Wireless LAN controller wizard

By using the wireless LAN controller, you can set up and manage a WLAN infrastructure with multiple access points (APs). The WLAN controller has a Wizard which assists you in the configuration of your access points.

  1. Go to Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

Proceed as follows:

  1. For Region, select Germany .

  2. Select the Interface LAN_EN1-0 .

  3. For DHCP Server, select Internal .

  4. Enter the IP Address Range, here 192.168.100.10 - 192.168.100.110 .

    Now another DHCP pool is automatically created for the interface EN1-0. In doing this, it is taken into account that the IP address of the WLAN controller is sent as CAPWAP Option 138 for each DHCP request. The access points are told the address of the WLAN controller in this way.

  5. Select Next.

In the second step, the wizard queries whether the WLAN network is to be run in the 2.4 or 5 GHz frequency range. If you WLAN network is to work in the 2.4 and the 5 GHz frequency range, select 2.4 GHz initially. Later on you can change the configuration of individual radio modules to 5 GHz.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

Click Next.

In the next step you define the SSID which is to be supplied later.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

Proceed as follows:

  1. Click Add.

  2. For Network Name (SSID), enter Employee .

  3. Set the Security Mode to WPA-PSK .

  4. Set the WPA Mode set to WPA 2 .

  5. For Preshared Key, enter your defined password.

  6. For VLAN ID, enter 15 .

  7. Confirm with OK.

With these settings, all the traffic from WLAN clients which are connected via this SSID are routed to virtual interface en1-0-1.

Now define the second SSIDs which are to be supplied later.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

Proceed as follows:

  1. Click Add.

  2. For Network Name (SSID), enter Guest .

  3. Set Security Mode to Inactive .

  4. For VLAN ID, enter 16 .

  5. Confirm with OK.

With these settings, all the traffic from WLAN clients which are connected via this SSID are routed to virtual interface en1-0-2.

Note: Before you continue, ensure that all the access points that the WLAN controller is going to manage are switched on and connected via a switch to the router's en1-0 interface.

Click Next.

You now see a list of all the access points detected.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

If you wish to change the settings of a detected AP, click on in the corresponding entry.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

Proceed as follows:

  1. For Location, enter the installation location for the device, e. g. 1:Office . This will make it easier for you to monitor the devices later on.

  2. For Assigned Wireless Network (VSS) you are shown the wireless networks that are currently assigned, here e. g. vss-1:Employee and vss-2:Guest .

  3. Active Radio Profile displays the wireless module profile that is currently selected, here 2.4 GHz Radio Profile . You can select another wireless module profile from the list if more than one wireless module profile are being set up.

  4. Confirm with OK.

Now select the access points that your WLAN controller is to manage. To do this, click the entries you want in the Manage column.

Click Start to begin configuring the access points. When the installation is complete, you will see a list of the Managed access points.

Wireless LAN Controller -> Wizard -> Wireless LAN Controller Wizard

To ensure your Guests can use the Internet but are not given access to your other network components, firewall rules need to be added. Here is an example of a simple firewall rule intended to prevent the Guests from accessing the internal network.

First of all, two new groups are created to ensure that defining the filter rules is easier to understand.

Proceed as follows:

  1. Go to Firewall -> Services -> Groups -> New.

Firewall -> Services -> Groups -> New

Proceed as follows:

  1. Enter a Description of the service group, e. g. Internet .

  2. Select the members of the group from the available service aliases. To do this, activate the field in the Members column.

  3. Confirm with OK.

Proceed in the same way for the settings for the second group, e. g. local services .

The complete configuration now looks like this:

Firewall -> Services -> Groups

In the last step, the local services are further restricted. Access to the http and http(SSL) services must be permitted so that the router can show the login page to the HotSpot guests.

  1. Go to Firewall -> Policies -> Filter Rules ->New.

Firewall -> Policies -> Filter Rules -> New

Proceed as follows to restrict the local services.

  1. For Source, select e. g. LEASED_EN1-0-1 .

  2. For Destination select e. g. LOCAL .

  3. Select the Service, e. g. local services .

  4. For Action, select Access .

  5. Confirm your entries with OK.

Proceed in the same way in making the settings for other services.

The complete configuration then looks like this, e. g.:

Firewall -> Policies -> Filter Rules

This concludes the configuration. Save the configuration with Save configuration and confirm the selection with OK.

You can now test the configuration. To do this, log in with the SSID of the employees , or with the SSID of the guests .

Note

For WTP failure, we recommend that you configure an email notification to monitor the system.

Copyright© Version 08/2020 bintec elmeg GmbH