Page 2
WLAN-Minder User Manual This page left intentional blank NanoGlobes Ltd Page 2 of 53 NGCD000423.005...
Page 3
Software licences are granted for use with one processor and are not transferable. • NanoGlobes Ltd., make no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose.
Page 4
This warranty does not apply if the WLAN-Minder unit have been damaged by neglect, improper handling or by any other cause not arising directly from defective materials or workmanship.
Access Points) support this protocol. However certain low cost units and earlier designs do not support the IEEE 802.1x protocol, these products cannot be used in a WLAN-Minder solution. In general all components that have been certified by the Wi-Fi Consortium as being WPA compliant should operate with the WLAN-Minder.
WLAN-Minder User Manual WLAN-Minder Features • Control of Wireless LAN users access to a wired network. • Plug-and-play solution: no server software installation required. • Support for IEEE 802.1x compliant EAP-TLS mutual authentication protocol. Authenticating the client to the network, and the network to the client.
WLAN-Minder User Manual WLAN-Minder Front Panel Features Power On Indicator Access Point Network: Link and Traffic Status LEDs Local Network: Link and Traffic Status LEDs. eToken select LEDs used to indicate a USB eToken should be inserted. USB sockets for connecting eTokens to be initialised or read.
NOT remove the smart card when the RED LED is lit. INSERTING THE SMART CARD The contacts surface of the smart card should be face down, and the card inserted with the contacts at the edge closest to the centre of the WLAN-Minder unit. Using eTokens with the WLAN-Minder USB eTokens may be used as an alternative to a smart card for storing a user’s...
WLAN-Minder User Manual Installing the WLAN-Minder. The WLAN-Minder must first be given a valid IP network address before it can be placed on the network. This is achieved by using the BIOS menu as outlined in this section. Once the IP address has been configured all further configuration is performed using a web browser interface.
Page 12
Gateway address. The user should set the IP Address and IP Subnet mask to a suitable value to be compatible with the network that the WLAN-Minder is to be attached to. The unit then prompts for a TFTP Server path and file name, and the IP Address of the TFTP server.
Page 13
For the changes to take effect and to restart the unit, either cycle the power to the unit (Power Off / On) or depress and release the RESET switch which is accessible on the rear panel of the WLAN-Minder unit. NanoGlobes Ltd Page 13 of 53 NGCD000423.005...
Error - Password not changed.” is displayed. The user must run the passwd command again. ----------------------------------------------------------- BIOS v1.11.1 (c) 2005 NanoGlobes Ltd. ----------------------------------------------------------- If you want to skip the BIOS command mode, type enter or wait a few seconds. After this, the system will boot automatically.
The connection must be made using the connector labelled [Network LAN] on the rear panel of the WLAN-Minder unit. Check the LAN Link light on the front panel of the WLAN-Minder lights up (GREEN). The user may confirm that the Ethernet link is working by issuing a PING command to the WLAN-Minder from another computer on the same subnet network.
Page 16
WLAN-Minder User Manual If the Ping fails to elicit a response from the WLAN-Minder, the user should check: The Ethernet cable is plugged in the LAN Network connector on the WLAN-Minder. ¤ The IP Address of the WLAN-Minder is set correctly.
Initialising the WLAN-Minder - Creating the Root CA System. A new WLAN-Minder must first be initialised with a Root CA certificate system When the unit is first powered on it will automatically enter the correct mode for the administrator to setup the Root CA system.
Page 18
WLAN-Minder User Manual The user must enter the correct date and time. This is an important operation as the date/time entered is used as a reference in checking the validity of certificates. See Section 5.8. Each parameters is two numeric digits.
Page 19
CA Details section of the display and enter the following information: Root CA Validity Period The Number of DAYS the newly created certificate system on the WLAN-Minder is to be valid for. When this value expires ALL users of the system will have to have their certificates re-issued.
Page 20
When the Rebooting message is displayed the user should click the Back button. ¤ The system initialisation process is now completed. The Administrator will now be able to login to the WLAN-Minder settings menu to configure the unit and create users on the system. NanoGlobes Ltd Page 20 of 53...
