Gateway 7001 Series User Manual Download | Manualshive

Page: 120 / 218

background image

115

www.gateway.com

Security considerations related to WDS bridges

Static

Wired Equivalent Privacy

(WEP) is a data encryption protocol for 802.11 wireless

networks. Both access points in a given WDS link must be configured with the same
security settings. For static WEP, either a static 64-bit (40-bit secret key + 24-bit initialization
vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key is specified for data
encryption.

You can enable Static WEP on the WDS link (bridge). When WEP is enabled, all data
exchanged between the two access points in a WDS link is encrypted using a fixed WEP
key that you provide.

Static WEP is the only security mode available for the WDS link, and it does not provide
effective data protection to the level of other security modes available for service to client
stations. If you use WDS on a LAN intended for secure wireless traffic you are putting your
network at risk. Therefore, we recommend using WDS to bridge the guest network only
for this release. Do not use WDS to bridge access points on the internal network unless
you are not concerned about the security risk for data traffic on that network.

For more information about the effectiveness of different security modes, see

network security” on page 80

. This topic also covers use of plain text security mode for

AP-to-station traffic on the guest network, which is intended for less sensitive data traffic.

Navigating to WDS settings

To specify the details of traffic exchange from this access point to others, click

Advanced

> Wireless Distribution System

on the Administration Web page. The

Configure WDS bridges

to other access points

screen opens. Update the boxes as described in the following section.

«
...
118
119
120
121
122
...
»

Summary of Contents for 7001 Series

Page 1: ...User Guide Gateway 7001 Series Access Point ...

Page 2: ...ccess point 20 Running KickStart to find access points and assign IP addresses 20 Logging on to the administration Web pages 24 Configuring basic settings and starting the wireless network 27 What s next 28 3 Configuring Basic Network Settings 29 Navigating to basic settings 30 Reviewing and describing the access point 31 Providing administrator password and wireless network name 32 Setting config...

Page 3: ...accounts 58 Adding a user 58 Editing a user account 59 6 Session Monitoring 61 Navigating to session monitoring 62 Understanding session monitoring information 63 Viewing session information for access points 65 Sorting session information 65 Refreshing session information 65 7 Advanced Configuration 67 Configuring an Ethernet wired interface 68 Navigating to Ethernet wired settings 69 Setting the...

Page 4: ...ing settings 110 Using MAC address filtering 111 Configuring a Wireless Distribution System WDS 112 Understanding the WDS 112 Navigating to WDS settings 115 Configuring WDS settings 117 Configuring security settings on wireless clients 121 Network infrastructure and choosing between built in or external authentication server 122 Setting the administrator password 155 Navigating to administrator pa...

Page 5: ...iv www gateway com A Glossary 175 B Specifications 197 C Safety Regulatory and Legal Information 201 Index 209 ...

Page 6: ...Chapter 1 1 Introduction Features and benefits Networking Maintainability Default settings and supported administrator client platforms ...

Page 7: ...cess point Gateway 7001 802 11 A G Wireless Access Point The single band access point can broadcast in either IEEE 802 11b or IEEE 802 11g mode The dual band access point is capable of broadcasting in two different IEEE 802 11 modes simultaneously Radio One can broadcast in IEEE 802 11b or IEEE 802 11g modes Radio Two can broadcast in IEEE 802 11a or IEEE 802 11a Turbo modes The Gateway 7001 AP so...

Page 8: ... access points wirelessly Extends your network with less cabling and provides a seamless experience for roaming clients Virtual Local Area Network VLAN support Under the hood support for multiple SSIDs network names and multiple BSSIDs basic service set IDs on the same access point Security features Inhibit SSID Broadcast Ignore SSID Broadcast Link integrity monitoring Link integrity checking Weak...

Page 9: ...eters are automatically reflected in all members of the cluster Self managed access points with automatic configuration synchronization The access points in a cluster periodically check that the cluster configuration is consistent and check for the presence and availability of the other members of the cluster The administrator can monitor this information through the user interface Enhanced local ...

Page 10: ...less and Ethernet devices in IEEE 802 11a 802 11b 802 11g or 802 11a Turbo modes depending on the model The Gateway 7001 Series self managed AP offers an out of the box Guest Interface feature that lets you configure access points for controlled guest access of the wireless network This can be accomplished either by using Virtual LANs or by creating physically separate network connections on the s...

Page 11: ...r You can assign a new static IP address through the Administration Web pages If you have a DHCP server on the network then an IP address will be dynamically assigned by the server at AP startup Understanding dynamic and static IP addressing on page 12 Connection Type Dynamic Host Configuration Protocol DHCP If you do not have a DHCP server on the Internal network and do not plan to use one the fi...

Page 12: ...smit Power 100 Percent of certified level Configuring radio settings on page 104 Rate Sets Supported Mbps IEEE 802 11a 54 48 36 24 18 12 9 6 IEEE 802 11g 54 48 36 24 18 12 9 6 5 5 2 1 IEEE 802 11b 11 5 5 2 1 Atheros Turbo 5 GHz 108 96 72 48 36 24 18 12 Configuring radio settings on page 104 Rate Sets Basic Advertised IEEE 802 11a 24 12 6 IEEE 802 11g 11 5 5 2 1 IEEE 802 11b 2 1 Atheros Turbo 5 GHz...

Page 13: ...Login Disabled Advanced Configuration on page 67 Guest Welcome Screen Text Thank you for using wireless Guest Access as provided by this Gateway 7001 Series wireless access point When clicking Accept below you will gain access to a wireless network which will allow you complete access to the Internet but is external to the corporate network This network is not configured to provide any level of wi...

Page 14: ... Portable or built in Wi Fi client adapter that supports one or more of the IEEE 802 11 modes in which you plan to run the access point IEEE 802 11a 802 11b 802 11g and 802 11a Turbo modes are supported depending on model Wireless client software such as Microsoft Windows XP or Funk Odyssey wireless client configured to associate with the Gateway 7001 Series access point For more details on Wi Fi ...

Page 15: ...ints and provides a link to the Administration Web pages where you finish up the basic setup process in a step by step mode and launch the network For more about using KickStart see Running KickStart to find access points and assign IP addresses on page 20 CD Drive The administrator s computer must have a CD drive to run the KickStart CD Security Settings Make sure that security is disabled on the...

Page 16: ...es of NICs or an external device such as a USB or Ethernet adapter that you connect to the client by means of a cable The access point supports 802 11a b g modes depending on model but you will probably make a decision during network design phase as to which mode to use The fundamental requirement for clients is that they all have configured adapters that match the 802 11 mode for which your acces...

Page 17: ... each access point using the IP address in the URL For more information about the KickStart utility see Running KickStart to find access points and assign IP addresses on page 20 Dynamic IP addressing The Gateway 7001 Series self managed AP generally expects that a DHCP server is running on the network where the AP is deployed Most home and small business networks already have DHCP service provide...

Page 18: ...ernal interface Ethernet settings on page 71 Recovering an IP Address If you experience trouble communicating with the access point you can recover a static IP address by resetting the AP configuration to the factory defaults see Resetting the configuration on page 166 or you can get a dynamically assigned address by connecting the AP to a network that has DHCP Important If you do not have a DHCP ...

Page 19: ...14 www gateway com ...

Page 20: ...npacking the access point Connecting the access point to network and power Turning on the access point Running KickStart to find access points and assign IP addresses Configuring basic settings and starting the wireless network ...

Page 21: ...ies self managed APs and the resulting wireless network Have the KickStart CD handy and familiarize yourself with the Default settings and supported administrator client platforms on page 5 if you have not already Unpacking the access point Unpack the Access Point AP and familiarize yourself with its hardware ports associated cables and accessories Access point hardware and ports The access point ...

Page 22: ...ini PC card The access point boots from FlashROM that contains firmware with the configurable runtime features summarized in Overview of the Gateway 7001 Series of self managed APs on page 2 As new features and enhancements become available you can upgrade the firmware to add new functionality and performance improvements to the access points that make up your wireless network See Upgrading the fi...

Page 23: ...n the access point and the other end to the same hub where your computer is connected OR Connect one end of an Ethernet cable to the network port on the access point and the other end of the cable to the Ethernet port on your computer Admin computer to hub Administrator computer Access point Hub LAN Hub to LAN AP to hub Administrator computer This computer must have an IP address on the same subne...

Page 24: ...ect eth0 to a VLAN capable switch Define VLANs on that switch Important If you use a hub the device you use must permit broadcast signals from the access point to reach all other devices on the network A standard hub should work fine Some switches however do not allow directed or subnet broadcasts through You may have to configure the switch to allow directed broadcasts If for initial configuratio...

Page 25: ...t connection from the other network port on the access point to a separate network After you have the required physical connections set up the rest of the configuration process is accomplished through the Administration UI For information on configuring guest interface settings on the Administration UI see Advanced Configuration on page 67 Turning on the access point Plug in the AC power adapter a...

Page 26: ...bnetwork Kickstart will find only those access points that have IP addresses IP addresses are dynamically assigned to APs if you have a DHCP server running on the network Keep in mind that if you deploy the AP on a network with no DHCP server the default static IP address 192 168 1 1 will be used Use caution with non DHCP enabled networks Do not deploy more than one new AP on a non DHCP network un...

Page 27: ...t Wizard CD into the CD drive on your computer If the KickStart window is not displayed automatically navigate to the CD drive and double click the Kickstart executable file to activate the KickStart utility on the CD The KickStart Welcome screen is displayed ...

Page 28: ...is screen Verify the MAC addresses shown here against the hardware labels for each access point This will be especially helpful later in providing or modifying the descriptive location name for each access point Click Next to continue 4 Go to the Access Point Administration Web pages by clicking the link provided on the KickStart page see Logging on to the administration Web pages on page 24 Impor...

Page 29: ...Administration Web pages through the IP address of the first access point The Administration Web pages are a centralized management tool that you can access through the IP address for any access point in a cluster After your other access points are configured you can also link to the Administration Web pages by using the IP address for any of the other Gateway access points in a URL http IPAddress...

Page 30: ...25 www gateway com Type the user name and password and click OK ...

Page 31: ... points When you log in the Basic Settings page for Gateway 7001 Series self managed AP administration is displayed These are global settings for all access points that are members of the cluster and if automatic configuration is specified for any new access points that are added later ...

Page 32: ... points added to this network will join the cluster and be configured automatically based on the settings you defined here Updates to the network settings on any cluster member will be shared with all other access points in the group If you chose to ignore new access points then as you add new access points they will run in standalone mode In standalone mode an access point does not share the clus...

Page 33: ... point disconnect the cable from your computer and the access point 2 Connect a regular Ethernet cable from the access point to the LAN 3 Connect your computer to the LAN either through Ethernet cable or wireless client card Test LAN connectivity with wireless clients Test the Gateway 7001 Series self managed AP by trying to detect it and associate with it from some wireless client devices See Wir...

Page 34: ...ic Network Settings Navigating to basic settings Reviewing and describing the access point Setting configuration policy for new access points Understanding basic settings for a standalone access point Understanding indicator icons ...

Page 35: ...ure basic Network settings click Network then click Basic Settings If you use Kickstart to link to the Administration Web pages the Basic Settings page is displayed by default Fill in the boxes on the Basic Settings page as described in the following section ...

Page 36: ... informational purposes as a unique identifier for an interface The address shown here is the MAC address for the bridge br0 This is the address by which the AP is known externally to other networks To see MAC addresses for guest and internal interfaces on the AP see the Status Interfaces tab Firmware Version Version information about the firmware currently installed on the access point As new ver...

Page 37: ... no guarantee that all configuration changes specified by multiple users will be applied Field Action Administrator Password Type a new administrator password The characters you enter will be displayed as characters to prevent others from seeing your password as you type The Administrator password must be an alphanumeric strings of up to 32 characters Do not use special characters Note As an immed...

Page 38: ...add more access points they will share this SSID The Service Set Identifier SSID is an alphanumeric string of up to 32 characters Note If you are connected as a wireless client to the same AP that you are administering resetting the SSID will cause you to lose connectivity to the AP You will need to reconnect to the new SSID after you save this new setting Field Action ...

Page 39: ...34 www gateway com Setting configuration policy for new access points ...

Page 40: ...ows http IPAddressOfAccessPoint Note If you change the policy so that new access points are ignored then any new access points you add to the network will not join the cluster Existing clustered access points will not be aware of these standalone APs Therefore if you are viewing the Administration Web pages through the IP address of a clustered access point the new standalone APs will not show up ...

Page 41: ...36 www gateway com Updating basic settings When you have reviewed the new configuration click Update to apply the settings and deploy the access points as a wireless network ...

Page 42: ...nd provides a button for adding the access point to a cluster group If you click on any of the Cluster tabs on the Administration pages for an access point in standalone mode you will be re directed to the Basic Settings page because Cluster settings do not apply to standalone APs For more information see Standalone mode on page 44 and Adding an access point to a cluster on page 52 ...

Page 43: ...etwork activity Icon Description The clustering icon indicates whether the current access point is Clustered or Not Clustered that is standalone The number of access points available for service on this network is indicated by the Access Points icon Then number of client user accounts created and enabled on this network is indicated by the User Accounts icon ...

Page 44: ...ss Points and Clusters Navigating to access points management Understanding clustering and access points Modifying the location description Adding and removing an access point Navigating to an AP by using its IP address in a URL ...

Page 45: ... standalone access points you must discover through Kickstart or know the IP address of the access point and by using its IP address in a URL http IPAddressOfAccessPoint Important The Gateway 7001 Series self managed APs are not designed for multiple simultaneous configuration changes If you have a network that includes multiple access points and more than one administrator is logged on to the Adm...

Page 46: ...y com Navigating to access points management To view or edit information on access points in a cluster click Cluster Access Points on the Administration Web page The Manage access points in the cluster screen opens ...

Page 47: ...oints in a cluster at any one time If a new AP is added to a network with a cluster that is already at full capacity the new AP is added in stand alone mode Note that when the cluster is full extra APs are added in stand alone mode regardless of the configuration policy in effect for new access points For related information see Cluster mode on page 44 Standalone mode on page 44 and Setting config...

Page 48: ... not Most configuration settings defined through the Gateway 7001 Series self managed AP Administration Web pages will be propagated to cluster members as a part of the cluster configuration Settings shared in the cluster configuration The cluster configuration includes Network name SSID Administrator password Configuration policy User accounts and authentication Wireless interface settings Radio ...

Page 49: ...oving an access point from the cluster on page 51 Standalone access points are not listed on the Cluster Access Points tab in the Administration UI You need to know the IP address for a standalone access point in order to configure and manage it directly See Navigating to an AP by using its IP address in a URL on page 53 The Basic Settings tab for a standalone access point indicates only that the ...

Page 50: ...nt cluster and warns when the cluster has reached capacity See Configuring basic settings and starting the wireless network on page 27 If a cluster is present but is already full new access points will deploy in standalone mode Intra cluster security To make sure that the security of the cluster as a whole is equivalent to the security of a single access point communication of certain data between...

Page 51: ...cally reboot the access point by pressing the Power button on the device Reset the access point from its Administration UI To do this go to http IPAddressOfAccessPoint navigate to Advanced Reset Configuration and click Reset IP addresses for APs are on the Cluster Access Points page for any cluster member Physically reset the access point by pressing the Reset button on the device In some extreme ...

Page 52: ...et by entering its URL into the address bar of your Web browser http IPAddressOfAccessPoint Where IPAddres0sOfAccessPoint is the IP address of the access point you want to reset Caution Do not proceed to the next step of resetting any access points until you have stopped clustering on all of them Make sure that you first Stop Clustering on every access point on the subnet and only then perform the...

Page 53: ...opens 6 Click Reset to restore the factory defaults on the access point This will clear all of your previous settings including updated passwords 7 Repeat steps 4 through 6 for every access point in the cluster Caution Do not proceed to the next step until you have stopped clustering on all of access points in the pre existing cluster ...

Page 54: ...ick Refresh At this point you should see all previous cluster members displayed in the list Before proceeding to the last step verify that the cluster has reformed by making sure all are access points are listed 10 Review all configuration settings and make modifications as needed Pay special attention to the security settings because after a reset access points run without any security in place ...

Page 55: ...lly located MAC Address Media Access Control MAC address of the access point A MAC address is a permanent unique hardware address for any device that represents an interface to the network The MAC address is assigned by the manufacturer You cannot change the MAC address It is provided here for informational purposes as a unique identifier for the access point Even if an access point is configured ...

Page 56: ...tion of this Access Point 3 Click Update to apply the changes Removing an access point from the cluster To remove an access point from the cluster 1 Click Cluster Access Points on the Administration Web page The Manage access points in the cluster screen opens 2 Click the box next to the access point you want to disable 3 Click Remove from Cluster The change will be reflected under Status for that...

Page 57: ...istration pages for the standalone access point The Basic Settings tab for a standalone access point indicates that the current mode is standalone and provides a button for adding the access point to a cluster group 3 Click Join Cluster The access point is now a cluster member Its Status Mode on the Cluster Access Points tab now indicates cluster instead of standalone Important When the cluster is...

Page 58: ...hown on the Cluster Access Points page To navigate to clustered access points you click on the IP address for a specific cluster member shown in the list Navigating to an AP by using its IP address in a URL You can also link to the Administration Web pages of a specific access point by typing the IP address for that access point as a URL directly into a Web browser address bar in the following for...

Page 59: ...54 www gateway com ...

Page 60: ... 55 Managing User Accounts Navigating to user management for clustered access points Viewing and changing user accounts Adding a user Editing a user accountt Enabling and disabling user accounts Removing a user ...

Page 61: ... managed AP embedded RADIUS server use this Administration Web page on the access point to set up and manage user accounts If you are using an external RADIUS server you need to set up and manage user accounts on the Administrative interface for that server On the User Management page you can create edit remove and view client user accounts Each user account consists of a user name and password Th...

Page 62: ...ww gateway com Navigating to user management for clustered access points To set up or modify user accounts click Cluster User Management on the Administration Web page The Manage user accounts screen opens ...

Page 63: ...ave filled in the boxes click Add Account to add the account The new user is then displayed in User Accounts The user account is enabled by default when you first create it Field Description User name Provide a user name User names are alphanumeric strings of up to 256 characters Do not use special characters Real Name For information purposes provide the user s full name There is a 256 character ...

Page 64: ... maintain a set of user accounts and authorize or prevent users from accessing the network without having to remove or re create accounts This is convenient in situations where users have an occasional need to access the network For example contractors who do work for your company on an intermittent but regular basis might need network access for 3 months at a time then be off for 3 months and bac...

Page 65: ...he wireless access points in your network as a client However the user remains in the database and can be enabled later as needed To remove a user account On the User Management Web page under User Accounts click the box next to the user name then click Remove If you think you might want to add this user back in at a later date you might consider disabling the user rather than removing the account...

Page 66: ...r 6 61 Session Monitoring Navigating to session monitoring Understanding session monitoring information Viewing session information for access points Sorting session information Refreshing session information ...

Page 67: ...62 www gateway com Navigating to session monitoring To view session monitoring information click Cluster Sessions on the Administration Web page The Monitor active client station sessions page opens ...

Page 68: ...one clustered AP to another within the context of the same session A client station can roam between APs and maintain the session Field Description User Name Indicates the client user name AP Location Indicates the location of the access point This is derived from the location description specified on the Basic Settings tab User MAC Address Indicates the MAC address of the user s client device sta...

Page 69: ...network interface card NIC of the client station Utilization Utilization rate for this station For example if the station is active transmitting and receiving data 90 of the time and inactive 10 of the time its utilization rate is 90 RxAve Indicates number of total packets received by the client during the current session TxAve Indicates number of total packets transmitted to the client during thi...

Page 70: ...icular access point select the Show only this access point option and choose the access point name from the list Sorting session information To order sort the information shown in the tables by a particular indicator click on the column label by which you want to order things For example if you want to see the table rows ordered by utilization rate click Utilization The entries will be sorted by u...

Page 71: ...66 www gateway com ...

Page 72: ...Chapter 7 67 Advanced Configuration Configuring an Ethernet wired interface Configuring a wireless interface Configuring network security Configuring radio settings ...

Page 73: ...e settings must be configured individually on the Administration pages for each access point To get to the Administration pages for an access point that is a member of the current cluster click on its IP Address link on the Cluster Access Points page of the current AP For more information about which settings are shared by the cluster and which are not see Which settings are shared in the cluster ...

Page 74: ...owing section Setting the DNS name Field Description DNS Name Type a DNS name for the access point in the text box This is the host name It may be provided by your ISP or network administrator or you can provide your own The rules for system names are This name can be up to 20 characters long Only letters numbers and dashes are allowed The name must start with a letter and end with either a letter...

Page 75: ...n how to configure the Wireless settings see Configuring a wireless interface on page 74 For an overview of how to set up the guest interface see Advanced Configuration on page 67 Enabling or Disabling Guest Access The Gateway 7001 Series self managed AP ships with the Guest Access feature disabled by default If you want to provide guest access on your AP enable Guest access on the Ethernet Wired ...

Page 76: ...Ns you may lose connectivity to the access point First be sure to verify that the switch and DHCP server you are using can support VLANs per the IEEE 802 1Q standard After configuring the VLAN on the Advanced Ethernet Wired Settings page physically reconnect the Ethernet cable on the switch to the tagged packet VLAN port Then re connect through the Administration Web pages to the new IP address If...

Page 77: ...you can either assign a new Static IP Address to the AP or continue using the default address We recommend assigning a new address so that if later you bring up another Gateway 7001 Series self managed AP on the same network the IP addresses for the two APs will be unique If you need to recover the default Static IP address you can do so by resetting the AP to the factory defaults as described in ...

Page 78: ...following table Updating settings To apply your changes click Update Field Description MAC Address Shows the MAC address for the guest interface for this access point This is a read only box that you cannot change VLAN ID If you choose to configure internal and guest networks by VLANs this box will be enabled Provide a number between 1 and 4094 for the guest VLAN ...

Page 79: ...u set the radio Channel and 802 11 mode as described in the following table Important The following illustration shows the Wireless settings page for the dual band AP Gateway 7001 802 11 A G Wireless Access Point The Administration Web page for the single band AP Gateway 7001 802 11 G Wireless Access Point will look slightly different Important On the dual band AP Gateway 7001 802 11 A G Wireless ...

Page 80: ...ode differ depending on which product you have Single Band AP For the Single Band AP select one of these modes IEEE 802 11b IEEE 802 11g Dual Band AP For the dual band access point select a mode for each Radio Interface For Radio Interface One select either of these modes IEEE 802 11b IEEE 802 11g For Radio Interface Two select either of these modes IEEE 802 11a Atheros Turbo 5 GHz IEEE 802 11a Tu...

Page 81: ... Identifiers BSSIDs for a single access point The MAC address shown for the internal access point is the BSSID for the internal interface For the dual band AP Gateway 7001 802 11 A G Wireless Access Point two MAC addresses are shown one for each radio on the internal interface SSID Type the SSID for the internal WLAN The Service Set Identifier SSID is an alphanumeric string of up to 32 characters ...

Page 82: ...lphanumeric string of up to 32 characters that uniquely identifies a wireless local area network It is also referred to as the Network Name There are no restrictions on the characters that may be used in an SSID For the guest network provide an SSID that is different from the internal SSID and easily identifiable as the guest network Field Description ...

Page 83: ...stems NTP sends periodic time requests to servers using the returned time stamp to adjust its clock The timestamp will be used to indicate the date and time of each event in log messages See http www ntp org for more general information on NTP Navigating to time protocol settings To enable an NTP server click Advanced Time Protocol on the Administration Web page The Modify how the access point dis...

Page 84: ...col NTP provides a way for the access point to obtain and maintain its time from a server on the network Using an NTP server gives your AP the ability to provide the correct time of day in log messages and session information See http www ntp org for more general information on NTP Choose to either enable or disable use of a network time protocol NTP server Enabled Disabled NTP Server If NTP is en...

Page 85: ...whether to allow clients not using the specified security mode to associate Wi Fi Protected Access WPA with Remote Authentication Dial In User Service RADIUS using the CCMP AES encryption algorithm provides the best data protection available and is clearly the best choice if all client stations are equipped with WPA supplicants However backward compatibility or interoperability issues with clients...

Page 86: ... but rather sent as plain text across the network No key management data encryption or user authentication is used Recommendations Plain text mode is not recommended for regular use on the internal network because it is not secure Plain text mode is the only mode in which you can run the guest network which is by definition an unsecure LAN always virtually or physically separated from any sensitiv...

Page 87: ...tic WEP While parts of 802 1x are indeed standard it uses port control with dynamically varying encryption keys that can be automatically updated over the network with the Extensible Authentication Protocol EAP to enable user not machine authentication To make all this happen 802 1x uses RADIUS servers Key Management Encryption Algorithm User Authentication Static WEP uses a fixed key that is prov...

Page 88: ...CMP AES key management and encryption algorithms for your WPA clients For information on how to configure IEEE 802 1x security mode see IEEE 802 1x on page 93 When to use WPA with RADIUS Wi Fi Protected Access WPA with Remote Authentication Dial In User Service RADIUS is a Wi Fi Alliance subset of IEEE 802 11i which includes Temporal Key Integrity Protocol TKIP Counter mode CBC MAC Protocol CCMP A...

Page 89: ...e uses TKIP for encrypting Multicast and Broadcast frames and lets you select whether to use CCMP or TKIP for Unicast AP to single station frames This WPA configuration allows more interoperability at the expense of some security Client stations that support CCMP can use it for their Unicast frames If you encounter AP to station interoperability problems with the Both encryption algorithm setting ...

Page 90: ...w non WPA clients This way you get the benefit of IEEE 802 1x key management for non WPA clients along with even better data protection of TKIP and CCMP AES key management and encryption algorithms for your WPA clients A typical scenario is that one is upgrading a current 802 1x network to use WPA You might have a mix of clients in which some new clients that support WPA and some older ones that d...

Page 91: ...our access point When the AP s broadcast SSID is suppressed the network name will not be displayed in the List of Available Networks on a client station Instead the client must have the exact network name configured before it will be able to connect Disabling the broadcast SSID is sufficient to prevent clients from accidentally connecting to your network but it will not prevent even the simplest o...

Page 92: ...ns how to configure security modes on the access point Keep in mind that each wireless client that wants to exchange data with the access point must be configured with the same security mode and encryption key settings used on the access point On a dual band AP these Security Settings apply to both radios Important Security modes other than plain text apply only to configuration of the internal ne...

Page 93: ...is designed to make it as easy as possible for guests to get a connection without having to program any security settings in their clients Field Description Broadcast SSID Select the Broadcast SSID setting by clicking the Allow or Prohibit option By default the access point broadcasts the Service Set Identifier SSID in its beacon frames Suppress this broadcast to discourage stations from automatic...

Page 94: ...keys between the access point and its client stations Static WEP is not the most secure mode available but it offers more protection than plain text mode as it does prevent an outsider from easily sniffing out unencrypted wireless traffic For more secure modes see IEEE 802 1x on page 93 WPA with RADIUS on page 95 or WPA PSK on page 97 WEP encrypts data moving across the wireless network based on a...

Page 95: ...number of characters required updates automatically based on how you set Key Length and Key Type WEP Keys You can specify up to four WEP keys In each text box type a string of characters for each key If you selected ASCII type any combination of numbers and letters 0 9 a z and AZ If you selected HEX type hexadecimal digits any combination of 0 9 and a f or A F Use the same number of characters for...

Page 96: ... following from the list Open System Shared Key Both Open System authentication lets any client station associate with the access point whether that client station has the correct WEP key or not This algorithm is also used in plain text IEEE 802 1x and WPA modes When the authentication algorithm is set to Open System any client can associate with the access point Note that just because a client st...

Page 97: ...Transfer Key Index for the AP is set to 3 This means that the WEP key in slot 3 is the key the access point will use to encrypt the data it sends You must then set all client stations to use WEP and provide each client with one of the slot key combinations you defined on the AP For this example we will set WEP Key index to 1 on a Windows client ...

Page 98: ... this as its transfer key You could then give client 2 WEP key 2 and set this as its transfer key index The following figure illustrates the dynamics of the AP and two client stations using multiple WEP keys and a transfer key index IEEE 802 1x IEEE 802 1x is a standard for network access control It involves passing the Extensible Authentication Protocol EAP over IEEE 802 11 LANs using a protocol ...

Page 99: ...elf managed AP If you choose this option you do not have to provide the Radius IP and Radius Key they are automatically provided External To use an external authentication server If you choose this option you must supply the Radius IP and Radius Key of the server you want to use Radius IP Type the Radius IP in the text box The Radius IP is the IP address of the RADIUS server The Gateway 7001 Serie...

Page 100: ...enticate users When configuring WPA with RADIUS mode you have a choice of whether to use the embedded RADIUS server or an external RADIUS server that you provide The Gateway 7001 Series self managed AP embedded RADIUS server supports Protected EAP PEAP and MSCHAP V2 If you selected WPA with RADIUS security mode provide the following Enable RADIUS Accounting Click Enable RADIUS Accounting if you wa...

Page 101: ... with Cipher Block Chaining Counter mode CBC CTR and Cipher Block Chaining Message Authentication Code CBC MAC for encryption and message integrity When the authentication algorithm is set to Both both TKIP and AES clients can associate with the access point Client stations configured to use WPA with RADIUS must have one of the following to be able to associate with the AP A valid TKIP RADIUS IP a...

Page 102: ...or information on setting up user accounts see Managing User Accounts on page 55 Radius Key Type the Radius Key in the text box The Radius Key is the shared secret key for the RADIUS server The text you type will be displayed as characters to prevent others from seeing the RADIUS key as you type The Gateway 7001 Series self managed AP internal authentication server key is secret This will be provi...

Page 103: ...nt key to encrypt data TKIP uses RC4 to perform the encryption which is the same as WEP But TKIP changes temporal keys every 10 000 packets and distributes them thereby greatly improving the security of the network Counter mode CBC MAC Protocol CCMP is an encryption method for IEEE 802 11i that uses the Advanced Encryption Algorithm AES It uses a CCM combined with Cipher Block Chaining Counter mod...

Page 104: ... You can configure a Gateway 7001 Series self managed AP for the guest interface in one of two ways Connect the access point to a separate network using the extra dedicated guest network port on the AP This provides a physically secure solution that does not require VLAN support For details on how to set up this type of guest interface see Configuring a physically separate guest network on page 10...

Page 105: ... network 1 Make two wired connections from the network ports on the access point one to your secure internal LAN and the other to a guest network See Setting up connections for a guest network on page 19 2 Configure Ethernet Wired settings for physically separate internal and guest networks on VLANs as described in the sections in Configuring an Ethernet wired interface on page 68 Important Guest ...

Page 106: ... and network names SSIDs for both internal and guest networks as described in Configuring a wireless interface on page 74 3 Configure other settings on the access point as needed not necessarily specific to the guest network as described in this Administration Guide Configuring the guest welcome screen captive portal You can set up or modify the welcome screen guest clients see when they open a We...

Page 107: ...ike guest clients to see on the captive portal 4 Click Update to apply the changes Using the guest network as a client After the guest network is configured a client can access the guest network To access the guest network 1 A guest client enters an area of coverage and scans for wireless networks 2 The guest network advertises itself through a guest SSID or some similar name depending on how the ...

Page 108: ...to click to continue The guest client can now use the guest network Deployment example In the figure the dotted red lines indicate dedicated guest connections All access points and all connections including guests are administered from the same Gateway 7001 Series self managed AP Administration Web pages Internet DSL T1 Firewall Switch Switch Guest client station Access point Access point ...

Page 109: ...perates and so on The Gateway 7001 AP is available as a single band access point Gateway 7001 802 11G Wireless Access Point or a dual band access point Gateway 7001 802 11A G Wireless Access Point The single band access point can broadcast in either IEEE 802 11b or IEEE 802 11g mode The dual band access point is capable of broadcasting in two different IEEE 802 11 modes simultaneously Radio One ca...

Page 110: ...ateway com Navigating to radio settings To specify radio settings click Advanced Radio on the Administration Web page The Modify radio settings screen opens Update the boxes as described in the following section ...

Page 111: ...ing used by the radio Single Band AP For the Single Band AP select one of these modes IEEE 802 11b IEEE 802 11g Dual Band AP For the dual band access point different modes are available depending on whether you chose Radio One or Radio Two in the Radio box above For Radio One configuration select either of these modes IEEE 802 11b IEEE 802 11g For Radio Two configuration select either of these mod...

Page 112: ...old Specify a number between 256 and 2 346 to set the frame size threshold in bytes The fragmentation threshold is a way of limiting the size of packets frames transmitted over the network If a packet exceeds the fragmentation threshold set here the fragmentation function will be activated and the packet will be sent as multiple 802 11 frames If the packet being transmitted is equal to or less tha...

Page 113: ...ases we recommend keeping the default and having the transmit power set to 100 percent This is more cost efficient as it gives the access point a maximum broadcast range and reduces the number of APs needed To increase capacity of the network place APs closer together and reduce the value of the transmit power This will help reduce overlap and interference among APs A lower transmit power setting ...

Page 114: ...o One and Radio Two are configured on this tab The displayed settings apply to either Radio One or Radio Two depending on which radio you choose in the Radio box the first box on the tab When you have configured settings for one of the radios click Update then select and configure the other radio Make sure to click Update to apply the second set of configuration settings for the other radio ...

Page 115: ...ireless network interface card NIC used by a wireless client has a unique MAC address You can control client access to your wireless network by switching on MAC filtering and specifying a list of approved MAC addresses When MAC filtering is on only clients with a listed MAC address can access the network Navigating to MAC filtering settings To enable filtering by MAC address click Advanced MAC Fil...

Page 116: ... settings To apply your changes click Update Field Description Filter To set the MAC Address Filter click one of the following options Allow only stations in the list Allow any station unless in list Stations List To add a MAC Address to Stations List type its 48 bit MAC address into the lower text boxes then click Add The MAC Address is added to the Stations List To remove a MAC Address from the ...

Page 117: ...at wirelessly connects access points known as Basic Service Sets BSS to form what is known as an Extended Service Set ESS Using WDS to bridge distant wired LANs In an ESS a network of multiple access points each access point serves part of an area which is too large for a single access point to cover You can use WDS to bridge distant Ethernets to create a single LAN For example suppose you have on...

Page 118: ...ere cabling would be difficult costly or inefficient For example suppose you have an access point which is connected to the network by Ethernet and serving multiple client stations in one area East Wing LAN 1 in our example but cannot reach others which are out of range Suppose also that it is too difficult or too costly to wire the distant area with Ethernet cabling You can solve this problem Cli...

Page 119: ...ts across the network For example between two access points you could have both a primary path through Ethernet and a secondary backup wireless path through a WDS link If the Ethernet connection goes down STP would reconfigure its map of the network and effectively fix the down network segment by activating the backup wireless path The Gateway 7001 Series self managed AP does not provide STP for t...

Page 120: ...curity modes available for service to client stations If you use WDS on a LAN intended for secure wireless traffic you are putting your network at risk Therefore we recommend using WDS to bridge the guest network only for this release Do not use WDS to bridge access points on the internal network unless you are not concerned about the security risk for data traffic on that network For more informa...

Page 121: ...following figure shows the WDS settings page for the dual band AP Gateway 7001 802 11 A G Wireless Access Point The Administration Web page for the single band AP Gateway 7001 802 11 G Wireless Access Point will look slightly different ...

Page 122: ...y pair of access points That is a remote MAC address may appear only once on the WDS page for a particular access point Both access points participating in a WDS link must be on the same Radio channel and using the same IEEE 802 11 mode See Configuring radio settings on page 104 for information on configuring the Radio mode and channel Do not create loops with either WDS bridges or combinations of...

Page 123: ...s for the bridge br0 This is the address by which the AP is known externally to other networks Dual Band AP For each WDS link on a dual band AP the Local Address reflects the MAC address for the internal interface on the selected radio Radio One on WLAN0 or Radio Two WLAN1 Remote Address Specify the MAC address of the destination access point that is the access point to which data will be sent or ...

Page 124: ...red Equivalent Privacy WEP is a data encryption protocol for 802 11 wireless networks Both access points on the WDS link must be configured with the same security settings For static WEP a static 64 bit 40 bit secret key 24 bit initialization vector IV or 128 bit 104 bit secret key 24 bit IV Shared Key for data encryption Key Length If WEP is enabled specify the length of the WEP key 64 bits 128 b...

Page 125: ...channel For our example let us say we are using IEEE 802 11b Mode and broadcasting on Channel 6 We would choose Mode and Channel from the lists on the Radio screen 5 Now repeat the same steps for MyAP2 Open Administration Web pages for MyAP2 by using MyAP2 s IP address in a URL Click WDS on the MyAP2 Administration Web page MyAP2 s MAC address will show as the Local Address Configure a WDS interfa...

Page 126: ...y on Windows computers and laptops These procedures will vary slightly if you use different software on the client such as Funk Odyssey but the configuration information you need to provide is the same The following sections describe how to set up each of the supported security modes on wireless clients of a network served by the Gateway 7001 AP Network infrastructure and choosing between built in...

Page 127: ...client configuration supported by the Gateway 7001 AP I want to use the built in authentication server EAP PEAP If you do not have a RADIUS server or PKI infrastructure in place or if you are unfamiliar with many of these concepts we strongly recommend setting up the Gateway 7001 APs with security that uses the built in authentication server on the AP This will mean setting up the AP to use either...

Page 128: ...iver installed that supports WPA as well as any operating system updates relating to WPA to support the relatively new technology Also keep in mind many wireless client cards currently available do not ship from the factory with the latest drivers Accessing the Microsoft Windows wireless client security settings Generally on Microsoft Windows XP there are two ways to get to the security properties...

Page 129: ...the Association and Authentication tabs for the selected network The list of available networks will change depending on client location Each network or access point that is detected by the client shows up in this list Refresh updates the list with current information For each network you want to connect to configure security settings on the client to match the security mode being used by that net...

Page 130: ...curity you need to configure the client accordingly A client using no security to connect is configured with Network Authentication Open to that network and Data Encryption Disabled as described below If you do have security configured on a client for properties of an unsecure network the security settings actually can prevent successful access to the network because of the mismatch between client...

Page 131: ...data to the client stations Each client must use that same key to decrypt data it receives from the access point Different clients can use different keys to transmit data to the access point Or they can all use the same key but this is less secure because it means one station can decrypt the data being sent by another If you configured the Gateway 7001 AP to use Static WEP security mode as shown i...

Page 132: ...ta encryption list 3 Type a Network key in the box provided Make sure the network key matches the WEP key on the access point in the position selected to the Key index advanced Retype to confirm 4 As an option you can select a different transfer key index in the Key index list to send data from the client back to the access point 5 Click to clear the The key is provided for me automatically check ...

Page 133: ...required to actually view and exchange data For more information see Administrators Guide and Online Help on the access point Data Encryption WEP Network Key Provide the WEP key you entered on the access point Security settings in the Transfer Key Index position For example if the Transfer Key Index on the access point is set to 1 then for the client Network Key specify the WEP Key you entered as ...

Page 134: ...using the Built in Authentication server with IEEE 802 1x security mode on the Gateway 7001 AP then you will need to set up wireless clients to use PEAP Additionally you may have an external RADIUS server that uses EAP PEAP If so you will need to 1 add the Gateway 7001 AP to the list of RADIUS server clients and 2 configure your IEEE 802 1x wireless clients to use PEAP If you configured the Gatewa...

Page 135: ... Properties dialog box select the Association tab The Association dialog box opens 2 Select Open in the Network Authentication list select WEP in the Data Encryption list then click to select the The key is provided for me automatically check box 3 Click the Authentication tab The Authentication dialog box opens ...

Page 136: ...s dialog box opens 5 Click to clear the Validate server certificate check box select Secured password EAP MSCHAP v2 from the Select Authentication Method list then click Configure The EAP MSCHAP v2 Properties dialog box opens 6 Click to clear the Automatically use my Windows login name and password and domain if any check box then click OK 7 Click OK on each dialog box to close and save your chang...

Page 137: ... is used for Static WEP therefore the data encryption method configured on the client for this mode is WEP This key is provided for me automatically Enable click to check this option Authentication Tab EAP Type Choose Protected EAP PEAP Protected EAP Properties dialog box Validate Server Certificate Disable this option click to clear the check box Note This example assumes you are using the Built ...

Page 138: ... to use IEEE 802 1x security and Smart Card or other Certificate as described in this section 4 Obtain a certificate for this client as described in Obtaining a TLS EAP certificate for a client on page 151 Important If you want to use IEEE 802 1x mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS server and a Public Key Authority Infrast...

Page 139: ...cate authentication on each client To configure each client for IEEE 802 1x security with certificate authentication 1 On the Network Properties dialog box select the Association tab The Association dialog box opens 2 Select Open in the Network Authentication list select WEP in the Data Encryption list then click to select the The key is provided for me automatically check box ...

Page 140: ...hentication dialog box opens 4 Click to select the Enable IEEE 802 1x authentication for this network check box select Smart Card or other Certificate from the EAP type list then click Properties The Smart Card or other Certificate Properties dialog box opens ...

Page 141: ...ficate is automatically sent to the RADIUS server for authentication and authorization Association Tab Network Authentication Open Data Encryption WEP Note An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking CRC of each IEEE 802 11 frame This is the same encryption algorithm as is used for Static WEP therefore the data encryption method configured on the client fo...

Page 142: ...y mode with an external RADIUS server you must configure the client stations to use WPA with RADIUS and whichever security protocol your RADIUS server is configured to use WPA with RADIUS client using EAP PEAP The Built In Authentication Server on the Gateway 7001 AP uses Protected Extensible Authentication Protocol EAP known as EAP PEAP If you are using the Built in Authentication server with WPA...

Page 143: ...oint Navigating to basic settings on page 30 then click Cluster User Management The Manage user accounts screen opens 2 Set up user accounts as necessary To configure WPA security with PEAP authentication on each client 1 On the Network Properties dialog box select the Association tab The Association dialog box opens ...

Page 144: ...uthentication list and TKIP or AES in the Data Encryption list then click the Authentication tab The Authentication dialog box opens 3 Select Protected EAP PEAP from the EAP type list then click Properties The Protected EAP Properties dialog box opens ...

Page 145: ...on WPA Data Encryption TKIP or AES depending on how this option is configured on the access point Note When the Cipher Suite on the access point is set to Both then TKIP clients with a valid TKIP key and AES clients with a valid CCMP AES key can associate with the access point For more information see Administrators Guide and Online Help on the access point Authentication Tab EAP Type Choose Prote...

Page 146: ... security and Smart Card or other Certificate as described in this section 4 Obtain a certificate for this client as described in Obtaining a TLS EAP certificate for a client on page 151 Important If you want to use IEEE 802 1x mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS server and a Public Key Authority Infrastructure PKI includi...

Page 147: ...ficate authentication on each client To configure WPA security with certificate authentication on each client 1 On the Network Properties dialog box select the Association tab The Association dialog box opens 2 Select WPA in the Network Authentication list and TKIP or AES in the Data Encryption list then click the Authentication tab The Authentication dialog box opens ...

Page 148: ... page 151 5 Click OK on each dialog box to close and save the settings Association Tab Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the access point Note When the Cipher Suite on the access point is set to Both then TKIP clients with a valid TKIP key and AES clients with a valid CCMP AES key can associate with the access point For more inform...

Page 149: ... 802 11i which includes Temporal Key Integrity Protocol TKIP Advanced Encryption Algorithm AES and Counter mode CBC MAC Protocol CCMP mechanisms PSK employs a pre shared key for an initial check of client credentials If you configured the Gateway 7001 AP to use WPA PSK security mode you must configure WPA PSK security on each client To configure WPA PSK security on each client 1 On the Network Pro...

Page 150: ...KIP key and AES clients with a valid CCMP AES key can associate with the access point For more information see Administrators Guide and Online Help on the access point Network Key Provide the key you entered on the access point Security settings for the cipher suite you are using For example if the key on the access point is set to use a TKIP key of 12345678 then a TKIP client should specify this ...

Page 151: ...s section is to provide some idea of what this process will look like Procedures will vary depending on the RADIUS server you use and how you configure it For this example we use the Internet Authentication Service that comes with Microsoft Windows 2003 server The purpose of this procedure is to identify your Gateway 7001 AP as a client to the RADIUS server The RADIUS server can then handle authen...

Page 152: ...ccess point IP address to the RADIUS server The RADIUS Key provided on the AP is the shared secret you will provide to the RADIUS server Important The RADIUS server is identified by its IP address and UDP port numbers for the different services it provides On the current release of the Gateway 7001 AP the RADIUS server User Datagram Protocol UDP ports used by the access point are not configurable ...

Page 153: ...sting your RADIUS server and open the Internet Authentication Service 2 In the left panel right click the RADIUS Clients node and choose New Radius Client from the menu 3 On the initial screen of the New RADIUS Client wizard provide information about the Gateway 7001 AP to which you want your clients to connect ...

Page 154: ...or the access point You might want to use the DNS name or location IP address for the access point 4 Click Next 5 For the Shared secret enter the RADIUS Key you provided to the access point on the Advanced Security page Re type the key to confirm ...

Page 155: ...150 www gateway com 6 Click Finish The access point is now displayed as a client of the Authentication Server ...

Page 156: ...the Certificate Authority CA depending on the configuration of your infrastructure A security alert opens Important If you want to use IEEE 802 1x mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS server and a Public Key Authority Infrastructure PKI including a Certificate Authority CA server configured on your network It is beyond the ...

Page 157: ...server 3 Provide a valid user name and password to access the RADIUS server then click OK Important The user name and password you need to provide here is for access to the RADIUS server for which you will already have user accounts configured at this point This document does not describe how to set up Administrative user accounts on the RADIUS server Consult the documentation for your RADIUS serv...

Page 158: ...The Request a Certificate dialog box opens 4 Click User Certificate A Security Warning opens 5 Click Yes on the dialog box displayed to install the certificate The User Certificate Identifying Information dialog box opens ...

Page 159: ... Certificate Issued dialog box opens 8 Click Install this certificate to install the newly issued certificate on your client station Then click Yes on the popup windows that appear to confirm the install and to add the certificate to the Root Store A success message is displayed indicating the certificate is now installed on the client ...

Page 160: ...ints in the cluster Navigating to administrator password setting To set the administrator password click Advanced Password on the Administration Web page The Change the Administrator password screen opens Update the boxes as described in the following section Setting the administrator password To set a new administrator password fill in the password then re confirm The password setting requires th...

Page 161: ...te Field Description Existing Password Type a new administrator password The text you type will be displayed as characters to prevent others from seeing your password as you type New Password Re type the new administrator password to confirm that you typed it as intended ...

Page 162: ...Chapter 8 157 Maintenance and Monitoring Interfaces Event log Transmit receive statistics Associated wireless clients Rebooting the access point Resetting the configuration Upgrading the firmware ...

Page 163: ... points and not on a cluster configuration that is automatically shared by multiple access points Therefore it is important to ensure that you are accessing the Administration Web pages for the particular access point you want to configure For information on this see Navigating to information for a specific AP and managing standalone APs on page 53 ...

Page 164: ...ge displays the current settings of the Gateway 7001 Series self managed AP It displays the Ethernet Wired settings and the Wireless settings Important The dual band AP Gateway 7001 802 11 A G Wireless Access Point shows current wireless settings for both Radio One and Radio Two The single band AP Gateway 7001 802 11 G Wireless Access Point shows settings for one radio only The Interfaces page for...

Page 165: ...twork Wireless Name SSID If you want to change any of these settings click Configure Wireless settings The Radio Interface settings include the MAC Address radio Mode and Channel Also shown here are MAC addresses read only for internal and guest interfaces See Configuring a wireless interface on page 74 and Configuring radio settings on page 104 for more information If you want to change any of th...

Page 166: ...e System Events Log which shows stations associating being authenticated and other occurrences It provides a Kernel Log which lists error conditions such as dropping frames and so on Important The Gateway 7001 Series self managed AP acquires its date and time information using the network time protocol NTP This data is reported in UTC format also known as Greenwich Mean Time You need to convert th...

Page 167: ...rent access point and a real time display of the transmit and receive statistics for this access point as described in the following table All transmit and receive statistics shown are totals since the access point was last started If the AP is rebooted these figures indicate transmit receive totals since the re boot Important The following figure shows the Transmit Receive page for a dual band AP...

Page 168: ...grouping of devices on a network that allow them to act as if they are connected to a single physical network even though they may not be VLANs can be used on the Gateway 7001 AP to establish internal and guest networks on the same access point SSID Wireless network name Also known as the SSID this alphanumeric key uniquely identifies a wireless local area network The SSID is set on the Basic Sett...

Page 169: ...s point select the access point you want to monitor on the Administration Web page then click Status Client Associations The View list of currently associated client stations screen opens The associated stations are displayed along with information about packet traffic transmitted and received for each station ...

Page 170: ...oint For maintenance purposes or as a troubleshooting measure you can reboot the Gateway 7001 AP as follows To reboot the access point 1 From the Administration Web page click Advanced Reboot The Reboot page opens 2 Click Reboot The AP reboots ...

Page 171: ...aults and clear all settings including settings such as a new password or wireless settings As an alternative you can also press the Reset button on the back of the AP for 15 seconds wait until the LAN1 LED goes out then release the button The AP will reboot with default settings in place To reset the configuration 1 From the Administration Web page click Advanced Reset Configuration The Reset the...

Page 172: ...p in mind that if you do reset the configuration from this page you are doing so for this access point only and not for other access points in the cluster For information on the factory default settings see Default settings and supported administrator client platforms on page 5 ...

Page 173: ...lick Advanced Upgrade The Upgrade firmware page for the chosen access point opens 2 If you know the path to the new firmware image file type it in the textbox Otherwise click Browse and locate the firmware image file 3 Click Update to apply the new firmware image Important You must do this for each access point You cannot upgrade firmware automatically across the cluster Keep in mind that a succes...

Page 174: ... confirm the upgrade and start the process 4 Repeat steps 1 to 3 for each access point you want to upgrade Important To verify that the firmware upgrade completed successfully check the firmware version shown on the Advanced Upgrade tab and also on the Basic Settings tab If the upgrade was successful the updated version name or number will be indicated ...

Page 175: ...170 www gateway com ...

Page 176: ...Chapter 9 171 Troubleshooting and Getting Help Known problems Technical support ...

Page 177: ...ion on the access point and click the Reset button See Cluster recovery on page 46 for more information 2726 2727 If you have more than one access point on a Virtual LAN VLAN setup the access points cannot cluster Use access points in standalone mode or reconfigure without VLAN 2654 Guest Access is not a clustered feature However enabling or disabling Guest Access on any one access point in a clus...

Page 178: ...o a Gateway Technical Support representative about a non tutorial technical support question TDD Technical Support for hearing impaired is available Weekdays 6 00 a m 8 00 p m Central Time Weekends 6 00 a m 5 00 p m Central Time 877 485 1464 US 800 846 3609 Canada and Puerto Rico 605 232 2191 all other countries 800 846 1778 TDD Sales accounting and warranty Get information about available systems...

Page 179: ...174 www gateway com ...

Page 180: ...Appendix A 175 Glossary ...

Page 181: ...fines the LLC layer for the 802 family of standards 802 3 IEEE 802 3 IEEE Std 802 3 2002 defines the MAC layer for networks that use CSMA CA Ethernet is an example of such a network 802 11 IEEE 802 11 IEEE Std 802 11 1999 is a medium access control MAC and physical layer PHY specification for wireless connectivity for fixed portable and moving stations within a local area It uses direct sequence s...

Page 182: ...s Multimedia Enhancements WME standard 802 11f IEEE 802 11f IEEE Std 802 11f 2003 is a standard that defines the inter access point protocol IAPP for access points wireless hubs in an extended service set ESS The standard defines how access points communicate the associations and reassociations of their mobile stations 802 11g IEEE 802 11g IEEE Std 802 11g 2003 is a higher speed extension up to 54...

Page 183: ...ed by combining two or more BSSs Ad hoc Mode Ad hoc mode is a Wireless Networking Framework in which stations communicate directly with each other It is useful for quickly establishing a network in situations where formal infrastructure is not required Ad hoc mode is also referred to as peer to peer mode or an independent basic service set IBSS AES The Advanced Encryption Standard AES is a symmetr...

Page 184: ...ve data frames queued for them Bridge A connection between two local area networks LANs using the same protocol such as Ethernet or IEEE 802 1x Broadcast A Broadcast sends the same message at the same time to everyone In wireless networks broadcast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802 1x Frames to all client stations on the network S...

Page 185: ...the radio uses for transmitting and receiving Each 802 11 standard offers a number of channels dependent on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission FCC the European Telecommunications Standards Institute ETSI the Korean Communications Commission or the Telecom Engineering Center TELEC CSMA CA Carrier Sense Multiple Access...

Page 186: ...addresses Conversely an IP address may map to more than one domain name A domain name has a suffix that indicates which top level domain TLD it belongs to Every country has its own top level domain for example de for Germany fr for France jp for Japan tw for Taiwan uk for the United Kingdom us for the U S A and so on There are also com for commercial bodies edu for educational institutions net for...

Page 187: ...s cables are classified as XbaseY where X is the data rate in Mbps and Y is the category of cabling The original cable was 10base5 Thicknet or Yellow Cable Some others are 10base2 Cheapernet 10baseT Twisted Pair and 100baseT Fast Ethernet The latter two are commonly supplied using CAT5 cabling with RJ 45 connectors There is also 1000baseT Gigabit Ethernet Frame A Frame consists of a discrete porti...

Page 188: ...rd 802 11f that defines communication between the access points in a distribution system This includes the exchange of information about mobile stations and the maintenance of bridge forwarding tables plus securing the communications between access points IBSS An independent basic service set IBSS is an Ad hoc Mode Wireless Networking Framework in which stations communicate directly with each othe...

Page 189: ...e octet number uniquely defining each host on the Internet It is usually shown in form 192 168 2 254 This is called dotted decimal notation An IP address is partitioned into two portions the network prefix and a host number on that network A Subnet Mask is used to define the portions There are two special host numbers The Network Address consists of a host number that is all zeroes for example 192...

Page 190: ...twork performance Latency Latency also known as delay is the amount of time it takes to transmit a Packet from sender to receiver Latency can occur when data is transmitted from the access point to a client and vice versa It can also occur when data is transmitted from access point to the Internet and vice versa Latency is caused by fixed network factors such as the time it takes to encode and dec...

Page 191: ...network devices share a common 48 bit MAC address format displayed as a string of twelve 12 hexadecimal digits separated by colons for example FE DC BA 09 87 65 MSCHAP V2 Microsoft Challenge Handshake Authentication Protocol Version 2 MSCHAP V2 provides authentication for PPP connections between a Windows based computer and an Access Point or other network access device MTU The Maximum Transmissio...

Page 192: ...em clocks in a network of computers NTP servers transmit Coordinated Universal Time UTC also known as Greenwich Mean Time to their client systems An NTP client sends periodic time requests to servers using the returned time stamp to adjust its clock OSI The Open Systems Interconnection OSI reference model is a framework for network design The OSI model consists of seven layers Layer 1 the Physical...

Page 193: ...n address and sender address Packets are pushed out onto the network and inspected by each node The node to which it is addressed is the ultimate recipient Packet Loss Packet Loss describes the percentage of packets transmitted over the network that did not reach their intended destination A 0 percent package loss indicates no packets were lost in transmission QoS features are designed to minimize...

