Specifications
OmniAccess Reference: AOS-W System Reference
242 Part 031652-00 May 2005
authentication takes place when a user is not logged in to the laptop, the
computer’s authentication credentials will be used to perform the
authentication process.
7. When a user logs out of Windows, the laptop will again perform 802.1x
authentication using computer credentials, as described in 2(b) above. This
places the wireless device back into the “computer” role in the Alcatel
switch.
Printers
Separate to the process above, support for wireless-attached printers is also
provided. The printers connect to the wireless network using a hidden ESSID
of “Wireless LAN-01-printer”. Because the wireless adapters for the printers do
not support strong authentication or encryption, this ESSID utilizes WEP
encryption with no authentication. For security reasons, printers are
automatically mapped to a special “printer” role in the Alcatel switch, are
placed into a special VLAN, and have restricted access to the network. In the
event that the printer WEP key were compromised, the potential damage an
attacker could do would be very limited, and the breach would be quickly
discovered by the network administrator.
OmniAccess 6000 Switch Configuration
The configuration of the OmniAccess 6000 switch is available through the
Alcatel Command Line Interface (CLI) or through the graphical web-based Web
UI management software. Either tool can be used to configure the system –
both tools modify the same configuration file. This section will explain various
pertinent sections of the configuration file and discuss their operational
importance. Please refer to the Alcatel AOS-W AOS-W Configuration Guide for
full documentation of the entire system.
Firewall Policies
Several firewall policies have been configured in the Alcatel switch, and are
mapped to user roles. These firewall policies are designed to control access
only to the internal
network. The school district implements other firewall technology for the
connection to the Internet to further limit district-wide Internet traffic.
Firewall Destination Aliases
To simplify configuration of firewall policies, an alias representing all internal
network addresses has been defined. The actual IP addresses used by the
school district have been changed here for security and privacy reasons.