C H A P T E R 4
Tutorial
This chapter first provides an overview of how to configure the wireless LAN on your NWA, and then gives step-by-step guidelines showing how to configure your NWA for some example scenarios.
4.1 How to Configure the Wireless LAN
This section illustrates how to choose which wireless operating mode to use on the NWA and how to
set up the wireless LAN in each wireless mode. See Section 4.1.3 on page 28
for links to more information on each step.
4.1.1 Choosing the Wireless Mode
• Use Access Point operating mode if you want to allow wireless clients to access your wired network, all using the same security and Quality of Service (QoS) settings. See
Section 1.2.1 on page 12
for details.
• Use Bridge / Repeater operating mode if you want to use the NWA to communicate with other
access points. See Section 1.2.2 on page 12
for details.
• Use AP + Bridge operating mode if you want to use the NWA as an access point (see above)
while also communicating with other access points. See Section 1.2.3 on page 14 for details.
• Use Wireless Client operating mode if you want to use the NWA to access a wireless network.
See Section 1.2.4 on page 15 for details.
The NWA is a bridge when other APs access your wired Ethernet network through the NWA.
• Use Multi SSID (Multiple Basic Service Set Identifier) operating mode if you want to use the
NWA as an access point with some groups of users having different security or QoS settings from other groups of users. See
Section 1.2.5 on page 16 for details.
4.1.2 Wireless LAN Configuration Overview
The following figure shows the steps you should take to configure the wireless settings according to the operating mode you select. Use the Web Configurator to set up your NWA’s wireless network
27 NWA1100-N User’s Guide
Chapter 4 Tutorial
(see your Quick Start Guide for information on setting up your NWA and accessing the Web
Configurator).
Select the WLAN Adaptor you want to configure.
Select Operation Mode.
Access Point Bridge / Repeater
Select Wireless Mode,
SSID Profile , and
Channel.
Configure RADIUS authentication (optional).
Select Wireless Mode,
SSID Profile , and
Channel.
Configure RADIUS authentication (optional).
Configure MAC Filter
(optional).
AP + Bridge
Select Wireless Mode,
SSID Profile , and
Channel.
Configure RADIUS authentication (optional).
Configure MAC Filter
(optional).
Wireless Client
Select the AP you want to connect to.
Configure Security
Settings .
Multi SSID
Select Wireless Mode and SSID Profile.
Configure the selected
SSID Profiles.
Configure Security
Settings .
Configure RADIUS authentication (optional).
Configure MAC Filter
(optional).
Check your settings and test.
4.1.3 Further Reading
Use these links to find more information on the steps:
• Selecting Operation Mode: see
Section 5.4 on page 50 .
• Choosing Wireless Mode: see
Section 5.4 on page 50 .
• Choosing a wireless Channel: see
Section 5.4 on page 50
.
• Choosing an SSID Profile: see Section 5.4 on page 50
• Choosing a Security mode: see Section 6.2 on page 67 .
• Configuring an external RADIUS server: see Section 8.4 on page 85
.
• Configuring MAC Filtering: see
Section 9.4 on page 88
.
28 NWA1100-N User’s Guide
Chapter 4 Tutorial
4.2 How to Configure Multiple Wireless Networks
In this example, you have been using your NWA as an access point for your office network (See your Quick Start Guide for information on how to set up your NWA in Access Point mode). Now your
network is expanding and you want to make use of the Multi-SSID feature (see Multi SSID on page
50
) to provide multiple wireless networks. Each wireless network will cater to a different type of user.
You want to make three wireless networks: one standard office wireless network with all the same settings you already have, another wireless network with high priority QoS settings for Voice over
IP (VoIP) users, and a guest network that prevents visitors in this network from communicating with one another.
To do this, you will take the following steps:
1
Edit the SSID profiles.
2
Change the operating mode from Access Point to Multi SSID and reactivate the standard network.
3
Configure different security modes for the networks.
4
Configure a wireless network for standard office use.
5
Configure a wireless network for VoIP users.
6
Configure a wireless network for guests to your office.
The following figure shows the multiple networks you want to set up. Your NWA is marked Z.
Z
NWA1100-N User’s Guide 29
Chapter 4 Tutorial
The standard network (SSID01) has access to all resources. The VoIP network (VoIP_SSID) has access to all resources and a high QoS priority. The guest network (Guest_SSID) has a low QoS priority and prevents visitors in this network from communicating with one another.
4.2.1 Configure the SSID Profiles
1
Log in to the NWA (see
Section 2.1 on page 20 ). Click Wireless > Multi SSID. The Multi SSID
screen appears.
