Extricom WLAN System Installation and User Guide
Contents
1. 12 Introduction to the Extricom Series Wireless LAN System Figure 8 AT EXRP 32EOn AP The AT EXRP 32EOn connects to the Extricom Series WLAN Switch via standard Cat5Se 6 cables in exactly the same manner as integrated antenna AP models The APs are powered by the standard 802 3af Power over Ethernet PoE but can be powered by an external power supply if desired An antenna with an N type plug male connector can be connected to the AT EXRP 32EOn A Typical Extricom Series Wireless Network Topology An Extricom Series WLAN switch is connected to the wired LAN and the APs distributed throughout the enterprise Figure 9 shows a typical Extricom Series enterprise topology consisting of an Extricom Series switch and eight APs E Server s i i aad 3 scsenssssmess temdbcscasssscmmestembssssnisssmssscunssssonessesl Edge UU Switch 4 Extricom Channel A Channel B Channel C Channel D Figure 9 Typical Extricom Series Topology Extricom Series WLAN System Installation and User Guide 13 14 The Extricom Series uses standard WLAN protocols IEEE 802 11 As a result any 802 1 1a b g n standard wireless device can work seamlessly with the Extricom Series system e Mixing different types of Extricom Series APs on the same switch is only permitted with the following AT EXRP 22n AT EXRP 32n AT EXRP 22En and AT EXRP 32EOn IMPORTANT NOTE While these AP co2. ESSID Octopus_1 Settings ma Allow Default ESSID 7 802 11d Support Cancel Display ESSID in Beacon v AeroScout Support Allow Store amp Forward F Enable ARP Caching 7 Allow Inter ESS Forward Bandvidth Saving ARP Caching Enable Multicast Beacon Rate Control Normal Multicast Rate Control Default v In Band Management Broadcast Rate Control Default j Captive Portal MAC Authentication VLAN 1 4094 none MAC ACL Disassociation Timeout 0 3600 3600 MAC ACL Mode Whitelist DTIM 3 Ez Enable Svitch Load Balancing EAPOL Start Only Encryption WPA2 Only Method None ie AES Only TKIP Only MAC Authentication RADIUS Servers 1 MAC Authentication Server None 2 MAC Authentication Server None 3 MAC Authentication Server None 4 MAC Authentication Server None Authentication Protocol PAP RADIUS Accounting Server Accounting Server None E Ticketing Settings ESSID Secret Figure 27 WLAN ESSID Definition Page ESSID Settings Tab Field Description ESSID Select ESSID Select an ESSID from the list Once selected highlighted you may add or rename it by clicking on either the Rename or the Delete amp Save button on the right New ESSID Type in the new ESSID name string and click on the Add amp Save button on the right ESSID lt ESSID name gt Settings Allow Default ESSID If this option is enabled a wireless device will be allowed to connect to the Extricom Series WLAN without requesting a specific ESSI
3. extricom com https ops extricom com 4543 update_port_naming php Saved Successfully Port Naming Port Port Name Port Port Name Save 1 VP Office 9 Close 2 Break Rooom 10 3 11 4 12 13 14 15 16 m m Figure 36 Port Naming Window Type in the names for the ports click Save then Close To see which ports of the AP are up or down click on the AP Status tab To display the most up to date information click on the Refresh button on the right side of the screen ico LV 2000 E Power Conce Overview Quick Setup PoE amp Radio Controls AP Status Advanced LAN Settings E WLAN Settings Access Points Status Page Refresh ESSID Definition Radios Access Point 5 Assignments Status Working AP Type EXRP 22n 22En Cable Delay 1152 nsec MAC Address 30 14 4A 37 DD B9 Access Points Radio i Radio 2 System Tools LED Advance d e Management Radio Status Working Working LV Settings Mode 802 11in a 802 11n g Events amp Reports Channel 36 6 Width 40Mhz 40Mhz Support amp Feedback Secondary Channel Upper Extension Upper Extension Spacing 20Mhz 20Mhz Figure 37 Access Points Status Page APs of Cascaded Switches When two switches have been cascaded together as primary and secondary refer to the Switch Cascade section for details about Switch Cascade configuration the Access Point window is somewhat different A tree of the two switches appears on the l
4. e System tools configure general system parameters such as passwords time amp date firmware upgrade e Advanced configure advanced features such as redundancy TrueReuse 802 11d IDS and SNMP e Management configure the switch to be managed by the CloudBlanket NMS e LV Settings only available on the AT EXLV 2000 Configure additional features related to Large Venues e Events amp Reports view system events and performance reports e Support amp Feedback The work area displays the configuration settings corresponding to the category selected in the navigation tree Use this area to configure Extricom system parameters where applicable Web configuration pages may include a Save button when this is selected the configuration changes are applied to the offline configuration file If you wish to apply these parameters click Apply in the System Tools configuration section this starts the reconfiguration process q If you do not select Apply in the System Tools configuration section after clicking Save the configuration change will not take effect Extricom Series WLAN System Installation and User Guide 35 If you change the IP address of the switch and the new IP address is accessible from your computer you will not lose the connection session If however the new IP address is on a different subnet which is inaccessible from your computer the connection session will be lost In this case you wi
5. 76 Configuring the Extricom Series WLAN System Client disassociation Client ignore MTU EAPOL key error Edge connected Edge disconnected Edge mode switchover Firmware Upgrade done Firmware Upgrade failed Firmware Upgrade progress Firmware Upgrade startup Intrusion detection association flood attack Intrusion detection disassociation flood attack Intrusion detection authentication failure attack Intrusion detection authentication flood attack Intrusion detection de authentication broadcast Intrusion detection de authentication flood attack Intrusion detection EAPOL logoff attack Intrusion detection EAPOL start attack Intrusion detection RF jamming attack Last RADIUS failed License failed PoE reset RF localization failed Radio is functioning normally in all APs Radio is not functioning in APs Radio malfunction Radio reset RADIUS changed selection RADIUS timeout Reconfigure ended Reconfigure started Redundancy Keep alive Connection Down Extricom Series WLAN System Installation and User Guide 77 Redundancy Keep alive Connection Up Redundancy Peer Connection Down Redundancy Peer Connection Up Redundancy Status Down Redundancy Status Up Rogue AP Found Rogue AP Lost Rogue AP Update Set Client IP Start sh Ended Start sh Started Starting Boot SNMP Extricom Series switches generate a wide variety of traps to describe events occurring on the WLAN In general these traps can be c
6. Client Ignore MTU EAPOL Key Error Edge Connected Edge Disconnected Edge Mode Switchover Firmware Upgrade Done Firmwere Upgrade Failed Firmvare Unorade Pronress amp Note Events marked as disabled will not be shown on System Events Clients Events amp Events Bar To apply changes go to System Tools Apply Description The following APs have been connected P5 S13 Reconfigure ended Cdan claw har haan rannartad Save m Figure 61 Events Filter Configuration Tab Refer to Northbound SNMP Traps for event descriptions Reports The Reports window shown below provides a wide range of per radio channel based and per switch based statistics Za Extricom SS Overview Quick Setup LAN Settings E WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Extricom System Events Clients Events Events Filter Reports Diagnostics Radio 1 Radio 2 Downlink Throughput Mbps 21 33 2 69 Total TrueReuse Factor Disabled Disabled Avg Clients ESSID Octopus_1 1 0 Total Octopus_2 o 1 Total 1 1 MACAddress IP Address sername RXAP QTXAP QRadio ESSID 00 1E 4C 75 8F 76 192 168 1 17 5 27db 29 28db 1 Octopus_1 88 53 95 89 54 4A 192 168 1 15 5 32db 5 32db 2 Octopus_2 MAC Address Search Disconnect Selected Clie
7. Fixed The mobile device is served by fixed access point Table 26 Rate Stickiness configuration Switch Load Balancing Large venue environments typically have multiple overlapping AT EXLV 2000 switches in order to provide increased throughput By utilizing Switch Load Balancing these switches share client information in order to optimally load balance as well as minimize client roaming Switch load balancing can be configured between switches that are defined in the same group The exchange of information between group switches uses the Inter Switch Link ISL standard protocol 100 Configuring the AT EXLV 2000 System Extricom Quick Setup LV Settings Honeypot Access Points Switch Load Balancing LAN Settings Switch Load Balancing Allow Load Balancing E WLAN Settings ESSID Definition Enable Whole Switch Radios Assignments Enable Per ESSID Access Points Switches Group System Tools Switch Threshold Advanced ESSID Threshold Management LV Settings Switch Stickiness Events amp Reports Support amp Feedback Switch Load Balancing Save Main Stage 10 10 Yo Stickiness Level 8 SE Reblance Now Read Log Figure 69 LV Switch Load Balancing Field Description Allow Load Balancing Enables the Switch Load Balancing feature on this switch Enable Whole Switch Configures that the load be balanced for the entire switch Enable Per ESSID Switches Group Switc
8. This guide provides detailed instructions for installing configuring and troubleshooting the AT EXMS 500 1000 AT EXLV 2000 and AT EXLS 3000 WLAN switches AT EXRP 22n 32n and 22En 32EOn UltraThin Access Points APs AT EXRE1000 range extender and AT EXMC1000 media converter Audience This guide is intended for enterprise IT managers and system installers who are familiar with installing and configuring networks Conventions ES A note emphasizes important information for users A caution warns of possible damage to the equipment if a procedure is not followed correctly l A warning alerts the user of important operating instructions Safety Precautions Follow the instructions in the guide to ensure proper installation and operation of the switch and APs The use of wireless devices is subject to the constraints imposed by local laws e Operate the switch and APs apart from AT EXRP 32EOn in an indoor environment e Disconnect the switch and APs from power sources before servicing The switch and AP enclosure must not be opened by anyone other than an authorized service representative e To comply with FCC RF exposure compliance requirements maintain a minimal separation distance of at least 20 cm 8 inches between the AP and all persons e The power cable included should not be used with any other electrical equipment other than Extricom Series switches The switch contains an internal battery
9. Voice 7 Video 15 Best Effort 63 Background 1023 Arbitration Inter Frame Spacing Number predetermined and fixed for each Access Category and may not be changed Transmit opportunity Interval in milliseconds during which a station can send as many frames as possible Available values are 0 1 504 3 008 3 264 and 6 016 Table 12 WMM Parameters Description The DiffServ to WMM tab maps packets which arrive on the wired interface of the switch into WMM Access Categories according to the Differentiated Service Code Point DSCP field in the IP header Layer 3 Extricom Series WLAN System Installation and User Guide 59 60 If the packets are tagged on the wire using 802 1p the 802 11 QoS priority code is determined from the maximum between the priority code derived from the WMM static mapping value 2 0 5 or 7 and the 802 1p priority code WMM Access Category Static 802 11 QoS Value Priority Background 2 Lowest Best Effort 0 Video 5 Voice 7 Highest Table 13 WMM Standard Prioritisation The WMM to DiffServ tab maps the WMM AC of packets which arrive from wireless clients into DSCP codes in the IP header Layer 3 If the packet is tagged that is the ESSID is assigned a VLAN then the 802 11 QoS priority code is also written into the 802 1p field three bits Configuring the Extricom Series WLAN System ESSID Assignment To assign specific radios to individual ESSIDs select Assignment
10. 38 Googie Pt r i ili alle lle x Se a a E EA SEEE anasa anny aa omen ore Pawo eoa oa fe rr Jus f fer Red Save z Enable Redund E Points Ena Mega jundancy Syst Took Mega Peer IP Advanced Reference IP LAN Connection Timeout Normal 10 secs Figure 65 Redundancy Configuration Tab Redundancy is only available if an appropriate license is installed To check whether redundancy has been installed refer to License on page 72 If it is not available contact your Allied Telesis distributor 95 96 Redundancy Fields for Primary Switch Table 23 lists all available options under the Redundancy configuration screen fields Field Description Enable Mega Select this field to enable redundancy Redundancy Mega Peer IP IP address of the AT EXLS 3000 device on the LAN Reference IP IP address of a reference device on the LAN This is used to test connectivity to the LAN The reference device must be operational and respond to pings LAN Connection Interval in seconds before a timeout state occurs The default is Timeout 10 seconds Table 23 Redundancy Configuration Tab Parameters for a Primary Cascade Switch Once the changes are made you must click Save then go to System Tools and apply changes as described in the Apply section in order for them to take effect When a switch failure or a link failure has been detected a failover occurs and the switch that remains fully opera
11. MAC addresses will be highlighted Disconnect Selected Used to reset a client connection in order to help a client establish Client s a working connection The client must then re authenticate to reconnect to the WLAN Table 21 Reports Window Fields The statistics window does not get updated ES automatically Click Refresh to update the statistics At the bottom of the screen in this tab folder the clients are listed along with the following information MAC Address IP Address Username RX and TX AP Channel ESSID and current State Diagnostics In this section you may collect various media usage traffic network health and other relevant statistics as well as initiate various real time tests The area for data requests and test initiating is located in the left section of the configuration screen The results are displayed in the right portion of the screen and may also be downloaded to your computer Refer to Table 22 below for the details on diagnostics parameters and types of tests available 90 Configuring the Extricom Series WLAN System Overview Quick Setup Extricom Wire Statistics LAN Settings EJ WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback LAN Statistics Get Statistics LAN Usage Start General Information GUI Snapshot Generate Debug Log Generate A
12. When enabled the GbE RJ45 SFP combo ports function as a redundant pair consisting of the primary SFP port and the secondary RJ45 port During normal operation only the primary port is active If a failure occurs on the primary port the secondary port becomes active and remains active even when the primary port recovers If failures occur on both ports the first port that recovers becomes the active port Force SFP 1000 When using an SFP to connect to the LAN you Full Duplex might need to force the link to 1000 Full duplex to work with certain LAN switches Table 6 LAN Configuration Parameters 3 Click Save to save the configuration IMPORTANT The changes made to the configuration will be lost if you do not click SS Apply in the System Tools configuration section after clicking Save on one or several configuration pages Please refer to the Reboot section Extricom Series WLAN System Installation and User Guide 39 Configuring WLAN Settings The WLAN Settings section is subdivided into three menu subsections e ESSID Definition refer to Configuring ESSID Definition e Radios refer to Configuring WLAN Radios e Assignments refer to ESSID Assignment Configuring ESSID Definition An ESSID Extended Service Set Identifier is a name of a network which is defined by a set of privileges settings and limitations such as security definitions access privileges VLAN assignments Each wireless device mu
13. connector image will turn either green or grey depending on whether it has been powered on or off respectively To immediately activate your selection click the Apply button on the right side of the configuration screen e An image of an AP connected to the RJ45 connector will appear if an AP is powered on and connected to the port e To power on all of the APs with PoE click the Power on all button on the right side of the screen e To power off all of the APs with PoE click the Power off all button on the right side of the screen The image of the switch on top of the page also color illustrates the PoE status of the APs a A Extacon Overview Quick Setup PoE amp Radio Controls AP Status Advanced LAN Settings E WLAN Settings Access Points PoE amp Radio Controls ESSID Definition Radios Assignments r Access Points amp a System Tools F Radio Legend 3 5 7 9 11 13 15 i eeceeeccsscecsceseccssee eeececccesecescoscess Apply Events amp Reports ia Radio 1 dback 0 Radio2 Power on all Support amp Feedbac ig j a names Power off all Radio 4 i 1 __ Wie oashcon tte a 2 4 6 8 10 12 14 16 Figure 35 Access Points PoE amp Radio Controls Page You may choose to assign names to the ports If you do click the Port Naming button on the right side of the screen The Port Naming window will pop up 62 Configuring the Extricom Series WLAN System
14. switch interconnect is computed according to the following tables all distances are in meters Using CAT 5e 6 100 1000Mbps cable Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Copper Interconnect Cable 150 with EXRE 50 Note Beyond 100 m copper based cables require a range extender EXRE Using fiber media cable Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Fiber Interconnect Cable 400 with EXMC 50 50 with EXRE 450 The total length of the copper based cable to from EXMC must be less than 2m Using mixed media types Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Copper cable Fiber mtercomnect aan 100 150 with EXRE a Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Fiber cable Copper Interconnect Cable 400 with EXMC The total length of the copper based cable to from EXMC must be less than 2m Note EXMC and EXRE are not to be used with uplink ports for example in the case of interconnect Connecting the AT EXLS 3000 Switch The AT EXLS 3000 Switch is designed to greatly increase the coverage area of the Extricom Series solution The Large Scale solution is a b g n Wi Fi compliant The Extricom Large Scale LS switch is typically connected to the wired LAN and to between 4 and 8 edge switch devices Each edge switch
15. 48 29 Low Main Alternate Cancel 192 168 1 101 255 255 255 0 192 168 1 1 192 168 1 6 WLAN_CONTROLLER LAN1 F LAN2 The following APs have been connected 5 1 Figure 26 LAN Settings Page 2 Configure the LAN parameters Refer to Table 6 for a description of the LAN parameters Field Description 38 LAN IP Address Network Mask Edge s Subnet Default Gateway DNS server VLAN LAN IP address used for the switch management You may add an alternate IP address if you wish to manage the switch from a different network In that case enter the value in the Alternate field Network mask for the LAN 1 IP address You may also add an alternate network mask in the alternate filed for the alternate IP address defined Subnet of a redundant pair Primary Secondary or Main Standby Only appears if the switch is defined as a part of a redundant pair 1 e in a cascade configuration IP address of the default gateway IP address of the DNS server Tag ID for the VLAN used for the switch management You may add two VLAN tag IDs one for the LAN 1 IP address in the Main field and an alternate one for the alternate IP address using the Alternate field Configuring the Extricom Series WLAN System Field Description Switch Name Alphanumeric descriptor of the switch Maximum length is 64 characters Port Redundancy Drop down menu with the following options e Disabled e Enabled
16. Access Points Edit Remove System Tools Add BSSID Add Advanced Management LV Settings Events amp Reports Support amp Feedback Figure 49 Rogue Configuration Tab Extricom Series WLAN System Installation and User Guide 75 Field Description Rogue AP Whitelist Add BSSID Add a BSSID MAC address of an AP that you permit to operate in your network Edit Edit the list of legal BSSIDs Remove Remove a BSSID from the white list Table 18 Rogue Configuration Tab Parameters System Logging By default the event logging is turned off You may turn it on using the System Logging configuration tab in the Advanced section To do this 1 Select the Enable System Logging checkbox 2 Enter the IP address of the server on which the Syslog protocol log will be stored 3 Click Save Extricom Quick Setup Resiliency Rogue System Logging SNMP Centralized Configuration IDS Te Multicast LES TR ENR LAN Settings o s E WLAN Settings System Logging Access Points Enable System Logging W System Tools Server Address 192 168 1 5 Advanced Management LV Settings Events amp Reports Support amp Feedback Figure 50 System Logging Configuration Tab The following lists events that are logged refer to Northbound SNMP Traps for definitions of the events below e AP connected e AP disconnected e AP malfunction e AP reset e Changed wireless status On Off e Client association
17. Accounting Server section choose the Accounting server from the drop down list The RADIUS Accounting Server option can be configured and enabled without a RADIUS Authentication server Configuring MAC ACL To configure a per ESSID MAC ACL select the MAC ACL tab in the ESSID Definition configuration screen Extricom Series WLAN System Installation and User Guide 49 Extricom A LAN Settings E WLAN Settings Access Points System Tools Management LV Settings Events amp Reports Support amp Feedback ESSID Settings MAC ACL AAC ACL Schedule MAC Access List Save amp Apply All MACs ESSID AppleTV vi Note In order for changes to take effect click on Save amp Apply Delete New MAC Address Add Time Severity Description Type 2 Apr 08 2014 11 04 13 Low Apr 08 2014 11 04 05 Low Ana AN NMA 4 44 0 7 l a Figure 28 MAC ACL Configuration Tab Select one of the configured ESSIDs from the ESSID drop down list Select a MAC address from the list in the All MACs field Use the right arrow to add this MAC address to the ESSID field use the left arrow to remove a MAC address from the ESSID field You may add a new MAC address to the All MACs list by inserting it manually in the New MAC Address field then clicking Add It is also possible to add a new MAC address to the All MACs table from the Event Menu When a new event message notification appears informing you of a new
18. Alive Timeout parameter defines the amount of time that the switch will wait before initiating the failover procedure Configuring a shorter timeout decreases the amount of time in detecting a failure but also increases the amount of false alarms When a switch or link failure is detected a failover occurs and the cascaded switch that remains fully operational goes into primary mode Table 17 below indicates which cascaded APs provide service in the event of a failover Secondary APs Primary and secondary switches failover to standalone mode Switch Interconnect V y aren One APs a Pon switches are functioning there is no seamless mobility between the switches Secondary switch takes control 1 Failure Type Primary APs Comments No switch failover Seamless mobility between switches Secondary LAN Link y V Secondary switch heartbeat checks 1f the primary switch is turned off Secondary switch failover to e e e 1 ws a Table 17 Switch Cascade Failover Behavior 74 Configuring the Extricom Series WLAN System Notes Traffic interruption time during a failover depends on the link and switch core monitoring parameters chosen see Table 17 above Full service X Not in service The cascaded switches contain the same configuration file so in the event of a primary or secondary failure the same configuration file is used by the operational switch A primary switch can function as a standalone ed
19. Apr 15 2014 11 59 33 Low Apr 15 2014 11 59 11 Medium Ame 15 DNIA 14657 AD I amne Severity Description The following APs have been connected S13 The following APs have been disconnected S13 Tha fallas sinn AND harn hann eannarbad C19 Type 13 14 Pause Figure 53 Captive Portal Configuration Tab To configure Captive Portal refer to the table below 82 Configuring the Extricom Series WLAN System Field Description Enable captive portal You must enable this option system wide if you want to configure Captive Portal on any ESSID VLAN Set the Captive Portal VLAN When ESSID is set to be Captive Portal restricted the ESSID VLAN is automatically set to this VLAN Secured Login Set the type of authentication either None Remote or Local None enables the Captive Portal without authentication of the client Remote authentication requires selection of a RADIUS server and an Authentication Protocol PAP or CHAP Force SSL HTTPS When this option is selected any client that attempts to connect using http will be redirected to SSL https communication If this feature is not activated the type of session will depend solely on the protocol http or https specified at the beginning of the URL string entered into the client s browser Multiple Clients Per Enables multiple simultaneous client connections with the same user User name and password via the portal Force Login on Re Configu
20. It determines to which AP to transmit each incoming packet while the edge switches forward the traffic they receive to the correct AP 18 Introduction to the Extricom Series Wireless LAN System Chapter 2 Installing the Extricom Series WLAN System This chapter provides instructions for unpacking and installing the Extricom Series WLAN system Unpacking the Extricom Series WLAN System The Extricom Series WLAN Series WLAN System is shipped depending on the customer order e Refer to Switches for switch shipping box contents e APs are shipped as part of the overall order APs are shipped in separate boxes and the number of APs depends on the customer order Refer to Access Points for Access Point shipping box contents e If extra range is required between the AP and switch an Extricom range extender 100 and 150 meters from the switch or media converter over 150 meters from the switch may be used between the AP and the switch Refer to AT EXRE 1000 Range Extender for range extender shipping box contents or AT EXMC 1000 Media Converter for media converter shipping box contents e The AT EXLS 3000 switch is also shipped with AT EXMS 1000 edge switches shipped as part of the overall order AT EXMS 1000 edge switches are shipped in separate boxes and the number of AT EXMS 1000 edge switches depends on the customer order Switches Extricom Series WLAN switches shipping boxes include the following e One switch e Two 19 inch rack
21. Select Configuration Elements To Upload General Configuration F LAN Settings F MAC Access List PF Rogue AP Whitelist F Custom Portal Page Time amp Date E Application Type F PoE amp Radio Controls Upload Cancel U Note Requires to be applied via System Tools Apply O Figure 41 Pop up Window Configuration Elements to Upload To restore the factory default parameters check the appropriate boxes in the Browse pop up window then click Restore Configuration Restore Mozilla Firefox gt 2 so W https 192 168 1 101 restore_pop php from restore y Please Select Configuration Elements To Restore General Configuration T LAN Settings IP MAC Access List E Rogue AP Whitelist al Custom Portal Page al Certificate amp Key E Time amp Date E Application Type E PoE amp Radio Controls Restore Cancel U Note Requires to be applied via System Tools Apply Figure 42 Pop up Window Configuration Elements to Restore Extricom Series WLAN System Installation and User Guide 67 Time amp Date Use this configuration tab to set the time and date on the switch The Extricom Series system supports two ways of setting the time and the date manually or using the NTP protocol es Poser Comole Overview Quick Setup Apply Reboot Maintenance Time amp Date Passwords Upgrade Certificate Application ticense LAN Settings i Save amp
22. System Chapter 4 Configuring the AT EXLS 3000 System Powering Edge Switches The Edge switches are independently powered and supply power to the Access Points via PoE The PoE output from the AT EXLS 3000 unit provides the power for the EXMC 1000 Media Converters which can be used to provide a fiber optical connection between the AT EXLS 3000 and the AT EXMS 1000 switches Click on Access Points in the navigation tree Under the PoE amp Radio Controls tab e Toggle an individual Edge PoE on or off by clicking on its RJ45 connector image The RJ45 connector image will turn either green or grey depending on whether it has been powered on or off respectively To immediately activate your selection click the Apply button on the right side of the configuration screen e An image of an AT EXMS 1000 switch connected to the RJ45 connector will appear if an Edge switch is powered on and connected to the port e To power on all of the Edge Switches with PoE click the Power on all button on the right side of the screen e To power off all of the APs with PoE click the Power off all button on the right side of the screen The image of the switch on top of the page also color illustrates the PoE status of the SES APs Extricom Series WLAN System Installation and User Guide 93 Extricom re Setup Conmmected dyes an Sottero El LAS Settiegs Access Potsts Pot Comirols Arros Patets Power on off al Access Pointa Pol for
23. as shown below in Figure 23 Extricom Series WLAN System Installation and User Guide 33 Connect to 197 168 1 146 Welcome to Extricom Switch User name s Password _ Remember my password Figure 23 Login Page 4 Enter the user name and password of the system integrator and click OK The Summary page appears If you did not receive a user name and password with your switch use the following factory default user name and password user name admin password Switch The user name and password are case sensitive If you use Internet Explorer 8 web browser to configure the switch you will receive a notice in a pop up window stating that there is a problem with the website s security certificate 1 Press the tab key on your keyboard until you see the link Continue to this website not recommended 2 Click on it Using the Extricom Series Web Configuration Pages The Extricom Series Web Configuration pages have four main areas e Switch image The Extricom Series Web configuration page displays an image of the configured switch at the top of the page the image shows dynamic status of the PoE of each AP port grey PoE off green PoE on e Navigation tree e Configuration display and editable work area for some screens e Event and alarm area 34 Configuring the Extricom Series WLAN System HEN Extrico PAOD Overview Quick Setup 2 a Extricom LV 2000
24. connectors may be used may be multi mode or single mode according the SFP module in use Cable for Connecting the AT EXLS 3000 to AT EXLS 1000s One CAT 5e 6 cable is required for connecting the AT EXLS 3000 to each AT XLLS 1000 switch 20 Installing the Extricom Series WLAN System Determining the Location of the Extricom Series Access Points Before installing the switch and the APs create a plan for the placement of the APs Before permanently mounting the APs it is recommended to test the network using a laptop client to identify potential coverage holes If such a problem exists relocate an AP or add more APs to eliminate the holes in the coverage To find the best location for the required coverage the Extricom Deployment Tool may be used The APs should be placed in a stable secure location such as mounted on a wall or ceiling The switch should be placed near the distribution point of the LAN line This is usually in the communications closet of your enterprise Extricom Series Switches The AT EXMS 1000 and AT EXLV 2000 switches have 21 connectors see Figure 14 The AT EXLS 3000 switch has 13 connectors see Figure 15 The AT EXMS 500 switch has 13 connectors see Figure 16 GbE Combo ports 2 Copper SFP RJ45 console 16GbE PoE copper ports Figure 14 AT EXMS 1000 AT EXLV 2000 Switches Figure 15 AT EXLS 3000 Switch Extricom Series WLAN System Installation and User Guide 21 Multi Series 500 Figur
25. connects up to 16 APs that are located throughout the enterprise The Extricom Large Scale Switch AT EXLS 3000 attaches to the network via the IEEE802 3ad link aggregation ports Network configuration details such as security profile SSIDs assigned channels to blankets VLAN assignments are maintained in the AT EXLS 3000 switch not by the edge switches To connect an AT EXLS 3000 switch to the edge switches and access points 1 Using a CAT 5e 6 100 1000Mbps cable connect the RJ45 LAN1 connector located on the front panel of the switch to the LAN switch 2 Using a CAT 5e 6 100 1000Mbps cable connect the RJ45 LAN1 connector located on the front panel of each edge switch to one of the AT EXLS3000 switch s RJ45 WLAN connectors 3 Using a CAT 5e 6 cable connect each AP refer to Figure 14 to one of the edge switch s RJ45 WLAN connectors Extricom Series WLAN System Installation and User Guide 29 30 If an AP must be located over 100 meters from the switch an Extricom Range Extender must be used which allows up to an additional 50m for a total switch to AP distance of up to 150m AP distances of up to 400m can be supported on GbE connections by using Extricom EXMC 1000 media converters 4 Connect the power cable to the power connector located on the rear panel of the AT EXLS 3000 switch and plug the other end of the power cable into a power source 5 Connect the power cables to the power connectors located on th
26. e Wire line quality VYoWLAN The Extricom Series Interference Free architecture is perfectly suited for VoWLAN providing zero latency mobility voice and data separation reduced power consumption and high RF resiliency all together resulting in superior voice performance Extricom Series WLAN System Installation and User Guide 5 Frame aggregation With MAC layer aggregation a station with a number of frames to send can combine them into an aggregate frame MAC MPDU The resulting frame contains fewer headers in the overhead than would be the case without aggregating and because fewer larger frames are sent the contention time on the wireless medium is reduced Block acknowledgment Block acknowledgment works in conjunction with frame aggregation allowing the transmitter to request a block acknowledgment for a multiple frame thus improving overall performance Operating modes Extricom Series products support Legacy Mixed and HT Only modes HT stands for high throughput HT Only is a mode in which a specific Channel Blanket can be configured so that only 802 11n clients working in mixed mode can associate with it This enables support of co existence of n and b g clients from the same set of APs but separated on different channels so there is no mixed mode throughput degradation Channel bonding All earlier versions of 802 11 have used 20 MHz wide channels defined in the 2 4 GHz and 5 GHz bands 802 11n Draft 2 0 s
27. following Captive Portal settings Extricom B oe Extricom Overview g Quick Setup ntralize Portal Multicast LBS Expert Oth LAN Settings Captive Portal 4 WLAN Settings P disci While Enable Captive Portal v Save System Tools VLAN 1 4094 Advanced Secured Login None Management Force SSL HTTPS LV Settings Multiple Clients Per User Events amp Reports Force Login On Reassociation Support amp Feedback Pre Authentication Allowed Destinations IP Address Subnet Mask Port Numbers Protocol Save New All x Add Additional Networks Subnet Netmask isas New Add Customized Default Page Use Customized Page V Upload amp Apply 1 Window Title Bdricom s Network Access Page Preview 2 Picture 1 No file selected Width 136 Hight 91 pixels 3 Text 1 Welcome to Extricom s Network Access Page 4 Username Username t 3 46 8 n 10 1 5 Password Password 2 9 6 Login Button i _ h 7 Text 2 To get access to the network please click the OK button lt br 8 la EAS gt By clicking the OK button you agree to the terms and conditions stated elsewhere and available upon request lt br gt If you do not wish to get access to the network please 8 Picture 2 No file selected Width 778 Hight 210 pixels 9 Background Color EDEDED lt F 10 Frame Color FFFFFF lt F au 11 Frame Border Color 381481 o F Upload Your Own Customized Page Use Uploaded Page E Apply Time
28. for an air rate of up to 300 Mbps The APs do not require configuration enabling plug and play installation If stolen the APs do not pose a security risk since all encryption is performed in the switch With all intelligence residing in the WLAN switch APs may be placed as close together as necessary to provide high quality high speed connectivity from all locations within the enterprise Extricom Series APs are connected to the Extricom Series WLAN Switch via standard Cat5e 6 cables The APs are powered by the standard 802 3af Power over Ethernet PoE and only a single Cat5e 6 cable connection is required to support all radios in an Extricom Series AP An EXRE 1000 range extender can be used between the AP and the switch for extended reach Figure 6 AT EXRP 22n 32n AP Access Points with Connectors for External Antennas Some applications may require an access point capable of connecting to external antenna s The AT EXRP 22En accommodates this requirement The AT EXRP 22En contains two dual stream 802 1 1a b g n radios and four external antenna connectors An external antenna may be desired to make the AP less visible by mounting it in the plenum The situations may arise in which to ensure connectivity and service levels within a complex coverage environment directional antennas may be needed rather than the omni directional antennas that are standard inside Extricom Series integrated antenna APs In such cases the antennas
29. from the switch Verify that the AP is not turned off in the Access Points web configuration page refer to page 102 Verify that the wireless device supports the same 802 11 standard as configured for the ESSID 802 1 1 a b g Verify that the wireless device is set to connect to the specific ESSID Verify that the wireless device supports the security standard used by the ESSID e g WEP Verify that the security settings are configured to use the same authentication method If the RADIUS Server is used verify that the wireless device is registered and has the necessary authorization Verify that the switch is connected to the LAN Verify that the correct IP address is used Verify that the switch was not mistakenly configured to use low data rates Verify that there is no additional cause of interference e g an additional WLAN network in the same proximity using the same frequencies as the Extricom Series WLAN that there are no cordless phones using the same frequencies or microwave oven interference Verify that there is no additional cause of interference e g an additional WLAN network in the same proximity using the same frequencies as the Extricom Series WLAN that there are no cordless phones using the same frequencies or microwave oven interference Add an additional AP to cover the area Plug another AP into the switch or relocate an existing AP Troubleshooting Problem Solution Cannot access th
30. interleaved depending on the degree of service robustness required in the event of a failure In an AP interleaved deployment APs are deployed as in Figure 12 with one or more APs from the primary switch placed in the coverage area of the secondary switch and vice versa Such cross connect provides necessary redundancy and prevents failure in wireless coverage when one of the switches primary or secondary or the interconnect fails See the Resiliency section for further information Extricom Series WLAN System Installation and User Guide 17 AT EXLS 3000 The AT EXLS 3000 topology consists of two tiers with up to 128 APs connected via 8 edge AT EXMS 1000 switches to a single AT EXLS 3000 switch All 128 APs are interconnected to the AT EXLS 3000 to create one very large logical switch A diagram of the AT EXLS 3000 topology is Shown below Corporate LAN AT EXLS 3000 S a APs 7R IN J J A Figure 13 AT EXLS 3000 Topology memso i a The interconnect hardware is connected to the LAN2 port of each edge switch See Connecting the AT EXLS 3000 Switch for more details about the interconnect hardware and maximum distance between AT EXLS 3000 and edge switches In the AT EXLS 3000 topology the edge switches route all of the traffic from their APs to theAT EXLS 3000 switch over the interconnect cables The AT EXLS 3000 switch performs the full set of Extricom switch functions on the edge switches traffic
31. is changing to standalone mode This trap is sent from the secondary switch and details the reason for the switchover Switch reconfigure has started A secondary switch of a switch cascade has connected and synchronized with the primary switch This trap is sent from the primary switch A secondary switch of a cascade has been disconnected from the primary switch This trap is sent from the primary switch This trap is sent if the link between the primary switch and the secondary switch is down or if the secondary switch is non responsive The client now has an IP address set The trap details the client MAC address AID and the IP address it is set to use The IP address was either received via DHCP or statically set and is being used by the client Start sh is being run on the switch Start sh has finished running on the switch The switch is being rebooted The wireless has been enabled or disabled on the switch The trap indicates if the wireless has been turned ON or OFF and includes the reason for the change If the wireless was turned OFF all radio LEDs on the APs will be constant RED The wireless on a switch can be turned OFF or ON manually or automatically in case of a switch cascade redundancy event A problem at the radio required a warm reset The trap details which radio in which AP required the warm reset A radio required multiple warm resets and was still not working properly so the whole AP wa
32. may also be located at some distance from the AP in order to cover a specific area Extricom Series WLAN System Installation and User Guide 11 a a 4 4 awm so T a E Ext ie Jn NN Figure 7 AT EXRP 22En AP The AT EXRP 22En AP is connected to the Extricom Series WLAN Switch via standard Cat5e 6 cables in exactly the same manner as integrated antenna AP models The APs are powered by the standard 802 3af Power over Ethernet PoE but can be powered by an external power supply if desired An antenna with an RP SMA plug male connector can be connected to the AT EXRP 22En For purposes of product homologation testing a Rubber Duck type antenna was used specifically the Netgate 2 4 2 5 5 1 5 9 GHz Dual Band Rubber Duck RP SMA part number ANT 2458 5RD RSP More specifications on this antenna can be found at http www netgate com product_info php products_1d 386 Outdoor Access Points with Connectors for External Antennas Outdoor applications may require rugged waterproof access points The AT EXRP 32EOn accommodates this requirement The AT EXRP 32EOn features a waterproof IP67 rated rugged die cast aluminum enclosure with N type connectors for external antennas ensuring it performs flawlessly in outdoor weather and in harsh indoor conditions The AT EXRP 32Eon contains three 802 1 1a b g n radios The AT EXRP 32EOn has six external antenna connectors
33. power the large venue deployment can be fine tuned Extricom Series WLAN System Installation and User Guide 99 Select the Tx power of all the radios at all the access points from the drop down menu e Highest Highest available power of the radio 15 dbm e High Lower 3 db power mode of the radio 12 dbm e Normal Lower 3 db power mode of the radio 9 dbm Tx Power should be configured according to the WLAN design consideration e Comply with local EIRP regulation taking into consideration the configured directional antenna e Calculate the link budget to allow for the maximum rate for the mobile devices around the site e Reduce the power level in order to reduce the overall noise and interference levels at the site Select the AP and Rate Stickiness from the drop down menu VALUE Description Normal The mobile device is served by the optimized access point This configuration applies to cases in which the mobile devices are moving most of the time such as convention centers casinos and concourses at arenas or stadiums High The mobile device is served by the optimized access point however the decision to be served by another access point is evaluated more carefully by the switch and frequent roaming between access points is eliminated This configuration applies to cases in which the mobile devices are at the same location along with the event but can move such as the bowl at the arena or open air stadiums
34. side media converter is powered via external power supply and provides PoE to the AP Effectively a 400 meter fiber run to an AP will require only a single power supply Installing the Extricom Series WLAN System Chapter 3 Configuring the Extricom Series WLAN System Accessing the Extricom Series Switch GUI After connecting the switch and APs configure the Extricom Series WLAN system through the Extricom Series web configuration GUI using a terminal or PC connected to the same LAN as the switch To access the Extricom Series web based configuration tool 1 In your web browser enter the following https lt IP address of the switch gt where lt IP address of the switch gt is the IP address of the switch provided with your purchase Note that https must be used not http in order to initiate a secure browsing session SSL with the switch Prior to opening the configuration tool make sure your console PC is configured EES with an IP address in the same subnet as the switch If you did not receive a switch IP address with the switch the factory default value for the switch IP address is 192 168 1 254 If you are using the default IP settings do not place a router between the user PC and Pa tne switch 2 On the first login you will receive a notice in your browser that there is a problem with the website s security certificate Click on Continue to this website not recommended 3 The Login page appears
35. some specific channels and or operational frequency bands is country dependent and the firmware is programmed at the factory to match the intended destination This firmware setting is not accessible by the end user Extricom Series WLAN System Installation and User Guide Federal Communication Commission and Industry Canada Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC and IC rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not exp
36. the Point for Drilling locations on the wall 3 Screw the two stainless steel pan head 8x1 1 4 self tapping Phillips screws into the wall leaving enough of the screws protruding to enable you to hook the AP over the screws 4 Align the holes on the back of the AP with the screws and slip the AP into place Connecting the Switch and the Access Points The Extricom Series switch is connected to the wired LAN and to the APs that are located throughout the enterprise To connect a switch and access points 1 Using a CAT 5e 6 100 1000Mbps cable connect the RJ45 LAN1 connector located on the front panel of the switch refer to Figure 14 to the LAN switch 2 Using a CAT 5e 6 cable connect each AP to one of the switch s RJ45 WLAN connectors If an AP must be located over 100 meters from the switch an Extricom Range Extender must be used which allows up to an additional 50m for a total switch to AP distance of up to 150m Switch to AP distances of up to 400 meters can be supported on GbE connections by using Extricom EXMC 1000 media converters 3 Connect the power cable to the power connector located on the rear panel of the switch and plug the other end of the power cable into a power source 4 Verify that the Power LED on the switch is green Extricom Series WLAN System Installation and User Guide 27 28 SS Additional APs can be connected or disconnected while the switch is active If using fiber media conve
37. trap will occur after trap 54 if the ESSID has multiple RADIUS servers configured The trap details which RADIUS server it is changing from and to which server it is changing This trap will occur after traps 54 and 55 If the switch was unable to contact all RADIUS servers it will try again from the beginning of the RADIUS server list The switch localization lock is missing or corrupt Contact an Allied Telesis representative Switch firmware upgrade has started Switch firmware upgrade has ended This trap is sent with a progress update during the switch firmware upgrade Switch firmware upgrade has failed Switch reconfigure has ended One or more of the radios in a Channel Blanket is not functioning The trap details which radio in which AP is not functioning All radios in a Channel Blanket are now functioning normally Will be sent after all of the errors causing trap number 65 have been fixed The client has been sending packets that are larger than the Switch MTU even though the Switch has sent several adjust MTU packets to the client Northbound SNMP Traps Trap Name Description 68 69 70 71 72 73 74 19 76 7 78 Edge Mode Switchover Reconfigure started Edge Connected Edge Disconnected Set Client IP Start sh Started Start sh ended Starting Boot Changed Wireless Status On Off Radio reset AP reset The secondary switch in a switch cascade
38. 1 1n b g or Rogue Channel Displays the channel for each radio ESSIDs VLAN Displays the ESSIDs and their related VLANs defined and assigned to each radio TrueReuse Shows whether TrueReuse is enabled or disabled for each radio Other ESSIDs Displays other ESSIDs that are defined but are not assigned to any specific radio Access Points amp PoE Configuration Connected List of the active APs Access Points Powered Ports List of WLAN ports which have PoE enabled Switch Information MAC address Displays the base MAC address of the switch Serial Number Displays a unique serial number of the switch Domain RF localization indication OctopusFS Extricom Series firmware application version and build date AppsFS Third party software application version and build date Kernel Extricom Series specific Linux kernel build date Table 5 Summary of the Overview Page Extricom Series WLAN System Installation and User Guide 37 Configuring LAN Parameters To configure LAN parameters 1 Click LAN Settings in the navigation tree The LAN Settings page appears see Figure 26 Overview Quick Setup LAN Settings WLAN Settings Access Points System Tools Advanced Managemen t LV Settings Events amp Reports LAN Settings LAN IP Address Network Mask Default Gateway VLAN 1 4094 Switch Name Support amp Feedback Port Redundancy Time Force SFP 1000 Full Duplex Severity Description Apr 07 2014 13
39. 802 11d Support checkbox if you wish to enable this option You can enable it per ESSID or for all ESSIDs Extricom Series WLAN System Installation and User Guide 85 e Select the MAC Authentication checkbox if you wish to enable this option e Select the Beacon Rate Control checkbox if you wish to enable this option e Select the In Band Management checkbox if you wish to enable this option this is a general enabling of the option and requires per ESSID configuration e Select the Band Steering checkbox if you wish to enable this option To activate these options per ESSID after selecting the above checkboxes refer to the Configuring WLAN Settings section of this guide ea Overview Quick Setup Resiliency Rogue System Logging sume centralized Configuration IDS l Portal Multicast J iss Expert Others LAN Settings Se WLAN Settings E Enable ESSID Definition Radios 802 11d Support All ESSIDs Per ESSID Assignments MAC Authentication Access Points Beacon Rate Control System Tools In Band Management an a Band Steering Management LV Settings Events amp Reports Support amp Feedback Figure 58 Others Configuration Tab 86 Configuring the Extricom Series WLAN System Band Steering A technique called Band Steering is used to divert 802 11 clients to the 5 GHz band Band steering works by recognizing that a client is SGhz capable and then responding to its association requests onl
40. Advanced Q Note The default ports are 1812 for RADIUS Authentication and 1813 for RADIUS Accounting Management LV Settings Events amp Reports Support amp Feedback Figure 30 RADIUS Configuration Tab 1 You may remove a RADIUS server from the list by clicking Remove next to the server definition line 2 To modify an existing server or to configure the new one specify the following parameters as outlined in the Table 10 below Field Description Name An ASCII string for the name of the RADIUS server Server Address The IP address of the RADIUS server Password The RADIUS server password Auth Port RADIUS authentication port number The default value is 1812 Acc Port RADIUS accounting port number The default value is 1813 52 Configuring the Extricom Series WLAN System Field Description Timeout The time in seconds during which the Extricom Series switch will wait for the RADIUS server response before it stops transmitting and switches to the next failover RADIUS server if configured Allow Auth Click to allow the RADIUS attributes to determine the length of time a user can be connected to the wireless network Multiple RADIUS servers can be used to authenticate on a single ESSID if using RADIUS authorization check the box on all of the servers The order of priority is configured in the ESSID page Only the first server is used unless it is non responsive in which case the switch would use the
41. AeroScout or Ekahau Location Engine AeroScout and Ekahau positioning algorithms use Received Signal Strength Indicator RSSI to determine object location e Captive Portal The Captive Portal technique compels any HTTP client to view a special web page usually for authentication purposes before accessing the rest of the network Captive Portal turns a web browser into a secure authentication device This is done by intercepting an internet access request and redirecting it to an Extricom local logging web page which may require authentication or simply display an acceptable use policy and require the user to agree e MAC authentication MAC authentication enables the Extricom Series switch to authenticate WLAN devices via RADIUS server even if they have no native support for 802 1x This mechanism is normally used in dumb device WLAN topology such as barcode readers in which WLAN client authentication must be managed via a central RADIUS server e WMM Wi Fi Alliance WMM is an 802 11 quality of service QoS implementation based on a subset of the draft 802 1 le standard supplement The WMM specification provides basic prioritization of data packets based on four categories voice video best effort and background Prioritization is based on the original Carrier Sense Multiple Access Collision Avoidance Protocol in the 802 11 standard In 802 11 the Distributed Coordination Function DCF mechanism uses a simple listen before tal
42. Apply 4h W h of 33 AM UT E WLAN Settings Current Time 24h ednesday 9th of April 2014 09 33 56 UTC ESSID Definition Timezone UTC Coordinated Universal Time we Radios Assignments Access Points Internet Time System Tools Advance d Main Backup Management NTP Servers Update Now LV Settings Update Every 1 168 168 hours Events amp Reports Support amp Feedback Manually hr min sec day month year 09 33 5 24H w 09 Apri iw 2014 Time Severity Description Type Apr 09 2014 09 20 49 Low The following APs have been connected S13 13 Apr 09 2014 09 20 26 Medium The following APs have been disconnected S13 14 E sae ime AM 17 17 Anr NA MNA 1N0 15 Nn9 Tha fallanin i hara haan rannartad Figure 43 Time amp Date Configuration Tab To manually set the time and date on your Extricom Series Switch 1 Select the Manually radio button 2 Enter the time and the date in the corresponding fields 3 Click Save and Apply To set the time and date on your Extricom Series Switch using NTP protocol 1 Select the Internet Time radio button 2 Select the Timezone from the drop down menu 3 Specify Custom Main and Backup servers by entering their IP addresses in the Custom Server IP fields 4 Specify the NTP update interval in hours in the Update Every 1 168 field 5 Click Save amp Apply to immediately start the NTP process 6 Click Update Now to synchronize the system clock with the NTP serve
43. D 1 e default or any ESSID If this option is disabled then a wireless device needs to connect to a specific ESSID in the Extricom Series WLAN Extricom Series WLAN System Installation and User Guide 41 Field Display ESSID in Beacon Allow Store amp Forward Allow Inter ESS Forward Multicast Rate Control MAC Authentication 42 Description This option provides an additional though limited level of security The AP sends out a beacon with information about the network If this option is enabled the ESSID appears in the beacon If disabled the ESSID does not appear in the beacon If this option is enabled two wireless devices connected to the Extricom Series WLAN with the same ESSID can communicate and transfer data to each other Traffic between wireless devices will not be forwarded to the LAN switch If this option is disabled all traffic goes through the LAN switch This could be used by IT managers to apply security settings or various policies on the LAN network Disabling Allow Store amp Forward disables SES the Allow Inter ESS Forward option If this option is enabled two wireless devices connected to the Extricom Series WLAN with different ESSIDs will be able to communicate with each other without going through a router Traffic between wireless devices will not be forwarded to the LAN switch This option must be enabled on both ESSIDs In order for wireless devices associ
44. Extricom tae Extricom 2 Overview E a E Quick Setup Resiliency Rogue System Logging SNMP Centralized Configuration IDS Portal Multicast LBS LAN Settings E WLAN Settings Location Based Service ESSID Definition eee C Enable Server IP Port AeroScout Support E Enable AeroScout Tag Support Assignments Access Points Access Points MAC Address System Tools Primary WLAN Switch Advanced ae nes Port Name Access Points MAC Port Name Access Point s MAC Management 1 5 LV Settings 2 10 Events amp Reports 3 11 Support amp Feedback a 12 5 30 14 4A 37 DD B9 13 6 14 7 15 8 16 Figure 56 LBS Configuration Tab Expert Under the Expert tab Expert User mode provides advanced configuration options which are not visible via the basic settings To activate Expert User mode select the Enable Expert Mode checkbox and click Apply a P Extricom Extricom LV 2000 EJ Extricom Overview Quick Setup Resilienc Rogue System Logging SNMP Centralized Configuration IDS Portal Multicast LBS Expert Others LAN Settings Expert User Settings Apply Enable Expert Mode W E WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Figure 57 Expert Configuration Tab Others Under the Others tab a number of advanced configuration options such as 802 11d are provided e Select the
45. Extricom Series WLAN System Installation and User Guide e CAUTION Always replace the battery with the same type to avoid the risk of explosion e Dispose of a used battery according to the instructions provided with the new battery About This Guide Chapter 1 Introduction to the Extricom Series Wireless LAN System A Wireless Local Area Network WLAN based on the IEEE 802 11 standard enables laptops PDAs phones and other Wi Fi equipped devices to wirelessly connect to the enterprise network However large scale deployments of traditional cell based WLANs in which each access point AP operates on a different channel than that of adjacent APs have been hindered by issues such as poor coverage low capacity high latency mobility and expensive interference analysis or site survey and maintenance costs The Extricom Series WLAN on the other hand takes a different solution approach by avoiding the coverage and capacity trade offs of traditional cell based WLAN architecture In addition the need for cell planning and interference analysis a highly expensive aspect of owning a WLAN is also eliminated Finally the Extricom Series WLAN approach eliminates most WLAN maintenance tasks The Extricom Series WLAN System is specifically designed to provide increased network capacity seamless mobility high level of security and easy installation and configuration Overview of the Extricom Series WLAN System The Extricom Series
46. GIOS caccuisans caxoceciane en EE ESE 54 ESSID FAG Se NG ess set se E E 61 PS EP E E cc eine ar ese eaten cues E E A ae eed cosets 62 System Tools Comm G Ul AMON is5 22 c2ssnsssssscasnianaantansenieatnodorarssueveansiaatantasdetearssotecasesseueaiaiaes 65 RD Osea eed a ote a sci casva E cenete ce anaes E E 65 PROVO OE oseere EE E E E EE 65 WATE E A cetera E st E E E E T T 66 Thea Die e A EE E E E EE EAE EE E 68 PPS SONG Sioa cnsasiecoeen E A A ET 69 UDT aos ceca se nay an ea nattnne E E suede cteasctacttesnaiesendseess 70 TI cee tana E anaes tanectaucumneeeicanesstecueeuenesanageauacmuceh tam cesbosueceahasenaceeuccnuee 71 APPO O E EE 71 ETE E o e OE EE AEA A EI EEE AE AE AE EE S A A T2 Adyanced Configuration cccssisssei ena disnsbacceamedacdesnedessibendassdshobacdanmedecdotysdecaboealadatanebaccaabets 73 CAS Cade CSIC OY en EE E E EEEE 73 BR cerca eect ts ste caie e e net ee everett pesca ste eraah cents amerm adeneetedescantoueenneesee amen ees 75 Syster I ea cok ees a ha at aac ecco aeons an Sane dance We Urcset tenet E 76 Ee paces E pe etc E E EE screed sete ct ce ete recs stop dee E E ae A TE 78 ID este tee vest seca cee nee ceice snes tesco ad ccc ace ceceece E E E A tesnesadscuue ieee nceee 80 Porral CG api Ve POU eenei arne rare rrai 82 IT TC AS e E E cacy naceeonawese 84 LD o eee E E 85 PN AEE A A A E A EE 85 D o a OEA E AEE E A A EE EN A EI O A S E 85 Viewing Events and REDOING sssepsscaicsooneteaes danssdaadunteviensacs rananedsn
47. HT Only Mixed HT Only Mixed HT Only Mixed Select Guard Interval 400 nSec 800 nSec 400 nSec 800 nSec 400 nSec 800 nSec 400 nSec 800 nSec Spatial Streams 2Streams Y Rates Mbps 54Mbps Disabled v 48Mbps Disabled Y 36Mbps Optional Y 24Mbps Basic 18Mbps Optional Y 12Mbps Basic 11Mbps Vv 9Mbps Optional 7 6Mbps Basic X Figure 32 Radios Configuration Page The configuration parameters of each radio are arranged in a column There are up to four columns each of which is clearly identified with the corresponding title for example Radio 1 Radio 2 Refer to Table 11 below to set up the configuration parameters Extricom Series WLAN System Installation and User Guide 55 Field Description Channel Options WLAN Mode Select the WLAN mode from the drop down menu Options are Disable choose this option to disable the radio 802 1la 802 11b 802 11 802 11 Mixed b g 802 1 1n a 802 1 1n g 802 11n g b Rogue detection Not all same band configurations are possible depending on the type of Access point connected the configured radio State and whether TrueReuse is configured across the switch See the Release Notes for possible configuration scenarios Refer to the Feature Highlights section for a description of same band operation Select Channel Select the channel from the drop down menu The options available are based on the country and WLAN mode Enable TrueReuse Enable the TrueReuse function on the selected radi
48. Low The following APs have been connected 1 13 Eg atest uuLee rene eT Figure 44 Upgrade Configuration Tab 4 Click Choose File and navigate to the location of the firmware upgrade file The file s name with the full path appears in the Upgrade File field 5 You can check the Reboot the switch after firmware upgrade checkbox for the switch to automatically reboot at the end of the upgrade process or you can manually reboot the switch at a later time 6 Click Upgrade to upgrade the firmware and wait for the upgrade process to end 7 Ifyou did not check the Reboot the switch after firmware upgrade checkbox manually reboot the switch as described in the Reboot section above The firmware upgrade file is GNU zipped gzip Some Internet browsers are configured to automatically unzip files when downloading Verify that this function is disabled so that the upgrade file remains zipped after downloading Upgrading a Switch Cascade pair is done via the primary switch GUI 70 Configuring the Extricom Series WLAN System Certificate The first time that a Captive Portal user logs into the SSL https version of the portal from his browser he will receive a notice about a problem with the switch security certificate such as There is a problem with the website s security certificate At that point the us
49. MVM Allied Telesis Extricom Series WLAN System AT EXMS 000 AT EXLV 2000 AT EXLS 3000 AT EXMS 500 AT EXRP 22n 32n 22En 32EOn UU 2a Installation and User Guide the solution the network 613 002120 Rev A Copyright No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means photocopying recording or otherwise without prior written consent of Allied Telesis Inc No patent liability is assumed with respect to the use of the information contained herein While every precaution has been taken in the preparation of this publication Allied Telesis Inc assumes no responsibility for errors or omissions The information contained in this publication and features described herein are subject to change without notice Allied Telesis Inc reserves the right at any time and without notice to make changes in the product Copyright 2015 Allied Telesis Inc All rights reserved The products described herein are protected by U S Patents and may be protected by other foreign patents or pending applications Important Notice SS Read this guide safety instructions and the release notes for your switch firmware before installing and operating the Extricom Series WLAN system Disclaimer Allied Telesis makes no representations or warranties whether expressed or implied that the Extricom Series wireless local area network WLAN system or any component th
50. OL Start packets were received and in what time interval If the event was triggered from a per station limitation the trap also includes the client MAC address Available only when Intrusion Detection is enabled Indicates that the switch has detected an EAPOL Logoff Flood attack The trap details how many EAPOL Logoff packets were received and in what time interval If the event was triggered from a per station limitation the trap also includes the client MAC address Available only when Intrusion Detection is enabled Indicates that the switch has detected a De Authentication Broadcast Extricom Series WLAN System Installation and User Guide 107 108 54 55 56 57 59 60 61 62 63 65 66 67 Trap Name Radius Timeout Radius Changed selection Last Radius Failed RF localization failed Firmware upgrade startup Firmware upgrade done Firmware upgrade progress Firmware upgrade failed Reconfigure ended Radio is not functioning in access points Radio is functioning normally in all access points Client Ignore MTU Description A client attempted to associate to an ESSID using 802 1x authentication A timeout was reached when attempting to contact the RADIUS server If the ESSID has a secondary RADIUS server configured the switch attempts to authenticate the client using this server The trap details on which ESSID the authentication attempt occurred This
51. Switch WLAN_CONTROLLER Date Tuesday 8th of April 2014 11 33 48 AM UTC Uptime 20 hours 32 minutes 11 seconds LAN Settings E WLAN Settings Access Points Firmware Version 4 7 05 35 Application Type WLAN Switch System Tools Licensed AP Ports 16 d d i i Advance LAN Configuration Management Main Alternate m LV Settings LAN IP Address 192 168 1 101 Events amp Reports Network Mask 255 255 255 0 Support amp Feedback Default Gateway 192 168 1 1 WLAN Configuration Country Regulatory Domain United States Radio 1 Radio 2 Radio 3 WLAN mode 802 11a 802 11 Mixed b g Disabled S Channel 36 1 ESSIDs VLAN Octopus_1 Octopus_2 TrueReuse disabled disabled Other ESSIDs Access Points amp PoE Configuration Connected Access Points Time Severity Description Type Apr 08 2014 11 04 13 Low The following APs have been connected 5 Apr 08 2014 11 04 05 Low Reconfigure ended Sor NA 2014 11 07 57 Low Reronfinure started Pause Figure 24 Typical Web Configuration Page The navigation tree provides access to the Overview display as well as the following Extricom Series Web configuration pages e Quick Setup wizard used to quickly set up a basic switch configuration e LAN Settings configure LAN parameters e WLAN Settings configure WLAN parameters including ESSID related configuration and Radio configuration e Access Points view ports in use and activating deactivating PoE
52. Table 2 below describes the front panel LEDs of Extricom Series Switches LED Color Power None Green Red Red Orange Green Orange LAN LAN1 LAN2 Ports Act Link Green Orange Status SFP links Green WLAN Ports Link Green Status Orange Description No power Blinking system is loading final loading phase Solid On switch is ready operational On loading error or secondary switch not connected Alternating system is loading initial loading phase Alternating the license is not loaded onto the switch Solid On operational connection Blinking activity over connection On LAN connection is operational at 1000 Mbps Off LAN connection is operational at 100 Mbps Solid On 1000 Mbps full duplex SFP connection Off no SFP connection Solid On operational connection Blinking activity over connection Off no connection Solid On LAN connection is operational at 1000 Mbps Off LAN connection is operational at 100 Mbps Table 2 Extricom Series Switch LEDs Extricom Series WLAN System Installation and User Guide 23 AT EXRP 22n 32n 22En 32EQOn Access Points All Extricom Series APs have two connectors on the front panel of the device the WLAN connector and the Power connector The AT EXRP 22En and AT EXRP 32EOn have external antenna connectors The Access Points have an LED located near the LAN port on the front face of the device This LED functionality can be enabled or dis
53. Task MAC Assignments Unassigned View by ESSID All Weekly Daily The following APs have been connected 5 Figure 29 MAC ACL Scheduler Configuration Tab the top of the work area Also aved and take effect click on Save amp Apply Save amp Assigned m 1 To add a new ACL schedule click New Task An entry named New Task will appear in the Tasks field You may also delete a schedule by selecting it from the list in the Tasks field and clicking Delete Task To configure the newly added schedule or to modify an existing one select it from the list in the Tasks field then proceed to the Task Settings area of the configuration as described in Table 9 below Field Task Name Time Interval Start Date Start Time Duration Assign a name to a selected schedule by entering an alphanumeric string in this field You may assign periodicity of an ACL by selecting one of the following radio buttons e Once e Monthly e Weekly e Daily Click inside the date field and navigate to the desired start date in the pop up calendar Select the start time from the drop down menu The options range from 0 00 to 23 00 in increments of one hour Select the time interval during which the ACL will be activated The values in the drop down menu are Continuous 1 hour 2 hours etc through 24 hours Table 9 MAC ACL Scheduler Parameters Extricom Series WLAN System Insta
54. WLAN System System Tools Configuration Apply Use this tab to apply the new configuration changes In some cases after using the Apply button a system reboot is required however most parameters can be changed and the changes take effect immediately A system reboot is required after a change in the application type or firmware and license upgrades The Apply button e Checks whether a full reboot is required If a reboot is not required the updates will take effect immediately e Applies the configuration changes contained in the shadow configuration file created when clicking the Save button on a Configuration page to the new active configuration file Overview F Quick Setup Apply Reboot Maintenance Time amp Date Passwords Upgrade Certificate Application License LAN Settings l g g g i WLAN Settings Press to apply the configuration changes ESSID Definition Apply Radios Assignmen ts Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Figure 39 System Tools Configuration Page Reboot Use this tab to reboot the system and save the configuration changes created when clicking the Save button on a Configuration page In some cases such as upgrading or downgrading the firmware or returning the Switch Cascade from failover to normal operation a system reboot is required Refer to the specific configuration update sections to see if the reboot is needed in order for t
55. WLAN consists of a wireless switch AT EXMS500 AT EXMS1000 AT EXLV 2000 and sometimes also the AT EXLS 3000 connected to a set of UltraThin APs AT EXRP 22n AT EXRP 32n AT EXRP 32EOn and AT EXRP 22En The Extricom Series WLAN system eliminates the concept of cell planning and replaces it with the Channel Blanket topology In this topology each Wi Fi radio channel is used on every access point to create continuous blankets of coverage By using multi radio APs the Extricom Series system is able to create multiple overlapping Channel Blankets from the same physical set of devices as illustrated in Figure 1 Extricom Series WLAN System Installation and User Guide 3 Figure 1 Three Channel Blanket Coverage The Extricom Series solution is based on a fully centralized WLAN architecture in which the switch makes all the decisions for packet delivery on the wireless network In this configuration the access points APs simply function as radios with no software storage capability or IP addresses Even the basics of connecting are different clients associate directly with the switch not with the APs The APs act as RF conduits to rapidly funnel traffic between the clients and the switch The Extricom Series architecture has essentially centralized the 802 11 logic in the switch while distributing the w
56. abled in the web configuration GUI and when enabled indicates the status of the AP refer to the tables which follow for details Figure 17 AT EXRP 22n 32n a 4 4 4 am Extricod A a Figure 18 AT EXRP 22En oe Figure 19 AT EXRP 32EOn 24 Installing the Extricom Series WLAN System Access Point Connectors and LEDs The tables below describe the Extricom Series Access Point connectors and LEDs Connectors Description Power External power is not required for most SS applications Power is supplied via the Ethernet cable PoE In case of an external power requirement e g when media converters are used and POE is blocked use a UL Listed Limited Power Source LPS or NEC Class II power adapter Rating Input 90 240VAC 0 8A max Output 48VDC 0 56A max The DC output plug of the power supply must be a standard round DC plug with 5 5mm outer ring diameter and 2 5mm inner ring diameter Plug polarity Outer Inner WLAN RJ45 connector used to connect the Extricom Series AP to the Extricom Series switch Power is provided by the Extricom Series switch to the AP when directly connected to it Table 3 Extricom Series AP Connectors LEDs Color Description Left Green e Blinking normal system operation e Off error on one or more radios Right Orange e On error on one or more radios e Off normal system operation Table 4 AT EXRP 22n 32n 22En 32EOn AP LEDs When LED function
57. ailable only when Rogue AP Detection is enabled This trap indicates that a rogue network has been detected The trap details if the rogue network is an AP or ad hoc the relevant BSSID and ESSID what channel the rogue is transmitting on which Extricom Series AP is closest to the rogue AP and approximately how far the rogue AP is from the Extricom Series AP Available only when Rogue AP Detection is enabled This trap indicates that the status of a rogue AP has been updated This trap always comes after trap 29 This trap details if the rogue network is an AP or ad hoc the relevant BSSID and ESSID what channel the rogue is transmitting on which Extricom Series AP is closest to the rogue AP and approximately how far the rogue AP is from the Extricom Series AP Available only when Intrusion Detection is enabled Indicates that the switch has detected a Duration attack The trap details the duration length as well as the transmitting MAC address Available only when Intrusion Detection is enabled Indicates that the switch has detected an Association Flood attack The trap details how many associations were received and within what time interval Available only when Intrusion Detection is enabled Indicates that the switch has detected a Disassociation Flood attack The trap details how many disassociations were received and within what time interval If the event was triggered from a per station limitation the trap also includes t
58. al odoo Power on 8 Powe off af bwetan pah Arte Mda wnc oct q Ivasis A Soporte e Ail Eyes Megs Switch Pot Comtrots for EXMC 1000 Support Seqepeert A Fredie d O Fdge Setict 5 2 v i ds 1 eS ror 2 s 6 Warnieg wie AS ordy fo Dota treat use Te ba 623 deveta Tere Soverty Dess reteee Twer teed da J F pew m Figure 64 Access Points PoE amp Radio Controls Page E In the above image the AT EXLS 3000 is displayed as Mega Switch For information on configuring the system tools refer to System Tools Configuration on page 65 Advanced Configuration AT EXLS 3000 Differences To configure advanced features select Advanced from the navigation tree For more detailed information refer to Advanced Configuration on page 73 Redundancy Switch redundancy refers to redundancy over wired LAN media and provides the master to backup auto fallback functionality Both switches serve a single BSSID until either of them is at fault As soon as one of the switches fails the surviving switch serves mobile devices by itself with no human intervention The eventual replacement of the faulty switch does not necessitate any interruption in service while returning to a fully redundant mode 94 Configuring the AT EXLS 3000 System Extricom Series WLAN System Installation and User Guide Bile Em View Higtery Bookmarks Toot Help Extricom WLAN Controller x lt gt Extrice gt Go to a Website v c
59. ality is disabled the green LED should still blink for a few seconds when it goes through the initialization process after which both LEDs will be turned off Extricom Series WLAN System Installation and User Guide 25 Mounting the Switches Optional Extricom Series WLAN switches can be rack mounted Two 19 inch rack installation brackets are shipped with the switches The bracket is shown in Figure 20 Figure 20 Switch Mounting Bracket Mounting the Access Points Optional The AT EXRP 22En 32EOn APs can be mounted on a wall or ceiling For this purpose a separate mounting bracket is provided for ease of installation The bracket has two holes for mounting to the wall and one hole for a screw that mounts the AP to the bracket The mounting bracket is shown in Figure 21 Figure 21 AP Mounting Bracket AT EXRP 22n 32n APs can be mounted on a wall or ceiling without additional mounting brackets To mount these APs you will need two stainless steel pan head 8x1 1 4 self tapping Phillips screws not supplied 26 Installing the Extricom Series WLAN System To mount the AT EXRP 22n 32n Access Points 1 Place the installation template on the wall where you want to mount the AP use the drilling card included with the AP see Figure 22 or refer to Internal Access Point Mounting Template in this guide 19 4 cm _ Point for Drilling ff N 8 2 cm 12 3 cm 425 inches Figure 22 AP Drilling Card 2 Mark
60. are passed between the WLAN and the LAN e Blanket balancing The switches automatically perform load balancing distributing the traffic evenly over the different channels e Low density parity check LDPC Extricom Series Access Points support LDPC which improves reception of packets over a noisy channel e Space time block coding STBC Extricom Series Access Points support STBC which improves the ability to transmit packets over a noisy channel Overview of the Switch Platforms The Extricom Series WLAN switches are connected to Extricom Series APs to form an Extricom WLAN The Extricom Multi Series MS is a high performance switch hardware platform and is software configurable to support a range of wireless and networking functions in an Extricom WLAN System 8 Introduction to the Extricom Series Wireless LAN System Figure 2 AT EXMS 1000 The AT EXMS 1000 is equipped with 2 RJ45 SFP GBE Combo port uplinks and 16 GBE PoE Power over Ethernet edge side ports The AT EXMS 1000 is capable of performing different wireless and networking functions depending on the firmware installed on it Figure 3 AT EXLV 2000 The AT EXLV 2000 is equipped with 2 RJ45 SFP GBE Combo port uplinks and 16 GBE PoE Power over Ethernet edge side ports The AT EXLV 2000 is specifically designed to provide wireless access in large venue environments Figure 4 AT EXLS 3000 The AT EXLS 3000 1s equipped with 2 RJ45 SFP GBE Combo port
61. ated to different ESSIDs to be able to communicate with each other the ESSIDs must be defined on the same VLAN or no VLAN at all If this option is disabled all traffic goes through the LAN switch This could be used by IT managers to apply security settings or various policies on the LAN network This option when enabled provides support of multicast and broadcast packets for the selected ESSID Multicast and or broadcast packets shall be transmitted from all APs Once this feature is enabled Multicast Rate Control and Broadcast Rate Control may be left as default or changed to Rate Optimized or Range Optimized e If Rate Optimized is selected multicast packets are sent using the highest enabled data rate in legacy MCS7 in High Throughput HT mode e If Range Optimized is selected multicast packets are sent using the lowest enabled data rate in legacy MCS3 in HT mode Select this option if you wish to impose MAC authentication on this ESSID MAC authentication enables a user to authenticate WLAN clients using RADIUS server even if they do not support 802 1 x authentications Note that when using this option the security setting does not allow you to select any 802 1x methods To enable this option go to Advanced Others tab Configuring the Extricom Series WLAN System Field Description MAC ACL This option when enabled allows a user to add a MAC access list to the specific ESSID Only clients w
62. ategorized as follows 78 AP events for example connections disconnections Client events for example associations disassociations Switch events Configuration events RADIUS events Redundancy events for Switch Cascade Security events intrusion detection rogue AP detection etc Traps are displayed in the Events and Alarms area at the bottom of the web interface see Figure 51 below as well as in the Events amp Reports menu refer to the Viewing Events and Reports section below Configuring the Extricom Series WLAN System Extricom lt Overvie ww Quick Setup LAN Settings SNMP Traps Enable Traps vi E WLAN Settings Access Points System Tools Community Name pubic Advanced Manager IP Events amp Reports SNMP Agent Suppost amp Fosdback Enable SNMP Agent 7i Read Community pubb Write Community octopus Location Extricom USA Contact support Eextricom com SNMP Access List Enable SNMP Access List 7 IP Address Read Communi ty Write Community New Add 1 192 168 100 201 pubic octopus Remove Figure 51 SNMP Configuration Tab SNMP Traps Traps can be sent by the switch over its northbound interface to network management devices To begin sending SNMP traps over the northbound interface configure the SNMP Traps section under the SNMP tab as follows 1 Select the Enable Traps checkbox 2 Enter a desired name in the Community Name field 3 Enter
63. ble All traffic goes through the WLAN switch Allow Inter ESS forward Disable All traffic goes through the WLAN switch Enable Multicast Disable Multicast is not supported MAC ACL Disable MAC Access List is not supported 802 1 1d support Disable 802 11d is not supported Enable ARP Caching Enable Provide immediate response to ARP request directed toward the WLAN stations The switch answers on behalf of the WLAN stations Bandwidth Saving ARP Enable Reduce the number of ARP packets sent over the Caching wireless medium VLAN lt Tag gt Any number with the 1 4096 range Disassociation Timeout 3600 The amount of time in seconds that a mobile device can remain inactive before automatically disconnecting it from the network Encryption None Table 25 Honeypot ESSID configuration Configuring Access Point Parameters Quick Setup LV Settings Honeypot Access Points Switch Load Balancing LAN Settings m 3 AP Tx Power E WLAN Settings Radio 1 Radio 2 Radio 3 ESSID Definition Tx Power Volume i j E High e Normal iw Normal iw Radios Assignments AP amp Rate Stickiness Stickiness Level High E System Tools Advanced Access Points Management LV Settings Events amp Reports Support amp Feedback Figure 68 LV Access Point Parameters Configure Tx power for the AT EXLV 2000 to streamline the large venue deployment in terms of user density and capacity By increasing and decreasing Tx
64. ble to from EXMC must be less than 2m Using mixed media types Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Copper cable Fiber Interconnect Cable 100 150 with EXRE 300 Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Fiber cable Copper Interconnect Cable 400 with EXMC The total length of the copper based cable to from EXMC must be less than 2m Note EXMC and EXRE are not to be used with uplink ports for example in the case of Interconnect To connect an AT EXLS 3000 pair for redundancy 1 Verify that both switches are running the same firmware release and that it is the newest release that supports Resiliency 2 Verify both switches have a valid AT EXLS 3000 Redundancy license 3 Connect the interconnect cable to the LAN2 port of the AT EXLS 3000 primary switch and to the LAN2 port of the AT EXLS 3000 secondary switch 4 A direct cable connection between a redundant AT EXLS 3000 pair is not mandatory Any L2 or L3 connection is sufficient as long as each one of the switches can ping a common reference IP address Extricom Series WLAN System Installation and User Guide 31 Range Extenders and Media Converters EXRE 1000 Range Extender The EXRE 1000 Power Over Ethernet Gigabit PoE Range Extender doubles the standard range of PoE from the baseline 100 meters to a full 150 meters all while enabling full gigabit speed I
65. can use encryption without authentication For a higher level of security however it is recommended to use both encryption and authentication The Extricom Series WLAN makes configuration of ESSID security parameters easier by listing available combinations of Encryption and Authentication protocols Security definitions are configured for each ESSID individually To configure the security definitions 1 Click on the ESSID for which you want to configure the security definitions in the Select ESSID field 2 Configure the security definitions for the selected ESSID Refer to Table 8 below for a description of Security parameters Extricom Series WLAN System Installation and User Guide 45 46 Field Description Encryption Choose the method of encryption with or without authentication A combination of encryption and authentication methods may be selected from the Method drop down list There are eight options available None no authentication WEP64 Wired Equivalent Privacy 802 11 encryption protocol This is a very basic encryption level Also known as WEP40 WEP 128 This encryption is similar to WEP64 but the WEP keys are longer Also known as WEP104 WEP64 amp 802 1x Authentication WEP key used for authentication and encrypting the data frames WEP128 amp 802 1x Authentication analogous to WEP 64 amp 802 1x Authentication but with WEP 104 WPA WPA2 Personal W1 Fi Pro
66. ccess Points Diagnostics Select a Switch Primary Switch Test Type AP Duration CCA Percentage AP 5 w 5 Ap 5 5 AP 5 20 CRC Errors Cable Test Overall Test Test CCA Test CRC Test Cable Overall Test Duration 5 Seconds Duration 5 Seconds CCA Test Results Radio 1 0 85 Radio 2 Radio 3 26 16 CRC Test Results Radio 1 O CRC errors Radio 2 Radio 3 O CRC errors Cable Test Results Duration Cable Status m 20 Seconds Pass Save Results Time Apr 15 2014 15 33 46 Low Apr 15 2014 15 33 28 Medium Snr 15 7 N14 15 32 1 03 Laow Q Note Access points diagnostics might use a significant amount of system resources CCA and cable tests takes as long as the 4 Description Severity Type The following APs have been connected S13 13 ause The following APs have been disconnected S13 14 The follavwinn ADs have haan connerted S13 12 Figure 63 Diagnostics Tab Field Description Extricom Series WLAN System Installation and User Guide Wire Statistics LAN Statistics Click Get Statistics to get information about the transmit TX and receive RX traffic on the LAN in packets and in bytes You also receive information on traffic such as errors drops and overruns Clicking Save Results below the table in the right portion of the screen exports those results into an html file LAN Usage Click Start to begin collecting th
67. ced page Enter a VLAN tag to assign to the ESSID Assigning a VLAN to an ESSID enables you to control a wireless device s privileges through the existing wired network definitions Enter the amount of time in seconds a wireless device can remain inactive no data sent to or from the wireless device before automatically disconnecting it from the network DTIM stands for Delivery Traffic Indication Message The period of time after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode Select the DTIM period from the drop down menu This is relevant for clients that want to utilize the power management capability The possible values are 1 5 The default is 3 A high DTIM value may cause these E clients to lose connection with the network EAPOL stands for Extensible Authentication Protocol EAP over LAN Select this option if you want the switch to only connect to clients that require the switch to wait for an EAPOL Start When this option is selected clients that E do not send an EAPOL start will not be able to connect to this ESSID Table 7 ESSID Parameter Descriptions Configuring the Extricom Series WLAN System Configuring Security Definitions In the Encryption section of the ESSID Settings configuration page the following security definitions can be configured e Method of encryption e Type of authentication With some configurations you
68. channels in the same band for example Channel 1 6 and 11 in 2 4 GHz to be simultaneously used within the same AP to form overlapping Channel Blankets using the same physical set of APs e TrueReuse bandwidth TrueReuse technology multiplies the bandwidth of a standard 802 11 channel by dynamically optimizing the reuse of each frequency Within a Channel Blanket up to three APs are permitted to simultaneously transmit on the same channel when the TrueReuse algorithm determines that they can do this without causing each other co channel interference e Zero latency mobility In an Extricom Series WLAN a wireless device remains on the same channel everywhere within the Channel Blanket Inter AP handoffs delays or packet loss do not occur as the client moves across the range of different APs e Wi Fi Collaboration The Extricom Series patented Wi Fi Collaboration technology in which all APs are able to receive on the same channel provides uplink path diversity for client transmissions making the system highly resistant to RF instabilities and outside interference e Dense AP deployment In an Extricom Series WLAN APs can be deployed in any density convenient to the enterprise to achieve both blanket coverage and a guaranteed communications rate to all users In fact while cell based solutions shy away from dense deployments because of their inherent RF obstacles the Extricom Series system performance actually increases with AP density
69. client it will have a button in the Add field Once you click this button the MAC address of the new client is automatically added to the All MACs list You may also remove a MAC address from the All MACs list by highlighting it and clicking Delete below the All MACS field Click Save amp Apply to save the configuration and apply it immediately There is no need to use the main Apply page Configuring MAC ACL Scheduler The MAC ACL scheduler allows you to customize ACL configuration to allow various ACLs be activated at various times To schedule ACL tasks select the MAC ACL Scheduler tab in the ESSID Definition configuration section 50 Configuring the Extricom Series WLAN System N Extr Overview Quick Setup LAN Settings E WLAN Settings Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Time MAC ACL schedule may be activated by selecting the MAC Access List Scheduler checkbox at Severity Apr 08 2014 11 04 13 Low Apr 08 2014 11 04 05 Low Anr NA 2014 11 02 57 Low Extrice m LV 2000 i ESSID Settings MAC ACL MAC ACL Scheduler RADIUS MAC Access List Scheduler Activate Scheduler Tasks Task Settings Task Name Time Interval Start Date Start Time Description Reconfigure ended Reronfinure started A Note In order for all changes to be s Delete Task Apply button New
70. d on the Intranet and or Internet e Fast Handoff Opportunistic Key Caching WLAN clients roaming between APs of the same Channel Blanket within a single switch s coverage area experience zero latency mobility Clients roaming between different Extricom Series WLAN switches use the standard 802 11 handoff mechanism which is further facilitated by the opportunistic key caching mechanism in the 802 111 standard In addition to this the Extricom Series system speeds up 802 111 handoff between Extricom Series switches by use of Extricom s inter switch protocol This permits the client to avoid repetitive 802 1x authentications thereby enabling faster transition between access points connected to different switches with minimal session interruption e Real time location services Based on AeroScout or Ekahau technology Real Time Location Services RTLS technology provides the ability to locate and position mobile wireless network devices or any user equipment specifically equipped with an AeroScout or Ekahau active RFID tag device within the Extricom Series wireless network infrastructure Extricom Series products are enhanced to provide support for RTLS by integration with AeroScout and Ekahau active RFID technology Generally device location is determined based on several APs picking up a radio transmission attribute from an AeroScout or Ekahau Tag device or any W1 Fi client performing measurements and reporting the measurements to an
71. dary Switch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Switch Information MAC address 00 13 386 22 30 40 OctopusFSs v4 7 05 35 fr_2014 Mar 23 2033 Serial Number 084213200023 AppsFs v4 7 05 35 fr_2014 Mar 23 2033 Domain ODM2 Kernel 1 Wed Feb 26 13 51 11 IST 2014 Time Severity Description Apr 15 2014 15 33 46 Low The following APs have been connected S13 Apr 15 2014 15 33 28 Medium The following APs have been disconnected S13 Anr 15 2014 15 31 N2 Low Date Uptime 36 The follawinn ADs have haan connerted S12 Radio 3 Disabled Type 13 14 132 Figure 25 Configuration Overview of AT EXLV 2000 Field Description Displays the date and time the summary was created reboot Displays the amount of time the switch has been up since the last Configuring the Extricom Series WLAN System Field Description Firmware Version Displays the firmware version number installed Licensed AP ports Displays the number of licensed ports configured Application Type Displays one of the switch configuration options WLAN Switch WLAN Secondary Switch WLAN primary Switch LAN Configuration Main IP address of the switch Network mask IP address of the default gateway WLAN Configuration Country Displays the regulatory domain name currently in use by the switch Regulatory Domain WLAN mode Displays the WLAN mode for each radio Disabled 802 11a 802 11b 802 11g 802 11b g 802 1 1n a 802 1 1n g 802
72. e 16 AT EXMS 500 Switch Table 1 below describes the front panel and connectors of Extricom Series switches Connectors Console LANI LAN2 WLAN Ports 22 Description Serial connector only to be used for troubleshooting support or maintenance by or as instructed by Allied Telesis personnel Refer to the Troubleshooting section for console cable pin out and serial parameters 2 GbE RJ45 2 GbE SFP combo ports used to connect the switch to the wired LAN Use only GbE or SPF The rules for using the combo port pairs are as follows e You may use either the twisted pair port or SFP slot of a combo port pair but not both at the same time e If you connect both the twisted pair port and SFP slot of a combo port pair to network devices the SFP slot takes priority and the twisted pair port is blocked e The SFP slot becomes active when the SFP transceiver establishes a link to a network device e The twisted pair port and SFP slot of a combo port pair share the same settings such as VLAN assignments access control lists and spanning tree RJ45 connectors used to connect Extricom Series APs or in the case of the AT EXLS 3000 edge switch to the switch These ports provide 802 3AF PoE compatible power Maximum current 270 mA 48 volts Do not connect any non Extricom Series device to the wan WLAN ports Table 1 Extricom Series Switch Connectors Installing the Extricom Series WLAN System
73. e LAN data on receive RX Downlink and transmit TX Uplink traffic in real time in Mbps To terminate data gathering click Stop General Information GUI Snapshot Clicking Generate begins generating a series of statistics snapshots which are organized into a series of files and packaged into a compressed archive of html files Debug Log Click Generate to dump a log into a log file Access Points Diagnostics Clear Channel Assignment result in 0 100 A higher value indicates there is more medium consumption Duration 1s measured in seconds This function impacts the WLAN service Select an AP from the drop down list specify the duration of the test in seconds and click Test CCA Cyclic Redundancy Check CRC errors indicate the number of frames received with errors accidental changes to raw data Select an AP from the drop down list specify the duration of the test in seconds and click Test CRC The CRC errors test takes as long as the duration parameter multiplied by the number of radios CCA Percentage CRC Errors 91 92 Field Description Initiates a data transfer to measure the drop packets threshold Cable Test The recommended duration for the cable test is 1200 seconds Initiates all three tests CCA Percentage CRC Errors and Cable Overall Test Test The results are displayed in the right portion of the screen Table 22 Diagnostics Tab Parameters and Tests Configuring the Extricom Series WLAN
74. e e Verify that the workstation on which the web browser is running is switch s web connected to the same LAN as the switch configuration GUI e Verify that the URL entered for the switch begins with https Table 27 Troubleshooting Extricom Series WLAN System Installation and User Guide 103 Chapter 7 Northbound SNMP Traps The table below lists and describes the SNMP Traps sent by the Extricom Series Switch over the northbound interface SNMP Traps will only be sent if enabled in the switch configuration Furthermore some traps will only be sent if a specific feature is configured for example traps 28 30 will only be sent if Rogue AP Detection is configured on the switch All SNMP Traps are sent according to RFC 1157 SNMPvIl Trap Name Description 1 Client Association 2 Client Disassociation 4 EAPOL Key Error 13 AP Connected This trap is sent whenever a client successfully associates with the switch The trap includes the client MAC address and AID as well as the BSSID and ESSID to which the client is associated This trap is sent whenever a client disassociates from the switch The trap includes the client MAC address and AID as well as the BSSID and ESSID to which the client is disassociated The disassociation reason code is also sent A client attempted to associate using WPA but there was an error with the EAPOL key The trap details which of the following errors occurred the key does
75. e rear panel of the edge switches and plug the other end of the power cables into a power source 6 Verify that the Power LEDs on all the switches are green E Additional APs can be connected or disconnected while the switch is active If using fiber media converters ATI 100Mbps CTC 1000Mbps to extend switch to AP distance The switch side media converter is powered via PoE from the WLAN switch or optional external power supply Once all cables are connected switch copper converter fiber converter copper AP perform a port power down up in the web GUI of the switch to renew switch awareness of the AP connection Fiber mode is Multi for 1OOMbps Fiber mode can be Multi or Single for 1OOOMbps per the SFP module selected Both ends of the fiber termination must be in the same SFP mode Installing the Extricom Series WLAN System The maximum length of the primary to secondary switch interconnect is computed according to the following tables all distances are in meters Using CAT 5e 6 100 1000Mbps cable Distance Between Secondary Switch Max Switch Interconnect Distance and Its Farthest AP Copper Interconnect Cable 150 with EXRE Note Beyond 100 m copper based cables require a range extender EXRE Using fiber media cable Distance Between Secondary Switch and Its Farthest AP Fiber Interconnect Cable 400 with EXMC 50 with EXRE The total length of the copper based ca
76. ed Allied Telesis reseller or distributor 2 Create a backup of the current configuration as described under the Save option of the Maintenance configuration section 3 Select the Upgrade tab to access the page shown in Figure 44 A Extricom WLAN Controlle x y WLAN Controller E C fi amp amp betps 192 168 7 141 Apps ATW Inbox gt SalesForce zZ ATW Wiki Extricom License gt Extricom EGroupware ff moodle2 bgu ac il Bg Excel VBA tutorial M Gmail 5 Real Options g Ammyy Admin Fre E HowStuffWorks Le T HE Extrico eee AN Extricom Overview Certificate Application License Maintenance Time amp Date Passwords Upgrade Quick Setup Apply Reboot LAN Settings Upgrade the switch Firmware E WLAN Settings Pg ESSID Definition Save the switch configuration to the disk before upgrading the firmware system tools maintenance Radi ee Upgrade File Choose File No file chosen Upgrade Assignments A Reboot the switch after firmware upgrade Access Points Q Note After the upgrading process starts do not power down the switch and do not System Tools wey disconnect the LAN cable wait until the upgrade is finished and then reboot the switch Advanced Management LV Settings Events amp Reports Support amp Feedback Time Severity Description Type Apr 06 2015 13 23 34 Medium The following APs have been disconnected 1 14 ED Mar 30 2015 18 52 49
77. eft to allow the user to easily toggle between views of the APs of each cascaded switch The secondary switch is shown below the primary one in the tree Extricom Series WLAN System Installation and User Guide 63 Overview PoE amp Radio Controls AP Status Advanced Quick Setup LAN Settings EJ WLAN Settings Cascaded Switches Secondary Switch Information ESSID Definition Hostname switch102 Switch Type EXSW 1600 adios Assignments LAN1 IP Address 192 168 1 102 Firmware Version v4 7 05 35 fr_2014 Mar 23 2033 Access Points LAN2 Internal IP Address 1 0 0 2 System Tools v7 Primary Switch Advanced A Secondary Switch N Sa Access Points PoE amp Radio Controls LV Settings Events amp Reports Support amp Feedback 2 ya 1 3 5 7 9 ii 13 15 Radio Legend P Radiot O Radio 2 4 6 3 10 12 14 16 Figure 38 Access Point Configuration Window Secondary Switch Selective Radio Activation Apply Apply Power on all Power off all Port Naming Toggle an individual radio in a specific AP on or off by clicking on its image The radio image will turn either green or grey depending on whether it has been powered on or off respectively To immediately activate your selection click the Apply button on the right side of the configuration screen The image of the switch on the top of the page also colored illustrates the PoE status EES of the APs 64 Configuring the Extricom Series
78. eiver antennas to support Introduction to the Extricom Series Wireless LAN System simultaneous data streams Such technology is capable of increasing data throughput via enhancements such as spatial multiplexing data streams 40MHz channel bonding Block Acknowledgment and frame aggregation and use of spatial diversity to increase range Feature Highlights The Extricom Series WLAN system solution offers the following features e Kase of deployment no cell planning The Extricom Series architecture requires no cell planning and experiences no constraints due to RF interference or channelization Consequently Extricom Series APs can be deployed wherever needed in any density or even varying density to meet the end client s desired level of service stipulated in terms of connection rate The traditional site survey is therefore reduced to simple examination of the space in order to plan the location of the physical equipment e Multi Layer WLAN Using multiple radio Access Points APs a single set of APs enables deployment of multiple high data rate Channel Blankets with overlapping coverage resulting in multiplied aggregate capacity Separate Channel Blankets also offer the unique ability to guarantee Quality of Service by physically segregating different types of traffic based on service class user type and administrative privileges onto different channels e Same band operation The Extricom Series WLAN system enables WLAN
79. er simply clicks on Continue to this website not recommended to proceed To avoid this error message the WLAN operator can purchase a signed certificate and the RSA private key from an issuing authority Once these are available to install them on the switch 1 Select the Certificate configuration tab 2 Browse to the location of each file Once located the name and the path of the RSA private key file and the signed certificate file will appear in the corresponding fields 3 Click Upload to complete the installation Overview Quick Setup Apply Reboot Maintenance time amp Date Passwords Upgrade Certificate Application l License LAN Settings EJ WLAN Settings Upload Switch Certificate amp Key ESSID Definition Radios Upload a key RSA private key No file selected Assignment aa Upload a crt signed certificate No file selected Note you must reboot the switch for changes to take effect System Tools i Advanced Management LV Settings j Events amp Reports Support amp Feedback Time Severity Description Type Apr 09 2014 09 40 17 Low The following APs have been connected P5 S13 13 https 192 168 1101 apply php sel Apply 9 ended clava hac haan crannartad 7 Figure 45 Certificate Configuration Tab Application In the Application configuration screen you can change the role of a switch by selecting one of the Switch Application Types from the dro
80. ereof shall meet the purchaser s operating requirements or that system operation will be uninterrupted or error free All WLANs including the Extricom Series WLAN system can potentially be affected by outside sources of interference such as other broadcasting devices radiation device immunity level and other external sources of interference This equipment has been approved for mobile applications where the equipment is to be used at distances greater than 20cm from the human body with the exception of hands wrists feet and ankles Operation at distances of less than 20 cm is strictly prohibited Changes or modification to equipment not expressly approved by Allied Telesis Inc is strictly prohibited and could void the user s license to operate the equipment AT EXRP 22n 32n 22En access points are for indoor use only The maximum antenna gain is 4dBi An Extricom Series access point includes multiple WLAN radio modules each radio module is configured separately and serves a different set of clients There is no relation between transmissions on different radio modules hence in a single AP o Radio modules cannot transmit simultaneously over the same radio channel o A client device may transmit and receive data through one radio module Please check the release notes for your version of Extricom Series firmware before installing or operating the system The relevant release notes supersede this user guide The availability of
81. ess B is the 99 emission bandwidth in MHz Fixed point to point devices for this band are permitted up to 200 W EIRP by employing higher gain antennas but not higher transmitter output powers Point to multipoint systems Omni Disclaimer directional applications and multiple co located transmitters transmitting the same information are prohibited under this high EIRP category However remote stations of point to multipoint systems shall be permitted to operate at the point to point EIRP limit provided that the higher EIRP is achieved by employing higher gain directional antennas and not higher transmitter output powers Extricom Series WLAN System Installation and User Guide lil Table of Contents ADON TOE I scacsiatn ete street ees ce es eons 1 7240 6 OE ee eee tr er eer et eer 1 CONE OE E E EAE E E E NE 1 oare ale Or 0106 eee ee ee oe nena a rem te we cern earn rene et l Chapter 1 Introduction to the Extricom Series Wireless LAN System ssssssssssseeeccecosssoo 3 Overview of the Extricom Series WLAN System sssssooeseeeeeeessssssssssssssseerereressssssss 3 Pe at iS FT NS eo E 5 Overview of the Switch Platforms civstieceicdsccessasiiewtdslnteessaerdews ddentesssa avesddundeesunewtdnsdsedonsts 8 Overview of the Extricom Series Access Points cccccccccesseccceesecceeeseccseeseseeeneeeees 11 Access Points with Internal Integrated Antennas cccccseeeeceeeeeeeeeeeeeeaaeeeeeeees 11 Access Points
82. finition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Extricom Saved Successfully Pp t tch L Bal Honeypot Honeypot ESSID 1 honeypot 2 None Preset ESSIDs Preset ESSID steht New Add 1 offleadSSID 131 Remove Block Traffic E Block Non Preset ESSIDs Traffic Blacklist ESSIDs Blacklist ESSID New Add 1 Corporate Remove Saved Successfully Figure 67 Honeypot Honeypot ESSID Preset ESSIDs Block Traffic Blacklist ESSIDs Select one ESSID from the Drop down menu e None if there is no need for Honeypot on the configured WLAN switch e Honeypot Name Select the ESSID which has been configured to be the honeypot See below for honeypot ESSID configuration Allows configuring certain SSIDs within the honeypot to be assigned unique VLANS If checked client traffic apart from DHCP on this SSID will not be passed on to the LAN Add all the ESSIDs which serve real traffic and MUST NOT get stuck in the Honeypot Table 24 Honeypot configuration Configuring the AT EXLV 2000 System The Honeypot ESSID should be configured as follow Field YEIN Description ESSID Name lt Name gt Any Alpha Numeric name Allow Default ESSID Enable Allow connection without requesting specific ESSID Display ESSID in Beacon Disable ESSID does not appear in Beacon Allow Store amp forward Disa
83. ge switch without requiring a failover an edge switch being an AT EXMS 1000 connected to and managed by an AT EXLS 3000 Once the fault that caused the switchover has been resolved both switches automatically return to normal cascade operation GUI Operation in Normal Cascade and Failover Operation The primary switch GUI is fully operational if the primary switch is interconnected to a functional secondary switch The secondary switch GUI is always read only except for the following menus Reboot Application LAN Settings Upgrade and License If the primary switch is not interconnected to a functioning secondary switch the GUI will behave identical to a secondary switch read only apart from the specific above mentioned menus Rogue CC 2 A Extricom LV 2000 m YS Rogue access points represent a threat to LAN security Rogue APs are unauthorized APs that are physically connected to the wired Ethernet LAN The Rogue mechanism implemented in the Extricom Series switches requires a dedicated radio to scan the wireless media and detect Rogue APs Therefore one of the radios must be defined as Rogue in the Radio Settings page The Rogue tab folder allows you to edit a white list of independent APs that you allow to operate in your environment Extricom Extricom Overview Quick Setup Resilienc Rogue System Logging SNMP Centralized Configuration IDS ae Rogue AP Whitelist E WLAN Settings No BSSIDs
84. h Threshold ESSID Threshold Switch Stickiness Rebalance Now Read Log Configures that the load be balanced per SSID Name of the group within the load will be balanced All switches that should be load balanced must have the same group name configured The load threshold above the average of the group that triggers this switch to stop accepting new connections The load threshold above the average of the group that triggers this switch to stop accepting new connections per ESSID If a client that is already associated to another switch in the group attempts to associate to this switch how much stronger in dB the client signal must be for the switch to accept the client Initiates a load rebalance Shows load data per switch ESSID for the switch group Extricom Series WLAN System Installation and User Guide 101 Chapter 6 Troubleshooting Table 27 lists problems you may encounter with your WLAN and provides possible solutions If after trying the solutions you are still experiencing difficulties contact Allied Telesis Customer Support Problem Solution The AP Power LED is not lit oO A wireless device m cannot associate with a specific ESSID e Oo Oo Cannot connect to the Extricom Series web configuration pages Low data rates m oO Wireless devices r disconnect in a specific location Verify that the AP Ethernet cable is connected to the switch and to the AP The APs get PoE
85. he client MAC address Northbound SNMP Traps Trap Name Description 46 48 49 50 51 52 53 Intrusion detection Authentication Failure attack Intrusion detection Authentication Flood attack Intrusion detection De Authentication Flood attack Intrusion detection RF Jamming attack Intrusion detection EAPOL Start attack Intrusion detection EAPOL Logoff attack Intrusion detection De Authentication Broadcast Available only when Intrusion Detection is enabled Indicates that the switch has detected an Authentication Flood attack The trap details how many associations were received and in what time interval Available only when Intrusion Detection is enabled Indicates that the switch has detected an Authentication Flood attack The trap details how many authentications were received and in what time interval Available only when Intrusion Detection is enabled Indicates that the switch has detected a De Authentication Flood attack The trap details how many de authentications were received and in what time interval If the event was triggered from a per station limitation the trap also includes the client MAC address Available only when Intrusion Detection is enabled Indicates that the switch has detected an RF Jamming attack Available only when Intrusion Detection is enabled Indicates that the switch has detected an EAPOL Start Flood attack The trap details how many EAP
86. he changes to take effect A switch reboot will cause a temporary loss of WLAN service until the reboot process is complete To reboot the Extricom Series switch 1 Select the Reboot configuration tab and click Reboot 2 A new Screen opens prompting you Are you sure you want to reboot 3 Click Reboot to proceed Extricom Series WLAN System Installation and User Guide 65 l Rebooting before applying the changes will discard those changes Maintenance Use the tab to e Save the current configuration to a disk e Upload a configuration to the switch e Restore the switch to factory default configuration e Undo configuration changes and return to the last applied configuration S Extricom X CO Extricom SS Overview Quick Setup Apply Reboot Maintenance Time amp Date Passwords Upgrade Certif pplicat License LAN Settings E WLAN Settings Save Configuration ESSID Definition Press to save configuration data to disk Save Radios m Upload Configuration Assignments Upload Configuration No file selected Upload Access Points System Tools Q Note To apply the uploaded configuration go to System Tools Apply Advanced Factory Defaults Management Press to restore the factory default configuration Defaults LV Settings Q Note To apply the restored configuration go to System Tools Apply Events amp Reports Support amp Feedback Undo Configuration Changes Pre
87. he corresponding Date amp Time of its occurrence and level of Severity On both the System Events page and Clients Events page there are three buttons on the right side of the screen Pause Continue toggle which lets you stop or start the flow of the events History which brings up the list of the most recent past events up to 1000 and Export which lets you save an event log into an HTML file on your computer If a message has a sign in the Add field by clicking on this message the MAC address of the associated with the message user will be automatically inserted into the MAC ACL list Events Filter You may exclude some of the events from your reports using the Events Filter configuration tab Select the checkbox es corresponding to those events then click Save 88 Configuring the Extricom Series WLAN System Overview Quick Setup LAN Settings E WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Time Severity Apr 15 2014 15 16 31 Low Apr 15 2014 15 16 20 Low Amr 15 NIA 15216117 ft me Extricom System Events Clients Events Events Filter Reports Diagnostics Events Filter Name Disable AP Connected AP Disconnected AP Malfunction AP Reset Changed Wireless Status On Off Client Association Client Disassociation
88. installation brackets e One cable Ferrite EMI RFI e Four bumpers feet e Eight bracket screws e One AC power cable Access Points Extricom Access Point shipping boxes include one AP Extricom Series WLAN System Installation and User Guide 19 AT EXRE 1000 Range Extender The AT EXRE 1000 Range Extender shipping box includes one AT EXRE 1000 Range Extender AT EXMC 1000 Media Converter The AT EXMC 1000 Media Converter shipping box includes the following e One AT EXMC 1000 e One EXPA 48 AC DC Adapter Additional Equipment The following additional equipment is required for installing the Extricom Series WLAN system e One CAT Se 6 cable for each AP e CAT 5e 6 cable s for connecting the WLAN switch uplink to the LAN switch A pair of fiber optic pigtails with LC connectors may be used may be multi mode or single mode according the SFP module in use e A range Extender EXRE 1000 is required for any AP that will be located between 100 and 150 meters from the WLAN switch e For cabling distances over 150 meters EXMC 1000 media converters and optical fiber cables must be used e Two stainless steel pan head 8x1 1 4 self tapping Phillips screws for wall or ceiling mounting each AP optional Cables for Connecting Two Switches in Switch Cascade The following additional equipment is required for connecting two AT EXMS 1000 or two AT EXLV 2000 switches e One CAT S5e 6 cable e A pair of fiber optic pigtails with LC
89. ireless electronics in the APs Centralization of the Wi Fi environment enables enterprises to deploy 802 1 1a b g n channels at every AP creating multiple overlapping Channel Blankets that leverage each of the radios in the multi radio UltraThin AP Each channel s bandwidth is delivered across the blanket s service area that is the combined coverage of all APs connected to the switch with interference free operation and consistent capacity throughout As the client moves through the coverage blanket different APs take over the communication with it depending on which AP is in the best position to serve the client at the time The switch always uses the optimal uplink and downlink path While this goes on behind the scenes the client never detects an AP to AP handoff that 1s de association and re association thus experiencing seamless mobility Within each Channel Blanket the switch avoids co channel interference by permitting multiple APs to simultaneously transmit on the same channel only if they will not interfere with each other This is the essence of the TrueReuse functionality The Extricom Series supports the 802 1 1n standard which builds upon existing 802 11 standards 802 11n can be used in both the 5 GHz and 2 4 GHz frequency bands introduces enhancements to the MAC and the PHY layer and makes use of multiple input multiple output MIMO technology MIMO 1s a technology that employs multiple transmitter and rec
90. ith a MAC address included in this list are allowed to access the network if the MAC ACL mode is set to Whitelist Conversely if the MAC ACL mode is set to Blacklist then these clients are not allowed to use the network Use the MAC ACL tab on this page to add MAC ACL lists Enable Switch Load Enables or disables switch load balancing of the switch Refer to Balancing the Switch Load Balancing section for configuration information of this feature 802 1 1d Support Enables support of the 802 11d standard The purpose of this standard is to provide regulation domains for each country in a predefined list The regulation domains and country information are provided as part of Beacons amp Probe response To use this feature 802 11d support per ESSID must first be enabled under the Others tab on the Advanced page AeroScout Support Enables support for AeroScout location services To use this feature AeroScout support must be enabled in the Location Based Service tab on the Advanced page Enable ARP Caching This option when enabled provides an immediate response to ARP requests directed towards WLAN stations associated with the selected ESSID The switch answers on behalf of the WLAN stations Note ARP Caching is enabled by default Bandwidth Saving Reduce the number of ARP packets sent over the wireless ARP Caching medium Beacon Rate Control Use this option if you wish to tune the beacon distribution mechanism You can tune the
91. k algorithm to minimize the chance of packet collisions caused by more than one device accessing the wireless medium at the same time A client must wait for a randomly selected time period and then listen to find whether any other device is communicating before starting to transmit The random back off period gives all devices a fair opportunity to transmit Extricom Series WLAN System Installation and User Guide 7 WMM based on 802 1 1e standard enhances the DCF by defining an Enhanced Distributed Channel Access EDCA EDCA specifies different fixed and random wait times for the four prioritization categories to provide more favorable network access for applications that are less tolerant of packet delays Devices that have less time to wait have a better chance of being able to transmit than those that have a longer wait In order of highest priority the access prioritization categories are voice video best effort and background By default these four WMM prioritization categories are statically mapped to Ethernet 802 1p prioritization tags to allow consistent QoS across wireless and wired network segments Flow arriving from the wired network tagged with 802 1p priority is mapped to the appropriate Access category while WMM flow arriving from the wireless medium is encapsulated and tagged with the appropriate 802 1p priority The back off timing for each access category consists of a fixed period called the Arbitrary Inter Frame Space N
92. l replacement of the faulty switch does not necessitate any interruption in service while returning to a fully redundant mode r Quick Setup Resiliency l Rogue l System Logging i SNMP l Centralized Configuration IDS i Portal Multicast J s l Expert Others LAN Settings Sane E WLAN Settings Resiliency Enable Cascade Resiliency Access Points System Tools Reference IP Advanced Keep Alive Timeout Normal 5 secs Management LV Settings Events amp Reports Support amp Feedback Time Severity Description Type Apr 10 2014 11 20 56 Low The following APs have been connected P5 S13 13 Figure 48 Resiliency Configuration Tab Resiliency Fields for Primary Switch Table 16 below lists all the available parameters under the Resiliency configuration screen fields for a switch that has been set up as a primary cascade switch The secondary switch GUI will not display the fields listed below Extricom Series WLAN System Installation and User Guide 73 Field Description Enable Cascade Check box to enable Cascade Resiliency Resiliency Reference IP IP address of a reference device on the LAN This is used to test connectivity to the LAN The reference device must be operational and respond to pings Keep Alive Timeout Interval in seconds between keep alive packets sent to the reference IP Table 16 Resiliency Configuration Tab Parameters for a Primary Cascade Switch The Keep
93. ll have to configure your PC with a new IP address that is in the same subnet with the switch and start a new https session The event and alarm area displays real time SNMP trap messages You can pause the traps by selecting Pause Please see the Northbound SNMP Traps section for more details Overview of the Configuration The Overview page provides a summary of the current configuration To get to it click Overview in the navigation tree Extricom Overview Quick Setup LAN Settings E WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Ad a nced Management LV Settings Events amp Reports Support amp Feedback Extricom LV 2000 Switch WLAN_CONTROLLER Date Tuesday 15th of April 2014 15 35 39 PM UTC Uptime 21 minutes 33 seconds Firmware Version 4 7 05 35 Application Type WLAN Primary Switch Licensed AP Ports 32 Operation Mode Cascade LAN Configuration Main Alternate LAN IP Address 192 168 1 101 Network Mask 255 255 255 0 Default Gateway 192 168 1 1 WLAN Configuration Country Regulatory Domain United States Radio 1 Radio 2 WLAN mode 802 11a 802 11 Mixed b g Channel 36 1 ESSIDs VLAN Octopus_1 Octopus_2 TrueReuse disabled disabled Other ESSIDs Access Points amp PoE Configuration Connected Access Points Primary Switch 5 Secondary Switch 13 Powered Ports Primary Switch 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Secon
94. llation and User Guide Sl 3 To apply the selected ACL task to the specified MAC addresses proceed to the MAC Assignments area of the configuration screen Here you may move various MAC addresses between the Unassigned and Assigned fields by using the left and the right arrow keys You may either display all ACLs or only those associated with specific ESSIDs by selecting the specific ESSID or all from the Viewed by ESSID drop down menu The one or more MAC addresses selected will be activated via the Scheduler only if the relevant MAC address is assigned If MAC ACL mode is set to Whitelist only assigned MAC addresses will be scheduled activated If MAC ACL mode is set to Blacklist only assigned MAC addresses will NOT be scheduled activated Configuring RADIUS To configure the RADIUS server option select the RADIUS tab in the ESSID Definition configuration section The RADIUS Servers work area displays the already configured RADIUS servers in the system RADIUS server bank Here you may also configure new RADIUS servers as well as delete entries that are no longer needed MAC ACL Scheduler RADIUS LAN Settings E WLAN Settings RADIUS Servers Save ESSID Definition Auth A Radios Name Address Password one g Acc Port Timeout Allow Auth lt n Assignments New eeeeee8 1812 1813 30 60 Add Access Points 1 CloudBlanket 79 170 91 76 j esecsecococooe 1812 10008 30 60 Remove System Tools
95. n channel either 20MHz or 20 40MHz Secondary Channel If 20 40MHz channel width is selected via the Select Width option the system automatically configures the second 20MHz channel to be used for bonding as either above Upper or below Lower the primary 20MHz channel Select 802 11n Mode Two blanket operational modes are supported e Mixed In this mode the Channel Blanket is available to all WLAN clients for example clients operating in 802 1 1a 802 11b 802 11g modes e HT Only High throughput only In this mode the Channel Blanket is available to 802 11n clients only In this mode the 802 1 1n devices are in fact working in a mixed mode but the switch will not allow a b g devices to connect Select Guard Interval Guard interval can be configured to short 400 nanoseconds or long 800 nanoseconds When a 20MHz channel is configured it is not possible to configure short guard interval Spatial Streams Select the number of spatial data streams for each AP Signals transmitted simultaneously from multiple antennae Extricom Series WLAN System Installation and User Guide 57 58 Field Description 802 11a b g Rate Data rate configuration is only applicable to 802 11a b g Configuration Channel Blankets For each of the data rates listed select whether the rate is Basic Optional or Disabled When configuring the data rates you should consider the data rate capabilities of the wireles
96. nfigurations are possible it should be noted that this may result in a heterogeneous wireless coverage between the different Channel Blankets throughout the deployment area Extricom Series APs must be directly connected to the switch to function An Extricom range extender or media converter may be used between the AP and the switch when extra range is required Introduction to the Extricom Series Wireless LAN System Switch Cascade Switch Cascade is an Extricom Series topology in which two AT EXMS 1000 or AT EXLV 2000 switches are interconnected together to create one larger logical switch with optional enhanced redundancy capabilities One AT EXMS 1000 switch serves as the primary and the other AT EXMS 1000 switch serves as the secondary A diagram of the Cascade topology is shown below in its standard configuration LAN2 Port Interconnect Secondary Switch Figure 10 Switch Cascade Topology The interconnect hardware is connected to the LAN2 port of each switch See Connecting the Switch and the Access Points for more details about the interconnect hardware and maximum distance between cascaded switches The APs of both switches together form a seamless Channel Blanket Up to 3 seamless Channel Blankets can be deployed Up to 32 APs can be deployed in a cascade topology In Figure 10 above a basic Switch Cascade configuration is depicted In a switch cascade the secondary switch routes all of the traffic fr
97. not exist there is a timeout the key does not match or the cypher does not match One or more APs have been connected to the switch AP has been physically connected via Ethernet cable or it was already connected and PoE has been enabled The AP number corresponds to the port number on the switch to which the AP is connected Upon switch startup or reconfiguration this trap is sent listing all the APs connected Northbound SNMP Traps Trap Name Description 14 19 20 21 22 25 26 AP Off Redundancy peer connection up Redundancy peer connection down Redundancy keepalive connection up Redundancy keepalive connection down Redundancy status up Redundancy status down One or more APs have been disabled The AP Ethernet cable has either been physically disconnected from the switch or PoE has been turned off The AP number corresponds to the port number on the switch to which the AP is connected When using Normal not Cascade redundancy this switch has regained connectivity with the peer switch When using Normal not Cascade redundancy this switch has lost connectivity with the peer switch When using Normal not Cascade redundancy the switch regained connectivity to the Reference IP When using Normal not Cascade redundancy the switch lost connectivity to the Reference IP When using Normal not Cascade redundancy this switch has taken
98. nt s Disconnect Figure 62 Reports Tab Type 13 Pause 63 7m Refresh 24 02 N A zi 1 2 State associated Associated The following table describes the information available on this page Field Description Downlink Throughput Mbps Total A one second snapshot of the data volume carried by all downlinks on a particular radio channel Channel Blanket Total downlink throughput of the switch based on a one second snapshot of data volume Extricom Series WLAN System Installation and User Guide 89 Field Description TrueReuse Factor Available only if TrueReuse is enabled Ranges from 1 3 Indicates the current downlink throughput relative to what the downlink throughput would have been if TrueReuse were not enabled Computes the average number of downlinks transmitting simultaneously per radio channel The average is computed based on several snapshots taken during several one second time intervals Example a value of 3 means that downlink throughput with TrueReuse is currently 3 times higher on average on that radio channel than if TrueReuse had been disabled Avg TrueReuse Factor average over all radio channels Clients ESSID Number of clients connected per ESSID per radio channel Clients ESSID Total Total number of clients per ESSID per radio channel over all channels per switch MAC Address Used to search for a MAC address on the page Any matching MAC address in the list of clients
99. o Requires a TrueReuse License Not all TrueReuse configuration scenarios are available This depends on which bands are configured on all other radios the type of access point in use and the configured radio state See the Release Notes for possible configuration scenarios More Less Options Click this to hide or reveal additional configuration options Max Retries Select the number of times that the switch tries to resend a packet if the transmission of that packet fails Available values are 0 to 14 Enable Short This option becomes available only when 802 11b is selected as Preamble the WLAN mode In this case mark the checkbox to allow a short preamble Publish 802 11b rates Only available in 802 11g or 802 1 1n g modes If this checkbox is selected the switch will publish support of 802 11b data rates in the beacon This is required by some older clients to operate Configuring the Extricom Series WLAN System Field Description Enable Load Check this box if you want to enable load balancing By using Balancing load balancing mobile devices connect to the least loaded Basic Service Set Identifier BSSID among all BSSIDs sharing the mobile devices SSID The number of connected users defines the metric that is used to determine the load The following parameters are available if one of the 802 11n WLAN modes has been selected Select Width Check the appropriate radio button to select the width of the 802 11
100. om Filter stic Description Type Pause e H s a Histo Client 00 16 4C 75 8F 76 aid 1 has associated to 00 13 A6 22 30 41 essid Octopus_1 01 poral Export IP 169 254 88 52 is at client 00 1E 4C 75 8F 76 aid 1 72 Client 00 1E 4C 75 8F 76 aid 1 has associated to 00 13 A6 22 30 41 essid Octopus_1 01 IP 169 254 88 52 is at client 00 1E 4C 75 8F 76 aid 1 72 7 Client 00 1E 4C 75 8F 76 aid 1 has associated to 00 13 A6 22 30 41 essid Octopus_1 01 IP 192 168 1 18 is at client 40 0E 85 17 9F 00 aid 3 72 IP 10 108 118 185 is at client 40 0E 85 17 9F 00 aid 3 72 Client 40 0E 85 17 9F 00 aid 3 has associated to 00 13 A6 22 30 50 essid Octopus_2 01 IP 192 168 1 16 is at client 88 53 95 B9 54 4A aid 2 72 IP 192 168 1 62 is at client 88 53 95 B9 54 4A aid 2 72 IP 192 168 2 131 is at client 88 53 95 B9 54 4A aid 2 72 Client 88 53 95 B9 54 4A aid 2 has associated to 00 13 A6 22 30 50 essid Octopus_2 0i IP 172 29 7 176 is at client 98 FE 94 4E 35 56 aid 3 72 z Figure 60 Events amp Reports Client Events Tab System Events The System Events tab lists system messages that were generated by the switch as event notifications Date amp Time of occurrence as well as the Severity of the event are also displayed Clients Events The Clients Events tab lets you view client association and disassociation events only Just like in the case with the System Events each client event is displayed with t
101. om its APs to the primary switch over the interconnect cable The primary switch performs the full set of Extricom edge switch functions on the secondary switch s traffic as well as on the traffic from its own APs It determines to which AP to transmit each incoming packet while the secondary switch forwards the traffic it receives to the correct AP Extricom Series WLAN System Installation and User Guide 15 16 Resiliency in Switch Cascade The optional Resiliency licensed feature provides enhanced redundancy capabilities Switch Cascade in Resiliency mode can overcome failures in uplink switches or the interconnection between the switches See the following examples LAN2 Port Interconnect Primary Switch Secondary Switch Figure 11 Uplink Redundancy in Switch Cascade Topology In Figure 11 above the switch configuration provides uplink redundancy if the primary switch uplink connectivity is lost for some reason the secondary switch takes over the primary switch and replaces its functionality with no loss of wireless service In this configuration there is no redundancy in the APs deployment and each AP covers a specific area uniquely Introduction to the Extricom Series Wireless LAN System LAN2 Port Interconnect Secondary Switch M i i HIN Figure 12 Full Redundancy in Switch Cascade Topology In Figure 12 above a full redundancy configuration is shown where it is possible to deploy APs
102. onfiguring the Extricom Series WLAN System Configuring Radios Manually To configure each radio manually click on the Radios tab to access the Radios configuration screen The radio settings configured on the Radios tab apply to all access points connected to the switch That is each radio can be configured differently in the Radios tab on a switch however these radio settings will be the same on each access point connected to the switch When the Radios page is initially displayed it appears in its abridged form To see all of the configuration options click on the More Options button The window shown in Figure 32 below appears When configuring 802 1 1a b g radios the 802 1 1n displayed parameters cannot be configured and are grayed out ARE R Bee Extricom gg lt Overview Quick Setup j Radios LAN Settings E WLAN Settings Select Country v S ve ESSID Definition Cancel Radio Settings Radio 1 Radio 2 Radio 3 Radio 4 Assignments WLAN Mode 802 11n a SGHr v Disabled h Disabled Disabled Access Point System Tool Select Channel EEE Enable TrueReuse Events amp Reports Less Options Support amp Feedback Max Retries 14 0 14 retries 5 0 14 retries 5 0 14 retries 5 0 14 retries Enable Short Preamble Enable Load Balancing Select Width 20MHz 20 40MHz 20MHz 20 40MHz 20MHz 20 40MHz 20MHz 20 40MHz Secondary Chann el Lower Upper Lower Upper Lower Upper Lower Upper Select 802 11n Mode HT Only Mixed
103. over the wireless responsibility If the secondary switch is issuing this trap it is because it detected a failure in the primary switch lf the primary switch is issuing this trap it has recovered from an error and is now resuming wireless responsibility When using Normal not Cascade redundancy this switch has relinquished wireless responsibility lf the primary switch is issuing this trap it discovered an error for example connectivity to the Reference IP is lost in which case the trap specifies what the error is If the secondary switch is issuing this trap the primary switch has recovered from an error and the secondary switch is transferring wireless responsibility back to it Extricom Series WLAN System Installation and User Guide 105 Trap Name Description 28 29 30 43 44 45 106 Rogue AP lost Rogue AP found Rogue AP update Intrusion detection Duration attack Intrusion detection Association Flood attack Intrusion detection Disassociation Flood attack Available only when Rogue AP Detection is enabled This trap indicates that a previously discovered rogue network has stopped transmitting The trap details if the rogue network was an AP or ad hoc the relevant BSSID and ESSID what channel the rogue was transmitting on which Extricom Series AP on the switch was closest to the rogue AP and approximately how far the rogue AP was from the Extricom Series AP Av
104. owed encryption methods are None WEP64 WEP128 WPA WPA2 Personal e The MAC authentication option must be checked to select a RADIUS server from a drop down list e Define the MAC Authentication RADIUS Server by selecting one from the drop down list Configuring the Extricom Series WLAN System Field Description RADIUS Define the RADIUS Authentication Server s by selecting one or Authentication more up to four from the drop down list if Servers e The WEP64 WEP128 encryption with the 802 1x authentication method is selected or e The WPA WPA2 Enterprise or WPA WPA2 Enterprise amp Personal authentication method with the TKIP AES cipher is selected 4 Use Server 1 if only one server is used Use consecutive servers if several servers are used RADIUS Select the RADIUS accounting server from the drop down list of Accounting Server RADIUS servers Ticketing Settings If one use authentication tickets are used on this SSID this is where the ESSID secret used to create the tickets is configured Table 8 Security Definition Parameters RADIUS Accounting Server The RADIUS Accounting Server option enables the administrator to forward information about clients connected to a specific ESSID to an accounting server Once enabled the Extricom Series Switch forwards to the accounting server How to configure 1 Define the Accounting server in the RADIUS list tab 2 Click the ESSID Settings tab 3 Inthe RADIUS
105. p down list The options you will see depend on the License you have but include e WLAN Switch refers to a device in standalone mode e WLAN Secondary Switch refers to the backup role of the switch in a switch cascade e WLAN Primary Switch refers to the primary role of the switch in a switch cascade Extricom Series WLAN System Installation and User Guide 71 Ez Extricom a Overview Quick Setup Appl Reboo Maintenance Time amp Date Passwords Upgrade Certificate Application peas LAN Settings E WLAN Settings Application Type Access Points Select Switch Application Type WLAN Switch WLAN Switch WLAN Secondary Switch WLAN Primary Switch e The switch will reboot in order to g O take z e Current redundancy configuration will be removed System Tools Advanced Q Events amp Reports t unapplied configuration will be lost Support amp Feedback Apply amp Reboot Figure 46 Application Configuration Tab License To install the license and activate the switch click on the License configuration tab 1 Browse to the location of the License file on your computer 2 Click Install amp Reboot to finish activating the switch The switch reboots and the license details are displayed in the Installed License Details section of the License Configuration tab Extricom LV 2000 e e Pose Connche Extricom Overview Q
106. pecifies operation in the same 20 MHz channels used by 802 1 1b g in the 2 4 GHz and 802 11a in the 5 GHz bands but adds a mode in which a full 40 MHz wide channel can be used This offers approximately twice the throughput of a 20 MHz channel Extricom Series products support 20 and 40 MHz channels both in 2 4 GHz and 5 GHz IEEE 802 111 support Extricom Series products support WEP 64 WEP 128 WPA TKIP WPA2 AES CCMP encryption The authentication modes supported include RADIUS 802 1x and WPA Pre Shared Key PSK Power save Full power conservation management is enabled for associated mobile devices over unicast multicast and broadcast frames This is based on various IEEE 802 11 standard power save specifications such as PS Poll and U APSD for 802 1 1a b g devices and SM amp U PSMP power save for 802 1 1n devices System redundancy The Extricom Series system enables full redundancy by connecting two switches in a cascade or hot standby topology The switchover parameters are user configurable Dynamic VLAN Subnet roaming Dynamic VLAN enables VLAN and subnet assignments access control lists authentications QoS levels and other policies to remain with users over the wired to wireless transition regardless of where the user roams in the network A tunnel is created for a user that roams to a different VLAN while currently communicating with the original VLAN to enable uninterrupted communication Inter switch handoff Fast
107. port A Feedback Select Radio Rade 802 1 Mxed bis Enable WHM 7 WMM Parameters CWmin CWmax AIFSN TxOP CulfServ to WMM WMM t DiffServ conversion to WMM DscP Service Class 0 Hest Ffort Default Class oe wv ae N Description Beat Effort Default Class Best Effort Detawit Class Beat Effort Default Class Best Effort Default Class Hest Effort Default Class Best Effort Default Class Hest ifort Default Class Best Effort 15 6 iw Routine Routine Routine Routine Routine Routine Routine eJ ka e3 o Sc o Routine Figure 33 Background 127 le 1023 Le Video Voice i ie 6 0 l6ns io WMM Default Best Offort le Best Effort Ge E Best Effort ie Best Effort Best Effort iw E Best Effort Best Effort Le Best Effort Best Effort os Best Effort Best Effort Le Best Effort WMM Configuration Tab Field Description CWmin CWmax AIFSN TXOP From the drop down menu select Min Contention Window time slots for each access category Available values are 3 7 15 31 63 127 255 511 and 1023 The default values for the following categories are Voice 3 Video 7 Best Effort 15 Background 127 From the drop down menu select Maximum Contention Window for each access category Available values are 3 7 15 31 63 127 255 511 and 1023 time slots The default values for the following categories are
108. r 68 Configuring the Extricom Series WLAN System Passwords Use this tab to set or change passwords Passwords are set according to the user access privileges Refer to Table 15 for default passwords according to the user access levels User Access Privileges Default Level Password admin Accessing the web configuration Switch operator User account SSH access 12345 root Super user octopus Table 15 Default Passwords The operator and root passwords are used when accessing the switch for SS maintenance and service purposes Changing these passwords should be performed only by an Allied Telesis authorized engineer For security purposes it is important that all the passwords including operator and root passwords be changed from the default values when the switch is first installed as well as periodically updated Record all passwords and store them in a safe location To set and change a password on an Extricom Series switch Select the Passwords tab Select the user category from the drop down list Enter the current password 1 2 3 4 Enter the new password 5 Retype the new password 6 Click Apply Extricom Series WLAN System Installation and User Guide 69 Upgrade Use the Upgrade tab to upgrade the Extricom Series switch firmware as follows 1 Download the upgrade file to your computer from the CD supplied with your purchase or Obtain an upgrade file from your authoriz
109. re login without authentication on re association association Pre Authentication You can define a list of up to 10 free access network destinations 10 Allowed Destination rules WLAN clients associated to the captive portal restricted ESSID can Walled Garden reach these destinations without going through the Captive portal authentication process A network destination a rule is defined by an IP address subnet mask port numbers and an Internet Protocol TCP UDP ICMP It is advised to define free access to the DHCP server on port 67 using Broadcast and to the DNS server on port 53 using Unicast as in the following example IP Address Subnet Mask Port Protocol Numbers 0 0 0 0 0 0 0 0 0 192 a 1 5 255 255 255 255 ar Additional Networks You may add trusted networks by specifying a subnet along with its netmask for each such network It is advised to define the network used by the ESSID with the Portal authentication as in the following example Subnet Netmask 192 168 1 0 255 255 255 0 Customize Default If you do not check the Use Customized Page checkbox then the Page captive portal web page will be set to the Extricom Series default web page otherwise follow the instructions to customize the page Upload Your Own Allows you to upload your own captive portal web page Use the Customized Page instruction link to build your web page Table 20 Captive Portal Configuration Parameters Extricom Series WLAN Sys
110. rea is only enabled if the cipher selected in the Method field of the Encryption area is either WEP64 WEP 128 WEP64 amp 802 1X Authentication or WEP128 amp 802 1X Authentication In the WEP Keys area you define the WEP Transmission Key that is used for encrypting or decrypting You can define a single WEP key For the transmission key you define select the input format ASCII or HEX and enter the key according to the following table Cipher ASCII HEX WEP64 5 characters 10 digits or WEP64 802 1x WEP128 13 26 digits or WEP128 802 1x characters The WPA area is only enabled if the cipher selected in the Method field of the Encryption area is either WPA WPA2 Personal WPA WPA2 Enterprise or WPA WPA2 Personal amp Enterprise If WPA WPA2 Personal or WPA WPA2 Personal amp Enterprise with Pre Shared key authentication method is used the WPA PSK field is enabled In this case select one of the following input formats and enter the corresponding key listed e For ASCII enter 8 63 characters e For HEX enter 64 digits You may select to either show or hide the key characters by either pressing Show Key or Hide Key button to the right of the Key field For all WPA WPA2 encryption methods you may specify Group Rekey Interval which is the amount of time in seconds that elapses before the Group Key is changed e This configuration option becomes available when encryptions with no RADIUS server are selected The all
111. ressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC amp IC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation Important Note FCC and IC Radiation Exposure Statement This equipment complies with FCC and IC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Operations in the 5 15 5 25 GHz band are restricted to indoor usage only to reduce potential for harmful interference to co channel satellite systems The maximum antenna gain permitted for devices in the 5725 5825 MHz band must comply with the EIRP limits specified for point to point and non point to point operation as appropriate as stated in section A9 2 3 Sec A9 2 3 For the band 5725 5825 MHz the maximum conducted output power shall not exceed 1 0 W or 17 10 log10 B dBm whichever power is less The power spectral density shall not exceed 17 dBm in any 1 0 MHz band The maximum EIRP shall not exceed 4 0 W or 23 10 log10 B dBm whichever power is l
112. rity Description Type Apr 10 2014 11 45 11 Low The following APs have been connected S13 13 p ause Apr 10 2014 11 44 59 Medium The following APs have been disconnected S13 14 4nr iN 2N14 14 80 27 17 Low The fallawinn ADs hawa haan raonneartard S13 Figure 52 IDS Configuration Tab Configuring the Extricom Series WLAN System Field Description Enable Enables Intrusion detection Duration Attack WLAN devices reserve the channel for a particular period of time and then start using the radio channel This time period is the Network Allocation Vector NAV in 802 11 By using high NAV values an attacker can prevent other WLAN devices from utilizing the wireless network Enable Select the checkbox to enable this feature 11b g lla box Define the Max NAV period in usec after which the attack 1s detected Flood attacks Malicious users can flood the WLAN with 802 11 management messages Number of Events Time window in seconds Thresholds During xx Sec Per station Number of times a specific event is allowed during the event threshold Each of the possible attack types listed below this parameter is assigned a limit per station All station Number of times a specific event is allowed during the event threshold Each possible attack type listed below this parameter is assigned with a limit to all stations Authentication Flood Flooding the WLAN with authentication requests De Authentication Flooding the WLAN
113. roaming The Extricom Series enables mobile voice clients to roam seamlessly by supporting fast handoffs between multiple APs and switches in the network This enables the client to roam back to a previously authenticated AP with no delay Multiple RADIUS servers amp RADIUS server redundancy The Extricom Series system supports multiple RADIUS servers per Extended Service Set Identifier ESSID enabling the user to set redundancy between these RADIUS servers RADIUS is acommon authentication protocol utilized under the 802 1x security standard often used in wireless networks It improves the WEP encryption key standard when used in conjunction with Introduction to the Extricom Series Wireless LAN System other security methods such as EAP PEAP In an enterprise environment several RADIUS servers may be used for backup and also for serving different geographical locations Up to four different RADIUS servers can be defined for each ESSID RADIUS redundancy is based on the assumption that the user database is identical in all RADIUS servers and that users are listed in all servers with the same credentials Switchover from one RADIUS server to another takes place after consecutive failures of the server The order of priority is 1 to 4 e Network Time Protocol NTP The Extricom Series system supports synchronization of the system clock over the network thereby ensuring accurate local time keeping with reference to radio and atomic clocks locate
114. rters ATI 100Mbps CTC 1000Mbps to extend switch to AP distance The switch side media converter 1s powered via PoE from the WLAN switch or optional external power supply Once all cables are connected switch copper converter fiber converter copper AP perform a port power down up in the web GUI of the switch to renew switch awareness of the AP connection Fiber mode is Multi for 1OOMbps Fiber mode can be Multi or Single for 1OOOMbps per the SFP module selected Both ends of the fiber termination must be in the same SFP mode To connect a switch cascade AT EXMS 1000 and AT EXLV 2000 1 Connect the primary and secondary switch to the LAN via the LAN port and to its APs via WLAN ports as directed in the section above 2 Verify that both switches are running the same firmware release and that this is the newest release that supports Switch Cascade 3 Refer to the chart on the following page for important switch interconnect guidelines 4 Connect the switch interconnect cable to the LAN2 port of the primary switch and to the LAN2 port of the secondary switch The secondary switch remains inactive until it is synchronized with the primary switch When the primary switch is rebooted its configuration GUI will be in read only mode until the secondary switch is synchronized Installing the Extricom Series WLAN System The maximum length of the primary to secondary AT EXLS 3000 to AT EXMS 1000
115. s WLAN clients can cause a denial of service condition by flooding the WLAN network A denial of service condition is identified through attack signatures or other factors most of which are well known The IDS tab allows the user to enable this mechanism set thresholds for identifying an attack and choose the types of attacks to be detected The IDS mechanism detects 802 11 duration attacks and 802 11 management message flooding attacks Upon attack detection the system sends a Trap message notifying of the event and when applicable provides the attacker s details for example MAC address Network administrators can use this information to take action and block malicious users To configure IDS services refer to Table 19 below for the specific parameters Extricom om LV 2000 W Overview Quick Setup Resilienc Rogue System Logging SNMP Centralized Configuration IDS Porta Multicast BS Expert LAN Settings s Enable Intrusion Detection System v Save 4 WLAN Settings Tina Access Points Duration Attack 7 1ib g 20000 pSec lia 3300 pSec System Tools Advanced Number of events thresholds during 300 sec Management Per Station All Stations LV Settings Authentication Flood v 20 Events amp Reports De Authentication Flood 7 5 20 Support amp Feedback Association Flood 7 20 Dis Association Flood v 5 20 Invalid Authentication Request v 5 20 EAPOL Start v 5 20 EAPOL Logoff v 5 20 IDS Default Configuration Restore Defaults Time Seve
116. s devices in your enterprise Basic The Basic data rates are usually the data rates that the vast majority of your wireless devices can support Only wireless devices that support all the Basic data rates will be connected to the WLAN system Therefore it is recommended that you configure a minimal number of Basic data rates that the vast majority or all your wireless devices can support When working in mixed mode there should be at least one Basic data rate from the 802 11b rates Optional If you configure a data rate as Optional the network will provide that data rate to wireless devices that can support it Disabled Disabled data rates are not available to wireless devices Because the Extricom Series WLAN system allows for dense deployment of APs it is recommended where applicable to disable low data rates Not doing so could possibly lead to an edge user effect in which a client reduces aggregate network throughput by moving to the edge of the coverage area Table 11 Radio Configuration Parameters Configuring WMM To configure WMM click on the WMM tab SS WMM is configured per radio 1 Select the radio from the drop down list 2 Enable WMM by selecting the Enable WMM checkbox 3 Configure the appropriate WMM parameters as described in Table 12 below Configuring the Extricom Series WLAN System Quick Setup LAN Settings WLAN Settings ESSID Definition l Events amp Reports Sup
117. s reset The trap details which AP was reset Extricom Series WLAN System Installation and User Guide 109 Trap Name Description 79 POE reset An AP was reset but is still not working properly The AP was power booted via PoE The trap details which AP was PoE reset Table 28 SNMP Traps 110 Northbound SNMP Traps Appendix A Internal Access Point Mounting Template 4 25 inches 10 8 cm Important Note Due to variations in printers when printing this page printer Page Scaling should be set to None or diagram may be automatically reduced in size As a double check make sure the distance between drill points is as indicated above Extricom Series WLAN System Installation and User Guide 111 Appendix B Certifications The following lists compliance certifications of Extricom Series access points and switches Access Points EMC Safety RoHS Radio ETSI EN 301 489 1V1 9 2 2011 FCC Part 15 Class B EN 60950 1 2006 A11 A12 A1 UL 60950 1 IEC 60950 1 ROHS2 2011 65 EU FCC Part 15 Class C and Part 15 Class E VCCI Technical Requirements V 3 2001 04 EN 300 328 V1 8 1 EN 301 893 1 7 1 EMC Safety RoHS ETSI EN 300 386 V1 4 1 2008 04 ETSI EN 55024 98 A1 2001 A2 2003 ETSI EN 55022 2006 A1 2007 FCC Part 15 Class B EN 60950 1 2006 A11 A12 A1 UL 60950 1 IEC 60950 1 ROHS2 2011 65 EU Certifications
118. s the WLAN When the AES Only is checked only clients with AES support are allowed to access the WLAN Cisco LEAP protocol not CMIC amp CKIP is supported under WEPxxx amp 802 1x Authentication Authentication is used to identify if a wireless device is authorized to connect to the WLAN and verify the wireless device s identity Authentication methods such as specific EAP methods available in the WPA WPAZ2 enterprise option also verify that the association process 1s secured Authentication utilizing WPA WPA2 enterprise can also support encryption key changes The following methods are available e amp 02 x 1if the cipher is WEP40 or WEP104 e WPA WPA2 enterprise if the cipher is TKIP or AES e Supported protocols EAP TLS TTLS PEAP LEAP and MDS When choosing an encryption cipher and authentication E method make sure it is compatible with the wireless devices capabilities The Extricom Series system supports WPA2 Mixed Mode This mode permits the coexistence of WPA and WPA2 clients on the same ESSID WPA2 mixed mode allows old WLAN clients with new WLAN clients on the same ESSID during the transition period Any security combination Encryption and Authentication can be selected from the list and the checkboxes Extricom Series WLAN System Installation and User Guide 47 Field Description WEP Keys WPA MAC Authentication RADIUS Server The WEP Keys a
119. s under WLAN Settings in the navigation tree Overview LAN Settings ESSID Assignments E WLAN Settings Save ESSID Definition ESSID Radio 1 a Radios extr_sqa_159q1 Iv Cancel Radio 2 disabled Radio 3 disabled r r Vv r Radio 4 disabled extr_sqa_159q2 T Access Points System Tools Advanced Events amp Reports Support amp Feedback Time Sev Description Type 04 01 2007 11 56 28 al Client 00 0B 6B 4D 62 06 aid 1 has disassociated from 00 13 46 20 49 41 ESSID extr_sqa_159g1 Reason 2048 02 04 01 2007 11 55 59 1 Client 00 0B 6B 4D 62 06 aid 1 has associated to 00 13 46 20 49 41 essid extr_sqa_159g1 01 04 01 2007 11 55 53 al Client 00 0B8 6B 4D 62 06 aid 1 has disassociated from 00 13 46 20 49 41 ESSID extr_sqa_159g1 Reason 2048 02 Done B Internet A 100 Figure 34 ESSID Assignment Page The web page displays a cross reference table of previously defined ESSIDs and radios up to 4 Check the box for each ESSID you wish to assign to any of the four radios Extricom Series WLAN System Installation and User Guide 61 Access Points The only AP configuration required in the Extricom Series WLAN architecture 1s powering of the AP ports on or off To configure AP PoE status Click on Access Points in the navigation tree Under the PoE amp Radio Controls tab e Toggle an individual AP PoE on or off by clicking on its RJ45 connector image The RJ45
120. second configured server on the list then the third and so on Acc Interim The interval in seconds to send accounting information The default value is 60 Table 10 RADIUS Configuration Parameters To save the configuration click Save At the end of the configuration you must apply the configuration in the System Tools section Extricom Series WLAN System Installation and User Guide 53 Configuring WLAN Radios To configure the WLAN radios select Radios under WLAN Settings in the navigation tree On this configuration page you will find the following three configuration tabs e WLAN Wizard e Radios e WMM Configuring Radios Using WLAN Wizard Extricom ou Overview Quxk Setup LAN Settings G WLAN Settings SSID Oetievteon WLAN Wizard WLAN Configuration y r r n Note Baers Wererd Flan q tveris A Begerts Support A feo beck fiere Severity tieni ipten type Figure 31 WLAN Wizard Configuration Page Using the step by step WLAN Wizard facility and starting with either the Current Configuration or a new one Start Over you may simplify the process of configuring the radios following the five pre determined steps below 1 Access Point Type 2 Rogue AP Detection Blanket 3 Blanket Types 4 TrueReuse 5 Additional Parameters At each step a corresponding entry 1s displayed on the right side of the configuration screen For the details on the configuration parameters refer to Table 11 54 C
121. siccscoicisseensaseaissouacsenssieransoucissegauadeassovarseeseneieeneeie 25 Mounting the Switches Optional ccc ssssssssssssseeeccecceeceeeeeeeaaeseesseseseeeeeeeeeeeeeeeeeaaas 26 Mounting the Access Points Optional cccccceeececeeeceeeeeeeaeeeeesseseeeeeeceeeeeeeeeeeeeaas 26 Connecting the Switch and the Access POInts cccccccccccceccceeeseeeeseeesseeeceeeeeeeeeeeeaaas 21 iv Table of Contents Connecting the AT EXLS 3000 SWitClesssecscsstscesdvsavessancbasccsnendedandedaswsdvarwecsanabaeossnendecds 29 Range Extenders and Media Converters cccccccccccceceeeeeeeeeeeseesseeeseeeeeeeeeeeeeeeeeaaas a2 EXRE 000 R nge Extender sererai eea iekea aS EEEE raei 32 EXMC H000 Media COnverie acs sczci2iccedencassaegzaiaeaiecdincsionzivebdesaeusaaseacanaiencdesaiensinobieecte 32 Chapter 3 Configuring the Extricom Series WLAN System ssssssssscsssssssscsccees 33 Accessing the Extricom Series Switch GUI cccccccccccceessssesesesseseeeeeeeeeeeeeeeeeaaas 33 Using the Extricom Series Web Configuration Pages cccccssssssssssssseeeeeeeeeeeeeeeeenaas 34 Overview OF ie Coni ordo sesine Enn cesses E EEEE DEREN 36 Contieurine LAN Parameters igi siclocssataressdccsiesesstavessiasndaserabenasstaent e a a seke eia 38 Configuring WLAN Suit Siscccssssiicesnedccennsadid cen tebssserericcdesnedecanssahstcentelssevsendiddesnabesenseets 40 Conneaime ES SID De Imi ON sesser E E 40 Comins tings WLAN RA
122. ss to return to the last applied configuration Undo Q Note All unapplied configuration changes will be lost Time Severity Description Type Apr 09 2014 09 20 49 Low The following APs have been connected S13 13 Pa use Apr 09 2014 09 20 26 Medium The following APs have been disconnected S13 14 Anr 09 2014 99 15 02 Low The followina AD hawa haan connected S12 412 Figure 40 Maintenance Configuration Tab Field Description Save Configuration Save the active configuration to an offline disk Upload Configuration Upload a configuration from an offline disk to the switch Use the browse field to locate the configuration file You will see a pop up window stating Please select configuration elements to upload Factory Defaults Restore factory default configuration You will see a pop up window stating Please select configuration elements to Restore Undo Configuration Return to the last applied configuration All unapplied Changes configuration changes will be lost Table 14 Maintenance Configuration Tab To save the active configuration click on the Save button and specify the off line location where you wish to save the file 66 Configuring the Extricom Series WLAN System To upload a configuration check the appropriate configuration elements in the Browse pop up window then click Upload Configuration Upload Mozilla Firefox _o 2 a hittps 192 168 1 101 restore_pop php from upconf z z Please
123. st connect to a specific ESSID Each channel can support multiple ESSIDs thus creating virtual networks on the same channel The following is the data structure used by the Extricom Series systems e Each radio is assigned one channel e Each channel can support up to 8 different ESSIDs see note below Each ESSID can be associated with a VLAN tag The same ESSID name can be repeated for different channels Up to 7 ESSIDs are allowed on channel 1 and up to 8 ESSIDs are allowed on each EES of the remaining channels In the ESSID web page there are the following four configuration tabs e ESSID Settings e MAC ACL e MAC ACL Scheduler e RADIUS ESSID Settings e Click ESSID Definitions in the navigation tree The ESS D Settings page appears see Figure 27 Under this tab you may Add a new ESSID as well as Rename or Delete an existing ESSID You can configure ESSID parameters refer to Table 7 for a description of the available parameters 40 Configuring the Extricom Series WLAN System SE 7 Ex trico Extricom Overview ESSID Settings Quick Setup MAC ACL MAC ACL Scheduler RADIUS LAN Settings WLAN Settings Select ESSID a ae ESSID Definition 3 Radios Delete amp Save Assignments Access Points System Tools Advanced Management LV Settings New ESSID Events amp Reports Add amp Save Support amp Feedback
124. system to provide customized beacon coverage The higher the rate the more beacons shall be distributed on this SSID Select one of the five rates available in the drop down menu e Basic 0 beacon rate control e Normal default 33 beacon rate control e Increased 66 beacon rate control e High 80 beacon rate control e Full 100 beacon rate control To enable this option go to Advanced Others tab Extricom Series WLAN System Installation and User Guide 43 Field Description In Band Management Captive Portal VLAN Disassociation Timeout DTIM EAPOL Start Only 44 Select this option if you wish to allow management of the switch via the wireless media through this ESSID In band management ESSIDs are assigned to the same VLAN as the VLAN that has been set up for the switch management Once you set this option the VLAN setting will be automatically updated to the management VLAN as set in the LAN Configuration web page If In Band Management ESSID is enabled only the following security Settings are permitted this should be set from the Others Tab on the Advanced page e WPA WPA2 personal TKIP AES amp Pre Shared Key Authentication e WPA WPA2 Enterprise TKIP AES amp 802 1x Authentication Select this option if you wish to set this ESSID to be captive portal restricted If you set this option the ESSID VLAN ID is automatically assigned with the VLAN ID specified in the Portal tab in the Advan
125. t can be used both as a standalone product to extend the reach of PoE installations and as a complement to the Extricom Series WLAN System When used in WLAN implementations the EXRE 1000 enables any Extricom UltraThin Access Point to be connected using standard Cat5e 6 cable up to 150 meters from the Extricom Series WLAN Switch The Range Extender sits in line on the Ethernet cable and does not require an external power feed The Range Extender receives its power from the original PoE injector in the switch or from a PoE injector power supply while it simultaneously injects PoE to the extended cable segment EXMC 1000 Media Converter 32 The EXMC 1000 Media Converter allows users to extend the size of their WLAN with the use of fiber cabling The EXMC 1000 functions as a GbE range extender providing fiber connectivity to Extricom Series access points and Extricom Series WLAN switches at distances of up to 400 meters assuming that the switches and the APs are GbE enabled The EXMC 1000 can be installed in any implementation and is connected to the WLAN switch edge switch or AP with Cat 5e 6 cable through a standard RJ45 port The EXMC 1000 provides an extended level of deployment flexibility for large scale Channel Blanket deployments because it does not need the power infrastructure normally required for fiber deployments The switch side media converter is powered via PoE from the WLAN switch or optional external power supply the AP
126. tected Access W1 Fi Protected Access 2 Also referred to as WPA PSK Pre shared key mode it is designed for home and small office networks and does not require an authentication server Each wireless network device authenticates with the access point using the same 256 bit key generated from a password or passphrase WPA WPA2 Enterprise Also referred to as WPA 802 1X mode and sometimes just WPA as opposed to WPA PSK It is designed for enterprise networks and requires a RADIUS authentication server This requires a more complicated setup but provides additional security for example protection against dictionary attacks on short passwords An Extensible Authentication Protocol EAP is used for authentication which comes with different types WPA WPA2 Enterprise amp Personal enables the wireless client to choose from either of the two methods on a single ESSID Configuring the Extricom Series WLAN System Field Description In addition there are two types of encryption ciphers available e AES Advanced Encryption Standard Cipher Block Chaining Message Authentication Code Protocol is currently the most advanced and secured method of Wi Fi encryption and is part of 802 111 WPA2 standard e TKIP Temporal Key Integrity Protocol This is a more secure and more advanced method of encryption as a part of the WPA standard When the WPA2 Only box is checked only clients with WPA2 support are allowed to acces
127. tem Installation and User Guide 83 Welcome to Extricom s Network Access Page SAGE e Username Extricom Password Powered by Extricom Please Provide your username and password to access the network p A WAA rele S Works wus d Big F d A Figure 54 Extricom Series Default Captive Portal Web Page Multicast Under the Multicast configuration tab you may limit the amount of time the system is busy with sending Multicast traffic this feature mostly applies to specific applications communicating mostly via multicast traffic The Multicast tab is available only when Expert E mode is enabled from the Advanced settings Extricom Le Overview Quick Setup Resiliency i Rogue System Logging SNMP Centralized Configuration ws Portal LAN Settings E WLAN Settings Multicast aa Filter Non Broadcast Multicast ESSID Definition Multicast LBS Expert Others Save Radios Multicast Max Bandwidth Usage Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports l Support amp Feedback Figure 55 Multicast Configuration Tab 84 Configuring the Extricom Series WLAN System LBS Location Based Service LBS tab Real Time Location Services RTLS support third party RTLS solution vendors to provide high accuracy location based services for WLAN mobile clients AA r Sant Extricom f LV 2000
128. the IP address of the manager device in the Manager IP field Refer to the Northbound SNMP Traps chapter for a complete list of SNMP traps that may be sent by an Extricom Series switch SNMP Agent You may configure the switch to respond to SNMP queries from various management systems on the network To do this 1 Enable the function by selecting the Enable SNMP Agent checkbox 2 Set the password for SNMP Get Requests by entering it in the Read Community field 3 Set the password for SNMP Set Requests by entering it in the Write Community field 4 Enter the location of the switch in the Location field 5 Enter the contact information in the Contact field SNMP Access List To tighten security of your wireless LAN you may decide to configure specific access lists ACLs to grant SNMP access to specific devices To do this 1 Enable the SNMP ACL function by selecting the Enable SNMP Access List checkbox Extricom Series WLAN System Installation and User Guide 79 IDS Extric 2 Enter the IP address of a device along with the Get Request and Set Request passwords in the Read Community and Write Community fields respectively 3 Click Add Enter as many ACLs as needed Before navigating away from this configuration screen do not forget to save the changes you made by clicking the Save button on the right To start generating SNMP traps you must apply the configuration IDS stands for intrusion detection system Maliciou
129. tional goes into standalone mode Once the fault that caused the switchover has been resolved both switches must be rebooted in order for them to return to normal cascade operation Otherwise they will continue to operate in standalone mode Configuring the AT EXLS 3000 System Chapter 5 Configuring the AT EXLV 2000 System Advanced Configuration AT EXLV 2000 Differences To configure advanced features select Advanced from the navigation tree For more detailed information refer to Advanced Configuration on page 73 Extricom LV 2000 ta Pee Quick Setup LV Settings Honeypot Access Points Switch Load Balancing Save Large Public Venue Enable Support amp Feedback Figure 66 LV Settings Enabling Large Public Venue Enabling this option provides for the enhanced functionality to provide the IEEE 802 11 service within large public venue sites Configuring Honeypot The Honeypot configuration provides for reducing the RF level at the site by providing response to mobile devices that are probing the air and keep trying to reconnect their last location such as Home WLAN network Office WLAN network or any other WLAN service The mobile devices that get stuck to the Honeypot will stop probing and allowing the air to real network traffic Extricom Series WLAN System Installation and User Guide 97 98 Za Extrico WY Overview Quick Setup LAN Settings E WLAN Settings ESSID De
130. ues naded sinhe aiai riei deai 87 Chapter 4 Configuring the AT EXLS 3000 System eesssssssssseceoccsssssccecoccsssseseceesosssssseee 93 Powering EAG6 SWIC scssi naaa OEREO aE 93 Advanced Configuration AT EXLS 3000 Differences cccccceeeeeeeeeeeeeeeeeeeaes 94 BR CNC Y 5 205 bec concede oss sieanannetetaeonitesqacsedsansbadancnesnatenceusspooce sues sedbastneaaanaceacussecocaniets 94 Extricom Series WLAN System Installation and User Guide V Chapter 5 Chapter 6 Chapter 7 Appendix A Appendix B vi Configuring the AT EXLV 2000 System ssssssssssssssssssssssssssssssseeeees 97 Advanced Configuration AT EXLV 2000 Differences ccccccseeeeeeeeeeeeeeeeeeaes 97 Polini Tears CAP CV CAS coriaria E EEEE EEEREN 97 Come arin ONC Y DOK ssie EE E 97 Configuring Access Point Parameters ccccccccccccccccceeeeeeseseseseeeeeeeeeeeeeeeeeaaaeeeeeeees 99 Switch Load Balancing s ssscccssestecadsxcdacestaadecsncdonaadeenavadshanacadeoradlee dary wsedoueacadoserenacemsbs 100 ET OUDICS NOD UNG cossiesesavscccecnsscesescnsccssecsscensseuscossucssuesessnscossasesceuesenscosseonsassensseaeds 102 Northbound SNMP LEADS icicctnimincivinnsinipteninimunaaenatinieenaneeins 104 Internal Access Point Mounting Template sssssssscccsssssssssssssccosees 111 OE OT ea tr rrrrrrrrr errs rrr reer rrr errr rrrrecrrrrner rey rerre rr rrr Tyr rrrrer 112 Table of Contents About This Guide
131. uick Setup Apply Reboot Maintenance Time amp Date Passwords Upgrade Certificate License LAN Settings WLAN Settings Install Switch License Access Points System Tools Upload a sh gz license file No file selected Install amp Reboot Advanced Q Note after installing the new license the switch will reboot in order for changes to take effect Management sacle Installed License Details Events amp Reports Serial Number N A Support amp Feedback Number of Ports 16 Number of Blankets 3 Number of Clients 2007 TrueReuse Disabled 802 11n Enabled Resiliency Disabled Large Public Venue Enabled Agile Support Expires N A Time Severity Description Type Figure 47 License Configuration Tab 72 Configuring the Extricom Series WLAN System Advanced Configuration To configure advanced features select Advanced from the navigation tree Under this configuration category you will find the following configuration tabs Cascade Resiliency The Resiliency tab will only appear on a switch that has the Resiliency parameter on the License installed The Resiliency feature provides enhanced redundancy capabilities through several layers switches and APs and combined Cascade Resiliency supports redundancy between cascaded switches Both switches serve a single BSSID until any of them is at fault As soon as one of the switches fails the surviving switch serves mobile devices by itself with no human intervention The eventua
132. umber AIFSN followed by a random period called the Contention Window CW both specified in multiples of the slot time The CW maintains the DCF random back off component to help avoid collisions of packets from the same access category The CW range doubles each time there is a collision starts CWmin up to CWmax and is reset to its minimum value after a successful transmission EDCA uses a mechanism called a Transmit Opportunity TXOP a bounded time interval during which a station can send as many frames as possible but the transmission time must not extend beyond the maximum duration of the TXOP Each priority level is assigned a TXOP and this mechanism prevents low speed stations from spending too much time using the media when other clients including those with traffic in higher priority queues are waiting Another mechanism introduced by WMM is per access category Acknowledgment policy Normal or No ACK Normal means that an acknowledge packet is returned for every packet received This provides a more reliable transmission but increases traffic load which decreases performance However one may choose to cancel the acknowledgement by selecting No ACK for each access category This can be useful for Voice for example where speed of transmission is important and packet loss is tolerable to a certain degree e IPv6 support The Extricom Series Switch family supports IPv6 pass through For example DHCP requests in IPV6 format
133. uplinks and 8 GBE ports to connect AT EXMS 1000 edge switches The AT EXLS 3000 controls up to 8 edge switches to provide a Channel Blanket of up to 128 APs Extricom Series WLAN System Installation and User Guide 10 Figure 5 AT EXMS 500 The AT EXMS 500 is equipped with 2 RJ45 SFP GBE Combo port uplinks and 8 GBE PoE edge side ports The AT EXMS 500 is capable of performing different wireless and networking functions depending on the firmware installed in it Configuring a switch and its associated set of APs is as simple as configuring a single traditional AP greatly reducing the effort required to deploy and maintain the WLAN Configuration is done via a dedicated secured web interface that comes standard with every switch SFP modules are not shipped with the AT EXMS 500 1000 To use the SFP ports E you must use Class 1 laser certified SFP modules according to IEC EN 60825 1 and or CDRH Introduction to the Extricom Series Wireless LAN System Overview of the Extricom Series Access Points Access Points with Internal Integrated Antennas The two radio AT EXRP 22n and three radio AT EXRP 32n are 802 1 1n access points with internal antennas for maximum throughput and easy deployment of 802 1 1n with or without legacy Wi Fi The AT EXRP 22n is equipped with two and the AT EXRP 32 with three dual stream radios each of which can be operated on the 2 4 GHz or 5 GHz band Each radio has a 2x2 MIMO antenna configuration
134. with Connectors for External Antennas ccccccccceseccceeeeeceeeeeeeees 11 Outdoor Access Points with Connectors for External Antennas eeeeccecccescceses 12 A Typical Extricom Series Wireless Network Topology ssssssseeeeeeeeeeeeeeeenaes 13 nL 0 GS 672 16 EE EE EEE EE AE EEEE E 15 ARTAL OO ee T E RE 18 Chapter 2 Installing the Extricom Series WLAN System sssssssssscceccccccccccoocsssssssseccceeee 19 Unpacking the Extricom Series WLAN System cccccccccccssssssssssesseseeeeeeeeeeeeeeeeeaaas 19 CS E E E AE E E sea duessesec seers 19 PCC SS TPO a A E E SA TEA tauasmeeoneds 19 AT EXRE 1000 Range Extender sceissc cnsssosicatitaloceedaavecosatdvasessenuscashtalocevacedecoistdaes esate 20 AT EXMC 1000 Media Converter ccccccccccccccesseccceseccccesecceceescceseueecesseneeceseneesens 20 Additional Eguipment 224 satasvesevsieaestancsesnasidecenbeseesenesaidans a Siea EE eO Enea 20 Cables for Connecting Two Switches in Switch Cascade cccccccseeeeeeeeeeeeeeeeenaes 20 Cable for Connecting the AT EXLS 3000 to AT EXLS 1000S cece 20 Determining the Location of the Extricom Series Access POImnts ccccccceeeeeeeeeeees 21 Extricom Series Switches ssnchccdesncdavssonacescasieonsasaevavacdbansvacdoosaricesbeautcsousinnedbaesuceddenantadouests 21 AT EXRP 22n 32n 22En 32EOn Access POInts ccccccccssseccccssscccceseccseesessceeeescess 24 Access Point Connectors and LEDS we i
135. with de authentication requests Flood Association Flood Flooding the WLAN with association requests Dis Association Flood Flooding the WLAN with dis association requests Invalid Authentication Flooding the WLAN with invalid authentication requests Request EAPOL Start Flooding the WLAN with EAP authentication EAPOL Start EAPOL Logoff Flooding the WLAN with EAP authentication EAPOL Logoff Defaults Restore defaults IDS Default Configuration Table 19 IDS Configuration Parameters Extricom Series WLAN System Installation and User Guide 81 Portal Captive Portal The Captive Portal mechanism restricts user Internet access by redirecting user web access requests to a Captive Portal web page There are two Captive Portal web page types e SSL based Secured Logging In Secured Logging a user is initially authenticated before allowed internet access The user enters the username and the password using SSL The switch then authenticates the user via RADIUS Server Secured Logging is used for applications that require authentication based access such as hotels and guest access e Open Access In an Open Access model a user trying to access the web is redirected to a welcome web page which might for example contain Terms of Use to which the user must agree before being allowed internet access Open Access is used for applications that enable open access such as free Airport networks The Portal tab allows you to configure the
136. y in the 5 GHz band and not the 2 4 GHz band The client then associates in the 5 GHz band New client tries to associate the network Client has 5 GHz capability Send Client to Send Client to 2 4 GHz band 5 GHz band Figure 59 Band Steering Operational Flow Band steering only works if the Wi Fi network has at least two radios one for the 2 4 GHz band and one for the 5 GHz band Viewing Events and Reports The Events amp Reports page provides performance reports and lists various system events To access this page click Events amp Reports in the navigation tree Within the page you will find the following configuration tabs e System Events e Clients Events e Events Filter e Reports e Diagnostics Extricom Series WLAN System Installation and User Guide 87 AL Extficom ba SS Overview Quick Setup LAN Settings E WLAN Settings ESSID Definition Radios Assignments Access Points System Tools Advanced Management LV Settings Events amp Reports Support amp Feedback Add Date amp Time Apr Apr 15 2014 12 22 39 Low Clients Events 15 2014 15 12 32 Low r 15 2014 12 23 39 Low r 15 2014 12 21 06 Low r 15 2014 12 20 01 Low r 14 2014 15 54 01 Low r 14 2014 15 53 59 Low r 14 2014 15 53 59 Low r 14 2014 14 55 46 Low r 14 2014 14 55 46 Low r 14 2014 14 55 46 Low r 14 2014 14 55 46 Low r 14 2014 09 49 09 Low Events Severity Extric
Download Pdf Manuals
Related Search