User's Manual

ManualsBrandsMojo Networks ManualsElectronicsSPECTRAGUARD SENSOR

InstallingȱtheȱSensorȱ

SpectraGuard

ȱEnterpriseȱInstallationȱGuideȱ

Chapterȱ5 InstallingȱtheȱSensorȱȱ

SensorȱisȱtheȱprobeȱthatȱmonitorsȱyourȱnetworkȱandȱcommunicatesȱwithȱtheȱServerȱtoȱguardȱyourȱcorporateȱnetworkȱagainstȱ

overȬtheȬairȱattacks.ȱTheȱSensorȱmustȱbeȱpluggedȱtoȱyourȱcorporateȱnetworkȱtoȱperformȱtheȱaboveȱoperations.ȱ

Sensorȱcanȱbeȱconfiguredȱinȱoneȱofȱtheȱfollowingȱthreeȱmodes:ȱ

x SensorȱOnlyȱ(SO)ȱMode:ȱThisȱisȱtheȱdefaultȱmode.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱconnectedȱintoȱanȱaccessȱportȱ

onȱaȱswitch.ȱItȱthenȱmonitorsȱaȱsingleȱVLANȱthatȱisȱconfiguredȱonȱthatȱaccessȱport.ȱTheȱwirelessȱinterfaceȱofȱtheȱ

Sensorȱisȱenabled.ȱ

x NetworkȱDetectorȱ(ND)ȱMode:ȱThisȱmodeȱ

needsȱ

toȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱNDȱshouldȱbeȱ

connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱonȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ

thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱNDȱis

ȱdisabled.

ȱAnȱSSȬ200Ȭ

ATȱSensorȱinȱNDȱmodeȱcanȱmonitorȱupȱtoȱ32ȱVLANs.ȱSimilarly,ȱanȱSSȬ300ȬATȱcanȱmonitorȱuptoȱ100ȱVLANs.ȱ

x Sensor/NDȱComboȱ(SNDC)ȱMode:ȱThisȱmodeȱneedsȱtoȱbeȱexplicitlyȱconfigured.ȱInȱthisȱmode,ȱtheȱSensorȱshouldȱbeȱ

connectedȱintoȱaȱtrunkȱportȱ(802.1Qȱcapable)ȱon

ȱaȱswitch.ȱItȱthenȱmonitorsȱmultipleȱVLANsȱthatȱareȱconfiguredȱonȱ

thatȱtrunkȱportȱandȱareȱchosenȱbyȱtheȱuserȱusingȱtheȱNDȱCLI.ȱTheȱwirelessȱinterfaceȱofȱtheȱSensorȱisȱenabled.ȱAȱSSȬ

200ȬATȱSensorȱinȱSNDCȱmodeȱcanȱmonitorȱupȱtoȱ4ȱVLAN.ȱSimilarly,ȱanȱSSȬ300Ȭ

ATȱcanȱmonitorȱuptoȱ16ȱVLANs.ȱ

Important:ȱToȱpreventȱabuseȱandȱintrusionȱbyȱunauthorizedȱpersonnel,ȱitȱisȱextremelyȱimportantȱtoȱinstallȱtheȱSensorȱsuchȱthatȱitȱisȱ

difficultȱtoȱunplugȱtheȱdeviceȱfromȱtheȱnetworkȱorȱfromȱtheȱpowerȱoutlet.ȱ

5.1 ZeroȱConfigurationȱofȱSensorsȱ

Zeroȱconfigurationȱisȱrequiredȱifȱtheȱfollowingȱconditionsȱareȱsatisfied:ȱ

x TheȱSensorȱisȱinȱSOȱmode.ȱ

x AȱDNSȱentryȱ‘wifiȬsecurityȬserver’ȱisȱsetȱupȱonȱallȱDNSȱServers.ȱThisȱentryȱshouldȱpointȱtoȱtheȱIPȱaddressȱofȱtheȱ

Server.ȱByȱdefaultȱtheȱSensorȱlooksȱforȱtheȱServerȱDNSȱentry

ȱ‘wifiȬsecurityȬserver’.ȱ

x SensorȱisȱplacedȱonȱaȱsubnetȱthatȱisȱDHCPȱenabled.ȱ

Important:ȱIfȱaȱSensorȱisȱplacedȱonȱaȱnetworkȱsegmentȱthatȱisȱseparatedȱfromȱtheȱServerȱbyȱaȱfirewall,ȱyouȱmustȱfirstȱopenȱportȱ3851ȱforȱ

UserȱDatagramȱProtocolȱ(UDP)ȱandȱTransportȱControlȱProtocolȱ(TCP)ȱbidirectionalȱtrafficȱonȱthatȱfirewall.ȱThisȱportȱnumberȱisȱassignedȱ

toȱAirTight®ȱNetworks.ȱIfȱmultipleȱSensorsȱareȱsetȱupȱtoȱconnectȱtoȱmultipleȱServers,ȱzeroȱconfigurationȱisȱnotȱpossible.ȱInȱthisȱcaseȱ

manualȱconfigurationȱofȱSensorsȱisȱneeded.ȱReferȱtoȱManuallyȱConfiguring

ȱtheȱSensorȱforȱdetails.ȱ

TheȱstepsȱtoȱinstallȱtheȱSensorȱwithȱnoȱconfigurationȱ(zeroȱconfiguration)ȱareȱasȱfollows.ȱ

x MountȱtheȱSensorȱ

x PowerȱupȱtheȱSensorȱ

x ConnectȱtheȱSensorȱtoȱtheȱnetworkȱ

5.2 ConnectingȱtheȱSensorȱ

ThisȱinvolvesȱmountingȱtheȱSensor,ȱpoweringȱitȱup,ȱandȱconnectingȱitȱtoȱtheȱnetwork.ȱ

5.2.1 MountȱtheȱSSȬ200ȬATȱSensorȱ

TakeȱaȱconfiguredȱSensor,ȱthatȱis,ȱmakeȱsureȱthatȱtheȱSensorȱisȱgivenȱaȱstaticȱIPȱorȱtheȱsettingsȱhaveȱbeenȱchangedȱforȱDHCP.ȱ

NoteȱtheȱMACȱaddressȱandȱtheȱIPȱaddressȱofȱtheȱSensorȱinȱaȱsafeȱplaceȱbeforeȱitȱisȱinstalledȱinȱaȱhardȬtoȬreachȱlocation.ȱTheȱ

MAC

ȱaddressȱofȱtheȱSensorȱisȱprintedȱonȱaȱlabelȱatȱtheȱbottomȱofȱtheȱproductȱandȱtheȱpackagingȱbox.ȱ

Recommended:ȱYouȱshouldȱlabelȱtheȱSensorsȱusingȱMACȱaddressesȱorȱatȱleastȱyourȱownȱconvention.ȱForȱexample,ȱuseȱserialȱnumbers,ȱsoȱ

thatȱyouȱcanȱeasilyȱidentifyȱtheȱSensors.ȱ

5.2.1.1 CeilingȱMountingȱ

ToȱmountȱtheȱSensorȱtoȱaȱceiling,ȱperformȱtheȱfollowingȱsteps:ȱ

1. Placeȱtheȱmountingȱbracket/mountȱonȱtheȱSensorȱandȱalignȱtheȱbracketȱslotsȱwithȱthoseȱonȱtheȱSensorȱasȱshownȱinȱtheȱ

followingȱfigure.ȱ