2
Select the Profile1 radio button and click Edit.
3
Rename the Profile Name as SSID01. Click Save.
30
4
Repeat Step 2 and 3 to change Profile2 and Profile3 to VoIP_SSID and Guest_SSID.
NWA1100-N User’s Guide
Chapter 4 Tutorial
4.2.1.1 Multi SSID
1
Go to Wireless > Wireless Settings. Select Multi SSID from the Operating Mode drop-down list box.
2
SSID01 is the standard network, so select SSID01 as the first profile. It is always active.
3
Select VoIP_SSID as the second profile, and Guest_SSID as the third profile. Select the corresponding Active check-boxes.
4
Click Apply to save your settings. Now the three SSIDs are activated.
NWA1100-N User’s Guide 31
Chapter 4 Tutorial
4.2.2 Configure the Standard Network
1
Click Wireless > Multi SSID. Select SSID01 and click Edit.
2
Set the SSID to SSID01. Select SecProfile1 as SSID01’s security profile. Select the Hidden
SSID checkbox as you want only authorized company employees to use this network, so there is no need to broadcast the SSID to wireless clients scanning the area.
Also, the clients on SSID01 might need to access other clients on the same wireless network. Do not select the Enable Intra-BSS Traffic blocking check-box.
Click Save.
32 NWA1100-N User’s Guide
3
Next, click Wireless > Security. Select SecProfile1 and click Edit.
Chapter 4 Tutorial
4
Since SSID01 is the standard network that has access to all resources, assign a more secure security mode. Select WPA2-PSK-MIX as the Security Mode, and enter the Pre-Shared Key. In this example, use ThisisSSID01PreSharedKey. Click Apply.
5
You have finished configuring the standard network, SSID01.
NWA1100-N User’s Guide 33
Chapter 4 Tutorial
4.2.3 Configure the VoIP Network
1
Go to Wireless > SSID. Select VoIP_SSID and click Edit.
2
Set the SSID to VoIP_SSID. Select SecProfile2 as the Security Profile for the VoIP network.
Select the Hidden SSID check-box.
3
Select WMM-Voice in the QoS field to give VoIP the highest priority in the wireless network. Click
Save.
34 NWA1100-N User’s Guide
4
Next, click Wireless > Security. Select SecProfile2 and click Edit.
Chapter 4 Tutorial
5
Select WPA2-PSK as the Security Mode, and enter the Pre-Shared Key. In this example, use
ThisisVoIPPreSharedKey. Click Apply.
6
Your VoIP wireless network is now ready to use. Any traffic using the VoIP_SSID profile will be given the highest priority across the wireless network.
4.2.4 Configure the Guest Network
When you are setting up the wireless network for guests to your office, your primary concern is to keep your network secure. For this reason, the pre-configured Guest_SSID profile has intra-BSS traffic blocking enabled by default. “Intra-BSS traffic blocking” means that the client cannot access other clients on the same wireless network.
NWA1100-N User’s Guide 35
Chapter 4 Tutorial
1
Click Wireless > SSID. Select Guest_SSID and click Edit.
2
Set the SSID to Guest_SSID. Select SecProfile3 in the Security field. Do not select the Hidden
SSID check-box so the guests can easily find the wireless network.
3
Select WMM-best effort in the QoS field t
4 o give the guest a lower QoS priority.
5
Select the check-box of Enable Intra-BSS Traffic blocking. Click Save.
36 NWA1100-N User’s Guide
6
Next, click Wireless > Security. Select SecProfile3 and click Edit.
Chapter 4 Tutorial
7
Select WPA-PSK in the Security Mode field. WPA-PSK provides strong security that is supported by most wireless clients.
8
Enter the PSK you want to use in your network in the Pre-Shared Key field. In this example, the
PSK is ThisismyGuestWPApre-sharedkey. Click Apply.
9
Your guest wireless network is now ready to use.
4.2.5 Testing the Wireless Networks
To make sure that the three networks are correctly configured, do the following.
• On a computer with a wireless client, scan for access points. You should see the Guest_SSID network, but not the SSID01 and VoIP_SSID networks. If you can see the SSID01 and
VoIP_SSID networks, go to its SSID Edit screen and make sure to select the Hidden SSID check-box and click Save.
• Try to access each network using the correct security settings, and then using incorrect security settings, such as the WPA-PSK for another active network. If the behavior is different from expected (for example, if you can access the SSID01 or VoIP_SSID wireless network using the security settings for the Guest_SSID wireless network) check that the SSID profile is set to use the correct security profile, and that the settings of the security profile are correct.
