5.5.1 Network
As the 2N access control units are connected to the LAN, make sure that their IP address has been set correctly or obtained from the LAN DHCP server. Configure the IP address and DHCP in the Network subsection.
Tip
- To know the current IP address of your device, use the 2N IP Network Scanner, which can be freely downloaded from 2N.com, or apply the steps described in the Installation Manual of the respective device.
If you use the RADIUS server and 802.1x-based verification of connected equipment, you can make the device use the EAP-MD5 or EAP-TLS authentication. Set this function on the 802.1x tab.
The Trace tab helps you launch capture of incoming and outgoing packets on the device network interface. The file with captured packets can be downloaded for Wireshark processing, e.g. (www.wireshark.org).
List of Parameters
- Use DHCP Server – enable automatic obtaining of the IP address from the LAN DHCP server. If the DHCP server is unavailable or inaccessible in your LAN, use the manual network settings.
- Static IP Address – display the static IP address of the device, which is used together with the below mentioned parameters if the Use DHCP Server parameter is disabled.
- Network Mask – set the network mask.
- Default Gateway – set the address of the default gateway, which provides communication with off-LAN equipment.
- Primary DNS – set the primary DNS server address for translation of domain names to IP addresses. The primary DNS value is 8.8.8.8 upon factory reset.
- Secondary DNS – set the secondary DNS server address, which is used in case the primary DNS is inaccessible. The secondary DNS value is 8.8.4.4 upon factory reset.
- Hostname – set the 2N device network identification.
- Vendor Class Identifier – set the vendor class identifier as a string of characters for DHCP Option 60.
- VLAN Enabled – enable the virtual network (VLAN) support (according to recommendation 802.1q). Set the virtual network ID too to make the function work properly.
- VLAN ID – select a virtual network ID in the range of 1-4094. The device shall receive only the packets tagged with this ID. A wrong setting may result in a connection loss and need to reset the device to factory values.
- Required Port Mode – set the preferred network interface port mode: Autonegotiation or Half Duplex – 10 mbps. The lower bit rate of 10 mbps may be necessary if the used network infrastructure (cabling) is not reliable for the 100mbps traffic.
- Current Port State – current network interface port state (Half or Full Duplex – 10 mbps or 100 mbps).
802.1x
Caution
- The authentication setting changes will not apply until the device is restarted.
- Device Identity – set the user name (identity) for authentication via EAP-MD5 and EAP-TLS.
- MD5 Authentication Enabled – enable authentication of network devices via the 802.1x EAP-MD5 protocol. Do not enable this function if your LAN does not support 802.1x. If you do so, the 2N device will become inaccessible.
- Password – enter the access password for EAP-MD5 authentication.
- TLS Authentication Enabled – enable authentication of network devices via the 802.1x EAP-TLS protocol. Do not enable this function if your LAN does not support 802.1x. If you do so, the 2N device will become inaccessible.
- Trusted Certificate – specify the set of trusted certificates for verification of the RADIUS server public certificate validity. Choose one of three sets of certificates; refer to the Certificates subsection. If no trusted certificate is included, the RADIUS public certificate is not verified.
- User Certificate – specify the user certificate and private key for verification of the device authorisation to communicate via the 802.1x-secured network element port in the LAN. Choose one of three sets of user certificates and private keys; refer to the Certificates subsection.
- Authentication Allowed – enable authentication of network devices via the 802.1x PEAP MSCHAPv2 protocol. Do not enable this function if your LAN does not support 802.1x. If you do so, the device will become inaccessible.
- Trusted Certificate – specify the CA certificate for verifying the RADIUS server public certificate validity. If none is available, the RADIUS server public certificate is not validated.
- Password – enter the access password for PEAP-MSCHAPv2 authentication.
OpenVPN
Use OpenVPN to connect the device to another network.
- Enabled – enables the virtual private network (VPN).
- Default Interface – if enabled, it directs all outgoing network traffic to the VPN interface outside the LAN mask.
- Server Address – OpenVPN Server Address
- Server Port – OpenVPN Server Port.
- Trusted Certificate – specify a set of certificates issued by certification authorities to verify the OpenVPN server public certificate validity. Choose one of three certificate sets, see the Certificates subsection. If no certificate issued by a certification authority is specified, the OpenVPN server public certificate is not validated.
- Client Certificate – specify a set of client certificates to verify the client’s identity by the OpenVPN server. Choose one of three certificate sets, see the Certificates subsection. If no client certificate is specified, the OpenVPN client identity is not validated.
- State – display the OpenVPN connection state: Connected/Disconnected.
- Error – display the OpenVPN connection error type if any.
- Start – connect the device to OpenVPN.
- Stop – disconnect the device from OpenVPN.
- VPN – display the basic information on VPN.
Tip
- Refer to FAQ for OpenVPN server and client setting details.