SmartBridges sB3210 User's Manual
Contents
1. 7 Radio TX ee Power aa to 23 dBm ae equipment selected for a link Messen l o other manufacturer j zemmer emer Beam width of antenna Les ES E DS H TI UE IT ooo bay airPoint Nexus User Configuration Guide Pageant ss intelligent wireless platform 1 Check out the Crimping of the Ethernet Yes No cable at both the ends 2 Check out the proper grounding of the Yes No antenna and equipment Ensure no extreme bends or kink s in the Yes No cable 4 Ensure Ethernet cable not running near a Yes No sharp edge Ensure airPoint along with antenna is Yes No fixed properly on a tower with the help of nuts and bolt supplied in packaging Ensure antenna is pointed to get the best Yes No RSSI and link Quality eee response Mem success rate ooo H Throughput test for upload bandwidth Link stability based on observation for 1 Hr FT Signature of Engineer Installation Date Commissioned Date For the latest information on smartBridges products please visit our website at http www smartbridges com bay airPoint Nexus User Configuration Guide Page roso intelligent wireless platform 2 airPoint Configuration This chapter explains how to log in change passwords and configure the various parameters for the airPoint Nexus 2 1 User Login and License Agreement The airPoint unit comes with a pre configured default Ethernet wired side IP address 192 168 0 202. 9 2 PROFLE Oe E 36 922 SVE Prole mica a ae ee on 37 5 2 2 Load Operating d e dE 38 5 2 3 Profile calendar 38 OO VINK MES Tete STE ED ND SIT S dan Cote ie 39 5 4 LINK BUDGET PLANNING nnnsnnnennsnnnnennsrrrsnrsnrrsnrrerrnrrrsrrrsrrrerrnnrrnnrrerrnerrnnrrnrrrenrnnrrrrrnnerne 40 6 FIRMWARE UPGRADE ronca 42 APPENDIX A CONFIGURATION OF THE RADIUS SERVER 44 APPENDIX B USEFUL TERMS AND DEFINITIONS ss 51 APPENDIXC SNMP TRAP nimicitoare EAA 54 APPENDIX D LICENSE E 55 bi Si l airPoint Nexus User Configuration Guide Page 25s intelligent wireless platform About This Document This User Guide is for the networking professional who configures and manages the smartBridges Intelligent Nexus Platform of wireless access points airPoint Nexus It provides detailed information on using the web based configuration GUI to configure the airPoint Nexus unit This manual will help you gain a better understanding of how the various components of Nexus work To configure smartBridges products you need to have fundamental understanding of the concepts and technology of Local Area Networks LAN and wireless networking The system installer will require expertise in the following areas e Outdoor radio equipment installation e Network configuration e Use of web browser for system configuration monitoring and fault finding In this chapter you will find an overview of the
3. 2 4 airPoint Bridge Configuration Parameters This section explains how to configure the following parameters for airPoint Bridge Ethernet Wireless and Bridge Spanning Tree Protocol 2 4 1 Ethernet Configurations The Ethernet wired side parameters need to be configured for the management of the airPoint Bridge device The airPoint Nexus 3210 unit supports two Ethernet ports configured as a bridge The Ethernet Configuration provides configuration for the bridge IP parameters Follow the steps below to change the airPoint Bridge Ethernet Configurations 1 From the Summary Information page click on the Ethernet Configuration link to change the Ethernet Configuration parameters 2 Enter a new IP Address IP Mask Gateway IP Address and DHCP status check to enable If DHCP is enabled the IP address will be assigned by the DHCP Server 3 Click on the Apply Changes button to change the settings Networking Logout Summary Information airPoint 5B3210 Bridge mode rom Tiet se TO Maximum Wireless ETH 4 MAC Address 00 30 14 1F 3C C9 Hong ETH B MAC Address 00 30 14 1C 3C C8 pply Changes Radio MAC Address 00 30 14 1F 48 17 Figure 2 7 airPoint Bridge Ethernet Configurations 2 4 2 Wireless Configuration The wireless parameters need to be configured to allow the client devices to associate with the airPoint unit Follow these steps belo
4. 2000 XP NT or Linux 2 Connection to the internet for downloading the latest firmware and Sun Java 3 Web browser either Internet Explorer 5 0 and higher Netscape 7 2 and higher Mozilla 1 7 and higher or Mozilla Firefox 0 8 and higher 4 SUN JRE v1 5 and above You may download it from http java sun com j2se 1 5 0 download jsp bi Si l airPoint Nexus User Configuration Guide SE EC GC 5 of 55 intelligent wireless platform 1 3 Checklists Pre Installation Checklist for airPoint Organization Name Site Name Address Zip Code Telephone Number Standard to be followed FCC ETSI RE i 2 TI 5 25 5 805 3 Maximum Output Power as per the 100mW 1W 4W Regulatory Authority Line Voltage 90V 264V AC 50 60 Hz Near Line of site between sites Height of tower Feet Meters Repeater required to achieve a link E NN a Kb LI TE If Repeater required then reason why For example to achieve ever ee re DRE Kb Kess O1 0 No of repeaters required Required Throughput Distance between sites Miles Km Antenna Type Parabolic sector Antenna Mfg smartBridges Name of other manufacturer ES 9 Antenna Polarization Horizontal Vertical ti Beam width of antenna Horizontal deg pf a 21 Type of external cable type LMR 400 LMR600 li bay airPoint Nexus User Configuration Guide C acess A of 55 O0 ER EN e ER intelligent wireless platform 22 Length of exte
5. 3 Value lt changed SSID gt Radio Mode Object Identifier 1 3 6 1 4 1 14882 5 1 18 Value lt changed Radio Mode gt Note Possible values for radio mode are as given in the table below 0 Lemos Router Rotter Remote Bridge CS Bridge EH Ea 3 Root Bridge Bridge 4 EE l airPoint Nexus User Configuration Guide DEE intelligent wireless platform Appendix D License airPoint Nexus is Copyright 2004 2005 by smartBridges All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Please refer to the URL below for latest updates to the Software Warranty Statement http www smartbridges com web support bo Si l airPoint Nexus User Configuration Guide Sas oise
6. A priority Ethernet port ETH B 0 255 The preference that STP gives priority this port relative to other ports for forwarding traffic out of the spanning tree A higher numerical value means a lower priority thus the highest priority is 8 0 65535 The cost of using the port to reach the root bridge When selecting among multiple links to the root bridge STP chooses the link with the lowest path cost and blocks the other paths Each port type has its own default STP path cost 0 255 The preference that STP gives this port relative to other ports for forwarding traffic out of the spanning tree Radio port Radio A path cost Radio port Radio A priority A higher numerical value means a lower priority thus the highest priority is 8 airPoint Nexus User Configuration Guide Page 23 of 55 intelligent wireless platform The Radio and Ethernet interfaces are assigned to bridge group by default When the user enables STP and assigns a priority on bridge STP is enabled on the radio and Ethernet interfaces The interfaces adopt the priority assigned to bridge The user can edit STP Priority Bridge Max age Bridge hello time Forward Delay STP Port priority and STP Port Path cost The Transparent Aging Time determines the time to refresh entries in the Forwarding Table The Transparent Aging Time default value is 300 seconds Follow the steps below to configure the bridge STP for device in airPoint Bridg
7. Bee intelligent wireless platform _Menu Item Menu Sub items Tools Profile Manager Save Profile Allows user to define and save up to three device operating profiles for easy device management One installation profile is always available Operating Profile Allows user to load the profile from saved profiles and shows last loaded profile Profile Calendar Allows user to plan and manage the use of different profiles at different times efficiently Link Test Allows user to do a throughput test and ping test These tools could be very helpful during the installation phase However this only works with the Nexus product range Link Budget Planning Calculator Allows user to calculate the Link Budget Antenna alignment Shows the link status link quality RSSI User Manager Allows the administrator to change the Administrator password Firmware Upgrade Allows user to update to new firmware versions Technical Technical Support Information on Technical Information on Technical Support User eiO Online Link to online User Ge Product Peace and Feedback Allows user to register ee el and provide feedback or suggestions Check for Updates Check on smartBridges website for any software updates About airPoint Nexus General system description software version information and warranty information bay airPoint Nexus User Configuration Guide ES 17 of 55 intelligent wireless platform
8. Internal Bandwidth MAC Address Upload Download Add to Table Mac Address Upload Kbps Download Kbps OR SO LA LFP OE3 15360 13360 RCE 00 30 14 1E 46 34 13360 15360 om Display Records 6 Ga Apply Changes Figure 3 6 WPA PSK Security Check for the Internal Bandwidth Feature ee airPoint Nexus User Configuration Guide Page 30 of 55 intelligent wireless platform 4 Traffic Statistics The Wireless and Ethernet Traffic Statistics can be displayed by clicking on the Networking Statistics drop down menu The following figure shows the statistics page This page will be refreshed after every 10 seconds Home Networking Radio Tools Help Logout Networking Traffic Statistics airPoint 583210 Bridge mode Wireless Traffic Statistics Ethernet Traffic Statistics Transmitted Transmitted ETHA ETHB Transmit Success Rate 15922 Transmitted Bytes En 14402894 Transmitted Multiple retry Transmitted Unicast 35416 Count Packets Transmit Retry Rate Transmitted Discards a Te Transmitted Failure Count 2185 Transmitted Errors toi Receive Success Fate 1857599 Received Bytes 4435383 Receive Duplicate Rate Received Unicast Packets Received Frame Count 3050349 Received Multicast 10 Received Frame FCS Error Packets 2583525 Count Received Discards Se Ack Receive Failure Count 2763 ener o PTS Success nos Reset Statistics Refresh Data will refresh automatically after every 60 seconds Ho of Abort
9. client certificates are needed for TLS and PEAP To produce the required certificates We recommend that you use CA all that is included with FreeRADIUS CA all uses the configuration information in openssl cnf a openssl cnf Update openssl cnf for your configuration The configuration file is located at usr local openssl ssl A portion of the information from our openssl cnf is given below The company information is does not describe an actual company located in Brentwood TN Note that the configuration information includes the password whatever It is the certificate password When CA all executes it uses this information three times The first pass through this information produces the root certificates If you set up your configuration as shown below you will be able to accept all of the settings in the first pass The second pass through this information produces the client certificates You only need to change the commonName to the client name In our case We changed the commonName to jbibe The third pass through this information produces the server certificates You only need to change the commonName to the server name In our case we changed the commonName to micron req_extensions v3 req bay airPoint Nexus User Configuration Guide Bee intelligent wireless platform The extensions to add to a certificate request req_distinguished_name countryName Country Name 2 letter code countryName_ defaul
10. define the bandwidth for each wireless client device The WEP key can be enabled or disabled In cases when the WEP key is disabled the page looks as follows ar airPoint Nexus User Configuration Guide Bee intelligent wireless platform Networking Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Mode Internal ACL Ke Internal ACL Table DS Table Internal ACL Table MAC Address Upload Download Add to Table Mac Address Upload Kbps Dovwnload Kbps 00 30 14 1E 4E 34 15360 15360 ERR Display Records k Ga Disable pply Changes Figure 3 2 Internal ACL with WEP disabled If the WEP key is enabled the configuration page for Internal ACL will be as follows Home Networking Radio Help Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Mode Internal ACL w Internal ACL Table DOS Table Internal ACL Table MAC Address Upload Download Add to Table sn Weiter Veit Download kbps perete si ommes w sx 0 e oomme OOO o o 0 EP Disable Enable Authentication Open System O Shared Key valid Key First Key 14523abcde2314abefeda23145 Second Key jabcdef2347665abcefiz345abec Third Key L 2abcdef34567abcdf34521789 Fourth Key labc3dabodfe34521785634abce Apply Changes Figure 3 3 Internal ACL with WEP enabled ENEE airPoint Nexus User Confi
11. radio firmware version ersion Edit Configuration Provide link to edit IP radio configurations ea Reset device to factory defaults Defaults Ethernet MTU Size Set the Ethernet MTU Size Syslog server IP Display the current message syslog server IP Address Address User can change the IP address Display the current SNMP trap IP address RUE LES User can change the IP address Log Level Display the current Log Level LED On Display the current led on status User can change the Led on status to on off Current Operational Display the current operational mode mode User can change the current operational mode 5 1 2 SNMP Security User can edit the SNMP Community String and SNMP Access filters To change the SNMP security settings click on the SNMP security link in the System Configuration page Figure 13 shows the SNMP Security Configuration page Follow the steps below to change the SNMP security settings Enter New Community and Confirm Community with the same string Check the SNMP Access Filters Enable box Enter Access Filters IP Address and Mask Three IP s settings are provided Click the Apply Changes button ERA N airPoint Nexus User Configuration Guide Page 33 of 55 intelligent wireless platform System Configuration SNMP Security Operational mode airPoint Bridge SNMP Security SNMP Community New Community Confirm Community SNMP Access Filters Enable um 192 168
12. step is to test the server With Windows XP computer off start the server in the debug mode by entering usr local radius sbin run radius X A The server should start displaying various debug information If it displays Ready to process requests the server is running This message is identical to the TLS start message If you review the debug information you will see additional messages as peap and mschapv2 start If you see the Ready message start the Windows XP computer As the client and server communicate you will see various messages exchanged If all is well you should see the client authenticated and the user logged on Again you will see the MS MPPE Recv Key and the MS MPPE Send Key If you review the debug messages you will see the TLS tunnel being built Once it is built you will see verification that messages are passing through the tunnel Finally you will see the user authenticated bi Si l airPoint Nexus User Configuration Guide Page 50 of 55 intelligent wireless platform Appendix B Useful terms and definitions 802 11h The 802 11h specification is an addition to the 802 11 family of standards for wireless local area networks WLANs 802 11h is intended to resolve interference issues introduced by the use of 802 11a in some locations particularly with military radar systems and medical devices 802 110 IEEE 802 11Q defines a mechanism for tagging frames so that they can be segregated into se
13. usr local radius sbin run radius X A The server should start displaying various debug information before it displays Listening on IP address ports 1812 udp and 1813 udp with proxy on 1814 udp Ready to process requests If you don t see the message look through the debug information for errors and missing information If you see this message start the Windows XP computer When the Windows XP starts you will see various messages and certificates exchanged between the client and the server If all is well you should see the client authenticated and the user logged on The following partial example is from Document 3 It shows the last few lines of a successful authentication MS MPPE Recv Key 0xe032765ca06c052e5fe7c2a 7534a4252daec44a08505bdb459d4 fa81e70390f2221d2b0607 1eb0625e0ba67452a890909662 MS MPPE Send Key 0xe03131ce085bc266127528e749bd4753d3e1 702df2d4d8c080351 380f52eae2c24a9fa78015c24e0d140bcd01b23d6c0cacc EAP Message 003_ 000 004 Message Authenticator 0x00000000000000000000000000000000 Finished request 5 Going to the next request If you see MS MPPE Recv Key and MS MPPE Send Key the server authenticated the client You should be able to surf 7 Change Server Configuration for PEAP To change the server for PEAP authentication only a few changes need to be made a users Return to the users file and add the user password jbibe User Password My XP Password b Radiusd conf Return to the r
14. will be displayed to edit any wireless settings The figure below shows the Ethernet Configuration parameters in editable boxes To save the changes to the system the user has to click on the Apply Changes button Note Clicking the web browser s Back button returns to the previous screen without saving any changes Changes are saved only when the user clicks the Apply Changes button bay airPoint Nexus User Configuration Guide H ros intelligent wireless platform Networking Logout Summary Information airPoint 583210 Bridge mode CS Maximum Wireless Throughput Kips eee BE ETH E MAC Address 00 30 14 1C 3C c8 pply Changes Radio MAC Address 00 30 14 1F 48 17 Figure 2 6 Editable Boxes for Parameter Editing The Navigation menu bar contains menu items that allow user to go to different configuration pages The following table summarizes functionalities available for the menu item links Table 2 2 Description of Menus Menultem_ Menu Sub items Summary Info Displays summary page with information such as Ethernet and Wireless settings Allows user to set the IP settings for Ethernet wired side and Wireless interfaces depending on the device operational mode Bridge Configuration Displays the bridge address generic bridge port table spanning tree port table for ports ETH A ETH B Radio A etc Bridge configuration option is available when airPoint is configured as a Bri
15. wireless networking devices use to establish and maintain wireless connectivity It is case sensitive and can contain up to 32 alphanumeric characters Do not include spaces or any special characters in the user SSID Domain Shows the current radio regulatory domain User can choose the appropriate domain The pull down menu shows a list of domains supported by radio Different domains will show different channel lists Radio Operating Mode Shows the current radio operating mode It can be set to use 802 11 a b g standards or sB Enhanced Mode with compression on Channel Shows the current radio channel in the selected domain User can choose other channels from the pull down list The default channel setting for the radios is for the least congested The radio channel settings correspond to the frequencies available in the user regulatory domain airPoint Nexus User Configuration Guide Page 19 of 55 intelligent wireless platform Rates This indicates the current rate at which the radio is operating which can be set as desired by the user Auto Rate Fallback Allows radio to fall back to lower data rate Dial a Power Dial a Power is used to set the output power of the radio at the N Connector The valid radio power range is from 5 dBm to 23 dBm Antenna Gain This is the gain of an antenna attached with the airPoint unit User can select anywhere between 2 2dBi to 30 dBi RF cable Loss This refers to the loss of a cab
16. 1 3 Mask 255 255 aie 0 mask Co o e am 0 Mesk Co E 4ooly Changes Figure 5 2 SNMP Security Configuration Table 5 2 SNMP Security Configuration SNMP Community Display SNMP Community String that is currently used to communicate to the device through SNMP New Community User can change the SNMP Community String by entering a new Community string Confirm Community User must enter the same community string as New Community string to confirm User can change the Access Filter status List of 3 IP filters User can enter the IP address and mask 5 1 3 Reset Options All reset options power cycles the device and restarts the whole system Reset To reset the device The device will come up with the current configuration values Reset to Defaults To reset the device to default configuration values Delayed Reset To reset the device at a particular time and can be programmed to do so on a daily weekly monthly basis The current time can be set by specifying a NTP server there is one already specified by default and the time zone After enabling the delayed reset specify a time which is valid in reference to current time When recurrence is set to weekly monthly or daily the reference is made with the first set time i e Reset time bay airPoint Nexus User Configuration Guide DEE intelligent wireless platform Tools Delayed Reset Operational mode airPoint Bridge Delayed R
17. 5 intelligent wireless platform Preamble Settings a Shows current value b Choose other settings available from pull down menu The radio preamble is a section of data at the head of a packet that contains information the airPoint Device and Remote devices need when sending and receiving packets The pull down menu shows user to select a long short or dynamic radio preamble Default is dynamic Long a long preamble ensures compatibility with most clients Short a short preamble improves throughput performance But only allow short preamble capable clients to associate Dynamic a dynamic preamble allows mixing of short and long preamble Throughput Optimizer Throughput Optimizer is used to optimize the radio link speed The valid range is 0 to 10 A higher value means the radio will attempt to establish the highest possible data rate in an aggressive way A smaller value ensures a more stable link The Throughput Optimizer settings can be varied to achieve a most stable link Follow the steps below to change the parameters From the Radio Configuration page click on the Performance link Choose the Fragment Length from the pull down list Choose the RTS CTS Length from the pull down list Enter the RSSI Threshold Choose the Preamble Settings from the pull down list From Throughput Optimizer pull down list choose an appropriate value Click on the Apply Changes button to c
18. 6 and subnet mask 255 255 255 0 This default device IP address should be used to access the device configuration management interface from any web browser Enter http 192 168 0 206 for the URL address In addition the Sun Java Plug in should be installed The PC must be on the same subnet as the airPoint unit Follow the steps below to login as an Administrator to the web based configuration management interface system 1 Connect the airPoint unit via the ETH A ETH B port to a PC 2 Open a web browser on the PC 3 Enter the device IP address 192 168 0 206 in the web browser address field and press the Enter key 4 A user login box will appear Enter the User name and Password and check the Remember my password checkbox if you want the system to remember the password The default User name is Administrator and the password is smartBridges case sensitive Connect to 192 168 0 206 smartBridges User name administrator Remember my password Figure 2 1 User log in box 5 Click the OK button 6 ALicense agreement page will appear Click Accept bay airPoint Nexus User Configuration Guide gato mrss intelligent wireless platform Terms of use Terms of use READ THE TERMS OF THIS AGREEMENT AND ANY PROVIDED SUPPLEMENTAL LICENSE TERMS FROM THE http rmm smarthridges com web support ah nexus asp link COLLECTIVELY AGREEMENT CAREFULLY BEFORE USING THE SOFT
19. Profile Calendar Select Profile E m Time Server Not available 4oply Changes Figure 5 5 Profile Manager Table 5 3 Profile Manager Menu Items Save As Select which profile name to save for the current configuration Profile Description Specify a description for the profile to be saved Save Profile button Click to save current profile 5 2 1 Save Profile Follow the steps below to save the current configuration to a profile 1 Selecta profile name from Save As 2 Enter a description of the profile 3 Click the Save Profile button to apply changes Note Existing configuration parameters in the selected profile name will be replaced with current configuration parameters bay airPoint Nexus User Configuration Guide Pe oi intelligent wireless platform 5 2 2 Load Operating Profile To load the operating profile 1 Selecta profile to load from the Profile Table 2 Click the Load Profile button to load the selected profile Note Current configuration parameters will be replaced by the new loaded profile User will be asked to wait while the new profile loads 5 2 3 Profile Calendar Profile calendar allows user to manage profiles based on different calendar times User can configure different profiles and scheduled activities based on the different profiles at a pre defined time A typical situation is an operator has two profiles to be switched on alternatively during th
20. SmartBridges unwiring our world airPoint Nexus sB3210 User Guide Version 1 0 Copyright smartBridges Pte Ltd All Rights Reserved intelligent wireless platform TABLE OF CONTENTS ABOUT THIS DOCUMEN NEE 3 OVERVIEW OF USER GUIDE geegent 3 RELATED PUBLICA TIONS sicccsesscescesccascececesscccesecccscccssecessvscoucsceguccsuescivuccsuvecegeccsuescevucesyc cuees 3 TECHNICAL SUPPORT CENTER eege dd dd 4 1 INTRODUCTION es nn ne ne tt teat 5 1 1 AIRPOINT NEXUS CONFIGURATION FEATURES annnannnennnnnnnnneennnnrnenrrnnrrenrrrrrnrrrnreene 5 1 2 SYSTEM REQUIREMENTS eer 5 1 3 CAE OKU eebe 6 2 AIRPOINT CONFIGURATIONS Sn ege R ANNAA NARA EEN 10 2 1 USER LOGIN AND LICENSE AGREEMENT iii dieser 10 2 2 WEB GUI ADMINISTRATOR PASSWORD CHANGE nsennnunnsninsrrnerrerinrrrrrrrnrrrerrrsnrnne 12 2 3 USING THE CONFIGURATION PAGES ii 13 2 4 AIRPOINT BRIDGE CONFIGURATION PARAMETERS n nnnannsnnnsnnnennnnrnsrrrenrerrrnrrrsnenn 18 2 4 1 Ethernet Configurations 0 ccc cccccccececeeeeseeeeseeeeseeeeseeeeseeeeseeeesees 18 2 4 2 Wireless Confguraton 18 2 4 3 Radio Protocol 20 2 9e BRIDGE CONFIGURATION EE 22 Se RY sence eres eee seee eas ceec eres eee seee eae ceec sees eee seee eeececc eres eeeeece ecseeccsecsseer 26 A TRAFFIC rue aa aeaaeai ESEESE AKAAKA EERS 31 Ji telel RE 32 5 1 1 SYSTEM CONFIGURATION EE 32 S E dl SECUN EE 33 5 1 3 Reset e de CN 34 5 1 6 NTP Time Server Setup eege 35
21. User Guide and where to obtain additional information regarding installation and set up Overview of User Guide This User Guide provides all necessary information needed to set up configure and deploy the airPoint Nexus The first chapter gives information on the configuration features and the system requirements The second chapter provides step by step information on logging in changing passwords and configuring the various parameters for the airPoint The Security features and the procedures for displaying the Wireless and Ethernet Traffic Statistics are explained in chapters 3 and 4 respectively In Chapter 5 more information on the system configuration tools using the Profile Manager conducting Link Test and estimating the Link Budget is given The steps for upgrading to the latest firmware are shown in Chapter 6 The abbreviations and acronyms used in this User Guide are explained in the Appendix Related Publications These documents provide complete information about the Nexus series of radio units airHaul airPoint and airClient e Quick Install Guide QIG e Release Notes e Technical Specification All the information can also be found on our website at http www smartbridges com bi Si l airPoint Nexus User Configuration Guide Bereet intelligent wireless platform Technical Support Center Comprehensive technical support by dedicated smartBridges engineers is available to all customers throug
22. WARE FACKAGE BY USING THE SOFTWARE PACKAGE YOU AGREE TO THE TERMS OF THIS AGREEMENT IF YOU ARE ACCESSING THE SOFTWARE ELECTRONICALLY INDICATE YOUR ACCEPTANCE OF THESE TERMS BY SELECTING THE ACCEPT BUTTON AT THE END OF THIS AGREEMENT IF YOU DO NOT AGREE TO ALL THESE SELECT THE DECLINE BUTTON AT THE END OF THIS AGREEMENT software Copyright and Distribution Licenses airPoint Nexus is Copyright e 2004 2005 by smart Bridges All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met l Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Please refer ta the URL below for latest updates to the Software Warranty Statement http rmm smarthridges com web support ah nexus asp si ill E Figure 2 2 License Agreement Page WW Home Networking Logout Summary Information airPoint 583210 Bridge mode Maximum Wireless EE 15360 DHCP Disabled Figure 2 3 Nexus Summary Information Page The page information descriptions are provided in the table on the following page ee airPoint Nexus User Configuration Guide Bee intelligent
23. able to perform Delayed Reset function bay airPoint Nexus User Configuration Guide Page 35 6155 intelligent wireless platform Tools Time Settings Operational mode airPoint Bridge NTP Server Settings IP address of the NTP server 128 260 36 2 Time Zone GMT 08 00 Kuala Lumpur Singapore Figure 5 4 NTP Time Settings 5 2 Profile Manager The airPoint Nexus configuration parameters can be saved as profiles in the system There are four profiles available in the system Installation profile Profile Profile 1 Profile3 E All the four profiles contain the same default parameters You can save the current configurations to any of the four profiles and re load the profiles later on or create different configurations and save them under different profiles These can be loaded at different times based on a pre defined calendar schedule The Profile Manager Configuration page can be accessed from the navigation menu bar Tools Profile Manager drop down menu The following figure displays the Profile Manager page bay airPoint Nexus User Configuration Guide gee or ss intelligent wireless platform Home Networking Radio Tools Help Logout Tools Profile Manager airPoint 583210 Bridge mode Save Profile Save 45 Installation Profile ze Profile Description Easy Link Installation Save Profile Profile Table Last loaded Profile None Description None Load Load oad ad
24. adiusd conf file and make the following changes bi Si l airPoint Nexus User Configuration Guide Page 49 of 55 intelligent wireless platform Change the default_eap_type from tls to peap eap default_eap_type peap Move to the PEAP section below the TLS section and uncomment the following lines peap The server is now ready for PEAP authentication default_eap_type mschapv2 8 Change Windows XP for PEAP On the Wireless Network tab select the network and click Configure to open the network properties Then Select the Authentication tab Select Protected EAP on the drop down list Click Properties Enable Validate server certificate In Trusted Root Certification Authorities list enable the root der certificate In Select Authentication Method select Secured password EAP MSCHAPv2 Click Configure If desired enable Automatically use our Windows logon name and password did not enable Automatically use our Windows In our HP laptop the software adds HP before the user name e g HP jbibe If you don t enable this option windows will ask for your user name and password the first time the laptop tries to connect to the network The computer will then use the user name and password exactly as entered On the original Authentication screen we disabled the Authenticate as computer when computer information is available Windows XP is now ready for testing 9 Test PEAP The final
25. ap_type from md5 to tls eap default_eap_type md5 Change md5 to tls Move down to the following line and then uncomment and modify the information as shown below Note that placed the server certificates dh file and random file in a new directory 1x on our system Modify the path as needed for your server tls tls private_key_password whatever private_key_file usr local radius etc 1x cert srv pem certificate_ file usr local radius etc 1x cert srv pem CA file usr local radius etc 1x root pem bi Si l airPoint Nexus User Configuration Guide Page 47 of 55 intelligent wireless platform dh_file usr local radius etc 1x dh random file usr local radius etc 1x random fragment_size 1024 include_length yes No other changes are needed in radiusd conf for TLS d Server Certificates DH File and Random File we added a new directory 1x in the radius etc directory and then copied the server certificates root pem and cert srv pem into the directory Finally we used the following trick to produce dh and random date gt dh date gt random If you prefer use your keyboard to enter some random characters in these files Or even better use the OpenSSL tools to produce the random information for these files e Run Radius The only server addition remaining is wrapper for radiusd We added a new file run radius in the usr local radius sbin directory The script is from Documen
26. ault STP Values Bridge priority 32768 0 65535 parameter used to identify the root bridge in a spanning tree instance of STP The bridge with the lowest value has the highest priority and is the root Bridge max age 20 6 40 The interval a bridge will wait for a hello packet from the root bridge before initiating a topology change Bridge hello time 2 1 10 The interval of time between each configuration BPDU sent by the root bridge airPoint Nexus User Configuration Guide Page 22 of 55 intelligent wireless platform Bridge e delay aa The period of time a bridge will wait the listen and learn period before beginning to forward data packets Ethernet port ETH A 0 65535 The cost of using the port to path cost reach the root bridge When selecting among multiple links to the root bridge STP chooses the link with the lowest path cost and blocks the other paths Each port type has its own default STP path cost 128 0 255 The preference that STP gives this port relative to other ports for forwarding traffic out of the spanning tree A higher numerical value means a lower priority thus the highest priority is 8 Ethernet port ETH B 100 0 65535 The cost of using the port to path cost reach the root bridge When selecting among multiple links to the root bridge STP chooses the link with the lowest path cost and blocks the other paths Each port type has its own default STP path cost Ethernet port ETH
27. central server Importantly DHCP assigns IP addresses and other TCP IP configuration parameters automatically bay airPoint Nexus User Configuration Guide BEE intelligent wireless platform SNMP Short for Simple Network Management Protocol a set of protocols for managing complex networks The first versions of SNMP were developed in the early 80s SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIB and return this data to the SNMP requesters SYSLOG In order to track information on events device jobs and packets flows most security devices out put these events using the syslog information model This output uses a specific format and protocol defined in RFC 3164 bay airPoint Nexus User Configuration Guide Bee intelligent wireless platform Appendix C SNMP Trap The airPoint Nexus generates SNMP trap that can be forwarded to the SNMP Trap server The SNMP Trap server IP address is set in section The following table provides a list of SNMP traps generated IP address Object Identifier 1 3 6 1 4 1 14882 2 1 1 Value lt changed IP address gt Object Identifier 1 3 6 1 4 1 14882 2 1 2 Value lt changed IP netmask gt IP netmask Object Identifier 1 3 6 1 4 1 14882 2 1 3 Value lt changed Gateway gt SSID Object Identifier 1 3 6 1 4 1 14882 5 1 3
28. d Port BOO1 BOO a004 Transparent Aging Time 300 seconds STP Root Cast STP Root Port Bridge Mas Age 20 seconds oo CH CH C CH C D CH mu HR oO D UI UD Wo MAC Address Port Number Figure 2 11 Bridge Configuration ENEE i airPoint Nexus User Configuration Guide Page 25 of 55 intelligent wireless platform 3 Security The Security Configuration page allows the client devices to authenticate with the airPoint unit by using different security modes Follow the steps below to configure the airPoint unit with Security Parameters 1 Click the Security link from the Radio Main page 2 Click on the Required Security Mode If the user selects the Security Mode as 1 None There is no Security involved and any client device can associate with the airPoint Bridge For WDS clients such as the airClient in Bridge mode please enter in the WDS table 2 WEP ONLY Wireless Equivalent Privacy WEP key encryption is used The following table describes the information for the WEP only Settings Table 3 1 WDS Table Page Items Authentication Select authentication method between open system and shared key Open system Open System is null authentication With WEP enabled and valid WEP key on both ends it provides data encryption Clients without correct WEP key still can associate but can not send packet through shared key Strict authentication for both authentication an
29. d data encryption Clients must provide valid WEP key to associate WEP Key Size Choose encryption key size between 40bits and 104bits When key size is changed all 4 keys are lost and user needs to re enter 64 bits User has to input 10 HEX digits 128 bits User has to input 26 HEX digits Valid Key Choose which key in key table is used for authentication 1 4 This value must be matching between the airPoint device and the Client Key Table Display Set WEP keys A maximum of four keys can be set The following page shows you the Security mode WEP only configuration bay airPoint Nexus User Configuration Guide NN 24 of 55 intelligent wireless platform Home Networking Radio Help Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Mode WEP Orly Ke WDS Table MAC Address Add to Table 2 00 30 14 1F 49 93 Display Records Go Authentication rei Open System O Shared Key Wep Key Type HEX Wep Key Size Be I valid Key First Key jabedel2348765achda87236512 Second Key jabetS adf37eacd3478fbdbbaz Third Key jabcde456784tabc345abcdeff33 Fourth Key jabedef445768923bedafbcf231 4pply Changes Figure 3 1 Radio Security Page with WDS entries added 3 Internal ACL Access Control List Mode The user needs to provide the ACL MAC addresses or WDS addresses of the clients that can get associated with the airPoint Bridge In this mode you can
30. dence than External Authentication WPA RADIUS In this mode the user is meant to give the Radius Server addresses and the secondary Radius server addresses if any WPA PSK This mode allows the user to use WPA shared key TKIP for client authentication bay airPoint Nexus User Configuration Guide A a 15 of 55 intelligent wireless platform Menu Item Menu Sub items Tools System Configuration System Name Allows user to change the name of the airPoint unit System Description Allows user to enter a description of the airPoint unit SNMP Security Allows user to set the SNMP Community String and SNMP Access Filters Reset Resets the device remotely Delayed Reset Schedules delayed reset at a future time NTP Server Allows user to change NTP Server settings Firmware Version Shows firmware s current version Radio Firmware Version Shows firmware s current radio version Reset to Defaults Resets the device to factory default values Ethernet MTU Size Allows user to set the Ethernet MTU size for different applications Syslog server IP Address Allows user to set the Syslog server IP and log level SNMP Trap server IP Address Allows user to set the SNMP Trap server IP for SNMP trap forwarding LED Control Allows user to turn on off LED control Operational mode Allows the User to set the Radio Operational mode bay airPoint Nexus User Configuration Guide
31. dge Traffic Statistics Displays the Ethernet and Wireless Traffic Statistics Radio Main Wireless Settings Allows user to set SSID Channel ACL Controls and Country as well as Dial a Power Provides a link to view associations Performance Allows user to set Fragment Length RTS CTS Length RSSI Threshold and Throughput Optimizer Radio Operation mode is set to mixed 802 11a b g by default airPoint Nexus User Configuration Guide Page 14 of 55 intelligent wireless platform Menu Sub items Menu Wem Radio Main Wireless Traffic Statistics Displays the Wireless Traffic Statistics Security Allows the user to set the security WEP only Internal ACL External ACL Radius WPA Radius WPA PSK None There is no security involved for normal clients WDS capable devices such as the airClient Bridge needs to be input into WDS table WEP Only This allows you to turn on encryption using WEP WDS capable devices such as the airClient Bridge needs to be input into WDS table Internal ACL Only the MAC addresses entered in the table will be associated The user needs to key in the authorized MAC either in the Internal ACL or WDS table WDS capable devices such as the airClient Bridge needs to be input into WDS table External ACL Radius amp Internal ACL This mode allows the user to use an External Radius as well as Internal ACL for client authentication Internal Authentication has more Prece
32. e Click on Networking Bridge Configuration to access the Bridge Configuration page Choose Enable from the Spanning Tree Protocol pull down list Click on the Generic Port Table link to change the Generic Parameters Enter a value for the STP Priority Enter a value for the Bridge Max Age Enter a value for the Bridge Hello Time Enter a value for the Bridge Forward Delay Click on Transparent Aging Time link to change the Transparent Aging Time Click on the Spanning Tree Port Table link to change the STP Ethernet Port parameters Enter the values of Ethernet Port Priority and or Port Path Cost for ETHA Enter the values of Ethernet Port Priority and or Port Path Cost for ETHB Enter the values of Ethernet Port Priority and or Port Path Cost for Radio A Click on Apply Changes Button to save to the current configuration file oe ee eg En ee ee N bay airPoint Nexus User Configuration Guide Page 24 of 55 intelligent wireless platform OU sO 18 10 38 E9 Number of Ports Transparent Spanning Tree Protocol Enabled Bridge Address Type of Bridging Protocol Specification STP Priority Topology change Timer STP designated Root 32708 D Port Enable Yes Ye 5 3 12 Port Path Cost 100 Port Designated Root j 00301a1c34e9 Bridge Hello Time 2 seconds Port Designated Cost Bridge Forward Delay 15 seconds STP Designate
33. e day and during the night time User creates the two different profiles and save them as Profile Day and Profile Night and use the Profile Calendar to schedule the activation of the two profiles Follow the steps below to schedule the activation of a saved profile 1 Selecta profile to schedule 2 Uncheck the Disable Profile Calendar check box A profile calendar will be displayed 3 Select date time from the load time calendar Use the calendar icon to choose a start date 4 Select the recurrence daily weekly monthly only once 5 Click the Apply Changes button The schedule will be loaded either daily weekly monthly or only once at the specified start date and time 6 Todisable the scheduled profile check the check box Disable Profile Calendar Profile Calendar Select Profile Profile 1 Time Server Not available i Disable Profile Calendar WEE dd rmm wyyy Hour Minutes Load time Sid Recurrence O Daily O Weekly O Monthly only once Apoly Changes Figure 5 6 Profile Calendar bay airPoint Nexus User Configuration Guide Bee intelligent wireless platform 5 3 Link Test The Link Test tools are available from the navigation menu bar Tools Link Test drop down menu From Link Test tools the user can test Throughput and perform Ping Test You will need to run Radio Transmit or Radio Receive The client device will automatically start receiving trans
34. ed Frames 102201 Ho of PHY Aborted 1967269 Frames Figure 4 1 Traffic Statistics page 2516 by airPoint Nexus User Configuration Guide BE intelligent wireless platform 5 Tools 5 1 1 System Configuration The System Configuration page provides a one page tool to configure the airPoint device To access the System Configuration page go to Tools System Configuration drop down menu The following figure displays the System Configuration page Home Networking Help Logout System Configuration airPoint 583210 Bridge mode System Configuration NTP Server Settings Time Server Not available 1 00 00c Release Notes Edit Configuration IP Configuration Radia Performance Security Reset To Defaults LED Control On Current Operational Mode Bridge Figure 5 1 System Configuration The following page summarizes the contents of the System Configuration page eee airPoint Nexus User Configuration Guide ge RTT intelligent wireless platform Table 5 1 System Configuration Ewert Name Displays name of airPoint unit y Allows user to change airPoint unit name SS Displays description of airPoint unit SESCH Allows user to change airPoint unit description SNMP Security Access the SNMP security settings Delayed Reset Schedule a reset NTP Server NTP server setup as well as NTP time if server is setup Display the installed firmware version es ERR Display the installed
35. elect Device Device Radio Mode Radio Mode Ts Output Power dE 5 to 23 Ts Output Power dBm 5 to 23 Antenna Gain Antenna Gain RF Cable Loss RF Cable Loss Compute Link Budget EIRE 15 Free Space Loss 120 4 Theoretical RSSI demi 57 Recommended minimum 75dErm Available Fade Margin dBm 35 Fresnel Zone Clearance Required 17 feet Figure 5 10 Link Budget Planning Calculator Link Budget bay airPoint Nexus User Configuration Guide Page Ee intelligent wireless platform 6 Firmware Upgrade New firmware for airPoint Nexus is available for download from smartBridges Support web site http www smartbridges com support The airPoint Nexus device firmware can be upgraded from the web management interface Follow the steps below to upgrade the airPoint Nexus firmware 1 Download the latest or a particular release version of the airPoint Nexus firmware from the web site http www smartbridges com support to your PC 2 Login to the device web interface Go to Tools Firmware Upgrade drop down menu The Firmware Upgrade page will be displayed as shown below Enter the firmware tar ball file name downloaded in Step 1 Click on the Upgrade button to upgrade the firmware When the firmware tar ball file transfer is completed a message will be displayed on the web page 6 Wait about 10 minutes for the device firmware to be upgraded Once the upgrade is co
36. enssl make make install That completes the work with OpenSSL except for building the required certificates When you perform the config make and make install here and in the FreeRADIUS install described below We recommend that you log the information For example instead of using the simple make command use bay airPoint Nexus User Configuration Guide DEER intelligent wireless platform make gt mymake log 2 gt amp 1 If you encounter problems you can review mymake log or myconfig log or myinstall log for errors b FreeRadius Download the latest FreeRADIUS snapshot We downloaded the file to our home directory The snapshot is located at ftp ftp freeradius org pub radius CVS snap Then we used the following nine steps mkdir p usr src 802 radius cd usr src 802 radius cp home jbibe freeradius snapshot 20040203 tar gz freeradius snapshot 20040203 tar gz gunzip freeradius snapshot 20040203 tar gz tar xvf freeradius snapshot 20040203 tar cd freeradius snapshot 20040203 configure with openssl includes usr local openssl include with openssl libraries usr local openssil lib prefix usr local radius make make install That completes the work with FreeRADIUS except for building certificates making the changes to the FreeRADIUS configuration files moving the server certificates to their final location and building a wrapper for radiusd 2 Produce Certificates Server and
37. er cert srv pem cert srv p12 cert srv der bi Si l airPoint Nexus User Configuration Guide Page 46 of 55 intelligent wireless platform For TLS and PEAP the server needs root pem and cert srv pem For TLS the Windows XP client needs root der and cert clt p12 For PEAP the Windows XP client needs root der In the event that you want to use TLS authentication with multiple clients Document 3 provides the needed script Look for the CA clt script in Section 6 3 Configure Server for TLS There are only a few changes and additions needed for TLS authentication The clients conf users and radiusd conf are located at usr local radius etc raddb a clients conf This file contains the basic configuration for the Access Point Look for the following line then uncomment and modify as appropriate client 192 168 0 0 24 client 192 168 1 0 24 secret AP_Shared_ Secret shortname WLAN b users This file contains the basic user information Look for the following line and then add the user name SZ John Doe Auth Type Local User Password hello H jbibe Note that for TLS you should not include an Auth Type or a password The server is able to determine the correct Auth Type and a password is not needed because the client uses a client certificate for authentication c radiusd conf This file contains the server configuration information Look for the following lines and then change the default_e
38. eset Disable Delayed reset idd mm yyyy Hour Minutes Reset time 23 01 2005 ES Recurrence Daily Weekly Monthly only once 4oply Changes Figure 5 3 Delayed Reset For delayed reset follow the steps below Select date from the calendar that has been provided Select the recurrence Click Apply Changes button to change the settings If user wants to disable Delayed Reset check the box that has been provided E Wa 5 1 4 NTP Time Server Setup The device time comes from the network time information source The device needs access to a network timer NTP time server source The NTP time server IP can be configured as follows 1 From the System Configuration page click on the NTP Server Setting link 2 A Time Settings page will be displayed Click on the NTP Server Settings link to enable timer settings input 3 Enter a valid NTP server IP address and select the Time Zone The default NTP server is 128 250 36 2 and the default Time Zone is Singapore 4 Click on the Apply Changes button to configure the NTP The network time will appear on the browser if the NTP server is contactable Note Please ensure the NTP server IP is reachable from the device Use the ping test tool from the Tools Link Test to check if the NTP server can be pinged from the device The device can still operate without the Time Server configuration however you will not be
39. guration Guide Page 28 of 55 intelligent wireless platform 4 External ACL Radius amp Internal ACL This mode allows the user to use an External Radius as well as an Internal ACL for client authentication The entry in the Internal ACL has more precedence than the External ACL table WDS entries still need to be local a The user needs to give the Radius server address and secondary radius server address if any b The shared key value with which the Radius client can establish a connection with Radius Server has to be given c The Port number through which the communication is going to take place has to be given d Re auth time specifies the interval at which re authentication takes place e Enter the Internal ACL Mac addresses or WDS addresses if any Internal Authentication has more precedence than External Authentication Home Networking Radio Help Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Security Mode External ACL A adius amp Internal ACL ze eG Secondary Radius Server Address 192 168 o 100 Bb seconds Shared Key Le345abcdef34567123bedeabcdabce Internal ACL Table WDS Table Internal ACL Table MAC Address Upload Download Add to Table Mac Address Upload Kbps Dovwnload Kbps Delete 00 30 14 Etta vas 15360 15360 00 30 14 1F 47 E3 15360 15360 Display Records Go Applv Changes Figure 3 4 External ACL Radius am
40. h the smartBridges support center website The website provides updated tools and documents to help troubleshoot and resolve technical issues related to smartBridges products and technologies To access the technical support resources please visit the support center website at http www smartbridges com support You will need to register for certain services and downloads on the smartBridges support center website bay airPoint Nexus User Configuration Guide C Rees ES ZC 4 of 55 intelligent wireless platform 1 Introduction This User Guide provides information on how to set up the features and deploy the airPoint unit A web based management tool is provided to assist the user in configuring the airPoint unit for different purposes 1 1 airPoint Nexus Configuration Features The airPoint web based management tool provides the user with the following features System Parameters Device Mode Operation Ethernet and wireless IPs Radio SSID domain channel security etc parameters Network bridge STP etc parameters Bandwidth management Antenna alignment Security Traffic Statistics 10 Site Survey 11 Profile management 12 User management 13 Link Test 14 Link Budget Planning Calculator 15 Firmware Upgrade Oe D OT ON 1 2 System Requirements The following are the minimum system requirements for the airPoint Nexus web based configuration management tool 1 Operating System either Windows 98
41. hange the settings og SS Performance RTS CTS Length 256 2348 E346 RSSI Threshold Preamble Settings Throughput Optimizer 0 10 F4 Get ma 7 10 Sir 4ooly Changes Figure 2 9 airPoint Bridge Performance Settings bay airPoint Nexus User Configuration Guide Page 21 of 55 intelligent wireless platform 2 5 Bridge Configuration In Bridge mode the airPoint unit acts as a transparent bridge between the Radio and the Ethernet interfaces The figure below shows the bridge configuration and the bridge forwarding table information The STP Spanning Tree Protocol is disabled by default Home Networking Logout Networking Bridge Configuration Operational mode airPoint Bridge Bridge Configuration Type of Bridging Transparent Spanning Tree Protocol Disabled Transparent Aging Time 300 seconds Forwarding Table for Transparent Bridge MAC Address Port Number Local 00 30 14 1F 468 37 00 30 14 LC Sse Ce DOSS IAE Ci C5 OO 30 14 01 9F 10 Refresh Figure 2 10 Bridge Configuration Information 2 6 Configuring Spanning Tree Protocol STP STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network For a Layer 2 Ethernet network to function properly only one active path can exist between any two stations STP is disabled by default The table below lists the default STP settings when the STP is enabled Table 2 5 Def
42. invented by RSA Data Security RC4 is a symmetric stream cipher that uses the same variable length key for encryption and decryption With WEP enabled the sender encrypts the data frame payload and replaces the original payload with the encrypted payload The sender bay airPoint Nexus User Configuration Guide A a 5 of 55 intelligent wireless platform then forwards the encrypted frame to its destination The encrypted data frames are sent with the MAC header WEP bit set Thus the receiver knows to use the shared WEP key to decrypt the payload and recover the original frame The new frame with an unencrypted payload can then be passed to an upper layer protocol WEP keys can be either statically configured or dynamically generated In either case WEP has been found to be easily broken WPA Wi Fi Protected Access WPA is a replacement security standard for WEP It is a subset of the IEEE 802 111 standard being developed WPA makes use of TKIP to deliver security superior to WEP 802 1X access control is still employed The Authentication Server provides the material for creating the keys Packet Concatenation Packet concatenation will increase the throughput of the equipment by simply buffering the packets at the transmitter and convert them into superframe for the transmission over the wireless interface Packet Bursting Packet bursting is for increasing the throughput by increasing the window size and reducing the time fo
43. io Transmit button 4 The Throughput test will start and the result will be displayed 5 Click on the Stop button to stop the test bay airPoint Nexus User Configuration Guide A ZC 39 of 55 intelligent wireless platform Tools Link Test Operational mode airPoint Bridge Far end Radio IP Address i g Ping Test Throughput Test Start Stop Radio Receive Stop Throughput Test Transmit 9 0 0 30 0 sec 43 2 MBytes 12 1 Mbits sec 9 30 0 60 0 sec 44 2 MBytes 12 4 Mbits sec 9 60 0 90 0 sec 46 1 MBytes 12 9 Mbits sec 9 90 0 120 0 sec 45 2 MBytes 12 6 Mbits sec 9 120 0 150 0 sec 39 2 MBytes 11 0 Mbits sec 9 150 0 180 0 sec 45 1 MBytes 12 6 Mbits sec H 9 180 0 210 0 sec 46 6 MBytes 13 0 Mbits sec Figure 5 8 Throughput Test Result 5 4 Link Budget Planning Link Budget Planning is a very useful tool for link budget estimation The Link Budget Planning Calculator can be accessed from the navigation menu bar Tools Link Budget Planning Calculator drop down menu A GPS Calculator is provided in the Link Budget Planning Calculator page to calculate the distance between two airPoint stations To calculate the distance follow the steps below 1 Enter the GPS co ordinates of Station 1 Lattitude1 and Longitude1 and Station2 Latitude 2 and Longitude 2 GPS co ordinates may be entered in DD MM MM or DD MM SS SS formats 2 Select the distance units miles o
44. le connecting antenna and airPoint unit View Association Table List all associated clients and its link status Note The default value for Dial a Power is 18 dBm for FCC domain At high TX power levels due to Amplifier saturation radio tends to distort EVM So we suggest that you try to use lower than the maximum power level 2 4 3 Radio Protocol The user can edit the wireless radio protocol parameters to optimize the radio performance The radio protocol parameters are 1 Fragment Length between 256 and 2346 2 RTS CTS between 256 and 2346 3 RSSI Threshold between 90 and 20 4 Preamble settings Long Short or Dynamic 5 Throughput Optimizer Table 2 4 Radio Protocol Parameters Fragment Length a Show current value b Change to a value within its range This setting determines the size at which packets are fragmented sent as several pieces instead of as one block Default value is 2346 bytes The range of value is from 256 to 2346 bytes RTS CTS Length a Show current value b Change value RTS request to send CTS clear to send The RTS CTS length determines the packet size at and bigger than which the radio issues a request to send RTS before sending the packet Default value is 2346 bytes The range of value is from 256 to 2346 bytes RSSI Threshold The User can set the minimum value of RSSI Threshold The range is from 90 to 20 airPoint Nexus User Configuration Guide Page 20 of 5
45. mitting provided an airClient Nexus is used The user needs to specify the IP address for the test Note Throughput test works only between sB Nexus Devices Follow the steps below to do a Ping Test Enter a valid IP address for Far end Radio IP Address Click on the Start button under Ping The Ping result will be displayed Click on the Stop button to stop the test nga ce eg Tools Link Test Operational mode airPoint Bridge Far end Radio IP Address 192 168 3 s Throughput Test Radio Transmit Radio Receive Stop Showing Ping Request Packet 9 64 bytes from 192 168 3 5 icmp_seq 0 ttl t Packet 10 64 bytes from 192 168 3 5 icmp_seg 0 ttl Packet 11 64 bytes from 192 168 3 5 icmp_seq 0 ttl Packet 12 64 bytes from 192 168 3 5 icmp_seq 0 ttl Packet 13 64 bytes from 192 168 3 5 icmp_seg 0 ttl Packet 14 64 bytes from 192 168 3 5 icmp_seq 0 ttl Packet 15 64 bytes from 192 168 3 5 icmp_seg 0 ttl Packet 16 64 bytes from 192 166 3 5 icmp_seq 0 ttl Packet 17 64 bytes from 192 168 3 5 icmp_seq 0 ttl Packet 18 64 bytes from 192 168 3 5 icmp_seg 0 ttl Figure 5 7 Ping Test Result Follow the steps below to do a Throughput Test 1 Setup a link between two airPoint units 2 Enter a valid IP address of the Far end Radio IP Address 3 Click on the Radio Receive button at one end under the Throughput Test and at the other end Click on the Rad
46. mpleted a pop up window displaying the upgraded firmware version will appear SE Note During the upgrade period about 10 15 minutes the airPoint unit MUST not be reset or power cycled Home Networking Logout Tools Firmware Upgrade Operational mode airPoint Bridge Firmware Upgrade Current Firmware Version vO 00 01 Upgrade System Software Tar File fe iimwares B210_IXP_V0 01 Upgrade Figure 6 1 airPoint Nexus Firmware Upgrade page Tools Firmware Upgrade System Software Tar File has been transfered The device is being upgraded and will be unavailable for 10 15 minutes DO NOT Reset or Reboot during this time Time elapsed 00 28 MM SS Figure 6 2 airPoint Nexus Firmware Upgrade Firmware transferred bay airPoint Nexus User Configuration Guide Ber tours intelligent wireless platform Laast Application Figure 6 3 Successful upgrade pop up window ENEE airPoint Nexus User Configuration Guide Page aeS intelligent wireless platform Appendix A Configuration of the Radius Server FreeRADIUS WinXP Authentication Setup This document describes how to build a FreeRADIUS server for TLS and PEAP authentication and how to configure the Windows XP clients supplicants The server is configured for a home or test network Three papers have been written about TLS authentication with a FreeRADIUS server and are available at the following websites 1 www missl cs
47. nge Enter Old Password Enter new Authentication Password Confirm new Authentication Password Apply Changes Figure 2 4 Administrator password change bay airPoint Nexus User Configuration Guide Page Ee intelligent wireless platform 2 3 Using the Configuration Pages The airPoint Nexus configuration system comprises several pages for configuring each parameter A common navigation menu bar is provided at the top of each page for easy navigation as shown in the figure below Networking Logout Summary Information airPoint 5B3210 Bridge mode Wireless Confiquration Ethernet Configuration Tell ei Le es se TO Association Tole vi ever F 2d Maximum Wireless Throughput Kbps ee BE ETH A MAC Address 00 30 14 1F 3C C9 ETHB MAC Address 00 30 14 10 30 c8 _Apply Changes Radio MAC Address 00 30 14 1F 48 17 Figure 2 5 Navigation Menu Bar System configuration information is displayed as read only in each page As shown in the Summary Information page in the above figure Ethernet Configuration Wireless Configuration Port Information parameters are displayed as read only Clicking on the underlined parameter heading allows you to edit the configuration parameters To change the Ethernet Configuration parameters click on the Ethernet Configuration link Similarly clicking on the Wireless Configuration link the Radio Configuration page
48. p Internal ACL 5 WPA Radius This mode allows the user to use an external radius for client authentication This makes use of the EAP TLS There is no WDS in this case as WDS does not work with WPA a Give the Radius Server Address and secondary Radius server address if any b The port number has to be specified with which the communication is going to be established between the client and the server c The Re auth timer value specifies the interval at which re authentication takes place bay airPoint Nexus User Configuration Guide Page 29 of 55 intelligent wireless platform Encryption type is TKIP Temporal Key Integrity Protocol Home Networking Radio Help Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Security Mode iv SS Secondary Radius Server Address Eur Shared Key 12345abcdefs4s 7123bcdeabedabce cube Pen PS Ip Apply Changes Figure 3 5 WPA radius page 6 WPA PSK In this mode a client needs to be capable of WPA PSK The user needs to give the Pre Shared Key value and the clients must specify the key to get associated There is no WDS in this case as well as WDS does not work with WPA PSK Home Networking Logout Radio Configuration Bridge mode Security airPoint 583210 Bridge mode Security Security Mode WPA PSK Ke WPA Shared Key jabedefl23567 bcedaef23415678934be Encryption Type TKIP Re key time os seconds
49. parate VLANs 802 11i An upcoming security standard currently being developed by IEEE that features 802 1x authentication protections and adds AES Advanced Encryption Standard technology a stronger level of security than used in WPA for encryption protection along with other enhancements IEEE 802 1x A security standard featuring a port based authentication framework and dynamic distribution of session keys for WEP encryption A RADIUS server is required SSID Each ESS has a Service Set Identifier SSID used to identify the Radio that belong to the ESS Radios can be configured with the SSID of the ESS to which they should associate By default radios broadcast their SSID to advertise their presence VLAN A VLAN is a switched network that is logically rather than physically segmented VLANs enable workstations and other devices to have a virtual association independent of geographic location or physical attachment to the network These groupings can be based upon organizational unit application role or any other logical grouping WEP According to the IEEE 802 11 standard Wired Equivalent Privacy WEP is intended to provide confidentiality that is subjectively equivalent to the confidentiality of a wired local area network medium and that does not employ cryptographic techniques to enhance privacy WEP relies on a secret key that is shared between a mobile station and an access point WEP uses the RC4 stream cipher
50. r acknowledgement Packet Compression LZO compression is being used to achieve more throughputs COFDM COFDM involves modulating the data onto a large number of carriers using the FDM technique The Key features which makes it work in a manner is so well suited to terrestrial channels includes e Orthogonality the O of COFDM e The addition of Guard interval e The use of error coding the C of COFDM interleaving and channel state information COFDM is resistant to multipath effects because it uses multiple carriers to transmit the same signal Spanning Tree Protocol STP STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network For a Layer 2 Ethernet network to function properly only one active path can exist between any two stations Spanning tree operation is transparent to end stations which cannot detect whether they are connected to a single LAN segment or to a LAN of multiple segments RIP The most popular of the TCP IP interior routing protocols is the Routing Information Protocol RIP RIP is used to dynamically exchange routing information RIP routers broadcast their routing tables every 30 seconds by default Other RIP equipments will listen for these RIP broadcasts and update their own route tables DHCP DHCP stands for Dynamic Host Configuration Protocol and is a means for networked computers to get their TCP IP networking settings from a
51. r kilometers 3 Click the Compute Distance button to calculate the distance between the two stations 4 The distance will be displayed in the Distance text box GPS Calculator Latitudel Longitudel Latitude Longitude ue mmm we IN M Wm w Compute Distance Course 1 2 Degrees Course 2 1 Degrees Distance oS miles Figure 5 9 Link Budget Planning Calculator GPS Calculator Once the distance is computed the user can do the link budget calculations as follows Select the radio mode for station 1 and 2 Enter the transmit output power in dBm for station 1 and 2 Enter the antenna Gain in dB for station 1 and 2 Enter the Cable Losses in dB for station 1 and 2 Click the Compute Link Budget button to calculate the link budget information bay airPoint Nexus User Configuration Guide BEE SE E intelligent wireless platform 6 The link budget information will be displayed in the following figure The link budget information EIRP Free Space Loss and Theoretical RSSI are computed and displayed The Receive Sensitivity Maximum Transmit Power System Gain and Available Fade Margin at various Link Speed are also computed and displayed in a table Ideal fade margin for a link is between 10 dB to 20 dB for a stable link base on the environmental condition of a region The Fresnel Zone Clearance Required will also be displayed Distance from Root Device to Remote Device is Please S
52. rnal cable connecting a Feet meters Radio and antenna 23 Fade Margin taken into account for a link Between 10 to 20 dBm budgeting Model of smartBridges airPoint sB3210 equipment selected for a link Please refer to Note below for selecting the right equipment TT TT R Length of the Ethernet cable required for Feet s meters powering a unit Choose a best channel which can be used Specify channel number on the basis of site survey with a help of scanning tools like Netstumbler Network diagram along with IP address of Yes No all the interfaces for link to be setup in Place 2 Availability of Quick Installation Guide velo 3 Availability of Configuration guide and CD Yes No li Ensure that all items listed in the Package Yes No Contents of Quick Installation Guide are included in the shipment 5_ Availabilty of Installation KE reel MAC address of airPoin ies 7_ Configured for pre installation testing Yeso Ping response MS Ping Success Rate Perenage Throughput test for upload bandwidth In Mbps as per the specification mentioned in Note 15 Mbps data throughput and 20 miles 30 km range bay airPoint Nexus User Configuration Guide Page Di intelligent wireless platform Post Installation Checklist for airPoint Organization Name Site Name Address City a Zip Code Telephone Number Mira RS EE 3 IP address X X X X 4 Link Quality 5 RSSI
53. t US countryName_min 2 countryName_max 2 stateOrProvinceName State or Province Name full name stateOrProvinceName_ default Tennessee localityName Locality Name eg city localityName_default Brentwood O organizationName Organization Name eg company O organizationName_default Helava organizationalUnitName Organizational Unit Name organizationalUnitName_ default Engineering commonName Common Name eg YOUR name commonName_max 64 commonName_default HAI emailAddress Email Address emailAddress_max 40 emailAddress default ohb cmcast net SET ex3 SET extension number 3 req_attributes challengePassword A challenge password challengePassword_min 4 challengePassword_max 20 challengePassword_ default whatever unstructuredName An optional company name b CA all Update the CA all script for your requirements The file is located at usr src 802 radius freeradius snapshot 20040203 scripts If you use the default password whatever you only need to verify that the path in the script points to the installed openssl information No changes should be necessary but there is one gotcha At about line 30 the path will probably be in error Look for the following line and update the path as needed echo newreq pem usr local openssl ssl misc CA pl newca When CA all executes it produces nine certificates root pem root p12 root der cert clt pem cert clt p12 cert clt d
54. t 3 Wrapper Script bin sh x LD_LIBRARY_PATH usr local openssl lib LD _PRELOAD usr local openssi lib libcrypto so export LD_LIBRARY_PATH LD_ PRELOAD lusr local radius sbin radiusd After entering and saving the script make run radius executable chmod u rwx run radius The server is complete 4 Install Windows XP Certificates and Setup Client for TLS The Windows XP certificates need to be installed and client needs to be configured We recommend that you follow Raymond McKay s example in Document 3 Section 10 XP Client Supplicant Setup When this step is complete the client is ready 5 AP Setup The AP configuration needs to be modified This is the setup we used with our ZyXEL B 1000v2 We assume that the B 1000 has been configured previously to use WEP keys and MAC addresses At the wireless 802 1 x tab Wireless Port Control Authentication Required ReAuthentication Timer 1800 seconds Idle Timeout 3600 seconds Authentication Database RADIUS only Dynamic WEP Key Exchange 128 bit WEP bo Si l airPoint Nexus User Configuration Guide Page us ores intelligent wireless platform At the RADIUS tab for authentication Active Yes Server IP 192 168 1 10 Port Number 1812 Shared Secret AP_Shared_Secret 6 Test TLS The final step is to test the server With Windows XP computer off start the server in the debug mode by entering
55. umd edu wireless eaptls 2 www freeradius org doc EAPTLS pdf 3 www denobula com These papers provide an excellent background but are somewhat out of date Where appropriate we will simply refer to these documents rather than repeating the information We recommend that you follow the steps we give below rather than the steps in these documents If you follow this example please make the needed changes to the names of the files We installed the FreeRADIUS and OpenSSL files in special local directories This ensures that there is no interaction between the base Linux files and the new files It also allows you to easily remove all of the newly installed files The FreeRADIUS and OpenSSL snapshots used in constructing the server are beta software 1 Download and Install OpenSSL and FreeRADIUS The first step is to download and install the latest snapshot versions of OpenSSL and FreeRADIUS a OpenSSL Download the latest OpenSSL 0 9 7 stable snapshot We downloaded the OpenSSL snapshot to our home directory The snapshots are located at ftp ftp openssl org snapshot Then We used the following nine steps mkdir p usr src 802 openssl cd usr src 802 openssl cp home jbibe openssl 0 9 7 stable SNAP 20040202 tar gz openssi 0 9 7 stable SNAP 20040202 tar gz gunzip openssi 0 9 7 stable SNAP 20040202 tar gz tar xvf openssl 0 9 7 stable SNAP 20040202 tar cd openssl 0 9 7 stable SNAP 20040202 config shared prefix usr local op
56. w to configure the wireless association parameters Go the menu bar and select Main airPoint Bridge from the Radio drop down menu To configure the wireless settings click on the wireless settings link Enter the SSID of the airPoint unit Choose a radio domain from the drop down list Choose the Radio Operating Mode bay airPoint Nexus User Configuration Guide Bees SE intelligent wireless platform Choose a radio channel to associate with the client Choose the data rate Select the transmit power of the radio from Dial in Power drop down menu Select the gain of the antenna from the drop down menu according to the gain of the antenna used with the equipment 10 Enter the RF cable loss based on the cable specifications 11 Click the Apply Changes oS Home Networking Logout Main airPoint Bridge Radio Configuration airPoint Bridge Mai Security Operational mode airPoint Bridge Radio Operating Mode Mixed 802 11 a b g K Rates 1 Mbps 2 Mbps 95 5 Mbps 11 Mbps G6 Mbps G9 Mbps 12 Mbps 18 Mbps G24 Mbps 36 Mbps 948 Mbps 54 Mbps 12 dBm ze Antenna Gain d m 23 ze RF Cable Loss dBm bb View Association Table Apply Changes Figure 2 8 airPoint Bridge Wireless Settings The following table summarizes the information for the wireless settings Table 2 3 Wireless Settings SSID Shows the current SSID User can change the SSID The SSID is a unique identifier that
57. wireless platform Table 2 1 Description of Parameters IP Address Editable Ethernet IP Address IP Mask Editable Ethernet IP subnet Mask Ethernet Editable Gateway IP address Configuration DHCP Editable DHCP status Disabled Enabled User can enable DHCP by ticking the check box to obtain an IP address from the network DHCP server Wireless Channel Device operation channel Configuration Association Table Shows the Associated list of clients Throughput Ethernet A wired side MAC address Display only TEEN Ethernet B wired side MAC address Display only Ee only Security Mode Allows user to select the Allows user to select the Security Mode and configure it Mode and configure it Device operational Current device operational mode airPoint Bridge or Operational Mode mode airPoint Router future release 2 2 Web GUI Administrator Password Change By default the administrator password is smartBridges case sensitive Follow the steps below to change the Administrator password 1 Click on the Tools User Manager drop down menu in the navigation menu bar An Administrator Password change GUI will appear 2 Enter the fields for Old Password new Authentication Password and Confirm new Authentication Password 3 Click on the Apply Changes button to change the password Home Networking i S Logout Tools User Manager Operational mode airPoint Bridge Administrator Password Cha
Download Pdf Manuals
Related Search