User Guide
OmniAccess RN: User Guide
258 Part 031650-00 May 2005
z User Authentication and Access Policies
Guest Access
Guest users will use the SSID guest. Authentication method is captive portal with
guest logon enabled.
z A local VLAN and subnet needs to be created on all the local switches
for the guest users associating with them. Since these VLANs are not
going to be visible outside the switch, we use the same VLAN ID on all
switches. Create a local VLAN on the switch, ex. on switch_101 create a
local VLAN 50 and a subnet 192.168.50.0/16 for that VLAN.
NOTE—If guest users are placed on different vlans on the local switches, these vlans
ids must be created on the master switch to allow failover.
z Create a small NAT pool of 1 – 5 address belonging to the switches IP
address subnet and nat the guest users using that pool. For example,
on local users could be nated using a pool of two address
10.1.101.15-10.1.101.16.
z Appropriate ACLs will be applied to the guest role. For example,
Internet_access with nat, ensure that the user has access to the gate-
way, DNS after nating and deny access to all internal subnets. All traffic
from the guest will be nated using the nat pool.
Employee Access with Static WEP and VPN
z The PPTP and L2TP VPN configurations need to be made as described
in the user guides. The default roles for the VPN users would be
employee.
z IAS server would be the authentication server of choice.
z Captive portal for employee users needs to be configured to facilitate
downloading of the VPN dialers.
SSID guest Vlan-ID 50 50 50
encryption Open
system
Open
system
Open
system
employee1 Vlan-ID 101 102 103
Encryption WPA-TKIP WPA-TKI
P
WPA-TKIP
employee2 Vlan-ID 101 102 103
Encryption Static
WEP
Static
WEP
Static
WEP
WEP key 12345678
90….
12345678
90….
12345678
90…