Planex CQW-AP108AG Installation And Configuration Manual

108 mbps wireless access point

page of 301

/ 301
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

Installation and

Configuration Guide

108 Mbps Wireless Access Point

CQW-AP108AG

Planex Communications

Head Quarters-Japan

PCI Building

12-7, Nihombashi Odemma-cho, Chuo-ku

Tokyo, 103-0011

www.planex.co.jp

Published: July 2004

Table of Contents

Summary of Contents for Planex CQW-AP108AG

Page 1 Installation and Configuration Guide 108 Mbps Wireless Access Point CQW-AP108AG Planex Communications Published: July 2004 Head Quarters-Japan PCI Building 12-7, Nihombashi Odemma-cho, Chuo-ku Tokyo, 103-0011 www.planex.co.jp...
Page 3: Table Of Contents
Installation Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25 Installation and Configuration Guide, (CQW-AP108AG)
Page 4 Stations - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 88 Installation and Configuration Guide, (CQW-AP108AG)
Page 5 Wireless Backhaul security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 130 Installation and Configuration Guide, (CQW-AP108AG)
Page 6 Managing Rogue Access Points - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 175 Installation and Configuration Guide, (CQW-AP108AG)
Page 7 Enrollment: Node Enrolled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 238 Installation and Configuration Guide, (CQW-AP108AG)
Page 8 Security: EAP response timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 273 Installation and Configuration Guide, (CQW-AP108AG)
Page 9 Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 283 Installation and Configuration Guide, (CQW-AP108AG)
Page 10: Preface
• Chapter 7, “Managing Security,” describes the encryption and authentication features of the 108 Mbps Wireless Access Point and explains how configure the security options. Installation and Configuration Guide, (CQW-AP108AG)
Page 11 108 Mbps Wireless Access Point. • Appendix C, “Alarms,” provides a description of the alarms generated by the 108 Mbps Wireless Access Point. • Glossary— Provides definitions for acronyms, networking terminology, and PLANEX- specific terms. Conventions Used in this Guide This guide uses the following conventions for instructions and information.
Page 12 Guide — Explains how to use PLANEX Wireless LAN Network Management Software to manage an enterprise wireless network. • PLANEX Command Line Interface (CLI) Reference Manual — Provides a listing of all the commands available for PLANEX wireless products through serial console access and the command line interface.
Page 13 Preface xiii Installation and Configuration Guide, (CQW-AP108AG)
Page 14: Overview
By greatly increasing the range, speed, reliability, security, and ease-of-use of wireless LAN (WLAN) systems, PLANEX products help to promote the mainstream adoption of wireless technology, and help to foster new wireless applications.
Page 15: Features Overview
For more information, refer to the Wireless LAN Network Management Software Installation and Configuration Guide. Figure 1 shows how PLANEX products operate in concert to create a wireless network. Figure 1: PLANEX Wireless Network RADIUS DNS &...
Page 16: Radio Resource Management
The 108 Mbps Wireless AP also provides support for 802.11f based Inter-Access Point Protocol (IAPP). Installation and Configuration Guide, (CQW-AP108AG)
Page 17: Portal Architecture
1 Overview Portal Architecture To support the range of network sizes and configurations served by PLANEX products, PLANEX has designed a built-in, flexible, portal services architecture for management and security. Each AP can be configured as an NM Portal AP to support the following services:...
Page 18: Security
RADIUS authentication service is used. Security PLANEX offers a comprehensive security solution that adheres to the following industry standards and draft standards: • Data encryption—WEP, Wi-Fi Protected Access (WPA) with TKIP or AES encryption •...
Page 19: Quality Of Service
PLANEX implements quality of service features using classes of service (COS). Eight COS levels are available for assignment according to user or application based rules. The COS approach does not guarantee bandwidth, but it does give “best effort”...
Page 20: Rogue Ap Detection And Classification
• 802.11a: OFDM (6, 9, 12, 18, 24, 36, 48, 54 Mbps) • 802.11g: OFDM (6, 9, 12, 18, 24, 36, 48, 54 Mbps) PLANEX also offers enhanced data rates of 72, 96, and 108 Mbps for enhanced performance. Integration With the Existing Wired Network PLANEX wireless networking solutions are standards-compliant to ensure seamless integration with existing wired network infrastructures.
Page 21: Management Interface Options
Management Software provides access to AP configuration functions and is designed to manage very large numbers of access points and networks. For more information, see the Wireless LAN Network Management Software Installation and User Guide. Installation and Configuration Guide, (CQW-AP108AG)
Page 22: Planning Your Installation
Example Wireless Network Installation Figure 3 shows the elements of a typical PLANEX wireless network. 108 Mbps Wireless Access Points provide wireless connectivity to client stations (laptop or desktop computers) and connect in turn to the existing wired network infrastructure and beyond to the Internet. Network size and...
Page 23: Assessing Coverage And Capacity Requirements
Figure 4 illustrates the contrast between typical wireless coverage and PLANEX wireless coverage. Each 108 Mbps Wireless AP can service a wider area or provide higher data rates than alternative solutions.
Page 24: Site Surveys
The latest security innovations and standards make it possible to provide complete and effective security for wireless networks. The specifics of an optimal security solution will vary according to the type and size of organization. For each environment, PLANEX offers a selection of features to satisfy all your security needs.
Page 25 Selecting a Network Management Method As with user authentication, appropriate network management solutions depend upon the size and complexity of the network, and PLANEX products and features are available to support the full range of possibilities. Installation and Configuration Guide, (CQW-AP108AG)
Page 26: Selecting A Network Management Method
LAN Network Management Software server on any suitably configured network computer, and permit network administrators to obtain access from any designated client station. For more information, see the PLANEX Wireless LAN Network Management Software Installation and Configuration Guide. Wireless LAN Network Management Software can be installed as a stand-alone network management solution, or it can be used in conjunction with NM Portal APs to create an efficient distribution system for network management data and policies across multiple locations.
Page 27: Planning Network Features
An authentication zone is a group of one or more RADIUS servers providing user authentication services within an SSID. If multiple SSIDs are configured, then you can create an authentication zone for each. The chosen authentication method influences how services can be configured in the network. Installation and Configuration Guide, (CQW-AP108AG)
Page 28 • Guest access requires open access security, and is not compatible with WEP. • Guest users can be authenticated by way of an internal or external web landing page, or can be given open access to a restricted portion of the corporate network. Installation and Configuration Guide, (CQW-AP108AG)
Page 29: Example Deployment Scenarios
Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings (Class of Service - COS) Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled A0036A Installation and Configuration Guide, (CQW-AP108AG)
Page 30 • Open the Station Management panel at any time to view a list of client stations associated to the AP. References: “Viewing IP Topology” on page 171 and “Managing Client Stations” on page 87. Installation and Configuration Guide, (CQW-AP108AG)
Page 31: Example 2: Small To Mid-Size Business With Wireless Backhaul
Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings (Class of Service - COS) Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled A0036B Installation and Configuration Guide, (CQW-AP108AG)
Page 32: Example 3: Mid-Size Business, Multiple Ssids, Multiple Vlans
The network configuration for this example is shown in Figure 9, and the feature decisions are shown in Figure 10. Figure 9: Example 3 Network FinanceVLAN CorporateVLAN CorporateVLAN FinanceVLAN VLAN Switch RADIUS Server Corporate Finance A0044B Installation and Configuration Guide, (CQW-AP108AG)
Page 33 1 Define or modify service profiles to include VLAN selection. service profiles 2 Bind each profile to an SSID with an existing or new user group. Reference: “Profile Table” on page 85 and “SSID Details” on page 83. Installation and Configuration Guide, (CQW-AP108AG)
Page 34: Example 4: Large Business, Guest Access, Extended Network Services
The network configuration for this example is shown in Figure 11, and the feature decisions are shown in Figure 12. Figure 11: Example 4 Network Corp Guest VLAN VLAN Corp-VLAN Guest-VLAN VLAN Switch RADIUS Server Password Guest Access Corp Guest A0045D Installation and Configuration Guide, (CQW-AP108AG)
Page 35 Reference: “Profile Table” on page 85 and “SSID Details” on page 83. Configure landing page 1 Choose an internal or external landing page. 2 Assign guest password. Reference: “Configuring Guest Access” on page 158 Installation and Configuration Guide, (CQW-AP108AG)
Page 36: Example 5: Large Campus With Branch Offices
The network configuration for this example is shown in Figure 13, and the feature decisions are shown in Figure 14. Figure 13: Example 5 Network NMS Pro RADIUS Server Server Enterprise Network Location A Location B NM Portal AP NM Portal AP A0046C Installation and Configuration Guide, (CQW-AP108AG)
Page 37 Management Software Installation and Configuration Guide Create and distribute • Use Wireless LAN Network Management Software to create configuration policies policies and distribute them to APs across the network. Reference: Wireless LAN Network Management Software Installation and Configuration Guide Installation and Configuration Guide, (CQW-AP108AG)
Page 38: Installing The Access Point
• Terminal emulator software Installation Requirements 108 Mbps Wireless Access Points are radio frequency devices and are therefore susceptible to RF interference and obstructions. When selecting locations for AP placement, try to choose places that Installation and Configuration Guide, (CQW-AP108AG)
Page 39: Power And Cabling Requirements
5 Plug the other end of the AC power cable into an approved three-prong grounded outlet (surge- protected and/or UPS is recommended). 6 Connect the power module connector to the power connector on the AP. The 108 Mbps Wireless Access Point powers up automatically. Installation and Configuration Guide, (CQW-AP108AG)
Page 40: Using Power Over Ethernet
• Unplugging either cable causes power to switch automatically to the other source. Placement and Orientation Make sure that the 108 Mbps Wireless AP is positioned in an upright position for airflow and antenna placement (Figure 16). Installation and Configuration Guide, (CQW-AP108AG)
Page 41: Verifying The Installation
AP and the network port. Interpreting the LEDs Refer to Figure 17 and Table 7 for LED definition. Figure 17: 108 Mbps Wireless AP LEDs A0004A Installation and Configuration Guide, (CQW-AP108AG)
Page 42: Connecting The Serial Port
Use the Configuration Management panel under System Configuration. See “Reset Configuration” on page 219. Reset button Press the reset button on the side of the AP. Power down Power down the AP by disconnecting the power cable (not recommended). Installation and Configuration Guide, (CQW-AP108AG)
Page 43: Using The Configuration Interfaces
AP features. NM Portal can also be launched from the web interface. NOTE: In the web interface, a red asterisk (*) next to a field name indicates that the field is required. Error messages are presented in text near the top of the panel. Installation and Configuration Guide, (CQW-AP108AG)
Page 44: Using Ap Quick Start To Initialize The Access Point
2 Depending on the browser security settings, a security alert may open with a prompt on whether to accept the PLANEX security certificate. Click Yes to accept the certificate and to open the login panel. 3 In the login panel, enter or confirm the administrative user name, enter the password, select a language, and click OK to open the web interface.
Page 45 Both roles allow the AP to function as an IEEE 802.11 wireless network node. As a portal AP, the following additional functions are available: • Configuration of the PLANEX wireless network using secure AP enrollment and policy-based configuration of APs •...
Page 46: Initializing A Normal Ap
Management IP Address fields are inactive. IP Address/Maskbits Static IP address and subnet prefix for the AP. Required if the IP address is not obtained automatically. The default is 192.168.1.254/24. Installation and Configuration Guide, (CQW-AP108AG)
Page 47 Indication of how close the APs will be to each other. For closely spaced APs that can support high data rates, select the high density option. For maximum coverage at lower data rates, selection the low density option. The default setting is Low. Installation and Configuration Guide, (CQW-AP108AG)
Page 48 AP is booted, or Periodic to auto-select the channel at the specified number of minutes. • Assign Fixed Channel: Select a static channel. In both of these cases, the channel set used for auto-scanning can also be restricted. Installation and Configuration Guide, (CQW-AP108AG)
Page 49: Initializing The Portal Ap
Email address of the person to be notified regarding alerts Address 8 Click Finish to complete the initialization process and bring up the AP Explorer Home panel. The process takes approximately two minutes. When the process is complete, the Home panel opens. Installation and Configuration Guide, (CQW-AP108AG)
Page 50: Navigating The Web Interface
• Version Summary—Opens a detailed list of model and serial numbers and hardware and software versions (see “Version Table” on page 44). • Wireless Summary links—Opens panels to configure SSID, client stations, radios, and encryption. • Management Summary—Shows current network management address settings. Installation and Configuration Guide, (CQW-AP108AG)
Page 51 3 Using the Configuration Interfaces Figure 25: Home Panel Installation and Configuration Guide, (CQW-AP108AG)
Page 52: Quick Start Panels
Indicate whether to use DHCP to obtain an IP address for the AP. If the box is Address cleared, the other Management IP Configuration fields are activated; if the box is selected, the other Management IP Configuration fields are inactive. Installation and Configuration Guide, (CQW-AP108AG)
Page 53 Click Apply to save changes in each section on the screen or Reset to return to previously saved values. Radio Config Tab Use the Radio Config tab (Figure 27) to configure bootstrap parameters for the two AP radios. Installation and Configuration Guide, (CQW-AP108AG)
Page 54 (U.S.). Alternatively, enter a country code. World Mode - Specify the type of environment in which the AP is installed (indoor, outdoor, Deployment or both). The Environment setting determines the maximum transmit power Environment and allowed channels of operation. Installation and Configuration Guide, (CQW-AP108AG)
Page 55 Current time in HH:MM:SS format (hours 0-23) Time Zone US-zone or GMT option. For US zone, click the radio button and select a time zone. For GMT, click the radio button and select an offset in HH:MM format. Installation and Configuration Guide, (CQW-AP108AG)
Page 56 Configure the following fields: Field Description SMTP Server Address Enter the IP address of the SMTP server used to reach the network administrator. Admin E-mail Address Enter the email address of the network administrator. Installation and Configuration Guide, (CQW-AP108AG)
Page 57 AP Quick Start - Bootstrap Configuration - Admin Email rjones@acmeworks.com Version Table The Version Table panel (Figure 25) lists model number, serial number, and hardware and software version information. Figure 31: AP Quick Start - Version Table Installation and Configuration Guide, (CQW-AP108AG)
Page 58: Other Panels
AP web browser interface. For detailed information on security options, see Chapter 7, “Managing Security.” To open the User Security wizard: Click User Security Wizard under AP Quick Start on the side menu. The User Access wizard opens (Figure 32). Figure 32: User Security Wizard Installation and Configuration Guide, (CQW-AP108AG)
Page 59 Figure 33: User Security Wizard - WPA-EAP 3 Confirm the SSID (wireless network name). 4 Select whether to use the internal RADIUS server included in the AP or an external RADIUS server. 5 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 60 2 Click Next to open the next User Security wizard panel (Figure 34). Figure 34: User Security Wizard - WPA-PSK 3 Enter the pre-shared key to use for network authentication and confirm your entry. 4 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 61 1 Select Using WEP, and click Next to open the next User Security wizard panel (Figure 35). Figure 35: User Security Wizard - WEP 2 Select the WEP key length. 3 Enter up to four WEP keys, and indicate which will be the default. 4 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 62 1 Select Open Access, and click Next to open the next User Security wizard panel (Figure 36). Figure 36: User Security Wizard - Open Access 2 Confirm that you want to configure the AP without user security. 3 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 63: Guest Access Wizard
• Click Guest Access Wizard under AP Quick Start on the side menu. The wizard (Figure 37) provides options to configure an internal landing page or an external landing page for users who open a web browser while on site. Figure 37: Guest Access Wizard Installation and Configuration Guide, (CQW-AP108AG)
Page 64 Guest Access Wizard - Internal Landing Page 4 Indicate whether the guest users will be able to access a subnet before they are authenticated as guest users. If yes, enter the IP address of the subnet. 5 Click Next. Installation and Configuration Guide, (CQW-AP108AG)
Page 65 If a subnet has been specified, then guests can access the subnet even if they are not able to log in. For further information about guest access, or to modify guest access parameters, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 66 If a subnet has been specified, then guests can access the subnet even if they are not able to log in. For further information about guest access, or to modify guest access parameters, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 67 3 Using the Configuration Interfaces Installation and Configuration Guide, (CQW-AP108AG)
Page 68: Configuring Radio Settings
AP. In this mode, the radio is called a Backhaul Point (BP mode). Wireless backhaul is also known as a wireless distribution system (WDS). Except in certain special configurations. Installation and Configuration Guide, (CQW-AP108AG)
Page 69: Configuring Radio Parameters
Configuration panel. The panel contains the following tabs: • Global Configuration—Set parameters that apply to both of the AP radios. • Persona Configuration—Set the radio mode or persona for normal (AP) operation or wireless backhaul (BP). Installation and Configuration Guide, (CQW-AP108AG)
Page 70: Global Configuration
NOTE: All the settings on this tab are optional. If the AP radio is enabled when the global configuration is changed, then it is necessary to reset the AP for the changes to take effect. If the radio is disabled, the changes take effect once the radio is enabled. Installation and Configuration Guide, (CQW-AP108AG)
Page 71 One radio is automatically assigned the BP persona and one the AP persona. Applies to dual radio APs only. The default setting of Any is recommended. Installation and Configuration Guide, (CQW-AP108AG)
Page 72 See “Channel Configuration” on page 65. Click Apply to save changes or Reset to return to previously saved values. Table 8:World Modes Country Environment Band Valid Channel Numbers 1,2,3,4,5,6,7,8,9,10,11 Indoor 1,2,3,4,5,6,7,8,9,10,11 Outdoor 1,2,3,4,5,6,7,8,9,10,11 52,56,60,64,149,153,157,161 Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Outdoor 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
Page 73 Europe Outdoor 100,104,108,112,116,120,124,128,132,126,140 France France Indoor France Outdoor France Not allowed France Indoor 36,40,44,48,52,56,60,64 France Outdoor 9,10,11,12,13 Austria 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Indoor 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Outdoor 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Not allowed Austria Indoor 36,40,44,48,52,56,60,64 Austria Outdoor Not Allowed Installation and Configuration Guide, (CQW-AP108AG)
Page 74 1,2,3,4,5,6,7,8,9,10,11,12,13,14 Japan 34,38,42,46 Japan Indoor 34,38,42,46 Japan Outdoor 34,38,42,46 Singapore 9,10,11,12,13 Singapore Indoor 9,10,11,12,13 Singapore Outdoor 9,10,11,12,13 Singapore 52,56,60,64,149,153,157,161 Singapore Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Singapore Outdoor 52,56,60,64,149,153,157,161 Israel 4,5,6,7,8,9 Israel Indoor 4,5,6,7,8,9 Israel Outdoor 4,5,6,7,8,9 Israel 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
Page 75 4 Configuring Radio Settings Table 8:World Modes (continued) Country Environment Band Valid Channel Numbers Israel Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Israel Outdoor 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
Page 76: Admin State Configuration
NOTE: Each access point can have at most one BP radio. Click Apply to save changes or Reset to return to previously saved values. Click Reset Radio to Default to return the settings on all the radios to their factory defaults. Installation and Configuration Guide, (CQW-AP108AG)
Page 77 Any and AP Wireless All combinations 1 radio AP, 1 radio BP except both radios AP Wireless Both radios AP Not permitted Wired Connection means that the AP has Ethernet connectivity and that the connection is active. Installation and Configuration Guide, (CQW-AP108AG)
Page 78: Channel Configuration
Set the following values in the Radio Interface Selection and Channel Configuration areas of the tab: Feature Description Select Radio Interface Select the AP radio (wlan0 or wlan1). Channel Number Select a valid channel for radio operation, or accept the Automatic Channel Selection option. Installation and Configuration Guide, (CQW-AP108AG)
Page 79 Click Apply to save changes or Reset to return to previously saved values. Click Force Select Best Channel to trigger the channel selection algorithm for the AP radio, including a switch-over to a better channel, if available. The Force Select Reselect Channel button applies only to the selected AP radio interface. Installation and Configuration Guide, (CQW-AP108AG)
Page 80: Performance
Select the AP radio (wlan0 or wlan1) Enhanced Data Rates Enable or disable the PLANEX enhanced data rates of (72, 96, and 108 Mbps). This setting is rejected if the enhanced Dot11 extensions are disabled and an attempt is made to configure enhanced data rates. It is recommended to accept the default of Enabled.
Page 81 • If this setting is used, then auto-adaptation cannot be enabled for the selected radio. Only the fixed rate setting applies. • This mode setting can be used for operations with PLANEX clients. • Auto-ack – The acknowledgement policy is selected automatically based on current link conditions.
Page 82: Admission
Multi-Vendor STA Accept allows all stations to associate; Reject restricts association to Admission Criteria - compatible client stations, excluding non-compatible or non-PLANEX Multi-Vendor Station stations. Backhaul Admission Indicates whether to accept association from client stations, trunks or both: Criteria - Accept STA or Trunk—Accept association from client stations or BP radios.
Page 83: Setting The Advanced Radio Configuration
Select Radio Interface Select the AP radio (wlan0 or wlan1). IEEE 802.11 Mode in Select whether the radio is configured for 802.11b or 802.11g operation when 2.4 Band it operates in the 2.4 GHz band. Installation and Configuration Guide, (CQW-AP108AG)
Page 84 Indicate whether to support standard Dot11 extensions, enhanced extensions, or both. The checkboxes enable or disable standard 802.11 extensions such as 11h, 11e, 11g or 11i, or PLANEX enhanced features, which are compatible only with PLANEX client stations. If the Enhanced 802.11 extensions option is selected, then it is possible to enable the following through the CLI (they are not automatically enabled).
Page 85: Mac Configuration
MAC (Medium Access Control) layer. NOTE: Changes on the MAC Configuration tab should only be made by trained network personnel. The AP radio restarts automatically when these parameter changes are applied. Figure 48: MAC Configuration Tab Installation and Configuration Guide, (CQW-AP108AG)
Page 86: Viewing Radio Statistics
The Radio State tab (Figure 49) contains details on the current configuration and utilization of each radio interface. The state information varies according to whether the radio is operating as a normal access point radio (AP mode) or as a backhaul point (BP mode). Installation and Configuration Guide, (CQW-AP108AG)
Page 87 Radio MAC Address MAC address of radio Radio Admin State Administrative status of the radio (enabled or disabled) Radio Operation State Operational status of the radio (enabled or disabled) Operating Band Current band of operation Installation and Configuration Guide, (CQW-AP108AG)
Page 88 Maximum MSDU receive lifetime External antenna Indication of whether the radio has an external antenna (true) or not (false) Interference Radio interference in the surrounding wireless environment pertaining to the channel of operation, in dBm. (AP persona only) Installation and Configuration Guide, (CQW-AP108AG)
Page 89: Radio Statistics
Count of MSDU not transmitted successfully due to the number of transmit attempts exceeding either the dot11ShortRetryLimit or dot11LongRetryLimit. Received Fragment Count for successfully received MPDUs of type Data or Management. Count Received Frame Count Count of successfully received frames (MSDUs) Installation and Configuration Guide, (CQW-AP108AG)
Page 90 Transmitter MAC address indicates that the frame should not have been encrypted or that frame is discarded due to the receiving STA not implementing the privacy option. (Valid only if encryption is WEP) # of transmitted Beacons Count of successfully transmitted beacons Installation and Configuration Guide, (CQW-AP108AG)
Page 91: Viewing Radio Neighbor Details
Indication of whether or not the neighbor is an AP with which the IAPP protocol can be established Strength Strength of Radio neighbor signal, in percent Load percentage Load on the AP, in percent STA Count Number of client stations served by the neighboring AP Installation and Configuration Guide, (CQW-AP108AG)
Page 92: Configuring Ssid Parameters
SSID Configuration panel, as explained in this section. Multiple SSIDs are also supported. “Multiple SSIDs” on page 86 explains how to enable this feature and permit clients to access multiple wireless networks through the same access point. Installation and Configuration Guide, (CQW-AP108AG)
Page 93: Ssids And Service Profiles
• SSID Table—View the current SSID configuration, modify the configuration, or add new SSIDs. • SSID Details—View the association between SSIDs and service profiles. • Profile Table—Manage service profiles. • Multiple SSID—Enable the multiple SSID feature. Installation and Configuration Guide, (CQW-AP108AG)
Page 94: Ssid Table
The RADIUS authentication zone for the SSID PSK-Type The type of pre-shared key used, if WPA is the encryption suite MAC-ACL MAC-ACL authentication enabled or disabled Auth Servers The RADIUS server used for user authentication Installation and Configuration Guide, (CQW-AP108AG)
Page 95 SSID in the AP beacon, or to suppress broadcast of the configurations only) SSID for increased security. The SSID is never broadcast in multiple SSID configurations. To change the SSID broadcast setting: 1 Select no or yes. 2 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Page 96: Ssid Details
Any attempt to delete the null user group, automatically associates it to the default service profile. Profile Service profile name. VLAN VLAN assigned to the service profile. Class of service values assigned to the service profile. Installation and Configuration Guide, (CQW-AP108AG)
Page 97 “SSID Authentication” on page 142. After defining the security settings, click Back on the browser to return to the SSID Details tab. Figure 56: SSID Configuration - Bind Service Profile to SSID Installation and Configuration Guide, (CQW-AP108AG)
Page 98: Profile Table
NOTE: Changes made to SSID or service profiles cause affected users to be automatically disassociated from the AP. The AP then attempts to reassociate them automatically. This causes a momentary interruption in service. Figure 57: SSID Configuration - Profile Table Installation and Configuration Guide, (CQW-AP108AG)
Page 99: Multiple Ssids
SSIDs: one to accommodate the normal corporate network and one for a separate video conference network, which requires a higher quality of service. Figure 58: Example Use of Multiple SSIDs to Differentiate Levels of Service 10/100 Switched Ethernet Corporate Video COS=4 COS=7 SSID="Corporate" SSID="Video" A0043B Installation and Configuration Guide, (CQW-AP108AG)
Page 100: Managing Client Stations
SSID in its beacon frame. In order for a client to associate with the 108 Mbps Wireless AP configured for multiple SSIDs, a profile for each target SSID must be created on the client workstation using the Windows Zero Config (WZC) Add function or the PLANEX Client Utility Create function.
Page 101: Stations
Group name Group to which the client station belongs Association Type Normal or transferred. Transferred means that the client station has been moved from the mate AP radio. Association Status Associated or Reassociated to the AP Installation and Configuration Guide, (CQW-AP108AG)
Page 102: Link Statistics
Station MAC address The MAC address that identifies the station Mode 802.11 mode used by the station (11a, 11b or 11g) Uplink Signal Strength Average signal strength on uplink (station to AP direction) as a percentage Installation and Configuration Guide, (CQW-AP108AG)
Page 103: Security Statistics
Number of packets that did not receive expected acknowledgement Timeouts Security Statistics The Security Stats table (Figure 62) provides detailed security information for the connection between the AP and client station. Figure 62: Station Security Statistics Installation and Configuration Guide, (CQW-AP108AG)
Page 104: Configuring Inter Access Point Protocol (Iapp)
The panel contains the following tabs: • IAPP Service—Enable or disable IAPP. • Topology—View BSSID, IP address, and compatibility details. • Stats—View statistics details, including notifications sent and received, “move” notification and response details, and details on Intra-AP moves. Installation and Configuration Guide, (CQW-AP108AG)
Page 105: Iapp Service
The read-only IAPP Topology tab (Figure 64) displays information about all the neighboring APs this AP has discovered, including the BSSID, IP address, and Compatibility (whether the IAPP protocol can be established with the neighboring AP). Figure 64: IAPP Configuration - IAPP Topology Installation and Configuration Guide, (CQW-AP108AG)
Page 106: Iapp Statistics
Number of move notifications which were not sent in the maximum time Timeouts allowed for a move transaction Move Notifications Number of times the move notifications were retransmitted for all the move Retransmitted transactions (not supported) Installation and Configuration Guide, (CQW-AP108AG)
Page 107: Performing Radio Diagnostics
Choose Radio Diagnostics from the Wireless Services menu to test the radio signal between the AP and a client station. The panel contains 2 tabs: • Link Test—Test the radio link between the AP and a client station. • Walk Test—Advanced parameters regarding rate and range performance testing. Installation and Configuration Guide, (CQW-AP108AG)
Page 108: Link Test
Specify the size of each link packet (in bytes) Duration Period during which the which the test runs Average Interval Sampling interval Status Current status of the link test. Click the Link Test tab to refresh Installation and Configuration Guide, (CQW-AP108AG)
Page 109 To graph the results of a link test, select the test on the Link Test tab, and click Graph. The Graph panel (Figure 68) opens. Installation and Configuration Guide, (CQW-AP108AG)
Page 110 Transmission rate from the AP to the client station (Mbps). Uplink data rate Transmission rate from the client station to the AP (Mbps). When a parameter is selected, that graph is displayed. Figure 68: Radio Diagnostics - Link Test - Graph Installation and Configuration Guide, (CQW-AP108AG)
Page 111: Walk Test
0 - 100 / Micro seconds WNI_CFG_MAX_ACK_RATE_11A Max Ack Rate 802.11a MAC rate encoding: Rate - Entered Value 6 - 12 9 - 18 12 - 24 18 - 36 24 - 48 36 - 72 Installation and Configuration Guide, (CQW-AP108AG)
Page 112 Size for 802.11b (TC0) WNI_CFG_CWMAX_0_11G Max Contention Window 0 - 1023 / slots Size for 802.11g (TC0) WNI_CFG_PROXIMITY Used to set the transmit 0 (operates at max power for radio power), 1 (operates at reduced power) Installation and Configuration Guide, (CQW-AP108AG)
Page 113 4 Configuring Radio Settings Installation and Configuration Guide, (CQW-AP108AG)
