background image

 

 

 

 

 

Page 26 of 55 

airPoint™ Nexus User Configuration Guide

 

i n t e l l i g e n t     w i r e l e s s     p l a t f o r m

3.

 

Security

  

 

The Security Configuration page allows the client devices to authenticate with the airPoint™  unit by 
using different security modes. 
 
Follow the steps below to configure the airPoint™ unit with Security Parameters:  

 

1.  Click the Security link from the ‘Radio Main’ page. 
2.  Click on the Required Security Mode. 

 

 

If the user selects the Security Mode as: 
 

1) None

:  

 
There is no Security involved and any client device can associate with the airPoint Bridge. For WDS 
clients such as the airClient in Bridge mode, please enter in the WDS table.  
 

2) WEP

 

ONLY (Wireless Equivalent Privacy

):  

 
WEP key encryption is used. The following table describes the information for the WEP only Settings: 
 

Table 3-1 WDS Table

 

Page Items 

Descriptions 

Authentication  

Select authentication method between open system and shared key 
Open system: Open System is null authentication. With WEP enabled and 
valid WEP key on both ends, it provides data encryption. Clients without 
correct WEP key still can associate but can not send packet through. 
Shared key: Strict authentication for both authentication and data 
encryption. Clients must provide valid WEP key to associate 

WEP Key Type 

HEX 

WEP Key Size 

Choose encryption key size between 40bits and 104bits 
When key size is changed, all 4 keys are lost and user needs to re-enter. 
64 bits: User has to input 10 HEX digits. 
128 bits: User has to input 26 HEX digits.  

Valid Key 

Choose which key in key table is used for authentication: 1 – 4 
This value must be matching between the airPoint™  device and the Client. 

Key Table 

Display / Set WEP keys 
A maximum of four keys can be set. 

 

 
The following page shows you the Security mode (WEP only) configuration: 

 
 

Summary of Contents for airPoint Nexus sB3210

Page 1: ...Copyright smartBridges Pte Ltd All Rights Reserved u n w i r i n g o u r w o r l d T M airPoint Nexus sB3210 User Guide Version 1 0 ...

Page 2: ...E CONFIGURATION PAGES 13 2 4 AIRPOINT BRIDGE CONFIGURATION PARAMETERS 18 2 4 1 Ethernet Configurations 18 2 4 2 Wireless Configuration 18 2 4 3 Radio Protocol 20 2 5 BRIDGE CONFIGURATION 22 3 SECURITY 26 4 TRAFFIC STATISTICS 31 5 TOOLS 32 5 1 1 SYSTEM CONFIGURATION 32 5 1 2 SNMP Security 33 5 1 3 Reset Options 34 5 1 6 NTP Time Server Setup 35 5 2 PROFILE MANAGER 36 5 2 1 Save Profile 37 5 2 2 Loa...

Page 3: ...al information regarding installation and set up Overview of User Guide This User Guide provides all necessary information needed to set up configure and deploy the airPoint Nexus The first chapter gives information on the configuration features and the system requirements The second chapter provides step by step information on logging in changing passwords and configuring the various parameters f...

Page 4: ...omers through the smartBridges support center website The website provides updated tools and documents to help troubleshoot and resolve technical issues related to smartBridges products and technologies To access the technical support resources please visit the support center website at http www smartbridges com support You will need to register for certain services and downloads on the smartBridg...

Page 5: ...l security etc parameters 5 Network bridge STP etc parameters 6 Bandwidth management 7 Antenna alignment 8 Security 9 Traffic Statistics 10 Site Survey 11 Profile management 12 User management 13 Link Test 14 Link Budget Planning Calculator 15 Firmware Upgrade 1 2 System Requirements The following are the minimum system requirements for the airPoint Nexus web based configuration management tool 1 ...

Page 6: ...in Sec 5 Longitude Deg Min Sec 6 UPS Installed Yes No 7 UPS specification if any KVA 8 Line Voltage 90V 264V AC 50 60 Hz 9 Near Line of site between sites Yes No 10 Height of tower Feet Meters 11 Repeater required to achieve a link Yes No 12 If Repeater required then reason why For example to achieve Long distance LOS etc 13 No of repeaters required Numbers 14 Required Throughput Mbps 15 Distance ...

Page 7: ...of scanning tools like Netstumbler Specify channel number Pre Installation Lab Testing of Equipment No Parameters Units Site A Site B 1 Network diagram along with IP address of all the interfaces for link to be setup in Place Yes No 2 Availability of Quick Installation Guide Yes No 3 Availability of Configuration guide and CD Yes No 4 Ensure that all items listed in the Package Contents of Quick I...

Page 8: ...te A Site B 1 Radio operations Mode Bridge 2 SSID of a Radio 3 IP address x x x x 4 Link Quality Percentage 5 RSSI dBm 6 Channel selected for Link 7 Radio Tx Output Power 5 to 23 dBm 8 Model of smartBridges airPoint equipment selected for a link sB3210 9 Antenna Type Parabolic sector 10 Antenna Mfg smartBridges Name of other manufacturer 11 Gain of antenna dBi 12 Antenna Polarization Horizontal Ve...

Page 9: ... cable not running near a sharp edge Yes No 5 Ensure airPoint along with antenna is fixed properly on a tower with the help of nuts and bolt supplied in packaging Yes No 6 Ensure antenna is pointed to get the best RSSI and link Quality Yes No 7 Ping response Ms 8 Ping success rate Percentage 9 Throughput test for upload bandwidth Mbps 10 Link stability based on observation for 1 Hr Yes No Signatur...

Page 10: ... URL address In addition the Sun Java Plug in should be installed The PC must be on the same subnet as the airPoint unit Follow the steps below to login as an Administrator to the web based configuration management interface system 1 Connect the airPoint unit via the ETH A ETH B port to a PC 2 Open a web browser on the PC 3 Enter the device IP address 192 168 0 206 in the web browser address field...

Page 11: ...r Configuration Guide i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 2 2 License Agreement Page Figure 2 3 Nexus Summary Information Page The page information descriptions are provided in the table on the following page ...

Page 12: ... Address Editable Ethernet IP Address IP Mask Editable Ethernet IP subnet Mask Gateway Editable Gateway IP address Ethernet Configuration DHCP Editable DHCP status Disabled Enabled User can enable DHCP by ticking the check box to obtain an IP address from the network DHCP server SSID Device SSID Channel Device operation channel Association Table Shows the Associated list of clients Wireless Config...

Page 13: ...uration Wireless Configuration Port Information parameters are displayed as read only Clicking on the underlined parameter heading allows you to edit the configuration parameters To change the Ethernet Configuration parameters click on the Ethernet Configuration link Similarly clicking on the Wireless Configuration link the Radio Configuration page will be displayed to edit any wireless settings T...

Page 14: ...set the IP settings for Ethernet wired side and Wireless interfaces depending on the device operational mode Bridge Configuration Displays the bridge address generic bridge port table spanning tree port table for ports ETH A ETH B Radio A etc Bridge configuration option is available when airPoint is configured as a Bridge Networking Traffic Statistics Displays the Ethernet and Wireless Traffic Sta...

Page 15: ... WDS capable devices such as the airClient Bridge needs to be input into WDS table Internal ACL Only the MAC addresses entered in the table will be associated The user needs to key in the authorized MAC either in the Internal ACL or WDS table WDS capable devices such as the airClient Bridge needs to be input into WDS table External ACL Radius Internal ACL This mode allows the user to use an Extern...

Page 16: ...hedules delayed reset at a future time NTP Server Allows user to change NTP Server settings Firmware Version Shows firmware s current version Radio Firmware Version Shows firmware s current radio version Reset to Defaults Resets the device to factory default values Ethernet MTU Size Allows user to set the Ethernet MTU size for different applications Syslog server IP Address Allows user to set the ...

Page 17: ...ng test These tools could be very helpful during the installation phase However this only works with the Nexus product range Link Budget Planning Calculator Allows user to calculate the Link Budget Antenna alignment Shows the link status link quality RSSI User Manager Allows the administrator to change the Administrator password Tools Firmware Upgrade Allows user to update to new firmware versions...

