Nokia A032 User Manual Download | Manualshive

Page: 149 / 218

background image

143

In the Nokia A032 implementation, the
sequence of events is as follows:

1

The access point receives an authenticate
request from a wireless client.

2

The access point formulates a RADIUS
request using the wireless client’s identifier
(usually the MAC address) as the username
and a fixed string (called the

dummy

password

) for the password field. Consistent

with normal RADIUS operation, the
password is encrypted using a

shared secret

.

3

The RADIUS server decrypts the password
value using the appropriate shared secret
and then looks up the username in its
database.

4

If the username is not found, the server
replies with a reject message. If the
username is found the server checks that the
value of dummy password is correct and
then replies with an accept message,
containing the WEP key.

5

The access point now uses the WEP key to
challenge the wireless client and make a
decision whether to admit it to the network.

A032-Adv.book Page 143 Monday, November 13, 2000 10:47 AM

«
...
147
148
149
150
151
...
»

Summary of Contents for A032

Page 1: ...Wireless LAN Access Point Advanced User Guide ...

Page 2: ...rks of Microsoft Corporation MS DOS is a registered trademark of Microsoft Corporation Other products may be trademarks or registered trademarks of their respective manufacturers We reserve the right to make changes and improvements to any of the products described in this guide without prior notice Nokia is not responsible for any loss of data income or any consequential damage howsoever caused I...

Page 3: ... the Web manager This describes the web browser based interface for configuring and monitoring the Nokia A032 Command line interface This describes other ways of configuring the Nokia A032 NID naming and security How to use MAC addresses to control network access Using TFTP How to upload and download configuration files and firmware updates SNMP manager Explains the capabilities of the Nokia A032 ...

Page 4: ... notes that start with Note or WARNING Text conventions The following conventions are used throughout this manual courier is used for file names or to denote text that appears on your screen courier bold is used to denote text that you should type in new terms are shown in italic text the first time they appear bold text denotes the name of a physical button or LED on the Nokia A032 unit e g the a...

Page 5: ...CLM 67 Using the CLM set command 70 CLM commands 90 NID naming and security 97 Overview 97 Using NID names 99 Using TFTP 103 Overview 103 Sending and fetching files 105 TFTP accessible data 107 SNMP manager 117 MIB Summary RFC1213 MIB II 1 3 6 1 2 118 SNMP configuration 125 Appendix A Data encryption and security 127 General security overview 127 WEP security overview 130 A032 Adv book Page v Mond...

Page 6: ...tilities 161 Appendix E Using the WEPGen utility 163 Installing the WEPGen utility 163 Running the WEPGen utility 164 Appendix F Troubleshooting 175 Renewing client IP information 175 Startup problems 177 Troubleshooting dial up connections 185 Resetting factory defaults 190 Appendix G Upgrading 191 Overview 191 Upgrading the Nokia A032 193 Appendix H NAT setup 197 Setting the NAT port 199 Setting...

Page 7: ...ing TFTP on page 103 and Appendix G Upgrading The browser interface also provides comprehensive status monitoring capabilities Displaying the Access Point home page below explains how to access the browser based setup and configuration pages Status monitoring on page 5 explains how to monitor wireless link statistics modem and LAN activity for example using the browser interface Web based setup on...

Page 8: ...er such as Internet Explorer 3 Point the browser to the IP address of the Access Point For example http 192 168 0 1 You ll see the Nokia A032 home page From here you can access all of the Nokia A032 s Status and Setup pages as described below You can return to this home page at any time during status monitoring or configuration by clicking Home in the lefthand frame A032 Adv book Page 2 Monday Nov...

Page 9: ... page Status Displays a brief summary of the A032 s current status see Main status screen on page 8 Setup Allows you to enter the web based configuration manager see Displaying Setup pages on page 32 for more information Graphical cues and links The image of the A032 on the Home page gives you a quick idea of the status of the various interfaces You can click different parts of the image to view c...

Page 10: ... result is the same Disable Enable Sometimes you need to prevent the unit from attempting to make automatic connections to the Internet You can disable automatic dialing by entering the management password and clicking Disable After the Internet connection has been disabled the unit will no longer attempt to dial out when users try to access the Internet However it will still be possible to force ...

Page 11: ...e two ways of viewing the Status pages Clicking the Status link in the lefthand menu bar Clicking various active parts of the image on the Home page Using the Status link Click the Status link in the lefthand menu bar You ll see a summary of the Nokia A032 s status see Main status screen on page 8 The menu bar will change giving you links to all the status pages A032 Adv book Page 5 Monday Novembe...

Page 12: ...Status summary and graphical links The image on the Home page gives you visual cues as to the current status of the LAN Internet and wireless subsystems As a short cut you can click various active parts of the Nokia A032 image on the Home page The following table summarizes these features A032 Adv book Page 6 Monday November 13 2000 10 47 AM ...

Page 13: ...own with a large red cross Internet When dial up Internet access is configured this shows whether the modem link is currently connected When there is no connection the link is shown as a black broken line When the unit is in the process of dialing or connecting the link is shown as a solid dark green line A successfully connected link is indicated by a bright green line with moving yellow bullets ...

Page 14: ...ion Time Current date and time as set in the unit Access Point Name The user defined name for the unit also appears in the screen header Wireless network status This will normally indicate Up If the radio is not present or faulty this will indicate Down Number of Associated Wireless Stations This shows how many wireless users are attached to the Nokia A032 LAN Network status TP 10baseT twisted pai...

Page 15: ...ff Link is down and in backoff mode due to previous failure to connect Condition will clear after a period of time or can be overridden by a manual dial request Dialing Unit is currently dialing to the Internet Connecting Unit has connected to remote modem and is negotiating link parameters Up link is active AIR The NAT firewall is configured to the radio port LAN The NAT firewall is configured to...

Page 16: ...between the two sets of Radio information is subtle but important For example if the radio receives data frames which have a bad check word the PCMCIA radio card will count these frames but will not pass them on to the software in the main access point unit Therefore information about CRC errors is best obtained from the radio Management Information Base MIB as described in Radio card statistics o...

Page 17: ...hown for the accumulated value and for the last 10 second sample Field Description Statistics last cleared This shows the time and date when the accumulated statistics were reset to zero Often this will be the last time the unit was restarted Seconds Accumulated The number of seconds over which statistics have been accumulated This can be useful for computing averages Note that the largest value t...

Page 18: ...ill be ignored by the radio card and not passed to the A032 main processor Field Description Frames Transmitted Number of data and management frames sent over link Bytes Transmitted Number of bytes of data sent over the link Frames Received Number of data and MAC management frames received Data Frames Rcvd The number of frames received from the radio which are data frames as opposed to management ...

Page 19: ...il at the bottom of the radio statistics page To return to the Radio statistics page click the Back icon or click Statistics in the lefthand menu This shows statistics collected by the radio card presented in a form that matches the MIB definition of IEEE802 11 A032 Adv book Page 13 Monday November 13 2000 10 47 AM ...

Page 20: ...y aRetry_Count Frames which were resent aMultiple_Retry_Count Occurrences when multiple retries were needed to send a frame aFrame_Duplicate_Count Number of duplicate frames received and discarded aRTS_Success_Count Count of CTS received in response to RTS aRTS_Failure_Count Count of RTS that received no response aACK_Failure_count Number of times ACK was not received after transmission aReceived_...

Page 21: ... LAN Bytes Transmitted The number of bytes in the frames transmitted Total Frames Seen The number of frames seen on the LAN In a busy network most of these will not be for wireless stations and will be ignored Frames Accepted The number of frames accepted by the Access Point These are either frames destined for wireless stations the Internet connection or for the Access Point management Data Bytes...

Page 22: ...tistics page The information reported depends on the state of the dial up link If a call is in progress the table shows the total statistics for the call and the statistics for the last 10 second sample If the link is down no call in progress the table shows accumulated total statistics I n t e r n e t G a t e w a y A032 Adv book Page 16 Monday November 13 2000 10 47 AM ...

Page 23: ...Number of frames sent over PPP link Bytes Transmitted Number of bytes in transmitted PPP frames RX Frames Good Number of PPP frames received Rx Frames Bad Number of PPP frames discarded due to incomplete or CRC error Data Bytes Rcvd Number of data bytes in good received frames A032 Adv book Page 17 Monday November 13 2000 10 47 AM ...

Page 24: ...tions screen All associated stations wired and wireless Click All in the Associated Stations screen or the Network Summary link in the lefthand menu DHCP Click DHCP in the lefthand menu Internals diagnostics Click Internals in the lefthand menu Modem Click Modem in the lefthand menu PPP log Click View PPP Log in the Modem screen 24hr dial up history Click View 24 Hour History in the Modem screen A...

Page 25: ...modem is connected and powered on the DSR box should be red to indicate that the modem is ready DCD Indicates that the modem is currently receiving carrier generally this means that it has made a connection to another modem Last Response Shows the last message sent by the modem to the A032 during a dial attempt This can be useful in several ways If a connection is successful this usually shows the...

Page 26: ... been active Inactivity timer Modem connected Shows how many seconds the modem port has been inactive When the inactivity timer reaches the configured level default 3 minutes the link will disconnect Reason Why the last call was initiated This can be useful if your system keeps dialing out unexpectedly This field shows which computer on your network sent the frame which caused dialling the type of...

Page 27: ...g will show 50 connected 8 minutes out of 15 minutes To return to the Modem statistics page click the Back icon or click Modem in the lefthand menu View PPP Log This screen keeps a log of the dialing and PPP negotiation for the previous call This is useful if you have a problem connecting to the Internet If the ISP does not correctly negotiate the PPP link and typically hangs up you may be able to...

Page 28: ...ion in the PPP log but it is invaluable if you use technical support to diagnose a connection problem The log is cleared each time a dial up connection is attempted In this way the last call is always captured regardless of whether it succeeded or failed To return to the Modem statistics page click the Back icon or click Modem in the lefthand menu I n t e r n e t G a t e w a y A032 Adv book Page 2...

Page 29: ...ed with the A032 Each line in the table shows data for one wireless station If there are more stations than can be shown in a single screen click NEXT at the right top corner of the status display to see more the field Base Index increases as you click down through the entries to show that you are not at the start of the list A032 Adv book Page 23 Monday November 13 2000 10 47 AM ...

Page 30: ...er other wireless stations including the Nokia Inter Access Point Protocol All Shows both wired and wireless stations Field Description Description The type of station This can be any of the following Associated Wireless Other Wireless not associated Wired device i e on LAN Via Wireless Bridge Bridge Partner another Access Point acting as a bridge Local Access Point another Access Point on the cur...

Page 31: ...nation mode WEP whether WEP security features are enabled Rate The rate at which the station is currently communicating If you click the Report link for a station in the table of associated stations you ll see details for all similar stations for example all associated wireless stations or all bridging partners Network summary Clicking this link on the lefthand menu has the same effect as clicking...

Page 32: ...of the lefthand menu This screen provides information related to the NAT firewall and the PPP IPCP negotiation There are three sections to the display Summary of NAT Tables entries Data about most recent packet forwarded PPP IPCP summary I n t e r n e t G a t e w a y A032 Adv book Page 26 Monday November 13 2000 10 47 AM ...

Page 33: ... packet send to Internet Source and destination information for the most recent packet forwarded This information might be useful if the link is staying up unexpectedly If the link does not drop this screen enables you to find out which computer is sending packets to the Internet Note that if system is configured such that inbound packets from the Internet clear the inactivity timer the link may s...

Page 34: ... status screen allows you to see which DHCP addresses are assigned It also keeps a running log of the most recent activity The screen is divided into three sections Summary information about the DHCP server The DHCP log Detailed information about a specific DHCP address A032 Adv book Page 28 Monday November 13 2000 10 47 AM ...

Page 35: ... 1 Enter the IP address in the lefthand field 2 Click Enquire The system will display the lease status lease duration and the MAC address of the station to which the lease has been granted 3 To view the next IP address in the pool click Next The lease status may be Open unassigned Pending or Leased If the status shows the selected address is outside the DHCP address pool Field Description IP Base ...

Page 36: ...ease number of the Nokia A032 software img1 bin The second part yy yy is the version number of the Nokia A032 BIOS bios bin The Date code shows the build date for the Nokia A032 software which can be useful for technical support Access Point Last started The timestamp when the access point was last restarted Note that this is the timestamp as it existed during start up If you change the system tim...

Page 37: ...ion of the radio link The first bar indicates a value between 0 and 10 The second bar 10 20 and so on The graph is refreshed every 10 seconds AP MAC Address The MAC address of the access point This is the address used by all management accesses to the unit RADIO MAC Address The MAC address of the radio card This is used for IEEE802 11 transmissions and is permanently stored in the radio card Regul...

Page 38: ...ory The system manager should change this as soon as possible see Management security options on page 45 Before you can begin configuring the Nokia A032 you need to log on 1 Click the Setup link in the lefthand frame of the Home page This will display a log on screen 2 Note that if the password is default this will be entered automatically by the access point and shown as 3 Click Enter Setup A032 ...

Page 39: ...e password you ll see the basic setup page For a description of these options see page 35 Basic and Advanced links The links on the left give access to the various set up screens These are divided into two sections labelled Basic and Advanced The basic parameters include most of the required parameters for normal operation A032 Adv book Page 33 Monday November 13 2000 10 47 AM ...

Page 40: ...will cause the new parameters to be written to permanent memory the Nokia A032 will restart putting the changes into effect Reverting to active or default settings Many configuration screens have the following radio buttons at the bottom Reset to active settings This causes the original settings as at the last restart to be restored Reset to default settings This causes the factory default setting...

Page 41: ...ccess point 1 Select your country from the Regulatory Domain drop down 2 Click Enter 3 Select a Radio Channel 4 Click Enter Important Use only the region setting appropriate for the area where the wireless LAN card is used at the present time Using the Nokia Wireless LAN adapter card in any other region or with an incorrect region setting may be illegal Note that choosing European Domain will caus...

Page 42: ...ing one network you can use the default Nokia WLAN Access Point Name String up to 15 characters used to give the Nokia A032 an identifier name Useful if you have multiple access points on a network Current time date Allows you to update the real time clock in the Nokia A032 This takes immediate effect and does not require the unit to be restarted To change the time either edit the string or delete...

Page 43: ...e Nokia A032 is forced to use open access in Learn mode WEP Allows the same stations as Personal WEP Only plus stations with a valid shared WEP key Personal WEP Only Most restrictive mode Only allows stations with a valid personal WEP key WiFi WEP Special mode used with some non Nokia WiFi compatible systems Station may use open authentication no key required to associate with the access point and...

Page 44: ...o long it will be shown in red Valid Size Read only Tells you the valid size of the password for the current setting of WEP Key Policy This indicates how many characters should be in the WEP key Active Key This determines which of the four shared WEP keys is active i e used for transmission WEP Key Policy This parameter determines the number of bits allowed for the WEP keys Normal IEEE802 11 compa...

Page 45: ... setup LAN or Wireless on page 60 This screen is designed for use with most Internet service providers Note that some providers require the use of a logon script see page 55 The following options are available I n t e r n e t G a t e w a y Option Description ISP Phone Number Your ISP s phone number for a dial up Internet connection you can use commas to cause delays between digits ISP Logon Name I...

Page 46: ... power on reset Any pending changes which have not been saved will be discarded Halt Radio disables the radio in the unit This is a way of ensuring that the access point is disconnected from the radio network even though the management functions of the access point are still accessible from the wired LAN or serial port The radio can only be restarted by performing a power on reset or by using the ...

Page 47: ...etwork system administrator will select this value If you do not want to assign an IP address or if you want to configure the Nokia A032 to assign itself an IP address using its own DHCP server set this field to 0 0 0 0 Changes to this field do not take effect until the unit is restarted so that it is possible to change the IP value without interfering with operation of the web browser IP Subnet M...

Page 48: ...owsers allow access to a non standard port numbers using a URL of the form http static_IP_address port_number Setting Description All All frames are forwarded default TCP IP The Nokia A032 only forwards TCP IP frames This is useful in networks which have a large amount of mixed traffic In particular some older systems using MAC level multicast e g DEC LAT to communicate between terminals and Mainf...

Page 49: ...etting here Modem used for dial up networking off disables Internet access Selection of the NAT port affects some of the other screens notably the Internet Access setup which uses different parameters depending on whether the NAT port is applied to the LAN or Radio interface I n t e r n e t G a t e w a y A032 Adv book Page 43 Monday November 13 2000 10 47 AM ...

Page 50: ...a A032 Advanced User Guide LAN interface Use this option to control the LAN interface Options are as follows 10baseT active Off Disables the LAN interface A032 Adv book Page 44 Monday November 13 2000 10 47 AM ...

Page 51: ...t assigned to the modem interface you can activate the serial port command line manager by starting in Learn mode Specific Restricts access to the management func tions to machines with IP addresses defined in the Set Specific Managers screen see below Password Used to enter a new access point password You need to enter the password twice then click Enter Admission Used in conjunction with the NID...

Page 52: ...rence compared to Manual mode is that the serial port is assigned to the command line monitor instead of the Internet Access function The net effect of locking the unit is that it is impossible to change the configuration of the unit without knowledge of the configuration password This means that if the password is lost or forgotten the unit cannot be recovered without physical repair at the facto...

Page 53: ...the A032 will only accept transfers from workstations with those specified IP addresses In addition only the named managers will be allowed to access the Telnet or web functions To set specific managers 1 Set Specific in the Web Telnet FTP Manager field on the Advanced Access Point setup screen 2 Click Enter 3 Click the new button Set Specific Managers that appears next to the Web Telnet FTP Manag...

Page 54: ...want to be able to configure the A032 5 Use the Allow Access boxes to switch access on or off for each workstation 6 Click Enter 7 If necessary click the Back button to return to the Advanced setup screen Some of these fields are only relevant for SNMP see SNMP setup on page 63 A032 Adv book Page 48 Monday November 13 2000 10 47 AM ...

Page 55: ...e used to load specific keys nids txt is generated by WEPGen see page 163 When this box is checked the file must be in encrypted form When unchecked the file must be in normal text mode keys are still encrypted in the file Min Max key length When the WEP Key Policy is set to Custom the values of min and max show the encryption strengths and can take the following values 40 enter keys as ten octets...

Page 56: ...ecret An alphanumeric string of up to 16 characters specifying the shared secret assigned to this access point This value must match that in the RADIUS servers and that used by the WEPGen utility see Appendix E Using the WEPGen utility Dummy Password An alphanumeric string of up to 16 characters specifying the dummy password also stored in the RADIUS server Each key entry in the server is given th...

Page 57: ... Password ISP password for dial up networking under Windows Ring prompts dialback In some circumstances you may need to initiate communication with the network from outside the NAT firewall You can achieve this in conjunction with the Set NAT Holes sub screen see page 54 However this requires that the dial up connection be established The Ring Prompts Dialback function provides a means of forcing ...

Page 58: ...er to connect to the network When this box is checked you must configure the script using the Set Logon Script sub screen see page 55 Modem Setup String This allows you to send commands to the modem prior to dialing Typically these would be AT commands to set various modes and options Most modems do not require any special setup to operate Inactivity Timer This determines how many minutes of inact...

Page 59: ...lly set your static IP address here Otherwise leave it blank External DNS IP Address 1 2 Most modern ISP accounts send DNS server information to a user s computer when logging on so you can usually leave these blank However some accounts require that you configure the DNS addresses manually A032 Adv book Page 53 Monday November 13 2000 10 47 AM ...

Page 60: ...want to allow such accesses if you have a web server on your local network for example The Set NAT Holes screen allows you to define up to four NAT holes and allow external access to specific machines on your LAN Please see Setting NAT holes providing external access on page 201 for a detailed description I n t e r n e t G a t e w a y A032 Adv book Page 54 Monday November 13 2000 10 47 AM ...

Page 61: ...s To enter a line in the script 1 Enter the Line Number you can leave this step out to add a line to the end of the script 2 Choose a Command from the drop down menu 3 Enter a suitable Parameter value 4 Click Add To delete a line enter its number and click Delete I n t e r n e t G a t e w a y A032 Adv book Page 55 Monday November 13 2000 10 47 AM ...

Page 62: ...ript to stop and wait for the specified number of seconds This may be useful at the start to ensure that the ISP is ready to activate wait Text String Causes the script to wait until the ISP sends the specified text string Typically the script waits for a log in prompt and a password prompt The script will wait for 5 seconds If the text is not found in that time the script is aborted and the log o...

Page 63: ... the username Note you can type in the username or USER will cause it to substitute the username defined in the Access Point configuration PASSWORD also works Line 6 Sends CRLF at entry of username Line 7 Access Point waits for prompt protocol Lines 8 9 Access Point sends PPP CRLF I n t e r n e t G a t e w a y 1 Example Script 2 delay 2 3 sendcr 4 wait username 5 send USER 6 sendcr 7 wait protocol...

Page 64: ...s at an external IP address will cause a dial up connection to be established and will be forwarded to the network For entries set to Reject frames sent to that port type will be ignored Note that DNS will normally need to be enabled in order for network names to be used This means that even if WWW is disabled a user trying to browse a site will cause a dial event due to a DNS access by their brow...

Page 65: ...ick Reject All and then enable those that are required Note that some applications use dynamic port assignment using arbitrary port numbers In particular FTP transfers define a port number for the transfer In the case of using FTP you need to enable the Other Ports selection to allow files to be transferred I n t e r n e t G a t e w a y A032 Adv book Page 59 Monday November 13 2000 10 47 AM ...

Page 66: ...f this section but there is a brief description in LAN and radio port options on page 199 If you set the NAT function to LAN or AIR in the Advanced Access Point setup screen see page 40 the Internet Access Setup screen both basic and advanced will show a different set of parameters For correct operation of the unit when connected to an external LAN or wireless LAN all four of the parameters must b...

Page 67: ...ess must be manually configured using this parameter External DNS IP address This parameter defines the IP address of the DNS server on the external network DNS requests on the local network will be sent to the A032 The A032 will then convert the destination address to the correct external address as defined in this field before forwarding External Gateway External Subnet Mask These parameters mus...

Page 68: ... tx pow er 1 5 10 50 80 100 bus y air tx air tx lan link lan bus y aler t Intranet Laptop 192 168 0 1 Local network subnet 255 255 255 192 Nokia Access Point internal 192 168 0 3 DNS server 200 200 1 1 Gateway 200 1 50 254 NAT Firewall Nokia Access Point external 200 1 2 3 External network subnet 255 255 0 0 A032 Adv book Page 62 Monday November 13 2000 10 47 AM ...

Page 69: ...orking Management Protocol SNMP Some of the parameters on this screen are also used to control access to the Telnet Web and TFTP management interfaces Please see Setting specific managers on page 46 This section deals with the SNMP specific settings A032 Adv book Page 63 Monday November 13 2000 10 47 AM ...

Page 70: ...stem information Maximum name lengths are 32 characters Contact Information and Name 64 characters Location Disable Get Globally disables the Get function Disable Traps Globally disables the ability to generate traps system events generated by the A032 Allow any SNMP manager When checked allows any workstation to get SNMP information When unchecked restricts Gets to specific Manager IP addresses i...

Page 71: ... and on the same IP subnet as the A032 s own IP address DHCP Pool Size This field defines the number of addresses in the pool To disable the DHCP function enter 0 in this field or click Disable DHCP DHCP Gateway DHCP DNS Server These fields may be left as default for most applications The default setting causes the DHCP server to instruct the clients to use the A032 as their gateway and proxy DNS ...

Page 72: ...66 Nokia A032 Advanced User Guide A032 Adv book Page 66 Monday November 13 2000 10 47 AM ...

Page 73: ...ch you customize your Nokia A032 However there are times when the methods described in this chapter are more appropriate In particular the CLM is the only method supported via the serial port Your Nokia A032 has a command line interface which you can access in one of two ways Using a PC terminal attached to the serial port via a null modem cable Using a Telnet session on a wired or wireless LAN at...

Page 74: ...sing a Telnet session You can use any LAN station to access the CLM on the Nokia A032 To use Telnet on a Windows 95 98 machine 1 On the workstation choose Run from the Start menu 2 Type Telnet If this fails for any reason use the Find Files utility to search for Telnet This should find a program called Telnet exe on which you should double click It s a good idea to create a shortcut to the Telnet ...

Page 75: ... You can use the commands time and date to update the Nokia A032 To set the time enter the following time hh mm ss where hh hours 0 23 mm minutes 0 59 ss seconds 0 59 To set the date enter the following date mm dd yyyy or dd mm yyyy in Europe where mm month 1 12 dd date 1 31 yyyy year The effect of the commands is immediate and the clock is updated with the new values The clock will continue to ke...

Page 76: ...her you re using a Telnet session or a terminal emulator via the serial port The basic command syntax is set parameter value The format of value depends on the parameter you re setting Some values are simple numbers some are strings and some are special values such as IP addresses For a full list of parameters and their associated values see Optional parameter summary on page 71 and Default value ...

Page 77: ...eter Function Radio related channel Sets radio frequency channel domain Regulatory domain rts_threshold IEEE802 11 parameter short_retry IEEE802 11 parameter long_retry IEEE802 11 parameter sifs_time IEEE802 11 parameter frag_threshold IEEE802 11 parameter basic_rate Sets the 802 11 basic rate set Access Point functions net_name Logical name of wireless network ap_name Identifier name for access p...

Page 78: ...one of the four shared WEP keys wep_key_active Specifies which of the four shared WEP keys is active radius_server IP addresses of primary and backup key servers shared_secret Specifies authentication key shared secret between access point and external key server and key encryption password RADIUS password held on external server use_encrypted_nid Affects the format of the nids txt file used to lo...

Page 79: ...IP address Modem setup mdm_speed Data rate between A032 and modem mdm_init AT command initialization string sent to modem mdm_holdtime Minutes of inactivity to go on hook NAT setup nat_port Determines on which interface NAT is active nat_subnet Subnet mask of external LAN nat_gateway Gateway address of external LAN SNMP setup community_get Determines which SNMP users can access information communi...

Page 80: ...ers are optional and may be left with the default value The default value of each parameter is shown below To set a parameter back to its default value use the set command but leave the parameter field blank For example set ip_address A032 Adv book Page 74 Monday November 13 2000 10 47 AM ...

Page 81: ...attempt before aborting 15 sifs_time SIFS is an IEEE802 11 parameter which affects turnaround time The value is specified in IEEE802 1 and the normal setting for this parameter is 0 A value of 0 is treated as default and causes the system to use the IEEE802 11 compatible value In some special applications where IEEE802 11 is not required an alternate value may be specified It is highly recommended...

Page 82: ...tations in a BSS will be capable of using to receive frames from the wireless medium In practical terms multicasts and requests are restricted to use of the basic rate The basic rates are set in kHz Valid values include 5500 and 11000 1000 2000 Parameter Description Default A032 Adv book Page 76 Monday November 13 2000 10 47 AM ...

Page 83: ...network name but a different ap_name to each access point This name is displayed in some of the management commands LocalAP protocols The default mode of the A032 is to pass all protocols Some non TCP IP protocols issue frequent broadcasts or multicast messages These can use up the available data bandwidth on the wireless LAN and slow down response time If your wireless stations only use TCP IP yo...

Page 84: ...This field should be set if you plan to use the built in management features 255 0 0 0 gateway Only used if you have protocols set to TCPIP rather than the default all In this case gateway should be the IP address of the gateway router This may also be known as the default IP route If you do not have a local gateway this field is not required 0 0 0 0 no gateway A032 Adv book Page 78 Monday Novembe...

Page 85: ...disables Web management function port sets the number for the web server port e g set web 80 To access the web server on a different port for example 6000 enter the URL on your browser as http xxx xxx xxx xxx 6000 using the IP address appropriate for your access point 80 admission Determines which wireless stations can communicate with the access point Possible values are all any station can commu...

Page 86: ...if set manager specific applies The format of the command is set manager_ip number ip_address y z where number 1 2 3 or 4 to set 1st 2nd 3rd or 4th manager ip_address IP address of nth manager s station y 1 accept management requests 0 requests not allowed z 1 send traps 0 traps not sent For example set manager_ip 2 192 168 0 1 sets the second of four managers as having IP address 192 168 0 1 set ...

Page 87: ...isabled so that the unit cannot be reconfigured even with physical access The backdoor password is disabled Nokia Tech nical support can normally recover a unit when the password has been forgotten using a back door password TFTP functions are disabled off lan Controls the LAN port on the A032 hardware The format of the command is set lan Valid values are 10baseT default off disables the LAN inter...

Page 88: ...e shared WEP key plus personal WEP key to receive broadcasts If no shared WEP keys defined broadcasts sent unencrypted wifi Special mode used with some non Nokia WiFi compatible systems Station may use open authentication to associate with the access point then switch to shared WEP key Personal WEP keys not supported Mode provided for compatibility with other vendor equipment not generally recomme...

Page 89: ... command set wep_key_range normal which means the Access Point will only accept 40 bit keys set wep_key_range high which means the Access Point will only accept 128 bit keys strong mode 40 wep_key Assigns a key value to one of the four shared WEP keys The command takes the form set wep_key n key where n selects which shared WEP key 1 2 3 or 4 is being entered and key assigns it a value key must fo...

Page 90: ... used as a lightweight authentication check between the access point and the external server See Setting up a RADIUS external key database on page 141 psswd is the radius password an alphanumeric string of up to 16 characters specifying the dummy password also stored in the RADIUS server see page 144 Each key entry in the server is given the same dummy password use_encrypted_nid Affects the format...

Page 91: ...the Nokia A032 The default value of dhcp_gateway provides the IP address of the A032 If the DHCP server is used in conjunction with an alternate gateway the IP address of that gateway can be set using this parameter This will ensure that the clients get the desired configuration information IP address of Nokia A032 dhcp_dns The IP address of the DNS server which is sent to DHCP clients when the IP...

Page 92: ...sed in dial up networking under Windows empty isp_pwd Your ISP password used in dial up networking under Windows empty isp_dns1 isp_dns2 isp_ip_address Some older ISPs may require that this information be programmed into the Nokia A032 manually Use isp_ip_address if your ISP has allocated you a static IP address empty I n t e r n e t G a t e w a y A032 Adv book Page 86 Monday November 13 2000 10 4...

Page 93: ...200 38400 57600 115200 57600 bps mdm_init Use this to specify any special AT commands necessary to set your modem in the correct mode only older modems require this most modems work in their default mode with the Nokia A032 See the modem s manual or contact Nokia Technical support empty mdm_holdtime Sets the number of minutes for which the link needs to be inactive before the connection is broken ...

Page 94: ... on which interface NAT is active Can be one of the following off modem LAN radio off nat_subnet Subnet mask of external LAN see page 199 0 0 0 0 nat_gateway Gateway address of external LAN see page 199 0 0 0 0 I n t e r n e t G a t e w a y A032 Adv book Page 88 Monday November 13 2000 10 47 AM ...

Page 95: ... interface 89 SNMP setup Parameter Description Default community_get Allows users in your community to get SNMP information public community_set Not supported A032 Adv book Page 89 Monday November 13 2000 10 47 AM ...

Page 96: ...cial values such as IP addresses The command and parameters are separated by spaces You can correct typing errors using the backspace key You can terminate commands and return to the command prompt by pressing Ctrl C You can repeat the previous command by pressing the space bar at the command prompt Help on commands To see a summary of commands type help or To get help on a specific command type h...

Page 97: ...y described in Appendix B Wireless bridges and repeaters broadcast Puts the Nokia A032 into a special test mode The format is broadcast IP_address This causes the Nokia A032 to generate a continuous stream of UDP packets to the specified IP address this could be a wireless station a computer on your wired LAN or even on the Internet To terminate the broadcast type Ctrl C This is useful for site su...

Page 98: ...n the serial port it returns to a login prompt log dump Displays the contents of the initialization log on the screen you ll find more on this in Appendix F log clear Clears out the log information logout Exits the CLM Re enter the password to use CLM isp dial Forces the modem to dial up to the ISP isp hangup Forces the modem to hang up nat Displays current NAT settings NAT port External IP Addres...

Page 99: ...p and ping the address every yy seconds If yy is specified the command will repeat indefinitely type Ctrl C to terminate the command and return to the CMD prompt restart Causes the Nokia A032 to re initialize This is equivalent to turning the power off and on again Normally this command is issued after configuration changes Restarting the unit can be disruptive to currently connected users set See...

Page 100: ...ations including the Nokia Inter Access Point Protocol The result of the command is a list providing the following infor mation fields depend on station type selected Net ID MAC address of the station State Current relationship of device with Nokia A032 Associated Disconnected Detected is bridging bridged Local AP Unknown Channel Radio channel Power The power measurement of the access point with w...

Page 101: ... has one optional parameter to control the refresh speed as follows tracelp Updates the screen every 5 seconds tracelp Q Updates display every second Quick tracelp S Updates display every minute Slow traceon Activates tracing for certain events see traceoff traceoff Deactivates tracing for certain events The command is in the form traceoff specifier specifier where specifier is one of the followin...

Page 102: ...96 Nokia A032 Advanced User Guide A032 Adv book Page 96 Monday November 13 2000 10 47 AM ...

Page 103: ...ss or wired has a unique identifying number called the MAC address Both Ethernet and IEEE802 11 stations use a 48 bit number usually expressed as six bytes in hexadecimal notation An example of a MAC address is 00e003123456 The address is associated with the network adapter card and not the computer so that if you move an Ethernet card or wireless LAN card to a new computer the number will transfe...

Page 104: ...screens See LAN station status on page 23 or show on page 94 NID names can also be used as a security measure as described on page 101 NID name table The Nokia A032 can store a list of up to 200 NID names in its flash memory in the NID name table Initially the NID name table is empty To assign a NID name to a MAC address you need to update the NID name table You can do one of the following Use the...

Page 105: ... is not related to the IP address of the network connection There are two methods you can use to view MAC addresses View the MAC address of a specific station View MAC addresses for all currently active stations Displaying the current station s MAC address If you are using Windows NT4 or 2000 open a console window and enter IPConfig If you re using TCP IP under Windows 95 98 you can use a utility ...

Page 106: ...e 67 2 Decide on a NID name for your chosen MAC address This can be any alpha numeric string up to 16 characters long but may not include spaces 3 Enter the following command NID add 123456789abc name where 123456789abc is the MAC address and name is the name you re assigning If necessary repeat steps 2 and 3 for any other NID names you re assigning or if you re entering lots of NID names use TFTP...

Page 107: ... the command NID list This displays the NID name table Using NID names for security Management security options on page 45 and Management functions on page 79 explain how to set the admission parameter to control which stations can access the wireless LAN Use the CLM to issue the command set admission named After that the Nokia A032 will only accept new connections with wireless stations which hav...

Page 108: ...102 Nokia A032 Advanced User Guide A032 Adv book Page 102 Monday November 13 2000 10 47 AM ...

Page 109: ...2 supports a standard method for transferring information across the wired or wireless LAN to or from a station equipped with TCP IP and a TFTP client program What is TFTP TFTP stands for Trivial File Transfer Protocol It is a standard TCP IP utility and performs a similar task to File Transfer Protocol FTP TFTP is implemented using two components a TFTP server and a TFTP client The client makes r...

Page 110: ...ines The A032 has no hard disk but it still uses file names to identify its stored information Installing a TFTP client program The Nokia A032 Utilities CD ROM provides a TFTP utility program However the Nokia A032 will work with any TFTP client program If you have one installed you can use that If you need to install the Nokia TFTP client see Appendix D Utilities CD ROM A032 Adv book Page 104 Mon...

Page 111: ...ching files For a description of the files which you can transfer see TFTP accessible data on page 107 To use the TFTP program 1 Choose Start Programs Nokia A032 Nokia TFTP client You ll see the following window 2 If you want place a check in the Remember recently used file names and IP addresses box This will save time next time you use TFTP 3 Enter the IP address of the Nokia A032 into the IP Ad...

