WAB-3000 108Mbps Mesh AP/Bridge w/ Multi-SSID
Contents
1. 200 200 10 8 anstation e sent o a Ys 3 a Y Ne Won o so S 200 200 10 6 DHCP server 200 200 10 12 192 168 16 10 200 200 10 9 192 168 16 11 200 200 10 10 200 200 10 11 192 168 15 13 Under access point mode wired users on the same network and on the Internet can communicate with wireless devices on the AP because the AP is bridging the wireless and wired subnetwork Wireless Devices in gateway mode configuration can see each other but can t be accessed directly by the outside network because the outside network only sees the one address assigned by the network s DHCP server The Gateway creates a private wireless network 60 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration Configuring in Gateway Mode To configure the WAB 3000 in gateway mode complete the following steps 1 Log in to the WAB 3000 see Chapter 3 page 25 2 Using the navigation bar to the left navigate to the System Configuration Operating Mode screen select the Gateway Bridging Mode radio button and click Apply The WAB 3000 AP will reboot in gateway mode NOTE After the unit reboots you will need to enter the default sub net of the IP LAN address https 11192 168 16 1 Now you can log on to Also note that if you change modes from AP to Gateway your con figuration is not lost However if you switch from FIPS 140 2 submode to non2. Gougle e G Search 0 E3oblocked Check q YF 2 dl m f F search web gt 2 Er gt P welcome tour P choose Buttons gt LI Level One oa Add Tab O Viewnaint Bl Web Search Search Results LE Bookmarks Popups S r Photos Wireless AP Bridge AAA AA Operation Mode GatewayBridge Mode Username admin Host Hame default 192 168 202 211 Role Crypto Officer one WY eee mse Sa SS A gt _Monitoring Reports gt Adjacent AP List System Configuration roan Bis AB trust BSSID SSID Channel Signal Type Age WEP at aE 1 00 0b 6b 35 fd 08 istronNew SSV3TEST 1 13 A NA LAN O 2 00 0b 6b 4d e6 4c WistronNew default 1 mno oa deso aia Da 00 0b 6b 35 fc 94 WistronNew 1 a A A vos Security C 4 00 0b 6b 31 3a de WistronMNew Yendo1 1 1S TARO ANN Bae es des FJ 5 00 0b 6b 35 38 1f WistronNew 1 18 AP 1 Y ogue ection aa C 6 00 0b 6b 33 0e 41 WistranNew 11 6 AF AE Wireless Bridge 7 00 0b 6b 33 0d 84 WWistronNew 1 6 AP 0 N i Fe 56 5b e2 a4 13 3b UNKNOWN GuestinternetAccess 2 3 AdHoc Encryption FJ 9 00 0b 6b 35 19 5a WistronWNew default 1 4 AP MAC Address Filtering 10 00 0b 6h 31 3a a5WistronNew super 60 31 AP OF N Services Settings DHCP Server SNMP Agent 29000171 002 A 49 WAB 3000 Wireless Access Point DHCP Client List The Monitoring Report DHCP Client List screen displays all clients currently connected to the WAB 3000 via DHCP server
3. File Edit view Favorites Tools Help 3 Level One Microsoft Internet Explorer E Jus ar Back 7 ES L r r Search 7 Favorites 2 i w M y Address 1487 https 192 168 202 211 cgi bin sgateway PG 10 Y Go Google a Search ge 30 blocked a Check Ti url de Yr 2 Search Web 2 Ed Er E MP welcome Tour g Choose Buttons LevelOne s Add Tab gt Viewpoint Web Search Search Results 16 Bookmarks gt Pop ups kS Sle ME Photos Wireless AP Bridge Operation Mode Wireless AP Bridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer Wireless Access Point gt General System Configuration General MAC Address 00 08 68 35 FD 16 WistronNew Operating Mode 3 WAN SSID default LAN Wireless Mode 802 11b y Wireless Access Point CTT General Channel No 12 412 GHz Select tHe optimal channel Security i j No Wireless VLAN Automatically select the optimal channel at bootup MAC Address Filtering Tx Pwr Mode Auto Fixed Power Level Roque AP Detection Advanced Wireless Bridge General Beacon Interval 100 Range 20 1000 Radio Encryption RTS Threshold 2346 Range 1 2346 Services Settings DHCP Server TIM ee a Range 1 255 SNMP Agent Basic Rates 1 2 Mbps we Admin User Management LOCA List All Users Preamble Long Preamble Y Add New User Broadcast SSID Enable User Password Policy Monitoring Reports System Status Apply
4. _ Level One ele Add Tab Viewnolnt J Web Search Search Results E Bookmarks Pop ups WN gt Photos el Wireless AP Bridge er Operation Mode GatewayBridge Mode Username admin Host llame default 192 168 202 211 one Press CAPA 2 System Administration gt System Upgrade System Configuration General Firmware Upgradi Local Configuration Upgrade Remote Configuration Upgrade Operating Mode WAN LAN Select File to Transfer Wireless Access Point Local File Tag General z Security O Generated File Tag ASFOES4C80C1A MAC Address Filtering Generate random bridging configuration Generate Rogue AP Detection z Advanced Install generated file into this AP Install Wireless Bridge General Automatic IP Address Configuration AIPC Radio This feature appends the last 3 bytes of the MAC address to a private Class A IP address for automatic IP A ere address configuration MAC Address Filtering po nA a Services Settings Enable Disable DHCP Server Starting Auto IP Address 10 128 SNMP Agent Firewall Content Filtering Apply IP Filtering Port Filtering Virtual Server DMZ Advanced Update Site Map Admin User Management Select All MAC Address IP Address Parent Bridge File Tag Upgrade Status List All Users Add New User C 1 00 07 D5 01 00 1 192 168 16 11 User Password Policy 00 07 D5 01 00 69 192 168 16 1 00 07 D5 01 00 1C Monitoring Reports System Status Bridging Status Ap
5. gt ha https 1192 168 202 211 cgi binfsgateway PG 44 gt Go gt Google G Seach 9 Ei3oblocked Check YF Ge w Search Web 2 Av g GP Welcome Tour 4 Choose Buttons _ Level One s Add Tab Wrholnt Y Web Search Search Results LU Bookmarks Pop ups Slv Photos Wireless AP Bridge Operation Mode GatewayBridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer Firewall gt Virtual Server System Configuration Operating Mode Add Protocol Port and 1P Address Pat Protocol BOTH Wireless Access Point Port Range Genera Security Internal IP MAC Address Filtering External IP Any Address v Rogue AP Detection Advanced Add Wireless Bridge General irtual Server List Delete Protocol Port Range Internal IP External IP MAC Address Filtering Services Settings DHCP Server SNMP Agent i Done A Internet This is done by mapping virtual servers to private IP addresses according to the specific TCP port application As the planning table below shows we have identified a Telnet port 23 virtual server for private IP 192 168 15 56 a SMTP Mail port 25 virtual server for pri vate IP 192 168 15 33 and a Web port 80 virtual server for private IP 192 168 15 64 For example all Internet requests to the gateway for SMTP Mail services port 25 to the WAN IP address will redirected to the Pri vate Network computer speci
6. The following security modules have been implemented in the WAB 3000 e WEP e WPA WPA2 e AES CCM Wireless Basics Wireless networking uses electromagnetic radio frequency waves to transmit and receive data Communication occurs by establishing radio links between the wireless access point and devices configured to be part of the WLAN 2 29000171 001 A WAB 3000 Wireless Access Point Chapter 1 Introduction 802 11b The IEEE 802 11b standard ratified by IEEE establishes a stable stan dard for compatibility A user with an 802 11b product can use any brand of access point with any other brand of client hardware that is built to the 802 11b standard for basic interconnection 802 11b devices provide 11 Mbps transmission with a fallback to 5 5 2 and 1 Mbps depending on signal strength in the 2 4 GHz band For wireless devices to communicate with the WAB 3000 they must meet the following conditions e The wireless device and wireless access point must have been configured to recognize each other using the SSID a unique ID assigned in setup so that the wireless device is seen to be part of the network by the WAB 3000 e Encryption and authentication capabilities and types en abled must conform and e If MAC filtering is used the WAB 3000 must be configured to allow disallow the wireless device s MAC address to as sociate communicate with the WAB 3000 wireless inter face 802 11g Because 802 11g is backw
7. _ Level One lt gt Viewpoint one System Configuration General Operating Mode VAN LAN Wireless Access Point General Security Wireless VLAN MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radia Encryption Services Settings DHCP Server SNMP Agent Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Bridging Site Map Wireless Clients Adjacent AP List DHCP Client List Logs System Log Web Access Log System Administration l Done add Tab Web Search Search Results q Bookmarks lr Pop ups ace Ee E Gi Search y go 130 blocked l E Search Web 2 dr Gr MP welcome Tour g Choose Buttons ME Check v q CTA A A y AWN iuala nn A tells 1 ss rPrport f la Doa Tej Wo e Operation Mode Wireless AP Bridge Mode Username admin Role Crypto Officer System Configuration gt WAN Host Hame Links ej o ua ll 3 gt wepi Photos me Log On 1 al default 192 168 202 211 Link Speed and Duplex WAN Link Auto me IP Address Using DHCP to get an IP address Please refresh your browser if you see ail Os IP Address Subnet Mask Default Gateway DNS 1 DNS 2 192 168 202 211 255 255 254 0 192 168 202 1 192 168 202 39 192 168 202 50 Release and Renew Specify a static IP address IP Add
8. i Admin User Management This tag is applied to the ve configuration file and can be used for tracking files List All Users Enter File Tag Add New User z User Password Policy Monitoring Reports Apply System Status Done A Internet Option 1 Click Browse and select a configuration file to upload 29000171 002 A 53 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Remote Configuration Upgrade On the System Administration System Upgrade screen click on the Remote Configuration Upgrade tab to upload and download config uration files to access points in remote locations which are not configured This remote configuration upgrade feature allows you to selectively transfer a configuration file to other APs Once the file is transferred the remote AP will be rebooted Once the remote units are rebooted the site map can be updated and the File Tag will show the status of the units If the tag matches the local tag the unit was updated successfully 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back x Es P Search Hz Favorites C E ea Ss iai Mj i 4 Address E https 192 168 202 211 cgi bin sgateway PG 704 o g i E Go im gt Google GC Search 0 Eisoblocked Check com Yr gr i Search Web 2 B Gr P welcome Tour g Choose Buttons gt gt de Add Tab _ Level One eles o
9. VJ Laptop Ethernet Ethernet Repeater Bridging Setup Guide Manual Mode Wireless Bridge General Manual BridgingMode LED MAC from drop down list from drop down list from drop down list Spanning Tree Enable or Disable if Enable or Disable if Enable or Disable if no Protocol no bridging loop pos no bridging loop pos bridging loop possible sible sible Mig Beige O Tx Power Mode Propagation Dis lt 5 Miles lt 5 Miles lt 5 Miles tance RTS Threshold 2346 2346 2346 BSSID Add Bridge 2 s MAC Add Bridge 1 s and Add Bridge 2 s MAC Bridge 3 s MAC Wireless Bridge Encyption Wireless Configu Select appropriate key Select appropriate key Select appropriate key ration Bridging type length and enter type length and enter type length and enter Encryption key value Must be the key value Must be the key value Must be the same as that on the same as that on the same as that on the other other two Bridges other two Bridges two Bridges 29000171 002 A 87 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Repeater Bridging Setup Guide Auto Mode Direction Wireless Bridge General Auto Bridging Mode Bridge 2 Bridge 1 as Bridge 1 Signal Strength 9 9 9 Threshold Signal Strength Enter from list at Enter from list at the Enter from list at MAC the bottom of the bottom of the screen the bottom of the screen screen Wireless Brid
10. mall yt Pd l y li Search Web 2 E g ES Welcome Tour Pd Choose Buttons _ Level One oS Add Tab A Li Vrewnoint Wirelece AC n ud Vireless Al Bridge Operation Mode Gateway Bridge Mode Username admin Host Hame i default 192 168 202 211 Crypto Officer ao n e MET E vii z g yoe Services Settings gt DHCP Server System Configuration General Operating Mode WAN LAN Starting IP Address Wireless Access Point General Ending IP Address Enable Disable 192 168 ie 10 192 168 16 240 Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio WINS server Lease Period Apply mie Done 29000171 002 A A Internet 41 WAB 3000 Wireless Access Point SNMP Agent Chapter 3 Access Point Configuration The Service Settings SNMP Agent screen allows you to set up an SNMP Agent The agent is a software module that collects and stores management information for use in a network management system The WAB 3000 s integrated SNMP agent software module translates the device s management information into a common form for interpretation by the SNMP Manager which usually resides on a network administra tor s computer The SNMP Manager function interacts with the SNMP Agent to execute applications to control and manage object variables interface features and devices in
11. nal gt Viewnoint ul y B Photos Bl Web Search Search Results Bookmarks 7 Pop ups Zino ba Bie PEN cr ADL ridan puy s pen Pi reless AP we eee E Operation Mode GatewayBridge Mode Username admin Crypto Officer Host Hame default 192 168 202 211 System Administration gt System Upgrade System Configuration General Operating Mode WAN Firmware Upgrade Local Contiguration Upgrade Remote Configuration Upgrade LAN Wireless Access Point General Security MAC Address Filtering Roque AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Part Filtering Virtual Server DMZ Advanced Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status 2 Done Local File Tag Generated File Tag ASTOESCB0C1A Generate random bridging configuration Generate Install generated file into this AP Install Automatic IP Address Configuration AIPC This feature appends the last 3 bytes of the MAC address to a private Class A IP address for automatic IP address configuration Enable Disable Starting Auto IP Address Apply Site Map Update Site Map File Tag Upgrade Status 10 128 0 0 Select All MAC Address 4 00 07 D5 01 00 1C 00 07 D5 01 00 69 Apply IP Address
12. res https 192 168 202 211 cai bin sgateway PG 13 EJ so Google G Search 90 Ei3oblocked Check Yr ge w Search Web 2 dr Gr Q GP welcome Tour 4 Choose Buttons Level One Add Tab Wnolnt s 7 WebSearch Search Results Bookmarks Pop ups amp S y B Photos eve Wireless AP Bridge Operation Mode Gateway Bridge Mode Username admin Host llame default 192 168 202 211 one Role Crypto Officer Wireless Bridge gt General Monitoring System Configuration General y Operating Mode Bridging Mode Manual Bridging _ Auto Bridging WAN LAN Wireless Access Point Signal Strength LED MAC Not Assigned General Security Spanning Tree Protocol STP 802 1d Enable Disable MAC Address Filtering Rogue AP Detection Advanced Apply Wireless Bridge Soe al Remote AP s MAC Address adio n 7 Encryption MAC Address Signal Strength Radio Note MAC Address Filtering Services Settings DHCP Server SNMP Agent E Done A internet If you choose Auto Bridging mode then you will need to enter the follwoing information Enter the SSID This can be any set of letters and numbers assigned by the network administrator This nomenclature has to be set on the wireless bridge and each wireless device in order for them to communi cate Enter a number from 1 to 40 for the Max Auto Bridges Next enter the Bridge Priority range from 1 40 This determines the root lea
13. 1 2 5 5 11 6 12 24 Mbps 12500911 Mbps Basic Rates for 802 11b g Mixed 1 2 Mbps 1 2 90 11 Mbps Basic Rates for 802 11a 6 12 24 Mbps Basic Rates for 802 11a Turbo 6 12 24 Mbps Preamble Short Long Specifies whether frames are transmitted with Preamble the Short or Long Preamble Broadcast SSID Enabled When disabled the AP hides the SSID in disabled outgoing beacon frames and stations cannot obtain the SSID through passive scanning Also when it is disabled the AP doesn t send probe responses to probe requests with unspecified SSIDs 32 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Security The Wireless Access Point Security screen displays a default factory setting of no encryption but for security reasons it will not com municate to any clients unless the encryption is set by the CryptoOfficer There are different encryption options for the AP The following chart shows the differences Encryption Options None 802 111 and WPA Preshared Key or 802 1x us ing Radius Server and TKIP or AES CCMP Static WEP No Encryption In order to the WAB 3000 with no encryption you must actively select None and click Apply A screen will appear asking if you really want to operate in Bypass mode If you answer Yes no encryption will be applied 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help ar Back
14. A Search Results LE Bookmarks Pop ups s E W Photos i Username admin Host Name default 192 168 202 211 Role Crypto Officer a B gt Services Settings gt SNMP Agent O Enable Disable Community Source Access Control A None None v None v None ao Ww N m None v Secure User Configuration Settings SNMPv3 User name Authentication Type Password Encryption Type Password Mp5 S DES HB MDS DES Ml MDS x DES MDS i DES Bl A UU N rr System Information Location default location Contact EnginelD SNMPY3 Apply default contact i defaultlD Done 2 Internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration The SNMP configuration consists of several fields which are ex plained below e Community The Community field for Get Read Only Set Read amp Write and Trap is simply the SNMP terminology for password for those functions e Source The IP address or name where the information is ob tained e Access Control Defines the level of management interaction per mitted If using SNMPv3 enter a username minimum of eight characters authentication type with key and data encryption type with a key This configuration information will also need to be entered in your MIB man ager setup 29000171 002 A 43 WAB 3000 Wireless Access Point Chapter 3 Access
15. Bridging Status Done A internet 30 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Select the wireless mode from the drop down list You can choose from the following options e 802 11b e 802 11 e 802 11g Super e 802 11b g Mixed e 802 1la e 802 11a Turbo You can assign a channel number to the AP if necessary and modify the Tx Pwr Mode The Channel Number is a means of assigning frequencies to a series of access points when many are used in the same WLAN to minimize noise There are 11 channel numbers that may be assigned If you assign channel number 1 to the first in a series then channel 6 then channel 11 and then continue with 1 6 11 you will have the optimum frequency spread to decrease noise If you click on the button Select the optimal channel a popup screen will display the choices It will select the optimal channel for you You can also set it up to automatically select the optimal channel at boot up CHANNEL NO OPTIONS Wireless Mode Channel No 802 11b 1 2 412 GHz 802 11g 2 2 417 GHz 802 11b g Mixed 3 2 422 GHz 4 2 427 GHz 5 2 432 GHz 6 2 437 GHz 7 2 442 GHz 8 2 447 GHz 9 2 452 GHz 10 2 457 GHz 11 2 462 GHz 802 11g Super 6 2 437 GHz 802 11a 52 5 26 GHz 56 5 28 GHz 60 5 30 GHz 64 5 32 GHz 149 5 745 GHz 153 5 765 GHz 157 5 785 GHz 161 5 805 GHz 165 5 825 GHz 802 11a Turbo 50 5 25 GH
16. General The Wireless Bridge General screen contains wireless bridging in formation This page is important in setting up your bridge configuration e Manual wireless bridging 72 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Manual Bridging When the wireless bridge is in manual bridging mode you can manu ally select a signal strength LED MAC and enable or disable spanning tree protocol You can also delete remote AP s MAC addresses 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back x fe Y Search 7 Favorites Es a ey Address https 192 168 202 21 1 cgi bin sgateway PG 13 Ma T a rry Google G Search 9 30blocked Check Yr Ge we Search Web 2 Aly E GP welcome Tour g Choose Buttons _ Level One sP Add Tab sE ld IU Web Search Search Results 1 Bookmarks e Pop ups JE a Photos el Wireless AP Bridge Lena Operation Mode Gateway Bridge Mode Le Viewnoilnt v one System Configuration General Operating Mode WAN LAN Wireless Access Point General Username admin Host Hame default 192 168 202 211 Monitoring Role Crypto Officer Wireless Bridge gt General Bridging Mode Manual Bridging Auto Bridging Signal Strength LED MAC Not Assigned v Security MAC Address Filtering Rogue AP Detection Advanced Apply Wireless Bridge wth Remote AP s MAC Ad
17. Search S SS 30 blocked RE Check q Aura Noll 2 Es Y 2 Search Web 2 B Br P welcome Tour g Choose Buttons gt _ Level One F Add Tab E ae 7a La Viewnoint z one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General l Done eF tie P 7 WebSearch A Search Results LE Bookmarks mi Pop ups a S ME Photos sane Ieee ADAE re a v5 mm _ _ _ pn pu o p Wireless AP Bridge o Lan a Operation Mode Gateway Bridge Mode Username admin Role Crypto Officer Host Hame default 192 168 202 211 System Configuration gt LAN Link Speed and Duplex LAN Link Auto v IPv4 Address 192 168 16 AL Subnet Mask 255 255 255 Apply A internet vate LAN function for the access point You can also change the default subnet mask The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration Security Click the entry on the left hand navigation panel for Wireless Access Point Security This directs you to the Wireless Access Point Secu rity screen The default factory setting for the WAB 3000 in gateway mode is no encryption but for securit
18. VAT Google e C Search g E30blocked E Check q gt Jaja a Y 2 1 F Search Web 2 B Br P welcome Tour g Choose Buttons gt gt LI Level One ot Add Tab x 4 ws Viewnoint v 2 Web Search A Search Results LU Bookmarks El Pop ups cy Mie Photos K Wirel ess AP Bridge m A ee bas ana ba wo Operation Mode Gateway Bridge Mode admin Crypto Officer E E Username Host Name default 192 168 202 211 f 7S A AT Monitoring Reports gt Wireless Clients System Configuration General Operating Mode WAN LAN Wireless Access Point General Done Client MAC Address 00 0C F1 36 B2 B3 Transmit Rate 1 0 Mbps Signal Strength A Internet Adjacent AP List The Monitoring Report Adjacent AP List screen shows all the APs on the network If you select the check box next to any AP shown the AP will thereafter be accepted by the WAB 3000 as a trusted AP These APs are detected by the AP s wireless card and the wireless bridge s wireless card The list of APs are only within the band that can be seen from a particular channel For example if the AP is on channel 1 it will display APs on channels 1 3 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back gt x Es A F Search 7 Favorites E E Y a Address ta https 192 1 68 202 21 1 coi binfsgateway PG 67 Jf
19. gt Advanced Host Hame default 192 168 202 211 System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge Load Balancing O Enable Disable Publicly Secure Packet Forwarding No Inter client Communication O Enable Disable Apply Done 2 0 Internet Once you have made any changes click Apply to save Wireless Bridge The Wireless Bridge screens are described in Chapter 5 40 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Services Settings DHCP Server The Service Settings DHCP Server screen is used for configur ing the DHCP server function accessible from the Local LAN port The default factory setting for the DHCP server function is enabled You can disable the DHCP server function if you wish but it is not recommended You can also set the range of addresses to be assigned The Lease period after which the dynamic address can be reassigned can also be varied The DHCP server function accessible only from the LAN port is used for initial configuration of the management functions 23 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back gt x F P J Search 7 Favorites E gt Che Address dE https 192 168 202 211 cgi bin sgateway PG 30 Go Google se C Search gO 30blocked E Check
20. or IEEE 802 111 and WPA D Anil AlrGuar 144 Microsoft Internat Explorer Me tit Yer Pirri ine ree r Q O BAG Paren O SAURA A E heima 1152 160 15 Licgebinysoubeway7P Ger Eo gt Google w G awh gt DD Drie F cra gt gt e jet de A De Mvderas Anan Dra rom 4 f waseme Semthtenms Backmais Crops amp le gh oes pa AP Bridga an Upeialica Mede Vies Aino Mode Veet neme Crim f ico Most Mareo detaur 1197 168 294 754 Hote Crete Oficer one Gystem Cantina men rar Wireless Access Point VLAN 2 Enihi Dreahie yrrir aj Mead 1241 MANDO 1 Vir eters Ace Pow cas LAS avers ERE New VLAN me AS Cute Wa electa Vido PLATS it ANAA wv 20 wren Serdces Settings Hote IAE icort Arn Veet Management ua AD news After you create a VLAN you can modify it by selecting the VLAN from the existing VLAN list 3 3eTl AirGuard TM Microsoft Internet Explorer File Edit View Q Back Address E https 1 Favorites Tools Help a P J Search 7 Favorites E Wes 92 168 15 1 cgi bin sgateway PG 20 Google a pe SF G Search y Sy 24 blocked F Check i fed Options I Search amp in 8 D MNoyelowPages A AOL com Maps Shopping 4 Quol La Viewpomnt v 1 one System Configuration General Operating Mode WAN LAN Wireless Access Point General Wireless VLAN MAC Address Filtering Rogue AP Dete
21. 00074501001c 10 400 2 00 sec 3 00 sec 20 00 sec 300 00 sec 4 00 sec le 47 WAB 3000 Wireless Access Point 48 Chapter 3 Access Point Configuration Bridge Site Map The Bridge Site Map shows the spanning tree network topology of both wired and wireless nodes connected to the network The root STP node is always on top and the nodes of the hierarchy are displayed below it Wired links are double dotted lines and wireless links are single dotted lines This map does not update dynamically You must press the Update button to refresh the map 3 Level One Microsoft Internet Explorer File Edit Back A View Favorites ix El A Search 7 Favorites a Address e https 192 168 202 211 coi binfsgateway PG 691 SEE amp Tools Help 34auU 3 gt el Go n Google _ J C Seach 0 30blocked E Check q saumu Nor 2 i Wt gt 2 search Web 2 Edy E UP welcome tour P Choose Buttons gt _ LevelOne q La Vewnoint one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Roque AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering Virtual Server DMZ Advanced Admin User Management List All Users Add Tab 2 E Web
22. 1 Tx Power Mode Auto Auto Propagation Distance lt 5 Miles lt 5 Miles RTS Threshold 2346 2346 Wireless Bridge Encryption Bridging encryption options Select appropriate key type length and value Must be same as Bridge 2 Select appropriate key type length and value Must be same as Bridge 1 Wireless Bridge MAC Address Filtering Filtering Enable Disable Enable Disable Filter Type MAC Address Deny All Allow All Add MAC address of bridges Deny All Allow All Add MAC address of bridges 29000171 002 A 81 82 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration The following sequence walks you through the setup of bridge 1 Bridge 2 would duplicate this procedure with the BSSID of bridge 2 be ing the MAC address of bridge 1 and vice versa Navigate to the Wireless Bridge Radio screen In the first section you will see the MAC Address of the bridging card This is used as the BSSID on other WAB 3000s that will be communicat ingwith this one Select the Wireless Mode to be used for bridging Set the Tx Rate to a fixed transmit rate or select AUTO if you want the card to attempt to select the optimal rate for the channel If the Tx rate is set to a fixed rate then the card will only transmit at that rate Next select the Channel Number The Channel Number must be set to the same frequency in order for each bridge to commun
23. 192 168 16 11 192 168 16 1 Parent Bridge 00 07 05 01 00 1 A internet The random configuration file is used to update the bridging SSID and bridging encryption on other devices using the existing bridging link If the bridging key or the bridging SSID is changed on the normal configuration screen then the bridging link to the other devices will be terminated and the configuration can not be updated 54 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration To create a randomly generated bridging configuration file click Generate A new configuration is created in a temporary file and an Install button appears In order to transfer this file select the Generated File radio button check the desired recipients in the Site Map section and click Apply After the file has been successfully transferred to the recipi ents check the status field in the lower section click Install to apply the randomly generated configuration file to the AP Once applied the unit will reboot and start using the new configuration file 3 Level One Microsoft Internet Explorer EJ File Edit View Favorites Tools Help Hd Q a ES x Es P F Search 7 Favorites As 2 Lad Mj f 8 Address E https J192 168 202 211 cg bin sgateway PG 704 u E o E E EJ co Uni gt Gougle X ye G Search ney S 30 blocked po Check mi gt me ss YF 2 P E L v ll Search Web 2 Ar Gr GP welcome Tour G Choose Buttons ss
24. Bridge General Radia Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering Virtual Server C Search 0 Ss0blocked check F Y l Search Web 2 dr B D P welkome Tour 4 Choose Buttons s Add Tab Wireless AP Bridge Operation Mode GatewayBridge Mode admin default 192 168 202 211 Username Host Hame Role Crypto Officer Wireless Access Point gt MAC Address Filtering Filtering Enable Disable B Filter Type Deny All Except Those Listed Below Allow All Except Those Listed Below Deny All Except Those Listed Below Add MAC Address Note MAC Address Note Add MAC Address List Access from these clients is allowed all others are denied Delete MAC Address E Done A Internet This works as follows e If Filtering is enabled and Filter Type is Deny All Except Those Listed Below only those devices equipped with the authorized MAC addresses will be able to communicate with the access point In this case input the MAC addresses of all the PC cards that will be authorized to access this access point The MAC ad dress is engraved or written on the PC PCMCIA Card e If Filtering is enabled and Filter Type is Allow All Except Those Listed Below those devices with a MAC address which has been entered in the MAC Address listing will NOT be able to commu nicate with the access
25. Explorer File Edit View Favorites Tools Help O Back Y x Eil P J Search 7 Favorites he a 4 we Mj Address El https 192 168 202 211 fegi bin sgateway PG 66 5 i Google l C Seach 0 Eisoblocked F Check mi gt gt yr gr L we Search Web 2 A Br D GP welcome Tour g Choose Buttons gt E levelom Faama 1 Viewnoink s WebSearch Search Results Bookmarks Pop ups 7i Siz HE Photos Wireless AP Bridge Operation Mode GatewawBridge Mode Username admin Host Name one o aH CBC s Monitoring Reports gt System Lo Export System Configuration g P y g Espot ate Moss Aug 14 09 37 05 2006 default userwarn kernel wireless client starting LAN Aug 14 09 37 05 2006 default user warn kernel apvWlanState athO already stopped Wireless Access Point default 192 168 202 211 Aug 14 09 37 07 2006 2006 default syslog info System log daemon exiting 50 General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encrvistion Done Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jan 1 00 00 06 1970 Jand ONO AT _Aefault iser warn kernel Frasina init memnrw 199K 1970 default syslog info syslogd started BusyBox v0 60 1 2006 08 09 18 57 0000 default userwarn kernel ip_tables c 2000 Netfilter core team default user info kernel NET4 Unix domain s
26. SNMP management from WAN port These options allow you more control over your environment Level One Microsoft Internet Explorer Saz v File Edit View Favorites Tools Help Q O MAD Pre germ O G SaN 3 EJ so ine gt Address E https 192 168 202 211 cgi binfsgateway PG 46 Google Y IG Search 0 30blocked E check q eumu ds s Yyr 2 i Search Web 2 dr Gr GP welcome Tour g Choose Buttons Mn a S Viewnoint H Web Search je Search Results LU Bookmarks Popups W 5 M Photos now ff 7 WSIS AF riage n Operation Mode GatewawBridge Mode Username admin one Role Crypto Officer Firewall gt Advanced Host Name default 192 168 202 211 System Configuration General Operating Mode WAN LAN Wireless Access Point General Block Ping to WAN O Enable Disable Web based management from WAN port O Enable Disable Security MAC Address Filtering Roque AP Detection Advanced Wireless Bridge General Radio Apply Encryption MAC Address Filtering Done SNMP management from WAN port O Enable Disable B Internet 29000171 002 A 69 WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration This page intentionally left blank 70 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Chapter 5 Wireless Bridge Configuration Introduction In the WAB 3000 w
27. channel number Span ning Tree Protocol will usually be set to Enable If configured as in the diagram following Bridge 1 must contain all of the others BSSIDs while Bridge 2 n must only contain Bridge 1 s BSSID The BSSID of each is equivalent to the MAC address found on the Wireless Bridge Radio page Enter only hexadecimal numbers Data entry is not case sensitive Finally the wireless bridging encryption of each must be set to the appro priate type and key length and must be the same on all Because the WAB 3000 has two separate WLAN cards one for the AP and one for the Bridge each bridge can have a WLAN on the 802 11a protocol with no loss of efficiency in bridging if you wish The following diagram pictures a point to multipoint setup which might be of use where a company s network spans several buildings within a campus like setting 802 11b oy CN Bridge 2 Ethernet J i a ae S Bridge 1 N PA i 802 11a S Bridge 3 e L ethernet Y ZL Follow the steps of the procedure outlined in the point to point bridge section The chart following describes the basic attributes 29000171 002 A 85 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Point to Multipoint Bridging Setup Guide Manual Mode Direction Bridge 1 Bridge 2 n Wireless Bridge General Manual Bridgi
28. including their hostnames IP addresses and MAC Addresses The DHCP Client list constantly collects entries To remove entries from the list check mark the Revoke Entry selection and click Remove to confirm the action Chapter 3 Access Point Configuration 3 Level One Microsoft Internet Explorer He EM oe Parents foot feb Gm O rra amp baad M a D hepeta 1a 20 28 Leg tenfeg A a a gt Google seach gO Eines F chek gt E gt YI 2 e Seach Wed E gt OQ Piro toe Z Choose ticos a es F WebSeach P Semch Rents aomas ropas NM GB Penton Wireless AP Bridge in Ope ston Mode Oylowuptindge Modu Ue err tear ner admin Mort Inse default 192 162 202 211 one Inte Crypto UA Cer Monitoring Report gt DHCP Client List Data Cori ation ANOS Y DHCS sorvor lease penod 1 Day pra Mode Logs There are two logs available for viewing and exporting System Log The Logs System Log screen displays system facility messages with date and time stamp These are messages documenting functions performed internal to the system based on the system s functionality Generally the Administrator would only use this information if trained as or working with a field engineer or as information provided to technical support The System log continues to accumulate listings If you wish you can export the log and save it as a file on your PC Click on Export 3 Level One Microsoft Internet
29. media Consequently each type of network media requires a unique MAC address Authentication is the process of proving a client identity The WAB 3000 access points if set up to use MAC address filtering detect an attempt to connect by a client and compare the client s MAC address to those on a predefined MAC address filter list Only client addresses found on the list are allowed to associate MAC addresses are pre as signed by the manufacturer for each wireless card DHCP Server The DHCP function is accessible only from the local LAN port to be used for initial configuration Operator Authentication and Management Authentication mechanisms are used to authenticate an operator ac cessing the device and to verify that the operator is authorized to assume the requested role and perform services within that role The WAB 3000 provides authentication services for all users of the wireless network when they first attempt to connect While the user must log in basic non user generated information is allowed to pass on the wireless network prior to authentication including the authentication data to and from the authentication server and audit records passed from the client to the server The user is not allowed to specifically send any traffic over the net work until successful authentication Once successfully authenticated all actions taken by that user such as accessing a connected printer and by processes created or started by th
30. neighboring 2 4GHz WLANs that don t use Super G because there isn t enough room in the 2 4GHz wireless LAN spectrum for the increased spectrum used by channel bonding Moreover Super G doesn t check to see if 11b or 11g standards compliant devices are in range before using its non standard techniques Network Configuration The WAB 3000 is an access point with bridging setup capability e Access point Gateway plus e Wireless bridging with choice of Point to point setup Point to multipoint setup Repeater setup e Wireless mesh mode Bridging actually has more choices but the above choices are popular and are discussed later in this user guide Chapter 4 Access Point Configurations When a WAB 3000 is used as an access point IP addresses for wire less devices are typically assigned by the wired network s DHCP server The wired LAN s DHCP server assigns addresses dynamically and the AP virtually connects wireless users to the host wired network All wire less devices connected to the AP are configured on the same subnetwork as the wired network interface and can be accessed by devices on the wired network 4 29000171 001 A WAB 3000 Wireless Access Point Chapter 1 Introduction Possible AP Topologies 1 An access point can be used as a stand alone AP without any connection to a wired network In this configuration it simply provides a stand alone wireless network for a group of wireless devices 2 T
31. number of bytes used for the RTS CTS handshake boundary When a packet size is greater than the RTS threshold the RTS CTS hand shaking is performed Add the MAC address of the remote bridge The remote bridge s MAC address will appear at the bottom of the screen You can enter a note that defines the location of the remote bridge 77 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Wireless Bridge Encryption The Wireless Bridge Encryption screen is used to configure static encryption keys for the wireless bridge This is an important page to set up to ensure that your bridge is working correctly The encryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur On this screen you can select None or AES CCM 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help peck 7 E E to jJ Search 5 7 Favorites Es A a Cad M 3 Addres https 11192 168 202 211 fcgi bin sgateway PG 14 EE co inks Google G Search o 5 30 blocked WE Check 4 Aur E Yr gt or La Y a f Search Web 2 Aly Gr FP welcome Tour G Choose Buttons _ Level One F Add Tab EER v gt Gper ation Mode Gateway Bridge Mode Username admin Role C to om icer one l A Host llame default 192 168 202 211 System Configuration General Operating Mode Encryption T
32. of Radio and Telecommunications Engineers or equivalent institution The WAB 3000 operates with Power over Ethernet PoE which requires the installation of a separate Power injector which injects DC current into the Cat5 cable There are two versions of the WAB 3000 avail able the standard version with a temperature range of 5 degrees C to 50 degrees C and there is the extended temperature range product with a range of 30 degrees C to 70 degrees C The latter version of the product employs ThermoElectric Cooler TEC technology to extend the product into the higher temperature environment The TEC Technology comes with a price it requires power to transfer the heat Unfortunately this raises the electric current requirement to 25 watts beyond the 802 3af specification of 15 4 watts To ensure that the WAB 3000 with TEC option is provided with the power it requires an extended range PoE power injector is required such as the Model POE 1 or Hyperlink Technologies Model BT CAT5 P1 The WAB 3000 package includes the following items e The WAB 3000 Wireless Access Point e Qty 1 Mounting Kit e Oty 1 24W 48VAC PoE Injector e Qty 1 Power Cord e Qty 2 tri band 5dBi antennas e Qty 1 15 meter RJ45 CATS cable with watertight connector e Qty 1 1 5 meter bridge cable e Qty 1 ground cable e Documentation as PDF files on CD ROM e Registration and Warranty cards 29000171 002 A 13 WAB 3000 Wireless Access Point Chapter
33. point In this case navigate to the report Wireless Clients and copy the MAC address of any Wireless Cli ent that you want to exclude from communication with the access point and input those MAC Addresses to the MAC Address list 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Rogue AP Detection The Wireless Access Point Rogue AP Detection screen allows the network administrator to set up rogue AP detection Enable rogue AP detection and enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP You may add up to 20 APs Enter an email address for notification of any rogue or non trusted APs The MAC Address for the WAB 3000 is located on the System Configuration General screen You can also select the follow ing filter options e SSID Filter Check the SSID option to only send rogue APs that match the AP s SSID or wireless bridge s SSID e Channel Filter Check the channel filter option to only send rogue APs that match the AP s channel or the wireless bridge s channel e If both options are checked only APs that match both the SSID and channel are sent The Adjacent AP list under Monitoring Reports on the navigation menu will detail any marauding APs 3 Level One Microsoft Internet Explorer Beles v File Edit View Favorites Tools Help Back x Es P F Search 2 Favorites El E 2 4 Leal M Address dE https 119
34. the 802 1X Uncontrolled Port It is the responsibility of the authenticator Access Point to implement port blocking 802 11 depends upon IEEE 802 1X and the EAPOL Key 4 Way and Group Key Handshakes to establish and change cryptographic keys Keys are estab lished after authentication has completed Keys may change for a variety of reasons including expiration of an IEEE 802 1X authentication timer key compromise danger of compromise or policy 29000171 001 A 7 WAB 3000 Wireless Access Point Chapter 1 Introduction e 4 way handshake The 4 way handshake defined in 802 11i achieves the following important goals within the security protocol it confirms the PMK between the supplicant client and authenticator Access Point it establishes the temporal keys to be used by the data confi dentiality protocol it authenticates the security parameters that were negotiated it provides keying material to implement the group key handshake within 802 111 e AFS CCMP 802 111 and WPA2 employ AES CCM which is a com bination of AES Counter CTR mode per packet data encryption combined with AES Cipher Block Chaining Message Authentica tion Code CBC MAC per packet data integrity authentication of the entire packet including the MAC header AES CCMP has been deemed to surpass the RC4 stream cipher upon which the older WEP and WPA security protocols are based Wireless VLAN According to the IEEE VLANs defi
35. 168 202 21 1 cai bin sgateway PG 3 gt Go Google G Search g Eso blocked A Check y 3 gt yr oy q Search Web 2 B Gr P welcome Tour Choose Buttons Level One e Add Tab Viewpoint xj V A Wireless AP Bridge l t Username admin Host Name default 192 168 202 211 one Role Crypto Officer aS AAA Se Fe nr System Configuration gt Operating Mode System Configuration General ee Operating Mode Gateway Bridging Mode WAN O Wireless Access Point Bridging Mode LAN Wireless Access Point Appl General Apply Security E Done A internet 29000171 002 A 27 WAB 3000 Wireless Access Point 28 WAN Chapter 3 Access Point Configuration Click the entry on the left hand navigation panel for System Configu ration WAN This directs you to the System Configuration WAN screen If not using DHCP to get an IP address input the static IP information that the access point requires in order to be managed from the wired LAN This will be the IP address Subnet Mask Default Gateway and where needed DNS 1 and 2 Click Apply to accept changes 3 Level One Microsoft Internet Explorer File Edit Qx J view Favorites Tools Help el 2 de e Search LE Favorites 2 3 gt E A id fy E ER ay Address el https 192 1 68 202 2 1 1 icgi bin sgateway PG 1 Google YT gt Pl
36. 2 Hardware Installation The following items are accessories PoE Injector SO se Power Cord e Meter Antenna Extension Cable Outdoor Protection Kit The WAB 3000 can be mounted outdoors on a high post to achieve the best bridge result If mounted outdoors the outdoor protection kit must be used to prevent lightning damage To comply with FCC RF exposure compliance requirements the antennas used with the WAB 3000 must be installed with a minimum separation distance of 20 cm from all persons and must not be co located or operated in conjunction with any other antenna or transmitter Installation should be accomplished using the authorized cables and or connectors provided with the device or available from the manufacturer distributor for use with this device Changes or modifica tions not expressly approved by the manufacturer or party responsible for this FCC compliance could void the user s authority to operate the equip ment Installation Instructions The WAB 3000 is intended to be installed as part of a complete wire less design solution This manual deals only with the WAB 3000 device and its accessories The purpose of this chapter is the description of the device and its iden tifiable parts so that the user is sufficiently familiar to interact with the physical unit Preliminary setup information provided below is intended for information and instruction of the wireless LAN system administra tion personnel
37. 2 168 202 211 cgi binisgateway PG 15 i a zd GO ES yl CG Search oO S 30 blocked lr Check yey ig Fl search Web 2 dr Gr welkome Tour P Choose Buttons gt gt Gougle Y 2 L Level One Add Tab Le Vrewnoint v J WebSearch Search Results 1 Bookmarks z Pop ups s S z W Photos Wireless AP Bridge _ Lea Bia Operation Mode GatewayBridge Mode admin Crypto Officer JES 4 Username Host Name default 192 168 202 211 one Role A ARE A GEA EA SM Ss Wireless Access Point gt Rogue AP Detection System Configuration General Email Notification Operating Mode LAN To Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Filter Options FI ssID Filter C Channel Filter Apply Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering Virtual Server DMZ Advanced Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Add Known AP MAC Address Note Trusted AP You may enter up to 128 MAC addresses one per line You may also enter the note after MAC address Please use a space to separate the MAC address and note Example 665544332211 Build1_AP MAC Address Add Known AP MAC Address List Trusted AP Delete MAC Ad
38. 202 211 Role Crypto Officer one ryp A AS MESA A A APA oe JA System Configuration gt WAN System Configuration General Operating Mode WAN LAN IP Address 1 Netmask 1 Wireless Access Point gt General IP Address 2 Netmask 2 Security 2 Se MAC Address Filtering IP Address 3 Netmask 3 Rogue AP Detection IP Address 4 Netmask 4 Advanced a Wireless Bridge IP Address 5 Netmask 5 General Radio IP Address 6 al Netmask 6 Encryption y MAC Address Filtering cidad il Netmask 7 Services Settings IP Address 8 Netmask 8 DHCP Server gt SNMP Agent IP Address 9 Netmask 9 Firewall Content Filtering IP Address 10 i Netmask 10 IP Filtering Port Filtering Appl Virtual Server Apply El Done a Internet Main IP Setting IP Aliasing 29000171 002 A 63 WAB 3000 Wireless Access Point 64 LAN Click the entry on the left hand navigation panel for System Con Chapter 4 Gateway Configuration figuration LAN This directs you to the System Configuration LAN screen This sets up the default numbers for the four octets for a possible pri 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help x E A j Search 7 Favorites ES b EZ E lud M peck T UY Saz o Address g https 192 168 202 211 cgi binfsgateway PG 2 24 Go Links gt Google G
39. 29000171 002 A 61 WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration WAN In Gateway mode the System Configuration WAN screen has two tabs Main IP Setting and IP Aliasing Main IP Setting The Main IP Setting screen allows you to set Link Speed and Duplex of the WAN port If you select a choice other than Auto the default the WAB 3000 will use only the selected link speed 10 Mbits sec or 100 Mbits sec and Duplex Half Duplex transfers or Full Duplex transfers that you select in the WAN LAN Link drop down menu You also set information for how the IP address will be obtained The WAN IP address is the Public IP address required to link the private WLAN users to the external network which is to be outside the protected wireless LAN Normally you will be provided with the IP address Subnet Mask Default Gateway and DNS to assign by the Net work Administrator for the Ethernet Network There are two ways to configure the WAN IP address 1 Obtain an IP address Automatically This configuration allows the Ethernet network to use the DHCP server on the wired net work to dynamically assign the WAN IP address to the DHCP client in the gateway 2 Specify an IP address This configuration allows the user to manually type in a static IP address default gateway and Domain Name Server DNS if these are provided by the Ethernet network administrator 3 Level One Microsoll internet Lxplorar j w E ki
40. 80211a z LAN Wireless Access Point Tx Rate AUTO Y a General Channel No 60 5 3 GHz Security Lw EP MAC Address Filtering Tx Pwr Mode Auto Fixed Power Level Rogue AP Detection Propagation Distance lt 5 Miles Advanced Wireless Bridge RTS Threshold General Radio Encryption Apply MAC Address Filtering Done A Internet E o 29000171 002 A 75 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Radio Settings Wireless Mode 802 11b g Mixed 802 112 Super Sets the wireless mode for the wire less bridge 802 11a 802 11a Turbo 802 11b g Mixed AUTO When set to AUTO the card attempts 1 2 5 5 11 6 9 12 18 24 to select the optimal rate for the chan 36 48 54 Mbps nel If a fixed rate is used the card will only transmit at that rate 802 11g Super AUTO The card attempts to select the opti mal rate for the channel 802 11a AUTO When set to AUTO the card attempts 6 9 12 18 24 36 48 54 to select the optimal rate for the chan Mbps nel If a fixed rate is used the card will only transmit at that rate 802 11a Turbo AUTO The card attempts to select the opti mal rate for the channel 802 11b g Mixed Sets the channel frequency for the wireless bridge Tx Rate Channel No 2 452 GHz 10 2 457 GHz 11 2 462 GHz 802 11g Super 6 2 437 GHz Sets the channel frequency for the wireless bridge 802 11a S
41. 92 168 16 0 255 255 255 0 DMZ 192 168 202 0 255 255 254 0 Y Advanced default 0 0 0 0 192 168 202 1 Admin User Management List All Users Add New User User Password Policy Done 2 0 internet There are some pop up informational menus that give detailed infor mation about CPU PCI Interrupts Process and Interfaces Chapter 3 Access Point Configuration 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Bridging Status The Monitoring Report Bridging Status screen displays the Eth ernet Port STP status Ethernet DSL Port STP status Wireless Port STP status and Wireless Bridging information File Edit wiew Favorites Tools Help pack gt x E Y Search 7 Favorites L Li A E 5 3 dl EJ co gt Address https 192 168 202 21 1 coi bin sgateway PG 64 Minis Google Y IG search 30 Eisoblocked F Check ni YF 2 gt ve Search Web 2 dy Br 1D P welcome Tour g Choose Buttons gt Level One ES Add Tab El WebSearch Search Results Bookmarks Pop ups v S I Photos ai ceo ADL eda Leia Y al Furia SS Viewnolnt v Operation Mode Gateway Bridge Mode admin Crypto Officer Username Host Name default 192 168 202 211 one Pole Monitoring Reports gt Bridging Status System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filteri
42. A a lud Mj 3 Address e https 192 168 202 211 coi binfsgateway PG 52 Go Googlee G Search gt 80 E 30bboded check q eumu g MAT nal ajaj v inks 7 gt 3 yr Br x Search Web 2 dr P welcome Tour 4 Choose Buttons gt S gt Viewnoint Web Search Bi A Search Results T LU Bookmarks Fii popups ER EE A Operation Mode GatewawBridge Mode Username admin one Role Crypto Officer User Management gt Add New User System Configuration General i pS Operating Mode User ID Greg Password LAN Wireless Access Point Confirm Password General s Security Role Crypto Officer MAC Address Filtering Note Roque AP Detection Advanced Wireless Bridge Add Reset General 2 Done 29000171 002 A Host Hame default 192 168 202 211 M Photos Af a Internet 45 WAB 3000 Wireless Access Point Monitoring Reports This section gives you a variety of lists and status reports Most of these are self explanatory System Status The Monitoring Report System Status screen displays the status of the WAB 3000 device the network interface and the routing table File Edit View Favorites Tools Help 3 Level One Microsoft Internet Explorer Ja dd Q Back x Es A J Search 77 Favorites a e a had Mj 3 me gt Google C Search 90 Ss0blocked F Check q sumu ov
43. FIPS all previously entered information will be reset to factory settings 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help 7 3 A y i j ry Back a e Ta 4 Search HE Favorites Es Address https 192 168 202 211 cgi binfsgateway PG 3 G Search 50 Eiaoblocked Check Search Web 2 Ar ES Welcome Tour A Choose Buttons Google U Wet ME ia Level One s Add Tab Web Search gt Search Results U Bookmarks lt l Pop ups A Sl ME Photos MIL v Wireless AP Bridge Operation Mode Gateway Bridge Mode Username admin Role Crypto Officer System Configuration gt Operating Mode Host lame default 192 168 202 211 one System Configuration General R cdi 3 12 Gateway Bridging Mode Operating Mode SEG y ging WAN Wireless Access Point Bridging Mode LAN Wireless Access Point General Apply Security MAC Address Filtering A Internet E You can then proceed to change the management screens as necessary to reconfigure the device as a gateway Configuration in gateway mode allows you to set firewall parameters This is the main difference between the screens you will see in gateway mode and those covered in access point setup as discussed in Chapter 3 This chapter only covers the functions and screens that are unique to gateway mode All the screens that are common to both the AP and Gate way modes are covered in Chapter 3
44. Filtering Port Filtering e add Tab 7 Web Search A Search Results i LU Bookmarks l Pop ups BEY FS y E Photos wr Ves yt 2 ey a A lo Witealeee ADAL Er Pa wireless Artpriage Lena A e ae ue e ANYS as ps Operation Mode GatewawBridge Mode admin Role Crypto Officer Wireless Bridge gt MAC Address Filtering Enable Disable Filter Type Deny All Except Those Listed Below al Allow All Except Those Listed Below Deny All Except Those Listed Below Add MAC Address Note L MAC Address Note Add Username Host llame default 192 168 202 211 MAC Address List Access from these clients is allowed all others are denied Delete MAC Address g Done A Internet The following sections describe the setup for three types of bridging configuration point to point point to multipoint or lastly repeater 29000171 002 A 79 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Setting Up Bridging Type Point to Point Bridge Configuration A point to point link is a direct connection between two and only two locations or nodes Because the bridge function uses a separate WLAN card for bridging you can also set up WLANSs on the separate AP WLAN card 802 11b 802 11b ara A Bridge 1 l 802 11a Bridge 2 l ee E ITED ITED For the two brid
45. It is intended that the user not open the unit Any maintenance re quired is limited to the external enclosure surface cable connections and to the management software as described in chapter three through five only A failed unit should be returned to the manufacturer for mainte nance 14 29000171 002 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installation Minimum System and Component Requirements The WAB 3000 is designed to be attached to the wall at appropriate locations To complete the configuration you should have at least the fol lowing components e PCs with one of the following operating systems installed Win dows NT 4 0 Windows 2000 or Windows XP e A Wi Fi compatible 802 11a b g device for each computer that you wish to wirelessly connect to your wireless network e Access to at least one laptop or PC with an Ethernet card and cable that can be used to complete the initial configuration of the unit e A Web browser program such as Microsoft Internet Explorer 5 5 or later or Netscape 6 2 or later installed on the PC or laptop you will be using to configure the Access Point e TCP IP Protocol usually comes installed on any Windows PC Cabling The following illustration shows the external cable connectors on the WAB 3000 LAN Port Bridge Antenna WAN Port Local Dirt Uplink 29000171 002 A 15 WAB 3000 Wireless Access Point Chapter 2 Hardware Installation 16 The WAN connecto
46. Local Area Connection and select the Properties button In the Properties window highlight the TCP IP protocol and click properties Make sure that the radio button for Obtain an IP address automatically is checked Once the DHCP server has recognized your laptop and has assigned a dynamic IP address you will need to find that IP address Again the pro cedure is similar for Windows 95 98 Me machines and slightly different for Windows 2000 XP machines In Windows 98 Me click Start then Run and type winipcfg in the run instruction box Then click OK You will see the IP address of your laptop in the resulting window along with the default gate way IP address Verify that the IP address shown is 192 168 15 x In Windows 2000 XP click Start then Run and type cmd in the run instruction box Then click OK This will bring up a window In this window type ipconfig all more This will list information as signed to your laptop including the IP address assigned Verify that the IP address shown is 192 168 15 x 29000171 002 A Chapter 3 Access Point Configuration WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration On your computer pull up a browser window and put the de fault URL for the WAB 3000 Local LAN in the address line https 192 168 15 1 E 10 x File Edt View Favorites Tools Help You will be asked for your User Name and Password The default is crypto with the password officer
47. Point Configuration Admin User Management List All Users The Admin User Management List All Users screen lists the Crypto Officer and administrator accounts configured for the unit You can edit or delete users from this screen 3 Level One Microsoft Internet Explorer Ja File Edit View Favorites Tools Help Q Back P ax a g jJ Search 2 Favorites E de S E lus Mj 3 Address https 192 168 202 211 cgi bin sgateway PG 51 Es Google Y IG Search oO E 30 blocked ti Check q Aura gml gt Y 2 _ Level One e Viewnolnt one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering zc Done Search Web 2 FA e 0 EP Welcome Tour g Choose Buttons ob add Tab o Bite Web Search Search Results Search Results LU Bookmarks LU Bookmarks Pop us A Photos at rel 4 je PP Leo Bie fis r Mode Balewasithitige Mode Username admin Host llame default 192 168 202 211 Role Crypto Officer User Management gt List All Users UserID Role Note Status Reason admin Crypto Officer Default Crypto Officer Active Normal ws Delete A Internet If you click on Edit the Admin User Management Edit User screen appears On this screen you can edit the user ID password role and note fields Level One Microsoft Internet Explorer Seles File Edit View Fav
48. Radio Wirelss Mode 802 11la 802 11la Tx Rate AUTO AUTO Channel No Same as Bridge 2 n Same as Bridge 1 Tx Power Mode Auto Auto Propagation Distance lt 5 Miles lt 5 Miles RTS Threshold 2346 2346 Wireless Bridge Encryption Bridging encryption options Select appropriate key type length and value Must be same as Bridge 2 n Wireless Bridge MAC Address Filtering Select appropriate key type length and value Must be same as Bridge 1 Filtering Enable Disable Enable Disable Filter Type Deny All Allow All Deny All Allow All MAC Address Add MAC address of bridges Add MAC address of bridges 86 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration The above recommended setup requires only Bridge 1 to be set in point to multipoint mode It is possible to set all bridges in point to multipoint mode in which case each bridge would have to contain the BSSID for each of the other bridges and Spanning Tree Protocol must be Enabled Complete any other setup screens following general instructions in Chapter 3 Repeater Bridge Configuration A repeater setup can be used to extend the wireless signal from one bridge connected to an Ethernet LAN wirelessly so that another bridge can control a wireless LAN at a distance o N gt 802 11b y 802 11 802 11b gt ZN N Bridge 3 y AAC top 802 11a 02 11a
49. S IP address SSID an ID number letter string that you want to use in the con figuration process to identify all members of the wireless LAN e The MAC addresses of all the wireless cards that will be used to access the WAB 3000 network of access points if MAC address filtering is to be enabled e The appropriate encryption key for wireless communication 29000171 002 A 23 WAB 3000 Wireless Access Point 24 Initial Setup using the LAN Port Plug one end of an RJ 45 Ethernet cable to the LAN port of the WAB 3000 see page 15 and the other end to an Ethernet port on your laptop This LAN port in the WAB 3000 connects you to the device s internal DHCP server which will dynamically assign an IP address to your laptop so you can access the device for configuration In order to connect prop erly to the WAB 3000 on the LAN port the TCP IP parameters on your laptop must be set to obtain IP address automatically If you are unfa miliar with this procedure use the following instructions for determining or changing your TCP IP settings In Windows 98 Me click Start gt Settings gt Control Panel Find and double click the Network icon In the Network window highlight the TCP IP protocol for your LAN and click the Proper ties button Make sure that the radio button for Obtain an IP address automatically is checked In Windows 2000 XP follow the path Start gt Settings gt Net work and Dialup Connections gt
50. Search A Search Results LE Bookmarks gt Pop ups O ies MA Photos EE aa a tls rr A na Ea Caaan w Operation Mode GatewayBridge Mode Username admin Crypto Officer Host Name default 192 168 202 211 Role Monitoring Reports gt Bridging Site Map Update Legend Wired Link intefacej Wirless Link signal strength BRG 00 07 D5 01 00 1 IP 192 168 16 11 Radio 00 08 68 31 3A A5 Desc default location BRG 00 07 D5 01 00 69 IP 192 168 16 1 90 ChB0 Radio 00 08 68 35 FF ED Desc default location Last Update Mon Aug 14 15 11 57 2006 Current Time Mon Aug 14 15 12 00 2006 2 possible nodes in the network missing nodes are shown in red Duplicate IP nodes are shown in red To retrieve the missing nodes information Please click Retrieve button Retrieve Missing nodes information may be cached here Cached Nodes Info Done A internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Wireless Clients The Monitoring Report Wireless Clients screen displays the MAC Address of all wireless clients and their signal strength and transmit rate Level One Microsoft Internet Explorer File Edit View Favorites Tools Help E x 5 y gt j rs SS Y 5 ajl 4s Q Back A x E A 7 Search 5 Favorites Es y Ne ls Mj 3 Address 421 https 192 168 202 21 1 cai bin sqateway PG 61 Eao iins gt
51. add Tab Wi ES di Operation Mode GatewayBridge Mode admin Crypto Officer Username Role Aug 14 09 37 02 User Aug 14 09 38 50 User Aug 14 09 39 17 User Aug 14 09 39 17 User Aug 14 09 42 36 User Aug 14 09 43 44 User Aug 14 09 43 44 User Aug 14 11 23 33 User Aug 14 12 12 59 User Aug 14 13 45 20 User Aug 14 13 48 49 User Monitoring Reports gt Web Access Log A Date Time System Facility Message Search Web 2 B7 Gr D GP welcome Tour Choose Buttons Web Search Search Results i LU Bookmarks Pop ups AS lr MER Photos Wireless AP Bridge o Sless rrorage gt D o m 4 Host lame default 192 168 202 211 Export admin Operation System mode changed old AP mode new Gateway mode admin Operation Wan IP changed old 192 168 254 254 new 192 168 254 253 admin Operation Auto Bridge SSID changed old default new super admin Operation Bridging mode changed old Manual new Auto Admin Operation System Upload admin Operation Bridge Radio freq mode changed old 8 new 1 admin Operation Bridge Radio channel changed old 11 new 60 Admin Operation System Upload Admin Operation System Upload admin Operation Wan address type changed old Static new DHCP admin Operation Firewall WAN management changed old Denied new Allowed AA B 0 internet 51 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration System Administ
52. addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address Many ISPs use dynamic IP addressing for dial up users NMS Network Management Station Includes such management software as HP Openview and IBM Netview PC Card A computer device packaged in a small card about the size of a credit card and con forming to the PCMCIA standard PDA Personal Digital Assistant A handheld device SNMP Simple Network Management Protocol SSID 29000171 002 A G a WAB 3000 Wireless Access Point Glossary A Network ID unique to a network Only clients and access points that share the same SSID are able to communicate with each other This string is case sensitive Wireless LANs offer several security options but increasing the security also means increasing the time spent managing the system Encryption is the key The biggest threat is from intruders coming into the LAN You set a seven digit alphanumeric security code called an SSID in each wireless device and they thereafter operate as a group TKIP Temporal Key Integrity Protocol TKIP is a protocol used in WPA It scrambles the keys using a hashing algorithm and by adding an integrity checking feature ensures that the keys haven t been tampered with VPN Virtual Private Ne
53. ady access to two useful utilities Ping and Traceroute Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button as appropriate Level One Microsoft Internet Explorer Ja File Edit wiew Favorites Tools Help a Q Back x E A J Search 7 Favorites Es E y E E lu Mj 3 address https 192 168 202 21 1 cgi bin sgateway PG 76 a E co inks Google Gi Search 0 Eizoblocked check 2001 al S a E YF 2 Search Web 2 dr Gr P welcome Tour choose Buttons gt _ Level One add Tab E i Viewnoint z Web Search Ral Search Results Il LU Bookmarks gt Pop ups iS jr Lu Photos a Wireless AP Bridge ee NA l Operation Mode GatewawBridge Mode Username admin Host Name default 192 168 202 211 Role Crypto Officer gt gt one s System Administration Utilities System Configuration General gt Ez Operating Mode IP address or hostname Ping WAN ESN IP address or hostname traceroute Wireless Access Point General Security Done l 8 internet 58 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration Chapter 4 Gateway Configuration Introduction Chapter 3 covered the default configuration of the WAB 3000 Wire less Access Point as an access point for use as part of a host wired net work This chapter covers configur
54. and holding the reset button located on the front of the unit for 10 seconds Input is acknowledged by the WLANNSS LED turning on and then turn ing off after 10 seconds 56 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Remote Logging The System Administration Remote Logging screen allows you to forward the syslog data from each machine to a central remote logging server In the WAB 3000 this function uses the syslogd daemon If you enable Remote Logging input a System Log Server IP Address and Sys tem Log Server Port Click Apply to accept these values 3 Level One Microsoft Internet Explorer Jal v File Edit View Favorites Tools Help ack El x E Y j Search 7 Favorites E gt E E lud Mj 3 Address https 192 168 202 211 cgi binfsgateway PG 72 zd GO Google _ m G search gO Sraoblocked S check s eo eral g y ge Search Web 2 Hr Er D FP welcome Tour 4 Choose Buttons gt gt p _ Level One Add Tab E Links Vrewnoint Gateway Bridge Mode admin Host lame default 192 168 202 211 Crypto Officer a n E Pesar A E e Stic Corea ween System Administration Remote Logging General Operating Mode pear System Log Server Hostname Wireless Access Point System Log Server Port 514 default portis 514 General er S Security MAC Address Filtering Rogue AP Detection Apply Advanced El Done a o Int
55. ards compatible with 802 11b it is a popular component in LAN construction 802 11g broadens 802 11b s data rates to 54 Mbps within the 2 4 GHz band using OFDM orthogonal frequency division multiplexing technology 802 11a The IEEE 802 11a standard is an extension to 802 11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band 802 11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS 802 11b g Mixed 802 11b g combines 802 11b and 802 11g data rates to offer a broader range 29000171 001 A 3 WAB 3000 Wireless Access Point Chapter 1 Introduction 802 11g Super and 802 11a Turbo 802 11g Super and 802 11a Turbo technologies provide speed and throughput of more than double standard wireless LAN technologies in networking products such as PCs access points routers and PC cards It is very helpful to users who require additional bandwidth over stan dard WLAN technologies that results in higher throughput necessary for a variety of functions such as streaming media video DVD MPEG VoIP etc or for providing multiple users on a single WLAN with optimal speeds despite network demand 108 Mbps is the maximum link speed available and the typical MAXI MUM end user throughput ranges from approximately 40 Mbps to 60 Mbps depending on application demand and network environment NOTE Super G s channel bonding feature can significantly degrade the performance of
56. as in miles 29000171 002 A 17 WAB 3000 Wireless Access Point Chapter 2 Hardware Installation 18 Outdoor Protection Kit Installation If any portion of this system WAB 3000 enclosure antennas cables etc is mounted outdoors it is strongly recommended that the Outdoor Protection Kit OPK 3 for this product be used This kit contains light ning arrestors and ground cables designed for this product If the system is mounted outdoors where CE Mark certification is required use of the Outdoor Protection Kit or equivalent is MANDATORY Failure to install this protection will void the warranty The Outdoor Protection Kit OPK 3 contains the following items e 10 inch LOAWG wire with 8 ring terminal on one end and a 10 ring terminal on the other end e 12 inch 10 AWG wire with 8 ring terminal on one end and a 10 ring terminal on the other end e 18 inch 10 AWG wire with 8 ring terminal on one end and a 10 ring terminal on the other end e Three lightning arrestors Reverse N Polarity NOTE You the user are required to ensure that the connection to a proper earth ground is made by properly certified and authorized person nel and must conform to all applicable codes and regulations The materi als required to connect to a proper ground are defined by local conditions and must be procured locally to ensure the correct safety environment is achieved The cable used to connect to a proper ground must be AWG 10 or heavi
57. at encrypts data three times 802 11 802 11 refers to a family of specifications developed by the IEEE for wireless LAN technol ogy 802 11 specifies an over the air interface between a wireless client and a base station or between two wireless clients The IEEE accepted the specification in 1997 802 11b also referred to as 802 11 High Rate or WiFi 802 11b is an extension to 802 11 that applies to wireless LANs and provides 11 Mbps transmission with a fallback to 5 5 2 and 1 Mbps in the 2 4 GHz band 802 11b uses only DSSS 802 11b was a 1999 ratification to the original 802 11 standard allowing wireless functionality comparable to Ethernet Access Point An access point is a gateway set up to allow a group of LAN users access to another group or a main group The access point doesn t use the DHCP server function and therefore ac cepts IP address assignment from the controlling network Bridge A device that connects two local area networks LANs or two segments of the same LAN that use the same protocol such as Ethernet or Token Ring DHCP Short for Dynamic Host Configuration Protocol DHCP is a protocol for assigning dy namic IP addresses to devices on a network With dynamic addressing a device can have a different IP address every time it connects to the network In some systems the device s IP address can even change while it is still connected DHCP also supports a mix of static and dynamic IP addresses Dynamic
58. at user will be associated with that user binding the credentials from the user account to all subsequent user pro cesses This ensures that all processes and network traffic are authorized User accounts are defined with three basic attributes username role and authentication credentials i e password A user account can be defined as a normal user or as an administrator Administrative users can access the TOE management interface in addition to being able to use the wireless network while normal users can only access the wireless net work The TOE authentication sequence includes a counter for unsuccessful attempts When a user or administrator fails to enter the correct creden tials after a specified number of attempts the default is 3 the account will be locked The account must then be unlocked by a Crypto Officer in the case of an administrator locking their account This is active for ac cess to the management website 29000171 001 A WAB 3000 Wireless Access Point Chapter 1 Introduction Access to the management screens for the WAB 3000 requires knowl edge of the assigned operator ID and Password The Factory defaults are e ID crypto e Password officer The Crypto Officer initially installs and configures the WAB 3000 after which the password should be changed from the default password The ID and Password are case sensitive Management After initial setup maintenance of the system and programming of secur
59. ation as a gateway If additional security for the wireless network is desired differenti ating it from the wired network to which it is connected set it up in gateway mode Gateway mode takes advantage of some built in router functions such as the gateway s ability to do Network Address Transla tion NAT providing private IP addresses for the wireless clients The illustration on the following page shows the difference between AP mode and Gateway mode Caution If you have previously set up your WLAN using the WAB 3000 devices as access points and you decide to change the configuration to gateway mode you will need to convert the MAC addresses on each wireless device that has been set up so they can be seen by the reconfigured system This is accom plished by the following procedure done on each device that was configured to use the WAB 3000 when the system was set up as an access point system Pull up a System Prompt c prompt also called an MSDOS prompt on the wireless device s desktop type arp d and hit return This reconfigures the MAC address in the wireless device s PC card so that it is now visible to the gateway 29000171 002 A 59 WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration A comparison of gateway and access point setup for the WAB 3000 Gateway Mode y Access Point Mode Existing Network 200 200 10 6 DHCP server 200 200 10 5 DHCP server 200 200 10 5
60. ault Remote Logging Reboot Utilities E Done Operation Mode Wireless AP Bridge Mode Username admin Role Crypto Officer Wireless Access Point gt Security Host Hame default 192 168 202 211 Security Method EEE 802 11i and WPA Y O Pre Shared Key Passphrase minimurn 8 characters 802 1x Pairwise Key CJaes ccmp CITKIP Pre Shared Key Passphrase minimum 8 characters 802 1 C Pre Authentication Pairwise Key DJaes comp CITKIP Primary Radius Server Settings Radius Server IP Address Shared Secret minimurn 10 characters im Encryption Suite and Re keying Group Key Group Encryption Key Lifetime If you will be using MAC Address filtering navigate next to the MAC Address Filtering screen 36 29000171 002 A WAB 3000 Wireless Access Point Wireless VLAN Chapter 3 Access Point Configuration When VLAN is enabled all data coming out of the WAN port is VLAN tagged which means an external network unit such as a router switch or a VLAN enabled computer has to be used to terminate the VLAN traffic Data originating from or targeting to a wireless network cli ent is tagged with the VLAN ID corresponding to an SSID it is associated with Data generated by an Access Point itself is tagged with the manage ment VLAN ID To create anew VLAN enter a VLAN ID range from 1 to 4094 and an SSID Set the security to None Static WEP
61. can be tagged with a 12 character tag to keep track of the configuration file as it is transferred to other APs 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q sec EJ x E P F Search 7 Favorites Er e z gt w Mj 2 Address dE https 192 168 202 211 cgibin sgateway PG 703 Es Go Gougle ka G Search 0 30blocked F Check YF 2 A Search Web lt Sly B P welcome Tour G Choose Buttons E _ A gt lt lt lt LI Level One le Add Tab MD Viewnvint z Web Search l A Search Results Bookmarks e A Pop ups TS S X u Photos Wireless AP Bridge ee Le E Operation Mode Gateway Bridge Mode Username admin Host llame default 192 168 202 211 Role Crypto Officer one 5 E me didi E gt a System Administration gt System Upgrade System Configuration General Firmware Upgrade Local Configuration Upgrade Remote Configuration Upgrade Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Passphrase Rogue AP Detection sao Advanced rOWSE Wireless Bridge Coni Upload Configuration Radio Encryption MAC Address Filtering Option 2 Specify a passphrase minimum 10 characters to protect the configuration file Services Settings DHCP Server SNMP Agent Firewall Download Configuration Content Filtering IP Filtering Port Filtering DMZ Advanced
62. ction Advanced Wireless Bridge General Radio Encryption Services Settings SNMP Agent Web Search A Search Results LE Bookmarks el pop ups BE Lie ER Photos Wireless AP Bridge i Operation Mode Wireless AP Bridge Mode Username CryptoOfficer Crypto Officer Wireless Access Point gt VLAN aS Le rE Ta Host Hame default 192 168 254 254 Role Enable Disable VLAN ID 1 Apply Existing YLANs Delete Edit Security Policy Static WEP Admin User Management List All Users Add New User Monitoring Reports Done 29000171 002 A A Internet 37 WAB 3000 Wireless Access Point 38 Chapter 3 Access Point Configuration MAC Address Filtering The Wireless Access Point MAC Address Filtering screen is used to set up MAC address filtering for the WAB 3000 device The factory de fault for MAC Address filtering is Disabled If you enable MAC Address filtering you should also set the toggle for Filter Type File Edit Q Back View Favorites x a Y F Search SF Favorites fe 3 Level One Microsoft Internet Explorer Tools Help bar gt al M 3 Address 4 https 192 168 202 211 cgi bin sgateway PG 12 Eao gt Google Yr _ Level One Li Viewnoint T one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless
63. d return the unit to the manufacturer and replace it with a functioning unit Radio Frequency Interference Requirements This device has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the Federal Communications Commission s Rules and Regulations These limits are designed to pro vide reasonable protection against harmful interference when the equip ment is operated in a commercial environment This equipment gener ates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Installation should be accomplished using the authorized cables and or connectors provided with the device or available from the manufacturer distributor for use with this device Changes or modifica tions not expressly approved by the manufacturer or party responsible for this FCC compliance could void the user s authority to operate the equip ment 29000171 002 A 89 WAB 3000 Wireless Access Point Chapter 6 Technical Support This page intentionally left blank 90 29000171 002 A WAB 3000 Wireless Access Point Glossary Glossary 3DES Also referred to as Triple DES a mode of the DES encryption algorithm th
64. ddress General Security l IPy4 Address 192 168 15 1 o Mireless VLAN 11 1 MAC Address Filtering Subnet Mask 255 255 255 0 Rogue AP Detection Advanced Wireless Bridge Apply General Done 8 0 Internet a E Vos ETA Tn E nC Ears Viewpoint Y WebSearch SearchResults Bookmarks Pop ups Qa Photos 29000171 002 A 29 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Wireless Access Point Configuration General Wireless Setup allows your computer s PC Card to communicate with the access point Once you have completed wireless access point configu ration you can complete the rest of the configuration wirelessly assum ing that you have installed and configured a wireless PC card on your computer If you have not done so you will have to do that to establish communications Follow the manufacturer s instructions to set up the PC Card on each wireless device that will be part of the WLAN The Wireless Access Point General screen lists the MAC Address of the AP card This is not the MAC Address that will be used for the BS SID for bridging setup however That is found on the Wireless Bridge General screen If you will be using an SSID for a wireless LAN enter it here and in the setup of each wireless client This nomenclature has to be set on the access point and each wireless device in order for them to communicate
65. dress l Done 29000171 002 A B 0 Internet 39 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Advanced The Wireless Access Point Advanced screen allows you to enable or disable load balancing and to control layer 2 isolation Load balancing is enabled by default The load balancing feature bal ances the wireless clients between APs If two APs with similar settings are in a conference room depending on the location of the APs all wire less clients could potentially associate with the same AP leaving the other AP unused Load balancing attempts to evenly distribute the wireless clients on both APs Layer 2 isolation prevents wireless clients that associate with the same AP from communicating with each other 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back x 2 A J Search Hz Favorites ES Address El https 11192 168 202 211 icgi binfsgateway PG 16 Google Yr 2 UTA _ Level One ejes v a Se gt Jf l A GO unke C Seach W E 30 blocked E Check q zom 2 Search Web 2 dr Gr GP welcome Tour 4 Choose Buttons gt le Add Tab Le Viewnoint v 7 z Web Search 4 Search Results 1 Bookmarks gt Pop ups ES M Photos _ o H Wireless AP Bridge tom Operation Mode GatewawBridge Mode Username admin one Role an Crypto Officer La TE Wireless Access Point
66. dress adio r 7 Energin MAC Address Signal Strength Radio Note MAC Address Filtering Services Settings DHCP Server SNMP Agent Spanning Tree Protocol STP 802 1d Enable Disable E Done A Internet MANUAL BRIDGING GENERAL SETTINGS OPTIONS Bridging Manual Bridging manual bridging selected Mode Signal Not Assigned Allows you to set the number of one of Strength LED the Remote APs which will be listed at MAC the bottom of the screen once the system is operational This wireless bridge be comes the guiding port that is displayed in the WLANNSS LED on the front of the WAB 3000 as a signal Spanning Tree Enable Disable Protocol STP Enable STP is there is any possiblity that a bridging loop could occur If you are certain that there is no possibility that a bridging loop will occur then disalbe STP The bridge will be more efficient faster without it If you are not sure the safest solution is to enable STP 74 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Monitoring In the upper right hand corner of the Wireless Bridge General screen there is a button called Monitoring If you click on this button a pop up window will appear Wirelss Bridge Information If you select Enable refesh you can set the bridge refresh interval from 5 seconds to 30 minutes Refreshing the screen allows you to see the effect of aiming the antenna to improve signal strength
67. drop down list Spanning Tree Protocol STP Enable or Disable if no bridg Enable or Disable if no bridging ing loop possible loop possible Wireless Bridge Radio Wirelss Mode 802 1la 802 11la Tx Rate AUTO AUTO Channel No Must be the same as Bridge 2 Must be the same as Bridge 1 Tx Power Mode Auto Auto Propagation Distance lt 5 Miles lt 5 Miles RTS Threshold 2346 2346 BSSID Add Bridge 2 MAC Add Bridge 1 MAC Wireless Bridge Encryption Bridging encryption options Select appropriate key type length and value Must be the same key as Bridge 2 Select appropriate key type length and value Must be the same key as Bridge 1 Point to Point Bridging Setup Guide Auto Mode Direction Bridge 1 Bridge 2 Wireless Bridge Genral Auto Bridging Mode Bridging Mode Auto bridging selected Auto bridging selected of the screen SSID Must be the same as Bridge 2 Must be the same as Bridge 1 Max Auto Bridges 40 range 1 40 40 range 1 40 Bridge Priority 40 range 1 40 40 range 1 40 Signal Strength Threshold 9 9 BroadcastSSID Disable Disable Signal Strength MAC Enter from list at the bottom Enter from list at the bottom of the screen Wireless Bridge Radio Wirelss Mode 802 1la 802 11a Tx Rate AUTO AUTO Channel No Must be the same as Bridge 2 Must be the same as Bridge
68. eb Search A Search Results 1 Bookmarks A Pop ups H Photos Wireless AP Bridge an Hana Operation Mode GatewawBridge Mode Username admin Role Crypto Officer e 2S S _ Ss SSS Firewall gt Content Filtering Host Name default 192 168 202 211 Filter Type Deny Entries Listed Below 4 Apply IP Address Add IP address or hostname list Delete El Done 29000171 002 A A Internet 65 WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration IP Filtering Click the entry on the left hand navigation panel for Firewall IP Filtering The IP Filtering screen blocks certain IPs on the Private LAN from ac cessing your Internet connection It restricts clients to those with a specific IP Address A Level One Microsoft Internet Explorer Jal File Edit View Favorites Tools Help Q ak UY x a A j Search 7 Favorites E 3 a E lud M 3 Address E https 192 168 202 211 cgi bin sgateway PG 41 Go Google G Search O Ssablocked Check suwu foill 2 YF 2 gt ll Search Web gt 2 B Gr P welcome tour GP Choose Buttons _ Level One s Add Tab A Viewnoint g Web Search 41 Search Results i LU Bookmarks gt Pop ups l SIS H Photos R Witeeleee ADA ria Wireless AP Bridge Haga Operation Mod Username admin Host Hame default 192 168 202 211 Role Crypto Officer one Firewall gt IP Filtering Sy
69. ed Table of Contents Chapter 1 Introduccion e E a a e aa eo Ena 1 Pasi FeaT S aa on E E td 2 WIneless Dasi Geyin a a E tae nan aera Teena 2 OO Diea E T ee E pas 3 TO TO n A N A aes hohe aseanateadoeonte tone 3 OU A Es A E Om E E R E E 3 802 WH ay E MEd O E A a 3 502 Lhe S per and 02 Tla TUDO EE 4 Network Conte Uri 4 Access POMEL CONSUMO da 4 Possible Al Topologies nas 5 DA res 6 Detar Comm cura Oi 6 Data Encrypuon ana SCCULILY s rapid apt 6 A tara hala ccc E ae meee eee ee 6 A ese tater oe ot ata ET A E EA tera ae eas terete 6 WPA WPAZ with TRIP AAES CEME iS 7 A O T E E E T E Y 7 WITE ESE VEAN eos 8 MAC Address Pleno sise puascesarereaiiup tot E eetciana tienen aaa 10 DHCP Severo 10 Operator Authentication and Management coconcnccncnnnnnnnnnnnnnonnnnnonnnanonnnannncnarnnos 10 Manag cemento 11 WAB 3000 Navigation O Pros r E 12 Chapter 2 Hardware instal lati onic sicscsctssiccasctstarssesscnassanddhouieossdsouseaesansessannensdssenddesescane 13 Prepara Onor Usario E E E 13 Installation Tis tech onsen E A 14 Minimum System and Component Requirements ecoccnccnicnncnnnnnnonnnnnanccinnnanonos 15 CAO MING seas E AS 15 Bride Transtut WiStan cess AE O ti ke 16 Bridce Antenna Loca toni 17 Outdoor Protection Kit InstallatiON o oonnncinconicaninnncnnonanicnonanncnonanacnanonccrinannass 18 Earth Ground Connect E r ES 18 Liehatne Arrestor Instala ON astra di 19 Antenna asta lao pee 20 Sealing Antenna Conte chos ias 20 Mou
70. emote Logging Reboot Utilities Wireless AP Bridge Low dim Operation Mode Wireless AP Bridge Mode admin Crypto Officer Username Host Hame default 192 168 202 211 Role System Configuration gt General Version WAB 3000 Version 4 1 Build 2 17 Description default location Host Name default Domain Name default System Time Date 08 14 2006 Time 16 20 Manual New Date i Month Day Year New Time Hour Minute From NTP Server Time Zone GMT 05 00 Eastern Time US amp Canada Time Server 1 Time Server 2 NIST servers time a nist gov time b nistgov time nist gov Login Banner Maximum 500 characters If shorter than 5 characters the system default banner will be displayed Current number of characters A Internet Go next to the System Configuration Operating Mode page 26 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Operating Mode This screen allows you to set the operating mode to either Wireless Access Point Bridge or Gateway Bridge mode You only need to visit this page if you will be changing from Access Point to Gateway or if you want to change your submode Note that if you change modes from AP to Gateway your configura tion is not lost Level One Microsoft Internet Explorer File Edit Yiew Favorites Tools Help pack T a x a EA Search 7 Favorites E ga e hs M 4 Address El https 192
71. en and set the Tx Pwr Mode to Off see Chapter 3 Sealing Antenna Connections Once all antennas have been installed the connections should be sealed to protect them from the exterior harsh environment Use a self amalgamating polyisobutylene tape which over a period of hours ad heres to itself and forms a single amalgamated rubber molding conform ing to the shape of the item it is covering Once the tape is in place for several hours it forms a shaped rubber molding that is resistant to water and most solvents It remains stable over a wide temperature range and degrades very slowly in sunlight If you need to remove the tape after it has sealed for 30 minutes or more cut it away with a sharp knife 29000171 002 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installation The bridge antenna port is located on the front of the WAB 3000 To obtain the best performance the bridge antenna should be placed away from the AP antennas Use a 1 5 meter low loss antenna cable to connect a directional antenna to the WAB 3000 The maximum gain for the direc tional antenna should be 14 dBi Mounting Kit Setup To mount the WAB 3000 outdoors you should choose a suitable post to mount the unit high in the air Use the U ring screws and nuts to attach the mounting plate to the post Next attach the WAB 3000 to the mounting plate with screws The Indicator Lights The top panel of the WAB 3000 contains a set of indicator lights Lig
72. er This cable should be kept as short as possible WARNING Do not attempt to install any outdoor equipment dur ing hazardous conditions such as a thunderstorm where lightning could strike the equipment or installer Failure to follow this warning could result in injury or death Earth Ground Connection Attach the earth ground cable to the ring terminal attached to the WAB 3000 s grounding stud Make sure the ring terminal is against the unit s metal case The earth ground ring terminal should be the first con nection on the unit s grounding stud NOTE The cable used to connect to a proper earth ground must be AWG 10 or heavier This cable should be kept as short as possible 29000171 002 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installation Lighnting Arrestor Installation Examine the lightning arrestors and remove and discard the following items if necessary See figure below e Securing Nut e Washer e Ring Terminal but retain the screw ea Securing Nut Washer Ring SS E HP Attach the 10 12 and 18 inch wires to the lightning arrestors ensur ing that the smaller ring terminals and with identifying labels are used Tighten the ring terminal securely using a screwdriver To install the lightning arrestors to the WAB 3000 attach one end of the lightning arrestor to the WAB 3000 s N connector Make sure that the lightning arrestor with the 12 inch wire is mounted closer to the gro
73. er S YF 2 Search Web 2 Sy Gr P wecomeTour g Choose Buttons f al Level One Add Tab _ _ E wel i E ed oe o Vewnoint J Web Search Search Results LE Bookmarks 7 Pop ups l E jE LU Photos h Wireless AP Bridge E Operation Mode Gateway Bridge Mode Address E https 1192 168 202 211 cgi binfsgateway PG 62 EJ Username admin Host Name default 192 168 202 211 one pert Crypto Officer Monitoring Reports gt System Status System Configuration General im Device Status Rane Mode Current Encryption Mode BYPASS MODE LAN Bridging Encryption Mode BYPASS MODE Wireless Access Polit System Uptime 2 57 50 Gates Total Usable Memory Size 64151552 bytes Security Free Memory 30601216 bytes MAC Address Filtering Current Processes 27 Rogue AP Detection Country Code 840 Advanced i iter Bridge Other Information CPU PCI Interrupts Processes Interfaces enera Radio Encryption g Network Interface Status MAC Address Filtering UWAN Ethernet MAC address 00 07 D5 01 00 64 Services Settings LAN Ethernet MAC address 00 07 D5 01 00 69 DHCP Server Primary WLAN MAC address 00 08 68 35 FD 16 SNMP Agent Secondary WLAN MAC address 00 08 68 35 FF ED Firewall Content Filtering s IP Filtering Routing Table Port Filtering Dest LAN IP Subnet Mask Default Gateway e Count 0 0 Interface brg0 eth eth Virtual Server 1
74. ernet Remote Logging O Enable Disable Reboot The System Administration Reboot screen allows you to reboot the WAB 3000 without changing any preset functionality Both Crypto Officer and Administrator functions have access to this function 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help aa j Py f gt Y 7 de Back gt x a Y j Search 5 Favorites Ss l M A Address 41 https 192 168 202 211 cgi bin sgateway PG 74 o G Seach g Ei3oblocked E Check q toll gt E I Search Web 2 B Er P wekcomeTour g Choose Buttons gt LI Level One s Add Tab gt Viewnaint i Z Web Search i Search Results 1 Bookmarks Pop ups 8 Photos Wireless AP Bridge an Operation Mode GatewayBridge Mode Username admin Host Name default 192 168 202 211 one eee A Crypto Oficer at E E _ m lt System Administration gt Reboot System Configuration General Click Reboot button to reboot Gateway device Operating Mode Reboot Wireless Access Point Done A 0 Internet You can also reboot the WAB 3000 by pressing and holding the reset button on the front of the unit for five seconds Input is acknowledged by the LWLANSS LED turning on 29000171 002 A 57 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Utilities The System Administration Utilities screen gives you re
75. ets the channel frequency for the wireless bridge 64 5 32 GHz 149 5 745 GHz 153 5 765 GHz 5 785 GHz 5 805 GHz 165 5 825 GHz 802 11a Turbo 50 5 25 GHz Turbo Mode Sets the channel frequency for the 58 5 29 GHz Turbo Mode wireless bridge 152 5 76 GHz Turbo Mode 160 5 80 GHz Turbo Mode 76 29000171 002 A WAB 3000 Wireless Access Point Tx Pwr Mode Fixed Pwr Level 1 2 3 4 5 Propagation lt 5 Miles Distance 5 10 Miles 11 15 Miles 16 20 Miles 21 25 Miles 26 30 Miles gt 30 Miles RTS Threshold Range 1 2346 BSSID Enter hexadecimal num bers nn 29000171 002 A Chapter 5 Wireless Bridge Configuration The Tx Pwr Mode defaults to AUTO giving the largest range of radio transmission available under ambient conditions The wireless bridge s broadcast range can be limited by setting the Tx Pwr Mode to Fixed and choosing from 1 5 for Fixed Pwr Level If you want to prevent any radio frequency transmission from the wireless bridge set the Tx Pwr Mode to OFF This will not turn off RF trans missions from any associated wireless devices but they will not be able to communicate with the wireless bridge when the Tx Pwr Mode is off Select a range when Rx Pwr Mode is set to FIXED Level 1 is the shortest distance Level 1 7dBm and Level 5 is the longest Level 5 15dBm Set the distance based on the distance between this bridge and furthest bridge that is connected to it The
76. f STP node The lowest bridge priority in the network will become the STP root Select the Signal Strength Threshold Either enable or disable the Broadcast SSID When disabled the bridge hides the SSID in outgoing beacon frames and stations cannot obtain the SSID through passive scanning Also when it is disabled the bridge doesn t send probe responses to probe requests with unspecified SSIDs 29000171 002 A 83 WAB 3000 Wireless Access Point Finally enter the Signal Strength MAC The signal strength of this wireless bridge will be indicated on the Signal Strength LED located on the front of the case 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back 1 ES E A gt Search Sy Favorites E E a A Mj EORI a 3 Address e https 192 168 202 21 1 cgi binfsgateway PG 13 ls gt e Go un Gougle E G Search 9 30 blocked Check Cy PMT e Level One va Add Tab a gt Viewnoint Wireless AP Bridge ss E Operation Mode Gateway Bridge Mode Username admin Crypto Officer id Host Name one Role System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radia Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Part Filtering Virt
77. fied by the server IP 192 168 15 33 192 168 15 56 192 168 15 33 80 192 168 15 64 29000171 002 A 67 WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration It is recommend that IP addresses of virtual server computers hosted on the Private Network be manually statically assigned to coincide with a static server mapping to that specific IP address Virtual servers should not rely on the dynamic IP assignment of the DHCP server function which could create unmapped IP address assignments Protocol Selection of either UDP TCP or Both TCP and UDP al lows these specified network protocols to pass through during the TCP port communication with each virtual server IP address Demilitarized Zone DMZ Click the entry on the left hand navigation panel for Firewall DMZ The Demilitarized Zone DMZ host allows one computer on the Private Network to be totally exposed to the wired network or Internet for unrestricted two way communication This configuration is typically used when a computer is operating a proprietary client software or 2 way communication such as video teleconferencing where multiple TCP port assignments are required for communication To assign a PC the DMZ host status fill in the Private IP address which is identified as the exposed host and click the Apply button However any Internet user who knows the WAN IP address of the gateway can connect to the DMZ host since the firewall feature is disab
78. from capturing and altering or forging data packets In addition it can employ a form of AES called AES CCMP WPA is a subset of the 802 111 standard and is expected to maintain forward compatibility 802 111 Four major categories or primary functions of 802 111 are invoked These primary functions of 802 111 include e EAP TLS Extensible Authentication Protocol Transport Layer Security EAP TLS was compulsory for WPA2 Enter prise products certified prior to April 15 2005 for products certified after this date EAP TLS testing is compulsory if the product can support EAP TLS The only products that might not support EAP TLS are tightly integrated systems that do not support software upgrades by a third party such as some cell phones intended for e g the 3G market Non tightly integrated products like most laptop and PDU adapters still must support EAP TLS to receive WPA2 certi fication e EEE 802 1X also known as port based network access con trol 802 1X provides and authentication framework within 802 111 802 111 depends upon 802 1X to control the flow of MSDUSs between the DS and STAs by use of the IEEE 802 1X Controlled Uncontrolled Port model IEEE 802 1X authen tication frames are transmitted in 802 11 Data frames and passed via the EEE 802 1X Uncontrolled Port The 802 1X Controlled Port is blocked from passing general data traffic between two STAs until an 802 1X authentication procedure completes successfully over
79. g Services soar WA ASA A Wireless Bridge gt Encryption Encryption Type Static AES CCM 128 bit Encryption Enter 128 bit keys as 32 hexadecimal digits 0 9 aH OrA FY Key 499FDE52C21 ACBDABBCD5D14B76CB5EC Again 499FDE52C21AC8DAB5CD5D14B76CB5EC Click Key Generator button and encryption key will be generated automatically Apply 8 Internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Wireless Bridge MAC Address Filtering The Wireless Bridge MAC Address Filtering screen functions just like the AP MAC Address Filter see page 38 but it is only used in auto bridging mode and only controls access to the wireless bridge network 3 Level One Microsoft Internet Explorer File Edit View Favorites oR Tools Help Fid Q tex z E2 x a A J Search SF Favorites ES er EZ Lowes M Address E https 192 168 202 211 Icoi binfsgateway PG 19 Google CG Search 0 E 30blocked Check Wt aa Search Web 2 Fa E Pe welcome Tour 4 choose Buttons gt 13 Level One a Y La Viewpoint z one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP
80. g GQ GP Welcome Tour g Choose Buttons 7 Level One ef Add Tab 7 Web Search Search Results 1 Bookmarks Z Pop ups S Ei Photos Wireless AP Bridge Operation Mode GatewawBridge Mode Username admin Host Name default 192 168 202 211 one Role Crypto Officer 4 gt System Administration gt System Upgrade System Configuration General i Operating Mode PEE a ae WAN LAN Click Browse and selecta file Wireless Access Point i General Security MAC Address Filtering Upload Firmware Roque AP Detection Advanced E Done A 0 Internet 52 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Local Configuration Upgrade On the System Administration System Upgrade screen click on the Local Configuration Upgrade tab to upload and download configura tion files to access points connected to the network To upload a configuration file select the file using the browse but ton and enter the passphrase for that file The passphrase protects the file from unauthorized users It prevents unauthorized users from applying the system configuration file to an unauthorized AP to gain access to the network Before downloading the system configuration file to a local com puter the user must enter a passphrase to protect the file Before the sys tem configuration file can be uploaded onto another AP the passphrase must be entered on the remote AP The configuration file
81. ge Radio AN Wireless Mode Tx Rate Channel Tx Power Mode Propagation Dis lt 5 Miles lt 5 Miles lt 5 Miles tance RTS Threshold 2346 2346 2346 Wireless Bridge Encyption Wireless Configu Select appropriate Select appropriate Select appropriate ration Bridging key type length key type length key type length Encryption and enter key and enter key value and enter key value Must be the Must be the same as value Must be the same as that on the that on the other2 same as that on the other 2 Bridges Bridges other 2 Bridges Wireless Bridge MAC Address Filtering Filtering Enable Disable Enable Disable Enable Disable Filter Type Deny All Allow All Deny All Allow All Deny All Allow All MAC Address Add MAC address Add MAC address Add MAC address of bridges of bridges of bridges With this configuration each bridge can control a wireless LAN All wireless clients must have the same SSID as the bridges on the AP card channel All clients can roam between the three bridges All other setup screens should be completed following the guidelines in Chapter 3 88 29000171 002 A WAB 3000 Wireless Access Point Chapter 6 Technical Support Chapter 6 Technical Support Manufacturer s Statement The WAB 3000 is provided with warranty It is not desired or ex pected that the user open the device If malfunction is experienced and all external causes are eliminated the user shoul
82. ges that are to be linked to communicate properly they must be set up with compatible commands in the setup screens For instance the bridges must have the same channel number Be cause there is a separate WLAN card for bridging there can be a separate WLAN on the AP WLAN card with no loss efficiency as long as you set the channel numbers so there s no conflict or noise with the channel as signed to the bridge Spanning Tree Protocol may be set to Enable if there is any possibility of a bridging loop or to Disable which is more efficient if there s no possibility of a bridging loop Each bridge must contain the other s BSSID The BSSID of each is equivalent to the MAC address contained on the Wireless Bridge Radio setup page Enter only hexa decimal numbers no colons Data entry is not case sensitive Finally the wireless bridging encryption must be set to the appropriate type and key length and must be identical on each bridge The following charts show sample settings for manual bridging and auto bridging modes 80 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Point to Point Bridging Setup Guide Manual Mode Direction Bridge 1 Bridge 2 Bridging Mode Wireless Bridge General Manual Bridging Mode manual briding selected manual bridging selected Signal Strength LED MAC Not Assigned select from drop down list Not Assigned select from
83. he wireless network and the wireless VLAN happens inside the AP Each Wireless VLAN can set its own security level For example the VLAN for an enterprise 8 29000171 001 A WAB 3000 Wireless Access Point Chapter 1 Introduction network access may use 802 111 with EAP TLS authentication while the VLAN for guest internet access may simply use 802 111 with Pre Shared Key WAB 3000 supports up to 16 VLANs f Wireless VLANS a A SSID Engineering SSID Admin Enterprise RADIUS Server S5 1D Human Resources S5 10 Guest When VLAN is enabled all data coming out of the WAN port is VLAN tagged which means an external network unit such as a router switch ora VLAN enabled computer has to be used to terminate the VLAN traffic Data originating from or targeting to a wireless network client is tagged with the VLAN ID corresponding to the SSID to which it is associated Data generated by an Access Point itself is tagged with the management VLAN ID 29000171 001 A 9 WAB 3000 Wireless Access Point Chapter 1 Introduction 10 MAC Address Filtering The MAC address short for Media Access Control address is a hard ware address that uniquely identifies each node of a network In IEEE 802 networks the Data Link Control DLC layer of the OSI Reference Model is divided into two sub layers the Logical Link Control LLC layer and the Media Access Control MAC layer The MAC layer interfaces directly with the network
84. here can be multiple APs connected to an existing Ethernet network to bridge between the wired and wireless environments Each AP can operate independently of the other APs on the LAN Multiple APs can coexist as separate individual networks at the same site with a different network ID SSID Wired LAN 3 The last and most prevalent use is multiple APs connected to a wired network and operating off that network s DHCP server to provide a wider coverage area for wireless devices enabling the devices to roam freely about the entire site The APs have to use the same SSID This is the topology of choice today Wired LAN 29000171 001 A 5 WAB 3000 Wireless Access Point Chapter 1 Introduction Bridging The wireless bridging function in the WAB 3000 allows use as a bridge in a number of alternate configurations including the following popular configurations e Point to point bridging of 2 Ethernet Links e Point to multipoint bridging of several Ethernet links e Repeater mode wireless client to wireless bridge Default Configuration The WAB 3000 s default configuration is an Access Point Bridge Data Encryption and Security The WAB 3000 Wireless Access Point includes advanced wireless se curity features Over the AP band you have a choice of no security Static WEP WPA or AES CCMP depending on your mode of operation Some level of security is suggested Static WEP gives you a choice of 64 bit or 128 bit encr
85. ht Emitting Diodes or LEDs that help describe the state of various network ing and connection operations WLAN WLAN WLAN 1 2 SS Power WAN WLAN WLAN WLAN l 2 SS 29000171 002 A 21 WAB 3000 Wireless Access Point Chapter 2 Hardware Installation 22 Power The Power indicator LED informs you when the gateway is on or off If this light is on the gateway is on if it is not on the gateway is off WAN This light indicates the state of your connection to the organiza tion s Ethernet LAN network When on the WAN light indicates that the unit is connected to the network When the WAN light is off the gateway does not have an active connection to the net work WLAN Activity AP This light may be steady or blinking and indicates that infor mation is passing through the AP connection WLAN2 Activity This light may be steady or blinking and indicates that infor Bridge mation is passing through the Bridge connection WLAN Signal Strength The Strength LED indicator indicates the strength of the Bridge Bridge connection WLANZ2 LED Off means no connection on the bridge side or the signal is very weak LED blinks slowly every 1 second means there is a connec tion and the signal quality is poor LED blinks fast means there is a connection and the signal quality is good LED steady on means there is a connection and the signal quality is excellent Note When the WLAN1 and WLAN2 LEDs blin
86. icate TX Pwr Mode can be left on Auto unless the power needs to be regulated Select the Propagation Distance which is based on the distance be tween a bridge and the furthest bridge that is connected to it Set the RTS Threshold which is the number of bytes used for the RTS CTS handshake boundary When a packet size is greater than the RTS threshold the RTS CTS handshaking is performed Click Apply to accept your changes but stay on this screen Add the BSSID of the remote bridge The BSSID corresponds to that bridge s MAC address In entering the BSSID enter only hexadecimal numbers no colons Data entry is not case sensitive You may also enter a note that defines the location of the remote bridge Then click Add to accept The remote bridge s BSSID will now appear at the bottom of the Wireless Bridge General screen 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Q Back x 2 Y J Search Hi Favorites Le AE ao M 3 Address https 192 168 202 211 cgi bin sgateway PG 135 g Go Google G Seach 9 30blocked check 2 t 2 w searchWweb 2 B Gr GP welcome Tour g Choose Buttons Level One P Add Tab wink v gt Web Search Search Results LU Bookmarks 2 Pop ups Sl MF Photos evel Wireless AP Bridge Operation Mode GatewawBridge Mode Username admin Host Name default 192 168 202 211 one Role Crypto Officer Wireless Bridge gt Radio 1 Sys
87. inannnncnnnss 87 Repeater Bridging Setup Guide Auto MOde concniccnoninnnnonnnnanananiananinnaninonanss 88 Chapter 6 Technical Support aaa 89 Manufacturer s AE MENA A AA 89 Radio Frequency Interference Requirements erasini a 89 GOSS ATY ii AA AAA AA AS G a 29000171 002 A vi 29000171 002 A WAB 3000 Wireless Access Point Chapter 1 Introduction Chapter 1 Introduction This manual covers the installation and operation of the WAB 3000 Wireless Access Point The WAB 3000 is a ruggedized access point gateway bridge which is intended for use in industrial and external environments It accommodates 802 11a b g 802 11g Super and 802 11a Turbo WLAN access and uses Power over Ethernet PoE access to the Ethernet WAN to eliminate the need for internal access point power sup ply units AC DC converters and 110 220V cabling installations The wireless LANs can include mobile devices such as handheld Personal Data Assistants PDAs mobile web pads and wireless laptops If encryption is desired for the WLAN you can employ different encryption depending on the mode you are in You can select None Static WEP WPA or WPA2 WPA uses TKIP or AES CCMP so you can employ legacy client WEP cards and still secure the wireless band The WAB 3000 incorporates Power over Ethernet The PoE interface on the WAB 3000 is compatible with commercial vendor injected pow er hub units The WAB 3000 includes cryptographic modules for wireless encr
88. ion Where L free space path loss between antennas F frequency in GHz D path length in miles Bridge Antenna Location When as bridge device the WAB 3000 may need to be mounted out doors on a high place to achieve the best bridge result The Fresnel zone and Earth bulge dominate to decide how high that the unit s Antenna need be put The total antenna height equals the width of Fresnel zone plus the height of earth bulge A Fr i a Ees 3 a aa fi L i 7 f y a i h A as ES fee ly J W Firsl Fresnel Zone The Fresnel zone is the area around the visual line of sight that radio waves spread out into after they leave the antenna This area must be clear or else signal strength will weaken The rule of thumb is that 60 of the Fresnel zone must be clear of obstacles Typically 20 Fresnel Zone blockage introduces little signal loss to the link Beyond 40 blockage signal loss will become significant The equation of the width of Fresnel Zone is mv LD W 43 3x 4F Where W Width of the Fresnel Zone in feet D Distance between the antennas in miles F Frequency in GHz When the transmit distance of RF signal is longer than seven miles the curvature of the earth may be a factor and require the antenna put at higher location The additional antenna height can be calculated by below formula Baz 8 Where H Height of earth bulge in feet D Distance between antenn
89. ion of the physical location of the unit in the Description field This is useful when deploying units to remote Icoations To set the date and time you can do it manually or set it based on the NTP server Also you can modify the terms and conditions login banner on the login screen The default is This device is for authorized use only Any unauthorized use of this product is prohibited When you are satisfied with your changes click Apply 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help O Back E a r Search er Favorites te 7 Address E https 192 168 202 211 cg bin sgateway G Search g 30 blocked Check Ay 8 MP Welcome Tour g Choose Buttons Eso 3 gt Google Yr or _ Level One S Viewpoint Y Search Web lt s Add Tab WebSearch Search Results 8 Bookmarks Pop ups kS Sl E Photos level one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security Wireless YLAN MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption Services Settings DHCP Server SNMP Agent Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Bridging Site Map Wireless Clients Adjacent SP List DHCP Client List Lous System Log Web Access Log System Administration System Upgrade Factory Default R
90. ip f o 220 firman O 3 e 192 1 gt Gn gle G uh S gt 20 bloched gt hed gt e x yr Search Web Tr 0 D Piom 7 Ova anos o gt add tat WebSeach Search Pens Li Gookmats popups e Y 27 EB Photos System Configuration gt WAN Main IP Setting x 2 imere 62 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration IP Aliasing You can add up to ten additional IP aliases on the WAN port The IP aliasing entries can be used by the virtual server to map a public IP address to a private IP address If the virtual server needs to map multiple public IP addresses to multiple private IP addresses the IP aliasing entries can be used to create additional public IP addresses These entries are always static entries and can not use DHCP 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help peck UY x Es e F Search 7 Favorites Et ts 2 m Ll M 3 Address https 1192 168 202 211 cg bin sgateway PG 4_ i i E a Eje ins Gougle C Search 0 Eisoblocked Check i will 2 gt YF 2 f z Search Web 2 dr Gr P welkome Tour g Choose Buttons gt pO 1 Level One oi Add Tab gt Viewnoint 7 J Web Search JA Search Results LE Bookmarks ly A Pop ups Sl l v M Photos s re ess A 4 ric ern T nie Operation Mode Gateway Bridge Mode Username admin Host Name default 192 168
91. ireless bridging uses a second WLAN card to set up an independent wireless bridge connection Since wireless bridging provides a mechanism for APs to collaborate it is possible to extend the basic service set BSS of a standalone AP and to connect two separate LANs without installing any cabling The wireless bridging function in the WAB 3000 supports a number of bridging configurations Some of the most popular settings are dis cussed in this chapter e Point to point bridging of two Ethernet links e Point to multipoint bridging of several Ethernet links e Repeater mode The wireless bridging screens are the same whether you are in access point or gateway mode Bridging is a function that is set up in addition to basic access point or gateway setup If you will be using the WAB 3000 solely as a bridge some of the settings you may have selected for access point gateway use will not be necessary If setting up as a bridge during initial setup you can either use the LAN Port directly wired by Ethernet cable to a laptop to set the appro priate settings The management screens that you may need to modify regardless of what type of bridging mode you choose will be in the Wire less Bridge section of the navigation bar These include e Wireless Bridge General e Wireless Bridge Radio e Wireless Bridge Encryption 29000171 002 A 71 WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Wireless Bridge
92. ity functions are performed by personnel trained in the procedure using the embedded web based management screens The next chapter covers the basic procedure for setting up the hard ware 29000171 001 A 11 WAB 3000 Wireless Access Point 12 WAB 3000 Navigation Options ACCESS POINT Wireless Access Point Security Security e None e None e Static WEP e Static WEP e 802 11i and WPA e 802 11i and WPA General General e Monitoring e Monitoring Encryption Encryption e AES CCM e AES CCM Content Fltering OOOO tering OOO O oein OO Vital erver S a A A 2 List All Users List All Users e Edit Delete e Edit Delete Add New User Add New User System Upgrade System Upgrade e Firmware Upgrade e Firmware Upgrade e Local Configuration Upgrade e Local Configuration Upgrade e Remote Configuration Upgrade Remote Configuration Upgrade Factory Default Factory Default Remot Logging Remote Logging Utilities Utilities Monitoring Reports Monitoring Reports Chapter 1 Introduction 29000171 001 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installation Chapter 2 Hardware installation Preparation for Use The WAB 3000 Wireless Access Point requires physical mounting and installation on the site following a prescribed placement design to ensure optimum operation and roaming FCC Regulations require that the WAB 3000 be professionally installed by an installer certified by the National Association
93. k simultaneously then the system is halted The software has discovered a problem with the encryption algorithm or the system configuration does not pass the integrity check Reset Button You can reboot the WAB 3000 by pressing and holding the reset but ton on the front of the unit for five seconds Input is acknowledged by the LWLANSS LED turning on To reset the WAB 3000 to its factory default press and hold the reset button located on the front of the unit for 10 seconds Input is acknowl edged by the WLANNSS LED turning on and then turning off after 10 seconds 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Chapter 3 Access Point Configuration Introduction The WAB 3000 comes with the capability to be configured as an access point As it incorporates two separate 802 11 wireless cards one for configuring a local WLAN and one for use in bridging it can also be configured for bridging either with access point or gateway configuration on the WLAN side Configuration as a gateway is discussed in Chapter 4 and configuration for bridging is discussed in Chapter 5 Preliminary Configuration Steps For preliminary installation the WAB 3000 network administrator may need the following information e IP address a list of IP addresses available on the organization s LAN that are available to be used for assignment to the AP s Subnet Mask for the LAN Default IP address of the WAB 3000 DN
94. led for this device causing a potential security risk to data residing on that host Again it is recommended that IP addresses of DMZ host computers on the Private Network be manually statically assigned to coincide with a static DMZ host mapping to that specific IP address DMZ hosts should not rely on the dynamic IP assignment of DHCP server function which could create incorrectly mapped IP address assignments to non DMZ hosts 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help sak F Y j Search HE Favorites 4 gt oe as Mj Ss https 192 168 202 211 cgi binfsgateway PG 45 g Go Google G Search O Eisoblocked 8 Check Yyr x v SearchWeb 2 Ar E ES Welcome Tour Choose Buttons 7 Level One s Add Tab int F WebSearch Search Results LU Bookmarks Pop ups 3 y i Photos evel Wireless AP Bridge Operation Mode GatewawBridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer Firewall gt Demilitarized Zone DMZ System Configuration Operating Mode ABN SA Olean WAN IP Address Wireless Access Point General Security Apply MAC Address Filtering Done A Internet 68 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration Advanced Firewall As advanced firewall functions you can enable disable e Block Ping to WAN e Web based management from WAN port e
95. level WAB 3000 108Mbps Mesh AP Bridge w Multi SSID VLAN User Manual Ver 1 00 0610 Copyright 2006 All rights reserved No part of this documentation may be reproduced in any form or by any means or to make any derivative work such as translation transformation or adaptation without written permission from the manufacturer The manufacturer reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of the manufacturer to provide notification of such revision or change The manufacturer provides this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose The manufacturer may make improvements or changes in the product s and or the program s described in this documentation at any time Certain features listed may have restricted availability and or are subject to change without notice please confirm material features when placing orders If there is any software or removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the printed documentation or on the removable media in a readable file such as license txt or the like If you are unable to locate a copy of the license con
96. licate IP address is detected the bridge site map will show this device with a red IP address The distributed default gateway is the first IP address in the valid range For example for 10 128 0 0 the default gateway is 10 128 0 1 The distrib uted netmask is 255 0 0 0 Factory Default The System Administration Factory Default screen is used to reset the AP to its factory settings The Restore button is a fallback troubleshooting function that should only be used to reset to original settings Only the Crypto Officer role has access to the Restore button 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Back x a Y Search Hz Favorites EX th g S a LA 5 y ge Address E https 192 168 202 211 cgi binfsgateway PG 71 Google G Search g Ssoblocked Check yr e B e Search Web 2 EA g EP Welcome Tour oP Choose Buttons Level One s Add Tab hewnolnt 7 Web Search 7 Search Results 1 Bookmarks Pop ups E Photos Wireless AP Bridge Operation Mode Gateway Bridge Mode Username admin Host Hame default 192 168 202 211 Role Crypto Officer one System Administration Factory Default System Configuration General Click Restore button to reset factory default Operating Mode WAN LAN Restore Wireless Access Point 2 Internet Done You can also reset the WAB 3000 to its factory default by pressing
97. ncy in which new encryption keys are generated and distributed to the client The more frequent re keying the better the security For highest security select the lowest re keying inter val Once you have selected the options you will use click Apply 29000171 002 A 35 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration 3 Level One Microsoft Internet Explorer ER File Edit View Favorites Tools Help ay oO Back gt EN a f Search LL Favorites 3 x A Address l https 192 168 202 21 1 cgi bin sgateway PG 11 Go Links Google S G Search go A 30blocked SF check n iui rl r YT gr zi Search Web lt ir By MP welcome Tour Choose Buttons gt gt i Level One e Add Tab El H Web Search i ae search Renita LO Bookmaris Cros PICA WE Photos A iralass AP Rridae FOF la viewpoint Loa dm ry one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security Wireless YLAN MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption Services Settings DHCP Server SNMP Agent Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Bridging Site Map Wireless Clients Adjacent AP List DHCP Client List Logs System Log Web Access Log System Administration System Upgrade Factory Def
98. ne broadcast domains in a Layer 2 network VLANs have the same attributes as physical LANs with the additional capability to group end stations physically to the same LAN segment regardless of the end stations geographical location To interconnect two different VLANs routers or Layer 3 switches are used These routers or Layer 3 switches execute inter VLAN routing or routing of traffic between VLANs Broadcast traffic is then terminated and isolated by these Layer 3 devices for example a router or Layer 3 switch will not route broadcast traffic from one VLAN to another Wireless VLAN is an extension of Layer 2 wired VLANs in wireless LAN WLAN environment As with wired VLANs wireless VLANs segregate the WLAN network into disjointed sections each of which can serve a different purpose or users such as engineering accounting or guest To get the same network configuration with VLAN incapable APs a set of APs need to be installed for each network section but with a VLAN capable AP like the WAB 3000 one AP can serve multiple sec tions with traffic segregated inside the AP so that only one set of APs is needed When wireless VLAN is enabled an AP can be configured to have multiple SSIDs so that it supports multiple wireless networks Each net work per configuration belongs to a VLAN A wireless client talks with the AP inside a wireless network defined by an SSID so it does not know the wireless VLAN exists The mapping between t
99. ned in the IEEE 802 11 stan dard WEP was originally designed to provide the same level of security for wireless LANs as that of a wired LAN but has come under attack for its defaults and is not now state of the art WEP relies on the use of identi cal static keys deployed on client stations and access points But the use of WEP encryption provides some measure of security D Level Ora Microsoft Internal Explorar E bets th 202 711 jog br gat cee 0 Google YI g ler 7 el Sipe WebSearch y Wireless AP Bridge Dai Mode Rae Gryph COM et Wireless Access Point gt Security Sica y Aber rd Shane WEP Utilities exist for scanning for networks and logging all the networks it runs into including the real SSIDs the access point s MAC address the best signal to noise ratio encountered and the time the user crossed into the network s space These utilities can be used to determine whether your network is unsecured Note that if WEP is enabled that same WEP key must also be set on each wireless device that is to become part of the wireless network and if shared key is accepted then each wireless de vice must also be coded for shared key To use WEP encryption iden tify the level of encryption the Default WEP key and designate the WEP keys as shown on the screen 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration IEEE 802 111 and WPA Wi Fi Protected Access or WPA wa
100. ng Roque AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering Virtual Server DMZ Advanced Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Bridging Site Map Wireless Clients Adjacent AP List DHCP Client List Lows System Log Web Access Log System Administration System Upgrade Factory Defautt Remote Logging Reboot Utilities 29000171 002 A ireless Bridge WDS 1 STP Status Remote MAC Signal Strength State Port Priority hex Path Cost Designated Bridge Tx packets 1367 Tx bytes 228568 Tx dropped 0 Ethernet Port STP Status Port Priority hex Path Cost State Designated Bridge 00 08 68 31 34 45 Excellent 87 forwarding 50 400 0128 00074501001c Rx packets 6397 Rx bytes 699630 Rx dropped 9 50 380 forwarding 0128 0007d5010069 Wireless Port 0 STP Status Port Priority hex Path Cost State Designated Bridge 50 100 forwarding 0128 0007d5010069 Wireless Bridging Information Bridge Priority hex Bridge Hello Time Bridge Forward Delay Bridge Max Age Bridge ID Designated Root Root Port Path Cost Hello Time Forward Delay Max Age MAC Ageing Time MAC Ageing Interval Flags 128 2 00 sec 3 00 sec 20 00 sec 0128 000795010069 0128
101. ng Mode Bridging Mode manual bridging selected manual bridging selected Signal Strength LED MAC Not Assigned select from drop down list Not Assigned select from drop down list Spanning Tree Protocol Enable or Disable if no bridging loop possible Enable or Disable if no bridging loop possible Wireless Bridge Radio Wirelss Mode 802 11la 802 11a Tx Rate AUTO AUTO Channel No Same as Bridge 2 n Same as Bridge 1 Tx Power Mode Auto Auto Propagation Distance lt 5 Miles lt 5 Miles RTS Threshold 2346 2346 BSSID Add Bridge 2 n MAC Add Bridge 1 MAC Wireless Bridge Encryption Bridging encryption options Select appropriate key type length and value Must be the same key as Bridge 2 n Select appropriate key type length and value Must be the same key as Bridge 1 Point to Multipoint Bridging Setup Guide Auto Mode Direction Bridge 1 Bridge 2 n Wireless Bridge General Auto Bridging Mode Bridging Mode Auto bridging selected Auto bridging selected SSID Must be the same as Bridge Must be the same as Bridge 1 2 n Max Auto Bridges 40 range 1 40 40 range 1 40 Bridge Priority 40 range 1 40 40 range 1 40 Signal Strength Threshold 9 9 Signal Strength MAC Enter from list at the bottom Enter from list at the bottom of of the screen the screen Wireless Bridge
102. nt SMTP 25 POP3 110 General DNS 53 NNTP 119 Security _ _ p TEM SU MAC Address Filtering TFTP 69 SNMP 161 Rogue AP Detection purenos Add Protocol and Port Wireless Bridge General Protocol TCP 4 Radio i oe Energis PortRange A MAC Address Filtering Add Services Settings DHCP Server a SNMP Agent Port Filtering List Firewall Delete Protocol Port Range Content Filtering IP Filtering Port Filtering Done A Internet 66 29000171 002 A WAB 3000 Wireless Access Point Chapter 4 Gateway Configuration Virtual Server Click the entry on the left hand navigation panel for Firewall Vir tual Server In order to protect the Private Network the built in NAT firewall filters out traffic to the private network Since all clients on the Private Network are normally not visible to outside users the virtual server func tion allows some clients on the Private Network to be accessed by outside users by configuring the application mapping function offered on this page Certain well known applications use specific TCP ports such as Telnet port 23 FTP port 21 and Web server port 80 Client computers on the Private LAN can host these applications and allow users from the Internet to access these applications hosted on the virtual servers 3 Level One Microsoft Internet Explorer File Edit view Favorites Tools Help sak X x E Y J Search Hz Favorites 04 EE lisa M 3
103. nung Escutia do 21 The Tndicator Li MES r ere E E E EE E E 21 Reser DUHOM it al intents ati 22 Chapter 3 Access Point Configuration c cccsscccssscsssncsescsssescsssssncsenescsesecseeseaes 23 Mitro HoN eaneremie sane E rer ientreterrerr Cnt Cer ener Soncoro nme ere 23 Preliminary COMMS uraton opa 23 Initial Setup using Me LAN Porta E 24 SY SIC ONIN SULA ON ia 26 Elia y IA OA O E aisle soaps marae atiniard eave sate esuariaaante asap tiaes 26 Operatine Mode prse ern nn a ia 27 WAN caino A E O 28 B a e O T A E 29 Wireless Access Point Configuration cocconcnncconnnnnonnnnnnnonnninnnnonanacinanannnoncanocananacinino 30 Cono A A oo A 30 A auras suavaaceaessecansgucnassase ges aabanne aes aaaeea tenes atop Masee eed acontaSS 33 29000171 002 A iv No Fncy phon aii ti 33 State WEP EN PUOI tad 34 TEER S0 lara WIP 35 Wireless V LAN ses acacia tt Malema hated 37 WAC Address Piterin tata 38 Rogue AA Detecta tias 39 O A a cali ase ea cil a ites 40 Wireless Dd rada 40 SCTV ICES A E N S 41 DOCO SOV CE siana a A 41 SNMP ASE E 42 Admin User Mancera 44 Lista US tt 44 Ada NEw Usas 45 MOR LORI REPOSO AAA 46 SA A E E E E E tens 46 Dade ne Stats lios 47 Pidre ote MaM reana TE 48 Wireless Cuenta 49 Adac n AP Lit ta 49 DHCP CHEESE tad 50 EStdt 50 A e PU PEE eee eee ees ee 50 WED Access Lodi 51 OY SIEM ACI SAO ai 52 VSEM Upgrade st STEA 52 Firmware Uperade dla 52 Local ConteuratonU perade suso N S tanta 53 Remote Configu
104. ockets 1 0 SMP for Linux NET4 0 default user info kernel NET4 Ethernet Bridge 008 for NET4 0 default user warn kernel NetyYinder Floating Point Emulator V0 95 c 1998 1999 Rebel com default user warn kernel Freeing initrd memory 4096K default userwarn kernel VFS Mounted root ext2 filesystem B internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Web Access Log The Web Access Log displays system facility messages with date and time stamp for any actions involving web access For example this log re cords when you set encryption mode change operating mode etc using the web browser It establishes a running record regarding what actions were performed and by whom The Web access log will continue to accumulate listings If you wish you can export the log and save it as a file on your PC Click on Export 3 Level One Microsoft Internet Explorer File Edit CO rec eS Tools Help Es E Search 77 Favorites a SE pa Lal Mj 3 View Favorites Address e https 192 168 202 211 coi binfsgateway PG 60 Gougle 1e Go p e GC search 30 Eisoblocked E Check 00001 a 2 Yr 2 _ Level One e Viewnoint one System Configuration General Operating Mode WAN LAN Wireless Access Point General security MAC Address Filtering Roque AP Detection Advanced Wireless Bridge General Radio Encrvntion E Done 29000171 002 A
105. oint z z Search Web 2 dr Gr P welome Tour g Choose Buttons mom 2 gt amp gt gt zeg gt eor A F N TEA A A ADs ridge re Toriddae t EErE S gt MAF LI Operation Mode Gateway Bridge Mode Username admin Host llame Role Crypto Officer one gt Wireless Bridge gt Encryption System Configuration General Operating Mode WAN LAN Wireless Access Point General Security Encryption Type None F Web Search 7 Search Results i LU Bookmarks B Pop ups AS 0 Photos default 192 168 202 211 l a TE Internet El Done 84 Chapter 5 Wireless Bridge Configuration 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration You must complete the configuration of your Bridge 1 by following the general instructions in Chapter 3 of this guide to establish any other required configuration options such as General WAN and LAN settings Configure the second of your two point to point bridges following the instructions given for Bridge 1 above Point to Multipoint Bridge Configuration A point to multipoint configuration allows you to set up three or more WAB 3000 access points in bridging mode and accomplish bridging between 3 or more locations wirelessly For the three bridges that are to be linked to communicate properly they have to be set up with compatible commands in their setup screens For instance all bridges must have the same
106. orites Tools Help rex J x A t j Search 7 Favorites ES A a E lag M 3 Address 1427 https 1192 168 202 211 cgi binfcgateway sa Go links gt Google J G Search 0 30blocked Check umun ocr 2 Y e A Search Web 2 dr Er P welcome Tour 4 Choose Buttons gt 1 Level One Wh Add Tab E Viewnoint gt one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General 2 Done 44 ARI Password Li TEE 11 A Search Results A Search Results LU Bookm okmarks ris Pop ups 58 y Nr Photos OR e Nirele T a reless AP Br all im o Gperstion Mode DatewayEndge Mode Username admin Host llame default 192 168 202 211 Role Crypto Officer User Management gt Edit User User ID admin L Confirm Password Role Awet Oficial Note Default Crypto Officer Update Reset A internet 29000171 002 A WAB 3000 Wireless Access Point Add New User Chapter 3 Access Point Configuration The Admin User Management Add New User screen allows you to add new Administrators and CryptoOfficers assigning and confirming the password 3 Level One Microsoft Internet Explorer o File Edit View Favorites Tools Help sxx Y x a A pa Search 7 Favorites ES
107. ply A Internet The automatic IP address configuration feature can be used to assign a remote device an IP address This feature minimizes the effort to con figure IP addresses in a wireless network The IP addresses are assigned on the private class A IP address range 10 0 0 0 By default this feature is enabled so if you want to assign your own IP addresses you need to disable this feature You have the option to configure the second byte of the IP address to limit the range in which the IP addresses are distributed For example if your network already uses the 10 0 0 0 network address for other devices you can limit the auto configuration to an upper range of 10 128 0 0 and the IP addresses will start from that number 29000171 002 A 55 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration The automatic IP address configuration feature uses the last three bytes of the WAN MAC address for the last three bytes of the IP address For example the WAN MAC address of 00 07 D5 01 02 03 will translate to an IP address of 10 1 2 3 If the starting range of the automatic IP address configuration is set to 10 128 0 0 and the WAN MAC address is 00 07 D5 01 02 03 then the IP address is pushed to the upper range and becomes 10 129 2 3 basically the second byte adds 128 1 The MAC addresses on the WAN port are from an address pool of 16 million addresses There is a small chance for duplicate MACs However if a dup
108. r is used to connect the WAB 3000 to the organi zation s LAN The WAN connector is routed from the unit to the power injector which runs DC power through the Ethernet cable to the unit The Ethernet cable is thus run from the WAB 3000 to the power injector which is then connected to a power source and the wired LAN A second LAN Port Ethernet connector is designed for use during initial configuration only This uses an RJ45 cable to connect the WAB 3000 to a laptop The following diagram demonstrates the setup Connect Connect RF Antenna RF Antenna for AP for AP Connect RFAntenna for Bridge Repeater WAN LAN Ethernet Ethernet Port Port Hee we ee ee Ethernet switch hub Power Injector Bridge Transmit Distance Normally the bridge need transmit RF signal to another bridge device at long distance You may need to calculate the RF link Budget as refer ence The equation of RF link budget is Fade Margin received signal receiver threshold Where Received signal Transmitter power Transmitter cable loss Trans mitter antenna gain free space path loss Receiver antenna gain Receiver cable loss Received threshold Received sensitivity Free Space Path Loss Using below Free Space Loss Formula to calculate free space path loss L 96 6 20log F 20log D 29000171 002 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installat
109. ration The System administration screens contain administrative functions The screens and functions are detailed in the following section System Upgrade The System Administration System Upgrade screen gives you the ability to upload updates to the WAB 3000 device s firmware as they be come available When a new upgrade file becomes available you can do a firmware upgrade from the Firmware Upgrade window There is also a configuration file transfer option which allows the system configuration file from one AP to be transferred to another AP in order to minimize the administration of the APs Only configuration parameters that can be shared between APs are downloaded in the con figuration file WAN IP address and hostname are not transferred in the configuration file Click on the Local Configuration Upgrade and Remote Configuration Upgrade tabs to perform file transfers Only the Crypto Officer role can access this function Firmware Upgrade On the System Administration System Upgrade screen the Firm ware Upgrade tab is the default view Click browse and select the firmware file to be uploaded Click on the Upload Firmware button 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help Back X m j Search ye Favorites 04 has g S Address 42 https 192 168 202 211 cgi binfsgateway PG 70 m g Go Google G Seach 90 30blocked Check Yr ge y Search Web 2 Ar
110. ration Uperade sii dai 54 Factory Dell ta 56 Remote LOC CIDO na dile 57 ISEDOO Eran 57 Unite il e 58 Chapter 4 Gateway Configuration sesseessesssssessossssssoesosssosseessessossosssossesssessesssssssesse 59 EAU 59 Configure Gateway MOB 61 WAN aaa 62 Man IL Stinson id 62 PASS 63 LANG datado 64 ECU ose 65 Erewallci nl 65 Content PIETNE sanirana RT TA 65 IO FAS ET aestas e aaa ee tes ean waa est ainietes 66 A gates eats od ida a tated a 66 WIT SOL id 67 Dentlitarizad Zone DMZ hereni sade Sut rceias ted TE 68 Advanced Pra ns 69 Chapter 5 Wireless Bridge Configuration ococoooncoonnonnnonnnnonnnonininonncncaconanononcncncconacos 71 todas cis 71 Wireless Bridge General rd 72 M ntal Dide NE tiara 74 Montos ds 75 29000171 002 A Wireless Bridges Radio 75 Wireless Bride ENcry p Okeana nn a RO 78 Wireless Bridge MAC Address FIernn g nesnesou a aa 79 petting Up DGG Ine Type sorria a T E T 80 Point to Point Bridge Configurar 80 Point to Point Bridging Setup Guide Manual Mode cece 81 Point to Point Bridging Setup Guide Auto Mode ccoccnccnicnonncnnannannnninonannnono 81 Point to Multipoint Bridge Configuration coocnoccocnonnnnnnncnnnnaninananinananacnnanacnnanoss 85 Point to Multipoint Bridging Setup Guide Manual Mode ceee 86 Point to Multipoint Bridging Setup Guide Auto Mode cece 86 Repeater Bridge Configura 87 Repeater Bridging Setup Guide Manual Mode cooconccniccnoncnnanonanicnan
111. ress Subnet Mask Default Gateway DNS 1 DNS 2 Apply A Internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration LAN Click the entry on the left hand navigation panel for System Configu ration LAN This directs you to the System Configuration LAN screen This sets up the default numbers for the four octets for a possible pri vate LAN function for the access point It also allows changing the default numbers for the LAN Subnet Mask The Local LAN port provides local access for configuration It is not advisable to change the private LAN ad dress while doing the initial setup as you are connected to that LAN 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help pack 7 ES x a EA J Search 7 Favorites 4 ga amp E has M Address https 192 168 202 21 1 cgi bin sgateway PG 2 Google e C Search gP ranblocked MF Check Al yr oe c Search Web 7 Ar P welcome Tour g Choose Buttons Level One a Add Tab Wireless AP Bridge Operation Mode Wireless AP Bridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer A moc l Ar System Configuration gt LAN System Configuration General B Link Speed and Duplex Operating Mode y p g LAN Link Auto WAN LAN Wireless Access Point IP A
112. ry Wireless Bridge Information Apply Enable refresh Disable refresh Bridge refresh interval 5 seconds Remote AP s MAC Address Pork ho MAC Address Signal Strength Mote E https 11192 168 202 211 Wireless Bridge Information Microsoft Inte Seles a dE 1 DOD0B6031 SAAS Good 63 default location Ej Done mM a Es Internet Wireless Bridge Radio The Wireless Bridge Radio screen contains wireless bridging information including the channel number Tx rate Tx power spanning tree protocol 802 1d enable disable and remote AP s BSSID This page is important in setting up your bridge configuration 3 Level One Microsoft Internet Explorer File Edit View Favorites Tools Help peck El x E t jJ Search 7 Favorites Es on Las Mj 3 Address dE https 1192 168 202 21 1fea bin sgateway PG 135 Eco Google vi G Search 0 30blocked Check i ml 2 Yr E K Search Web 2 B P welcome Tour G Choose Buttons isso m 3 gllwebssearch el Asear ents i soomaa oro lid Protea z J La Viewnolnt v Wireless AP E r PT peel di Aai di j Operation Mode GatewawBridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer a SSS A E y f Wireless Bridge gt Radio 1 System Configuration General Operating Mode MAC Address 00 0B 6B 35 FF ED VistronNew WAN Wireless Mode
113. s designed to enable use of wire less legacy systems employing WEP while improving security WPA uses improved data encryption through the temporal key integrity protocol TKIP which scrambles keys using a hashing algorithm and by adding an integrity checking feature ensures that the keys haven t been tam pered with In addition user authentication is enabled using the exten sible authentication protocol EAP If you wish to use WPA on the WAB 3000 enable either WPA Pre shared Key Settings or WPA 802 1x Settings If you are a SOHO user selecting pre shared key means that you don t have the expense of installing a Radius Server Simply input up to 63 character numeric hexadecimals in the Passphrase field If your clients use WPA TKIP select TKIP as encryption type If your clients use WPA AES select AES CCMP If a combination select AUTO Enable pre authentication to allow a client to authenticate in advance with the AP before the client is associated with it Allowing the AP to pre authenticate a client decreases the transition time when a client roams between APs As an alternative for business applications who have installed Radius Servers select WPA 802 1x and input the Primary Radius Server settings Use of Radius Server for key management and authentication requires that you have installed a separate certification system and each client must have been issued an authentication certificate Re keying time is the freque
114. stem Configuration i General Operating Mode Add IP Address WAN eee LAN IP Address Wireless Access Point Add General Security MAC Address Filtering am LAN IP Address List Rogue AP Detection Delete Advanced Wireless Bridge General E Done B internet Port Filtering Click the entry on the left hand navigation panel for Firewall Port Filtering Port filtering permits you to configure the Gateway to block outbound traffic on specific ports It can be used to block the wireless network from using specific protocols on the network 2 Level One Microsoft Internet Explorer POR File Edit View Favorites Tools Help id EES UY x a A j Search 7 Favorites E 3 EZ lisa M Address E https 1192 1 68 202 211 Icoi binfsgateway PG 42 SR Google sel Gl search 50 SSraoblocked check Yr x Search Web lt dr Gr P welcome Tour g Choose Buttons a 7 Level One Add Tab 2 Viewnaint g Web Search Search Results LU Bookmarks Pop ups EY j 0 Photos gt P 2 c OF a ee a BT Ol tee ea eee Per se Wieres lage iy gt AP Tor lt O Te es Operation Mode Gateway Bridge Mode Username admin Host llame default 192 168 202 211 one Role Crypto Officer A Firewall gt Port Filtering System Configuration General Operating Mode FTP 20 21 Finger 79 pit Telnet 23 HTTP e0 Wireless Access Poi
115. tact the manufacturer and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States Government agency then this documentation and the product described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in the manufacturer s standard commercial license for the software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Level One and the Level One logo are registered trademarks WAB 3000 is a trademark of Level One Windows is a registered trademark of Microsoft Corporation Any other company and product name mentioned herein is a trademark of the respective company with which they are associated EXPORT RESTRICTIONS This product contains components software and or firmware exported from the United States in accordance with U S export administration regulations Diversion contrary to U S law is prohibit
116. tem Configuration General Operating Mode MAC Address 00 0B 6B 35 FF ED WistronNew WAN Wireless Mode 802 118 LAN Wireless Access Point Tx Rate AUTO A General Channel No 60 5 3 GHz v Security MAC Address Filtering Tx Pwr Mode Auto Fixed Power Level is Se gaa Propagation Distance lt 5 Miles Advancec Wireless Bridge RTS Threshold 2346 Range 1 2346 General Radio Encryption Apply MAC Address Filtering Done B Internet 29000171 002 A WAB 3000 Wireless Access Point Chapter 5 Wireless Bridge Configuration Next go to the Wireless Bridge General screen Select either man ual or auto bridging If you choose Manual Bridging then you will have to set Spanning Tree Protocol to Enable unless you are sure that there is no chance of a loop You can also assign a Signal Strength LED MAC Signal strength LED MAC allows you to set the number of one of the Re mote APs which will be listed at the bottom of the screen once the system is operational as the guiding port that you wish to have display in the WLANSS LED on the front of the WAB 3000 as a signal If you don t wish to display any connection signal simply leave this set at Not Assigned From this screen you can also choose to delete a remote AP s MAC ad dress Click Apply to accept your changes F Level One Microsoft Internet Explorer File Edit View Favorites Tools Help rex 7 x E Y j Search Hz Favorites JE e l M Ss e
117. the gateway Common forms of managed infor mation include number of packets received on an interface port status dropped packets and so forth SNMP is a simple request and response protocol allowing the manager to interact with the agent to either e Get Allows the manager to Read information about an object variable e Set Allows the manager to Write values for object variables with in an agent s control 3 Level One Microsoft Internet Explorer EER v File Edit View Favorites Tools Help Q rex X x A P Search 7 Favorites Et 2 Leal Mj 3 42 Address 421 https 192 168 202 211 cgi binfsgateway PG 33 Gougle D a Yr 2 _ Level One Ws Vrewnoint v one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering Virtual Server DMZ Advanced Admin User Management List All Users Add New User User Password Policy Monitoring Reports System Status Bridging Status Bridging Site Map Wireless Clients Adjacent AP List DHCP Client List Operation Mode GatewayBridge Mode w EJ so links 2 G Search gO SSrsablocked E check gt i j Search Web 2 dr Gr GP welcome Tour g Choose Buttons gt of Add Tab Web Search
118. to give full access for setup configu ration This password is case sensitive Please read the terms and condi tions and check the checkbox then click Sign In to continue configuration Z WAB 3000 Microsoft Internet Explorer File Edit View Favorites Tools Help sxx z x F Y P Search 3 2 Favorites Et Sl Address https 192 168 202 211 Google l Y G search 199 Brzoblocked F check gt a YF 2 J Search Web 2 Ay Gr P Welcome Tour pp _ WAB 3000 Si Add Tab e E T E e Viewnolnt Web Search A Search Results 1 Bookmarks Pop ups amp al ee WAB 3000 Wireless AP Bridge Version 4 1 Build 2 17 Username admin Password eseese agree to the terms and conditions below Terms and Conditions This device is for authorized use only Any unauthorized use of this product is prohibited 2 internet 29000171 002 A 25 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration System Configuration General You will immediately be directed to the System Configuration General screen for the WAB 3000 access point This screen lists the firmware version number for your WAB 3000 and allows you to set the Host Name and Domain Name as well as establish system date and time Host and Domain Names are both set at the fac tory for default but can optionally be assigned a unique name for each You can also enter a descript
119. twork A VPN uses encryption and other security mechanisms to ensure that only authorized us ers can access the network and that the data cannot be intercepted WLAN Wireless Local Area Network A type of local area network that uses high frequency radio waves rather than wires to communicate between nodes WPA WPA stands for WiFi Protected Access It s an interim standard developed by the WiFi Alliance pending full ratification of the 802 111 standard to protect the wired band and improve upon the old WEP encryption standard 29000171 002 A
120. ual Server DMZ Advanced Admin User Management Index List All Users 1 Add New User User Password Policy Monitoring Reports Bridging Mode O Manual Bridging Auto Bridging SSID super Max Auto Bridges Bridge Priority Signal Strength Threshold Broadcast SSID Apply Signal Strength MAC 1 40 1 40 Set BSSID 000B6B3134A5 Signal Strength Good 66 Link Status Linked tinal default 192 168 202 211 Wireless Bridge gt General Monitoring i i zj Search Web 2 B E GP welcome Tour 4 Choose Buttons gt gt _ Bl WebSearch j7 SearchResuts LE Bookmarks y PPop ups W 5 gt WR Photos Remote AP s MAC Address Description default location 3 Internet Next navigate to the Wireless Bridge Encryption screen Select the appropriate key type and length and the key value The encryption key value and type for Bridge 1 must be the same as for Bridge 2 For wireless bridging only None and Static AES CCM are cryption 3 Level One Microsoft Internet Explorer File Edit Help sax UY x Er A P Search Hz Favorites E A ES E Lan M View Favorites Tools available for en Sa o 3 Address E https f 192 168 202 21 1 coi binfsgateway PG 14 gt De i Links Google G Seach g E3oblocked check q 20 Yr 2 _ Level One a Add Tab La Viewn
121. und stud see figure Tighten the two lightning arrestors to the N connector finger tight Grounding To Earth Stud Ground _ PEREA WINE Attach Lightning Arrestor with 12 inch wire Lightning Arrestor Attach Lightning A Arrestor with ntenna 10 inch wire to Bridge Antenna Port 19 29000171 002 A WAB 3000 Wireless Access Point Chapter 2 Hardware Installation 20 Attach the ring terminal from the Lightning Arrestors ground cable to the grounding stud on the WAB 3000 unit The lightning arrestor s ring terminal should be attached to the unit after the earth ground ring terminal is attached Perform this same procedure for every antenna installed on the unit It is recommended that this Outdoor Protection Kit be replaced every three years If the unit is operated in an area subject to intense lightning activity it is recommended that the Outdoor Protection Kit be replaced every year Antenna Installation The WAB 3000 ships with two tri band 5dBi antennas These anten nas should be connected to the AP antenna connectors located on the rear of the unit NOTE Make sure a lightning arrestor is installed between the unit and the antenna if any part of this assembly is located outdoors See the previous section If you are not using the access point function then you do not need the AP antennas Make sure during your configuration set up that you go to the Wireless Access Point General scre
122. x A of g Search Hr Favorites E SS i bow M A Addres E https 192 168 202 21 1 cgi bin sgateway PG 11 gt gt Go Links Google G Search y g E 30blocked Check gt yr og Search Web 4 E GP Welcome Tour 4 Choose Buttons gt gt Level One a Add Tab lt Viewpoint gt 7 WebSearch Search Results LO Bookmarks Pop ups ra a Photos level Wireless AP Bridge Lou t Operation Mode Wireless AP Bridge Mode Username admin Host Hame default 192 168 202 211 one Role Crypto Officer Wireless Access Point gt Security System Configuration General Operating Mode Security Method None Y VAN LAN Wireless Access Point Apply General Apply Security r 29000171 002 A 33 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration 34 Static WEP Encryption If you choose to use WEP encryption you can also select whether it will be Open System or Shared Key authentication For greater security set authentication type to shared key WEP Data encryption can be set to 64 bit or 128 bit encryption The Key Generator button automatically generates a randomized key of the appropriate length This key is initially shown in plain text so the user has the opportunity to copy the key Once the key is applied the key is no longer displayed in plain text WEP Wired Equivalent Privacy Encryption is a security protocol for wireless local area networks WLANs defi
123. y reasons it will not communicate to any clients unless the encryption is set by the CryptoOfficer It is recommended that you set encryption as soon as possible Gateway mode has the same encryption options as the AP mode Firewall Content Filtering Click the entry on the left hand navigation panel for Firewall Con tent Filtering The Content Filtering screen allows the system adminis trator to identify particular hosts or IPs that will be blocked from access by the gateway Simply input the IP address and click Add Entries can be added as e Individual IP addresses 192 168 204 10 e IP address range 192 168 204 0 24 e Exact URL www yahoo com e Wildcard URL gov 3 Level One Microsoft Internet Explorer See t File Edit View Favorites Tools Help Q peck X a a P J Search 5 Favorites Es e a 4 lud Mj 3 Address 42 https 192 168 202 211 cgi bin sgateway PG 40 Eao tm gt Google G Search S30 blocked Check Si We Search Web 2 Edy Ej welcome tour 4 Choose Buttons gt _ Level One Le VWewnoipt v 51 one System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Filtering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filtering Services Settings DHCP Server SNMP Agent Firewall Content Filtering IP Filtering Port Filtering L Add Tab W
124. yp tion and HTTPS TLS for secure web communication In addition it contains the capability to use the traditional WEP algorithm either as static WEP or managed under WPA The WAB 3000 has an Ethernet WAN interface for communication to the wired LAN backbone Ethernet LAN local port for purposes of initial setup and configuration and two wireless AP antennas for communicating on the 802 11a b g frequen cies Further it has the capability for use of an external remote antenna for bridging using the 802 11b g Mixed 802 11a 802 11g Super 802 11a Turbo frequencies 29000171 001 A 1 WAB 3000 Wireless Access Point Chapter 1 Introduction Basic Features The WAB 3000 is housed in a sturdy case which is not meant to be opened except by an authorized technician for maintenance or repair If you wish to reset to factory settings use the reset function available through the GUI based management module The WAB 3000 is wall mountable It has the following features e Ethernet uplink WAN port Gateway Mode supported e Local Ethernet LAN port for configuration only e Wireless VLAN e Wireless AP with operating range of 2000 feet e Wireless Bridge e Power over Ethernet PoE e Above average temperature range for extreme environments with TEC option e WEP encryption or WPA WPA2 AES CCM with TKIP e HTTPS TLS secure Web e DHCP client e Adjustable Radio Power e MAC address filtering e Load Balancing e Rogue AP Detection
125. ype None lt WAN LAN Static AES CCM Wireless Access Point Apply General Wireless Bridge gt Encryption Security El Done 9 Internet If you select AES CCM enter a 128 bit key as 32 hexadecimal digits or use the Key Generator button to automatically generate a randomized key of the appropriate length This key is initially shown in plain text so you have the opportunity to copy the key Once the key is applied the key is no longer displayed in plain text 3 Level One Microsoft Internet Explorer PER File Edit view Favorites Tools Help a G Back x a A F Search 7 Favorites Es i 3 w Mj 3 Add s E https 11192 168 202 211fcg SS 14 3 ss A Go Links Gousle A C Seach 0 Eisoblocked Check A moral a Yr or A amp Y Search Web 2 Sy Gr FP welcome Tour g Choose Buttons gt gt Qerar eee E qe _ Level One a Add Tab gt La Viewnoint v J Web Search a Search Results m ES LE Bookmarks lr F Pop ups p y Ii mE B Photos Wireless AP B ge pu m Lea Es Oper ation Mode Gateway Bridge Mode i Username admin ciple Officer FET A A AAA SAA AA Host Hame default 192 168 202 211 one Role 78 System Configuration General Operating Mode WAN LAN Wireless Access Point General Security MAC Address Fittering Rogue AP Detection Advanced Wireless Bridge General Radio Encryption MAC Address Filterin
126. yption WPA includes the option of using a WPA pre shared key or for the enterprise that has a Radius Server installed configura tion to use the Radius Server for key management with either TKIP or AES CCMP Bridging encryption is established between WAB 3000 s and includes use of AES CCMP encryption SSID The Service Set ID SSID is a string used to define a common roam ing domain among multiple wireless access points Different SSIDs on access points can enable overlapping wireless networks The SSID can act as a basic password without which the client cannot connect to the network However this is easily overridden by allowing the wireless AP to broadcast the SSID which means any client can associate with the AP SSID broadcasting can be disabled in the WAB 3000 setup menus WEP WEP is an older encryption standard but is preferable to no encryp tion If the WAB 3000 is configured with WEP encryption it is compatible with any 802 11b PC Card configured for WEP 6 29000171 001 A WAB 3000 Wireless Access Point Chapter 1 Introduction WPA WPA2 with TKIP AES CCMP WPA an interim standard developed by the WiFi Alliance combines several technologies It includes the use of the 802 1x standard and the Extensible Authentication Protocol EAP In addition it uses for encryp tion the Temporal Key Integrity Protocol TKIP and WEP 128 bit encryp tion keys Finally a message integrity check MIC is used to prevent an attacker
127. z Turbo Mode 58 5 29 GHz Turbo Mode 152 5 76 GHz Turbo Mode 160 5 80 GHz Turbo Mode 29000171 002 A 31 WAB 3000 Wireless Access Point Chapter 3 Access Point Configuration Tx Pwr Mode and Fixed Pwr Level The Tx Power Mode defaults to Auto giving the largest range of radio transmission available under nor mal conditions As an option the AP s broadcast range can be limited by setting the Tx Power Mode to Fixed and choosing from 1 5 for Fixed Pwr Level 1 being the shortest distance Finally if you want to prevent any radio frequency transmission set Tx Pwr Mode to Off There are a number of advanced options included on this page as described in the following chart ADVANCED OPTIONS Beacon interval 20 1000 The time interval in milliseconds in which the 802 11 beacon is transmitted by the AP RTS Threshold 1 2346 The number of bytes used for the RTS CTS handshake boundary When a packet size is greater than the RTS threshold the RTS CTS handshaking is performed 1 255 The number of beacon intervals that broadcast and multicast traffic is buffered for a client in power save mode Basic Rates Basic Rates for 802 11b land 2 Mbps The basic rates used and reported by the 1 2 5 5 and 11 AP The highest rate specified is the rate that Mbps the AP uses when transmitting broadcast multicast and management frames Basis Rates for 802 11g 12 920 110 12 24 Mbps EZ 0011 Mbps Basic Rates for 802 11g Super
Download Pdf Manuals
Related Search