Cyberoam Wireless Protection Guide Version 10 Document version 1.0 – 10.6.6.042 - 24/11/2017
Cyberoam Wireless Protection Guide
Important Notice
Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. P a g USER’S LICENSE e
Use of this product and document is subject to acceptance of the terms and conditions| of Cyberoam End User License C Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.
You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html2 and the Warranty Policy for y Cyberoam UTM Appliances at http://kb.cyberoam.com.
b
RESTRICTED RIGHTS e
Copyright 1999 - 2015 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. r
o Corporate Headquarters a
Cyberoam House, Saigulshan Complex, Opp. Sanskruti, m Beside White House, Panchwati Cross Road, Ahmedabad - 380006, GUJARAT, INDIA. Tel: +91-79-66216666 Fax: +91-79-26407640 Web site: www.cyberoam.com C e n t r a l
C o n
s
Page 2 of 34 o
l
e
Cyberoam Wireless Protection Guide
Technical Support
You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service departmentP at the following address: a Corporate Office g e Cyberoam Technologies Pvt. Ltd.
901, Silicon Tower | Off C.G. Road Ahmedabad 380006 3
Gujarat, India.
Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com
Cyberoam contact: Technical support (Corporate Office): +91-79-66065777 Email: [email protected] Web site: www.cyberoam.com
Visit www.cyberoam.com for the regional and latest contact information.
Page 3 of 34
Cyberoam Wireless Protection Guide
Contents
Introduction ...... 5
Appliance Administrative Interfaces ...... 6 P Web Admin Console ...... a ...... 6 Command Line Interface (CLI) Console ...... g...... 7 Cyberoam Central Console (CCC) ...... e ...... 7 Web Admin Console ...... 8 Web Admin Language ...... | ...... 8 Supported Browsers ...... 9 Login procedure ...... 4 ...... 10 Log out procedure ...... 11 Menus and Pages...... 12 Page ...... 14 Icon bar ...... 15 List Navigation Controls ...... 16 Tool Tips ...... 16 Status Bar ...... 16 Common Operations...... 17 Cyberoam Wireless Protection ...... 19 Overview...... 19 Global Settings...... 21 Wireless Networks ...... 23 Manage Wireless Networks ...... 23 Wireless Network Parameters ...... 24 Access Point ...... 27 Edit Access Points ...... 28 Grouping ...... 30 Mesh Networks...... 32 Manage Mesh Networks ...... 32 Add Mesh Networks ...... 32 Configure Mesh Network Role ...... 34
Page 4 of 34
Cyberoam Wireless Protection Guide
Introduction
The Appliances use Layer 8 technology to help organizations maintain a state of readiness against today's blended threats and offer real-time protection. P a g Unified Threat Management Appliances offer identity-basede comprehensive security to organizations against blended threats - worms, viruses, malware, data loss, identity theft; threats over applications viz. Instant Messengers; threats over secure| protocols viz. HTTPS; and more. They also offer wireless security (WLAN) and 3G wireless broadband. Analog modem support can be used as either Active or Backup WAN connection for business5 continuity.
The Appliance integrates features like stateful inspection firewall, VPN, Gateway Anti-Virus and Anti- Spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Data Leakage Prevention, IM Management and Control, Layer 7 visibility, Web Application Firewall, Bandwidth Management, Multiple Link Management and Comprehensive Reporting over a single platform.
The Appliance has enhanced security by adding an 8th layer (User Identity) to the protocol stack. Advanced inspection provides L8 user-identity and L7 application detail in classifying traffic, enabling Administrators to apply access and bandwidth policies far beyond the controls that traditional UTMs support. It thus offers security to organizations across layer 2 - layer 8, without compromising productivity and connectivity.
The Appliance accelerates unified security by enabling single-point control of all its security features through a Web 2.0-based GUI. An extensible architecture and an ‘IPv6 Ready’ Gold logo provide Appliance the readiness to deliver on future security requirements.
The Appliances provides increased LAN security by providing separate port for connecting to the publicly accessible servers like Web server, Mail server, FTP server etc. hosted in DMZ which are visible the external world and still have firewall protection.
Layer 8 Security: The Appliance’s features are built around its patent pending Layer 8 technology. The Layer 8 technology implements the human layer of networking by allowing organizations control traffic based on users instead of mere IP Addresses. Layer 8 technology keeps organizations a step ahead of conventional security solutions by providing full business flexibility and security in any environment including WI-FI and DHCP.
Note
All the screen shots in this Guide are taken from NG series of Appliances. The feature and functionalities however remains unchanged across all Cyberoam Appliances.
Page 5 of 34
Cyberoam Wireless Protection Guide
Appliance Administrative Interfaces P Appliance can be accessed and administered through: a g 1. Web Admin Console e 2. Command Line Interface Console | 3. Cyberoam Central Console
6 Administrative Access: An administrator can connect and access the Appliance through HTTP, HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Web Admin Console configuration pages.
Appliance is shipped with two administrator accounts and four administrator profiles.
Administrator Login Credentials Console Access Privileges Type
Super admin/admin Web Admin Full privileges for both the Administrator Console consoles. It provides read- CLI console write permission for all the configuration performed through either of the consoles.
Default cyberoam/cyber Web Admin Full privileges. It provides console only read-write permission for all the configuration pages of Web Admin console.
Note
We recommend that you change the password of both the users immediately on deployment.
Web Admin Console
Web Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Appliance.
You can connect to and access Web Admin Console of the Appliance using HTTP or a HTTPS connection from any management computer using web browser: 1. HTTP login: http://
For more details, refer section Web Admin Console.
Page 6 of 34
Cyberoam Wireless Protection Guide
Command Line Interface (CLI) Console
Appliance CLI console provides a collection of tools to administer, monitor and control certain Appliance component. The Appliance can be accessed remotely using the following connections: P a 1. Remote login Utility – TELNET login g To access Appliance from command prompt using remote logine utility – Telnet, use command TELNET
2. SSH Client (Serial Console) 7 SSH client securely connects to the Appliance and performs command-line operations. CLI console of the Appliance can be accessed via any of the SSH client using LAN IP Address of the Appliance and providing Administrator credentials for authentication.
Note
Start SSH client and create new Connection with the following parameters: Host –
Use CLI console for troubleshooting and diagnose network problems in details. For more details, refer version specific Console Guide available on http://docs.cyberoam.com/.
Cyberoam Central Console (CCC)
Distributed Cyberoam Appliances can be centrally managed using a single Cyberoam Central Console (CCC) Appliance, enabling high levels of security for Managed Security Service Provider (MSSPs) and large enterprises. To monitor and manage Cyberoam using CCC Appliance you must: 1. Configure CCC Appliance in Cyberoam 2. Integrate Cyberoam Appliance with CCC using: Auto Discovery or Manually Once you have added the Appliances and organized them into groups, you can configure single Appliance or groups of Appliances.
For more information, please refer CCC Administrator Guide.
Page 7 of 34
Cyberoam Wireless Protection Guide
Web Admin Console
CyberoamOS uses a Web 2.0 based easy-to-use graphical interface termed as Web Admin Console to configure and manage the Appliance.
P You can access the Appliance for HTTP and HTTPS web browsera -based administration from any of the interfaces. Appliance when connected and powered g up for the first time, it will have a following default Web Admin Console Access configuration fore HTTP and HTTPS services.
Services Interface/Zones | Default Port
HTTP LAN, WAN TCP Port 80 8 HTTPS WAN TCP Port 443
The administrator can update the default ports for HTTP and HTTPS services from System > Administration > Settings.
Web Admin Language
The Web Admin Console supports multiple languages, but by default appears in English. To cater to its non-English customers, apart from English, Chinese-Simplified, Chinese-Traditional, Hindi, Japanese and French languages are also supported. Administrator can choose the preferred GUI language at the time of logging on. Listed elements of Web Admin Console will be displayed in the configured language: • Dashboard Doclet contents • Navigation menu • Screen elements including field & button labels and tips • Error messages
Page 8 of 34
Cyberoam Wireless Protection Guide
Supported Browsers
You can connect to the Web Admin Console of the Appliance using HTTP or a secure HTTPS connection from any management computer using one of the following web browsers:
The minimum screen resolution for the management computerP is 1024 X 768 and 32-bit true xx- color. a g Browser Supportede Version
Microsoft Internet Explorer | Version 8+ 9 Mozilla Firefox Version 3+
Google Chrome All versions
Safari 5.1.2(7534.52.7)+
Opera 15.0.1147.141+
The Administrator can also specify the description for firewall rule, various policies, services and various custom categories in any of the supported languages.
