u n w i r i n g o u r airPoint™ Nexus sB3210 User Guide Version 1.0 Copyright © smartBridges Pte Ltd. All Rights Reserved.
i n t e l l i g e n t w i r e l e s s p l a t f o r m TABLE OF CONTENTS ABOUT THIS DOCUMENT .................................................................................................... 3 OVERVIEW OF USER GUIDE ............................................................................................... 3 RELATED PUBLICATIONS ................................................................................................... 3 TECHNICAL SUPPORT CENTER .............................................
i n t e l l i g e n t w i r e l e s s p l a t f o r m About This Document This User Guide is for the networking professional who configures and manages the smartBridges’ Intelligent Nexus Platform of wireless access points (airPoint™ Nexus). It provides detailed information on using the web-based configuration GUI to configure the airPoint™ Nexus unit. This manual will help you gain a better understanding of how the various components of Nexus work.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Technical Support Center Comprehensive technical support by dedicated smartBridges engineers is available to all customers through the smartBridges support center website. The website provides updated tools and documents to help troubleshoot and resolve technical issues related to smartBridges products and technologies. To access the technical support resources, please visit the support center website at http://www.smartbridges.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 1. Introduction This User Guide provides information on how to set-up the features and deploy the airPoint unit. A web-based management tool is provided to assist the user in configuring the airPoint unit for different purposes. 1.1. airPoint™ Nexus Configuration Features The airPoint web-based management tool provides the user with the following features: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 1.3. Checklists Pre-Installation Checklist for airPoint™ Organization Name/Site Name Address City State Zip Code Telephone Number Site Survey and Link Planning No 1 2 3 Parameters Standard to be followed Frequency Band Units FCC/ETSI 2.4GHz 5.25-5.35 5.47-5.725 5.725-5.
i n t e l l i g e n t No 22 23 24 25 26 27 w i r e l e s s Parameters Length of external cable connecting a Radio and antenna Fade Margin taken into account for a link budgeting Model of smartBridges airPoint™ equipment selected for a link.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Post-Installation Checklist for airPoint™ Organization Name/Site Name Address City State Zip Code Telephone Number General Configuration Information No Parameters 1 Radio operations Mode Units Bridge 2 SSID of a Radio 3 IP address x.x.x.x 4 Link Quality Percentage 5 RSSI dBm 6 Channel selected for Link 7 Radio Tx Output Power (-5 to 23 dBm) 8 Model of smartBridges airPoint™ equipment selected for a link.
i n t e l l i g e n t Checklist No Parameters 1 Check out the Crimping of the Ethernet cable at both the ends w i r e l e s s Units Yes/No 2 Check out the proper grounding of the antenna and equipment Yes/No 3 Ensure no extreme bends or kink's in the cable Yes/No 4 Ensure Ethernet cable not running near a sharp edge Yes/No 5 Ensure airPoint™ along with antenna is fixed properly on a tower with the help of nuts and bolt supplied in packaging Yes/No 6 Ensure antenna is pointed to get the best
i n t e l l i g e n t w i r e l e s s p l a t f o r m 2. airPoint™ Configuration This chapter explains how to log in, change passwords and configure the various parameters for the airPoint™ Nexus. 2.1. User Login and License Agreement The airPoint unit comes with a pre-configured default Ethernet (wired-side) IP address: 192.168.0.206 and subnet mask: 255.255.255.0.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 2-2 License Agreement Page Figure 2-3 Nexus Summary Information Page The page information descriptions are provided in the table on the following page: airPoint™ Nexus User Configuration Guide Page 11 of 55
i n t e l l i g e n t w i r e l e s s p l a t f o r m Table 2-1 Description of Parameters Page Item Ethernet Configuration Wireless Configuration Port Information IP Address IP Mask Gateway DHCP SSID Channel Descriptions Editable Ethernet IP Address. Editable Ethernet IP subnet Mask Editable Gateway IP address. Editable DHCP status Disabled / Enabled User can enable DHCP by ticking the check box to obtain an IP address from the network DHCP server Device SSID. Device operation channel.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 2.3. Using the Configuration Pages: The airPoint™ Nexus configuration system comprises several pages for configuring each parameter. A common navigation menu bar is provided at the top of each page for easy navigation as shown in the figure below. Figure 2-5 Navigation Menu Bar System configuration information is displayed as read-only in each page.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 2-6 Editable Boxes for Parameter Editing The Navigation menu bar contains menu items that allow user to go to different configuration pages. The following table summarizes functionalities available for the menu item links. Table 2-2 Description of Menus Menu Item Home Networking Menu Sub-items Summary Info Bridge Configuration Traffic Statistics Radio Main Description Displays summary information such as Wireless settings.
i n t e l l i g e n t Menu Item Radio w i r e l e s s p l a t f o r m Menu Sub-items Main Description Wireless Traffic Statistics: Displays the Wireless Traffic Statistics. Security Allows the user to set the security mode: 1. 2. 3. 4. 5. 6. None WEP only Internal ACL External ACL (Radius) WPA-Radius WPA-PSK None: There is no security involved for normal clients. WDS capable devices such as the airClient Bridge needs to be input into WDS table.
i n t e l l i g e n t Menu Item Tools Menu Sub-items System Configuration w i r e l e s s p l a t f o r m Description System Name: Allows user to change the name of the airPoint™ unit System Description: Allows user to enter a description of the airPoint™ unit SNMP Security: Allows user to set the SNMP Community String and SNMP Access Filters Reset: Resets the device remotely Delayed Reset: Schedules delayed reset at a future time NTP Server : Allows user to change NTP Server settings Firmware Version:
i n t e l l i g e n t Menu Item Tools Menu Sub-items Profile Manager w i r e l e s s p l a t f o r m Description Save Profile Allows user to define and save up to three device operating profiles for easy device management. One installation profile is always available. Operating Profile Allows user to load the profile from saved profiles and shows last loaded profile Profile Calendar Allows user to plan and manage the use of different profiles at different times efficiently.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 2.4. airPoint™ Bridge Configuration Parameters This section explains how to configure the following parameters for airPoint Bridge: Ethernet, Wireless and Bridge Spanning Tree Protocol. 2.4.1. Ethernet Configurations The Ethernet (wired-side) parameters need to be configured for the management of the airPoint Bridge device. The airPoint™ Nexus 3210 unit supports two Ethernet ports configured as a bridge.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 6. 7. 8. 9. Choose a radio channel to associate with the client. Choose the data rate. Select the transmit power of the radio from Dial in Power drop down menu Select the gain of the antenna from the drop down menu according to the gain of the antenna used with the equipment. 10. Enter the RF cable loss based on the cable specifications 11. Click the ‘Apply Changes’.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Page Items Descriptions Rates This indicates the current rate at which the radio is operating, which can be set as desired by the user. Allows radio to fall back to lower data rate. Dial a Power is used to set the output power of the radio at the N Connector. Auto Rate Fallback Dial a Power Antenna Gain The valid radio power range is from -5 dBm to 23 dBm This is the gain of an antenna attached with the airPoint™ unit.
i n t e l l i g e n t w i r e l e s s Page Item Descriptions Preamble Settings a) Shows current value b) Choose other settings available from pull-down menu p l a t f o r m The radio preamble is a section of data at the head of a packet that contains information the airPoint™ Device and Remote devices need when sending and receiving packets. The pull-down menu shows user to select a long, short or dynamic radio preamble. Default is dynamic.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 2.5. Bridge Configuration In Bridge mode the airPoint™ unit acts as a transparent bridge between the Radio and the Ethernet interfaces. The figure below shows the bridge configuration and the bridge forwarding table information. The STP (Spanning Tree Protocol) is disabled by default. Figure 2-10 Bridge Configuration Information 2.6.
i n t e l l i g e n t p l a t f o r m Setting Default Value Bridge forward delay 15 4-30 The period of time a bridge will wait (the listen and learn period) before beginning to forward data packets. Ethernet port (ETH A) path cost 100 0-65535 The cost of using the port to reach the root bridge. When selecting among multiple links to the root bridge, STP chooses the link with the lowest path cost and blocks the other paths. Each port type has its own default STP path cost.
i n t e l l i g e n t w i r e l e s s p l a t f o r m The Radio and Ethernet interfaces are assigned to bridge group by default. When the user enables STP and assigns a priority on bridge, STP is enabled on the radio and Ethernet interfaces. The interfaces adopt the priority assigned to bridge. The user can edit STP Priority, Bridge Max age, Bridge hello time, Forward Delay, STP Port priority and STP Port Path cost.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 2-11 Bridge Configuration airPoint™ Nexus User Configuration Guide Page 25 of 55
i n t e l l i g e n t w i r e l e s s p l a t f o r m 3. Security The Security Configuration page allows the client devices to authenticate with the airPoint™ unit by using different security modes. Follow the steps below to configure the airPoint™ unit with Security Parameters: 1. Click the Security link from the ‘Radio Main’ page. 2. Click on the Required Security Mode.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 3-1 Radio Security Page with WDS entries added 3) Internal ACL (Access Control List) Mode: The user needs to provide the ACL MAC addresses or WDS addresses of the clients that can get associated with the airPoint Bridge. In this mode, you can define the bandwidth for each wireless client device. The WEP key can be enabled or disabled.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 3-2 Internal ACL with WEP disabled If the WEP key is enabled, the configuration page for Internal ACL will be as follows: Figure 3-3 Internal ACL with WEP enabled airPoint™ Nexus User Configuration Guide Page 28 of 55
i n t e l l i g e n t w i r e l e s s p l a t f o r m 4) External ACL(Radius) & Internal ACL: This mode allows the user to use an External Radius as well as an Internal ACL for client authentication. The entry in the Internal ACL has more precedence than the External ACL table (WDS entries still need to be local). a. The user needs to give the Radius server address and secondary radius server address if any. b.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Encryption type is TKIP (Temporal Key Integrity Protocol). Figure 3-5 WPA radius page 6) WPA-PSK: In this mode, a client needs to be capable of WPA-PSK. The user needs to give the Pre-Shared Key value and the clients must specify the key to get associated. There is no WDS in this case as well as WDS does not work with WPA-PSK.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 4. Traffic Statistics The Wireless and Ethernet Traffic Statistics can be displayed by clicking on the ‘Networking’ | ‘Statistics’ drop down menu. The following figure shows the statistics page. This page will be refreshed after every 10 seconds.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 5. Tools 5.1.1. System Configuration The System Configuration page provides a one page tool to configure the airPoint™ device. To access the System Configuration page go to ‘Tools’ | ‘System Configuration’ drop down menu. The following figure displays the System Configuration page. Figure 5-1 System Configuration The following page summarizes the contents of the System Configuration page.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Table 5-1 System Configuration Page Item Descriptions System Name Displays name of airPoint™ unit Allows user to change airPoint™ unit name System Description Displays description of airPoint™ unit Allows user to change airPoint™ unit description SNMP Security Access the SNMP security settings Reset Reset device Delayed Reset Schedule a reset NTP Server NTP server setup, as well as NTP time if server is setup Software Version Radio Firmw
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 5-2 SNMP Security Configuration Table 5-2 SNMP Security Configuration Page Items Descriptions SNMP Community Display SNMP Community String that is currently used to communicate to the device through SNMP User can change the SNMP Community String by entering a new Community string User must enter the same community string as New Community string to confirm.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 5-3 Delayed Reset For delayed reset, follow the steps below: 1. 2. 3. 4. Select date from the calendar that has been provided. Select the recurrence. Click ’Apply Changes’ button to change the settings. If user wants to disable ‘Delayed Reset’, check the box that has been provided. 5.1.4. NTP Time Server Setup The device time comes from the network time information source. The device needs access to a network timer (NTP time server) source.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 5-4 NTP Time Settings 5.2. Profile Manager The airPoint™ Nexus configuration parameters can be saved as profiles in the system. There are four profiles available in the system: 1. 2. 3. 4. Installation profile Profile1 Profile1 Profile3 All the four profiles contain the same default parameters.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 5-5 Profile Manager Table 5-3 Profile Manager Menu Items Page Item Descriptions Save As: Select which profile name to save for the current configuration Profile Description: Specify a description for the profile to be saved. Save Profile button Click to save current profile Change Profile To: Select which profile to load as current configuration Profile Description: Description for profile to be loaded.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 5.2.2 Load Operating Profile To load the operating profile: 1. Select a profile to load from the Profile Table: 2. Click the Load Profile button to load the selected profile. Note: Current configuration parameters will be replaced by the new loaded profile. User will be asked to wait while the new profile loads. 5.2.3 Profile Calendar Profile calendar allows user to manage profiles based on different calendar times.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 5.3. Link Test The Link Test tools are available from the navigation menu bar ‘Tools’ | ‘Link Test’ drop down menu. From Link Test tools the user can test Throughput and perform Ping Test. You will need to run Radio Transmit or Radio Receive. The client device will automatically start receiving /transmitting (provided an airClient Nexus is used). The user needs to specify the IP address for the test.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 5-8 Throughput Test Result 5.4. Link Budget Planning Link Budget Planning is a very useful tool for link budget estimation. The Link Budget Planning Calculator can be accessed from the navigation menu bar ’Tools| Link Budget Planning Calculator’ drop down menu. A GPS Calculator is provided in the Link Budget Planning Calculator page to calculate the distance between two airPoint™ stations. To calculate the distance, follow the steps below: 1.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 6. The link budget information will be displayed in the following figure. The link budget information EIRP, Free Space Loss and Theoretical RSSI are computed and displayed. The Receive Sensitivity, Maximum Transmit Power, System Gain and Available Fade Margin at various Link Speed are also computed and displayed in a table. Ideal fade margin for a link is between 10 dB to 20 dB for a stable link base on the environmental condition of a region.
i n t e l l i g e n t w i r e l e s s p l a t f o r m 6. Firmware Upgrade New firmware for airPoint™ Nexus is available for download from smartBridges Support web-site: http://www.smartbridges.com/support/ The airPoint™ Nexus device firmware can be upgraded from the web management interface. Follow the steps below to upgrade the airPoint™ Nexus firmware: 1. Download the latest (or a particular release version) of the airPoint™ Nexus firmware from the web-site http://www.smartbridges.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 6-3 Successful upgrade pop-up window airPoint™ Nexus User Configuration Guide Page 43 of 55
i n t e l l i g e n t w i r e l e s s p l a t f o r m Appendix A: Configuration of the Radius Server FreeRADIUS/WinXP Authentication Setup This document describes how to build a FreeRADIUS server for TLS and PEAP authentication, and how to configure the Windows XP clients (supplicants). The server is configured for a home (or test) network. Three papers have been written about TLS authentication with a FreeRADIUS server and are available at the following websites: 1) www.missl.cs.umd.
i n t e l l i g e n t w i r e l e s s p l a t f o r m make > mymake.log 2>&1 If you encounter problems, you can review mymake.log (or myconfig.log, or myinstall.log) for errors. b. FreeRadius -- Download the latest FreeRADIUS snapshot.We downloaded the file to our home directory. The snapshot is located at: »ftp://ftp.freeradius.org/pub/radius/CVS-snap.. Then we used the following nine steps: mkdir -p /usr/src/802/radius cd /usr/src/802/radius cp /home/jbibe/freeradius-snapshot-20040203.tar.
i n t e l l i g e n t w i r e l e s s p l a t f o r m # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Tennessee localityName = Locality Name (eg, city) localityName_default = Brentwood 0.organizationName = Organization Name (eg, company) 0.
i n t e l l i g e n t w i r e l e s s p l a t f o r m For TLS and PEAP, the server needs root.pem and cert-srv.pem. For TLS, the Windows XP client needs root.der and cert-clt.p12. For PEAP, the Windows XP client needs root.der. In the event that you want to use TLS authentication with multiple clients, Document 3 provides the needed script. Look for the CA.clt script in Section 6. 3. Configure Server for TLS There are only a few changes and additions needed for TLS authentication. The clients.
i n t e l l i g e n t w i r e l e s s p l a t f o r m dh_file = /usr/local/radius/etc/1x/dh random_file = /usr/local/radius/etc/1x/random fragment_size = 1024 include_length = yes } No other changes are needed in radiusd.conf for TLS. d. Server Certificates, DH File, and Random File – we added a new directory 1x in the radius etc directory, and then copied the server certificates (root.pem and cert-srv.pem) into the directory.
i n t e l l i g e n t w i r e l e s s p l a t f o r m At the RADIUS tab for authentication: Active = Yes Server IP = 192.168.1.10 Port Number = 1812 Shared Secret = AP_Shared_Secret 6. Test TLS The final step is to test the server.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Change the default_eap_type from tls to peap: eap { default_eap_type = peap Move to the PEAP section below the TLS section and uncomment the following lines: peap { default_eap_type = mschapv2 } The server is now ready for PEAP authentication. 8. Change Windows XP for PEAP On the Wireless Network tab, select the network and click Configure to open the network properties.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Appendix B - Useful terms and definitions Abbreviations MAC RSSI SSID DHCP ACL SNMP NTP STP TCP/IP Acronyms Media Access Control Receive Signal Sensitivity Indication Service Set Identifier Dynamic Host Configuration Protocol Access Control List Simple Network Management Protocol Network Time Protocol Spanning Tree Protocol Transmission Control Protocol/ Internet Protocol 802.11h The 802.11h specification is an addition to the 802.
i n t e l l i g e n t w i r e l e s s p l a t f o r m then forwards the encrypted frame to its destination. The encrypted data frames are sent with the MAC header WEP bit set. Thus, the receiver knows to use the shared WEP key to decrypt the payload and recover the original frame. The new frame, with an unencrypted payload can then be passed to an upper layer protocol. WEP keys can be either statically configured or dynamically generated. In either case, WEP has been found to be easily broken.
i n t e l l i g e n t w i r e l e s s p l a t f o r m SNMP Short for Simple Network Management Protocol, a set of protocols for managing complex networks. The first versions of SNMP were developed in the early 80s. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices, called agents, store data about themselves in Management Information Bases (MIB) and return this data to the SNMP requesters.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Appendix C - SNMP Trap The airPoint™ Nexus generates SNMP trap that can be forwarded to the SNMP Trap server. The SNMP Trap server IP address is set in section. The following table provides a list of SNMP traps generated. Trap IP address IP netmask Gateway SSID Radio Mode Note: Value 0 1 2 3 4 Message Object Identifier: 1.3.6.1.4.1.14882.2.1.1 Value: Object Identifier: 1.3.6.1.4.1.14882.2.1.
i n t e l l i g e n t w i r e l e s s p l a t f o r m Appendix D – License airPoint™ Nexus is Copyright © 2004-2005 by smartBridges. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
