9160 G2 Wireless Gateway User Manual November 24, 2006 ISO 9001 Certified Quality Management System Part No. 8100117.
© Copyright 2006 by Psion Teklogix Inc., Mississauga, Ontario This document and the information it contains is the property of Psion Teklogix Inc., is issued in strict confidence, and is not to be reproduced or copied, in whole or in part, except for the sole purpose of promoting the sale of Psion Teklogix manufactured goods and services. Furthermore, this document is not to be used as a basis for design, manufacture, or sub-contract, or in any manner detrimental to the interests of Psion Teklogix Inc.
Return-To-Factory Warranty Psion Teklogix Inc. provides a return to factory warranty on this product for a period of twelve (12) months in accordance with the Statement of Limited Warranty and Limitation of Liability provided at www.psionteklogix.com/warranty. (If you are not already a member of Teknet and you attempt to view this warranty, you will be asked to register. As a member of Teknet, you will have access to helpful information about your Psion Teklogix products at no charge to you.
lead, cadmium, mercury, hexavalent chromium, and flame retardants PBB and PBDE that may be contained in a product. Only products meeting these high environmental standards may be “placed on the market” in EU member states after July 1, 2006. RoHS Logo Although there is no legal requirement to mark RoHS-compliant products, Psion Teklogix Inc.
TABLE OF CONTENTS Approvals and Safety Summary . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1: Introduction 1.1 About This Manual . . . . . . . . . . . . . . . . . . . . . . . 1.2 Online Help Features, Supported Browsers, And Limitations . 1.3 Text Conventions . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Overview Of The 9160 G2 Wireless Gateway . . . . . . . . . 1.4.1 Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.2 Access Point Functions . . . . . . . . . . .
Contents 2.1.4.1 Power . . . . . . . . . . . . . . . . . . . . 2.1.4.2 Antennas . . . . . . . . . . . . . . . . . . . 2.2 Connecting To External Devices . . . . . . . . . . 2.2.1 Ports . . . . . . . . . . . . . . . . . . . . . . . 2.2.2 LAN Installation: Overview . . . . . . . . . . . 2.2.3 LAN Installation: Ethernet. . . . . . . . . . . . 2.2.3.1 Ethernet Cabling . . . . . . . . . . . . . . . 2.2.4 Status Indicators (LEDs) . . . . . . . . . . . . . 2.2.5 Connecting A Video Display Terminal . . . . . 2.
Contents 4.5 Configure ‘Basic Settings’ And Start The Wireless Network . . . . . 4.5.1 Default Configuration . . . . . . . . . . . . . . . . . . . . . . . . 4.6 What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Make Sure The Access Point Is Connected To The LAN. . . . . . 4.6.2 Test LAN Connectivity With Wireless Clients . . . . . . . . . . . 4.6.3 Secure And Fine-tune The Access Point Using Advanced Features . . . . . . . . . . . . . 42 . 43 . 43 . 43 . 44 . 44 . . . . . .
Contents 6.6 6.7 Stopping Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Navigating To Configuration Information For A Specific AP And Managing Standalone APs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 6.7.1 Navigating To An AP By Using Its IP Address In A URL . . . . . . . 62 Chapter 7: Managing User Accounts 7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Navigating To User Management For Clustered Access Points 7.
Contents Chapter 9: Wireless Neighborhood 9.1 9.2 9.3 9.4 Navigating To Wireless Neighborhood. . . . . . . . Understanding Wireless Neighborhood Information. Viewing Wireless Neighborhood . . . . . . . . . . . Viewing Details For A Cluster Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 . 83 . 84 . 86 Chapter 10: Configuring Security 10.1 Understanding Security Issues On Wireless Networks . . . . . . . . . . . 91 10.1.
Contents 11.1.1 Ethernet (Wired) Settings . . . . . . . . . . . . . . . . . . . . 11.1.2 Wireless Settings . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2.1 Log Relay Host For Kernel Messages . . . . . . . . . . . . . . 11.2.1.1 Understanding Remote Logging. . . . . . . . . . . . . . . 11.2.1.2 Setting Up The Log Relay Host . . . . . . . . . . . . . . . 11.2.1.
Contents Chapter 14: Setting up Guest Access 14.1 Understanding The Guest Interface . . . . . . . . . . 14.2 Configuring The Guest Interface . . . . . . . . . . . . 14.2.1 Configuring A Guest Network On A Virtual LAN . 14.2.2 Configuring The Welcome Screen (Captive Portal) 14.3 Using The Guest Network As A Client . . . . . . . . 14.4 Deployment Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 19: Quality of Service (QoS) 19.1 Understanding QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 19.1.1 QoS And Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . 183 19.1.2 802.11e And WMM Standards Support . . . . . . . . . . . . . . . . . 183 19.1.3 QoS Queues And Parameters To Coordinate Traffic Flow . . . . . . . 184 19.1.3.1 QoS Queues And Type Of Service (ToS) On Packets. . . . . . . . 184 19.1.3.
Contents 21.2 Navigating To SNMP Settings 21.3 Configuring SNMP Settings . 21.3.1 Configuring SNMP Traps . 21.3.2 Updating SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 214 215 216 22.1 Overview . . . . . . . . . . . . . . . . . . . . 22.2 Radio Protocols . . . . . . . . . . . . . . . . . 22.2.
Contents 23.3 Updating Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Chapter 24: Backing Up & Restoring Configuration 24.1 Navigating To The AP’s Configuration Settings . . . . . . . 24.2 Resetting Factory Default Configuration . . . . . . . . . . . 24.3 Saving The Current Configuration To A Backup File . . . . 24.4 Restoring The Configuration From A Previously Saved File. 24.5 Rebooting The Access Point . . . . . . . . . . . . . . . . . 24.6 Upgrading The Firmware . . . . . . .
Contents Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup C.1 Network Infrastructure And Choosing Between Built-in Or External Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 C.1.1 Using The Built-in Authentication Server (EAP-PEAP) . . . . . . . . C-4 C.1.2 Using An External RADIUS Server With EAP-TLS Certificates Or EAP-PEAP . . . . . . . . . . . . . . . . . C-4 C.2 Make Sure The Wireless Client Software Is Up-to-Date . . . . . . . . . .
D.2.1 Reboot Or Reset Access Point . . . . . . . . . . . . . . . . . . . . . D-4 Appendix E: Glossary Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
APPROVALS AND SAFETY SUMMARY DECLARATION OF CONFORMITY Product: Application of Council Directives: Conformity Declared to Standards: 9160 G2 Wireless Gateway EMC Directive:89/336/EEC Low Voltage Directive:73/23/EEC R&TTE Directive: 1999/5/EEC EN 55022: 2003 Class B EN 61000-3-2; EN 61000-3-3 EN 55024:2003 ETSI EN 300 328:2003 ETSI EN 301 489-17:2002 EN 60950-1: 2001 Manufacturer: PSION TEKLOGIX INC. 2100 Meadowvale Blvd.
Approvals And Safety Summary FCC Statement FCC DECLARATION OF CONFORMITY (DOC) Applicant’s Name & Address: PSION TEKLOGIX 2100 Meadowvale Blvd. Mississauga, Ontario, Canada L5N 7J9 Telephone No.: (905) 813-9900 US Representative’s Name & Address: Psion Teklogix Corp. 1810 Airport Exchange Blvd., Suite 500 Erlanger, Kentucky, 41018, USA Telephone No.: (859) 372-4329 Equipment Type/ Environment Use: Computing Devices Trade Name / Model No.
Approvals And Safety Summary ence in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used according to the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation.
Approvals And Safety Summary SAFETY APPROVALS CSA, NRTL/C and CB. CE MARKING When used in a residential, commercial or light industrial environment, the product and its approved UK and European peripherals fulfill all requirements for CE marking. R&TTE DIRECTIVE 1999/5/EC This equipment complies with the essential requirements of EU Directive 1999/5/EC (Declaration available: www.psionteklogix.com).
Approvals And Safety Summary Dette utstyret er i overensstemmelse med hovedkravene i R&TTE-direktivet (1999/5/EC) fra EU. (Erklæring finnes på: www.psionteklogix.com). Utrustningen uppfyller kraven för EU-direktivet 1999/5/EC om ansluten teleutrustning och ömsesidigt erkännande av utrustningens överensstämmelse (R&TTE). (Förklaringen finns att läsa på: www.psionteklogix.com). Tämä laite vastaa EU:n radio- ja telepäätelaitedirektiivin (EU R&TTE Directive 1999/5/EC) vaatimuksia.
Approvals And Safety Summary • • • • • Do not operate the 9160 G2 if it has received a sharp blow, been dropped, or otherwise damaged in any way; it should be inspected by qualified service personnel. Do not disassemble the 9160 G2; it should be repaired by qualified service personnel. Incorrect reassembly may result in electric shock or fire. To reduce risk of electric shock, unplug the 9160 G2 from the outlet before attempting any maintenance or cleaning.
1 INTRODUCTION 1.1 1.2 1.3 1.4 About This Manual . . . . . . . . . . . . . . . . . . . . . . Online Help Features, Supported Browsers, And Limitations Text Conventions . . . . . . . . . . . . . . . . . . . . . . . Overview Of The 9160 G2 Wireless Gateway . . . . . . . . 1.4.1 Radios . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.2 Access Point Functions . . . . . . . . . . . . . . . . 1.4.3 Base Station Functions . . . . . . . . . . . . . . . . 1.5 Features and Benefits . . . . . . . . . . . . . .
Chapter 1: Introduction About This Manual 1.1 About This Manual This manual describes the setup, configuration, administration, and maintenance of one or more 9160 G2 Wireless Gateways on a wireless network. Chapter 1: Introduction provides an overview of this manual and 9160 G2 Wireless Gateway features. Chapter 2: Installation Requirements explains the physical installation of the 9160 G2 Wireless Gateway, and how to connect to the 9160 G2 for diagnostics.
Chapter 1: Introduction About This Manual Chapter 10: Configuring Security provides a number of authentication and encryption schemes to ensure that your wireless infrastructure is accessed only by the intended users. The details of each security mode are described. Chapter 11: Maintenance And Monitoring describes the maintenance and monitoring tasks for individual access points (not for cluster configurations).
Chapter 1: Introduction About This Manual Chapter 21: Configuring SNMP describes how to configure SNMP and related settings on the 9160 G2 Wireless Gateway Enterprise-Manager API. Chapter 22: The 9160 G2 As Base Station describes how to configure the 9160 G2 Wireless Gateway as either a wired or wireless Base Station, or as a Remote Radio Module (RRM). This chapter also describes narrow band radio configuration settings.
Chapter 1: Introduction Online Help Features, Supported Browsers, And Limitations 1.2 Online Help Features, Supported Browsers, And Limitations Online Help for the 9160 G2 Wireless Gateway provides information about all fields and features available on the user interface. The information in the Online Help is a subset of the information available in the full User Manual. Online Help information corresponds to each tab on the 9160 G2 Wireless Gateway Administration user interface.
Chapter 1: Introduction Text Conventions 1.3 Text Conventions Note: Notes highlight additional helpful information. Important: These statements provide particularly important instructions or additional information that is critical to the operation of the computer and other equipment. Warning: These statements provide important information that may prevent injury, damage to the equipment, or loss of data.
Chapter 1: Introduction Radios 1.4.1 Radios The 9160 G2 is capable of supporting single or dual radio operation. Available radio modules are the 802.11a/g radio, the 802.11g radio, and the RA1001A Narrow Band radio. For detailed specifications on these radios please see “Radios” on page 262. Depending on the installed radio(s), the access point is capable of operating in the following modes: • IEEE 802.11b mode. • IEEE 802.11g mode. • IEEE 802.11a mode. • Atheros Turbo 5 GHz.
Chapter 1: Introduction Access Point Functions Note: For the ‘NB only’ case, the web page may show the configuration page for a single 802.11 radio. You can disregard it, however, if you should attempt to configure this non-existent radio, this will not cause problems in the 9160 G2. Figure 1.1 Upgrade Firmware Web Page 1.4.
Chapter 1: Introduction Features and Benefits 1.5 Features and Benefits 1.5.1 IEEE Standards Support And Wi-Fi Compliance • Support for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, IEEE 802.11i, and IEEE 802.3af wireless networking standards. • Provides bandwidth of up to 54 Mbps for IEEE 802.11a or IEEE 802.11g (11 Mbps for IEEE 802.11b, 108 Mbps for Atheros 802.11a Turbo). • Wi-Fi certification. 1.5.2 Wireless Features 10 • Auto channel selection at startup. • Transmit power adjustment.
Chapter 1: Introduction Security Features • Support for IEEE 802.11h, incorporating TPC and DFS. IEEE 802.11h is a standard that provides two services required to satisfy certain regulatory domains for the 5 GHz band. These two services are Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS). • Support for Extended Range (XR). • SpectraLink Voice Priority (SVP). SpectraLink Voice Priority (SVP) is a QoS approach for Wi-Fi deployments.
Chapter 1: Introduction Out-of-the-Box Guest Interface • Local user database and user life cycle management. • MAC address filtering. • WPA/WPA2 over WDS. • Secure Sockets Shell (SSH). • Secure Sockets Layer (SSL). 1.5.4 Out-of-the-Box Guest Interface • Unique network name (SSID) for the Guest interface. • Captive portal to guide guests to customizable, guest-only Web page. • VLAN and ethernet options. 1.5.
Chapter 1: Introduction Networking • Enhanced local authentication using 802.1x without additional IT setup. A cluster can maintain a user authentication server and database stored on the access points. This eliminates the need to install, configure, and maintain a RADIUS infrastructure, and simplifies the administrative task of deploying a secure wireless network. 1.5.6 Networking • Dynamic Host Configuration Protocol (DHCP) support for dynamically obtaining network configuration information.
Chapter 1: Introduction Maintainability 1.5.8 Maintainability • Status, monitoring, and tracking views of the network including session monitoring, client associations, transmit/receive statistics, and event log. • Link integrity monitoring to continually verify connection to the client, regardless of network traffic activity levels. • Reset configuration option. • Firmware upgrade. • Backup and restore of access point configuration.
2 INSTALLATION REQUIREMENTS 2.1 Choosing The Right Location . . . . . . . . . . . . 2.1.1 Environment. . . . . . . . . . . . . . . . . 2.1.1.1 9160 G2 Wireless Gateway. . . . . 2.1.2 Maintenance . . . . . . . . . . . . . . . . . 2.1.3 Radios . . . . . . . . . . . . . . . . . . . . 2.1.4 Power And Antenna Cables . . . . . . . . . 2.1.4.1 Power . . . . . . . . . . . . . . . . 2.1.4.2 Antennas . . . . . . . . . . . . . . 2.2 Connecting To External Devices . . . . . . . . . . 2.2.1 Ports . . . . . . . . . . .
Chapter 2: Installation Requirements Choosing The Right Location Warning: The 9160 G2 must be installed by qualified Psion Teklogix personnel. 2.1 Choosing The Right Location Typically, Psion Teklogix conducts a site survey in the plant and then recommends the preferred locations for the 9160 G2s. These locations provide good radio coverage, minimize the distance to the host computer or network controller, and meet the environmental requirements. 2.1.1 Environment 2.1.1.
Chapter 2: Installation Requirements Maintenance Mounting Slot Cable Tie Mount Mounting Hole Figure 2.1 9160 G2 Installation Position 2.1.2 Maintenance The 9160 G2 has no internal option switches and does not require physical access; all configuration settings are done remotely (see “Navigating To Basic Settings” on page 47). Environmental and radio communication considerations do still apply. 2.1.3 Radios • 802.11g radio without integrated antenna (standard). • 802.
Chapter 2: Installation Requirements Power And Antenna Cables power range. The power cable is removable and is available in the power type specific to your location. The 9160 G2 AC power supply has a universal input via a standard IEC320 connector. To eliminate the need for AC wiring, the 9160 G2 Wireless Gateway is compliant with IEEE 802.3af and can be powered over its Ethernet connection. For detailed information, please see “Power Over Ethernet Requirements” on page 262.
Chapter 2: Installation Requirements Power And Antenna Cables 3. The supplementary equipment earthing conductor may not be smaller in size than the unearthed branch-circuit supply conductors (min 0.75 sq. mm nominal cross-sectional area or 18AWG). The supplementary equipment earthing conductor is to be connected to the 9160 G2 at the terminal provided, and connected to earth in a manner that will retain the earth connection when the power supply cord is unplugged.
Chapter 2: Installation Requirements Connecting To External Devices 2.2 Connecting To External Devices This section contains general guidelines for connecting the 9160 G2 to external devices such as network controllers, base stations, host computers, PCs, and video display terminals. 2.2.1 Ports Figure 2.2 shows the locations of the port and power connectors on the base of the 9160 G2. The port pinouts are described in Appendix B: “Port Pinouts And Cable Diagrams”.
Chapter 2: Installation Requirements LAN Installation: Ethernet 2.2.3 LAN Installation: Ethernet The 9160 G2 is a high-performance Access Point that supports 100Mb/s Fast Ethernet LANs, as well as 10Mb/s, with both full and half duplex operation. It comes equipped with: a 10BaseT/100BaseT card (using a category-5 twisted pair cable, an RJ-45 connector, running at a rate of 10 or 100Mb/s). For port pinouts, please refer to Appendix B: “Port Pinouts And Cable Diagrams”.
Chapter 2: Installation Requirements Connecting A Video Display Terminal 2.1.5 Connecting A Video Display Terminal An ANSI compatible video display terminal (e.g., DEC VT220 or higher), or a PC running terminal emulation, is used for diagnostic purposes. The terminal is connected to the RS-232 port on the 9160 G2 (see Figure 2.2 on page 21). This port is normally set to operate at 115,200 baud, 8 bits, 1 stop bit, no parity.
PRELAUNCH CHECKLIST 3 3.1 The 9160 G2 Wireless Gateway . . . . . . . . . . . . . . . . . . . . . . . . 27 3.1.1 Default Settings For The 9160 G2 Wireless Gateway . . . . . . . 27 3.1.2 What The Access Point Does Not Provide . . . . . . . . . . . . . 30 3.2 Administrator’s Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.3 Wireless Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.4 Understanding Dynamic And Static IP Addressing On The 9160 G2 Wireless Gateway . .
Chapter 3: PreLaunch Checklist The 9160 G2 Wireless Gateway Before you plug in and boot a new Access Point, review the following sections for a quick check of required hardware components, software, client configurations, and compatibility issues. Make sure you have everything you need ready to go for a successful launch and test of your new (or extended) wireless network. 3.1 The 9160 G2 Wireless Gateway The 9160 G2 Wireless Gateway is a wireless communications hub for devices on your network.
Chapter 3: PreLaunch Checklist Default Settings For The 9160 G2 Wireless Gateway Option Default Settings Related Information Network Name (SSID) “TEKLOGIX” for the Internal interface “Review / Describe The Access Point” on page 48 in “Configuring Basic Settings” on page 45 “TEKLOGIX Guest” for the Guest interface “Configuring “Internal” Wireless LAN Settings” on page 145 in “Setting the Wireless Interface” on page 139 “Configuring “Guest” Network Wireless Settings” on page 146 in “Setting the Wireles
Chapter 3: PreLaunch Checklist Default Settings For The 9160 G2 Wireless Gateway Option Default Settings Related Information IEEE 802.11 Mode 802.11g or 802.11a+g “Configuring 802.11 Radio Settings” on page 161 802.11g Channel Auto “Configuring 802.11 Radio Settings” on page 161 Beacon Interval 100 “Configuring 802.11 Radio Settings” on page 161 DTIM Period 2 “Configuring 802.11 Radio Settings” on page 161 Fragmentation Threshold 2346 “Configuring 802.
Chapter 3: PreLaunch Checklist What The Access Point Does Not Provide 3.1.2 What The Access Point Does Not Provide The 9160 G2 Wireless Gateway is not designed to function as a Gateway to the Internet. To connect your Wireless LAN (WLAN) to other LANs or the Internet, you need a gateway device. 3.2 Administrator’s Computer Configuration and administration of the 9160 G2 Wireless Gateway is accomplished through a Web-based user interface (UI). The Table 3.
Chapter 3: PreLaunch Checklist Wireless Client Computers Required Components Description Web Browser / Operating System Configuration and administration of the 9160 G2 Wireless Gateway is provided through a Web-based user interface hosted on the access point. We recommend using one of the following supported Web browsers to access the access point Administration Web pages: • Microsoft Internet Explorer version 5.5 or 6.
Chapter 3: PreLaunch Checklist Wireless Client Computers Required Components Description Wi-Fi Client Adaptor Portable or built-in Wi-Fi client adaptor that supports one or more of the IEEE 802.11 modes in which you plan to run the access point. (IEEE 802.11a, 802.11b, and 802.11g are supported.) Wi-Fi client adaptors vary considerably.
Chapter 3: PreLaunch Checklist Understanding Dynamic And Static IP Addressing On The 9160 G2 Wireless Gateway 3.4 Understanding Dynamic And Static IP Addressing On The 9160 G2 Wireless Gateway 9160 G2 Wireless Gateways are designed to auto-configure, with very little setup required for the first access point and no configuration required for additional access points subsequently joining a pre-configured cluster. 3.4.
Chapter 3: PreLaunch Checklist Static IP Addressing 3.4.3 Static IP Addressing The 9160 G2 Wireless Gateway ships with a default Static IP Address of 192.168.1.10. (See “Default Settings For The 9160 G2 Wireless Gateway” on page 27.) If no DHCP server is found on the network, the AP retains this static IP address at firsttime startup.
QUICK STEPS FOR SETUP AND LAUNCH 4 4.1 Unpack The 9160 G2 Wireless Gateway . . . . . . . . . . . . . . . . . . . 37 4.1.1 9160 G2 Wireless Gateway Hardware And Ports . . . . . . . . . . 37 4.1.2 What’s Inside The 9160 G2 Wireless Gateway? . . . . . . . . . . 38 4.2 Connect The Access Point To Network And Power. . . . . . . . . . . . . . 38 4.2.1 A Note About Setting Up Connections For A Guest Network . . . 40 4.2.1.1 Hardware Connections For A Guest VLAN . . . . . . . . 40 4.3 Power On The Access Point .
Chapter 4: Quick Steps For Setup And Launch Unpack The 9160 G2 Wireless Gateway Setting up and deploying one or more 9160 G2 Wireless Gateways is in effect creating and launching a wireless network. The Basic Settings Administration Web page simplifies this process. Here is a step-by-step guide to setting up your 9160 G2 Wireless Gateways and the resulting wireless network. Familiarize yourself with the Chapter 3: “PreLaunch Checklist” if you haven’t already.
Chapter 4: Quick Steps For Setup And Launch What’s Inside The 9160 G2 Wireless Gateway? 4.1.2 What’s Inside The 9160 G2 Wireless Gateway? The 9160 G2 Wireless Gateway, as an Access Point (AP), is a single-purpose computer designed to function as a wireless hub. Inside the access point is a Wi-Fi radio system and a microprocessor. The access point boots from FlashROM using powered firmware with the configurable, runtime features summarized in “Overview Of The 9160 G2 Wireless Gateway” on page 7.
Chapter 4: Quick Steps For Setup And Launch Connect The Access Point To Network And Power For initial configuration with a direct Ethernet connection and no DHCP server, be sure to set your PC to a static IP address in the same subnet as the default IP address on the access point. (The default IP address for the access point is 192.168.1.10.
Chapter 4: Quick Steps For Setup And Launch A Note About Setting Up Connections For A Guest Network ETHERNET CONNECTIONS WHEN USING STATIC IP FOR INITIAL CONFIGURATION Crossover Cable (or Ethernet cable if your AP supports auto MDI and MDI-X) Administrator Computer (This PC must have an IP address on the same subnet as Access Point.) Access Point Figure 4.2 Ethernet Connections Using Static IP 2.
Chapter 4: Quick Steps For Setup And Launch Log On To The Administration Web Pages 4.4 Log On To The Administration Web Pages When you go to the IP address of the 9160 G2 Wireless Gateway Administration Web pages, you are prompted for a user name and password. The defaults for user name and password are as follows. Field Default Setting User name admin Password admin The user name is read-only. It cannot be modified. Table 4.3 Username And Password Enter the user name and password and click OK. 4.
Chapter 4: Quick Steps For Setup And Launch Configure ‘Basic Settings’ And Start The Wireless Network Note: Currently the 9160 G2 Wireless Gateway menus appear slightly different from those shown - the menu tabs are arranged vertically down the left side of the page, rather than across the top. 4.5 Configure ‘Basic Settings’ And Start The Wireless Network Provide a minimal set of configuration information by defining the basic settings for your wireless network.
Chapter 4: Quick Steps For Setup And Launch Default Configuration 2. Provide Network Settings. Provide a new administrator password for clustered access points. For more information, see “Provide Network Settings” on page 49. 3. Settings. Click the Update button to activate the wireless network with these new settings. For more information, see “Update Basic Settings” on page 50. 4.5.
Chapter 4: Quick Steps For Setup And Launch Test LAN Connectivity With Wireless Clients 4.6.2 Test LAN Connectivity With Wireless Clients Test the 9160 G2 Wireless Gateway by trying to detect it and associate with it from some wireless client devices. (See “Wireless Client Computers” on page 31 in the PreLaunch Checklist for information on requirements for these clients.) 4.6.
5 CONFIGURING BASIC SETTINGS 5.1 5.2 5.3 5.4 5.5 5.6 5.7 Navigating To Basic Settings . . . . . . . . . . . . . . . . Review / Describe The Access Point . . . . . . . . . . . . Provide Network Settings . . . . . . . . . . . . . . . . . . Update Basic Settings . . . . . . . . . . . . . . . . . . . . Summary Of Settings . . . . . . . . . . . . . . . . . . . . Basic Settings For A Standalone Access Point . . . . . . . Your Network At A Glance: Understanding Indicator Icons . . . . . . . . . . . . . . . .
Chapter 5: Configuring Basic Settings Navigating To Basic Settings 5.1 Navigating To Basic Settings To configure initial settings, click Basic Settings. If you type the IP address of the access point into your browser, the Basic Settings page is the default page that is displayed. Fill in the fields on the Basic Settings screen as described in “Review / Describe The Access Point” on page 48.
Chapter 5: Configuring Basic Settings Review / Describe The Access Point 5.2 Review / Describe The Access Point Field Description IP Address Shows IP address assigned to this access point. This field is not editable because the IP address is already assigned (either via DHCP, or statically through the Ethernet (wired) settings as described in “Configuring Guest Interface Ethernet (Wired) Settings” on page 138). MAC Address Shows the MAC address of the access point.
Chapter 5: Configuring Basic Settings Provide Network Settings 5.3 Provide Network Settings Field Description Current Password Enter the current administrator password. You must correctly enter the current password before you are able to change it. New Password Enter a new administrator password. The characters you enter will be displayed as “ * ”characters to prevent others from seeing your password as you type. The Administrator password must be an alphanumeric string of up to 8 characters.
Chapter 5: Configuring Basic Settings Update Basic Settings 5.4 Update Basic Settings When you have reviewed the new configuration, click Update to apply the settings and deploy the access points as a wireless network. 5.5 Summary Of Settings When you update the Basic Settings, a summary of the new settings is shown, along with information about next steps. At initial startup, no security is in place on the access point.
Chapter 5: Configuring Basic Settings Basic Settings For A Standalone Access Point 5.6 Basic Settings For A Standalone Access Point The Basic Settings tab for a standalone access point indicates only that the current mode is standalone. If you want to add the current access point to an existing cluster, navigate to the Cluster > Access Point tab. For more information see “Starting Clustering” on page 61. 5.
MANAGING ACCESS POINTS & CLUSTERS 6 6.1 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 6.2 Navigating To Access Points Management . . . . . . . . . . . . . . . . . . 55 6.3 Understanding Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 6.3.1 What Is A Cluster? . . . . . . . . . . . . . . . . . . . . . . . . . 56 6.3.2 How Many APs Can A Cluster Support? . . . . . . . . . . . . . . 56 6.3.3 What Kinds Of APs Can Cluster Together?. . . . . . . . . . . .
Chapter 6: Managing Access Points & Clusters Overview 6.1 Overview The 9160 G2 Wireless Gateway shows current basic configuration settings for clustered access points (location, IP address, MAC address, status, and availability) and provides a way of navigating to the full configuration for specific APs if they are cluster members. Standalone access points or those which are not members of this cluster do not show up in this listing.
Chapter 6: Managing Access Points & Clusters Understanding Clustering 6.3 Understanding Clustering A key feature of the 9160 G2 Wireless Gateway is the ability to form a dynamic, configuration-aware group (called a cluster) with other 9160 G2 Wireless Gateways in a network in the same subnet. Access points can participate in a self-organizing cluster which makes it easier for you to deploy, administer, and secure your wireless network.
Chapter 6: Managing Access Points & Clusters Which Settings Are Shared As Part Of The Cluster Configuration And Which Are Not? • Access points joining the cluster must be named the same. For more information on setting the cluster name, see page 60. • Access points of other brands will not join the cluster. These APs should be administered with their own associated Administration tools. 6.3.
Chapter 6: Managing Access Points & Clusters Cluster Formation 6.3.4.2 Settings Not Shared By The Cluster The few exceptions (settings not shared among clustered access points) are the following, most of which by nature must be unique: • IP addresses. • MAC addresses. • Location descriptions. • Load Balancing settings. • WDS bridges. • Ethernet (Wired) Settings. • Guest interface configuration.
Chapter 6: Managing Access Points & Clusters Intra-Cluster Security 6.3.7 Intra-Cluster Security For purposes of ease-of-use, the clustering component is designed to let new devices join a cluster without strong authentication. However, communications of all data between access points in a cluster is protected against casual eavesdropping using Secure Sockets Layer (SSL). The assumption is that the private wired network to which the devices are connected is secure.
Chapter 6: Managing Access Points & Clusters Modifying The Location Description Field Description Location Description of where the access point is physically located. MAC Address Media Access Control (MAC) address of the access point. A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address.