Page 114: Configuring Networking Settings
Interfaces Figure 70 illustrates the physical and logical elements of an PLANEX wireless network. Each 108 Mbps Wireless Access Point has virtual interfaces that correspond to specific communications functions, as listed in Table 10. The interfaces wlan0 and wlan1 provide access to the BSS created on the AP radios;...
Page 115: Configuring Bridging Services
• ARP Table—View the ARP cache. Bridge and STP Choose Bridging from the Networking Services menu to open the Bridge & STP tab (Figure 71), The tab displays how bridging is currently configured and lists the interfaces and MAC addresses Installation and Configuration Guide, (CQW-AP108AG)
Page 116 STP provides protection against looping, but it does increase network overhead. Before STP allows traffic through a specific port, there may be a time lapse of 30 seconds. Operations may also take longer than normal. Installation and Configuration Guide, (CQW-AP108AG)
Page 117: Bridge Statistics
ARP table may become invalid. In this case, click Clear ARP Cache on the tab to remove the current ARP entries and repopulate the table automatically with valid entries. Click Refresh to update the display. Installation and Configuration Guide, (CQW-AP108AG)
Page 118: Configuring Ip Routes
To create a new route, click Add, enter the following information, and click Save. Field Description Destination IP Enter the IP address of the subnet to which packets can be forwarded, along with the subnet prefix for the address. Installation and Configuration Guide, (CQW-AP108AG)
Page 119 Enter the IP address of the gateway that will route traffic between this AP and the destination subnet. Interface Name Enter the name of the bridging interface. Use the br prefix, as described in “Configuring Bridging Services” on page 102. Installation and Configuration Guide, (CQW-AP108AG)
Page 120: Configuring Vlans
• Interface VLAN—Assign VLANs for untagged frames arriving at the AP. • User VLAN—View the list of users assigned to each VLAN by virtue of user group membership. • VLAN Stats—View packet statistics for each VLAN. Installation and Configuration Guide, (CQW-AP108AG)
Page 121: Vlan Table
VLAN to be managed from this AP. Management VLAN Indication of whether this VLAN is the management VLAN or not. Interface The logical AP interface. The table contains a separate row for each VLAN/ interface combination. Installation and Configuration Guide, (CQW-AP108AG)
Page 122: Interface Vlan
Interface VLAN When the AP receives a frame, it must determine the VLAN to which the frame belongs. If the received frame is tagged, then VLAN is already known, and the AP can route the packet Installation and Configuration Guide, (CQW-AP108AG)
Page 123: User Vlan
Address used to access the VLAN MAC Address MAC addresses of the client stations that are mapped to this VLAN through their user group’s service profile See “Configuring SSID Parameters” on page 79 for information on service profiles. Installation and Configuration Guide, (CQW-AP108AG)
Page 124 Configuring VLANs Figure 79: VLAN - User VLAN Installation and Configuration Guide, (CQW-AP108AG)
Page 125: Vlan Statistics
The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics button was selected. Click Refresh to update the statistics or Clear Statistics to return the collected values to zero and start collecting statistics again. Figure 80: VLAN - Stats Installation and Configuration Guide, (CQW-AP108AG)
Page 126: Configuring Quality Of Service
(VoIP). With a QoS process in place, multiple clients can run applications with varying traffic delivery requirements over a single shared network. PLANEX supports QoS through hierarchical classes of service (COS) that control how network bandwidth is shared among multiple entities. COS specifies a numeric class code with values ranging from 0 (lowest priority) to 7 (highest priority).
Page 127 DSCP mapping and to assign class order.The QoS Configuration panel is divided into the following tabs: • Ingress QOS—Define COS mappings packets entering the AP. • Egress COS—Assign priority to the 802.11 packets leaving the AP. • QOS Stats—Display QoS statistics for each of the AP interfaces. Installation and Configuration Guide, (CQW-AP108AG)
Page 128: Ingress Qos
VLAN tag when it arrives at the AP, then its COS value is honored by the AP. If the packet is not VLAN-tagged, then it can be classified at the ingress interface by way of a COS map defined on the Ingress QOS tab (Figure 82). Figure 82: QOS Configuration - Ingress QOS Installation and Configuration Guide, (CQW-AP108AG)
Page 129: Egress Cos
COS 0 maps TCID 0, 1 maps to 1, … and 7 maps to 7. If your network supports fewer than 8 priority levels, you can map multiple COS levels to a single TCID value. Figure 83: QOS Configuration - Egress COS Installation and Configuration Guide, (CQW-AP108AG)
Page 130: Qos Stats
• IP-DSCP—Define COS mapping based on the first 6 bits in the TOS byte of the IP header. • IP Protocol—Use standard IP protocol numbers assigned to different IP layer protocols. • IP Precedence—Define COS mapping based on the first 3 bits in the TOS byte of the IP header. Installation and Configuration Guide, (CQW-AP108AG)
Page 131: Class-Order
If the default order is not chosen, select a COS mapping type and click Apply Move to Top to move it to the top of the class-order priority list. Repeat as needed to create the desired ordering. Installation and Configuration Guide, (CQW-AP108AG)
Page 132: Ip-Dscp
DSCP to COS maps. DSCP uses the first 6 bits in the TOS byte of the IP header, so the possible values range from 0 to 63. Figure 86: Advanced QOS Configuration - IP-DSCP Installation and Configuration Guide, (CQW-AP108AG)
Page 133: Ip Protocol
Configure the following fields to define the IP Protocol-to-COS map: Field Description Select Radio Interface Select the AP interface. IP Protocol ID Enter the number assigned to the IP protocol. Select the COS value. Click Apply to save all the changes on the tab. Installation and Configuration Guide, (CQW-AP108AG)
Page 134: Ip Precedence
The Filter table displays the name of the interface, whether it is for incoming or outgoing traffic, whether to accept or discard the packet, and the criterion used to accept or discard Installation and Configuration Guide, (CQW-AP108AG)
Page 135 Ether Type is the standard Ethernet code for the type of packet (e.g., for IP, the code is 2048, or 0x800 hex). Click Apply to save the values and return to the Summary tab. Click Cancel to return to the Summary tab without saving the values. Installation and Configuration Guide, (CQW-AP108AG)
Page 136: Filter Statistics
AP interfaces (wlan0, wlan1, eth0). The panel contains the following tabs: • IF Table—View the administrative and operation state of each of the interfaces, and bind an IP address to each interface. • IF Stats—View the packet and byte statistics for traffic traversing each interface. Installation and Configuration Guide, (CQW-AP108AG)
Page 137: Interface Table
802.11-compatible. 802.1h is the current standard for encapsulation. For other, incompatible equipment, select Encapsulated to encase the Ethernet frames from the equipment within standard 802.11 frames. Click Apply after making any change. Installation and Configuration Guide, (CQW-AP108AG)
Page 138: Interface Statistics
SNMP messages and saves or drops them, depending upon how the system is configured. Choose SNMP Configuration from the Networking Services menu to open the SNMP panel (Figure 94) to configure SNMP parameters. Installation and Configuration Guide, (CQW-AP108AG)
Page 139 Click Apply to save your changes, or Reset to return to previously saved values. The bottom of the SNMP panel contains a table of currently defined traps. To delete a trap, select it in the SNMP Agent Table, and click Delete. Installation and Configuration Guide, (CQW-AP108AG)
Page 140: Ping Test
Use the Ping Test panel to execute an ICMP Echo Request to check network connectivity to a remote IP host. Enter the hostname or IP address of the remote host. Figure 95 shows the Ping Test panel with test results presented. Figure 95: Ping Test Installation and Configuration Guide, (CQW-AP108AG)
Page 141 5 Configuring Networking Settings Installation and Configuration Guide, (CQW-AP108AG)
Page 142: Configuring A Wireless Backhaul
A0007B Applications of wireless backhaul include building-to-building bridging and 802.11b traffic aggregation. PLANEX support for wireless backhaul includes bridge creation, instantiation of logical bridge ports on radios, and bridging functions such as address learning, packet forwarding, and Spanning Tree Protocol (STP).
Page 143: Use Of Radios For Backhaul
• WEP may be enabled in addition to WPA on the upstream AP • Both upstream and downstream APs must be enrolled by NM Portal. For more information on security, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 144: Setting Up A Wireless Backhaul
These parameters specify the rules that apply to the backhaul point (BP) radios which form uplink backhaul trunks by associating to normal radios (AP). These rules are used to determine the candidate parent list of upstream APs for the backhaul trunk. Figure 97: Backhaul Configuration - Link Criteria Installation and Configuration Guide, (CQW-AP108AG)
Page 145 Uplink BSSID Criteria), or eliminated uplink candidates (if Discard from BSSIDs was selected). After adding BSSIDs, click Apply. The BP now attempts to establish a backhaul link based upon the configured rules. Click Delete to remove a BSSID from the list. Installation and Configuration Guide, (CQW-AP108AG)
Page 146: Candidate Aps
Select the Trunk Table tab (Figure 99) to view the list of current backhaul trunks. The backhaul is established if the MAC address of the backhaul trunk is listed in the table. Figure 99: Backhaul Configuration - Trunk Table Installation and Configuration Guide, (CQW-AP108AG)
Page 147: Trunk Statistics
Backhaul Configuration - Trunk Stats This tab contains the following information: Field Description Interface The AP radio interface (wlan0 or wlan1) Rx Bytes Number of bytes received at this AP Rx Packets Number of packets received at this AP Installation and Configuration Guide, (CQW-AP108AG)
Page 148 Number of packets transmitted by this AP Rx Multicast Packets Number of multicast packets received by this AP Click Clear Statistics to return the counts in this tab to zero and begin collecting statistics again. Installation and Configuration Guide, (CQW-AP108AG)
Page 149 6 Configuring a Wireless Backhaul Installation and Configuration Guide, (CQW-AP108AG)
Page 150: Managing Security
NOTE: For information on security for access point enrollment, refer to Chapter 9, “Managing the Network.” Introduction PLANEX offers the strongest available security options for wireless networking, as listed here and illustrated in Figure 101: • AP Security verifies the identity of individual APs and authorizes them to be part of the wireless network.
Page 151: Ap Security
A0047 AP Security PLANEX provides a highly secure process to enroll access points. Three distinct levels of identification verify the AP: Device ID, Thumbprint, and a bootstrap password unique to the AP. To assure central control of the verification process, it is recommended that a single enrollment server handle enrollment for the entire wireless network.
