1. Manuals
  2. Brands
  3. Chantry Manuals
  4. Network Hardware
  5. BeaconWorks
  6. User manual

Chantry BeaconWorks User Manual

Highly scalable wireless local area network
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Chantry's next generation of wireless networking devices
Chantry
provide a truly scalable WLAN solution. Chantry's
BeaconWorks
BeaconPoints are thin access points that are controlled

User Guide

through a sophisticated network device, the BeaconMaster.
This solution provides the security and manageability
required by enterprises and service providers alike.
BeaconMaster
BeaconPoint
BeaconWorks Release 2.0
Chantry Networks Inc. Copyright 2004. All rights reserved.
BeaconWorks Rel 2.0 (051304)
Page 1 of 134

Advertisement

Table of Contents
loading

Summary of Contents for Chantry BeaconWorks

  • Page 1: User Guide

    BeaconMaster. This solution provides the security and manageability required by enterprises and service providers alike. BeaconMaster BeaconPoint BeaconWorks Release 2.0 Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 1 of 134...

  • Page 2: Table Of Contents

    Conventional Wireless LANS ............... 4 The Chantry BeaconWorks Solution ............5 BeaconWorks and Your Enterprise Network ............. 8 Network traffic flow in the BeaconWorks System ......... 8 Network security ................... 9 Interaction with Wired Networks: Virtual Network Services......10 Static Routing and Routing Protocols............10 Policy: Packet Filtering ................
  • Page 3 View Statistics for BeaconPoints .............. 113 View Reports .................... 114 BeaconMaster Configuration: Setting up SNMP ........... 115 Appendix 1: BeaconWorks System States and LEDs ........118 Appendix 2: Glossary of Terms and Acronyms ..........120 Appendix 3: Index of Procedures, Screens and Figures ....... 131 Chantry Networks Inc.

  • Page 4: The Chantry Beaconworks Solution

    BeaconWorks User Guide – The Chantry BeaconWorks Solution The Chantry BeaconWorks Solution The BeaconWorks system is a highly scalable wireless local area network (WLAN) solution developed by Chantry Networks Inc. Based on a third generation WLAN topology, the BeaconWorks system makes wireless practical for medium and large- scale enterprises and for service providers.

  • Page 5: The Chantry Beaconworks Solution

    Or a conference full of delegates and exhibitors. Clearly, there must be a better way than setting up each access point individually. The Chantry BeaconWorks Solution The Chantry Networks BeaconWorks solution consists of two devices: controller is a rack-mountable network device designed to be BeaconMaster integrated into an existing wired Local Area Network (LAN).

  • Page 6: Figure 2: Chantry Beaconworks Solution

    BeaconWorks User Guide – The Chantry BeaconWorks Solution There can be several BeaconMasters in the network, each with its set of registered BeaconPoints. The BeaconMasters can also act as backups to each other, providing stable network availability. In addition to the BeaconMasters and BeaconPoints, the solution requires two other components, which are standard for enterprise and service provider networks: •...
  • Page 7 BeaconWorks User Guide – The Chantry BeaconWorks Solution Putting control on an intelligent centralized BeaconMaster enables: • centralized configuration, management, reporting, maintenance • high security • flexibility to suit enterprise • scalable and resilient deployments with a few BeaconMasters controlling hundreds of BeaconPoints.

  • Page 8: Beaconworks And Your Enterprise Network

    BeaconWorks User Guide – BeaconWorks and Your Enterprise Network BeaconWorks and Your Enterprise Network Network traffic flow in the BeaconWorks System The diagram below shows a simple configuration with a single BeaconMaster and two BeaconPoints, each supporting a wireless device. A RADIUS server on the network provides authentication, and a DHCP server is used by the BeaconPoints to discover the location of the BeaconMaster during the initial registration process.

  • Page 9: Network Security

    WPA version 1. (BeaconWorks Release 2.0) • Advanced Encryption Standard (AES). Authentication The Chantry BeaconMaster relies on a RADIUS server, or authentication server, on the enterprise network to provide the authentication information (whether the user is to be allowed or denied access to the network).

  • Page 10: Interaction With Wired Networks: Virtual Network Services

    Note: In BeaconWorks Release 2.0, each radio on a BeaconPoint can participate in up to four VNSs, via the multi-SSID function. Static Routing and Routing Protocols Routing can be used on the BeaconMaster to support the VNS definitions.

  • Page 11: Mobility And Roaming

    BeaconWorks User Guide – BeaconWorks and Your Enterprise Network In the BeaconWorks system, policy is carried out by means of packet filtering, within a VNS. In the BeaconMaster user interface, you set up a filtering policy by defining a set of hierarchical rules that allow (or deny) traffic to specific IP addresses, IP address ranges, or services (ports).

  • Page 12: Beaconworks Release 2.0 Features: Overview

    Backwards compatibility with Release 1.1 on the BeaconMaster Upgrading to BeaconWorks 2.0 requires a migration of the database on the BeaconMaster. In order to preserve the BeaconMaster network configurations that you defined in Release 1.1 software, the new release provides scripts that migrate the configuration data into the new data format.

  • Page 13: Privacy Using Wi-Fi Protected Access (Wpa)

    SNMP monitoring machine on a network. Event reporting using Syslog In addition to viewing BeaconWorks event messages in the BeaconWorks Reports and Displays area of the user interface, you can also set up the BeaconMaster to relay event messages on to a centralized Event Server on your enterprise network.

  • Page 14: Capacity For Redundant Radius Servers

    BeaconWorks User Guide – BeaconWorks Release 2.0 Features: Overview Capacity for Redundant RADIUS servers BeaconWorks Release 2.0 provides the capability to define more than one RADIUS server for authentication, and to provide the priority of use during a failover situation.

  • Page 15: Beaconmaster: Startup

    BeaconWorks User Guide – BeaconMaster: Startup BeaconMaster: Startup BeaconMaster Features and Installation The Chantry BeaconMaster is a network device designed to be integrated into an existing wired Local Area Network (LAN). Figure 4: The Chantry BeaconMaster The BeaconMaster provides centralized management, network access and routing to wireless devices that are using BeaconPoints to access the network.

  • Page 16: First-Time Setup Of Beaconmaster

    Power supply Power On/Off switch (single or dual) Figure 5: The Chantry BeaconMaster – back view diagram 2. Perform the First-Time Setup of the BeaconMaster, to change its factory default IP address (see next topic) 3. After that, connect the BeaconMaster to the enterprise LAN.
  • Page 17 Click on the button. The main menu screen appears. Login Screen 2: Chantry BeaconWorks User Interface Main Menu 6. Click on the BeaconMaster Configuration menu option to navigate to the BeaconMaster Configuration screen. Chantry Networks Inc. Copyright 2004. All rights reserved.
  • Page 18 8. To modify Management Port Settings, click the button. The System Port Modify Configuration screen appears. Screen 4: Modify Management Port Settings (System Port Configuration) Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 18 of 134...
  • Page 19 1. Disconnect the laptop from the BeaconMaster Management Port. 2. Connect the BeaconMaster Management Port to the enterprise ethernet LAN. Now you will be able to launch the BeaconWorks GUI again, with the system visible to the enterprise network. The remaining steps in initial configuration of the BeaconWorks system are described in the next topic, after an overview of the GUI.

  • Page 20: The Graphical User Interface (Gui): Overview

    BeaconWorks User Guide – BeaconMaster: Startup The Graphical User Interface (GUI): Overview Note: The Chantry Graphical User Interface is web-based. The only browser it supports is Microsoft Internet Explorer 6.0 or above. The administrator can configure and administer the BeaconWorks system using the web-based Graphical User Interface.
  • Page 21 Login Screen 7: Chantry BeaconWorks Main Menu The five areas in the BeaconWorks user interface are accessed from the main menu (above) or, in each area, by clicking on the tab across the top of each screen. Within each area, you access the associated subscreens by clicking on an item in the left-hand list in each screen.

  • Page 22: Beaconworks Configuration Steps: Overview

    BeaconWorks User Guide – BeaconWorks Configuration Steps: Overview BeaconWorks Configuration Steps: Overview To set up and configure the BeaconMaster and BeaconPoints, follow these steps: 1. First-Time Setup: Perform “First-Time Setup” of the BeaconMaster on the physical network by configuring the Management Port (as described earlier): •...

  • Page 23: Beaconworks Configuration: Data Port And Routing Setup

    BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup BeaconWorks Configuration: Data Port and Routing Setup Once the “First-Time Setup” described above is complete, the next step in the initial setup of the BeaconMaster is to configure the data ports. Next, you can define routing on a data port, if appropriate.

  • Page 24: Port Type Or Function

    BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup Note: In a “Branch Office” scenario, where the BeaconPoint is configured statically to function on a local network whose MTU is lower than 1500, a mechanism on the BeaconMaster automatically adjusts the MTU size to prevent packet fragmentation.

  • Page 25: Port-Level Filtering Of Unauthorized Traffic

    BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup • Virtual Network Services (VNS) Interface A VNS port is a virtual port created automatically on the BeaconMaster when a new VNS is defined (see later in this guide.) The VNS port becomes the default gateway for wireless devices on this VNS.

  • Page 26: Setting Up Static Routes

    BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup Setting up Static Routes It is recommended that one of the data ports be configured as a “Router” port. Then you can define a default route to your enterprise network, either with a static route or by using OSPF protocol.

  • Page 27: Setting Up Ospf Routing

    BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup Click on the button, and select a port from the drop-down list. Interface 6. Click on the button. The new route appears in the list, numbered sequentially. 7. Click on to update the routing table on the BeaconMaster.
  • Page 28 BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup Setting up OSPF Routing on the BeaconMaster 1. Click on the tab in Routing Protocols screen. The OSPF Settings screen OSPF appears. Screen 11: BeaconMaster Configuration – Routing, OSPF tab 2.
  • Page 29 BeaconWorks User Guide – BeaconWorks Configuration: Data Port and Routing Setup Note: If more than one port on the BeaconMaster is enabled for OSPF, it is desirable to prevent the BeaconMaster from serving as a router for other network traffic (other than the traffic from wireless device users controlled by the BeaconMaster).

  • Page 30: Beaconpoint: Startup

    BeaconWorks User Guide – BeaconPoint: Startup BeaconPoint: Startup You are now ready to add the BeaconPoints to the BeaconWorks system and register them with the BeaconMaster. Before the BeaconPoints can handle wireless traffic, you will also need to assign the BeaconPoints to a VNS (see later in this Guide).
  • Page 31 BeaconPoint and then plug the adaptor into the wall outlet. Note: For a list of recommended and tested devices (PoE Injectors or AC adaptors) for use with the BeaconPoint, contact Chantry Networks Customer Service, or go to www.chantrynetworks.com/site/support.html.

  • Page 32: Installing The Beaconpoints

    Powering up the BeaconPoint initiates its automatic discovery and registration process described below. The parameters for this process should be set first. See next topic. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 32 of 134...

  • Page 33: Beaconpoint: Registering

    During the “Registration” process, the BeaconMaster’s approval of the serial number of the BeaconPoint depends on the security mode that has been set: Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 33 of 134...

  • Page 34: Discovery And Registration: The Dhcp And Slp Solution

    A device that is searching for a service makes use of the SLP User Agent to retrieve information from Service Agents or Directory Agents. DHCP Option 78 returns a list of IP addresses of Directory Agents. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 34 of 134...

  • Page 35: The Beaconpoint's Discovery Process And Led Sequence

    Meanwhile, the active BeaconMaster has management software that has registered itself as a service. When a BeaconMaster starts up, it queries the DHCP server for Option 78. It registers with the Directory Agents as service type “Chantry”. This information enables the BeaconPoint to discover the location of the BeaconMaster.

  • Page 36: Beaconpoint: Configuring Properties And Radios

    Screen 14: BeaconPoint Configuration: Message R1.1 version of BP software To schedule a software upgrade for the BeaconPoint, use the BeaconPoint Configuration: BP Maintenance screen, described later in this guide. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 36 of 134...
  • Page 37 Note: You can modify the status of a BeaconPoint (for example from “Pending” to “Approved”) in the Access Approval screen. 3. To save the modified information, click on the button. Save Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 37 of 134...
  • Page 38 802.11 b/g Screen 17: BeaconPoint Configuration – Radio 802.11a (5 GHz) The screen displays the default radio settings for each radio on the BeaconPoint. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 38 of 134...
  • Page 39 The Fragmentation Threshold, the maximum size of a packet Frag. Threshold or data unit that can be delivered. Default is 2346. Click checkbox on for each radio. Enable Radios Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 39 of 134...

  • Page 40: Beaconpoint: Adding Manually

    Add and register a BeaconPoint manually 1. Select the tab. In the BeaconPoint Properties screen, click on the BeaconPoint button. The BeaconPoint Configuration subscreen appears. Add BeaconPoint Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 40 of 134...

  • Page 41: Beaconpoint Radios On A Vns

    Base Settings: “BSS Info” area. BeaconPoint Static Configuration: Branch Office Deployment The BeaconPoint static configuration feature provides BeaconWorks capability for a network with the central office / branch office model. In the branch office scenario, BeaconPoints are installed in remote sites, while the BeaconMaster is in the central office.
  • Page 42 BeaconMaster automatically adjusts the MTU size to prevent packet fragmentation. The MTU is set in the BeaconMaster Configuration – IP Addresses / Interfaces screen and should not be changed. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 42 of 134...

  • Page 43: Virtual Network Services (Vns): Overview

    Make sure that the server’s database of registered users, with login identification and passwords, is current. Note: It is possible to deploy BeaconWorks without a RADIUS server (and without the authentication of users on the network). In that scenario, select...

  • Page 44: What Is A Vns

    What is a VNS? A VNS is an IP subnet that is especially designed to enable Chantry BeaconPoints to interact with wireless devices. In many ways, a VNS is very similar to a regular IP subnet. However, it has the following required features: 1.

  • Page 45: Multi-Ssid: Beaconpoint Radios On More Than One Vns

    BeaconWorks User Guide – Virtual Network Services (VNS): Overview The next step to assign the available BeaconPoints (by radio) to the VNS. Multi-SSID: BeaconPoint radios on more than one VNS In Release 2.0, each radio on a BeaconPoint BP200 can participate in up to four VNSs, for a total of eight VNSs per BeaconPoint.

  • Page 46: Radius Server: Location And Redundancy

    Both Captive Portal and AAA (802.1x) authentication mechanisms in BeaconWorks rely on a RADIUS server on the enterprise network. In BeaconWorks Release 2.0, up to three RADIUS servers can be identified and prioritized on the BeaconMaster. This means that in the event of a failover of the active RADIUS server, the BeaconMaster will poll the other servers in the list for a response.

  • Page 47: Privacy On A Vns: Overview Of Wep And Wpa

    BeaconWorks User Guide – Virtual Network Services (VNS): Overview Within each type of filter, you define a sequence of filtering rules. This sequence must be carefully planned and arranged in the order that you want them to take effect. You define each rule to either allow or deny traffic in either direction: •...

