Spectrum24 AP-4131 Access Point Product Reference Guide 72E-56316-01 Revision A February 2002 www.symbol.
Copyright Copyright © 2002 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be modified or adapted in any way, for any purposes without permission in writing from Symbol. The material in this manual is subject to change without notice. Symbol reserves the right to make changes to any product to improve reliability, function, or design. No license is granted, either expressly or by implication, estoppel, or otherwise under any Symbol Technologies, Inc.
About This Document Reference Documents This reference guide refers to the following documents: Part Number Document Title 72E-51753-01 Wireless LAN Adapter 4100 Series PC Card & PCI Adapter Product Reference Guide 72E-51754-01 Spectrum24 DS Plus Pack Users Guide 72E-51755-01 Spectrum24 Site Survey System Administrators Guide Conventions Keystrokes are indicated as follows: ENTER identifies a key. FUNC, CTRL, C identifies a key sequence. Press and release each key in turn.
This document uses the following for certain conditions or information: Indicates tips or special requirements. Indicates conditions that can cause equipment damage or data loss. Indicates a potentially dangerous condition or procedure that only Symboltrained personnel should attempt to correct or perform.
Contents Chapter 1 Introduction .......................................................................................1 1.1 Access Point (AP)...........................................................................1 1.2 Radio Basics .................................................................................3 1.2.1 S24 Network Topology........................................................3 1.2.2 Cellular Coverage ..............................................................8 1.2.
2.1.4 Using a Web Browser........................................................41 2.2 Navigating the UI .......................................................................48 2.2.1 Entering Admin Mode .......................................................50 2.2.2 Changing the Access to the UI ...........................................51 2.2.3 Configuring for Dial-Up to the UI .......................................53 2.2.4 Navigating the UI Using a Web Browser .............................54 2.
2.9 Configuring Address Filtering.....................................................118 2.9.1 Adding Disallowed MUs ..................................................119 2.9.2 Removing Disallowed MUs ..............................................119 2.10 Configuring Type Filtering .......................................................120 2.10.1 Adding Filter Types .......................................................120 2.10.2 Removing Filter Types....................................................
3.9 Miscellaneous Statistics..............................................................182 3.9.1 Analyzing Channel Use ...................................................184 3.9.2 Analyzing Retries ............................................................185 3.10 Event History ..........................................................................186 3.11 Clearing Statistics....................................................................187 Chapter 4 Hardware Installation .....................
Appendix E Installing and Configuring Kerberos Setup Service ............. E-1 E.1 Creating a Windows 2000 Environment for the KSS ..................... E-1 E.2 Installing the KSS in a Windows 2000 Environment ...................... E-2 E.3 Preparing the KSS for Access Point Validation .............................. E-5 E.4 Manually Creating an Access Point Setup Account...................... E-12 E.5 Implementing Kerberos without the KSS .................................... E-14 Index ....................
x AP-4131 Access Point Product Reference Guide
Chapter 1 Introduction Spectrum24 is a spread spectrum cellular network that operates between 2.4 and 2.5 GHz (gigahertz). This technology provides a high-capacity network using multiple access points within any environment. The Symbol AP-4131Access Point (AP) is a Spectrum24 direct-sequence (DS) product. Spectrum24 DS products use direct-sequence technology to provide a high-capacity, high-data-rate wireless network. Spectrum24 DS infrastructure products include: 1.
Introduction The AP meets the following: • the regulatory requirements for Europe and many other areas of the world • FCC part 15, class A with no external shielding • FCC part 15 class B, ETS 300-339 compliance, including CE mark.
Introduction 1.2 Radio Basics Spectrum24 devices use electromagnetic waves to transmit and receive electric signals without wires. Users communicate with the network by establishing radio links between MUs and APs. Spectrum24 products use DSSS (direct sequence spread spectrum) to transmit digital data from one device to another. Using FM, a radio signal begins with a carrier signal that provides the base or center frequency.
Introduction A WLAP communicates only with its root AP through the wireless interface. Select from the following topologies: 4 • A single AP used without the wired network provides a single-cell wireless network for peer-to-peer MUs. • A single AP can bridge the Ethernet and radio networks.
Introduction • Multiple APs can coexist as separate, individual networks at the same site without interference using different Net_IDs. The Net_ID (ESS) can be thought of as a Wireless LAN Network Identifier. These separate Wireless LANs may be configured to use different channel assignments to avoid RF interference. • Multiple APs wired together provide a network with better coverage area and performance when using the same Net_IDs.
Introduction In WLAP mode, a wireless AP-to-AP connection functions: • as a bridge to connect two Ethernet networks Kerberos, EAP-TLS and the Mobile IP feature are not available when the access point is operating in WLAP mode.
Introduction In WLAP mode, APs and MUs are required to have the same Preamble settings to interoperate. Additionally, the root AP is required to be running before the “leaf” or WLAP connection is established. • as a repeater to extend coverage area without additional network cabling. When using a wireless AP-to-AP connection, use the optimal antenna configuration for the site. For example, use a directional antenna when establishing a dedicated wireless bridge or repeater.
Introduction Using more than two WLAPs to establish a connection slows network performance for all topologies. To increase WLAP performance, disable WNMP Functions and AP-AP State Xchg parameters under the Set System Configuration screen. To set up an AP for wireless operation automatically, select the Enabled option for the WLAP Mode parameter. To set these values, see section 2.5: ”Configuring Radio Parameters” on page 71.
Introduction APs with the same Net_ID (ESS) define a coverage area. The MU searches for APs with a matching Net_ID (ESS) and synchronizes with an AP to establish communications. This allows MUs within the coverage area to move about or roam. As the MU roams from cell to cell, it switches APs. The switch occurs when the MU analyzes the reception quality at a location and decides which AP to communicate with based on the best signal strength and lowest MU load distribution.
Introduction The Root AP and Association Process By default, APs with WLAP Mode enabled and within range of each other automatically associate and configure wireless operation parameters at power up. This association process determines the wireless connection viability and establishes the Root AP and subsequently designated WLAPs. APs communicating wirelessly with one another require the same: Net_ID (ESS), Encryption mode, Data Rate and Short RF Preamble settings.
Introduction If AP D on Ethernet II has data for a device on Ethernet I, it requires a bridge or a repeater. In this configuration, AP C functions as a repeater. To ensure transmission to devices on Ethernet I, AP D has to use the AP A channel, DTIM and TIM interval. The AP with lowest WLAP priority value is the Root AP. To manually designate AP B as the Root AP, assign it a WLAP Priority value less than 8000 Hex. See section 2.5: ”Configuring Radio Parameters” on page 71. IEEE 802.
Introduction Symbol recommends conducting a new site survey and developing a new coverage area floor plan when switching from 1 or 2 Mbps frequencyhopping access points to 11 Mbps direct-sequence access points. 1.3 Access Point Functional Theory To improve AP management and performance, users need to understand basic AP functionality and configuration options. The AP includes features for different interface connections and network management. The AP provides MAC layer bridging between its interfaces.
Introduction 1.3.1 MAC Layer Bridging The AP listens to all packets on all interfaces and builds an address database using the unique IEEE 48-bit address (MAC address). An address in the database includes the interface media that the device uses to associates with the AP. The AP uses the database to forward packets from one interface to another. The bridge forwards packets addressed to unknown systems to the Default Interface (Ethernet).
Introduction Transmitted ARP request packets echo back to other MUs. The AP removes from its database the destination or interface information that is not used for a specified time. The AP refreshes its database when it transmits or receives data from these destinations and interfaces. Filtering and Access Control The AP provides facilities to limit the MUs that associate with it and the data packets that can forward through it.
Introduction See section 2.4 “Configuring System Parameters” on page 59 and section 2.5.1: ”Wireless AP Operation Parameters” on page 80. To enable this feature, set the WLAP Mode to Link 1.3.3 Required. DHCP Support The AP can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on BOOTP protocol and can coexist or interoperate with BOOTP.
Introduction Program the DHCP or BOOTP server to transfer these files (Kerberos security information, HTML, firmware or network configuration files) with these DHCP options for the specific file or information to download: DHCP Option Value Firmware and HTML file 67 (filenames are separated by a space) ESSID 128 Configuration filename 129 ACL filename 130 Kerberos enable/disable flag 131(set to 0 for disable or 1 for enable on the DHCP server) KDC name 132 KSS name 133 KSS port number 134
Introduction The DB-9, 9-pin, RS-232 serial port provides a UI (User Interface) connection. The UI provides basic management tools for the AP. The serial link supports short haul (direct serial) or long haul (telephone-line) connections. The AP is a DTE (Data Terminal Equipment) device with male pin connectors for the RS-232 port. Connecting the AP to a PC requires a null modem cable.
Introduction 1.3.5 Direct-Sequence Spread Spectrum Spread spectrum (broadband) uses a narrowband signal to spread the transmission over a segment of the radio frequency band or spectrum. Direct-sequence is a spread spectrum technique where the transmitted signal is spread over a particular frequency range. The Spectrum24 AP-4131access point uses Direct-Sequence Spread Spectrum (DSSS) for radio communication.
Introduction Mobile Units receiving a direct-sequence transmission use the spreading code to map the chips within the chipping sequence back into bits to recreate the original data transmitted by the access point. Intercepting and decoding a direct-sequence transmission requires a predefined algorithm to associate the spreading code used by the transmitting access point to the receiving MU. This algorithm is established by IEEE 802.11b specifications.
Introduction Scanning is a periodic process where the MU sends out probe messages on all channels defined by the country code. The statistics enable an MU to reassociate by synchronizing its channel to the AP. The MU continues communicating with that AP until it needs to switch cells or roam. MUs perform full scans at start-up. In a full scan, an MU uses a sequential set of channels as the scan range. For each channel in range, the MU tests for CCA (Clear Channel Assessment).
Introduction An MU can roam within a coverage area by switching APs. Roaming occurs when: • an unassociated MU attempts to associate or reassociate with an available AP • the supported rate changes or the MU finds a better transmit rate with another AP • the RSSI (received signal strength indicator) of a potential AP exceeds the current AP • the ratio of good-transmitted packets to attempted-transmitted packets falls below a threshold.
Introduction Mobile IP is like giving an individual a local post office forwarding address when leaving home for an extended period. When mail arrives for the individual home address, it is forwarded by the local post office to the current care-of-address. Using this method, only the local post office requires notification of the individual current address. While this example represents the general concept of Mobile IP operation and functionality, it does not represent the implementation of Mobile IP used.
Introduction The scanning and association process continues for active MUs. This allows the MUs to find new APs and discard out-of-range or deactivated APs. By testing the airwaves, the MUs can choose the best network connection available. The following diagram illustrates Mobile IP (roaming across routers): Set the MU for Mobile IP as specified in the MU user documentation. Security has become a concern to mobile users.
Introduction 1.3.8 Supporting CAM and PSP Stations CAM (Continuously Aware Mode) stations leave their radios on continuously to hear every beacon and message transmitted. These systems operate without any adjustments by the AP. A beacon is a uniframe system packet broadcast by the AP to keep the network synchronized. A beacon includes the Net_ID (ESS), the AP address, the Broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indication Message) and the TIM (Traffic Indication Map).
Introduction A TIM is a compressed virtual bitmap identifying the AP associated MUs in PSP mode that have buffered directed messages. MUs issue a poll request when APs issue a TIM. A beacon with the broadcast-indicator bit set causes the MU to note DTIM Count field value. The value informs the MU of the beacons remaining before next DTIM. This ensures the MU turns on the receiver for the DTIM and the following BC/MC packet transmissions. 1.3.
Introduction IEEE 802.11 defines two types of authentication, Open System and Shared Key. Open system authentication is a null authentication algorithm. Shared key authentication is an algorithm where both the AP and the MU share an authentication key to perform a checksum on the original message. Both 40-bit and 128-bit shared key encryption algorithms are supported in the Symbol Spectrum24 Access Point. Devices are required to use the same encryption algorithm to interoperate.
Introduction For a detailed description of the Kerberos authentication service protocol refer to RFC 1510: Kerberos Network Authentication Service (V5). A basic understanding of RFC 1510 Kerberos Network Authentication Service (V5) is helpful in understanding how Kerberos functions. Kerberos requires the installation of the KSS on a Windows 2000 server. By default, Spectrum24 devices operate in an open system network where any wireless device can associate with an AP without authorization.
Introduction • Authentication Service (AS) – • Provides the authentication ticket containing information about the client and the session key used with the KDC. Ticket Granting Ticket Service (TGS) – Permits devices to communicate with a service (this could be any application or service such as the AP RF services). The default expiration time of a ticket is 12 hours (for the AP) and is not user configurable.
Introduction When the AP boots up it contacts the KSS to obtain KDC information. The AP sends an Authentication Service Request (AS_REQ) to the KDC. The KDC looks up the username (ESSID in the case of APs), the associated password, and other authentication information including the current time stamp. If the AP has provided the correct information the KDC responds with an Authentication Service Response (AS_REP).
Introduction with a WNMP header and forwards the response to the MU. Once the MU has verified the message it prepares an Application Request (AP_REQ) for the AP. This AP_REQ contains the ticket the KDC has sent to the MU. The AP decrypts the ticket. If the ticket is valid the AP responds with an AP_REP (the AP generates and includes128 bit WEP encryption key in the reply) and permits the MU to bridge data. The KDC cannot authenticate an MU with administrator as the username.
Introduction Enabling Kerberos disables Telnet, SNMP and Web services. Configure the AP through a direct serial connection if needed. Configure SNMP to be "Read Only" or "Read/Write" from the KSS. Disabling Kerberos returns (Kerberos disabled is the default setting) Telnet, SNMP and Web services to their previous setting. If an AP cannot be accessed through a serial connection and SNMP is not configured for read/write, use of DHCP option 131 is another way to disable Kerberos.
Introduction 1.3.12 KSS Databases The KSS has two databases. One database stores valid access points (AP setup account). The other database stores Kerberos account information (Kerberos entry account). The AP setup account database stores validation information for an AP. This database uses the AP MAC address as a Primary Key. The entry includes the range of time the AP is allowed access and status information. A Foreign Key entry for a record in the AP setup account is the Kerberos Principal for this AP.
Introduction 1.3.14 Mixed Mode Security Mixed mode security allows a single access point to transmit and receive with mobile units operating with different encryption algorithms (WEP, Kerberos, EAP-TLS). Using mixed mode, additional access points are not needed to support mobile units simply because they are using different encryption schemes. 1.3.
Introduction 1.3.16 Management Options Managing Spectrum24 includes viewing network statistics and setting configuration options. Statistics track the network activity of associated MUs and data transfers on the AP interfaces.
Introduction Using SNMP The AP includes SNMP agent versions accessible through an SNMP manager application such as, HP Open View or Cabletron Spectrum MIB browser. The SNMP agent supports SNMP versions 1 and a subset of version 2, MIB II, the 802.11 MIB and one Symbol proprietary MIB (Management Information Base). The SNMP agent supports read-write, read-only or disabled modes. The AP supports traps that return to the SNMP manager when certain events occur.
Introduction Using the UI The UI (User Interface) is a maintenance tool integrated into the AP. It provides statistical displays, AP configuration options and firmware upgrades. Access to the UI requires one of the following: 36 Telnet Client Access to the AP built-in Telnet server from any interface including remote Ethernet connections. See section 2.1.1: ”Using Telnet” on page 37.
Chapter 2 Configuring the AP AP configuration requires setting up a connection to the AP and gaining access to the UI (User Interface). The methods of accessing the UI are Serial, Telnet, Web, and SNMP. DHCP is enabled on the AP by default. Initial network configuration can be obtained from a DHCP server. All except Serial require the configuration of an IP address. To access the AP through the serial port and terminal emulation program, connect to the DB9 serial port using a null modem cable.
Configuring the AP 2. At the prompt type the password: Symbol The password is case-sensitive. 3. Press the ESC key. The AP displays the Main Menu: Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP 2.1.2 Using a Direct Serial Connection The factory-configured AP accepts a dial-up connection between the AP and a modem. A UI connection requires a straight-through cable between the modem and the AP. See section 2.2.3: ”Configuring for Dial-Up to the UI” on page 53. The AP serial port is a DB-9, 9-pin male connector. The serial port allows a UI connection to a configuration PC.
Configuring the AP 5. Press ESC to refresh the display. The AP displays the Main Menu. Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP 5. Select the correct serial port along with the following parameters. emulation ANSI baud rate 19200 bps data bits 8 stop bits 1 parity none flow control none 6. Dial out to the AP with the correct telephone number. No password is required. 7. Press ESC to refresh the display. The AP displays the Main Menu.
Configuring the AP The Web browser (Internet Explorer 4.0 or greater or Netscape) requires JavaScript to gain access to the UI. Setup Network Web Server Help File Access A network Web server is required to access the Help file from the Access Point Configuration Management System Web pages. This procedure applies to the Microsoft Internet Information Server. The network Web server can be different, if so, some of the procedures differ.
Configuring the AP 6. From this menu select Internet Service Manager to launch the Internet Information Server Service Manager. 7. Click on the Web service. Ensure the server WWW service is running. 8. Select Properties. 9. Select Service Properties to display the WWW service properties for the server. The WWW Service Properties window opens. 10. Select Directories. 11. Select Add button to open the Directories window. 12. Type the Directory/Folder path of the directory created in step one. 13.
Configuring the AP To ensure the Web Server option is enabled for the AP: 1. Access the UI using a Serial or Telnet connection. 2. From the Main Menu 3. Verify the Web is enabled. select Server System Configuration. option on the System Configuration screen 4. Select Save-[F1] to save the configuration. To reset the AP for changes to take effect. 1. Select the Special 2. Select Reset Functions screen. AP. 3. Select Yes at the confirmation prompt.
Configuring the AP To access the AP UI using a Web browser from a workstation: 1. From the NCPA properties window set the IP address of the workstation and the subnet mask. The system tells the user to reboot for property changes to take effect. The workstation, in this case, is the workstation or laptop computer running the Web browser. 2. To verify the connection, ping the AP. At the default DOS prompt, type: Ping -t xxx.xxx.xxx.
Configuring the AP 4. The Spectrum24 Access Point Configuration Management System main page displays: The Web pages look different than the Telnet, Direct Serial or Dial-Up Connections, but the contents are the same. Access the different pages using the links located in the left frame. Refer to the online help file for Web page navigation, page contents and parameter use. • 46 To view configuration, function or option changes on the Web page(s) turn off the caching function for the browser being used.
Configuring the AP – For Internet Explorer, from the menu bar select View, Internet Options, Temporary Internet files and Settings. – Select Check for newer versions of stored pages: Every visit to the page. If this property/option is not turned off, the browser returns the previous view of the page without the changes. To ensure the latest version of a Web page is viewed, set this option in the browser.
Configuring the AP 2.2 Navigating the UI The AP displays a Main Menu when gaining access to the UI: Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP The following conventions also apply when navigating screens and menus: • To select menu items, press the key corresponding to the bold letter for the item (case-sensitive hot key). Press ENTER to select the item. • Press TAB to scroll through menu items. • To change menu items, note the bottom line on the screen for configuration options. For multiple choice options, press the bold letter to select. To change values, type in the value and press ENTER.
Configuring the AP Administration screens include options for saving or clearing data that appear on the bottom line of the screen. Confirmation prompts include the following: 2.2.1 OK Registers settings but does not save them in NVM (nonvolatile memory). A reset command returns to previously saved settings. Save Saves all settings (including ones not on that screen) to NVM. This is the same as Save Configuration in the Special Functions screen.
Configuring the AP – If the password is correct, the AP displays the Main Menu with the Enter Admin Mode menu item changed to Exit Admin Mode. – If the password is incorrect, the AP continues to display the Main Menu with the Enter Admin Mode menu item. Set the System passwords in the Set System Configuration screen. 2.2.2 Changing the Access to the UI To prevent unauthorized Telnet access, change the configuration access to the UI.
Configuring the AP 3. The Change System Passwords screen displays: Symbol Access Point Change System Passwords User Password ******* Admin Password ******* Save-[F1] Cancel-[ESC] Password for user access(Monitor only) 4. Change the passwords using the following parameters: User Password Allows the user to only monitor or view the screens. Select any alphanumeric, case-sensitive entry up to 13 characters, the characters selected are displayed as asterisks. The default password is Symbol.
Configuring the AP 2.2.3 Configuring for Dial-Up to the UI A dial-up connection requires a straight-through cable between the modem and the AP. The remote PC requires a modem and a communication program (e.g. Microsoft Windows Terminal program). Refer to Appendix B for information on the modems supported by the AP. 1. Set Modem Connected to Yes in the System Configuration screen. 2. Attach a straight-through serial cable from the AP to the modem. 3.
Configuring the AP 7. Press ESC to refresh the display. The AP displays the Main Menu. Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP 3. Select AP Installation from the Main Menu: Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP If this is the first time the AP has been installed or has been moved to a new country, verify that the proper country specific code is entered for the AP. Refer to Appendix D for a list of supported country codes. Verify that the proper country specific code is entered for the AP to conform to the set of rules defined in national or international regulations. Where: 56 Country Config Configure the AP for the user’s country. This item displays a list of country names.
Configuring the AP Subnet Mask The first two sets of numbers specify the network domain, the next set specifies the subset of hosts within a larger network and the final set specifies an individual computer. These values help divide a network into subnetworks and simplify routing and data transmission. The subnet mask defines the size of the subnet. DNS IP Address Primary Domain Name Server IP address. Additional DNS The IP address of the additional DNS servers available.
Configuring the AP Additional Gateways The IP address of the additional gateways used. Access up to seven gateways. DHCP/BOOTP Enables or Disables selection of DHCP/BOOTP. The options are: • Enabled – • DHCP Only – • DHCP and BOOTP interoperate, whichever response the AP selects first becomes the server allocating the information. Only DHCP responses will be accepted by the AP. BOOTP Only – Only BOOTP responses will be accepted by the AP.
Configuring the AP 8. The system prompts Warning yes no Type Y. Update, save, and reset all APs in the Known AP Menu? 9. Select Cancel-[ESC] to disregard any changes made to this screen and return to the previous menu. 2.4 Configuring System Parameters The AP provides configuration options for how the unit operates, including security access and interface control. Some parameters do not require modification. 1.
Configuring the AP Once the country has been configured (Country Config) on the AP Installation screen the channel can be set manually or automatically. 2. Configure the AP system settings as required: Channel Specifies the channel that is requested by all associated MUs when associating with this particular access point. Auto Channel Select Normally run once during initial installation. 1. Power up the AP and select Auto Channel Select (ACS). Press or <-/-> to enable or disable.
Configuring the AP Ethernet Timeout Disables radio interface if no activity is detected on the Ethernet line after the seconds indicated (30-255). The AP disassociates MUs and prevents further associations until it detects Ethernet activity. The default value 0 disables this feature. The 1 value detects if the 10/100Base-T line goes down.
Configuring the AP Encryption Admin Indicates which interface can change the encryption keys and the encryption key index. Without admin privileges users cannot access the encryption maintenance page to change the encryption keys. Any allows users with admin privileges to change encryption keys through any interface. Serial allows users with admin privileges to change this parameter and encryption keys only through the Serial port. See section 2.4.
Configuring the AP Access Control Allows the user to set one of three Access Control modes: Disabled, Allowed, or Disallowed. • When Disabled (default) is selected, no filtering is performed. • When Allowed is selected, only MAC addresses specified in the Access Control List are allowed to associate with the AP. • When Disallowed is selected, only MAC addresses not specified in the Disallowed Addresses List (Address Filtering) are allowed to associate with the AP.
Configuring the AP System Password Admin 64 Allows the user to change the passwords for the AP. This screen can be accessed only when the AP is in Telnet mode. Serial mode provides read-only privileges and does not allow the user to view this screen.
Configuring the AP 3. To enable or disable interfaces on the AP, modify the following parameters: Ethernet Interface Enables or disables wired Ethernet. The default value is On. RF Interface Enables or disables radio. The default value is On. Default Interface Specifies the default interface (Ethernet, WLAP or Reserved) that the AP forwards a frame to if the AP cannot find the address in its forwarding database. The default interface is Ethernet. The AP defaults to Ethernet when Reserved is selected.
Configuring the AP 2.4.1 Encryption Administration The ability to change, view or restrict access to encryption administration settings depends on the Encryption Admin configuration parameter. The options for this parameter are Serial and Any. These options are configurable via the Serial UI located in the System Configuration screen. The Encryption Admin parameter effects all interfaces supported by the AP (Serial, Telnet, HTML Web browser and SNMP).
Configuring the AP Encryption Parameter Access to Telnet and Serial Interfaces Parameter Access Method Encryption Admin System Configuration Screen Interface Serial Telnet/Serial View/Modify Serial UI - View/Modify Telnet UI - View Only Shared Key Special Functions Screen/Configure WEP Encryption Telnet/Serial View/Modify Serial UI - View/Modify Telnet UI - View Only Key Width Special Functions Screen/Configure WEP Encryption Telnet/Serial View/Modify Serial UI - View/Modify Telnet UI - View
Configuring the AP Encryption Parameter Access for SNMP Interface Parameter 68 Access Method Interface Serial apEncryptAdmin s24dsap.mib apConfigMgmt apSystemConfig group View Only View Only apWEPAlgorithm s24dsap.mib apConfigMgmt apRFConfig group View/Modify View Only ap128WEPKeyValue (1..4) s24dsap.mib apConfigMgmt ap128WEPKeyTable Modify Only No Access dot11PrivacyInvoked 802dot11.mib dot11smt dot11PrivacyTable View/Modify View Only dot11Authentication Algorithm 802dot11.
Configuring the AP 2.4.2 System Password Administration This screen allows the network administrator to configure the passwords for the AP. The user password allows the user to Telnet into the AP or use the serial port and have read-only privileges. Accessing the UI in an Admin mode session through the serial port the session does not time-out. Entering the Admin mode with Telnet and Serial Port interfaces enabled allows the Admin mode on both interfaces.
Configuring the AP 2. Change the passwords using the following parameters: User Password Allows the user to monitor or view the screens. Select any alphanumeric, case-sensitive entry up to 13 characters, the characters selected are displayed as asterisks. The default password is Symbol. Admin Password Allows the user to view and change the parameters on each screen. Select any alphanumeric, casesensitive entry up to 13 characters, the characters selected are displayed as asterisks.
Configuring the AP 2.5 Configuring Radio Parameters The AP automatically configures most radio parameters. Only advanced users, Symbol trained users or Symbol representatives should adjust the radio parameters for the AP or the options in the RF Configuration screen. 1. Select Set RF Configuration from the Main Menu to display: Symbol Access Point RF Configuration .DTIM Interval 10 .BC/MC Q Max 10 .Max Retries (d) 15 .
Configuring the AP 2. Configure the settings as required: DTIM Interval Configure DTIM packet frequency as a multiple of beacon packets. The DTIM Interval indicates how many beacons equal one cycle. Users should not modify this setting or risk damaging the configuration. BC/MC Q Max Determines the memory allocated for the queue used in the AP to temporarily hold broadcast/ multicast messages. Unit measure is in packets and corresponds to maximum-sized Ethernet packets. The default is 10.
Configuring the AP Beacon Interval The time between beacons in Kilo-microseconds. The default is 100. Avoid changing this parameter as it can adversely affect performance. Accept Broadcast ESSID Allows the AP to respond to any station sending probe packets with the industry-standard broadcast ESS. If Enabled, this feature allows industry-standard devices interoperability. The AP probe response includes the ESS and information about the network.
Configuring the AP Rate Control Defines the data transmission rate, the defaults are: • 11 Mbps - Optional • 5.5 Mbps - Optional • 2 Mbps - Required • 1 Mbps - Required. The defaults allow the AP to automatically select the the best transmit rate allowed by the conditions. These settings allow a mixture of 1 Mbps, 2 Mbps, 5.5 Mbps and 11 Mbps radios in the same network.
Configuring the AP WLAP Mode Specifies the APs wireless-AP operation status. Enabled • the AP sets up automatically for wireless operation. The AP can operate in any of these configurations: Wireless, Repeater or Ethernet Bridge. Disabled • no wireless operation possible. Default setting. Link Required. At power up: • If the WLAP is the Root AP, an Ethernet connection is required. • If the WLAP is a designated WLAP, association to the Root AP is required.
Configuring the AP WLAP Manual BSS ID Specifies the BSS_ID of a particular WLAP and forces the current AP to associate only with that WLAP. If setting the WLAP Manual BSS_ID to the current BSS_ID, the current AP jumps into Functional State immediately and waits for an Association Request from the other WLAP. See section 3.8: ”Radio Statistics” on page 176. This feature speeds up the association process and minimizes confusion when more than two WLAPs try to associate with each other.
Configuring the AP WLAP Forward Delay Specifies the time, in seconds, to prevent an AP from forwarding data packets to and from an interface during initialization. The WLAPs involved and the wireless operation state, see section 3.8: ”Radio Statistics” on page 176, affect the WLAP Forward Delay time. This delay ensures that all WLAP nodes are heard. The default is 5 seconds per wireless operation state. The WLAP Forward Delay of the Root AP overwrites the WLAP Forward Delay of designated WLAPs.
Configuring the AP 78 EPP Setup - [F3] Enhanced Packet Prioritization (EPP) allows system administrators the ability to prioritize packet transmissions from an AP to MUs. Media content (streaming video, phones etc.) can be prioritized over a heavily loaded access point. EPP allows prioritization of the media for smooth delivery, at the cost of reduced bandwidth. Mission critical transmissions can be prioritized allowing the customization of access point bandwidth.
Configuring the AP 3. Verify the values set to reflect the network environment. Change them as needed. 4. Select OK or Save to register settings by writing changes to NVM. Selecting Save displays a confirmation prompt. 5. Select Save ALL APs or press [F2] to save the RF Configuration information to all APs with the same Net_ID (ESS).
Configuring the AP 2.5.1 Wireless AP Operation Parameters The AP supports up to four WLAP interfaces. Symbol recommends using one WLAP as an interface on high traffic networks and no more than two WLAPs for low traffic networks. Excessive channel contention causes the WLAP to miss beacons from the Root APs shown in the example. Kerberos, EAP-TLS and the Mobile IP feature are not available when the access point is operating in WLAP mode. See section 4.
Configuring the AP 3. Set the default interface for AP C to WLAP. This allows the MUs to roam and transmit data between AP B and C. If an AP functions as a bridge between wired LANs, Symbol recommends one LAN contain all the lower WLAP IDs. In WLAP mode, APs and MUs are required to have the same Preamble settings for interoperability. Additionally, the root AP is required to be running before the “leaf” or WLAP connection is established.
Configuring the AP To configure the AP for wireless operation: 1. Select Set RF Configuration from the Main Menu. 2. Configure the settings as required: WLAP Mode Specifies the APs wireless-AP operation status. Enabled • the AP sets up automatically for wireless operation. The AP can operate in any of these configurations: Wireless, Repeater or Ethernet Bridge. Disabled • no wireless operation possible. Default setting.
Configuring the AP WLAP Manual BSS_ID Specifies the BSS_ID of a particular WLAP and forces the current AP to associate only with that WLAP. If setting the WLAP Manual BSS_ID to the current BSS_ID, the current AP jumps into Functional State immediately and waits for an Association Request from the other WLAP. See section 3.8: ”Radio Statistics” on page 176. This feature speeds up the association process and minimizes confusion when more than two WLAPs try to associate with each other.
Configuring the AP WLAP Forward Delay Specifies the time, in seconds, to prevent an AP from forwarding data packets to and from an interface during initialization. The WLAPs involved and the wireless operation state affect the WLAP Forward Delay time (see section 3.8: ”Radio Statistics” on page 176). This delay ensures all WLAP nodes are heard. The default is 5 seconds per wireless operation state. The WLAP Forward Delay of the Root AP overwrites the WLAP Forward Delay of designated WLAPs.
Configuring the AP 2.5.2 Enhanced Packet Prioritization (EPP) Enhanced Packet Prioritization (EPP) enables system administrators to prioritize packet transmissions from an AP to MUs. For example, media content (streaming video, phones etc.) can be prioritized over a heavily loaded access point. EPP allows prioritization of the media for smooth delivery or selected data traffic for expedited delivery at some cost in aggregate bandwidth through the access point.
Configuring the AP For data types not listed, classify them by using the Port number corresponding to that data type. Use 65537 as a code defining a port as not used, otherwise assign port values of 1 through 1023. Up to 10 assigned port numbers can be priority controlled. 4. Assign priorities to the TCP Ports supporting network traffic. 5. Save the changes as required. If EPP services are not needed they should be turned off to maximize access point throughput. 2.5.
Configuring the AP 3. 802.15 (draft) Bluetooth Co-existence allows access points and MUs to share Spectrum24 network resources with Bluetooth RF terminals. The 802.15 (draft) Bluetooth Co-existence value is communicated to MUs via access point beacons. When a non zero-value is entered, Symbol 802.11b devices stop transmitting for the duration of that interval. This allows Bluetooth devices (which are very low power) an opportunity to communicate.
Configuring the AP 2.6 Encryption Configuration and Key Maintenance The Encryption Key Maintenance screens allow the user to configure the encryption keys used for the site network. The Key Width determines which encryption Key screen displays. To enable the Open System option, select Disabled for Shared Key from the System Summary screen. This table shows the association capability with the selected Key Width.
Configuring the AP Two screens are available, one for 40-bit encryption and one for 128-bit encryption. Considerable care is required when assigning keys. Keys have to be in the same order with the same value per key for the AP and MU to authenticate data transmission using encryption. Example: An AP uses Key 1 with a value of 1011121314. The associated MU requires the same Key 1 to have the value of 1011121314.
Configuring the AP 2.6.1 40-Bit WEP Encryption Select 40-bit from the Key Width field of the WEP Encryption Configuration screen, and select the Encryption Key Maintenance option to display the Encryption Key Maintenance screen. Symbol Access Point Encryption Key Maintenance * PassKey .Key 1 ****************** * 00000 00000 .Key 2 00000 00000 .Key 3 00000 00000 .Key 4 00000 00000 * = Active Key Note: This screen has Write-Only access. Keys can be set but not displayed.
Configuring the AP The PassKey can be no longer than 32 characters in length. 2. Select the desired key and enter the new value to change the Key value. 3. Verify and change the values as needed to reflect the network environment. 4. Select OK or Save to register settings by writing changes to NVM. Selecting Save displays a confirmation prompt. 5. Select Save ALL APs or press [F2] to save the Encryption Key Maintenance information to all APs with the same Net_ID (ESS).
Configuring the AP 2.6.2 128-Bit WEP Encryption Select 128-bit from the Key Width field of the WEP Encryption Configuration screen, and select the Encryption Key Maintenance option to display the Encryption Key Maintenance screen. Symbol Access Point Encryption Key Maintenance PassKey .Key 1 ******************** * 00000 00000 0000 0000 0000 0000 .Key 2 00000 00000 0000 0000 0000 0000 .Key 3 00000 00000 0000 0000 0000 0000 .
Configuring the AP The PassKey can be no longer than 32 characters in length. 2. Select the desired key and enter the new value to change the Key value. 3. Verify and change the values as needed to reflect the network environment. 4. Select OK or Save to register settings by writing changes to NVM. Selecting Save displays a confirmation prompt. 5. Select Save ALL APs or press [F2] to save the Encryption Key Maintenance information to all APs with the same Net_ID (ESS).
Configuring the AP 2.6.3 Manual Kerberos Authentication Configuration The Configure Kerberos Authentication screen allows the network administrator to change or verify the AP parameters for Kerberos authentication. If a DHCP server is not available use the Configure Kerberos Authentication screen to manually configure and enable Kerberos, save and reset the AP.
Configuring the AP 1. To access and enable the Kerberos configuration, select Configure Kerberos from the Special Functions Menu. The Configure Kerberos Authentication screen displays: Symbol Access Point Configure Kerberos Authentication Kerberos Enabled KSS Port 34567 KSS Secret ******* KSS Name/IP Address ksssrv *** If not using a KSS, please configure the following items. KDC Server Name/IP Address krbtgt Backup KDC Name/IP Address kdc2 Realm Name APFW.SYMBOL.
Configuring the AP 5. Verify the Password matches the password in the KDC and AP. Kerberos Allows the user to enable Kerberos authentication. Telnet, SNMP, and Web services are disabled when Kerberos is enabled. Default setting is Disabled. KSS Port TCP Port number the AP uses to communicate with the KSS. KSS Secret Allows the user to change the default Encryption key. KSS Name/ IP Address Name of the Kerberos Setup Service for the AP.
Configuring the AP 2.6.4 Configuring EAP-TLS Support The Extensible Authentication Protocol-Transport Level Security (EAP-TLS) feature affords access points and their associated MU’s an additional measure of security for data transmitted over the Spectrum24 wireless network. Using EAP-TLS, authentication between devices is achieved through the exchange and verification of certificates. EAP-TLS can be used in mixed mode security support with Kerberos and WEP when 128-bit WEP is used.
Configuring the AP The Configure Authenticator screen displays.
Configuring the AP 2. Configure the EAP-TLS authentication settings as required: EAP-TLS/RADIUS When enabled, the access point assumes the role of authenticator. The access point proxies the MU’s requests to authenticate with the EAP server. Default is Disabled. Quiet Period The time the access point waits before attempting to acquire an MU. Default is 60 seconds. Tx Period Defines the length of time the access points waits for an MU’s response once the access point requests an MUs identity.
Configuring the AP 2.6.5 Configuring Mixed Mode Security Mixed mode security allows a single access point to transmit and receive data with mobile units operating with different encryption algorithms. In mixed mode, additional APs are not needed to support mobile units simply because they are using different encryption schemes. 128-bit WEP, Kerberos and EAP-TLS can be used together to provide mixed mode security. To configure mixed mode security: 1.
Configuring the AP SNMP and Mixed Mode Security The configuration of SNMP shared key WEP is set with the MIB file. The objects involved include: • apRFConfig.apWEPAlgorithm Edit the AP serial UI entry using the Key Width field within the AP System Summary screen. • ap128bWEPKeyTable.ap128bWepKeyValue (1..4) Edit the AP serial UI entry by selecting 128-bit within the Key Width field of the WEP Encryption Configuration screen.
Configuring the AP 2.7 Configuring the SNMP Agent The SNMP agent functions as a command responder and is a multilingual agent responding to SNMPv1, v2c and v3 managers (command generators). The factory default configuration maintains SNMPv1/2c support of the community names, hence providing backward compatibility. However, Agents with the default configuration are "Open" with minimum security enabled. The access point generates traps for a set of pre-defined conditions.
Configuring the AP 1. Select Set SNMP Configuration from the Main Menu to AP display: Symbol Access Point SNMP Configuration .SNMP Agent Mode Enabled .Read-Only Community (v1/2c) ******* SNMPv3 Security Admin-[CR] .Read-Write Community (v1/2c) ******* .Trap Host1 157.235.95.10 .Trap Host2 .All Traps Enabled Generic Traps: .Cold Boot Enterprise-Specific Traps: Disabled .Authentication failure Disabled .Radio Restart Disabled .Access Cntrl Violation Disabled .MU State Change Disabled .
Configuring the AP 2. Configure the settings as required: 104 SNMP Agent Mode Defines the SNMP agent mode: Read-Only Community User-defined password string up to 31characters identifying users with read-only privileges. Read-Write Community User-defined password up to 32 characters for users with read/write privileges. Trap Host1 The Trap Host1 IP address or Name. Trap Host2 The Trap Host2 IP address or Name. All Traps Enables or disables all trap operations. The default value is Disabled.
Configuring the AP MU State Change DHCP Change If enabled, the following enterprise-specific traps are generated: • MU Association Additions Indicates when a device has been added to the list of access point associated MUs. • MU Association Removals Indicates when a device has been removed from the list of access point associated MUs. If enabled, the following enterprise-specific traps are generated: • Gateway Address change Indicates the gateway address for the router has changed.
Configuring the AP WLAP Connection Change Security Protocol Errors If enabled, the following enterprise-specific traps are generated: • Root WLAP Up Indicates that the Root AP connection is setup and ready to forward data. • Root WLAP Lost If the current WLAP fails to receive a Beacon packet from its Root AP within one second, it considers the Root AP lost. The WLAP eventually resets itself to reestablish the network topology.
Configuring the AP 6. The system prompts Warning yes no Type Y. Update, save, and reset all APs in the Known AP Menu? 7. Select Cancel-[ESC] to disregard any changes made to this screen and return to the previous menu.
Configuring the AP 2.7.1 Configuring SNMPv3 Security SNMPv3 defines a method of access point data control known as the ViewBased Access Control Model (VACM). It is a means of restricting access to a particular subset of data based on the security level used in the request and specifies whether access should be allowed. SNMPv3 defines data access for each user (user group) based on identity and security level.
Configuring the AP To configure the properties of a user group: 1. Highlight the specific user group and select Enter. The User/Group Security Configuration screen displays for the selected user group.
Configuring the AP 110 Authentication Protocol Defines the authentication protocol and security privileges for the user/group. Options include HMAC-MD5-96 (default MD5 authentication protocol), HMAC-SHA-96 (no data protection, but does have password protection) and None (no protection). Authentication Password Password required to initiate the authentication scheme defined in the Authentication protocol field. The password is required to be at least 8 characters in length.
Configuring the AP 2.8 ACL and Address Filtering Only 512 maximum combined entries are available for the ACL. The three modes available (Disabled, Allowed, and Disallowed) are selected in the Access Control section of the System Configuration Menu. Symbol Access Point System Configuration Channel 11 Auto Channel Select .Ethernet Timeout .Telnet Logins Disabled .Agent Ad Interval Any Disabled WNMP Functions Enabled .
Configuring the AP There are three mutually exclusive modes used by the AP to control association: Disabled, Allowed and Disallowed. Access Control 112 Address Filtering Access Control List List Results Disabled The presence or absence of MAC addresses does not affect the results. The presence or absence of MAC addresses does not affect the results. No Filtering All MAC addresses are allowed to associate. Allowed The presence or absence of MAC addresses does not affect the results.
Configuring the AP 2.8.1 Configuring the ACL The ACL supports adding MU entries by individual MAC address or by a range of MAC addresses. 1. Select the Set Access Control List option from the Main Menu to display: Address Type? range individual 2. Use the UP/DOWN-ARROW keys to toggle between range and individual. 2.8.2 Range of MUs To select a range of MAC addresses: 1. Type in the minimum MAC address as the top value: 00:0A:F8:F0:01:01 2.
Configuring the AP 7. Select Delete-[F1] to delete a range of Mobile Units. 8. Select Add-[F2] to add a range of Mobile Units. 9. Select Save ALL APs or press [F3] to save the Ranges of Allowed Mobile Units information to all APs with the same Net_ID (ESS). This option saves the configuration changes for the current AP, sends two WNMP messages to all other APs on the Known APs table to update their configuration and resets after the configuration has been modified.
Configuring the AP 2.8.3 Adding Allowed MUs The Access Control List screen provides a facility to add MUs to the ACL. 1. Select the Set Access Control List option from the Main Menu to display: Address Type? range individual 2. Use the UP/DOWN-ARROW keys to toggle between range and individual. Select individual. 3. Press Add-[F2]. The AP prompts for a MAC address. 00:00:00:00:00:00 4. Enter the MAC address. Users can enter MAC addresses without colons. 5.
Configuring the AP 2.8.5 ACL Options To switch between Allowed, Disallowed or Disabled options locate the ACL in the System Configuration screen. Use ACL options from the Set System Configuration menu. Where: Option Description Allowed to allow only MUs with their MAC address in the ACL to associate with AP. Disallowed to prevent MUs in the Address Filters list from associating with the AP. Disabled allows any MU to associate with the AP (no ACL/filters are in effect). 1.
Configuring the AP 2.8.8 Load ACL from File This option loads an ACL from a user defined ACL file (AP_ACL.TXT) entered on the secondary screen of the Special Functions Menu. The following is an example of the AP_ACL.TXT.
Configuring the AP 2.9 Configuring Address Filtering The AP can keep a list of MU MAC addresses not allowed to associate. The Disallowed Addresses option provides security by preventing unauthorized access by known devices. Use it for preferred association of MUs to APs.
Configuring the AP 2.9.1 Adding Disallowed MUs The Disallowed Addresses screen provides a facility to add MUs to the list: 1. Select Add -[F2]. The AP prompts for a MAC address. 00:00:00:00:00:00 2. Enter the MAC address. Users can enter MAC addresses without colons. 2.9.2 Removing Disallowed MUs The Disallowed Addresses screen provides a facility to remove MUs from the list: 1. Highlight the MAC address using the UP/DOWN-ARROW keys. 2. Select Delete-[F1] to delete the MAC address.
Configuring the AP 2.10 Configuring Type Filtering Packet types supported for the type filtering function include the 16-bit DIX Ethernet types. The list can include up to 16 types. 2.10.1 Adding Filter Types The Type Filtering screen provides a facility to add types to the list. 1. Select Add-[F2]. 2. Enter the packet type. 2.10.2 Removing Filter Types The Type Filtering screen provides a facility to remove types from the list. 1. Highlight the packet type using the UP/DOWN-ARROW keys. 2.
Configuring the AP 6. Select Cancel-[ESC] to disregard any changes made to this screen and return to the previous menu. Users can only enable one type filtering option at a time. 2.11 Clearing MUs from the AP Clear the MU association table for diagnostic purposes. Clear MUs from the AP if the AP has many MU associations no longer in use. Use this option to ensure that MUs associating with the AP are active. To clear MUs associated with the AP: 1. Select Special Functions from the Main Menu. 2.
Configuring the AP Change the AP-4131 AP_CFG.TXT file (required for manual AP configuration) to match site specific network settings. 122 [APInstallation] UnitName ;IPAddress Gateway1 Gateway2 SubNetMask NetID AntennaSelect testhost.symbol.com 157.235.101.33 157.235.101.1 157.235.101.2 255.255.255.0 Engineering Primary Only DHCP Enabled DNSServer1 DNSServer2 DNSServer3 157.235.101.1 157.235.101.2 157.235.101.
Configuring the AP TxPeriod ReAuthenticate ReAuthPeriod ReAuthMax SuppTimeout ServerTimeout MaxReqRetries 45 Disabled 120 10 45 45 10 SharedKeyWEP WEPKeyWidth Disabled 128Bit EncryptionKeyID EncryptionKey1 EncryptionKey2 EncryptionKey3 EncryptionKey4 Passkey TimeServerName TimeZone ; ; ; ; ; ; ; 0 - 99999 "Disabled", "Enabled" 0 - 99999 0 - 999 0 - 99 0 - 99 0 - 999 ; ; ; ; 2 ; 101112131415161718191a1b1c 202122232425262728292a2b2c 303132333435363738393a3b3c 404142434445464748494a4b4c test "Disabled
Configuring the AP ;AdminPassword ;UserPassword ModemConnected InactivityTimeout admin user No 5 ; ; ; ; up to 13 chars up to 13 chars "No" "Yes" 0 - 9999 [RFConfig] DTIMInterval BCMCQMax MaxRetriesData MaxRetriesVoice MulticastMaskData MulticastMaskVoice 10 100 15 5 09000E00 01005E00 ; ; ; ; 1- 255 0 - 100 0 - 32 0 - 32 BeaconInterval AcceptBroadcastESSID MUInactivityTimeout 100 Disabled 60 ; 20 - 1000 ; "Disabled", "Enabled" ; 3 - 600 TransmitRate1 TransmitRate2 TransmitRate5.
Configuring the AP TCPPort1 TCPPort1Traffic TCPPort2 TCPPort2Traffic TCPPort3 TCPPort3Traffic TCPPort4 TCPPort4Traffic TCPPort5 TCPPort5Traffic TCPPort6 TCPPort6Traffic TCPPort7 TCPPort7Traffic TCPPort8 TCPPort8Traffic TCPPort9 TCPPort9Traffic TCPPort10 TCPPort10Traffic 11 10 21 10 31 10 41 10 51 10 61 10 71 10 81 10 91 10 101 10 ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; 1 - 1023 10 - high, 1 - 1023 10 - high, 1 - 1023 10 - high, 1 - 1023 10 - high, 1 - 1023 10 - high, 1 - 1023 10 - high, 1 - 1023 10 - hi
Configuring the AP V3WriteView1 None V3SecurityLevel1 noAuthnoPrivacy V3AuthProtocol1 V3AuthPassword1 V3PrivProtocol1 V3PrivPassword1 None "" None "" ; ; ; ; ; ; ; 126 ; ; ; ; ; ; ; ; ; "Statistics", "Admin", "Full" "None", "System" "Statistics", "Admin", "Full" "noAuthnoPrivacy", "authNoPrivacy" "authPrivacy" "None", "HMAC-MD5", "HMAC-SHA" up to 31 chars "None", "DES" up to 31 chars Important NOTE for SNMPv1/2c users: V3ContextName2 is same as ReadWriteCommunity.
Configuring the AP V3ReadView4 Full V3WriteView4 System V3SecurityLevel4 authNoPrivacy V3AuthProtocol4 V3AuthPassword4 V3PrivProtocol4 V3PrivPassword4 HMAC-SHA corp_auth_pass None "" V3UserName5 V3ContextName5 V3ReadView5 IS_DEPT public admin V3WriteView5 System V3SecurityLevel5 authNoPrivacy V3AuthProtocol5 V3AuthPassword5 V3PrivProtocol5 V3PrivPassword5 HMAC-MD5 is_auth_pass None "" ; "None", "HMAC-MD5", "HMAC-SHA" ; up to 31 chars ; "None", "DES" ; up to 31 chars V3UserName6 V3ContextNa
Configuring the AP APAPMessages TelnetLogins SystemEvents EthernetEvents 128 Disabled Enabled Enabled Disabled ; ; ; ; "Disabled","Enabled" "Disabled","Enabled" "Disabled","Enabled" "Disabled","Enabled" AP-4131 Access Point Product Reference Guide
Configuring the AP 2.12.1 Updating Using TFTP The Ethernet TFTP update method requires a connection between the AP and a computer on the same Ethernet segment. Verify the computer has a TFTP server running on it. Running the server requires third party software like FTP PC/TCP for DOS or OnNet™ for Windows. The wireless TFTP update method requires a connection between the AP and a TFTP server. The TFTP server can be running on a Symbol Spectrum24 device.
Configuring the AP The AP displays the Main Menu. Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc. Statistics Set SNMP Configuration Show Event History Set Event Logging Configuration Enter Admin Mode 4.
Configuring the AP Ensure the Filename is AP_CFG.TXT unless the user changed the Filename. Verify the paths accuracy for the filename. See step one. 8. Enter the TFTP Server IP address or name in the TFTP Server field. 9. Press F1 to save settings. 10. The Firmware Update Menu displays Are You Sure? yes no Type Y. If using telnet to connect to the AP through an Ethernet interface, do not use the Use XMODEM to Update Access Point’s Firmware option.
Configuring the AP 15. At the prompt enter the password: Symbol The password is case-sensitive. The AP displays the Main Menu. 16. Verify the network settings are correct on the System Summary screen. 17. Press CTRL+D to end Telnet session. 18. Repeat process for other APs in the network. 2.12.2 Updating Using Xmodem The Xmodem upgrade method requires a direct connection between the AP and a computer using a null modem serial cable and using software like HyperTerminal for Windows 9x.
Configuring the AP 5. Select the correct communication port, typically Direct to Com1, along with the following parameters: emulation ANSI baud rate 19200 bps data bits 8 stop bits 1 parity none flow control none 6. Select OK. 7. Press ENTER to display the Main Menu.
Configuring the AP 9. From the Main Menu select Special Functions. Symbol Access Point Special Functions Menu Clear All Statistics Restore Factory Config. Clear MU Table Save Configuration Clear ACL Save Config.
Configuring the AP 10. Press F3 to view the Firmware Update Menu. Access Point Firmware Update Menu Use TFTP to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use XMODEM to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use TFTP to update ALL Access Points’: Firmware HTML file Alter Filename(s)/HELP URL/TFTP Server .Firmware Filename dsap3_fw.bin .HTML Filename dsapt3htm.bin .Config. Filename ap_cfg.txt .ACL Filename ap_acl.txt .HELP URL .
Configuring the AP 16. Select Browse and locate the file AP_CFG.TXT. 17. Select XModem protocol from the drop down list. 18. Select Send. 19. The terminal or computer displays the transfer process through a progress bar and the screen flashes: Downloading Configuration file using XMODEM. Send Configuration file with XMODEM now ... 20. The download is complete when the UI displays: Download Successful Updating AP Set Successful If the Config update fails, the UI displays an error message.
Configuring the AP 2.13 Setting Logging Options The events logged by the access point depend on how the logging options are configured in the Event Logging Configuration screen. The event log allows the administrator to select and log important events. Event logging can be either enabled or disabled in its entirety, or various access point events and violations can be enabled. 1. Select Set Event Logging Configuration from the Main Menu to display: Symbol Access Point Event Logging Configuration .
Configuring the AP 2. Set Any Event Logging to Enabled to log all events. Specify the events that do not require logging when disabling Any Event Logging. Use SPACE BAR or LEFT/RIGHT-ARROW keys to toggle between Enabled and Disabled. Any Event Logging Logs all events listed in the screen. Security Violations ACL filter, administrative password access violations or Kerberos errors. MU State Changes Allows logging all MU state changes. WNMP Events WNMP events such as MUs using WNMP.
Configuring the AP 2.14 Updating AP Firmware When updating or downgrading the files the user is required to use the Firmware and HTML File option under the function heading Use XMODEM to update Access Point’s. Both the firmware and HTML files are required to be loaded on the TFTP server or users hard disk. Access points with firmware and HTML file version 3.00 can not be downgraded. Options for manually updating the firmware: • A TFTP host • Any computer using the Xmodem file transfer protocol.
Configuring the AP Use the TAB key to scroll through menu items. To update the AP firmware: 1. Copy the Firmware files dsap3_fw.bin and dsapt3htm.bin on the terminal or PC hard disk. 2. Telnet to the AP using its IP address. 3. At the prompt type the password: Symbol The password is case-sensitive. Set the System Passwords in the Set System Configuration screen. The AP displays the Main Menu.
Configuring the AP 5. Select Special Functions from the Main Menu and press ENTER. Symbol Access Point Special Functions Menu Clear All Statistics Restore Factory Config. Clear MU Table Save Configuration Clear ACL Save Config.
Configuring the AP 7. Select Alter Filename(s)/HELP URL/TFTP Server. 8. Press ENTER. 9. Enter the firmware filename in the firmware field .Firmware Filename. Change this only if the user or system/network administrator requires a new filename. The default files for a 4131 model access point are dsap3_fw.bin and dsapt3htm.bin. dsap3_fw.bin or dsapt3htm.bin Verify the path for the filename is accurate. (See step one) 10. Select .TFTP Server field and enter the TFTP Server IP address. 11.
Configuring the AP The WIRED LAN ACTIVITY indicator on the AP does NOT flash. To view the file transfer log, switch to the TFTP application. The AP resets when the file transfer and FLASH programming completes. 16. Telnet to the AP using its IP address. 17. At the prompt type the password: Symbol The password is case-sensitive. The AP displays the Main Menu. 18. Verify the accuracy of the version number on the System Summary screen. 19. Press CTRL+D to end Telnet session. 20.
Configuring the AP The default filenames for a 4131 model access point are dsap3_fw.bin and dsapt3htm.bin 2. Attach a null modem serial cable from the AP to the PC serial port. 3. On the PC, start the emulation program. 4. Name the session Spectrum24 AP and select OK. The procedure described below is for Windows 98.
Configuring the AP 5. Select the correct communication port, typically Direct to Com1, along with the following parameters: emulation ANSI baud rate 19200 bps data bits 8 stop bits 1 parity none flow control none 6. Select OK. 7. Press ENTER to display the Main Menu.
Configuring the AP 9. From the Main Menu select Special Functions and press ENTER. Symbol Access Point Special Functions Menu Clear All Statistics Restore Factory Config. Clear MU Table Save Configuration Clear ACL Save Config.
Configuring the AP 11. Under the function heading Use Firmware and HTML File. XMODEM to Update Access Point's: select 12. Press ENTER. Selecting Firmware and HTML File downloads the files separately. Ensure both files are located in the same directory before the download begins. 13. At the confirmation prompt, press Y to display: Downloading firmware using XMODEM. Send firmware with XMODEM now ... dsap3_fw.bin and dsapt3htm.bin are the files for a 4131 model access point.
Configuring the AP 20. The download is complete when the UI displays: Download Successful Updating AP Update Successful If the firmware update fails, the UI displays an error code indicating the cause. The AP automatically resets after all file transfers are completed. • Exit the communication program to terminate the session. • Repeat this process for other APs in the network. 2.
Configuring the AP To update the AP firmware: 1. Copy the Firmware files on the terminal or PC hard disk. 2. Telnet to the AP using its IP address. 3. At the prompt type the password: Symbol The password is case-sensitive. Set the System Passwords in the Set System Configuration screen. The AP displays the Main Menu.
Configuring the AP 5. Select Special Functions from the Main Menu and press ENTER. Press F3 to view the Firmware Update Menu. Symbol Access Point Firmware Update Menu Use TFTP to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use XMODEM to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use TFTP to update ALL Access Points’: Firmware HTML file Alter Filename(s)/HELP URL/TFTP Server .Firmware Filename dsap3_fw.bin .HTML Filename dsapt3htm.
Configuring the AP 9. Press ENTER. 10. Select Save-[F1] to save settings. 11. Select Special Functions from the Main Menu. 12. Press F3 to view the Firmware Update Menu. Symbol Access Point Firmware Update Menu Use TFTP to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use XMODEM to update Access Point’s: Firmware HTML file Firmware and HTML File Config Use TFTP to update ALL Access Points’: Firmware HTML file Alter Filename(s)/HELP URL/TFTP Server .
Configuring the AP The AP displays the Main Menu. 16. Verify the accuracy of the version number on the System Summary screen. 17. Press CTRL+D to end the Telnet session. 2.16 Performing Pings An access point sends a ping packet to an MU and waits for a response. Use pings to evaluate signal strength between two stations. The other station can exist on any AP interface. This ping operates at the MAC level and not at the ICMP (Internet Control Message Protocol) level.
Configuring the AP To ping another station: 1. Select the Show Mobile Units screen from the Main Menu to display: Symbol Access Point MAIN MENU Show System Summary AP Installation Show Interface Statistics Special Functions Show Forwarding Counts Set System Configuration Show Mobile Units Set RF Configuration Show Known APs Set Access Control List Show Ethernet Statistics Set Address Filtering Show RF Statistics Set Type Filtering Show Misc.
Configuring the AP 4. Select Echo-[F1] to display the Packet Ping Setup screen: Packet Ping Setup Station Address Number of Pings 00:A0:F8:10:4A:13 10 Packet Length 10 Packet Data 55 [Start-CR] [Cancel-ESC] 5. Enter the MAC address of the station to ping. 6. Enter the number of echo requests (1 to 539), length of packets in bytes (1 to 539) and data content in hex (0x00 to 0xFF). 7. Select Start-[CR] to begin. The AP dynamically displays packets transmitted and received: Echo Test in Progress..
Configuring the AP 2.17 Mobile IP Using MD5 Authentication Users can achieve authentication by using the MD5 algorithm with a shared key configured into the AP and its MU. MD5 is a message-digest algorithm that takes an arbitrarily long message and computes a fixed-length digest version, consisting of 16 bytes (128 bits), of the original message. Users can think of the message-digest as a fingerprint of the original message.
Configuring the AP 2.18 Saving the Configuration The AP keeps only saved configuration changes after a reset. To make configuration changes permanent, save changes as needed. To save all changes: Press F1 in the configuration screens displaying the Save option or complete the following procedure: 1. Select Special Functions from the Main Menu to display: Symbol Access Point Clear Clear Clear Clear Clear Special Functions Menu All Statistics Restore Factory Config.
Configuring the AP 2.19 Resetting the AP Resetting an AP clears statistics and restores the last saved configuration. If users make unsaved changes, the AP clears those changes and restores the last saved configuration on reset. • Select Special Functions from the Main Menu. • Select Reset AP. The AP flashes its LEDs as if powering up and returns to a STATUS-flashing state. 2.
Configuring the AP 2.21 Configuring Network Time The access point is able to display the local time of the server used to validate requests for secured (password protected) resources. To view the access point network time: 1. From the Main Menu, select the Special Functions Menu. Only use the Configure Network Time screen when the WLAN KSS utility is not being used. Network time is needed to associate the time of day to MU requests for access point resources. 2.
Chapter 3 Monitoring Statistics The AP keeps statistics of its transactions during operation. These statistics indicate traffic, transmission success and the existence of other radio network devices. Clear statistics as needed. 3.1 System Summary The Show System Summary screen displays information about the APs configuration. To view information about the AP configuration: 1.
Monitoring Statistics 2. Configure the AP system settings as required: Unit Name Identifies the AP name. MAC Address (BSS) Identifies the unique 48-bit, hard-coded Media Access Control address. IP Address Identifies the network-assigned Internet Protocol address. Net_ID (ESS) Identifies the unique 32-character, alphanumeric, case-sensitive network identifier. Channel Identifies the direct-sequence channel used by the access point.
Monitoring Statistics AP Configuration ACL & Filters AP-4131 Access Point Product Reference Guide Specifies the outcome of reading and processing the downloaded ap_cfg.txt. Messages displayed can be: • Unchanged • File Download Failed • Set Successfully • Unknown Menu Page • Unknown Menu Item • Syntax Error • Invalid Item Value Specifies the outcome of reading and processing the downloaded ap_acl.txt files.
Monitoring Statistics Access Control Specifies if the access control feature is set to one of three Access Control modes: Disabled, Allowed, or Disallowed. • When Disabled (default) is selected, no filtering is performed. • When Allowed is selected, only MAC addresses specified in the Access Control List are allowed to associate with the AP. • When Disallowed is selected, only MAC addresses not specified in the Disallowed Addresses List (Address Filtering) are allowed to associate with the AP.
Monitoring Statistics 3.2 Interface Statistics The Interface Statistics screen provides: • packet forwarding statistics for each interface (Ethernet or RF) • performance information for each interface in packets per second (pps) and bytes per second (bps). The AP interface indicates packets sent to the AP protocol stack (e.g. configuration requests, SNMP, Telnet).
Monitoring Statistics 3.3 Forwarding Counts Forwarding Counts provides information on packets transmitted from one interface to another (Ethernet, radio, or AP). Forwarding Counts also displays the broadcast packets (Bcast) transmitted from the AP.
Monitoring Statistics 3.4 Mobile Units Mobile Units (MU) statistics provide information on MUs associated with the AP. The statistics include information on data sent and received, activity and association. An MU shows only in the Home/Foreign Agent Table screens when an MU has roamed to another AP on a different subnet.
Monitoring Statistics Use TAB or arrow keys to highlight the desired screen. Press ENTER to display the selected screen. • Select Regular from the Mobile Units prompt to display: Symbol Access Point Mobile Units 00:A0:F8:29:C9:E2: C:R11: 00:A0:F8:10:4A:13 P:R11: 00:A0:F8:9F:A1:71 A:R11 Info-[CR] Echo-[F1] Timed-[F2] Next-[F3] Auth-[F4] Exit-[ESC] addr [p:i:#:V] Where: addr MU MAC address in xx:xx:xx:xx:xx:xx format P, C or A MUs power mode: P for PSP and C for CAM.
Monitoring Statistics • To bring up detailed information on an MU, press TAB to highlight the MU and select Info to display: Symbol Access Point Information for MU: 00:A0:F8:29:C9:E2 Interface RF Packets Sent 620 State Associated Packets Rcvd 237 Power Mode CAM Bytes Sent 899879 Station id 1 Bytes Rcvd 14300 Begin Current Assoc 16:37:51 Discard Pkts/CRC Supported Rates 1, 2, 5.
Monitoring Statistics Displayed information includes: Interface The AP interface shows the MU connection as: RF, Ethernet or AP. State The connection state between the AP and the MU: Host indicates the unit is on the AP interface. Associated indicates the current association on the radio interface. Away indicates the unit is no longer associated with the AP. Power Mode The MU power mode: CAM, PSP or N/A. Station ID The IEEE 802.
Monitoring Statistics Sessions Bytes Sent The number of data bytes sent from the target MU during the session. Session Bytes Rcvd The number of data bytes received from the target MU during the session. Session End Clause The error code designating why the MU session was terminated.
Monitoring Statistics 3.5 Mobile IP The following tables display the mapping of MUs to mobility agents. See section 1.3.7: ”Mobile IP” on page 21. • Select Home Agent from the Show Mobile Units prompt to display: Symbol Access Point Home Agent Table Mobile Unit Foreign Agent 157.235.95.184 157.235.96.141 157.235.95.111 157.235.97.157 157.235.95.125 157.235.96.141 157.235.95.34 157.235.93.
Monitoring Statistics 3.6 Known APs The AP displays a list of the known APs derived from AP-to-AP communication. The list includes the MAC and IP addresses and configuration information for each AP. The first AP on the list provides the information. The AP recognizes other APs listed in subsequent lines. A broadcast message to APs every 12 seconds determines this list.
Monitoring Statistics • Select Switch to view the Unit Name for each known AP. Symbol Access Point Known Access Points Net_ID: IP Address 111.111.12.62 172 ENG_ONE 111.111.12.63 PUBS_TWO 111.111.12.
Monitoring Statistics The AP displays for each known AP: MAC Address The unique 48-bit, hard-coded Media Access Control address, known as the devices station identifier IP Address The network-assigned Internet Protocol address DS Channel The direct-sequence channel used by the AP. MUS The MUs associated with the AP. KBIOS The data traffic handled by the AP in kilobytes in and out per second. FW_Ver The firmware version used by the specified AP.
Monitoring Statistics 3.7 Ethernet Statistics The AP keeps Ethernet performance statistics including packet transmission and data retries until reset.
Monitoring Statistics Packets Sent The total packets sent out. Any Collision The packets affected by at least one collision. 1 + Collisions The packets affected by more than one collision. Maximum Collisions The packets affected by the maximum number of collision. Late Collisions The collisions occurring after the first 64 bytes. Defers The the times the AP had to defer transmit requests on the Ethernet because of a busy medium. – Select Refresh at the status display to update values manually.
Monitoring Statistics 3.8 Radio Statistics The AP keeps radio performance statistics including packet and communication information.
Monitoring Statistics Radio performance statistics include: Data Packets Sent The total data packets transmitted. Data Bytes Sent The total data packets transmitted in bytes. BC/MC Packets Sent The broadcast/multicast user data packets successfully transmitted. BC/MC Bytes Sent The broadcast/multicast user data bytes successfully transmitted. Sys Packets Sent The system packets successfully transmitted. SBC/MC Packets Sent The broadcast/multicast system packets successfully transmitted.
Monitoring Statistics 178 Succ Reass Packets The packets successfully reassembled. Unsucc Reass Packets The packets unsuccessfully reassembled. Fragments Rcvd The packet fragments received. Rcv Duplicate Pkts The Duplicate packets received by the AP. This indicates the AP sent an ACK, but the MU did not receive it and transmitted the packet again. Undecryptable Pkts The total data packets that could not be decrypted.
Monitoring Statistics • To display the WLAP RF Statistics screen select WLAP-[F3].
Monitoring Statistics Where: Current # WLAP Itf Refers to the current Wireless AP interfaces in use in a 1-4 range.
Monitoring Statistics WLAP Itf MAC Addr States the MAC address of the associated WLAP. Itf State Identifies the state of the interface from: • DIS - the interface is disabled • LIS - the AP listens for information • LRN - the AP learns the information • FWD - the AP forwards data • BLK - the AP blocks transmission. Path Cost An abstract unit added to the Root Path Cost field in the Config BPDU received on this interface. The unit represents a hop on the path to the Root AP.
Monitoring Statistics 3.9 Miscellaneous Statistics The AP keeps statistics on WNMP and SNMP packets, filtering and Mobile IP. The Miscellaneous Statistics screen shows grouped statistics. • Select Show Misc Statistics from the Main Menu to display: Symbol Access Point Misc System Statistics WNMP Mobile IP Echos 0 Agent Ad Sent Pings 0 Reg. Request Rcvd 0 0 Passthrough Echos 0 Reg.
Monitoring Statistics WNMP statistics include: Echoes echo requests received by the AP Pings ping requests received by the AP Passthrough Echoes echoes for MUs associated with the AP SNMP statistics include: Requests configuration requests received from the SNMP manager Traps AP messages sent to the SNMP manager Filter statistics include: ACL Violations attempts by MU, not in ACL list to associate with this AP Address packets discarded by address filter Type packets discarded by type filter
Monitoring Statistics 3.9.1 Analyzing Channel Use The AP keeps statistics for individual Channels (frequencies). These identify channels that have difficulty transmitting or receiving due to retries. To view statistics for individual channels: 1. Select Show Misc Statistics from the Main Menu. 2. Select Per Channel Statistics to display: Chnl.
Monitoring Statistics 3.9.2 Analyzing Retries The AP keeps statistics of packets with multiple retries. Use these statistics to identify severe occurrences of retries. Retries occur when the transmitting station fails to receive an acknowledgment for a transmitted packet. This lack of acknowledgment can result from: • two or more stations transmitting simultaneously and causing collisions • the receiving station moving out of range • the receiving station being powered off.
Monitoring Statistics 3.10 Event History The AP tracks specific events. The types of events logged are configurable. The log is a 128-entry circular buffer. After the 128th entry, the earliest event entry deletes. The Event History displays the most recent event at the top of the list. Each event lists a time stamp recorded in hh:mm:ss from the time the AP powered up or reset. The type of event logged follows the time stamp. If the event involves an MU or AP, the unit MAC address displays.
Monitoring Statistics 3.11 Clearing Statistics To clear statistics: 1. Select Special Functions from the Main Menu. 2. Select Clear All Statistics. The AP zeroes all statistics. Resetting the AP also clears statistics.
Monitoring Statistics 188 AP-4131 Access Point Product Reference Guide
Chapter 4 Hardware Installation AP installation includes connecting the AP to the wired network, AP placement and power up. Installation procedures vary for different environments. 4.1 Precautions Before installing the AP verify the following: 4.2 • Do not install in wet or dusty areas without additional protection. Contact a Symbol representative for more information. • Verify the environment has a temperature range between -20° C to 55° C.
Hardware Installation 4.3 Requirements The minimum installation requirements for a single-cell, peer-to-peer network: • a power outlet • an AP antenna. The 4131 AP supports a 10/100Base-T unshielded twisted pair (UTP) wired LAN cabling connection. For management user interface access to the serial connector, use a standard null-modem cable for direct serial connection. Order a null-modem cable, part number 61383-00-0, by contacting a Symbol sales representative.
Hardware Installation 3. Add more access points as needed. 4.3.3 Single Cell The single-cell connection option allows a single AP to bridge MUs without a wired network. MUs appear as peers in any Ethernet environment. 4.4 Placing the AP Antenna coverage is analogous to lighting. Users might find an area lit from far away to be not bright enough. An area lit sharply might minimize coverage and creates dark areas.
Hardware Installation If installing two antennas, enable the Antenna Selection in the User Interface found in section 2.3: ”Access Point Installation” on page 54. 4.5 Power Options Power options are as follows: • Standard 24 volt, 1 amp power supply115/230VAC, 50/60Hz. Part Number: 50-24000-024 • US line cord. Part Number: 23844-00-00 A Symbol BIAS-T system can also be used to combine low-voltage DC with Ethernet data in a single cable connecting to an access point.
Hardware Installation 4.6 Mounting the AP The AP rests on a flat surface or attaches to a wall, or any hard, flat, stable surface. Use the standard-mounting kit provided with the Spectrum24 AP-4131access point. Choose one of the options based on the environment 4.7 Resting flat Rests on the four rubber pads on the underside of the AP. Place on a surface clear of debris and away from traffic. Attaching on the wall Rests on screws.
Hardware Installation 4.8 BIAS-T Low Power Distribution System The BIAS-T system provides an economical and reliable method for powering access point(s) from a remote location. The BIAS-T system combines lowvoltage DC with Ethernet data in a single cable connecting to an access point. An Ethernet cabling infrastructure is required with the BIAS-T system, but the BIAS-T system single DC and Ethernet data cable creates a modified Ethernet cabling environment.
Hardware Installation The BIAS-T is a small lightweight unit with a RJ-45 patch cord input connector from the hub on the left-hand side and a RJ-45 patch cord output connector (via the wiring infrastructure) to an access point on the right-hand side. Also on the left-hand side of the BIAS-T is a 24-volt DC connector used to input DC power from the power supply. A separate BIAS-T is required for each access point comprising the Spectrum24 network.
Hardware Installation To install a BIAS-T system using a single BIAS-T unit and access point: Steps 1-3 could involve running Ethernet cabling through industrial walls or ceilings. Only a qualified contractor should perform this kind of cabling. 1. Attach one end of a RJ-45 patch cord (5-50 ft.) to the access point. Run the other end of the RJ-45 patch cord through a ceiling or wall into a punch down termination box. 2.
Hardware Installation 4. Attach a third RJ-45 patch cord from the input connector on the left-hand side of the BIAS-T unit to the HUB supporting the Spectrum24 component installation. 5. Attach the cable supplied with the Symbol Standard 24-volt power supply to the power-input connector on the left-hand side of the BIAS-T unit. 6. Repeat steps 1 through 5 for each additional BIAS-T unit and Spectrum24 access point connected to the HUB as part of the same Spectrum24 component installation.
Hardware Installation 4.9 LED Indicators The top panel LED indicators provide a status display indicating transmission and other activity. The indicators are: 198 Power Flashing indicates AP initialization. Steady Green during operation. Wired LAN Activity Flashing indicates data transfers on wired connection. Wireless LAN Activity Flickering indicates beacons and data transfers with MUs.
Hardware Installation 4.9.1 WLAP mode LED display. When in the WLAP mode the chart below signifies the APs LED indicator status. For the IEEE 802.11 protocol and APs using firmware version 2.51-0X or above only. 1. After power up, system initialization begins: LED State Power On Wired LAN Activity Off Wireless LAN Activity Blinks slowly 2. When a WLAP begins a full scan: LED State Power On Wired LAN Activity Off Wireless LAN Activity Blinks slowly 3.
Hardware Installation 5. When all WLAP connections are in Forward state: LED State Power On Wired LAN Activity Blinks if activity occurs Wireless LAN Activity Blinks regularly Special cases: 200 • If the WLAP manual BSS_ID is NOT set and no other WLAP is found, the WLAP goes to the functional state. • If the WLAP manual BSS_ID is set and the specified WLAP is not found, the WLAP remains in FULL Scan state permanently.
Hardware Installation 4.10 Troubleshooting Check the following symptoms and their possible causes before contacting the Symbol Support Center. 4.10.1 Ensure wired network is operating Verify AP operation: 1. AP does not power up: – faulty AP power supply – failed AC supply – Electrical Management System (EMS) operating outlet. 2. After the AP resets and hardware is initialized, it performs an SRAM test. If the test passes, the LEDs turn on. If the test fails, the LEDs all turn off and the AP resets.
Hardware Installation – Check that the radio driver loaded properly. – Check that the MU PROTOCOL.INI or NET.CFG file is compatible with the network operating system. 4. Slow or erratic performance: – Check MU and RF communications range. – Check antenna, connectors and cabling. – Verify that antenna diversity setting for AP is appropriate.
Appendix A Specifications A.1 Physical Characteristics Dimensions 1.75” H x 6” L x 8.5” W (4.45” cm H x 15.24” cm L x 21.59” cm W) Weight (w/power supply) 1 lbs. (0.454 kg) Operating Temperature -4º F to 131º F (-20º C to 55º C) Storage Temperature -40º F to 149º F (-40º C to 65º C) Humidity 10% to 95% noncondensing Shock 40 G, 11 ms, half-sine ESD meets CE-Mark Drop withstands up to a 30 in.
Specifications A.2 Radio Characteristics Frequency Range (country dependent; within 2400 MHz to 2500 MHz) Radio Data Rate • 11 Mbps -- Optional • 5.5 Mbps -- Optional • 2 Mbps -- Required • 1 Mbps -- Required 11 Mbps Range open environment - over 100 ft. typical office or retail environment - 30 to 50 ft. TX Max. Radiated EIRP US: FCC part 15.247 Europe: ETS 300 320 Japan: RCR STD-33 Modulation Binary GFSK TX Out-of-Band Emissions US: FCC part 15.247, 15.205, 15.
Specifications A.3 Network Characteristics Driver Support NDIS v4.0 and v5.0 Ethernet Frame DIX, Ethernet_II and IEEE 802.3 Filtering Packet Rate 14,400 frames per second filtering and forwarding Ethernet Connection 10/100Base-T (AP-4131 model access point only) Serial PC/AT serial port - DB9 Male, RS-232 using a DTE termination, 19200 bps SNMP s24dsap.mib, MIB-II and 802.1x.
Specifications A-4 AP-4131 Access Point Product Reference Guide
Appendix B Supported Modems The AP uses Hayes commands and is capable of working with various modems of 19200 baud or faster. Symbol does not support modems the company has not qualified. The following modems qualify to work with the AP-4131access point: • US Robotics Faxmodem v.90.56K • US Robotics Faxmodem v.33.6K • US Robotics Faxmodem v.34 and v.32 bis Sportster 28.
Supported Modems B-2 AP-4131 Access Point Product Reference Guide
Appendix C Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
Customer Support International Contacts Outside North America, contact Symbol by: • Symbol Technologies Symbol Place Winnersh Triangle, Berkshire, RG41 5TP United Kingdom 0800-328-2424 (Inside UK) +44 118 945 7529 (Outside UK) Symbol Developer Program Web Site http://software.symbol.com/devzone Symbol Knowledge Base http://kb.symbol.com/register.
Appendix D Country Identification Codes Use the table below to select a Country Name, First Channel, Number (No.) of Channels, Default Channel, Maximum Transmit Power, Regulatory Domain, and Country ID. Update these values in the AP installation screen. Contact a local representative for any country not listed. Country Name Country ID Channels Max. Tx Power (Dbm) Regulatory Domain First No.
Country Identification Codes Country Name Country ID Channels Max. Tx Power (Dbm) Regulatory Domain First No.
Country Identification Codes Country Name Country ID Channels Max. Tx Power (Dbm) Regulatory Domain First No.
Country Identification Codes A site license is required for India. To support this regulatory requirement, enter the Site License ID in the Net_ID field on the AP Installation Screen.
Appendix E Installing and Configuring Kerberos Setup Service The Kerberos Setup Service (KSS) program runs on the Key Distribution Center (KDC) server. The KSS can be used optionally to administer Spectrum24 access points authorized on the network. For example, an AP on the Access Control List (ACL) is lost or stolen. The KSS marks the AP (using the MAC address of the AP) as not authorized and notifies the administrator if the missing AP appears elsewhere on the network attempting authentication.
Installing and Configuring Kerberos Setup Service Java Runtime is on the Spectrum24 High Rate 11 Mbps Wireless LAN Software CDROM within the KSS directory. For information on installing Windows 2000 Server, setting up the KDC and enabling ActiveDirectory services, refer to the documentation shipped with Windows 2000 server. E.2 Installing the KSS in a Windows 2000 Environment Install the KSS from the Spectrum24 High Rate 11 Mbps Wireless LAN Software CDROM or go to the Symbol Website (http://www.symbol.
Installing and Configuring Kerberos Setup Service 5. Click Next when the Choose Destination Location dialog box displays to install KSS to the default destination folder. The user has the option of clicking Browse and selecting a different folder if necessary. A progress bar displays showing the progress of the KSS files installation. 6. The Setup Complete dialog box displays stating it has finished installing KSS.
Installing and Configuring Kerberos Setup Service 3. Enter the user name (20 characters maximum) in the First name and Last name fields. Click Next. 4. Enter and confirm a password for the user. 5. Select the Password never expires checkbox and click Next. A confirmation dialog box displays. Click Finish. 6. Right-click the newly created user account from the Active Directory window. Select Properties. 7. Select the Members Of tab and click Add. 8. Select Domain Admins and click Add. Click OK. 9.
Installing and Configuring Kerberos Setup Service E.3 Preparing the KSS for Access Point Validation To prepare the KSS to validate access points: 1. Click Start select Programs, WLAN, WLAN KSS, and Start KSS. The Kerberos Setup Service dialog box displays. 2. Using the user account created in the previous section, select Admin Info from the File menu or click the Key icon from the top left-hand corner of the Kerberos Setup Service dialog box. Enter Admin info and password information. 3.
Installing and Configuring Kerberos Setup Service The Preference dialog box displays. 5. Select User Defined Secret Key to enter and confirm a secret key different from the default key. If the default secret key is acceptable, leave the Default Secret Key checkbox selected. The same secret key entered in the Preference dialog box is required in the KSS Secret field of the access point Configure Kerberos Authentication screen. The Network Port default setting is 34567.
Installing and Configuring Kerberos Setup Service The Kerberos Account Entry dialog box displays. 8. Select the Edit Open Enrollment Default Properties checkbox. 9. Enter the KDC Name, Realm/Domain and KDC IP Address values. Do not set an ESSID or create a Password at this time. The ESSID/Principal and Password are sent from the AP, during Open Enrollment. APs with the same ESSID share common Kerberos account information. The ESSID is the Kerberos Principal for APs.
Installing and Configuring Kerberos Setup Service 10. Click Save. The Kerberos Account Entry property page displays the new values. 11. Click Exit to return to the Kerberos Setup Service window. 12. Click the AP ACL icon (second icon from the top right-hand side). The AP Setup Account Database dialog box displays. Select the Edit Open Enrollment Default Properties checkbox. If required, select Enable (Read/Write) from the SNMP Setting field.
Installing and Configuring Kerberos Setup Service Selecting Enable (Always) from the Setup Status pull-down menu enables KSS authentication for the selected access point at all times. Selecting Enable (Start-Expire) from the Setup Status pull-down menu enables KSS authentication for the selected access point only during the time period specified within the Setup Start Time and Setup Expire Time pull-down menus. Selecting Disable prohibits the selected access point from authenticating with the KSS. 13.
Installing and Configuring Kerberos Setup Service The Listen For Connection Box displays. 17. Select Yes if this is the correct connection port. The Kerberos Setup Service window displays. The next step is to configure the access points for Kerberos support if they have not already been configured. 18. Reboot the access points. Refer to the AP-4131 Access Point Product Reference Guide for Kerberos setup information. The connection port is required to match the AP connection port.
Installing and Configuring Kerberos Setup Service When the APs initialize, the AP list view window displays the Connection Events (APs that were either successful or were not granted access to KSS). 19. When the access points have successfully initialized, select Disable Open Enrollment from the File pull-down menu or click on the Locked Padlock icon once the access points have been granted access. Disable Open Enrollment to prevent foreign access points from getting information from the KSS.
Installing and Configuring Kerberos Setup Service E.4 Manually Creating an Access Point Setup Account Manually create an AP Setup Account for the AP and create a Kerberos account with the KDC. The AP Setup Account database stores validation information for an AP. Manually create an access point setup account only if the user does not want to use the Open Enrollment option.
Installing and Configuring Kerberos Setup Service To create an access point setup account: 1. From the Edit menu, select AP Setup ACL. 2. Enter the AP MAC Address as a Primary Key in the AP Setup Account Database dialog box. 3. Enter the ESSID. The ESSID is used as the Kerberos Principal for the AP. The AP Setup Account is used to control which access points are permitted Kerberos Setup information. Kerberos restrictions prohibit the length of the ESSID from exceeding 20 characters.
Installing and Configuring Kerberos Setup Service 4. Enter the AP access range set the time and status information using the Setup Start Time and Setup Expire Time pull-down menus. 5. Set the SNMP Setting. 6. Click Add when all the parameters have been entered. After the AP initializes, the AP list view window displays the Connection Events (APs successful in gaining access to KSS). E.
Installing and Configuring Kerberos Setup Service The access point can now be configured for Kerberos support via the Serial or Telnet interfaces. The Kerberos Configuration parameters have been moved to the Special Functions screen in the Serial and Telnet UI. 6. From the Configure Kerberos screen set Kerberos to Enabled. 7. Set the KDC Server Name/IP to the IP Address where the KDC is setup. 8. (Optional) Set the Backup KDC Name/IP to the Name or the IP Address of the backup or redundant KDC (if any). 9.
Installing and Configuring Kerberos Setup Service E-16 AP-4131 Access Point Product Reference Guide
Index Numerics 10/100Base-T unshielded twisted pair 190 10/100Base-T UTP 190 A access control 14 disallowed address 14 MU 14 unauthorized access 14 Access Control List 14 Access Point 1 access control 162 Access Control List 1 adding allowed MUs 115 adding disallowed MUs 119 advanced radio theory 12 analyzing retries 185 antenna selection 160 ARP request packet 13 ARP response packet 13 Basic Service Set 8 BSS_ID 8 CAM 24 cell 8 cellular coverage 8 Characteristics A-1 chipping sequence 18 clear statistics
monitoring statistics 159 mounting 193 network connection 190 power adapter 193 power options 192 PSP 24 Radio Characteristics A-2 radio performance statistics 176 removing allowed MUs 115 RF statistics 176 roaming across routers 22 RSSI 21 shared key authentication 26 single-cell connection 191 site survey 11 site topography 11 SNMP management 34 Supported Modems B-1 system password 51 system summary 159 TCP/IP 41 Telnet 37 topologies 4 troubleshooting 201 type filtering option 14 UI 36 Web browser 41 wire
additional DNS 57 additional gateways 56, 58 antenna selection 57 country config 56 dhcp disabled 58 dhcp/bootp enabled 58 dhcp/bootp options 58 DNS IP address 57 enable bootp only 58 enable only dhcp 58 gateway IP address 56 IP address 56 Net_ID (ESS) 57 subnet mask 57 unit name 56 AP-AP State Xchg 63 association process 19 beacon 24 Bridge Protocol Data Unit 10 CCA 20 direct-sequence systems 18 DTIM 10, 24 IEEE 802.
saving 156 Setting Logging Options 137 Special Functions 156 system parameters 59 System Password Administration 69 TCP/IP 37 Telnet 37 type filtering 120 UI 37 updating using Xmodem 132 wireless operation parameters 80 WLAP forward delay 77, 84 WLAP hello time 76, 83 WLAP manual BSS ID 76, 83 WLAP Max Age 76, 83 WLAP mode 75, 82 WLAP priority 82 configuring ACL 113 range of MUs 113 removing allowed MUs 115, 116 configuring the SNMP agent 102 access cntrl violation 104 all traps 104 authentication failure 1
DTIM AP 10 association process 10 root AP 10 E electromagnetic waves 3 encryption 25 128 Bit 92 40 Bit 90 administration 66 environment 3 ESSID 73 Ethernet interface 16 ethernet statistics 174 Ethernet wired LAN 1 F features 2 10/100baseT Ethernet port interface 2 BOOTP support 2 built-in diagnostics 2 built-in dual antenna assembly 2 DHCP support 2 DNS support 2 increased MIB support 2 PC/AT serial port interface 2 power supply IEC connector 2 short RF preamble 2 SNMP support 2 upgradable firmware 2 Web
K M Kerberos AP proxy 29 authentication 26 authentication service (AS) 28 default setting 31 disabling 31 enabling 31 implementation 26 Key Distribution Center (KDC) 27 kss function 28, E-1 manual authentication configuration 94 MU authentication 29 realm 27 TGS_REP 29 TGS_REQ 29 Ticket Granting Ticket Server 28 known APs 171 MAC and IP addresses 171 statistics 171 KSS databases 32 disable open enrollment 31 enable open enrollment 31 open enrollment period 31 MAC Layer Bridging 13 address database 13 MAC
data encryption 25 DTIM 25 filtering 14 home agent 23 known APs 171 Mobile IP 21, 170 performing pings 152 power mode 168 priority 168 removing allowed MUs 116 scanning 23 security 25 statistics 165 supported rates 168 MU association process 19 multiple APs 5 N network topology 3 P programmable SNMP trap 34 management stations 34 MIB 34 SNMP agent 34 PSP stations 24 beacon 24 MU 24 R radio basics 3 center frequency 3 digital data 3 electromagnetic waves 3 environment 3 AP-4131 Access Point Product Refer
roaming across routers 22 AP 23 home agent 23 IP address 22 Mobile IP 21 MU 23 TIM 24 root AP association process 10 Bridge Protocol Data Unit 10 DTIM 10 TIM 10 WLAP mode 10 S security 25 decryption 25 encryption 25 kdc name 96 kerberos 96 kss name 96 kss port 96 realm name 96 user id 96 WEP algorithm 25 site survey 11 antenna coverage 191 AP 191 floor plan 12 hardware installation 189 site topography 11 AP 11 MU 11 signal loss 11 SNMP 34 configurtion 34 Index-8 manager 34 support 35 trap 34 Spectrum24 1
kerberos 96 kss name 96 kss port 96 MD5 key 62 Modem Connected 63 MU-MU Disallowed 63 password 96 realm name 96 rf Interface 65 S24 Mobile IP 62 System Password Admin 64 Telnet logins 60, 61 type filtering 63 user id 96 user password 70 WNMP functions 63 system password 47 system summary 159 access control 162 antenna selection 160 country code 160 current MUs 162 firmware version 162 IP address 158, 160 MAC address 158, 160 model number 162 Net_ID 160 serial number 162 WLAP mode 162 T TIM association proc
WLAP Max Age 75, 76, 83 WLAP mode 75, 82 WLAP priority 75, 82 WLAP priority value 10 WLAP forward delay configuration 77, 84 WLAP hello time configuration 76, 83 WLAP manual BSS ID configuration 76, 83 WLAP Max Age configuration 76, 83 WLAP mode AP 6, 7, 81 association process 10 Index-10 bridge 6, 7, 81 configuration 75, 82 repeater 7 root AP 10 system summary 162 WLAP mode LED display special cases 200 WLAP priority configuration 82 WNMP function AP 8 X Xmodem 143 updating configuration 132 AP-4131 Ac