1. Manuals
  2. Brands
  3. Tranzeo Manuals
  4. Wireless Access Point
  5. ER-1000
  6. User manual

Tranzeo ER-1000 User Manual

Tranzeo wireless technologies er-1000 access point user's guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Document No. TR0190 Rev A1
ER-1000 Access Point
User's Guide
Rev. A1
Communicate Without Boundaries
Tranzeo Wireless Technologies Inc.
19473 Fraser Way, Pitt Meadows, BC, Canada V3Y 2V4
www.tranzeo.com
technical support email: support@tranzeo.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ER-1000 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Tranzeo ER-1000

Summary of Contents for Tranzeo ER-1000

  • Page 1 Document No. TR0190 Rev A1 ER-1000 Access Point User’s Guide Rev. A1 Communicate Without Boundaries Tranzeo Wireless Technologies Inc. 19473 Fraser Way, Pitt Meadows, BC, Canada V3Y 2V4 www.tranzeo.com technical support email: support@tranzeo.com...
  • Page 2 ER-1000 Access Point User’s Guide Tranzeo, the Tranzeo logo and ER-1000 are trademarks of Tranzeo Wireless Technologies Inc. All rights reserved. All other company, brand, and product names are referenced for identification purposes only and may be trademarks that are the properties of their respective owners.
  • Page 3 Any changes or modification to said product not expressly approved by Tranzeo Wireless Technologies Inc. could void the user's authority to operate this device. The Tranzeo ER-1000 Access Point must be installed by a trained professional, value added reseller, or systems integrator who is familiar with RF cell planning issues and the regulatory limits defined by the FCC for RF exposure, specifically those limits outlined in sections 1.1307.

  • Page 4: Table Of Contents

      Connecting to the ER-1000 ................13     Network Interfaces ....................13       Connecting to an Unconfigured ER-1000 ............14     Default Login and Password ................15   Resetting the ‘admin’ Password ................15    ...
  • Page 5 Load a Configuration Profile ................42     Delete a Configuration Profile ................42       Downloading a Configuration Profile from an ER-1000 ........43   Uploading a Configuration Profile to an ER-1000 ..........44     Mode of Operation ................... 45  ...
  • Page 6 14.2.2   Configuring the ER-1000s .................. 93   14.2.3 Configuring the Central DHCP Server ..............95     Connecting an ER-1000 to a LAN ..............97     15.1   Routed mode ....................... 97   15.1.1 Manual Configuration ..................97  ...
  • Page 7 ER-1000 User’s Guide 16.3 Blocking Client-to-Client Traffic ................. 102     16.4   Connection Tracking ..................103   16.4.1   Connection Tracking Table Size ..............104   16.4.2 Connection Tracking Timeout ................104     16.4.3 Limiting Number of TCP Connections Per Client Device ......... 105  ...

  • Page 8: Working With The Er-1000

    Chapter 1: Working with the ER-1000 Working with the ER-1000 Thank you for choosing the Tranzeo ER-1000 802.11 Access Point. The ER-1000 is a full- featured access point in a ruggedized enclosure designed for outdoor installation. This user’s guide presents a wide array of configuration options, but only a limited number of options have to be configured in order to deploy an ER-1000.

  • Page 9: Er-1000 Interfaces

    Custom firewall rules • Web GUI • Tranzeo CLI (SSH) • Remote upgrade • Configuration management ER-1000 Interfaces The interfaces available on the ER-1000 are Ethernet and a radio port. Expansion AP radio port for port future use Ethernet Figure 1.

  • Page 10: Ethernet And Poe

    Brown Table 3. Ethernet port pinout To power the ER-1000, connect an Ethernet cable from the Ethernet port of the ER-1000 to the port labeled “CPE” on the supplied PoE injector and apply power to the PoE injector using the supplied power supply...

  • Page 11: Antenna

    1.3.2 Antenna The ER-1000 AP radio port is an N-type RF connector that can interface with a wide range of Tranzeo antennas. After purchasing the desired 2.4GHz or 5.8GHz antenna (for the ER- 1000HG or ER-1000HA models respectively), attach the antenna to the access point (AP) radio port on the ER-1000.
  • Page 12 Chapter 1: Working with the ER-1000 Figure 2. 802.11b/g channel chart, showing top, bottom, and center frequencies for each channel TR0190 Rev. A1...

  • Page 13: Connecting To The Er-1000

    Chapter 2: Connecting to the ER-1000 Connecting to the ER-1000 The ER-1000 can be configured and monitored by connecting to one of its network interfaces. The wired Ethernet interface on the ER-1000 should be used for initial configuration of the device, but the wireless network interface can be used to connect to the device after initial configuration has been completed.

  • Page 14: Connecting To An Unconfigured Er-1000

    Do not try to access the ER-1000 over a wireless link using the address of this interface. To connect to an ER-1000 using its Static Configuration IP address, you must configure your computer’s IP address to be in the 169.254.253.253/16 subnet, e.g. 169.254.253.1 and connect the computer’s Ethernet cable to the “PC”...

  • Page 15: Default Login And Password

    -d 169.254.253.253 Default Login and Password The ER-1000’s default login is ‘admin’ and the default password is ‘default’. The login and password are the same for the web interface and the CLI. Changing the password using one of the interfaces will change it for the other interface as well.

