Section |
Page |
NXC5200 |
1 |
About This User's Guide |
3 |
Document Conventions |
6 |
Safety Warnings |
8 |
Table of Contents |
9 |
User’s Guide |
23 |
Introduction |
25 |
1.1 Overview |
25 |
1.2 Rack-mounted Installation |
25 |
1.2.1 Rack-Mounted Installation Procedure |
26 |
1.2.2 LAN Module Installation Procedure |
27 |
1.3 Front and Back Panels |
29 |
1.3.1 1000Base-T Ports |
29 |
1.3.2 Optional Fiber Ports |
30 |
1.3.3 Front Panel LEDs |
31 |
1.4 Management Overview |
31 |
1.5 Starting and Stopping the NXC |
32 |
Features and Applications |
35 |
2.1 Features |
35 |
2.2 Applications |
37 |
2.2.1 AP Management |
37 |
2.2.2 Wireless Security |
37 |
2.2.3 Captive Portal |
38 |
2.2.4 Load Balancing |
38 |
2.2.5 Dynamic Channel Selection |
38 |
2.2.6 User-Aware Access Control |
39 |
2.2.7 Device HA |
39 |
The Web Configurator |
41 |
3.1 Overview |
41 |
3.2 Access |
41 |
3.3 The Main Screen |
43 |
3.3.1 Title Bar |
44 |
3.3.2 Navigation Panel |
44 |
3.3.3 Warning Messages |
49 |
3.3.4 Site Map |
50 |
3.3.5 Object Reference |
50 |
3.3.6 Tables and Lists |
55 |
Configuration Basics |
59 |
4.1 Overview |
59 |
4.2 Object-based Configuration |
59 |
4.3 Zones, Interfaces, and Physical Ports |
60 |
4.3.1 Interface Types |
60 |
4.3.2 Example Interface and Zone Configuration |
61 |
4.4 Feature Configuration Overview |
62 |
4.4.1 Feature |
62 |
4.4.2 Licensing Registration |
62 |
4.4.3 Licensing Update |
63 |
4.4.4 Wireless |
63 |
4.4.5 Interface |
63 |
4.4.6 Policy Routes |
63 |
4.4.7 Static Routes |
64 |
4.4.8 Zones |
64 |
4.4.9 NAT |
64 |
4.4.10 ALG |
64 |
4.4.11 Captive Portal |
65 |
4.4.12 Firewall |
65 |
4.4.13 Application Patrol |
65 |
4.4.14 Anti-Virus |
65 |
4.4.15 IDP |
66 |
4.4.16 ADP |
66 |
4.4.17 Device HA |
66 |
4.5 Objects |
66 |
4.5.1 User/Group |
67 |
4.5.2 AP Profile |
67 |
4.5.3 MON Profile |
68 |
4.6 System |
68 |
4.6.1 DNS, WWW, SSH, TELNET, FTP, and SNMP |
68 |
4.6.2 Logs and Reports |
68 |
4.6.3 File Manager |
69 |
4.6.4 Diagnostics |
69 |
4.6.5 Shutdown |
69 |
Tutorials |
71 |
5.1 Overview |
71 |
5.2 Sample Network Setup |
72 |
5.2.1 Tutorial Tasks |
73 |
5.2.2 Set the Management VLAN (vlan99) |
74 |
5.2.3 Set the Other VLANs (vlan101, vlan102) |
75 |
5.2.4 Configure the AAA Object |
77 |
5.2.5 Configure the Auth. Method Objects (staff, guest) |
79 |
5.2.6 Create the AP Profiles (staff, guest) |
80 |
5.2.7 Create the Guest User Account |
83 |
5.2.8 Configure the Captive Portal Settings |
84 |
5.2.9 Configure the Guest Firewall Rules |
85 |
5.3 Blocking Network Protocols |
87 |
5.3.1 Configuring the WLAN Zone |
87 |
5.3.2 Configuring the Firewall |
88 |
5.3.3 Blocking Sub-Protocols |
90 |
5.4 Rogue AP Detection |
92 |
5.4.1 Rogue AP Containment |
96 |
5.5 Load Balancing |
97 |
5.6 Dynamic Channel Selection |
98 |
Technical Reference |
101 |
Dashboard |
103 |
6.1 Overview |
103 |
6.1.1 What You Can Do in this Chapter |
103 |
6.2 Dashboard |
104 |
6.2.1 CPU Usage |
109 |
6.2.2 Memory Usage |
110 |
6.2.3 Session Usage |
111 |
6.2.4 DHCP Table |
112 |
6.2.5 Number of Login Users |
113 |
Monitor |
115 |
7.1 Overview |
115 |
7.1.1 What You Can Do in this Chapter |
115 |
7.2 What You Need to Know |
116 |
7.3 Port Statistics |
117 |
7.3.1 Port Statistics Graph |
118 |
7.4 Interface Status |
119 |
7.5 Traffic Statistics |
121 |
7.6 Session Monitor |
124 |
7.7 IP/MAC Binding Monitor |
127 |
7.8 Login Users |
128 |
7.9 AP List |
129 |
7.9.1 Station Count of AP |
130 |
7.10 Radio List |
131 |
7.10.1 AP Mode Radio Information |
132 |
7.11 Station List |
133 |
7.12 Detected Device |
134 |
7.13 Application Patrol |
135 |
7.13.1 Application Patrol: General Settings |
135 |
7.13.2 Application Patrol: Bandwidth Statistics |
136 |
7.13.3 Application Patrol: Protocol Statistics |
137 |
7.13.4 Application Patrol: Protocol Statistics by Rule |
138 |
7.14 Anti-Virus |
139 |
7.15 IDP |
141 |
7.16 View Log |
143 |
7.17 View AP Log |
146 |
Registration |
151 |
8.1 Overview |
151 |
8.1.1 What You Can Do in this Chapter |
151 |
8.1.2 What you Need to Know |
151 |
8.2 Registration |
153 |
8.3 Service |
155 |
Signature Update |
157 |
9.1 Overview |
157 |
9.1.1 What You Can Do in this Chapter |
157 |
9.1.2 What you Need to Know |
157 |
9.2 Anti-Virus |
158 |
9.3 IDP/AppPatrol |
159 |
9.4 System Protect |
161 |
Wireless |
163 |
10.1 Overview |
163 |
10.1.1 What You Can Do in this Chapter |
163 |
10.1.2 What You Need to Know |
163 |
10.2 Controller |
164 |
10.3 AP Management |
165 |
10.3.1 Edit AP List |
166 |
10.4 MON Mode |
167 |
10.4.1 Add/Edit Rogue/Friendly List |
169 |
10.5 Load Balancing |
170 |
10.5.1 Disassociating and Delaying Connections |
171 |
10.6 DCS |
173 |
10.7 Technical Reference |
174 |
10.7.1 Dynamic Channel Selection |
174 |
10.7.2 Load Balancing |
176 |
Interfaces |
177 |
11.1 Interface Overview |
177 |
11.1.1 What You Can Do in this Chapter |
177 |
11.1.2 What You Need to Know |
177 |
11.2 Ethernet Summary |
178 |
11.2.1 Edit Ethernet |
180 |
11.2.2 Object References |
185 |
11.3 VLAN Interfaces |
186 |
11.3.1 VLAN Summary |
188 |
11.3.2 Add/Edit VLAN |
189 |
11.4 Technical Reference |
193 |
Policy and Static Routes |
197 |
12.1 Overview |
197 |
12.1.1 What You Can Do in this Chapter |
197 |
12.1.2 What You Need to Know |
197 |
12.2 Policy Route |
199 |
12.2.1 Add/Edit Policy Route |
202 |
12.3 Static Route |
206 |
12.3.1 Static Route Setting |
207 |
12.4 Technical Reference |
208 |
Zones |
213 |
13.1 Overview |
213 |
13.1.1 What You Can Do in this Chapter |
214 |
13.1.2 What You Need to Know |
214 |
13.2 Zone |
215 |
13.3 Add/Edit Zone |
216 |
NAT |
217 |
14.1 Overview |
217 |
14.1.1 What You Can Do in this Chapter |
217 |
14.2 NAT Summary |
218 |
14.2.1 Add/Edit NAT |
219 |
14.3 Technical Reference |
222 |
ALG |
225 |
15.1 Overview |
225 |
15.1.1 What You Can Do in this Chapter |
225 |
15.1.2 What You Need to Know |
226 |
15.1.3 Before You Begin |
227 |
15.2 ALG |
228 |
15.3 Technical Reference |
230 |
IP/MAC Binding |
233 |
16.1 Overview |
233 |
16.1.1 What You Can Do in this Chapter |
233 |
16.1.2 What You Need to Know |
234 |
16.2 IP/MAC Binding Summary |
234 |
16.2.1 Edit IP/MAC Binding |
235 |
16.2.2 Add/Edit Static DHCP Rule |
237 |
16.3 IP/MAC Binding Exempt List |
238 |
Captive Portal |
239 |
17.1 Overview |
239 |
17.1.1 What You Can Do in this Chapter |
240 |
17.2 Captive Portal |
240 |
17.2.1 Add Exceptional Services |
242 |
17.2.2 Auth. Policy Add/Edit |
243 |
17.3 Login Page |
245 |
Firewall |
249 |
18.1 Overview |
249 |
18.1.1 What You Can Do in this Chapter |
249 |
18.1.2 What You Need to Know |
250 |
18.1.3 Firewall Rule Example Applications |
252 |
18.1.4 Firewall Rule Configuration Example |
255 |
18.1.5 Asymmetrical Routes |
256 |
18.2 Firewall |
257 |
18.2.1 Add/Edit Firewall Screen |
260 |
18.3 Session Limit |
262 |
18.3.1 Add/Edit Session Limit |
263 |
Application Patrol |
265 |
19.1 Overview |
265 |
19.1.1 What You Can Do in this Chapter |
265 |
19.1.2 What You Need to Know |
266 |
19.1.3 Application Patrol Bandwidth Management Examples |
271 |
19.2 Application Patrol Common Applications |
275 |
19.2.1 Edit Application |
276 |
19.2.2 Add/Edit Policy |
279 |
19.3 Other Applications |
281 |
19.3.1 Add/Edit Policy |
284 |
Anti-Virus |
287 |
20.1 Overview |
287 |
20.1.1 What You Can Do in this Chapter |
287 |
20.1.2 What You Need to Know |
288 |
20.1.3 Before You Begin |
289 |
20.2 Anti-Virus Summary |
290 |
20.2.1 Add/Edit Rule |
293 |
20.3 Black List |
295 |
20.4 Add/Edit Pattern |
296 |
20.5 White List |
298 |
20.6 Signature |
299 |
20.7 Technical Reference |
301 |
IDP |
303 |
21.1 Overview |
303 |
21.1.1 What You Can Do in this Chapter |
303 |
21.1.2 What You Need To Know |
303 |
21.1.3 Before You Begin |
304 |
21.2 IDP Summary |
304 |
21.3 Profile Summary |
307 |
21.3.1 Base Profiles |
308 |
21.4 Creating New Profiles |
309 |
21.5 Add/Edit Profile |
311 |
21.5.1 Policy Types |
314 |
21.5.2 IDP Service Groups |
316 |
21.5.3 Query View Screen |
317 |
21.5.4 Query Example |
319 |
21.6 Custom IDP Signatures |
320 |
21.6.1 IP Packet Header |
320 |
21.7 Custom Signatures |
321 |
21.7.1 Add/Edit Custom Signature |
323 |
21.7.2 Custom Signature Example |
329 |
21.7.3 Applying Custom Signatures |
331 |
21.7.4 Verifying Custom Signatures |
332 |
21.8 Technical Reference |
333 |
ADP |
337 |
22.1 Overview |
337 |
22.1.1 What You Can Do in this Chapter |
337 |
22.1.2 What You Need To Know |
337 |
22.1.3 Before You Begin |
338 |
22.2 ADP Summary |
339 |
22.3 Profile Summary |
340 |
22.3.1 Base Profiles |
341 |
22.3.2 Creating New ADP Profiles |
342 |
22.3.3 Traffic Anomaly Profiles |
342 |
22.3.4 Protocol Anomaly Profiles |
345 |
22.3.5 Protocol Anomaly Configuration |
345 |
22.4 Technical Reference |
349 |
Device HA |
357 |
23.1 Overview |
357 |
23.1.1 What You Can Do in this Chapter |
357 |
23.1.2 What You Need to Know |
358 |
23.1.3 Before You Begin |
358 |
23.2 Device HA General |
359 |
23.3 Active-Passive Mode |
361 |
23.3.1 Edit Monitored Interface |
364 |
23.4 Technical Reference |
366 |
User/Group |
373 |
24.1 Overview |
373 |
24.1.1 What You Can Do in this Chapter |
373 |
24.1.2 What You Need To Know |
373 |
24.2 User Summary |
376 |
24.2.1 Add/Edit User |
376 |
24.3 Group Summary |
379 |
24.3.1 Add/Edit Group |
380 |
24.4 Setting |
381 |
24.4.1 Edit User Authentication Timeout Settings |
384 |
24.4.2 User Aware Login Example |
386 |
AP Profile |
387 |
25.1 Overview |
387 |
25.1.1 What You Can Do in this Chapter |
387 |
25.1.2 What You Need To Know |
387 |
25.2 Radio |
388 |
25.2.1 Add/Edit Radio Profile |
389 |
25.3 SSID |
392 |
25.3.1 SSID List |
392 |
25.3.2 Security List |
396 |
25.3.3 MAC Filter List |
399 |
MON Profile |
401 |
26.1 Overview |
401 |
26.1.1 What You Can Do in this Chapter |
401 |
26.1.2 What You Need To Know |
401 |
26.2 MON Profile |
402 |
26.2.1 Add/Edit MON Profile |
403 |
26.3 Technical Reference |
404 |
Addresses |
407 |
27.1 Overview |
407 |
27.1.1 What You Can Do in this Chapter |
407 |
27.1.2 What You Need To Know |
407 |
27.2 Address Summary |
407 |
27.2.1 Add/Edit Address |
409 |
27.3 Address Group Summary |
410 |
27.3.1 Add/Edit Address Group Rule |
411 |
Services |
413 |
28.1 Overview |
413 |
28.1.1 What You Can Do in this Chapter |
413 |
28.1.2 What You Need to Know |
413 |
28.2 Service Summary |
415 |
28.2.1 Add/Edit Service Rule |
416 |
28.3 Service Group Summary |
417 |
28.3.1 Add/Edit Service Group Rule |
418 |
Schedules |
419 |
29.1 Overview |
419 |
29.1.1 What You Can Do in this Chapter |
419 |
29.1.2 What You Need to Know |
419 |
29.2 Schedule Summary |
420 |
29.2.1 Add/Edit Schedule One-Time Rule |
421 |
29.2.2 Add/Edit Schedule Recurring Rule |
422 |
AAA Server |
425 |
30.1 Overview |
425 |
30.1.1 What You Can Do in this Chapter |
425 |
30.1.2 What You Need To Know |
425 |
30.2 Active Directory / LDAP |
429 |
30.2.1 Add/Edit Active Directory / LDAP Server |
430 |
30.3 RADIUS |
433 |
30.3.1 Add/Edit RADIUS |
434 |
Authentication Method |
437 |
31.1 Overview |
437 |
31.1.1 What You Can Do in this Chapter |
437 |
31.1.2 Before You Begin |
437 |
31.2 Authentication Method |
437 |
31.2.1 Add Authentication Method |
438 |
Certificates |
441 |
32.1 Overview |
441 |
32.1.1 What You Can Do in this Chapter |
441 |
32.1.2 What You Need to Know |
441 |
32.1.3 Verifying a Certificate |
443 |
32.2 My Certificates |
445 |
32.2.1 Add My Certificates |
447 |
32.2.2 Edit My Certificates |
451 |
32.2.3 Import Certificates |
454 |
32.3 Trusted Certificates |
455 |
32.3.1 Edit Trusted Certificates |
457 |
32.3.2 Import Trusted Certificates |
460 |
32.4 Technical Reference |
461 |
System |
463 |
33.1 Overview |
463 |
33.1.1 What You Can Do in this Chapter |
463 |
33.2 Host Name |
464 |
33.3 Date and Time |
464 |
33.3.1 Pre-defined NTP Time Servers List |
467 |
33.3.2 Time Server Synchronization |
468 |
33.4 Console Speed |
469 |
33.5 DNS Overview |
469 |
33.5.1 DNS Server Address Assignment |
469 |
33.5.2 Configuring the DNS Screen |
470 |
33.5.3 Address Record |
472 |
33.5.4 PTR Record |
473 |
33.5.5 Adding an Address/PTR Record |
473 |
33.5.6 Domain Zone Forwarder |
474 |
33.5.7 Add Domain Zone Forwarder |
474 |
33.5.8 MX Record |
475 |
33.5.9 Add MX Record |
476 |
33.5.10 Add Service Control |
476 |
33.6 WWW Overview |
477 |
33.6.1 Service Access Limitations |
477 |
33.6.2 System Timeout |
478 |
33.6.3 HTTPS |
478 |
33.6.4 Configuring WWW Service Control |
479 |
33.6.5 Service Control Rules |
483 |
33.6.6 HTTPS Example |
483 |
33.7 SSH |
490 |
33.7.1 How SSH Works |
491 |
33.7.2 SSH Implementation on the NXC |
492 |
33.7.3 Requirements for Using SSH |
492 |
33.7.4 Configuring SSH |
493 |
33.7.5 Examples of Secure Telnet Using SSH |
494 |
33.8 Telnet |
496 |
33.9 FTP |
497 |
33.10 SNMP |
500 |
33.10.1 Supported MIBs |
501 |
33.10.2 SNMP Traps |
501 |
33.10.3 Configuring SNMP |
502 |
33.11 Language |
503 |
Log and Report |
505 |
34.1 Overview |
505 |
34.1.1 What You Can Do In this Chapter |
505 |
34.2 Email Daily Report |
505 |
34.3 Log Setting |
507 |
34.3.1 Log Setting Summary |
508 |
34.3.2 Edit Log Settings |
510 |
34.3.3 Edit Remote Server |
514 |
34.3.4 Active Log Summary |
516 |
File Manager |
519 |
35.1 Overview |
519 |
35.1.1 What You Can Do in this Chapter |
519 |
35.1.2 What you Need to Know |
519 |
35.2 Configuration File |
522 |
35.3 Firmware Package |
525 |
35.4 Shell Script |
527 |
Diagnostics |
531 |
36.1 Overview |
531 |
36.1.1 What You Can Do in this Chapter |
531 |
36.2 Diagnostics |
531 |
36.3 Packet Capture |
532 |
36.3.1 Packet Capture Files |
534 |
36.3.2 Example of Viewing a Packet Capture File |
535 |
36.4 Wireless Frame Capture |
536 |
36.4.1 Wireless Frame Capture Files |
538 |
Reboot |
539 |
37.1 Overview |
539 |
37.1.1 What You Need To Know |
539 |
37.2 Reboot |
539 |
Shutdown |
541 |
38.1 Overview |
541 |
38.1.1 What You Need To Know |
541 |
38.2 Shutdown |
541 |
Troubleshooting |
543 |
39.1 Overview |
543 |
39.1.1 General |
543 |
39.1.2 Wireless |
555 |
39.2 Resetting the NXC |
557 |
39.3 Getting More Troubleshooting Help |
557 |
Product Specifications |
559 |
Log Descriptions |
565 |
Common Services |
613 |
Displaying Anti-Virus Alert Messages in Windows |
617 |
Importing Certificates |
619 |
Wireless LANs |
633 |
Open Software Announcements |
647 |
Legal Information |
699 |