Rhein Tech Laboratories, Inc. 360 Herndon Parkway Suite 1400 Herndon, VA 20170 http://www.rheintech.com APPENDIX I: Client: Model: Standards FCC ID: Report #: 3e Technologies International Inc. 3e-525A FCC 15.247 QVT-525A 2004121 MANUAL Please refer to the following pages.
Wireless Access Point User's Guide Model 3e-525A 3e Technologies International 700 King Farm Blvd., Suite 600 Rockville, MD 20850 (301) 670-6779 www.3eti.com 29000132-001 A publ.
This page intentionally left blank.
3e Technologies International's Wireless Access Point User's Guide Model 3e-525A Safety Requirements • If AC power will be used, the socket outlet shall be installed near the equipment and shall be easily accessible. • CAUTION: If this device contains a battery, there is risk of exposure if the battery is replaced by an incorrect type. Dispose of any used batteries according to the instructions on the battery.
Copyright © 2004 3e Technologies International, Inc. All rights reserved. No part of this documentation may be reproduced in any form or by any means or to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3e Technologies International.
Table of Contents Chapter 1: Introduction...................................................................................................1 Basic Features .............................................................................................................2 Wireless Basics............................................................................................................2 802.11b ...............................................................................................................
DHCP Server ..........................................................................................................30 SNMP Agent...........................................................................................................31 Misc Services ..........................................................................................................32 Print Server ..........................................................................................................32 User Management...........
Demilitarized Zone (DMZ) ..................................................................................66 Advanced Firewall ................................................................................................66 User Management....................................................................................................67 List All Users ..........................................................................................................67 Add New User ..............................
This page intentionally left blank.
Chapter 1: Introduction This manual covers the installation and operation of the 3e Technologies International’s 3e-525A Wireless Access Point. The 3e-525A is a ruggedized access point/gateway/bridge which is intended for use in industrial and external environments. It accommodates both 802.11b WLAN and 802.11g WLAN access and uses Power over Ethernet (PoE) access to the Ethernet WAN to eliminate the need for internal access point power supply units (AC-DC converters) and 110-220V cabling installations.
3e-525A Wireless Access Point Basic Features The 3e-525A is housed in a sturdy case which is not meant to be opened except by an authorized technician for maintenance or repair. The unit should work without fail. If you wish to reset to factory settings, use the reset function available through the web-screen management module. The 3e-525A is wall-mountable.
802.11b The IEEE 802.11b standard, developed by the Wireless Ethernet Compatibility Alliance (WECA) and ratified by IEEE, establishes a stable standard for compatibility. A user with an 802.11b product can use any brand of access point with any other brand of client hardware that is built to the 802.11b standard for basic interconnection. 802.11b devices provide 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps depending on signal strength) in the 2.4 GHz band.
3e-525A Wireless Access Point Access Point Configurations When a 3e-525A is used as an access point, IP addresses for wireless devices are typically assigned by the wired network’s DHCP server. The wired LAN’s DHCP server assigns addresses dynamically, and the AP virtually connects wireless users to the host wired network. All wireless devices connected to the AP are configured on the same subnetwork as the wired network interface and can be accessed by devices on the wired network.
3. The last and most prevalent use is multiple APs connected to a wired network and operating off that network’s DHCP server to provide a wider coverage area for wireless devices, enabling the devices to “roam” freely about the entire site. This is the topology of choice today.
3e-525A Wireless Access Point SSID The Service Set ID (SSID) is a string used to define a common roaming domain among multiple wireless access points. Different SSIDs on access points can enable overlapping wireless networks. The SSID can act as a basic password without which the client cannot connect to the network. However, this is easily overridden by allowing the wireless AP to broadcast the SSID, which means any client can associate with the AP.
will be included in the WLAN. We sell this software with the 3e-110 PC Card. The 3e-525A uses AES-CCMP in WPA mode and AES-ECB (or 3DES) for FIPS 140-2 mode and for the bridging channel. Authentication The MAC address, short for Media Access Control address, is a hardware address that uniquely identifies each node of a network.
3e-525A Wireless Access Point 3e-525A Navigation Options Not FIPS 140-2 System Configuration General WAN LAN Operating Mode Access Point FIPS 140-2 System Configuration General WAN LAN Operating Mode Wireless configuration General Security • None • Static WEP • WPA Wireless configuration General Security • None • Static AES • Static 3DES Wireless configuration General Security • None • Static WEP • WPA Preshared Key Preshared Key 802.1x/Radius 802.
Chapter 2: Hardware installation Preparation for Use The 3e Technologies International's 3e-525A Wireless Access Point requires physical mounting and installation on the site, following a prescribed placement design to ensure optimum operation and roaming. The 3e-525A operates with Power over Ethernet (PoE) which requires the installation of a separate Power injector which “injects” DC current into the Cat5 cable.
3e-525A Wireless Access Point Installation Instructions The 3e-525A is intended to be installed as part of a complete wireless design solution. This manual deals only and specifically with the single 3e-525A device as a unit. The purpose of this chapter is the description of the device and its identifiable parts so that the user is sufficiently familiar to interact with the physical unit.
Ground Wan Port LAN Port Bridge Port USB Port The WAN connector is used to connect the 3e-525A to the organization's LAN. The WAN connector is routed from the unit to the power injector which runs AC power through the Ethernet cable to the unit. The Ethernet cable is thus run from the 3e-525A to the power injector which is then connected to a power source and the wired LAN. A second (LAN Port) Ethernet connector is designed for use during initial configuration only.
3e-525A Wireless Access Point SS S/ MO DE FIP 2 LA N W 1 LA N LA N W W Po we r W AN The top panel of the 3e-525A contains a set of indicator lights (Light Emitting Diodes or LEDs) that help describe the state of various networking and connection operations. Detail of LEDs on the face of the 3e-525A LED Description Power The Power indicator LED informs you when the gateway is on or off. If this light is on, the gateway is on; if it is not on, the gateway is off.
Chapter 3: Access Point Configuration Introduction The 3e-525A comes with the capability to be configured as an access point. As it incorporates two separate 802.11 wireless cards, one for configuring a local WLAN and one for use in bridging, it can also be configured for bridging, either with access point or gateway configuration on the WLAN side. Configuration as a gateway is discussed in Chapter 4 and configuration for bridging is discussed in Chapter 5.
3e-525A Outdoor Access Point Initial Setup using the “Local” Port Plug one end of an RJ-45 Ethernet cable to the LAN port of the 3e525A (see page 11) and the other end to an Ethernet port on your laptop. This LAN port in the 3e-525A connects you to the device’s internal DHCP server which will dynamically assign an IP address to your laptop so you can access the device for reconfiguration.
On your computer, pull up a browser window and put the default URL for the 3e-525A Local LAN in the address line. (https://192.168.15.1) NOTE: be sure that you use the https prefix, not http. You will be asked for your User Name and Password. The default is "CryptoOfficer" with the password "CryptoFIPS" to give full access for setup configuration. (This password is case-sensitive.
3e-525A Outdoor Access Point Go next to the System Configuration—WAN page. WAN Click the entry on the left hand navigation panel for System Configuration -WAN. This directs you to the System Configuration – WAN page.
access point requires in order to allow the wireless devices it controls access to the wired LAN. This will be the IP address, Subnet Mask, Default Gateway, and, where needed, DNS 1 and 2. Click Apply to accept changes. LAN This sets up the default numbers for the four octets for a possible private LAN function for the access point. It also allows changing the default numbers for the LAN Subnet Mask. The Local LAN port provides local access for configuration.
3e-525A Outdoor Access Point • Use IPv6 Mode If you can select the Use IPv6 Mode, the AP will be configured to support IPv6 addresses on the WAN and LAN ports. In IPv6 mode, the AP can be managed and pass traffic using IPv6 addresses. Since IPv6 is relatively new in the industry, some networking functions that cannot support IPv6 are disabled such as DHCP server and WPA-802.
Wireless Configuration General Wireless Setup allows your computer’s PC Card to talk to the access point. Once you have completed wireless configuration, you can complete the rest of the configuration wirelessly unless you will be employing the FIPS 140-2 secure mode, assuming that you have installed and configured a wireless PC card on your computer. (If you have not done so, you will have to do that to establish communications.
3e-525A Outdoor Access Point You can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. The Channel Number is a means of assigning frequencies to a series of access points, when many are used in the same WLAN, to minimize interference. There are 11 channel numbers that may be assigned. If you assign channel number 1 to the first in a series, then channel 6, then channel 11, and then continue with 1, 6, 11, you will have the optimum frequency spread to decrease “noise.