Chapter 6: Managing Access Points & Clusters Starting Clustering 6.5 Starting Clustering To start clustering and add a particular access point to a cluster, do the following. 1. Go to the Administration Web pages for the standalone access point. (See “Navigating To An AP By Using Its IP Address In A URL” on page 62.) The Administration Web pages for the standalone access point are displayed. 2. Click the Cluster > Access Points tab for the standalone access point. 3. Click the Start Clustering button.
Chapter 6: Managing Access Points & Clusters Navigating To Configuration Information For A Specific AP And Managing Standalone APs 6.7 Navigating To Configuration Information For A Specific AP And Managing Standalone APs In general, the 9160 G2 Wireless Gateway is designed for central management of clustered access points. For access points in a cluster, all access points in the cluster reflect the same configuration.
MANAGING USER ACCOUNTS 7 7.1 7.2 7.3 7.4 7.5 7.6 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Navigating To User Management For Clustered Access Points. . . . . . . . 66 Viewing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Adding A User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Editing A User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Enabling And Disabling User Accounts. . . . . . . . . .
Chapter 7: Managing User Accounts Overview 7.1 Overview The 9160 G2 Wireless Gateway includes user management capabilities for controlling client access to access points. User management and authentication must always be used in conjunction with the following two security modes, which require use of a RADIUS server for user authentication and management. • IEEE 802.1x mode (see “IEEE 802.1x” on page 107 in Chapter 10: “Configuring Security”).
Chapter 7: Managing User Accounts Navigating To User Management For Clustered Access Points 7.2 Navigating To User Management For Clustered Access Points To set up or modify user accounts, click the Cluster > User Management tab. 7.3 Viewing User Accounts User accounts are shown at the top of the screen under User Accounts... . The Username, Real name, and Status (enabled or disabled) of the user are shown.
Chapter 7: Managing User Accounts Adding A User 7.4 Adding A User To create a new user, do the following: 1. Under Add a User..., provide information in the following fields. Field Description Username Provide a username. Usernames are alphanumeric strings of up to 237 characters. Do not use special characters or spaces. Real name For information purposes, provide the user’s full name. There is a 256 character limit on real names. Password Specify a password for this user.
Chapter 7: Managing User Accounts Editing A User Account 7.5 Editing A User Account Once you have created a user account, it is displayed under User Accounts... at the top of the User Management Administration Web page. To make modifications to an existing user account, first click the checkbox next to the username so that the box is checked. Then, choose an action such Edit, Enable, Disable, or Remove. 7.
Chapter 7: Managing User Accounts Enabling A User Account 7.6.1 Enabling A User Account To enable a user account, click the checkbox next to the username and click Enable. A user with an account that is enabled can log on to the wireless access points in your network as a client. 7.6.2 Disabling A User Account To disable a user account, click the checkbox next to the username and click Disable. A user with an account that is disabled cannot log on to the wireless access points in your network as a client.
Chapter 7: Managing User Accounts Restoring A User Database From A Backup File Use the file browser to navigate to the directory where you want to save the file, and click OK to save the file. You can keep the default file name (wirelessUsers.ubk) or rename the backup file, but be sure to save the file with a .ubk extension. 7.8.2 Restoring A User Database From A Backup File To restore a user database from a backup file: 1.
CHANNEL MANAGEMENT 8 8.1 Navigating To Channel Management . . . . . . . . . . . . . . . . . . . . . 73 8.2 Understanding Channel Management . . . . . . . . . . . . . . . . . . . . . 73 8.2.1 How It Works In A Nutshell . . . . . . . . . . . . . . . . . . . . 74 8.2.2 For The Curious: More About Overlapping Channels . . . . . . . 74 8.2.3 Example: A Network Before And After Channel Management . . 74 8.3 Configuring And Viewing Channel Management Settings . . . . . . . . . . 76 8.3.
Chapter 8: Channel Management Navigating To Channel Management 8.1 Navigating To Channel Management To view session monitoring information, click the Cluster > Channel Management tab. 8.2 Understanding Channel Management When Channel Management is enabled, the 9160 G2 Wireless Gateway automatically assigns radio channels used by clustered access points to reduce mutual interference (or interference with other access points outside of its cluster).
Chapter 8: Channel Management How It Works In A Nutshell 8.2.1 How It Works In A Nutshell At a specified interval (the default is 1 hour) or on demand (click Update), the Channel Manager maps APs to channel use and measures interference levels in the cluster. If significant channel interference is detected, the Channel Manager automatically re-assigns some or all of the APs to new channels per an efficiency algorithm (or automated channel plan). 8.2.
Chapter 8: Channel Management Example: A Network Before And After Channel Management Channel 6 (802.11b) Channel 6 (802.11b) Interference from APs on adjacent channels (5,6,7) Channel 6 (802.11b) AP1 Interference from APs on same channel (6) Channel 7 (802.11b) Channel 5 (802.11b) AP4 AP2 AP3 AP5 Client Station Client Station Figure 8.
Chapter 8: Channel Management Configuring And Viewing Channel Management Settings 8.3 Configuring And Viewing Channel Management Settings The Channel Management page shows previous, current, and planned channel assignments for clustered access points. By default, automatic channel assignment is disabled. You can start channel management to optimize channel usage across the cluster on a scheduled interval.
Chapter 8: Channel Management Viewing Current Channel Assignments And Setting Locks Note: • Channel Management overrides the default cluster behaviour, which is to synchronize radio channels of all APs across a cluster. When Channel Management is enabled, the radio Channel is not sync’d across the cluster to other APs. See the note under Radio Settings in “Settings Shared In The Cluster Configuration” on page 57. Click Stop to stop automatic channel assignment.
Chapter 8: Channel Management Viewing Last Proposed Set Of Changes 8.3.3 Viewing Last Proposed Set Of Changes The Last Proposed Set of Channel Changes shows the last channel plan. The plan lists all access points in the cluster by IP Address, and shows the current and proposed channels for each AP. Locked channels will not be re-assigned and the optimization of channel distribution among APs will take into account the fact that locked APs must remain on their current channels.
Chapter 8: Channel Management Configuring Advanced Settings (Customizing And Scheduling Channel Plans) Field Description Advanced Click the “Advanced” toggle to show / hide display settings that modify timing and details of the channel planning algorithm. By default, these settings are hidden. Change channels if interference is reduced by at least__ Specify the minimum percentage of interference reduction a proposed plan must achieve in order to be applied. The default is 25 percent.
Chapter 8: Channel Management Configuring Advanced Settings (Customizing And Scheduling Channel Plans) 8.3.4.1 Update Advanced Settings Click Update under Advanced Settings to apply these settings. Advanced Settings will take effect when they are applied, and influence how automatic channel management is performed. (The new interference reduction minimum, scheduled tuning interval, channel set, and network busy settings will be taken into account for automated and manual updates.
9 WIRELESS NEIGHBORHOOD 9.1 9.2 9.3 9.4 Navigating To Wireless Neighborhood . . . . . . . Understanding Wireless Neighborhood Information Viewing Wireless Neighborhood . . . . . . . . . . Viewing Details For A Cluster Member. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 . 83 . 84 .
Chapter 9: Wireless Neighborhood Navigating To Wireless Neighborhood The Wireless Neighborhood screen shows those access points within range of any access point in the cluster. This page provides a detailed view of neighboring access points, including identifying information (SSIDs and MAC addresses) for each, cluster status (which are members and non-members), and statistical information such as the channel each AP is broadcasting on, signal strength, and so forth. 9.
Chapter 9: Wireless Neighborhood Viewing Wireless Neighborhood For each neighbor access point, the Wireless Neighborhood view shows identifying information (SSID or Network Name, IP Address, MAC address) along with radio statistics (signal strength, channel, beacon interval). You can click on an AP to get additional statistics about the APs in radio range of the currently selected AP.
Chapter 9: Wireless Neighborhood Viewing Wireless Neighborhood Field Description Neighbors Access points which are neighbors of one or more of the clustered APs are listed in the left column by SSID (Network Name). An access point which is detected as a neighbor of a cluster member can also be a cluster member itself. Neighbors who are also cluster members are always shown at the top of the list with a heavy bar above and include a location indicator.
Chapter 9: Wireless Neighborhood Viewing Details For A Cluster Member 9.4 Viewing Details For A Cluster Member To view details on a cluster member AP, click on the IP address of a cluster member at the top of the page. Figure 9.
Chapter 9: Wireless Neighborhood Viewing Details For A Cluster Member The following table explains the details shown about the selected AP. Field Description SSID The Service Set Identifier (SSID) for the access point. The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the Network Name.
CONFIGURING SECURITY 10 10.1 Understanding Security Issues On Wireless Networks . . . . . . . . . . . . 91 10.1.1 How Do I Know Which Security Mode To Use? . . . . . . . . . 91 10.1.2 Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms . . . . . . . . . . . . . . . . . 92 10.1.2.1 When To Use Unencrypted (No Security) . . . . . . . . . 93 10.1.2.2 When To Use Static WEP . . . . . . . . . . . . . . . . . 93 10.1.2.3 When To Use IEEE 802.1x . . . . . . . . . . . . . . .
Chapter 10: Configuring Security Understanding Security Issues On Wireless Networks The following sections describe how to configure Security settings on the 9160 G2 Wireless Gateway. 10.1 Understanding Security Issues On Wireless Networks Wireless mediums are inherently less secure than wired mediums. For example, an Ethernet NIC transmits its packets over a physical medium such as coaxial cable or twisted pair.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms That said, however, security may not be as much of a priority on some types of networks. If you are simply providing internet and printer access, as on a guest network, setting the security mode to None (Plain-text) may be the appropriate choice.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms 10.1.2.1 When To Use Unencrypted (No Security) Setting the security mode to None (Plain-text) by definition provides no security. In this mode, the data is not encrypted but rather sent as “plain-text” across the network. No key management, data encryption or user authentication is used. Recommendations Unencrypted mode, i.e.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms Recommendations Static WEP was designed to provide security equivalent of sending unencrypted data through an Ethernet connection, however it has major flaws and it does not provide even this intended level of security. Therefore, Static WEP is not recommended as a secure mode.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms Additionally, compatibility issues may be cumbersome because of the variety of authentication methods supported and the lack of a standard implementation method. Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA) or WPA2. If you cannot use WPA because some of your client stations do not have WPA, then a better solution than using IEEE 802.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms We recommend that you use WPA Enterprise mode instead, unless you have interoperability issues that prevent you from using this mode. For example, some devices on your network may not support WPA or WPA2 with EAP talking to a RADIUS server. Embedded printer servers or other small client devices with very limited space for implementation may not support RADIUS.
Chapter 10: Configuring Security Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms should be used whenever possible. All WPA modes allow you to use these encryption schemes, so WPA security modes are recommended above the others when using WPA is an option. Additionally, this mode incorporates a RADIUS server for user authentication which gives it an edge over WPA Personal mode.
Chapter 10: Configuring Security Does Prohibiting The Broadcast SSID Enhance Security? 10.1.3 Does Prohibiting The Broadcast SSID Enhance Security? You can suppress (prohibit) this broadcast to discourage stations from automatically discovering your access point. When the AP’s broadcast SSID is suppressed, the network name will not be displayed in the List of Available Networks on a client station.
Chapter 10: Configuring Security Configuring Security Settings 10.2 Configuring Security Settings To set the security mode, navigate to the Security tab, and update the fields as described below. The following configuration information explains how to configure security modes on the access point. Keep in mind that each wireless client that wants to exchange data with the access point must be configured with the same security mode and encryption key settings consistent with access point security.
Chapter 10: Configuring Security None (Plain-text) Note: You can also allow or prohibit the Broadcast SSID and enable/disable Station Isolation as extra precautions as mentioned below.) Field Description Broadcast SSID To enable the Broadcast SSID, select the checkbox directly beside it. By default, the access point broadcasts (allows) the Service Set Identifier (SSID) in its beacon frames.
Chapter 10: Configuring Security Guest Network If you select None (Plain-text) as your security mode, no further options are configurable on the AP. This security mode can be useful during initial network configuration or for problem solving, but it is not recommended for regular use on the Internal network because it is not secure. 10.2.
Chapter 10: Configuring Security Static WEP For more about the Guest network, see Chapter 14: “Setting up Guest Access”. 10.2.4 Static WEP Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and access points on the network are configured with a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104bit secret key + 24-bit IV) Shared Key for data encryption.
Chapter 10: Configuring Security Static WEP Field Description Transfer Key Index Select a key index from the drop-down menu. Key indexes 1 through 4 are available. The default is 1. The Transfer Key Index indicates which WEP key the access point will use to encrypt the data it transmits.
Chapter 10: Configuring Security Static WEP Field Description WEP Keys You can specify up to four WEP keys. In each text box, enter a string of characters for each key. If you selected “ASCII”, enter any combination of integers and letters 0-9, a-z, and A-Z. If you selected “HEX”, enter hexadecimal digits (any combination of 0-9 and a-f or A-F). Use the same number of characters for each key as specified in the “Characters Required” field.
Chapter 10: Configuring Security Static WEP • The AP must have all keys used by clients for station-to-AP transmit so that it can de-code the station transmissions. • The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines abc123 key as WEP key 3, then the client stations must define that same string as WEP key 3.
Chapter 10: Configuring Security Static WEP For this example, we’ll set WEP key 1 on a Windows client. Figure 10.8 Providing A Wireless Client With A WEP Key If you have a second client station, that station also needs to have one of the WEP keys defined on the AP. You could give it the same WEP key you gave to the first station. Or for a more secure solution, you could give the second station a different WEP key (key 2, for example) so that the two stations cannot decrypt each other’s transmissions. 10.
Chapter 10: Configuring Security IEEE 802.1x To build on our example, using Funk Odyssey client software you could give each of the clients WEP key 3 so that they can decode the AP transmissions with that key and also give client 1 WEP key 1 and set this as its transfer key. You could then give client 2 WEP key 2 and set this as its transfer key index. Figure 10.9 illustrates the dynamics of the AP and two client stations using multiple WEP keys and a transfer key index.
Chapter 10: Configuring Security IEEE 802.1x 9160 G2 Wireless Gateway embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP V2. If you use your own RADIUS server, you have the option of using any of a variety of authentication methods that the IEEE 802.1x mode supports, including certificates, Kerberos, and public key authentication. Keep in mind, however, that the client stations must be configured to use the same authentication method being used by the access point. If you selected “IEEE 802.
Chapter 10: Configuring Security WPA Personal Field Description Use internal radius server Select one of the following from the drop-down menu: • To use the authentication server provided with the 9160 G2 Wireless Gateway, ensure the checkbox beside the Use internal radius server field is selected. If this option is selected, you do not have to provide the Radius IP and Radius Key; they are automatically provided.
Chapter 10: Configuring Security WPA Personal The Personal version of WPA employs a pre-shared key (instead of using IEEE 802.1x and EAP as is used in the Enterprise WPA security mode). The PSK is used for an initial check of credentials only. This security mode is backwards-compatible for wireless clients that support the original WPA. If you selected “WPA Personal” Security Mode, complete the settings as described in Table 10.11 on page 111.
Chapter 10: Configuring Security WPA Personal Field Description WPA Versions Select the types of client stations you want to support: • WPA • WPA2 • Both WPA. If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA. WPA2. If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard. Both.
Chapter 10: Configuring Security WPA Enterprise Field Description Key The Pre-shared Key is the shared secret key for WPA Personal. Enter a string of at least 8 characters to a maximum of 63 characters. Table 10.11 WPA Personal Security Settings 10.2.7 WPA Enterprise Wi-Fi Protected Access Enterprise with Remote Authentication Dial-In User Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.
Chapter 10: Configuring Security WPA Enterprise Field Description WPA Versions Select the types of client stations you want to support: • WPA • WPA2 • Both WPA. If all client stations on the network support the original WPA but none support the newer WPA2, then select WPA. WPA2. If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard. Both.
Chapter 10: Configuring Security WPA Enterprise Field Description Enable preauthentication If for WPA Versions you select only WPA2 or both WPA and WPA2, you can enable pre-authentication for WPA2 clients. Click Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packet. The pre-authentication information will be relayed from the access point the client is currently using to the target access point.
Chapter 10: Configuring Security Updating Settings Field Description Use internal radius server You can choose whether to use the built-in authentication server provided with the 9160 G2 Wireless Gateway, or you can use an external radius server. • To use the authentication server provided with the 9160 G2 Wireless Gateway, ensure the checkbox beside the Use internal radius server field is selected.
MAINTENANCE AND MONITORING 11 11.1 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 11.1.1 Ethernet (Wired) Settings . . . . . . . . . . . . . . . . . . . . . .120 11.1.2 Wireless Settings. . . . . . . . . . . . . . . . . . . . . . . . . . .120 11.2 Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 11.2.1 Log Relay Host For Kernel Messages . . . . . . . . . . . . . . . .121 11.2.1.1 Understanding Remote Logging. . . . . . . . . . . . . .
Chapter 11: Maintenance And Monitoring Interfaces Important: The maintenance and monitoring tasks described here all pertain to viewing and modifying settings on specific access points; not on a cluster configuration that is automatically shared by multiple access points. Therefore, it is important to ensure that you are accessing the Administration Web pages for the particular access point you want to configure.
Chapter 11: Maintenance And Monitoring Ethernet (Wired) Settings 11.1.1 Ethernet (Wired) Settings The Internal interface includes the Ethernet MAC Address, IP Address, Subnet Mask, and Associated Network Wireless Name (SSID). The Guest interface includes the MAC Address, VLAN ID, and Associated Network Wireless Name (SSID). If you want to change any of these settings, click the Edit link. 11.1.2 Wireless Settings The Radio interface includes the radio Mode, and Channel.
Chapter 11: Maintenance And Monitoring Log Relay Host For Kernel Messages This page lists the most recent events generated by this access point (see “Events Log” on page 124). This page also gives you the option of enabling a remote “log relay host” to capture all system events and errors in a Kernel Log. (This requires setting up a remote relay host first. See “Log Relay Host For Kernel Messages” on page 121).
Chapter 11: Maintenance And Monitoring Log Relay Host For Kernel Messages 11.2.1.2 Setting Up The Log Relay Host To use Kernel Log relaying, you must configure a remote server to receive the syslog messages. This procedure will vary depending on the type of machine you use as the remote log host. The following is an example of how to configure a remote Linux server using the syslog daemon. Example Of Using Linux syslogd The following steps activate the syslog daemon on a Linux server.
Chapter 11: Maintenance And Monitoring Log Relay Host For Kernel Messages 11.2.1.3 Enabling Or Disabling The Log Relay Host On The Status, Events Page To enable and configure Log Relaying on the Status > Events page, set the Log Relay options as described below and then click Update. Field Description Relay Log Choose to either enable or disable use of the Log Relay Host: If you select the Relay Log checkbox, the Log Relay Host is enabled and the Relay Host and Relay Port fields are editable.
Chapter 11: Maintenance And Monitoring Events Log 11.2.2 Events Log The Events Log shows system events on the access point such as stations associating, being authenticated, and other occurrences. The real-time Events Log is always shown on the Status, Events Administration Web UI page for the access point you are monitoring. 11.
Chapter 11: Maintenance And Monitoring Transmit/Receive Statistics This page provides some basic information about the current access point and a realtime display of the transmit and receive statistics for this access point as described in Table 11.2 on page 125. All transmit and receive statistics shown are totals since the access point was last started. If the AP is rebooted, these figures indicate transmit/receive totals since the re-boot. Field Description IP Address IP Address for the access point.
Chapter 11: Maintenance And Monitoring Associated Wireless Clients 11.4 Associated Wireless Clients To view the client stations associated with a particular access point, navigate to Status > Client Associations on the Administration Web pages for the access point you want to monitor. The associated stations are displayed, along with information about packet traffic transmitted and received for each station. 11.4.
Chapter 11: Maintenance And Monitoring Neighboring Access Points Information provided on neighboring access points is described in Table 11.3. Field Description MAC Address Shows the MAC address of the neighboring access point. A MAC address is a hardware address that uniquely identifies each node of a network. Radio Two-Radio APs If the access point that is “doing the detecting” of neighboring APs is a two-radio access point, the Radio field is included.
Chapter 11: Maintenance And Monitoring Neighboring Access Points Field Description Beacon Interval Shows the Beacon interval being used by this access point. Beacon frames are transmitted by an access point at regular intervals to announce the existence of the wireless network. The default behaviour is to send a beacon frame once every 100 milliseconds (or 10 per second). The Beacon Interval is set on the Manage > Radio tab page. (See Chapter 16: “Configuring 802.11 Radio Settings”.
Chapter 11: Maintenance And Monitoring Neighboring Access Points Field Description Band This indicates the IEEE 802.11 mode being used on this access point. (For example, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g.) The number shown indicates the mode according to the following map: • 2.4 indicates IEEE 802.11b mode or IEEE 802.11g mode. • 5 indicates IEEE 802.11a mode. Channel Shows the channel on which the access point is currently broadcasting.
12 THE ETHERNET (WIRED) INTERFACE 12.1 Navigating To Ethernet (Wired) Settings . . . . . . . . . . . . . . . . . 133 12.1.1 Setting The DNS Name . . . . . . . . . . . . . . . . . . . . . .134 12.1.2 Enabling Or Disabling Guest Access . . . . . . . . . . . . . . .134 12.1.2.1 Configuring An Internal LAN And A Guest Network . .134 12.1.2.2 Enabling Or Disabling Guest Access . . . . . . . . . . .135 12.1.2.3 Specifying A Virtual Guest Network . . . . . . . . . . .135 12.1.
Chapter 12: The Ethernet (Wired) Interface Navigating To Ethernet (Wired) Settings Ethernet (Wired) Settings describe the configuration of your Ethernet local area network (LAN). Note: The Ethernet Settings are not shared across the cluster. These settings must be configured individually on the Administration pages for each access point.
Chapter 12: The Ethernet (Wired) Interface Setting The DNS Name 12.1.1 Setting The DNS Name Field Description DNS Name Enter the DNS name for the access point in the text box. This is the host name. It may be provided by your ISP or network administrator, or you can provide your own. The rules for system names are: • This name can be up to 20 characters long. • Only letters, numbers and dashes are allowed. • The name must start with a letter and end with either a letter or a number. Table 12.
Chapter 12: The Ethernet (Wired) Interface Enabling Or Disabling Guest Access 12.1.2.2 Enabling Or Disabling Guest Access The 9160 G2 Wireless Gateway ships with the Guest Access feature disabled by default. If you want to provide guest access on your AP, enable Guest access on the Ethernet (Wired) Settings tab. Field Description Guest Access By default, the 9160 G2 Wireless Gateway ships with Guest Access disabled. • To enable Guest Access, click Enabled. • To disable Guest Access, click Disabled.
Chapter 12: The Ethernet (Wired) Interface Enabling / Disabling Virtual Wireless Networks On The AP 12.1.3 Enabling / Disabling Virtual Wireless Networks On The AP If you want to configure the Internal network as a VLAN (whether or not you have a Guest network configured), you can enable “Virtual Wireless Networks” on the access point.
Chapter 12: The Ethernet (Wired) Interface Configuring LAN Or Internal Interface Ethernet Settings Field Description Connection Type You can select DHCP or Static IP. The Dynamic Host Configuration Protocol (DHCP) is a protocol specifying how a centralized server can provide network configuration information to devices on the network. A DHCP server “offers” a “lease” to the client system. The information supplied includes the IP addresses and netmask, plus the address of its DNS servers and gateway.
Chapter 12: The Ethernet (Wired) Interface Configuring Guest Interface Ethernet (Wired) Settings Field Description Default Gateway Enter the Default Gateway in the text boxes. DNS Nameservers The Domain Name Service (DNS) is a system that resolves the descriptive name (domainname) of a network resource (for example, www.psionteklogix.com) to its numeric IP address (for example, 66.93.138.219). A DNS server is called a Nameserver.
13 SETTING THE WIRELESS INTERFACE 13.1 13.2 13.3 13.4 13.5 13.6 13.7 Navigating To Wireless Settings . . . . . . . . . . Configuring 802.11d Regulatory Domain Support 802.11h Regulatory Domain Control. . . . . . . . Configuring The Radio Interface. . . . . . . . . . Configuring “Internal” Wireless LAN Settings . . Configuring “Guest” Network Wireless Settings . Updating Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 13: Setting the Wireless Interface Navigating To Wireless Settings Wireless Settings describes aspects of the local area network (LAN) related specifically to the radio device in the access point (802.11 Mode and Channel) and to the network interface to the access point (MAC address for access point and Wireless Network name, also known as SSID). The following sections describe how to configure the “Wireless” address and related settings on the 9160 G2 Wireless Gateway. 13.
Chapter 13: Setting the Wireless Interface Configuring 802.11d Regulatory Domain Support 13.2 Configuring 802.11d Regulatory Domain Support You can enable or disable IEEE 802.11d Regulatory Domain Support to broadcast the access point country code information as described below. Field Description 802.11d Regulatory Domain Support Enabling support for IEEE 802.11d on the access point causes the AP to broadcast which country it is operating in as a part of its beacons: • To enable 802.
Chapter 13: Setting the Wireless Interface Configuring The Radio Interface There are a number of key points for the AP Developer that should be remembered in relation to the IEEE 802.11h standard: • 802.11h only works for the 802.11a band. It is not required for 802.11b, nor 802.11g. • If you are operating in an 802.11h enabled domain, then the channel selection of the BSS will always be “Auto”.
Chapter 13: Setting the Wireless Interface Configuring The Radio Interface Field Description Mode The Mode defines the Physical Layer (PHY) standard being used by the radio. The 9160 G2 Wireless Gateway is available as a single or dual-band access point with one or two radios. The configuration options for Mode differ depending on which product you have. Single-Band AP: For the Single-Band AP, select one of these modes: • IEEE 802.11b • IEEE 802.
Chapter 13: Setting the Wireless Interface Configuring “Internal” Wireless LAN Settings 13.5 Configuring “Internal” Wireless LAN Settings The Internal Settings describe the MAC Address (read-only) and Network Name (also known as the SSID) for the internal Wireless LAN (WLAN) as described in Table 13.2. Field Description MAC Address Shows the MAC address(es) for Internal interface for this access point. This is a read-only field that you cannot change.
Chapter 13: Setting the Wireless Interface Configuring “Guest” Network Wireless Settings 13.6 Configuring “Guest” Network Wireless Settings The Guest Settings describe the MAC Address (read-only) and wireless network name (SSID) for the Guest Network as described in Table 13.3. Configuring an access point with two different network names (SSIDs) allows you to leverage the Guest interface feature on the 9160 G2 Wireless Gateway. For more information, see Chapter 14: “Setting up Guest Access”.
SETTING UP GUEST ACCESS 14.1 Understanding The Guest Interface . . . . . . . . . . . . . 14.2 Configuring The Guest Interface . . . . . . . . . . . . . . . 14.2.1 Configuring A Guest Network On A Virtual LAN . 14.2.2 Configuring The Welcome Screen (Captive Portal) . 14.3 Using The Guest Network As A Client . . . . . . . . . . . 14.4 Deployment Example . . . . . . . . . . . . . . . . . . . . 14 . . . . . . . 149 . . . . . . . 150 . . . . . . .150 . . . . . . .152 . . . . . . . 152 . . . . . . .
Chapter 14: Setting up Guest Access Understanding The Guest Interface Out-of-the-box Guest Interface features allow you to configure the 9160 G2 Wireless Gateway for controlled guest access to an isolated network. You can configure the same access point to broadcast and function as two different wireless networks: a secure “Internal” LAN and a public “Guest” network. Guest clients can access the guest network without a username or password.
Chapter 14: Setting up Guest Access Configuring The Guest Interface 14.2 Configuring The Guest Interface To configure the Guest interface on the 9160 G2 Wireless Gateway, perform these steps: 1. Configure the access point to represent two virtually separate networks as described in the section below, “Configuring A Guest Network On A Virtual LAN”. 2. Set up the guest Welcome screen for the guest captive portal as described in the section, “Configuring The Welcome Screen (Captive Portal)” on page 152.
Chapter 14: Setting up Guest Access Configuring A Guest Network On A Virtual LAN 1. Use only one wired connection from the network port on the access point to the LAN. (Make sure this port is configured to handle VLAN tagged packets.) 2. Configure Ethernet (wired) Settings for Internal and Guest networks on VLANs as described in the sections in Chapter 12: “The Ethernet (Wired) Interface”.
Chapter 14: Setting up Guest Access Configuring The Welcome Screen (Captive Portal) 14.2.2 Configuring The Welcome Screen (Captive Portal) You can set up or modify the Welcome screen guest clients see when they open a Web browser or try to browse the Web. To set up the captive portal, do the following: 1. Navigate to the Manage > Guest Login tab. 2. Choose Enabled to activate the Welcome screen. 3.
Chapter 14: Setting up Guest Access Deployment Example 3. The guest client chooses Guest SSID. 4. The guest client starts a Web browser and receives a Guest Welcome screen. 5. The Guest Welcome Screen provides a button for the client to click to continue. 6. The guest client is now enabled to use the “guest” network. 14.4 Deployment Example In Figure 14.1, the dotted lines indicate dedicated guest connections.
CONFIGURING VLANS 15 15.1 Navigating To Virtual Wireless Network Settings . . . . . . . . . . . . . 157 15.2 Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 15.3 Updating Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 15: Configuring VLANs Navigating To Virtual Wireless Network Settings The following sections describe how to configure multiple wireless networks on Virtual LANs (VLANs). 15.1 Navigating To Virtual Wireless Network Settings To set up multiple networks on VLANs, navigate to the Manage > Virtual Wireless Networks tab, and update the fields as described below. 15.
Chapter 15: Configuring VLANs Configuring VLANs Field Description Virtual Wireless Network You can configure up to 6 VWNs. Enabled You can enable or disable a configured network. • To enable the specified network, check the Enabled checkbox beside the appropriate VWN. • To disable the specified network, uncheck the Enabled checkbox beside the appropriate VWN. If you disable the specified network, you will lose the VLAN ID you entered.
Chapter 15: Configuring VLANs Updating Settings Field Description Security Mode Select the Security Mode for this VLAN. Select one of the following: • None (Plain-text) • Static WEP • WPA Personal Note: The Security mode you set here is specifically for this Virtual Network. Other networks continue to use the security modes already configured: • Your original Internal network (configured on the Ethernet Settings page) uses the Security mode set on Security.
CONFIGURING 802.11 RADIO SETTINGS 16.1 16.2 16.3 16.4 Understanding Radio Settings Navigating To Radio Settings Configuring Radio Settings . Updating Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 16: Configuring 802.11 Radio Settings Understanding Radio Settings The following sections describe how to configure 802.11 Radio Settings on the 9160 G2 Wireless Gateway: 16.1 Understanding Radio Settings Radio settings directly control the behaviour of the radio device in the access point, and its interaction with the physical medium; that is, how/what type of electromagnetic waves the AP emits.
Chapter 16: Configuring 802.11 Radio Settings Navigating To Radio Settings 16.2 Navigating To Radio Settings To specify radio settings, navigate to Manage > 802.11 Advanced Settings tab, which will open the Radio Settings page, and update the fields as described in Table 16.1 on page 165.
Chapter 16: Configuring 802.11 Radio Settings Configuring Radio Settings 16.3 Configuring Radio Settings Field Description Radio The 9160 G2 Wireless Gateway is available as a one-radio or two-radio access point. One-Radio AP: If you have a one-radio version of the 9160 G2 Wireless Gateway, this field is not included on the Radio tab. Two-Radio AP: If you have a two-radio version of the 9160 G2 Wireless Gateway, specify Radio One or Radio Two.
Chapter 16: Configuring 802.11 Radio Settings Configuring Radio Settings Field Description Extended Range Atheros Extended Range (XR) is a proprietary method for implementing low rate traffic over longer distances. It is transparent to XR enabled clients and access points and is designed to be interoperable with the 802.11 standard in 802.11g and 802.11a modes. There is no support for Atheros XR in 802.11b, Atheros Turbo 5 GHz, or Atheros Dynamic Turbo 5 GHz.
Chapter 16: Configuring 802.11 Radio Settings Configuring Radio Settings Field Description Fragmentation Threshold Specify a number between 256 and 2,346 to set the frame size threshold in bytes. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network. If a packet exceeds the fragmentation threshold set here, the fragmentation function will be activated and the packet will be sent as multiple 802.11 frames.
Chapter 16: Configuring 802.11 Radio Settings Configuring Radio Settings Field Description Transmit Power Provide a percentage value to set the transmit power for this access point. The default is to have the access point transmit using 100 percent of its power. Recommendations: • For most cases, we recommend keeping the default and having the transmit power set to 100 percent. This is more cost-efficient as it gives the access point a maximum broadcast range, and reduces the number of APs needed.
Chapter 16: Configuring 802.11 Radio Settings Updating Settings Field Description Enable Broadcast/Multicast Rate Limiting Enabling multicast and broadcast rate limiting can improve overall network performance by limiting the number of packets transmitted across the network. Some protocols use multicast and broadcast packets for traffic that the majority of nodes on a network are uninterested in. For example, ARP requests for other machines, DHCP or BOOTP messages.
MAC ADDRESS FILTERING 17 17.1 Navigating To MAC Filtering Settings. . . . . . . . . . . . . . . . . . . 173 17.2 Using MAC Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 17.3 Updating Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 17: MAC Address Filtering Navigating To MAC Filtering Settings A Media Access Control (MAC) address is a hardware address that uniquely identifies each node of a network. All IEEE 802 network devices share a common 48-bit MAC address format, usually displayed as a string of 12 hexadecimal digits separated by colons, for example FE:DC:BA:09:87:65. Each wireless network interface card (NIC) used by a wireless client has a unique MAC address.
Chapter 17: MAC Address Filtering Using MAC Filtering 17.2 Using MAC Filtering This page allows you to control access to the 9160 G2 Wireless Gateway based on Media Access Control (MAC) addresses. Based on how you set the filter, you can allow only client stations with a listed MAC address or prevent access to the stations listed. For the Guest interface, MAC Filtering settings apply to both BSSes. On a two-radio AP, MAC Filtering settings apply to both radios.
LOAD BALANCING 18 18.1 Understanding Load Balancing . . . . . . . . . . . . . . . . . . . . . . . 177 18.1.1 Identifying Imbalance: Overworked Or Under-utilized Access Points 177 18.1.2 Specifying Limits For Utilization And Client Associations . . . . . .178 18.1.3 Load Balancing And QoS . . . . . . . . . . . . . . . . . . . . . . .178 18.2 Navigating To Load Balancing Settings . . . . . . . . . . . . . . . . . . 178 18.3 Configuring Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . 179 18.
Chapter 18: Load Balancing Understanding Load Balancing The 9160 G2 Wireless Gateway allows you to balance the distribution of wireless client connections across multiple access points. Using load balancing, you can prevent scenarios where a single access point in your network shows performance degradation because it is handling a disproportionate share of the wireless traffic. The following sections describe how to configure Load Balancing on your wireless network. 18.
Chapter 18: Load Balancing Specifying Limits For Utilization And Client Associations 18.1.2 Specifying Limits For Utilization And Client Associations You can correct for imbalances in network AP utilization by enabling load balancing and setting limits on utilization rates and number of client associations allowed per access point. 18.1.
Chapter 18: Load Balancing Configuring Load Balancing 18.3 Configuring Load Balancing To configure load balancing, enable Load Balancing and set limits and behaviour to be triggered by a specified utilization rate of the access point. Notes: Even when clients are disassociated from an AP, the network will still provide continuous service to client stations if another access point is within range so that clients can re-connect to the network.
Chapter 18: Load Balancing Updating Settings Field Description Stations Threshold for Disassociation Specify the number of client stations you want as a “stations threshold” for disassociation. If the number of client stations associated with the AP at any one time is equal to or less than the number you specify here, no stations will be disassociated regardless of the Utilization for Disassociation value. Theoretically, the maximum number of client stations allowed is 2007.
QUALITY OF SERVICE (QOS) 19 19.1 Understanding QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 19.1.1 QoS And Load Balancing . . . . . . . . . . . . . . . . . . . . .183 19.1.2 802.11e And WMM Standards Support . . . . . . . . . . . . . .183 19.1.3 QoS Queues And Parameters To Coordinate Traffic Flow . . . .184 19.1.3.1 QoS Queues And Type Of Service (ToS) On Packets . .184 19.1.3.2 EDCF Control Of Data Frames And Arbitration Interframe Spaces. . . . . . . . . . . . . . . . . . . . . . .
Chapter 19: Quality of Service (QoS) Understanding QoS Quality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media, as well as traditional IP data over the 9160 G2 Wireless Gateway. The following sections describe how to configure Quality of Service queues on the 9160 G2 Wireless Gateway. 19.
Chapter 19: Quality of Service (QoS) QoS Queues And Parameters To Coordinate Traffic Flow As with all IEEE 802.11 working group standards, the goal is to provide a standard way of implementing QoS features so that components from different companies are interoperable. The 9160 G2 Wireless Gateway provides QoS based on the Wireless Multimedia (WMM) specification and Wireless Multimedia (WMM) standards, which are implementations of a subset of 802.11e features.
Chapter 19: Quality of Service (QoS) QoS Queues And Parameters To Coordinate Traffic Flow with each bit representing a different aspect or degree of priority for this data as well as other meta-information (low delay, high throughput, high reliability, low cost, and so on). For example, the ToS for FTP data packets is likely to be set for maximum throughput since the critical consideration for FTP is the ability to transmit relatively large amounts of data in one go.
Chapter 19: Quality of Service (QoS) QoS Queues And Parameters To Coordinate Traffic Flow Note: Wireless traffic travels: • Downstream from the access point to the client station. • Upstream from client station to access point. • Upstream from access point to network. • Downstream from network to access point.
Chapter 19: Quality of Service (QoS) QoS Queues And Parameters To Coordinate Traffic Flow Management and control frames wait a minimum amount of time for transmission; they wait a short interframe space (SIF). These wait times are built-in to 802.11 as infrastructure support and are not configurable. The 9160 G2 Wireless Gateway supports the Enhanced Distribution Coordination Function (EDCF) as defined by the 802.11e standard.
Chapter 19: Quality of Service (QoS) 802.1p And DSCP Tags The random backoff used by the access point is a configurable parameter. To describe the random delay, a “Minimum Contention Window” (MinCW) and a “Maximum Contention Window” (MaxCW) is defined. • The value specified for the Minimum Contention Window is the upper limit of a range for the initial random backoff wait time.
Chapter 19: Quality of Service (QoS) 802.1p And DSCP Tags The 802.1p header includes a three-bit field for prioritization, which allows packets to be grouped into various traffic classes. Eight priority levels are defined. The highest priority is seven, which might go to network-critical traffic (voice). Higher priority packets are always transmitted first.
Chapter 19: Quality of Service (QoS) 802.1p And DSCP Tags 19.1.4.1 VLAN Priority Table 19.1 outlines the priority tags and their associated values taken from a VLAN tag. VLAN ID Tag Priority 0 - default DHCP value Best Effort 1 Background 2 Background 3 Best Effort 4 Video 5 Video 6 Voice 7 Voice Table 19.1 VLAN Tag Priorities 19.1.4.2 DSCP Priority Table 19.2 outlines the DSCP values, the associated ID, and the priority level.
Chapter 19: Quality of Service (QoS) Configuring QoS Queues 19.2 Configuring QoS Queues To set up queues for QoS, navigate to the Services > QoS tab, and configure settings as described below. Configuring Quality of Service (QoS) on the 9160 G2 Wireless Gateway consists of setting parameters on existing queues for different types of wireless traffic, and effectively specifying minimum and maximum wait times (via Contention Windows) for transmission.
Chapter 19: Quality of Service (QoS) Configuring AP EDCA Parameters Configuring Quality of Service includes: • “Configuring AP EDCA Parameters” on page 192. • “Enabling/Disabling Wi-Fi Multimedia” on page 193. • “Updating Settings” on page 195. 19.2.1 Configuring AP EDCA Parameters AP Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the access point to the client station.
Chapter 19: Quality of Service (QoS) Enabling/Disabling Wi-Fi Multimedia Field Description cwMin (Minimum Contention Window) This parameter is input to the algorithm that determines the initial random backoff wait time (“window”) for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined.
Chapter 19: Quality of Service (QoS) Configuring Station EDCA Parameters Disabling WMM will deactivate QoS control of station EDCA parameters on upstream traffic flowing from the station to the access point With WMM disabled, you can still set parameters on the downstream traffic flowing from the access point to the client station (AP EDCA parameters). • To disable WMM extensions, click Disabled. • To enable WMM extensions, click Enabled. 19.2.
Chapter 19: Quality of Service (QoS) Updating Settings Field Description cwMin (Minimum Contention Window) This parameter is input to the algorithm that determines the initial random backoff wait time (“window”) for retry of a transmission. The value specified here in the Minimum Contention Window is the upper limit (in milliseconds) of a range from which the initial random backoff wait time is determined. The first random number generated will be a number between 0 and the number specified here.
WIRELESS DISTRIBUTION SYSTEM 20 20.1 Understanding The Wireless Distribution System . . . . . . . . . . . . . 199 20.1.1 Using WDS To Bridge Distant Wired LANs . . . . . . . . . . . . .199 20.1.2 Using WDS To Extend Network Beyond The Wired Coverage Area200 20.1.3 Using WDS To Create Backup Links. . . . . . . . . . . . . . . . .201 20.2 Security Considerations Related To WDS Links . . . . . . . . . . . . . . 201 20.2.1 Understanding Static WEP Data Encryption . . . . . . . . . . . . .202 20.2.
Chapter 20: Wireless Distribution System Understanding The Wireless Distribution System The 9160 G2 Wireless Gateway lets you connect multiple access points using a Wireless Distribution System (WDS). WDS allows access points to communicate with one another wirelessly. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required.
Chapter 20: Wireless Distribution System Using WDS To Extend Network Beyond The Wired Coverage Area Client Station Client Station WDS Bridge “Conference Room” AP Client Station “West Wing” AP t) erne Eth ( d e Wir nection Con LAN Segment 2 Client Station t) erne Eth ed ( tion r i W nec Con LAN Segment 1 Figure 20.1 Bridged Distant Wired LANs 20.1.
Chapter 20: Wireless Distribution System Using WDS To Create Backup Links Client Station Client Station WDS Bridge Client Station “East Wing” AP Client Station et) ern Eth ( d e Wir nection Con “Poolside” AP LAN Figure 20.2 Extended Network Beyond The Wired Coverage Area 20.1.3 Using WDS To Create Backup Links Another use for WDS bridging is the creation of backup links.
Chapter 20: Wireless Distribution System Understanding Static WEP Data Encryption 20.2.1 Understanding Static WEP Data Encryption Static Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. Both access points in a given WDS link must be configured with the same security settings. For static WEP, either a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key is specified for data encryption.
Chapter 20: Wireless Distribution System Configuring WDS Settings For more information about the effectiveness of the different security modes, see Chapter 10: “Configuring Security”. 20.3 Configuring WDS Settings To specify the details of traffic exchange from this access point to others, navigate to the Manage > WDS tab, and update the fields as described below. Note: Figure 20.3 shows the WDS settings page for the two-radio AP.
Chapter 20: Wireless Distribution System Configuring WDS Settings The following notes summarize some critical guidelines regarding WDS configuration. Please read all the notes before proceeding with WDS configuration. Notes: • When using WDS, be sure to configure WDS settings on both access points participating in the WDS link. • You can have only one WDS link between any pair of access points. That is, a remote MAC address may appear only once on the WDS page for a particular access point.
Chapter 20: Wireless Distribution System Configuring WDS Settings Field Description Local Address Indicates the Media Access Control (MAC) addresses for this access point. A MAC address is a permanent, unique hardware address for any device that represents an interface to the network. The MAC address is assigned by the manufacturer. You cannot change the MAC address. It is provided here for informational purposes as a unique identifier for the access point or interface.
Chapter 20: Wireless Distribution System Example Of Configuring A WDS Link Field Description Encryption If you are unconcerned about security issues on the WDS link you may decide not to set any type of encryption. Alternatively, if you have security concerns you can choose between Static WEP, and WPA (PSK). Note: The types of encryption options available here will depend on the settings you have specified on the Security tabbed page.
Chapter 20: Wireless Distribution System Updating Settings 2. Navigate to the WDS tab on MyAP1 Administration Web pages. The MAC address for MyAP1 (the access point you are currently viewing) will show as the “Local Address” at the top of the page. 3. Configure a WDS interface for data exchange with MyAP2. Start by entering the MAC address for MyAP2 as the “Remote Address” and fill in the rest of the fields to specify the network (guest or internal), security, and so on. Save the settings (click Update). 4.
21 CONFIGURING SNMP 21.1 Understanding SNMP Settings. . 21.2 Navigating To SNMP Settings . . 21.3 Configuring SNMP Settings . . . 21.3.1 Configuring SNMP Traps 21.3.2 Updating SNMP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 . . . . . . . 213 . . . . . . . 214 . . . . . . .215 . . . . . . .
Chapter 21: Configuring SNMP Understanding SNMP Settings The following sections describe how to configure SNMP and related settings on the 9160 G2 Wireless Gateway Enterprise-Manager API: 21.1 Understanding SNMP Settings Simple Network Management Protocol (SNMP) defines a standard for recording, storing, and sharing information about network devices. SNMP facilitates network management, troubleshooting, and maintenance.
Chapter 21: Configuring SNMP Understanding SNMP Settings The 9160 G2 Wireless Gateway also supports SNMP traps. Figure 21.1 illustrates how SNMP works on a network. Network Management System (NMS) SNMP Manager (2) SNMP Manager (1) SNMP Event GET request SET request Value Returned AP running SNMP Agent AP running SNMP Agent (Configured to send SNMP traps) MIB AP running SNMP Agent MIB Figure 21.
Chapter 21: Configuring SNMP Navigating To SNMP Settings 21.2 Navigating To SNMP Settings To configure SNMP settings, navigate to Services > SNMP, and update the fields as described below.
Chapter 21: Configuring SNMP Configuring SNMP Settings 21.3 Configuring SNMP Settings Start/stop control of SNMP agents, community password configuration, access to MIBs, and configuration of SNMP Trap destinations is provided through the 9160 G2 Wireless Gateway, as described below. Field Description SNMP Enabled/Disabled You can choose whether or not you want to enable SNMP on your network. By default SNMP is disabled. • To enable SNMP, click Enabled. • To disable SNMP, click Disabled.
Chapter 21: Configuring SNMP Configuring SNMP Traps Field Description Restrict the source of SNMP requests to only the designated hosts or subnets You can restrict the source of permitted SNMP requests. • To restrict the source of permitted SNMP requests, click Enabled. • To permit any source submitting an SNMP request, click Disabled. Hostname or subnet of Network Management System Specify the DNS hostname or subnet of the machines that can execute GET and SET requests to the managed devices.
Chapter 21: Configuring SNMP Updating SNMP Settings regarding some network events, such as network interfaces going up or down, clients failing to associate or authenticate with the access point, system power up or down and changes in the network topology.. SNMP traps save on network resources by eliminating redundant SNMP requests.They also make it easier for SNMP Managers to troubleshoot their network.
THE 9160 G2 AS BASE STATION 22.1 Overview . . . . . . . . . . . . . . . . . . . . . . . 22.2 Radio Protocols. . . . . . . . . . . . . . . . . . . . 22.2.1 Adaptive Polling/Contention Protocol . . . . 22.3 Narrow Band Menus . . . . . . . . . . . . . . . . . 22.3.1 Narrow Band Radio Configuration Settings . 22.3.1.1 RA1001A Radio Parameters . . . . 22.3.2 Connectivity Options . . . . . . . . . . . . 22.3.3 Connectivity Options: Base Station Mode . . 22.3.3.1 Polling Protocol Parameters. . . . . 22.3.3.
Chapter 22: The 9160 G2 As Base Station Overview 22.1 Overview The 9160 G2 Wireless Gateway can function as either a wired or wireless Base Station, or as a Remote Radio Module (RRM), using a radio link and Psion Teklogix proprietary protocols to facilitate communications with the terminals (see “Radio Protocols” on page 220).
Chapter 22: The 9160 G2 As Base Station Radio Protocols described in the sections that follow. In addition, the appropriate radio and host parameters must be applied. The radio parameters are found in the Radio pages for Narrow Band radios, as described in Section 22.3.1. The parameters for the hosts are described in Section 22.5 “Hosts” on page 243.
Chapter 22: The 9160 G2 As Base Station Narrow Band Menus 22.3 Narrow Band Menus 22.3.1 Narrow Band Radio Configuration Settings When you select the Radio sub-menu from the Narrow Band menu options, the 9160 G2 displays the Narrow Band Radio Configuration Settings of the operating mode for which the 9160 G2 is set (base station or RRM). The page displayed allows you to set the status of the 9160 G2, and to retrieve the RA1001A radio card’s permanent communications settings. Figure 22.
Chapter 22: The 9160 G2 As Base Station Narrow Band Radio Configuration Settings Radio Card Status This parameter enables or disables the Narrow Band Radio. The card may be disabled temporarily when, for testing purposes, it is required that there be no radio interference. Press the Update button to initialize the change. 22.3.1.1 RA1001A Radio Parameters The Narrow Band Radio Configuration Settings page displays the General, Frequencies, and Tuning Values parameters for the RA1001A Narrow Band radio.
Chapter 22: The 9160 G2 As Base Station Connectivity Options Figure 22.4 RA1001A Radio Frequencies 22.3.2 Connectivity Options When you select this sub-menu, the page displayed allows you to set the operating options for the 9160 G2 in either base station or RRM mode. 22.3.3 Connectivity Options: Base Station Mode When you enter the Connectivity Options sub-menu for the 9160 G2 set in base station operating mode, the Polling Protocol and Radio Parameters are displayed.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: Base Station Mode Operating Mode This parameter allows you to set the operating mode of the 9160 G2 as Base Station or RRM. Auto-Startup This parameter enables polling immediately when the 9160 G2 is rebooted. If Auto-Startup is disabled, the 9160 G2 will wait until polling is initialized from the network controller. Shared Channel Shared Channel is only used in Holland to accommodate government requirements.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: Base Station Mode 22.3.3.1 Polling Protocol Parameters Number of Poll Windows This parameter defines the number of poll windows the 9160 G2 will use. The value assigned to this parameter is dependent on the number of terminals and the radio link protocol used. Table 22.5 indicates how the value assigned to the Number of Poll Windows parameter is determined. Number of Terminals Minimum # of Windows 1-16 17-81 82-256 2 3 4 Table 22.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: Base Station Mode Maximum Message Segment Size This parameter determines the largest single message that can be passed to a terminal in message mode or from a terminal in long message mode. In a 9160 G2 base station, the value entered in this parameter must be greater than or equal to the value entered in the network controller or 9160 G2 mini-controller. The range of this parameter is between 32 and 116 characters.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: Base Station Mode Message Mode Limit This parameter defines an upper limit to the number of messages that must be queued for transmission before message mode polling starts. Accepted values range from 0 to 7, where 0 disables message mode. Note: The number of terminals and past events are also part of the algorithm that determines whether or not to start message mode.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: Base Station Mode parameter must be compatible with other base stations and terminals in the system. The RA1001A radio is available in either two level or four level modulation, providing baud rates of 4800 bps and 9600 bps, or 9600 bps and 19200 bps, respectively. The default setting for a two level modulation narrow band radio, operating at 9600 baud, is 23.
Chapter 22: The 9160 G2 As Base Station Connectivity Options: RRM Mode 22.3.4 Connectivity Options: RRM Mode When you enter the Connectivity Options sub-menu for the 9160 G2 set in RRM operating mode, the 9160 G2 displays the RRM parameters. IP Port This parameter allows you to enter the port number of the 9160 G2. The port number can range from 1024 to 32767. Important: The port number entered here must match the port number entered for this 9160 G2 in the network controller’s RRM configuration.
Chapter 22: The 9160 G2 As Base Station Connectivity Menus 22.4 Connectivity Menus The 9160 G2 Wireless Gateway can operate as a base station or remote radio module (RRM), facilitating the communications between terminals and wireless base stations and a network controller (Psion Teklogix 9500 Network Controller or 9160 G2 Wireless Gateway), using a range of host platforms. Alternatively, the network controller can be a host running a Psion Teklogix SDK (handler).
Chapter 22: The 9160 G2 As Base Station Base Station Configuration Settings 22.4.1 Base Station Configuration Settings Base stations communicate over the radio link using Psion Teklogix proprietary protocols. Base stations can be connected to network controllers using TCP/IP over Ethernet networks. As a base station communicating with terminals through a radio link, the 9160 G2 uses the Adaptive Polling/Contention RF protocol (see ‘Radio Protocols’ on page 220 for details on the protocols).
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings Status This parameter enables or disables this slave base station. Description The name entered in this parameter is used as an alternate way of identifying the IP address of a slave base station. IP Address This parameter provides the corresponding IP address for the slave base station. The IP Address must be a unique value so that each slave base station can be identified on the network. The acceptable value ranges from 0.0.0.
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings All RRMs in a group operate on the same radio channel. The 9160 G2 coordinates the transmissions of all the RRMs in a group (for this reason, the controlling 9160 G2 is sometimes referred to as the “Timeplexing Master”). Figure 22.
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings 22.4.2.1 RRM Groups In this screen the user can set options for a new RRM group. Each RRM must be a member of an RRM group; there may be more than one RRM group configured in the 9160 G2. An RRM group may contain from one to four RRMs.
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings polling command is received from the host. Polling starts if at least one of the RRMs in the RRM group is operating when the 9160 G2 boots. Shared Channel If this parameter is enabled, the 9160 G2 checks for other traffic on the radio channel used by this RRM group, before polling.
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings Maximum Message Segment Size This textbox allows the user to specify the size of the largest message segment, in bytes, that will be sent over the Psion Teklogix radio network. Larger messages are broken into parts. The allowable values range from 32 to 116. The default value is 100.
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings 22.4.2.3 Radio Parameters Because some of the radio parameters are identical for a given group of timeplexed RRMs, they may be configured by the user once on the 9160 G2; the 9160 G2 then passes them to the RRMs in the group. These parameters include the synchronization delay (Sync Delay), the remote transmit on-time (Remote Txon), and the channel number to be used (Active Channel).
Chapter 22: The 9160 G2 As Base Station RRM Groups Configuration Settings 22.4.2.4 Group Parameters Combination These textboxes allow the user to specify RRM subgroups called combinations. If the coverage areas of two or more of the RRMs in this RRM group do not overlap, the non-overlapping RRMs may poll at the same time. This improves system response time and reduces the amount of signalling on the network. RRMs that are not assigned to combinations poll individually, after the combinations poll.
Chapter 22: The 9160 G2 As Base Station Radio Link Features Configuration Settings 22.4.3 Radio Link Features Configuration Settings From the Connectivity options list, entering Radio Link Features will open the configuration settings page for the polling and cellular parameters. Figure 22.
Chapter 22: The 9160 G2 As Base Station Radio Link Features Configuration Settings 22.4.3.1 Radio Link Features Operate in Cellular Mode To operate as a cellular base station, this parameter should be enabled. Note: The 9500 Network Controller must also be set to cellular mode. Poll ID In Adaptive Polling/Contention protocol for narrow band radios, Poll ID is used to assign a unique address to each base station.
Chapter 22: The 9160 G2 As Base Station Radio Link Features Configuration Settings tocol Terminal Timeout is 60, and this parameter is set to 75%, then the timeout would be 60 min x 75% = 45 minutes. An offline terminal is still considered part of the system. Messages to offline terminals are queued at the 9160 G2. The terminal remains offline until it transmits an online message. Values for this parameter range from 50 to 90.
Chapter 22: The 9160 G2 As Base Station Radio Link Features Configuration Settings Expiration Period This parameter dictates how long, in days, a particular radio address or terminal number should be inactive, before the 9160 G2 declares it to be “expired”. An expired address or terminal number may be reassigned to another radio or session. Note: For this feature, it is recommended that you enable SNTP and to have an SNTP server available for accurate expiration times. 22.4.3.
Chapter 22: The 9160 G2 As Base Station Hosts Notes: When enabling Automatic Terminal Number: 1. Direct TCP Connections for TekTerm must be disabled (see page 241). 2. The Auto Session parameter in the terminal must be enabled in order for the terminal session number to be automatically assigned. 22.5 Hosts When the 9160 G2 acts as a base station, it must communicate with a “host”—a 9500 Network Controller, or a host computer using a Psion Teklogix Software Development Kit (SDK).
Chapter 22: The 9160 G2 As Base Station Hosts Figure 22.
Chapter 22: The 9160 G2 As Base Station Hosts Number Of Configured Hosts The Hosts page of the Connectivity options shows the number of hosts configured on the system. Up to six hosts can be supported. Host Number This parameter indicates the assigned host number. Choosing the Host Number from the drop-down list displays the parameters that can be modified or deleted for that host. New hosts can be added by selecting an unassigned number and configuring the parameters for it.
Chapter 22: The 9160 G2 As Base Station Hosts refer to the appropriate Psion Teklogix User Manual for: 9500 Network Controller, SDK, TESS or ANSI. No Online/Offline If this parameter is Enabled, the 9160 G2 base station does not notify the host if the status of a terminal changes between offline and online. If this parameter is Disabled, the 9160 G2 does notify the host regarding any terminal status changes. The default for this parameter is Disabled.
NETWORK TIME PROTOCOL SERVER 23 23.1 Navigating To Time Protocol Settings . . . . . . . . . . . . . . . . . . . 249 23.2 Enabling Or Disabling A Network Time Protocol (NTP) Server . . . . . 250 23.3 Updating Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 23: Network Time Protocol Server Navigating To Time Protocol Settings The Network Time Protocol (NTP) is an Internet standard protocol that synchronizes computer clock times on your network. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock. The timestamp will be used to indicate the date and time of each event in log messages. See http://www.
Chapter 23: Network Time Protocol Server Enabling Or Disabling A Network Time Protocol (NTP) Server 23.2 Enabling Or Disabling A Network Time Protocol (NTP) Server To configure your access point to use a network time protocol (NTP) server, first enable the use of NTP, and then select the NTP server you want to use. (To shut down NTP service on the network, disable NTP on the access point.
BACKING UP & RESTORING CONFIGURATION 24.1 24.2 24.3 24.4 24.5 24.6 Navigating To The AP’s Configuration Settings . . . . . . . Resetting Factory Default Configuration. . . . . . . . . . . Saving The Current Configuration To A Backup File . . . . Restoring The Configuration From A Previously Saved File Rebooting The Access Point . . . . . . . . . . . . . . . . . Upgrading The Firmware . . . . . . . . . . . . . . . . . . 24.6.1 Update . . . . . . . . . . . . . . . . . . . . . . . . 24.6.
Chapter 24: Backing Up & Restoring Configuration Navigating To The AP’s Configuration Settings You can save a copy of the current settings on the 9160 G2 Wireless Gateway to a backup configuration file. The backup file can be used at a later date to restore the access point to the previously saved configuration. 24.1 Navigating To The AP’s Configuration Settings To manage the configuration of an access point, navigate to the Maintenance > Configuration tab and use the interface as described below. 24.
Chapter 24: Backing Up & Restoring Configuration Saving The Current Configuration To A Backup File 24.3 Saving The Current Configuration To A Backup File To save a copy of the current settings on an access point to a backup configuration file (.cbk format): 1. Click the download configuration link. A File Download or Open dialog is displayed. 2. Choose the Save option on this first dialog. This brings up a file browser. 3.
Chapter 24: Backing Up & Restoring Configuration Rebooting The Access Point Note: When you click Restore, the access point will reboot. A “reboot” confirmation dialog and follow-on “rebooting” status message will be displayed. Please wait for the reboot process to complete (a minute or two). After a moment, try accessing the Administration Web pages as described in the next step; they will not be accessible until the AP has rebooted.
Chapter 24: Backing Up & Restoring Configuration Upgrading The Firmware Note: You must do this for each access point; you cannot upgrade firmware automatically across the cluster. Keep in mind that a successful firmware upgrade restores the access point configuration to the factory defaults. (See “Default Settings For The 9160 G2 Wireless Gateway” on page 27.) To upgrade the firmware on a particular access point: 1. Navigate to Maintenance > Upgrade on the Administration Web pages for that access point.
Chapter 24: Backing Up & Restoring Configuration Update 24.6.1 Update 1. Click Update to apply the new firmware image. Upon clicking Update for the firmware upgrade, a popup confirmation window is displayed that describes the upgrade process. 2. Click OK to confirm the upgrade, and start the process Important: The firmware upgrade process begins once you click Update and then OK in the popup confirmation window.
25 SPECIFICATIONS 25.1 25.2 25.3 25.4 25.5 25.6 25.7 Physical Description . . . . . . . . Environmental Requirements . . . AC Power Requirements . . . . . . Power Over Ethernet Requirements Processor And Memory . . . . . . Network Interfaces . . . . . . . . . Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 25: Specifications Physical Description Note: Performance specifications are nominal and subject to change without notice. 25.1 Physical Description Enclosure: Dimensions: Weight: Jet black in colour, FR2000 bay blend material < 30 x 20 x 12.5 cm (11.8 x 7.9 x 4.9 in.) < 2.25 kg (5.0 lbs.) (excludes radios, antennas, and options) 25.2 Environmental Requirements Operating Temperature: 0°C to 55°C (32°F to 131°F) Operating Rel.
Chapter 25: Specifications Power Over Ethernet Requirements 25.4 Power Over Ethernet Requirements Compliant with IEEE 802.3af (disabled when AC power is connected). Input voltage: 37 - 57 VDC On-board Power Supplies: 2.5W (Assume η=0.8 at full 12.5 watt from Ethernet) Dual 802.11b radios: 4W Main Logic Board: 6W 25.5 Processor And Memory Intel IXP420 processor running at 266 MHz 8 MB Flash ROM 32 MB SDRAM 25.
Chapter 25: Specifications Radios RA1001A - Narrow Band Radio Psion Teklogix Proprietary Narrowband Modulation (2/4 level FSK) Type III PC Card Form Factor Transmit Power 1W or 0.5W Frequency Range 403-422 MHz, 419-435 MHz, 435-451 MHz, 450-470 MHz, 464-480 MHz, 480-496 MHz, 496-512 MHz Rx Sensitivity < -110dBm @ 19.2kbps (4 level FSK) Data Rates 4800 bps, 9600 bps, 19.
APPENDIX A SUPPORT SERVICES AND WORLDWIDE OFFICES Psion Teklogix provides a complete range of product support services to its customers worldwide. These services include technical support and product repairs. A.1 Technical Support For technical support in North America: Call Toll free: +1 800 387 8898 Option 3 or Direct Dial: +1 905 813 9900 Ext. 1999 Option 3 For technical support in EMEA (Europe, Middle East and Africa), please contact the local office listed in the website below: http://www.
A.3 Worldwide Offices COMPANY HEADQUARTERS CANADIAN SERVICE CENTRE Psion Teklogix Inc. Psion Teklogix Inc. 2100 Meadowvale Boulevard Mississauga, Ontario Canada L5N 7J9 7170 West Credit Ave., Unit #1 Mississauga, Ontario Canada L5N 7J9 Tel: Tel: Direct: Fax: Web: +1 905 813 9900 Fax: +1 905 812 6300 E-mail:salescdn@psion.com +1 800 387 8898Option 2 - or + 1 905 813 9900Ext. 1999, Option 2 + 1 905 812 6304 www.psionteklogix.com NORTH AMERICAN HEADQUARTERS AND U.S.
APPENDIX B PORT PINOUTS AND CABLE DIAGRAMS B.1 Console Port Pin No.
Appendix B: Port Pinouts And Cable Diagrams Serial Cable Descriptions B.2 Serial Cable Descriptions Cable No. Function Connection Standard Length 19387 9160 G2 to Console Direct 6 feet Console Port Cable No.
Appendix B: Port Pinouts And Cable Diagrams RJ-45 Connector Pinouts (10BaseT/100BaseT Ethernet) B.3 RJ-45 Connector Pinouts (10BaseT/100BaseT Ethernet) 9160 G2 using AC Contact Signal 9160 G2 using Power over Ethernet* Contact Signal 1 TD+ 1 TD+ 2 TD– 2 TD– 3 RD+ 3 RD+ 4 Not used 4 5 Not used 5 6 RD– 6 7 Not used 7 8 Not used 8 RD– * The 9160 G2 can also accept 48 VDC power bias on the data line pairs (1,2) and (3,6) from such systems providing power over Ethernet.
APPENDIX C SECURITY SETTINGS ON WIRELESS CLIENTS AND RADIUS SERVER SETUP C.1 Network Infrastructure And Choosing Between Built-in Or External Authentication Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4 C.1.1 Using The Built-in Authentication Server (EAP-PEAP) . . . . . .C-4 C.1.2 Using An External RADIUS Server With EAP-TLS Certificates Or EAP-PEAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-4 C.2 Make Sure The Wireless Client Software Is Up-to-Date . . . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Typically, users will configure security on their wireless clients for access to many different networks (access points). The list of “Available Networks” will change depending on the location of the client and which APs are online and detectable in that location.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Network Infrastructure And Choosing Between Built-in Or External Authentication Server C.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Make Sure The Wireless Client Software Is Up-to-Date • “IEEE 802.1x Client Using EAP/TLS Certificate” on page C-15. • “WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate” on page C-24. • “Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway” on page C-30. • “Obtaining A TLS-EAP Certificate For A Client” on page C-34.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Accessing The Microsoft Windows Wireless Client Security Settings • From the Network Tasks menu on the left, click View Network Connections to bring up the Network Connections window. • Select the Wireless Network Connection you want to configure, rightmouse click and choose View available wireless networks.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring A Client To Access An Unsecure Network (No Security) Use this dialog for configuring all the different types of client security described in the following sections. Make sure that the Wireless Network Properties dialog you are working in pertains to the Network Name (SSID) for the network you want to reach on the wireless client you are configuring. C.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring Static WEP Security On A Client To configure the client to not use any security, bring up the client Network Properties dialog, and configure the following settings. Set Network Authentication to Open Set Data Encryption to Disabled Network Authentication Open Data Encryption Disabled Table C.1 Association Settings C.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring Static WEP Security On A Client If you configured the 9160 G2 Wireless Gateway to use Static WEP security mode . ..
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring Static WEP Security On A Client . . . then configure WEP security on each client as follows.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring IEEE 802.1x Security On A Client The key is provided for me automatically Disable this option (click to uncheck the box). Table C.2 Association Settings Enable IEEE 802.1x authentication for this network Make sure that IEEE 802.1x authentication is disabled (box should be unchecked). (Setting the encryption mode to WEP should automatically disable authentication.) Table C.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/PEAP ents. AND (2) Configure your IEEE 802.1x wireless clients to use PEAP. Note: The following example assumes that you are using the Built-in Authentication server that comes with the 9160 G2 Wireless Gateway.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/PEAP Choose Open Choose WEP Data Encryption mode Enable (click to check) IEEE 8021x authentication . . . then, click Choose Protected EAP (PEAP) Properties Enable auto key option 1 Disable (click to uncheck) Validate server certificate 2 Choose Secured password (EAP-MSCHAP v2) . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/PEAP 1. Configure the following settings on the Association tab on the Network Properties dialog. Network Authentication Open Data Encryption WEP Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/TLS Certificate Logging On To The Wireless Network With An IEEE 802.1x PEAP Client IEEE 802.1x PEAP clients should now be able to associate with the access point. Client users will be prompted for a user name and password to authenticate with the network. C.6.2 IEEE 802.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/TLS Certificate 4. Obtain a certificate for this client as described in “Obtaining A TLSEAP Certificate For A Client” on page C-34. If you configured the 9160 G2 Wireless Gateway to use IEEE 802.1x security mode with an external RADIUS server . . . . . . then configure IEEE 802.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/TLS Certificate Choose Open Choose WEP Data Encryption mode Enable (click to check) IEEE 8021x authentication Choose Smart Card/Certificate . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup IEEE 802.1x Client Using EAP/TLS Certificate 1. Configure the following settings on the Association tab on the Network Properties dialog. Network Authentication Open Data Encryption WEP Note: An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each IEEE 802.11 frame.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring WPA/WPA2 Enterprise (RADIUS) Security On A Client Connecting To The Wireless Network With An IEEE 802.1x Client Using A Certificate IEEE 802.1x clients should now be able to connect to the access point using their TLS certificates. The certificate you installed is used when you connect, so you will not be prompted for logon information.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP C.7.1 WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP The Built-In Authentication Server on the 9160 G2 Wireless Gateway uses Protected Extensible Authentication Protocol (EAP) known as “EAP/PEAP”.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP If you configured the 9160 G2 Wireless Gateway to use WPA/WPA2 Enterprise (RADIUS) security mode and to use either the Built-in Authentication Server or an external RADIUS server that uses EAP/PEAP . . . . . . first set up user accounts on the access point (Cluster, User Management). . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP . . . then configure WPA security with PEAP authentication on each client as follows. Choose WPA Choose either TKIP or AES for the Data Encryption mode Choose Protected EAP (PEAP) . . . then, click Properties 1 Disable (click to uncheck) Validate server certificate 2 Choose Secured password (EAP-MSCHAP v2) . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP/PEAP 1. Configure the following settings on the Association and Authentication tabs on the Network Properties dialog. Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate Logging On To The Wireless Network With A WPA/WPA2 Enterprise (RADIUS) PEAP Client “WPA/WPA2 Enterprise (RADIUS)” PEAP clients should now be able to associate with the access point. Client users will be prompted for a user name and password to authenticate with the network. C.7.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate 2. Configure the 9160 G2 Wireless Gateway to use your RADIUS server (by providing the RADIUS server IP address as part of the “WPA/WPA2 Enterprise [RADIUS]” security mode settings). 3. Configure wireless clients to use WPA security and “Smart Card or other Certificate” as described in this section. 4.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate . . . then configure WPA security with certificate authentication on each client as follows. Choose WPA Choose Smart Card or other Choose either TKIP or AES for the Certificate and enable Authenticate Data Encryption mode as computer .... 1 . . .
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup WPA/WPA2 Enterprise (RADIUS) Client Using EAP-TLS Certificate 1. Configure the following settings on the Association tab on the Network Properties dialog. Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring WPA/WPA2 Personal (PSK) Security On A Client C.8 Configuring WPA/WPA2 Personal (PSK) Security On A Client Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol (TKIP), Advanced Encryption Algorithm (AES), and Counter mode/CBC-MAC Protocol (CCMP) mechanisms. PSK employs a pre-shared key for an initial check of client credentials.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring WPA/WPA2 Personal (PSK) Security On A Client . . . then configure WPA/WPA2 Personal (PSK) security on each client as follows. Choose WPA-PSK. Choose either TKIP or AES for the Data Encryption mode. Enter a network key that matches the one specified on the access point (and confirm by re-typing). Network Authentication WPA-PSK Data Encryption TKIP or AES depending on how this option is configured on the access point.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway Enable IEEE 802.1x authentication for this network Make sure that IEEE 802.1x authentication is disabled (unchecked). (Setting the encryption mode to WEP should automatically disable authentication.) Table C.17 Authentication Settings Click OK on the Wireless Network Properties dialog to close it and save your changes.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway The purpose of this procedure is to identify your 9160 G2 Wireless Gateway as a “client” to the RADIUS server. The RADIUS server can then handle authentication and authorization of wireless clients for the AP. This procedure is required per access point.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway 1. Log on to the system hosting your RADIUS server and bring up the Internet Authentication Service. 2. In the left panel, right click on RADIUS Clients node and choose New > Radius Client from the popup menu. 3.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring An External RADIUS Server To Recognize The 9160 G2 Wireless Gateway 4. For the Shared secret enter the RADIUS Key you provided to the access point (on the Security page). Re-type the key to confirm.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Obtaining A TLS-EAP Certificate For A Client 5. Click Finish. The access point is now displayed as a client of the Authentication Server. C.10 Obtaining A TLS-EAP Certificate For A Client Note: If you want to use IEEE 802.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Obtaining A TLS-EAP Certificate For A Client Wireless clients configured to use either “WPA/WPA2 Enterprise (RADIUS)” or “IEEE 802.1x” security modes with an external RADIUS server that supports TLSEAP certificates must obtain a TLS certificate from the RADIUS server. This is an initial one-time step that must be completed on each client that uses either of these modes with certificates.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Obtaining A TLS-EAP Certificate For A Client The Welcome screen for the Certificate Server is displayed in the browser. 3. Click Request a certificate to get the logon prompt for the RADIUS server. 4. Provide a valid user name and password to access the RADIUS server.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Obtaining A TLS-EAP Certificate For A Client 5. Click User Certificate on the next page displayed. 6. Click Yes on the dialog displayed to install the certificate. 7. Click Submit to complete and click Yes to confirm the submittal on the popup dialog.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring RADIUS Server For VLAN tags 8. Click Install this certificate to install the newly issued certificate on your client station. (Also, click Yes on the popup windows to confirm the install and to add the certificate to the Root Store.) A success message is displayed indicating the certificate is now installed on the client. C.
Appendix C: Security Settings On Wireless Clients And RADIUS Server Setup Configuring A RADIUS Server Selection of the VLAN is usually based on the identity of the user. The RADIUS server informs the NAS (for example the access point) of the selected VLAN as part of the authentication. This setup enables users of Dynamic VLANs to move from one location to another without intervention and without having to make any changes to the switches.
APPENDIX D TROUBLESHOOTING D.1 Wireless Distribution System (WDS) Problems And Solutions . . . . . . D-3 D.2 Cluster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-4 D.2.1 Reboot Or Reset Access Point . . . . . . . . . . . . . . . . . .
Appendix D: Troubleshooting Wireless Distribution System (WDS) Problems And Solutions This section provides information about how to solve common problems you might encounter in the course of updating network configurations on networks served by multiple, clustered access points. D.1 Wireless Distribution System (WDS) Problems And Solutions If you are having trouble configuring a WDS link, be sure you have read the notes and cautions in “Configuring WDS Settings” on page 203.
Appendix D: Troubleshooting Cluster Recovery D.2 Cluster Recovery In cases where the access points in a cluster become out of sync or an access point cannot join or be removed from a cluster, the following methods for cluster recovery are recommended. D.2.1 Reboot Or Reset Access Point These recovery methods are given in the order you should try them.
APPENDIX E GLOSSARY 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9 802 IEEE 802 (IEEE Std. 802-2001) is a family of standards for peer-to-peer communication over a LAN. These technologies use a shared-medium, with information broadcast for all stations to receive. The basic communications capabilities provided are packet-based. The basic unit of transmission is a sequence of data octets (8-bits), which can be of any length within a range that is dependent on the type of LAN.
Appendix E: Glossary 802.3 802.3 IEEE 802.3 (IEEE Std. 802.3-2002) defines the MAC layer for networks that use CSMA/CA. Ethernet is an example of such a network. 802.11 IEEE 802.11 (IEEE Std. 802.11-1999) is a medium access control (MAC) and physical layer (PHY) specification for wireless connectivity for fixed, portable, and moving stations within a local area. It uses direct sequence spread spectrum (DSSS) in the 2.4 GHz ISM band and supports raw data rates of 1 and 2 Mbps.
Appendix E: Glossary 802.11d 802.11d IEEE 802.11d defines standard rules for the operation of IEEE 802.11 wireless LANs in any country without reconfiguration. PHY requirements such as provides frequency hopping tables, acceptable channels, and power levels for each country are provided. Enabling support for IEEE 802.11d on the access point causes the AP to broadcast which country it is operating in as a part of its beacons. Client stations then use this information.
Appendix E: Glossary 802.11i Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS). DFS detects other APs on the same frequency and redirects these to another channel. TCP reduces the network frequency output power of the AP, thus reducing the chance of any interference. This is a required standard in Europe, Japan, and the U.S. 802.11i IEEE 802.11i is a comprehensive IEEE standard for security in a wireless local area network (WLAN) that describes Wi-Fi Protected Access 2 (WPA2).
Appendix E: Glossary 802.1p 802.1p 802.1p is an extension of the IEEE 802 standard and is responsible for QoS provision. The primary purpose of 802.1p is to prioritize network traffic at the data link/ MAC layer. 802.1p offers the ability to filter multicast traffic to ensure it doesn’t increase over layer 2 switched networks. It uses tag frames for the prioritization scheme. To be compliant with this standard, layer 2 switches must be capable of grouping incoming LAN packets into separate traffic classes.
Appendix E: Glossary AES Ad hoc mode is also referred to as peer-to-peer mode or an independent basic service set (IBSS). AES The Advanced Encryption Standard (AES) is a symmetric 128-bit block data encryption technique developed to replace DES encryption. AES works at multiple network layers simultaneously. Further information is available on the NIST Web site. Atheros XR (Extended Range) Atheros Extended Range (XR) is a proprietary method for implementing low rate traffic over longer distances.
Appendix E: Glossary Bridge • The Capability Information lists requirements of stations that want to join the WLAN. For example, it indicates that all stations must use WEP. • The Service Set Identifier (SSID). • The Basic Rate Set is a bitmap that lists the rates that the WLAN supports. • The optional Parameter Sets indicates features of the specific signalling methods in use (such as frequency hopping spread spectrum, direct sequence spread spectrum, etc.).
Appendix E: Glossary BSSID BSSID In Infrastructure Mode, the Basic Service Set Identifier (BSSID) is the 48-bit MAC address of the wireless interface of the Access Point. C CCMP Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for 802.11h that uses AES. It employs a CCM mode of operation, combining the Cipher Block Chaining Counter mode (CBC-CTR) and the Cipher Block Chaining Message Authentication Code (CBC-MAC) for encryption and message integrity.
Appendix E: Glossary CTS to transmit a packet when the channel is quiet. When it detects that the channel is idle, the station transmits the packet. If it detects that the channel is busy, the station waits a random amount of time and then attempts to access the media again. CSMA/CA is the basis of the IEEE 802.11e Distributed Control Function (DCF). See also RTS and CTS. The CSMA/CA protocol used by 802.11 networks is a variation on CSMA/CD (used by Ethernet networks).
Appendix E: Glossary DNS DNS The Domain Name Service (DNS) is a general-purpose query service used for translating fully-qualified names into Internet addresses. A fully-qualified name consists of the hostname of a system plus its domain name. For example, www is the host name of a Web server and www.psionteklogix.com is the fully-qualified name of that server. DNS translates the domain name www.psionteklogix.com to some IP address, for example 66.93.138.219.
Appendix E: Glossary EAP E EAP The Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication, and smart cards. Variations on EAP include EAP Cisco Wireless (LEAP), Protected EAP (PEAP), EAP-TLS, and EAP Tunnelled TLS (EAP-TTLS). EDCF Enhanced Distribution Control Function is an extension of DCF.
Appendix E: Glossary ERP ERP The Extended Rate Protocol refers to the protocol used by IEEE 802.11g stations (over 20 Mbps transmission rates at 2.4GHz) when paired with Orthogonal Frequency Division Multiplexing (OFDM). Built into ERP and the IEEE 802.11g standard is a scheme for effective interoperability of IEEE 802.11g stations with IEEE 802.11b nodes on the same channel. Legacy IEEE 802.11b devices cannot detect the ERP-OFDM signals used by IEEE 802.
Appendix E: Glossary HTML sent, and a switch or bridge, which provides the actual path for the packet in and out of the gateway. Before a host on a LAN can access the Internet, it needs to know the address of its default gateway. H HTML The Hypertext Markup Language (HTML) defines the structure of a document on the World Wide Web. It uses tags and attributes to hint about a layout for the document. An HTML document starts with an tag and ends with a tag.
Appendix E: Glossary IAPP I IAPP The Inter Access Point Protocol (IAPP) is an IEEE standard (802.11f) that defines communication between the access points in a “distribution system”. This includes the exchange of information about mobile stations and the maintenance of bridge forwarding tables, plus securing the communications between access points. IBSS An independent basic service set (IBSS) is an Ad hoc Mode Wireless Networking Framework in which stations communicate directly with each other.
Appendix E: Glossary IP someone attempting to break into the system. It reports access attempts using unsupported or known insecure protocols. IP The Internet Protocol (IP) specifies the format of packets, also called datagrams, and the addressing scheme. IP is a connectionless, best-effort packet switching protocol. It provides packet routing, fragmentation and re-assembly. It is combined with higher-level protocols, such as TCP or UDP, to establish the virtual connection between destination and source.
Appendix E: Glossary IPSec A Static IP Address is an IP address that is hard-wired for a specific host. A static address is usually required for any host that is running a server, for example, a Web server. IPSec IP Security (IPSec) is a set of protocols to support the secure exchange of packets at the IP layer. It uses shared public keys. There are two encryption modes: Transport and Tunnel. • Transport mode encrypts only the data portion (payload) of each packet, but leaves the headers untouched.
Appendix E: Glossary LAN access point to the Internet and vice versa. Latency is caused by fixed network factors such as the time it takes to encode and decode a packet, and also by variable network factors such as a busy or overloaded network. QoS features are designed to minimize latency for high priority network traffic.
Appendix E: Glossary MAC M MAC The Media Access Control (MAC) layer handles moving data packets between NICs across a shared channel. It is a higher level protocol over the PHY layer. It provides an arbitration mechanism in an attempt to prevent signals from colliding. It uses a hardware address, known as the MAC address, that uniquely identifies each node of a network.
Appendix E: Glossary Multicast Multicast A Multicast sends the same message to a select group of recipients. Sending an email message to a mailing list is an example of multicasting. In wireless networks, multicast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802.1x Frames to a specified set of client stations (MAC addresses) on the network.
Appendix E: Glossary NTP NTP The Network Time Protocol assures accurate synchronization of the system clocks in a network of computers. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. An NTP client sends periodic time requests to servers, using the returned time stamp to adjust its clock. O OSI The Open Systems Interconnection (OSI) reference model is a framework for network design.
Appendix E: Glossary Packet • Layer 6, the Presentation layer, defines how information is presented to the application. It includes meta-information about how to encrypt/decrypt and compress/decompress the data. JPEG and TIFF file formats are examples of protocols at this layer. • Layer 7, the Application layer, includes protocols like hypertext transfer protocol (HTTP), simple mail transfer protocol (SMTP), and file transfer protocol (FTP).
Appendix E: Glossary Port Forwarding Port Forwarding Port Forwarding creates a ‘tunnel’ through a firewall, allowing users on the Internet access to a service running on one of the computers on your LAN, for example, a Web server, an FTP or SSH server, or other services. From the outside user’s point of view, it looks like the service is running on the firewall. PPP The Point-to-Point Protocol is a standard for transmitting network layer datagrams (IP packets) over serial point-to-point links.
Appendix E: Glossary Public Key Public Key A public key is used in public key cryptography to encrypt a message which can only be decrypted with the recipient's private or secret key. Public key encryption is also called asymmetric encryption, because it uses two keys, or Diffie-Hellman encryption. Also see Shared Key. Q QoS Quality of Service (QoS) defines the performance properties of a network service, including guaranteed throughput, transit delay, and priority queues.
Appendix E: Glossary Router defines a standard by which APs can communicate information about client associations and disassociations in support of roaming clients. Router A router is a network device which forwards packets between networks. It is connected to at least two networks, commonly between two local area networks (LANs) or between a LAN and a wide-area network (WAN), for example, the Internet. Routers are located at gateways—places where two or more networks connect.
Appendix E: Glossary RTS Threshold RTS Threshold The RTS threshold specifies the packet size of a request to send (RTS) transmission. This helps control traffic flow through the access point, and is especially useful for performance tuning on an access point with a many clients. S Shared Key A shared key is used in conventional encryption where one key is used both for encryption and decryption. It is also called secret-key or symmetric-key encryption. Also see Public Key.
Appendix E: Glossary STP STP The Spanning Tree Protocol (STP) is an IEEE 802.1 standard protocol (related to network management) for MAC bridges that manages path redundancy and prevents undesirable loops in the network created by multiple active paths between client stations. Loops occur when there are multiple routes between access points. STP creates a tree that spans all of the switches in an extended network, forcing redundant paths into a standby or blocked state.
Appendix E: Glossary TCP SVP SpectraLink Voice Priority (SVP) is a QoS approach to Wi-Fi deployments. SVP is an open specification that is compliant with the IEEE 802.11b standard. SVP minimizes delay and prioritizes voice packets over data packets on the Wireless LAN, thus increasing the probability of better network performance. T TCP The Transmission Control Protocol (TCP) is built on top of Internet Protocol (IP).
Appendix E: Glossary ToS ToS TCP/IP packet headers include a 3-to-5 bit Type of Service (ToS) field set by the application developer that indicates the appropriate type of service for the data in the packet. The way the bits are set determines whether the packet is queued for sending with minimum delay, maximum throughput, low cost, or mid-way “best-effort” settings depending upon the requirements of the data.
Appendix E: Glossary VLAN document (possibly stored on another computer). The first part of the URL indicates what protocol to use and the second part specifies the IP address or the domain name where that resource is located. For example, ftp://ftp.devicescape.com/downloads/myfile.tar.gz specifies a file that should be fetched using the FTP protocol; http://www.devicescape.com/index.html specifies a Web page that should be fetched using the HTTP protocol.
Appendix E: Glossary WDS WDS A Wireless Distribution System (WDS) allows the creation of a completely wireless infrastructure. Typically, an Access Point is connected to a wired LAN. WDS allows access points to be connected wirelessly. The access points can function as wireless repeaters or bridges. WEP Wired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks.
Appendix E: Glossary WLAN WLAN Wireless Local Area Network (WLAN) is a LAN that uses high-frequency radio waves rather than wires to communicate between its nodes. WMM Wireless Multimedia (WMM) is a IEEE technology standard designed to improve the quality of audio, video and multimedia applications on a wireless network. Both access points and wireless clients (laptops, consumer electronics products) can be WMM-enabled. WMM features are based on is a subset of the WLAN IEEE 802.11e draft specification.
Appendix E: Glossary WRAP WRAP Wireless Robust Authentication Protocol (WRAP) is an encryption method for 802.11h that uses AES but another encryption mode (OCB) for encryption and integrity. X XML The Extensible Markup Language (XML) is a specification developed by the W3C. XML is a simple, flexible text format derived from Standard Generalized Markup Language (SGML), designed especially for electronic publishing.
INDEX A B access point clustering 56 ethernet (wired) settings 131 guest network 147 load balancing 175 MAC filtering 171 monitoring 117 QoS 181 radio 161 security 89 user management 63 WDS bridging 197 wireless settings 139 Active Channel RA1001A parameters 228 RRM Group 237 Adaptive polling/contention protocol 220 administrator password on Basic Settings 49 platform 30 ANSI, connecting terminals 23 antenna requirements 19, 20 approvals xvi associated wireless clients 126 Atheros Turbo modes 8, 163 authe
Index RRM group 236 String, narrow band radio 227 captive portal 152 cellular base 220, 240 switching 219 certificate obtaining TLS-EAP certificate for client C-34 security for IEEE 802.
Index adaptor cards 262 base station 231 cable lengths 22 connections 22, 38 settings 131, 155 status indicator LED 22 10BaseT 22 pinouts B-3 100BaseT 22 pinouts B-3 events log 120 monitoring 120 Expiration Period, Radio Link Features 242 extended service set with WDS bridging 199 external devices 21 F factory defaults described 27 features overview 10 Firefox 23 First Terminal 246 Flash ROM 262 fragmentation threshold, configuring 165 Free Window Factor RRM group 236 Window Factor, narrow band radio 226
Index M MAC filtering, configuring 174 maintenance requirements 18 Management Information Bases (MIBs) 211 Maximum Message Segment Size RRM group 236 Message Segment Size, narrow band radio 226 memory 262 Message Mode Limit RRM group 236 Mode Limit, narrow band radio 227 Size (base station) 232 MIBs See Management Information Bases 211 Microsoft Internet Explorer 23 modulation levels, narrow band radio 228 Monitor Poll, 9010/TCP/IP emulation 246 N narrow band radio Active Channel parameter 228 configurati
Index hardware 37 location 21 pinouts console port B-1 RJ-45 connector (10BaseT) B-3 power connections 38 requirements 18, 262 Power Over Ethernet specifications 262 processor 262 progress bar for cluster auto-sync 59 protocol adaptive polling/contention 220 radio adaptive polling/contention 220 cellular switching 219 timeplexing 219 Q QoS See quality of service 181 quality of service 181 queues, configuring for QoS 191 R radio Automatic Radio Address Assignment Range 241 Automatic Terminal Number 242 bea
Index Remote Radio Modules 238 Remote Txon 237 RRM Group Number 234 Shared Channel 235 Size of Poll Windows 235 Sync Delay 237 RRM Groups configuration settings 232 RRM mode 229 RTS threshold, configuring 165 S safety approvals xvi instructions xvii SDRAM 262 security authentication server C-30 certificates on client C-34 comparison of modes 92 configuring 89–115 configuring on the access point 99 configuring on wireless clients C-1 features overview 11 guest network 101 IEEE 802.
Index configuring on IEEE 802.1x client C-11 configuring on WPA/WPA2 Enterprise (RADIUS) client C-20 V video display terminal, connecting 23 VLAN for internal and guest interface 150 Priority 190 Voice over IP improved service with QoS 181 voltage, input 18, 262 802.11 Advanced Settings (Radio Settings page) 164, 169 802.11 Basic Settings (Wireless Settings page)) 141, 146 802.
