
icon in a column heading. When a filter is applied to a column,
.
Configuring Column Settings
By default on every page all columnar information is displayed but on certain pages where a large
number of columnar information is available, all the columns cannot be displayed. It is also
possible that some content may not be of use to everyone. Using column settings, you can
configure to display only those numbers of columns which are important to you.
To configure column settings, click Select Column Settings and select the checkbox against the
columns you want to display and clear the checkbox against the columns which you do not want to
display. All the default columns are greyed and not selectable.
Page 18 of 34
Cyberoam Wireless Protection Guide
Cyberoam Wireless
Protection
P
a
g
Wireless Protection allows you to configure and manage Sophos
e Access Points (AP) connected to
your appliance. Cyberoam will act as a wireless controller for Sophos APs. The AP is connected to
the appliance using wired LAN through which the AP will| fetch their configuration and start
broadcasting SSIDs to the wireless clients. Wireless Client’s traffic will pass through Cyberoam
and all security policies can be applied on it thus providing threat
1 protection to Wireless clients.
9
Administrator can do global configuration, SSIDs (Wireless Networks) configuration, Mesh Network
configuration, AP configuration which includes Wireless and Mesh Network association to AP, AP
group configuration.


This feature is supported for the following Sophos AP models: AP 10, AP 15, AP 30, AP 50, AP
55 and AP 100.
Wireless Protection is not supported in Cyberoam ‘wi/wiNG’ series appliances and
10iNG/15iNG appliance models.
Overview
The overview page displays live snapshot of currently managed APs, broadcasted SSIDs (wireless
networks), wireless clients connected through SSID to AP and mesh networks.
The administrator can filter currently connected clients by Access Point or SSID.
Screen – Overview
Screen Element
Description
Name
Displays name of the wireless connection.
IP Address
IP Address leased for wireless connection.
MAC Address
Displays MAC Address of the wireless client.
Signal
Displays the signal strength.
Last-TX Rate
Displays the data transfer rate for the wireless client.
Page 19 of 34
Cyberoam Wireless Protection Guide
Connection Time
Displays the connection time for the wireless client.
Frequency
Displays frequency of the wireless network to which AP is
connected.
Table – Overview screen elements
P
a
g
e
|
2
0
Page 20 of 34
Cyberoam Wireless Protection Guide
Global Settings
To configure global settings for Wireless Networks, go to Wireless Protection > Global
Settings.
P
If AP firmware is not available on the appliance, AP firmwarea download link will be displayed on
this page.
g
e
|
2
1
Screen – Global Settings(Download Firmware)
You can enable Wireless Protection after AP firmware is downloaded successfully.
Screen –Global Settings after AP Firmware is downloaded
Screen Element
Description
Download Firmware (Only displayed if AP firmware is not downloaded)
Click to download AP firmware.
Download AP Firmware
Enable Wireless
Protection
Global Settings
Allowed Zone
Wireless Protection can be used after AP firmware is
successfully downloaded.
Click to enable Wireless Protection.
Select zones that are to be allowed for AP connectivity.
It is the zone in which AP is deployed.
Advanced Settings
Notification Timeout
Timeout (in minutes)
Specify time till which appliance will wait for notification
request from the AP. After the specified time, the AP will be
considered inactive.
Page 21 of 34
Cyberoam Wireless Protection Guide
Enterprise Authentication
RADIUS Server
Select RADIUS Server to authenticate wireless clients.
If wireless network uses WPA/WPA2 Enterprise
Authentication Encryption mode then RADIUS Server needs
to be specified.
Table – Global Settings screen elements
P
a
g
e
|
2
2
Page 22 of 34
Cyberoam Wireless Protection Guide
Wireless Networks
The page displays the details of wireless networks like name, SSID, Client traffic mode, encryption
mode used and frequency band. This page provides list of all the configured wireless networks and
allows the administrator to manage the wireless networks.
P
a
Manage Wireless Networks
g
e
To manage Wireless Networks, go to Wireless Protection > Wireless Networks >
Wireless Networks.
|
2
3
Screen – Manage Wireless Network
Screen Element
Name
SSID
Client traffic
Encryption mode
Frequency Band
Description
Displays the name of the Access Point.
Displays the unique Service Set Identifier (SSID)
Displays AP deployment mode
Displays encryption mode
Displays frequency band for the AP
Table – Manage Wireless Network screen elements
Page 23 of 34
Cyberoam Wireless Protection Guide
Wireless Network Parameters
To add or edit Wireless Network, go to Wireless Protection > Wireless Networks >
Wireless Networks. Click Add Button to add a new Wireless Network. To update the details,
click on the Wireless Network or Edit icon
you want to modify.
in the Manage column against the Wireless Network
P
a
g
e
|
2
4
Screen – Add Wireless Network
Screen Element
Description
Name
Specify a name of the wireless network.
SSID
Specify Service Set Identifier (SSID).
Security Mode
The wireless network is identified by its SSID. Users who want
to use the wireless network must configure their computers
with this SSID.
Select the security mode for encrypting the wireless traffic.
Available Options:
 No Encryption
 WEP Open
 WPA2 Personal
 WPA2/WPA Personal
 WPA Personal
 WPA2-Enterprise
 WPA2/WPA Enterprise
 WPA Enterprise
Default – WPA2 Personal
WPA2 mode is better for security than WPA mode.
Page 24 of 34
Cyberoam Wireless Protection Guide
Note:
If RADIUS Server is configured under Global Settings then
Enterprise Encryption mode should be selected.
For WEP-Open only
P
Specify WEP key for authentication.
It should consist of 26
a
hexadecimal characters.
g
e
For WPA2 Personal, WPA2/WPA Personal and WPA Personal only
Key
Passphrase/PSK
Specify the phrase to be used| as password.
Confirm Passphrase/PSK
2
Re-enter passphrase for confirmation.
5
Select AP deployment mode for integrating wireless network
into your local network.
Client traffic
Available Options:
 Separate Zone – In this mode, Wireless Network is
handled as a separate network having its own IP Address
range. Adding wireless network with this option
automatically creates a new virtual interface with given IP
address and zone on the Interface Manage Page. The
interface would be created with the name provided for the
Wireless Network. You can configure DHCP Server for
the interface from the same page.
 Bridge to AP LAN – In this mode, wireless clients will
share the same IP network.
 Bridge to VLAN – In this mode, wireless network traffic
will be bridged to VLAN of your choice.
Default – Separate Zone.
For “Separate Zone” Client Traffic only
Zone
IP Address
Specify the zone for Wireless Network.
Specify IP Address for the Wireless Network.
Netmask
Select the subnet mask.
For “Bridge to VLAN” Client Traffic only
Bridge to VLAN id
Client VLAN id
(Available only for
Enterprise Security
mode)
Specify the VLAN ID of the network to which the wireless
client’s traffic will be bridged.
Select to define VLAN ID from the available options.
Available Options:
 Static – It uses the VLAN ID defined in “Bridge to VLAN
id” parameter.
 Radius & Static – It uses the VLAN ID provided by the
RADIUS Server. RADIUS Server provides the VLAN ID to
the AP when the user authenticates against it.
Note
If a user does not have VLAN ID assigned then VLAN ID
specified in “Bridge to VLAN id” parameter will be used.
Page 25 of 34
Cyberoam Wireless Protection Guide
Description
Advanced Settings
Encryption
(Available only for
WPA/WPA2 Security
Mode)
Frequency Band
Client Isolation
Hide SSID
Specify description for Wireless Network.
Select Encryption type.
Available Options:
 TKIP(only abg)
P
 AES (secure)
 TKIP & AES (compatible)a
g
The AP assigned to this Wireless
Network will transmit on the
e
selected frequency band.
|
Available Options:
 2.4 and 5 GHz
2
 5 GHz
6
 2.4 GHz
Select to prevent clients from communicating with each other.
Password with which backup RADIUS server can be
accessed.
Table – Add Wireless Network screen elements
Page 26 of 34
Cyberoam Wireless Protection Guide
Access Point
The page displays list of the Active/Inactive/Pending Access Points. This page also allows to
edit/delete/group APs and assign wireless networks to AP or AP groups.
P
a
g
This section displays connected and running APs. To edit an AP,
e click
Active/Inactive Access Point
icon.
|
2
7
Screen – Active/Inactive Access Point
Pending Access Point
This section displays the APs that are connected to your appliance but not yet authorized. To
authorize an AP, click the Accept
button. On accepting, pending APs will be moved to the
Active Access Point section. To edit an AP, click
icon.
Screen – Pending Access Point
Screen – Manage Access Points
Page 27 of 34
Cyberoam Wireless Protection Guide
Edit Access Points
To edit Access Points, go to Wireless Protection > Access Point > Access Point. To
update the details, click on the Access Point or Edit icon
you want to modify.
in the Manage column against the AP
P
a
g
e
|
2
8
Screen – Edit Access Point
Screen Element
Description
ID
Label
Specify the ID for Access Point.
Specify label for easier identification of the AP in your
network.
Select the country where AP is located.
Select to organize APs in a group.
Country
Group
Group can be added from the Grouping menu.
Wireless Networks
Wireless Networks
Select the wireless networks that should be broadcasted by
Page 28 of 34
Cyberoam Wireless Protection Guide
the AP.
Mesh Networks
Mesh Networks (
Available only for AP50)
Select the mesh networks that should be broadcasted by the
AP.
You can also add APs that should broadcast mesh network
from this page by clicking the Add button.
P
a
g
Note
e
This option will be displayed only if a mesh network is configured.
|
2
9
Select a channel for your wireless
network. Selecting Auto will
automatically select the least used channel for transmission.
Advanced Settings
Channel 2.4 GHz
Default – Auto
Select the transmission power for the AP.
TX Power
Default – 100%
Channel 5 GHz
(Available with AP 100)
Select a channel for your wireless network. Selecting Auto will
automatically select the least used channel for transmission.
Default – Auto
Select the transmission power output for 5 GHz band.
TX Power 5GHz
(Available with AP 100)
Default – 100%
Select “enabled” to use Spanning Tree protocol (STP). STP
prevents bridge loops.
STP
Default - Disabled
VLAN Tagging
Select to connect AP with an existing VLAN Ethernet
Interface.
Default – Disabled
AP VLAN ID ( Displayed
only if VLAN Tagging is
enabled )
Specify the VLAN ID that will be used by the AP to connect to
the appliance.
VLAN ID can be any number between 2 and 4094.
Table – Edit Access Point screen elements
Page 29 of 34
Cyberoam Wireless Protection Guide
Grouping
The page displays list of AP groups. The page also allows you to organize APs in groups, edit
group details and delete a group.
P
a
g
To manage AP Group, go to Wireless Protection > Access Point > Grouping.
e
Manage AP Group
|
3
0
Screen – Manage AP Group
Screen Element
Name
Wireless Networks
Access Point
Description
Name of the AP Group
Wwireless networks that are broadcasted by the APs of the
group.
APs that are members of the Group.
Screen – Manage AP Group screen elements
AP Group Parameters
To add or edit AP Group, go to Wireless Protection > Access Point > Grouping. Click
Add Button to add a new AP group. To update the details, click on the AP group or Edit icon
the Manage column against the AP group you want to modify.
Page 30 of 34
in
Cyberoam Wireless Protection Guide
P
a
g
e
|
3
1
Screen – Add AP Group
Screen Element
Description
Name
Wireless Networks
Specify name to identify AP group.
Select the wireless networks that should be broadcasted by
the APs of this group.
Select to connect AP with an existing VLAN Ethernet
Interface.
VLAN Tagging
Default – Disabled
AP VLAN ID ( Displayed
only if VLAN Tagging is
enabled )
Specify the VLAN ID that will be used by the AP to connect to
the appliance.
VLAN ID can be any number between 2 and 4094.
Access Point
Select the APs that are to be added in this group.
Table – AP Group screen elements
Page 31 of 34
Cyberoam Wireless Protection Guide
Mesh Networks
A mesh network is a network in which multiple APs can communicate with each other and they
broadcast a common wireless network. In such a topology, the wireless network connection is
spread among large number of APs to share network covering a wide area.
P
a
An AP can be configured as a Root Access Point or Mesh Access
g Point.
e
Root Access Point: It has a wired connection to the appliance and provides a mesh network.
|
An access point can be root access point for multiple mesh networks.
3
2 appliance via a root access point.
Mesh Access Point: It needs a mesh network to connect to the
An access point can be mesh access point for only one single mesh network at a time.
Mesh Networks can be used to configure a Wireless Bridge or Wireless Repeater.
Manage Mesh Networks
To manage Mesh Networks, go to Wireless Protection > Mesh Networks > Mesh
Networks.
Screen – Manage Mesh Networks
Screen Element
Mesh-ID
Frequency Band
Description
ID of the Mesh Network
Frequency band for the AP
Table – Manage Mesh Networks screen elements
Add Mesh Networks
To add or edit Mesh Networks, go to Wireless Protection > Mesh Networks > Mesh
Networks. Click Add Button to add a new Mesh Network or Edit Icon to modify the details.
The page allows you to configure Mesh Networks and associate AP with it.
Page 32 of 34
Cyberoam Wireless Protection Guide
P
a
g
e
|
3
3
Screen – Add Mesh Networks
Screen Element
Description
Mesh-ID
Frequency Band
Specify ID for the mesh network
The AP assigned to this Mesh Network will transmit on the
selected frequency band.
Description
Access Point
Available Options:
 5 GHz
 2.4 GHz
Provide description for the mesh network.
Select the AP that should broadcast the mesh network.
You can define AP role from here by clicking Add button.
Table – Add Mesh Networks screen elements
Page 33 of 34
Cyberoam Wireless Protection Guide
Configure Mesh Network Role
This page allows you to configure Access Point as Root Access Point or Mesh Access Point. To
configure AP role, go to Wireless Protection > Mesh Networks > Mesh Networks.
To define AP role, click Add button for Access Point on the Add Mesh Networks page.
P
a
g
e
|
3
4
Screen – Configure Mesh Network Role
Screen Element
Description
Access Point
Select an AP that should broadcast the mesh network.
Note
AP 50 can only be used for mesh networks.
Role
Select AP’s role from the available options.
Available Options:
 Root Access Point
 Mesh Access Point
Table – Configure Mesh Network Role screen elements
Page 34 of 34
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising