ADTRAN BlueSecure Controller Spezifikationen

BlueSecure™ ControllerSetup and Administration GuideSoftware Release Version: 6.5Document Version: 6.5Bluesocket, Inc. 10 North Avenue Burlington, MA

xContentsFiguresFigures xFigure 1-1: The Role of the Bluesocket BSC in a Wireless LAN ... 1-2Figure 1-2: The Bluesocket Secur

Chapter 5: Authentication Using Internal Database5-45. To enable RADIUS accounting for this user, select the name of the external RADIUS accounting se

Defining MAC Address AuthenticationBlueSecure™ Controller Setup and Administration Guide 5-5You may be prompted to restart the BSC. We recommend that

Chapter 5: Authentication Using Internal Database5-6Acceptable MAC address delimiters are colons (00:03:4a:3b:4F:02) or hyphens (00-03-4a-3b-4F-02).Th

Defining MAC Address AuthenticationBlueSecure™ Controller Setup and Administration Guide 5-7You may be prompted to restart the BSC. We recommend that

Chapter 5: Authentication Using Internal Database5-8

BlueSecure™ Controller Setup and Administration Guide 6-16Authentication Using External ServersFollow the procedures given in this chapter if you are

Chapter 6: Authentication Using External Servers6-2An Overview of External User AuthenticationIn external server user authentication, an external serv

RADIUS AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-3To configure an external RADIUS authentication server and define the rul

Chapter 6: Authentication Using External Servers6-4Name Enter a meaningful name for the external RADIUS authentication server.)Note: As described in t

RADIUS AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-5See “RADIUS Accounting” on page 7-1 to configure a new RADIUS accounting

ContentsBlueSecure™ Controller Setup and Administration Guide xiFigure 4-23:Admin Interface in Network Routing Table ...

Chapter 6: Authentication Using External Servers6-63. The Default Redirect URL field on the General HTTP Settings page (see “HTTP Server Settings” on

LDAP/Active Directory AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-7To configure an external LDAP/Active Directory authentica

Chapter 6: Authentication Using External Servers6-8Displaying the New LDAP/active directory server page1. Click the User authentication tab in the BSC

LDAP/Active Directory AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-9on page 7-1 to configure a new RADIUS accounting server f

Chapter 6: Authentication Using External Servers6-10The user can click on the link to go the URL, but they are not automatically redirected to that li

SIP2 AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-11Displaying the New SIP2 server page1. Click the User authentication tab i

Chapter 6: Authentication Using External Servers6-12Alternatively, you can select the Create … option to open a window that enables you to define a ne

NTLM AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-13Displaying the New NTLM server page1. Click the User authentication tab i

Chapter 6: Authentication Using External Servers6-14returned to the New NTLM server page where you can select the role from the drop-down list.2. Opti

Transparent NTLM AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-15Displaying the New Transparent NTLM Windows server page1. Cli

xiiContentsFigure 10-14: IPSec CSR Generated Page... 10-23Figure 10-15: Miscellaneous Settings Pa

Chapter 6: Authentication Using External Servers6-164. NTLM username to ignore (Optional): Enter any generic, client-supplied NTLM login ID that shoul

Transparent 802.1x AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-17Transparent 802.1x Authentication802.1x is an IEEE standard

Chapter 6: Authentication Using External Servers6-18New Transparent 802.1x server page1. Click the User authentication tab in the BSC administrator co

The BSC Internal 802.1x Authentication ServerBlueSecure™ Controller Setup and Administration Guide 6-19• RFC822 - Use for TLS EAP methods only. This i

Chapter 6: Authentication Using External Servers6-20Figure 6-8: Edit the Local 802.1x Server Page

The BSC Internal 802.1x Authentication ServerBlueSecure™ Controller Setup and Administration Guide 6-21or TTLS Protocol and pass the inner authenticat

Chapter 6: Authentication Using External Servers6-224. Many other LDAP servers (e.g. Windows 2000/2003 Server Active Directory LDAP server) are not de

Kerberos AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-23Saving the settingsClick Save to store the information to the BSC dat

Chapter 6: Authentication Using External Servers6-24The Port number should be 88, the value assigned to Kerberos by the Internet Assigned Number Autho

Cosign AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-25Cosign client web servers do not need to run SSL; sniffed cookies will

ContentsBlueSecure™ Controller Setup and Administration Guide xiiiFigure 14-20: Configuring Load Sharing on a Node ...

Chapter 6: Authentication Using External Servers6-26Displaying the New Cosign server page1. Click the User authentication tab in the BSC administrator

Pubcookie AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-27Alternatively, you can select the Create New… option to open a windo

Chapter 6: Authentication Using External Servers6-28Displaying the New Pubcookie server page1. Click the User authentication tab in the BSC administra

Pubcookie AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-295. Key server address: Enter the Pubcookie key server IP address.6.

Chapter 6: Authentication Using External Servers6-30You may be prompted to restart the BSC. We recommend that you do not restart the BSC until you hav

CAS AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-31Once primary authentication is complete, the CAS redirects the user's

Chapter 6: Authentication Using External Servers6-32c) Enter the appropriate value to check against the specified attribute in the Value field.d) Sele

Transparent Certificate AuthenticationBlueSecure™ Controller Setup and Administration Guide 6-33To configure transparent certificate authentication:Di

Chapter 6: Authentication Using External Servers6-34Mapping Transparent Certificate attributes to roles3. Define the rules to determine if the user is

Testing an External Authentication ServerBlueSecure™ Controller Setup and Administration Guide 6-354. Enter the password associated with the entered u

xivContentsTablesTable 1-1: Bluesocket BSC Model Specifications ... 1-9Table 2-1: BSC-1200 Status LEDs...

Chapter 6: Authentication Using External Servers6-36

BlueSecure™ Controller Setup and Administration Guide 7-17RADIUS Accounting Remote authentication dial-in user service (RADIUS) software includes both

Chapter 7: RADIUS Accounting7-2Defining a RADIUS Accounting ServerTo define a new RADIUS accounting server:1. Click the User Authentication, Authentic

Attributes Sent to External RADIUS Accounting Server by BSCBlueSecure™ Controller Setup and Administration Guide 7-3You might be prompted to restart t

Chapter 7: RADIUS Accounting7-4

BlueSecure™ Controller Setup and Administration Guide 8-18Roles and Role ElementsThis chapter describes the use of roles and role elements on the BSC:

Chapter 8: Roles and Role Elements8-2Defining User Roles to Enforce Network Usage PoliciesThe BSC uses role-based authorization to define which networ

Role InheritanceBlueSecure™ Controller Setup and Administration Guide 8-3You can configure the BSC to support enterprise guest access by defining loca

Chapter 8: Roles and Role Elements8-4• It reduces the number of administrative changes you need to make to roles. If you need to make changes to the b

Defining a RoleBlueSecure™ Controller Setup and Administration Guide 8-5Name Enter a meaningful name for the role. Typically, this will be the name of

BlueSecure™ Controller Setup and Administration Guide xvAbout This GuideThe BlueSecure™ Controller Setup and Administration Guide provides complete in

Chapter 8: Roles and Role Elements8-6• Per user - Each user logged in with this role can transmit the entire bandwidth. For example, if 1 Mbps is spec

Defining a RoleBlueSecure™ Controller Setup and Administration Guide 8-7Alternatively, as with network services, destinations, and schedules, you can

Chapter 8: Roles and Role Elements8-84. Configure the Transparent 802.1x server to do role placement based on the username:In this case the Domain is

Defining a RoleBlueSecure™ Controller Setup and Administration Guide 8-9routes all tagged traffic to the protected-side VLAN and is useful if you want

Chapter 8: Roles and Role Elements8-101. The Redirect URL Attribute field on either the RADIUS page or the LDAP page accessed on the User Authenticati

Creating Destinations and Destination GroupsBlueSecure™ Controller Setup and Administration Guide 8-11single device within the network; all the device

Chapter 8: Roles and Role Elements8-12You might be prompted to restart the BSC. We recommend that you do not restart the BSC until you have completely

Creating Network Services and Services GroupsBlueSecure™ Controller Setup and Administration Guide 8-132. Select Destination Group from the Create dro

Chapter 8: Roles and Role Elements8-14• LDAP - Lightweight directory access protocol• H.323 - ITU-T standard for sending voice (audio) and video using

Creating Network Services and Services GroupsBlueSecure™ Controller Setup and Administration Guide 8-15Name Enter a meaningful name for the network se

About This Guidexviauthentication, NTLM authentication, transparent NTLM authentication, transparent 802.1x authentication, the BSC internal 802.1x au

Chapter 8: Roles and Role Elements8-16Incoming/Outgoing Priority - You can configure a priority for traffic coming into the BSC or going out from the

Creating Schedules and Schedule GroupsBlueSecure™ Controller Setup and Administration Guide 8-171. Click the User Roles tab in the BSC administrator c

Chapter 8: Roles and Role Elements8-181. Click the User Roles tab in the BSC administrator console, and then click the Schedules tab.2. Select Schedul

Creating Locations and Location GroupsBlueSecure™ Controller Setup and Administration Guide 8-195. Click Save to store the information to the BSC data

Chapter 8: Roles and Role Elements8-20For example, you might have defined “VLAN 15” that includes all access points on the shop floor. You can then cr

Creating Locations and Location GroupsBlueSecure™ Controller Setup and Administration Guide 8-211. Click the User Roles tab in the BSC administrator c

Chapter 8: Roles and Role Elements8-22

BlueSecure™ Controller Setup and Administration Guide 9-19Voice Over WLAN SupportMore and more organizations are now using IP phones that pass voice t

Chapter 9: Voice Over WLAN Support9-2Configuring General VoWLAN SettingsClick the Voice tab in the BSC administrator console, and then click the Gener

Configuring VoWLAN QoSBlueSecure™ Controller Setup and Administration Guide 9-3Polycom/Avaya IP phone settingsMark the Enable support for Polycom/Avay

BlueSecure™ Controller Setup and Administration Guide xvii• Appendix C, "Endpoint Scanning," provides procedures for configuring endpoint sc

Chapter 9: Voice Over WLAN Support9-4

BlueSecure™ Controller Setup and Administration Guide 10-110General BSC Operational SettingsYou may modify the following BSC protocols and functions u

Chapter 10: General BSC Operational Settings10-2HTTP Server SettingsTo modify the BSC HTTP server settings:Displaying the HTTP Settings page1. Click t

HTTP Server SettingsBlueSecure™ Controller Setup and Administration Guide 10-3Login Redirects Comma separated list of HTTP/proxy ports to monitor - En

Chapter 10: General BSC Operational Settings10-4Root CA URL - URL where the certificate authority (CA) credential is stored. Your browser can use the

Intrusion Detection SystemBlueSecure™ Controller Setup and Administration Guide 10-5BlueProtect Endpoint ScanningOptional. Enable BlueProtect Endpoint

Chapter 10: General BSC Operational Settings10-6Normal State By default, a user host will start in the Normal State unless or otherwise blocked. The a

Intrusion Detection SystemBlueSecure™ Controller Setup and Administration Guide 10-7these roles or create your own IDS role to assign to blocked users

Chapter 10: General BSC Operational Settings10-8Enable IDS Mark this checkbox to activate the BSC Intrusion Detection System.Thresholds Violation Thre

Automatic Backup of the BSC DatabaseBlueSecure™ Controller Setup and Administration Guide 10-9SNMP Agent Start the selected version of SNMP agent (v2c

About This GuidexviiiA Glossary is included in this document that defines many terms and acronyms associated with the BlueSecure Controller, the BlueS

Chapter 10: General BSC Operational Settings10-10Displaying the Auto Backups page1. Click the General tab in the BSC administrator console, and then c

Mail Server AccessBlueSecure™ Controller Setup and Administration Guide 10-11Displaying the BSC Time Settings page1. Click the General tab in the BSC

Chapter 10: General BSC Operational Settings10-12tab, Email tab to configure the BSC to login to your mail server securely. You can either specify the

Public Access NetworksBlueSecure™ Controller Setup and Administration Guide 10-13Address of mail server for SMTP port redirectionIn some public access

Chapter 10: General BSC Operational Settings10-14Event Logging and Connection TrackingThe BSC provides two types of logging facilities:• Event logging

Event Logging and Connection TrackingBlueSecure™ Controller Setup and Administration Guide 10-15• Enable Connection Tracking - If this checkbox is mar

Chapter 10: General BSC Operational Settings10-16If cleared, no connection tracking data is logged. Default value: Disabled.)Note: Connection tracking

Threshold ValuesBlueSecure™ Controller Setup and Administration Guide 10-17Threshold ValuesYou can specify threshold values that trigger the output of

Chapter 10: General BSC Operational Settings10-18Warm Start A restart of BSC services.Cold Start A complete reboot of BSC.Config Change Any change to

Domain Name System (DNS) SettingsBlueSecure™ Controller Setup and Administration Guide 10-19Managed-side DNS proxyEnable DNS Proxy? - If this checkbox

BlueSecure™ Controller Setup and Administration Guide 1-11An Overview of the BlueSecure ControllerThis chapter introduces you to the BlueSecure family

Chapter 10: General BSC Operational Settings10-20• admin - Administrator login page at the specified host name and interface. Default host name: admin

Digital CertificatesBlueSecure™ Controller Setup and Administration Guide 10-21• BSC secure web login page (SSL) - As with any secure web page (SSL),

Chapter 10: General BSC Operational Settings10-22the server digital certificate). If you are using mutual authentication, mark the BSC Client Certific

Digital CertificatesBlueSecure™ Controller Setup and Administration Guide 10-235. When the provider returns the signed certificate, upload it to the B

Chapter 10: General BSC Operational Settings10-24Miscellaneous BSC OptionsUse the Miscellaneous page in the administrator console to configure miscell

Miscellaneous BSC OptionsBlueSecure™ Controller Setup and Administration Guide 10-25the Active Connections page (see “Monitoring Active User Connectio

Chapter 10: General BSC Operational Settings10-26Serial Console AccessAllow access via serial port? - By default, administrators are allowed to access

BlueSecure™ Controller Setup and Administration Guide 11-111Web LoginsThis chapter covers the following topics:• Customizing the User Login Page• The

Chapter 11: Web Logins11-2Customizing the User Login PageYou can customize the appearance of the web page that users see at login to maintain your org

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-3The default user login page along with the page elements that

iiCopyright NoticeCopyright © 2001- 2009 Bluesocket, Inc. All rights reserved.No part of this document may be reproduced in any form or by any means,

Chapter 1: An Overview of the BlueSecure Controller1-2An Introduction to the BlueSecure WLAN SolutionThe BlueSecure Controller (BSC) product family—BS

Chapter 11: Web Logins11-4Figure 11-3: Create New Custom Login Page

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-5Name Enter a meaningful name for the custom user login page y

Chapter 11: Web Logins11-6The Number of active sessions per username/authentication type applies to External Server Authentication methods only.HTML b

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-7Displaying the GUI Customization Page1. Click the Web Logins

Chapter 11: Web Logins11-8Spacing Specify the remaining spacing options, if necessary:Pixels between the form and the customized HTML - Spacing in pix

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-9Example Here is a test page for testing all custom variables.

Chapter 11: Web Logins11-10Redirecting Clients to an External Server for AuthenticationComplete the “Edit redirection for custom login Default” page t

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-11Currently Micros-Fidelio Opera 4 PMS, Authorize.net SIM, Aut

Chapter 11: Web Logins11-12BSC uses the email address internally as the account name, different from the user’s credit card account name). After the u

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-13Authorize.net AIMThe following setup is required to use the

An Introduction to the BlueSecure WLAN SolutionBlueSecure™ Controller Setup and Administration Guide 1-3Thus, unregistered users can be directed to a

Chapter 11: Web Logins11-14• On the BSC side, set “Server Address” to test.authorize.net and check off (turn on) “Enable test mode” • On the Authorize

Customizing the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-15Displaying the Hotspot Account Generation Page1. Click the W

Chapter 11: Web Logins11-16Response URL must be configured in the Merchant Interface.This will also cause error checking responses to be displayed dir

Uploading Image/Media Files for the User Login PageBlueSecure™ Controller Setup and Administration Guide 11-17entering an anonymous email account (lik

Chapter 11: Web Logins11-18The topleftlogo file can be any GIF, JPEG or PNG file with a recommended size of 133x64 pixels.• Normal - All other image a

Translating User Login PagesBlueSecure™ Controller Setup and Administration Guide 11-19• Chinese-Traditional (zh-TW/Big5)•Czech (UTF-8)• Dutch (UTF-8)

Chapter 11: Web Logins11-20Defining a User Login Page LanguageDisplaying the Create a User Login PageFigure 11-12: Create a User Login Page Language P

Translating User Login PagesBlueSecure™ Controller Setup and Administration Guide 11-21To define a new user login page language:1. Click the Web Login

Chapter 11: Web Logins11-22• Thank-You page - Enter any HTML code to disable URL redirection after login. The HTML is displayed in a standard Thank Yo

Installing a Custom SSL Login CertificateBlueSecure™ Controller Setup and Administration Guide 11-23• “Requesting a Certificate” on page 11-23.• “Uplo

Chapter 1: An Overview of the BlueSecure Controller1-4BSAPs are simple to configure (“zero touch”) and require only minimal provisioning to make them

Chapter 11: Web Logins11-24The CSR generated page appears as shown in Figure 11-14.To delete a CSR and start over, click Delete CSR of the left side o

Installing a Custom SSL Login CertificateBlueSecure™ Controller Setup and Administration Guide 11-25• The host name is the same one you entered in you

Chapter 11: Web Logins11-262. Upload the certificate as follows:a) Mark the BSC Client Certificate radio button.b) Click Browse, locate the file for t

Installing a Custom SSL Login CertificateBlueSecure™ Controller Setup and Administration Guide 11-27The SSL Certificate Generation page appears as sho

Chapter 11: Web Logins11-28Installing a Wildcard (*) SSL Certificate on Multiple BSCsBefore installing a wildcard SSL certificate on multiple BSCs, yo

BlueSecure™ Controller Setup and Administration Guide 12-112BlueSecure Access PointsThis chapter covers the following topics:•Overview• Deploying BSAP

Chapter 12: BlueSecure Access Points12-2OverviewBluesocket manufactures a line of next-generation “thin” access points that work in conjunction with B

Deploying BSAPs on the Same Layer-2 Subnet as the BSCBlueSecure™ Controller Setup and Administration Guide 12-3)Note: Connect only the recommended num

Chapter 12: BlueSecure Access Points12-4See “Configuring the BSC DHCP Server” on page 4-11 for information about running a DHCP server on the BSC. See

How a BSAP Discovers BSCsBlueSecure™ Controller Setup and Administration Guide 12-5• Protocol 97 and TCP/UDP Port 33333 traffic is allowed between BSA