Page 152: User Security
The 108 Mbps Wireless AP can meet all the user authentication needs for the full range of wireless networks. (See Chapter 2, “Planning Your Installation.”) PLANEX supports several modes of authentication, as listed in Table 11. WPA-PSK uses pre-shared keys (PSK) that is configured directly by the administrator into the AP and network clients.
Page 153: Configuring Wireless Security
There are some limitations to the allowed combinations; it is not possible to enable both WEP and Open simultaneously. Also, Open and WPA encryption modes require each mode to be mapped to a separate VLAN (see “Configuring VLANs” on page 107). Installation and Configuration Guide, (CQW-AP108AG)
Page 154 WPA provides strong encryption support with the AES and TKIP algorithms. NOTE: Some early versions of WPA-capable client software may not permit a client to associate to the AP when multiple modes off encryption and authentication are chosen. Installation and Configuration Guide, (CQW-AP108AG)
Page 155: Ssid Authentication
(if applicable). MAC-ACL lookups can be enabled for clients that associate with WPA-PSK, manual WEP-keys, or with no security. MAC-ACL is not applicable if per user authentication is done where user name is available. Installation and Configuration Guide, (CQW-AP108AG)
Page 156 An external RADIUS server can also be added from this tab. Click Go at the bottom of the tab to open the Authentication Zone tab of the Authentication Zones panel. For instructions on adding a server, refer to “Configuring Authentication Zones” on page 145. Installation and Configuration Guide, (CQW-AP108AG)
Page 157 2 The RADIUS server can use these attributes to enforce policies such that EAP based authentication is mandatory for Wireless. 3 The RADIUS server may optionally send back the “Session-Timeout” attribute to override the AP default session-timeout. Installation and Configuration Guide, (CQW-AP108AG)
Page 158: Configuring Authentication Zones
Set the following values on the Add Auth Zone entry panel (Figure 105): Field Description Auth Zone Name of the authentication zone. Auth Server list List of possible servers to add to the zone. Select desired servers. Click Add after making selections. Installation and Configuration Guide, (CQW-AP108AG)
Page 159: Authentication Servers
The servers that do not have a check box against them are security portals. Figure 106: Authentication Zones - Auth Servers Configuring Administrator Security Choose Administrator Security from the Security Services menu to open the Administrator Security panel (Figure 107). Installation and Configuration Guide, (CQW-AP108AG)
Page 160: External Radius Server Settings
The value of this attribute is set to “Administrative” to indicate that the user to be authenticated has requested access to an administrative interface on the AP • If the user authentication is successful, the RADIUS server must send back an PLANEX vendor-specific attribute defined as follows: vendor-id=13586, vendor sub-type=3, integer value = 1.
Page 161: Viewing Security Statistics
AP. These are generated by the traffic from WPA or 8021.x based wireless authentication. Only radios in AP mode produce this data. Figure 108: Security Statistics - Authentication Stats Installation and Configuration Guide, (CQW-AP108AG)
Page 162: Supplicant Statistics
The Supplicant Stats tab(Figure 109) reports on authentication messages sent between a local BP radio and the upstream AP. Only radios in BP mode return these statistics. The statistics are generated from the EAPOL protocol, which is used for 802.1x authentication. Installation and Configuration Guide, (CQW-AP108AG)
Page 163 These frames are discarded by the BP. RX EAP Length Error The total number of EAPOL frames received by the BP that have invalid packet body length fields. These frames are discarded by the BP. Installation and Configuration Guide, (CQW-AP108AG)
Page 164: Authentication Diagnostics
The total number of RADIUS authentication related packets received from the Server backend authentication server. Access Challenges The total number of RADIUS authentication packets that contained an ACCESS-CHALLENGE. These are sent by the RADIUS server when it is engaged in a multi-step authentication sequence. Installation and Configuration Guide, (CQW-AP108AG)
Page 165: Configuring Advanced Parameters
Time in seconds, after which a station is re-authenticated Group Key Interval Time in seconds, after which the group key is changed. This is not used if static WEP keys are enforced RADIUS Timeout Time in seconds, after which the request is retransmitted Installation and Configuration Guide, (CQW-AP108AG)
Page 166 RADIUS attribute for VLANs can reuse the attributes for AP service profile assignments by configuring them as the RADIUS attributes for user groups. Click Apply to implement the changes, or click Reset to return the entries on the panel to their previous values. Installation and Configuration Guide, (CQW-AP108AG)
Page 167 7 Managing Security Installation and Configuration Guide, (CQW-AP108AG)
Page 168: Configuring Guest Access
Most current guest user solutions require guests to access a separate access point that is not part of the corporate network. The PLANEX solution eliminates this requirement by restricting guest access through VLAN tags on the existing access points.
Page 169: Internal Landing Page
RADIUS authentication service provided in the PLANEX security portal. If either password is acceptable, the guest user is authenticated and receives the privileges specified in the guest service profile.
Page 170: External Landing Page
Guest Access - External Landing Page CorporateVLAN GuestVLAN CorporateVLAN GuestVLAN VLAN Switch RADIUS Server Password Authentication Results Passed Back to AP Authentication Corporate Guest A0045B An example external landing page is shipped with the 108 Mbps Wireless Access Point. Installation and Configuration Guide, (CQW-AP108AG)
Page 171: Open Subnet
2 Enable WPA security, if mixed mode security (encrypted and open) is desired. Only WPA can be enabled in conjunction with open. The WPA Security mode is for non-guests only. 3 Enable Open Access. 4 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Page 172 4 Click Profile Table to display the current list of service profiles. 5 Click Add to create the guest service profile. Select the VLAN ID for the guest VLAN previously defined. Enter the COS value and make sure that no-encryption is selected. 6 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Page 173: Guest Access Services Panel
Internal or external page automatically displayed when guest users attempt to access the network Allowed Guest Subnet The subnet optionally reserved for unauthenticated guest access. Configuring an allowed guest subnet can give unauthenticated users access to a limited set of free services. Installation and Configuration Guide, (CQW-AP108AG)
Page 174 4 If desired, enter the address and maskbits for a subnet optionally reserved for unauthenticated guest access. 5 Select an internal or external landing page. If the external page is selected, enter the full URL and shared secret code for access. Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Page 175: Guest Access Security
7 Click OK to confirm. Guest Access Security The Security tab of the Guest Access Configuration panel provides an interface to set (Figure 116) the guest password for an internal landing page. Figure 116: Guest Access Configuration - Security Installation and Configuration Guide, (CQW-AP108AG)
Page 176 Guest Access Services Panel Auto-Generating Guest Passwords For optional generation of guest passwords automatically at set intervals, use the Guest User tab within the security area of NM Portal (Figure 117) Figure 117: Security Portal - Guest User Installation and Configuration Guide, (CQW-AP108AG)
Page 177 8 Configuring Guest Access Installation and Configuration Guide, (CQW-AP108AG)
Page 178: Managing The Network
PLANEX offers the unique advantage of a network management capability built into the 108 Mbps Wireless Access Point. When configured as an NM Portal, the 108 Mbps Wireless AP can provide network management services for up to five subnetworks.
Page 179: Using Nm Portal
Detail panels. Open the Home panel at any time by selecting Home from the menu tree. Menu Tree The menu tree contains the following menus: • Home—Open the Home panel. Installation and Configuration Guide, (CQW-AP108AG)
Page 180: Using The Network Topology Menu
You can enroll up to 20 APs. To access the enrollment panel, choose AP Enrollment from the Network Topology menu. The AP Enrollment panel opens to display the list of discovered, but as yet un-enrolled, APs (Figure 120). Installation and Configuration Guide, (CQW-AP108AG)
Page 181 9 Managing the Network Figure 119: AP Enrollment Enrollment Portal: Other APs Verify AP Identity NM Portal: Manage and Monitor the Network A0028A Figure 120: Network Topology - AP Enrollment - Not Enrolled Installation and Configuration Guide, (CQW-AP108AG)
Page 182 Thumbprint Verify the thumbprint, which uniquely identifies the AP for security purposes. Password Enter and confirm the PLANEX-supplied password. Security Portal Indicate whether to use the AP as a standby security portal. With a backup security portal, a copy of the user authentication database remains accessible even if the NM Portal AP becomes unavailable.
Page 183: Viewing Backhaul Topology
Backhaul Topology panel in NM Portal to view all the backhaul paths defined for the network. Choose Backhaul Topology from the Network Topology menu to display this information (Figure 123). Installation and Configuration Guide, (CQW-AP108AG)
Page 184: Viewing Ip Topology
Rediscover Now button Begins the rediscovery process. Viewing IP Topology The IP Topology panel lists all the APs discovered by NM Portal. Choose IP Topology from the Network Topology menu to display this information (Figure 124). Installation and Configuration Guide, (CQW-AP108AG)
Page 185 MAC addresses assigned to each of the AP radios. The address of the wlan0 radio is listed first and the wlan1 radio is listed second. Auto/Manual Indication of whether the AP was discovered automatically or manually identified Installation and Configuration Guide, (CQW-AP108AG)
Page 186: Displaying Discovered Radios
The results of the polling are presented in the Discovered Radio table (Figure 125), accessible from the Discovered Radios item under Network Topology menu in the menu tree. Use the Discovered Radios list to characterize the wireless network neighborhood and detect possible rogue APs. Installation and Configuration Guide, (CQW-AP108AG)
Page 187 Strength of the detected signal as a percentage SSID The SSID of the detected device, if known Channel ID The channel on which the signal was detected BSS Type Whether the detected device is part of an infrastructure or ad-hoc service set Installation and Configuration Guide, (CQW-AP108AG)
Page 188: Managing Rogue Access Points
Each panel opens to the Unclassified tab, which lists the candidate rogue APs. From the list, select individual APs to classify as known in your network or a neighbor’s network. Once classified, the APs are listed in the IP or Wireless Classified tab. Installation and Configuration Guide, (CQW-AP108AG)
Page 189: Ip Rogue Ap Management
Time Discovered Time of the last IP scan that detected the AP. This value is updated each time the AP is detected. Thumbprint Factory-generated identifier used for AP enrollment Figure 126: IP Rogue AP - Unclassified Installation and Configuration Guide, (CQW-AP108AG)
Page 190 Perform the following functions from this tab: Function Steps Classify an AP as 1 Select the AP from the list. APs are identified by PLANEX device ID and IP address, if known. known 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 127).
Page 191: Wireless Rogue Ap Management
Radio Neighbor or Radio & IP Neighbor Signal Strength Strength of the beacon (dBm) BSS Type Infrastructure or ad-hoc (IBSS) SSID SSID sent in the rogue beacon Channel ID Radio channel on which the AP was discovered Installation and Configuration Guide, (CQW-AP108AG)
Page 192 Click Delete and click OK to confirm. If an AP is deleted from the list and rogue list then discovered in a subsequent scan, it is added to the list again. Delete from the list all Click Delete All, and click OK to confirm APs classified as wireless rogues Installation and Configuration Guide, (CQW-AP108AG)
Page 193 IP address of the AP that reported the detected AP Detection Time Time of the scan that last detected the AP Class Category used to classify the AP Figure 131: Wireless Rogue AP - Classified Installation and Configuration Guide, (CQW-AP108AG)
Page 194: Using The Nm Services Menu
To view the details of a policy, select the name in the policy table, and click Details. The policy table expands to display all the parameters contained in the policy (Figure 132). To return to the policy table, click Back. To delete a policy, click Delete. Installation and Configuration Guide, (CQW-AP108AG)
Page 195 Select a policy from the pull-down list, and click Apply. Not currently policy from a pre- supported. defined policy Use this AP’s start-up Select the checkbox, and click Apply. configuration to generate a default policy. Installation and Configuration Guide, (CQW-AP108AG)
Page 196 NM Services - Policy Management - Distribute Policy Configure the following fields on this tab: Field Description Select Policy to Select an existing policy from the pull-down list. Distribute Select All Policies to Select to distribute all the existing policies. Distribute Installation and Configuration Guide, (CQW-AP108AG)
Page 197: Configuring Network Discovery
(Figure 136). Figure 136: NM Services - Discovery Configuration Configure the following values on this tab: Field Description Discovery Interval Restrict discovery to a time interval (in minutes). The range is 60-10080 (default is 60). Installation and Configuration Guide, (CQW-AP108AG)
Page 198 The Seed AP is optional. If it is not specified, NM Portal automatically discovers all the compatible APs in that subnet and identifies a seed AP for itself. Select the Scope/Seed tab (Figure 136) to configure the scope and seed parameters. Installation and Configuration Guide, (CQW-AP108AG)
Page 199 Enabled. Click Apply to save the setting. If enabled, NM Portal automatically scans the network to detect IP and wireless rogue access points. For more information, see “Managing Rogue Access Points” on page 175. Installation and Configuration Guide, (CQW-AP108AG)
Page 200: Configuring Portals
• Portal Table—Add a redundant security portal and synchronize the portal databases. • Secure Backup—Use https to perform a secure backup of the NM Portal AP configuration. • Portal Backup—Back up or restore the portal databases and configuration. Installation and Configuration Guide, (CQW-AP108AG)
Page 201 NM Portal but form part of other managed networks. Only Portals managed by this NM Portal will be shown as Enrolled and or will have a radio button using which the portal may be deleted. Installation and Configuration Guide, (CQW-AP108AG)
Page 202 Delete to remove the file from the AP. The file takes up space on the AP disk, so it is recommended to remove it. To restore the configuration, browse to select the file, and then click Apply to restore the configuration and reboot the AP. Installation and Configuration Guide, (CQW-AP108AG)
Page 203: Configuring The Dhcp Server
• Leases—View details about the current DHCP leases. • Static IP—Assign static IP addresses for specific equipment NOTE: Use the DHCP panels to support IP address assignments only if a DHCP server is not already in place on the existing network. Installation and Configuration Guide, (CQW-AP108AG)
Page 204 If you delete DNS servers, only those added manually are deleted. DHCP- assigned DNS servers continue to be available. WINS Server Enter the IP address of the Windows name server used to map IP addresses to computer names. There is no default. Installation and Configuration Guide, (CQW-AP108AG)
Page 205 • IP Address/Maskbits—Enter the address and maskbits that define the subnet to be used for address assignment. • Use Fixed IP Address Range—Specify a range of IP addresses by entering starting and ending addresses, with subnet prefix length. Installation and Configuration Guide, (CQW-AP108AG)
Page 206 Field Description MAC Address Address that uniquely defines the DHCP client Leased IP Address IP address assigned by the DCHP server Lease Time Remaining Amount of time remaining on the current DHCP lease (in hours) Installation and Configuration Guide, (CQW-AP108AG)
Page 207: Managing Network Faults
Traps, which are forwarded to the SNMP Sink Host (or Primary NMS). Viewing Alarms Choose Alarm Summary from the Fault Management menu to view counts and descriptions of alarms that occur in the network managed by NM Portal. Installation and Configuration Guide, (CQW-AP108AG)
Page 208 “108Mbps Wireless LAN Access Point Alarms” on page 198 and additional details are presented in Appendix C, “Alarms.”. The Alarm Table includes the following information: Field Description Alarm ID Text description of the specific alarm Installation and Configuration Guide, (CQW-AP108AG)
Page 209 NOTE: The filtering function on the Alarm Table tab only affects the information that is displayed in the Alarm Table at the bottom of the tab. To remove some event types completely from the alarm list, use the Alarm Filter tab. Installation and Configuration Guide, (CQW-AP108AG)
Page 210 Select an AP to view only the alarms generated by that AP. Address) Logging Period Enter a date range to show events during a specific interval of time. Click Set Filter to apply the filter to the alarm table or Reset to clear the selected values. Installation and Configuration Guide, (CQW-AP108AG)
Page 211 SSID. BSS Enabling Failed Generated when an attempt to enable an AP radio fails. Reason codes: 0 – Unspecified reason 1 – System timeout attempting to enable BSS Installation and Configuration Guide, (CQW-AP108AG)
Page 212 Reason Codes: 0 - Station initiated disassociation 1 - Station has handed off to another AP 2 - Disassociation triggered due to authentication failure after ULAP timeout 3 - Disassociation triggered due to user action Installation and Configuration Guide, (CQW-AP108AG)
Page 213 RADIUS server is incorrectly configured on the AP. If multiple RADIUS servers are configured in this authentication zone, the AP will switch to using the next one in the list. Installation and Configuration Guide, (CQW-AP108AG)
Page 214 The BP is aware of the other PLANEX node, but does not believe it is authorized to be a security portal.
Page 215 The two authentication modes that authentication type. require the station to send its user-ID are WPA EAP and legacy 8021.x for dynamic WEP. This alarm may indicate that a user prompt is not attended to on the client side. Installation and Configuration Guide, (CQW-AP108AG)
Page 216 Each added event is included in the Event Filter Table Drop List at the top of the tab.The table includes the event ID and a description. To remove an event from the list, select the event, and click Delete. Installation and Configuration Guide, (CQW-AP108AG)
Page 217: Viewing The Syslog
To view older messages, select the appropriate message.x file from the list on the SYSLOG panel (Figure 149). See “Syslog Configuration” on page 213 for instructions on configuring the syslog message output. Installation and Configuration Guide, (CQW-AP108AG)
Page 218: Managing Users
“Configuring Guest Access” on page 155. Adding Wireless Users Choose User Management from the Security Portal menu to open the Wireless Users tab, which contains a list of current network users (Figure 150). Installation and Configuration Guide, (CQW-AP108AG)
Page 219 When a wireless user is added to the database a unique certificate is generated for that user. The certificate must be installed on the user's PC. This can be done in one of two ways: Installation and Configuration Guide, (CQW-AP108AG)
Page 220: Adding Administrative Users
Security Portal - User Management - View Wireless User Adding Administrative Users To give designated users access to NM Portal, open the Admin Users tab (Figure 153). Figure 153: Security Portal - User Management - Admin Users Installation and Configuration Guide, (CQW-AP108AG)
Page 221: Adding Mac-Acl Users
MAC addresses are checked when the SSID has MAC-ACL enabled, and open access, static WEP keys, or WPA-PSK encryption are used. For more information on security options, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 222 Security Portal - User Management - Add MAC Address User Click Add after entering the requested information. From the user list, you can delete an existing MAC-ACL user, modify user information, or view the details in a read-only table. Installation and Configuration Guide, (CQW-AP108AG)
Page 223 9 Managing the Network Installation and Configuration Guide, (CQW-AP108AG)
Page 224: Maintaining The Access Point
AP. • NMS Configuration—Specify the entities used for network management, including the Wireless LAN Network Management Software server and NM Portal AP. • Hardware Options—Enable the real time clock and buzzer. Installation and Configuration Guide, (CQW-AP108AG)
Page 225: Ip Configuration
Host Name which is derived from the MAC address. (required) Enter a text description of the physical location of the AP. AP Location Enter the email address of the administrative contact for the AP. Administrator Contact Installation and Configuration Guide, (CQW-AP108AG)
Page 226: Syslog Configuration
Arbitrary changes to syslog can adversely affect the AP. The top area of the Syslog panel (Figure 159) provides controls to set the logging level and scope for a variety of functional areas or modules. Figure 159: System Configuration - Syslog Configuration Installation and Configuration Guide, (CQW-AP108AG)
Page 227: License Management
Use the NMS Configuration tab (Figure 161) to identify network management servers and to determine which network management system will receive fault and event notifications. NOTE: If the AP is already enrolled, it is not necessary to modify the settings on this panel. Installation and Configuration Guide, (CQW-AP108AG)
Page 228: Hardware Options
Select HW Options (Figure 162) to set the buzzer and the real time clock (RTC), which keeps track of the date and time in the event that the AP loses power. This feature is not required if the AP is always connected to the Internet. Installation and Configuration Guide, (CQW-AP108AG)
Page 229: Managing The Ap Configuration
Save As to save the configuration locally. 3 After the configuration file is saved, click Delete to remove the file from the AP. The file takes up space on the AP disk, so it is recommended to remove it. Installation and Configuration Guide, (CQW-AP108AG)
Page 230: Configuration Reports
Provides details on the configuration that is stored on the AP flash device and used each time the AP reboots. Running-Config Provides details on the current AP configuration, which may or may not match the startup configuration. Default-Config Lists the factory default settings shipped on the AP. Installation and Configuration Guide, (CQW-AP108AG)
Page 231 10 Maintaining the Access Point Click Refresh to update the selected report Figure 164: Configuration Management - Configuration Reports Installation and Configuration Guide, (CQW-AP108AG)
Page 232: Reset Configuration
Managing the AP Configuration Reset Configuration Use the Reset Configuration tab to reset the AP configuration or revert to the defaults for individual subsystems (Figure 165). Figure 165: Configuration Management - Reset Configuration Installation and Configuration Guide, (CQW-AP108AG)
Page 233: Tftp Backup
1 Enter the IP address of the TFTP server. 2 Enter or confirm the name of the log file. 3 Click Apply. The Reset buttons on the panel clear the field entries in the associated section. Installation and Configuration Guide, (CQW-AP108AG)
Page 234: Upgrading Software
• If the AP is a non-portal AP, choose Admin Tools > Software Upgrade to open the Software Upgrade panel. NOTE: The AP license file is not affected by software upgrades. The existing software license remains valid after the AP software is upgraded. Installation and Configuration Guide, (CQW-AP108AG)
Page 235: Software Image File
Software Image File The AP software image file conforms to an PLANEX-defined format that uses the filename extension.img. During download, the filename extension and structure are verified and the download is stopped if a problem with the file is detected.
Page 236 Software Download Status panel opens (Figure 168). Staging is now complete. 5 Select the APs to receive the upgrade. 6 Click Distribute. A confirmation dialog asks you to confirm that the upgrade should now begin. 7 Click OK. Installation and Configuration Guide, (CQW-AP108AG)
Page 237 The download process begins. Every 10 seconds the screen is updated with new status information. If the download is successful, the AP is automatically rebooted with the new software image. If the download is unsuccessful, an explanatory message is displayed in the Download Status column. Installation and Configuration Guide, (CQW-AP108AG)
Page 238: Canceling A Distribution
The image has passed the compatibility test but failed the integrity check after the distribution, but before the flash update. Updating Flashing ... Image distribution is complete and it is being saved onto the AP's flash memory. Installation and Configuration Guide, (CQW-AP108AG)
Page 239: Image Recovery
AP. Make sure that the network adapter in the computer is working properly. Check to see whether the IP address is on the same subnet as the Access Point. Installation and Configuration Guide, (CQW-AP108AG)
Page 240 Access Point(s) and/or any external antennae to be free of these obstructions. If using an external antenna, also make sure that it is connected securely to the Access Point. Installation and Configuration Guide, (CQW-AP108AG)
Page 241 10 Maintaining the Access Point Installation and Configuration Guide, (CQW-AP108AG)
Page 242: Using The Command Line Interface
If the AP has not been initialized, the user name field is grayed out. The factory default password is shipped with the AP on a paper insert. Use the password from the insert to log in. Installation and Configuration Guide, (CQW-AP108AG)
Page 243: Using The Console Port For Cli Access
8 Enter your login ID and press Return. When prompted next, enter your password. (The AP defaults are login admin and password: password, and login opr and password opr for operator (read-only) access.) Installation and Configuration Guide, (CQW-AP108AG)
Page 244 Toggle between show and config modes by pressing Ctrl-P. Leave a mode and return to the top level command prompt by typing exit. To log out and close your connection to the command line interface, type logout at any prompt. Installation and Configuration Guide, (CQW-AP108AG)
Page 245 A Using the Command Line Interface Installation and Configuration Guide, (CQW-AP108AG)
Page 246: Regulatory And License Information
UL-2043 (Fire and Smoke) Compliance CERT2 EMC Directive 89/336/EEC (CE Mark) CERT3 Radio Approvals FCC CFR47 Part 15, section 15.247 FCC (47CFR) Part 15B, Class B Emissions Canada IC RSS210 Japan MPT Radio Regulations Europe: ETS 300.328 Installation and Configuration Guide, (CQW-AP108AG)
Page 247 B Regulatory and License Information Installation and Configuration Guide, (CQW-AP108AG)
Page 248: C Alarms
• “Discovery: Node deleted from network” on page 237 • “Discovery: Managed nodes limit exceeded” on page 238 • “Enrollment: Node Enrolled” on page 238 • “Enrollment: Node Un-enrolled” on page 239 • “Policy: Policy Download Successful” on page 240 Installation and Configuration Guide, (CQW-AP108AG)
Page 249 • “Security: TKIP counter-measures lockout period started” on page 271 • “Security: EAP response timeout” on page 273 • “Security: EAPOL Key exchange – message 2 timeout” on page 274 • “Security: EAPOL Group 2 key exchange timeout” on page 275 Installation and Configuration Guide, (CQW-AP108AG)
Page 250: Discovery: Discovered New Node
When a node is deleted, all information about that node is erased from the Portal. If the node’s IP address falls within the discovery scope, then the node will be re- discovered and added back to the set of the discovered nodes on the next discovery Installation and Configuration Guide, (CQW-AP108AG)
Page 251: Discovery: Managed Nodes Limit Exceeded
Alarm generated when an 108 Mbps Wireless AP is enrolled into the nework Syntax: NMPortal with DeviceId %s has successfully enrolled a remote node having ApDeviceId=%s NodeIp=%s and Persona=%d Alarm Parameters DeviceId The Device ID of the NMPortal ApDeviceId The Device ID of the remote AP Installation and Configuration Guide, (CQW-AP108AG)
Page 252: Enrollment: Node Un-Enrolled
This alarm is generated when the 108 Mbps Wireless AP has bee successfully Description: rejected (un-enrolled) from the network. Informational log. Usage: NMPortal with DeviceId AP_00-0A-F5-00-01-77 has successfully enrolled a remote node Examples: having DeviceIdId=AP_00-0A-F5-00-01-7A NodeIp=172.16.12.4 and persona=2 See Also: <Node Enrolled> Installation and Configuration Guide, (CQW-AP108AG)
Page 253: Policy: Policy Download Successful
The device ID of the remote AP policy The policy name from The device ID of the source of the policy error The failure error code time The time at which the policy was consumed Alarm Severity Severity Critical Installation and Configuration Guide, (CQW-AP108AG)
Page 254: Software Download: Image Download Succeeded
For accesspoint Node %s The software image [%s] from [%s] could not be Syntax: downloaded due to error %d at time[%s] Alarm Parameters Node The device ID of the remote AP image The image version Installation and Configuration Guide, (CQW-AP108AG)
Page 255: Software Download: Software Distribution Succeeded
On DeviceId AP_00-0A-F5-00-01-77 , the Software image [0.7.0, build A.2286, AGN1dev, Examples: PLANEX Inc., ] distribution request from portal[AP_00-0A-F5-00-01-77 ] using the Distribution TaskId=000000 and with status=172.16.12.4, , 0, 947304168, 947304183, invalid image file. completed at time[Tue Jan 6 21:32:18 1970 ] See Also: <Image Download Failed, Image Download Succeeded>...
Page 256: Wireless: Radio Enabled (Bss Enabled)
Identifies Radio by interface ID on the Access Point Alarm Severity Severity Critical Notification which indicates that AP has been disabled. Description: The AP radio can be disabled for several reasons such as: Usage: a. User Triggered (administrative disabling) Installation and Configuration Guide, (CQW-AP108AG)
Page 257: Wireless: Bss Enabling Failed
Notification which indicates that the frequency of operation changed on the AP. "Frequency changed for DeviceId %s radio %d channelId %d CauseCode %d" Syntax: Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Page 258: Wireless: Sta Association Failed
Critical This is a notification generated when a association from a 802.11 station fails with Description: the AP radio. The reasons for the failure are encapsulated in the cause code parameter and are as follows: Installation and Configuration Guide, (CQW-AP108AG)
Page 259: Wireless: Sta Associated
Identifies Radio by interface ID on the Access Point STA MAC Address MAC address of 802.11 station. STA status Association or reassociation User ID Identifies user by user name or MAC address Station Count Current count of associated users with AP. Alarm Severity Installation and Configuration Guide, (CQW-AP108AG)
Page 260: Wireless: Sta Disassociated
Station has handed off to another AP Disassociation triggered due to authentication failure after ULAP timeout Disassociation triggered due to user action. Informational log. Usage: Station disassociated for Device ID AP_00-0A-F5-00-01-B6 radio 4 station MAC Examples: 00:0a:f5:00:3a:fe, CauseCode 0 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 261: Wireless: Wds Failed
Notification which indicates successful formation of wireless backhaul "WDS trunk established for DeviceId %s radio %d remote mac %s Syntax: TrunkPort count %d CauseCode %d” Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Page 262: Wireless: Wds Up
Indicates why backhaul link was bought down Alarm Severity Severity Critical This is a notification generated when a wireless backhaul has gone down. The Description: remote end’s MAC address is provided. Reason Code Description System Reason (unspecified) Installation and Configuration Guide, (CQW-AP108AG)
Page 263: Security: Guest Authentication Succeeded
Guest Profilethat has been configured for the specified SSID. For device-id AP_00-0A-F5-00-01-89 , Guest authentication succeeded for STA Examples: 00:0a:f5:00:05:f0 on radio 0 with SSID NewYorkRoom using captive portal Internal and guest mode 4 Installation and Configuration Guide, (CQW-AP108AG)
Page 264: Security: Guest Authentication Failed
Notification which indicates that the AP has determined that a User has been rejected by RADIUS. "For device-id %s, the RADIUS SERVER %s:%d from auth zone %s Syntax: rejected the STA %s on radio %d with user-id %s and SSID %s" Installation and Configuration Guide, (CQW-AP108AG)
Page 265: Security: User Rejected By Radius Server
The IP address of the RADIUS server. Port The port used to communicate with the RADIUS server. Auth Zone The name of the auth Zone on this AP that this RADIUS server is a member of Installation and Configuration Guide, (CQW-AP108AG)
Page 266: Security: Radius Server Timeout
The name of the auth Zone on this AP that this RADIUS server is a member of RADIUS timeout The current setting of the RADIUS timeout. RADIUS retries The number of retries performed Station MAC address of the Station. Installation and Configuration Guide, (CQW-AP108AG)
Page 267: Security: Management User Login Success
Identifies the type of access, console, or SSH. (Ignore in this release.) Alarm Severity Severity Critical This notification is generated whenever a management User tries to login to the Description: local AP. This indicates that the AP has determined that a Management user login has Usage: Installation and Configuration Guide, (CQW-AP108AG)
Page 268: Security: Management User Login Failure
The Device ID of the 108 Mbps Wireless AP Station MAC address of the Station. bpIndicator Identifies if the supplicant is a BP (1), or a STA (0). Radio Identifies Radio by interface ID on the Access Point Installation and Configuration Guide, (CQW-AP108AG)
Page 269: Security: Sta Attempting Wpa Psk - No Pre-Shared Key Is Set For Ssid
Identifies Radio by interface ID on the Access Point SSID Identifies the SSID on this AP that the STA has associated with Alarm Severity Severity Critical This notification is sent when a Station attempts to do a WPA-PSK based Description: Installation and Configuration Guide, (CQW-AP108AG)
Page 270: Security: Auth Server Improperly Configured On This Ssid
EAP based authentication, or for MAC address based ACL lookups. For device-id AP_00-0A-F5-00-01-89 , Auth servers are improperly configured for the Examples: SSID NewYorkRm and are needed for authenticating STA 00:0a:f5:00:05:f0 on radio 0 with RADIUS 2 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 271: Security: Sta Failed To Send Eapol-Start
Notification which indicates that the AP has determined that a RADIUS server has sent a bad response. "For device-id %s, the RADIUS server %s:%d sent back a bad response due Syntax: to %d" Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Page 272: Security: Radius Sent A Bad Response
The port used to communicate with the RADIUS server. RADIUS timeout The current setting of the RADIUS timeout. Alarm Severity Severity Critical This notification is generated when the AP receives a late response from the Description: Installation and Configuration Guide, (CQW-AP108AG)
Page 273: Security: Sta Authentication Did Not Complete In Time
The valid types include: WEP-64 (1), WEP-128 (2), TKIP (5), AES Reason Code The reason for the failure: EAP-REQUEST NOT RECEIVED FROM AUTHENTICATION SERVER (2) Alarm Severity Severity Critical This notification is generated when the station authentication sequence did not Description: complete in time. Installation and Configuration Guide, (CQW-AP108AG)
Page 274: Security: Upstream Ap Is Using An Untrusted Auth Server
For device-id AP_00-0A-F5-00-01-89 , the upstream AP 00:0a:f5:00:06:22 with SSID Examples: NewYorkRm authenticating via local BP radio 0 is using an untrusted auth server 00:0a:f5:00:01:45 with certificate SHA-1 thumbprint 98:72:a8:6d:56:f8:92:a8:f3:97:ec:3f:fa:0b:66:4e : IT MIGHT BE A ROGUE AP See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 275: Security: Upstream Ap Is Using A Non-Portal Node As Its Auth Server
Description: AP is using a node that is not a security portal as its auth server. This indicates that the BP knows about the other PLANEX node, but does not believe it is authorized to be a Security Portal. This indicates that the local BP has determined that the upstream AP is out-of-sync...
Page 276: Security: Upstream Ap Failed Mic Check During Bp Authentication
The Device ID of the 108 Mbps Wireless AP The MAC address of the upstream AP. SSID Identifies the SSID on this AP that the STA has associated with. Radio Identifies Radio by interface ID on the Access Point Alarm Severity Installation and Configuration Guide, (CQW-AP108AG)
Page 277: Security: Profile Not Configured For User-Group
SSID. For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:cc on radio 0 with user Examples: paul is in group employee but SSID NewYorkRm has no profile configured for that group. See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 278: Security: Sta Has Failed Security Enforcement Check
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:cc on radio 0 with user Examples: paul and SSID NewYorkRm of group employee failed the security enforcement check with auth-type 4 and enc-type 5 at enforcement level 1 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 279: Security: Guest Authentication Failed
"For device id %s, Guest authentication failed for STA %s on radio %d Syntax: with SSID %s using captive portal %s and guest mode %d due to %d" Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Page 280: Security: Guest Authentication Failed
This notification is generated when a bad TKIP MIC is detected on an incoming Description: frame from a STA that is ecrypted with the pairwise/unicast key. This indicates that the AP has detected an invalid TKIP MIC value on an incoming Usage: Installation and Configuration Guide, (CQW-AP108AG)
Page 281: Security: Ap Detected Bad Tkip Mic
AP that is encrypted with the group/multicast/broadcast key. "For device-id %s, a bad TKIP MIC was detected by local BP radio %d on Syntax: an incoming multicast/broadcast packet from the AP %s" Alarm Parameters Installation and Configuration Guide, (CQW-AP108AG)
Page 282: Security: Bp Detected Bad Tkip Mic On Incoming Unicast
This indicates that the STA has detected an invalid TKIP MIC value on an Usage: incoming frame encrypted with the pairwise/unicast key. For device-id AP_00-0A-F5-00-01-89 , a bad TKIP MIC was detected by STA Examples: 00:0a:f5:00:05:f0 on radio 0 on an incoming unicast packet from the AP Installation and Configuration Guide, (CQW-AP108AG)
Page 283: Security: Sta Detected Bad Tkip Mic On Incoming Unicast
Notification which indicates that the AP is taking active counter-measures against an attempted compromise of TKIP. "For device-id %s, the TKIP counter-measures lockout period has started Syntax: for 60 seconds." Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Alarm Severity Severity Critical Installation and Configuration Guide, (CQW-AP108AG)
Page 284: Security: Sta Detected Bad Tkip Mic On Incoming Multicast/Broadcast
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 and SSID Examples: NewYorkRm did not send its user-id in time to complete its auth sequence with auth-type 4 and enc-type 6 Installation and Configuration Guide, (CQW-AP108AG)
Page 285: Security: Eap User-Id Timeout
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send an EAP-Response in time to complete its auth sequence with auth-type 4 and enc-type 6 See Also: EAP User-ID Timeout, STA Authentication Timeout Installation and Configuration Guide, (CQW-AP108AG)
Page 286: Security: Eap Response Timeout
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send the WPA EAPOL-Key Pairwise Messg #2 in time where auth-type 4 and enc-type 6 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 287: Security: Eapol Key Exchange - Message 2 Timeout
Notification which indicates that the STA has failed to respond, in a timely manner, with EAPOL Group key exchange message number 2. "For device-id %s, the STA %s[%d] on radio %d with user %s and SSID Syntax: %s did not send the WPA EAPOL-Key Group Messg #2 in time where Installation and Configuration Guide, (CQW-AP108AG)
Page 288: Security: Eapol Group 2 Key Exchange Timeout
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send the WPA EAPOL-Key Group Messg #2 in time where auth-type 4 and enc-type 6 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 289 C Alarms Installation and Configuration Guide, (CQW-AP108AG)
Page 290: Glossary
The set of all wireless client stations controlled by a single access point. The BSSID, or identifier, for the basis service set can be assigned or default to the MAC address of the access point. Installation and Configuration Guide, (CQW-AP108AG)
Page 291 This establishes a secure channel over which the supplicant can be authenticated to the server. Extended Service Set (ESS) A set of multiple connected BSSs. From the perspective of network clients, the Installation and Configuration Guide, (CQW-AP108AG)
Page 292 Network Address Translation (NAT) The translation of one IP address used within a network to another address used elsewhere. One frequent use of NAT is the translation of IPs used inside a Installation and Configuration Guide, (CQW-AP108AG)
Page 293 QoS is a term encompassing the management of network performance, based on the notion that transmission speed, signal integrity, and error rates can be managed, measured, and improved. In a wireless network, QoS is commonly managed through the use of policies. Installation and Configuration Guide, (CQW-AP108AG)
Page 294 An 802.11 capable device that supports only one 802.11 network interface, capable of establishing a Basic Service Set 802.11 network (i.e., peer-to-peer network) Static IP Address A permanent IP address assigned to a node in a TCP/IP network. Installation and Configuration Guide, (CQW-AP108AG)
Page 295 Network management software of some sort is used to configure and manage the VLANs on a given network. Installation and Configuration Guide, (CQW-AP108AG)
Page 296: Index
277 bridge state 63 task overview 14 definition 278 administrative users 207 authorization state 172 details table 103 administrator 146 auto/manual 172 forwarding table 103 authentication 147 auto-discovery prefix 103 email address 36 Installation and Configuration Guide, (CQW-AP108AG)
Page 297 102 discovered radios 173 field asterisk 30 DHCP server 190 discovery 184 filter interfaces 123 interval 184 alarm 203 network discovery 184 method 174 statistics 123 packet filters 121 scope 186 table 121 Installation and Configuration Guide, (CQW-AP108AG)
Page 298 (HTTPS) 279 network large office installation 16 connectivity parameters 58 lease time 191 default settings 101 LEDs 28 density 58 IAPP levels 6 discovery 184 service 92 license key 216 information requirements 26 statistics 93 Installation and Configuration Guide, (CQW-AP108AG)
Page 299 9 RADIUS 143, 152 and guest access 162 policy authentication zones 145 AP 137 bootstrapping 182 group attribute 152 backhaul 130 defining 182 server 145 certificate 206 table 181 server settings 147 Installation and Configuration Guide, (CQW-AP108AG)
Page 300 138, 169, 172 VLAN 83 upgrade 221 time 4094 103 software distribution discovered 172 and guest access 5 cancelling 225 setting 34, 42 example 107 software distribution process 224 zone setting 34, 42 guest 159 Installation and Configuration Guide, (CQW-AP108AG)
Page 301 APs 133 link criteria 131 security 130 trunk 130 trunks 133 uplink criteria 132 viewing topology 170 wireless LAN adapter 1 wireless local area network (WLAN) 282 wireless rogue discovery 175 wizard guest access 50 Installation and Configuration Guide, (CQW-AP108AG)

Planex CQW-AP108AG Installation And Configuration Manual

1 Overview

2 Planning Your Installation

3 Installing the Access Point

4 Configuring Radio Settings

5 Configuring Networking Settings

6 Configuring a Wireless Backhaul

7 Managing Security

8 Configuring Guest Access

9 Managing the Network

10 Maintaining the Access Point

Quick Links

Related Manuals for Planex CQW-AP108AG

Summary of Contents for Planex CQW-AP108AG