Page 112: ...ou may see one or more of the following error messages during file transfer Message Possible causes timed out You typed the wrong IP address you have not connected to the Nokia A032 or the Nokia A032 is configured not to accept TFTP from your station unknown file You probably made an invalid entry in the Remote File field upload in progress Another station is performing an upload at the same time ...

Page 113: ...2 and updates all the operating parameters This will usually be a configuration that has been previously downloaded and may have been edited nids txt fetch This creates a file on your client containing the NID table and bridge table entries Potentially it also contains the WEP information which may be encrypted or in editable text form see Data encryption and security on page 127 and Using the WEP...

Page 114: ...tents of the log file is explained more fully in Appendix F The uploaded log file is stored in regular text format An example of a log file is shown below Message CLM Request Initializing version B4 00 01 on Fri 12 May 2000 11 27 16 Initialize LAN port LAN Port ready Message Web Request Initializing version B4 00 01 on Fri 12 May 2000 11 28 22 Initialize LAN port LAN Port ready Initializing versio...

Page 115: ...iguration settings for future reference or as a backup before performing any new configuration You can use a backup copy of config txt if you run into problems while configuring or upgrading the Nokia A032 An example of a config txt file is shown below Note This does not save or restore NID name Bridge Table or password entries A032 Adv book Page 109 Monday November 13 2000 10 47 AM ...

Page 116: ...s 192 168 100 100 ap_name ourap LAN_if 10baseT domain ETSI sifs_time 000 telnet 00023 web 00080 wep_mode any radius protocols all admission all manager any 0 0 1 basic_rate 1000 2000 wep_key_range 40 128 dhcp_pool 6 dhcp_base 192 168 100 100 isp_num 0800123456 isp_user ispuser mdm_speed 57600 mdm_holdtime 00003 nat_port serial community_get public community_set private default setting A032 Adv boo...

Page 117: ...onfig txt 2 Modify the file as follows Old line channel 10 Modified line channel 11 3 Save config txt 4 Send the file to the Nokia A032 using the TFTP client When you send config txt the following action is taken by the Nokia A032 1 The new configuration file is read in and checked for format If there are any format errors the configuration is not updated 2 If the send is good all the parameters e...

Page 118: ...32 it will be stored in a disk file with one line for each NID Table or Bridge Table entry for more on bridges see Appendix B Wireless bridges and repeaters An example of a NID file is shown below The file contains the following information The first line shows the date on which the upload was performed The access point name is shown in parentheses The second line is a security field which should ...

Page 119: ...on Username is a user friendly name for the station Personal_WEP_key is the station s key when using WEP encryption see Personal WEP keys on page 133 N this field is used by the tools and should not be changed Note the first letter indicates whether the entry is a station N or bridge B device A032 Adv book Page 113 Monday November 13 2000 10 47 AM ...

Page 120: ...are available New releases might have additional features or might fix anomalies that have been reported in the operation of the unit In such cases Nokia will provide a binary file as denoted by the extension bin e g a032 bin along with upgrade instructions For example to upgrade the A032 firmware 1 Using the TFTP client select a032 bin as the Local File and img1 bin as the Remote File 2 Click Sen...

Page 121: ...s could allow unauthorized users to update the unit There are two ways to disable TFTP access Set a specific manager s IP address see page 46 to prevent unauthorized TFTP transfers See Management functions on page 79 Set the security lock parameter on See page 79 When the security lock is on the config txt upload feature is disabled Note It is not possible to overwrite the management password by T...

Page 122: ...116 Nokia A032 Advanced User Guide A032 Adv book Page 116 Monday November 13 2000 10 47 AM ...

Page 123: ...n the Utilities CD ROM supplied with your Access Point The MIBs are provided in ASCII text format for easy incorporation into SNMP Manager Products The Nokia A032 supports Get Get Next and Trap operations but does not support Set operations Items which are listed as Read Write in the MIB will cause an error response if a Set command is issued Data Supplied in file RFC1213 MIBII RFC1213 mib IANAifT...

Page 124: ...ntries in the Inter face table Interface 1 is the Ethernet Interface and Interface 2 is the IEEE802 11 Interface AT Not Supported Internet Protocol All fields supported Static information ICMP Supported as appropriate TCP TCP connections are shown in an eight row table All fields are supported in each table row However the table size is fixed If there are more than 8 TCP active connec tions to the...

Page 125: ... supported The following groups are supported Dot11SMT Station Configuration Table All entries supported Read only Dot11SMT Authentication Algorithms Table All entries are static Dot11SMT WEP Default Keys Not supported Dot11SMT WEP Key Mapping Table Not supported Dot11SMT Privacy Table Supported Dot11SMT SMT notification Not supported Dot11MAC Operation Table Fully supported Read only Dot11MAC Cou...

Page 126: ...unit hardware Should correspond to exterior label Hardware Information Special information about this unit normally shows Unknown Software Version Shows Version number of firmware and BIOS in flash memory Software Build Date Compile date of firmware may be useful for support System Loading Shows current processor load for Access Point 0 100 Buffer Utilization Percentage of memory buffers used 0 10...

Page 127: ... filter all or TCP IP Telnet Access indicates whether Telnet access is enabled Telnet Port TCP IP port number on which Telnet service is provided Web Access indicates whether Web access is enabled Web Port TCP IP port number on which Web service is provided Management Enable Global setting of Management enable flag all none specific Gateway Address IP address of network gateway configured into Acc...

Page 128: ...installed Radio Description Taken from the CIS of the PCMCIA Radio card Radio Firmware Indicates the version of firmware used by the PCMCIA radio MAC processor Radio Usage The percentage utilization over a recent 10 second inter val 0 100 Radio Rx All Frames Counter of frames received from PCMCIA card Radio Rx Mgmt Frames Counter of management frames received from PCMCIA card Radio Rx Data Frames ...

Page 129: ...x Accept frames Counter of frames which are copied into Access Point for processing LAN Rx Copied Octets Counter of bytes transferred into Access Point from LAN interface LAN Rx Frame Discards Frames discarded by Access Point due to unspecified problem LAN Tx All Frame Counter of all frames sent to LAN interface LAN Rx Sent Octets Counter of Bytes transferred to LAN interface Serial Status Indicat...

Page 130: ...ad password in entered in the manage ment log on Trap EGP Loss Not supported Trap Enterprise Supported as below A032 Authenticate Fail Generated in the event that a station tries to associate but is refused due to the fact that the NID Name security or WEP feature is enabled Note that this trap is limited to being generated no more than once every 30 seconds to prevent flooding due to denial of se...

Page 131: ...SNMP managers to be defined This is not required if only Get functions are required By checking the allow any manager box in SNMP configuration access restrictions are removed However traps can only be sent to nominated managers as defined in the configuration The configuration screen allows entry of the SNMP community names for both Get and Set Although set is not supported in the Access Point th...

Page 132: ...126 Nokia A032 Advanced User Guide A032 Adv book Page 126 Monday November 13 2000 10 47 AM ...

Page 133: ...y on page 163 Managing keys using the supplied utility General security overview One of the useful characteristics of wireless LAN is that the radio signal can penetrate walls and windows to increase coverage However if you don t take steps to protect your network unauthorized users could intercept data or even gain access to your network The Nokia A032 provides comprehensive security measures to ...

Page 134: ...dministration of passwords is not warranted by the low risk of an eavesdropper wanting to intercept your data Network access should be taken more seriously you should not leave unsecured network resources such as servers or shared directories on an open wireless LAN Use password locking at the operating system level for these resources to provide effective access security Level Authentication Encr...

Page 135: ...ned masquerade attack where a hacker illegally discovers and uses your MAC address Levels 2 and 3 Levels 2 and 3 use WEP wire equivalent privacy WEP is designed to provide both access control and eavesdropping protection WEP depends on the use of keys equivalent to passwords Both the access point and the wireless client must know the key The success of WEP depends on keeping the key away from unau...

Page 136: ...he harder it is for someone else to crack the code Some governments restrict the use of very secure keys and for this reason the IEEE802 11 standard specifies 40 bit keys for general use 40 bit keys provide a high degree of security uncrackable by all but the most determined attackers The Nokia A032 allows the use of longer keys where local regulations permit up to 128 bits in length Such keys are...

Page 137: ...the same random number and its copy of the key 5 If the keys match the result of the computation will match that sent by the wireless client the wireless client is authenticated and may be accepted The computation is such that a hacker intercepting both the challenge and the response cannot work back to find out the key Intuitively you might think that if you can compute the response from the key ...

Page 138: ...which keys are created stored and passed to users Even the most secure system is worthless if the secret keys are intercepted Key management is a general term for the way in which you allocate and control key password allocation to users The Nokia A032 provides two basic approaches for key management Shared WEP keys All wireless clients in a group use the same key Personal WEP keys Each wireless c...

Page 139: ...osed outside the organization Every time someone leaves the group it may be necessary to change the shared WEP key to maintain security Personal WEP keys When using personal WEP keys Each wireless client is assigned a personal WEP key A list of personal WEP keys is held by the access point or is accessible via an external database see Key databases on page 140 An access point uses a different key ...

Page 140: ...keys to users on a floppy diskette without disclosing the actual key values Keys are stored on some other medium such as a smart card which can be inserted into the wireless LAN adapter card Nokia wireless LAN adapters support a range of these options If you are required to enter a WEP key manually you might be able to use an ASCII text string e g mypwd However many adapters will require you to en...

Page 141: ... on page 37 if you re using the web interface and WEP security functions on page 82 if you re using the CLM If you are using personal WEP keys the problem of key management can be much harder This is because there can be a different key for each wireless station in your organization To assist in the management process Nokia provides a key management utility WEPGen with the Nokia A032 access point ...

Page 142: ...int The active shared WEP key is also used to transmit broadcast and multicast frames even to wireless clients which are using personal WEP keys for normal data This means that even if you are using personal WEP keys you should always define at least one active shared default key to the access points and wireless clients Changing a shared WEP key Having a pool of shared WEP keys makes it easy to c...

Page 143: ...s point to use the new key as its active key At this point you can delete the old key values from the access point 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert Key Value 1 ABC 2 3 4 Key Value 1 ABC 2 DEF 3 4 Key Value 1 ABC 2 DEF 3 GHI 4 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert K...

Page 144: ...five bytes However the Nokia A032 provides the option to use longer i e stronger keys if the network administrator chooses Key lengths of 40 56 64 96 and 128 bits are supported The key size or range of allowed sizes must be specified in the access point through configuration the default is 40 bits This entry 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link la...

Page 145: ... key policies Normal Strong and Custom Normal mode all keys must be 40 bits 5 bytes long This is also IEEE802 11 compatible mode Strong mode all keys must by 128 bits 16 bytes long This is the highest security mode Custom mode other key lengths or ranges of key lengths can be used When Custom WEP key policy is selected the administrator must also select a key length range by specifying and minimum...

Page 146: ...f the MAC address WEP key and a user assigned name If the local database is selected and personal WEP key operation is activated each time a wireless client attempts to communicate the access point will search for the client s entry in the NID name list and use the corresponding WEP key to authenticate the client The limitations of the local database are A maximum of 200 entries If there are multi...

Page 147: ...he key cannot be discovered while being retrieved by the access point across the network On arrival at the access point the key is decrypted using the RADIUS Shared Secret of the access point Setting up a RADIUS external key database The Nokia A032 can use RADIUS to access an external key database There are several parameters which must be configured to allow this feature to work To understand the...

Page 148: ...match is bad a reject message is returned Nokia specific implementation of RADIUS operation The above mode of operation doesn t quite suit the requirements of the access point The access point does not want the server to make the decision to accept or reject the wireless client Indeed at the time the RADIUS request is made no challenge has yet been issued to the client The access point wants the R...

Page 149: ...the password is encrypted using a shared secret 3 The RADIUS server decrypts the password value using the appropriate shared secret and then looks up the username in its database 4 If the username is not found the server replies with a reject message If the username is found the server checks that the value of dummy password is correct and then replies with an accept message containing the WEP key...

Page 150: ...t across the link in plain text This means that the RADIUS server does not encrypt the WEP key However the Key generator utility WEPGen encrypts the WEP key before it is entered into the RADIUS database Therefore the system is protected from unauthorized interception The Nokia A032 allows you to enter the IP addresses of two RADIUS servers If a request to the primary server does not receive a repl...

Page 151: ...a A032 does not support roaming by wireless stations from one bridge to another To avoid this each Nokia A032 used as a bridge should be assigned a unique network name This will prevent inadvertent roaming Wireless bridges A LAN MAC bridge has a specific meaning in LAN networks and should not be confused with a wireless point to point bridge A wireless bridge is one of a pair of units used to conn...

Page 152: ...ng network However using multiple bridges the data rate will be affected by the amount of broadcast messages sent Each broadcast message is copied by the originating access point and sent to each bridged access point individually the more broadcast messages sent the slower the network will be In practice if you need to use more than three or four bridges in your network you may need to rethink you...

Page 153: ...ed the more repeaters you use degradation of data rate data rate number of repeaters 1 Examples For one repeater the data rate is halved For two repeaters the data rate is divided by three and so on LAN A LAN B repeater wireless bridge wireless bridge hub hub 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert 1 5 10 50 80 100 busy air tx air tx p...

Page 154: ...on in operation because the wireless laptop sends data across the first wireless link and the data has to be re transmitted to LAN B wireless bridge wireless bridge hub hub LAN A LAN B wireless laptop 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy...

Page 155: ...ridged to LAN C using wireless bridge Y as a repeater Hub LAN A LAN B LAN C Hub Hub Bridge repeater X Bridge repeater Y Bridge repeater Z wireless laptop 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert 1 5 10 50 80 100 busy air tx air tx powe...

Page 156: ...The wireless laptop can communicate to LAN C using both X and Y as repeaters First the data is sent to X which retransmits it to Y Y then retransmits it to Z Multiple bridge paths LAN B can communicate with LAN A and LAN C In this case the wireless bridge Y will choose to send the data either to X or Z according to the destination LAN A032 Adv book Page 150 Monday November 13 2000 10 47 AM ...

Page 157: ...ou connect and configure your network make sure you have all the necessary information to hand 1 Draw a topology map showing all the Nokia A032s you plan to include in the bridge repeater function 2 On the map show the bridge partner relationships and make sure that there are no loops In the example below involving four access points A and D act as wireless bridges B acts as a wireless bridge and ...

Page 158: ...Web diagnostics screen is shown below the Radio MAC Address can be seen clearly Nokia Access Point as wireless bridge 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert A Bldg 1 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert B Bldg 2 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 10...

Page 159: ...oint Nokia Access Point as wireless bridge 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert A Bldg 1 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert B Bldg 2 1 5 10 50 80 100 busy air tx air tx powe r 1 5 10 50 80 100 busy air tx air tx lan link lan busy alert D Bldg 3 1 5 10 50 80 100 busy...

Page 160: ...r the information for all the A032 s bridge partners using the bridge command which has the format bridge add MAC Name where MAC is the MAC address of a bridge partner and Name is a name for that partner of up to 16 characters which you can choose 3 Repeat steps 1 and 2 for all the other access points 4 Restart all the A032s Once all the Nokia A032s are operating they will automatically learn wher...

Page 161: ...dgeC 5 Connect to access point C IP address 192 168 0 3 6 Enter the following commands bridge add 00e003008192 bridgeB bridge add 00e00300bc12 bridgeD 7 Connect to access point D IP address 192 168 0 4 8 Enter the following command bridge add 00e00300a04c bridgeC 9 You can use the command bridge list to show the entries Also you can use the command bridge delete to remove entries made in error or ...

Page 162: ...st This may result in loss of communication in the network for up to 5 minutes until the information is re learned from the network Associated CLM commands bridge list shows any bridge partners associated with the current access point bridge add adds the MAC address of a new bridge partner to the bridge list bridge add MAC Name bridge delete deletes a bridge partner from the current access point b...

Page 163: ...network Nokia WLAN protocols Selects protocol filtering all TCP IP parameters gateway Sets Default Route when TCP IP filtering 0 0 0 0 none ip_address Sets IP address of Nokia A032 0 0 0 0 none subnet_mask Sets Subnet Mask for local network 255 0 0 0 Management functions admission Enables Association screening all basic_rate The basic rates are set in kHz Valid values also include 1000 2000 5500 a...

Page 164: ...n external server use_encrypted_nid Affects the format of the nids txt file used to load specific keys false wep_key Assigns a value to one of the four default keys wep_key_active Specifies which of the four default keys is active wep_key_range Specifies encryption level 40 wep_mode Specifies management access wep Internet service provider information isp_dns1 Fixed value of ISP DNS server isp_dns...

Page 165: ...00 NAT setup nat_gateway Gateway address of external LAN 0 0 0 0 nat_port Determines on which interface NAT is active off nat_subnet Subnet mask of external LAN 0 0 0 0 SNMP setup community_get Determines which SNMP users can access information public community_set Not supported private Parameter Function Default A032 Adv book Page 159 Monday November 13 2000 10 47 AM ...

Page 166: ...160 Nokia A032 Advanced User Guide A032 Adv book Page 160 Monday November 13 2000 10 47 AM ...

Page 167: ... to your Start menu and install various programs files and utilities on your hard disk Installing the Nokia A032 utilities To install the Nokia A032 utilities 1 Insert the Nokia A032 Utilities CD ROM into the computer s CD ROM drive 2 Select your language 3 Read the Nokia license conditions If you agree to them click Agree 4 Follow the remainder of the on screen instructions to install the softwar...

Page 168: ...okia Access Point Upgrade Nokia TFTP Client Nokia WEP Key Generator Remove Nokia Wireless LAN Utilities See Upgrading on page 191 for upgrade instructions See Using TFTP on page 103 for instructions on using the Nokia TFTP client See Using the WEPGen utility on page 163 for more information on using WEPGen the Nokia WEP key generator Removing the Nokia A032 utilities To uninstall the Nokia A032 ut...

Page 169: ...g personal WEP keys The utility allows you to Enter and store lists of users and keys Download the keys into an access point Save a disk file which can be used to load keys into an authentication server Installing the WEPGen utility The WEPGen utility is installed as part of the Nokia A032 utilities suite see Utilities CD ROM on page 161 A032 Adv book Page 163 Monday November 13 2000 10 47 AM ...

Page 170: ...kia A032 Nokia WEP Key Generator You ll see the following window 2 Enter a Shared Secret The shared secret is a text string up to 16 characters long It must be the same as that configured into the access points with which you intend to use the generated keys A032 Adv book Page 164 Monday November 13 2000 10 47 AM ...

Page 171: ...ntered into an external Authentication database are encrypted using the shared secret Before the access point uses the keys it internally decrypts them using its own copy of the shared secret The shared secret is also checked when the utility loads a previously stored set of keys There s more on this in Setting up a RADIUS external key database on page 141 After entering the secret you can do one ...

Page 172: ...he access point using the TFTP utility see Using TFTP on page 103 Entering users that have WEP keys Now you are ready to add delete or modify keys The information you enter will depend on whether you are using a normal wireless client or a special Nokia wireless client using Smart Card WEP key storage Normal wireless client In the case of a normal wireless client take the following steps 1 Enter a...

Page 173: ...96 or 128 bits the utility will create a random number of its own choosing and enter it into the WEP Key field In this case you should make a note of the hex value so that you can enter the same key into the wireless client later 4 When you have entered the information make sure that the Bridge Entry box is clear and click Add The key should appear in the display window Nokia Smart card solution I...

Page 174: ...unction of the access point you need to specify to the access point which devices are peer bridges You can use the WEPGen utility to enter these devices by adding the NID Name and MAC Address of the bridge device and checking the Bridge Entry box Storing the entries in a database file When you have finished entering or modifying the key you can save it as a key database recommended or transfer the...

Page 175: ...to be fully encrypted If you check the Fully encrypted box the resulting file will be unreadable to a normal text editor Otherwise the file will be written using a text format in which only the key values are encrypted 5 Click OK 6 Specify the file location for the database A032 Adv book Page 169 Monday November 13 2000 10 47 AM ...

Page 176: ...configuration of the access point In other words if you choose the fully encrypted option the access point must also be configured with the check box Use encrypted nids txt on the WEP screen setup page see page 49 Using the WEPGen utility To transfer the database directly from the WEPGen utility to the access point 1 Click the radio button Transfer keys to an Access Point 2 Click Go do it 3 When p...

Page 177: ...hat you can send to several access points in turn by modifying the IP address 7 When you re finished click Close Using TFTP If you have saved a WEP key database using the name nids txt you can transfer it to the access point using a TFTP client utility see Using TFTP on page 103 Briefly 1 Enter the IP address of the access point 2 Specify nids txt as the target filename destination A032 Adv book P...

Page 178: ...y encrypted depending on the configuration of the access point Using the WEPGen utility To transfer a key database from an access point directly into WEPGen 1 Make sure that you have entered the Shared Secret corresponding to the access point 2 Click the from Access Point radio button 3 Click Load 4 When prompted confirm the Shared Secret 5 Enter the IP address of the access point 6 Specify whethe...

Page 179: ...nsure that the client s copy of the specific key matches that of the access point To create such a file 1 Select one key in the key window 1 Click the radio button Make Nokia Client Key File 2 Click Go do it 3 Confirm the Shared Secret 4 Enter a key name and a comment 5 Specify the destination for the file 6 Click OK to create the file A032 Adv book Page 173 Monday November 13 2000 10 47 AM ...

Page 180: ...174 Nokia A032 Advanced User Guide A032 Adv book Page 174 Monday November 13 2000 10 47 AM ...

Page 181: ...032 s IP address you might not be able to access the A032 from a client machine If IP information in your client machine is obtained using DCHP you may need to renew the information before you can access the A032 Under Windows 95 98 Under Windows 95 98 you do this using WinIPcfg 1 Choose Run from the Start menu 2 Enter WinIPcfg and press Return 3 Select the correct adapter card in the pull down me...

Page 182: ...000 NT 1 Open a DOS prompt 2 Enter ipconfig release This will release the old address 3 Enter ipconfig renew to renew the address You should now be able to access the A032 from your client machine A032 Adv book Page 176 Monday November 13 2000 10 47 AM ...

Page 183: ...main on The code should be read from left to right To identify the code write down each LED as a 1 or 0 depending on its state on 1 For example the pattern on on off off on off would be written 110010 The following table shows the meaning of the initialization error codes Note If the unit fails to perform the initialization sequence it may need to be repaired In this case contact your supplier for...

Page 184: ...aired Code Meaning Log text 100001 Bad code image none 110000 Bad PCMCIA hardware PCMCIA hardware failure 110001 No PCMCIA No PCMCIA card detected 110010 Bad PCMCIA card Non compatible PCMCIA card 110011 Bad radio does not initialize Cannot initialize radio 110100 Bad firmware version Incorrect firmware version 001000 Bad DRAM stuck address Memory error type 1 001001 Bad Ethernet RAM stuck address...

Page 185: ...d or because it is an incompatible radio card 110011 Bad radio does not initialize Indicates that the PCMCIA radio card does not respond to initialization requests This may indicate that the card is faulty Try using an alternative radio card 110100 Bad firmware version Indicates that the PCMCIA radio card has an incompatible version of firmware loaded The manufacturer of the radio card will normal...

Page 186: ...onfiguration information is bad 011001 Bad manufacturer s information Indicates that the internal configuration information has been corrupted Contact Nokia Technical Support 011010 Bad log sector Indicates that the log information in the flash memory has been corrupted In this case the Nokia A032 will automatically restore an empty log file The original log and NID name information will be lost b...

Page 187: ...ting log file changes are written into the flash memory as a record of the event The log file can hold data from approximately 30 restarts After this the oldest entries are overwritten by new entries To keep a more permanent record upload the log file periodically using TFTP and save it to disk see Using the TFTP client program on page 105 Note The log file only records successful initializations ...

Page 188: ...radio card is initialized As part of radio card initialization the log records the firmware version of the radio card After the radio is initialized the unit is operating normally Message CLM Request Initializing version B4 00 01 on Fri 12 May 2000 11 27 16 Initialize LAN port LAN Port ready Message Web Request Initializing version B4 00 01 on Fri 12 May 2000 11 28 22 Initialize LAN port LAN Port ...

Page 189: ...s after successful initialization To provide a solution to this problem the Nokia A032 also writes all log file entries to the serial port during initialization If the unit fails to initialize and you can t discover the problem try attaching a serial terminal to the unit Connect a serial terminal to the serial port with the following settings Baud rate 9600 bps bits 8 No parity This will result in...

Page 190: ... hardware failure No PCMCIA card detected Non compatible PCMCIA card Cannot initialize radio Incorrect firmware version Memory error type 1 Memory error type 2 Configuration error default loaded LAN Interface Error Configuration error Bad unit checksum Log sector bad recovered System fault A032 Adv book Page 184 Monday November 13 2000 10 47 AM ...

Page 191: ...gotiates the speed of the connection based on the quality of the phone line 2 Talking to the ISP server and agree that it can use the PPP protocol 3 Identifying the user to the ISP by sending a username and password 4 Agreeing the IP addresses that will be used during the session If all four steps complete the Nokia A032 will be able to deliver and receive IP packets to and from the Internet We ll...

Page 192: ...ed data rate you may need to specify that in Advanced Internet Access setup modem on page 51 The Nokia A032 sends a reset command to the modem and then optionally sends a user defined initialization string Most modems do not need an initializa tion string However if you are having problems check the Nokia support site for more information on this The Nokia A032 issues the command to dial You shoul...

Page 193: ... of the bartering process However if the two sides are unable to agree one will eventually give up and drop the link If you see a long sequence of LCP messages followed by a hangup then there is probably a compatibility problem between the ISP and the Nokia A032 In this case you should contact Nokia technical support for advice If the PPP Log contains configure requests but no replies the ISP eith...

Page 194: ...e a reject message in the PPP log or the line will just be dropped by the ISP If your password is not accepted there may be several causes including Incorrect capitalization With most ISPs the password open is not considered the same as Open Missing prefix Sometimes the username needs to be prefixed with a network identifier For example an ISP called Fastnet Inc might require the user name to be p...

Page 195: ...rmation to the Nokia A032 to use as its external IP address see Appendix H The negotiation during this phase is done in a similar way to the LCP negotiation However in this case the protocol is called IP Configuration Proto col IPCP If the ISP fails at this point of the negoti ation you may have programmed incorrect values in the Nokia A032 or the ISP is unable to provide IP infor mation automatic...

Page 196: ...ity locked see page 79 and page 45 you can use the following procedure 1 Put the Nokia A032 into Learn mode see the Getting Started guide 2 Hold in the mode button The LEDs perform a binary count slowly coming on from left to right 3 Keep holding the mode button until all the LEDs are on This takes about 10 seconds The unit has now overwritten the configuration with the factory defaults it should ...

Page 197: ...der Microsoft Windows 95 98 2000 or NT Overview The Nokia A032 uses flash memory for storage of important information including the operating firmware of the unit Flash memory has the advantage that the memory contents are not lost when the unit is powered off However the contents can be changed by a special procedure This allows the firmware in the unit to be upgraded in the field a big advantage...

Page 198: ...n entered using the nid add or bridge add commands is also stored in this portion Configuration information This stores all the current operating parameters Using the Nokia Access Point Upgrade utility you can upgrade the firmware and the BIOS It is important to note that upgrade is not a required operation in fact most users will not need to upgrade the unit Nokia Access Point Upgrade utility You...

Page 199: ...ility to establish communication between a PC workstation and the Nokia A032 1 Make sure you have installed the Nokia utilities onto the PC workstation as described in Appendix D 2 Connect a serial cable between the PC and the Nokia A032 Important The serial cable should be of the null modem or data transfer type 3 Choose Start Programs Nokia Access Point Upgrade A032 Adv book Page 193 Monday Nove...

Page 200: ...tinue to hold the mode button while the info LEDs all switch on then go off This takes about five seconds 7 Keep holding the button until the info LEDs come on again This happens about 5 seconds after they have gone off 8 When the info LEDs come on again release the button Assuming you have the correct serial cable and COM port a message will appear in the Nokia Steps 4 7 Restart the Nokia A032 in...

Page 201: ...Upgrading the Nokia A032 195 Access Point Upgrade utility window and the status will indicate Idle You re now ready to upgrade the Nokia A032 A032 Adv book Page 195 Monday November 13 2000 10 47 AM ...

Page 202: ...For example the firmware file may be called something like 03_A032 bin If you do not have the required file for a given upgrade the appropriate option in the Nokia Access Point Upgrade utility window will not appear To perform an upgrade 1 Select the appropriate option Firmware or BIOS from the Upgrade drop down menu in the Nokia Access Point Upgrade utility window 2 Click Send You ll see a status...

Page 203: ...network into a single external IP address for use on the intranet or Internet Users outside the firewall have no visibility of the real IP address of your network Firewall Internet Nokia Access Point local IP network external IP address 1 5 10 50 80 100 bus y air tx air tx pow er 1 5 10 50 80 100 bus y air tx air tx lan link lan bus y aler t Modem A032 Adv book Page 197 Monday November 13 2000 10 ...

Page 204: ...nternal LAN The NAT function normally works in conjunction with the dial up networking function Most ISPs allocate an IP address dynamically to a computer that dials in The Nokia A032 uses that IP address as the external IP address to represent your LAN However an advanced feature of the Nokia A032 is the ability to put the NAT firewall between the wireless and wired LAN instead of using a modem c...

Page 205: ... options Some applications require the NAT function to be placed at the LAN or air radio interface For example an office workgroup could connect to a corporate LAN but have a locally administered IP domain by putting the NAT function on the LAN interface nat_subnet and nat_gateway When the NAT port is set to LAN or radio the interface does not use PPP Instead the LAN on the other side of the NAT f...

Page 206: ...tx air tx lan link lan bus y aler t Intranet Laptop 192 168 0 1 Local network subnet 255 255 255 192 Nokia Access Point internal 192 168 0 3 DNS server 200 200 1 1 Gateway 200 1 50 254 NAT Firewall Nokia Access Point external 200 1 2 3 External network subnet 255 255 0 0 A032 Adv book Page 200 Monday November 13 2000 10 47 AM ...

Page 207: ...external LAN access to resources on your local LAN such as a web site or an FTP server You can only do this if your ISP allows you to have a static IP address assigned to the external interface You can use the browser interface page 54 to define a NAT hole table with up to four holes A NAT hole defines a route through your NAT firewall to access one particular device Note This function is only use...

Page 208: ...t 80 on machine with IP address 192 168 0 77 The NAT firewall would make the required address translation Parameter Description Port number Here are some well known port assignments 21 FTP 23 Telnet 25 SMTP 53 DNS 68 BOOTP 69 TFTP 80 WWW 110 POP3 162 SNMP Protocol The protocol to be used e g TCP IP Address The IP address of the machine hosting the service on your local network The port number sele...

Page 209: ...active key 38 setting via CLM 84 active settings reverting 34 address DHCP 28 29 MAC 31 admission 45 72 default 79 157 advanced Internet sharing status 18 AIR wireless interface Internet access 60 All link on Associated stations status page 24 All stations link 18 allow SNMP managers 64 ap_name 71 default 77 157 arp command 91 arp nat command 91 Associated Stations link 18 23 24 authentication 127...

Page 210: ...ng 67 CMD prompt 69 commands 90 help 90 password access 79 set command 70 set command parameters 71 CMD prompt CLM 69 command logon script entries 56 command line monitor see CLM community names 64 community_get 73 159 default 89 community_set 73 159 config command 91 config command 91 config txt 107 109 configure SNMP 125 configuring web pages 1 Connect button 4 contact information 64 conventions...

Page 211: ...t feature 46 SNMP get 64 SNMP traps 64 TFTP 46 Disable Enable button 4 disable LAN command 92 disable radio command 92 Disconnect Abort button 4 DNS 58 DHCP DNS server 65 external IP address 53 IP address 61 domain 71 default 75 DSR 19 dummy password 50 143 144 dynamic port assignment 59 E eavesdropping 129 Enable button 4 encrypted logon 52 encryption 128 strength 49 enterprise specific traps 124...

Page 212: ...me link 2 page 2 3 Home page features 3 graphical cues 6 menu bar 3 hop 149 hybrid repeater 149 I IEEE802 11 MIB II 13 img1 bin 107 114 In Hex box 167 inactivity timer 20 52 info LEDs error codes 178 initialization error codes 177 log file 181 install Nokia utilities 161 TFTP client 104 internals status 18 30 Internals link 18 Internet access basic setup 39 disabling 43 link status 7 modem setup 5...

Page 213: ...3 158 default 86 isp_user 73 158 default 86 K key active 84 management 132 modifying 166 strength 130 key database 50 saving 168 key file loading 166 L LAN bridge 149 icon on Home page 7 interface 44 network status 8 statistics 10 15 lan 72 81 LAN port Internet access 60 NAT 9 LAN stations status 18 Learn mode disabling 46 local file 106 local key database 82 140 location information 64 lock 72 11...

Page 214: ...p 51 backoff mode 20 NAT port 43 setup string 52 speed 52 status 19 Modem link 18 22 N NAT firewall 9 43 firewall status 26 port 39 port selection 43 setting NAT holes 54 table entries 26 nat command 92 nat command 92 nat_gateway 73 159 default 88 nat_port 73 159 default 88 nat_subnet 73 159 default 88 net_name 71 default 77 157 network name 121 145 setting 36 nid command 92 NID name 166 nids txt ...

Page 215: ...ring 42 protocols 71 default 77 157 R radio icon on Home page 7 statistics 10 11 usage 31 radio card statistics 13 radio channel setting 35 radio port NAT 9 RADIUS 141 RADIUS password 84 RADIUS protocol 140 RADIUS server 50 141 IP address 50 radius_server 72 84 158 raw statistics 13 regulatory domain 31 35 71 remote file 106 renew client IP information 175 repeater 145 hybrid 149 multiple 149 rest...

Page 216: ... Specific Managers button 47 setup basic setup information 33 DHCP 65 Setup link 3 32 setup pages 1 viewing 32 shared secret 50 72 141 165 shared WEP key 38 82 132 active 84 deactivating 83 setting 38 setting active key 84 shared_secret 72 84 158 short_retry 71 default 75 157 show command 94 Show LAN button 15 Show Radio Detail button 13 sifs_time 71 157 default 75 SNMP 63 117 configuration 125 st...

Page 217: ...08 install TFTP client 161 installing client program 104 manager 45 sending and fetching files 115 specific managers 45 46 transferring keys to database 168 using client program 105 TFTP server 104 time 8 setting with the CLM 69 time command 69 94 trace command 95 Transfer keys to Access Point button 170 trap 124 troubleshooting 175 U UDP frame 58 uninstall Nokia utilities 162 Use Encrypted nids t...

Page 218: ...cy 139 setting mode via CLI 82 setting via Web interface 37 setup 37 shared WEP keys 132 WiFi 37 WEP key utility 163 wep_key 72 83 158 wep_key_active 72 84 158 wep_key_range 72 83 158 wep_mode 72 82 158 WEPGen 49 84 163 setting up bridges 156 using 163 WiFi WEP setting 37 wire equivalent privacy see WEP wireless network status 8 wireless bridge 145 wireless bridging 168 wireless interface Internet...

Reviews:

No comments

Related manuals for A032

Brand: 2N Pages: 3

DAP-2553 - Wireless N Dual Band Gigabit Access...

Brand: D-Link Pages: 32

Brand: Ebyte Pages: 11

Brand: FS Pages: 12

Brand: Telrad Pages: 10

Nfiniti AirStation WZR-AGL300NH

Brand: Buffalo Tech Pages: 24

Brand: MikroTik Pages: 7

Brand: EnGenius Pages: 3

Brand: Ubiquiti Pages: 32

Brand: Xterasys Pages: 52

Brand: Ebyte Pages: 25

Brand: Quantum Pages: 18

SimpleLink SWRS225D

Brand: Texas Instruments Pages: 69

Brand: Ebyte Pages: 17

Brand: Ebyte Pages: 23

Brand: Ebyte Pages: 21

Brand: Ebyte Pages: 26

Brand: Ebyte Pages: 24

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands