Belair 20E User Manual Download Page 108

Page: 108 / 255

BelAir20E User Guide

Wi-Fi AP Security

April 2, 2012

Confidential

Document Number BDTM02201-A01 Standard

WPA, WPA2 and WPA2mixed privacy uses TKIP or AES encryption. With
WPA2mixed, the wireless client can use WPA or WPA2, and the AP accepts
them both.

The

psk

parameter specifies using a pre-shared key for authentication. When

specifying the pre-shared key, note the following:

• For

wep40

, the pre-shared key must be exactly 5 bytes.

• For

wep104

with

psk

, the pre-shared key must be exactly 13 bytes.

• For

wpa

wpa2

and

wpa2mixed

, the pre-shared key must be between 8 and

63 bytes long. The longer the key, the more secure the connection.

• The pre-shared key can be specified as a hexadecimal number or ASCII

string. Hexadecimal numbers must be preceded by

. ASCII strings

must not contain the following characters:

—bar (|)

—semicolon (;)

—question mark (?)

—double quotation mark (“)

The

dot1x

parameter specifies using RADIUS (EAP) authentication. You must

pre-configure a list of RADIUS servers. See

“RADIUS Servers for Wireless

Clients” on page 101

The

rekey

parameter allows you to specify Group Key Rekey options to

improve security. These options allow you to specify that a new group key (the

key that is used for communication between the access radio and a group of

clients) must be generated at regular intervals.
The default

rekey

setting is

meaning that the group key is not changed. If

rekey

is set to

seconds, the group key is changed after that time period. If

rekey

is set to

kpackets, the group key is changed after that many thousand

packets.
If

strict

is set to

yes

, the group key changes immediately when one client leaves

the network. The default is

. The

strict

setting applies to wpa and wpa2

encryption only.

Summary of Contents for 20E

Page 1: ...r Networks Errors and Omissions Excepted Specification may be subject to change All trademarks are the property of their respective owners Protected by U S Patents 7 171 223 7 164 667 7 154 356 7 030 712 and D501 195 Patents pending in the U S and other countries BelAir Networks the BelAir Logo BelAir200 BelAir200D BelAir100 BelAir100S BelAir100C BelAir100T BelAir20 BelAir20M BelAir20E BelAir20EO ...

Page 2: ... Wi Fi Access Point Parameters 80 Wi Fi AP Security 100 Wi Fi Backhaul Link Configuration 115 Mobile Backhaul Mesh 123 Mobile Backhaul Point to point Links 127 Operating in High Capacity and Interference Environments 138 DHCP Relay Settings 145 Network Address Translation 149 Universal Access Method 154 Using Layer 2 Tunnels 163 Quality of Service Settings 177 Layer 2 Network Configuration 183 Per...

Page 3: ...oduct name Typographical Conventions This document uses the following typographical conventions Text in indicates a parameter required as input for a CLI command for example IP address Text in indicates optional parameters for a CLI command Text in refers to a list of possible entries with as the separator Parameters in indicate that at least one of the parameters must entered Related Documentatio...

Page 4: ...vides connectivity between indoor and outdoor networks enabling true standards based seamless mobility as users move from outside to inside The operating temperature of the BelAir20E is 20 ºC to 45 ºC The BelAir20E is available in following models The BelAir20E 11 contains both a 2 4 GHz radio and a 5 8 GHz radio The BelAir20E 10 contains only a 2 4 GHz radio This document may describe 5 8 GHz rad...

Page 5: ...o the Internet four wireline 10 100 1000 Base TX LAN Ethernet interfaces a 2 4 GHz Wi Fi radio and a 5 8 GHz Wi Fi radio 11 model only using fully compliant 802 11n links Each radio can act as an Access Point AP or provide backhaul links An AP provides user traffic wireless access to the BelAir20E Backhaul links connect to other BelAir radios to create a radio mesh four integrated dual band antenn...

Page 6: ...r20E unit including system parameters system configuration and status radio module configuration and status user accounts BelAir20E traffic statistics layer 2 functionality such as those related to bridging and VLANs Quality of Service parameters alarm system configuration and alarms history Each unit can have up to nine simultaneous CLI sessions Telnet or SSH For a description of basic CLI comman...

Page 7: ...Table 3 on page 8 describes the BelAir20E SNMP MIBs A copy of the BelAir20E SNMP MIBs is available from the BelAir Networks online support center at www belairnetworks com support index cfm Table 2 Standard SNMP MIBs File Name Description BRIDGE MIB mib implements RFC1493 IANAifType MIB mib defines standard interface types assigned by the Internet Assigned Numbers Authority IANA IEEE802dot11 MIB m...

Page 8: ...EEE802DOT11 mib defines features that are not supported by the standard IEEE802 11 MIB BELAIR IP mib defines BelAir IP data types BELAIR MESH mib defines BelAir multipoint to multipoint data types BELAIR MOBILITY mib defines data types to support mobile backhaul mesh and point to point links BELAIR PHYIF MAPPING mib defines data types to support universal slots BELAIR PRODUCTS mib defines product ...

Page 9: ...TP and HTTPS are enabled when each BelAir20E node is shipped Each unit can have up to five simultaneous CLI sessions HTTP or HTTPS By default the BelAir20E Web interface has an associated time out value If the interface is inactive for 9 minutes then you are disconnected from the interface To reconnect to the interface you need to log in again Accessing the System Page with Secure HTTP or with HTT...

Page 10: ...255 Document Number BDTM02201 A01 Standard Figure 2 Typical Login Page 2 Enter a valid user name such as root and a valid password Note The specified password is case sensitive Figure 3 on page 10 shows a typical resulting main page for the Web interface Figure 3 Typical Web Interface Main Page ...

Page 11: ...ssion click on the Logout button located in the top right corner each page See Figure 3 Additional Troubleshooting Tools The Web interface provides the following tools to display radio performance metrics a throughput meter histogram display of various performance metrics These tools are only available with the Web interface For full details see the BelAir20E Troubleshooting Guide ...

Page 12: ...e traffic disruptions due to potentially duplicated IP addresses The BelAir20E unit must connect to an isolated LAN or to a desktop or laptop PC configured to communicate on the same IP sub network as the BelAir20E Using the Radio Interface Use a desktop or laptop PC equipped with a wireless 802 11a 802 11b 802 11g or 802 11n compliant interface as required configured with a static IP address on t...

Page 13: ...assword Note 2 BelAir20E CLI commands are not case sensitive uppercase and lowercase characters are equivalent However some command parameters are case sensitive For example passwords and any Service Set Identifier SSID supplied with the radio commands are case sensitive Also all parameters of the syscmd commands are case sensitive Note 3 Later you will see that you can configure the BelAir20E to ...

Page 14: ...nly once for your password telnet 10 1 1 10 BelAir Backhaul and Access Wireless Router BelAir User root Password Command Modes The BelAir20E CLI has different configuration modes Different commands are available to you depending on the selected mode Each card in the BelAir20E has at least one associated physical interface Some examples of physical interfaces are a Wi Fi radio or an Ethernet interf...

Page 15: ...the following physical interfaces Interface wifi 1 1 is associated with the HTME 5 8 GHz radio Interface wifi 1 2 is associated with the HTME 2 4 GHz radio Interface eth 1 1 is associated with the HTME card s Ethernet interface Interfaces lan 1 to lan 4 are associated with the HTME card s LAN interfaces The mgmt mode allows you to control user accounts which authentication to use and whether you c...

Page 16: ...terface iface n m one of wifi n m eth n m lan n Configure the BelAir20E physical interfaces iface is the type of physical interface One of wifi 802 11a b g n HTME radios eth 1000Base TX HTME Ethernet lan 1000Base TX HTME LAN n is the slot number where the interface is located in the BelAir platform m is port number m is 1 for most interfaces The HTME card can have multiple ports representing multi...

Page 17: ...SNTP L2TP tunnel engine te BelAir platforms can have one tunnel engine per system syst Services services service one of auto conn mobility Configure the following services Auto configuration Backhaul mobility Administration qos Configure Quality of Service QoS parameters ssh Configure Secure Shell SSH parameters ssl Configure Secure Socket Layer SSL parameters syslog Configure the destination of S...

Page 18: ... HTMEv1 interface only the commands that apply to an HTMEv1 Wi Fi radio are available Entering displays the commands that apply to the currently accessed mode Entering or help displays the commands that apply to the currently accessed mode plus common commands that are available in all modes Users may execute commands from other modes than the current one by prefixing the desired command with the ...

Page 19: ...w config download status show coordinates show country detail Execution of the Last Typed Command You may repeat the last command by entering the key twice followed by carriage return Executing the Previous Commands You may browse through the command history by using the up and down arrow keys of a VT100 or compatible terminal You can also execute a certain command from the command history by ente...

Page 20: ...ple mgmt Available commands adduser user name p passwd d default mode g grp name deluser user name moduser user name p passwd d default mode g grp name set authentication login local radius list set telnet enabled disabled show authentication login show telnet status show user alias replacement string token to be replaced cd path clear screen console lock exit help command history mode mode_name p...

Page 21: ...t Description defines how login session will be authenticated set telnet enabled disabled Description enable or disable CLI access via the telnet protocol show authentication login Description show authentication login status and RADIUS servers configuration show telnet status Description shows the status of the telnet show user Description List all valid users along with their permissible mode sh...

Page 22: ...If you do not use the default FTP username the FTP server must be configured to accept your username and password Restoring the Configuration Database config restore remoteip ipaddress remotefile filename tftp ftp user usrname password pword force This command transfers the configuration database from a remote server to the active software load in persistent storage This allows you to restore the ...

Page 23: ...fy that you have typed it correctly Note The specified password is case sensitive must consist of alphanumeric characters must be at least six characters long and cannot exceed 20 characters CAUTION If you forget the super user account password you may be unable to use all the unit s management functions and you may need to reset the unit s configuration to factory defaults Example passwd Old Pass...

Page 24: ...4 hours and 30 minutes See Configuring the System Date and Time on page 51 for details show date Current date 2006 07 21 13 15 16 UTC Current date 2006 07 21 08 45 16 Displaying Current User whoami This command displays current user Example whoami Current User is root Switching User Accounts su username This command changes the user account you are currently using To return to the original user ac...

Page 25: ...e 1 0 ms 10 1 1 100 ping statistics 3 packets transmitted 3 packets received 0 packet loss round trip min avg max 1 0 1 4 2 0 ms Starting a Telnet Session telnet ip address port_number This command lets you start a Telnet session to another machine such as another BelAir node by specifying the IP address By default t Telnet uses port 23 You can also specify an alternate port number Radio Configura...

Page 26: ...Guide Command Line Interface Basics April 2 2012 Confidential Page 26 of 255 Document Number BDTM02201 A01 Standard Access AP admin state Enabled Backhaul link admin state Disabled link id BelAirNetworks topology mesh ...

Page 27: ...e an SNMP community use the set community command described in Communities on page 29 For sending traps use the set trap command described in Traps on page 29 to configure the node with the parameters of the destination SNMP manager Refer to SNMP Command Reference on page 28 for detailed descriptions of all SNMP commands SNMPv3 Servers To configure an SNMP user use the set user command described i...

Page 28: ...ly displayed to users with root privileges See User Privilege Levels on page 35 for details Example 1 protocol snmp show config v2 EngineId 80003d9805000d67091448 Community configuration Index Name IP Address Privilege 1 public 0 0 0 0 ReadOnly 2 private 10 1 1 70 ReadWrite Trap configuration Index IP address Community Version 1 10 1 1 70 public v1v2 Example 2 protocol snmp show config v3 EngineId...

Page 29: ...p set community 1 community name belair ipaddr 0 0 0 0 privilege readonly In this example all managers configured with the SNMP community of belair can access the node for read only functions Example 2 protocol snmp set community 1 community name belair200 ipaddr 10 10 10 11 privilege readonly protocol snmp set community 2 community name belair100 ipaddr 20 20 20 20 privilege readwrite protocol sn...

Page 30: ...meter specifies the IP address associated with this user The access parameter specifies the level of access granted to this user The password parameter is the password required by the user to access SNMP data A user must supply this password if using a MIB browser The BelAir20E uses DES encryption to encrypt SNMP packets The priv DES parameter specifies the encryption key required to encrypt or de...

Page 31: ...e notify command disables notifications from being sent for the specified notification name The show notify command displays the current SNMP notify configuration Passwords are only displayed to users with root privileges See User Privilege Levels on page 35 for details Example 1 protocol snmp set notify trap1 type trap ipaddr 10 1 1 70 Example 2 protocol snmp show notify Name Type IP address Time...

Page 32: ...bled HTTP ssl set http enable disable ssl show http status These commands enable or display the HTTP interface The show command displays the current status Secure HTTP ssl set secure http enable disable ssl show secure http status These commands enable or display the secure HTTP interface The show command displays the current status SSH The following sections show you how to configure the Secure S...

Page 33: ...ommand creates a new RSA key pair The input value of no of bits can be 512 or 1024 Example cd ssl ssl ssl gen key rsa 1024 Creating Certificate Request ssl ssl gen cert req algo rsa sn SubjectName This command creates a certificate request using the RSA key pair and SubjectName The subject name is the identification of the switch or the switch s IP address Example cd ssl ssl ssl gen cert req algo ...

Page 34: ...BelAir20E User Guide BelAir20E Access Methods April 2 2012 Confidential Page 34 of 255 Document Number BDTM02201 A01 Standard Example cd ssl ssl ssl save ...

Page 35: ...vels An observer user can execute only the following commands most show commands the help and commands the passwd command the clear screen and exit commands the cd and mode commands the history command the whoami command the ping command A normal user can execute any CLI command except those reserved for the super user The super user can execute any CLI command Table 5 on page 35 lists the CLI com...

Page 36: ... country country_name set global session timeout period terminate session session_index upgrade load remoteip serverIPaddress remotepath serverSubDir tftp ftp user usrname password pword cancel upgrade reboot force commit load set next load A B current inactive syscmd restoreDefaultConfig Card card_type n Commands reboot force Protocol IP Commands set interface system vlan 1 2814 static ip addr ma...

Page 37: ...er cert Syslog Mode Commands logserver enable ip address disable monitor logging enable disable loglevel debug info notice warn error critical alert emerg Protocol SNMP Mode Commands set snmp agent enabled disabled set community CommunityIndex community name name ipaddr ip_addr privilege readonly readwrite delete community CommunityIndex set trap index mgr addr ip_addr community name version v1 v2...

Page 38: ...hat a user accesses when they log in If unspecified it defaults to a slash so the user begins their session in root mode Users with observer privileges must start their sessions in root mode The group parameter specifies the user account s privilege level It can be OBSERVER or NORMAL If unspecified the user account has observer privileges To use this command you must be in mgmt mode Note 1 The spe...

Page 39: ...3 mgmt moduser guest p guest123 d interface Example 4 mgmt show user USER MODE GROUPS root root NORMAL OBSERVER user1 OBSERVER user2 OBSERVER user3 interface NORMAL OBSERVER Configuring Authentication for User Accounts You can use a RADIUS server to authenticate users as they login to their accounts This applies to all user accounts including root Authentication Mode mgmt set authentication login ...

Page 40: ...nds reauthtime seconds protocol radius set server state server idx enabled disabled protocol radius del server server idx protocol radius show servers These commands allow you to specify a list of RADIUS servers that you can use to authenticate users The list can contain up to 10 servers The IP_addr parameter specifies the IP address of the RADIUS server The shared secret parameter specifies the p...

Page 41: ...l are correctly specified in the RADIUS Reply Message field Refer to User Accounts on page 38 Example 1 protocol radius set server 3 172 16 1 20 my secret12345 authport 1812 acctport 1813 interface system timeout 15 reauthtime 1 Example 2 protocol radius set server state 3 enabled CLI and Web Sessions The BelAir20E allows you to manage CLI and Web session such as listing and terminating sessions a...

Page 42: ... to 1440 that is up to 24 hours The session timeout period overrides the global timeout period The new idle period takes effect immediately and to all current and future sessions until changed with these commands again The show command displays the settings for the global timeout period To see the setting for the session use the system show sessions command Example system set idle timeout 60 CLI P...

Page 43: ...rompt string BelAir 128 50 46 189 system set prompt selection string BelAir 128 50 46 189 system system switch BA20E A BelAir 128 50 46 189 system set prompt selection switch name BA20E A system set prompt selection switch name BA20E A system set prompt selection default system show prompt User defined string BelAir 128 50 46 189 prompt selection default ...

Page 44: ... IP Address Notification on page 48 CAUTION The BelAir20E uses internal IP addresses in the range of 192 168 1 x 192 168 2 x and 192 168 3 x As a result do not configure the BelAir20E to use any IP addresses within these ranges Displaying IP Parameters protocol ip show config The protocol ip show config command displays a detailed view of the system s IP configuration Example protocol ip show conf...

Page 45: ... previously created with the set interface command If the IP address is dynamically set BelAir Networks recommends that you also configure the switch name location and contact parameters These parameters then allow you to identify the node if you later need to do a remote CLI session Refer to System Identification Parameters on page 50 In addition to providing the IP address the DHCP server can be...

Page 46: ...interface to accept a dynamic IP address and no other parameters from a DHCP server if the DHCP server cannot be reached use an IP address of 92 121 68 34 and an IP mask of 255 255 255 255 The changes do not take effect until you use the config save command to save your changes Renewing the IP Address protocol ip renew ip system vlan 1 2814 This command is used when the node is configured to dynam...

Page 47: ... have If you specify a new VLAN then that VLAN is created The del ip vlan command deletes VLAN IP parameters previously created with the set interface command The delay activation parameter specifies that the new IP parameters do not take effect until after you execute do a config save command BelAir Networks recommends that you always specify delay activation if you change the system IP parameter...

Page 48: ...ails a query to the public network is made The set dns server command specifies the IP address of a primary and secondary DNS server The del dns server command erases the current IP address The set dns domain name command specifies the default domain name required to perform Fully Qualified Domain Name requests The del dns domain name command erases the current domain name The IP addresses of the ...

Page 49: ...em Up Time on page 55 Displaying the Running Configuration on page 56 Restarting the Node on page 56 Creating and Using Script Files on page 56 Enabling or Disabling Session Logging on page 56 Country of Operation system show country detail system set country country_code Note These commands apply only to BelAir units purchased outside of the United States of America and its territories For units ...

Page 50: ... location place system show system id These commands let you manage system identification parameters such as switch name switch contact information and physical switch location The name parameter is limited to 32 characters Example The following example sets the switch name to BA20E A the contact information to BelAirNetworks and its location to PoleNumber1 system system id switch BA20E A contact ...

Page 51: ...ime offset hour_offset minute_offset system show date system show timeoffset The set date and set time commands set the current date and time The value must be formatted as follows YYYY is the year MM is the month DD is the date hh specifies the hour mm specifies the minutes ss specifies the seconds You must enter the exact date and time format as specified that is four digits for the year and two...

Page 52: ...mary SNTP server it attempts to synchronize with the secondary unit The set timeoffset command configures an offset that is used to convert the displayed UTC time to local time The hour_offset portion of the parameter ranges from 12 to 13 The minute_offset portion of the parameter ranges from 0 to 59 The set status enable disable command enables or disables the SNTP client To use this service you ...

Page 53: ...ir unit You can then use the Global Positioning System GPS coordinates to locate a unit in the field The show coordinates command displays the unit s coordinates Example system set coordinates latitude 76 longitude 120 system show coordinates latitude 76 000000 longitude 120 000000 LED Control You can use the following commands to control the LED behavior of the BelAir20E Find Me Function on page ...

Page 54: ...ide network through a Wi Fi link WiMAX link or third party device In such cases you must supply the IP address of the device that is connected to the outside network The default setting is yes direct Limiting Broadcast Packets system show broadcast filter config system set broadcast filter rate filter_rate system set broadcast filter status enable disable In a BelAir network each node limits the r...

Page 55: ...GHz 802 11n eth 1 1 Ethernet 1 HTME 1000BASE T lan 1 Ethernet 1 HTME 1000BASE T lan 2 Ethernet 1 HTME 1000BASE T lan 3 Ethernet 1 HTME 1000BASE T lan 4 Ethernet 1 HTME 1000BASE T Defining a Maintenance Window system set maintenance window enabled hh mm hh mm disabled system show maintenance window Use these commands to define and enable a maintenance window where generated alarms do not count agai...

Page 56: ... of processing from other user sessions Use the force parameter to override these restrictions and restart the node regardless The show restart reason command displays the reason for the last restart See also Restarting a Card on page 70 Example system show restart reason Previous reboot was a cold restart initiated by user Creating and Using Script Files You can use script files to make repetitiv...

Page 57: ... A01 Standard This command allow you to enable or disable session logging The default setting is enable Use the system show sessions command to see the current setting Use the syslog export logs command to access the command log file Refer to the BelAir20E Troubleshooting Guide for a detailed description ...

Page 58: ...ad profile You then use the configuration download profile to download a second script file for the rest of the BelAir20E DHCP Options With this method the BelAir20E uses the exchange of DHCP packets with a DHCP server as a means of exchanging information during startup The BelAir20E uses DHCP Options 12 60 55 and 43 to retrieve extra information during startup and to supply the DHCP server with i...

Page 59: ...with the system show system id command custom field 1 as shown with the system show custom fields command You can use the information from DHCP Option 55 to configure the BelAir20E management interface or one of its VLAN interfaces After the BelAir20E receives these parameters it configures the interface in question At startup it downloads the script file from the TFTP server and executes it DHCP ...

Page 60: ...he accept dhcp params parameter to enabled See Configuring Dynamic IP Addressing on page 45 2 Specify which specific parameters to accept from DHCP server See Accepting Specific DHCP Parameters on page 60 The BelAir20E then contacts the DHCP server to request the parameters Accepting Specific DHCP Parameters protocol ip set dhcp accept dns domain enabled disabled dns server enabled disabled tftp d...

Page 61: ...e the node reboots or starts up If DNS and SNTP data on the DHCP server changes then it is sent to the node whenever the node renews DHCP information The new DNS and SNTP data then takes effect immediately In all cases DNS and SNTP data provided by the DHCP server overrides any data configured locally DNS With this method the BelAir20E uses DNS to connect to an FTP server containing a script file ...

Page 62: ... profile you specify the filename of the script file the server from which to get the script file a user name and password You can specify the server by either its IP address or its name If both are specified the IP address has precedence The default name is belairconfig com The script file is downloaded and executed only during a startup If the script on the server changes it is not sent to the n...

Page 63: ...efault protocol is FTPS The default user name and password is anonymous The default filename is auto config txt By default the configuration download file is disabled Example system show config download status config download adminStatus enabled config download server 0 0 0 0 config download servername belairconfig com config download user name auto config txt config download password anonymous co...

Page 64: ...nal settings of the Ethernet interface The auto setting causes the interface to automatically discover the correct settings to communicate with the other Ethernet device If you do not use the auto setting you can manually set the interface speed to either 10 or 100 Mbps and the mode to either full or half duplex The show status command displays the current operational Ethernet interface settings T...

Page 65: ... command applies when traffic between BelAir nodes is untagged and must be tagged with a VLAN ID before it leaves the node through the Ethernet or LAN port to the external network If you use the set reverse pvid command and specify a VLAN ID untagged VLAN packets coming from BelAir Nodes are converted to tagged packets with the specified VLAN ID before they are sent through the Ethernet or LAN por...

Page 66: ...ed to the list then only untagged traffic can enter or leave the Ethernet or LAN port of the egress node Changing Ethernet or LAN Interface Admin State interface eth n m set admin state enable disable interface lan n set admin state enable disable This command controls the state of the Ethernet or LAN interface When set to enable the Ethernet or LAN interface is in the operational state and the as...

Page 67: ...tion for physical interface parameters Determining which Cards are in a Node mode card mode Use the mode command to determine card_type and n Table 6 Physical Interface Parameter Settings Physical Interface Type Refer to Wi Fi Wi Fi Radio Configuration Overview on page 71 Configuring Wi Fi Radio Parameters on page 72 Configuring Wi Fi Access Point Parameters on page 80 Wi Fi AP Security on page 10...

Page 68: ...nnel qos services auto conn mobility ssh ssl syslog system diagnostics Example 2 card mode htme 1 Displaying Card Information The following sections describe commands that display card parameters Displaying the Card Physical Data card card_type n show info This command applies to all cards types except bts This command displays various physical aspects of the card Example card htme 1 show info Slo...

Page 69: ...apply to all cards types except bts The show cpuocc command displays the card s CPU idle rate The show meminfo displays card memory usage data Examples card htme 1 show cpuocc CPU idle 97 0 In the previous example the card CPU is 97 idle and 3 occupied card htme 1 show meminfo MemTotal 125068 kB MemFree 54996 kB Buffers 0 kB Cached 31424 kB SwapCached 0 kB Active 19808 kB Inactive 20784 kB Active ...

Page 70: ...bled disabled These commands apply to all cards types except bts These commands manage the card s administrative state Example card htme 1 show state Admin Up Status running Restarting a Card card card_type n reboot force This command restarts a specific card You must confirm your intent before the card is rebooted Under some circumstances a reboot may be prevented because of processing from other...

Page 71: ...adio parameters See Configuring Wi Fi Radio Parameters on page 72 2 Configure AP parameters if required See Configuring Wi Fi Access Point Parameters on page 80 and Wi Fi AP Security on page 100 3 Configure backhaul parameters See Wi Fi Backhaul Link Configuration on page 115 4 Configure mobile backhaul mesh parameters See Mobile Backhaul Mesh on page 123 Table 7 BelAir Wi Fi Radio Summary Radio M...

Page 72: ...uency Selection on page 77 Collision Aware Rate Adaptation on page 78 Rate Aware Fairness on page 78 802 11n Aggregation on page 78 Minimum Receive Threshold on page 78 Changing Wi Fi Interface Admin State on page 79 To configure parameters that are specific to Wi Fi Access Points APs see Configuring Wi Fi Access Point Parameters on page 80 To configure parameters that are specific to backhaul rad...

Page 73: ... External Port antenna index 1 antenna gain 5 0 dBi link distance 1 km base radio MAC 00 0d 67 0c 21 90 Access AP admin state Enabled secure addresses vlan none client blacklist none dhcp unicast Disabled deauth dos defense Disabled client auth trap Disabled Misc rts cts threshold 100 broadcast filter status Disabled broadcast filter rate 200 QOS wmm Enabled uapsd Enabled mapping UP DSCP voice acm...

Page 74: ...4 13 12 11 10 9 Operating Channel interface wifi n m set channel channel number secondary channel number channel bandwidth 5000 2500 channel mode ht20 ht40plus ht40minus 20 auto background scan enabled disabled interface wifi n m re scan channel Note The specific syntax and options for the set channel command varies depending on the type of radio being configured Use the interface wifi n m command...

Page 75: ...the same way regardless of whether your secondary channel is the same as the primary channel or whether your secondary channel is 0 Refer to your RF plan and site survey to determine if you need to set a secondary channel other than 0 or your primary channel The channel bandwidth parameter applies to the WCSv1 only It sets the bandwidth of the channel you want to use The specified bandwidth is in ...

Page 76: ...nna gain is 6 dBi See also Country of Operation on page 49 Operating Channel on page 74 the BelAir Radio Transmit Power Tables Transmit Power Level interface wifi n m set tx power tx power value secondary tx power value This command sets the transmit power for a Wi FI radio The range of tx power value is limited to be valid for your country of operation physical channel in use and type of antenna ...

Page 77: ...other unit is farther The distance parameter has a range of 0 to 40 and is specified in kilometers The default value is 1 km Dynamic Frequency Selection interface wifi n m show dfs This command does not apply to platforms that do not have a 5 8 GHz radio such as the BelAir20E 10 This command displays current Dynamic Frequency Selection DFS settings a regulatory requirement in some jurisdictions DF...

Page 78: ... of the packet Normally when the AP has a client with a slower connection all other clients are throttled down to that same rate Rate Aware Fairness overcomes this issue by trying to give clients equal amounts of air time instead of equal numbers of packets By default rate aware fairness is disabled 802 11n Aggregation interface wifi n m set tx aggr enable disable This command applies to the HTM a...

Page 79: ...fi n m set admin state enable disable This command controls the state of the Wi Fi interface including all links When set to enable the Wi Fi interface is in the operational state When set to disable the Wi Fi interface and all associated functions are disabled The default is disabled Use the interface wifi n m show config command to view the current admin state of the Wi Fi interface ...

Page 80: ...age 85 Configuring RTS CTS Handshaking on page 86 Specifying the Beacon Period on page 86 Displaying Client Association Records on page 87 Changing AP Admin State on page 88 AP Service Set Identifiers on page 88 Displaying the SSID Table on page 89 Displaying SSID Details on page 90 Default Management SSID on page 90 Configuring SSIDs on page 91 Upstream User Priority Marking on page 92 Setting Tr...

Page 81: ...ion 1 Port 1 Radio HTMv1 5GHz 802 11n admin state Enabled channel 149 mode ht40plus mimo 3x3 tx power 18 0 dBm per chain 23 0 dBm total antenna location External Port antenna index 1 antenna gain 5 0 dBi link distance 1 km base radio MAC 00 0d 67 0c 21 90 Access AP admin state Enabled secure addresses vlan none client blacklist none dhcp unicast Disabled deauth dos defense Disabled client auth tra...

Page 82: ...t mean that the radio automatically begins to use that rate The modulation rate selected by a radio depends on several factors The custom rates list is just one of those factors Example 1 Using Custom Rates interface wifi 1 2 set custom rates enabled Valid custom b rates are 11 5 5 2 1 11 sp 5 5 sp 2 sp Valid custom g rates are 48 24 12 6 54 36 18 9 Valid custom n rates are mcs0 mcs1 mcs2 mcs3 mcs...

Page 83: ...g The identity field lists the 802 1X client identity It is present for dot1x or WPA SSIDs The auth field lists the authentication state of the client See Table 8 The dhcp field lists the client DHCP state applicable only if client uses dynamic IP addressing See Table 9 on page 83 Table 8 Auth Field Value Descriptions Value Description unauth default or initial state auth client is authorized for ...

Page 84: ...s The client should then send a DHCP Request message to verify the IP address req Client has sent the DHCP Request message to the server and is waiting for a DHCP Ack message to confirm the assigned IP address decl Server has declined the client s DHCP request Verify the server settings ack Client has sent a DHCP Request message and the server has confirmed the assigned IP address a appended to th...

Page 85: ...ut the age parameter shows the time since the radio last received a data frame from the client and the state parameter shows authenticated 2 if the client is no longer associated Example interface wifi 1 1 show client 35 Ssid 1 Vlan 0 Mac Address 00 18 DE 98 28 E8 Connected Time 0 yrs 0 days 00 00 42 Aging Time 0 seconds Ip Address 10 1 1 60 Identity Rssi 48 dBm Auth State Authenticated open wep D...

Page 86: ... Handshaking interface wifi n m set rts cts disabled enabled threshold This command lets you enable or disable Request to Send RTS and Clear to Send CTS handshaking When enabled handshaking occurs for packets larger than the threshold The threshold parameter can range from 1 to 65536 The default value is 100 By default dynamic rate handshaking is disabled Specifying the Beacon Period interface wif...

Page 87: ...specifies the number of entries to display You can filter the output based on the following optional parameters Use radio radioIf_name to filter for records of clients connected to a particular Wi FI interface such as wifi 2 1 Use vlan vlan_id to filter for records of clients using a particular VLAN or no VLAN Use mac addr mac_address to filter for records with a client s MAC address Use aggregati...

Page 88: ...le the AP is in the operational state When set to disable the AP and all associated functions are disabled The default is enabled AP Service Set Identifiers Use the commands in this section to configure AP Service Set Identifiers SSIDs map an SSID to a VLAN provide vendor specific information Each AP supports up to 8 SSIDs If associated clients use different SSIDs then the BelAir20E can use the SS...

Page 89: ...ique identifier having the same format as a MAC address Example Typical Output interface wifi 1 1 show ssid table SSID Information id enabled vlan type privacy wb sp acl bss ssid 1 yes Broadcast none 00 0D 67 0C 21 98 RickBA20E 15 2 2 no Suppressed none 00 0D 67 0C 21 99 DefaultSsid2 2 3 no Suppressed none 00 0D 67 0C 21 9A DefaultSsid2 3 4 no Suppressed none 00 0D 67 0C 21 9B DefaultSsid2 4 5 no ...

Page 90: ...te Disabled secure port state Disabled arp unicast conversion state Disabled radius NAS identifier belair radius accounting Disabled radius station id unformatting Disabled radius account session id Disabled secure addresses vlan No secure addresses configured client blacklist No blacklist entries auto secure gateway enabled Address Vlan 00 0a 5e 49 1c 33 500 00 0a 5e 49 1c 8b 600 radius servers N...

Page 91: ... SSIDs The ssid_string parameter is the SSID setting SSIDs are case sensitive and can contain up to 32 alphanumeric characters To specify a blank string input two double quotes The ssid_index parameter is an integer from 1 to 8 Use the show ssid table command to determine ssid_index For a description of the broadcast and suppressed parameters see Displaying the SSID Table on page 89 The vlanID lis...

Page 92: ...the traffic s VLAN tag matches a VLAN on the list then that traffic is allowed to go through unchanged Otherwise the tagged traffic from the client is dropped If passvlanID list is populated then vlanID list can specify only one VLAN ID In such cases untagged traffic from the client is tagged with the VLAN from vlanID list If the VLAN ID list is set to none then untagged traffic from the client re...

Page 93: ...t ssid ssid number option82 use subopt9 subopt150 151 interface wifi n m set ssid ssid number option82 suboption151 random_str You can enable DHCP relay functionality for the SSID with the set ssid ssid_index dhcp relay command For details see Assigning SSID Traffic to Use DHCP Relay on page 147 Once DHCP relay functionality is enabled for the SSID your BelAir20E automatically adds DHCP Option 82 ...

Page 94: ... always 0x97 identifying Suboption 151 The second field specifies the length of the VPN selection ID The remaining fields specify an ASCII string of the VPN selection ID Use the set ssid option82 insertion command to control whether DHCP Option 82 DHCP relay agent information is inserted into packets or not If Option 82 insertion is enabled use the set ssid option82 use command to control whether ...

Page 95: ...ce delay is set for the entire BelAir20E Use the system show ap oos broadcast delay command to display the current delay When a node s egress connection is declared out of service the node also applies WPA AES encryption with a 16 character pre shared key to all SSIDs except for the default management SSID This is to to prevent a user from accidently connecting to an open SSID which is in out of s...

Page 96: ...x dhcp advanced upstream unicast none This command lets you convert broadcast packets to unicast packets Reducing the number of broadcast packets sent over wireless connections provides the following benefits Broadcast packet are not retried in wireless transmissions so in high interference environments wireless clients can miss their DHCP exchange It reduces the bandwidth required for exchanges o...

Page 97: ... set ssid ssid_index max download rate bps_rate unlimited interface wifi n m set ssid ssid_index max upload rate bps_rate unlimited These commands let you specify the maximum rate in bits per second at which a client can upload or download data from the AP for a particular SSID The ssid_index parameter must be a valid SSID index See AP Service Set Identifiers on page 88 Use the unlimited setting t...

Page 98: ...AC address in the ARP packet with the unicast MAC address from the conversion table When a conversion table entry is used a 4 second response timer is started If the ARP response arrives within 4 seconds then the entry remains valid Otherwise the entry is deemed invalid and removed from the table Each entry is removed after 4 hours of inactivity The table holds up to 128 entries The default settin...

Page 99: ...Document Number BDTM02201 A01 Standard This feature improves performance if there are only a few 802 11b clients present and they are not generating large amounts of traffic If not the 802 11b clients may generate substantial numbers of collisions and actually impair traffic The default setting is enabled ...

Page 100: ...rvers on page 105 RADIUS Pre authentication on page 105 RADIUS Assigned VLAN on page 106 RADIUS Accounting on page 106 Client Authentication and De authentication Trap on page 107 AP Privacy on page 107 Wireless Client Blacklist on page 109 Wireless Client Access Control List on page 109 Controlling Inter client Communication on page 110 Protecting against Denial of Service Attacks on page 113 See...

Page 101: ...sic encryption scheme Temporal Key Integrity Protocol TKIP This is an more advanced encryption scheme Advance Encryption Standard AES This is the strongest encryption scheme BelAir Wi Fi radios offer WEP WPA WPA2 and WPA2mixed privacy settings With WPA2mixed the wireless client can use WPA or WPA2 and the AP accepts them both WPA WPA2 and WPA2mixed privacy uses TKIP or AES encryption Because of th...

Page 102: ...ciation ID that ranges from 1 to 256 For RADIUS packets contains the SSID index values from 0 to 15 100 RA_SERVICE_TYPE 6 Always 2 RA_FRAMED_MTU 12 Always 1400 RA_STATE 24 Client state from the RADIUS server RA_CLASS 25 Always 0 RA_VENDOR_SPECIFIC 26 Not used RA_SESSION_TIMEOUT 27 RADIUS reauth time configured with the protocol radius set server command See Managing RADIUS Servers on page 104 RA_I...

Page 103: ... 104 RA_ACCT_INPUT_PACKET 47 Integer counter RA_ACCT_OUTPUT_PACKET 48 Integer counter RA_TERMINATE_CAUSE 49 One of 1 for session terminated by user request 2 for session terminated due to lost carrier 4 for session terminated due to idle timeout 5 for session timeout 9 for session terminated due to NAS error 20 for session terminated due to reauth failure RA_ACCT_INPUT_GIGAWORDS 52 Not used RA_ACC...

Page 104: ...server The shared secret parameter specifies the password for access to the RADIUS server The server_port parameter ranges from 0 to 65535 It specifies the UDP port number of the RADIUS server The default is 1812 The radius_acc_port parameter ranges from 0 to 65535 It specifies the UDP port number for RADIUS accounting data The default value is 1813 The NAS IP address parameter specifies the Netwo...

Page 105: ...uthtime 1 Changing RADIUS Server Admin State protocol radius set server state server_idx enable disable This command enables or disables a particular RADIUS server on the server list Use the show servers command to determine server_idx Assigning SSIDs to RADIUS Servers interface wifi n m add ssid ssid_index radius server server_idx interface wifi n m del ssid ssid_index radius server server_idx Th...

Page 106: ...ately Cache entries in either table expire in two minutes The feature can be enabled or disabled on each SSID Use the wifi n m show ssid table command to determine ssid_index The default setting is disabled RADIUS Assigned VLAN The BelAir20E can create VLANs as instructed by the RADIUS server When this feature is activated the RADIUS server instructs the BelAir20E to tag the authenticated packets ...

Page 107: ...p delay is enabled the trap is not sent out until 10 seconds after either of the following events the client connects and stays connected the client is disconnected and stays disconnected If the trap delay is disabled then the trap is sent out immediately after either of the previous events When the client trap is disabled the trap is not sent out The default is to have both the client trap and tr...

Page 108: ...0X or 0x ASCII strings must not contain the following characters bar semicolon question mark double quotation mark The dot1x parameter specifies using RADIUS EAP authentication You must pre configure a list of RADIUS servers See RADIUS Servers for Wireless Clients on page 101 The rekey parameter allows you to specify Group Key Rekey options to improve security These options allow you to specify th...

Page 109: ...nnot associate with the AP The client blacklist can contain up to 16 entries Each physical interface can have its own client blacklist Use the show config access command to display the current client blacklist entries Wireless Client Access Control List interface wifi n m show ssid ssid_index acl page page number page size interface wifi n m add ssid ssid_index acl mac address mac address interfac...

Page 110: ...asons in a public network environment it may be desirable to block inter client communications CAUTION Provisioning inter client communication can affect the wireless clients associated with all the SSIDs of that BelAir20E unit The goal is to prevent communications between associated wireless clients and still allow them to connect to the Internet To do this use one of the following methods Manual...

Page 111: ... configured in secure port mode Disabling or Enabling AP Wireless Bridging interface wifi n m set ssid ssid_index wireless bridge enabled disabled Use the show ssid table command to determine ssid_index Disabling wireless bridging for an AP prevents wireless clients associated to that particular AP from communicating with one another It does not prevent a wireless client associated with one AP AP ...

Page 112: ...s not specified it is assumed to have a value of zero In effect while in this mode the AP acts as a firewall for all Layer 2 frames arriving from inside the network for the wireless clients The secure MAC white list should only contain the MAC addresses of the gateway interfaces Thus wireless clients associated to other APs in the network are prevented from communicating with locally associated cl...

Page 113: ...cure MAC white list This feature also continuously monitors for changes in the gateway s MAC address updates the secure MAC white list accordingly By default the auto secure gateway functionality mode is disabled Note If you are automatically discovering the MAC addresses of your network gateways then you typically enable auto secure gateway before enabling the secure port mode This ensures that w...

Page 114: ... a deauthentication packet arrives and this feature is enabled the BelAir platform waits 5 to 10 seconds before it terminates the wireless session If the wireless client sends another data packet during that interval then the previous deauthentication packet is deemed false and ignored If the BelAir platform does not receive any data packets during the interval then the session is terminated Use t...

Page 115: ...tions on page 121 Egress Protection on page 122 Changing Backhaul Link Admin State on page 122 See also Configuring Wi Fi Radio Parameters on page 72 Configuring Wi Fi Access Point Parameters on page 80 Wi Fi AP Security on page 100 Mobile Backhaul Mesh on page 123 Displaying Backhaul Link Configuration Use the show config backhaul command to display the current backhaul configuration See Displayi...

Page 116: ...es the backhaul link identifier the backhaul topology and backhaul privacy The backhaul link identifier identifies all members of a particular topology The link_id parameter is case sensitive and can be up to 32 alphanumeric characters For Point to Point P to P links BelAir Networks recommends that the link identifier describes the link that is the nodes it connects For Point to Multipoint P to MP...

Page 117: ...opology with one base station in the middle connecting up to eight subscriber stations 1 Set the topology parameter to star 2 Set the node s role The node can be a base station bs or a subscriber station ss A base station is located at the center of the star and can support up to eight subscriber stations 3 Set the lnk_idx parameter The link index identifies individual links in the star topology I...

Page 118: ...ios RadioA RadioB and RadioC Example 1 RadioA interface wifi 4 1 show backhaul status Backhaul Links Link Radio MAC State L R RSSI Radio Node IP Node Name S 1 00 0d 67 0b 55 17 fwd fwd 49 wifi 3 1 180 1 5 120 S 2 00 0d 67 0b 51 ed fwd fwd 54 wifi 3 1 180 1 4 150 In the previous output link 1 goes to RadioC and link 2 goes to RadioB RadioA is measuring a signal strength of 49 dBm from RadioC RadioC...

Page 119: ...wo mobile backhaul mesh links One is forwarding while the other is listening Setting a Link RSSI Threshold interface wifi n m set backhaul mesh min rssi rssi_value This command lets you set a signal strength threshold for creating mesh links If a radio signal from another node is weaker than the specified threshold then no link is created to that other node except if there is no other link to eith...

Page 120: ...imit of its sensitivity As well these commands can be used to disable a particular link if the RF plan predicts low RSSI values for it Mesh Auto connections BelAir MP to MP meshes have the ability to detect when their egress node loses the ability to route traffic out of the mesh When such a situation exists each radio that is part of the affected mesh begins trying to find an alternate way of rou...

Page 121: ...n page 121 Setting the Network Egress Point on page 54 Mesh Auto connection Example on page 213 Managing Mesh Auto connections services auto conn set admin state enabled disabled services auto conn revert alternate mesh services auto conn show alternate mesh services auto conn show egress node list services auto conn show config services auto conn show status These commands allow you to control me...

Page 122: ...e the BelAir wireless network through that node s egress point The BelAir20E selects the best node to use based on several factors including signal strength and the number of hops to the egress point Egress protection is revertive If the original egress point becomes operational again the access data is redirected back to original egress point To use egress protection make sure of the following Th...

Page 123: ...deployment the mobile node mounted on a vehicle acts as a subscriber station to a stationary base station node All mobile subscriber stations and their stationary base stations use the same wireless channel mobile link identifier and privacy settings Each mobile subscriber station can have up to three mobile links with three different stationary base station nodes Mobile links can be either listen...

Page 124: ...or Mobile Applications on page 125 Configuring and Enabling Mobile Backhaul Mesh Links on page 125 Displaying Mobility Configuration and Status interface wifi n m show backhaul mobility path select history This command displays the history of a radio s mobile path switches for debugging purposes The displayed information includes an event ID local RSSI peer RSSI failure rate age time mobile credit...

Page 125: ... mimo mode 1x1 interface wifi 1 2 set mimo mode 2x2 The previous commands apply to a BelAir20M where interface wifi 1 1 is for a 5 8 GHz radio while interface wifi 1 2 is for a 2 4 GHz access radio Configuring and Enabling Mobile Backhaul Mesh Links interface wifi n m set backhaul mobile identifier link id role bs ss privacy enabled key pre_shared_key disabled admin state enable disable This comma...

Page 126: ...ust be exactly 32 bytes long 16 characters The pre shared key can be specified as a hexadecimal or ASCII string and must not contain the following characters bar semicolon question mark double quotation mark Example 1 Mobile Node interface wifi 1 1 set backhaul mobile identifier test100m role ss interface wifi 1 1 set backhaul mobile admin state enable Example 2 Stationary Node interface wifi 1 1 ...

Page 127: ...nd the subscriber station searches for a new secondary link If performance degrades on the active and standby links the subscriber station searches for new base station links with better signal strength In addition to providing mobile links a base station node can also provide links to other stationary base stations Mobile link pairs can only be used by one subscriber station The links of a base s...

Page 128: ... station selects the link with a matching mobile link identifier and the best signal strength If another link in the subscriber station is using a channel in the configured channel list then this channel is skipped by the scanning process Once connected the subscriber station does not scan again until the connection is lost SampleSubscriber Station Configuration 1 Configure the topology and privac...

Page 129: ...econdary threshold the subscriber station begins scanning with its third or fourth radio if they exist services mobility set RSSI minimum 85 margin 5 switch 70 secondary 75 f Enable scanning by connecting the Wi Fi interfaces to the appropriate scan list services mobility connect scan list 1 wifi 2 1 4 Display the configuration and correct any settings as required Use following commands as require...

Page 130: ...ckhaul mac addr ch RSSI age priv topo role linkIdx identifier dbm s 12345678 00 0D 67 00 B2 47 151 42 0 none P to P mobilityTest noise floor 91 dbm e Display the status of the primary and secondary links services mobility show link state LINK ROLE INTERFACE CH RSSI MESH ID NODE IP NODE NAME Primary wifi 3 1 148 44 mobilityTest 10 1 1 13 ba100tBSmode Secondary wifi 2 1 151 40 mobilityTest 10 1 1 20...

Page 131: ...ices mobility show config Topology point to point Role BS Rel 7 False Network Id BS OOS broadcast Enabled BS OOS timeout 180 s Home Check Disable Link Id AutoconfSSID RSSI minimum margin switch secondary dbm 85 5 70 75 b Display the interface list services mobility show interface list Mobility BS Interfaces wifi 2 1 wifi 3 1 c Display the backhaul status interface wifi 2 1 show backhaul status Bac...

Page 132: ...ary Link Drop on page 135 Mobile Link Identifier on page 135 Home Check on page 135 Base Station Out of service Check on page 135 Release 7 Compatibility on page 136 Single Channel Mesh on page 136 Displaying Mobile Backhaul Point to point Configuration services mobility show config This command displays the current mobile backhaul point to point configuration Example services mobility show config...

Page 133: ...ices mobility show available infra wifi 2 1 MRMv1 4 4GHz 802 11n scan list Mac Address CH ANT RSSI dBm AVL BS ENBL BS NET ID MATCH Age MESH ID 00 0d 67 09 c4 79 91 1 58 Yes Yes Yes 0 mobilityTest current time 01 06 30 last scan time 21 01 38 wifi 3 1 MRMv1 4 4GHz 802 11n scan list Mac Address CH ANT RSSI dBm AVL BS ENBL BS NET ID MATCH Age MESH ID 00 0d 67 09 c6 b9 107 1 67 Yes Yes Yes 0 mobilityT...

Page 134: ...anage which interface uses which scan list The interface name parameter specifies a particular interface such as wifi 2 1 Configuring RSSI Threshold services mobility set rssi minimum 100 0 margin 5 20 switch 100 0 secondary 100 0 This command lets you configure the RSSI parameters that the BelAir20E use to determine the viability of creating primary and secondary links The minimum parameter speci...

Page 135: ...h forces a subscriber station to connect to specific base station links When home check is enabled the subscriber station accepts only base station links that advertise a mobile link identifier that is exactly the same as the subscriber station s home check identifier The specified home check identifier can of up to 20 characters Base Station Out of service Check services mobility set bs oos timeo...

Page 136: ...e applications in may be desirable to have all radios use a single channel Such an application requires that all radios use directional antennas and are correctly positioned to avoid radio interference This command allows you to configure such an application where all radios use a single channel This command must be invoked on each node in the mesh The chan_no parameter allows you to specify which...

Page 137: ...BDTM02201 A01 Standard When a single channel mesh is created the resulting links are simple point to point backhaul links as described in Wi Fi Backhaul Link Configuration on page 115 Typical mobile backhaul point to point notions such as scan lists RSSI thresholds and primary and secondary links do not apply to them ...

Page 138: ... a network of Wi Fi Access Points The BelAir20E provides several features that you can adjust to optimize performance in such an environment These include Modulation Rate Control described on page 139 VLAN based QOS described on page 139 Traffic Priority Based on Modulation Rate described on page 140 No SSID on Egress Down described on page 140 Ethernet Port Statistics described on page 140 Access...

Page 139: ... eliminate lower modulation rates and put a lower bound on this effect Eliminating lower modulation rates also eliminates distant clients low RSSI and clients in high noise areas low SNR For details see AP Custom Rates on page 81 VLAN based QOS This feature allows the operator to control the relative priority of traffic on a per VLAN basis By mapping certain VLANs onto higher priorities in HCI env...

Page 140: ...this feature prevents traffic from being uselessly directed to a node which can not successfully forward it This feature can be enabled or disabled on per radio basis The text string can be configured on a per SSID basis The relevant commands are interface wifi n m set ap oos broadcast enabled disabled option replace prepend and interface wifi n m set ssid ssid number ap oos identifier oos_string ...

Page 141: ...SNMP reports the average noise floor value You can also use the command interface wifi n m show rf survey described in detail in the Troubleshooting Guide to show the instantaneous noise floor Access Packet RSSI Filter This feature blocks clients from associating if their RSSI is below a threshold value This prevents clients that would be forced to use a low modulation rate from associating In an ...

Page 142: ...This feature disables 802 11b protection for the radio maximizing the throughput for wireless clients that operate in the 2 4 GHz range This feature improves performance if there are only a few 802 11b clients present and they are not generating large amounts of traffic If not the 802 11b clients may generate substantial numbers of collisions and actually impair traffic For details see 802 11b Pro...

Page 143: ...olling Inter client Communication on page 110 Wireless Bridging The wireless bridging feature allows traffic to be forwarded directly from one client to another within the AP In HCI environments it should be disabled As with secure port mode this feature controls whether all traffic flows to the network gateway and can be used to allow traffic policy enforcement It prevents client to client direct...

Page 144: ...econnect the isolated cluster In HCI environments this feature can be used for rapid deployment of a network The APs in a network can be grouped by shared backhaul link identifier into a cluster Multiple clusters can be deployed to control traffic flows and optimize backhaul performance As soon as one AP in each cluster has an egress path the whole cluster has egress In the event that an egress fa...

Page 145: ...an easy way of configuring different DHCP servers for each subnet interface Your BelAir20E can also add BelAir Networks specific information to the DHCP packets sent to the wireless client Finally you can create a list of valid IP address subnets to filter out unwanted directed and broadcast DHCP packets from your wireless network The following topics are covered in this chapter Displaying the DHC...

Page 146: ...Modifying DHCP Relay Parameters protocol dhcp set relay relay idx server addr 1 ip addr server addr 2 ip addr server addr 3 ip addr interface system vlan vlan id protocol dhcp del relay relay idx server server idx The set relay command creates a DHCP Relay profile or modifies an existing one It configures the IP addresses of the DHCP servers to which the Relay Agent needs to forward the packets fr...

Page 147: ...ation on page 93 The ssid_index parameter is an integer from 1 to 8 Use the show ssid table command to determine ssid_index DHCP Address Filtering protocol dhcp set dhcp allowed subnet index 1 32 ip_addr ip_addr netmask random_str interface wifi n m add ssid ssid_index dhcp allowed subnet index 1 32 interface wifi n m del ssid ssid_index dhcp allowed subnet index 1 32 all interface wifi n m set ss...

Page 148: ...for the SSID the BelAir AP intercepts the Request and sends a DHCP NAK response Use the equivalent interface wifi n m del command to remove a subnet entry from an SSID The interface wifi n m set command allows you to enable or disable DHCP address filtering on individual SSIDs Use the interface wifi n m show ssid ssid_index config command to display whether DHCP address filtering is enabled for th...

Page 149: ...ease settings You can use NAT with or without Universal Access Method UAM to provide user authentication client authentication and accounting information For details on configuring and enabling UAM see Universal Access Method on page 154 If you use NAT with UAM ensure that the same VLANs are configured in both NAT scopes and UAM scopes The BelAir20E can provide both NAT and Layer 2 tunnels User tr...

Page 150: ...tatus VLAN IP subnet Lease min Mgmt 1 enabled untg 192 168 5 0 60 no 2 disabled 0 0 0 0 0 0 no 3 disabled 0 0 0 0 0 0 no 4 disabled 0 0 0 0 0 0 no 5 disabled 0 0 0 0 0 0 no 6 disabled 0 0 0 0 0 0 no 7 disabled 0 0 0 0 0 0 no 8 disabled 0 0 0 0 0 0 no Displaying the Current DHCP Lease Status protocol nat show dhcp leases This command displays DHCP lease status and settings Example protocol nat show...

Page 151: ...e 183 for more information on VLAN configuration The based ip setting lets you specify the base IP address for the scope Use xx xx xx 0 as the format Once specified the BelAir20E IP address becomes xx xx xx 1 and it begins to allocate addressed from xx xx xx 2 to xx xx xx 254 The lease time setting lets you specify the maximum DHCP lease time in minutes for IP addresses supplied by NAT The default...

Page 152: ...ess point to several other BelAir nodes The egress BelAir20E uses NAT to provide IP addresses to the BelAir nodes that are cluster members In such a configuration the cluster members are normally hidden from network management behind the egress BelAir20E To help manage the cluster members you can use the egress BelAir20E functions described in the following sections Mac Address to IP Address Mappi...

Page 153: ...he egress node can then use the port forwarding table to translate the destination port to the correct port and IP address for the intended target node in the cluster For example if Node 2 in a cluster has an IP address 182 168 5 2 then to send Telnet TCP port 23 traffic to Node 2 you must 1 Define the following port forwarding entry on the egress node add port fwd protocol tcp port XXXX dest ip 1...

Page 154: ...Web server that displays a page requesting credentials The supplied credentials are then sent to a RADIUS authentication server Once authenticated the user is redirected to the URL they originally requested The user can terminate their authenticated session by using functions provided by the Web server such as a logout button or by entering the http 1 1 1 1 URL Note UAM requires the use of a DNS s...

Page 155: ...the Current Configuration on page 156 Displaying the Operational Status on page 156 Displaying the Client Session Information on page 157 Specifying the Web Server on page 158 Specifying Redirection Variable Pairs on page 159 Specifying the RADIUS Server on page 159 Managing White List Entries on page 159 Associating VLAN Traffic to a Scope on page 160 Performing MAC Address Authentication on page...

Page 156: ...guration admin state Enabled mac authentication state Enabled mac authentication password mac authentication success redirect Enabled mac authentication reject suspend Enabled accounting state Enabled authentication web server url http secure2 worldspot net wk Uam authentication shared secret Mm94XVjzug splash web server url uam local interface System wan mode admin state Disabled wan mode web ser...

Page 157: ... 2 66 211 169 65 64 4 241 33 64 4 241 49 www paypalobjects com resolved IP addresses 184 29 112 146 paypal 112 2o7 net resolved IP addresses 66 235 139 118 66 235 138 18 66 235 139 121 66 235 138 19 www belairnetworks com resolved IP addresses 206 191 51 223 optimumwifi optimum net resolved IP addresses 167 206 247 50 mac white list protocol white list vlan list 10 800 local info uamPort 3991 radi...

Page 158: ...0 Output Octets 0 Input Gigawords 0 Output Gigawords 0 Internal Usage Info Radius Session Id 547999736 Radius Uam Port 41 Radius Act State 4 Uam Challenge Start Time 1280150841 Suspend Time 60 Suspend Start Time 0 Current Time 1280150905 Specifying the Web Server services uam set scope index 1 8 auth url url string shared secret string splash url url string uam interface system vlan vlan str This ...

Page 159: ...ash url string before sending it to the wireless client The redirection variable pairs are appended in the order they appear in the show config command Specifying the RADIUS Server services uam add scope index 1 8 radius server server_idx services uam del scope index 1 8 radius server server_idx services uam set scope index 1 8 uam nasid name The add and del commands let you associate different RA...

Page 160: ...e specified UAM scope See Configuring IP Parameters on page 45 for a description on how to set up VLANs for dynamic and static IP addressing Performing MAC Address Authentication services uam set scope index 1 8 mac auth state enabled disabled passwd string success redir enabled disabled reject suspend enabled disabled This command lets you control whether or not client MAC address authentication ...

Page 161: ...sponse message can include a Redirect Suspend Time parameter as part of the WISPr Vendor Specific Attribute If reject suspend is enabled and the RADIUS server does not authenticate the user then the user s session is suspended for the time period specified by the Redirect Suspend Time parameter from the RADIUS server If reject suspend is disabled and the RADIUS server provides a Redirect Suspend T...

Page 162: ...rver key key str UAM WAN mode is for special applications that use alternate communications between the BelAir20E the Web server and the RADIUS authentication server For additional details contact your BelAir representative Changing UAM Admin State services uam set scope index 1 8 admin state enabled disabled This command lets you enable or disable UAM functionality for individual UAM scopes The d...

Page 163: ...ogy in their access network Figure 7 shows how wireless mobility is implemented with L2TP When a wireless client transmits an 802 11 frame the BelAir AP converts it to an Ethernet frame with VLAN information encapsulates it within an IP packet and then sends the packet to a Tunnel End Point TEP The TEP is usually part of a network central router The BelAir implementation of Layer 2 tunnels current...

Page 164: ... AP its traffic travels through a different Layer 2 tunnel The traffic is encapsulated and sent to TEP as before The VLAN aware Ethernet switch then updates its MAC address table as required with the information for the wireless client s new AP Any subsequent frames sent to the wireless client are then forwarded to the new AP Tunneling is performed by a software module called a tunnel engine BelAi...

Page 165: ...g Traffic QOS Settings on page 175 Setting the Tunnel Down Alarm Threshold on page 175 Layer 2 tunnel CLI commands are available in protocol te syst mode Displaying Tunnel Configuration and Status protocol te eng show config protocol te eng show status These commands display the current tunnel configuration and status Example 1 protocol te syst show config Tunnel server is running mode egress IP a...

Page 166: ...AC broadcasts third line shows number of MAC multicasts number of packets fragmented reassembled due to MTU size Starting and Stopping Layer 2 Tunneling protocol te eng set engine admin state enabled disabled This command starts and stops tunneling operation Use enabled to begin tunneling operation Use disabled to stop all tunnel forwarding Configuring Layer 2 Tunnels protocol te eng set tunnel in...

Page 167: ...ng the main router This is the default setting If switch is set to revertive then the BelAir unit uses the tunnel to the backup router only while the main tunnel is unavailable The BelAir unit switches back to the tunnel using the main router as soon as it becomes available again The delete tunnel command removes all tunnels or the specified tunnel After using this command user data mapped to this...

Page 168: ...ng is 8 seconds PPP echo transmission interval Values range from 0 seconds to 300 seconds 0 seconds means PPP echo is disabled The default setting is 10 seconds PPP echo retransmission count Values range from 1 to 50 The default setting is 10 DSCP value for control L2TP PPP packets The default setting is 0 The AP uses the L2TP Hello parameters to determine if the tunnel is available If the AP does...

Page 169: ...sure all requirements described in Egress Protection on page 122 are met When you enable or disable backhaul protection for tunnels you must 1 Issue the config save command See Saving your Changes on page 21 for details 2 Reboot the node See Activating a Software Load on page 201 for details Bandwidth Limits protocol te eng show limits protocol te eng set tunnel index bandwidth limit upstream bits...

Page 170: ... tunnel to always be up If oam is enabled the BelAir unit relies on receiving 802 1ag CCM packets to detect tunnel state These packets should be generated by outside equipment in the head end and should be forwarded to all BelAir units Set oam to enabled if you are using backup The auto parameter tells the BelAir unit that it should obtain L2VPN parameters IP address and label from the NetOp NSM s...

Page 171: ...d range of 1 to 60 minutes The optional retry min and retry max parameters let you specify in seconds a minimum and maximum value for the retry timer The value of the retry timer is chosen randomly within the boundaries defined by the retry min and retry max parameters The timer is triggered by any failure while trying to communicate with the NetOp NSM configuration server for example the server n...

Page 172: ...u want to answer ARP requests for any destination IP address Use dhcp if you want to answer ARP requests for the default gateway IP address only In this case the gateway IP address is learned from the DHCP relay communication to the client Use list to apply proxy ARP only to traffic destined to a particular set of IP address Use the set tunnel gre arp list command to specify the set of IP addresse...

Page 173: ...HA The spi parameter specifies the index identifying a security context between the AP and home agent It is an integer value that should be greater than 255 The spi parameter and the secret parameter are used together to authenticate the AP with the HA The optional lease time parameter specifies the maximum lease time in seconds for the client session If the client does not send packets for more t...

Page 174: ...en the tunnel interface itself must be associated with a VLAN Refer to Setting Tunnel Engine Parameters on page 167 The optional domain parameter is for PMIP tunnels Some PMIP implementations require an additional identification string to communicate with the PMIP Home Agent HA The domain parameter allows you to specify the required string The unmap vlan command removes all tunnel mapping entries ...

Page 175: ...information that was part of the original client data packet is not visible to upstream equipment This command allows you to put the QOS information into the encapsulating IP packet header so that it becomes visible to the upstream equipment The dscp setting means that Differentiated Services Code Point DSCP information from the client data packet is included in the IP packet header The up bits se...

Page 176: ...eshold is enabled with a setting of 5 meaning that the Excess Tunnel Down Events alarm is generated once 5 Tunnel Down events occur in a day Alarms generated during a maintenance window do not count against the alarm threshold For details see Defining a Maintenance Window on page 55 Configuring the Network Central Router for Layer 2 Tunneling The specific configuration tasks and commands for the n...

Page 177: ... traffic priority queues numbered 0 to 3 Queue 3 has the highest priority while queue 0 has the lowest priority Table 13 describes each queue All traffic that is not associated to a VLAN has priority 1 This means that until you create VLANs all traffic has priority 1 Once VLANs have been created you configure the node traffic to have different priorities based on User Priority bits 0 to 7 or VLAN ...

Page 178: ...riority queue The priority parameter ranges from 0 to 7 The queue_id parameter ranges from 0 to 3 as described in Table 13 on page 177 Note Settings made with the set vlan to queue mapping command have precedence over settings made with this command Table 14 shows how User Priority values are processed to priority queues by default To unmap a previously set priority use the set up to queue mapping...

Page 179: ...0 Qos Vlan Id Configuration Vlan Id 100 Vlan Qos Status Enabled Queue Map 3 Resetting the QoS Configuration qos set defaults This command returns the system QoS configuration to factory default settings Note This command does not affect radio QoS configuration Displaying a Summary of System QoS Settings qos show config This command displays a summary of all current QOS settings including how User ...

Page 180: ...rtunities This allows over the air QoS for WMM client devices with faster burst transfer Use the mode command to see the version number of your radio modules Some WMM features such as selecting the priority scheme and the mapping scheme are also available for BelAir backhaul radios to provide end to end QoS functionality Displaying a Summary of Radio QoS Settings Use the interface wifi n m show co...

Page 181: ...apping Scheme interface wifi n m set qos mapping up dscp both The set command lets you decide how traffic is processed to the four BelAir priority queues depending on the values of the User Priority UP field or the Differentiated Services Code Point DSCP subfield in the client traffic fields Selecting up means that traffic is sent to the four BelAir priority queues based on the UP field value Sele...

Page 182: ...wer save Delivery UAPSD extends the battery life of wireless clients and reduces radio transmission traffic To enable UAPSD you must first enable Wireless Multi media WMM for the radio Refer to Enabling or Disabling Wireless Multi media on page 181 This command lets you enable or disable UAPSD By default UAPSD is enabled 6 192 0xC0 3 7 224 0xE0 3 Table 15 UP and DSCP Value to Priority Queue Proces...

Page 183: ...the different paths This chapter contains the following sections Spanning Tree Protocol Overview on page 183 Configuring Spanning Tree Priority on page 184 Configuring Other Spanning Tree Parameters on page 185 RSTP Commands on page 186 See also Managing Egress Node Traffic on page 64 Spanning Tree Protocol Overview It is important to configure the Spanning Tree Protocol STP when multiple paths be...

Page 184: ...al spanning tree protocol is STP When STP detects a topology change in the network STP blocks all user traffic creates a new loop free configuration and then re enables user traffic STP reconfigurations create outages that are typically 30 to 60 seconds in length A newer protocol Rapid STP RSTP greatly reduces the length of outages caused by topology reconfigurations RSTP is backwards compatible w...

Page 185: ...cost Table 16 Configurable Spanning Tree Timers and Associated Parameters Parameter Default Value Description Possible Range Hello Timer 2 s Determines how often the bridge broadcasts hello messages to other bridges 1 s to 10 s Must be less than or equal to 1 2Max_Age 1 Forward Delay Timer 15 s Determines how long each of the listening and learning states last before the interface begins forwardin...

Page 186: ...s apply to specific physical interfaces or to specific radio links The Name column of the protocol rstp show config port all command displays available interfaces and radio links For example if the Name column displays wifi 3 1 1 then wifi 3 1 identifies the interface and the 1 suffix identifies radio link 1 of that interface The BelAir20E layer 2 switch forwards layer 2 frames to the output of on...

Page 187: ...000000 False False False True False RSTP Enabled 830769 5 wifi 1 1 5 128 2000000 False False False True False RSTP Enabled 830769 6 wifi 1 1 6 128 2000000 False False False True False RSTP Enabled 830769 7 wifi 1 1 7 128 2000000 False False False True False RSTP Enabled 830769 8 wifi 1 1 8 128 2000000 False False False True False RSTP Enabled 830769 9 wifi 2 1 1 128 2000000 False False False True ...

Page 188: ...le 3 protocol rstp show config port wifi 2 1 1 RSTP Port Configurations Port Name Prio Pathcost Migration Edge P2P Protocol Dynamic Cost Interface link Conf Oper Conf Oper Version Status Default 9 wifi 2 1 1 128 2000000 False False False True False RSTP Enabled 3000000 Example 4 protocol rstp show config port active RSTP Port Configurations Port Name Prio Pathcost Migration Edge P2P Protocol Dynam...

Page 189: ... Stp Root Port 33 Stp Max Age 31 seconds Stp Hello Time 1 seconds Stp Forward Delay Time 21 seconds Example 2 protocol rstp show topology port all RSTP Port Topology Information Port Name Designated root Designated Designated bridge Designated Interface link Cost Port 1 wifi 1 1 1 60 00 00 23 34 b0 3e 80 200000 90 00 00 0d 67 00 69 5e 80 01 2 wifi 1 1 2 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 ...

Page 190: ...fi 4 1 2 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 00 00 00 00 27 wifi 4 1 3 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 00 00 00 00 28 wifi 4 1 4 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 00 00 00 00 29 wifi 4 1 5 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 00 00 00 00 30 wifi 4 1 6 00 00 00 00 00 00 00 00 0 00 00 00 00 00 00 00 00 00 00 31 wifi 4 1 7 00 00 00 00 00 00 00 00 0 00 00 00 00 00 ...

Page 191: ... eth 1 1 Root Forwarding Enabled 34 eth 1 2 Designated Forwarding Enabled Example 2 protocol rstp show port roles all RSTP Port Roles and States Port Name Remote id Port Role Port State Port Status Link status 1 wifi 1 1 1 Disabled Discarding Enabled Down 2 wifi 1 1 2 Disabled Discarding Enabled Down 3 wifi 1 1 3 Disabled Discarding Enabled Down 4 wifi 1 1 4 Disabled Discarding Enabled Down 5 wifi...

Page 192: ...bled Down 33 eth 1 1 Root Forwarding Enabled UP 34 eth 1 2 Designated Forwarding Enabled UP Configuring the Bridge Aging Time protocol rstp set bridge aging time 10 630 This command specifies the aging time in seconds for the dynamically learned forwarding information RSTP Priority protocol rstp set priority Decimal 0 61440 or Hexadecimal 0x0000 0xf000 This command specifies the STP priority The d...

Page 193: ...nts the time in seconds that all bridges use for ForwardDelay when this bridge is acting as the root The default value is 15 The value must not be less than 1 1 2 MaxAge Note BelAir Networks recommends that you do not change the RSTP parameter values from their default values Experience has shown that the default values work well in a variety of networks Example protocol rstp set max age 20 hello ...

Page 194: ...ined for each radio link on your BelAir20E The interface name parameter specifies a particular interface such as wifi 2 1 Dynamic path costs are a useful way to adjust the topology of a network to isolate a link as a result of unplanned or seasonal effects For example there may be an unplanned source of radio interference with a particular link Or vegetation may affect a link during summer When dy...

Page 195: ...igration on an Interface protocol rstp set interface interface name protocol migration true false While operating in RSTP mode setting of this value to true forces the interface to transmit RSTP BPDUs The interface name parameter specifies a particular interface such as wifi 2 1 RSTP Edge Port Status protocol rstp set interface interface name edge port true false This command indicates whether the...

Page 196: ... be updated later by the BelAir20E bridge software The interface name parameter specifies a particular interface such as wifi 2 1 Setting a value of forcetrue forces it to function as a point to point link Setting a value of forcefalse forces it not to function as a point to point link The default settings vary depending on the hardware in use the topology and whether dynamic path cost is used or ...

Page 197: ...e structurally different than in other releases For example the configuration database in Release 12 0 is structurally different than in previous releases Because of this downgrading a software load from Release 12 0 to the previous release requires much effort BelAir Networks strongly recommends that you fully verify the configuration and operation of an upgraded unit before you commit the new lo...

Page 198: ...standby bank 3 Download the new software load The new software load is downloaded to the standby software load bank If A is active then the new software load is downloaded to bank B If B is active then the new software load is downloaded to bank A 4 Verify the new software downloaded successfully 5 Activate the new software load from the standby software load bank containing the new load by reboot...

Page 199: ...act BelAir Networks Displaying the Active and Next Software Loads Display the active software load and the load that is activated at the next reboot with the following command system show loads Downloading a New Software Load system upgrade load remoteip serverIPaddress remotepath serverSubDir tftp ftp user usrname password pword This command downloads a new software image from a remote server It ...

Page 200: ...cel upgrade 3 When requested confirm your intent If you confirm that you want to cancel the software upgrade a message appears in the other CLI session informing it s user that the upgrade has been cancelled CAUTION Because the software upgrade process was interrupted the software in the standby software load bank may no longer be suitable to reboot the system Do not set it to be the next active l...

Page 201: ...w Version BA100 8 0 8 D 2008 09 18 18 18 r19148 State Shadow CommitState committed Md5Sum OK Bootloader Info PPC405EP Common Bootloader Version 4 06 11 06 2008 Activating a Software Load To activate a software load enter the following system reboot The reboot command is only available if you are logged in as root This command forces the unit to execute with the new load and completes the activatio...

Page 202: ...New Software Load system commit load Once you have activated the unit with new software load you can commit it with this command See Figure 10 CAUTION This command copies the contents of the active software bank to the standby bank For example if the active software bank is A its contents overwrite those of bank B Backing out is no longer possible after the new software load has been committed Aft...

Page 203: ...ible to back out from a software upgrade in case its effects are undesired but only if the new software load has not been committed See Figure 11 on page 203 Figure 11 Backing Out from an Uncommitted Software Upgrade When you back out of a software upgrade the old load overwrites the new software load To back out from an upgrade do the following steps 1 Determine which bank has the old software lo...

Page 204: ... significantly longer up to 20 minutes depending on the unit s configuration 4 Run the commit command Running the commit command is not necessary if the system is already executing the old software load because you have decided for example to back out of the upgrade before activating the new load In this case the content of the old software load which is active overwrites the contents of the new u...

Page 205: ...this document when you are determining infrastructure requirements pre configuring the units installing units problem solving on the site mounting units commissioning the units User Guide Use this document when you are becoming accustomed to the CLI interface becoming accustomed to the SNMP interface accessing the Web interface configuring the unit IP parameters data and time Ethernet interfaces c...

Page 206: ...55 Document Number BDTM02201 A01 Standard upgrading the unit saving and restoring the configuration Troubleshooting Guide Use this document when you are troubleshooting and in need of technical support looking up system configuration details Alarms and events System logs Statistics ...

Page 207: ... If it does do the provided corrective actions 2 If the troubleshooting guide does not cover your situation contact your BelAir Networks product representative 3 If you still need assistance use the BelAir Networks online support center at http support belairnetworks com 4 Finally if your issue is not resolved contact BelAir Networks 613 254 7070 option 2 1 877 BelAir1 235 2471 option 2 techsuppor...

Page 208: ...intain a loop free network BSS Basic Service Set A set of 802 11 compliant stations that operate as a fully connected wireless network Client A device that uses the services of a wireless access point to connect to a network CLI Command Line Interface DHCP Dynamic Host Configuration Protocol IP Internet Protocol IP address The Internet Protocol IP address of a station Expressed in dotted notation ...

Page 209: ... Set Identifier also referred to as Network Name or Id A unique identifier used to identify a radio network and which stations must use to be able to communicate with each other or to an access point SSL Secure Socket Layer TCP Transmission Control Protocol TKIP Temporal Key Integrity Protocol an optional IEEE 802 11 function that offers frame transmission privacy Like WEP it is based on RC4 encry...

Page 210: ... and privacy keys Unit part number located on the sticker on to the unit __________________________ Unit serial number located on the sticker on to the unit __________________________ Super user password ____________________________ System Name ______________ Location ____________ Contact _______________ Base MAC Address ______________ IP Address _____________Subnet ______________ Gateway ________...

Page 211: ...n PSMv2 only TKIP or AES Others AES only ____________________ RADIUS or 8 to 63 byte pre shared key ___________________________________________ dot1x RADIUS EAP authentication 1 ________________ 2 ________________ 3 ________________ 4 ________________ __________________ Y or N wep40 RADIUS or 5 byte pre shared key _______________________________________________ wep104 RADIUS or 13 byte pre shared ...

Page 212: ...Interface wifi ___ ___ Channel ________ Link ID _____________________ AES Privacy Y or N __________ Key 16 characters _____________________________________ Topology P to P MP to MP mesh P to MP star ________________________________ P to MP star role base station or subscriber station ____________________________ P to MP star link index ____________________________ ...

Page 213: ...itial Conditions See Figure 12 Figure 12 Auto connection Initial Conditions To setup auto connection The first six bytes of the respective link IDs must match This is true in our example B20MeshA and B20MeshB The auto connection admin state in the child nodes must be enabled Node123 BelAir20 Child Node121 BelAir20 Egress BA20MeshB Link ID Ethernet Egress Connection Node122 BelAir20 Child Node120 B...

Page 214: ...mo 3x3 tx power 18 0 dBm per chain 23 0 dBm total antenna gain 5 0 dBi link distance 1 km tx aggregation Enabled base radio MAC 00 0d 67 10 e8 92 Backhaul Common privacy Disabled mesh min rssi 100 dbm Stationary Backhaul link admin state Enabled link id B20MeshA topology mesh Mobile Backhaul mobile admin state Disabled mobile link id mobile link role ss Protection Backhaul protection admin state D...

Page 215: ...Node IP Node Name S 1 00 0d 67 10 e8 92 fwd fwd 44 wifi 1 1 180 7 4 122 Identify Node120 as an egress node system set system egress point yes direct system show system egress point egress point direct Enable auto connection and verify it services auto conn set admin enable services auto conn show config admin state Enabled services auto conn show status Oper State Ether Link State Egress Reachable...

Page 216: ...haul status WiFi backhaul states stationary Enabled mobile Disabled protection Disabled Backhaul Links Link Radio Mac State L R RSSI Radio Node IP Node Name S 1 00 0d 67 0c 22 29 fwd fwd 49 wifi 1 1 180 7 4 121 Enable auto connection and verify it services auto conn set admin enabled services auto conn show config admin state Enabled services auto conn show status Oper State Ether Link State Egres...

Page 217: ...vices auto conn set admin enable services auto conn show config admin state Enabled services auto conn sh status Oper State Ether Link State Egress Reachable Use Alternate Mesh up up yes no Fault Conditions At this point the Ethernet connection used by the Mesh B egress node Node121 becomes unavailable The Mesh B nodes Node121 and Node123 connect to the Mesh A nodes and all traffic flows through t...

Page 218: ... states stationary Enabled mobile Disabled protection Disabled Backhaul Links Link Radio Mac State L R RSSI Radio Node IP Node Name S 1 00 0d 67 10 e8 92 fwd up 46 wifi 1 1 180 7 4 122 S 2 00 0d 67 0c 22 29 fwd fwd 36 wifi 1 1 180 7 4 121 S 3 00 0d 67 10 f8 d7 fwd up 64 wifi 1 1 180 7 4 123 Node123 BelAir20 Child Node121 BelAir20 Egress BA20MeshB Link ID Ethernet Egress Connection Node122 BelAir20...

Page 219: ...7 0c 22 4b up fwd 51 wifi 1 1 180 7 4 120 S 2 00 0d 67 0c 22 29 fwd fwd 41 wifi 1 1 180 7 4 121 S 3 00 0d 67 10 f8 d7 fwd up 58 wifi 1 1 180 7 4 123 Display the auto connect topology services auto conn show status Oper State Ether Link State Egress Reachable Use Alternate Mesh up down yes no Node123 Child Node of Mesh B Display the backhaul configuration interface wifi 1 1 show config backhaul Slo...

Page 220: ... 67 0c 22 4b up fwd 67 wifi 1 1 180 7 4 120 Display the auto connect topology services auto conn show status Oper State Ether Link State Egress Reachable Use Alternate Mesh up down yes yes Node121 Egress Node of Mesh B Display the auto connect topology It shows that it is using the alternate mesh as an egress point services auto conn show status Oper State Ether Link State Egress Reachable Use Alt...

Page 221: ...tion is re established services auto conn show alternate mesh Alternate Mesh Radio Interface wifi 1 1 Mesh ID B20MeshA Channel 161 Status Up Node122 Child Node of Mesh A Display the mesh topology after the Ethernet connection is re established on Node121 but before the auto connection revert command is given interface wifi 1 1 show backhaul status WiFi backhaul states stationary Enabled mobile Dis...

Page 222: ...rface wifi 1 1 show backhaul status WiFi backhaul states stationary Enabled mobile Disabled protection Disabled Backhaul Links Link Radio Mac State L R RSSI Radio Node IP Node Name S 1 00 0d 67 0c 22 4b fwd fwd 49 wifi 1 1 180 7 4 120 After the revert command is given the mesh topology returns to that shown in Figure 12 on page 213 Node123 BelAir20 Child Node121 BelAir20 Egress BA20MeshB Link ID E...

Page 223: ...compiled to native machine code For BelAirOS platforms you can create scripts consisting of valid and supported BelAir CLI commands to make repetitive tasks quicker and easier to do automate the configuration of a node when it starts up Your script file must contain special declarations for the following cases If you want to specify and control physical interfaces such as wifi 1 1 use the declarat...

Page 224: ...s described in Managing and Manually Running Script Files on page 225 as required The process of downloading and running a script file on startup can be automated For details see the Auto configuration chapter of the BelAir platform User Guide Manually Transferring Files to and from a BelAir Node Use the following CLI commands to manually transfer files such as script files to and from a BelAir no...

Page 225: ...ile name system delete script script file system rename script script file new name system show script script file list scripts run script scriptname output_file The copy delete rename and show script commands are available in system mode and allow you to manage and customize script files as you require The list and run script commands are available from any mode The list scripts command displays ...

Page 226: ...tents and results of a typical script Physical Interface Declaration Summary Table 18 summarizes the declarations required in your script file to specify a physical interface Table 18 BelAir Script Declaration Summary Script Declaration Description int asbly iftype desc instance Used to define a physical interface to which the following CLI commands apply to For a definition of asbly iftype desc a...

Page 227: ...h at least part of the text in the Description field in the Physical Interface Table output by the system show phyinv command See also Common Radio Card Descriptions on page 235 instance specifies which instance of the interface to apply the commands to It must be a digit between 1 and 127 Use a dash to separate each part in the declaration The system uses the information in your declaration to de...

Page 228: ...3 BRM 3 2 1 A000003408 B2CC033AA B B01 Physical Interface Table Name Type Slot Card type Description wifi 1 1 Wifi 802 11 1 LPM LPMv2 4 9GHz 802 11a eth 1 1 Ethernet 1 LPM 1x100baseTx Electrical Single wifi 2 1 Wifi 802 11 2 BRM BRMv3 5GHz 802 11a wifi 3 1 Wifi 802 11 3 BRM BRMv3 5GHz 802 11a Physical Interface Script Example Script The following is a listing of the script contents int wifi 2 4GHz...

Page 229: ...o LPMv2 4 9GHz 802 11a admin state Disabled frequency band 4900MHz SchemeA channel 10 tx power 20 0 dBm bandwidth 10 0 MHz antenna gain 9 5 dBi link distance 1 km base radio MAC 00 0d 67 00 48 52 Interface stop Interface int wifi 5GHz 1 interface wifi 2 1 start interface wifi 2 1 set channel 155 interface wifi 2 1 set backhaul admin state disabled interface wifi 2 1 show config Slot 2 Card Type br...

Page 230: ...fig Slot 2 Card Type brm revision 3 Port 1 Radio BRMv3 5GHz 802 11a admin state Enabled channel 155 tx power 20 0 dBm tx power optimize Disabled antenna gain 10 5 dBi link distance 1 km base radio MAC 00 0d 67 00 44 49 Interface stop assembly code tag does not match Unknown interface int BELAIR20 11 wifi 5GHz 1 skipping Interface stop Interface int BELAIR100 wifi 1 interface wifi 1 1 start interfa...

Page 231: ...he reboot command in an auto configuration script without the correct declarations may cause the node to enter a continuous reboot loop The declarations for using the reboot command in a script are an extension of those for specifying a physical interface in a script See Specifying Physical Interfaces on page 226 Table 19 Script Declaration Summary for Reboot Command Script Declaration Description...

Page 232: ...d 2 Use the config save command to save the changes to this point to the node s database 3 Include the check db change start declaration Begin recording whether the following commands change the nodes settings 4 Use the CLI commands for the functionality that requires a reboot for example protocol nat set commands 5 Include the check db change stop declaration Stop recording whether the following ...

Page 233: ...GHz 1 set channel 155 set backhaul admin state disabled show config config save int BELAIR 20 check db change start protocol nat set scope 1 dhcp server vlan 401 based ip 45 89 233 0 lease time 30 protocol nat set scope 1 status enabled protocol nat set admin state enabled check db change stop int stop int db change start config save system reboot y int stop Common BelAirOS Platform Assembly Codes...

Page 234: ...BELAIR100T_12 BelAir100T 21 BELAIR100T_21 BelAir100T 12R BELAIR100T_12R BelAir100T 21R BELAIR100T_21R BelAir100S 10 BELAIR100S_10 BelAir100S 11 BELAIR100S_11 BelAir100N 10 BA100N 10 BelAir100N 11 BA100N 11 BelAir100N 10R BA100N 10R BelAir100N 11R BA100N 11R BelAir100SN 10 BA100SN 10 BelAir100SN 11 BA100SN 11 BelAir100SN 10R BA100SN 10R BelAir100SN 11R BA100SN 11R Table 20 Common BelAirOS Platform ...

Page 235: ... Platform Assembly Codes Continued Platform Assembly Code Table 21 Common BelAirOS Radio Card Descriptions Card Description Notes ARMv3 ARMv3 2 4GHz 802 11b g BRMv3 BRMv3 5GHz 802 11a BRMv4 BRMv4 5GHz 802 11a ERMv1 ERMv1 5GHz Multiband 802 11a ERMv2 ERMv2 5GHz 802 11a ERMv5 ERMv5 5GHz 802 11n PSMv1 PSMv1 4 9GHz 802 11a PSMv2 LPMv2 4 9GHz 802 11a WRMv1 WRMv1 2 3GHz 5MHz 802 16d WRMv2 WRMv2 2 5GHz 5...

Page 236: ...readonly protocol snmp set community 2 community name commu2 ipaddr 0 0 0 0 privilege readwrite protocol snmp set community 3 community name commu3 ipaddr xxx xxx xxx xxx privilege readwrite protocol snmp set trap 1 mgr addr xxx xxx xxx xxx community commu1 version v2 protocol snmp set trap 2 mgr addr xxx xxx xxx xxx community commu2 version v2 protocol snmp set trap 3 mgr addr xxx xxx xxx xxx com...

Page 237: ... identifier dummy broadcast vlan none set ssid 1 service set identifier superwifi broadcast vlan 801 set ssid 1 wireless bridge disabled set ssid 1 privacy none set ssid 1 group address filter ipv4 set ssid 1 secure port disabled set ssid 1 admin state enabled set ssid 2 service set identifier optimumwifi broadcast vlan 800 set ssid 2 wireless bridge disabled set ssid 2 privacy none set ssid 2 gro...

Page 238: ...id 2 group address filter ipv4 set ssid 2 secure port disabled set ssid 2 admin state enabled set ssid 3 service set identifier maxwifi broadcast vlan 245 set ssid 3 wireless bridge disabled set ssid 3 privacy none set ssid 3 group address filter ipv4 set ssid 3 secure port disabled set ssid 3 admin state enabled set backhaul admin state disabled set admin state enabled int stop int wifi 2 4Ghz 80...

Page 239: ...tandard interface eth 1 1 add vlan untagged protocol te syst map vlan 200 to 1 protocol te syst map vlan 201 to 1 protocol te syst map vlan 245 to 1 protocol te syst limit tunnel 1 bandwidth transmit 1500000 receive 1500000 protocol te syst set tunnel 1 bandwidth limit upstream 1500000 downstream 1500000 config save ...

Page 240: ...ss to system commands you can reset the unit to the factory defaults CAUTION By performing the following procedure all local configuration data will be replaced by default factory settings You will not be able to recover any local configuration data CAUTION You may not able to reestablish connectivity to a remotely located unit after you execute this procedure Use the following command sequence cd...

Page 241: ...on to factory defaults do the following steps 1 Access the BelAir20E rear panel You may need to detach it from its mounting bracket 2 With a pen tip or paperclip gently press the unit s reset button for more than 5 seconds Refer to Figure 15 Figure 15 BelAir20E Rear Panel with Reset Button 3 If necessary re attach the BelAir20E to its mounting bracket Reset Hole ...

Page 242: ...a Pre deployed NMS 7 Web Interface 9 Accessing the Web Interface 9 Accessing the System Page with Secure HTTP or with HTTP 9 Stopping a Session 11 Additional Troubleshooting Tools 11 Command Line Interface Basics 12 Connecting to the BelAir20E 12 Starting a CLI Session 12 Command Modes 14 Abbreviating Commands 18 Command History 18 Special CLI Keys 19 Help Command 19 Saving your Changes 21 Saving ...

Page 243: ...ng a Telnet Session 25 Radio Configuration Summary 25 BelAir20E Access Methods 27 SNMP Configuration Guidelines 27 SNMPv1 v2 Servers 27 SNMPv3 Servers 27 SNMP Naming Restrictions 27 SNMP Command Reference 28 SNMP Agent 28 SNMP Configuration 28 Communities 29 Traps 29 Users 30 Notifications 30 Authentication Traps 31 Engine Identifier 32 Telnet 32 HTTP 32 Secure HTTP 32 SSH 32 SSH Access 32 SSL 32 ...

Page 244: ...2 CLI Prompt Customization 42 IP Settings 44 Displaying IP Parameters 44 Configuring IP Parameters 45 Configuring Dynamic IP Addressing 45 Renewing the IP Address 46 Auto IP 46 Setting a Static IP Address and Subnet Mask 47 Static IP Routes 47 Configuring the Domain Name System Lookup Service 48 Configuring IP Address Notification 48 System Settings 49 Country of Operation 49 System Identification...

Page 245: ...Options 58 Pre requisites 60 Configuring and Using DHCP Options 60 Accepting Specific DHCP Parameters 60 DNS 61 Configuration Download Profile 62 Pre requisites 62 Using a Configuration Download Profile 62 Ethernet or LAN Interface Settings 64 Managing the Ethernet or LAN Interface Settings 64 Managing Egress Node Traffic 64 VLAN Conversion 65 VLAN Filtering 65 Changing Ethernet or LAN Interface A...

Page 246: ...Aware Rate Adaptation 78 Rate Aware Fairness 78 802 11n Aggregation 78 Minimum Receive Threshold 78 Changing Wi Fi Interface Admin State 79 Configuring Wi Fi Access Point Parameters 80 Displaying AP Configuration 81 AP Custom Rates 81 Displaying Associated Wireless Clients 83 Displaying Wireless Client Details 85 Disconnecting a Wireless Client 85 Wireless Client Load Balancing 85 Configuring RTS ...

Page 247: ...Wireless Clients 100 RADIUS Servers for Wireless Clients 101 Managing RADIUS Servers 104 Changing RADIUS Server Admin State 105 Assigning SSIDs to RADIUS Servers 105 RADIUS Pre authentication 105 RADIUS Assigned VLAN 106 RADIUS Accounting 106 Client Authentication and De authentication Trap 107 AP Privacy 107 Wireless Client Blacklist 109 Wireless Client Access Control List 109 Controlling Inter c...

Page 248: ...esh 123 Configuring Mobile Backhaul Mesh Links 124 Displaying Mobility Configuration and Status 124 Configuring MIMO Operation for Mobile Applications 125 Configuring and Enabling Mobile Backhaul Mesh Links 125 Mobile Backhaul Point to point Links 127 Scanning Process 128 Sample Subscriber Station Configuration 128 Sample Base Station Configuration 130 Mobile Backhaul Point to point Commands 132 D...

Page 249: ...141 Access Packet RSSI Filter 141 Effective Mesh Path Selection 141 Blacklist SNMP Support 141 Client Association Records 142 CTS to Self Control 142 DHCP to Attached Clients Only 142 ARP to Attached Clients Only 142 Upstream Broadcast Filter 142 Secure Port Mode 143 Wireless Bridging 143 Client Load Balancing 143 Client Authentication History 144 Automatic Mesh Connect 144 Traffic Test Tool 144 D...

Page 250: ...e Client Session Information 157 Specifying the Web Server 158 Specifying Redirection Variable Pairs 159 Specifying the RADIUS Server 159 Managing White List Entries 159 Associating VLAN Traffic to a Scope 160 Performing MAC Address Authentication 160 Collecting Accounting Information 161 Operating in WAN Mode 162 Changing UAM Admin State 162 Using Layer 2 Tunnels 163 Configuring the BelAir Node f...

Page 251: ...LAN IDs 178 Resetting the QoS Configuration 179 Displaying a Summary of System QoS Settings 179 Displaying the Prioritization Settings 180 Radio QoS 180 Displaying a Summary of Radio QoS Settings 180 Enabling or Disabling Wireless Multi media 181 QoS Mapping Scheme 181 Unscheduled Automatic Power save Delivery 182 Layer 2 Network Configuration 183 Spanning Tree Protocol Overview 183 Configuring Sp...

Page 252: ...rade Process Overview 197 Downloading a New Software Load 199 Canceling a Software Upgrade 200 Verifying a Successful Download 201 Activating a Software Load 201 Committing a New Software Load 202 Backing Out from a Software Upgrade 203 Displaying the Status of the Software Upgrade 204 Clearing the Upgrade Failure Alarm 204 Auto upgrade 204 For More Information 205 Installation Guide 205 User Guid...

Page 253: ...ecifications 227 Physical Interface Script Example Setup 228 Physical Interface Script Example Script 228 Physical Interface Script Example Output 229 Including a Reboot Command in a Script 231 Reboot Declaration Summary 231 Reboot Declaration Specification 231 Reboot Script Example 233 Common BelAirOS Platform Assembly Codes 233 Common Radio Card Descriptions 235 Sample Universal Auto configurati...

Page 254: ...1 List of Tables Table 1 Product Name Synonyms 3 Table 2 Standard SNMP MIBs 7 Table 3 BelAir Enterprise MIBs 8 Table 4 Command Line Interface Modes 16 Table 5 Super user commands 35 Table 6 Physical Interface Parameter Settings 67 Table 7 BelAir Wi Fi Radio Summary 71 Table 8 Auth Field Value Descriptions 83 Table 9 DHCP Field Value Descriptions 83 Table 10 RADIUS Attributes 102 Table 11 Wi Fi Bac...

Page 255: ... 613 254 7070 April 2 2012 Confidential Page 255 of 255 Document Number BDTM02201 A01 Standard General Information info belairnetworks com Sales sales belairnetworks com Technical Support techsupport belairnetworks com Visit us on the web at www belairnetworks com 255 BelAir20E User Guide ...

Search results

Summary of Contents for 20E

Reviews:

Related manuals for 20E

Brands by name

Popular brands

Belair 20E, User Manual

Search results

Summary of Contents for 20E

Reviews:

Related manuals for 20E

Brands by name

Popular brands