  • Page 48: Setting Up A New Vns

    WEP provides data confidentiality services by encrypting the data sent between wireless nodes. Each node must use the same encryption key. For a VNS with AAA network assignment, BeaconWorks also provides Wi-Fi Protected Access (WPA) privacy, a solution that adds authentication and enhanced WEP encryption with key management.
  • Page 49 BeaconWorks User Guide – Virtual Network Services (VNS): Overview Screen 22: Virtual Network Configuration: Topology for a new VNS Subnet Configure the new VNS (overview of basic steps) 1. Select the network assignment mechanism from the drop-down Assignment by list: •...

  • Page 50: Virtual Network Configuration: A Vns For Captive Portal

    If the authentication technique for network assignment is by Captive Portal, the process is as follows. The wireless device requesting network access via BeaconWorks first gets its IP network assignment from the DHCP server, but can access only the specific IP addresses defined in the Non-Authenticated Filter.
  • Page 51 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal 4. In the box, key in the number of minutes that a wireless device Session Timeout can be inactive before the BeaconMaster closes the session. Identify the BeaconPoint radios that will be assigned to this VNS 5.
  • Page 52 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal Screen 24: Virtual Network Configuration – Exclusions subscreen 13. In the Exclusions subscreen, key in the IP addresses or address ranges to exclude. Click on the button after each entry. Click on the...

  • Page 53: Authentication For A Vns For Captive Portal

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal Screen 25: Virtual Network Configuration – Topology – DHCP Relay Save the new VNS 20. To save this VNS configuration, click on the button. Save When the new Topology has been saved, the screen changes to display tabs for Authentication, Filtering and Privacy.
  • Page 54 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal Screen 26: Virtual Network Configuration – Authentication – Captive Portal Define how the BeaconMaster will access the RADIUS server. button. The RADIUS 2. For each RADIUS server to be defined, click on the Server Configuration popup window appears.
  • Page 55 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal 4. Key in the (a password that is required in both directions) that is Shared Secret set up on the RADIUS Server. This password is used to validate the connection between the BeaconMaster and the RADIUS Server.
  • Page 56 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal Define the Filter ID Values on this VNS. 10. In the entry field, key in the name of a group that you want to Filter ID Values define specific filtering rules for, to control network access. Click on the button.

  • Page 57: Filtering Rules For A Vns For Captive Portal

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal 4. In the field, key in the message that will appear above the login field to Message greet the user. For example, this could explain why this Captive Portal page is appearing, and what the user should do.
  • Page 58 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal Screen 29: Virtual Network Configuration – Non-Authenticated Filter for Captive Portal The Filtering screen automatically provides a “Deny All” rule already in place. Use this rule as the final rule in the Non-Authenticated Filter for Captive Portal.

  • Page 59: Privacy Using Wep For A Vns For Captive Portal

    VNS, so that it matches the WEP mechanism used on the rest of the network. In BeaconWorks Release 2.0, you can assign each radio on a BeaconPoint to up to four VNSs by SSID. For each VNS, only one WEP key can be specified.
  • Page 60 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Captive Portal 2. Click on the VNS subnet name in the left-hand list. The right portion of the screen displays the privacy parameters for the selected subnet. 3. For no privacy mechanism on this VNS, click on the radio button.

  • Page 61: Virtual Network Configuration: A Vns With No Authentication

    BeaconWorks User Guide – Virtual Network Configuration: A VNS with No Authentication Virtual Network Configuration: A VNS with No Authentication You can choose to set up a VNS that will bypass all Chantry authentication mechanisms and run BeaconWorks with no authentication of a wireless device user.

  • Page 62: Virtual Network Configuration: A Vns For Voice Traffic (Qos With Svp)

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for Voice Traffic (QoS with SVP) Virtual Network Configuration: A VNS for Voice Traffic (QoS with SVP) Voice Data Traffic on a Wireless Network: Overview New developments are enabling the integration of internet telephony technology on wireless networks –...
  • Page 63 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Voice Traffic (QoS with SVP) In BeaconWorks, the VNS that is dedicated voice-over-internet traffic should be configured as follows: • Network assignment by SSID • Authentication set to , since wireless telephone users do not have a user...
  • Page 64 BeaconWorks User Guide – Virtual Network Configuration: A VNS for Voice Traffic (QoS with SVP) 5. Define parameters for multicast. The entry field displays an IP address that SVP can use for multicast. The next field displays one of the BeaconMaster physical data ports for multicast.

  • Page 65: Virtual Network Configuration: A Vns For Aaa

    The wireless device’s client utility must support 802.1x. The user’s request for network access along with login identification or user profile will be forwarded by the BeaconMaster to a RADIUS server. BeaconWorks supports these authentication types: •...
  • Page 66 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Screen 34: Virtual Network Configuration – Topology – AAA Assignment Create an AAA topology 1. Using the drop-down list, select Assignment by 2. In the box at the right, key in the SSID that the wireless devices will use to SSID access the BeaconPoint.
  • Page 67 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Set the IP address for the VNS (for the DHCP server on the BeaconMaster) 7. In the box, key in the network IP address for the VNS. Network Address This IP address is the default gateway for the VNS.

  • Page 68: Authentication For A Vns For Aaa

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA 16. If the DHCP server uses WINS (Windows Internet Naming Service), key in the IP address in the box. If not, leave it blank. WINS Use DHCP Relay for the VNS...
  • Page 69 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Screen 36: Virtual Network Configuration – Authentication – AAA Define how the BeaconMaster will access the RADIUS Server. 2. For each RADIUS server to be defined, click on the button.
  • Page 70 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA 4. Key in the (a password that is required in both directions) that is Shared Secret set up on the RADIUS Server. This password is used to validate the connection between the BeaconMaster and the RADIUS Server.

  • Page 71: Vns Topology For An Aaa Group

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Note: These names must match the Filter ID attribute names in the RADIUS server. 11. To save the authentication parameters for this VNS, click on the button. Save VNS Topology for an AAA group You can set up a group within a VNS that relies on the RADIUS attribute Login-LAT- Group (RFC2865).

  • Page 72: Filtering Rules For A Filter Id Group

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA 2. Define the DHCP settings for this VNS, as described above for the parent VNS. The Gateway and DHCP Ranges must be different than those of the parent VNS.
  • Page 73 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Screen 39: Virtual Network Configuration –Filter ID Value filtering rules The screen automatically provides a “Deny All” rule already in place. This can be modified to “Allow All”, if appropriate to the network access needs for this VNS.

  • Page 74: Filtering Rules For A Default Filter

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Allow IP / Port Description *.*.*.*:22-23 Deny all telnet sessions [specific IP address, range] Deny all traffic to a specific IP address, or address range *.*.*.*. Allow everything else.

  • Page 75: Filtering Rules For An Aaa Group Vns

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Allow IP / Port Description / Purpose Intranet IP, range Deny all access to an IP range Port 80 (HTTP) Deny all access to web browsing. Intranet IP Deny all access to a specific IP *.*.*.*.

  • Page 76: Filtering Rules Between Two Wireless Devices

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Filtering Rules between two wireless devices Traffic from two wireless devices that are on the same VNS and are connected to the same BeaconPoint will pass through the BeaconMaster and therefore be subject to filtering policy.

  • Page 77: Privacy For A Vns For Aaa: Wi-Fi Protected Access (Wpa)

    BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA 2. To use static keys, click on the radio button. Static Keys (WEP) 3. From the drop-down list, select the 40-bit, 104-bit, 128 bit WEP Key Length: 4. Click on the appropriate radio button to select the Input Method Input Hex, Input String.
  • Page 78 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA The steps in the WPA authentication and encryption process are as follows: 1. The wireless device client associates with BeaconPoint. 2. BeaconPoint blocks the client’s network access while the authentication process is...
  • Page 79 BeaconWorks User Guide – Virtual Network Configuration: A VNS for AAA Enable WPA in PSK mode if there is no authentication server 3. To enable WPA-PSK, for authentication on a network without an authentication server, click the checkbox on. Pre-Shared Key 4.

  • Page 80: Beaconmaster Configuration: Availability

    BeaconWorks User Guide – BeaconMaster Configuration: Availability BeaconMaster Configuration: Availability The BeaconWorks system provides a feature that maintains service availability in the event of a BeaconMaster outage. The Availability feature links two BeaconMasters as a pair, so that they share information about their BeaconPoints.
  • Page 81 BeaconWorks User Guide – BeaconMaster Configuration: Availability A second method to set up the BeaconMasters is as follows: 1. In the BP Registration screen, enable the two BeaconMasters as a pair, as described below. 2. Add each BeaconPoint manually to each BeaconMaster. (Select the BeaconPoint tab.
  • Page 82 BeaconWorks User Guide – BeaconMaster Configuration: Availability 7. Click the checkbox on. This ensures that the Allow dynamic port assignment BeaconPoint will always find a port for the return connection to its home BeaconMaster after a failover. 8. To save these settings, click on the button.
  • Page 83 BeaconWorks User Guide – BeaconMaster Configuration: Availability In normal operations, when Availability is enabled, the “local” BeaconPoints are green, and the “foreign” BeaconPoints are red. If the other BeaconMaster fails, and the “foreign” BeaconPoints connect to the current BeaconMaster, then the display will show all BeaconPoints as green.
  • Page 84 BeaconWorks User Guide – BeaconMaster Configuration: Availability Events and actions during a Failover If one of the BeaconMasters in a pair fails, then the connection between the two BeaconMasters is lost. This triggers a “Failover mode” condition, and a critical message appears in the information log of the remaining BeaconMaster.

  • Page 85: Beaconmaster Configuration: Mobility And The Vn Manager

    BeaconWorks User Guide – BeaconMaster Configuration: Mobility and the VN Manager BeaconMaster Configuration: Mobility and the VN Manager The BeaconWorks system has a technique by which multiple BeaconMasters on a network can discover each other and exchange information about a client session. This enables a wireless device user to roam seamlessly between different BeaconPoints on different BeaconMasters.
  • Page 86 BeaconWorks User Guide – BeaconMaster Configuration: Mobility and the VN Manager Set up a BeaconMaster as a VN Manager 1. In the BeaconMaster Configuration screen, click on the option. The VN Manager Virtual Network Settings for VN Manager screen appears.
  • Page 87 BeaconWorks User Guide – BeaconMaster Configuration: Mobility and the VN Manager Screen 49: Reports and Displays for a VN Manager: Menu Screen 50: Reports and Displays for a VN Manager: Examples To view the status of the tunnels between the BeaconMasters, click on the BM Tunnel Traffic display option.

  • Page 88: Beaconmaster Configuration: Management Users

    BeaconWorks User Guide – BeaconMaster Configuration: Management Users BeaconMaster Configuration: Management Users In this screen you define the login usernames that have access to the GUI, either for Administrators with “read/write” privileges, or other users with “read only” privileges. Designate BeaconMaster management users 1.

  • Page 89: Beaconmaster Configuration: Network Time

    BeaconWorks User Guide – BeaconMaster Configuration: Network Time BeaconMaster Configuration: Network Time Use the Network Time screen to synchronize the elements on the network to a universal clock. This ensures accuracy in usage logs. The Network Time screen synchronizes in one of two ways: •...

  • Page 90: Setting Up Third-Party Access Points

    Setting up Third-Party Access Points Your enterprise’s WLAN may have existing third-party access points that you would like to integrate into the Chantry WLAN solution. You can set up the BeaconMaster to handle wireless device traffic from third-party access points, providing the same policy and network access control.
  • Page 91 BeaconWorks User Guide – Setting up Third-Party Access Points Screen 55: Virtual Network Configuration – Topology for Third-Party APs In the Topology screen, select Assignment by SSID Click on the checkbox to select it. Use 3rd Party AP Fill in the...
  • Page 92 BeaconWorks User Guide – Setting up Third-Party Access Points Here are the differences between third-party access points and BeaconPoints on the BeaconWorks system: • An access point exchanges data with the BeaconMaster’s data port using standard IP over ethernet protocol. The third-party access points do not support the CAPWAP Tunnelling Protocol (CTP) header for encapsulation.

  • Page 93: Beaconkeeper Mitigator: Detecting Rogue Access Points

    BeaconKeeper Mitigator: Detecting Rogue Access Points BeaconKeeper Mitigator: Overview The BeaconWorks system (Release 2.0) includes a mechanism that assists in the detection of rogue access points. The function is called the BeaconKeeper Mitigator. Th BeaconKeeper Mitigator feature has three components: •...

  • Page 94: Beaconkeeper Mitigator: Enabling The Analysis And Rfdc Engines

    BeaconWorks User Guide – BeaconKeeper Mitigator: Detecting Rogue Access Points BeaconKeeper Mitigator: Enabling the Analysis and RFDC Engines Enable and configure the BeaconKeeper Mitigator Analysis Engine 1. Click on tab in any screen. The BeaconMaster Configuration area BeaconMaster of the user interface appears. In the left-hand list, click on the BeaconKeeper option.

  • Page 95: Beaconkeeper Mitigator: Running Scans

    BeaconWorks User Guide – BeaconKeeper Mitigator: Detecting Rogue Access Points Screen 58: BeaconMaster Configuration – BeaconKeeper Mitigator: Collection Engines 7. To clear the entry fields and add a new Collection Engine, click on the option. Repeat steps 4 to 6 above.
  • Page 96 BeaconWorks User Guide – BeaconKeeper Mitigator: Detecting Rogue Access Points 3. In the entry field, key in a name for this Scan Group. Scan Group Name 4. In the area, clicking the checkbox on to select the BeaconPoint (or BeaconPoints BeaconPoints) that will be included in this Scan Group and will perform the scan function.

  • Page 97: Beaconkeeper Mitigator: How The Analysis Engine Works

    Show Details BeaconKeeper Mitigator: How the Analysis Engine works The Analysis Engine relies on a database of known devices on the BeaconWorks system as follows: • BeaconPoints registered with any BeaconMaster that has its RF Data Collector enables and has been associated with the Analysis Engine on this BeaconMaster.
  • Page 98 BeaconWorks User Guide – BeaconKeeper Mitigator: Detecting Rogue Access Points Screen 60: BeaconKeeper Mitigator Scanner – Rogue Detection 3. To remove an access point from this list, click on the button. Delete 4. To add an access point or BeaconPoint to the Friendly APs list, click on the button.
  • Page 99 Screen 62: BeaconKeeper Mitigator Scanner – 3rd Party APs Maintain the BeaconKeeper list of access points and BeaconPoints When BeaconPoints or Third-Party Access Points are deleted in the BeaconWorks user interface on a BeaconMaster has its RFDC running and is in communication with the Analysis Engine, this information will also be displayed in the BeaconKeeper Mitigator’s AP / BP Maintenance screen.

  • Page 100: Beaconkeeper Mitigator: Viewing The Scanner Status Report

    BeaconWorks User Guide – BeaconKeeper Mitigator: Detecting Rogue Access Points 2. To delete the marked access points and BeaconPoints from the BeaconKeeper Mitigator’s database, click on the button. Delete marked AP / BPs BeaconKeeper Mitigator: Viewing the Scanner Status Report When the BeaconKeeper Mitigator is enabled, you can view a report on the connection status of the RF Data Collector Engines with the Analysis Engine.

  • Page 101: Ongoing Operation: Beaconpoint Maintenance - Software

    BeaconWorks User Guide – Ongoing Operation: BeaconPoint Maintenance – Software Ongoing Operation: BeaconPoint Maintenance – Software Periodically, the software used by the BeaconPoints is altered, either for reasons of upgrade or security. The new version of the software is installed from the BeaconMaster, using the BeaconPoint Maintenance area of the user interface.
  • Page 102 BeaconWorks User Guide – Ongoing Operation: BeaconPoint Maintenance – Software Screen 65: BeaconPoint Configuration – BP Maintenance: Software Maintenance area displays the list of BP software versions that have Current BP Images been downloaded and are available. (This list appears in the drop-down list of available images in the Controlled Upgrade screen.)
  • Page 103 BeaconWorks User Guide – Ongoing Operation: BeaconPoint Maintenance – Software 2. To set the software upgrade parameters, click on the tab. Controlled Upgrade The Controlled Upgrade screen appears. Screen 66: BeaconPoint Configuration – BP Maintenance: Controlled Upgrade The top portion of the screen displays a list of the registered BeaconPoints and the current software image on each one.

  • Page 104: Ongoing Operation: Beaconpoint Access Approval

    BeaconWorks User Guide – Ongoing Operation: BeaconPoint Access Approval Ongoing Operation: BeaconPoint Access Approval You can also view and modify the status of registered BeaconPoints. Use this function to modify the status of a BeaconPoint from “Pending” to “Approved” for a manual registration.

  • Page 105: Ongoing Operation: Beaconpoint Disassociate A Client

    BeaconWorks User Guide – Ongoing Operation: BeaconPoint Disassociate a Client Ongoing Operation: BeaconPoint Disassociate a Client There are times when you want to cut the connection with a particular wireless device, for service reasons or to deal with a security issue. Using the BeaconMaster user interface, you can disassociate any wireless device from its BeaconPoint.

  • Page 106: Ongoing Operation: Beaconmaster System Maintenance

    3. Click the checkbox on to enable the collecting of accounting data. Click on the button. Apply Perform a System Shutdown 4. To shut down the BeaconWorks system, with its BeaconPoints, click on the appropriate radio button: • Halt system, reboot • Halt system, shutdown power Click on the button.

  • Page 107: Event Messages Relayed To A Syslog Server

    BeaconWorks User Guide – Ongoing Operation: BeaconMaster System Maintenance Event Messages relayed to a Syslog server In addition to viewing BeaconWorks events generated by its internal event server in the Reports and Displays area of the user interface, you can also relay those messages to a centralized event server on your enterprise network.
  • Page 108 Select a log level from the Service Logs list. 5. To activate the above settings, click on the button. Apply The log level mapping between syslog and BeaconWorks event logging is shown below: Syslog BeaconWorks LOG_CRIT Critical LOG_ERR...

  • Page 109: Ongoing Operation: Beaconworks Logs And Traces

    BeaconWorks User Guide – Ongoing Operation: BeaconWorks Logs and Traces Ongoing Operation: BeaconWorks Logs and Traces BeaconWorks Log and Data Files The Chantry BeaconWorks system stores configuration data and log files in flat files. These files include: • event and alarm logs (triggered by events, described below) •...
  • Page 110 BeaconWorks User Guide – Ongoing Operation: BeaconWorks Logs and Traces On the BeaconMaster, conditions such as the following generate an alarm message: • Reboot due to failure • Software upgrade failure on the BeaconMaster • Software upgrade failure on the BeaconPoint •...

  • Page 111: Traces

    BeaconWorks User Guide – Ongoing Operation: BeaconWorks Logs and Traces Traces Trace messages display activity by component. These can be used for system debugging, troubleshooting and internal monitoring of software. View the Traces 1. To view the list of , messages by component, click on its tab.

  • Page 112: Ongoing Operation: Beaconworks Reports And Displays

    BeaconWorks User Guide – Ongoing Operation: BeaconWorks Reports and Displays Ongoing Operation: BeaconWorks Reports and Displays View Displays To view BeaconWorks reports and displays, click on the tab in any screen. Reports The List of Displays screen appears, with a menu of available displays. The navigation...

  • Page 113: View Statistics For Beaconpoints

    BeaconWorks User Guide – Ongoing Operation: BeaconWorks Reports and Displays View Statistics for BeaconPoints Two displays show information about activity on a selected BeaconPoint: • Wired Ethernet Statistics by BeaconPoints • Wireless Statistics by BeaconPoints These displays are snapshots of the BeaconPoint activity at that point in time. The statistics displayed are those defined in the 802.11 MIB, defined in the IEEE 802.11...

  • Page 114: View Reports

    BeaconWorks User Guide – Ongoing Operation: BeaconWorks Reports and Displays The displays lists the registered BeaconPoints in the left-hand list. Click on the selected BeaconPoint. Then click on the appropriate tab to display information for each radio on the BeaconPoint If there are associated clients on this radio, you can view information on a selected client.

  • Page 115: Beaconmaster Configuration: Setting Up Snmp

    Management Information Bases (MIBs) and return this data to the SNMP requesters. The Chantry system accepts SNMP “Set”, “Get” and “Trap” commands. In Release 2.0 support is provided for retrieving information from the router MIB-II (SNMP_GET) as well as SNMP traps. Release 2.0 supports the retrieval of wireless information (802.11 MIB).