Page 18: ... the Summary Information page click on the Ethernet Configuration link to change the Ethernet Configuration parameters 2 Enter a new IP Address IP Mask Gateway IP Address and DHCP status check to enable If DHCP is enabled the IP address will be assigned by the DHCP Server 3 Click on the Apply Changes button to change the settings Figure 2 7 airPoint Bridge Ethernet Configurations 2 4 2 Wireless Co...

Page 19: ...SID The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity It is case sensitive and can contain up to 32 alphanumeric characters Do not include spaces or any special characters in the user SSID Domain Shows the current radio regulatory domain User can choose the appropriate domain The pull down menu shows a list of domains supported by ...

Page 20: ...gest that you try to use lower than the maximum power level 2 4 3 Radio Protocol The user can edit the wireless radio protocol parameters to optimize the radio performance The radio protocol parameters are 1 Fragment Length between 256 and 2346 2 RTS CTS between 256 and 2346 3 RSSI Threshold between 90 and 20 4 Preamble settings Long Short or Dynamic 5 Throughput Optimizer Table 2 4 Radio Protocol...

Page 21: ... dynamic preamble allows mixing of short and long preamble Throughput Optimizer Throughput Optimizer is used to optimize the radio link speed The valid range is 0 to 10 A higher value means the radio will attempt to establish the highest possible data rate in an aggressive way A smaller value ensures a more stable link The Throughput Optimizer settings can be varied to achieve a most stable link F...

Page 22: ... redundancy while preventing loops in the network For a Layer 2 Ethernet network to function properly only one active path can exist between any two stations STP is disabled by default The table below lists the default STP settings when the STP is enabled Table 2 5 Default STP Values Setting Default Value Range Purpose Bridge priority 32768 0 65535 A parameter used to identify the root bridge in a...

Page 23: ...port ETH B path cost 100 0 65535 The cost of using the port to reach the root bridge When selecting among multiple links to the root bridge STP chooses the link with the lowest path cost and blocks the other paths Each port type has its own default STP path cost Ethernet port ETH B priority 128 0 255 The preference that STP gives this port relative to other ports for forwarding traffic out of the ...

Page 24: ... in airPoint Bridge 1 Click on Networking Bridge Configuration to access the Bridge Configuration page 2 Choose Enable from the Spanning Tree Protocol pull down list 3 Click on the Generic Port Table link to change the Generic Parameters 4 Enter a value for the STP Priority 5 Enter a value for the Bridge Max Age 6 Enter a value for the Bridge Hello Time 7 Enter a value for the Bridge Forward Delay...

Page 25: ...Page 25 of 55 airPoint Nexus User Configuration Guide i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 2 11 Bridge Configuration ...

Page 26: ...tings Table 3 1 WDS Table Page Items Descriptions Authentication Select authentication method between open system and shared key Open system Open System is null authentication With WEP enabled and valid WEP key on both ends it provides data encryption Clients without correct WEP key still can associate but can not send packet through Shared key Strict authentication for both authentication and dat...

Page 27: ...es added 3 Internal ACL Access Control List Mode The user needs to provide the ACL MAC addresses or WDS addresses of the clients that can get associated with the airPoint Bridge In this mode you can define the bandwidth for each wireless client device The WEP key can be enabled or disabled In cases when the WEP key is disabled the page looks as follows ...

Page 28: ...figuration Guide i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 3 2 Internal ACL with WEP disabled If the WEP key is enabled the configuration page for Internal ACL will be as follows Figure 3 3 Internal ACL with WEP enabled ...

Page 29: ...gh which the communication is going to take place has to be given d Re auth time specifies the interval at which re authentication takes place e Enter the Internal ACL Mac addresses or WDS addresses if any Internal Authentication has more precedence than External Authentication Figure 3 4 External ACL Radius Internal ACL 5 WPA Radius This mode allows the user to use an external radius for client a...

Page 30: ...tegrity Protocol Figure 3 5 WPA radius page 6 WPA PSK In this mode a client needs to be capable of WPA PSK The user needs to give the Pre Shared Key value and the clients must specify the key to get associated There is no WDS in this case as well as WDS does not work with WPA PSK Figure 3 6 WPA PSK Security Check for the Internal Bandwidth Feature ...

Page 31: ... s p l a t f o r m 4 Traffic Statistics The Wireless and Ethernet Traffic Statistics can be displayed by clicking on the Networking Statistics drop down menu The following figure shows the statistics page This page will be refreshed after every 10 seconds Figure 4 1 Traffic Statistics page ...

Page 32: ... The System Configuration page provides a one page tool to configure the airPoint device To access the System Configuration page go to Tools System Configuration drop down menu The following figure displays the System Configuration page Figure 5 1 System Configuration The following page summarizes the contents of the System Configuration page ...

Page 33: ...ription Displays description of airPoint unit Allows user to change airPoint unit description SNMP Security Access the SNMP security settings Reset Reset device Delayed Reset Schedule a reset NTP Server NTP server setup as well as NTP time if server is setup Software Version Display the installed firmware version Radio Firmware Version Display the installed radio firmware version Edit Configuratio...

Page 34: ...be set by specifying a NTP server there is one already specified by default and the time zone After enabling the delayed reset specify a time which is valid in reference to current time When recurrence is set to weekly monthly or daily the reference is made with the first set time i e Reset time Page Items Descriptions SNMP Community Display SNMP Community String that is currently used to communic...

Page 35: ...gured as follows 1 From the System Configuration page click on the NTP Server Setting link 2 A Time Settings page will be displayed Click on the NTP Server Settings link to enable timer settings input 3 Enter a valid NTP server IP address and select the Time Zone The default NTP server is 128 250 36 2 and the default Time Zone is Singapore 4 Click on the Apply Changes button to configure the NTP T...

Page 36: ...file1 3 Profile1 4 Profile3 All the four profiles contain the same default parameters You can save the current configurations to any of the four profiles and re load the profiles later on or create different configurations and save them under different profiles These can be loaded at different times based on a pre defined calendar schedule The Profile Manager Configuration page can be accessed fro...

Page 37: ...ly changes Note Existing configuration parameters in the selected profile name will be replaced with current configuration parameters Page Item Descriptions Save As Select which profile name to save for the current configuration Profile Description Specify a description for the profile to be saved Save Profile button Click to save current profile Change Profile To Select which profile to load as c...

Page 38: ...tion is an operator has two profiles to be switched on alternatively during the day and during the night time User creates the two different profiles and save them as Profile Day and Profile Night and use the Profile Calendar to schedule the activation of the two profiles Follow the steps below to schedule the activation of a saved profile 1 Select a profile to schedule 2 Uncheck the Disable Profi...

Page 39: ... test Note Throughput test works only between sB Nexus Devices Follow the steps below to do a Ping Test 1 Enter a valid IP address for Far end Radio IP Address 2 Click on the Start button under Ping 3 The Ping result will be displayed 4 Click on the Stop button to stop the test Figure 5 7 Ping Test Result Follow the steps below to do a Throughput Test 1 Setup a link between two airPoint units 2 En...

Page 40: ...ates of Station 1 Lattitude1 and Longitude1 and Station2 Latitude 2 and Longitude 2 GPS co ordinates may be entered in DD MM MM or DD MM SS SS formats 2 Select the distance units miles or kilometers 3 Click the Compute Distance button to calculate the distance between the two stations 4 The distance will be displayed in the Distance text box Figure 5 9 Link Budget Planning Calculator GPS Calculato...

Page 41: ...nd Theoretical RSSI are computed and displayed The Receive Sensitivity Maximum Transmit Power System Gain and Available Fade Margin at various Link Speed are also computed and displayed in a table Ideal fade margin for a link is between 10 dB to 20 dB for a stable link base on the environmental condition of a region The Fresnel Zone Clearance Required will also be displayed Figure 5 10 Link Budget...

Page 42: ...o your PC 2 Login to the device web interface Go to Tools Firmware Upgrade drop down menu The Firmware Upgrade page will be displayed as shown below 3 Enter the firmware tar ball file name downloaded in Step 1 4 Click on the Upgrade button to upgrade the firmware 5 When the firmware tar ball file transfer is completed a message will be displayed on the web page 6 Wait about 10 minutes for the devi...

Page 43: ...Page 43 of 55 airPoint Nexus User Configuration Guide i n t e l l i g e n t w i r e l e s s p l a t f o r m Figure 6 3 Successful upgrade pop up window ...

