Page 1
Installation and Configuration Guide 108 Mbps Wireless Access Point CQW-AP108AG Planex Communications Published: July 2004 Head Quarters-Japan PCI Building 12-7, Nihombashi Odemma-cho, Chuo-ku Tokyo, 103-0011 www.planex.co.jp...
• Chapter 7, “Managing Security,” describes the encryption and authentication features of the 108 Mbps Wireless Access Point and explains how configure the security options. Installation and Configuration Guide, (CQW-AP108AG)
Page 11
108 Mbps Wireless Access Point. • Appendix C, “Alarms,” provides a description of the alarms generated by the 108 Mbps Wireless Access Point. • Glossary— Provides definitions for acronyms, networking terminology, and PLANEX- specific terms. Conventions Used in this Guide This guide uses the following conventions for instructions and information.
Page 12
Guide — Explains how to use PLANEX Wireless LAN Network Management Software to manage an enterprise wireless network. • PLANEX Command Line Interface (CLI) Reference Manual — Provides a listing of all the commands available for PLANEX wireless products through serial console access and the command line interface.
Page 13
Preface xiii Installation and Configuration Guide, (CQW-AP108AG)
By greatly increasing the range, speed, reliability, security, and ease-of-use of wireless LAN (WLAN) systems, PLANEX products help to promote the mainstream adoption of wireless technology, and help to foster new wireless applications.
For more information, refer to the Wireless LAN Network Management Software Installation and Configuration Guide. Figure 1 shows how PLANEX products operate in concert to create a wireless network. Figure 1: PLANEX Wireless Network RADIUS DNS &...
The 108 Mbps Wireless AP also provides support for 802.11f based Inter-Access Point Protocol (IAPP). Installation and Configuration Guide, (CQW-AP108AG)
1 Overview Portal Architecture To support the range of network sizes and configurations served by PLANEX products, PLANEX has designed a built-in, flexible, portal services architecture for management and security. Each AP can be configured as an NM Portal AP to support the following services:...
RADIUS authentication service is used. Security PLANEX offers a comprehensive security solution that adheres to the following industry standards and draft standards: • Data encryption—WEP, Wi-Fi Protected Access (WPA) with TKIP or AES encryption •...
PLANEX implements quality of service features using classes of service (COS). Eight COS levels are available for assignment according to user or application based rules. The COS approach does not guarantee bandwidth, but it does give “best effort”...
Management Software provides access to AP configuration functions and is designed to manage very large numbers of access points and networks. For more information, see the Wireless LAN Network Management Software Installation and User Guide. Installation and Configuration Guide, (CQW-AP108AG)
Example Wireless Network Installation Figure 3 shows the elements of a typical PLANEX wireless network. 108 Mbps Wireless Access Points provide wireless connectivity to client stations (laptop or desktop computers) and connect in turn to the existing wired network infrastructure and beyond to the Internet. Network size and...
Figure 4 illustrates the contrast between typical wireless coverage and PLANEX wireless coverage. Each 108 Mbps Wireless AP can service a wider area or provide higher data rates than alternative solutions.
The latest security innovations and standards make it possible to provide complete and effective security for wireless networks. The specifics of an optimal security solution will vary according to the type and size of organization. For each environment, PLANEX offers a selection of features to satisfy all your security needs.
Page 25
Selecting a Network Management Method As with user authentication, appropriate network management solutions depend upon the size and complexity of the network, and PLANEX products and features are available to support the full range of possibilities. Installation and Configuration Guide, (CQW-AP108AG)
LAN Network Management Software server on any suitably configured network computer, and permit network administrators to obtain access from any designated client station. For more information, see the PLANEX Wireless LAN Network Management Software Installation and Configuration Guide. Wireless LAN Network Management Software can be installed as a stand-alone network management solution, or it can be used in conjunction with NM Portal APs to create an efficient distribution system for network management data and policies across multiple locations.
An authentication zone is a group of one or more RADIUS servers providing user authentication services within an SSID. If multiple SSIDs are configured, then you can create an authentication zone for each. The chosen authentication method influences how services can be configured in the network. Installation and Configuration Guide, (CQW-AP108AG)
Page 28
• Guest access requires open access security, and is not compatible with WEP. • Guest users can be authenticated by way of an internal or external web landing page, or can be given open access to a restricted portion of the corporate network. Installation and Configuration Guide, (CQW-AP108AG)
Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings (Class of Service - COS) Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled A0036A Installation and Configuration Guide, (CQW-AP108AG)
Page 30
• Open the Station Management panel at any time to view a list of client stations associated to the AP. References: “Viewing IP Topology” on page 171 and “Managing Client Stations” on page 87. Installation and Configuration Guide, (CQW-AP108AG)
Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings (Class of Service - COS) Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled A0036B Installation and Configuration Guide, (CQW-AP108AG)
The network configuration for this example is shown in Figure 9, and the feature decisions are shown in Figure 10. Figure 9: Example 3 Network FinanceVLAN CorporateVLAN CorporateVLAN FinanceVLAN VLAN Switch RADIUS Server Corporate Finance A0044B Installation and Configuration Guide, (CQW-AP108AG)
Page 33
1 Define or modify service profiles to include VLAN selection. service profiles 2 Bind each profile to an SSID with an existing or new user group. Reference: “Profile Table” on page 85 and “SSID Details” on page 83. Installation and Configuration Guide, (CQW-AP108AG)
The network configuration for this example is shown in Figure 11, and the feature decisions are shown in Figure 12. Figure 11: Example 4 Network Corp Guest VLAN VLAN Corp-VLAN Guest-VLAN VLAN Switch RADIUS Server Password Guest Access Corp Guest A0045D Installation and Configuration Guide, (CQW-AP108AG)
Page 35
Reference: “Profile Table” on page 85 and “SSID Details” on page 83. Configure landing page 1 Choose an internal or external landing page. 2 Assign guest password. Reference: “Configuring Guest Access” on page 158 Installation and Configuration Guide, (CQW-AP108AG)
The network configuration for this example is shown in Figure 13, and the feature decisions are shown in Figure 14. Figure 13: Example 5 Network NMS Pro RADIUS Server Server Enterprise Network Location A Location B NM Portal AP NM Portal AP A0046C Installation and Configuration Guide, (CQW-AP108AG)
Page 37
Management Software Installation and Configuration Guide Create and distribute • Use Wireless LAN Network Management Software to create configuration policies policies and distribute them to APs across the network. Reference: Wireless LAN Network Management Software Installation and Configuration Guide Installation and Configuration Guide, (CQW-AP108AG)
• Terminal emulator software Installation Requirements 108 Mbps Wireless Access Points are radio frequency devices and are therefore susceptible to RF interference and obstructions. When selecting locations for AP placement, try to choose places that Installation and Configuration Guide, (CQW-AP108AG)
5 Plug the other end of the AC power cable into an approved three-prong grounded outlet (surge- protected and/or UPS is recommended). 6 Connect the power module connector to the power connector on the AP. The 108 Mbps Wireless Access Point powers up automatically. Installation and Configuration Guide, (CQW-AP108AG)
• Unplugging either cable causes power to switch automatically to the other source. Placement and Orientation Make sure that the 108 Mbps Wireless AP is positioned in an upright position for airflow and antenna placement (Figure 16). Installation and Configuration Guide, (CQW-AP108AG)
AP and the network port. Interpreting the LEDs Refer to Figure 17 and Table 7 for LED definition. Figure 17: 108 Mbps Wireless AP LEDs A0004A Installation and Configuration Guide, (CQW-AP108AG)
Use the Configuration Management panel under System Configuration. See “Reset Configuration” on page 219. Reset button Press the reset button on the side of the AP. Power down Power down the AP by disconnecting the power cable (not recommended). Installation and Configuration Guide, (CQW-AP108AG)
AP features. NM Portal can also be launched from the web interface. NOTE: In the web interface, a red asterisk (*) next to a field name indicates that the field is required. Error messages are presented in text near the top of the panel. Installation and Configuration Guide, (CQW-AP108AG)
2 Depending on the browser security settings, a security alert may open with a prompt on whether to accept the PLANEX security certificate. Click Yes to accept the certificate and to open the login panel. 3 In the login panel, enter or confirm the administrative user name, enter the password, select a language, and click OK to open the web interface.
Page 45
Both roles allow the AP to function as an IEEE 802.11 wireless network node. As a portal AP, the following additional functions are available: • Configuration of the PLANEX wireless network using secure AP enrollment and policy-based configuration of APs •...
