Home AMX User Forum AMXForums Archive Threads AMX Hardware

Web acces with WAP 200

Hi

In my demo, I have an AP WAP200 who is secured with wep encryption.

I would like as my reps can go on internet over this AP (with a password) without install a new wireless router but I want to keep my AMX demo secured.
Is it possible?
If yes how I can do that?

Presently, when I tried to connect to network, the connection ask for the network key. Where I can find this key?

I tried to put the wep key as I found in the wap config but it's dosen't work

Comments

  • HedbergHedberg Posts: 671
    I don't have a WAP200G here in front of me to test, but you can definitely configure your WAP so wireless clients other than your touch panels can connect through it. I don't know how to password protect access, I don't know if it's possible. You can, of course, protect certain devices, like your master and the WAP itself, but I don't know how to password protect internet access.

    A couple things that might be fouling up your attempts:

    1. Depending on the wireless "card" that your client computers have, you may have to set up the network key either as ASCII characters or as HEX characters and you can probably choose which. Maske sure that you are not trying to enter the HEX representations when the interface is expecting ASCII. Of course, if your WEP key has non-printable HEX codes in it, then you probably cannot enter the key through an ASCII interface, as far as I know. I presume that you have one or more modero panels tied to your master through the WAP -- whatever you entered into your Modero for a key is what you need.

    2. It is my understanding that the modero panels do not support shared key WEP (because it is actually more vulnerable than open key). So, your WAP is set up with open key if your modero is accessing through it. Make sure that you are setting up your client computers with open key and not shared key WEP.

    3. Check for MAC address filtering on your WAP. If it's on, you have to get the MAC of every allowed client into the list.

    What I would do to connect a client computer:

    1. Turn off WEP and MAC filtering and turn on SSID broadcast.

    2. Your client computer should beg you to allow you to access this unprotected WAP and probably won't quit whining until you allow it -- IOW, connect. It should be almost automatic with all securiity off. Your client should automatically capture the SSID.

    3. Turn WEP on on your WAP and then turn on WEP on your client computer and enter the key and you should be connected. Your client software on your computer should give you an indication that the WAP is WEP protected. Open key encryption.

    4. Depending on the client software for your wireless "card" you may need to add the connection to an access list and make sure it is higher on the list than any other AP in range.

    5. Add the client MAC (along with all the other clients such as Moderos) to the filtering list and turn on MAC filtering. This doesn't actually add much protection, if I understand correctly, but it may keep out some under-achieving teenagers.

    6. Turn off SSID broadcast. Again, this offers protection only against the lazy, but that description probably includes your most likely illegal accessers.

    You should be able to just enter the MAC intor your WAP (if you're using filtering), enter the SSID into your client software, enter the key, and connect without turning WEP off and SSID broadcast on. Usually I'm successful doing this. Every once in a while, though, it just doesn't work because, no doubt, I'm doing something goofy. In those cases, opening everything up until the client computer connects and then adding the security back a step at a time solves it.
  • HedbergHedberg Posts: 671
    Of course, your WAP will not provide a DHCP server. If there is none on your network, then your client computers have to have a static IP address assigned. Probably whatever you have connecting your demo system to the internet already provides IP, mask, gateway, and DNS info, but I thought I'd mention it anyway.
  • viningvining Posts: 4,368
    You can get the key from your WAP security set up or simply go to your TP go to protected set up > secondary connection and the key should be listed that it is using to connect to the WAP and that's the same key you would use for laptops or any other wireless NIC.
  • There should be three ways you can attack this.

    1) Do you care if the AMX system itself has internet access? If no, get an inexpensive switch, use static IP's and a completely different network IP address naming scheme for the AMX system.

    2) Use a different subnet mask. By using the mask of 255.255.255.128 for both networks, it should effectively break the the IP addresses into two independent networks even though they have the same number series. This should secure your AMX system from your reps completely. Check some networking documentation on further implementation of this procedure.

    3) Do nothing special but password protect your master. Unless I am mistaken, your reps can't "mess" with your AMX unless web control is enabled, AND they have access to USING the web control. If they can't access the master, they can't access AMX.
  • DenisDenis Posts: 163
    Thanks

    The system has an internet acces, I will try differents scenario as your's suggest
Sign In or Register to comment.