Page 44: ...ries This ensures that there is no interaction between the base Linux files and the new files It also allows you to easily remove all of the newly installed files The FreeRADIUS and OpenSSL snapshots used in constructing the server are beta software 1 Download and Install OpenSSL and FreeRADIUS The first step is to download and install the latest snapshot versions of OpenSSL and FreeRADIUS a OpenS...

Page 45: ...usd 2 Produce Certificates Server and client certificates are needed for TLS and PEAP To produce the required certificates We recommend that you use CA all that is included with FreeRADIUS CA all uses the configuration information in openssl cnf a openssl cnf Update openssl cnf for your configuration The configuration file is located at usr local openssl ssl A portion of the information from our o...

Page 46: ...mailAddress_max 40 emailAddress_default ohb cmcast net SET ex3 SET extension number 3 req_attributes challengePassword A challenge password challengePassword_min 4 challengePassword_max 20 challengePassword_default whatever unstructuredName An optional company name b CA all Update the CA all script for your requirements The file is located at usr src 802 radius freeradius snapshot 20040203 scripts...

Page 47: ...d_Secret shortname WLAN b users This file contains the basic user information Look for the following line and then add the user name John Doe Auth Type Local User Password hello jbibe Note that for TLS you should not include an Auth Type or a password The server is able to determine the correct Auth Type and a password is not needed because the client uses a client certificate for authentication c...

Page 48: ... radius sbin directory The script is from Document 3 Wrapper Script bin sh x LD_LIBRARY_PATH usr local openssl lib LD_PRELOAD usr local openssl lib libcrypto so export LD_LIBRARY_PATH LD_PRELOAD usr local radius sbin radiusd After entering and saving the script make run radius executable chmod u rwx run radius The server is complete 4 Install Windows XP Certificates and Setup Client for TLS The Wi...

Page 49: ...changed between the client and the server If all is well you should see the client authenticated and the user logged on The following partial example is from Document 3 It shows the last few lines of a successful authentication Example MS MPPE Recv Key 0xe032765ca06c052e5fe7c2a7534a4252daec44a08505bdb459d4 fa81e70390f2221d2b06071eb0625e0ba67452a890909662 MS MPPE Send Key 0xe03131ce085bc266127528e7...

Page 50: ...me and password the first time the laptop tries to connect to the network The computer will then use the user name and password exactly as entered On the original Authentication screen we disabled the Authenticate as computer when computer information is available Windows XP is now ready for testing 9 Test PEAP The final step is to test the server With Windows XP computer off start the server in t...

Page 51: ...standard featuring a port based authentication framework and dynamic distribution of session keys for WEP encryption A RADIUS server is required SSID Each ESS has a Service Set Identifier SSID used to identify the Radio that belong to the ESS Radios can be configured with the SSID of the ESS to which they should associate By default radios broadcast their SSID to advertise their presence VLAN A VL...

Page 52: ...used to achieve more throughputs COFDM COFDM involves modulating the data onto a large number of carriers using the FDM technique The Key features which makes it work in a manner is so well suited to terrestrial channels includes Orthogonality the O of COFDM The addition of Guard interval The use of error coding the C of COFDM interleaving and channel state information COFDM is resistant to multip...

Page 53: ...0s SNMP works by sending messages called protocol data units PDUs to different parts of a network SNMP compliant devices called agents store data about themselves in Management Information Bases MIB and return this data to the SNMP requesters SYSLOG In order to track information on events device jobs and packets flows most security devices out put these events using the syslog information model Th...

Page 54: ...ress Object Identifier 1 3 6 1 4 1 14882 2 1 1 Value changed IP address IP netmask Object Identifier 1 3 6 1 4 1 14882 2 1 2 Value changed IP netmask Gateway Object Identifier 1 3 6 1 4 1 14882 2 1 3 Value changed Gateway SSID Object Identifier 1 3 6 1 4 1 14882 5 1 3 3 Value changed SSID Radio Mode Object Identifier 1 3 6 1 4 1 14882 5 1 18 Value changed Radio Mode Note Possible values for radio ...

Page 55: ...rovided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Please refer to the URL ...

Reviews: