Connecting Customers; Security; Proxy Server Support - Colubris Networks CN3000 Administrator's Manual

Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How it works - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2

Connecting customers

To access protected network resources via the public access interface, customers must:
• successfully connect to the wireless or wired network
• open the login page in their web browser and supply a valid username and password
The CN3000 provides several features that make it easy for customers to accomplish
these tasks.
Broadcast WLAN name (SSID)
This feature enables the CN3000 to broadcast its wireless network name (SSID) to all
wireless client stations. Most wireless adapter cards have a setting that enables them to
automatically discover access points that broadcast their names and automatically
connect to the one with the strongest signal.
This feature is enabled by default for all profiles. To disable it for the default profile go to
the Network > Wireless page in the CN3000 management tool. For other profiles go to
the Wireless > WLAN profiles page and edit the appropriate profile. If you disable this
feature, customers must manually specify the SSID you define for each wireless profile.
Allow any IP address
This feature enables wireless client stations that are using a static IP address to connect
to the CN3000. The client station's IP address does not have to be on the same subnet
as the CN3000. This permits customers to access the wireless network without
reconfiguring their networking settings.
For example, by default the CN3000 creates the wireless network on the subnet
192.168.1.0. If a client station is pre-configured with the address 10.10.4.99, it will still
be able to connect to the CN3000 without changing its address, or its settings for DNS
server and default gateway.
This feature is enabled by default. To disable it, go to the Security > Authentication >
Advanced Settings page.
WPA/802.1x clients
The CN3000 provides complete support for these clients. Customer accounts must be
managed on a RADIUS server. (Unless using WPA with the pre-shared key option.)

Security

By default, all traffic between wireless customers is blocked by the CN3000. This option
can be configured on a per-profile basis.
Proxy server
This feature enables the CN3000 to support client stations that are configured to use a
proxy server for HTTP and HTTPS, without requiring customers to reconfigure their
support
systems.
This feature is disabled by default. To enable it, go to the Client station settings box on
the Security > Authentication > Advanced Settings page.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OR
login with an 802.1x or WPA client (if this feature is enabled on the CN3000)
OR
be automatically logged in by their MAC address (if this feature is enabled on the
CN3000)