manualshive.com logo in svg

Airespace AS-4012, Product Manual

The Airespace AS-4012 Product Manual is your essential guide to unlock the full potential of your device. With easy-to-follow instructions and detailed explanations, this manual is available for free download at manualshive.com. Empower yourself with the knowledge needed to make the most out of your device.

Share
Download
background image

10/10/03

Rogue Access Points

 

90-100584-004

Airespace Product Guide

60

About Rogue Access Points

Rogue Access Points

Because they are inexpensive an readily available, clients are plugging unauthorized rogue access 
points (rogue APs) into existing LANs and building ad hoc wireless networks without IT department 
knowledge or consent.
These rogues can be a serious breach of network security, because they can be plugged into a network 
port behind the corporate firewall. Because clients generally do not enable any security settings on the 
rogues, it is easy for unauthorized clients to use the access point to intercept network traffic and hijack 
client sessions. Even more alarming, wireless clients and war chalkers frequently publish unsecure 
access point locations, increasing the odds of having the enterprise security breached. 
Rather than using a person with a scanner to manually detect rogue APs, the Airespace System auto-
matically collects information on rogue access points detected by its managed 

Airespace Access Points

 

and 

Third-Party Access Points

, by MAC and IP address, and allows the system operator to tag and 

monitor them as described in the 

Detecting and Monitoring Rogue Access Points

 section. Finally, the 

AireOS can be used to discourage rogue AP clients by sending them deauthenticate and disassociate 
messages from one to four Airespace APs. Because this real-time detection is automated, it saves labor 
costs used for detecting and monitoring rogue APs while improving LAN security.
See also 

Rogue AP Tagging and Containment

.

Summary of Contents for AS-4012

Page 1: ...cation specific solutions to real world problems Go to the TASKS section to find detailed instructions on how to install configure use and troubleshoot Airespace products and supported 802 11 networks Visit the REFERENCES section to see technical information such as the Access Point Site Survey Guide Quick Installation Guides Web Browser Online Help files and Release Notes FCC Statements for Aires...

Page 2: ...espace Product Guide ii Legal InformationLegal Information This section includes the following legal information Limited Warranty Software License Agreement SSH Source Code Statement OpenSSL Project License Statements Trademarks and Service Marks ...

Page 3: ...e Products not returned to Airespace will be invoiced at full Product list prices Replacement Products may be new reconditioned or contain refur bished materials In connection with any warranty services hereunder Airespace may in its sole discretion modify the Product at no cost to you to improve its reliability or performance Warranty Claim ProceduresWarranty Claim Procedures Should a Product fai...

Page 4: ...D SOME STATES JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO END CUSTOMER THIS LIMITED WARRANTY GIVES END CUSTOMER SPECIFIC LEGAL RIGHTS END CUSTOMER MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE JURISDICTION TO STATE JURISDICTION TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL AIRESPACE OR ITS SUPPLIERS BE LIABLE FOR ...

Page 5: ...ware as embedded in Equipment in connection with a transfer of all of Licensee s right title and interest in such Equipment to a third party provided that Licensee transfers the Embedded Software and any copies thereof subject to the terms and conditions of this Agreement and such third party agrees in writing to be bound by all the terms and conditions of this Agreement g Notwithstanding anything...

Page 6: ...ase performance display or disclosure of such technical data shall be governed by the terms of DFAR section 227 7015 b 8 Limitation of Liability TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL AIRESPACE OR ITS SUPPLIERS BE LIABLE FOR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF PROFITS OR FOR ANY SPECIAL CONSEQUENTIAL INCIDENTAL PUNITIVE OR INDIRECT DAMAGES O...

Page 7: ...ION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OpenSSL Project License StatementsOpenSSL Project License Statements Copyright c 1998 2002 The OpenSSL Project All rights reserved THIS SOFTWARE IS PROVIDED BY THE OpenSS...

Page 8: ...de viii Trademarks and Service MarksTrademarks and Service Marks Airespace AireOS and AireWave Director Software are trademarks of Airespace Inc All other trademarks service marks and product names used in this document are the property of their respec tive owners ...

Page 9: ...al Support can provide end users and channel partners the following services Telephone support Troubleshooting Escalating issues as required Please have the following available when making a call Equipment model number s Airespace Wireless Switch and WLAN Appliance AireOS software revision level AS_1_2_x_x Airespace Control System Software revision level 1 2 x xx Symptom s Network configuration Yo...

Page 10: ...e interference at his own expense RF Radiation Hazard WarningRF Radiation Hazard Warning To ensure compliance with FCC RF exposure requirements this device must be installed in a location such that the antenna of the device will be greater than 20 cm 8 in from all persons Using higher gain antennas and types of antennas not covered under the FCC certification of this product is not allowed Install...

Page 11: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential ...

Page 12: ...10 10 03 Notes 90 100584 004 Airespace Product Guide xii Notes Notes ...

Page 13: ...pliance Deployments 5 Multiple Airespace Switch and Appliance Deployments 8 About AireOS Security 9 About Airespace Wired Security 10 About AireWave Director Software 11 About the Master Airespace Switch or Appliance 13 About the Primary Airespace Switch or Appliance 14 About Client Roaming 15 Same Airespace Switch or Appliance Layer 2 Roaming 15 Inter Airespace Switch and Appliance Layer 2 Roamin...

Page 14: ...s 45 Antenna Sectorization 45 802 11a Internal Antenna Patterns 45 802 11b g Internal Antenna Patterns 48 802 11a b g Internal Antenna Patterns 50 About Airespace AP LEDs 51 About Airespace AP Connectors 52 About Airespace AP Power Requirements 54 About Airespace AP External Power Converter 55 About Airespace AP Mounting Options 56 About Airespace AP Physical Security 57 About Airespace AP Monitor...

Page 15: ...mized Web Auth Login Page 91 TASKS Using the Airespace CLI Logging Into the CLI 95 Using a Local Serial Connection 95 Using a Remote Ethernet Connection 96 Logging Out of the CLI 98 CLI Tree Structure 99 Navigating the CLI 100 Viewing Network Status 101 Configuring the Airespace Switch or Appliance Collecting Airespace Switch or Appliance Parameters 103 Configuring System Parameters 104 Time and D...

Page 16: ...ware Service Status 138 Starting an ACS Software Client 139 Stopping an ACS Software Client 142 Configuring ACS Software 143 Adding Devices to the ACS Software Database 144 Adding Airespace Switches and Appliances to ACS 145 Manually Adding an Airespace Switch or Appliance to ACS 145 Using ACS Airespace Switch and Appliance Autodiscovery 149 Adding a Single Campus Map to the ACS Software Database ...

Page 17: ...220 Viewing Configurations show 802 11a 223 show 802 11b 224 show advanced 802 11a channel 225 show advanced 802 11a group 226 show advanced 802 11a logging 227 show advanced 802 11a monitor 228 show advanced 802 11a power 229 show advanced 802 11a profile 230 show advanced 802 11a summary 231 show advanced 802 11b channel 232 show advanced 802 11b group 233 show advanced 802 11b logging 234 show ...

Page 18: ...78 show snmpv3user 279 show snmpversion 280 show spanningtree port 281 show spanningtree switch 282 show stats port 283 show stats switch 285 show switchconfig 287 show sysinfo 288 show syslog 289 show time 290 show trapflags 291 show traplog 292 show virtual address 293 show wlan 294 show wlan summary 296 Setting Configurations config 802 11a antM ode 303 config 802 11a beaconperiod 304 config 80...

Page 19: ...802 11a profile coverage 340 config advanced 802 11a profile customize 341 config advanced 802 11a profile exception 342 config advanced 802 11a profile foreign 343 config advanced 802 11a profile level 344 config advanced 802 11a profile noise 345 config advanced 802 11a profile throughput 346 config advanced 802 11a profile utilization 347 config advanced 802 11b channel foreign 348 config advan...

Page 20: ...87 config country 388 config custom web redirect url 389 config custom web webmessage 390 config custom web webtitle 391 config load balancing 392 config loginsession close 393 config macfilter add 394 config macfilter delete 395 config macfilter mac delimiter 396 config macfilter wlan id 397 config mgmtuser add 398 config mgmtuser delete 399 config mgmtuser password 400 config mobility group disc...

Page 21: ...rt protocol 442 config sessions maxsessions 443 config sessions timeout 444 config snmp community accessmode 445 config snmp community create 446 config snmp community delete 447 config snmp community ipaddr 448 config snmp community mode 449 config snmp syscontact 450 config snmp syslocation 451 config snmp trapreceiver create 452 config snmp trapreceiver delete 453 config snmp trapreceiver mode ...

Page 22: ... config wlan security 802 1X encryption 493 config wlan security cranite 494 config wlan security ipsec 495 config wlan security ipsec authentication 496 config wlan security ipsec encryption 497 config wlan security ipsec ike authentication 498 config wlan security ipsec ike dh group 499 config wlan security ipsec ike lifetime 500 config wlan security ipsec ike phase1 501 config wlan security pas...

Page 23: ...ebug airewave director 540 debug arp 541 debug bcast 542 debug crypto 543 debug dhcp 544 debug disable all 545 debug dot11 events 546 debug dot11 frames 547 debug l2age 548 debug lwapp 549 debug mac 550 debug mobility 551 debug pem 552 debug pm 553 debug poe 554 debug transfer 555 Airespace Access Point Deployment Guide Deployment Overview 2 Step 1 Determining Deployment Requirements 3 Assumptions...

Page 24: ...aring Mounting Locations 4 Step 3 Mounting the Airespace APs 6 Ceiling Mount 7 Projection Wall Mount 9 Flush Wall Mount 11 Step 4 Returning MAC Information 13 Planning Notes 14 About Cables 14 About External Antennas 14 About Mounting Options 15 About Physical Security 16 Airespace Switch and Appliance Quick Installation Guide Overview 2 Step 1 Collecting Required Tools and Information 6 Hardware ...

Page 25: ...rom Here 14 Airespace Web Browser Interface Online Help Using the Web Browser Interface Menu Bar 2 Selector Area 3 Main Data Page 3 Administrative Tools 3 Button Area 3 Applying Parameters 4 Refreshing the Screen 4 Troubleshooting 4 Monitor Menu Bar Selection Summary 6 Switch Statistics 7 Ports 9 Ports Statistics 11 Rogue APs 16 Rogue Radio Detail 17 802 11a Airespace Radios 19 Airespace APs Stati...

Page 26: ...ers Auto RF 81 Country 84 Timers 85 Security Menu Bar Selection RADIUS Authentication Servers 87 RADIUS Authentication Servers New 88 RADIUS Authentication Servers Edit 89 RADIUS Accounting Servers 90 RADIUS Accounting Servers New 91 RADIUS Accounting Servers Edit 92 Local Net Users 93 Local Net Users New 94 MAC Filters 95 MAC Filters New 96 Black List Clients 97 Black List Client New 98 Black Lis...

Page 27: ...Bar Selection Upload File 134 Download File 135 System Reboot 136 System Reboot Save 137 System Reboot Confirm 138 Reset to Factory Default 139 Set Time 140 Airespace System Release Notes 1 2 80 0 Airespace Wireless Enterprise Platform Components 2 Requirements for Airespace System Components 3 Airespace Wireless Switch and WLAN Appliance 1 2 80 0 4 New Features Available in this Release 4 Feature...

Page 28: ...10 10 03 Notes 90 100584 004 Airespace Product Guide xxviii Notes Notes ...

Page 29: ...ance Deployments Multiple Airespace Switch and Appliance Deployments AireOS Security Airespace Wired Security AireWave Director Software Client Roaming External DHCP Servers Airespace Mobility Group Airespace Wired Connections Airespace WLANs Transferring Files Power Over Ethernet Airespace Switches and Appliances Airespace Access Points Third Party Access Points Rogue Access Points Airespace Cont...

Page 30: ...terfaces The Airespace Control System Software ACS Software Server interface is used to configure and monitor one or more Airespace Switches and Appliances and associated APs and has tools to facilitate large system monitoring and control The Airespace Control System Software runs on any Windows 2000 or XP platform A full featured CLI command line interface can be used to configure and monitor ind...

Page 31: ...04 Airespace Product Guide 3 Refer to the following for more information AireOS Single Airespace Switch or Appliance Deployments Multiple Airespace Switch and Appliance Deployments AireOS Security Airespace Wired Security AireWave Director Software ...

Page 32: ...space Product Guide 4 About the AireOSAireOS The AireOS or Airespace Operating System is software that controls Airespace Wireless Switches and Airespace Access Points It includes AireOS Security and AireWave Director Software functions ...

Page 33: ...rol of Airespace Access Points Full control of associated Third Party Access Points through the native third party AP interface and real time control of system wide WLAN 802 1x security policies Full control of up to 16 Airespace AP and one third party AP WLAN policy engines as described in the Airespace Switch and Appliance Quick Installation Guide The following figures show typical single Airesp...

Page 34: ...t may or may not provide Power Over Ethernet to the Airespace APs Note that the 4102 Airespace WLAN Appliance uses two redundant GigE connections to bypass single network failures At any given time one of the 4102 Airespace WLAN Appliance GigE connections is active and the other is passive Upon a switched network failure the active connection becomes passive and the passive connection becomes acti...

Page 35: ...multaneously connect to the Model 4012 or 4024 Airespace Wireless Switch in Direct Connect and Appliance Mode with or without the Airespace Wireless Switch or the switched network equipment providing Power Over Ethernet to the Airespace APs Figure Typical 4012 or 4024 Single Airespace Wireless Switch Deployed in Hybrid Mode ...

Page 36: ...ment Autodetecting and autoconfiguring Airespace Switch or Appliance RF parameters as the Airespace Switches and Appliances are added to the network as described in AireWave Director Software Same Airespace Switch or Appliance Layer 2 Roaming and Inter Subnet Layer 3 Roaming Automatic Airespace Switch and Appliance Failover Protection to any redundant Airespace Switch or Appliance with unused port...

Page 37: ... Terminated and pass through IPSec IP security protocols The terminated Airespace IPSec implementation includes IKE internet key exchange DH Diffie Hellman groups and Three optional levels of encryption DES ANSI X 3 92 data encryption standard 3DES ANSI X9 52 1998 data encryption standard or AES CBC advanced encryption stan dard cipher block chaining The Airespace IPSec implementation also include...

Page 38: ... Airespace Switch and Appliance communications during device management and Client Roaming the AireOS includes built in security The AireOS automatically loads signed X 509 certificates into each Airespace Switch and Appliance and Airespace AP to authenticate IPSec tunnels between devices These IPSec tunnels ensure secure communications for mobility and management Airespace Switches and Appliances...

Page 39: ...s grouped Airespace APs reporting to each Airespace Switch or Appliance This is particularly important when many clients converge in one spot such as a conference room or auditorium because AireWave Director Software can automatically force some subscribers to associate with nearby APs allowing higher throughput for all clients Automatically detect and configure new Airespace APs as they are added...

Page 40: ...mance and reliability The AireWave Director Software functions also free the operator from having to continu ally monitor the network for noise and interference problems which can be transient and difficult to troubleshoot Finally the AireWave Director Software controls ensure that clients enjoy a seamless trouble free connection through the Airespace 802 11 network ...

Page 41: ...or Appliance assigned auto matically attempt to associate with the Master Airespace Switch or Appliance This process is described in Airespace Switch and Appliance Failover Protection The operator can monitor the Master Airespace Switch or Appliance using the Airespace Web Browser Interface or the Airespace Control System Software GUI and watch as Airespace APs associate with the Master Airespace ...

Page 42: ...Mode on the same subnet To ensure that each Airespace AP associates with a particular Airespace Switch or Appliance the operator can assign a Primary Airespace Switch or Appliance to the Airespace AP When an Airespace AP is added to a switched network it looks for its Primary Airespace Switch or Appliance first then a Master Airespace Switch or Appliance then the least loaded Airespace Switch or A...

Page 43: ...to IP address or when the operator set session timeout is exceeded Inter Subnet Layer 3 RoamingInter Subnet Layer 3 Roaming Similarly in Multiple Airespace Switch and Appliance Deployments the Airespace System supports client roaming across Airespace APs and third party APs managed by Airespace Switch and Appliance on different subnets This roaming is transparent to the client because the session ...

Page 44: ... WLANs section Note that Airespace WLANs that support Management over Wireless must allow the management clients to obtain an IP address from a DHCP Server Security ConsiderationsSecurity Considerations For enhanced security it is recommended that operators require all clients to obtain their IP addresses from a DHCP server To enforce this requirement all Airespace WLANs can be configured with a D...

Page 45: ...nd Line Interface The following figure shows the results of creating Mobility Group Names for two groups of Airespace Switches and Appliances The Airespace Switches and Appliances in the ABC Mobility Group recognize and communicate with each other through their Airespace Access Points and through their shared subnets but the ABC Mobility Group tags the XYZ Airespace APs as Rogue Access Points Like...

Page 46: ...e the Airespace Switches and Appliances talk to each other when they are in the same mobility group Airespace recommends that operators do not add physically separated Airespace Switches and Appliances to the same static mobility group to avoid unnecessary traffic on the switched network ...

Page 47: ...4 Airespace Switches and Appliances uses standard 802 3 CAT 5 Category 5 or higher twisted pair Ethernet cables to connect to Airespace Access Points and Third Party Access Points The CAT 5 cable is rated to carry 100 Mbps recom mended for 802 11a 802 11a b 802 11a g or 802 11a b g installations or 10 Mbps only recommended for low bandwidth applications and 802 11b only installations The 4012 and ...

Page 48: ...ve and the passive connection becomes active When the 4012 and 4024 Airespace Wireless Switches are operated in Hybrid Mode some Airespace APs and third party APs use the CAT 5 cable to connect to the Airespace Wireless Switch in Direct Connect Mode and some connect in Appliance Mode The Airespace Wireless Switch connects to the switched network using a copper 10 100Base T cable or a copper or fib...

Page 49: ...ort 1 which supports up to 100 Mbps or through Gigabit Ethernet or GigE cabling which supports up to 1 Gbps 1 000 Mbps The 4101 Airespace WLAN Appliance connects to the switched network using a fiber optic GigE cable The 4102 Airespace WLAN Appliance connects to the switched network using two fiber optic GigE cables two redundant GigE connections to bypass single network failures At any given time...

Page 50: ...nt panel in Direct Connect Mode The Airespace APs broadcast all active WLAN SSIDs and enforce the policies defined for each WLAN while the operator managed third party APs broadcast the third party AP SSID and enforce the oper ator defined policies Note that many enterprises use different WLANs to separate traffic for different sections or departments If Mgmt Via Wireless is enabled on a non IPSec...

Page 51: ...Wireless Switch or WLAN Appliance using Airespace CLI commands Airespace Web Browser Interface commands or Airespace Control System Software ACS Software commands To use CLI commands refer to Transferring Files To and From an Airespace Switch or Appliance To use the Web Browser Interface go to Using the Airespace Web Browser Interface To use ACS Software Server commands continue with Using the Air...

Page 52: ...oE the installer runs a single CAT 5 cable from each Airespace AP to the PoE equipped Airespace Switches and Appliances or other network element or to a PoE power hub When the PoE equipment determines that the Airespace AP is PoE enabled it sends 48 VDC over the unused pairs in the Ethernet cable to power the Airespace AP Note Airespace APs can receive power from the Airespace Wireless Switch or a...

Page 53: ... in highly reliable 802 11 enterprise networks with unparalleled security This section includes the following 4012 and 4024 Airespace Wireless Switch Models 4101 and 4102 Airespace WLAN Appliance Models Airespace Switch and Appliance Features Airespace Switch and Appliance Model Numbers Direct Connect Mode Appliance Mode Hybrid Mode Distribution System Port Service Management Port Airespace Switch...

Page 54: ...stead of 24 Figure 4024 Airespace Wireless Switch The 4012 and 4024 Airespace Wireless Switches are one unit high 802 11 Wireless Switches that communicate directly Direct Connect Mode indirectly Appliance Mode or both Hybrid Mode with up to 24 Model 4024 or 12 Model 4012 associated Airespace Access Points and or Third Party Access Points The 4012 and 4024 Airespace Wireless Switches can be factor...

Page 55: ...pliance Mode with up to 36 associated Airespace Access Points The 4101 and 4102 Airespace WLAN Appliances can be factory ordered with an Enhanced Security Module Crypto Card to support VPN IPSec and other processor intensive tasks and with one 4101 or two 4102 1000Base SX network connectors to allow the Airespace WLAN Appliance to communicate with the switched network at GigE Gigabit Ethernet spee...

Page 56: ...hernet cables When operated in Appliance Mode the 4012 and 4024 Airespace Wireless Switches communicate with Airespace APs via 10 100Base T Ethernet or 1000Base T or 1000Base SX cables through the switched network When operated in Appliance Mode the 4101 and 4102 Airespace WLAN Appliances communicate with Airespace APs via 1000Base SX cables through the switched network Note that the 4102 Airespac...

Page 57: ...lover Protection Switched Network Connection to an Airespace Switch or Appliance Enhanced Security Module Airespace Access Points Airespace WLANs Transferring Files Configuring the Airespace Switch or Appliance Transferring Files To and From an Airespace Switch or Appliance Updating the AireOS Software Clearing Configurations Resetting the Airespace Switch or Appliance Airespace Switch and Applian...

Page 58: ... SX LC Network Adapter used only in Appliance Mode The 4102 Airespace WLAN Appliance uses two redundant GigE connec tions to bypass single network failures That is at any given time one of the 4102 Airespace WLAN Appliance GigE connections is active and the other is passive Upon a switched network failure the active connection becomes passive and the passive connection becomes active Note that all...

Page 59: ...witches communicate with the backbone network via a 1000Base T or 1000Base SX Network Port or via front panel 10 100Base T Ethernet Port 1 as described in the Switched Network Connection to an Airespace Switch or Appliance section Note When you use front panel 10 100Base T Ethernet Port 1 to communicate with the switched network you can no longer use that port to communicate with an Airespace AP o...

Page 60: ...e Switch or Appliance communi cates indirectly with up to 36 Models 4101 and 4102 up to 24 Model 4024 or up to 12 Model 4012 associated Airespace APs and or third party APs for 4012 or 4024 Airespace Wireless Switches through the switched network The following figure shows an Airespace Switch or Appliance in Appliance Mode Figure Airespace Wireless Switch or WLAN Appliance Deployed in Appliance Mo...

Page 61: ... rectly with up to 24 Model 4024 or up to 12 Model 4012 associated Airespace APs and or third party APs over Ethernet cabling and with associated Airespace APs through the switched network The following figure shows an Airespace Wireless Switch in Hybrid Mode Figure Airespace Wireless Switch Deployed in Hybrid Mode The Airespace Wireless Switch communicates with the switched network using one of t...

Page 62: ...ens across the switched network for Airespace AP polling messages to autodiscover associate with and communicate with as many Airespace APs as it is configured to allow Note Should another Airespace WLAN Appliance or Airespace Wireless Switch in Appliance Mode fail its dropped Airespace APs poll the switched network for another Airespace Switch or Appliance When an online Airespace Switch or Appli...

Page 63: ... 1 2 x which can ensure AireOS management access during switched network downtime Airespace created the Service Management port to remove the Airespace System management from the switched network data stream to improve security and to provide a faster management connection Note that you cannot assign a Gateway to the Service Management Port and so the Port is not routable unlike the other front pa...

Page 64: ...ing a valid IP configuration protocol none or DHCP and if none IP address and netmask If you do not want to use the Service Management Port enter 0 0 0 0 for the IP address and netmask this disables the Service Port Note Airespace recommends that you not use the switched network for your AireOS manage ment because a service outage on your switched network means that you have no dedicated path to t...

Page 65: ...uration and NVRAM non volatile RAM which holds the reboot configuration When you are configuring the AireOS in an Airespace Switch or Appliance you are modifying volatile RAM you must save the configuration from the volatile RAM to the NVRAM to ensure that the Airespace Switch or Appliance reboots in the current configuration Knowing which memory you are modifying is important when you are Using t...

Page 66: ...ance Deployments this means that if one Airespace Switch or Appliance fails its dropped Airespace APs immediately do the following under direction of the AireWave Director Software If the Airespace AP has a Primary Airespace Switch or Appliance assigned it attempts to associate with that Airespace Switch or Appliance If the Airespace AP has no Primary Airespace Switch or Appliance assigned or if i...

Page 67: ...e switched network Model 4012 and 4024 Airespace Wireless SwitchesModel 4012 and 4024 Airespace Wireless Switches The 4012 and 4024 Airespace Wireless Switch can communicate with the switched network through one of three physical interfaces but the logical Distribution System Port can be assigned to only one physical port The three physical interfaces are A GigE 1000Base SX fiber optic cable can p...

Page 68: ...on System Port can be assigned to the one or two physical ports The physical interfaces areas follows A GigE 1000Base SX fiber optic cable can plug into the LC connector on the front of the 4101 Airespace WLAN Appliance Two GigE 1000Base SX fiber optic cables can plug into the LC connectors on the front of the 4102 Airespace WLAN Appliance Note that the two GigE ports are redundant the first port ...

Page 69: ...ant hardware encryption acceleration to the Airespace Wireless Switch or WLAN Appliance which enables the following through the Distribution System Port Sustain up to 1 Gbps throughput with Layer 2 and Layer 3 encryption enabled Provide a built in VPN server for mission critical traffic Support high speed processor intensive encryption such as IPSec and 3DES Provides sufficient processor power to ...

Page 70: ...ve Airespace Wireless Enterprise Platform Airespace System When associated with an Airespace Switches and Appliances as described below the Airespace AP provides advanced 802 11a and or 802 11b g Access Point functions in a single aesthetically pleasing enclosure The following figure shows the Airespace Access Point Figure Airespace Access Point with Ceiling Mount Base ...

Page 71: ...ce home office APs and resides in the Airespace Wireless Switches and WLAN Appliances The following figure shows Airespace Access Points and Third Party Access Points connected to the 4012 or 4024 Airespace Wireless Switch front panel in Direct Connect Mode Figure 4012 and 4024 Airespace Wireless Switch and Access Points Refer to the following for more information on Airespace APs Airespace AP Mod...

Page 72: ...802 11b g radio four high gain internal antennas and no external antenna adapters AS 1200 ABG Airespace AP with one 802 11a and one 802 11b g radio and four high gain internal antennas one 5 GHz external antenna adapter and two 2 4 GHz external antenna adapters AS 1200 ABG int Airespace AP with one 802 11a and one 802 11b g radio four high gain internal antennas and no external antenna adapters Th...

Page 73: ...r is associated with the internal Side A antenna and that the 2 4 GHz Right external antenna connector is associated with the internal Side B antenna When you have 802 11b g diversity enabled the Left external or Side A internal antennas are diverse from the Right external or Side B internal antennas Also note that the 802 11a 5 GHz Left external antenna connector is separate from the internal ant...

Page 74: ...al and Internal Antennas 90 100584 004 Airespace Product Guide 46 Figure 1200 Airespace AP 802 11a OMNI Dual Internal Azimuth Antenna Gain Pattern Figure 1200 Airespace AP 802 11a OMNI Dual Internal Elevation Antenna Gain Pattern ...

Page 75: ...nternal Antennas 90 100584 004 Airespace Product Guide 47 Figure 1200 Airespace AP 802 11a Sectorized Single Internal Azimuth Antenna Gain Pattern Figure 1200 Airespace AP 802 11a Sectorized Single Internal Elevation Antenna Gain Pattern ...

Page 76: ...e coverage area The two internal antennas can be used at the same time to provide a 360 degree Omnidirectional coverage area or either antenna can be disabled to provide a 180 degree Sectorized coverage area The 802 11b g radio supports receive and transmit diversity between the internal antennas and or optional factory supplied external antennas Figure 1200 Airespace AP 802 11b g OMNI Dual Intern...

Page 77: ...ernal Antennas 90 100584 004 Airespace Product Guide 49 Figure 1200 Airespace AP 802 11b g Sectorized Single Internal Azimuth Antenna Gain Pattern Figure 1200 Airespace AP 802 11b g Sectorized Single Internal Elevation Antenna Gain Pattern ...

Page 78: ... g radio and four fully enclosed high gain antennas which provide large 360 degree 802 11a and 802 11b g coverage areas a shown in the 802 11a Internal Antenna Patterns and 802 11b g Internal Antenna Patterns sections Note that the 802 11b g radio supports receive and transmit diversity between the internal antennas while the 802 11a radio only supports diversity between the internal antennas and ...

Page 79: ...Ds across the top of the case They can be viewed from nearly any angle The LEDs indicate power and fault status 2 4 GHz 802 11b g radio activity and 5 GHz 802 11a radio activity This LED display allows the wireless LAN manager to quickly monitor the Airespace AP status For more detailed troubleshooting instructions refer to the Troubleshooting section ...

Page 80: ...polarity TNC antenna jacks used to plug optional external antennas into the Airespace AP two for an 802 11b g radio and one for an 802 11a radio Figure Airespace AP External Connectors The Airespace AP communicates with an Airespace Wireless Switch or WLAN Appliance using standard CAT 5 Category 5 or higher 10 100 Mbps twisted pair cable with RJ 45 connectors Plug the CAT 5 cable into the RJ 45 ja...

Page 81: ...mnidirectional coverage However some Airespace AP models can also use optional factory supplied external high gain and or directional antennas as described in Airespace AP External and Internal Antennas When you are using external antennas plug them into the male reverse polarity TNC jacks on the side of the Airespace AP as described in the Airespace Access Point Quick Installation Guide Note The ...

Page 82: ... Watts The polarity of the DC source does not matter because the Airespace AP can use either a 48 VDC or a 48 VDC nominal source Airespace APs can receive power from an external power converter see figure below plugged into the side of the Airespace AP case or from Power Over Ethernet Figure Typical Airespace AP External Power Converter For more information about the Airespace AP specifications an...

Page 83: ...DC power converter or from Power Over Ethernet equipment The external power converter plugs into a secure 115 VAC convenience outlet to avoid having cleaning personnel unplug the converter when they use power cleaning equipment The converter produces the required 48 VDC output Airespace AP Power Requirements for the Airespace AP The converter output feeds into the side of the Airespace AP through ...

Page 84: ... Mounting Options 90 100584 004 Airespace Product Guide 56 About Airespace AP Mounting OptionsAirespace AP Mounting Options Refer to the Airespace Access Point Quick Installation Guide for the Airespace AP mounting options ...

Page 85: ...of the Airespace AP housing includes a slot for a Kensington MicroSaver Security Cable You can use any MicroSaver Security Cable to ensure that your Airespace AP stays where you mounted it Refer to the Kensington website for more information about their security products or to the Airespace Access Point Quick Installation Guide for installation instructions ...

Page 86: ...etection and containment while providing regular service However if the adminis trator would prefer to dedicate specific Airespace APs to rogue detection and containment or if a network that provides IDS only functions is desired the Monitor mode should be enabled The Monitor function is set for all 802 11 radios on a per Access Point basis in the Airespace APs Details section in the Using the Web...

Page 87: ... Software application In addition the Airespace System can be used to enforce real time control of system wide 802 1x security policies for third party AP WLANs as described in AireOS Security Note Third party APs must be connected directly to the front panel of 4012 and 4024 Airespace Wireless Switches for the AireOS to control them using the third party AP WLAN 17 Because the 4101 and 4102 Aires...

Page 88: ...alarming wireless clients and war chalkers frequently publish unsecure access point locations increasing the odds of having the enterprise security breached Rather than using a person with a scanner to manually detect rogue APs the Airespace System auto matically collects information on rogue access points detected by its managed Airespace Access Points and Third Party Access Points by MAC and IP ...

Page 89: ...e and disassociate messages from one to four Airespace APs Tag rogue APs Acknowledge rogue APs when they are outside of the LAN and do not compromise the LAN or WLAN security Accept rogue APs when they do not compromise the LAN or WLAN security Tag rogue APs as unknown until they are eliminated or acknowledged Tag rogue APs as contained and continue discouraging rogue AP clients from associat ing ...

Page 90: ...nce as it appears on the switched network Auto discovery of Airespace Access Points as they associate with operating Airespace Switches and Appliances Auto discovery of Rogue Access Points and manual association of Third Party Access Points with Airespace Wireless Switches Map based organization of Access Point areas helpful when the enterprise spans more than one geographical area Refer to Config...

Page 91: ...ross a range of IP addresses In either case the Autodiscovery function finds all Airespace Switches and Appliances on the switched network within the specified IP address range and automatically enters discovered Airespace Switch and Appliance information into the ACS Software Server database Note Airespace Switch and Appliance Autodiscovery can take a long time on a Class C address range Because ...

Page 92: ...recommends that you enable the https and disable the http inter faces to ensure more robust security for your Airespace System Because the CLI works with one Airespace Switch or Appliance at a time the Airespace Web Browser Interface is especially useful in Single Airespace Switch or Appliance Deployments or in Multiple Airespace Switch and Appliance Deployments when you wish to connect to a singl...

Page 93: ...he CLI works with one Airespace Switch or Appliance at a time the Airespace Command Line Interface is especially useful in Single Airespace Switch or Appliance Deployments or in Multiple Airespace Switch and Appliance Deployments when you wish to connect to a single Airespace Switch or Appliance The Airespace Switch or Appliance and its associated Airespace APs can be configured and monitored usin...

Page 94: ...10 10 03 Notes 90 100584 004 Airespace Product Guide 66 Notes Notes ...

Page 95: ...0584 003 SOLUTIONSSOLUTIONS SOLUTIONS AireOS Security Configuring a Firewall for ACS Software Server Configuring AireOS for SpectraLink NetLink Telephones Management over Wireless Configuring a WLAN for a DHCP Server Customizing the Web Auth Login Screen ...

Page 96: ...S SecurityAireOS Security AireOS Security includes the following sections Overview Layer 1 Solutions Layer 2 Solutions Layer 3 Solutions Single Point of Configuration Policy Manager Solutions Rogue AP Solutions Integrated Security Solutions Simple Cost Effective Solutions ...

Page 97: ...Platform Airespace System provides simpler unified and systematic security management tools One of the biggest hurdles to WLAN deployment in the enterprise is the WEP Wired Equivalent Privacy encryption which has proven to be a weak standalone encryption method A newer problem is the availability of low cost APs which can be connected to the enterprise switched network and used to mount man in the...

Page 98: ...olutionsLayer 1 Solutions The AireOS Security solution ensures that all clients gain access within an operator set number of attempts Should a client fail to gain access within that limit it is automatically blacklisted blocked from access until the operator set timer expires ...

Page 99: ...h as 802 1X dynamic keys with EAP extended authorization protocol or WPA Wi Fi protected access dynamic keys The Airespace WPA implementation includes AES advanced encryption standard TKIP Michael temporal key integrity protocol message integrity code checksum dynamic keys or WEP Wired Equivalent Privacy static keys Blacklisting is also used to automatically block Layer 2 access after an operator ...

Reviews:

No comments

Related manuals for AS-4012

B+B SmartWorx CR10 v2 Start Manual preview
CR10 v2
Brand: B+B SmartWorx Pages: 4
Idis DR-8416 Operation Manual preview
DR-8416
Brand: Idis Pages: 123
Idis DR-6232H Installation Manual preview
DR-6232H
Brand: Idis Pages: 29
Idis DR-4516P Installation Manual preview
DR-4516P
Brand: Idis Pages: 28
Idis DirectIP DR-1304P Operation Manual preview
DirectIP DR-1304P
Brand: Idis Pages: 82
iDirect Evolution X1 Installation Manual preview
Evolution X1
Brand: iDirect Pages: 130
SAF Phoenix G2 IDU Quick Start Manual preview
Phoenix G2 IDU
Brand: SAF Pages: 30
Oracle B31003-01 User Manual preview
B31003-01
Brand: Oracle Pages: 112
Black Box LT2060A Manual preview
LT2060A
Brand: Black Box Pages: 37
Moxa Technologies ICS-G7748A Series Quick Installation Manual preview
ICS-G7748A Series
Brand: Moxa Technologies Pages: 10
Zonet ZUN2200 Quick Installation Manual preview
ZUN2200
Brand: Zonet Pages: 2
IEI Technology HPE-6S2 Quick Installation Manual preview
HPE-6S2
Brand: IEI Technology Pages: 3
Eneo PNR-5304 Quick Installation Manual preview
PNR-5304
Brand: Eneo Pages: 68
TDK HHM Series HHM2245SA1 Specifications preview
HHM Series HHM2245SA1
Brand: TDK Pages: 2
VoiceLine InnoMedia MTA 3328-2R Getting Started Manual preview
InnoMedia MTA 3328-2R
Brand: VoiceLine Pages: 18
Isee IGEPv2 BOARD Hardware Reference Manual preview
IGEPv2 BOARD
Brand: Isee Pages: 68
Rolls HR11C - SCHEMA Wiring Diagram preview
HR11C - SCHEMA
Brand: Rolls Pages: 1
IBM 2078-4F4 Quick Installation Manual preview
2078-4F4
Brand: IBM Pages: 130

Brands by name

Popular brands

Load more brands