Spiceworks



Setting Up and Configuring the ZyXel NXC2500.An example based on a Community Centre with 2 physical network segmentsThe NXC2500 Wireless LAN Controller is configured as follows for 2 SSIDs for the Wi-Fi LAN;SSID1=Corporate and SSID2=Community-Centre. These are used to direct Wi-Fi traffic on to the correct side of the network.Refer to the wiring diagram in the appendix for how the unit is cabled up to the existing LANsSetup a computer with an IP Address on the range 192.168.1.x (except .1 or .2 as these are default addresses of the controller and any access points respectively)Connect the Ethernet cable from the computer to (an) interface (that will remain unused) on the NCX2500 (I.e. ge6 because all interfaces are a member of the default vlan0 that is built-in to the controller and used for AP Management)Open (best using Chrome or Firefox with Cookies & Java enabled)An unconfigured NXC2500 has the default user name and password of: admin / 1234After initial login choose and set the new password (returns to logon screen automatically afterwards)Then Logon again with the new passwordNavigate to and click on the Configuration Tab (on the left panel)Select Network > ZonesOn the Zones page edit the default Zone LAN to remove Interfaces: remove all except vlan0Now create 2 new ZonesCreate LAN2 as a new Zone and add the following Interfaces“ge1” (vlan1 will get added when its created later)Create LAN3 as a new Zone and add the following Interfaces“ge2” (vlan2 will get added when its created later)Navigate to and click on NetworksSelect InterfacesOn the Interfaces page, select EthernetSelect Ethernet Interface ge1 and choose EditConfigure the Interface to have a Static IP Address on the Corporate LAN (I used 192.168.172.253) and a Default Gateway (IP Address of Firewall Trusted Interface; 192.168.172.2)Set the Interface Type = InternalSet the Zone = LAN2Set the PVID = 10Now select Interface ge2 and select EditConfigure the Interface to have a Static IP Address on the Community-Centre LAN (I used 192.168.128.253) and a Default Gateway (IP Address of Firewall ‘s Optional Interface; 192.168.128.1)Set the Interface Type = InternalSet the Zone = LAN3Set the PVID = 20Now Select VLANS from the Interfaces pageSelect New VLANConfigure the first new VLAN as follows:Name = vlan1Interface Type = InternalPVID = 10Zone = LAN2set the Interfaces membership list as follows:ge1 : member = yes | Tx Tagging = noge2 : member = no | Tx Tagging = noge3 : member = yes | TX Tagging = yesge4 : member = no | TX Tagging = noge5 : member = no | TX Tagging = noge6 : member = no | TX Tagging = noSet a Static IP Address for vlan1 as below:IP Address = 192.168.172.254Subnet Mask = 255.255.255.0DHCP = NoneSaveConfigure the second new VLAN as follows:Name = vlan2Interface Type = InternalPVID = 20Zone = LAN3set the Interfaces membership list as follows:ge1 : member = no | Tx Tagging = noge2 : member = yes | Tx Tagging = noge3 : member = yes | TX Tagging = yesge4 : member = no | TX Tagging = noge5 : member = no | TX Tagging = noge6 : member = no | TX Tagging = noSet a Static IP Address for vlan1 as below:IP Address = 192.168.128.254Subnet Mask = 255.255.255.0DHCP = NoneSaveSelect Object > AddressChoose to Add a new Address objectSet the name = Community-Centre-TrafficSet the Address Type = INTERFACE GATEWAYSet the Interface = ge2Click OK to SaveSelect Network > RoutingNow Add a Policy Route and configure it follows:Description : Community-Centre-TrafficUser = anyIncoming = InterfacePlease select one member = vlan2Source Address = anyDestination Address = anyDSCP Code = anySchedule = anyService = anyNext Hop section…Type = GatewayGateway = choose “Community-Centre-Traffic “ from drop-down box (entry previously created in Object > Address)Click OK to saveAt this stage, all the physical and logical interfaces, addresses and VLANs have been created and configured, next the Access Point Profile (AP Profile) must be configured.Navigate to Configuration > Object > AP ProfileSelect the SSID tab, then SSID ListAdd a new SSID Profile for the Corporate LANSet the Profile name and the SSID to be identical : “Corporate”Leave everything else except the PVID at the defaults and set the PVID to “10”Click OK to SaveRepeat steps I through iii for the second SSID (Community-Centre) and set the PVID to “20”Click OK to SaveNext Select the Security List TabClick AddGive the Security Profile a name – CorporateSet the security Mode to WPA2-mixChange nothing else but scroll down to the Authentication Settings and set the Pre-Shared Key and Cipher type to either aes to tkipClick OK to saveClick Add again and create a second Security Profile for the Community CentreGive the Security Profile a name – Community-CentreSet the security Mode to WPA2-mixChange nothing else but scroll down to the Authentication Settings and set the Pre-Shared Key and the Cipher type either aes to tkipClick OK to saveNow select the Radio TabClick the Add button and give the profile a name (Corporate)Set the Band, Mode and Channel as required (site specific to actual location and other APs)Select which SSIDs the Radio Profile will have by using the drop-down choices for 1 and 2Disable all the other SSID’s in the MBSSID Settings boxClick OK to SaveNow go back to the SSID > SSID List and select each of the new SSID Profiles in turn;Choose to Edit the SSID ProfileSet the Security Profile relating to the SSID – I.e. for Corporate set Security Profile “Corporate”Now select Wireless > AP ManagementSelect the listed controllers and choose Edit on each of themOn the Edit windows select the Radio 1 Profile as new one you created at step 14-cClick OK to saveNow refer to the cabling diagram to wire-up the Controller to the relevant switches etcThe Switch used to connect the AP’s and the Controller Interface (ge3) will need to be configured for the same VLANS as created in the NXC2550 WLAN Controller itself.For example, on the PoE Switch supplied for the AP’s, open the Web Management Interface and login, select “Switching”, then “VLANS”. Create 2 new VLANS with ID’s 10 and 20. Set the port Membership for each VLANS to the 5 ports used by the AP’s and the Controller. All 5 ports must be members of VLAN’s 1 (default on Netgear Switch) and the two new VLANS – 10 & 20Connect Interface ge1 on the Controller to the Corporate LANs non-PoE LAN SwitchConnect Interface ge2 on the Controller to the Community Centre LANs Non-PoE SwitchConnect Interface ge3 on the controller to a port on the new PoE Switch which has been made a member of each of the 3 VLANSConnect each Access Point to the supplied PoE switch for the AP’s to a port with membership of all VLANsA wiring diagram is shown on the next page (Appendix A) ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download