The BlueSecure WLAN Solution End-user ExperienceBlueSecure™ Controller Setup and Administration Guide 1-5VoIP Protocols/VoWLAN SupportYou can configur

Chapter 12: BlueSecure Access Points12-6How a BSAP Selects a Home BSCWhen a BSAP discovers multiple BSCs to which it may connect, it uses the followin

Uploading BSAP Firmware FilesBlueSecure™ Controller Setup and Administration Guide 12-7model can have one Default firmware and one Alternative firmwar

Chapter 12: BlueSecure Access Points12-8Configuring Global Miscellaneous Non-Radio SettingsThe Wireless Global System Settings page is used to specify

Configuring Global Miscellaneous Non-Radio SettingsBlueSecure™ Controller Setup and Administration Guide 12-9The Bluesocket Sales team maps customers

Chapter 12: BlueSecure Access Points12-10Enable Front User Port - Mark the Enable Front User Port checkbox to enable the front ethernet port on the Wi

Configuring Global Radio SettingsBlueSecure™ Controller Setup and Administration Guide 12-113. Select the Sensor Frequency Band in which to scan (BSAP

Chapter 12: BlueSecure Access Points12-12

Configuring Global Radio SettingsBlueSecure™ Controller Setup and Administration Guide 12-13Advanced Settings for the 802.11b/g/n RadioMark the Displa

Chapter 12: BlueSecure Access Points12-142. Mark the Antenna Diversity radio button to specify whether the antenna is automatically selected based on

Configuring Global Radio SettingsBlueSecure™ Controller Setup and Administration Guide 12-15Load Balancing Enter the Average user count per AP, which

Chapter 1: An Overview of the BlueSecure Controller1-6Web-based User LoginsWhen leveraging the BSC's native authentication directory, or an exter

Chapter 12: BlueSecure Access Points12-16• 1 = Enabled2. BSAP1700: MIMO Network Density: Network Density refers to how many wireless networks are depl

Configuring Global Radio SettingsBlueSecure™ Controller Setup and Administration Guide 12-17Saving the settings7. Click Save to save the BSAP radio se

Chapter 12: BlueSecure Access Points12-18802.11a/n Radio ConfigurationSee “802.11b/g/n Radio Configuration” on page 12-10 for settings not described h

Editing Settings for an Individual BSAPBlueSecure™ Controller Setup and Administration Guide 12-19Operational ModeSelect one of the following from the

Chapter 12: BlueSecure Access Points12-20• Only Use Selected SSIDs - The BSAP will use only those SSIDs selected in the Select SSID picklist.)Note: On

Creating SSIDsBlueSecure™ Controller Setup and Administration Guide 12-21the BSAP and all wireless clients. The PSK mode uses either TKIP or AES for p

Chapter 12: BlueSecure Access Points12-22TKIP (This option cannot be used with 802.11n when connecting at rates above 54Mhz). Temporal Key Integrity P

Creating SSIDsBlueSecure™ Controller Setup and Administration Guide 12-23The SSID is case sensitive and can consist of up to 32 alphanumeric character

Chapter 12: BlueSecure Access Points12-243. Enter keys as 10 hexadecimal digits (0 to 9 and A to F) for 64 bit keys, 26 hexadecimal digits for 128 bit

Creating BSAPsBlueSecure™ Controller Setup and Administration Guide 12-25Displaying the Create new AP pageClick the Wireless tab in the BSC administra

BlueSecure Controller ModelsBlueSecure™ Controller Setup and Administration Guide 1-7a user on any authentication server. Typically, guest roles are c

Chapter 12: BlueSecure Access Points12-26Display Specify which login page to display to users logging into the BSC on the managed interface via this B

Enabling BSAP ServiceBlueSecure™ Controller Setup and Administration Guide 12-27• Configured APs - The BSC accepts connections from only those BSAPs t

Chapter 12: BlueSecure Access Points12-28• Autochannel BG - Mark/unmark this checkbox to enable/disable the BSC to dynamically change the 802.11b/g/n

Displaying Configured BSAPsBlueSecure™ Controller Setup and Administration Guide 12-29Displaying Configured BSAPsAfter you have created BSAPs as descr

Chapter 12: BlueSecure Access Points12-30• Click to accept all the DynamicRF recommendations for channel and power.The configuration will be saved t

BlueSecure™ Controller Setup and Administration Guide 13-113RF Intrusion Detection and ContainmentThe BSC detects and protects against rogue devices,

Chapter 13: RF Intrusion Detection and Containment13-2Identifying Authorized RF Stations on Your NetworkTo better track rogue devices on your network,

Configuring RF AlarmsBlueSecure™ Controller Setup and Administration Guide 13-3• Rogue - This station is not authorized to be on the network and an al

Chapter 13: RF Intrusion Detection and Containment13-4Client BSSID Changed Mobile station has changed its BSSID. D Client Limit Maximum client limit p

Configuring RF AlarmsBlueSecure™ Controller Setup and Administration Guide 13-5Configuration Procedure1. Click the Wireless tab in the BSC administrat

Chapter 1: An Overview of the BlueSecure Controller1-8Mobility® MatriX WLAN deployment, providing centralized management and control of configuration

Chapter 13: RF Intrusion Detection and Containment13-6• Severe - This is the highest alert level and is usually associated with a WLAN intrusion, e.g.

Configuring AutocontainmentBlueSecure™ Controller Setup and Administration Guide 13-72. Mark the Enable Autocontainment checkbox to enable RF autocont

Chapter 13: RF Intrusion Detection and Containment13-8

BlueSecure™ Controller Setup and Administration Guide 14-114Secure Mobility® MatriXThis chapter provides procedures for configuring a large-scale wire

Chapter 14: Secure Mobility® MatriX14-2An Overview of the Secure Mobility MatriXWhere multiple BlueSecure Controllers are deployed across multiple WLA

Secure Mobility®BlueSecure™ Controller Setup and Administration Guide 14-3General Configuration ProcedureFollow these high-level steps to configure a

Chapter 14: Secure Mobility® MatriX14-4How Secure Mobility WorksThe following figure illustrates how Secure Mobility works. For simplicity, two wirele

Secure Mobility®BlueSecure™ Controller Setup and Administration Guide 14-5A single BSC in the Secure Mobility configuration is configured as the Mobil

Chapter 14: Secure Mobility® MatriX14-6subnet. BSC protected interfaces that are not connected to a router may be on the same subnet. The following fi

Secure Mobility®BlueSecure™ Controller Setup and Administration Guide 14-7communicating with each other, thus providing an extra layer of security. Th

BlueSecure Controller ModelsBlueSecure™ Controller Setup and Administration Guide 1-9option is available to support direct connection of PoE access po

Chapter 14: Secure Mobility® MatriX14-8a) Enter the IP address of the protected interface on the Node and an optional description in the fields provid

Secure Mobility®BlueSecure™ Controller Setup and Administration Guide 14-9be any text string you choose, as long as it is the same for all BSCs in the

Chapter 14: Secure Mobility® MatriX14-10• Last Update - ID of last status update.• Last Update Message - Last message concerning Secure Mobility confi

ReplicationBlueSecure™ Controller Setup and Administration Guide 14-11A Comparison of Standard and Cascaded ReplicationIn addition to the standard rep

Chapter 14: Secure Mobility® MatriX14-12Step 1: Set Up Replication on the MasterSelect one BSC as the Replication Master. You can also set up a second

ReplicationBlueSecure™ Controller Setup and Administration Guide 14-13d) Optional. If you are configuring the replication feature to support a Load Sh

Chapter 14: Secure Mobility® MatriX14-145. Mark the Acquire a snapshot from the master? checkbox to configure the Replication Node to upload the datab

ReplicationBlueSecure™ Controller Setup and Administration Guide 14-156. Do not restart the BSC until instructed to do so at the end of this procedure

Chapter 14: Secure Mobility® MatriX14-162. If you are supporting VoIP, make sure that you override the replicated IP addresses for the SpectraLink/Ava

Load SharingBlueSecure™ Controller Setup and Administration Guide 14-17Load SharingUse the BSC load sharing feature in environments where many wireles

Chapter 1: An Overview of the BlueSecure Controller1-10Typical BlueSecure WLAN Solution Network ConfigurationsTypically, you will install and configur

Chapter 14: Secure Mobility® MatriX14-18Network RequirementsEnsure that your BSC network meets the following requirements before you configure the BSC

Load SharingBlueSecure™ Controller Setup and Administration Guide 14-19sharing feature on up to six members of the local replication configuration inc

Chapter 14: Secure Mobility® MatriX14-20b) Select a weight (1 to 5) from the Weight drop-down menu to assign the LSG member.A low weight (e.g. 1) mean

Load SharingBlueSecure™ Controller Setup and Administration Guide 14-21• Enter a subnet mask in the Managed side netmask that specifies which bits in

Chapter 14: Secure Mobility® MatriX14-224. Mark the ID radio button that corresponds to the load sharing ID for the Load Sharing Node.5. Specify the L

Load SharingBlueSecure™ Controller Setup and Administration Guide 14-23You must allocate physical and virtual address carefully according to the subne

Chapter 14: Secure Mobility® MatriX14-24In the event of a down interface on a Load Sharing Group member, the Load Sharing Master will reassign the tra

Load SharingBlueSecure™ Controller Setup and Administration Guide 14-25Load Sharing Status SummaryYou can also display a quick visual snapshot of your

Chapter 14: Secure Mobility® MatriX14-26

BlueSecure™ Controller Setup and Administration Guide 15-115StatusThis chapter covers the following topics:• Monitoring Active User Connections• Viewi

Typical BlueSecure WLAN Solution Network ConfigurationsBlueSecure™ Controller Setup and Administration Guide 1-11authentication for those devices by f

Chapter 15: Status15-2Monitoring Active User ConnectionsYou can monitor and display active user connection status and other user information, such as

Monitoring Active User ConnectionsBlueSecure™ Controller Setup and Administration Guide 15-3• Role - Role assigned to this connection. To change a use

Chapter 15: Status15-4• Packets Dropped - Count of packets dropped due to blocked port(s).• Port N - Count of packets dropped on this blocked port.• S

Monitoring Active User ConnectionsBlueSecure™ Controller Setup and Administration Guide 15-5If you are monitoring BlueSecure Access Points connected t

Chapter 15: Status15-6• Associations - Wireless clients that have associated to the BSAP. Click (+) to expand the list of associations or (-) to colla

Monitoring Active User ConnectionsBlueSecure™ Controller Setup and Administration Guide 15-7Sensor IP or Sensor Location columns are visible, the colu

Chapter 15: Status15-8You must have the Macromedia Flash (Version 6 or later) browser plug-in installed and a VBScript-enabled browser [e.g., Microsof

Monitoring Active User ConnectionsBlueSecure™ Controller Setup and Administration Guide 15-9User connections are displayed on the horizontal axis and

Chapter 15: Status15-103. Click Filter to apply the filters you have defined. The Filter Users dialog closes and the graphical monitoring tool is refr

Displaying a BSC Status SummaryBlueSecure™ Controller Setup and Administration Guide 15-11alphanumeric characters in event descriptions, choose Search

BlueSecure™ Controller Setup and Administration Guide iiiContentsFigures ...

Chapter 1: An Overview of the BlueSecure Controller1-12Within either single- or multiple-BSC networks, you can set up pairs of redundant BSCs (must be

Chapter 15: Status15-12Displaying BSC Secure Mobility® StatusIf you have configured the BSC Secure Mobility feature to enable users to roam across sub

Displaying Power over Ethernet (PoE) StatusBlueSecure™ Controller Setup and Administration Guide 15-13Displaying Power over Ethernet (PoE) StatusFor t

Chapter 15: Status15-14Using Pre-defined Report DefinitionsThe following pre-defined report definitions are available to generate your BSC report:• To

Generating and Displaying BSC ReportsBlueSecure™ Controller Setup and Administration Guide 15-15• Log Level - Restricts collected data to records of a

Chapter 15: Status15-16Alternatively, you can generate a report for a specific time period. To do so, select Specific Time Period from the drop down a

Performing Standard Network Diagnostic TestsBlueSecure™ Controller Setup and Administration Guide 15-17To specify display or delivery of the report, c

Chapter 15: Status15-18Displaying the Task Execution MenuClick the Status tab in the BSC administrator console, click the Diagnostics tab, and then cl

Performing Standard Network Diagnostic TestsBlueSecure™ Controller Setup and Administration Guide 15-19Purge DHCP leasesMark this checkbox to purge ex

Chapter 15: Status15-20Capturing Network Traffic DataThe BSC allows you to capture network traffic data on any of its physical or VLAN interfaces, fil

Capturing Network Traffic DataBlueSecure™ Controller Setup and Administration Guide 15-216. Optional. To delete a traffic capture file, select the nam

BlueSecure™ Controller Setup and Administration Guide 2-12InstallationThis chapter provides complete installation procedures for the BlueSecure family

Chapter 15: Status15-22

BlueSecure™ Controller Setup and Administration Guide 16-116MaintenanceThis chapter covers the following topics:• Restarting, Rebooting, and Shutting

Chapter 16: Maintenance16-2Restarting, Rebooting, and Shutting Down the BSCMany configuration settings in the BSC do not take effect until you restart

Configuration Backup and RestoreBlueSecure™ Controller Setup and Administration Guide 16-3BackupAll BSC configuration information is stored in its int

Chapter 16: Maintenance16-41. Click the Maintenance tab and then click Configuration Backup/Restore. The BSC configuration backup and restore page app

Configuration Backup and RestoreBlueSecure™ Controller Setup and Administration Guide 16-5To reset all BSC configuration settings back to their defaul

Chapter 16: Maintenance16-6Un-registered;1;Allow;Any;Any;Outgoing;192.168.100.18/255.255.255.255;Any;Any;Un-registered;1;Allow;Any;Any;Outgoing;abc.go

Upgrading to a New Version of Runtime SoftwareBlueSecure™ Controller Setup and Administration Guide 16-73. After the database is backed up, click the

Chapter 16: Maintenance16-8e) Restart services on each BSC you have upgraded.3. Re-configure each original Node BSC as a Node and configure it to rece

Switching Between BSC Runtime Software VersionsBlueSecure™ Controller Setup and Administration Guide 16-9The Manage Patches for BSC page appears as sh

Chapter 2: Installation2-2Overview of the Installation ProcedureYou must complete the following steps to install the Bluesocket BSC:1. Prior to beginn

Chapter 16: Maintenance16-103. Click Switch, and then reboot the BSC manually when prompted.Exporting and Importing BSC Bulk Data FilesYou can export

Exporting and Importing BSC Bulk Data FilesBlueSecure™ Controller Setup and Administration Guide 16-115. Select the local data fields to export by mar

Chapter 16: Maintenance16-12)Note: When importing values, the BSC shows the values before it adds them to the configuration information. It will give

LicensesBlueSecure™ Controller Setup and Administration Guide 16-13BlueProtectThe license is supplied by Bluesocket as part of your BlueSecure Control

Chapter 16: Maintenance16-14BSAP 1840When purchasing BSAP-1840 APs, there are three SKUs: two hardware SKUs (same hardware, different serial numbers)

LicensesBlueSecure™ Controller Setup and Administration Guide 16-15failover, the license file is automatically copied between the primary and failover

Chapter 16: Maintenance16-16

BlueSecure™ Controller Setup and Administration Guide A-1AAn Overview of Virtual LANsThe Bluesocket BSC supports multiple VLANs on both the managed an

Appendix A: A-2LANs vs. VLANsA LAN is a broadcast domain composed of hubs, switches, or bridges that are physically wired to each other and to multipl

BlueSecure™ Controller Setup and Administration Guide A-3number. VLAN interfaces support all of the authentication types and services supported by the

Safety PrecautionsBlueSecure™ Controller Setup and Administration Guide 2-3• Do not allow liquid to enter the Bluesocket BSC chassis, and do not opera

Appendix A: A-4To configure a termination VLAN properly, do not configure a VLAN interface on the protected side with a VLAN ID that corresponds to a

Enforcing Network Usage Policies with VLANsBlueSecure™ Controller Setup and Administration Guide A-5Enforcing Network Usage Policies with VLANsIn addi

Appendix A: A-6

BlueSecure™ Controller Setup and Administration Guide B-1BProvisioning Network DHCP Servers to Support BSAPsThe BSAP needs the IP address of the home

Appendix B: B-2OverviewYou can deploy BSAPs on a routed network with Layer-3 connectivity to the BSC as shown in the following figure.In this deployme

BlueSecure™ Controller Setup and Administration Guide B-3The DHCP Vendor Classes dialog appears. 2. Click Add... and the New Class dialog appears, for

Appendix B: B-44. Click OK to close the New Class dialog. You will see that the BSAP vendor class is listed in the DHCP Vendor Classes dialog, for exa

BlueSecure™ Controller Setup and Administration Guide B-54. In the Option Type dialog:a) Enter a descriptive name in the Name field.b) Select Encapsul

Appendix B: B-6)Note: If you wish to prioritize certain BSCs to connect to, a failover option is allowed in the IP separated list. By prepending the l

BlueSecure™ Controller Setup and Administration Guide B-7More than one BSC IP address can be specified, separated by commas or semi-colons. The length

Chapter 2: Installation2-4BSC-2200/3200/5200 Displays, Controls, and ConnectorsThe following figure shows the Bluesocket BSC-5200 front and rear panel

Appendix B: B-8

BlueSecure™ Controller Setup and Administration Guide C-1CEndpoint ScanningBlueProtect ensures that a client device is a trusted end-point by performi

Appendix C: Endpoint ScanningC-2OverviewA “trusted end-point” refers to a client device that has been verified to be free of worm or virus infection a

Client Browser RequirementsBlueSecure™ Controller Setup and Administration Guide C-3HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Install CheckAn

Appendix C: Endpoint ScanningC-4Applet Loader PageThe Applet Loader Page has two responsibilities.1. The page gracefully handles non-compatible enviro

Creating a BlueProtect PolicyBlueSecure™ Controller Setup and Administration Guide C-5)Note: Any URL that appears in this window will be automatically

Appendix C: Endpoint ScanningC-65. Select the Save button.6. To configure Antivirus, Antispyware, or Firewall settings, click the link for your platfo

Creating a BlueProtect PolicyBlueSecure™ Controller Setup and Administration Guide C-7Figure C-2: Edit BlueProtect Policy

Appendix C: Endpoint ScanningC-8RemediationWhen an endpoint fails the security policy scan, the administrator can block the endpoint until it is in co

Assigning a BlueProtect Policy to a User RoleBlueSecure™ Controller Setup and Administration Guide C-9without credentials from getting to Remediation

BSC-2100 Displays, Controls, and ConnectorsBlueSecure™ Controller Setup and Administration Guide 2-5Admin Port Use the Admin port to manage your contr

Appendix C: Endpoint ScanningC-10Figure C-3: Client Display when Required Products Not InstalledFigure C-4: Overriding a Client Role

BlueSecure™ Controller Setup and Administration Guide D-1DSerial Port Access to Essential FunctionsOn a rare occasion, you may temporarily lose access

Appendix D: D-2Listing of Accessible Functions• 1) dbinit - Restore all values in the BSC back to their defaults.• 2) ifconfig - Show the NIC settings

BlueSecure™ Controller Setup and Administration Guide D-3Figure D-1: Recommended Null-modem Serial Cable PinoutL RPin ConnectionsL-SH R-SHL-1 L-7, R-8

Appendix D: D-4

BlueSecure™ Controller Setup and Administration Guide E-1EContacting Bluesocket, Inc.This appendix provides complete information for contacting Blueso

Appendix E: E-2Obtaining Technical SupportBluesocket is committed to providing complete technical support to its customers.If you have a question conc

BlueSecure™ Controller Setup and Administration Guide Glossary-1Glossary!802.11 x - A series of IEEE specifications for LANs, currently 802.11b, 802.1

GlossaryGlossary-2Authentication - Process whereby the identity of a person or process is verified. The BSC authenticates users by matching submitted

GlossaryBlueSecure™ Controller Setup and Administration Guide Glossary-3EAP-FAST (EAP-Flexible Authentication via Secure Tunneling) - A publicly acces

Chapter 2: Installation2-6LCD The BSC provides a 2x16 character, liquid crystal display (LCD) to display the IP address configured for its protected i

GlossaryGlossary-4Managed Remote Subnet - A BSC network configuration in which the local wireless subnet uses a router that does not use NAT and the B

GlossaryBlueSecure™ Controller Setup and Administration Guide Glossary-5RRADIUS (Remote Authentication Dial-In User Service) - An authentication and a

GlossaryGlossary-6

BlueSecure™ Controller Setup and Administration Guide Index-1IndexSymbols.BLUE file 16-3, 16-4.DEBUG file 16-4.DMP file 15-20Numerics802.11i preauthen

Index-2IndexAllow ICMP to protected Interface? 10-26Allow user logins 11-5Answer failed DNS queries? 10-19Antenna type, configuring fixed or external

IndexBlueSecure™ Controller Setup and Administration Guide Index-3models 1-7network configurations 1-10specifications 1-9Bluesocket SSL certificate, i

Index-4IndexDate setting, configuring the BSC’s 10-10Debug file, creating 16-4Debugging the BSC 16-4Default gateway IP address for remote clients to r

IndexBlueSecure™ Controller Setup and Administration Guide Index-5Enable MAC Device 5-5Enable QoS for this Service 8-15Enable show Cisco CDP Neighbors

Index-6IndexH.323 protocol, running as a BSC network service 8-14Heart beat 4-27Help button, enabling on the user login page 11-5Home BSC, how a BSAP

IndexBlueSecure™ Controller Setup and Administration Guide Index-7LLanguage code 10-4Languages, changing on the user login page 11-5LCD 2-4, 2-6, 2-7L

BSC-1200 Displays, Controls, and ConnectorsBlueSecure™ Controller Setup and Administration Guide 2-7Status LEDs The following table summarizes the sta

Index-8IndexManaged side of the network 1-2Managed virtual interface, configuring 4-23MatriX, secure mobilitygeneral configuration procedure 14-3overv

IndexBlueSecure™ Controller Setup and Administration Guide Index-9PPage controls, using 3-13Pass-through VLANs A-3Passwordadministrator account 3-2cha

Index-10IndexQQuality of service (QoS), defining for a network service 8-15Quarantined role for IDS 10-8Question mark (?) link 3-9RRack requirements 2

IndexBlueSecure™ Controller Setup and Administration Guide Index-11RFC822 6-19Rogue, identifying an RF station as 13-3Role elements, creating 8-10Role

Index-12IndexSorting administrator console data 3-12Sorting table data 3-12Space requirements 2-10Specifications for the BSC 1-9Specifications, BSC 1-

IndexBlueSecure™ Controller Setup and Administration Guide Index-13Trash can icon, using 3-11Troubleshooting your BSC’s configuration 16-4Trusted cert

Index-14Indexcreating on the protected side 4-5initiation A-4overview of A-1pass-through A-3termination A-3Vocera IP phone traffic, passing through th

Chapter 2: Installation2-8Admin Port Use the Admin port to manage your controller without needing to be connected to the managed or protected ports.

Preparing Your NetworkBlueSecure™ Controller Setup and Administration Guide 2-9On/Off Control Connect the BSC-600 to its power source, and then press

ivContentsBSC-2100 Displays, Controls, and Connectors ... 2-5BSC-1200 Displays, Controls, and Connectors ...

Chapter 2: Installation2-10• Ensure that your wireless devices (laptops, PDAs, etc.) are configured to receive IP addresses via DHCP.• Ensure that you

Mounting the BlueSecure Controller ChassisBlueSecure™ Controller Setup and Administration Guide 2-111. Choose a level, stable desktop that will suppor

Chapter 2: Installation2-12Rack-mounting the BlueSecure ControllerYou may install the Bluesocket BSC in any two-post equipment rack or cabinet that co

Connecting the BlueSecure Controller to Your NetworkBlueSecure™ Controller Setup and Administration Guide 2-13up the BSC by following the procedure gi

Chapter 2: Installation2-145. (BSC-600, BSC-2100, and BSC-2200/3200/5200 only). Press the Power button on front panel.As the BSC powers up, its coolin

LED Run Time Mode for BSC-600 and BSC-1200BlueSecure™ Controller Setup and Administration Guide 2-15Follow these steps to enable IEEE 802.3af Power-ov

Chapter 2: Installation2-16The fault light will be lit for a few seconds after an AP is disconnected.

BlueSecure™ Controller Setup and Administration Guide 3-13Administrator ConsoleThe BlueSecure Controller provides an intuitive, easy-to-use, administr

Chapter 3: Administrator Console3-2Logging Into the Administrator Console for the First TimeYou may access the Bluesocket BSC administrator console us

Using and Managing Administrator AccountsBlueSecure™ Controller Setup and Administration Guide 3-35. Acknowledge License AgreementA dialog appears dis

ContentsBlueSecure™ Controller Setup and Administration Guide vRecovery State...