Advanced Options Beacon interval 0-4095 The frequency in milliseconds in which the 802.11 beacon is transmitted by the AP. RTS Threshold 0-3000 The number of bytes used for the RTS/CTS handshake boundary. When a packet size is greater than the RTS threshold, the RTS/CTS handshaking is performed. Fragmentation 256-2346 even only Fragmentation boundary in bytes. DTIM 1-65535 The number of beacon intervals between successive Delivery Traffic Identification Maps (DTIMs).
3e-525A Outdoor Access Point Security The 3e-525A will display a default factory setting of no encryption, but for security reasons will not communicate to any clients unless the encryption is set by the administrator. There will be different encryption options for the AP in FIPS Mode and the non-FIPS Mode.
Static AES Key The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information. With the ability to use even larger 192-bit and 256-bit keys, if desired, it offers higher security against brute-force attack than the old 56-bit DES keys.
3e-525A Outdoor Access Point Dynamic key management requires the installation of the 3e-030 Security Server software which resides on a self-contained workstation connected to the 3e-525A over the WAN port.
Static WEP Encryption (non-FIPS) If you choose to use WEP encryption, you can also select whether it will be Open System or Shared Key authentication. For greater security, set authentication type to “shared key.” WEP Data encryption can be set to 40-bit or 128-bit encryption. WEP (Wired Equivalent Privacy) Encryption is a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard.
3e-525A Outdoor Access Point WEP encryption provides some measure of security. Utilities exist for scanning for networks and logging all the networks it runs into—including the real SSIDs, the access point’s MAC address, the best signal-to-noise ratio encountered, and the time the user crossed into the network’s space. These utilities can be used to determine whether your network is unsecured.
compatible. For those organizations already making the transition to the new AES algorithm, WPA uses a form of AES (AES-CCMP) agreed-upon by the WiFi Alliance 802.11i working team. If you wish to use WPA on the 3e-525A, enable either WPA Pre-shared Key Settings or WPA 802.1x Settings. If you are a SOHO user, selecting pre-shared key means that you don’t have the expense of installing a Radius Server. Simply input up to 63 character / numeric / hexadecimals in the Passphrase field.
3e-525A Outdoor Access Point • to communicate with the access point. In this case, input the MAC addresses of all the PC cards that will be authorized to access this access point. The MAC address is engraved or written on the PC (PCMCIA) Card. If Filtering is enabled and Filter Type is Disallow Access, those devices with a MAC address which has been entered in the MAC Address listing will NOT be able to communicate with the access point.
Advanced The Advanced page allows you to enable or disable load balancing and to control bandwidth. Load balancing is enabled by default. Load balancing distributes traffic efficiently among network servers so that no individual server is overburdened. For example, the load balancing feature balances the wireless clients between APs.
3e-525A Outdoor Access Point wish. You can also set the range of addresses to be assigned. The Lease period (after which the dynamic address can be reassigned) can also be varied. The DHCP server function, accessible only from the LAN port, is used for initial configuration of the management functions. SNMP Agent The SNMP Agent setup page (shown on the previous page) allows you to set up an SNMP Agent.
• • (Read & Write), and Trap is simply the SNMP terminology for “password” for those functions. Source –The IP address or name where the information is obtained. Access Control –Defines the level of management interaction permitted. Misc Services Print Server The print server function can be enabled or disabled. It is enabled by default. If you do not plan to set up the print server function, you can click disable.
3e-525A Outdoor Access Point 32 29000132-001 A
User Management List All Users The List All Users page simply lists the Crypto Officer and all administrator accounts configured for the unit. Add New User The Add New User screen allows you to add new Administrators, assigning and confirming the password for the administrator The screen shown above is the screen as it will appear in FIPS 1402 mode. The Password complexity check and the Minimal Password length are established on the User Management — Password Policy page.
3e-525A Outdoor Access Point Password Policy (FIPS Mode Only) The Password Policy screen allows you to enable a Password Complexity Check when you are in FIPS 140-2 mode. The definition of a complex password is a password that contains characters from 3 of the following 4 groups: uppercase letters, lowercase letters, numerals, and symbols. If enabled, you must also select minimum password length. Click Apply to save your selection.
There are some pop-up informational menus that give detailed information about CPU, PCI, Interrupts, Process, and Interfaces. Bridging Status This screen displays the Ethernet Port STP Status, Wireless Port STP Status, and Wireless Bridging Information.
3e-525A Outdoor Access Point Wireless Clients The Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate. The screen shown here emulates the FIPS 140-2 setup and contains a column for EMCON response. The non-FIPS mode doesn't display this column.
If Transmit power is disabled, either by setting TX Pwr Mode to Off on the management screen or by using the RF Manager (Chapter 7), the Wireless Clients page will show the results from each associated client in the EMCON Response column. If the client responds to the "disable" command, a Yes is displayed. If the column contains a No, this can mean either: • • • the client didn't receive the command, or the client is no longer in the areas, or the client software doesn't support the RF management feature.
3e-525A Outdoor Access Point Adjacent AP List The Adjacent AP list shows all the APs on the network which are not seen by the subject AP as trusted clients. If you select the check box next to any AP shown and click the Make Trusted button, the AP will thereafter be accepted by the 3e-525A as a trusted AP. DHCP Client List The DHCP client list displays all clients currently connected to the 3e-525A via DHCP server, including their hostnames, IP addresses, and MAC Addresses.
System Log The system log displays system facility messages with date and time stamp. These are messages documenting functions performed internal to the system, based on the system’s functionality. Generally, the Administrator would only use this information if trained as or working with a field engineer or as information provided to technical support. The System log will continue to accumulate listings. If you wish to clear listings manually, use the Clear button.
3e-525A Outdoor Access Point Network Activity The Network Activity Log keeps a detailed log of all activities on the network which can be useful to the network administration staff. The Network Activities log will continue to accumulate listings. If you wish to clear listings manually, use the Clear button.
System Administration The System administration screens contain administrative functions. The screens and functions are detailed in the following section. Firmware Upgrade The System Upgrade utility is a functionality built into the 3e-525A for updates to the device’s firmware as they become available. When a new upgrade file becomes available, find it and upload it to the 3e-525A from this page. Self-Test Both Crypto Officer and Administrator functions can access the self-test functions.
3e-525A Outdoor Access Point Factory Default The "Restore" button is a fallback troubleshooting function that should only be used to reset to original settings. Remote Logging Remote logging allows you to forward the syslog data from each machine to a central remote logging server. In the 3e-525A, this function uses the syslogd daemon.
Reboot The Reboot utility allows you to reboot the 3e-525A without changing any preset functionality. Utilities This screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button, as appropriate.
3e-525A Outdoor Access Point This page intentionality left blank.
Chapter 4: Gateway Configuration Introduction Chapter 3 covered the default configuration of the 3e-525A Wireless Access Point as an access point, for use as part of a host wired network. This chapter covers configuration as a gateway. If additional security for the wireless network is desired (differen– tiating it from the wired network to which it is connected), set it up in gateway mode.
3e-525A Wireless Access Point A comparison of gateway and access point setup for the 3e-525A AP ������� ���� ������ ����� ���� �������� ������� �������� ������� ������������ ������������ ���� ������ ���� ������ ������������ ������������ � ���� �� �� �� � �� �� ���� ��� �� �� �� � � �� �� ������������ � � �� ��� �� ���� ������ ����������� ������������ ���� ������ ������� ������� ���� ������������ ������������� ������������� ������������ ������������� ������������� ������������� ��
Chapter 4: Configure as gateway Configuring in Gateway Mode To configure the 3e-525A AP in gateway mode, complete the following steps. Open a web browser on your monitor (using Netscape Navigator 3.0 or better or Internet Explorer 4.0 or better) and type in the default IP address of the gateway on its WAN port (for example, https: //192.168.254.254). If you have changed the LAN address of the 3e-525A AP, then you will need to enter the LAN network address with a station address of .1.
3e-525A Wireless Access Point You can then proceed to change the management screens as necessary to reconfigure the device as a gateway. Configuration in gateway mode allows you to set firewall parameters. This is the main difference between the screens you will see in gateway mode and those covered in access point setup as discussed in Chapter 3. Note that the 3e-525A AP is not FIPS 140-2 compliant in gateway mode. The following sections cover the functions and screens in gateway mode.
Chapter 4: Configure as gateway Go next to the System Configuration—WAN page. WAN This screen allows you to set Link Speed and Duplex of the WAN port. If you select a choice other than Auto (the default), the 3e-525A AP will use only the selected link speed (10 Mbits/sec or 100 Mbits/sec) and Duplex (Half Duplex transfers or Full Duplex transfers) that you select in the WAN/LAN Link dropdown menu. You also set information for how the IP address will be obtained.
3e-525A Wireless Access Point LAN This sets up the default numbers for the four octets for a possible private LAN function for the access point. You can also change the default subnet mask. The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port.
Chapter 4: Configure as gateway Operating Mode This is the page you accessed to change mode. You need to visit this page only if you will be changing mode from Gateway to Access Point. Note that if you change mode, all previously entered information will be reset to factory settings. Wireless Configuration General Wireless configuration allows your computer’s wireless PC Card to talk to the access point.
3e-525A Wireless Access Point On the Wireless Configuration — General page, you must enter the SSID for the wireless LAN. This is also where you can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. There are some advanced options which are detailed in the chart below. The SSID can be any set of letters and numbers assigned by the network administrator. This nomenclature has to be set on the gateway and each wireless device in order for them to communicate.
Chapter 4: Configure as gateway Advanced Options: The advanced options included on the second section of the above screen are described on the following chart: Advanced Options Beacon interval 0-4095 The frequency in milliseconds in which the 802.11 beacon is transmitted by the AP. RTS Threshold 0-3000 The number of bytes used for the RTS/CTS handshake boundary. When a packet size is greater than the RTS threshold, the RTS/CTS handshaking is performed.
3e-525A Wireless Access Point Broadcast SSID Enabled/ disabled When disabled, the AP hides the SSID in outgoing beacon frames and stations cannot obtain the SSID through passive scanning. Also, when it is disabled, the AP doesn’t send probe responses to probe requests with unspecified SSIDs. Encryption The default factory setting for the 3e-525A AP in gateway mode is no encryption but for security reasons it will not communicate to any clients unless the encryption is set by the administrator.
Chapter 4: Configure as gateway WEP is designed to provide the same level of security for wireless LANs as that of a wired LAN. To use WEP encryption, identify the level of encryption (64 or 128). If using 64-bit WEP, you will need to program the Default WEP key on the AP and each wireless device and designate the four alternate 64-bit WEP keys. The four WEP keys thus programmed have to be input to the setup utility on each wireless device that will be part of the WLAN.
3e-525A Wireless Access Point WPA is an interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion. However, it is expected to remain compatible. For those organizations already making the transition to the new AES algorithm, WPA uses a form of AES (AES-CCMP) agreed-upon by the WiFi Alliance 802.11i working team. If you wish to use WPA on the 3e-525A, enable either WPA Pre-shared Key Settings or WPA 802.1x Settings.
Chapter 4: Configure as gateway Static AES Key/Open System Authentication The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information. With the ability to use even larger 192-bit and 256-bit keys, if necessary, it offers higher security against brute-force attack than the old 56-bit DES keys.
3e-525A Wireless Access Point If you will be using MAC Address filtering, navigate next to the MAC Address Filtering page. Mac Address Filtering The factory default for MAC Address filtering is Disabled. If you enable MAC Address filtering, only those devices equipped with the authorized MAC addresses will be able to communicate with the access point. Input the MAC addresses of all the PC cards that will be authorized to access this device. The MAC address is engraved or written on the PC (PCMCIA) Card.
Chapter 4: Configure as gateway Rogue AP Detection The Rogue AP Detection page allows the network administrator to set up rogue AP detection. If you enable rogue AP detection, also enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP. (You may add up to 20 APs.) Enter an email address for notification of any rogue or non-trusted APs. The Rogue AP list, under Monitoring Reports on the navigation menu, will detail any marauding APs.
3e-525A Wireless Access Point Services Settings DHCP Server This page allows configuration of the DHCP server function accessible from the LAN port. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish. You can also set the range of addresses to be assigned.
Chapter 4: Configure as gateway SNMP Agent The SNMP (simple network management protocol) Agent setup page allows you to set up an SNMP Agent. The agent is a software module that collects and stores management information for use in a network management system. The 3e-525A AP's integrated SNMP agent software module translates the device’s management information into a common form for interpretation by the SNMP Manager, which usually resides on a network administrator’s computer.
3e-525A Wireless Access Point plained below: • • • Community –The Community field for Get (Read Only), Set (Read & Write), and Trap is simply the SNMP terminology for “password” for those functions. Source –The IP address or name where the information is obtained. Access Control –Defines the level of management interaction permitted. Misc Service The print server function can be enabled or disabled. It is enabled by default. If you do not plan to set up the print server function, you can click Disable.
Chapter 4: Configure as gateway IP Filtering The IP Filtering page will block certain IPs on the Private LAN from accessing your Internet connection. It restricts clients to those with a specific IP Address. Port Filtering Port filtering permits you to configure the Gateway to block outbound traffic on specific ports. It can be used to block the wireless network from using specific protocols on the network. Following is a list of well known TCP and UDP ports.
3e-525A Wireless Access Point Virtual Server In order to protect the Private Network, the built-in NAT firewall filters out traffic to the private network. Since all clients on the Private Network are normally not visible to outside users, the virtual server function allows some clients on the Private Network to be accessed by outside users by configuring the application mapping function offered on this page.
Chapter 4: Configure as gateway vate Network computer specified by the server IP 192.168.15.33. Service Port 23 25 80 Server IP 192.168.15.56 192.168.15.33 192.168.15.64 We recommend that IP addresses of virtual server computers hosted on the Private Network be manually (statically) assigned to coincide with a static server mapping to that specific IP address. Virtual servers should not rely on the dynamic IP assignment of the DHCP server function which could create unmapped IP address assignments.
3e-525A Wireless Access Point Demilitarized Zone (DMZ) The Demilitarized Zone (DMZ) host allows one computer on the Private Network to be totally exposed to the wired network or Internet for unrestricted two-way communication. This configuration is typically used when a computer is operating a proprietary client software or 2-way communication such as video-teleconferencing, where multiple TCP port assignments are required for communication.
Chapter 4: Configure as gateway User Management List All Users This List All User page simply lists all Crypto Officers and Administrators assigned. Add New User The Add New User screen allows the Crypto Officer to add new Administrator users, assigning and confirming passwords. The Administrator role performs general security services, including cryptographic operations and other approved security functions.
3e-525A Wireless Access Point Monitoring/Reports This section gives you a variety of lists and status reports. Most of these are self-explanatory. System Status This screen displays the status of the 3e-525A AP device and network interface details.
Chapter 4: Configure as gateway Bridging Status This screen displays the Ethernet Port STP Status, Wireless Port STP Status, and Wireless Bridging Information. Wireless Clients The Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate.
3e-525A Wireless Access Point Adjacent AP List The Adjacent AP list shows all the APs on the network which are not seen by the subject AP as trusted clients. To make any AP shown a trusted client, simply click on the Make Trusted box for that AP. DHCP Client List The DHCP client list displays all clients currently connected to the 3e525A AP via DHCP server, including their hostnames, IP addresses, and MAC Addresses. System Log The system log displays system-facility-messages with date and time stamp.
Chapter 4: Configure as gateway Web Access Log The web access log displays system-facility-messages with date and time stamp for any actions involving web access. For example, this log records when you set encryption mode, change operating mode, etc., using the web browser. It establishes a running record regarding what actions were performed and by whom.
3e-525A Wireless Access Point System Administration The System administration functions contain administrative functions, some of which can be performed only if the user is logged on as a Crypto Officer. The screens and functions are detailed in the following section.
Chapter 4: Configure as gateway Firmware Upgrade The System Upgrade utility is a functionality built into the 3e-525A AP for updates to the device’s firmware as they become available. When a new upgrade file becomes available, find it and upload it to the 3e-525A AP from this page. Only the Crypto Officer role can access this function. Factory Default The Factory Default or "Restore" button is a fallback troubleshooting function that should only be used to reset to original settings.
3e-525A Wireless Access Point Reboot The Reboot utility allows you to reboot the Gateway without changing any preset functionality. Both Crypto Officer and Administrator functions have access to this function. Utilities This screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button, as appropriate.
Chapter 5: Bridge Configuration Introduction In the 3e-525A, wireless bridging uses a second WLAN card to set up an independent wireless bridge connection. Since wireless bridging provides a mechanism for APs to collaborate, it is possible to extend the basic service set (BSS) of a standalone AP and to connect two separate LANs without installing any cabling. The wireless bridging function in the 3e-525A allows you to set a number of alternate bridging configurations.
3e-525A Wireless Access Point Wireless Configuration — Bridging Wireless Configuration — Bridging Encryption In the Wireless Configuration — General screen, if you are setting up the 3e-525A only as a bridge, the SSID can remain in its default setting, since the bridge uses the BSSID for purposes of establishing contact. The BSSID is shown on the Wireless Configuration — Bridging page (see page 77.) It is the MAC Address for the bridge WLAN card.
Chapter 5: Configure as bridge The Wireless Configuration — Bridging Encryption page is used to configure static encryption keys for the wireless bridge. This is an important page to set up to ensure that your bridge is working correctly. The encryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur.
3e-525A Wireless Access Point The following sections describe the setup for three types of bridging configuration: point-to-point, point-to-multipoint, or, lastly, repeater. Setting Up Bridging Type Point-to-Point Bridge Configuration A point-to-point link is a direct connection between two, and only two, locations or nodes. Because the bridge function uses a separate WLAN card for bridging, you can also set up WLANs on the separate AP WLAN card.
Chapter 5: Configure as bridge signed to the bridge. Spanning Tree Protocol may be set to Enable, if there is any possibility of a bridging loop, or to Disable (which is more efficient) if there's no possibility of a bridging loop. Each bridge must contain the other's BSSID. (The BSSID of each is equivalent to the MAC address contained on the Wireless Configuration — Bridging setup page. Enter only hexadecimal numbers, no colons. Data entry is not case sensitive.
3e-525A Wireless Access Point Navigate to the Wireless Configuration — Bridging screen. In the first section: General, you will see the MAC Address of the bridging card. This is used as the BSSID on other 3e-525As that will be communicatingwith this one. Wireless Mode can be set to 802.11g for best rate, to 802.11b (if necessary) or to mixed 802.11b/g. Set Basic and Supported Rates. Channel Number must be set the same for each bridge to communicate.
Chapter 5: Configure as bridge Next, navigate to Wireless Configuration — Bridging Encryption. Select the appropriate key type and length and the key value. The encryption key value and type for Bridge 1 must be the same as for Bridge 2. For wireless bridging, only AES and 3DES are available for encryption.
3e-525A Wireless Access Point You must complete the configuration of your Bridge 1 by following the general instructions in Chapter 3 of this guide to establish any other required configuration options such as General, WAN and LAN settings. Configure the second of your two point-to-point bridges following the instructions given for Bridge 1 above.
Chapter 5: Configure as bridge Follow the steps of the procedure outlined in the point-to-point bridge section. The chart following describes the basic attributes. Point-to-Multipoint Bridging Setup Guide Direction Bridge 1 Bridge 2 ~ n default (or set for 802.11b/g WLAN) default (or set for 802.11b/g WLAN) Wireless Configuration – General SSID Channel 11 Wireless Configuration – Encryption 11 Set for 802.11b/g WLAN Set for 802.
3e-525A Wireless Access Point Direction Bridge 1 Bridge 2 Bridge 3 Wireless Configuration – General SSID default (or set for 802.11b/g WLAN) default (or set for 802.11b/g WLAN) default (or set for 802.
Chapter 6: The RF Manager Function Introduction This chapter addresses a function of the 3e-525A which facilitates remote management and programming of the Radio Frequency function for multiple 3e-525As located on a common network. This function allows you to remotely manage the Radio Frequency Power levels. For each AP selected, the RF Manager can remotely disable the AP's transmit power and, in turn, the transmit power of each client that is associated with it.
3e-525A Wireless Access Point How to Access the RF Manager Function The RF Manager can be installed from the CD that came with the 3e-525A Install Kit to the desktop of anyone who needs to manage the wireless LAN. Click on RF Manager on the Installation CD main menu to start the autoinstall. If, for any reason, the autoinstall function doesn't initiate, open a window from the My Computer icon on your desktop to your CD drive and double-click the 3E-RFMGR.EXE icon in the RF Manager folder on the CD.
How to Program the RF Manager Before you are able to remotely manage access points, you need to program the RF Manager by putting the static IP Address of APs you want to manage in a configuration file. Click on the Browse button. This will open a window with some sample files that you can edit. You should edit the contents of SampleRadioOn.3eti and SampleRadioOff.3eti. To see the contents of one of these files, simply right click the file name and select Open from the dropdown menu.
3e-525A Wireless Access Point You can now edit the file by adding the IP addresses of the 3e-525As that you want to manage, each in a pair of brackets [ ]. The two files SampleRadioOn.3eti and SampleRadioOff.3eti must be edited as a minimum. This will permit you to turn all the APs on or off at will. You can save them to another file name if you wish (maintaining the same file extension.
Once you have edited the file, save it. You can now update the APs you have included in your configuration files from an Ethernet connection on your network. To test out the files you have edited, on the main RF Manager screen, browse to and select the file that you want to use to manage your APs. That file name should now appear in the Configuration File window. Now enter the Password for that group of APs. Finally, hit the Configure button.
3e-525A Wireless Access Point If any part of your update has failed, the Configure Status window will show you that it has failed in part or in whole and direct you to the area of the configuration file that you need to fix.
Chapter 7: Network Printer Setup If you want to have the 3e-525A operate as a printer server, connect a printer to the wireless gateway now. The following instructions cover how to set it up using Windows 2000 as your operating system. (Windows XP is similar to Windows 2000.) Install Print Service for Unix (Windows 2000): 1. Open the Control Panel and select Add/Remove Programs 2. In the Add/Remove Programs window, on the left navigation bar, select Add/Remove Windows Components.
3e-525A Wireless Access Point 3. In the Add/Remove Windows Components wizard, select Other Network File and Print Services. 4. Click Next and the wizard will install this component. You may need your windows install CD. 5. Windows informs you that the action is complete. Click Finish and close the prior screen. Set Up the Printer Now you are prepared to set up your new printer resource. Follow this procedure: 1. Access the Control Panel and select the Printers icon as shown on the following picture. 2.
3. The Add Printer Wizard starts. Click Next. 4. From the following screen, select Local Printer and uncheck the selection: Automatically detect and install my Plug and Play printer. Then click Next.
3e-525A Wireless Access Point 5. Select Create a new port and use the arrow to find and highlight LPR Port. Then click Next. 6. Next, in the field for Name or address of the server providing lpd: type the IP address assigned to the 3e-525A LAN. In the field for Name of printer or print queue on the server: type lp or lpusb. Then click OK.
7. In the next screen, locate first the manufacturer for the printer you are using, then the specific model of printer you are using. Then click Next. 8. You will be asked to provide additional information. Continue through the wizard screens until you reach the last. Then click Finish. Important Note: On the Printer Sharing screen, do not select to "share" the printer. The Access Point does the sharing, not the printer. It is a good idea to print a test page to confirm that the setup has been successful.
3e-525A Wireless Access Point This page intentionally left blank.
Chapter 8: Technical Support Manufacturer’s Statement The 3e-525A is provided with warranty. It is not desired or expected that the user open the device. If malfunction is experienced and all external causes are eliminated, the user should return the unit to the manufacturer and replace it with a functioning unit. If you are experiencing trouble with this unit, the point of contact is: support@3eti.com or visit our website at www.3eti.
3e-525A Wireless Access Point Channel Separation and WLAN Cards There are two WLAN cards in this access point. One is used for the Access Point function; the other is used for the Bridge. Channel Separation is required to reduce interference between the AP and Bridge WLAN cards. We have found that assigning 11 to the AP WLAN card channel and 4 to the Bridge WLAN card has given the optimum channel separation in test installations.
Glossary 3DES Also referred to as Triple DES, a mode of the DES encryption algorithm that encrypts data three times. 802.11 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. 802.11b (also referred to as 802.11 High Rate or WiFi) 802.11b is an extension to 802.
PC Card A computer device packaged in a small card about the size of a credit card and conforming to the PCMCIA standard. PDA (Personal Digital Assistant) A handheld device. SNMP Simple Network Management Protocol SSID A Network ID unique to a network. Only clients and access points that share the same SSID are able to communicate with each other. This string is case-sensitive. Wireless LANs offer several security options, but increasing the security also means increasing the time spent managing the system.
