User's Manual

ManualsBrandsEricsson Wi-Fi ManualsComputers & Accessories802.11n dual-band WIFI router

201

202

203

204

205

206

207

208

209

210

Table Of Contents

About This Document
- Typographical Conventions
- Related Documentation
System Overview of BelAir Networks APs
- BelAir20
  - BelAir20 Hardware Description
  - BelAir20 Antenna Connectivity
- BelAir100i WCS
  - BelAir100i WCS Hardware Description
  - BelAir100i WCS Antenna Connectivity
- BelAir20E
  - BelAir20E Hardware Description
- BelAir20EO
  - BelAir20EO Hardware Description
- BelAir100N
  - BelAir100N Hardware Description
- BelAir100SN
  - BelAir100SN Hardware Description
- BelAir100SNE
  - BelAir100SNE Hardware Description
- BelAir2100
  - BelAir2100 Hardware Description
AP Configuration Interfaces
- Command Line Interface
- SNMP Interface
  - Integrating the AP with a Pre-deployed NMS
- Web Interface
Command Line Interface Basics
- Connecting to the AP
- Starting a CLI Session
- Command Modes
- Abbreviating Commands
- Command History
- Special CLI Keys
- Help Command
- Saving your Changes
  - Saving the Configuration Database
  - Restoring the Configuration Database
- Common CLI Commands
AP Access Methods
- SNMP Configuration Guidelines
- SNMP Command Reference
- Telnet
- HTTP
- Secure HTTP
- SSH
  - SSH Access
- SSL
- TR-069
  - Configuring ACS Communications
User and Session Administration
- User Privilege Levels
- User Accounts
- Configuring Authentication for User Accounts
  - Authentication Mode
  - RADIUS Servers
- CLI and Web Sessions
IP Settings
- Displaying IP Parameters
- Configuring IP Parameters
- Configuring the Domain Name System Lookup Service
- Configuring IP Address Notification
System Settings
- Country of Operation
- System Identification Parameters
- Custom Fields
- Configuring the System Date and Time
  - Manual Date and Time Configuration
  - Managing an SNTP Server
- GPS Coordinates
- LED Control
  - Find Me Function
  - LED Enable or Disable
- Setting the Network Egress Point
- Enabling Wi-Fi Band Steering
- Limiting Broadcast Packets
- Limiting DHCP Packets from Clients
- Displaying AP Inventory Information
- Defining a Maintenance Window
- Temperature Display
- Displaying System Up Time
- Displaying the Running Configuration
- Restarting the AP
- Creating and Using Script Files
- Enabling or Disabling Session Logging
- Local and Remote Configuration
AP Auto-configuration
- DHCP Options
- DNS
- Configuration Download Profile
  - Pre-requisites
  - Using a Configuration Download Profile
Card Settings
- Determining which Cards are in an AP
- Displaying Card Information
- Card Administrative State
- Restarting a Card
- Card CPU and Memory Performance Monitoring Statistics
- BTS Card Commands
Ethernet or LAN Interface Settings
- Managing the Ethernet or LAN Interface Settings
- Managing Egress AP Traffic
  - VLAN Conversion
  - VLAN Filtering
- Changing Ethernet or LAN Interface Admin State
- Ethernet or LAN Port Statistics
- Ethernet or LAN Port Performance Monitoring Statistics
Cable Modem Configuration
- Displaying the Cable Modem Information
- Displaying the Cable Modem Configuration
- Displaying the Cable Modem Status
- Configuring Attenuation
- Setting the Cable Modem Interface Down Alarm Threshold
- Rebooting the Cable Modem
- Cable Modem Statistics
- Cable Modem Performance Monitoring Statistics
Wi-Fi Radio Configuration Overview
- Available Wi-Fi Radios
- Configuration Process
Configuring Wi-Fi Radio Parameters
- Displaying Wi-Fi Radio Configuration
- Displaying Configuration Options
- Operating Channel
- Antenna Gain
- Transmit Power Level
- Link Distance
- Dynamic Frequency Selection
- Collision Aware Rate Adaptation
- WCS Duty Cycle Control
- Rate Aware Fairness
- Enhanced Throughput
- 802.11n Aggregation
- Minimum Association Thresholds
- Doing an RF Survey
- Changing Wi-Fi Interface Admin State
- Wi-Fi Interface Statistics
- Wi-Fi Performance Monitoring Statistics
Configuring Wi-Fi Access Point Parameters
- Displaying AP Configuration
- AP Custom Rates
- Displaying Associated Wireless Clients
- Displaying Wireless Client Details
- Disconnecting a Wireless Client
- Wireless Client Load Balancing
- Configuring RTS-CTS Handshaking
- Specifying the Beacon Period
- Displaying Client Association Records
- Changing AP Admin State
- AP Service Set Identifiers
- Out-of-service Advertising
- Filtering Broadcast and Multicast Packets
- Broadcast to Unicast Packet Conversion
- ARP Filtering
- ARP to Unicast Conversion
- 802.11b Protection
- Wi-Fi Client Statistics
Wi-Fi AP Security
- Security Options for Wireless Clients
- RADIUS Servers for Wireless Clients
- Client Authentication and De-authentication Trap
- AP Privacy
- Wireless Client Blacklist
- Wireless Client Access Control List
- Controlling Inter-client Communication
- Protecting against Denial of Service Attacks
  - Deauthentication DoS
Wi-Fi Backhaul Link Configuration
- Displaying Backhaul Link Configuration
- Configuring Backhaul Link Identifier, Topology and Privacy
- Managing MP-to-MP Meshes
- Egress Protection
- Changing Backhaul Link Admin State
Mobile Backhaul Mesh
- Configuring Mobile Backhaul Mesh Links
Mobile Backhaul Point-to-point Links
- Scanning Process
- Sample Subscriber Station Configuration
- Sample Base Station Configuration
- Mobile Backhaul Point-to-point Commands
Operating in High Capacity and Interference Environments
- Modulation Rate Control
- VLAN based QOS
- Traffic Priority Based on Modulation Rate
- No SSID on Egress Down
- Ethernet Port Statistics
- Access Receive and Transmit Error Statistics with SNMP Support
- Noise Floor Support
- Access Packet RSSI Filter
- Effective Mesh Path Selection
- Blacklist SNMP Support
- Client Association Records
- CTS-to-Self Control
- DHCP to Attached Clients Only
- ARP to Attached Clients Only
- Upstream Broadcast Filter
- Secure Port Mode
- Wireless Bridging
- Client Load Balancing
- Client Authentication History
- Automatic Mesh Connect
- Traffic Test Tool
DHCP Relay Settings
- Displaying the DHCP Relay Configuration
- Modifying DHCP Relay Parameters
- Interface Administrative State
- Assigning SSID Traffic to Use DHCP Relay
- DHCP Address Filtering
- DHCP Relay Performance Monitoring Statistics
Network Address Translation
- Displaying the Operational Status
- Displaying the Current DHCP Lease Status
- Displaying the DHCP Lease History
- Configuring Network Address Translation
- Choosing an Egress Interface
- Preventing AP Management from within the Scope
- Enabling or Disabling Individual Scopes
- Changing NAT Admin State
- Managing APs in a NAT Cluster
  - Mac Address to IP Address Mapping
  - Port Forwarding
Universal Access Method
- Displaying the Current Configuration
- Displaying the Operational Status
- Displaying the Client Session Information
- Specifying the Web Server
- Specifying Redirection Variable Pairs
- Specifying the RADIUS Server
- Managing White List Entries
- Associating VLAN Traffic to a Scope
- Performing MAC Address Authentication
- Collecting Accounting Information
- Operating in WAN Mode
- Changing UAM Admin State
Using Layer 2 Tunnels
- Configuring the AP for Layer 2 Tunneling
- Configuring the Network Central Router for Layer 2 Tunneling
Quality of Service Settings
- System QoS
- Radio QoS
Layer 2 Network Configuration
- Spanning Tree Protocol Overview
  - Configuring Spanning Tree Priority
  - Configuring Other Spanning Tree Parameters
- RSTP Commands
Performing a Software Upgrade
- Upgrade Process Overview
- Downloading a New Software Load
- Canceling a Software Upgrade
- Verifying a Successful Download
- Activating a Software Load
- Committing a New Software Load
- Backing Out from a Software Upgrade
- Displaying the Status of the Software Upgrade
- Clearing the Upgrade Failure Alarm
- Auto-upgrade
Alarm and Event Reporting
- Alarm Types and Severity
- Displaying Active Alarms
- Displaying the Alarm History
Using Syslog
- Displaying the Syslog Configuration
- Configuring the Syslog Server IP Address
- Sending Syslog Messages to a CLI Session
- Configuring the Log Level
- Configuring the Hostname Option
- Configuring the Keep-alive Interval
- Configuring Lawful Intercept Data Retrieval
Gathering Additional Troubleshooting Information
- Determining Service Health Levels
- Gathering Hardware Log Files
  - TFTP Transfer of Internal Log Files
Troubleshooting Wireless Client Connections
- Troubleshooting Client Access
- Troubleshooting Client Association and DHCP
- Authentication History Log Messages
Running Link Diagnostics
- Path Trace Tool
- Traffic Tool
Web Radio Troubleshooting Tools
- Tool Access
- Throughput Meter
- Histogram
  - Histogram Modes
  - Zoom and Shift Functions
AP LED Descriptions
- BelAir20
- BelAir100i WCS
- BelAir20E
- BelAir20EO
- BelAir100N and BelAir2100
  - BelAir100N and BelAir2100 Power-up LED Sequence
- BelAir100SN and BelAir100SNE
  - BelAir100SN and BelAir100SNE Power-up LED Sequence
For More Information
- Installation Guide
- BelAir OS User Guide
Technical Support
- Support Resources
- Warranty and Limitations
Definitions and Acronyms
Appendix A: AP Configuration Sheets
Appendix B: Mesh Auto-connection Example
- Setup and Initial Conditions
- Fault Conditions
- Recovery Conditions
Appendix C: Scripting Guidelines
- General Scripting Guidelines
- Specifying Physical Interfaces
- Including a Reboot Command in a Script
- Common AP Assembly Codes
- Common Radio Card Descriptions
- Sample Universal Auto-configuratio n Script
Appendix D: Alarm and Event Definitions
Appendix E: Resetting to Factory Defaults
- Resetting to Factory Defaults with a CLI Command
- Resetting to Factory Defaults with the Reset Button
  - BelAir20, BelAir100i WCS and BelAir20E
  - BelAir100N, BelAir100SN, BelAir100SNE and BelAir2100
Detailed Table of Contents

BelAirOS User Guide Universal Access Method

April 22, 2012 Confidential Page 201 of 362

Document Number BDTM00000-A02 Draft

Universal Access Method

The Universal Access Method (UAM) is key element of BelAir Networks’ Policy

Enforcement Point (PEP) module. UAM is a simple authentication method

where a user needs only a Web browser. When a user requests a URL, the

request is checked against a series of white lists containing hosts, MAC

addresses and protocols.

The user’s request is granted if any of the following conditions are met:

• The requested URL or its equivalent IP address is on the host white list.

• The MAC address of the user’s client is on the MAC white list.

• The user’s request uses DHCP, DNS, ARP or any protocol you put on the

protocol white list with the

add scope <n> protocol-white-list

command.

Otherwise, the user is redirected to a Web server that displays a page

requesting credentials. The supplied credentials are then sent to a RADIUS

authentication server. Once authenticated, the user is redirected to the URL

they originally requested. The user can terminate their authenticated session by

using functions provided by the Web server (such as a logout button) or by

entering the

http://1.1.1.1

URL.

Note: UAM requires the use of a DNS server to resolve supplied URLs to IP

addresses.

Finally, through correct provisioning of the RADIUS server, the AP’s

implementation of UAM also allows you to enforce client access policies:

• It can perform client MAC address authentication when a client associates

to the AP, even before the user supplies a URL.

• It can enforce policies based on the attributes listed in Table 13

Table 13: Attributes for UAM Client Access Policy Enforcement

RADIUS Attribute Value used if unspecified by RADIUS

Session idle timeout 5 minutes

Client session timeout Unlimited

Total client traffic Unlimited

Maximum downstream client traffic Unlimited