All the configuration done using Web Admin Console takes effect immediately. To assist you in configuring the Appliance, the Appliance includes a detailed context-sensitive online help.
Page 9 of 34
Cyberoam Wireless Protection Guide
Login procedure
The log on procedure authenticates the user and creates a session with the Appliance until the user logs-off.
To get to the login window, open the browser and type the LANP IP Address of Cyberoam in the browser’s URL box. A dialog box appears prompting you to entera username and password. g e
|
1 0
Screen – Login Screen
Screen Element Description Enter user login name.
Username If you are logging on for the first time after installation, use the default username. Specify user account password.
Dots are the placeholders in the password field. Password
If you are logging on for the first time after installation with the default username, use the default password. Select the language. The available options are Chinese- Simplified, Chinese-Traditional, English, French, and Language Hindi.
Default – English To administer Cyberoam, select ‘Web Admin Console’
Log on to To view logs and reports, select “Reports”.
To login into your account, select “My Account”. Login button Click to log on the Web Admin Console. Table – Login Screen
The Dashboard appears as soon as you log on to the Web Admin Console. It provides a quick and fast overview of all the important parameters of your Appliance.
Page 10 of 34
Cyberoam Wireless Protection Guide
Log out procedure
To avoid un-authorized users from accessing Cyberoam, log off after you have finished working. This will end the session and exit from Cyberoam.
To log off from the Appliance, click the button locatedP at the top right of any of the Web Admin Console pages. a g e
|
1 1
Page 11 of 34
Cyberoam Wireless Protection Guide
Menus and Pages
The Navigation bar on the leftmost side provides access to various configuration pages. This menu consists of sub-menus and tabs. On clicking the menu item in the navigation bar, related management functions are displayed as submenu items in the navigation bar itself. On clicking submenu item, all the associated tabs are displayed as the horizontal menu bar on the top of the page. To view a page associated with the tab, click the requiredP tab. a g The left navigation bar expands and contracts dynamically whene clicked on without navigating to a submenu. When you click on a top-level heading in the left navigation bar, it automatically expands that heading and contracts the heading for the page you are currently| on, but it does not navigate away from the current page. To navigate to a new page, first click on the heading, and then click 1 on the submenu you want navigate to. On hovering the cursor upon the up-scroll icon or the 2 down-scroll icon , automatically scrolls the navigation bar up or down respectively.
The navigation menu includes following modules:
• System – System administration and configuration, firmware maintenance, backup - restore
Page 12 of 34
Cyberoam Wireless Protection Guide
• Objects – Configuration of various policies for hosts, services, schedules and file type • Networks – Network specific configuration viz., Interface speed, MTU and MSS settings, Gateway, DDNS • Wireless Protection – Configuration and management of Sophos Access Points. • Identity – Configuration and management of User and user groups • Firewall – Firewall Rule Management P • VPN – VPN and SSL VPN access configuration a • IPS – IPS policies and signature g e • Web Filter – Web filtering categories and policies configuration • Application Filter – Application filtering categories and policies| configuration • WAF – Web Application Filtering policies configuration. Available in all the models except CR15iNG and CR15wiNG. 1 3 • IM – IM controls • QoS – Policy management viz., surfing quota, QoS, access time, data transfer • Anti Virus – Antivirus filtering policies configuration • Anti Spam – Anti Spam filtering policies configuration • Traffic Discovery – Traffic monitoring • Logs & Reports – Logs and reports configuration
Note
Use F1 key for page-specific help. Use F10 key to return to Dashboard.
Each section in this guide shows the menu path to the configuration page. For example, to reach the Zone page, choose the Network menu, then choose Interface sub-menu from the navigation bar, and then choose Zone tab. Guide mentions this path as Network > Interface > Zone.
Page 13 of 34
Cyberoam Wireless Protection Guide
Page
A typical page looks as shown in the below given image:
P a g e
|
1 4
Screen – Page
Page 14 of 34
Cyberoam Wireless Protection Guide
Icon bar
P a g e
|
1 5
The Icon bar on the upper rightmost corner of every page provides access to several commonly used functions like: 1. Dashboard – Click to view the Dashboard 2. Wizard – Opens a Network Configuration Wizard for a step-by-step configuration of the network parameters like IP Address, subnet mask and default gateway for your Appliance. 3. Report – Opens a Reports page for viewing various usage reports. Integrated Logging and Reporting solution - iView, to offer wide spectrum of 1000+ unique user identity-based reporting across applications and protocols and provide in-depth network visibility to help organizations take corrective and preventive measures.
This feature is not available for CR15xxxx series of Appliances.
4. Console – Provides immediate access to CLI by initiating a telnet connection with CLI without closing Web Admin console. 5. Logout – Click to log off from the Web Admin Console. 6. More Options – Provides options for further assistance. The available options are as follows: • Support – Opens the customer login page for creating a Technical Support Ticket. It is fast, easy and puts your case right into the Technical Support queue. • About Product – Opens the Appliance registration information page. • Help – Opens the context – sensitive help page. • Reset Dashboard – Resets the Dashboard to factory default settings. • Lock – Locks the Web Admin Console. Web Admin Console is automatically locked if the Appliance is in inactive state for more than 3 minutes. To unlock the Web Admin Console you need to re-login. By default, Lock functionality is disabled. Enable Admin Session Lock from System > Administration > Settings. • Reboot Appliance – Reboots the Appliance. • Shutdown Appliance – Shut downs the Appliance .
Page 15 of 34
Cyberoam Wireless Protection Guide
List Navigation Controls
The Web Admin Console pages display information in the form of lists that are spread across the multiple pages. Page Navigation Control Bar on the upper right top corner of the list provides navigation buttons for moving through the list of pages with a large number of entries. It also includes an option to specify the number entries/records displayed per page. P a g e
|
1 6
Tool Tips
To view the additional configuration information use tool tip. Tool tip is provided for many
configurable fields. Move the pointer over the icon to view the brief configuration summary.
Status Bar
The Status bar at the bottom of the page displays the action status.
Page 16 of 34
Cyberoam Wireless Protection Guide
Common Operations
Adding an Entity
You can add a new entity like policy, group, user, rule, ir host by clicking the Add button available on most of the configuration pages. Clicking this button either opens a new page or a pop-up window. P a
g e
|
1 7
Editing an Entity
All the editable entities are hyperlinked. You can edit any entity by clicking either the hyperlink or the Edit icon under the Manage column.
Deleting an Entity
You can delete an entity by selecting the checkbox and clicking the Delete button or Delete icon.
To delete multiple entities, select individual entity and click the Delete button.
To delete all the entities, select in the heading column and click the Delete button.
Page 17 of 34
Cyberoam Wireless Protection Guide
P a g e
Sorting Lists |
To organize a list spread over multiple pages, sort the list in 1ascending or descending order of a column attribute. You can sort a list by clicking a column heading.8
• Ascending Order icon in a column heading indicates that the list is sorted in ascending order of the column attribute.
• Descending Order icon in a column heading indicates that the list is sorted descending order of the column attribute.
Filtering Lists
To search specific information within the long list spread over multiple pages, filter the lists. Filtering criteria vary depending on a column data and can be a number or an IP address or part of an address, or any text string combination.
To create filter, click the Filter icon in a column heading. When a filter is applied to a column, the Filter icon changes to .
Configuring Column Settings
By default on every page all columnar information is displayed but on certain pages where a large number of columnar information is available, all the columns cannot be displayed. It is also possible that some content may not be of use to everyone. Using column settings, you can configure to display only those numbers of columns which are important to you. To configure column settings, click Select Column Settings and select the checkbox against the columns you want to display and clear the checkbox against the columns which you do not want to display. All the default columns are greyed and not selectable.
Page 18 of 34
Cyberoam Wireless Protection Guide
Cyberoam Wireless Protection P a g Wireless Protection allows you to configure and manage Sophose Access Points (AP) connected to your appliance. Cyberoam will act as a wireless controller for Sophos APs. The AP is connected to the appliance using wired LAN through which the AP will| fetch their configuration and start broadcasting SSIDs to the wireless clients. Wireless Client’s traffic will pass through Cyberoam and all security policies can be applied on it thus providing threat1 protection to Wireless clients. 9 Administrator can do global configuration, SSIDs (Wireless Networks) configuration, Mesh Network configuration, AP configuration which includes Wireless and Mesh Network association to AP, AP group configuration.
• This feature is supported for the following Sophos AP models: AP 10, AP 15, AP 30, AP 50, AP 55 and AP 100. • Wireless Protection is not supported in Cyberoam ‘wi/wiNG’ series appliances and 10iNG/15iNG appliance models.
Overview
The overview page displays live snapshot of currently managed APs, broadcasted SSIDs (wireless networks), wireless clients connected through SSID to AP and mesh networks.
The administrator can filter currently connected clients by Access Point or SSID.
Screen – Overview
Screen Element Description Name Displays name of the wireless connection. IP Address IP Address leased for wireless connection.
MAC Address Displays MAC Address of the wireless client.
Signal Displays the signal strength.
Last-TX Rate Displays the data transfer rate for the wireless client.
Page 19 of 34
Cyberoam Wireless Protection Guide
Connection Time Displays the connection time for the wireless client.
Displays frequency of the wireless network to which AP is Frequency connected. Table – Overview screen elements P a g e
|
2 0
Page 20 of 34
Cyberoam Wireless Protection Guide
Global Settings
To configure global settings for Wireless Networks, go to Wireless Protection > Global Settings.
P If AP firmware is not available on the appliance, AP firmwarea download link will be displayed on this page. g e
|
2 Screen – Global Settings(Download Firmware)1
You can enable Wireless Protection after AP firmware is downloaded successfully.
Screen –Global Settings after AP Firmware is downloaded
Screen Element Description
Download Firmware (Only displayed if AP firmware is not downloaded) Click to download AP firmware.
Download AP Firmware Wireless Protection can be used after AP firmware is successfully downloaded. Enable Wireless Click to enable Wireless Protection. Protection Global Settings Allowed Zone Select zones that are to be allowed for AP connectivity.
It is the zone in which AP is deployed. Advanced Settings Notification Timeout Timeout (in minutes) Specify time till which appliance will wait for notification request from the AP. After the specified time, the AP will be considered inactive.
Page 21 of 34
Cyberoam Wireless Protection Guide
Enterprise Authentication RADIUS Server Select RADIUS Server to authenticate wireless clients.
If wireless network uses WPA/WPA2 Enterprise Authentication Encryption mode then RADIUS Server needs to be specified. Table – Global Settings screen elementsP a g e
|
2 2
Page 22 of 34
Cyberoam Wireless Protection Guide
Wireless Networks
The page displays the details of wireless networks like name, SSID, Client traffic mode, encryption mode used and frequency band. This page provides list of all the configured wireless networks and allows the administrator to manage the wireless networks. P Manage Wireless Networks a g e To manage Wireless Networks, go to Wireless Protection > Wireless Networks >
Wireless Networks. |
2 3
Screen – Manage Wireless Network
Screen Element Description Name Displays the name of the Access Point. SSID Displays the unique Service Set Identifier (SSID) Client traffic Displays AP deployment mode Encryption mode Displays encryption mode Frequency Band Displays frequency band for the AP Table – Manage Wireless Network screen elements
Page 23 of 34
Cyberoam Wireless Protection Guide
Wireless Network Parameters
To add or edit Wireless Network, go to Wireless Protection > Wireless Networks > Wireless Networks. Click Add Button to add a new Wireless Network. To update the details, click on the Wireless Network or Edit icon in the Manage column against the Wireless Network you want to modify. P a g e
|
2 4
Screen – Add Wireless Network
Screen Element Description Name Specify a name of the wireless network.
SSID Specify Service Set Identifier (SSID).
The wireless network is identified by its SSID. Users who want to use the wireless network must configure their computers with this SSID. Security Mode Select the security mode for encrypting the wireless traffic.
Available Options: • No Encryption • WEP Open • WPA2 Personal • WPA2/WPA Personal • WPA Personal • WPA2-Enterprise • WPA2/WPA Enterprise • WPA Enterprise
Default – WPA2 Personal
WPA2 mode is better for security than WPA mode.
Page 24 of 34
Cyberoam Wireless Protection Guide
Note:
If RADIUS Server is configured under Global Settings then Enterprise Encryption mode should be selected.
For WEP-Open only P Key Specify WEP key for authentication.a It should consist of 26 hexadecimal characters. g e For WPA2 Personal, WPA2/WPA Personal and WPA Personal only
Passphrase/PSK Specify the phrase to be used| as password.
Confirm Passphrase/PSK Re-enter passphrase for confirmation.2 5 Client traffic Select AP deployment mode for integrating wireless network into your local network.
Available Options: • Separate Zone – In this mode, Wireless Network is handled as a separate network having its own IP Address range. Adding wireless network with this option automatically creates a new virtual interface with given IP address and zone on the Interface Manage Page. The interface would be created with the name provided for the Wireless Network. You can configure DHCP Server for the interface from the same page. • Bridge to AP LAN – In this mode, wireless clients will share the same IP network. • Bridge to VLAN – In this mode, wireless network traffic will be bridged to VLAN of your choice.
Default – Separate Zone. For “Separate Zone” Client Traffic only Zone Specify the zone for Wireless Network. IP Address Specify IP Address for the Wireless Network. Netmask Select the subnet mask.
For “Bridge to VLAN” Client Traffic only
Bridge to VLAN id Specify the VLAN ID of the network to which the wireless client’s traffic will be bridged. Client VLAN id Select to define VLAN ID from the available options. (Available only for Enterprise Security Available Options: mode) • Static – It uses the VLAN ID defined in “Bridge to VLAN id” parameter. • Radius & Static – It uses the VLAN ID provided by the RADIUS Server. RADIUS Server provides the VLAN ID to the AP when the user authenticates against it. Note
If a user does not have VLAN ID assigned then VLAN ID specified in “Bridge to VLAN id” parameter will be used.
Page 25 of 34
Cyberoam Wireless Protection Guide
Description Specify description for Wireless Network. Advanced Settings Encryption Select Encryption type. (Available only for WPA/WPA2 Security Available Options: Mode) • TKIP(only abg) • AES (secure) P • TKIP & AES (compatible) a g Frequency Band The AP assigned to this Wireless Network will transmit on the e selected frequency band.
| Available Options: • 2.4 and 5 GHz 2 • 5 GHz 6 • 2.4 GHz Client Isolation Select to prevent clients from communicating with each other. Hide SSID Password with which backup RADIUS server can be accessed. Table – Add Wireless Network screen elements
Page 26 of 34
Cyberoam Wireless Protection Guide
Access Point
The page displays list of the Active/Inactive/Pending Access Points. This page also allows to edit/delete/group APs and assign wireless networks to AP or AP groups.
P Active/Inactive Access Point a g This section displays connected and running APs. To edit an AP,e click icon.
|
2 7
Screen – Active/Inactive Access Point
Pending Access Point
This section displays the APs that are connected to your appliance but not yet authorized. To authorize an AP, click the Accept button. On accepting, pending APs will be moved to the Active Access Point section. To edit an AP, click icon.
Screen – Pending Access Point
Screen – Manage Access Points
Page 27 of 34
Cyberoam Wireless Protection Guide
Edit Access Points
To edit Access Points, go to Wireless Protection > Access Point > Access Point. To update the details, click on the Access Point or Edit icon in the Manage column against the AP you want to modify. P a g e
|
2 8
Screen – Edit Access Point
Screen Element Description ID Specify the ID for Access Point. Label Specify label for easier identification of the AP in your network. Country Select the country where AP is located. Group Select to organize APs in a group.
Group can be added from the Grouping menu. Wireless Networks Wireless Networks Select the wireless networks that should be broadcasted by
Page 28 of 34
Cyberoam Wireless Protection Guide
the AP. Mesh Networks Mesh Networks ( Select the mesh networks that should be broadcasted by the Available only for AP50) AP.
You can also add APs that should broadcast mesh network from this page by clicking the Add button. P a Note g e This option will be displayed only if a mesh network is configured. |
Advanced Settings 2 Channel 2.4 GHz Select a channel for your wireless9 network. Selecting Auto will automatically select the least used channel for transmission.
Default – Auto TX Power Select the transmission power for the AP.
Default – 100%
Channel 5 GHz Select a channel for your wireless network. Selecting Auto will (Available with AP 100) automatically select the least used channel for transmission.
Default – Auto TX Power 5GHz Select the transmission power output for 5 GHz band. (Available with AP 100) Default – 100%
STP Select “enabled” to use Spanning Tree protocol (STP). STP prevents bridge loops.
Default - Disabled
VLAN Tagging Select to connect AP with an existing VLAN Ethernet Interface.
Default – Disabled
AP VLAN ID ( Displayed Specify the VLAN ID that will be used by the AP to connect to only if VLAN Tagging is the appliance. enabled ) VLAN ID can be any number between 2 and 4094.
Table – Edit Access Point screen elements
Page 29 of 34
Cyberoam Wireless Protection Guide
Grouping
The page displays list of AP groups. The page also allows you to organize APs in groups, edit group details and delete a group.
P Manage AP Group a g To manage AP Group, go to Wireless Protection > Access Point > Grouping. e
|
3 0
Screen – Manage AP Group
Screen Element Description Name Name of the AP Group Wireless Networks Wwireless networks that are broadcasted by the APs of the group. Access Point APs that are members of the Group. Screen – Manage AP Group screen elements
AP Group Parameters
To add or edit AP Group, go to Wireless Protection > Access Point > Grouping. Click Add Button to add a new AP group. To update the details, click on the AP group or Edit icon in the Manage column against the AP group you want to modify.
Page 30 of 34
Cyberoam Wireless Protection Guide
P a g e
|
3 1
Screen – Add AP Group
Screen Element Description Name Specify name to identify AP group. Wireless Networks Select the wireless networks that should be broadcasted by the APs of this group. VLAN Tagging Select to connect AP with an existing VLAN Ethernet Interface.
Default – Disabled
AP VLAN ID ( Displayed Specify the VLAN ID that will be used by the AP to connect to only if VLAN Tagging is the appliance. enabled ) VLAN ID can be any number between 2 and 4094.
Access Point Select the APs that are to be added in this group. Table – AP Group screen elements
Page 31 of 34
Cyberoam Wireless Protection Guide
Mesh Networks
A mesh network is a network in which multiple APs can communicate with each other and they broadcast a common wireless network. In such a topology, the wireless network connection is spread among large number of APs to share network covering a wide area. P a An AP can be configured as a Root Access Point or Mesh Accessg Point. e
Root Access Point: It has a wired connection to the appliance and provides a mesh network. | An access point can be root access point for multiple mesh networks. 3 Mesh Access Point: It needs a mesh network to connect to the2 appliance via a root access point. An access point can be mesh access point for only one single mesh network at a time.
Mesh Networks can be used to configure a Wireless Bridge or Wireless Repeater.
Manage Mesh Networks
To manage Mesh Networks, go to Wireless Protection > Mesh Networks > Mesh Networks.
Screen – Manage Mesh Networks
Screen Element Description Mesh-ID ID of the Mesh Network Frequency Band Frequency band for the AP Table – Manage Mesh Networks screen elements
Add Mesh Networks
To add or edit Mesh Networks, go to Wireless Protection > Mesh Networks > Mesh Networks. Click Add Button to add a new Mesh Network or Edit Icon to modify the details.
The page allows you to configure Mesh Networks and associate AP with it.
Page 32 of 34
Cyberoam Wireless Protection Guide
P a g e
|
3 3
Screen – Add Mesh Networks
Screen Element Description Mesh-ID Specify ID for the mesh network Frequency Band The AP assigned to this Mesh Network will transmit on the selected frequency band.
Available Options: • 5 GHz • 2.4 GHz Description Provide description for the mesh network. Access Point Select the AP that should broadcast the mesh network.
You can define AP role from here by clicking Add button. Table – Add Mesh Networks screen elements
Page 33 of 34
Cyberoam Wireless Protection Guide
Configure Mesh Network Role
This page allows you to configure Access Point as Root Access Point or Mesh Access Point. To configure AP role, go to Wireless Protection > Mesh Networks > Mesh Networks. To define AP role, click Add button for Access Point on the Add Mesh Networks page. P a g e
|
3 4
Screen – Configure Mesh Network Role
Screen Element Description Access Point Select an AP that should broadcast the mesh network.
Note
AP 50 can only be used for mesh networks.
Role Select AP’s role from the available options.
Available Options: • Root Access Point • Mesh Access Point Table – Configure Mesh Network Role screen elements
Page 34 of 34