...
A wizard will ask you basic questions about your intended configuration which are non eduroam-specific. Please complete the wizard by answering all the questions.
Pay special attention to step 6, where you configure the IP address. Remember to check the box "Configure default gateway" since the access point needs to talk to RADIUS, NTP and syslog servers, which may lie in a different subnet!
At step 8 of 9, you will encounter the first crucial setting for compliance with the eduroam policy: time synchronisation. The device suggests an NTP server (pool.ntp.org), which is a sane default setting. However, if you operate your own NTP server, you can select "Other..." and enter your own server name (see screenshot). TODO!
If you changed the IP address of the Access Point with the wizard, re-connect to the Access Point on its new address after finishing the wizard.We will now continue to the setup of the crucial settings that are needed for a eduroam policy compliant eduroam Access Point.
B.2.2
...
Timezone setup
The Access point needs to be synchronised with a NTP or SNTP time server . There was an opportunity to set this up in the initial wizard, but let's verify if the settings are correct(which was set up using the wizard), which requires correct timezone settings. Click on "Configuration" -> "Date & Time" -> "General". You should see the following menu:
1. Verify and verify that the correct time zone and dayight saving time settings are set (see screenshot).
B.2.
...
3 Logging
Another requirement in the eduroam policy is that the eduroam SP is required to maintain logs of the authentication and of MAC-address to IP address bindings. LANCOM devices can satisfy both by logging events via syslog. By default, the device keeps short-term logs by logging to "127.0.0.1". The logs look like the following:
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4c8751ee-7c93-44a4-bec5-037bcb9b1a47"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Associated WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7e623317-3d17-4be2-bd42-acb55c2c88af"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] WLAN station 64:b9:e8:a0:2e:a4 [] authenticated via 802.1x [user name is certuser-2010-001@restena.lu] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0e296ab8-3d87-498b-b64c-27ae33138216"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Key handshake with peer 64:b9:e8:a0:2e:a4 successfully completed | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ce895663-0147-4be3-af2a-e46c182c5645"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Connected WLAN station 64:b9:e8:a0:2e:a4 [] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8ab52814-77b9-4a9b-91c1-4220eebb47d5"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv4 address for station 64:b9:e8:a0:2e:a4 []: 158.64.3.24 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="872fb2cb-ae40-491b-8477-e8f0235ed86d"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: 2001:0a18:0000:0403:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="884748b7-adf4-45fb-b9d6-1f6726545974"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Determined IPv6 address for station 64:b9:e8:a0:2e:a4 []: fe80:0000:0000:0000:66b9:e8ff:fea0:2ea4 | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="897733ee-b53f-4b04-88a2-529b742d7923"><ac:plain-text-body><![CDATA[ | AUTH | Notice | [WLAN-1] Disassociated WLAN station 64:b9:e8:a0:2e:a4 [] due to station request (Disassociated because sending station is leaving BSS | ]]></ac:plain-text-body></ac:structured-macro> |
- Verify that the radio button is set to "Synchronize to a time server ..."
- The wizard suggested the server "pool.ntp.org" as a time source. This is a sane default choice, but if you have your own time server, you may want to set up that one instead. If so,
- Click on the link Time Server (NOT the menu Time Server on the left-hand side). Add your own server(s) as appropriate.
...
1. Select Configuration>Log &Trace>Syslog and check the box Send information.
2. Click Syslog clients>add.
3. Add (minimum) localhost: IP 127.0.0.1, and activate all sources:
The logs that are collected with the localhost setting will show up under
Expert Configuration>Status>TCP-IP>Syslog.
...