  • Page 116: Screen 83: Beaconmaster Configuration - Snmp Setup

    BeaconPoints. SNMP: Enabling on the BeaconMaster The Chantry BeaconWorks system also supports the Simple Network Management Protocol (SNMP), version 1 and 2c, standard, for system monitoring and alarm reporting. If your enterprise network uses SNMP, you can enable SNMP on the BeaconMaster and define where the BeaconMaster should send the SNMP messages.
  • Page 117 • SNMP port • Read Community • Manager A and/or Manager B The list of SNMP traps supported can be found in the Chantry MIB. Chantry Networks Inc. Copyright 2004. All rights reserved. BeaconWorks Rel 2.0 (051304) Page 117 of 134...

  • Page 118: Appendix 1: Beaconworks System States And Leds

    BeaconWorks User Guide – Appendix 1: BeaconWorks System States and LEDs Appendix 1: BeaconWorks System States and LEDs BeaconMaster System States and LEDs The BeaconMaster has the two system states: • Enters “Standby” when shut down in the BeaconMaster Configuration – System Maintenance screen.
  • Page 119 BeaconWorks User Guide – Appendix 1: BeaconWorks System States and LEDs Registration BeaconPoint learns the BeaconMaster’s IP address, and can orange (blink) begin the Registration process Failed BeaconPoint fails to learn the BeaconMaster’s IP address. red (blink) Registration Standby 1. BeaconPoint enters this state from “Discovery” when it...

  • Page 120: Appendix 2: Glossary Of Terms And Acronyms

    BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms Appendix 2: Glossary of Terms and Acronyms TERM Explanation Authentication, Authorization and Accounting. A system in IP-based networking to control what computer resources users have access to and to keep track of the activity of users over a network.
  • Page 121 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device’s IP address can even change while it is still connected.
  • Page 122 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation frequency to frequency as a function of time over a wide band of frequencies. This technique reduces interference. If synchronized properly, a single logical channel is maintained. (Compare DSSS) FQDN Fully Qualified Domain Name.
  • Page 123 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation Infrastructure Mode An 802.11 networking framework in which devices communicate with each other by first going through an Access Point (AP). In infrastructure mode, wireless devices can communicate with each other or can communicate with a wired network.
  • Page 124 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation the difficulty in cracking the encryption. (See WPA and TKIP) Local Area Network. Link State Advertisements received by the currently running OSPF process. The LSAs describe the local state of a router or network, including the state of the router’s interfaces and adjacencies.
  • Page 125 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation CO. Running as a continuous background client program on a computer, NTP sends periodic time requests to servers, obtaining server time stamps and using them to adjust the client’s clock. (RFC1305)
  • Page 126 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation protocol control information and user data. PDU is sometimes used as a synonym for ``packet’’. PEAP PEAP (Protected Extensible Authentication Protocol) is an IETF draft standard to authenticate wireless LAN clients without requiring them to have certificates.
  • Page 127 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation Segment In ethernet networks, a section of a network that is bounded by bridges, routers or switches. Dividing a LAN segment into multiple smaller segments is one of the most common ways of increasing available bandwidth on the LAN.
  • Page 128 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation Secure Sockets Layer. A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that’s transferred over the SSL connection. URL’s that require an SSL connection start with https: instead of http.
  • Page 129 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation point. The AP handles the radio frequency (RF) communication, as well as authenticating users, encrypting communications, secure roaming, WLAN management, and in some cases, network routing. TKIP Temporal Key Integrity Protocol (TKIP) is an enhancement to the WEP encryption technique that uses a set of algorithms that rotates the session keys.
  • Page 130 BeaconWorks User Guide – Appendix 2: Glossary of Terms and Acronyms TERM Explanation Wired Equivalent Privacy. A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.

  • Page 131: Appendix 3: Index Of Procedures, Screens And Figures

    BeaconWorks User Guide – Appendix 3: Index of Procedures, Screens and Figures Appendix 3: Index of Procedures, Screens and Figures List of Procedures: Installing the BeaconMaster ..................... 16 Changing the Management Port IP address web browser, ethernet port method ... 17 Add the BeaconMaster to your enterprise network ............
  • Page 132 BeaconWorks User Guide – Appendix 3: Index of Procedures, Screens and Figures Specify a re-key interval for WPA Privacy ................ 78 Enable WPA in PSK mode if there is no authentication server ........79 Save the privacy parameters for this VNS................ 79 Prepare for setting up the Availability feature ..............
  • Page 133 BeaconWorks User Guide – Appendix 3: Index of Procedures, Screens and Figures Screen 22: Virtual Network Configuration: Topology for a new VNS Subnet....49 Screen 23: Virtual Network Configuration – Topology – SSID Assignment ..... 50 Screen 24: Virtual Network Configuration – Exclusions subscreen ......... 52 Screen 25: Virtual Network Configuration –...
  • Page 134 BeaconWorks User Guide – Appendix 3: Index of Procedures, Screens and Figures Screen 78: Displays – BeaconPoint Availability ............. 112 Screen 79: Display – Wired Ethernet Statistics by BeaconPoints ........113 Screen 80: Display – Wireless Statistics by BeaconPoints ..........113 Screen 81: Display –...

This manual is also suitable for:

BeaconmasterBeaconpoint

Table of Contents