  • Page 16: Using The Web Interface

    Accessing the Web Interface You can access the web interface by entering one of the ER-1000’s IP addresses in the URL field of a web browser (see section 2.2 for a description of how to access an unconfigured ER- 1000 using its Ethernet interface).
  • Page 17 Chapter 3: Using the Web Interface A configuration overview page is loaded by default after the login process has been completed. This page contains the following information • Firmware version and list of installed patches • System uptime • System mode of operation (router or bridge) •...

  • Page 18: Navigating The Web Interface

    GUI, not the time kept by the ER-1000. Setting Parameters Many of the web interface pages allow you to set ER-1000 operating parameters. Each page that contains settable parameters has a “Save Changes” button at the bottom of the page.

  • Page 19: Help Information

    For the changes to take effect, the ER-1000 must be rebooted. After a change has been committed, a message reminding the user to reboot the ER-1000 will be displayed at the top of the screen.
  • Page 20 Chapter 3: Using the Web Interface Figure 8. Rebooting the ER-1000 TR0190 Rev. A1...

  • Page 21: Using The Command Line Interface

    (http://www.putty.nl/) to connect to an ER-1000 using SSH. When you log in to the ER-1000, the CLI will present a command prompt. The shell timeout is displayed above the login prompt. The CLI will automatically log out a user if a session is inactive for longer than the timeout period.

  • Page 22: Cli Interfaces

    After logging in, no interface is selected by default. Before setting or retrieving any parameters, an interface must be selected. CLI Features The CLI has a number of features to simplify the configuration of the ER-1000. These features are explained in the following sub-sections. 4.4.1 Control of the Cursor The cursor can be moved to the end of the current line with Ctrl+E.

  • Page 23: Searching The Command History

    Chapter 4: Using the Command Line Interface 4.4.3 Searching the Command History The command history can be searched by pressing Ctrl+R and entering a search string. The most recently executed command that matches the string entered will be displayed. Press ‘Enter’...

  • Page 24: Help' Command

    Chapter 4: Using the Command Line Interface 4.5.3 ‘help’ command Syntax help [command|parameter] where the optional argument is either one of the CLI commands (“[command]”) or a parameter in the currently selected interface (“[parameter]”). Description When no argument follows the help command, a help menu showing a list of available commands is displayed.

  • Page 25: Use' Command

    4.5.5 ‘use’ command Syntax use <interface> where <interface> is one of the ER-1000’s interfaces. A complete list of interfaces is available with the ‘show’ command. Description Selects an interface to use. By selecting an interface you can view and modify the parameters associated with the interface.

  • Page 26: Get' Command

    Chapter 4: Using the Command Line Interface 4.5.7 ‘get’ command Syntax get <parameter> where <parameter> is the parameter whose value is being fetched. Description Gets the value of one or more configuration parameters for the currently selected interface. The ‘*’ character can be used to specify wildcard characters.

  • Page 27: List' Command

    Chapter 4: Using the Command Line Interface 4.5.8 ‘list’ command Syntax list Description Lists all parameters for the selected interface With the ‘eth0’ interface selected Example list will display acl.mode : access control list mode dhcp.default_lease_time : default dhcp lease expiration in… dhcp.max_lease_time : maximum requestable dhcp lease…...

  • Page 28: Ifconfig' Command

    Chapter 4: Using the Command Line Interface 4.5.10 ‘ifconfig’ command Syntax ifconfig <eth0|wlan[1-4]> Description Displays information, such as IP address and MAC address, for the specified network interface. Example ifconfig wlan1 will display wlan1 Link encap:Ethernet HWaddr 00:15:6D:52:01:FD inet addr:10.2.10.1 Bcast:172.29.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST...

  • Page 29: History' Command

    Chapter 4: Using the Command Line Interface 4.5.13 ‘history’ command Syntax history Description Shows the command history since the ER-1000 was last rebooted After switching to the ‘wlan1’ interface, inspecting the ESSID setting, and Example then changing it history will display...

  • Page 30: Command

    Chapter 4: Using the Command Line Interface 4.5.14 ‘!’ command Syntax !<command history number> !<string that matches start of previously-executed command> Description Executes a previously-executed command based either on a command history number or matching a string to the start of a previously-executed command.

  • Page 31: Exit' Command

    Chapter 4: Using the Command Line Interface 4.5.15 ‘exit’ command Syntax exit Description Terminates the current CLI session and logs out the user 4.5.16 ‘quit’ command Syntax quit Description Terminates the current CLI session and logs out the user TR0190 Rev. A1...

  • Page 32: Initial Configuration Of An Er-1000

    Chapter 5: Initial Configuration of an ER-1000 Initial Configuration of an ER-1000 This user’s guide provides a comprehensive overview of all of the ER-1000’s features and configurable parameters. However, it is possible to deploy a network of ER-1000s while only changing a limited number of parameters.
  • Page 33 Chapter 5: Initial Configuration of an ER-1000 Figure 9. Initial configuration web page TR0190 Rev. A1...

  • Page 34: Status Information

    Chapter 6: Status Information Status Information Multiple web interface pages that display status information about the ER-1000 and client devices attached to it are available. These web pages are accessible by clicking on the “Status” link in the navigation bar and then selecting the appropriate tab shown at the top of the page.

  • Page 35: Interface Status

    Chapter 6: Status Information Interface Status Traffic and neighbor information for the virtual AP and wired interfaces are available on the “Status” tab of the “Status” page. Select the appropriate interface for which you wish to view information from the row of tabs below the primary tab row. 6.2.1 Virtual AP Interfaces The sub-tabs display status information about the virtual AP interfaces.

  • Page 36: Wired Interface Status

    Figure 12. Wired interface status information Bridging The “Bridging” tab is only present when the ER-1000 is in bridge mode. This page displays information about the current bridge configuration. A summary of the interfaces that are bridged is provided at the top of the page. This is followed by a list of known devices, identified by their MAC addresses.

  • Page 37: Routing Table

    Chapter 6: Status Information Figure 13. Bridging status information Routing Table The routing table used by the device can be displayed by selecting the “Routing” tab on the “Status” page. TR0190 Rev. A1...

  • Page 38: Arp Table

    Chapter 6: Status Information Figure 14. Routing table ARP Table The device’s ARP table can be displayed by selecting the “ARP” tab on the “Status” page. Figure 15. ARP table TR0190 Rev. A1...

  • Page 39: Event Log

    Chapter 6: Status Information Event Log The main system log for the device is accessible by selecting “Event Log” on the “Status” page. The log is displayed in reverse chronological order, with the last recorded event appearing at the top of the page. Figure 16.
  • Page 40 Chapter 6: Status Information Figure 17. DHCP event log The time reported in the DHCP Log corresponds to the time maintained by the ER- 1000and may not be consistent with that shown in the upper left corner of the webpage as this is the time maintained by the computer running the web browser. TR0190 Rev.

  • Page 41: Configuration Profile Management

    Enter a profile name or select an existing profile name from the list of existing configurations, and then click on “Save Profile”. The saved profile is stored locally on the ER-1000 and will appear in the “Existing profiles” text box. Use the “Download from Node” tab to download it to a different device.

  • Page 42: Load A Configuration Profile

    Chapter 7: Configuration Profile Management Load a Configuration Profile A configuration stored on the ER-1000 can be applied using the “Load” tab on the “Profile Management” page. This profile must either have been saved earlier or uploaded to the ER- 1000.

  • Page 43: Downloading A Configuration Profile From An Er-1000

    Figure 20. Deleting a configuration profile Downloading a Configuration Profile from an ER-1000 A configuration profile can be download from an ER-1000 using the “Download from node” tab on the “Profile Management“ page. The existing configuration profiles are listed on this page.

  • Page 44: Uploading A Configuration Profile To An Er-1000

    Chapter 7: Configuration Profile Management Uploading a Configuration Profile to an ER-1000 A configuration profile can be uploaded to an ER-1000 using the “Upload to node” tab on the “Profile Management” page. Use the “Browse” button to select a profile file on your host computer for upload to the ER-1000.

  • Page 45: Mode Of Operation

    Chapter 8: Mode of Operation Mode of Operation The ER-1000 can be configured to operate in either routed or bridge mode. In routed mode, all communication is managed at the IP (layer 3) level, with the ER-1000 acting as a router. In bridge mode, all communication across the ER-1000 is managed at the MAC (layer 2) level, with the ER-1000 acting as a switch.
  • Page 46 Chapter 8: Mode of Operation The ER-1000’s operating mode is set with the ‘scheme’ parameter in the ‘sys’ interface. Valid values are ‘aponly’ for routed mode and ‘l2bridge’ for bridge mode. For example, set the operating mode to routed mode with: >...

  • Page 47: System Settings

    Chapter 9: System Settings System Settings This section describes settings that are applicable to the overall operation of the ER-1000, but are not related directly to a particular interface. User Password The password for the ‘admin’ user is configurable. The default password is ‘default’.

  • Page 48: Node Id

    BRIDGE explicitly set or acquired via DHCP. The node ID assigned to an ER-1000 affects the IP address spaces assigned to each of the ER-1000’s virtual AP client access interfaces when it uses implicit addressing in routed mode. If multiple ER-1000s are connected to the same LAN, it is recommended that they be assigned different node IDs unless they have the NAT option enabled or use the explicit addressing scheme.

  • Page 49: Dns / Domain Settings

    Chapter 9: System Settings DNS / Domain Settings At least one DNS server, accessible from the ER-1000, must be specified for the device to be able to resolve host names. This DNS server is also provided to client devices that acquire an IP address from the local DHCP server on an ER-1000.

  • Page 50: Dns Proxy Configuration

    DNS proxy entries can be added to an ER-1000 to force local resolution of host names to IP addresses for the hosts in the proxy list. Use of a DNS proxy list on the ER-1000 is a two step process, first populating the host name/IP address pairs, and then enabling DNS proxy.

  • Page 51: Netbios Server

    NetBIOS Server The NetBIOS server parameter is used to define a NetBIOS server’s IP address that is provided to client devices when configured by the ER-1000’s local DHCP server. BRIDGE The NetBIOS settings are not used when operating in bridge mode.

  • Page 52: Location

    Chapter 9: System Settings The contact person and location of the device located via SNMP are set with the ‘snmp.contact. and ‘snmp.location’ parameters in the ‘sys’ interface as shown below. > use sys sys> set snmp.contact=”Joe Smith” sys> set snmp.location=”123 Main St., Anytown, USA” Web GUI The SNMP-related parameters can be set on the “SNMP”...
  • Page 53 Chapter 9: System Settings The geographic location of the ER-1000 can be stored in the following fields in the ‘sys’ interface: • sys.location.gps.altitude • sys.location.gps.latitude • sys.location.gps.longitude For example, you can set the latitude value as follows. > use sys sys>...

  • Page 54: Certificate Information

    State/Province, or Country parameters will cause the certificate information to be recalculated. Time Synchronization An ER-1000 can be configured to synchronize its internal clock with an external RFC-868- compliant time server. The time synchronization will ensure that proper time stamps are displayed for entries in the event logs that are available on the web GUI’s “Status”...
  • Page 55 The synchronization mode and server can be set on the “Time” tab on the “System” page (Figure 30). Figure 30. Automatic time synchronization When automatic synchronization is disabled, the user can set the ER-1000’s UTC time (Figure 31). Enter the time using the available drop-down menus and check the “Change Time” checkbox.

  • Page 56: Web Gui Console

    9.11 OnRamp Configuration Access ONRAMP IS A PC-BASED TOOL THAT WILL BECOME AVAILABLE TO SUPPORT INITIAL CONFIGURATION OF THE ER-1000. IT HAS NOT BEEN RELEASED AT THE TIME OF THE WRITING OF THIS DOCUMENT. CHECK WWW.TRANZEO.COM/ONRAMP FOR STATUS. IT IS RECOMMENDED THAT ONRAMP CONFIGURATION ACCESS IS DISABLED UNTIL THE TOOL IS MADE AVAILABLE.
  • Page 57 Chapter 9: System Settings The OnRamp utility provides network detection and configuration capabilities for ER-1000s. The configuration capabilities are only intended for initial configuration and for security reasons, it is strongly recommended that OnRamp configuration capability is disabled after initial configuration. You can use the CLI, the web interface, or OnRamp to determine whether a device can be configured from OnRamp.

  • Page 58: Cli Timeout

    Chapter 9: System Settings 9.12 CLI Timeout The CLI will automatically log out a user if the interface has remained inactive for a certain length of time. The time, in seconds, that a shell must remain inactive before a user is automatically logged out is set with the ‘shell.timeout’...

  • Page 59: Client Addressing Schemes

    Alternatively, explicit address spaces can be defined for each client access interface. The addressing scheme choice also affects what the addresses of client devices will be when the ER-1000 is not operating in centralized DHCP server mode.

  • Page 60: Implicit Addressing Scheme

    Figure 35. Figure 35. Subnet address structure If the ER-1000 is operating in centralized DHCP server mode, the addresses used for the implicit addressing scheme have no bearing on the addresses that are assigned to client devices through DHCP.

  • Page 61: Lan Prefix

    The suggested values for the LAN prefix are 10.x and 192.168. The LAN prefix parameter only has an effect on an ER-1000 using the explicit addressing scheme when explicit addresses have not been defined for the client access interfaces. See section 10.2 for more information on use of the LAN prefix when using the explicit addressing...
  • Page 62 Each of the enabled interfaces’ address segments should be configured to avoid overlap with the other interfaces’ address segments. In the case where an ER-1000 is not configured such that this requirement is met, address spaces will be automatically reduced in size to prevent overlap.
  • Page 63 Chapter 10: Client Addressing Schemes The actual start address and size of a segment are accessible via the ‘ip.implicit.start.actual’ and ‘ip.implicit.size.actual’ parameters. These may values may differ from the requested values if the rules for setting these parameters were not abided by. Web GUI The address space segments’...

  • Page 64: Explicit Addressing Scheme

    Chapter 10: Client Addressing Schemes 10.2 Explicit Addressing Scheme When using the explicit addressing scheme, the IP parameters for each interface can be specified manually on the “Wireless Interface” page. When specifying the IP addresses and subnet sizes for the client access interfaces, the following rules should be followed: •...
  • Page 65 Chapter 10: Client Addressing Schemes See section 13.3 for instructions on how to set the IP addresses for the wired and wireless client access interfaces when using the explicit addressing scheme. TR0190 Rev. A1...

  • Page 66: Ethernet Interface Configuration

    IP access to the ER-1000 when operating in bridge mode. The Ethernet interface is used to connect the ER-1000 to a LAN. It is also used for initial configuration of the device. The Ethernet interface IP address can either be acquired from a DHCP server on the LAN or be set manually.
  • Page 67 Chapter 11: Ethernet Interface Configuration To set the DHCP mode to ‘client’ on the Ethernet interface, set the value of the ‘dhcp.role’ parameter in the ‘eth0’ interface to ‘client’, as shown in the example below. > use eth0 eth0> set dhcp.role=client To disable Ethernet DHCP client mode, set the DHCP mode parameter to ‘none’...
  • Page 68 Chapter 11: Ethernet Interface Configuration Figure 38. Wired DHCP settings TR0190 Rev. A1...

  • Page 69: Manual Ip Configuration

    ID settings is available through the CLI and the web GUI. Note that for the manually configured IP address to be used, the Ethernet DHCP mode setting must be set to ‘none’ if the ER-1000 is connected to a network which provides access to a DHCP server.
  • Page 70 Chapter 11: Ethernet Interface Configuration eth0> set ip.netmask_force=255.255.255.0 Web GUI The Ethernet IP address, gateway, netmask, and broadcast address parameters can be set via the web interface using the “Wired Interface” page (see Figure 37). The current IP values can be viewed on the “Status”...

  • Page 71: Bridge Interface Configuration

    Chapter 12: Bridge Interface Configuration 12 Bridge Interface Configuration 12.1 IP Configuration The bridge interface has an IP address that can be set manually or acquired via DHCP. With the exception of the fixed configuration IP address, this is the only active IP address on the device when it is operating in bridge mode.
  • Page 72 Chapter 12: Bridge Interface Configuration Figure 39. Bridge configuration page with DHCP client mode disabled The DHCP mode for the bridge interface is set on the “DHCP” tab on the “System” page. When bridge mode is selected, the only setting available on this page is the bridge DHCP mode, as shown in Figure 40.

  • Page 73: Bridging Parameters

    The forwarding delay sets how long, in seconds, the ER-1000 will watch traffic before participating. If there are no other bridges nearby the ER-1000 this value can be set to 0. When the DHCP mode for the bridge interface is set to ‘client’, the forwarding delay will be automatically set to 15 to avoid DHCP requests timing out.

  • Page 74: Virtual Access Point (Vap) Configuration

    Chapter 13: Virtual Access Point (VAP) Configuration 13 Virtual Access Point (VAP) Configuration An ER-1000 has four virtual access points (VAPs) that can be configured to suit different application needs. These VAPs share a common radio, but, with a few exceptions noted in this chapter, can be configured independently.

  • Page 75: Virtual Access Point Interfaces

    They cannot be changed directly when the device is using the implicit addressing scheme. When an ER-1000 is configured to use the implicit addressing scheme, set the IP address to the desired value by modifying the node ID and LAN prefix parameters (see sections 9.2 and...
  • Page 76 [read-only] ip.implicit.start.requested = 1 When an ER-1000 is using the implicit addressing scheme, the VAP IP settings can be changed by altering the ‘id.node’, ‘id.mesh’, and ‘id.lanprefix’ parameters in the ‘sys’ interface and the ‘ip.implicit.start.requested’ parameter in the appropriate ‘wlanN’ interface.

  • Page 77: Channel

    Chapter 13: Virtual Access Point (VAP) Configuration 13.4 Channel The ER-1000HG has an 802.11b/g radio that can be set to operate in the channels listed in Table 9. Channel Center Frequency (GHz) 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462...

  • Page 78: Essid

    Chapter 13: Virtual Access Point (VAP) Configuration wlan1> set channel=6 Web GUI The access point channel can be set via the web interface using the appropriate “wlanN” tab on the “Wireless Interfaces” page (see Figure 41). 13.5 ESSID The ESSID, or Extended Service Set Identifier, is used in 802.11 infrastructure networks to identify a particular network consisting of one or more Basic Service Sets.

  • Page 79: Ip Configuration Of Client Devices

    • Via DHCP from a centralized server • Via DHCP from a local server on the ER-1000 that the client device is connected to • Be manually configured When the ER-1000 is operating in bridge mode, the client device IP address requirements will depend on the settings for the LAN that the ER-1000 is connected to.
  • Page 80 Chapter 13: Virtual Access Point (VAP) Configuration Figure 42. Virtual access point and wired interface DHCP and address space settings If the local DHCP server is enabled for an VAP interface, IP addresses must be reserved for statically configured devices by setting the DHCP reserve parameter. This will reserve the specified number of IP addresses at the bottom of the IP range for the interface.

  • Page 81: Client Devices

    Figure 43. Virtual access point client device status information 13.8 Encryption and Authentication The ER-1000 supports several common encryption/authentication schemes, including WEP, WPA, and WPA2, to provide secure wireless access for client devices. WEP keys with 40-bit or 104-bit lengths, pre-shared WPA keys, and multiple WPA-EAP modes.

  • Page 82: Wep Encryption

    The WEP and WPA configuration settings for each VAP are independent. A VAP can only support one of the encryption/authentication modes at a time, but the VAPs in the ER-1000 do not all have to use the same encryption/authentication scheme.

  • Page 83: Wpa Pre-Shared Key Mode (Wpa-Psk)

    In WPA pre-shared key (PSK) mode, a common passphrase is used for client devices connecting to an ER-1000 VAP. To set the WPA-PSK mode, enable WPA for the interface and set the pre-shared key value as shown below. The passphrase must be between 8 and 63 characters in length.

  • Page 84: Wpa Eap Mode

    32 characters in length. See section 20.5 for instructions on how to test the RADIUS configuration and a specific set of credentials. To configure the ER-1000 to support 802.1x authentication, the following parameters in a ‘wlanN’ interface must be set: TR0190 Rev. A1...

  • Page 85: Transmit Power Cap

    13.9 Transmit Power Cap The maximum transmit power cap of the ER-1000’s radio is configurable. Increased output power will improve communication range, but will also extend the interference range of the radios. By default, the power cap is set to 30 dBm so as not to limit the power of the AP.

  • Page 86: Radio Rate

    Chapter 13: Virtual Access Point (VAP) Configuration The example below shows how to set the access point radio’s maximum transmit power using the CLI. The Tx power is specified in dBm, with a granularity of 0.5 dBm. > use wlan1 wlan1>...

  • Page 87: Beacon Interval

    Chapter 13: Virtual Access Point (VAP) Configuration The example below shows how to set the preamble type used by a VAP using the CLI. The preamble type is set with the ‘iwpriv.short_preamble’ parameter in the ‘wlanN’ interfaces. To enable short preambles, set this parameter to ‘1’. To force use of long preambles, set this parameter to ‘0’.
  • Page 88 Chapter 13: Virtual Access Point (VAP) Configuration be increased by setting a custom maximum link distance value. This value can be specified in either metric or imperial units. The maximum link distance setting is uniform across all VAPs. Changing it for one will automatically change it for all others as well.

  • Page 89: Client Dhcp Configuration

    DHCP messages between client devices and the centralized server. The DHCP modes for client access interfaces on an ER-1000 can be set individually to use a local server, a centralized server, or be disabled. This allows a device to support client access interfaces with a combination of centralized and localized DHCP.
  • Page 90 Chapter 14: Client DHCP Configuration The ER-1000 can be configured to set aside a number of IP addresses for client devices that will use a static IP address. These IP addresses are taken from the pool that DHCP assigns IP addresses from.
  • Page 91 Chapter 14: Client DHCP Configuration The DHCP reserve setting for all VAPs and the wired interface can be set via the web interface using the “DHCP” sub-tab under the “DHCP” tab on the “System Parameters” page (see Figure 45). Figure 45. Virtual access point DHCP configuration TR0190 Rev.

  • Page 92: Using A Centralized Dhcp Server

    IP addresses are assigned, must be defined. The active VAP client access interfaces on the ER-1000 (there can be up to 4 per ER-1000) must also have IP addresses that fall within the CAS. This is to facilitate DHCP relay and selection of client device IP addresses from the correct DHCP scope on servers that serve hosts connected to different subnets.

  • Page 93: Support For Clients With Static Ip Addresses

    This IP address can be the same as for the DHCP server, but need not be. Each client access interface on the ER-1000 that is to support centralized DHCP server mode must have its DHCP mode set to “server” for it to support relay of IP addresses to client devices from a central DHCP server.
  • Page 94 > use sys sys> set dhcp.relay.dhcp_subnet=192.168.5.0/24 The Base Value, which sets the IP address of client access interfaces on an ER-1000, is set through the ‘dhcp.relay.base’ parameter in the ‘sys’ interface. > use sys sys> set dhcp.relay.base=192.168.5.3 Web GUI Centralized DHCP mode can be enabled via the web interface on the “DHCP Relay”...

  • Page 95: Configuring The Central Dhcp Server

    The range must not include the IP addresses set aside for the client access interfaces on the ER-1000. The following is a segment of the dhcpd.conf file for a Linux DHCP server (ISC DHCP server) that illustrates the scope settings for the part of the network pertaining to the ER-1000: TR0190 Rev. A1...
  • Page 96 DHCP settings on the ER-1000. In this example, two IP addresses are set aside for the DHCP server and the ER-1000’s Ethernet interface and four IP addresses are set aside for the client access interfaces on the ER-1000. Therefore the address pool starts from 192.168.5.7.

  • Page 97: Connecting An Er-1000 To A Lan

    With this configuration and with the implicit client addressing scheme in use, the router on the network that the ER-1000 is attached to must be configured to forward the client access interface subnets to the ER-1000s Ethernet IP address. The subnet that needs to be forwarded Class C subnet: <LAN prefix octet 1>.<LAN prefix octet 2>.<node ID>.0...

  • Page 98: Network Address Translation (Nat)

    The advantages of using NAT are: • You can easily attach an ER-1000 to an existing network. You do not need to modify any settings on the router on your existing network to forward packets to the IP addresses used for the VAP interfaces and their client devices.

  • Page 99: Bridge Mode

    The NAT state can be set via the web interface on the “Wired Interface” page (Figure 47). Figure 47. NAT and VPN settings 15.2 Bridge Mode In bridge mode, the ER-1000 can be connected to a LAN with minimal configuration. See section 12.2 for the parameters that are available to control bridging behavior. TR0190 Rev. A1...

  • Page 100: Controlling Access To The Er-1000

    The firewall should typically be enabled on all ER-1000s since it prevents undesired access them. By default, the ports listed in Table 12 are set to be allowed for connection to the ER-1000. Function...

  • Page 101: Gateway Firewall

    16.2 Gateway Firewall The gateway firewall blocks connections originating outside the ER-1000 and its client address spaces from entering the device, protecting VAP client devices from unwanted traffic. The gateway firewall will permit return traffic for connections that originate from devices in the VAP client subnets.

  • Page 102: Blocking Client-To-Client Traffic

    Client-to-client traffic can be blocked or permitted on a per-interface basis. By enabling client- to-client traffic blocking for one or more of an ER-1000’s client access interfaces, the client devices that attach to that particular interface will not be able to communicate with any client devices attached to that or any other client access interface on the ER-1000.

  • Page 103: Connection Tracking

    Chapter 16: Controlling Access to the ER-1000 Web GUI The client isolation parameters can be set via the web interface on the “Firewall” tab on the “Security” page (see Figure 48). By setting an interface’s client isolation parameter to ‘yes’, client devices connecting to that interface will not be able to communicate with any other client devices connected to the ER-1000.

  • Page 104: Connection Tracking Table Size

    Chapter 16: Controlling Access to the ER-1000 sharing applications. A number of parameters are available for tuning how connection tracking is handled. 16.4.1 Connection Tracking Table Size The size of the connection tracking table can be set. Allowed values are in the range from 4096 to 16384.

  • Page 105: Limiting Number Of Tcp Connections Per Client Device

    TCP connections allowed per client device. 16.5 Custom Firewall Rules Custom firewall rules can be added that control how traffic forwarded by an ER-1000 is handled. For example, rules can be added to: • Block client traffic on certain ports •...
  • Page 106 Chapter 16: Controlling Access to the ER-1000 rules for iptables, with the exception of the chain that they are to be added to cannot be specified. All rules will be applied to the iptables forwarding chain. List one rule per line in the text box on the “Custom Rules” tab and click on the “Save and Apply Changes”...

  • Page 107: Access Control Lists (Acls)

    Chapter 16: Controlling Access to the ER-1000 Figure 49. Custom firewall settings 16.6 Access Control Lists (ACLs) The access control lists (ACLs) for the VAP interfaces (wlan1-wlan4) block access to any device with a MAC address matching those on the list. Individual ACLs can be defined for each VAP.
  • Page 108 Chapter 16: Controlling Access to the ER-1000 Figure 50. VAP ACL configuration TR0190 Rev. A1...

  • Page 109: Quality Of Service (Qos) Configuration

    Priority level settings are supported in bridge mode. BRIDGE The ER-1000 has extensive support for quality of service settings that allow traffic to be prioritized based on the source interface, destination interface, and type of traffic. The ER- 1000 QoS scheme allows both rate limiting and rate reservation for all interfaces.
  • Page 110 Chapter 17: Quality of Service (QoS) Configuration When sending data out through any of the wireless interfaces (wlanN), these hardware priorities map directly to the 802.11e hardware priority output queues on the wireless card. The default level for all traffic is Best Effort. To increase the hardware priority of all traffic originating from a particular interface, set the value of Min Hardware Priority to a value larger than 1.
  • Page 111 Chapter 17: Quality of Service (QoS) Configuration The example below shows how to configure the system such that all traffic from ‘wlan1’ with a ‘Voice’ or ‘Video’ priority will be reduced to a ‘Best Effort’ priority. Traffic with ‘Best Effort’ and ‘Background’...

  • Page 112: Rate Limiting

    Chapter 17: Quality of Service (QoS) Configuration Figure 52. Advanced QoS configuration (only settings for some interfaces are shown) 17.2 Rate Limiting A rate limit can be set at each QoS Control Point shown in Figure 53. The Control Points can be split into three groups, listed below in decreasing order of importance: •...
  • Page 113 Data rate limits can also be imposed based on traffic type through an interface. The maximum data rate for a certain type of traffic that enters the ER-1000 through a particular interface and exits it through another interface can be limited.

  • Page 114: Rate Reservation

    Chapter 17: Quality of Service (QoS) Configuration wlan1, wlan2, wlan3, wlan4; and <input intf> is one of the following: default, eth0, local, wlan1, wlan2, wlan3, wlan4. The ‘out.default.default.limit’ value is applied to interfaces that have the ‘out.<output intf>.<input intf>.limit’ parameter set to ‘inherit’ or is left blank. The example below shows how to limit the maximum output rate of data from wlan1, wlan2, wlan3, and wlan4 through the eth0 interface to 2 Mbps, 1 Mbps, 512 kbps, and 256 kbps, respectively.
  • Page 115 A rate reservation, which guarantees a certain amount of bandwidth, can be made for traffic that enters the ER-1000 through a particular interface and exits it through another interface. Rate reservations can also be set based on traffic type through an interface. The default value set for the ER-1000 rate reservation is applied to interfaces that have their bandwidth reservation parameters set to ‘inherit’...
  • Page 116 A rate reservation for a certain type of traffic that enters the ER-1000 through a particular interface and exits it through another interface can be set with the ‘out.<output intf>.<input intf>.<traffic type>.reserve.’ parameters in the ‘qos’ interface, where <output intf> is one of the following: default, eth0, wlan1, wlan2, wlan3, wlan4;...

  • Page 117: Enabling Vlan Tagging

    Chapter 18: Enabling VLAN Tagging 18 Enabling VLAN Tagging The ER-1000 supports VLAN tagging, with each client access interface capable of supporting a different VLAN tag. 18.1 Client Access Interface Configuration VLAN tagging can be independently controlled on each client access interface (wlan1-4). The Enable VLAN parameters for the ‘wlan1’, ‘wlan2’, ‘wlan3’, and ‘wlan4’...

  • Page 118: Ethernet Interface Configuration

    Chapter 18: Enabling VLAN Tagging Figure 55. Configuring VLAN for VAP interfaces 18.2 Ethernet Interface Configuration For VLAN tags to be preserved on traffic that traverses the Ethernet interface, VLAN support must be enabled for the Ethernet interface. The “Enable VLAN” parameter for the wired interface controls the state of VLAN tagging.
  • Page 119 Chapter 18: Enabling VLAN Tagging When VLAN is enabled for the wired interface, data frames forwarded by the ER-1000 to the LAN will preserve their existing VLAN tag, if they have one. Frames that do not have a tag will be tagged with the default VLAN ID for the ER-1000’s Ethernet interface.

  • Page 120: Integration With Enterprise Equipment

    19.1 Configuring Splash Pages The ER-1000 supports splash pages, which can be used to restrict access to the 802.11 network and provide information to users that connect to the network. When a user connects through a client access interface to an ER-1000 with splash page support enabled, the splash page for the appropriate interface will be displayed and the user will be restricted from accessing other destinations on the Internet until they have logged in.
  • Page 121 Chapter 19: Integration with Enterprise Equipment Use the ‘splash.auth.server.wlanN.enable’ parameters in the ‘sys’ interface to select whether a user is required to provide login credentials for a particular interface. The example below illustrates how to set the parameter for the wlan1 interface such that a user will be required to login to access the network.

  • Page 122: Configuring Splash Urls

    Chapter 19: Integration with Enterprise Equipment 19.1.2 Configuring Splash URLs The URL that a user is redirected to for login purposes can be individually configured for each client access interface that supports splash pages (wlan1-4). URLs for successful login, failed login, and error conditions can also be specified for each interface.

  • Page 123: Sample Html Code For Splash

    The critical lines in Figure 58 are 6, 12, 15, and 19. The ‘action’ value in line 6 of Figure 58 must point to a server name for which there is a DNS proxy entry on the ER-1000 and the last part of it must be ‘/radius/login.cgi’.

  • Page 124: Configuring The Authentication Server

    Chapter 19: Integration with Enterprise Equipment <html> <head> <title>Test Login Page</title> </head> <body> <form method="POST" action="https://dns.proxy.name.here/radius/login.cgi"> Welcoming text or 'Terms of Service' could go here. <br /> <table border="0"> <tr> <td> Username: </td> <td> <input name="username" type="text"><br /> </td> </tr><tr> <td>...

  • Page 125: Trusted Mac Addresses

    Trusted MAC Addresses A list of trusted MAC addresses, which do not require splash page authentication, can be defined. When a device with one of these MAC addresses connects to an ER-1000, it will automatically have full access to the WAN.

  • Page 126: Bypass Splash Pages For Access To Specific Hosts

    Chapter 19: Integration with Enterprise Equipment Figure 60. Adding trusted MAC addresses and accessible hosts 19.1.6 Bypass Splash Pages for Access to Specific Hosts It is possible to specify a list of IP addresses that client devices can access without the client devices having to view a splash screen.

  • Page 127: Layer 2 Emulation

    In layer 2 emulation mode, an ER-1000 will respond to ARP requests if it has a route to the target IP address contained in the ARP request. The list of subnets that the ER-1000 has routes to includes implicit/explicit network addresses.
  • Page 128 Chapter 19: Integration with Enterprise Equipment > use sys sys> set l2.hide_internal.enable=yes sys> set l2.hide_internal.gateway.deny.all=yes Web GUI The state of layer 2 emulation is set on the “System” tab of the “System” page (see Figure 61). The console interface in the web GUI must be used to configure which address ranges the ER- 1000 responds to ARP requests for.

  • Page 129: Diagnostics Tools

    Chapter 20: Diagnostics Tools 20 Diagnostics Tools The ER-1000 has a number of diagnostics tools to help the user diagnose and correct configuration issues. These tools are available on the “Diagnostics” page, accessible from the navigation bar. The individual diagnostics tools are accessible from the row of tabs shown on the “Diagnostics”...

  • Page 130: Packet Capture

    Wireshark. 10. Click the checkbox next to the filename in the “Available tcpdump list” and click on the “Delete Selected” button. This will delete the file from the ER-1000 and free up space for other capture files.
  • Page 131 Wireshark. 10. Click the checkbox next to the filename in the “Available tcpdump list” and click on the “Delete Selected” button. This will delete the file from the ER-1000 and free up space for other capture files.

  • Page 132: Centralized Dhcp Testing

    The “DHCP” tab on the “Diagnostics” page can be used to test access to an external DHCP server when the ER-1000 is in centralized DHCP server mode (see Figure 65). Click on the “Test DHCP” button to initiate a test. The results of the test will be displayed at the bottom of the page.

  • Page 133: Radius Server Testing

    Chapter 20: Diagnostics Tools 20.5 RADIUS Server Testing The “RADIUS” tab on the “Diagnostics” page can be used to test authentication of credentials by a RADIUS servers used for splash page or WPA authentication (see Figure 66). Use the procedure below to test the validity of credentials with a RADIUS server. 1.
  • Page 134 Chapter 20: Diagnostics Tools Figure 67. Generating a diagnostic dump The list of diagnostic dumps available for download is displayed at the bottom of the page. The diagnostic dumps can be downloaded by clicking on the filenames. To delete one or more diagnostic dumps, select the check boxes next to the ones you wish to delete and then click on the “Delete Selected”...

  • Page 135: Firmware Management

    Prior to upgrading firmware, please contact Tranzeo technical support to find out if there are any version-specific instructions for upgrading from the firmware version you are currently using. The ER-1000 must have access to the Internet, and specifically the Tranzeo upgrade server, to complete an upgrade. TR0190 Rev. A1...
  • Page 136 Chapter 21: Firmware Management If power to the ER-1000 is lost during the upgrade process, it is possible that the device will become inoperable. The firmware can be upgraded using the “Upgrade” page. This page displays the following information: • Firmware currently installed on the ER-1000 •...

  • Page 137: Glossary

    Glossary Glossary Client access An interface on the ER-1000 used by a client device, such as an interface 802.11-enabled laptop, to connect to the ER-1000. The client access interfaces are the virtual APs wlan1 – wlan4. Client device A device that is connected to one of the ER-1000’s client access interfaces, e.g.

  • Page 138: Abbreviations

    Access Control List Access Point Command line interface Client access An interface on the ER-1000 used by a client device, such as an interface 802.11-enabled laptop, to connect to the ER-1000. The client access interfaces are the virtual APs wlan1 – wlan4.

This manual is also suitable for:

Er-1000hgEr-1000ha

Table of Contents