Management IP Address fields are inactive. IP Address/Maskbits Static IP address and subnet prefix for the AP. Required if the IP address is not obtained automatically. The default is 192.168.1.254/24. Installation and Configuration Guide, (CQW-AP108AG)
Page 47
Indication of how close the APs will be to each other. For closely spaced APs that can support high data rates, select the high density option. For maximum coverage at lower data rates, selection the low density option. The default setting is Low. Installation and Configuration Guide, (CQW-AP108AG)
Page 48
AP is booted, or Periodic to auto-select the channel at the specified number of minutes. • Assign Fixed Channel: Select a static channel. In both of these cases, the channel set used for auto-scanning can also be restricted. Installation and Configuration Guide, (CQW-AP108AG)
Email address of the person to be notified regarding alerts Address 8 Click Finish to complete the initialization process and bring up the AP Explorer Home panel. The process takes approximately two minutes. When the process is complete, the Home panel opens. Installation and Configuration Guide, (CQW-AP108AG)
• Version Summary—Opens a detailed list of model and serial numbers and hardware and software versions (see “Version Table” on page 44). • Wireless Summary links—Opens panels to configure SSID, client stations, radios, and encryption. • Management Summary—Shows current network management address settings. Installation and Configuration Guide, (CQW-AP108AG)
Page 51
3 Using the Configuration Interfaces Figure 25: Home Panel Installation and Configuration Guide, (CQW-AP108AG)
Indicate whether to use DHCP to obtain an IP address for the AP. If the box is Address cleared, the other Management IP Configuration fields are activated; if the box is selected, the other Management IP Configuration fields are inactive. Installation and Configuration Guide, (CQW-AP108AG)
Page 53
Click Apply to save changes in each section on the screen or Reset to return to previously saved values. Radio Config Tab Use the Radio Config tab (Figure 27) to configure bootstrap parameters for the two AP radios. Installation and Configuration Guide, (CQW-AP108AG)
Page 54
(U.S.). Alternatively, enter a country code. World Mode - Specify the type of environment in which the AP is installed (indoor, outdoor, Deployment or both). The Environment setting determines the maximum transmit power Environment and allowed channels of operation. Installation and Configuration Guide, (CQW-AP108AG)
Page 55
Current time in HH:MM:SS format (hours 0-23) Time Zone US-zone or GMT option. For US zone, click the radio button and select a time zone. For GMT, click the radio button and select an offset in HH:MM format. Installation and Configuration Guide, (CQW-AP108AG)
Page 56
Configure the following fields: Field Description SMTP Server Address Enter the IP address of the SMTP server used to reach the network administrator. Admin E-mail Address Enter the email address of the network administrator. Installation and Configuration Guide, (CQW-AP108AG)
Page 57
AP Quick Start - Bootstrap Configuration - Admin Email rjones@acmeworks.com Version Table The Version Table panel (Figure 25) lists model number, serial number, and hardware and software version information. Figure 31: AP Quick Start - Version Table Installation and Configuration Guide, (CQW-AP108AG)
AP web browser interface. For detailed information on security options, see Chapter 7, “Managing Security.” To open the User Security wizard: Click User Security Wizard under AP Quick Start on the side menu. The User Access wizard opens (Figure 32). Figure 32: User Security Wizard Installation and Configuration Guide, (CQW-AP108AG)
Page 59
Figure 33: User Security Wizard - WPA-EAP 3 Confirm the SSID (wireless network name). 4 Select whether to use the internal RADIUS server included in the AP or an external RADIUS server. 5 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 60
2 Click Next to open the next User Security wizard panel (Figure 34). Figure 34: User Security Wizard - WPA-PSK 3 Enter the pre-shared key to use for network authentication and confirm your entry. 4 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 61
1 Select Using WEP, and click Next to open the next User Security wizard panel (Figure 35). Figure 35: User Security Wizard - WEP 2 Select the WEP key length. 3 Enter up to four WEP keys, and indicate which will be the default. 4 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
Page 62
1 Select Open Access, and click Next to open the next User Security wizard panel (Figure 36). Figure 36: User Security Wizard - Open Access 2 Confirm that you want to configure the AP without user security. 3 Click Finish. Installation and Configuration Guide, (CQW-AP108AG)
• Click Guest Access Wizard under AP Quick Start on the side menu. The wizard (Figure 37) provides options to configure an internal landing page or an external landing page for users who open a web browser while on site. Figure 37: Guest Access Wizard Installation and Configuration Guide, (CQW-AP108AG)
Page 64
Guest Access Wizard - Internal Landing Page 4 Indicate whether the guest users will be able to access a subnet before they are authenticated as guest users. If yes, enter the IP address of the subnet. 5 Click Next. Installation and Configuration Guide, (CQW-AP108AG)
Page 65
If a subnet has been specified, then guests can access the subnet even if they are not able to log in. For further information about guest access, or to modify guest access parameters, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 66
If a subnet has been specified, then guests can access the subnet even if they are not able to log in. For further information about guest access, or to modify guest access parameters, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 67
3 Using the Configuration Interfaces Installation and Configuration Guide, (CQW-AP108AG)
AP. In this mode, the radio is called a Backhaul Point (BP mode). Wireless backhaul is also known as a wireless distribution system (WDS). Except in certain special configurations. Installation and Configuration Guide, (CQW-AP108AG)
Configuration panel. The panel contains the following tabs: • Global Configuration—Set parameters that apply to both of the AP radios. • Persona Configuration—Set the radio mode or persona for normal (AP) operation or wireless backhaul (BP). Installation and Configuration Guide, (CQW-AP108AG)
NOTE: All the settings on this tab are optional. If the AP radio is enabled when the global configuration is changed, then it is necessary to reset the AP for the changes to take effect. If the radio is disabled, the changes take effect once the radio is enabled. Installation and Configuration Guide, (CQW-AP108AG)
Page 71
One radio is automatically assigned the BP persona and one the AP persona. Applies to dual radio APs only. The default setting of Any is recommended. Installation and Configuration Guide, (CQW-AP108AG)
Page 72
See “Channel Configuration” on page 65. Click Apply to save changes or Reset to return to previously saved values. Table 8:World Modes Country Environment Band Valid Channel Numbers 1,2,3,4,5,6,7,8,9,10,11 Indoor 1,2,3,4,5,6,7,8,9,10,11 Outdoor 1,2,3,4,5,6,7,8,9,10,11 52,56,60,64,149,153,157,161 Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Outdoor 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
Page 73
Europe Outdoor 100,104,108,112,116,120,124,128,132,126,140 France France Indoor France Outdoor France Not allowed France Indoor 36,40,44,48,52,56,60,64 France Outdoor 9,10,11,12,13 Austria 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Indoor 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Outdoor 1,2,3,4,5,6,7,8,9,10,11,12,13 Austria Not allowed Austria Indoor 36,40,44,48,52,56,60,64 Austria Outdoor Not Allowed Installation and Configuration Guide, (CQW-AP108AG)
Page 74
1,2,3,4,5,6,7,8,9,10,11,12,13,14 Japan 34,38,42,46 Japan Indoor 34,38,42,46 Japan Outdoor 34,38,42,46 Singapore 9,10,11,12,13 Singapore Indoor 9,10,11,12,13 Singapore Outdoor 9,10,11,12,13 Singapore 52,56,60,64,149,153,157,161 Singapore Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Singapore Outdoor 52,56,60,64,149,153,157,161 Israel 4,5,6,7,8,9 Israel Indoor 4,5,6,7,8,9 Israel Outdoor 4,5,6,7,8,9 Israel 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
Page 75
4 Configuring Radio Settings Table 8:World Modes (continued) Country Environment Band Valid Channel Numbers Israel Indoor 36,40,44,48,52,56,60,64,149,153,157,161 Israel Outdoor 52,56,60,64,149,153,157,161 Installation and Configuration Guide, (CQW-AP108AG)
NOTE: Each access point can have at most one BP radio. Click Apply to save changes or Reset to return to previously saved values. Click Reset Radio to Default to return the settings on all the radios to their factory defaults. Installation and Configuration Guide, (CQW-AP108AG)
Page 77
Any and AP Wireless All combinations 1 radio AP, 1 radio BP except both radios AP Wireless Both radios AP Not permitted Wired Connection means that the AP has Ethernet connectivity and that the connection is active. Installation and Configuration Guide, (CQW-AP108AG)
Set the following values in the Radio Interface Selection and Channel Configuration areas of the tab: Feature Description Select Radio Interface Select the AP radio (wlan0 or wlan1). Channel Number Select a valid channel for radio operation, or accept the Automatic Channel Selection option. Installation and Configuration Guide, (CQW-AP108AG)
Page 79
Click Apply to save changes or Reset to return to previously saved values. Click Force Select Best Channel to trigger the channel selection algorithm for the AP radio, including a switch-over to a better channel, if available. The Force Select Reselect Channel button applies only to the selected AP radio interface. Installation and Configuration Guide, (CQW-AP108AG)
Select the AP radio (wlan0 or wlan1) Enhanced Data Rates Enable or disable the PLANEX enhanced data rates of (72, 96, and 108 Mbps). This setting is rejected if the enhanced Dot11 extensions are disabled and an attempt is made to configure enhanced data rates. It is recommended to accept the default of Enabled.
Page 81
• If this setting is used, then auto-adaptation cannot be enabled for the selected radio. Only the fixed rate setting applies. • This mode setting can be used for operations with PLANEX clients. • Auto-ack – The acknowledgement policy is selected automatically based on current link conditions.
Multi-Vendor STA Accept allows all stations to associate; Reject restricts association to Admission Criteria - compatible client stations, excluding non-compatible or non-PLANEX Multi-Vendor Station stations. Backhaul Admission Indicates whether to accept association from client stations, trunks or both: Criteria - Accept STA or Trunk—Accept association from client stations or BP radios.
Select Radio Interface Select the AP radio (wlan0 or wlan1). IEEE 802.11 Mode in Select whether the radio is configured for 802.11b or 802.11g operation when 2.4 Band it operates in the 2.4 GHz band. Installation and Configuration Guide, (CQW-AP108AG)
Page 84
Indicate whether to support standard Dot11 extensions, enhanced extensions, or both. The checkboxes enable or disable standard 802.11 extensions such as 11h, 11e, 11g or 11i, or PLANEX enhanced features, which are compatible only with PLANEX client stations. If the Enhanced 802.11 extensions option is selected, then it is possible to enable the following through the CLI (they are not automatically enabled).
MAC (Medium Access Control) layer. NOTE: Changes on the MAC Configuration tab should only be made by trained network personnel. The AP radio restarts automatically when these parameter changes are applied. Figure 48: MAC Configuration Tab Installation and Configuration Guide, (CQW-AP108AG)
The Radio State tab (Figure 49) contains details on the current configuration and utilization of each radio interface. The state information varies according to whether the radio is operating as a normal access point radio (AP mode) or as a backhaul point (BP mode). Installation and Configuration Guide, (CQW-AP108AG)
Page 87
Radio MAC Address MAC address of radio Radio Admin State Administrative status of the radio (enabled or disabled) Radio Operation State Operational status of the radio (enabled or disabled) Operating Band Current band of operation Installation and Configuration Guide, (CQW-AP108AG)
Page 88
Maximum MSDU receive lifetime External antenna Indication of whether the radio has an external antenna (true) or not (false) Interference Radio interference in the surrounding wireless environment pertaining to the channel of operation, in dBm. (AP persona only) Installation and Configuration Guide, (CQW-AP108AG)
Count of MSDU not transmitted successfully due to the number of transmit attempts exceeding either the dot11ShortRetryLimit or dot11LongRetryLimit. Received Fragment Count for successfully received MPDUs of type Data or Management. Count Received Frame Count Count of successfully received frames (MSDUs) Installation and Configuration Guide, (CQW-AP108AG)
Page 90
Transmitter MAC address indicates that the frame should not have been encrypted or that frame is discarded due to the receiving STA not implementing the privacy option. (Valid only if encryption is WEP) # of transmitted Beacons Count of successfully transmitted beacons Installation and Configuration Guide, (CQW-AP108AG)
Indication of whether or not the neighbor is an AP with which the IAPP protocol can be established Strength Strength of Radio neighbor signal, in percent Load percentage Load on the AP, in percent STA Count Number of client stations served by the neighboring AP Installation and Configuration Guide, (CQW-AP108AG)
SSID Configuration panel, as explained in this section. Multiple SSIDs are also supported. “Multiple SSIDs” on page 86 explains how to enable this feature and permit clients to access multiple wireless networks through the same access point. Installation and Configuration Guide, (CQW-AP108AG)
• SSID Table—View the current SSID configuration, modify the configuration, or add new SSIDs. • SSID Details—View the association between SSIDs and service profiles. • Profile Table—Manage service profiles. • Multiple SSID—Enable the multiple SSID feature. Installation and Configuration Guide, (CQW-AP108AG)
The RADIUS authentication zone for the SSID PSK-Type The type of pre-shared key used, if WPA is the encryption suite MAC-ACL MAC-ACL authentication enabled or disabled Auth Servers The RADIUS server used for user authentication Installation and Configuration Guide, (CQW-AP108AG)
Page 95
SSID in the AP beacon, or to suppress broadcast of the configurations only) SSID for increased security. The SSID is never broadcast in multiple SSID configurations. To change the SSID broadcast setting: 1 Select no or yes. 2 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Any attempt to delete the null user group, automatically associates it to the default service profile. Profile Service profile name. VLAN VLAN assigned to the service profile. Class of service values assigned to the service profile. Installation and Configuration Guide, (CQW-AP108AG)
Page 97
“SSID Authentication” on page 142. After defining the security settings, click Back on the browser to return to the SSID Details tab. Figure 56: SSID Configuration - Bind Service Profile to SSID Installation and Configuration Guide, (CQW-AP108AG)
NOTE: Changes made to SSID or service profiles cause affected users to be automatically disassociated from the AP. The AP then attempts to reassociate them automatically. This causes a momentary interruption in service. Figure 57: SSID Configuration - Profile Table Installation and Configuration Guide, (CQW-AP108AG)
SSIDs: one to accommodate the normal corporate network and one for a separate video conference network, which requires a higher quality of service. Figure 58: Example Use of Multiple SSIDs to Differentiate Levels of Service 10/100 Switched Ethernet Corporate Video COS=4 COS=7 SSID="Corporate" SSID="Video" A0043B Installation and Configuration Guide, (CQW-AP108AG)
SSID in its beacon frame. In order for a client to associate with the 108 Mbps Wireless AP configured for multiple SSIDs, a profile for each target SSID must be created on the client workstation using the Windows Zero Config (WZC) Add function or the PLANEX Client Utility Create function.
Group name Group to which the client station belongs Association Type Normal or transferred. Transferred means that the client station has been moved from the mate AP radio. Association Status Associated or Reassociated to the AP Installation and Configuration Guide, (CQW-AP108AG)
Station MAC address The MAC address that identifies the station Mode 802.11 mode used by the station (11a, 11b or 11g) Uplink Signal Strength Average signal strength on uplink (station to AP direction) as a percentage Installation and Configuration Guide, (CQW-AP108AG)
Number of packets that did not receive expected acknowledgement Timeouts Security Statistics The Security Stats table (Figure 62) provides detailed security information for the connection between the AP and client station. Figure 62: Station Security Statistics Installation and Configuration Guide, (CQW-AP108AG)
The panel contains the following tabs: • IAPP Service—Enable or disable IAPP. • Topology—View BSSID, IP address, and compatibility details. • Stats—View statistics details, including notifications sent and received, “move” notification and response details, and details on Intra-AP moves. Installation and Configuration Guide, (CQW-AP108AG)
The read-only IAPP Topology tab (Figure 64) displays information about all the neighboring APs this AP has discovered, including the BSSID, IP address, and Compatibility (whether the IAPP protocol can be established with the neighboring AP). Figure 64: IAPP Configuration - IAPP Topology Installation and Configuration Guide, (CQW-AP108AG)
Number of move notifications which were not sent in the maximum time Timeouts allowed for a move transaction Move Notifications Number of times the move notifications were retransmitted for all the move Retransmitted transactions (not supported) Installation and Configuration Guide, (CQW-AP108AG)
Choose Radio Diagnostics from the Wireless Services menu to test the radio signal between the AP and a client station. The panel contains 2 tabs: • Link Test—Test the radio link between the AP and a client station. • Walk Test—Advanced parameters regarding rate and range performance testing. Installation and Configuration Guide, (CQW-AP108AG)
Specify the size of each link packet (in bytes) Duration Period during which the which the test runs Average Interval Sampling interval Status Current status of the link test. Click the Link Test tab to refresh Installation and Configuration Guide, (CQW-AP108AG)
Page 109
To graph the results of a link test, select the test on the Link Test tab, and click Graph. The Graph panel (Figure 68) opens. Installation and Configuration Guide, (CQW-AP108AG)
Page 110
Transmission rate from the AP to the client station (Mbps). Uplink data rate Transmission rate from the client station to the AP (Mbps). When a parameter is selected, that graph is displayed. Figure 68: Radio Diagnostics - Link Test - Graph Installation and Configuration Guide, (CQW-AP108AG)
Page 112
Size for 802.11b (TC0) WNI_CFG_CWMAX_0_11G Max Contention Window 0 - 1023 / slots Size for 802.11g (TC0) WNI_CFG_PROXIMITY Used to set the transmit 0 (operates at max power for radio power), 1 (operates at reduced power) Installation and Configuration Guide, (CQW-AP108AG)
Page 113
4 Configuring Radio Settings Installation and Configuration Guide, (CQW-AP108AG)
Interfaces Figure 70 illustrates the physical and logical elements of an PLANEX wireless network. Each 108 Mbps Wireless Access Point has virtual interfaces that correspond to specific communications functions, as listed in Table 10. The interfaces wlan0 and wlan1 provide access to the BSS created on the AP radios;...
• ARP Table—View the ARP cache. Bridge and STP Choose Bridging from the Networking Services menu to open the Bridge & STP tab (Figure 71), The tab displays how bridging is currently configured and lists the interfaces and MAC addresses Installation and Configuration Guide, (CQW-AP108AG)
Page 116
STP provides protection against looping, but it does increase network overhead. Before STP allows traffic through a specific port, there may be a time lapse of 30 seconds. Operations may also take longer than normal. Installation and Configuration Guide, (CQW-AP108AG)
ARP table may become invalid. In this case, click Clear ARP Cache on the tab to remove the current ARP entries and repopulate the table automatically with valid entries. Click Refresh to update the display. Installation and Configuration Guide, (CQW-AP108AG)
To create a new route, click Add, enter the following information, and click Save. Field Description Destination IP Enter the IP address of the subnet to which packets can be forwarded, along with the subnet prefix for the address. Installation and Configuration Guide, (CQW-AP108AG)
Page 119
Enter the IP address of the gateway that will route traffic between this AP and the destination subnet. Interface Name Enter the name of the bridging interface. Use the br prefix, as described in “Configuring Bridging Services” on page 102. Installation and Configuration Guide, (CQW-AP108AG)
• Interface VLAN—Assign VLANs for untagged frames arriving at the AP. • User VLAN—View the list of users assigned to each VLAN by virtue of user group membership. • VLAN Stats—View packet statistics for each VLAN. Installation and Configuration Guide, (CQW-AP108AG)
VLAN to be managed from this AP. Management VLAN Indication of whether this VLAN is the management VLAN or not. Interface The logical AP interface. The table contains a separate row for each VLAN/ interface combination. Installation and Configuration Guide, (CQW-AP108AG)
Interface VLAN When the AP receives a frame, it must determine the VLAN to which the frame belongs. If the received frame is tagged, then VLAN is already known, and the AP can route the packet Installation and Configuration Guide, (CQW-AP108AG)
Address used to access the VLAN MAC Address MAC addresses of the client stations that are mapped to this VLAN through their user group’s service profile See “Configuring SSID Parameters” on page 79 for information on service profiles. Installation and Configuration Guide, (CQW-AP108AG)
Page 124
Configuring VLANs Figure 79: VLAN - User VLAN Installation and Configuration Guide, (CQW-AP108AG)
The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics button was selected. Click Refresh to update the statistics or Clear Statistics to return the collected values to zero and start collecting statistics again. Figure 80: VLAN - Stats Installation and Configuration Guide, (CQW-AP108AG)
(VoIP). With a QoS process in place, multiple clients can run applications with varying traffic delivery requirements over a single shared network. PLANEX supports QoS through hierarchical classes of service (COS) that control how network bandwidth is shared among multiple entities. COS specifies a numeric class code with values ranging from 0 (lowest priority) to 7 (highest priority).
Page 127
DSCP mapping and to assign class order.The QoS Configuration panel is divided into the following tabs: • Ingress QOS—Define COS mappings packets entering the AP. • Egress COS—Assign priority to the 802.11 packets leaving the AP. • QOS Stats—Display QoS statistics for each of the AP interfaces. Installation and Configuration Guide, (CQW-AP108AG)
VLAN tag when it arrives at the AP, then its COS value is honored by the AP. If the packet is not VLAN-tagged, then it can be classified at the ingress interface by way of a COS map defined on the Ingress QOS tab (Figure 82). Figure 82: QOS Configuration - Ingress QOS Installation and Configuration Guide, (CQW-AP108AG)
COS 0 maps TCID 0, 1 maps to 1, … and 7 maps to 7. If your network supports fewer than 8 priority levels, you can map multiple COS levels to a single TCID value. Figure 83: QOS Configuration - Egress COS Installation and Configuration Guide, (CQW-AP108AG)
• IP-DSCP—Define COS mapping based on the first 6 bits in the TOS byte of the IP header. • IP Protocol—Use standard IP protocol numbers assigned to different IP layer protocols. • IP Precedence—Define COS mapping based on the first 3 bits in the TOS byte of the IP header. Installation and Configuration Guide, (CQW-AP108AG)
If the default order is not chosen, select a COS mapping type and click Apply Move to Top to move it to the top of the class-order priority list. Repeat as needed to create the desired ordering. Installation and Configuration Guide, (CQW-AP108AG)
DSCP to COS maps. DSCP uses the first 6 bits in the TOS byte of the IP header, so the possible values range from 0 to 63. Figure 86: Advanced QOS Configuration - IP-DSCP Installation and Configuration Guide, (CQW-AP108AG)
Configure the following fields to define the IP Protocol-to-COS map: Field Description Select Radio Interface Select the AP interface. IP Protocol ID Enter the number assigned to the IP protocol. Select the COS value. Click Apply to save all the changes on the tab. Installation and Configuration Guide, (CQW-AP108AG)
The Filter table displays the name of the interface, whether it is for incoming or outgoing traffic, whether to accept or discard the packet, and the criterion used to accept or discard Installation and Configuration Guide, (CQW-AP108AG)
Page 135
Ether Type is the standard Ethernet code for the type of packet (e.g., for IP, the code is 2048, or 0x800 hex). Click Apply to save the values and return to the Summary tab. Click Cancel to return to the Summary tab without saving the values. Installation and Configuration Guide, (CQW-AP108AG)
AP interfaces (wlan0, wlan1, eth0). The panel contains the following tabs: • IF Table—View the administrative and operation state of each of the interfaces, and bind an IP address to each interface. • IF Stats—View the packet and byte statistics for traffic traversing each interface. Installation and Configuration Guide, (CQW-AP108AG)
802.11-compatible. 802.1h is the current standard for encapsulation. For other, incompatible equipment, select Encapsulated to encase the Ethernet frames from the equipment within standard 802.11 frames. Click Apply after making any change. Installation and Configuration Guide, (CQW-AP108AG)
SNMP messages and saves or drops them, depending upon how the system is configured. Choose SNMP Configuration from the Networking Services menu to open the SNMP panel (Figure 94) to configure SNMP parameters. Installation and Configuration Guide, (CQW-AP108AG)
Page 139
Click Apply to save your changes, or Reset to return to previously saved values. The bottom of the SNMP panel contains a table of currently defined traps. To delete a trap, select it in the SNMP Agent Table, and click Delete. Installation and Configuration Guide, (CQW-AP108AG)
Use the Ping Test panel to execute an ICMP Echo Request to check network connectivity to a remote IP host. Enter the hostname or IP address of the remote host. Figure 95 shows the Ping Test panel with test results presented. Figure 95: Ping Test Installation and Configuration Guide, (CQW-AP108AG)
A0007B Applications of wireless backhaul include building-to-building bridging and 802.11b traffic aggregation. PLANEX support for wireless backhaul includes bridge creation, instantiation of logical bridge ports on radios, and bridging functions such as address learning, packet forwarding, and Spanning Tree Protocol (STP).
• WEP may be enabled in addition to WPA on the upstream AP • Both upstream and downstream APs must be enrolled by NM Portal. For more information on security, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
These parameters specify the rules that apply to the backhaul point (BP) radios which form uplink backhaul trunks by associating to normal radios (AP). These rules are used to determine the candidate parent list of upstream APs for the backhaul trunk. Figure 97: Backhaul Configuration - Link Criteria Installation and Configuration Guide, (CQW-AP108AG)
Page 145
Uplink BSSID Criteria), or eliminated uplink candidates (if Discard from BSSIDs was selected). After adding BSSIDs, click Apply. The BP now attempts to establish a backhaul link based upon the configured rules. Click Delete to remove a BSSID from the list. Installation and Configuration Guide, (CQW-AP108AG)
Select the Trunk Table tab (Figure 99) to view the list of current backhaul trunks. The backhaul is established if the MAC address of the backhaul trunk is listed in the table. Figure 99: Backhaul Configuration - Trunk Table Installation and Configuration Guide, (CQW-AP108AG)
Backhaul Configuration - Trunk Stats This tab contains the following information: Field Description Interface The AP radio interface (wlan0 or wlan1) Rx Bytes Number of bytes received at this AP Rx Packets Number of packets received at this AP Installation and Configuration Guide, (CQW-AP108AG)
Page 148
Number of packets transmitted by this AP Rx Multicast Packets Number of multicast packets received by this AP Click Clear Statistics to return the counts in this tab to zero and begin collecting statistics again. Installation and Configuration Guide, (CQW-AP108AG)
Page 149
6 Configuring a Wireless Backhaul Installation and Configuration Guide, (CQW-AP108AG)
NOTE: For information on security for access point enrollment, refer to Chapter 9, “Managing the Network.” Introduction PLANEX offers the strongest available security options for wireless networking, as listed here and illustrated in Figure 101: • AP Security verifies the identity of individual APs and authorizes them to be part of the wireless network.
A0047 AP Security PLANEX provides a highly secure process to enroll access points. Three distinct levels of identification verify the AP: Device ID, Thumbprint, and a bootstrap password unique to the AP. To assure central control of the verification process, it is recommended that a single enrollment server handle enrollment for the entire wireless network.
The 108 Mbps Wireless AP can meet all the user authentication needs for the full range of wireless networks. (See Chapter 2, “Planning Your Installation.”) PLANEX supports several modes of authentication, as listed in Table 11. WPA-PSK uses pre-shared keys (PSK) that is configured directly by the administrator into the AP and network clients.
There are some limitations to the allowed combinations; it is not possible to enable both WEP and Open simultaneously. Also, Open and WPA encryption modes require each mode to be mapped to a separate VLAN (see “Configuring VLANs” on page 107). Installation and Configuration Guide, (CQW-AP108AG)
Page 154
WPA provides strong encryption support with the AES and TKIP algorithms. NOTE: Some early versions of WPA-capable client software may not permit a client to associate to the AP when multiple modes off encryption and authentication are chosen. Installation and Configuration Guide, (CQW-AP108AG)
(if applicable). MAC-ACL lookups can be enabled for clients that associate with WPA-PSK, manual WEP-keys, or with no security. MAC-ACL is not applicable if per user authentication is done where user name is available. Installation and Configuration Guide, (CQW-AP108AG)
Page 156
An external RADIUS server can also be added from this tab. Click Go at the bottom of the tab to open the Authentication Zone tab of the Authentication Zones panel. For instructions on adding a server, refer to “Configuring Authentication Zones” on page 145. Installation and Configuration Guide, (CQW-AP108AG)
Page 157
2 The RADIUS server can use these attributes to enforce policies such that EAP based authentication is mandatory for Wireless. 3 The RADIUS server may optionally send back the “Session-Timeout” attribute to override the AP default session-timeout. Installation and Configuration Guide, (CQW-AP108AG)
Set the following values on the Add Auth Zone entry panel (Figure 105): Field Description Auth Zone Name of the authentication zone. Auth Server list List of possible servers to add to the zone. Select desired servers. Click Add after making selections. Installation and Configuration Guide, (CQW-AP108AG)
The servers that do not have a check box against them are security portals. Figure 106: Authentication Zones - Auth Servers Configuring Administrator Security Choose Administrator Security from the Security Services menu to open the Administrator Security panel (Figure 107). Installation and Configuration Guide, (CQW-AP108AG)
The value of this attribute is set to “Administrative” to indicate that the user to be authenticated has requested access to an administrative interface on the AP • If the user authentication is successful, the RADIUS server must send back an PLANEX vendor-specific attribute defined as follows: vendor-id=13586, vendor sub-type=3, integer value = 1.
AP. These are generated by the traffic from WPA or 8021.x based wireless authentication. Only radios in AP mode produce this data. Figure 108: Security Statistics - Authentication Stats Installation and Configuration Guide, (CQW-AP108AG)
The Supplicant Stats tab(Figure 109) reports on authentication messages sent between a local BP radio and the upstream AP. Only radios in BP mode return these statistics. The statistics are generated from the EAPOL protocol, which is used for 802.1x authentication. Installation and Configuration Guide, (CQW-AP108AG)
Page 163
These frames are discarded by the BP. RX EAP Length Error The total number of EAPOL frames received by the BP that have invalid packet body length fields. These frames are discarded by the BP. Installation and Configuration Guide, (CQW-AP108AG)
The total number of RADIUS authentication related packets received from the Server backend authentication server. Access Challenges The total number of RADIUS authentication packets that contained an ACCESS-CHALLENGE. These are sent by the RADIUS server when it is engaged in a multi-step authentication sequence. Installation and Configuration Guide, (CQW-AP108AG)
Time in seconds, after which a station is re-authenticated Group Key Interval Time in seconds, after which the group key is changed. This is not used if static WEP keys are enforced RADIUS Timeout Time in seconds, after which the request is retransmitted Installation and Configuration Guide, (CQW-AP108AG)
Page 166
RADIUS attribute for VLANs can reuse the attributes for AP service profile assignments by configuring them as the RADIUS attributes for user groups. Click Apply to implement the changes, or click Reset to return the entries on the panel to their previous values. Installation and Configuration Guide, (CQW-AP108AG)
Page 167
7 Managing Security Installation and Configuration Guide, (CQW-AP108AG)
Most current guest user solutions require guests to access a separate access point that is not part of the corporate network. The PLANEX solution eliminates this requirement by restricting guest access through VLAN tags on the existing access points.
RADIUS authentication service provided in the PLANEX security portal. If either password is acceptable, the guest user is authenticated and receives the privileges specified in the guest service profile.
Guest Access - External Landing Page CorporateVLAN GuestVLAN CorporateVLAN GuestVLAN VLAN Switch RADIUS Server Password Authentication Results Passed Back to AP Authentication Corporate Guest A0045B An example external landing page is shipped with the 108 Mbps Wireless Access Point. Installation and Configuration Guide, (CQW-AP108AG)
2 Enable WPA security, if mixed mode security (encrypted and open) is desired. Only WPA can be enabled in conjunction with open. The WPA Security mode is for non-guests only. 3 Enable Open Access. 4 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Page 172
4 Click Profile Table to display the current list of service profiles. 5 Click Add to create the guest service profile. Select the VLAN ID for the guest VLAN previously defined. Enter the COS value and make sure that no-encryption is selected. 6 Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
Internal or external page automatically displayed when guest users attempt to access the network Allowed Guest Subnet The subnet optionally reserved for unauthenticated guest access. Configuring an allowed guest subnet can give unauthenticated users access to a limited set of free services. Installation and Configuration Guide, (CQW-AP108AG)
Page 174
4 If desired, enter the address and maskbits for a subnet optionally reserved for unauthenticated guest access. 5 Select an internal or external landing page. If the external page is selected, enter the full URL and shared secret code for access. Click Apply. Installation and Configuration Guide, (CQW-AP108AG)
7 Click OK to confirm. Guest Access Security The Security tab of the Guest Access Configuration panel provides an interface to set (Figure 116) the guest password for an internal landing page. Figure 116: Guest Access Configuration - Security Installation and Configuration Guide, (CQW-AP108AG)
Page 176
Guest Access Services Panel Auto-Generating Guest Passwords For optional generation of guest passwords automatically at set intervals, use the Guest User tab within the security area of NM Portal (Figure 117) Figure 117: Security Portal - Guest User Installation and Configuration Guide, (CQW-AP108AG)
PLANEX offers the unique advantage of a network management capability built into the 108 Mbps Wireless Access Point. When configured as an NM Portal, the 108 Mbps Wireless AP can provide network management services for up to five subnetworks.
Detail panels. Open the Home panel at any time by selecting Home from the menu tree. Menu Tree The menu tree contains the following menus: • Home—Open the Home panel. Installation and Configuration Guide, (CQW-AP108AG)
You can enroll up to 20 APs. To access the enrollment panel, choose AP Enrollment from the Network Topology menu. The AP Enrollment panel opens to display the list of discovered, but as yet un-enrolled, APs (Figure 120). Installation and Configuration Guide, (CQW-AP108AG)
Page 181
9 Managing the Network Figure 119: AP Enrollment Enrollment Portal: Other APs Verify AP Identity NM Portal: Manage and Monitor the Network A0028A Figure 120: Network Topology - AP Enrollment - Not Enrolled Installation and Configuration Guide, (CQW-AP108AG)
Page 182
Thumbprint Verify the thumbprint, which uniquely identifies the AP for security purposes. Password Enter and confirm the PLANEX-supplied password. Security Portal Indicate whether to use the AP as a standby security portal. With a backup security portal, a copy of the user authentication database remains accessible even if the NM Portal AP becomes unavailable.
Backhaul Topology panel in NM Portal to view all the backhaul paths defined for the network. Choose Backhaul Topology from the Network Topology menu to display this information (Figure 123). Installation and Configuration Guide, (CQW-AP108AG)
Rediscover Now button Begins the rediscovery process. Viewing IP Topology The IP Topology panel lists all the APs discovered by NM Portal. Choose IP Topology from the Network Topology menu to display this information (Figure 124). Installation and Configuration Guide, (CQW-AP108AG)
Page 185
MAC addresses assigned to each of the AP radios. The address of the wlan0 radio is listed first and the wlan1 radio is listed second. Auto/Manual Indication of whether the AP was discovered automatically or manually identified Installation and Configuration Guide, (CQW-AP108AG)
The results of the polling are presented in the Discovered Radio table (Figure 125), accessible from the Discovered Radios item under Network Topology menu in the menu tree. Use the Discovered Radios list to characterize the wireless network neighborhood and detect possible rogue APs. Installation and Configuration Guide, (CQW-AP108AG)
Page 187
Strength of the detected signal as a percentage SSID The SSID of the detected device, if known Channel ID The channel on which the signal was detected BSS Type Whether the detected device is part of an infrastructure or ad-hoc service set Installation and Configuration Guide, (CQW-AP108AG)
Each panel opens to the Unclassified tab, which lists the candidate rogue APs. From the list, select individual APs to classify as known in your network or a neighbor’s network. Once classified, the APs are listed in the IP or Wireless Classified tab. Installation and Configuration Guide, (CQW-AP108AG)
Time Discovered Time of the last IP scan that detected the AP. This value is updated each time the AP is detected. Thumbprint Factory-generated identifier used for AP enrollment Figure 126: IP Rogue AP - Unclassified Installation and Configuration Guide, (CQW-AP108AG)
Page 190
Perform the following functions from this tab: Function Steps Classify an AP as 1 Select the AP from the list. APs are identified by PLANEX device ID and IP address, if known. known 2 Click Classify-Node to open the Classify the Rogue AP panel (Figure 127).
Radio Neighbor or Radio & IP Neighbor Signal Strength Strength of the beacon (dBm) BSS Type Infrastructure or ad-hoc (IBSS) SSID SSID sent in the rogue beacon Channel ID Radio channel on which the AP was discovered Installation and Configuration Guide, (CQW-AP108AG)
Page 192
Click Delete and click OK to confirm. If an AP is deleted from the list and rogue list then discovered in a subsequent scan, it is added to the list again. Delete from the list all Click Delete All, and click OK to confirm APs classified as wireless rogues Installation and Configuration Guide, (CQW-AP108AG)
Page 193
IP address of the AP that reported the detected AP Detection Time Time of the scan that last detected the AP Class Category used to classify the AP Figure 131: Wireless Rogue AP - Classified Installation and Configuration Guide, (CQW-AP108AG)
To view the details of a policy, select the name in the policy table, and click Details. The policy table expands to display all the parameters contained in the policy (Figure 132). To return to the policy table, click Back. To delete a policy, click Delete. Installation and Configuration Guide, (CQW-AP108AG)
Page 195
Select a policy from the pull-down list, and click Apply. Not currently policy from a pre- supported. defined policy Use this AP’s start-up Select the checkbox, and click Apply. configuration to generate a default policy. Installation and Configuration Guide, (CQW-AP108AG)
Page 196
NM Services - Policy Management - Distribute Policy Configure the following fields on this tab: Field Description Select Policy to Select an existing policy from the pull-down list. Distribute Select All Policies to Select to distribute all the existing policies. Distribute Installation and Configuration Guide, (CQW-AP108AG)
(Figure 136). Figure 136: NM Services - Discovery Configuration Configure the following values on this tab: Field Description Discovery Interval Restrict discovery to a time interval (in minutes). The range is 60-10080 (default is 60). Installation and Configuration Guide, (CQW-AP108AG)
Page 198
The Seed AP is optional. If it is not specified, NM Portal automatically discovers all the compatible APs in that subnet and identifies a seed AP for itself. Select the Scope/Seed tab (Figure 136) to configure the scope and seed parameters. Installation and Configuration Guide, (CQW-AP108AG)
Page 199
Enabled. Click Apply to save the setting. If enabled, NM Portal automatically scans the network to detect IP and wireless rogue access points. For more information, see “Managing Rogue Access Points” on page 175. Installation and Configuration Guide, (CQW-AP108AG)
• Portal Table—Add a redundant security portal and synchronize the portal databases. • Secure Backup—Use https to perform a secure backup of the NM Portal AP configuration. • Portal Backup—Back up or restore the portal databases and configuration. Installation and Configuration Guide, (CQW-AP108AG)
Page 201
NM Portal but form part of other managed networks. Only Portals managed by this NM Portal will be shown as Enrolled and or will have a radio button using which the portal may be deleted. Installation and Configuration Guide, (CQW-AP108AG)
Page 202
Delete to remove the file from the AP. The file takes up space on the AP disk, so it is recommended to remove it. To restore the configuration, browse to select the file, and then click Apply to restore the configuration and reboot the AP. Installation and Configuration Guide, (CQW-AP108AG)
• Leases—View details about the current DHCP leases. • Static IP—Assign static IP addresses for specific equipment NOTE: Use the DHCP panels to support IP address assignments only if a DHCP server is not already in place on the existing network. Installation and Configuration Guide, (CQW-AP108AG)
Page 204
If you delete DNS servers, only those added manually are deleted. DHCP- assigned DNS servers continue to be available. WINS Server Enter the IP address of the Windows name server used to map IP addresses to computer names. There is no default. Installation and Configuration Guide, (CQW-AP108AG)
Page 205
• IP Address/Maskbits—Enter the address and maskbits that define the subnet to be used for address assignment. • Use Fixed IP Address Range—Specify a range of IP addresses by entering starting and ending addresses, with subnet prefix length. Installation and Configuration Guide, (CQW-AP108AG)
Page 206
Field Description MAC Address Address that uniquely defines the DHCP client Leased IP Address IP address assigned by the DCHP server Lease Time Remaining Amount of time remaining on the current DHCP lease (in hours) Installation and Configuration Guide, (CQW-AP108AG)
Traps, which are forwarded to the SNMP Sink Host (or Primary NMS). Viewing Alarms Choose Alarm Summary from the Fault Management menu to view counts and descriptions of alarms that occur in the network managed by NM Portal. Installation and Configuration Guide, (CQW-AP108AG)
Page 208
“108Mbps Wireless LAN Access Point Alarms” on page 198 and additional details are presented in Appendix C, “Alarms.”. The Alarm Table includes the following information: Field Description Alarm ID Text description of the specific alarm Installation and Configuration Guide, (CQW-AP108AG)
Page 209
NOTE: The filtering function on the Alarm Table tab only affects the information that is displayed in the Alarm Table at the bottom of the tab. To remove some event types completely from the alarm list, use the Alarm Filter tab. Installation and Configuration Guide, (CQW-AP108AG)
Page 210
Select an AP to view only the alarms generated by that AP. Address) Logging Period Enter a date range to show events during a specific interval of time. Click Set Filter to apply the filter to the alarm table or Reset to clear the selected values. Installation and Configuration Guide, (CQW-AP108AG)
Page 211
SSID. BSS Enabling Failed Generated when an attempt to enable an AP radio fails. Reason codes: 0 – Unspecified reason 1 – System timeout attempting to enable BSS Installation and Configuration Guide, (CQW-AP108AG)
Page 212
Reason Codes: 0 - Station initiated disassociation 1 - Station has handed off to another AP 2 - Disassociation triggered due to authentication failure after ULAP timeout 3 - Disassociation triggered due to user action Installation and Configuration Guide, (CQW-AP108AG)
Page 213
RADIUS server is incorrectly configured on the AP. If multiple RADIUS servers are configured in this authentication zone, the AP will switch to using the next one in the list. Installation and Configuration Guide, (CQW-AP108AG)
Page 214
The BP is aware of the other PLANEX node, but does not believe it is authorized to be a security portal.
Page 215
The two authentication modes that authentication type. require the station to send its user-ID are WPA EAP and legacy 8021.x for dynamic WEP. This alarm may indicate that a user prompt is not attended to on the client side. Installation and Configuration Guide, (CQW-AP108AG)
Page 216
Each added event is included in the Event Filter Table Drop List at the top of the tab.The table includes the event ID and a description. To remove an event from the list, select the event, and click Delete. Installation and Configuration Guide, (CQW-AP108AG)
To view older messages, select the appropriate message.x file from the list on the SYSLOG panel (Figure 149). See “Syslog Configuration” on page 213 for instructions on configuring the syslog message output. Installation and Configuration Guide, (CQW-AP108AG)
“Configuring Guest Access” on page 155. Adding Wireless Users Choose User Management from the Security Portal menu to open the Wireless Users tab, which contains a list of current network users (Figure 150). Installation and Configuration Guide, (CQW-AP108AG)
Page 219
When a wireless user is added to the database a unique certificate is generated for that user. The certificate must be installed on the user's PC. This can be done in one of two ways: Installation and Configuration Guide, (CQW-AP108AG)
Security Portal - User Management - View Wireless User Adding Administrative Users To give designated users access to NM Portal, open the Admin Users tab (Figure 153). Figure 153: Security Portal - User Management - Admin Users Installation and Configuration Guide, (CQW-AP108AG)
MAC addresses are checked when the SSID has MAC-ACL enabled, and open access, static WEP keys, or WPA-PSK encryption are used. For more information on security options, see Chapter 7, “Managing Security.” Installation and Configuration Guide, (CQW-AP108AG)
Page 222
Security Portal - User Management - Add MAC Address User Click Add after entering the requested information. From the user list, you can delete an existing MAC-ACL user, modify user information, or view the details in a read-only table. Installation and Configuration Guide, (CQW-AP108AG)
Page 223
9 Managing the Network Installation and Configuration Guide, (CQW-AP108AG)
AP. • NMS Configuration—Specify the entities used for network management, including the Wireless LAN Network Management Software server and NM Portal AP. • Hardware Options—Enable the real time clock and buzzer. Installation and Configuration Guide, (CQW-AP108AG)
Host Name which is derived from the MAC address. (required) Enter a text description of the physical location of the AP. AP Location Enter the email address of the administrative contact for the AP. Administrator Contact Installation and Configuration Guide, (CQW-AP108AG)
Arbitrary changes to syslog can adversely affect the AP. The top area of the Syslog panel (Figure 159) provides controls to set the logging level and scope for a variety of functional areas or modules. Figure 159: System Configuration - Syslog Configuration Installation and Configuration Guide, (CQW-AP108AG)
Use the NMS Configuration tab (Figure 161) to identify network management servers and to determine which network management system will receive fault and event notifications. NOTE: If the AP is already enrolled, it is not necessary to modify the settings on this panel. Installation and Configuration Guide, (CQW-AP108AG)
Select HW Options (Figure 162) to set the buzzer and the real time clock (RTC), which keeps track of the date and time in the event that the AP loses power. This feature is not required if the AP is always connected to the Internet. Installation and Configuration Guide, (CQW-AP108AG)
Save As to save the configuration locally. 3 After the configuration file is saved, click Delete to remove the file from the AP. The file takes up space on the AP disk, so it is recommended to remove it. Installation and Configuration Guide, (CQW-AP108AG)
Provides details on the configuration that is stored on the AP flash device and used each time the AP reboots. Running-Config Provides details on the current AP configuration, which may or may not match the startup configuration. Default-Config Lists the factory default settings shipped on the AP. Installation and Configuration Guide, (CQW-AP108AG)
Page 231
10 Maintaining the Access Point Click Refresh to update the selected report Figure 164: Configuration Management - Configuration Reports Installation and Configuration Guide, (CQW-AP108AG)
Managing the AP Configuration Reset Configuration Use the Reset Configuration tab to reset the AP configuration or revert to the defaults for individual subsystems (Figure 165). Figure 165: Configuration Management - Reset Configuration Installation and Configuration Guide, (CQW-AP108AG)
1 Enter the IP address of the TFTP server. 2 Enter or confirm the name of the log file. 3 Click Apply. The Reset buttons on the panel clear the field entries in the associated section. Installation and Configuration Guide, (CQW-AP108AG)
• If the AP is a non-portal AP, choose Admin Tools > Software Upgrade to open the Software Upgrade panel. NOTE: The AP license file is not affected by software upgrades. The existing software license remains valid after the AP software is upgraded. Installation and Configuration Guide, (CQW-AP108AG)
Software Image File The AP software image file conforms to an PLANEX-defined format that uses the filename extension.img. During download, the filename extension and structure are verified and the download is stopped if a problem with the file is detected.
Page 236
Software Download Status panel opens (Figure 168). Staging is now complete. 5 Select the APs to receive the upgrade. 6 Click Distribute. A confirmation dialog asks you to confirm that the upgrade should now begin. 7 Click OK. Installation and Configuration Guide, (CQW-AP108AG)
Page 237
The download process begins. Every 10 seconds the screen is updated with new status information. If the download is successful, the AP is automatically rebooted with the new software image. If the download is unsuccessful, an explanatory message is displayed in the Download Status column. Installation and Configuration Guide, (CQW-AP108AG)
The image has passed the compatibility test but failed the integrity check after the distribution, but before the flash update. Updating Flashing ... Image distribution is complete and it is being saved onto the AP's flash memory. Installation and Configuration Guide, (CQW-AP108AG)
AP. Make sure that the network adapter in the computer is working properly. Check to see whether the IP address is on the same subnet as the Access Point. Installation and Configuration Guide, (CQW-AP108AG)
Page 240
Access Point(s) and/or any external antennae to be free of these obstructions. If using an external antenna, also make sure that it is connected securely to the Access Point. Installation and Configuration Guide, (CQW-AP108AG)
Page 241
10 Maintaining the Access Point Installation and Configuration Guide, (CQW-AP108AG)
If the AP has not been initialized, the user name field is grayed out. The factory default password is shipped with the AP on a paper insert. Use the password from the insert to log in. Installation and Configuration Guide, (CQW-AP108AG)
8 Enter your login ID and press Return. When prompted next, enter your password. (The AP defaults are login admin and password: password, and login opr and password opr for operator (read-only) access.) Installation and Configuration Guide, (CQW-AP108AG)
Page 244
Toggle between show and config modes by pressing Ctrl-P. Leave a mode and return to the top level command prompt by typing exit. To log out and close your connection to the command line interface, type logout at any prompt. Installation and Configuration Guide, (CQW-AP108AG)
Page 245
A Using the Command Line Interface Installation and Configuration Guide, (CQW-AP108AG)
UL-2043 (Fire and Smoke) Compliance CERT2 EMC Directive 89/336/EEC (CE Mark) CERT3 Radio Approvals FCC CFR47 Part 15, section 15.247 FCC (47CFR) Part 15B, Class B Emissions Canada IC RSS210 Japan MPT Radio Regulations Europe: ETS 300.328 Installation and Configuration Guide, (CQW-AP108AG)
Page 247
B Regulatory and License Information Installation and Configuration Guide, (CQW-AP108AG)
When a node is deleted, all information about that node is erased from the Portal. If the node’s IP address falls within the discovery scope, then the node will be re- discovered and added back to the set of the discovered nodes on the next discovery Installation and Configuration Guide, (CQW-AP108AG)
Alarm generated when an 108 Mbps Wireless AP is enrolled into the nework Syntax: NMPortal with DeviceId %s has successfully enrolled a remote node having ApDeviceId=%s NodeIp=%s and Persona=%d Alarm Parameters DeviceId The Device ID of the NMPortal ApDeviceId The Device ID of the remote AP Installation and Configuration Guide, (CQW-AP108AG)
This alarm is generated when the 108 Mbps Wireless AP has bee successfully Description: rejected (un-enrolled) from the network. Informational log. Usage: NMPortal with DeviceId AP_00-0A-F5-00-01-77 has successfully enrolled a remote node Examples: having DeviceIdId=AP_00-0A-F5-00-01-7A NodeIp=172.16.12.4 and persona=2 See Also: <Node Enrolled> Installation and Configuration Guide, (CQW-AP108AG)
The device ID of the remote AP policy The policy name from The device ID of the source of the policy error The failure error code time The time at which the policy was consumed Alarm Severity Severity Critical Installation and Configuration Guide, (CQW-AP108AG)
For accesspoint Node %s The software image [%s] from [%s] could not be Syntax: downloaded due to error %d at time[%s] Alarm Parameters Node The device ID of the remote AP image The image version Installation and Configuration Guide, (CQW-AP108AG)
On DeviceId AP_00-0A-F5-00-01-77 , the Software image [0.7.0, build A.2286, AGN1dev, Examples: PLANEX Inc., ] distribution request from portal[AP_00-0A-F5-00-01-77 ] using the Distribution TaskId=000000 and with status=172.16.12.4, , 0, 947304168, 947304183, invalid image file. completed at time[Tue Jan 6 21:32:18 1970 ] See Also: <Image Download Failed, Image Download Succeeded>...
Identifies Radio by interface ID on the Access Point Alarm Severity Severity Critical Notification which indicates that AP has been disabled. Description: The AP radio can be disabled for several reasons such as: Usage: a. User Triggered (administrative disabling) Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates that the frequency of operation changed on the AP. "Frequency changed for DeviceId %s radio %d channelId %d CauseCode %d" Syntax: Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Critical This is a notification generated when a association from a 802.11 station fails with Description: the AP radio. The reasons for the failure are encapsulated in the cause code parameter and are as follows: Installation and Configuration Guide, (CQW-AP108AG)
Identifies Radio by interface ID on the Access Point STA MAC Address MAC address of 802.11 station. STA status Association or reassociation User ID Identifies user by user name or MAC address Station Count Current count of associated users with AP. Alarm Severity Installation and Configuration Guide, (CQW-AP108AG)
Station has handed off to another AP Disassociation triggered due to authentication failure after ULAP timeout Disassociation triggered due to user action. Informational log. Usage: Station disassociated for Device ID AP_00-0A-F5-00-01-B6 radio 4 station MAC Examples: 00:0a:f5:00:3a:fe, CauseCode 0 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates successful formation of wireless backhaul "WDS trunk established for DeviceId %s radio %d remote mac %s Syntax: TrunkPort count %d CauseCode %d” Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
Indicates why backhaul link was bought down Alarm Severity Severity Critical This is a notification generated when a wireless backhaul has gone down. The Description: remote end’s MAC address is provided. Reason Code Description System Reason (unspecified) Installation and Configuration Guide, (CQW-AP108AG)
Guest Profilethat has been configured for the specified SSID. For device-id AP_00-0A-F5-00-01-89 , Guest authentication succeeded for STA Examples: 00:0a:f5:00:05:f0 on radio 0 with SSID NewYorkRoom using captive portal Internal and guest mode 4 Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates that the AP has determined that a User has been rejected by RADIUS. "For device-id %s, the RADIUS SERVER %s:%d from auth zone %s Syntax: rejected the STA %s on radio %d with user-id %s and SSID %s" Installation and Configuration Guide, (CQW-AP108AG)
The IP address of the RADIUS server. Port The port used to communicate with the RADIUS server. Auth Zone The name of the auth Zone on this AP that this RADIUS server is a member of Installation and Configuration Guide, (CQW-AP108AG)
The name of the auth Zone on this AP that this RADIUS server is a member of RADIUS timeout The current setting of the RADIUS timeout. RADIUS retries The number of retries performed Station MAC address of the Station. Installation and Configuration Guide, (CQW-AP108AG)
Identifies the type of access, console, or SSH. (Ignore in this release.) Alarm Severity Severity Critical This notification is generated whenever a management User tries to login to the Description: local AP. This indicates that the AP has determined that a Management user login has Usage: Installation and Configuration Guide, (CQW-AP108AG)
The Device ID of the 108 Mbps Wireless AP Station MAC address of the Station. bpIndicator Identifies if the supplicant is a BP (1), or a STA (0). Radio Identifies Radio by interface ID on the Access Point Installation and Configuration Guide, (CQW-AP108AG)
Identifies Radio by interface ID on the Access Point SSID Identifies the SSID on this AP that the STA has associated with Alarm Severity Severity Critical This notification is sent when a Station attempts to do a WPA-PSK based Description: Installation and Configuration Guide, (CQW-AP108AG)
EAP based authentication, or for MAC address based ACL lookups. For device-id AP_00-0A-F5-00-01-89 , Auth servers are improperly configured for the Examples: SSID NewYorkRm and are needed for authenticating STA 00:0a:f5:00:05:f0 on radio 0 with RADIUS 2 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates that the AP has determined that a RADIUS server has sent a bad response. "For device-id %s, the RADIUS server %s:%d sent back a bad response due Syntax: to %d" Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
The port used to communicate with the RADIUS server. RADIUS timeout The current setting of the RADIUS timeout. Alarm Severity Severity Critical This notification is generated when the AP receives a late response from the Description: Installation and Configuration Guide, (CQW-AP108AG)
The valid types include: WEP-64 (1), WEP-128 (2), TKIP (5), AES Reason Code The reason for the failure: EAP-REQUEST NOT RECEIVED FROM AUTHENTICATION SERVER (2) Alarm Severity Severity Critical This notification is generated when the station authentication sequence did not Description: complete in time. Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the upstream AP 00:0a:f5:00:06:22 with SSID Examples: NewYorkRm authenticating via local BP radio 0 is using an untrusted auth server 00:0a:f5:00:01:45 with certificate SHA-1 thumbprint 98:72:a8:6d:56:f8:92:a8:f3:97:ec:3f:fa:0b:66:4e : IT MIGHT BE A ROGUE AP See Also: Installation and Configuration Guide, (CQW-AP108AG)
Description: AP is using a node that is not a security portal as its auth server. This indicates that the BP knows about the other PLANEX node, but does not believe it is authorized to be a Security Portal. This indicates that the local BP has determined that the upstream AP is out-of-sync...
The Device ID of the 108 Mbps Wireless AP The MAC address of the upstream AP. SSID Identifies the SSID on this AP that the STA has associated with. Radio Identifies Radio by interface ID on the Access Point Alarm Severity Installation and Configuration Guide, (CQW-AP108AG)
SSID. For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:cc on radio 0 with user Examples: paul is in group employee but SSID NewYorkRm has no profile configured for that group. See Also: Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:cc on radio 0 with user Examples: paul and SSID NewYorkRm of group employee failed the security enforcement check with auth-type 4 and enc-type 5 at enforcement level 1 See Also: Installation and Configuration Guide, (CQW-AP108AG)
"For device id %s, Guest authentication failed for STA %s on radio %d Syntax: with SSID %s using captive portal %s and guest mode %d due to %d" Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Installation and Configuration Guide, (CQW-AP108AG)
This notification is generated when a bad TKIP MIC is detected on an incoming Description: frame from a STA that is ecrypted with the pairwise/unicast key. This indicates that the AP has detected an invalid TKIP MIC value on an incoming Usage: Installation and Configuration Guide, (CQW-AP108AG)
AP that is encrypted with the group/multicast/broadcast key. "For device-id %s, a bad TKIP MIC was detected by local BP radio %d on Syntax: an incoming multicast/broadcast packet from the AP %s" Alarm Parameters Installation and Configuration Guide, (CQW-AP108AG)
This indicates that the STA has detected an invalid TKIP MIC value on an Usage: incoming frame encrypted with the pairwise/unicast key. For device-id AP_00-0A-F5-00-01-89 , a bad TKIP MIC was detected by STA Examples: 00:0a:f5:00:05:f0 on radio 0 on an incoming unicast packet from the AP Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates that the AP is taking active counter-measures against an attempted compromise of TKIP. "For device-id %s, the TKIP counter-measures lockout period has started Syntax: for 60 seconds." Alarm Parameters DeviceId The Device ID of the 108 Mbps Wireless AP Alarm Severity Severity Critical Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 and SSID Examples: NewYorkRm did not send its user-id in time to complete its auth sequence with auth-type 4 and enc-type 6 Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send an EAP-Response in time to complete its auth sequence with auth-type 4 and enc-type 6 See Also: EAP User-ID Timeout, STA Authentication Timeout Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send the WPA EAPOL-Key Pairwise Messg #2 in time where auth-type 4 and enc-type 6 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Notification which indicates that the STA has failed to respond, in a timely manner, with EAPOL Group key exchange message number 2. "For device-id %s, the STA %s[%d] on radio %d with user %s and SSID Syntax: %s did not send the WPA EAPOL-Key Group Messg #2 in time where Installation and Configuration Guide, (CQW-AP108AG)
For device-id AP_00-0A-F5-00-01-89 , the STA 00:0a:f5:00:05:f0 [0] on radio 0 with user Examples: paul and SSID NewYorkRm did not send the WPA EAPOL-Key Group Messg #2 in time where auth-type 4 and enc-type 6 See Also: Installation and Configuration Guide, (CQW-AP108AG)
Page 289
C Alarms Installation and Configuration Guide, (CQW-AP108AG)
The set of all wireless client stations controlled by a single access point. The BSSID, or identifier, for the basis service set can be assigned or default to the MAC address of the access point. Installation and Configuration Guide, (CQW-AP108AG)
Page 291
This establishes a secure channel over which the supplicant can be authenticated to the server. Extended Service Set (ESS) A set of multiple connected BSSs. From the perspective of network clients, the Installation and Configuration Guide, (CQW-AP108AG)
Page 292
Network Address Translation (NAT) The translation of one IP address used within a network to another address used elsewhere. One frequent use of NAT is the translation of IPs used inside a Installation and Configuration Guide, (CQW-AP108AG)
Page 293
QoS is a term encompassing the management of network performance, based on the notion that transmission speed, signal integrity, and error rates can be managed, measured, and improved. In a wireless network, QoS is commonly managed through the use of policies. Installation and Configuration Guide, (CQW-AP108AG)
Page 294
An 802.11 capable device that supports only one 802.11 network interface, capable of establishing a Basic Service Set 802.11 network (i.e., peer-to-peer network) Static IP Address A permanent IP address assigned to a node in a TCP/IP network. Installation and Configuration Guide, (CQW-AP108AG)
Page 295
Network management software of some sort is used to configure and manage the VLANs on a given network. Installation and Configuration Guide, (CQW-AP108AG)