Chapter 3: Administrator Console3-4• monitor - enables you to view but not change current BSC parameter settings. The default password for the monitor

Using and Managing Administrator AccountsBlueSecure™ Controller Setup and Administration Guide 3-5Changing an Administrator PasswordTo change the pass

Chapter 3: Administrator Console3-6Changing Your Login PasswordFor security purposes, we recommend that you periodically change the password you use t

Installing the Bluesocket SSL CertificateBlueSecure™ Controller Setup and Administration Guide 3-7)Note: As an alternative to installing the Bluesocke

Chapter 3: Administrator Console3-8An Overview of the Tabs on the ConsoleInformation in the BSC administrator console is presented as a series of tabb

Obtaining Online HelpBlueSecure™ Controller Setup and Administration Guide 3-9Voice Configure how voice traffic is passed through and managed by the B

Chapter 3: Administrator Console3-10Site MapClick on the Site Map link to display a clickable site map (the Site Map link is located in the upper righ

Error Checking on Page FormsBlueSecure™ Controller Setup and Administration Guide 3-11Error Checking on Page FormsRequired form elements are marked wi

Chapter 3: Administrator Console3-12Sorting and Filtering Table DataThe following table describes use of the column heading links and drop-down filter

Paging Through DataBlueSecure™ Controller Setup and Administration Guide 3-13Select the column(s) you wish to hide and then click Remove highlighted i

viContentsCreating a Schedule ... 8-17Creating Schedule Groups...

Chapter 3: Administrator Console3-14Downloading Administrator Console DataYou can download the administrator console page data you are currently viewi

Restarting the BSC to Activate Configuration InformationBlueSecure™ Controller Setup and Administration Guide 3-15Restarting the BSC to Activate Confi

Chapter 3: Administrator Console3-16

BlueSecure™ Controller Setup and Administration Guide 4-14NetworksThis chapter coves the following topics:• Defining the BSC Protected Physical Interf

Chapter 4: Networks4-2Defining the BSC Protected Physical InterfaceYou must configure the BSC to communicate with the protected (i.e., wired) side of

Defining the BSC Protected Physical InterfaceBlueSecure™ Controller Setup and Administration Guide 4-3Obtain IP settings from a DHCP server for the in

Chapter 4: Networks4-4interface as a trunk port. One ISP should be reachable from the protected physical interface and one from the protected VLAN.1.

Defining the BSC Protected Physical InterfaceBlueSecure™ Controller Setup and Administration Guide 4-52. Physically configure links, choosing one of t

Chapter 4: Networks4-6VLAN Settings 1. Ensure you have set up the protected physical interface as described in “Defining the BSC Protected Physical In

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-7Configuring a Protected Virtual Interface (Optional)This

ContentsBlueSecure™ Controller Setup and Administration Guide viiRF Intrusion Detection/RF Containment ... 12-3

Chapter 4: Networks4-8- If you are not running a DHCP server on your network, or if you want to conserve IP addresses or “hide” users on a private IP

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-9It is possible to configure client addressing on the man

Chapter 4: Networks4-10)Note: You must assign a fixed address to the managed interface.IP Address & NetmaskTo assign a fixed IP address to the man

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-11so, select the default user role from the Default role

Chapter 4: Networks4-12NAT the addresses to the protected interface addressMark this checkbox to activate Network Address Translation (NAT) to map all

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-13Address range to excludeOptional. If you have IP addres

Chapter 4: Networks4-14Dynamic DNS Mechanism by which the DNS server learns the assigned IP address and fully qualified domain name of a wireless clie

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-15Use the Fixed IP address assignments table ( as shown i

Chapter 4: Networks4-16)Note: Use care when choosing a specific role rather than Authenticate. The Specific Role option allows network transmission vi

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-173. Supply the following information for each managed si

viiiContentsVerifying Your Load Sharing Configuration ... 14-23Chapter 15 StatusMonitoring Active User Connections ...

Chapter 4: Networks4-181. Set up the managed physical interface as described in “Configuring a DHCP Relay Agent” on page 4-9 and in “Configuring the B

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-19• VLAN Type - The type of VLAN to create. Currently the

Chapter 4: Networks4-202. Select Managed-side Remote Subnet from the Create drop-down list on the Network page. The Create a Managed Remote Subnet pag

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-21• Netmask of Remote Subnet - When handing out addresses

Chapter 4: Networks4-22• Address range to dynamically assign - Optional. Enter range of addresses that DHCP can assign within a network address space

Configuring the BSC Managed InterfaceBlueSecure™ Controller Setup and Administration Guide 4-23associated with the option in the Code field, and selec

Chapter 4: Networks4-243. The Enable checkbox is marked by default to make the managed virtual interface available to wireless clients. Clearing the c

Configuring Failover ParametersBlueSecure™ Controller Setup and Administration Guide 4-253. Gateway: Allows connectivity to the Admin port through the

Chapter 4: Networks4-26)Note: On a BSC-600 or BSC-1200, the admin interface must be disabled in order to use the failover feature.)Note: On a BSC-600

Configuring Failover ParametersBlueSecure™ Controller Setup and Administration Guide 4-271. Click the Network tab in the BSC administrator console, an

ContentsBlueSecure™ Controller Setup and Administration Guide ixLANs vs. VLANs...

Chapter 4: Networks4-28• Primary machine identifier - Enter the MAC address of the primary BSC. In the event of a failover, this entry is used to iden

Configuring Static RoutesBlueSecure™ Controller Setup and Administration Guide 4-29To enable outbound administrator traffic from the Admin interface,

Chapter 4: Networks4-304. Enter the IP address of the gateway through which traffic is routed to the destination network in the Route Gateway field. T

Configuring AppleTalk RoutingBlueSecure™ Controller Setup and Administration Guide 4-31You can configure a default Rendezvous Point for group address

Chapter 4: Networks4-32where to send each packet of data. Each physical network must have one or more seed routers that broadcast the routing informat

Configuring AppleTalk RoutingBlueSecure™ Controller Setup and Administration Guide 4-33Configuration ProcedureYou must enable at least two BSC interfa

Chapter 4: Networks4-34b) Specify what version of AppleTalk is to be supported, Phase 1 or Phase 2, by selecting an option from the Phase menu.c) For

BlueSecure™ Controller Setup and Administration Guide 5-15Authentication Using Internal DatabaseFollow the procedures given in this chapter if:• You a

Chapter 5: Authentication Using Internal Database5-2Local BSC User AuthenticationYou can create local users and assign each to a previously defined ro

Creating/Editing/Deleting a Local User AccountBlueSecure™ Controller Setup and Administration Guide 5-34. To edit an existing user account, click the