Page 194: ...e performance by spreading requests over several machines and filter requests to prevent access to specific servers or services PSK Pre Shared Key PSK see Shared Key Public Key A public key is used in public key cryptography to encrypt a message which can only be decrypted with the recipient s private or secret key Public key encryption is also called asymmetric encryption because it uses two keys...

Page 195: ...s voltage relative to the received signal strength RSSI is one of several ways of measuring and indicating radio frequency RF signal strength Signal strength can also be measured in mW milliwatts dBms decibel milliwatts and a percentage value RTS A request to send RTS is a message sent by a client station to the access point asking permission to send a data packet RTS Threshold The RTS threshold s...

Page 196: ...reestablishes the link by activating the standby path Without spanning tree in place it is possible that both connections may be simultaneously live which could result in an endless loop of traffic on the LAN Subnet Mask A Subnet Mask is a number that defines which part of an IP address is the network address and which part is a host address on the network It is shown in dotted decimal notation fo...

Page 197: ... extended 48 bit initialization vector per packet key construction and distribution a Message Integrity Code MIC sometimes called Michael and a re keying mechanism It uses a RC4 stream cipher to encrypt the frame body and CRC of each 802 11 frame before transmission It is an important component of the WPA and 802 11i security mechanisms ToS TCP IP packet headers include a 3 to 5 bit Type of Servic...

Page 198: ...cond part specifies the IP address or the domain name where that resource is located VLAN A virtual LAN VLAN is a software based logical grouping of devices on a network that allow them to act as if they are connected to a single physical network even though they may not be The nodes in a VLAN share resources and bandwidth and are isolated on that network The Gateway 7001 Series Self Managed AP su...

Page 199: ... information that lets these systems browse remote networks using the Network Neighborhood Wireless Networking Framework There are two ways of organizing a wireless network Stations communicate directly with one another in an Ad hoc Mode network also known as an independent basic service set IBSS Stations communicate through an Access Point in an Infrastructure Mode network A single access point c...

Page 200: ...s AES but another encryption mode OCB for encryption and integrity XML The Extensible Markup Language XML is a specification developed by the W3C XML is a simple flexible text format derived from Standard Generalized Markup Language SGML which is defined in ISO8879 1986 designed especially for electronic publishing ...

Page 201: ...196 www gateway com ...

Page 202: ...Appendix B 197 Specifications ...

Page 203: ...ctionality X Supports traffic between 802 11a b g clients associated on same AP Support for Power Over Ethernet X LAN 1 Port using Standard 802 11I Power Injector LEDs X Power LAN WLAN 80211a 80211g DHCP Server X Client only DHCP Client X Client only Static IP addressing X Default Static IP 192 168 1 1 802 11g X 802 11b X 802 11a X 802 3 X Auto sensing 802 3u X Auto sensing Security X 802 1x WPA W...

Page 204: ...s Control X CSMA CA with ACK Wireless Transmit Power X 15dBm 32mW 2dB Power Adapter X Ext Power Supply DC 5V 3 0A 100 240V 50 60 Hz Receiver Sensitivity X 54Mbps OFDM 10 PER 73dBm X 48Mbps OFDM 10 PER 76dBm X 36Mbps OFDM 10 PER 82dBm X 24Mbps OFDM 10 PER 85dBm X 12Mbps OFDM 10 PER 88dBm X 11Mbps CCK 8 PER 91dBm X 9 Mbps OFDM 10 PER 90dBm X 6 Mbps OFDM 10 PER 91dBm X 5 5 Mbps CCK 8 PER 92dBm X 2 Mb...

Page 205: ...SID Broadcast Enable Disable X Per RF Radio MAC Filtering X Support for Allow or Deny Listing Radio Enable Disable X Per RF Radio Turbo Mode X Increases data rates to 72Mbps 802 11A only Selectable Changeable Options X Beacon Interval DTIM Interval Fragmentation Length RTS Length Transmit Power Channel Selection Gateway Yes No Comments ...

Page 206: ...Appendix C 201 Safety Regulatory and Legal Information ...

Page 207: ...it up Never insert objects of any kind into the ventilation openings Some products are equipped with a three wire power cord to make sure that the product is correctly grounded when in use The plug on this cord will fit only into a grounding type outlet This is a safety feature If you are unable to insert the plug into an outlet contact an electrician to install the appropriate outlet If you use a...

Page 208: ... current still flows through it To avoid electrical shock always unplug all cables from the device power modem and network cables are some examples before cleaning the access point Unplug the access point from the wall outlet and refer servicing to qualified personnel if The power cord or plug is damaged Liquid has been spilled into the access point The access point does not operate correctly when...

Page 209: ...to make sure the user or bystanders keep the transmitter away from their body when the wireless device is transmitting The transmitting antenna should be installed and used in a manner to maintain 20cm 8 inches from user s or bystander s bodies This wireless device is intended to be used indoors In some areas use of this device outdoors is prohibited Some circumstances require restrictions on usin...

Page 210: ...ese limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio or television reception However there is no guarantee that interference will not occur in a particular instal...

Page 211: ...umber found on the product to the responsible party This device complies with Part 15 of the FCC Rules Operation of this product is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Caution Changes or modifications not expressly approved by Gatewa...

Page 212: ...of Gateway Inc Intel Intel Inside logo and Pentium are registered trademarks and MMX is a trademark of Intel Corporation Microsoft MS MS DOS and Windows are trademarks or registered trademarks of Microsoft Corporation Instant802 Networks and the Instant802 Networks logo are trademarks of Instant802 Networks Inc and or its affiliates in the US and other countries All other product names mentioned h...

Page 213: ...208 www gateway com ...

Page 214: ... 3 basic settings configuring 27 30 navigating 30 viewing 26 before you start 5 bridging distant wired LANs 112 C client computer requirements 11 cluster adding an access point 52 auto synch 45 formation 45 kinds of APs 42 removing an access point 51 security 45 size 42 size and membership 45 cluster configuration settings 43 cluster membership 45 cluster mode 44 cluster size 45 clustered access p...

Page 215: ... 20 setting up connections 19 specifying physical or virtual 70 using as a client 102 guest welcome screen configuring 101 I IEEE 802 1x security mode 82 information session monitoring 63 interface 4 interfaces 159 internal interface 160 internal LAN configuring 70 intra cluster security 45 IP address of access point 40 K kickstart running 20 L log event 161 logging on to administration Web pages ...

Page 216: ...DIUS 83 WPA PSK 85 security settings configuring 87 navigating to 87 session information refreshing 65 viewing 65 session monitoring information 63 navigating to 62 setting configuration policy 34 setting the system name 69 setting up safety precautions 202 setting up guest network 19 setting up the access point 16 settings access point 50 settings not shared in clustering 43 settings cluster conf...

Page 217: ...ts 58 W wait time for cluster auto synch 45 WDS backup links 113 114 security considerations 115 unwanted loops 113 114 WDS link configuration example 119 WDS settings configuring 117 navigating to 115 WDS extending the network 113 Web browser 9 WEP security mode 81 WEP with RADIUS security mode 83 which security mode to use 80 wired settings 160 configuring guest interface 73 configuring internal...

Page 218: ...A MAN 7001 SRS ACC PTS GDE R1 05 04 ...

Reviews:

No comments

Related manuals for 7001 Series

Brand: Qixiang Technology Pages: 11

VERSA WIRELESS LAN - RELEASE NOTES

Brand: NEC Pages: 4

Brand: Ubiquiti Pages: 14

Brand: Raisecom Pages: 84

Brand: Teldat Pages: 24

Brand: Kasda Pages: 42

PTP 550E Series

Brand: Cambium Networks Pages: 250

Brand: AirLive Pages: 51

Brand: Proxim Pages: 32

Brand: Quectel Pages: 53

Brand: Gigafast Pages: 39

Global connect GR-121

Brand: Telecom 2 Pages: 19

Brand: Zonet Pages: 54

Brand: Z-Com Pages: 26

Brand: Ubiquiti Pages: 62

Brand: Planex Pages: 305

Brand: Ubee Pages: 89

Brand: H3C Pages: 137

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands