Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

103

53-1002516-01

Configuring WAN settings

5

4. Click Apply to save any changes to the WAN screen. Navigating away from the screen without

clicking the Apply button results in all changes to the screen being lost.

5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the WAN screen to the last saved configuration.

6. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring Network Address Translation (NAT) settings

Network Address Translation (NAT) converts an IP address in one network to a different IP address
or set of IP addresses in another network. The Mobility 5181 Access Point router maps its local
(inside) network addresses to WAN (outside) IP addresses, and translates the WAN IP addresses on
incoming packets to local IP addresses. NAT is useful because it allows the authentication of
incoming and outgoing requests, and minimizes the number of WAN IP addresses needed when a
range of local IP addresses is mapped to each WAN IP address. NAT can be applied in one of two
ways:

•

One-to-one mapping with a private side IP address
The private side IP address can belong to any of the private side subnets.

•

One-to-many mapping with a configurable range of private side IP addresses
Ranges can be specified from each of the private side subnets.

To configure IP address mappings for the Mobility 5181 Access Point:

1. Select Network Configuration -> WAN -> NAT from the Mobility 5181 Access Point menu tree.

2. Configure the Address Mappings field to generate a WAN IP address, define the NAT type and

set outbound/inbound NAT mappings.

Idle Time (seconds)

Specify an idle time in seconds to limit how long the Mobility 5181 Access
Point’s WAN connection remains active after outbound and inbound traffic
is not detected. The Idle Time field is grayed out if Keep-Alive is enabled.

Authentication Type

Use the Authentication Type menu to specify the authentication protocol(s)
for the WAN connection. Choices include None, PAP or CHAP, PAP, or CHAP.
Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) are competing identify-verification
methods.
PAP sends a username and password over a network to a server that
compares the username and password to a table of authorized users. If the
username and password are matched in the table, server access is
authorized. WatchGuard products do not support the PAP protocol because
the username and password are sent as clear text that a hacker can read.
CHAP uses secret information and mathematical algorithms to send a
derived numeric value for login. The login server knows the secret
information and performs the same mathematical operations to derive a
numeric value. If the results match, server access is authorized. After login,
one of the numbers in the mathematical operation is changed to secure
the connection. This prevents any intruder from trying to copy a valid
authentication session and replaying it later to log in.