NWA1100-N User’s Guide 37
Chapter 4 Tutorial
4.3 NWA Setup in AP and Wireless Client Modes
This example shows you how to restrict wireless access to your NWA.
4.3.1 Scenario
In the figure below, there are two NWAs (A and B) in the network. A is in Access Point (AP) mode while station B is in Wireless Client mode. Station B is connected to a File Transfer Protocol (FTP) server. You want only specified wireless clients to be able to access station B. You also want to allow wireless traffic between B and wireless clients connected to A (W, Y and Z). Other wireless devices
(X) must not be able to connect to the FTP server.
Figure 16
FTP Server Connected to a Wireless Client
4.3.2 Configuring the NWA in Access Point Mode
Before setting up the NWA as a wireless client (B), you need to make sure there is an access point to connect to. Use the Ethernet port on NWA (A) to configure it via a wired connection.
38 NWA1100-N User’s Guide
Chapter 4 Tutorial
Log into the Web Configurator on NWA (A) and go to the Wireless > Wireless Settings screen.
1
Set the Operation Mode to Access Point.
2
Select the Wireless Mode. In this example, select 802.11b/g/n.
3
Select Profile1 as the SSID Profile.
4
Choose the Channel you want NWA (A) to use.
5
Click Apply.
6
Go to Wireless > Multi SSID. Select Profile1 and click Edit.
7
Change the SSID to AP-A.
8
Select SecProfile1 in the Security field.
9
Select the check-box for Enable Intra-BSS Traffic blocking so the client cannot access other clients on the same wireless network.
NWA1100-N User’s Guide 39
Chapter 4 Tutorial
10
Click Save.
11
Go to Wireless > Security. Select SecProfile1. Click Edit.
40
12
Configure WPA-PSK as the Security Mode and enter ThisisMyPreSharedKey in the Pre-
Shared Key field.
NWA1100-N User’s Guide
Chapter 4 Tutorial
13
Click Apply to finish configuration for NWA (A).
4.3.3 Configuring the NWA in Wireless Client Mode
The NWA (B) should have a wired connection before it can be set to wireless client operating mode.
Connect your NWA to the FTP server. Login to NWA (B)’s Web Configurator and go to the Wireless
> Wireless Settings screen. Follow these steps to configure station B.
1
Select Wireless Client as Operation Mode. Select Profile1 as the SSID Profile. Click Apply.
2
Click on the Site Survey tab. A window should pop up which contains a list of all available wireless devices within your NWA’s range.
NWA1100-N User’s Guide 41
Chapter 4 Tutorial
3
Find and select NWA (A)’s SSID: AP-A. Click Selected.
4
The NWA automatically uses the selected AP’s SSID for Profile 1. Go to Wireless > Multi SSID.
Select Profile1 and click Edit.
42 NWA1100-N User’s Guide
5
Select SecProfile1 in the Security field. Click Save.
Chapter 4 Tutorial
6
Go to Wireless > Security. Select SecProfile1. Click Edit.
7
Configure the NWA to use the same security mode and Pre-Shared Key as NWA (A): WPA-PSK/
ThisisMyPreSharedKey. Click Apply.
Figure 17
NWA1100-N User’s Guide 43
Chapter 4 Tutorial
4.3.4 MAC Filter Setup
One way to ensure that only specified wireless clients can access the FTP server is by enabling MAC filtering on NWA (B) (See
Chapter 9 on page 87
for more information on MAC Filter).
1
Go to Wireless > MAC Filter. Select MacProfile1 and click Edit.
2
Select Allow Listed in the Access Control Mode field. Enter the MAC addresses of the wireless clients (W, Y and Z) you want to associate with the NWA. Click Apply.
Now, only the authorized wireless clients (W, Y and Z) can access the FTP server.
4.3.5 Testing the Connection and Troubleshooting
This section discusses how you can check if you have correctly configured your network setup as described in this tutorial.
• Try accessing the FTP server from wireless clients W, Y or Z. Test if you can send or retrieve a file. If you cannot establish a connection with the FTP server, do the following steps.
1
Make sure W, Y and Z use the same wireless security settings as A and can access A.
2
Make sure B uses the same wireless and wireless security settings as A and can access A.
44 NWA1100-N User’s Guide
Chapter 4 Tutorial
3
Make sure intra-BSS traffic is enabled on A.
• Try accessing the FTP server from X. If you are able to access the FTP server, do the following.
1
Make sure MAC filtering is enabled.
2
Make sure X’s MAC address is not entered in the list of allowed devices.
NWA1100-N User’s Guide 45
P
ART
II
Technical Reference
The appendices provide general information. Some details may not apply to your NWA.
46
47