Belair BA100 User Manual
  1. Manuals
  2. Brands
  3. Belair Manuals
  4. Wireless Router
  5. BA100
  6. User manual

Belair BA100 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

BelAir100
Release:
Document Date:
Document Number:
Document Status:
Security Status:
Customer Support:
© Copyright 2006 by BelAir Networks.
The information contained in this document is confidential and proprietary to BelAir Networks. Errors and Omissions Excepted.
Specification may be subject to change. All trademarks are the property of their respective owners.
6.0
June 30, 2006
BDTM10001-A05
Standard
Confidential
613-254-7070
1-877-BelAir1 (235-2471)
techsupport@belairnetworks.com
BelAir100

User Guide

Page 1 of 147

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the BA100 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Belair BA100

  • Page 1: User Guide

    © Copyright 2006 by BelAir Networks. The information contained in this document is confidential and proprietary to BelAir Networks. Errors and Omissions Excepted. Specification may be subject to change. All trademarks are the property of their respective owners. Page 1 of 147...

  • Page 2: Table Of Contents

    BelAir100 User Guide Contents Contents About This Document ........3 BelAir100 Wireless Multi-service Node .

  • Page 3: About This Document

    • For mode commands, the parameter, as in , specifies the particular radio that the command applies to. Related The following titles are BelAir reference documents: Documentation BelAir Products Deployment Guidelines • BelAir100 System Command Line Interface Guide • BelAir100 Radio Command Line Interface Guide •...

  • Page 4: Belair100 Wireless Multi-Service Node

    BelAir Networks offers the industry’s most comprehensive portfolio of wireless mesh products ensuring exceptional flexibility in the design and future-proof growth of your network. BelAir wireless mesh products support a full range of coverage options from high-speed Internet access and other data services through to high capacity, high performance networks delivering video, wireline-quality voice, tiered business services and cellular backhaul.

  • Page 5: System Overview

    System Overview System Overview The BelAir100 can operate as a standalone device, or participate in a BelAir Networks multiple point-to-point mesh as an edge node or to terminate the mesh where the full functionality of the BelAir200 is not required.

  • Page 6: Hardware Description

    BelAir100 User Guide System Overview Hardware Figure 3 shows the relationship between the main BelAir100 hardware modules. Description Figure 3: BelAir100 Hardware Module Block Diagram Radome EMC Enclosure Radome Radio Radio Module Module 90-264 V Battery Ethernet 100Base-TX 100Base-FX Note: Either Radio Module can be an access radio or a backhaul radio. The BelAir100 consists of the following modules: •...

  • Page 7: Belair100 Layer 2 View

    BelAir100 User Guide System Overview • one battery and charger • one environmental enclosure with radomes • an external connector field In a BelAir100, one of the radio modules is also responsible for centralized control of the unit, including packet forwarding and all OAM tasks. BelAir100 Layer 2 At the layer 2 (data-link) layer, the BelAir100 acts as a bridge and layer 2 switch.

  • Page 8: Belair100 Configuration Interfaces

    BelAir100 User Guide BelAir100 Configuration Interfaces BelAir100 Configuration Interfaces The BelAir100 can be accessed and configured using the following configuration interfaces: • the command line interface (CLI) • the SNMP interface • the Web interface (using either HTTPS or HTTP) All three interfaces (Web, CLI and SNMP) have the same public IP address.

  • Page 9: Integrating The Belair100 With A Pre-Deployed Nms

    BelAir100 System Command Line Interface Guide in detail in the Integrating the In addition to providing support for the SNMP MIBs described in Table 2, BelAir BelAir100 with a Networks provides a number of enterprise MIB definitions that you can Pre-deployed NMS integrate with your Network Management System (NMS).

  • Page 10: Belair100 Web Interface

    Interface Supported Web BelAir Networks has verified that the BelAir100 Web interface operates Browsers and Platforms correctly with the following web browsers: • Microsoft Internet Explorer version 5.0, or later • Netscape Navigator version 6.0, or later Accessing the Web You can access the Web interface using either secure HTTP (HTTPS) or HTTP.

  • Page 11: Accessing The System Page With Secure Http Or With Http

    BelAir100 User Guide BelAir100 Configuration Interfaces Accessing the System To log in to the BelAir100 Web interface and access the main page using HTTPS Page with Secure HTTP or HTTP, do the following steps: or with HTTP 1 Open your Web browser and specify the IP address of the BelAir100 node you want to access.

  • Page 12: Command Line Interface Basics

    BelAir100 User Guide Command Line Interface Basics Command Line Interface Basics Use this chapter to familiarize yourself with basic CLI tasks, including: • “Connecting to the BelAir100” on page 12 • “Starting a CLI Session” on page 13 • “Command Modes ” on page 14 •...

  • Page 13: Starting A Cli Session

    SSH Session Example of Initial Login With secure shell, the system prompts you twice for your password. ssh -l root 10.1.1.10 root@10.1.1.10's password: BelAir Backhaul and Access Wireless Router BelAir User: root June 30, 2006 Confidential Page 13 of 147...

  • Page 14: Command Modes

    Password: Telnet Session Example of Initial Login With Telnet, the system prompts you only once for your password. telnet 10.1.1.10 BelAir Backhaul and Access Wireless Router BelAir User: root Password: Command Modes The BelAir100 CLI has different configuration “modes”. The available commands depend on the selected mode.

  • Page 15: Abbreviating Commands

    BelAir100 User Guide Command Line Interface Basics Table 4: Command Line Interface Modes (Continued) Mode Description RADIO Configure the BelAir100 backhaul and access radios. Configure the mesh portal settings if the BelAir100 is a portal to a mesh cluster. mode Use the command to display all the available modes.

  • Page 16: Command History

    BelAir100 User Guide Command Line Interface Basics Command history You can use the command to display a list of the last ten commands that you have typed. History Example /# history 22 /snmp/snmp-community 4 community-name belairmgmt ipaddr 0.0.0.0 privilege readwrite cd /system show sessions cd /snmp...
  • Page 17 BelAir100 User Guide Command Line Interface Basics • a list of commands starting with the given keyword in the current mode You can use "?" as an alternative for the word "help". When "help" or "?" is typed in the required mode, all commands present in that mode as well as all general commands are listed.

  • Page 18: Terminating Your Cli Session

    BelAir100 User Guide Command Line Interface Basics Example /system# help "reb" [Syntax] : reboot [{force}] Description : Directs the node to reboot. Terminating your exit You can terminate your own CLI session at any time by entering the command. CLI Session June 30, 2006 Confidential Page 18 of 147...

  • Page 19: User Administration

    BelAir100 User Guide User Administration User Administration BelAir100 System For full details on user administration functions, see the Command Line Interface Guide. User Privilege User accounts on the BelAir100 can be assigned the following three privilege levels: Levels observer • An user can execute only the following commands: show —most...

  • Page 20: Adding User Accounts

    BelAir100 User Guide User Administration Adding User adduser <user-name> -p <passwd> [-d <mode>] [-g <group>] Accounts root This command is only available if you are logged in as mode This command creates a new user account. The parameter sets the command mode that a user accesses when they log in.

  • Page 21: Displaying The Available User Accounts

    BelAir100 User Guide User Administration This command modifies the parameters of a user account. mode parameter sets the command mode that a user accesses when they log in. If unspecified, it defaults to a slash (/) so the user begins their session in root mode.

  • Page 22: Changing Your Password

    BelAir100 User Guide User Administration Changing Your passwd You can change your current password with the command. You will be first asked to enter your old password. Then you must enter your new Password password twice, to verify that you have typed it correctly. Note: The specified password is case sensitive and must be at least six characters long.

  • Page 23: Deleting Radius Servers

    BelAir100 User Guide User Administration shared secret parameter specifies the password for access to the RADIUS server. NAS IP address parameter specifies the Network Access Server (NAS) IP address for the BelAir100 RADIUS client. It is used when the unit is configured with multiple IP interfaces and matches the interface used to communicate with the given RADIUS server.
  • Page 24 BelAir100 User Guide User Administration Example /system# show authentication login Authentication Login is radius Radius Authentication server table ------------------------------------- Index Radius Server Address : 10.1.1.2 UDP port number : 1812 Radius Client Address : 0.0.0.0 Timeout : 10 -------------------------------------------- June 30, 2006 Confidential Page 24 of 147 Document Number BDTM10001-A05 Standard...

  • Page 25: System Settings

    This command displays the system’s configuration. To use this command you system must be in mode. and IP Parameters Example /# show system configuration BelAir System configuration -------------------------- Software version : BA50c 4.1.0 Default IP Addr Config Mode : Manual Switch name...

  • Page 26: Configuring The System Ip Parameters

    BelAir100 User Guide System Settings Example BA200-A The following example sets the system name to , the contact BelAirNetworks PoleNumber1 information to and its location to cd /system system switch contact location BA200-A BelAirNetworks PoleNumber1 Configuring the You can configure a static IP address and subnet mask, as well as static IP BelAir100 System routes.

  • Page 27: Configuring The System Date And Time

    BelAir100 User Guide System Settings Configuring the system You can manage the system date and time from the mode. The system date and time can be configured: System Date and • manually Time • using a Simple Network Time Protocol (SNTP) server Displaying System Date show date and Time...

  • Page 28: Obtaining Time From A Time Server

    BelAir100 User Guide System Settings Obtaining Time from a The BelAir100 supports the Simple Network Time Protocol (SNTP) by Time Server providing an SNTP client that can synchronize the unit date and time with any SNTP compatible external time server. Displaying the IP Address of the External SNTP Server show sntp ip address This command displays the value of the SNTP server IP address.

  • Page 29: Saving And Restoring The Belair100 Configuration

    BelAir100 User Guide System Settings show temperature limit lower show battery present show battery voltage These commands display the unit’s current internal temperature (in degrees Celsius), whether a battery is present and the battery’s current voltage. To use system these commands you must be in mode.

  • Page 30: Remote Back Up And Restore Of The Configuration Database

    BelAir100 User Guide System Settings These commands save and restore the country of operation, the alarm type mask and the alarm severity mask to persistent storage. The parameters are automatically activated the next time the system reboots. root Note: To restore the node parameters, you must be logged in as Example 1 /#cd system /system# save node_config...
  • Page 31 The configuration database in a software release may be structurally different than in other releases. Because of this, some of the restored configuration parameters may not be applied, or applied incorrectly. BelAir Networks strongly recommends that you fully verify the configuration and operation of the unit before you proceed any further and save the restored configuration.

  • Page 32: Common Radio Module Configuration Commands

    BelAir100 User Guide Common Radio Module Configuration Commands Common Radio Module Configuration Commands This chapter describes how to display and configure radio parameters that are common to both access radios and backhaul radios, including: • “Radio Mode or Disabling a Radio” on page 35 •...

  • Page 33: Backhaul Radio Operational Information

    BelAir100 User Guide Common Radio Module Configuration Commands Example 1 /# cd radio /radio# show arm1 config mode : enable [ap] Channel Privacy : enabled Rx Antenna : main Antenna Diversity : disabled TX antenna type : 3 (8 dbi) Tx Power : 27 dBm Profile...
  • Page 34 BelAir100 User Guide Common Radio Module Configuration Commands Example 1 The following example shows a typical output when the backhaul link is operational. /# cd radio /radio# show brm1 status Local Node Information ====================== Link state : up Current active channel : 56 Local RSSI : -78 dbm...

  • Page 35: Displaying The Mac Address

    BelAir100 User Guide Common Radio Module Configuration Commands channel radar radar holdoff-time required type detected remaining ------------------ --------- --------- ---------- ------------ ( primary ) unknown (secondary) unknown ==== No associated BRM ==== Displaying the MAC show {arm<n>|brm<n>} mac-address Address This command displays the MAC address of a backhaul radio or an access radio. Example /# cd radio /radio# show arm1 mac-address...

  • Page 36: Antenna Type

    BelAir100 User Guide Common Radio Module Configuration Commands set arm <n> mode command applies only to radios with part numbers B2CC000AA, B2CC000AB, B2CC011AA, B2CC011AA, B2CC043AA. If switched on, the access radio must be configured as an Access Point. If set to disable , the access radio is switched off.

  • Page 37: Channel Number

    0. Refer to your RF plan and site survey to determine if you need to set a secondary channel other than 0 or your primary channel. Note: After you change the channel number for the access radio, BelAir Networks recommends that you save your configuration and reboot the access radio.

  • Page 38: Transmission Power Level

    Use the command to display the radio’s part number. Note: After you change the transmission power for the access radio, BelAir Networks recommends that you save your configuration and reboot it. Rebooting the access radio will disrupt access traffic for approximately 20 seconds.

  • Page 39: Dynamic Frequency Selection

    BelAir100 User Guide Common Radio Module Configuration Commands Dynamic show {arm<n>|brm<n>} dfs Frequency set {arm<n>|brm<n>} dfs {enabled|disabled} These commands let you manage the Dynamic Frequency Selection (DFS) Selection root feature. The command is only available if you are logged in as These commands apply only if your unit contains a radio with part numbers /system/show phyinv B2CC034AA, B2CC034AB or B2CC033AA.

  • Page 40: Access Radio Configuration

    BelAir100 User Guide Access Radio Configuration Access Radio Configuration This chapter describes how to display and configure radio parameters that are specific to access radios, including: • “Client Information” on page 40 • “Access Radio Transmission Rates” on page 43 Other aspects of radio configuration and operation are described in: •...
  • Page 41 BelAir100 User Guide Access Radio Configuration Table 5: Output Field Descriptions (Continued) Field Description auth Authentication state of the client unauth default or initial state auth client is authorized for Open or WEP privacy eapAuth client is authorized for dot1x, WPA1 or WPA2 privacy pskErr Possible wrong WPAPSK key configured on client...
  • Page 42 BelAir100 User Guide Access Radio Configuration Table 5: Output Field Descriptions (Continued) Field Description dhcp Client DHCP state (applicable only if client uses dynamic IP addressing) init Client has just connected and has not yet started a DHCP sequence disc Client has sent a DHCP Discover message and is waiting for a DHCP Offer message to get its IP address.

  • Page 43: Displaying The Client Details

    BelAir100 User Guide Access Radio Configuration Example /# cd radio /radio# show arm1 client associated Total associated clients : 2 ss vlan mac addr identity rssi auth dhcp --- -- ---- ----------------- ------------------ ---------- ---- ------- ------ 00:0D:88:EF:B2:3D 10.1.50.108 mrussell eapAuth arpRes 00:0D:88:EF:B2:3E 10.1.60.108(s) anonymous...

  • Page 44: Access Radio Profile

    BelAir100 User Guide Access Radio Configuration Access Radio Profile show arm<n> profile set arm<n> profile {b|g|mixed} These commands let you manage whether the radio uses 802.11b rates, 802.11g rates or both. Table 6 describes the specific rates that are available for each setting.

  • Page 45: Access Radio Rates

    BelAir100 User Guide Access Radio Configuration Access Radio Rates show arm<n> rates set arm<n> rates {default|range|throughput|custom “<rates>”} These commands allow you to customize the radio rate settings listed previously. default setting resets the radio rate settings to match those listed previously.

  • Page 46: Backhaul Link Configuration

    B2CC001AA, B2CC001AB, B2CC034AA, B2CC034AB or B2CC033AA can provide P-to-P backhaul links. • 2.4 GHz multipoint-to-multipoint (MP-to-MP)—To create these types of links, the BelAir node must contain a radio with part numbers B2CC011AA, June 30, 2006 Confidential Page 46 of 147...
  • Page 47 BelAir nodes forming a cluster. Typically, a mesh cluster contains up to seven BelAir50C nodes and a mesh portal that can be any BelAir node. The mesh portal connects the cluster to the rest of the network.

  • Page 48: Backhaul Radio Service Set Identifiers

    BelAir100 User Guide Backhaul Link Configuration Backhaul Radio show brm<n> ssid Service Set brm<n> ssid <ssid_string> These commands do not apply to radios with part number B2CC033AA. They Identifiers let you manage the Service Set Identifier (SSID) for a backhaul radio. The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity.

  • Page 49: Ghz P-To-P Links

    These types of radios have part numbers B2CC001AA, B2CC001AB, B2CC034AA and B2CC034AB. They can form P-to-P backhaul links with any other 5 GHz BelAir radio except those with part number B2CC033AA. A wireless backhaul link (or association) can only be established between two backhaul radios if all the following conditions are met: •...

  • Page 50: Ghz Mp-To-Mp Links

    For MP-to-MP links, the link identifier is also known as a mesh identifier. It is the same for all members of a particular mesh cluster. Example /radio# set arm1 link topology mesh identifier BelAir-mesh 5 GHz MP-to-MP set {arm<n>|brm<n>} link identifier <lnk_id> topology mesh...

  • Page 51: Additional Mp-To-Mp Link Commands

    P-to-MP links. It identifies the specific link that the commands applies to. Example 1 /radio# show arm1 link config Link Identifier : BelAir Networks Mesh Link Topology : Mesh (enabled) Portal State : no Isolate RSTP...

  • Page 52: Managing Bandwidth

    It also applies to all clients that are associated to the radio. Note: Although this command may be used on any BelAir unit with the proper hardware, it is intended for use mainly on units that are part of a mesh cluster.

  • Page 53: Managing The Mesh Blacklist

    BelAir100 User Guide Backhaul Link Configuration Link Active MP RadioMAC Radio NodeMac NodeIP -- -------- ----- -------- ------ 00:0d:67:00:33:c5* arm1 00:0d:67:00:33:c4 10.1.3.131 00:0d:67:00:33:e5 arm1 00:0d:67:00:33:e4 10.1.3.132 00:0d:67:00:4c:9ep arm1 00:0d:67:00:0e:90 10.1.3.101 Link Matrix ------+------+------+ | -67* | -53* | |------+------+------+ 2| -65* | | -68 |------+------+------+ 3| -50* | -71* |...

  • Page 54: Doing A Mesh Survey

    BelAir100 User Guide Backhaul Link Configuration Typically, these commands are used to disable an unstable link. This behavior may occur when either radio at each end of the link is operating at the limit of its sensitivity. As well, these commands can be used to disable a particular link if the RF plan for the cluster predicts low RSSI values for it.

  • Page 55: Mesh Portal Attribute

    RSTP BPDUs. BelAir Networks recommends that you do not change this setting unless advised to do so by BelAir Networks technical support staff. An improper settings of this parameter may result in subsequent RSTP topology issues.

  • Page 56: Associated And Peer Backhaul Radio Mac Addresses

    BelAir100 User Guide Backhaul Link Configuration 00:0d:67:00:2d:af 00:0d:67:00:14:87 Number of accepted remote mesh points: 6 Example 2 /radio# show arm1 mesh-accepted These remote mesh points have been accepted: 00:0d:67:00:2d:7d 00:0d:67:00:2d:c0 00:0d:67:00:1f:4a 00:0d:67:00:01:05 00:0d:67:00:2d:af 00:0d:67:00:14:87 Number of accepted remote mesh points: 6 Associated and This feature applies only to radios with part numbers B2CC001AA, B2CC001AB, B2CC034AA and B2CC034AB.

  • Page 57: Statically Configuring The Peer Backhaul Radio Mac Address

    BelAir100 User Guide Backhaul Link Configuration This command copies the value of the currently associated backhaul radio MAC address to the peer MAC address. Statically Configuring The peer backhaul radio MAC address can be set with the desired remote the Peer Backhaul Radio backhaul radio’s MAC address with the following command: MAC Address set brm<n>...

  • Page 58: Example - Associated And Peer Backhaul Radio Mac Addresses

    BelAir100 User Guide Backhaul Link Configuration Example – Associated The following example shows a typical sequence of commands to force a and Peer Backhaul backhaul radio association with a different remote node: Radio MAC Addresses Example # Previous desired peer MAC address /radio# show brm1 peer mac address 00:0d:67:00:11:6c /radio# show brm1 associated mac address...

  • Page 59: Wireless Security

    BelAir100 User Guide Wireless Security Wireless Security This chapter describes how you can set up security to encrypt your wireless transmissions so that your data cannot be deciphered if it is intercepted, and to prevent access to the network by unauthorized clients. The following topics are covered: •...

  • Page 60: Table 7: Implementing Combinations Of Encryption And Authentication Options

    BelAir100 User Guide Wireless Security Table 7 shows which CLI commands to use to implement the various encryption and authentication options combinations. Table 7: Implementing Combinations of Encryption and Authentication Options Authentication Option Encryption Option Pre-shared key RADIUS 802.1X (EAP) WEP PSK dot1x (See “Pre-Shared Key WEP Encryption”...

  • Page 61: Pre-Shared Key Wep Encryption

    BelAir100 User Guide Wireless Security Pre-Shared Key WEP show arm<n> wep-encryption [ssidx <ssid_index>] Encryption set arm<n> wep-encryption psk <key> {enabled|disabled} [ssidx <ssid_index>] set arm<n> wep-encryption disabled [ssidx <ssid_index>] These commands let you manage WEP encryption with a pre-shared key. The pre-shared key consists of exactly 5 or 13 bytes (for 40 or 104 bit encryption, respectively).
  • Page 62 BelAir100 User Guide Wireless Security Showing, Adding and Deleting RADIUS Servers show arm<n> radius-server arm<n> radius-server <ip address> <port> ( [rac-port <radius_acc_port>] <shared secret> [interface <NAS IP address>] [{default|timeout <seconds>} <SSID_index> ] ) [ssidx del arm<n> radius-server <ip address> <port> [ssidx <ssid_index>] You can configure more than one RADIUS server for each node and for each SSID.
  • Page 63 BelAir100 User Guide Wireless Security radius_acc_port parameter specifies the port number for RADIUS accounting data. The default value is 1813. ssid_index parameter must be a valid SSID index. The default value is 1. Example 1 /# cd radio /radio# add arm1 radius-server 172.16.1.20 1812 ”radius-shared-secret”...

  • Page 64: Authentication With Wep Encryption

    BelAir100 User Guide Wireless Security Example 2 /# cd radio /radio# set arm1 radius-reauth-time 3 Setting and Displaying the Network Access Server Identifier show arm<n> radius-nas-identifier [ssidx <ssid_index>] set arm<n> radius-nas-identifier <name> [ssidx <ssid_index>] These commands let you manage the RADIUS Network Access Server (NAS) identifier.
  • Page 65 BelAir100 User Guide Wireless Security bits40 bits104 If WEPKEY is set to , the keys are automatically obtained (either 40 or 104 bits). All wireless clients must support 104-bit keys, in case a 104-bit key is used. CAUTION! You must disable PSK WEP encryption if you want to use an option other than PSK.

  • Page 66: Wpa1 Authentication

    BelAir100 User Guide Wireless Security WPA1 Authentication show arm<n> wpa1 [ssidx <ssid_index>] set arm<n> wpa1 ( [{eap|psk <secret string>}] [rekey {no|kpackets <count>|seconds <seconds>}] [update {yes|no}] [ssidx <ssid_index>] {enabled|disabled} ) These commands let you to manage WPA1 authentication. Note: The syntax statement for the command contains parentheses ( ) rekey update...

  • Page 67: Wpa2 Authentication

    BelAir100 User Guide Wireless Security Example /# cd radio /radio# show arm1 wpa1 ssidx 15 wpa1 authen : eap wpa1 psk key : undef rekey method : no update : disabled state : enabled Additional Considerations Make sure to set an access radio SSID other than the default before enabling WPA1.

  • Page 68: Wireless Client Access Control List

    BelAir100 User Guide Wireless Security • semicolon (;) • question mark (?) • double quotation mark (“) You can also use WPA2 with a RADIUS server by specifying instead of a pre-shared key. In this case, at least one RADIUS server must be pre-configured.

  • Page 69: Mac Authorization Response Timeout

    BelAir100 User Guide Wireless Security Typically, you enable ACL mode only after you have added all the desired MAC addresses to the control list. Note: This is a different list than the secure port mode access list. CAUTION! When used with multiple SSIDs, this method affects wireless clients attempting to associate with any of the SSIDs.

  • Page 70: All Other Backhaul Radios

    BelAir100 User Guide Wireless Security The pre-shared key must be exactly 32 bytes long (16 characters). The pre-shared key can be specified as a hexadecimal or ASCII string and must not contain the following characters: • exclamation mark (!) • bar (|) •...

  • Page 71: Controlling Inter-Client Communication

    BelAir100 User Guide Wireless Security Example 1 /# cd radio /radio# show brm1 privacy status enabled Example 2 /# cd radio /radio# set brm1 privacy enabled Controlling By default, wireless clients associated to an access radio can communicate to one another (assuming they are able to determine the IP addresses of their Inter-client peer wireless clients).

  • Page 72: Disabling Or Enabling Access Radio Wireless Bridging

    BelAir100 User Guide Wireless Security Disabling or Enabling show arm<n> wireless-bridge [ssidx <ssid_index>] Access Radio Wireless set arm<n> wireless-bridge {enabled|disabled} Bridging [ssidx <ssid_index>] These commands let you manage wireless bridging. [ssidx <ssid_index>] parameter applies only if your unit contains a radio with part numbers B2CC011AA, B2CC011AB, B2CC043AA or B2CC033AA.
  • Page 73 BelAir100 User Guide Wireless Security source MAC address matches one of the MAC addresses in its white list. The white list can contain up to 32 MAC addresses. In effect, while in this mode the access radio acts as a firewall for all Layer 2 frames arriving from inside the network for the wireless clients.

  • Page 74: Detecting Rogue Access Points

    BelAir100 User Guide Wireless Security Example 2 /# cd radio /radio# set arm1 secure-port enabled Detecting Rogue Rogue access points may be installed on a corporate network by employees using low-cost equipment they purchased themselves. The rogue access points Access Points are often installed inside the corporate firewall with even the most basic security settings disabled, thus creating the potential for network security breaches.
  • Page 75 RSSI. This rogue is located within the field of view of the BelAir100 that is performing the rogue query. The rogue likely interferes most with the BelAir nodes for ABC Ltd deployed on channels 4 and 8.

  • Page 76: Managing Access Radio Ssids

    MAC address. By enabling a BSSID, you are effectively creating a virtual AP for the associated clients that use that SSID. Note: To maximize multipoint-to-multipoint mesh performance, BelAir Networks recommends that you do not enable BSSIDs on BelAir50C and BelAir50S platforms.
  • Page 77 SSID 1 without mapping it to a VLAN. Note 2: After you set or change an SSID for the access radio, BelAir Networks recommends that you save your configuration and reboot it. Rebooting the access radio will disrupt access traffic for approximately 20 seconds.

  • Page 78: Managing Basic Ssids

    BelAir100 User Guide Managing Access Radio SSIDs Managing Basic set arm<n> mbssid [ssidx <ssid_index>] {enabled|disabled} SSIDs show arm<n> mbssid These commands apply to all access radios except those with part numbers /system/show phyinv B2CC000AA or B2CC000AB. Use the command to display the radio’s part number.

  • Page 79: Displaying The List Of Associated Clients For A Given Access Radio Ssid

    BelAir100 User Guide Managing Access Radio SSIDs -- ---- ---- ---- normal BelAir_1 normal BelAir_2 normal BelAir_3 Displaying the List arm<n> ssidx show client associated [ <ssid_index>] of Associated This command displays the list of associated wireless clients for a given SSID. If no SSID is specified, the displayed list shows all associated clients and their Clients for a SSID.
  • Page 80 BelAir100 User Guide Managing Access Radio SSIDs Table 8: Output Field Descriptions (Continued) Field Description dhcp Client DHCP state (applicable only if client uses dynamic IP addressing) init Client has just connected and has not yet started a DHCP sequence disc Client has sent a DHCP Discover message and is waiting for a DHCP Offer message to get its IP address.
  • Page 81 BelAir100 User Guide Managing Access Radio SSIDs Example /# cd radio /radio# show arm1 client associated Total associated clients : 2 ss vlan mac addr identity rssi auth dhcp --- -- ---- ----------------- ------------------ ---------- ---- ------- ------ 00:0D:88:EF:B2:3D 10.1.50.108 mrussell eapAuth arpRes 00:0D:88:EF:B2:3E 10.1.60.108(s)

  • Page 82: Layer 2 Network Configuration

    BelAir100 User Guide Layer 2 Network Configuration Layer 2 Network Configuration The BelAir100 behaves as a layer 2 switch and transparent bridge without the need to configure any software features. However, to control and manage the traffic inherent in a bridge (for example, broadcast and flooding), you can invoke layer 2 features, such as Virtual LANs (VLANs), that divide traffic among several sets of users and restrict broadcast to the respective VLANs.

  • Page 83: Using Virtual Lans

    BPDUs. However, clients are allowed to operate as router to allow features such as sharing a wireless Internet connection. For this type of operation, BelAir Networks recommends that the computer with the wireless connection to the BelAir100 have its operating system configured to act as a router.

  • Page 84: Configuring The Ip Address Of A Vlan

    DHCP server to not supply any default routes. This avoids the possibility of the DHCP server providing two different default routes to two different IP interfaces on the same BelAir platform (for example, a management IP interface and a VLAN IP interface). To configure a...

  • Page 85: Managing Egress Node Traffic

    132.168.255.255 dynamic Managing Egress In a BelAir network, the LPM port of a node can act as an egress point for the backhaul traffic of many other nodes. The other nodes may be connected to Node Traffic the egress node through point-to-point, point-to-multipoint or multipoint-to-multipoint links.
  • Page 86 BelAir100 User Guide Layer 2 Network Configuration These commands let you manage list of VLAN IDs. By default, the list is empty meaning that all traffic is allowed to enter or leave the LPM port of the egress node. If you add a VLAN ID to the list, then only traffic belonging to that VLAN can enter or leave the LPLM port of the egress node.

  • Page 87: Using Layer 2 Tunnels

    IP packet and then sends the packet to a Tunnel End Point (TEP). The TEP is usually part of a network central router. The BelAir implementation of Layer 2 tunnels currently operates with a Cisco 7200 router or equivalent.

  • Page 88: Configuring The Belair Node For Layer 2 Tunneling

    AP. Each BelAir AP can have up to five tunnels to one or more TEPs. The end points of a layer 2 tunnel are identified by their IP addresses. The IP address of the BelAir tunnel end point can be the IP address of the unit’s management...

  • Page 89: Displaying Tunnel Configuration And Status

    Use mode when the BelAir unit puts only its own access traffic into the tunnel. Use egress mode when the BelAir unit puts its own access traffic and that of many other units into the tunnel.

  • Page 90: Mapping User Traffic

    BelAir100 User Guide Using Layer 2 Tunnels create multiple tunnels to the same peer or to different peers. Each tunnel carries just one L2TP session. The <index> parameter is used for easy reference when using other show tunnels commands. It can be displayed with the command.

  • Page 91: Quality Of Service Settings

    The commands described in this section apply strictly to the BelAir unit that you are currently logged on to. You must repeat them on each related BelAir unit. For example, when specifying that particular VLAN traffic has a particular priority, you must execute the associated commands on each possible BelAir unit in the path of that VLAN.

  • Page 92: Prioritizing Traffic Based On User Priority Bits

    BelAir100 User Guide Quality of Service Settings Once VLANs have been created, you configure the node traffic to have different priorities based on User Priority bits (0 to 7) or VLAN IDs. Prioritizing Traffic map up <0-7> to queue <0-3> Based on User To use this command, you must be in mode.

  • Page 93: Enabling Or Disabling Wireless Multi-Media

    Selecting means that the BelAir node uses Enhanced Distributed Channel Access (EDCA) priority queuing., including support for transmit opportunities (TXOP). EDCA and TXOP are part of the Wi-Fi Multimedia (WMM) specification.

  • Page 94: Resetting The Qos Configuration

    DSCP field value. Selecting means that traffic is sent to the four BelAir priority queues based on the highest priority value of both either the UP field or the DSCP field. By default, QoS mapping is set to Table 11 shows the mapping of the UP value and the DSCP value to the priority queue.

  • Page 95: Resetting The Qos Configuration For A Vlan

    BelAir100 User Guide Quality of Service Settings Resetting the QoS set vlan id <1-2815> qos default Configuration for To use this command, you must be in mode. a VLAN This command resets any QoS configuration made for a particular VLAN. After this command is executed, the packets with the specified VLAN ID are no longer prioritized and are transmitted transparently.

  • Page 96: Displaying The Prioritization Settings

    BelAir100 User Guide Quality of Service Settings Qos Vlan Id Configuration ------------------------ Vlan Id : 100 Vlan Qos Status : Enabled User Priority Queue Map Displaying the show qos user priority map Prioritization To use this command, you must be in mode.

  • Page 97: Belair100 Statistics

    BelAir100 User Guide BelAir100 Statistics BelAir100 Statistics The BelAir100 collects a large number of statistical information which can help you determine the state of your wireless network, as well as pinpoint any potential source of troubles (as, for instance, congested links or repeated attempts to gain unauthorized access to the network).

  • Page 98: Performing A Software Upgrade

    The upgrade process in this document contains guidelines to help you verify a unit. For instructions on how to downgrade a unit, contact BelAir Networks. Upgrade Process root...

  • Page 99: Figure 6: Active And Standby Software Loads

    BelAir100 User Guide Performing a Software Upgrade Figure 6: Active and Standby Software Loads BelAir Unit Active Software Load Pointer to software load for next restart Active Standby Software Load Software Load Under normal operating conditions, the contents of the two software load banks are identical.

  • Page 100: Downloading A New Software Load

    However, while the existing configuration data is saved (upgraded) during a software upgrade, the existing configuration data could be lost (erased) during a software downgrade. BelAir Networks recommends that you save and remotely store the current existing configuration database in case you choose to downgrade a software load.

  • Page 101: Canceling A Software Upgrade

    Figure 7: Software Upgrade Step 3 - Downloading the New Software Load BelAir Unit Active Software Load...

  • Page 102: Activating A Software Load

    Note: Rebooting a unit as part of a software upgrade can take significantly longer, up to 20 minutes, depending on the unit’s configuration. Verifying the New BelAir Networks recommends that you fully verify the configuration and operation of an upgraded unit before you commit the new load. Use the Software Load following steps as guidelines.

  • Page 103: Backing Out From A Software Upgrade

    After the new software load has been committed, you can no longer back out of the upgrade; but you can downgrade the unit. For instructions on how to downgrade a unit, contact BelAir Networks. Figure 8: Software Upgrade Step 7 - Commit the Software Load...

  • Page 104: Figure 9: Backing Out From An Uncommitted Software Upgrade

    BelAir100 User Guide Performing a Software Upgrade Figure 9: Backing Out from an Uncommitted Software Upgrade BelAir Unit Active Software Load Pointer to software load for next restart Activate old software load Software Load Software Load Backout: Overwrite new software...

  • Page 105: Displaying The Status Of The Software Upgrade

    BelAir100 User Guide Performing a Software Upgrade reboot 3 Reboot the system, with the command. Note: Rebooting a unit as part of a software upgrade can take significantly longer, up to 20 minutes, depending on the unit’s configuration. commit 4 Run the command.

  • Page 106: Belair100 Network Example

    Figure 10: Simple BelAir200 and BelAir100 Network Configuration Switch and Pubic BA200-A Access Control 172.16.100.1 Gateway BRM1 Mode: AP MAC address: 00:0d:67:00:0A:01 BRM1 Mode: Client BA100-A MAC address: 172.16.100.3 00:0d:67:00:0B:01 BA200-B 172.16.100.2 BRM2 BRM1 Mode: AP Mode: Client MAC address: Configuration...

  • Page 107: Configuration Of Ip Parameters

    As shown in Figure 10, all units are assigned static IP addresses, namely 172.16.100.1 for BA200-A, 172.16.100.2 for BA200-B and 172.16.1.3 for IP Parameters BA100-A. Start a secure CLI session to BA200-A, using the default IP address (10.1.1.10). root passwd...

  • Page 108: Configuration Commands For Ba200-A

    BelAir100 User Guide BelAir100 Network Example Configuration 1 Configure the country of operation: Commands for cd /system BA200-A /system# set country ca /system# save node_config /system# reboot 2 Configure the wireless parameters, starting with the access radio SSID and privacy: cd /radio /radio# set arm1 ssid BA200-A-1 ssidx 1 vlan 230 /radio# set arm1 wep-encryption psk 3132333435 enabled ssidx 1...

  • Page 109: Configuration Commands For Ba100-A

    /radio# set arm1 ssid BA100-A-1 ssidx 1 vlan 230 /radio# set arm1 wep-encryption psk 3132333435 enabled ssidx 1 /radio# config-save 3 Configure the backhaul radio, namely, the BA100 end of the BA200B-BA100A link cd /radio /radio# set brm1 channel 61...

  • Page 110: For More Information

    For More Information For More Information BelAir Networks documentation is modular and organized to be of best use to you during the logical process of setting up a network of BelAir devices. Use the documents as outlined in the following sections.

  • Page 111: Working Out Details

    Table 13: More Information — Working Out Details Details When you are: Use these documents: • Becoming accustomed to the BelAir Products Web Interface BelAir100 web interface Guide • Becoming accustomed to the BelAir100 System CLI Guide BelAir100 SNMP interface •...

  • Page 112: On The Road And In The Field

    Field When you are: Use these documents: • In the field deploying a BelAir100 “Technical Support” chapters found network at the end of every BelAir technical • Troubleshooting and in need of document technical support June 30, 2006 Confidential...

  • Page 113: Technical Support

    2 If the troubleshooting section does not cover your situation, contact your BelAir Networks product representative 3 If you still need assistance, use the BelAir Networks online support center at www.support.belairnetworks.com 4 Finally, if your issue is not resolved, contact BelAir Networks: —613-254-7070...

  • Page 114: Alarm Types And Severity

    BelAir100 User Guide Technical Support not persistent. The BelAir100 maintains the history of the last 10 000 reported alarms. The alarm history is persistent during normal operation. system The alarm and event subsystem is accessible in mode, where you can: •...

  • Page 115: Displaying The Alarm History

    BelAir100 User Guide Technical Support In the active alarm display: • The field indicates the log index number. Ignored • The field indicates whether or not a SYSLOG and SNMP trap notification was sent for this item. See “Setting the Alarm Type Mask” on page 116 and “Setting the Alarm Severity Mask”...

  • Page 116: Setting The Alarm Type Mask

    BelAir100 User Guide Technical Support show alarm history displayed alarm and re-issue the command with the <log_idx> appropriate parameter. See the following examples. Example 1 The following example displays the five most recent alarms. /# system/show alarm history 5 Displaying 5 alarm history entries: Date/Time (UTC) Severity Status...

  • Page 117: Setting The Alarm Severity Mask

    Alarm Notification type mask: dcom(1), eqpt(1), sw(1), qos(1), env(1), secu(1), sys(1) Alarm severity mask: critical(1), major(1), minor(1), warning(1), info(1) Alarm Definitions Table 16 describes the alarms that are displayed by the BelAir user interface. Table 16: BelAir User Interface Alarms Alarm Description...
  • Page 118 BelAir100 User Guide Technical Support Table 16: BelAir User Interface Alarms (Continued) Alarm Description Text: Temperature below low temperature threshold Trigger condition: Internal temperature is below -40 degree C. Severity: Major Text: Temperature sensor malfunction Trigger condition: System cannot read the temperature sensor.
  • Page 119 BelAir100 User Guide Technical Support Table 16: BelAir User Interface Alarms (Continued) Alarm Description Text: Battery active. Main power failure. Trigger condition: Lost main power and switched to battery operation. Severity: Critical Text: Battery missing. Trigger condition: Battery is not present.
  • Page 120 BelAir100 User Guide Technical Support Table 16: BelAir User Interface Alarms (Continued) Alarm Description Text: T1 <n> AIS (alarm indication signal) Trigger condition: Detected an AIS signal from the <n> T1 interface. Severity: Major Text: T1 <n> LOF (loss of frame) Trigger condition: Detected lost of frame from the <n>...

  • Page 121: Using Syslog

    BelAir100 User Guide Technical Support Table 16: BelAir User Interface Alarms (Continued) Alarm Description Text: Communication failure. Trigger condition: System has lost communication with a card. Severity: Critical Text: Link down. Trigger condition: One of the links in the star topology has lost connectivity.

  • Page 122: Configuring The Syslog Server Ip Address

    BelAir100 User Guide Technical Support System Log Information ---------------------- Log Status : Enable Monitor Logging : Enable Log Server IP : None Log Levels: critical Configuring the logserver <ip address> SYSLOG Server IP root This command is only available if you are logged in as Address This command sets the SYSLOG server IP address for remote logging.

  • Page 123: Enabling Or Disabling Logging

    BelAir100 User Guide Technical Support This command restricts logging to messages at the specified level and below (in the sequence of appearance in the command). Note: The SYSLOG message severity levels are separate and distinct from the alarm severity levels. Example /#cd syslog /syslog# loglevel error...

  • Page 124: Definitions And Acronyms

    BelAir100 User Guide Definitions and Acronyms Definitions and Acronyms Access Control List Access Radio Module Antenna Selection Module Access point A wireless LAN data transceiver that uses radio waves to provide connectivity services to a network Beacon A protocol packet that signals the availability and presence of a wireless device Bridge identifier used in spanning-tree calculations BPDU Bridge protocol data unit.
  • Page 125 BelAir100 User Guide Definitions and Acronyms Operations, Administration and Maintenance Organizationally Unique Identifier (first 3 bytes of a MAC address) Quality of Service Protocol Data Unit RADIUS Remote Authentication Dial-In User Service. An Internet protocol (RFC 2138) for carrying dial-in users' authentication information and configuration information between a shared, centralized authentication server (the RADIUS server) and a network access server (the RADIUS client) that needs to authenticate the users of its network access ports...

  • Page 126: Appendix A: Node Configuration Sheets

    BelAir100 User Guide Node Configuration Sheets Appendix A: Node Configuration Sheets You can use this sample worksheet to document the basic configuration of a BelAir100 unit. Store your worksheets in a secure location because they contain sensitive information (super-user password and privacy keys). Unit part number (located on the sticker affixed to the unit):__________________________ Unit serial number (located on the sticker affixed to the unit):__________________________ Super-user password: ____________________________...
  • Page 127 BelAir100 User Guide Node Configuration Sheets Access Radio ARM1 (if equipped) Phys. Ch# ________ Privacy Setting Table (optional) WPA1/2 PSK SSID RADIUS Server List 802.1X WPA1/2 (5 or 13 bytes) (8 to 63 bytes) 1. ________________ Y or N 1. ________________ ______________ Y or N Y or N...
  • Page 128 BelAir100 User Guide Node Configuration Sheets Backhaul Radio BRM1 (if equipped) SSID: ____________________________ Phys. Ch#__________ Key Id Type (Wep or TKIP) Key Value (5 or 13 ASCII characters if WEP, or 16 ASCII characters if TKIP) ____________________ _____________________________________________________________________ BRM2 (if equipped) SSID: ____________________________ Phys.

  • Page 129: Appendix B: Belair100 Factory Defaults

    BelAir100 User Guide BelAir100 Factory Defaults Appendix B: BelAir100 Factory Defaults This appendix does the following: • shows you how to reset a BelAir100 configuration to its factory default settings • describes the factory default settings for the BelAir100 Resetting a You can reset the configuration of a BelAir100 to the factory default settings by using a CLI command or a Reset Dongle.

  • Page 130: Figure 11: Reset Dongle

    BelAir100 User Guide BelAir100 Factory Defaults Figure 11: Reset Dongle To perform this procedure, you need physical access to the unit. CAUTION! By performing the following procedure, all local configuration data will be replaced by default factory settings. You will not be able to recover any local configuration data.

  • Page 131: Figure 12: Removing Cover From A Belair100

    BelAir100 User Guide BelAir100 Factory Defaults Figure 12: Removing Cover from a BelAir100 3 Plug the Reset Dongle into the unit battery connector jack. See Figure 13. Figure 13: Installing a Reset Dongle 4 Wait until the power indicator LED turns from green to amber, indicating that the unit is rebooting.

  • Page 132: Factory Defaults Settings

    BelAir100 User Guide BelAir100 Factory Defaults Factory Defaults The following sections describe the default factory settings for a BelAir100 unit. Settings Default Node Configuration Table 17: Default OAM IP Addressing Parameter Setting management IP address 10.1.1.10/24, Static sub-network mask 255.255.255.0 management interface VLAN1 Table 18: Default Country of Operation...

  • Page 133: Default Radio Module Configuration

    BelAir100 User Guide BelAir100 Factory Defaults Table 20: Default Services (Continued) Parameter Setting remote SYSLOG server none Default Radio Module Configuration Table 21: Default Mesh Settings (if equipped) Parameter Setting channel mesh identifier BelAirNetworks privacy disabled encryption key 0x00000000000000000000000000000000 mesh point type multipoint mesh portal traffic limit...

  • Page 134: Table 23: Default Brm Settings

    (no encryption) MSSID disabled SSID 1 BelAir Networks Access Radio Table 23: Default BRM Settings Parameter Setting mode disabled physical channel number BRM1(if equipped) 54 (prim. channel), 0 (sec. channel) BRM2 (if equipped) 66 (prim.

  • Page 135: Default Qos Settings

    BelAir100 User Guide BelAir100 Factory Defaults Table 23: Default BRM Settings (Continued) Parameter Setting beacon period 100 milliseconds RTS threshold 2347 fragmentation threshold 2346 short retries long retries authentication response timeout 500 milliseconds association response timeout 500 milliseconds Table 24: BRM Default Key Settings Key Number Type Key Value (ASCII String) 1234567890123...

  • Page 136: Appendix C: Connecting To The Ethernet Interface

    BelAir100 User Guide Connecting to the Ethernet Interface Appendix C: Connecting to the Ethernet Interface This appendix describes the connection method to use if you can not connect to the BelAir100 unit through its radio modules, as when you are configuring the unit for the first time.

  • Page 137: Connection Procedure

    BelAir100 User Guide Connecting to the Ethernet Interface Connection To connect to the unit’s Ethernet port, do the following steps: Procedure 1 Access the Ethernet port of the unit by removing the unit’s cover. Set aside the screws and washers for use later. A no. 2 Phillips screwdriver is required.

  • Page 138: Figure 16: Connection Setup For Belair100 With An Optical Ethernet Interface

    BelAir100 User Guide Connecting to the Ethernet Interface Figure 16: Connection Setup for BelAir100 with an Optical Ethernet Interface 100 BASE-TX 100 BASE-FX Media Converter BelAir100 Configuration Terminal June 30, 2006 Confidential Page 138 of 147 Document Number BDTM10001-A05 Standard...

  • Page 139: Detailed Table Of Contents

    BelAir100 User Guide Detailed Table of Contents Detailed Table of Contents About This Document ........3 Typographical Conventions .
  • Page 140 BelAir100 User Guide Detailed Table of Contents Changing Your Password ........22 Configuring Authentication for User Accounts .
  • Page 141 BelAir100 User Guide Detailed Table of Contents Transmission Power Level ........38 Dynamic Frequency Selection .
  • Page 142 BelAir100 User Guide Detailed Table of Contents Wireless Security ........59 Configuring Security for Wireless Clients .
  • Page 143 Using Layer 2 Tunnels ....... . . 87 Configuring the BelAir Node for Layer 2 Tunneling ....88 Displaying Tunnel Configuration and Status .
  • Page 144 Configuration Commands for BA200-B ....108 Configuration Commands for BA100-A ....109 Additional Backhaul Configuration Options .
  • Page 145 BelAir100 User Guide Detailed Table of Contents Resetting to Factory Defaults with a Reset Dongle ..129 Factory Defaults Settings ........132 Default Node Configuration .
  • Page 146 Table 3: BelAir Enterprise MIBs ........

  • Page 147: Document Number Bdtm10001-A05 Standard

    BelAir100 User Guide BelAir Networks Inc. General Information Sales Visit us on the web at: 603 March Road info@belairnetworks.com sales@belairnetworks.com Kanata, Ontario www.belairnetworks.com Canada Technical Support K2K 2M5 techsupport@belairnetworks.com 1-877-BelAir1 (235-2471) 613-254-7070 June 30, 2006 Confidential Page 147 of 147...

This manual is also suitable for:

Belair100

Table of Contents