Acksys ETHERNET TO Wi-Fi GATEWAYS User Manual
  1. Manuals
  2. Brands
  3. Acksys Manuals
  4. Gateway
  5. ETHERNET TO Wi-Fi GATEWAYS
  6. User manual

Acksys ETHERNET TO Wi-Fi GATEWAYS User Manual

Ethernet to wi-fi gateways
Hide thumbs
Table of Contents

Advertisement

Quick Links

ETHERNET TO Wi-Fi GATEWAYS
USER'S GUIDE
FOR 802.11
/
/
/
/
A
B
G
H
N DEVICES
DTUS065 rev A.7 – June 27, 2014

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ETHERNET TO Wi-Fi GATEWAYS and is the answer not in the manual?

Questions and answers

Related Manuals for Acksys ETHERNET TO Wi-Fi GATEWAYS

Summary of Contents for Acksys ETHERNET TO Wi-Fi GATEWAYS

  • Page 1 ETHERNET TO Wi-Fi GATEWAYS USER’S GUIDE FOR 802.11 N DEVICES DTUS065 rev A.7 – June 27, 2014...
  • Page 2 ACKSYS ® will in no case be held responsible for any errors that may be contained in this document, nor for any damage, no matter how substantial, occasioned by the provision, operation or use of the equipment.

  • Page 3: Table Of Contents

    FCC rules for 5 GHz band ......................17 ADMINISTRATION OVERVIEW ......................18 IV.1 WEB INTERFACE ..........................18 IV.2 RESET PUSHBUTTON......................... 18 IV.3 ACKSYS NDM ............................18 IV.4 EMERGENCY UPGRADE ........................18 IV.5 SNMP AGENT ............................18 TECHNICAL REFERENCE ........................19 ADDRESSING IN NETWORK PROTOCOLS ..................19 V.1.1...
  • Page 4 V.7.4 Scanning ............................45 V.7.5 Advanced Roaming settings ......................47 V.7.6 Authentication speed up ......................... 49 ACKSYS MIB AND SNMP AGENT ....................52 V.8.1 Access methods ..........................52 V.8.2 Using the Acksys MIB ........................52 V.8.3 Managing configuration tables ....................... 53 V.8.4...
  • Page 5 Page 5 / 141 VII.11 802.11S MESH ..........................130 VIII FIRMWARE UPGRADE ........................133 VIII.1 STANDARD UPGRADE ......................... 133 VIII.2 BOOTLOADER UPGRADE ......................133 VIII.3 EMERGENCY UPGRADE ......................133 VIII.4 FALLBACK AFTER AN INTERRUPTED UPGRADE OPERATION ......... 134 TROUBLESHOOTING ......................... 135 IX.1 BASIC CHECKS ..........................

  • Page 6: Introduction

    If your product contains a more recent version, you can check our web site to download a documentation update. The firmware change log (which you can download from the ACKSYS web site) explains which features are available depending on the firmware version.
  • Page 7 ACKSYS provides this document “as is”, without warranty of any kind, either expressed or implied, including, but not limited to, its particular purpose. ACKSYS reserves the right to make improvements and/or changes to this manual, or to the products and/or the programs described in this manual, at any time.

  • Page 8: Products Line Overview

    Page 8 / 141 II PRODUCTS LINE OVERVIEW II.1 Products goals This line of products provides Wi-Fi connectivity for Ethernet devices. Thanks to its configuration possibilities, the ACKSYS products line is able to create different topologies see section “Wireless topologies examples” for more details.

  • Page 9: Ii.3 Products Range

    Page 9 / 141 II.3 Products range Some features are available only on dual radio products. The following table shows in which range each product belongs. This section focuses on the features that involve specific software configuration. Other distinctive characteristics are covered in the quick installation guide of each product.

  • Page 10: Device Installation

    Page 10 / 141 III DEVICE INSTALLATION The quick start guide shipped with your product includes specific startup instructions and recommendations. Please read it first. III.1 Power supply The quick start guide gives the maximum power consumption for your product. You should consider this value as the minimum that your power supply must provide.

  • Page 11: Iii.2.2 Patch Antenna

    Page 11 / 141 Antenna Radiation pattern III.2.2 Patch antenna This kind of antenna focuses radiations on one side (see radiation pattern below). This allows wall mounting without wasting radiations in the wall. The gain is generally comprised between 7dBi and 9dBi. Antenna Radiation pattern III.2.3 Yagi antenna...

  • Page 12: Iii.2.4 Dish Antenna

    Page 12 / 141 III.2.4 Dish antenna This antenna focus the radiations in one point and then can achieve very high gain (>20dBi). Antenna Radiation pattern III.2.5 MIMO antenna Antenna manufacturers provide MIMO version of each antenna type described previously. MIMO antenna are basically a set of several (usually 2 or 3) standard antenna put together in a single enclosure.

  • Page 13: Iii.3.2 802.11N

    Page 13 / 141 For outdoor link, products must be “line of sight” from the other one. This is a mandatory condition and should be considered with attention. The table below explains what we mean by “line of sight”. Product in line of sight (We can see the top of the mast where it is installed)

  • Page 14: Iii.4 Radio Channel Choice

    Page 14 / 141 802.11n uses these bounces to allow several independent streams (2 to 4) to be sent and identified simultaneously. At the beginning of the transmission, a well-known pattern is sent. The receiver uses that pattern to calibrate itself and characterize the transmission channel for each antenna.

  • Page 15: Iii.5 Regulatory Domain Rules

    Page 15 / 141 III.5 Regulatory domain rules All around the world there are 2 major regulatory rules sets in wide use: ETSI: for European countries. FCC: for American countries The other regulatory domains (France, Brazil, Korean, Australia …) derive from the major regulatory rules with several modifications.

  • Page 16: Iii.6.1 Fcc Rules For 2.4 Ghz Band

    RF Output power: RF power radiated by the ACKSYS wireless device without the antenna EIRP: RF power radiated by the ACKSYS wireless device with the antenna. EIRP = RF OUTPUT POWER + ANTENNA GAIN (dBi) 2.4 GHz point to multipoint: MAX EIRP = +36 dBm (4 Watts)

  • Page 17: Iii.6.2 Fcc Rules For 5 Ghz Band

    RF Output power: RF power radiated by the ACKSYS wireless device without the antenna EIRP: RF power radiated by the ACKSYS wireless device with the antenna. EIRP = RF OUTPUT POWER + ANTENNA GAIN (dBi) 5 GHz point to multipoint: MAX EIRP = special rules Freq.

  • Page 18: Administration Overview

    IP address even when they are incorrectly configured. Acksys NDM should be used to set a correct IP address, compatible with your local network. Acksys NDM can also be used to reload the firmware when the product is in “Emergency upgrade” mode. IV.4 Emergency upgrade “Emergency upgrade”...

  • Page 19: Technical Reference

    Page 19 / 141 V TECHNICAL REFERENCE V.1 Addressing in network protocols In a device bearing multiple LAN interfaces the IP protocol can route data packets from LAN to LAN considering its final target that may be several “hops” farther. If the LANs are compatible from the viewpoint of addresses and data frames structure, the device can also implement a bridge, moving blindly data frames without considering the final target.
  • Page 20 Page 20 / 141 V.1.1.2 IP Networks IP is the part of the TCP/IP stack that manages computer addresses and routing. Each network interface is seen by the IP as a separate LAN. Each LAN must have an IP address, something like “192.168.1.2”, to enable it to be used by IP.

  • Page 21: Lan Layer: Network Interfaces

    The Ethernet address is also referred to as the hardware address or MAC address. The first three bytes identify the hardware manufacturer, e.g. Hex 00:09:90 for an ACKSYS product. The last three bytes change in each product. This address is assigned at the factory and should not be changed.

  • Page 22: Ip Layer: Ip Addresses And Routing

    Page 22 / 141 V.1.3 IP layer: IP addresses and routing V.1.3.1 IP addresses This section focuses on IPv4 addresses. The IP address is a 4 bytes (or 32 bits) number, unique to each device on the network, which hosts can use to communicate. The IP address is usually represented in the “decimal dotted notation”...
  • Page 23 Page 23 / 141 V.1.3.2 Routers (a.k.a. gateways) Each network device communicating through routers MUST know the IP address of the gateway nearest to it. It will use this gateway to forward data to farther LANs. If a device does not know its gateway, it may receive data but may not return an answer.
  • Page 24 Page 24 / 141 V.1.3.4 NAT (network addresses translation) routers When a global network is composed of several networks managed by independent administrators and connected together, the same IP addresses could potentially be assigned inside the subnetworks. This is customarily seen in the Internet which serves as a backbone to connect together the private networks of many companies.

  • Page 25: Wireless Architectures

    Page 25 / 141 V.2 Wireless architectures A wireless LAN (WLAN) is a group of Wi-Fi capable stations. They communicate with each other by following rules specified for a given architecture. The stations in the group have in common a wireless network name which identifies the WLAN.
  • Page 26 Page 26 / 141 The APs in the WLAN are then cabled to a common wired LAN to allow wireless clients access, for example, to Internet connections or printers. Compared to the alternative ad-hoc wireless networks, infrastructure mode networks offer the advantage of scalability, centralized security management and improved reach.

  • Page 27: Ad-Hoc Mode

    Page 27 / 141 V.2.2 Ad-hoc Mode On wireless computer networks, ad-hoc mode is a way for wireless devices to directly communicate with each other. Operating in ad-hoc mode allows all wireless devices, within range of each other, to see each other and communicate in peer-to-peer fashion without involving central access points (including those built into broadband wireless routers).

  • Page 28: Mesh (802.11S) Mode

    A mesh portal allows other network types to be bridged to the mesh network. For example, a portal would bridge Ethernet to Wi-Fi mesh. All ACKSYS “WLn” products currently implement “station” and “portal” functions. Products equipped with two radio cards can be used as mesh access points.

  • Page 29: Wireless Network Name

    Page 29 / 141 V.2.4 Wireless Network Name This name is also referred to as the SSID and serves as a wireless network identifier. A service set identifier, or SSID, is a name used to identify the specific 802.11 wireless LAN to which a user wishes to access. A client device will receive broadcast messages from all access points within range, advertising their SSIDs, and can choose one to connect to, based on pre-configuration, or by displaying a list of SSIDs in range and asking the user to select one.

  • Page 30: 802.11 Modes

    Page 30 / 141 V.3 802.11 modes There are 4 kinds of wireless transmission formats available: 802.11b, 802.11g, 802.11a and 802.11n. V.3.1 802.11b 802.11b is supported for compatibility with old devices. Using it will lower the throughput for all devices in the radio range, because 802.11b uses a lot of bandwidth for little throughput.
  • Page 31 Page 31 / 141 Since the 2.4 GHz band is often saturated, using the relatively unused 5 GHz band gives 802.11a provides a significant advantage. However, this high carrier frequency also brings a slight disadvantage: The effective overall range of 802.11a is slightly less than that of 802.11b/g; 802.11a signals cannot penetrate as far as those for 802.11b because they are absorbed more easily by walls and other solid objects in their path.

  • Page 32: 802.11 Channels & International Compatibility

    Page 32 / 141 V.4 802.11 channels & international compatibility A wireless network uses specific channels on the 2.4 GHz or 5 GHz radio spectrum to handle communication between stations. Some channels in your area may suffer from interference from other electronic devices. Choose the clearest channel to help optimize the performance and coverage of your wireless network.
  • Page 33 Page 33 / 141 2.4GHz Overlapping radio channels The radio channel is only an indication of the central frequency in use. Modulation enlarges the channel to a 25 MHz band. This must be taken into account when several Wi-Fi cells are near to each other in 2.4GHz (5GHz channels do not overlap), otherwise the effective performance will decrease due to interferences.

  • Page 34: Wireless Security

    Page 34 / 141 V.5 Wireless security There are many technologies available to counteract wireless network intrusion, but currently no method is absolutely secure. The best strategy may be to combine a number of security measures. Possible steps towards securing a wireless network include: 1.

  • Page 35: Wpa/Wpa2 Encryption

    Page 35 / 141 In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs.

  • Page 36: Pre-Shared Key Mode (Psk)

    Page 36 / 141 V.5.3 Pre-shared key mode (PSK) In Pre-Shared Key mode (PSK, also known as personal mode), each Access Point client must provide a password to access the network. The password may be from 8 to 63 printable ASCII characters. Most operating systems allow the password to be stored to avoid re-typing.

  • Page 37: Protected Management Frame (802.11W)

    Page 37 / 141 Authentication modus operandi 802.1x uses one of the EAP (Extensible Authentication Protocol) methods. The most commonly used ones are: - EAP-PEAP - EAP-TLS - EAP-TTLS The EAP method used is transparent to the access point. On another hand the access point clients, like bridges, must be aware of the authentication method.

  • Page 38: Mesh Secure Authentication Of Equals (Sae)

    Page 38 / 141 V.5.6 Mesh Secure Authentication of Equals (SAE) In 802.11s mesh mode, no mesh node has a special identification role, all nodes are considered equal in privileges. When SAE is used, all nodes must have a preset common key. Each time a node comes in reach of another node in the same mesh, it will verify that the peer node knows the key.

  • Page 39: Solutions

    Page 39 / 141 When using a client station to bridge a wired network to an AP, the situation is different. What appears to the AP as a single device with a single MAC address (that of the radio card), is hiding several wired devices, each of them having its own MAC address.
  • Page 40 Page 40 / 141 V.6.2.1 Masquerading (ARPNAT) In this solution to the bridging problem, the client bridge keeps a table to convert devices MAC addresses to and from their IP addresses. In frames sent to the AP, the bridge replaces the devices source MAC address with its own and remembers the MAC/IP correspondence of the frame.
  • Page 41 Page 41 / 141 all devices on the bridged LAN appear to have the same MAC address (the one of the bridge radio card) but different IP addresses. The solution is to disable the proxy ARP server on the AP side. In the CISCO product this is called “passive client mode”.
  • Page 42 Page 42 / 141 V.6.2.3 Cloning The ARPNAT solution loses the MAC address information from the wired devices when bridging frames to the wireless interface. Most devices do not care about MAC address substitution because they use the IP protocol in Layer 3 and ARPNAT takes care of IP addresses.

  • Page 43: Fast Roaming Features

    Page 43 / 141 V.7 Fast roaming features In order to keep network connectivity when a client product is installed in a quickly moving vehicle, you can adjust some configuration parameters. V.7.1 Mono-channel vs. multichannel roaming The WLn client can either look for APs on one channel only, or it can scan several channels.

  • Page 44: What Happens When The Current Ap Fails

    Page 44 / 141 To enable proactive roaming the client must search for APs while it is already associated and potentially exchanging data. This process is called “background scan” and somewhat reduces data throughput. Configuration You must configure the radio signal level threshold at which you consider that the link quality is insufficient for your throughput requirements.

  • Page 45: Scanning

    Page 45 / 141 If the failure is short-lived, data is retransmitted, and a few missing beacons is allowed. Conversely, long-lived absence of beacons or data acks triggers a disconnection. If another AP previously detected is still around, the client will switch to it;...
  • Page 46 Page 46 / 141 A: Initialization = a few ms B: Channel scan = 56ms C: Padding = configurable by steps of 250ms R: Breathe time = 200ms The ‘R’ delay is removed in reactive (foreground) scan cycles, thus shortening them while the client is not connected to an AP.

  • Page 47: Advanced Roaming Settings

    Page 47 / 141 V.7.5 Advanced Roaming settings In several situations the basic roaming settings are not sufficient. For example, if the Wi-Fi client is embedded on a train, and a directional antenna is fixed on the roof, a high signal level means that the AP will soon be on the other (bad) side of the directional antenna soon, hence it is a good time to roam to another AP farther ahead, with a lower reception level.
  • Page 48 Page 48 / 141 V.7.5.1 Smoothing factor Various parameters are meant to trigger events: • scan threshold • leave threshold • excessive signal detection threshold. For the purpose of threshold crossing detection, all this parameters are compared to the RSSI of the current AP. The RSSI of the current AP is defined as an exponential moving average computed over the most recent beacons received from the current AP.

  • Page 49: Authentication Speed Up

    Page 49 / 141 V.7.6 Authentication speed up In the association task, the AP and the client must exchange several frames. The number of frames increases with the security level. In the WPA protocol, the PMK (Pairwise Master Key) is used to generate the temporally keys which will be used to encrypt the data.
  • Page 50 Page 50 / 141 The picture below shows the 3 steps of the pre-authentication process:  Step 1: The Wi-Fi client associates with AP1 for the first time. In this step the client does a full authentication. The radius server sends the PMK to both AP1 and the Wi-Fi client.
  • Page 51 Page 51 / 141 With the 802.11r, the temporally key is distributed through the back bone between the different APs. The WLn products support the 802.11r only in client mode. The picture below explains the different steps of an 802.11r authentication: Step 1: The Wi-Fi client does a full authentication with AP1.

  • Page 52: Acksys Mib And Snmp Agent

    The Acksys MIB is included in the firmware update package available in the download section of www.acksys.com. Relevant OIDs The Acksys MIB covers a large range of devices. Hence all OIDs are not relevant to all products. All the OIDs described below are relative to the Acksys MIB root: .1.3.6.1.4.1.28097...

  • Page 53: Managing Configuration Tables

    Page 53 / 141 Applying the configuration To make the saved changes current, you can either set to ‘enable’ adminApply (this will not reboot the product), or set to ‘1’ (which reboots the adminReset product). Warning: applying a network configuration change may not get an answer from the agent, since the product networking subsystem is stopped and restarted.

  • Page 54: Using Snmp Notifications (Traps)

    V.8.4 Using SNMP notifications (traps) Your product support the SNMP V2c traps (also called notifications). The Acksys MIB lists the available SNMP traps under the OID .1.3.6.1.4.1.28097.11 (notification). To use a trap, you need to configure the trap settings of an event (see section “Alarms /...
  • Page 55 The following script replaces the factory-defined AP interface on radio A, by a Wi-Fi client bridged to the internal bridge, and sets a WPA-PSK key. # define a shell macro for snmpset alias CFGSET="snmpset -m ACKSYS-WLG-MIB -c public -v2c" # delete existing AP interface CFGSET 192.168.1.253 configIfAPRowStatus.\"radio0w0\" i 6 # add a client interface CFGSET 192.168.1.253 configIfStaRowStatus.\"radio0w0\"...

  • Page 56: C-Key Handling

    Page 56 / 141 V.9 C-KEY handling Some products of the product line can be equipped with a C-KEY. The following applies to these products, when equipped with firmware version 2.2.0 or greater. Warning: Unlike the “WLg” products series, the C-KEY is never saved or updated automatically in the “WLn”...

  • Page 57: Not Using The C-Key

    Page 57 / 141 V.9.3 Not using the C-Key To make sure that the C-Key is never used, you should blank it out (“erase” configuration function). The C-Key LED will then light up in red; you can configure it to disable it. V.9.4 Replacing a product on the field Let’s imagine a product which is installed, in use and its configuration has been backed up on its C-Key.

  • Page 58: Programming A Set Of Identical C-Keys

    Page 58 / 141 V.9.6 Programming a set of identical C-Keys Dedicate a product to prepare the configuration and program the C-Keys. 1) Remove the C-Key from the powered-off product. 2) Reboot and configure the product as needed. 3) In “Tools/Set config/C-Key management”, select “Ignore C-Key settings”...

  • Page 59: Spanning Tree Protocol (Stp)

    Page 59 / 141 V.10 Spanning Tree Protocol (STP) Incentive Interconnecting various switch devices and MAC bridges in a LAN may lead to network loops. For example (see picture below), say you have 3 bridges A, B and C, and there is a direct (Ethernet or Wi-Fi) connection between A and B, another between B and C, another between C and A;...

  • Page 60: Web Interface Reference

    Page 60 / 141 VI WEB INTERFACE REFERENCE VI.1 Setup Menu With this menu you can configure the wireless interface(s) and the networking properties. At the bottom of most “setup” pages, there are two buttons or three buttons. After changing parameters, press “Save” to record in permanent memory the parameters changed in this page.
  • Page 61 Page 61 / 141 Wireless overview section: This page lists the most significant properties of the radio cards, organized by SSID. In the bottom of the page you can change global Wi-Fi properties. Create a new SSID Edit Remove Click the “Remove” button to delete this SSID. Click the “Edit” button to open the “Radio”...
  • Page 62 Page 62 / 141 VI.1.1.1 Wireless / Radio Device Configuration General Setup tab: This section gathers all the settings that are common to each SSID you may create on this radio card. Enable device: If this checkbox is checked, the radio card is enabled and is able to communicate.
  • Page 63 Page 63 / 141 Channel: According to the selected “802.11 mode” and the regulation rules of the selected country, a list of channels is available for selection. This is not used for infrastructure client modes, as they use all the allowed channels for scanning (possibly limited by roaming parameters).
  • Page 64 Page 64 / 141 Advanced Settings tab: Max transmit power: The transmit power is normally computed automatically based on the regulation rules for the given channel and the capabilities of the radio card. This option sets an upper bound on the transmit power. Note that the transmit power is distributed between the configured antennas.
  • Page 65 Page 65 / 141 Beacon interval: This option allows configuring the interval between two beacon frames. Beacons are used by APs, mesh nodes and ad-hoc stations to advertise their capabilities and settings (HT mode, SSID…) to other devices. The default settings depend on the 802.11 mode. If you decrease the Beacon interval you consume more bandwidth on the channel, and you can decrease the global Wi-Fi performance;...
  • Page 66 Page 66 / 141 b. Interface Configuration This section is duplicated for each SSID. Settings only apply to the selected SSID. Note: Various roles in the “Interface configuration” section have an “advanced settings” tab, which you must not confuse with the “advanced settings”...
  • Page 67 Page 67 / 141 When this is checked, a multi-selection field replaces the single ESSID field. You can select several SSIDs with their security parameters, and the client will associate to any AP advertising one of these combinations. In case several matching APs are in range, you can prioritize the SSIDs.
  • Page 68 Page 68 / 141 Wireless Security tab: This menu allows you to choose the type of wireless security you want to apply on this SSID. The different security schemes are described in the “Wireless security” section. Security: Supported modes are: No Encryption WEP Open System WEP Shared Key...
  • Page 69 Page 69 / 141 Wireless Security tab, WEP Open System & WEP Shared Key: Use Key Slot: This field selects the currently used WEP key. Key #1 to #4: Contain the WEP key. Keys are defined by entering a string in HEX (hexadecimal - using characters 0-9, A-F) or ASCII (American Standard Code for Information Interchange - alphanumeric characters) format.
  • Page 70 Page 70 / 141 Wireless Security tab, WPA-PSK, WPA2-PSK & WPA-PSK/WPA2- PSK Mixed Mode: Protected management frame (802.11w): Enable/disable the 802.11w security feature. For more information, please read section Protected management frame (802.11w) Pre-Shared-Key: The pre-shared key may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits (256 bits).
  • Page 71 Page 71 / 141 Wireless Security tab, WPA-EAP Mode (in client mode): Protected management frame (802.11w): Enable/disable the 802.11w security feature. For more information please read section Protected management frame (802.11w) Fast Transition Support (802.11r): In any of the WPA/WPA2 modes, check this box to allow use of the 802.11r protocol against APs that support it, resulting in a reduction of the time necessary to authenticate when roaming.
  • Page 72 Page 72 / 141 Selects the location of the user certificate file to be uploaded. Only PEM certificates are allowed (see below for details). User Private Key (only in TLS mode): Selects the location of the Private Key file to be uploaded. Only PEM private keys are allowed (see below for details).
  • Page 73 Page 73 / 141 Radius-Server: IP address or URI of the radius server. Radius-Port: Radius server UDP port. Shared secret: Password shared between the access point and the radius server. NAS ID: Network Access Server ID. This value may be used by the radius server instead of the IP address.
  • Page 74 Page 74 / 141 Advanced settings tab in “Point to multipoint station (ad-hoc)” mode BSSID: This option allows setting the BSSID for this interface. Advanced settings tab in “Client” mode Bridging mode: This option allows selecting the bridging method (Please see section Wired to wireless bridging in infrastructure mode for more details) that will be used...
  • Page 75 Page 75 / 141 Roaming tab (only in Client mode): Enable proactive roaming: Check this checkbox to enable the fast roaming features. List of channels scanned for the next AP discovery: Choose here the channels that will be scanned for AP discovery. Using more than one channel allows a denser repartition of the Access Points, as they will not interfere with each other.
  • Page 76 Page 76 / 141 Current AP scan threshold: When the current AP signal is above (better than) this level, the client ceases to scan for better APs. Minimum signal level: APs whose perceived signal is below this level will not be candidates for roaming, i.e., they will never be preferred to the currently associated AP.
  • Page 77 Page 77 / 141 Minimum roaming interval: If you want to avoid continual roaming when all the APs have about the same low signal level (below the leave level), you can enforce a minimum delay between two successive roaming processes. No-return delay: In areas with many walls, an AP that was left because it became too far away, may appear very good for a short time, due to radio waves bounces.
  • Page 78 Page 78 / 141 MAC filter tab (only in Access Point modes): MAC-Address filter: You can specify a list of client MAC addresses that will be either allowed or denied. Let the filter disabled if you do not require it. WARNING: this must not be used alone as an effective security feature, since MAC addresses are is easy to masquerade.
  • Page 79 Page 79 / 141 Advanced mesh settings tab (only in 802.11s mode): Path refresh time: When data is sent through a previously discovered path which is due to expire soon (i.e., in less than the “path refresh time” parameter), an early discovery is started, so that the path will be already renewed when it should have expired.
  • Page 80 Page 80 / 141 Root mode: This indicates whether this station is a root node, and how it advertises this fact to other stations. A root node sends periodical broadcasts to inform all the other nodes of its existence. This can speed up routing decisions in some cases.
  • Page 81 Page 81 / 141 Frames filter tab: Wireless interfaces included in a bridge-type network interface can filter frames as they pass along. Filter group: Choose one of the filters prepared in routing/firewall  bridge filter section. DTUS065 rev A.7 – June 27, 2014...

  • Page 82: Vi.1.2 Virtual Interfaces

    Page 82 / 141 VI.1.2 Virtual interfaces This section allows managing virtual interfaces. A virtual interface is attached to a physical interface. You can add a several virtual interfaces on one physical interface. For 802.1q tagging, the virtual interface adds a 802.1q tag on egress traffic and removes the tag on ingress traffic.
  • Page 83 Page 83 / 141 VLAN configuration: VLAN description Enter a friendly name for this interface (optional). VLAN ID Enter the id for virtual interface. If you need to create several VLAN IDs on top of the same physical interface, you can use the space character to separate the IDs.
  • Page 84 Page 84 / 141 VI.1.2.2 Wireless SSIDs The wireless SSID section is used to configure several SSID and enable it on Wireless interface. Wireless SSID overview Add new ssid Remove Edit b. Wireless SSID configuration WLAN description (optional): Enter a friendly name for this SSID. ESSID: Network name (also called SSID).

  • Page 85: Vi.1.3 Network

    Page 85 / 141 VI.1.3 Network This page displays the actual network configuration. Add new network Remove Edit Click the “Remove” button to remove the network. Click the “Edit” button to open the network configuration page. Click the “Add network” button to create a new IP network. VI.1.3.1 Network configuration General Setup: Network description:...
  • Page 86 Page 86 / 141 IPv4-Address (only in static mode): The IP address of the AP on the local area network. Assign any unused IP address in the range of IP addresses available for the LAN. For example, 192.168.0.1. IPv4-Network (only in static mode): The subnet mask of the local area network.

  • Page 87: Vi.1.4 Routing / Firewall

    Page 87 / 141 VI.1.4 Routing / Firewall VI.1.4.1 Network zones The routing rules are applied on a network zone. Zones are aggregates of networks which share the same forwarding rules. You can define zones and distribute networks between them. In each network zone you can: Set the forwarding rules towards other zones Set the NAT filtering rules...
  • Page 88 Page 88 / 141 Enables NAT on this zone. Check this option only on zones which contains public interfaces. MSS clamping: Reduces the MSS if the interface uses a smaller MTU. Default acceptance policy for local services: Enables or disables the local services from this zone. You can restrict or open the local service in the firewall section.
  • Page 89 Page 89 / 141 For each frame received by this zone with matching source IP, frame protocol and public destination port, the frame’s destination port and destination IP address will be rewritten as specified. Name: Rule name. You can assign a symbolic name to the rule. Source IP: Sets the expected source IP of the input frame.
  • Page 90 Page 90 / 141 Frame protocol: The protocol type: TCP, UDP, TCP & UDP, ICMP, all Port: The destination port of the traffic. The port identifies the service. Action: One of: Forward: Forward traffic to the destination zone or device Reject: Drop packet and send ICMP message to the traffic source Drop:...
  • Page 91 Page 91 / 141 VI.1.4.3 Denial Of Service (DOS) protection Enable SYN-flood protection: The syn-flood attack consists in filling the victim’s resources by creating many half-opened connections. explained details http://en.wikipedia.org/wiki/SYN_flood Drop invalid packets: Drop invalid frames or frames without active connection. VI.1.4.4 Bridge filter In this section you can manage layer 2 (link-level) filter groups.
  • Page 92 Page 92 / 141 b. Edit group Add a rule Delete rule Description: You can assign a symbolic name to the group. Mac frame type: Select the layer 2 frame type. • No filter: No test on mac layer • Unicast: Check if the frame is uncast type. •...
  • Page 93 Page 93 / 141 IP addr & Netmask These fields are visible only if the Layer 3 protocol is set to IP or ARP. With these fields you can select the par of IP address. IP address Netmask Result 192.168.1.3 255..255.255.255 The frame match only frame...

  • Page 94: Vi.1.5 Qos

    Page 94 / 141 VI.1.5 QOS VI.1.5.1 Frame tagging DSCP Tagging: The DSCP tag applies on each incoming frame (from any interface) that matches the following criterions: PROTOCOL: The IP protocol type. This can be TCP, UDP or ICMP. SOURCE IP ADDRESS: The source IP address of the incoming frame.
  • Page 95 Page 95 / 141 WMM valid tags DSCP field value WMM Queue 8 or 16 Background (BK) 0 or 24 Best effort (BE) 32 or 40 Video (VI) 48 or 56 Voice (VO) VI.1.5.2 WMM The page displays the WMM parameters for the selected profile. WMM (a.k.a.
  • Page 96 Page 96 / 141 AIFS: Defines the arbitration inter-frame spacing value for the current queue size (expressed in number of time slots). Allowed values are 0 to 255. MAX LENGTH FOR BURSTING: Defines the maximum burst length (expressed in milliseconds with precision of 0.1 ms).

  • Page 97: Vi.1.6 Services

    Page 97 / 141 VI.1.6 Services VI.1.6.1 DHCP Server Interface settings: LAN: General Setup: Ignore interface: If checked, the DHCP server is disabled for this interface. DHCP pool first address (if DHCP enabled): First IP address of the DHCP pool. ATTENTION: this is interpreted as an offset relative to network address.
  • Page 98 Page 98 / 141 DHCP-Options: This field allows you to enter an additional DHCP option (enclosed into quotes). Syntax depends on the option itself. See DHCP RFCs for more information about DHCP options. Static Lease: This option allows to always give the same predefined IP address according to the client MAC address.
  • Page 99 VI.1.6.3 SNMP Agent The SNMP agent is enabled by default and allows access, using the “public” community, to the MIB-II and ACKSYS MIB. Further configuration of the agent itself is not yet available – coming soon. The Aksys MIB file is self-documented. To read the OIDs documentation please use a text file editor or MIB browser.
  • Page 100 Page 100 / 141 Digital input (Only on product with digital input): The state is 1 when the digital input is active. Wireless client assoc: The event can be linked only with the ‘SNMP trap’ action. Sends a notification when a client associates or dissociates with one access point.

  • Page 101: Vi.2 Tools Menu

    Page 101 / 141 VI.2 Tools Menu This menu allows you to administrate your product. A set of menu is provided and offers simplified the following possibilities: VI.2.1 Firmware upgrade Firmware upgrade has its own section in this user manual: “Firmware Upgrade”.

  • Page 102: Vi.2.3 System

    Page 102 / 141 VI.2.3 System Location Name With this panel, you can set the location name of the product. This text will be shown in the NDM ‘Location’ column. Log Settings This frame allows you to set the product log parameters. It is possible to send the LOG to an external log server (syslog).

  • Page 103: Vi.2.4 Network

    Page 103 / 141 Network Timer Server If a NTP server is reachable on the network, the product can use it to configure the local time. The first server name/server port pair will be used and in case of non- responding server, it will fall back on the next pair.
  • Page 104 Page 104 / 141 Save And Restore Configuration: With this panel, you can download the product configuration as file using the “backup settings to file”. The “Restore configuration from file” will ask for a previously saved configuration file and then restore it. C-KEY Management: “Erase C-KEY”: This option will erase all the C-KEY contents.
  • Page 105 Page 105 / 141 Reset And Reboot: “Reset to factory settings”: This option will restore the default product settings. “Reboot your device”: As its name suggests, a click on this button will reboot the device. DTUS065 rev A.7 – June 27, 2014...

  • Page 106: Vi.3 Status Menu

    VI.3 Status Menu VI.3.1 Device Info This page displays some useful information about the device. Providing the content of this page to the ACKSYS support team will speed up the technical support process. VI.3.2 Network This page summarizes the network interfaces configuration and display Tx &...

  • Page 107: Vi.3.3 Wireless

    Page 107 / 141 VI.3.3 Wireless VI.3.3.1 Associated Stations (in access point mode) This panel lists the clients connected to this access point and displays RF signal properties. The signal level displayed is the one obtained from the last frame received, whatever its type (data or management) or modulation kind.
  • Page 108 Page 108 / 141 VI.3.3.2 Site Survey This panel summarizes all the access point available. The results may depend on the mode the radio card is set to. When the radio card is in client mode, and a list of candidate channels is selected in the “roaming”...
  • Page 109 Page 109 / 141 VI.3.3.3 MESH Survey This panel summarizes properties for all 802.11s Mesh Points currently available. DST Address: MAC address of the final destination. Next Hop: MAC address of the next mesh node in order to reach “DST Address”. Metric: Represents the total cost of this mesh path (less is better).

  • Page 110: Vi.3.4 Services

    Page 110 / 141 VI.3.4 Services VI.3.4.1 DHCP Lease This panel summarizes the properties of all the current DHCP leases. VI.3.5 LOG This panel allows to visualize the product logs. You can see the Kernel logs (logs from linux kernel) and system logs (logs from running daemons).

  • Page 111: Wireless Topologies Examples

    Ethernet cable. Configuration summary: In this example, we are using 802.11a with 20MHz HT mode, channel 36, country code FR and ACKSYS as ESSID. You can obviously change any of these parameters as long as your choice makes sense. Product...

  • Page 112: Vii.2 Multiple Ssid

    Configuration summary: In this example, we are using 802.11na with 40MHz above HT mode, channel 36, country code FR, ACKSYS as private ESSID and SYSKCA as public ESSID. You can obviously change any of these parameters as long as your choice makes sense.

  • Page 113: Vii.3 Multiple Ssid With Vlan

    Page 113 / 141 VII.3 Multiple SSID with VLAN In this configuration, a single access point provides multiple SSID at the same time in order to allow different security schemes for each SSID. All SSID traffics share the same LAN interface. You can isolate SSID traffics from each other on the LAN using VLANs.
  • Page 114 Page 114 / 141 Configuration summary: Virtual interface (VLAN 3) Product Parameter Value Device Configuration VLAN ID Parameter Value Interface Enable device Virtual interface (VLAN 5) 802.11 mode 802.11na VLAN ID HT mode 40 MHz above Interface Channel Network (office) Country code Interface Configuration 1 (Office) Protocol...

  • Page 115: Vii.4 Multiple Separate Ssid

    In this example, we have two different configurations (one per radio card). For Radio A (Public side): Mode: 802.11na, HT mode: 40MHz above, channel: 36, country code: FR, ESSID: ACKSYS. You can obviously change any of these parameters as long as your choice makes sense. For Radio B (Private side): Mode: 802.11na, HT mode: 40MHz above, channel: 44, country code: FR,...
  • Page 116 Page 116 / 141 Product Product Device Configuration 1 (Radio A) Device Configuration Parameter Value Parameter Value Enable device Enable device 802.11 mode 802.11na 802.11 mode 802.11na HT mode 40 MHz above HT mode 40 MHz above Channel Channel Country code Country code Interface Configuration 1 (Radio A) Interface Configuration 1...

  • Page 117: Vii.5 Infrastructure Bridge + Roaming

    Interface Configuration 1 Interface Configuration 1 Parameter Value Parameter Value Role Access point Role Client ESSID ACKSYS ESSID same as product A Roaming Parameter Value Enable proactive roaming Channel same as product A Current AP minimum level Delay between 2...

  • Page 118: Vii.6 Point-To-Point Redundancy With Dual Band

    Page 118 / 141 VII.6 Point-to-point redundancy with dual band In this mode, two dual radio products form a redundancy link by creating two wireless links on different channels. Only one link transfers data at a time. If one of the two links breaks down, the second one will replace it.
  • Page 119 Page 119 / 141 Product Product Device Configuration (Radio A) Device Configuration (Radio A) Parameter Value Parameter Value Enable device Enable device 802.11 mode same as product A 802.11 mode 802.11ng HT mode same as product A HT mode 20MHz Channel same as product A Channel...

  • Page 120: Vii.7 Line Topology Repeater (Single Radio Card)

    Configuration summary: Mode: 802.11na, HT mode: 20MHz , channel: 36, country code: FR, ESSID: ACKSYS. You can obviously change any of these parameters as long as your choice makes sense. The repeater role must be seen as one access point and one bridge infrastructure in the same radio card.
  • Page 121 Interface Configuration 1(Radio A) Interface Configuration 1 (Radio A) Value Parameter Parameter Value Role Access point Role Repeater ESSID ACKSYS ESSID same as product A Next BSSID Product A radio card MAC address Product Device Configuration (Radio A) Value Parameter Enable device 802.11 mode...

  • Page 122: Vii.8 Multihop Tree Repeater

    Configuration summary: Mode: 802.11na, HT mode: 20MHz, channel: 36, country code: FR, ESSID: ACKSYS. You can obviously change any of these parameters as long as your choice makes sense. This topology shows that repeaters interconnection is not limited to a line.
  • Page 123 Interface Configuration Interface Configuration Parameter Value Parameter Value Role Repeater Role Repeater ESSID ACKSYS ESSID same as product A Next BSSID Product B radio card MAC address Next BSSID Product C radio card MAC address Product Product Device Configuration Device Configuration...
  • Page 124 Page 124 / 141 Product Product Device Configuration Device Configuration Parameter Value Parameter Value Enable device Enable device 802.11 mode 802.11na 802.11 mode 802.11na HT mode 20MHz HT mode 20MHz Channel Channel Country code Country code Interface Configuration Interface Configuration Parameter Value Parameter...

  • Page 125: Vii.9 High Performance Repeater

    Page 125 / 141 VII.9 High performance repeater This mode takes advantage of the dual radio card device to implement a high-performance repeater. Configuration summary: Mode (Product to Product B): 802.11na, HT mode: 20MHz , channel: 36, country code: FR, ESSID: ACKSYS1. You can obviously change any of these parameters as long as your choice makes sense.
  • Page 126 Page 126 / 141 Product Device Configuration (Radio A) Parameter Value Enable device 802.11 mode 802.11na HT mode 40MHz above Channel Country code Interface Configuration 1(Radio A) Parameter Value Role Access point ESSID ACKSYS1 Product Product Device Configuration (Radio A) Device Configuration (Radio A) Parameter Value...

  • Page 127: Vii.10 Fixed Mesh

    Mode (Product and Radio A for Products B, C, D, E,): 802.11na, HT mode: 20MHz , channel: 36, country code: FR, ESSID: ACKSYS. Mode (Radio B for Products B, C): 802.11na, HT mode: 20MHz , channel: 40, country code: FR, ESSID: ACKSYS2.
  • Page 128 Country code Interface Configuration Interface Configuration (Radio A) Parameter Value Parameter Value Role Access point Role Client ESSID ACKSYS Bridging mode 4 address format ESSID ACKSYS Product Device Configuration (Radio B) Device Configuration (Radio A) Parameter Value Parameter Value Enable device Enable device 802.11 mode...
  • Page 129 Parameter Value Role Client Role Client Bridging mode 4 addresses format (WDS) Bridging mode 4 addresses format (WDS) ESSID ACKSYS ESSID ACKSYS Device Configuration (Radio B) Device Configuration (Radio B) Parameter Value Parameter Value Enable device Enable device 802.11 mode 802.11na...

  • Page 130: Vii.11

    Mode (Products A, B, E, D, and Radio A for Products C, F, H): 802.11na, HT mode: 20MHz , channel: 36, country code: FR, MESHID: ACKSYS. Mode (Radio B for Products C): 802.11na, HT mode: 20MHz , channel: 40, country code: FR, ESSID: ACKSYS1.
  • Page 131 Country code Country code Interface Configuration Interface Configuration (Radio A) Parameter Value Parameter Value Role Mesh (802.11s) Role Mesh (802.11s) MESHID ACKSYS MESHID ACKSYS Device Configuration (Radio B) Parameter Value Enable device 802.11 mode 802.11na HT mode 20MHz Channel Country code...
  • Page 132 Page 132 / 141 HT mode 20MHz HT mode 20MHz Channel Channel Country code Country code Interface Configuration (Radio B) Interface Configuration (Radio B) Parameter Value Parameter Value Role Access Point Role Access Point ESSID ACKSYS2 ESSID ACKSYS3 DTUS065 rev A.7 – June 27, 2014...

  • Page 133: Firmware Upgrade

    Since it is so essential, this is a critical upgrade and the product might be damaged if a power failure happens during this upgrade. So, you should upgrade the bootloader only if requested by ACKSYS in order to avoid a product return.

  • Page 134: Viii.4 Fallback After An Interrupted Upgrade Operation

    Page 134 / 141 failover mode because its DIAG LED will blink quickly. Remind that this LED is off in normal working mode. Select in the list the products you wish to upgrade and click the “Upgrade” button. Select the file to upload then click on “Upgrade”. If you wish to upgrade several products at once select them in the list and click “Upgrade All”.

  • Page 135: Troubleshooting

    Page 135 / 141 IX TROUBLESHOOTING This section gives indications on the checks to perform when things do not work as expected after configuration. A network sniffer may prove very helpful when debugging network connections. We recommend WireShark, a free sniffer working on Windows and Linux.
  • Page 136 Page 136 / 141 All network devices must be in the same IP subnet (see RFC 950). For example 192.168.1.253 and 192.168.1.10 are in the same subnet, but 192.168.1.253 and 128.1.1.10 are not (assuming a netmask of 255.255.255.0) All network devices must have the same netmask When changing the IP address of one device, the others keep the old address for several minutes in the ARP cache: clear it with “arp –d”...

  • Page 137: Frequently Asked Questions

    Page 137 / 141 X FREQUENTLY ASKED QUESTIONS This section answers to various aspects of the WLn products operation. X.1 How is the Wi-Fi bit rate chosen? The bit rate used to send a frame depends on several considerations and may have a large effect on both the throughput between two devices, and the bandwidth left for other devices.

  • Page 138: Fast Roaming Features

    Page 138 / 141 X.5 Fast roaming features The figures indicated below are accurate for the firmware version 2.2.0 and will be updated as needed in future releases of this document. X.5.1 What is the scan period when proactive roaming is enabled? When the WLn client is connected, proactive roaming cycles through the activated channels.

  • Page 139: Appendix - Glossary And Acronyms

    Page 139 / 141 XI APPENDIX – GLOSSARY AND ACRONYMS 802.11s The part of the IEEE 802.11 standard that describes wireless mesh networks. Access point. A-MPDU Aggregated MAC protocol data unit. Several MAC frames concatenated in one big frame and handed to the Physical Layer for transmission in one chunk.

  • Page 140: Appendix - Radio Channels List

    Page 140 / 141 XII APPENDIX – RADIO CHANNELS LIST XII.1 11b/g (2.4GHz) These networks use the ISM (Industrial Scientific and Medical) radio band on the [2.3995-2.4965] spectrum. Channel Central frequency Allowed by (25 MHz) (GHz) 2,412 Asia MKK, Europe ETSI, US FCC 2,417 Asia MKK, Europe ETSI, US FCC 2,422...

  • Page 141: Xii.2 802.11A/H (5 Ghz)

    Page 141 / 141 XII.2 802.11a/h (5 GHz) These networks use the 5 GHz radio band UN-II (Unlicensed-National Information Infrastructure). Central frequency Channel Power Allowed by (GHz) 5,170 Japan TELEC 5,180 40 mW (FCC), 200 mW (ETSI) Europe ETSI, US FCC 5,190 Japan TELEC 5,200...

This manual is also suitable for:

Wln-link-oem-ttlWln-link-oem-rjWln-aboard seriesWln-aboard/nWln-aboard/24Wln-aboard/48 ... Show all

Table of Contents