Access Point(s). ¤ The WLAN-Minder must be used to issue the smart cards or eTokens for each user that is going to use the system. 4.1 Logging in to the WLAN-Minder web interface.
Page 22
In the Location bar of the web browser, enter the IP address of the WLAN-Minder. The WLAN-Minder will display a screen requesting the user to insert his identity administrator eToken or smart card (see section 10). Once the smart card or USB eToken has been detected by the WLAN- Minder, the Administrator user will prompt to enter his PIN code.
WLAN-Minder User Manual 4.2 WLAN-Minder Welcome Menu Once the Administrator is successfully logged in to the WLAN-Minder, the welcome screen is presented. This screen presents access to all the control functions supported by the WLAN- Minder. When configuring the WLAN-Minder for the FIRST time, the Administrator must perform the following actions in the order listed: Configure the parameters for the Access Points.
WLAN-Minder User Manual 4.3 Configuring the Wireless LAN Access Point. From the “Welcome” menu select the [Access Point Settings] option. At least one valid access point must be defined, the first Access Point data should be entered in the Access Point 1 form.
Page 25
The IP Mask of the Access Server (in dotted decimal format: e.g. 255.255.255.0) Once all the Access Point parameters have been entered the [Save Settings] button should be clicked causing the WLAN-Minder to save all Access Point parameters. NanoGlobes Ltd Page 25 of 53...
The [Settings] menu provides the Administrator with the option of selecting to implement a system based either on smart cards or eTokens. The WLAN-Minder currently supports the Shlumberger 8K Cryptoflex smart card, or the Aladdin eToken-Pro USB tokens. The Pro-Server uses this setting to be able to generate the correct data sets when user accounts are generated.
WLAN-Minder User Manual 4.5 Creating User Accounts. From the “Welcome” Menu please select the [Add User] option. NanoGlobes Ltd Page 27 of 53 NGCD000423.005...
Page 28
WLAN-Minder User Manual Format Card: Tick this item if the card to be used has already had data written to it. (If this box is not ticked and the card already contains data, an error will be reported when the Generate button is clicked.) If the card is blank (i.e.
Page 29
At least ONE access Point must be selected. The ESSID for each Access Point supported by the WLAN-Minder is listed. The Administrator should select the appropriate access points by clicking on associated “Allow Access” box. Once all the fields have been completed in the [Add User], [Token Type] and [Network Access] page, the GENERATE button should be clicked.
NOTE: The master administrator card must be present in the Admin Card slot of the WLAN-Minder unit, the new card that is to be generated as an administrator card should be inserted in the User Card slot of the WLAN- Minder unit.
WLAN-Minder User Manual Maintaining the WLAN-Minder. 5.1 Deleting User Accounts To permanently remove a user from the system the [Delete User(s)] option should be selected from the “Welcome” screen menu. The “Delete User(s)” menu will list all users currently registered with in the WLAN-Minder system.
WLAN-Minder User Manual 5.2 Managing Users. If it is only required to temporarily enable or disable users, then the [User Management] menu may be used for this purpose. This management feature does not remove users from the system. The [User Management] menu displays two windows, one listing the currently enabled users who are allowed access to the network, and the second window listing users that are currently denied access.
Page 33
WLAN-Minder User Manual To Enable a disabled user: Select the user from the DISABLED window by clicking on the users displayed name. Click the [Enable User] button. The selected user status will change to “Enabled” and his name will now appear in the ENABLED Window.
WLAN-Minder User Manual 5.3 Monitoring the Network. The WLAN-Minder will allow an Administrator to view the identity of the users who are currently authenticated on the network in real time. To view these users the [Monitor Network] option should be chosen from the “Welcome” menu.
5.4 Monitoring Logins. The Administrator may view a history of the Authenticated and Rejected logins that have been attempted by users of the WLAN-Minder system. These logs may be viewed by clicking on the [Rejected Logins] or [Authenticated Logins] buttons displayed on the “Welcome” screen.
WLAN-Minder User Manual 5.5 Viewing a User Token. The Administrator may view certain information on a user’s smart card or eToken. The information displayed will indicate the user’s name and list the Access Points he has rights to associate with.
WLAN-Minder unit. (See {11} Section 1.4) • Reset the WLAN-Minder unit. Either cycle the power Off/On, or depress and release the Reset switch on the rear panel of the WLAN-Minder unit (See {12} Section 1.4 ). • Login in to the WLAN-Minder unit using the Administrator smart card.
Page 38
WLAN-Minder User Manual The following figures give a rough guide to the storage requirements for a system back up. 25 Users Backup size 1.5Mb 50 Users Backup size 1.8Mb 100 Users Backup size 2.2Mb A 32MB Smart Media device is capable of storing a number of backup images.
5.7 Restoring a WLAN-Minder Configuration. • Insert the 32MB Smart Media device that contains the configuration files into the slot on the read panel of the WLAN-Minder unit. (See {11} Section 1.4) • Reset the WLAN-Minder unit. Either cycle the power Off/On, or depress and release the Reset switch on the rear panel of the WLAN-Minder unit (See {12} Section 1.4).
Page 40
WLAN-Minder User Manual Each backup is labelled with the WLAN-Minder name that the backup was made from and the date and time the backup was made. E.g. NGLMinder_80006c_20031110203145 CCYYMMDDhhmmss Century Year Month hhmmss Hours:Mins:Secs • WARNING Restoring a configuration file will DELETE all configuration and USER files currently stored on the WLAN-Minder unit.
Care must be taken when changing the system time and date. Certificates are issued to users with a specific expiry date. The WLAN-Minder unit uses its own clock to determine whether a user’s certificate has expired or not. Thus, if an invalid date/time is set (i.e.
WLAN-Minder User Manual Appendices 6.1 Hardware Specification Processor ARM940T Memory: 4MBytes FLASH EEPROM 8M Bytes NAND EEPROM 32M Bytes SDRAM Network: LAN Port 10/100Base T RJ45 (Full Duplex) WLAN Port 10/100Base T RJ45 (Full Duplex) [OPTIONAL N/A] Network LAN Status: Link...
Page 43
WLAN-Minder User Manual Administrator USB Socket GREEN LED Flashing - prompt for user to insert eToken. User USB Socket GREEN LED Flashing - prompt for user to insert eToken. Smart Card Interfaces: Administrator ISO 7816 compliant User ISO 7816 compliant...
WLAN-Minder User Manual 6.2 Connector Pin-out. RS232 9-Way D-Type Male Pin Out (Administrator RS232 Connector) Signal Signal Receive Data Request To Send Transmit Data Clear To Send Signal Ground — 10/100Base-T RJ45 Connector Pin Out Signal Signal Transmit (+) Transmit (-)
None Once the above parameters have been set click the [OK] button. Hyper-Terminal is now configured with the correct parameters and is ready to operate as a terminal emulator for the WLAN-Minder unit. NanoGlobes Ltd Page 46 of 53 NGCD000423.005...
WLAN-Minder User Manual 6.5 Unblocking a Blocked Smart Card / eToken. Please contact your re-seller or distributor to obtain the necessary software required to unblock a smart card or eToken. NanoGlobes Ltd Page 47 of 53 NGCD000423.005...
WLAN-Minder User Manual 6.6 Two Character Country Codes. AD Andorra EC Ecuador KR Korea (South) AE United Arab Emirates EE Estonia KW Kuwait AF Afghanistan EG Egypt KY Cayman Islands AG Antigua and Barbuda EH Western Sahara KZ Kazachstan AI Anguilla...
Page 49
WLAN-Minder User Manual PT Portugal VN Vietnam PR Puerto Rico (US) VU Vanuatu PW Palau PY Paraguay WF Wallis & Futuna Islands WS Samoa QA Qatar YE Yemen RE Reunion (Fr.) YU Yugoslavia RO Romania RU Russian Federation ZA South Africa...