GD-GEO20
Table of contents 1 Conventions Used in this Document ..................................................................................... 4 Abbreviation List ................................................................................................................... 4 2 Packing list ............................................................................................................................ 6 3 Introduction .....................................................................
7.2.12 Port Forwarding ..................................................................................................... 39 7.2.13 Static Routes .......................................................................................................... 40 7.3 7.3.1 WNMS ................................................................................................................... 41 7.3.2 System alerts .............................................................................................
1 Conventions Used in this Document The following typographic conventions and symbols are used throughout document: Additional information that may be helpful but which is not required. Important information that should be observed. bold Menu commands, buttons, input fields, links, and configuration keys are displayed in bold italic References to sections inside the document are displayed in italic.
PEAP Protected Extensible Authentication Protocol RSSI Received Signal Strength Indication – received signal strength in mV, measured on BNC outdoor unit connector RX Receive SISO Simple Input, Simple Output SNMP Simple Network Management Protocol SMTP Simple Mail Transfer Protocol SSID Service Set Identifier TCP Transmission Control Protocol TKIP Temporal Key Integrity Protocol TTLS Tunneled Transport Layer Security (EAP-TTLS) protocol TX Transmission UDP User Datagram Protocol UA
2 Packing list 1 piece power cable 1 piece power adapter 1 piece connector 1 piece bent threaded rod 1 piece bracket 1 piece screw 4 pieces nuts + 1 piece user manual CD 1 piece GD-GEO20-TP 3 Introduction
GD-GEO20 offers reliable, great performance and cost-effective point-to-multipoint outdoor and indoor wireless solutions perfectly suited for access technology, private network and hotspots. Beside that APC (Access Point/Customer Premises Equipment) can be used for a light point-to-point applications. APC works in unlicensed 2.4 or 5 GHz frequency band, which is attractive solution for quick and simple network creation with minimum investment. These products support newest W LAN standards IEEE 802.
From AP and Station or from 2 Station’s or from 2 AP‟s. For simplicity two Stations can be used Because they have integrated directional antennas. There are available options for SISO and MIMO PTPs. Maximum achievable real data throughput is up to 160 Mbps. Light PTP Scenario 4 Device Setup The default product address is 192.168.2.66.
To access the Web management interface, configure your PC with a static IP address on the 192.168.2.0 subnet with mask 255.255.255.0. Connect the AP device in to the same physical network as your PC. Open the W eb browser and type the default IP address of the AP device https://192.168.2.66/ and the login page will be loaded.
Step 7. Navigate to the Configuration | Wireless tab, choose Access Point wireless mode with W DS enabled, specify the SSID with Broadcast enabled, Security parameters and IEEE mode and click Save&Apply: Step 8. Verify connection.
GD-GEO20 4.2 Station Setup Follow the steps for initial wireless client setup that will be connected to the previously configured AP (refer to the section Initial AP Setup). Step 1. Connect an Ethernet cable between your computer and the GD-GEO20 device. Step 2. Make sure your computer is set to the same subnet as the APC, i.e. 192.168.2.150 Step 3. Start your Web browser. Step 4. Each APC devices uses following default settings: WAN IP: 192.168.2.66 Subnet mask: 255.255.255.
Step 7. Navigate to the Configuration | Wireless tab, choose Station WDS wireless mode, click Scan button near the SSID entry field to choose the SSID of the AP where the station will be associated to. Specify the Security parameters for the AP, check IEEE mode (these settings must conform to AP wireless settings) and click Save Apply: Step 8. Verify connection. Navigate to the Status | Network page.
The main Status | Information page will display wireless information of the link with access point.
5 Network Mode 5.1 Bridge Mode The device can act as a wireless network bridge and establish wireless links with other APs. In this mode all LAN port and W ireless interface will be a part of the Bridge. Bridge Mode With a Bridge, all connected computers are in the same network subnet. The only data that is allowed to cross the bridge is data that is being sent to a valid address on the other side of the bridge. 5.
6 Device Operation 6.1 Web Management Structure The main web management menu is displayed after successfully login into the system (see the figure below). From this menu all essential configuration pages are accessed. The active menu tab is displayed in a different color: GD-GEO20 Figure 7 – Main Web Management Menu By default the Status | Information menu is activated where the main device information is displayed.
Services WNMS – set WNMS server/collector URL allowing remote device configuration and monitoring. System Alerts – set alerts which can be sent via SNMP Traps or/and SMTP notifications. SNMP – SNMP service settings allowing remote device monitoring. Clock/NTP – set device date manually or enable and configure NTP service. SSH – control SSH connection. HTTP – control HTTP connection.
7 Configuration 7.1 Status 7.1.1 Information The Information page displays a summary of status information of your device. It shows important information for the APC operating mode, network settings. System information – displays general information about the device. Wireless information – displays general information about the wireless network.
7.1.2 Status Network The Network sections displays statistics of the network interfaces and DHCP leases (depending on network mode): Figure 9 – Network Statistics Interface – displays the interface name. The SSID name is displayed in the brackets near the radio interface (and VAPs). IP address – displays the IP address of the particular interface. MAC – displays the MAC address of the particular interface. Received – displays the number of received packets.
In case the access point has more than one wireless interface (VAPs), the appropriate number of tables with information about connected wireless clients will be displayed. Peer MAC – displays MAC address of the successfully connected wireless client. Signal – indicates the signal strength of the access point main and auxiliary antennas that the station communicates with displayed dB. Noise – displays the noise level in dBm.
Network mode - choose the device operating mode [bridge/router] Bridge – in this mode the device works as transparent bridge interconnecting wireless network and LAN port. The Firewall related functions and NAT are not available in this mode. Router – in this mode the device works as router between wireless network and all LAN ports. Ethernet speed – configures the Ethernet link speed and the duplex mode of the Ethernet port. Choose "auto" for automatic detection of link speed and duplex mode.
address assigned by the DHCP server is not predictable. Method – specify IP reception method: IP addresses can either be retrieved from a DHCP server or configured manually: Static IP – the IP address must be specified manually. Dynamic IP – the IP address for this device will be assigned from the DHCP server. If DHCP Server is not available; the device will try to get an IP. If has no success, it will use a fallback IP address (default fallback IP is 192.168.2.66).
Restrict management to interfaces – select interfaces that will be restricted with management VLAN. 7.2.3 Router Mode This section allows customizing parameters of the Router to suit the needs of network, including ability to use the built-in DHCP server. W hen device is configured to operate as Router, the following sections should be specified: W AN network settings, LAN network settings and LAN DHCP settings.
MAC address – specify the clone MAC address if required. The ISPs registers the MAC address of the router, and allows only that MAC address to connect to their network. In such case if there is need to change hardware (router), you need to notify your ISP about MAC address change, or simply set The router’s MAC address to the MAC address of the previously router/computer. VLAN ID – specify the VLAN ID for traffic tagging on required radio interface [2-4095].
WAN mode – choose PPPoE to configure W AN interface to connect to an ISP via a PPPoE: MAC address – specify the clone MAC address if required. The ISPs registers the MAC address of the router, and allows only that MAC address to connect to their network. In such case if there is need to change hardware (router), you need to notify your ISP about MAC address change, or simply set The router’s MAC address to the MAC address of the previously router/computer.
LAN DHCP Settings DHCP mode – choose disabled to disable DHCP on LAN interface. DHCP mode – choose relay to enable DHCP relay. The DHCP relay forwards DHCP messages between subnets with different sub layer broadcast domains. DHCP mode – choose server to enable DHCP server on LAN interface. IP address from – specify the starting IP address of the DHCP address pool. IP address to – specify the ending IP address of DHCP address pool. Subnet mask – specify the subnet mask.
Depending on the wireless operation mode selection some of the displayed configuration parameters will differ (e.g. security or advanced wireless settings). Wireless mode – select wireless operation mode: Access Point (auto WDS)) – enables the APC radio function as an access point. When in AP mode, wireless clients can see the AP broadcast and associate to it if settings are configured correctly. Station – sets the radio to run in client mode.
7.2.5 Wireless Mode: Access Point Use Basic Wireless Settings to setup radio interface of the device. Basic Wireless Settings SSID – specify the SSID of the wireless network device. Broadcast SSID – enables or disables the broadcasting of the SSID for AP. IEEE mode – specify the wireless network mode. Channel width – The default channel bandwidth for 802.11 radio is 20MHz. The 802.11n allow channel bonding in such way the total channel width becomes 40MHz.
Open – no encryption. WEP – 64bit and 128bit key. Personal – preshared key encryption with W PA/WPA2 using AES or TKIP. Enterprise – RADIUS server based authentication with W PA/WPA2 encryption using AES or TKIP (requires configured RADIUS server). UAM – Web browser based user authentication method. UAM authentication is available only if Access Point is working in router mode. For UAM configuration details refer at the respective chapter Universal Access Method (UAM).
Encryption – specify W PA/WPA2 encryption algorithm: AES – AP will accept clients with passphrase encrypted with AES method; TKIP – AP will accept clients with passphrase encrypted with TKIP method; Auto – AP will accept clients with passphrase encrypted with both: AES and TKIP methods; RADIUS authentication settings: RADIUS IP – specify the IP address of the authentication RADIUS server where the authentication requests will be send to.
Client isolation – select to enable the layer 2 isolation that blocks clients from communicating with each other. Client isolations is available only in Access Point (auto WDS) mode. Enable DFS – select to enable radar detection. With enabled DFS, APC unit monitors the operating frequency for radar signals. If radar signals are detected on the channel, the APC unit randomly selects a different channel. Enable AMSDU – enable the AMSDU packet aggregation. If enabled, the maximum size of the 802.
Both sides (AP and Station) of the link must have the same security settings. Device supports various authentication/encryption methods: Open – no encryption. WEP – 64bit and 128bit key. Personal – preshared key encryption with WPA/WPA2 using AES or TKIP. Enterprise – RADIUS server based authentication with W PA/WPA2 encryption using AES or TKIP (requires configured RADIUS server).
EAP method – choose EAP method: EAP-TTLS-MSCHAPv2 PEAP/ MSCHAPv2 Identity – specify the identity of the authentication to the RADIUS server. Password – specify the password of the authentication to the RADIUS server. Identity and Password on the APC must match the identity and password running on the RADIUS server's user list. Advanced Wireless Settings Advanced parameters allow configuring the device to get the best performance/capacity of the link.
MIMO – multiple input multiple outputs. The device will use two antennas for data transfer (two Simultaneous streams). Max data rate – choose the maximum data rate in Mbps at which should transmit packets. The APC Will attempts to transmit data at the highest data rate set. If there will be an interference encountered, The APC will step down to the highest rate that allows data transmission. Max data rate N – choose the data rates in Mbps at which should transmit packets for the selected 802.
Security Settings Both sides (iPoll Access Point and iPoll Station) of the link must have the same security settings. The APC device working, in iPoll Access Point wireless mode, supports authentication/encryption methods listed below: Open – no encryption. Personal WPA – preshared key encryption with W PA using AES method. Personal WPA 2 – preshared key encryption with W PA2 using AES method.
Enable DFS – select to enable radar detection. W ith enabled DFS, APC unit monitors the operating frequency for radar signals. If radar signals are detected on the channel, the unit randomly selects a different channel. Mode – choose the unit’s antenna operating mode: SISO – single input single output. The device will use only one antenna for data transfer. The antenna will be chosen automatically. MIMO – multiple input multiple outputs.
Security Settings Both sides (iPoll Access Point and iPoll Station) of the link must have the same security settings. The APC device working, in iPoll Station wireless mode, supports authentication/encryption methods listed below: Open – no encryption. Personal WPA – preshared key encryption with W PA using AES method. Personal WPA 2 – preshared key encryption with W PA2 using AES method.
Mode – choose the unit’s antenna operating mode: SISO – single input single output. The device will use only one antenna for data transfer. The antenna will be chosen automatically. MIMO – multiple input multiple outputs. The device will use two antennas for data transfer (two Simultaneous streams). Max data rate – select the device data transmission rates in Mbps from the drop-down list. The APC Will attempt to transmit data at the highest data rate set.
Security – choose the wireless security and encryption method from the drop-down list (for detailed security configuration, refer to the respective section Access Point (auto WDS) Security Settings). Open – no encryption. WEP – 64bit and 128bit key. Personal – preshared key encryption with WPA/WPA2 using AES or TKIP. Enterprise – RADIUS server based authentication with W PA/WPA2 encryption using AES or TKIP (requires configured RADIUS server).
Limit all traffic Enable download shaping – select to enable limitation of the download traffic. Download limit, kbps – specify the maximum download (from wireless interface to Ethernet interface) bandwidth value in Kbps. Download burst, kbytes – specify the download burst size in kbytes. Enable upload shaping – select to enable limitation of the upload traffic. Upload limit, kbps – specify the maximum upload (from Ethernet interface to wireless interface) bandwidth value in Kbps.
Enable UPnP – select to enable UPnP (Universal Plug and Play connectivity) service. The UPnP enables APC communicate with other network devices automatically opening required ports, without manual intervention. Enable DMZ – select to enable DMZ. DMZ opens all TCP/UDP ports to particular IP address. It allows setting up servers behind the APC. The feature is used commonly for setting up VoIP or Multi- Media servers.
7.3.1 WNMS Wireless Network Management System (WNMS) is a centralized monitoring and management system for wireless network devices. The communication between managed devices and the WNMS server is always initiated by WNMS client service running on every device. Enable WNMS agent – select to enable WNMS agent. Server/Collector URL – specify the URL of the WMS server to which that heartbeat notifications will be sent to. 7.3.
SNMP Traps Settings Manager address – specify the IP address or hostname of SNMP Trap receiver. Manager port – specify the port number of the Trap receiver. Default port number is 162. Trap community - specify the SNMP community string. This community string acts as password between SNMP manager and device by default Trap community string is "public". Use informs – select to wait for an acknowledgment from SNMP manager that trap was received.
Enable SNMP – specify the SNMP service status. Friendly name – displays name of the APC that will be used to identify the unit. This name has the same value as Friendly name in the Device settings. Link location – displays the physical location of the device. This name has the same value as Device location in the Device settings. Contact information – specify the identification of the contact person for this managed device, together with information on how to contact this person.
NTP server – specify the trusted NTP server IP or hostname for synchronizing time with [IP address]. To adjust the clock settings manually, choose the configuration mode as Manual and specify the following settings: Configuration – choose the system clock configuration mode [NTP/Manual]. Time zone – select the time zone. Time zone should be specified as a difference between local time and GMT time. Save last known time – select to recall the timestamp that was saved on last reboot.
7.4 System 7.4.1 Administration For security reasons it is recommended to change the default administrator username and password as soon as possible. System menu allows you to manage main system settings and perform main system actions (reboot, restore configuration, etc.). The section is divided into further three sections: Device settings, Account settings and system functions. Device settings Friendly name – specify name of the APC that will be used to identify the unit.
System functions Reboot device – reboot device with the last saved configuration. Reset device to factory defaults – click to restore unit's factory configuration. Resetting the device is an irreversible process. Current configuration and the administrator password will be set back to the factory default. Download troubleshooting file – click to download the troubleshooting file. The troubleshooting file contains valuable information about device configuration, routes, log files, command outputs, etc.
Forward backup – select to enable remote syslog logging backup. Backup server – specify the backup host IP address or hostname where syslog messages will be send to. Backup port – specify the port to which syslog messages will be forwarded [0-65535]. Default: 514. 7.4.3 LED Control The APC is equipped with 6 LEDs: power, LAN and 4 RSSI LEDs that indicates the signal strength of current connection.
Firmware into the device permanent memory. Click the Upgrade button: Upgrade – upgrade device with the uploaded image and reboot the system. Do not switch off and do not disconnect the device from the power supply during the firmware upgrade process as the device could be damaged.
7.5 Tools 7.5.1 Antenna Alignment The Antenna Alignment tool measures signal quality between the Station and AP. For best results during the antenna alignment test, turn off all wireless networking devices within range of the device except the device(s) with which you are trying to align the antenna. W atch the constantly updated display in the Alignment Test window as you adjust the antenna. Start – press this button to start antenna alignment. Stop – press this button to stop antenna alignment.
Last updated before – displays when the last scan was performed. The results of the Site Survey test are converted to handy two graphs: AP count and RSSI. An administrator can use this to identify the best channel for device operation that will not receive interference from adjacent APs. 7.5.
IP address or Host name – specify the destination IP address or Host name. Packet size – specify the packet size. 7.5.5 Trace route This tool is a route-tracing utility used to determine the path that an IP packet has taken to reach a destination. This is useful when trying to find out why destination is unreachable, as you will be able to see where the connection fails. Destination IP or Hostname – specify hostname or IP address of the target host.
7.5.6 Spectrum Analyser The Spectrum analyzer test displays detailed information about signal level of each APC unit’s Antenna on each available frequency. This enables administrator choose the best available Frequency/channel for the unit operation. The frequency list depends on the Country at which the unit is operating, and chosen channel width. Do not use the Spectrum analyzer on the remote unit of the link, as the connection to the device will be lost during the test.
8 Universal Acces Method 8.1 UAM Overview When using internal UAM, the Login page is the first page a client receives when he starts his W eb browser and enters any URL. To get access to the network, the user should enter his authentication settings: login name and password and click the login button: The GD-GEO20 could be shared by several W ireless Internet Service Providers (WISP). They are uniquely identified by specifying WISP domain name in addition to subscriber user name when logging in.
Use Security section on W ireless or VAP (depending on the interface on which the UAM will be configured) page for UAM configuration: choose the security option UAM: RADIUS Settings NAS ID – specify the NAS identifier. RADIUS server 1 – specify the name or IP address of the primary RADIUS server. RADIUS server 2 – specify the name or IP address of the secondary RADIUS server. RADIUS Secret – specify the RADIUS shared secret.
WISPr Settings WISPr location name – specify the WISPr location name. Operator name – specify the operator‟s name Network name – specify the network name ISO country code – specify the country code in ISO standard. E.164 country code – specify the country code in E.164 standard. E.164 area code – specify the area code in E.164 standard. WISPr default max bandwidth – specify the default bandwidth limitation for clients.
9 Appendix 9.1 Resetting Device to Factory Defaults Device has the capability of being reset to defaults by pinging the device with a certain packet size when the radio is booting. During the startup of the device, when the drivers of the Ethernet interfaces are loaded, the discovery daemon is started. The daemon suspends startup process for 3 seconds and waits for ICMP "echo request" packet of length 369 bytes. If the packet received, the discovery resets the device to default configuration.
9.2 RADIUS Attributes The following RADIUS attributes and messages are supported by the GD-GEO20. 9.2.1 General Attributes Attribute Description User-name (1) Full username as entered by the user. User-Password (2) Used for UAM as alternative to CHAP-Password and CHAP-Challenge.
Attribute Description Acct-Interim-Interval (85) If present in Access-Accept chilli will generate interim accounting records with the specified interval (seconds). MS-MPPE-Send-Key (311,16) Used for WPA MS-MPPE-Recv-Key (311,17) Used for WPA 9.2.2 WISPr Attributes Attribute Description WISPr-Location-ID (14122, 1) Location ID is set to the radiuslocationid option if present. Should be in the format: isocc=, cc≤E.164_Country_Code>, ac≤E.
Attribute Description ChilliSpot-Bandwidth-Max-Down (14559, 5) Maximum bandwidth down ChilliSpot-Config (14559, 6) Configurations passed between chilli and back-end as name value pairs ChilliSpot-Lang (14559, 7) Language selected in user interface ChilliSpot-Version (14559, 8) Version of Chilli sending this AccessRequest