Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group.

Published byArchibald Hunter Modified over 9 years ago

Similar presentations

Presentation on theme: "Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group."— Presentation transcript:

1 Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group Configuration->Security->Authentication-> Severs->Server Group: Add 802.1x Authentication Configuration->All Profiles->Wireless LAN-> 802.1x Authentication Profile: Add AAA Configuration->All Profiles-> Wireless LAN->AAA Profile: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit Define Authentication Server Configuration->Security->Authentication-> Severs: : Add WPA Configuration Example WebUI

2 Firewall policies ip access-list session "EmployeeAccess" any any any permit queue low User role user role Employee access-list session EmployeeAccess Server group aaa server-group EmployeeRADIUS auth-server RADIUS01 802.1x Authentication aaa authentication dot1x EmployeeDot1x termination eap-type eap-peap AAA aaa profile Employee_AAA dot1x-default-role logon authentication-dot1x EmployeeDot1x SSID wlan ssid-profile Employee_SSID essid “corp” opmode wpa2-aes Virtual AP wlan virtual-ap Employee_VAP aaa-profile Employee_AAA ssid-profile Employee_SSID vlan 200 forward-mode tunnel VLAN vlan 200 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1 Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile Define Authentication Server aaa authentication-server RADIUS01... WPA Configuration Example CLI

3 Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group Configuration->Security->Authentication-> Severs->Server Group: Add Captive Portal Authentication Configuration->All Profiles->Wireless LAN-> Captive Portal Authentication Profile: Add +Server Group == AAA Configuration->All Profiles-> Wireless LAN->AAA Profile: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit Define Authentication Server Configuration->Security->Authentication-> Severs: : Add Captive Portal Configuration Example WebUI Assign Captive Portal Profile Configuration->Security->Access Control-> User Roles: : Edit

4 Firewall policies ip access-list session ”GuestAccess" any any any permit queue low User role User-role guest access-list session GuestAccess Server group aaa server-group GuestAuthServers auth-server GuestAuthServer Captive Portal Authentication aaa authentication captive-portal GuestCP server-group “internal” AAA aaa profile Guest_AAA initial-role logon SSID wlan ssid-profile Guest_SSID essid “guest” opmode opensystem Virtual AP wlan virtual-ap Guest_VAP aaa-profile Guest_AAA ssid-profile Guest_SSID vlan 900 forward-mode tunnel VLAN vlan 900 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1 Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile Define Authentication Server aaa authentication-server GuestAuthServer... Captive Portal Configuration Example CLI Assign Captive Portal Profile User-role guest captive-portal GuestCP

5 Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add SSID Configuration->All Profiles-> Wireless LAN->SSID Profile: Add Virtual AP Configuration->All Profiles-> Wireless LAN->Virtual AP profile: Add VLAN Configuration->Network->VLANs: Add AP Group Configuration-> AP Configuration: New AP system profile Configuration->All Profiles->AP-> AP System Profile: Add Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group Configuration->AP Configuration: : Edit WEP Configuration Example WebUI

6 Firewall policies ip access-list session "EmployeeAccess" any any any permit queue low User role user role Employee access-list session EmployeeAccess SSID wlan ssid-profile WEP_SSID wepkey1 deadbeef99 opmode static-wep Virtual AP wlan virtual-ap WEP_VAP ssid-profile WEP_SSID vlan 210 forward-mode tunnel VLAN vlan 200 AP Group ap-group Sunnyvale_APs AP system profile ap system-profile Sunnyvale_APs lms-ip 192.168.252.1 bkup-lms-ip 192.168.250.1 Non-Profile ConfigurationSecurity Profile Configuration WLAN Configuration AP Configuration Assign VAP to AP Group ap-group Sunnyvale_APs virtual-ap Employee_VAP ap-system-profile WEP Configuration Example CLI

Download ppt "Firewall policies Configuration->Security->Access Control->Policies: Add User role Configuration->Security->Access Control-> User Roles: Add Server group."

Similar presentations

Introduction to the WatchGuard AP Device

Introduction to the WatchGuard AP Device
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Securing The Network EDGE December 2010

Securing The Network EDGE December 2010
WHG Product Training Oct 2011 For authorized partners only

WHG Product Training Oct 2011 For authorized partners only
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
Www.sown.org.uk Southampton Open Wireless Network The Topology Talk.

Southampton Open Wireless Network The Topology Talk.
Hotspot Customization

Hotspot Customization
All Rights Reserved © Alcatel-Lucent 2010 1 | Enterprise mobility | 2010 Laurent Bouchoucha October, 2010 Seamless mobility in a secure and controlled.

All Rights Reserved © Alcatel-Lucent | Enterprise mobility | 2010 Laurent Bouchoucha October, 2010 Seamless mobility in a secure and controlled.
USRobotics Professional Access Point  Yosi Rafael.

USRobotics Professional Access Point  Yosi Rafael.
How Purdue University Calumet maintains sanity in a campus BYOD environment Presented by: Tim Loudermilk - Supervisor of Network Administration.

How Purdue University Calumet maintains sanity in a campus BYOD environment Presented by: Tim Loudermilk - Supervisor of Network Administration.
802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.

802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
Wireless. Module Objectives By the end of this module participants will be able to: Explain the differences between thick and thin access points List.

Wireless. Module Objectives By the end of this module participants will be able to: Explain the differences between thick and thin access points List.
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005

High-quality Internet for higher education and research eduroam EuroCAMP, Porto, November 9, 2005
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.
Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.

Deliverable H: the interoperability testbed design Klaas Wierenga SURFnet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
Panasonic Computer Products Europe CF-08 Live Set up.

Panasonic Computer Products Europe CF-08 Live Set up.
D-Link Unified Access Point

D-Link Unified Access Point

Similar presentations

Ads by Google