EasyManuals Logo

Siemens SCALANCE W1750D UI User Manual

Siemens SCALANCE W1750D UI
570 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #337 background imageLoading...
Page #337 background image
AP-VPN Deployment
20.2 Configuring AP and Controller for AP-VPN Operations
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
337
If you are using the Windows 2003 server, perform the following steps to configure the
external whitelist database on it. There are equivalent steps available for the Windows
Server 2008 and other RADIUS servers.
1. Add the MAC addresses of all the APs in the Active Directory of the RADIUS server:
–
Open the
Active Directory and Computers
window, add a new user and specify the
MAC address (without the colon delimiter) of the AP for the username and password,
respectively.
– Right-click the user that you have just created and click
Properties
.
– On the
Dial-in
tab, select
Allow access
in the
Remote Access Permission
section and
click
OK
.
– Repeat Step a through Step c for all APs.
– Define the remote access policy in the Internet Authentication Service:
–
In the
Internet Authentication Service
window, select
Remote Access Policies
.
– Launch the wizard to configure a new remote access policy.
2. Define filters and select
grant remote access permission
in the
Permissions
window.
– Right-click the policy that you have just created and select
Properties
.
– In the
Settings
tab, select the policy condition, and click
Edit Profile...
.
– In the
Advanced
tab, select
Vendor Specific
, and click
Add
to add new vendor-specific
attributes.
– Add new vendor-specific attributes and click
OK
.
– In the
IP
tab, provide the IP address of the AP and click
OK
.
VPN Local Pool Configuration
The VPN local pool is used to assign an IP address to the AP after successful XAUTH VPN.
(scalance) # ip local pool "rapngpool" <startip> <endip>
Role Assignment for the Authenticated APs
Define a role that includes an Source-NAT rule to allow connections to the RADIUS server
and for the Dynamic RADIUS Proxy in the AP to work. This role is assigned to APs after
successful authentication.
(scalance) (config) #ip access-list session iaprole
(scalance) (config-sess-iaprole)#any host <radius-server-ip> any src-nat (scalance)
(config-sess-iaprole)#any any any permit
(scalance) (config-sess-iaprole)#! (scalance) (config) #user-role iaprole
(scalance) (config-role) #session-acl iaprole
VPN Profile Configuration
The VPN profile configuration defines the server used to authenticate the AP (internal or an
external server) and the role assigned to the AP after successful authentication.
(scalance) (config) #aaa authentication vpn default-iap
(scalance) (VPN Authentication Profile "default-iap") #server-group default
(scalance) (VPN Authentication Profile "default-iap") #default-role iaprole

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Siemens SCALANCE W1750D UI and is the answer not in the manual?

Siemens SCALANCE W1750D UI Specifications

General IconGeneral
BrandSiemens
ModelSCALANCE W1750D UI
CategoryWireless Access Point
LanguageEnglish

Related product manuals