. ELITECONNECT WLAN SECURITY SYSTEM Full authentication support--supports RADIUS, LDAP, 802.1x, Kerberos, Windows NT/2000 domain and built-in database. VPN support allows secure wireless communications to and from wireless clients. Rights-based network access increases network security by providing network administrators full control on users' access to a network, based on user identification, location, and time. Web-based configuration is easy-to-use, convenient and provides simple configuration management. Network access and usage policies can be set for trusted users and guests by user identification, location, and time. Roaming across different subnets and persistent session roaming eliminates the need for re-authentication by roaming users. Installation Manual SMC2504W SMC2502W ELITECONNECT WLAN SECURITY SYSTEM INSTALLATION MANUAL From SMC's EliteConnect line of enterprise wireless LAN solutions 38 Tesla Irvine, CA 92618 Phone: (949) 679-8000 March 2002 Part No. 01-111326-006 WLAN Security System Copyrights and Trademarks Copyright Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2002 by SMC Networks, Inc. 38 Tesla Irvine, CA 92618 All rights reserved. This publication is protected by federal copyright law. No part of this publication may be copied or distributed, stored in a retrieval system, or translated into any human or computer language in any form or by any means electronic, mechanical, manual, magnetic, or otherwise, or disclosed to third parties without the express written permission of SMC Networks Incorporated, located at 38 Tesla, Irvine, CA 92618. SMC is a registered trademark; and EliteConnect is a trademark of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders. Licensed users and authorized distributors of SMC Networks products may copy this document for use with SMC Networks products provided that the copyright notice above is included in all reproductions. All other brand and product names are claimed or registered marks of their respective companies. Limited Warranty Limited Warranty Statement: SMC Networks, Inc. ("SMC") warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product. SMC EliteConnect WLAN Security System Installation Manual v The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an "Active" SMC product. A product is considered to be "Active" while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an "Active" SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or addon components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product. Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer's expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer. WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER'S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC'S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHERIN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS vi WLAN Security System CAUSED BY CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD. LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS. * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 38 Tesla Irvine, CA 92618 SMC EliteConnect WLAN Security System Installation Manual vii Compliances FCC - Class A This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with instructions, may cause harmful interference to radio communications. However, there is no guarantee that the interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio/TV technician for help Industry Canada - Class A This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled "Digital Apparatus," ICES-003 of the Department of Communications. Cet appareil numérique respecte les limites de bruits radioélectriques applicables aux appareils numériques de Classe B prescrites dans la norme sur le matériel brouilleur: "Appareils Numériques," NMB-003 édictée par le ministère des Communications. viii WLAN Security System TABLE OF CONTENTS Copyrights and Trademarks v Compliances viii Table of Contents -ix Preface -vii Audience vii How To Use This Document vii Organization viii Document Conventions viii Package Checklist ix Introduction 1-1 Overview 1-2 Order of Network Installation 1-2 WLAN Secure Server Only 1-2 Secure Server With Additional Access Managers 1-2 Tools and Information Required 1-3 Tools Required 1-3 Information Required 1-3 Hardware Installation 2-1 Hardware Description 2-2 Chassis 2-3 Power Supply 2-3 Fans 2-3 I/O Ports 2-4 Controls and Indicators 2-5 Site Planning Checklist 2-5 Site Power Requirements and Heat Dissipation 2-7 Installing a WLAN Secure Server or WLAN Access Manager 2-7 Unpacking 2-7 Rack Mounting the Chassis 2-8 Connecting Power to the Chassis 2-11 WLAN Secure Server Network Installation 3-1 Getting Started 3-2 Information Required 3-2 WLAN Secure Server Installation Alternatives 3-3 Installation Using DHCP 3-4 SMC EliteConnect WLAN Security System Installation Manual ix Installation Using the Command Line Interface 3-9 Connecting to a Serial Console 3-9 Issuing Commands from the Serial Console 3-10 Installation Using the Web-Based Interface 3-12 Completing the Installation 3-19 WLAN Access Manager Network Installation 4-1 Getting Started 4-2 Information Required 4-2 Access Manager Installation Alternatives 4-3 Installation Using DHCP 4-4 Installation Using the Command Line Interface 4-7 Connecting to a Serial Console 4-7 Issuing Commands from the Serial Console 4-8 Installation Using the Web Based Interface 4-10 Completing the Installation 4-16 Troubleshooting 5-1 Command Line Interface A-1 Syntax for Command Line Interface A-2 CLI Help Commands A-2 CLI Access Control Commands A-2 Diagnostic Commands A-3 System Status Commands A-5 Diagnostic Log Commands A-5 Active Client Management Commands A-6 System Configuration and Control Commands A-6 Upgrading the System Software A-7 Stopping and Restarting the System A-7 Network Configuration A-8 Access Manager Configuration A-9 Control Server Configuration A-11 Time Configuration A-12 Backup and Restore A-12 SNMP Configuration and Reporting Commands A-13 Configuring a DHCP Server B-1 Preliminary Considerations B-2 ISC DHCP Package, Version 3.X B-2 x Table of Contents WLAN Security System Using Microsoft Windows 2000 DHCP Server B-3 Creating a SMC Networks Vendor Class B-3 Setting Predefined Options B-6 Assigning Values to SMC Networks Vendor-Specific Options B-7 Index -1 SMC EliteConnect WLAN Security System Installation Manual xi xii Table of Contents PREFACE ELITECONNECT WLAN SECURITY SYSTEM INSTALLATION MANUAL This preface describes the objective, audience, use, and organization of the EliteConnect WLAN Security System Installation Manual. It also outlines the document conventions, safety advisories, compliance information, comments, ordering process, related documentation, support information, and revision history. Audience The primary audience for this document are system administrators. This document is intended for authorized personnel who have previous experience working with network systems or similar equipment. It is assumed that the personnel using this document have the appropriate background and knowledge to complete the procedures described in this document. How To Use This Document This document contains procedural information describing all installation, configuration, and management of the SMC Networks EliteConnect SMC2504W WLAN Secure Server and SMC2502W WLAN Access Manager. Each procedure is written in a task-oriented format consisting of numbered step-by-step instructions, ...