GDI Halo Product Manual Download Page 25

Page: 25 / 65

3-2 Wireless Security Options

To make wireless networking as safe and easy as possible, this radio provides several

network security features, but requires specific programming and setup.

Security Precautions

The following is a complete list of recommended security precautions that can be taken to

help ensure a secure network.

1. Change the default SSID.

2. Disable

SSID

Broadcast.

Change the default password for the Administrator account.

Enable MAC Address Filtering.

5. Change

the

SSID

periodically.

6. Use the highest encryption algorithm possible. Use WPA if it is available. Please note

that this may reduce your network performance.

7. Change the WEP encryption keys periodically.

To ensure network security, steps one through four should be followed.

Wireless

networks are easy to find. Unauthorized users know, that in order to join a wireless

network, wireless networking products first listen for “beacon messages”. These

messages can be easily decrypted and contain much of the network’s information, such

as the network’s SSID (Service Set Identifier).

Security Options

There are several ways you can enhance the security of your wireless network:

Restrict Access Based on MAC address.

You can restrict access to only trusted clients so

that unknown clients cannot wirelessly connect to the radio. MAC address filtering adds

an obstacle against unwanted access to your network, but the data broadcast over the

wireless link is fully exposed.

Use WEP.

Wired Equivalent Privacy (WEP) data encryption provides data security. WEP

Shared Key authentication and WEP data encryption will block all but the most

determined eavesdropper.

Use WPA or WPA-PSK.

Wi-Fi Protected Access (WPA) data encryption provides data

security. A very strong authentication key along with dynamic per frame re-keying of WPA

makes it virtually impossible to compromise.

Enable Wireless Security Separator.

The associated wireless clients will not be able to

communicate with each other if this feature is enabled. The default setting is

disabled.

Summary of Contents for Halo

Page 1: ...January 2007 Version 1 11 802 11 a Outdoor AP Product Manual Halo ...

Page 2: ...terference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiv...

Page 3: ...OUTER MODE 33 5 3 ANY IP 34 5 4 UNDERSTANDING RADIUS SETTINGS 35 5 5 HTTP REDIRECT 36 5 6 FIREWALL MANAGEMENT 37 5 7 VIRTUAL SERVER 39 CHAPTER 6 WIRELESS SETUP 41 6 1 BASIC SETTINGS 41 6 2 VAP VLAN SETTINGS 42 6 3 UNDERSTANDING WEP WPA SECURITY OPTIONS 45 6 4 ACCESS CONTROL 48 6 5 WDS MODE 48 6 6 SMART WDS 49 6 7 ADVANCED SETTINGS 49 CHAPTER 7 MANAGING AND TESTING YOUR AP 52 7 1 SITE SURVEY 52 7 2...

Page 4: ...he following conventions to convey instructions and information STA refers to a station ETH refers to a PC This symbol means reader take note Notes contain helpful suggestions or references to materials not contained in this manual This symbol means reader be careful In this situation you might do something that could result in equipment damage or loss of data This warning symbol means danger You ...

Page 5: ...es traffic demands from different applications and extends Wi Fi s high quality end user experience from data connectivity to voice music and video applications under a wide variety of environment This Access points serves as the connection point between wireless and wired networks or as the center point of a stand alone wireless network In large installations wireless users within radio range of ...

Page 6: ...r Simple Network Management Protocol SNMP Management Information Base MIB management Multiple operating modes 1 Access point 2 Station Adapter 3 Point to Point Bridge 4 Wireless Repeater 5 Inter building Repeater mode Configure the radio as a wireless repeater to extend the coverage area of your wireless network VAPs VLAN Assign Multi SSIDs on your radio one SSID per VAP to differentiate policies ...

Page 7: ...e groups so employees guests and contractors now easily and securely share the same infrastructure Access Control The Access Control MAC address filtering feature can ensure that only trusted wireless stations can use the radio to gain access to your LAN Hidden Mode The SSID is not broadcasted assuring only clients configured with the correct SSID can connect ...

Page 8: ...ion authority or an electrician if you are uncertain that suitable grounding is available Ultimate disposal of this product should be handled according to all national laws and regulations Do not locate the antenna near overhead power lines or other electric light or power circuits or where it can come into contact with such circuits When installing the antenna take extreme care not to come into c...

Page 9: ...nd configuring the unit is a suitable professional installer Following installation access to the unit should be password protected by the network administrator to maintain regulatory compliance The Halo Series Radio and POE injector can be damaged by incorrect power application Read and carefully follow the installation instructions before connecing the system to its power source ...

Page 10: ...J 45 connector Between POE and radio A 100 240 V 50 60 Hz AC power source A Web browser for configuration such as Microsoft Internet Explorer 6 0 or above or Netscape Navigator 4 78 or above At least one computer with the TCP IP protocol installed What s In the Box Halo Series Radio Power adapter and cord Power over Ethernet POE injector Quick Installation Guide Installation CD for the radio Mount...

Page 11: ...nna Connector Here you can attach the proper antenna with the Halo Series Radio to wirelessly connect to other 802 11 a networks In order to improve the RF signal radiation of your antenna proper antenna installation is necessary 3 Grounding stud Connect to the ground conductor with the ground wire 4 Reset button Remove the screw and use a thin object i e a paperclip or needle to hold down the swi...

Page 12: ...12 POE Power over Ethernet Injector Figure 1 2 Power over Ethernet injector 1 To Ethernet RJ 45 port used to connect to the 10 100 Base T complied device such as switch router or PC ...

Page 13: ...tion authority or an electrician if you are uncertain that suitable grounding is available The Halo Series Radio and POE injector can be damaged by incorrect power application Read and carefully follow the installation instructions before connecing the system to its power source The Power Over Ethernet Injector is not a waterproof unit should not be exposed to outdoor without any protection ...

Page 14: ...height sufficient place where structures trees or hills do not obstruct radio signals to and from the unit A clear line of sight path can guarantee the performance of the RF link S i t e S u r ve y s Clear and flat areas provide better RF range and data rate on the contrary physical obstructions such as trees electric tower hills or buildings can reduce the performance of RF devices Do not deploy ...

Page 15: ...le The Halo Series Radio supports 10 100M Ethernet connections Attach your SFTP SSTP cat 5 Ethernet cable with waterproof connector to the RJ 45 connector on the ODU enclosure Then connect the other end of the cable to the To ODU side on POE injector Solder the shielding parts of the SFTP cable and the RJ 45 connector well to ensure optimal performance of the system ...

Page 16: ...regulatory restrictions the outdoor radio and the external antenna must be professionally installed Connect the Power Cable Connect the 15V power adapter to the POE injector and plug the other end to an electrical outlet AC 110V 240V Wireless Interactive cannot assume responsibility for damage when using the Halo Series Radio with other types of power adapters You should read and carefully follow ...

Page 17: ...ous general and special purposes but despite the huge variety all designs essentially address two concerns directionality and gain These selection criteria are discussed in the following paragraphs along with a third criterion polarization Directionality An antenna may be designed to receive and transmit in all directions Such antennas are omni directional An example of an omni directional receivi...

Page 18: ...rease range or data rate Gain is measured and stated in decibels abbreviated dB The decibel is a unit used to indicate the relative difference in power between two signals For example a signal 3 dB greater than another signal has twice as much power The decibel is a logarithmic unit so each doubling of decibels represents a fourfold increase in power Since 3 dB represents a doubling of power 6 dB ...

Page 19: ...o horizon If antennas are located at a greater range than the ground level radio horizon a means must be available for elevating the antennas 3 All antennas must be properly oriented and a directional antenna must be carefully aimed at its target antenna to ensure communication at maximum range 4 All antenna RF cables attenuate reduce signal strength in proportion to their length Therefore the dis...

Page 20: ...ended by elevating the transmitting antenna receiving antenna or both to extend communication range The radio horizon can also be extended or shortened by certain phenomena such as refraction due to atmospheric density and temperature inversions Fog and rain which reduce signal strength can also shorten the radio horizon although in the ISM band this loss is negligible A reasonable approximation o...

Page 21: ...os are to be installed a determination of the minimum antenna height required to obtain a line of sight and a calculation of the expected RSS level to be received at each of the locations The background noise measurement is critical as it gives the operator a preview of the potential performance variations and the feasibility of utilizing a particular radio at a location For example if the backgro...

Page 22: ... While omni directional antennas use only vertical polarization horizontally polarized omni directional antennas are available Orientation of directional antennas is critical because their sensitivity is greatly reduced outside a fairly narrow angle Performance of the system can be seriously degraded by mis aligned directional antennas Cable Loss Attenuation Using short cables to connect the radio...

Page 23: ...rounding The antenna should be mounted on a mast or tower that is well grounded to earth All antenna lead connectors should be correctly installed to provide a good solid connection to the cable shield Threaded couplings mating antenna lead connectors should be clean and tight bayonet type connectors should not be used Weatherproof connectors must be used for outdoor connections to prevent corrosi...

Page 24: ...t factory settings below Factory Default Restore will enable you to restore these defaults FEATURE FACTORY DEFAULT SETTINGS User Name case sensitive admin Password case sensitive password Radio Name Halo Country Region United States Router Mode Bridge I P Type static I P I P Address 192 168 1 1 IP Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 Operating Mode Access Point Wireless Mode 802 11a C...

Page 25: ...eacon messages These messages can be easily decrypted and contain much of the network s information such as the network s SSID Service Set Identifier Security Options There are several ways you can enhance the security of your wireless network Restrict Access Based on MAC address You can restrict access to only trusted clients so that unknown clients cannot wirelessly connect to the radio MAC addr...

Page 26: ...onfigure the computer with a static IP address of 192 168 1 x x cannot be 1 and 255 255 255 0 for the Subnet Mask c Connect a Cat 5 SFTP cable from the radio to the POE d Connect a Cat 5 UTP cable from the POE to computer e Turn on your computer connect the power adapter to the AP and verify the following The power light of the POE goes on The LAN light of the Ethernet port on computer goes on too...

Page 27: ...27 3 Clicking Login now it will navigate you into this radio s homepage General Information will be shown below Figure 3 2 AP general information ...

Page 28: ... Subnet Mask The Subnet Mask must be the same as that set on the LAN that your Access Point is connected to The default is 255 255 255 0 Operating Mode AP provides five modes Access Point Station bridge repeater and inter building Access Point Act as a standard 802 11 a access point The default mode is Access Point Station Perform as a client station associated to other APs Be sure that they share...

Page 29: ...ly connect to another Halo Radio which is set to inter building mode without manually entering MAC address for each other This creates a unique link to Halo radios only Wireless Mode The only option available is 802 11 a Channel This field identifies which operating frequency will be used Security Profiles This provides a list of other APs with proper identification data ...

Page 30: ... below This information is useful for identifying clients on the network Figure 4 1 AP connection status If the wireless access point is rebooted the table data is lost until the wireless access point rediscovers the devices Statistics The statistics provide various LAN and WAN statistics Figure 4 2 statistics ...

Page 31: ...ted Wireless Unicast Packets The Unicast packets sent since the AP was restarted Broadcast Packets The Broadcast packets sent since the AP was restarted Multicast Packets The Multicast packets sent since the AP was restarted Total Packets The Wireless packets sent since the AP was restarted Total Bytes The Wireless bytes sent since the AP was restarted ...

Page 32: ...TP Time Server The Time Sever provides correct and current time in any world time zone country or major city Accurate adjustments for Daylight Saving Time are made according to each location s rules and laws Time Server Port This field identifies the time server port like 123 Time Zone Select the time zone location for your setting Current Time This field identifies the current time in your specif...

Page 33: ...ing with various devices This can extend the radius of your network Spanning Tree Enabling spanning tree can prevent undesirable loops in the network ensuring a smooth running network By default the function is enabled Router Mode In Router Mode the radio has two ports WAN port and LAN ports If your network has a requirement to use a different IP addressing scheme you can make those changes in thi...

Page 34: ...abling any IP you ll feel free to enter IP Address IP Subnet Mask and Gateway enjoying internet surf Please refer to the diagram below Take the steps to activate the functionality 1 Configure the AP as router mode 2 Make sure your station connected to the AP 3 Set correct IP parameters for the AP 4 Enable any IP STA2 ...

Page 35: ...fill in the following Radius server settings Primary Radius Server IP Address This field is required Enter the IP address of the Radius Server on your LAN or WAN Secondary Radius Server IP Address This field is optional Enter the IP address of the Secondary Radius Server on your LAN Radius Port Enter the port number used for connections to the Radius Server Radius Shared Key Enter the desired valu...

Page 36: ...nabling HTTP redirect you can enter a corporate URL for example http www yourcompany com It is your desired web page that first appears when someone is surfing the internet via a station connected to your radio which is set to be an AP The following is the HTTP Redirect Settings URL Enter your desired website in this field Be sure to click Apply to save the configuration Be sure your AP is connect...

Page 37: ...ed data and protocols only delivering the wanted information to your PC Click the firewall link and you ll be navigated to Firewall Management interface Figure 5 5 AP firewall management Before applying the firewall management you need to enable the firewall Name Enter your desired firewall rule name in this field Allow This field identifies which packets have IP addresses specified by you are all...

Page 38: ... protocol may be allowed or denied Port Range This specifies your IP port range Schedule You can set the time when your AP performs firewall management by enabling from Alternatively if you desire your AP to perform firewall management for a long time please enable always Bandwidth You can set the bandwidth with n 64Kb per second to limit the data flow When completing all firewall rules configurat...

Page 39: ...ineered for heterogeneous network Please refer to the following diagram In router mode designed for the virtual server the AP is wirelessly coupled to FTP server mail server and log server on LAN port on WAN port the AP is coupled to PC The AP is the virtual server so that you have access to download files or enjoy e mails only via your PC Figure 5 7 AP virtual server management Name Enter the vir...

Page 40: ...cifies your WAN port Schedule You can set a time limit when your AP acts as a virtual server by enabling from Alternatively if you desire your AP to always act as a virtual server please enable always Virtual Server List This provides you with the detailed list of virtual servers When completing configuration of your virtual server please click Add Rule to save the setting ...

Page 41: ...ates with another bridge mode wireless station You must enter the MAC address physical address of the other bridge mode wireless station in the field provided WEP should be used to protect this communication Point to Multi Point Bridge Select this only if this radio is the Master for a group of bridge mode wireless stations The other bridge mode wireless stations must be set to Point to Point Brid...

Page 42: ... a is available Channel This field identifies which operating frequency will be used It should not be necessary to change the wireless channel unless you notice interference problems or setting up the AP near another access point Data Rate Shows the available transmit data rate of the wireless network The default is Best Output Power Set the transmit signal strength of the radio The options are fu...

Page 43: ...hey all share the same AP and undertake different tasks Some VLANs can be used for guest Internet access others for enterprise users and administrators can be put on a high security VLAN with enhanced firewall permissions All this can be achieved using a single infrastructure to emulate up to 8 infrastructures The AP does this by assigning each of the 8 VLANs it s own SSID so essentially you ll be...

Page 44: ...gure 6 2 VAP VLAN Settings You can configure each profile by clicking Edit Such configuration as configuring profile name SSID enabling broadcast SSID or doing security Figure 6 3 Security profile for Vap x ...

Page 45: ...racters However not all wireless adapters support passphrase key generation Manual These values are not case sensitive 64 bit WEP enter 10 hexadecimal digits any combination of 0 9 a f or A F 128 bit WEP enter 26 hexadecimal digits any combination of 0 9 a f or A F 152 bit WEP enter 32 hexadecimal digits any combination of 0 9 a f or A F WPA Pre Shared Key uses a pre shared key to perform the WPA ...

Page 46: ...46 Figure 6 4 Security profile with WEP encryption Figure 6 5 Security profile with WPA PSK ...

Page 47: ...47 Figure 6 6 Security profile with WPA2 PSK Figure 6 7 Security profile with WPA PSK WPA2 PSK ...

Page 48: ...ontrol Figure 6 8 Access Control You can restrict access to only trusted STAs so that those unknown STAs cannot wirelessly connect to the AP by turning Access Control on By entering the MAC Addresses of new stations you can manually add the stations to allow them to be connected to the radio 6 5 W D S M o d e In Wireless Distribution System WDS mode multiple radios can be configured to operate in ...

Page 49: ...peed limit The most speed available is 1687 64Kbps 105 4375Mbps 6 6 Smart WDS In bridge mode enabling Smart WDS the radio can sniff other bridge mode radio around it and automatically connect those that work in the same channel WDS Service Group ID If two radios share the same group ID they will be automatically connected Smart WDS can be activated on the premise that the radio is set to be AP mod...

Page 50: ...hods to offer a richer and more diverse set of services WMM prioritizes traffic demands from different applications and extends Wi Fi s high quality end user experience from data connectivity to voice music and video applications under a wide variety of environment and traffic conditions WMM defines four access categories voice video best effort and background that are used to prioritize traffic s...

Page 51: ...AN service area the AP address the Broadcast destination addresses a time stamp Delivery Traffic Indicator Maps and the Traffic Indicator Message TIM Specifies the data beacon rate between 20 and 1000 This value indicates the interval of the Delivery Traffic DTIM Interval Indication Message DTIM A DTIM field is a countdown field informing clients of the next window for listening to broadcast and m...

Page 52: ...1 Site survey Site Survey provides you with a table of adjacent APs discovered by your radio when it acts as a station In terms of each connected AP Site Survey offers you their network information including SSID BSSID RSSI channel mode connection status and encryption ...

Page 53: ...n existing 802 11a wireless local area network WLAN ranging from 0 to 99 Remote Antenna Gain 0 99 This indicates extended coverage provided by the remote AP for an existing 802 11 a Wireless local area network WLAN ranging from 0 to 99 Test Interval 1 60000 This provides testing time interval in milliseconds Test Packet Size 64 1514 This tests the size of packets transmitted between the two radios...

Page 54: ...to change the password 1 Enter your currently used password in the Current Password field 2 Enter your new password in the New Password field 3 Re enter the new password to confirm it in the Repeat New Password field 4 Finally click Apply to save the change Also if you desire to restore to the factory set password please click Yes The default setting is disabled ...

Page 55: ...tted data such as passwords binary data and administrative commands by encrypting it SSH clients make SSH relatively easy to use and are available on most computers including those that run Windows or UNIX SSH clients are also available on some handheld devices SSH on the radio is enabled by default When user manager is enabled SSH uses the same usernames and passwords established by the user mana...

Page 56: ...SSH 1 From the Putty Configuration enter the IP address in host name field and port number in port field Also select SSH as protocol Figure 8 3 Putty configuration utility 2 Press Open and the screen below should appear Figure 8 4 Putty configuration page ...

Page 57: ...lo is the radio name Enter help to display the SSH command help SNMP SNMP simple network management protocol is a distributed management protocol Via SNMP you have access to administrate your AP remotely Read Community Name You have access to read rather than write The default name is public Write Community Name The default name is private ...

Page 58: ...rmware into the AP must support HTTP uploads such as Microsoft Internet Explorer 6 0 or above or Netscape Navigator 4 78 or above 1 Download the new software file and save it to your hard disk 2 From the main menu Management section click the Upgrade Firmware link to display the screen above 3 In the Upgrade Firmware menu click the Browse button and browse to the location of the image RMG upgrade ...

Page 59: ...ackup Allows you to save all of the radio s settings in a file that can be stored on any computer Retrieve Retrieve button allows you to retrieve your backup files Restore This button can be used to clear ALL data and restore ALL settings to the factory default values ...

Page 60: ...g offers you activity log information Figure 7 7 Event log SysLog Server IP address The radio will send all the SysLog to the specified IP address if SysLog option is enabled Default 0 0 0 0 Syslog Server Port Number The port number configured in the SysLog server on your network Default 514 ...

Page 61: ...61 8 6 Reboot AP If you want to reboot AP click Yes and then apply AP will reboot ...

Page 62: ...rectly connection Hardware includes the radio cable and connectors etc In few cases the radio will conflict with the laptop or PC Environment anything that is outside the equipment and not part of the path itself If you verify that your configuration is correct but the user still report that the link does not work the most likely the problem is environmental interference or an improper connection ...

Page 63: ...checking for interference ensure all of your hardware is working properly and your configurations are correct The path analysis cabling and antennas should be checked as well 9 2 Connection Issues This section describes several common problems you might have while setting the radios Radio Does Not Boot When the radio does not boot use the following steps to check your system 1 Ensure that the powe...

Page 64: ...ss Rule of MAC address filter Rule of security settings such as WEP or WPA Rule of authentication such as settings of radius server and 802 1x Configurations of WDS page Please double check the configuration in Chapter 3 Configuring the 802 11 a Radio 9 4 Communication Issues If two radios work within close distance of each other and do not work while separated then there are two possible reasons ...

Page 65: ...signal To know in advance how much interference is present in a given environment a spectrum analyzer can be attached to a temporary antenna for measuring the signal levels on all available channels If the link is not working after resetting the configurations check the connectors and cables and double check the path and environment issues If all else fails contact your hardware vendor for technic...

Search results

Summary of Contents for Halo

Reviews:

Related manuals for Halo

Brands by name

Popular brands

GDI Halo, Product Manual

Search results

Summary of Contents for Halo

Reviews:

Related manuals for Halo

Brands by name

Popular brands