manualshive.com logo in svg

Vivato VA4200, User Manual, Page: 92 / 181

Share
Download
Vivato VA4200 User Manual Download Page 92

Copyright © 2004-2005, Vivato, Inc.

92

See also the related topic, “Appendix A. Configuring Security Settings on Wireless Clients” on page 120.

How Do I Know Which Security Mode to Use?

It is recommended you use the most robust security mode that is feasible in your environment. When 
configuring security on the AP/Bridge, you first must choose the security mode, then in some modes an 
authentication algorithm, and whether to allow clients not using the specified security mode to associate.

Wi-Fi Protected Access

 (

WPA

) with 

Remote Authentication Dial-In User Service

 (

RADIUS

) using the 

CCMP (AES) encryption algorithm provides the best data protection available and is the best choice if all 
client stations are equipped with WPA supplicants. However, backward compatibility or interoperability 
issues with clients may require that you configure WPA with RADIUS with a different encryption algorithm 
or choose one of the other security modes.

However, security may not be as much of a priority on some types of networks. If you are simply providing 
Internet and printer access, as on a guest network, plain text mode (no security) may be the appropriate 
choice. To prevent clients from accidentally discovering and connecting to your network, you can disable 
the broadcast SSID for the Internal network so that your network name is not advertised. If the network is 
sufficiently isolated from access to sensitive information, this may offer enough protection in some 
situations. (See “Does Prohibiting the Broadcast SSID Enhance Security?” on page 97)

Following is a brief discussion of what factors make one mode more secure than another, a description of 
each mode offered, and when to use each mode.

Comparison of Security Modes for Key Management, Authentication and Encryption Algorithms

Three major factors that determine the effectiveness of a security protocol are:

How the protocol manages keys 

Presence or absence of integrated user authentication in the protocol

Encryption algorithm or formula the protocol uses to encode/decode the data

Following is a list of the security modes available on the Vivato VA4200, along with a description of the key 
management, authentication, and encryption algorithms used in each mode. We include some 
suggestions as to when one mode might be more appropriate than another.

When to Use Plain Text

When to Use Static WEP

When to Use IEEE 802.1x

When to Use WPA with RADIUS

When to Use WPA-PSK

When to Use Plain Text

Plain text mode provides no security. The data is not encrypted, rather it is sent as "plain text" across the 
network. No key management, data encryption or user authentication is used. Any client should be able to 
access the network.

Summary of Contents for VA4200

Page 1: ...1 Copyright 2004 2005 Vivato Inc VA4200 AP Bridge User Guide Manual P N 770 01588 02 Release 2 1 May 5 2005 ...

Page 2: ...ten permission from Vivato Inc Vivato is a U S registered trademark of Vivato Inc The content of this manual is furnished for informational use only and is subject to change without notice Vivato Inc assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual Documentation Updates The most current documentation and firmware for this Vivato product is availa...

Page 3: ... Software claimed as not performing as warranted This warranty is conditioned upon receipt by Vivato of notice of any alleged covered manufacturing defect in material or workmanship within thirty 30 days after discovery subject to the warranty period In no event shall Vivato be responsible for any costs associated with the removal or re installation of Product or Software from or into items into w...

Page 4: ...ime to time EXCEPT AS SPECIFIED HEREIN VIVATO MAKES NO OTHER WARRANTIES WITH RESPECT TO PRODUCT AND SOFTWARE AND DISCLAIMS AND EXCLUDES ALL OTHER WARRANTIES EXPRESS OR IMPLIED TO THE EXTENT ALLOWED BY APPLICABLE LAW INCLUDING WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR USE SATISFACTORY QUALITY WARRANTIES OF NON INFRINGEMENT OR WARRANTIES ARISING FROM A COURSE OF DEALING USAGE...

Page 5: ...erivative works of display perform distribute sublicense or otherwise exploit the Product or Software in any way for any purpose 2 No Copying Modification or Reverse Engineering End User agrees that it shall not copy modify enhance reverse engineer disassemble decompile or make derivative works of the Product or Software or otherwise attempt to derive the source code algorithms or other aspects of...

Page 6: ...tion Regulations and its successors 7 Warranty The Product and Software is being provided to End User under the terms of the End User Limited Warranty which is attached hereto and incorporated by reference herein EXCEPT AS SPECIFIED IN THE LIMITED WARRANTY VIVATO MAKES NO OTHER WARRANTIES WITH RESPECT TO PRODUCT OR SOFTWARE AND DISCLAIMS AND EXCLUDES ALL OTHER WARRANTIES EXPRESS OR IMPLIED TO THE ...

Page 7: ...urisdiction over Buyer and proper venue with regard to any claims arising in connection with the purchase sale license or performance of any Product or Software and any objection to the jurisdiction or venue of any such court is hereby waived The parties agree that rights and obligations hereunder shall not be governed by the United Nations Convention on the International Sale of Goods ...

Page 8: ...t the PC s Network Interface to Talk to the AP Bridge 26 Step 3 Log in to the VivatoVision Web Pages 27 Step 4 Configure the Basic Settings 28 Step 5 Specify the IP Address and Security Settings for the Primary Wireless Network 29 Step 6 Configure the Default Gateway and DNS Nameserver IP Addresses 30 Next Steps 31 Installation 32 Shipping Contents 32 Environmental Considerations 32 Mounting Weigh...

Page 9: ...56 Controlling Access by MAC Address Filtering 57 Navigating to MAC Filtering Settings 57 Using MAC Filtering 58 Updating Settings 58 Configuring Queues for Quality of Service QoS 59 Understanding QoS 59 Navigating to QoS Settings 62 Configuring QoS Queues 63 Updating Settings 65 Configuring the Wireless Distribution System WDS 66 Understanding the Wireless Distribution System 66 Navigating to WDS...

Page 10: ...e System Commands 114 Restoring the Default Administrator Password 114 Restoring the Default AP Bridge Configuration 115 Linux Commands 117 Appendix A Configuring Security Settings on Wireless Clients 120 Make Sure the Wireless Client Software is Up to Date 121 Accessing the Microsoft Windows Wireless Client Security Settings 122 Configuring a Client to Access an Unsecure Network Plain Text mode 1...

Page 11: ...Vivato personnel or its certified agent Do not service or adjust this product by yourself It is recommended that someone else is present who can render first aid in the event that electrical shock or other injury occurs Do not substitute any parts or modify the product Any unauthorized changes to the product could result in compromising the safety features or the correct operation of the product R...

Page 12: ...es operating at this frequency when using the listed equipment Vivato Inc is not responsible for any interference caused by unauthorized modification or configuration programming of this device or by the substitution or attachment of antennas or equipment other than that specified by Vivato Inc Violations of these conditions will void the user s authority to operate this device This device must no...

Page 13: ...alidating the information usually within 1 business day You can then search the online knowledge base for information by clicking on Find Answers Questions You can also access the latest firmware downloads and user documents from the support site To provide feedback on our documentation Feedback on the documentation shipped with the Vivato AP Bridge is greatly appreciated and will always be review...

Page 14: ...es information about all fields and features available on the user interface The information in the Online Help is a subset of the information available in the full User Guide Online Help information corresponds to each tab on the Vivato Wi Fi AP Bridge VivatoVision user interface Click the Help button or the More link at the bottom of the inline help panel on the UI for help information for the s...

Page 15: ...pewriter font Screen text URLs IP addresses and MAC addresses UNIX file command and directory names user typed command line entries typewriter font italics Variables Bold Keywords Menu titles window names and button names DANGER This symbol and adjoining text warn the installer or user of a potentially dangerous conditional that may result in physical injury or death ...

Page 16: ...roprocessor that coordinates all activities The AP Bridge contains two wireless interfaces Each interface supports 802 11a 802 11b and 802 11g operation Two removable 2 2 dBi omnidirectional antennas are included that thread into the VA4200 s RP TNC male connectors The AP Bridge boots from Flash ROM that contains firmware with the configurable runtime features summarized in Overview of the Vivato ...

Page 17: ...reless traffic like Voice over IP VoIP and streaming media Built in support for multiple SSIDs network names and multiple BSSIDs basic service set IDs on the same AP Bridge Rogue access point detection Prioritization of SpectraLink Voice Priority SVP packets to optimize Voice over IP VoIP operation using SVP based IP phones Security Features Inhibit SSID Broadcast Weak IV avoidance Wireless Equiva...

Page 18: ...on Base MIBs provided to monitor and manage AP Bridge operation Traps can be set to alert the system administrator to specific conditions Maintainability Status monitoring and tracking views of the network including client associations transmit receive statistics and event log Reset configuration option to restore factory defaults Firmware upgrade using downloads that you retrieve from the Vivato ...

Page 19: ... four seconds causes the current configuration to be deleted and reboots the VA4200 using the factory default configuration LAN RJ 45 10 100 Base T Ethernet port This MDI MDIX auto crossover and auto sensing port is enabled by default and remains enabled unless you disable it during configuration This port can also be used to provide power to the AP Bridge using an IEEE 802 3af compliant power ove...

Page 20: ... s Computer Wireless Client Computers Understanding Dynamic and Static IP Addressing on the Vivato Wi Fi AP Bridge How Does the AP Bridge Obtain an IP Address at Startup Dynamic IP Addressing Static IP Addressing Vivato Wi Fi AP Bridge The Vivato Wi Fi AP Bridge is a wireless communications hub for devices on your network It provides continuous high speed access between your wireless and Ethernet ...

Page 21: ...you have a DHCP server on the network an IP address can be dynamically assigned by the server after enabling DHCP operation Understanding Dynamic and Static IP Addressing on the Vivato Wi Fi AP Bridge on page 25 For information on setting the IP address see Table 2 SSID Con figuration Settings on page 87 Subnet Mask 255 255 0 0 Radios On Configuring Radio Settings on page 51 IEEE 802 11 Mode 802 1...

Page 22: ... 0 12 0 9 0 6 0 IEEE 802 11b g 54 48 36 24 18 12 11 9 6 5 5 2 1 Configuring Radio Settings on page 51 Basic Rate Mbps IEEE 802 11a 24 0 12 0 6 0 IEEE 802 11b g 11 0 5 5 2 0 1 0 Configuring Radio Settings on page 51 Broadcast SSID Allow See Does Prohibiting the Broad cast SSID Enhance Security on page 97 in Configuring Secu rity on page 91 Security Mode None plain text See Plain text on page 98 in ...

Page 23: ...ft Windows XP or Funk Odyssey wire less client configured to associate with the Vivato Wi Fi AP Bridge For more details on Wi Fi client setup see Wireless Client Computers on page 23 Display Resolution Higher screen resolutions such as 1280 x 1024 reduce the amount of scrolling needed to access all settings on the VivatoVision web user interface Web Browser Operating System Configuration and admin...

Page 24: ...g network design phase as to which mode to use The fundamental requirement for clients is that they all have configured adapters that match the 802 11 mode for which your AP Bridge s is configured Wireless Client Software Client software such as Microsoft Windows Supplicant or Funk Odyssey wireless client configured to associate with the Vivato Wi Fi AP Bridge Client Security Settings Security sho...

Page 25: ...a gateway device or a centralized server However if no DHCP server is present on the Internal network the AP Bridge will use the assigned Static IP Address Similarly wireless clients and other network devices such as printers will receive their IP addresses from the DHCP server if there is one If no DHCP server is present on the network you must manually assign static IP addresses to your wireless...

Page 26: ... range as the default IP address of the AP Bridge in order for the two devices to communicate If your PC s operating system supports automatic IP addressing1 Microsoft Windows 2000 or XP it can automatically get an IP address that will allow your computer to communicate with the AP Bridge 1 With your PC s network interface card NIC configured for automatic IP addressing turn the PC off for several...

Page 27: ...or the address location as shown below A login screen is then displayed 4 Enter admin for the user name and vivato for the password The user name will never change but you should change the password before you are done configuring the AP Bridge to avoid unauthorized access When you first log in the BASIC SETTINGS page is displayed https 169 254 20 1 Connecting to 169 254 v i v a t o Enter this def...

Page 28: ...e Location Enter a name that identifies where this AP Bridge will be mounted Provide Network Settings Administrator Password The default is vivato Enter a new password twice to use the next time that you access the VivatoVision interface TO PROTECT YOUR NETWORK DO NOT LEAVE THE DEFAULT PASSWORD UNCHANGED Primary Wireless Network Name SSID Enter a name 1 to 32 characters for the default wireless si...

Page 29: ...ients 1 Select the INTERFACE MANAGEMENT Interface Network Settings tab 2 Select the Interface for the Primary Wireless Network Name that you entered on the Basic Settings screen 3 Set the IP Address to either Static IP or DHCP If Static IP is used enter the IP address and subnet mask If DHCP is chosen the AP Bridge will request an IP address from your DHCP server when it is connected to your netwo...

Page 30: ... descriptions of security settings 7 Select Update to save your settings Wireless clients must use the security configuration for that network in order to authenticate through it Step 6 Configure the Default Gateway and DNS Nameserver IP Addresses The gateway in your wired network provides access to outside networks allowing clients to do things like access the Internet DNS nameservers convert hos...

Page 31: ...available networks function of your wireless client s software select the network name SSID that you specified On MS Windows cli ents you will typically have to check the check box that allows a connection to an unsecured network 3 To verify LAN access start an application on your wireless client that uses a service on your LAN such as a web browser to see if it can send and receive data See Wirel...

Page 32: ...AP Bridge is designed for the following conditions Operating temperature range 0 C 32 F to 55 C 131 F Storage temperature 40 40 F to 80 C 176 F Humidity 20 to 90 non condensing Mounting Weight Considerations The VA4200 AP Bridge weighs 0 5 kg 1 1 lbs excluding the AC DC power supply Quantity Description 1 Vivato VA4200 AP Bridge 1 Power supply 1 DB 9 null modem cable Used for a direct console conn...

Page 33: ...2 11a 802 11b or 802 11g devices Temperature and humidity Antenna Polarization and Positioning Antenna polarization describes how radio waves are propagated by an antenna either up and down vertically or side to side horizontally Devices with the same antenna polarization can communicate more efficiently than devices with different polarization The VA4200 s antennas can be adjusted 90 degrees to a...

Page 34: ...in the area from interfering with each other but requires these devices to take turns reducing the overall available throughput for each device When using the VA4200 with a Vivato Wi Fi Base Station use the Wi Fi Base Station s rogue access point detector RAPD to determine which channel has the least traffic and the least interference and set the Wi Fi Base Station to use that channel Refer to the...

Page 35: ...and close to the clients that associate with it Figure 2 Hole Filler Location Example Positioning for Wireless Backhaul Operation When used to provide a wireless backhaul connection to a Vivato Wi Fi Base Station that only has a power connection position the VA4200 as close as possible to the Wi Fi Base Station clear line of sight path when possible When used with an outdoor Wi Fi Base Station thi...

Page 36: ...t path when possible When used with an outdoor Wi Fi Base Station this is often achieved by putting the VA4200 next to a window with a clear view of the Base Station Figure 4 Wireless Backhaul to AP Bridge Example Outdoor Wi Fi Base SD Centillion 1400 Bay Networks E THER RS 232C PC CA RD P 8x50 O OO1 30 A O N 6 I NS ACT ALM R ST L INK PWR AL M FAN0 FAN 1 PW R0 PWR1 ALM LAN Station Power Outdoor Wi...

Page 37: ... AC power cord into the supplied power supply then plug it into a wall outlet supplying a volt age within the voltage range labeled on the power supply Disregard this step if PoE is being used 3 Insert the power supply s DC power plug into Power connector on the VA4200 Disregard this step if PoE is being used 4 If not already done configure the VA4200 using the built in VivatoVision interface Refe...

Page 38: ...er Password and the Wireless Network Name Update Basic Settings At initial startup no security is in place on the AP Bridge An important next step is to configure secu rity as described in Configuring Security on page 101 Navigating to Basic Settings To configure initial settings click the BASIC SETTINGS tab Fill in the fields on the BASIC SETTINGS screen as described below The User Account icon s...

Page 39: ...mational purposes as a unique identifier for an interface To see MAC addresses for the wireless interfaces and the Guest and Internal interfaces on the VA4200 see the STATUS INTERFACES tab Firmware Version Version information about the firmware currently installed on the AP Bridge As new versions of the Vivato Wi Fi AP Bridge firmware become available you can upgrade the firmware on your AP Bridge...

Page 40: ...ork This name will typically be used for all AP Bridges on this network The Service Set Identifier SSID is an alphanumeric character string of up to 32 characters Note If you are connected as a wireless client to the same VA4200 that you are administering resetting the SSID will cause you to lose connectivity to the VA4200 You will need to reconnect to the new SSID after you save this new setting ...

Page 41: ...e reviewed the new configuration click Update to apply the settings and deploy the AP Bridge as a wireless network At initial startup no security is in place on the AP Bridge An important next step is to configure security as described in Configuring Security on page 91 ...

Page 42: ...s tab and update the fields as described below Specifying the Default Gateway The default Gateway is the device on your wired network that is used to access other networks or subnets including the Internet The IP address of this device must be specified in order to send and receive packets to the other networks A DHCP server on your network can be configured to provide the default gateway address ...

Page 43: ...DNS nameserver addresses even if the IP addresses of the interfaces on the AP Bridge or not being provided by DHCP To have the DNS server s address provided automatically select Dynamic To manually enter the DNS nameserver IP addresses select Manual and enter the Search Domain and the IP addresses in the standard format The Search Domain is the domain where the DNS nameserver s are located such as...

Page 44: ...RFACE MANAGEMENT Interface Network Settings Interface The name assigned to this network The first entry is always the name entered for the Primary Wireless Network Name SSID entered on the BASIC SETTINGS screen during initial configu ration This is the default wireless network and cannot be deleted Additional SSIDs listed are those created on the SSID Configuration screen IP Address An IP address ...

Page 45: ...ge on the AP Bridge to set up and manage user accounts If you are using an external RADIUS server you will need to set up and manage user accounts on the Administrative interface for that server On the User Management page you can create edit remove and view client user accounts Each user account consists of a user name and password The set of users specified here represent approved clients that c...

Page 46: ...tus enabled or disabled are shown You make modifications to an existing user account by first selecting the checkbox next to a user name and then choosing an action See Editing a User Account on page 47 Adding a User To create a new user do the following 1 Under Add a User provide information in the following fields Field Description User Name Provide a user name User names are alphanumeric string...

Page 47: ... or disable any user account With this feature you can maintain a set of user accounts and authorize or prevent users from accessing the network without having to remove or re create accounts This can come in handy in situations where users have an occasional need to access the network For example contractors who do work for your company on an intermittent but regular basis might need Real Name Fo...

Page 48: ...ss AP Bridges in your network as a client Disabling a User Account To disable a user account click the checkbox next to the user name and click Disable A user with an account that is disabled cannot log on to the wireless AP Bridges in your network as a client However the user remains in the database and can be enabled later as needed Removing a User Account To remove a user account click the chec...

Page 49: ...e returned time stamp to adjust its clock The timestamp will be used to indicate the date and time of each event in log messages See http www ntp org for more general information on NTP The following sections describe how to configure the Vivato Wi Fi AP Bridge to use a specified NTP server Navigating to Time Protocol Settings Enabling or Disabling a Network Time Protocol NTP Server Updating Setti...

Page 50: ... Protocol NTP provides a way for the AP Bridge to obtain and maintain its time from a server on the network Using an NTP server gives your VA4200 the ability to provide the correct time of day in log messages and session information See http www ntp org for more general information on NTP Choose to either enable or disable use of a network time protocol NTP server Enabled Disabled NTP Server If NT...

Page 51: ...devices in the AP Bridge You can specify whether the radio is on or off the transmit receive frequency channel the beacon interval amount of time between beacon transmissions transmit power IEEE 802 11 mode in which the radio operates and so on The IEEE mode along with other radio settings are configured as described in Navigating to Radio Settings on page 51 and Configuring Radio Settings on page...

Page 52: ... that setting first then change the setting Be sure to leave the checkbox unchecked when you check Update button otherwise the previous setting will continue to be used Field Description Radio Interfaces The Vivato Wi Fi AP Bridge contains two radios Select the check box next to the radio s to be configured or select All to configure all radios at once ...

Page 53: ...tion transmits a clear to send CTS message to itself at an 802 11b rate This lets the 802 11b cli ents know that an 802 11g transmission is going to occur so that they will not transmit at the same time This function is often called CTS to self Select between three available modes Auto automatically uses CTS protection when an 802 11g client probe request is received Always Use uses CTS to self be...

Page 54: ...reduce throughput RTS Threshold Specify an RTS Threshold value in bytes between 0 and 2347 The RTS threshold specifies the frame size before a request to send RTS transmission is performed This helps control traffic flow through the AP Bridge especially one with a lot of clients If you specify a low threshold value RTS packets will be sent more frequently This will consume more bandwidth and reduc...

Page 55: ...Bridge s signal on other 802 11 devices in that specific area Beacon Interval Beacon frames are transmitted by a AP Bridge at regular intervals to announce the existence of the wireless network The default behavior is to send a beacon frame once every 500 milliseconds or 10 per second The Beacon Interval value is set in milliseconds Enter a value from 20 to 2000 Rate Sets Check the transmission ra...

Page 56: ...ir current configuration Selecting Configure for any of the wireless interfaces displays the Radio screen See Configuring Radio Settings for a description of what each parameter means and how to alter its current value Navigating to Wireless Settings To view the current settings for each wireless interface in the AP Bridge select the STATUS Wireless Interfaces tab ...

Page 57: ... used by a wireless client has a unique MAC address You can control client access to your wireless network by switching on MAC Filtering and specifying a list of MAC addresses When MAC Filtering is on clients are allowed or denied access based on their MAC address The following sections describe how to use MAC address filtering on the Vivato Wi Fi AP Bridge Navigating to MAC Filtering Settings Usi...

Page 58: ... for a client to gain access to the network its MAC address must be entered into the Stations List Allow any station unless in list Any station can gain access to the net work unless its MAC address has been entered into the Stations List This operation is typically used when a particular client is causing a problem of some kind and you want to exclude it from accessing the network Stations List T...

Page 59: ...at a consistent rate and with minimum delay between Packet transmission If the quality of service is compromised the audio or video will be distorted 802 11e Standard QoS describes a range of technologies for controlling data streams on shared network connections The task group is in the process of defining a QoS standard for transmission quality and availability of service on wireless networks Qo...

Page 60: ... for this data as well as other meta information low delay high throughput high reliability low cost and so on For example the ToS for FTP data packets is likely to be set for maximum throughput since the critical consideration for FTP is the ability to transmit relatively large amounts of data in one go Interactive feedback is a nice to have in this situation but is less critical VoIP data packet...

Page 61: ...erframe space DIF before transmitting This parameter is configurable Note that sending data frames in DIFs allows higher priority management and control frames to be sent in SIFs first The DCF ensures that multiple AP Bridges do not try sending data at the same time but instead wait until a channel is free Random Backoff and Minimum Maximum Contention Windows If a AP Bridge detects that the medium...

Page 62: ...ecified in the Maximum Contention Window is the upper limit for this doubling of the random backoff This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached Packet Bursting for Better Performance The Vivato Wi Fi AP Bridge includes 802 11e based packet bursting technology that increases data throughput and speed of transmission over the wireless ...

Page 63: ...ng queues for different types of wireless traffic and effectively specifying minimum and maximum wait times via Contention Windows for transmission The settings described here apply to data transmission behavior on the AP Bridge only not to that of the client stations Note These settings apply to all radios but the traffic for each radio is queued independently ...

Page 64: ...tional IP data is sent to this queue For information purposes the hexadecimal values to describe this queue are in the following ranges 0x00 0X01 0X04 0X07 0X18 0X1F Data 2 interactive Highest priority queue minimum delay Time sensitive data such as VoIP and streaming media are automatically sent to this queue For information purposes the hexadecimal values to describe this queue are in the follow...

Page 65: ... Window For more information see Random Backoff and Minimum Maximum Conten tion Windows on page 61 Max Contention Window The value specified here in the Maximum Contention Window is the upper limit in milliseconds for the doubling of the random backoff value This doubling continues until either the data frame is sent or the Maximum Contention Win dow size is reached Once the Maximum Contention Win...

Page 66: ...to WDS Settings Configuring WDS Settings Example of Configuring a WDS Link Updating Settings Understanding the Wireless Distribution System A Wireless Distribution System WDS connects AP Bridges known as Basic Service Sets BSS to form what is known as an Extended Service Set ESS Using WDS to Bridge Distant Wired LANs In an ESS each AP Bridge or AP Bridge serves part of an extended wireless coverag...

Page 67: ... extra hop to get to distant stations Backup Links and Unwanted Loops in WDS Bridges Another use for WDS bridging the creation of backup links is not supported on the VA4200 The topic is included here to emphasize that you should not try to use WDS in this way backup links will result in unwanted endless loops of data traffic The VA4200 does not provide Spanning Tree Protocol STP Without STP it is...

Page 68: ...effective data protection to the level of other security modes available for service to client stations If you use WDS on a LAN intended for secure wireless traffic you are putting your network at risk Therefore we recommend using WDS to bridge the Guest network only for this release Do not use WDS to bridge AP Bridges on the Internal network unless you are not concerned about the security risk fo...

Page 69: ...l STP which manages path redundancy and prevents unwanted loops is not provided on the VA4200 Keep these rules in mind when working with WDS on this release of the Vivato Wi Fi AP Bridge Only one path should exist between two AP Bridges or a AP Bridge and an AP Bridge either a WDS bridge wireless or an Ethernet connection wired but not both Do not create backup links If you can trace more than one...

Page 70: ...ed Disabled Wired Equivalent Privacy WEP is a data encryption protocol for 802 11 wire less networks Both AP Bridges on the WDS link must be configured with the same security settings For static WEP a static 64 bit 40 bit secret key 24 bit initialization vector IV or 128 bit 104 bit secret key 24 bit IV Shared Key for data encryption Key Length If WEP is enabled specify the length of the WEP key 4...

Page 71: ...S1 and MyVBS2 must be set to the same Mode and be transmitting on the same channel For our example let s say we re using IEEE 802 11b Mode and broadcasting on Channel 6 5 Now repeat the same steps for MyVBS2 Open VivatoVision Web pages for MyVBS2 by using MyVBS2 s IP address in a URL Navigate to the WDS tab on MyVBS2 VivatoVision Web pages MyVBS2 s MAC address will show as the Local Address Config...

Page 72: ...sword on the Vivato Wi Fi AP Bridge Navigating to Administrator Password Setting Setting the User Password Updating Settings Navigating to Administrator Password Setting To set the administrator password navigate to the SYSTEM MANAGEMENT Password Management tab and update the fields as described below Setting the User Password To set a new administrator password enter the existing password and the...

Page 73: ...assword New Password Enter a new administrator password The text you enter will be displayed as characters to prevent others from seeing your password as you type The User password must be an alphanumeric strings of up to 32 characters Do not use special characters or spaces Re enter the new administrator password to confirm that you typed it as intended ...

Page 74: ... Interfaces Event Log Transmit Receive Statistics Associated Wireless Clients Resetting the Configuration Upgrading the Firmware Rogue Access Points Interfaces To view wired Ethernet and wireless WLAN settings navigate to STATUS Interfaces This page displays the Wired Settings and the Wireless Settings for the AP Bridge ...

Page 75: ...the VivatoVision Web pages Event logging is enabled disabled on the SYSTEM MANAGEMENT System Logging screen See Enabling Logging on page 112 The Events page lists the most recent events generated by this AP Bridge The System Events Log lists stations associating being authenticated and other occurrences The Kernel Log lists error conditions such as dropped frames Note The Vivato Wi Fi AP Bridge ac...

Page 76: ...N ID associated with this SSID Only the primary wireless net work does not require a VLAN ID to be specified IP The IP address assigned to this SSID when used INTERFACE These are the interfaces that are members of the selected SSID MAC Address Media Access Control MAC address for the specified interface A MAC address is a permanent unique hardware address for any device that represents an interfac...

Page 77: ...twork IP ADDRESS The associated client s IP address STATION The MAC address of the client AUTHENTICATED Shows if the client has authenticated Yes or has not authenticated No ASSOCIATED Shows if the client is associated Yes or is not associated No FROM STATION The number of packets and bytes from the client TO STATION The number of packets and bytes to the client SNR The signal to noise ratio SNR o...

Page 78: ...Copyright 2004 2005 Vivato Inc 78 Click the SYSTEM MANAGEMENT Reboot tab 6 Click the Reboot button The VA4200 reboots See also Resetting the Configuration ...

Page 79: ...cluding the static IP address if one was assigned new passwords wireless interface settings WDS connections and SSID and VLAN configurations NOTE After resetting the AP Bridge the VivatoVision web pages must be accessed using the default IP address of 169 254 20 1 For information on the factory default settings see Default Settings for the Vivato Wi Fi AP Bridge on page 21 1 Click the SYSTEM MANAG...

Page 80: ...day that is used with your e mail address to access the support information The support site also includes a wide variety of troubleshooting and informative documents 2 Search the Knowledge Base For the Latest Firmware Search the Customer Support Knowledge Base for the keyword firmware and select the latest entry for the VA4200 Indoor AP Bridge 3 Click on the firmware file listed under File Attach...

Page 81: ...NT Upgrade tab and also on the Basic Settings tab If the upgrade was successful the updated version name or number will be indicated Caution The firmware upgrade process begins once you click Update and then OK in the popup confirmation window The upgrade process may take several minutes during which time the AP Bridge will be unavailable Do not power down the AP Bridge while the upgrade is in pro...

Page 82: ...terface s receiver to detect other devices This can cause some loss in throughput to wireless clients Therefore DO NOT LEAVE THIS FUNCTION ENABLED WHEN NOT NEEDED Field Description MAC Address Shows the MAC address of a neighboring AP Bridge or access point A MAC address is a hardware address that uniquely identifies each node of a network RADIO This is the radio that received this signal Beacon I...

Page 83: ... the privacy bit is set in the beacon If it is then some type of security is being used and on is displayed If no security is used the privacy bit is not set and off is displayed WPA Indicates whether WPA security is on or off for this AP Bridge Band This indicates the frequency band in GHz that this radio is using 802 11b and 802 11g use the 2 4 GHz band while 802 11a uses the 5 GHz band Channel ...

Page 84: ...ond Mbps All Supported Rates are listed with Basic Rates shown in bold Rate sets are configured on the INTERFACE MANAGEMENT Wireless Configuration Radio screen See Configuring Radio Settings on page 51 The rates shown for a AP Bridge will always be the rates currently specified for that VA4200 in its Radio Settings Field Continued Description Continued ...

Page 85: ... tagging Using SSIDs with VLANs to Create Logically Separate Networks VLANs provide a way to separate traffic from two or more SSIDs that share the same Ethernet port Each SSID is assigned a unique VLAN ID that a router or a switch configured for VLAN operation uses to classify that traffic into a specific network In the following figure two SSIDs were created that are assigned to VLANs One SSID i...

Page 86: ...and cannot be deleted Additional SSIDs listed are those created on the SSID Configuration screen SECURITY MODE Lists the type of security being used by this network BEACONING Shows if beacons are enabled or disabled on this network VLAN Lists the VLAN ID for that network if it was assigned RADIOS Lists which radios are being used by this network BRIDGED WDS Shows if this network is being used with...

Page 87: ...s in length to identify this network Radio Interfaces Select which radios to use in this network Ethernet Interface Select which Ethernet interface s if any to use with this network If an Ether net interface is not selected traffic through this network is limited to communi cation between wireless clients and for WDS links VLAN Enter the VLAN ID number for this network if VLANs are being used This...

Page 88: ...led you can select whether or not to sent the SSID s name in the beacon to advertise itself to wireless clients If Yes is selected clients will see the SSID name in their list of available wireless networks If No is selected clients will not see the SSID name in their list of avail able wireless networks In this case the SSID name must be manually entered into the client s configuration before it ...

Page 89: ...be automatically created on the AP Bridge This is done by enabling the Auto VLAN feature on the backhaul interface Ethernet or WDS of the AP Bridge If the client successfully authenticates the RADIUS server provides the VLAN assignment for that client to the base station which in turn creates a VLAN of the same ID for the client to use while associating with the AP Bridge After the VLAN is dynamic...

Page 90: ... s configuration Navigating to the Management Interfaces Settings To access the Management Interfaces settings navigate to the INTERFACE MANAGEMENT Management Interfaces tab To assign one or more interfaces to be used for management highlight the desired interface s under the Non Management Interface heading and select the arrow to move them under the Management Interface heading Updating Settings...

Page 91: ...n Ethernet NIC trans mits its packets over a physical medium such as coaxial cable or twisted pair A wireless NIC broadcasts radio signals over the air allowing a wireless LAN s signal to be received without physical access or sophisticated equipment A hacker equipped with a laptop a wireless NIC and a bit of knowledge can attempt to compromise your wireless network Using a higher gain antenna on ...

Page 92: ...n disable the broadcast SSID for the Internal network so that your network name is not advertised If the network is sufficiently isolated from access to sensitive information this may offer enough protection in some situations See Does Prohibiting the Broadcast SSID Enhance Security on page 97 Following is a brief discussion of what factors make one mode more secure than another a description of e...

Page 93: ...tic WEP is when interoperability issues make it the only option available to you and you are not concerned with the potential of exposing the data on your network See Also For information on how to configure Static WEP security mode see Static WEP on page 98 under Configuring Security Settings on page 97 When to Use IEEE 802 1x IEEE 802 1x is the standard for passing the Extensible Authentication ...

Page 94: ... it rather than the using the embedded RADIUS server on the VA4200 An external RADIUS server will provide better security than the local authentication server For information on how to configure IEEE 802 1x security mode see IEEE 802 1x on page 102 under Configuring Security Settings on page 97 When to Use WPA with RADIUS Wi Fi Protected Access WPA with Remote Authentication Dial In User Service R...

Page 95: ... the encryption algorithm set to Both that is both TKIP and CCMP This lets WPA client stations without CCMP associate uses TKIP for encrypting Multicast and Broadcast frames and allows clients to select whether to use CCMP or TKIP for Unicast VA4200 to single station frames This WPA configuration allows more interoperability at the expense of some security Client stations that support CCMP can use...

Page 96: ... PSK on page 108 under Configuring Security Settings on page 97 Note If there are older client stations on your network that do not support WPA you can configure WPA with RADIUS with Both CCMP or TKIP and check the Allow non WPA IEEE 802 1x clients check box to allow non WPA clients This way you get the benefit of IEEE 802 1x key management for non WPA clients along with even better data protectio...

Page 97: ...t of attempts by a hacker to connect or monitor plain text traffic This offers a very minimal level of protection on an otherwise exposed network where the priority is making it easy for clients to get a connection and where no sensitive information is available Navigating to Security Settings Security is first configured when creating an SSID To edit the security mode for an existing SSID navigat...

Page 98: ...ts client stations Static WEP is not the most secure mode available but it offers more protection than plain text mode as it does prevent an outsider from easily sniffing out unencrypted wireless traffic For more secure modes see the sections on IEEE 802 1x on page 102 WPA with RADIUS on page 104 or WPA PSK on page 108 WEP encrypts data moving across the wireless network based on a static key The ...

Page 99: ...tes the number of characters required in the WEP key The number of characters required updates automatically based on how you set Key Length and Key Type WEP Keys You can specify up to four WEP keys In each text box enter a string of characters for each key If you selected ASCII enter any combination of integers and letters 0 9 a z and A Z If you selected HEX enter hexadecimal digits any combinati...

Page 100: ...choosing one of the follow ing from the drop down menu Open System Shared Key Both Open System authentication allows any client station to associate with the AP Bridge whether that client station has the correct WEP key or not This algorithm is also used in plaintext IEEE 802 1x and WPA modes When the authentication algorithm is set to Open System any client can associate with the AP Bridge Note t...

Page 101: ...t all client stations to use WEP and provide each client with one of the slot key combinations you defined on the VA4200 For this example we ll set WEP key 1 on a Windows client Figure 7 Providing a Wireless Client with a WEP Key If you have a second client station that station also needs to have one of the WEP keys defined on the VA4200 You could give it the same WEP key you gave to the first sta...

Page 102: ...x provides dynamically generated keys that are periodically refreshed An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking CRC of each 802 11 frame This mode requires the use of a RADIUS server to authenticate users and configuration of user accounts via the Network User Management tab The AP Bridge requires a RADIUS server capable of EAP such as the Microsoft Inte...

Page 103: ... automatically provided External To use an external authentication server If you choose this option you must supply a Radius IP and Radius Key of the server s that you want to use Note The RADIUS server is identified by its IP address and UDP port numbers for the different services it provides On the current release of the Vivato Wi Fi AP Bridge the RADIUS server User Datagram Protocol UDP ports u...

Page 104: ...C address has not been entered into the active Station List the cli ent s authentication request is passed to the specified RADIUS server s The RADIUS server must be configured with an account that uses the MAC address for both a username and a password and formatted as a string of 12 hex digits without separating colons such as 002c31e4161f MAC authentication uses PAP instead of PEAP for the Auth...

Page 105: ...105 Copyright 2004 2005 Vivato Inc If you selected WPA with RADIUS Security Mode provide the following ...

Page 106: ...set to Both both TKIP and AES clients can associate with the AP Bridge Client stations configured to use WPA with RADIUS must have one of the following to be able to associate with the VA4200 A valid TKIP RADIUS IP address and valid shared Key A valid CCMP AES IP address and valid shared Key Clients not configured to use WPA with RADIUS will not be able to associate with VA4200 Both is the default...

Page 107: ...as 002c31e4161f MAC authentication uses PAP instead of PEAP for the Authentication type so the Authenticator must be configured accord ingly On Windows IAS PAP is disabled by default Radius IP Enter the Radius IP in the text box The Radius IP is the IP address of the RADIUS server The Vivato Wi Fi AP Bridge internal authentication server is 127 0 0 1 For information on setting up user accounts see...

Page 108: ... and a 16 octet initialization vector to produce the key that will encrypt the data This ensures that each client station uses a differ ent key to encrypt data TKIP uses RC4 to perform the encryption which is the same as WEP But TKIP changes temporal keys every 10 000 packets and distrib utes them thereby greatly improving the security of the network Counter mode CBC MAC Protocol CCMP is an encryp...

Page 109: ...Settings To apply your changes click Update Key The Pre shared Key is the shared secret key for WPA PSK Enter the proper num ber and type of characters for the selected Key Type Key Confirmation Re enter the same pre shared key Field Description ...

Page 110: ...re available that can use the MIBs to manage the AP Bridge in your network Several standard MIBs are supported that are used to monitor 802 11 networks Navigating to SNMP Settings To access the SNMP settings navigate to the SYSTEM MANAGEMENT SNMP tab 2 The VA4200 does not currently support SNMP write set operations only read get operations are supported BRIDGE MIB txt TCP MIB txt VIVATO SSID MIB t...

Page 111: ...ion of the system that this AP Bridge is part of Read Only Community String Enter the read only community string Read Write Community String Enter the read write community string Trap Hosts Lists the traps that have been created After entering the Community Name and Trap Host Type select Add to add it To remove an existing trap select the trap and click on Remove Host Name Enter the IP address or ...

Page 112: ...e system logging syslog server to maintain a record of system conditions The following sections describe how to configure event logging Navigating to Log Server Configuration Settings Updating Settings Navigating to Log Server Configuration Settings To access the Log Server Configuration settings navigate to the SYSTEM MANAGEMENT System Logging tab ...

Page 113: ...rol effects logging to both the Events VivatoVision web page and to a remote sys log server if configured Server Enter the IP address of the remote syslog server A host name can be entered if a DNS nameserver is on the network with an entry for that host Port Enter the UDP port number for syslog operation on the remote host The default is 514 and is typically used by syslog servers ...

Page 114: ...the AP Bridge s IP address you can then use the default password to access the VivatoVision web interface to create and save a new password If IP access to the AP Bridge is lost the configuration can be restored to the factory defaults to regain access or commands can be issued to view the currently assigned IP address and specify a new address Restoring the Default Administrator Password A null m...

Page 115: ...tion file can then be deleted in order to restore the factory default settings IMPORTANT Deleting the configuration file causes all previous configuration information to be lost including lists of internal RADIUS server users MAC filtering lists SSID configurations security configurations WDS link settings and any other settings that have have been changed Use the following steps to access the Lin...

Page 116: ...idge can be accessed using the default password vivato and the default IP address and netmask 169 254 20 1 255 255 0 0 In order to reconfigure the AP Bridge the network interface on the computer communicating with the AP Bridge must be configured within the same IP subnet as this IP address Enter admin for the login and enter the administrator password when prompted Enter rm apconfig xml to remove...

Page 117: ...a_key apconfig xml bak ssh_host_dsa_key ssh_host_rsa_key pub newconfig xml ssh_host_dsa_key pub vision redboot_VA4200_20c bin ssh_host_key spirit bin ssh_host_key pub ls l rw r r 1 root root 24170 Jan 1 00 03 apconfig xml rw r r 1 root root 24189 Jan 1 00 03 apconfig xml bak rw r r 1 root root 24170 Jan 1 00 18 newconfig xml rw r r 1 root root 334364 Sep 15 2004 redboot_VA4200_20c bin rw 1 root ro...

Page 118: ...s address until a reboot is performed After accessing the VivatoVision web interface you can assign a persistent IP address by accessing the SSID Configuration settings for the default SSID and setting its IP address there cat file name Display the contents of a file This command is typically used to examine the contents of the AP Bridge s configuration file Command Continued Operation Continued p...

Page 119: ...the interfaces that have been added to existing bridges on the AP Bridge The bridges are designated brweb0 and brweb0 Command Continued Operation Continued brctl show bridge name bridge id STP enabled interfaces brweb0 8000 000b33080500 no wlan0 wlan1 eth0 wlan0wds0 ...

Page 120: ...ess Client Software is Up to Date Accessing the Microsoft Windows Wireless Client Security Settings Configuring a Client to Access an Unsecure Network Plain Text mode Configuring Static WEP Security on a Client Configuring IEEE 802 1x Security on a Client Configuring WPA with RADIUS Security on a Client Configuring WPA PSK Security on a Client Configuring an External RADIUS Server to Recognize the...

Page 121: ...Client Using EAP PEAP on page 127 If the Vivato Wi Fi AP Bridge is configured to use WPA with RADIUS mode and the Built in Authentica tion Server configure wireless clients as described in WPA with RADIUS Client Using EAP PEAP on page 133 I Want to Use an External RADIUS Server with EAP TLS Certificates or EAP PEAP We make the assumption that if you have an external RADIUS server and PKI CA setup ...

Page 122: ...ess Network Connection you want to configure right mouse click and choose View available wireless networks Select the SSID of the network to which you want to connect and click Advanced to bring up the Wireless Network Connection Properties dialog The Wireless Networks tab which should be automatically displayed lists Available networks and Preferred networks 2 From the list of Available networks ...

Page 123: ...Authenti cation tabs for the selected network Use this dialog for configuring all the different types of client security described in the following sec tions Make sure that the Wireless Network Properties dialog you are working in pertains to the Net work Name SSID for the network you want to reach on the wireless client you are configuring ...

Page 124: ... network and Data Encryption Disabled as described below If you do have security configured on a client for properties of an unsecure network the security settings actually can prevent successful access to the network because of the mismatch between client and AP Bridge security configurations To configure the client to not use any security bring up the client Network Properties dialog and configu...

Page 125: ...an use different keys to transmit data to the AP Bridge Or they can all use the same key but this is less secure because it means one station can decrypt the data being sent by another If you configured the Vivato Wi Fi AP Bridge to use Static WEP security mode then configure WEP security on each client as follows Choose WEP as the Data Encryption mode Enter a network key that matches the WEP key ...

Page 126: ... even without a valid WEP key but a valid key will be required to actually view and exchange data For more information see this Users Guide and the Online Help on the AP Bridge Data Encryption WEP Network Key Provide the WEP key you entered on the AP Bridge Security settings in the Transfer Key Index position For example if the Transfer Key Index on the AP Bridge is set to 1 then for the client Ne...

Page 127: ...EAP If you are using the Built in Authentication server with IEEE 802 1x security mode on the Vivato Wi Fi AP Bridge then you will need to set up wireless clients to use PEAP Additionally you may have an external RADIUS server that uses EAP PEAP If so you will need to 1 add the Vivato Wi Fi AP Bridge to the list of RADIUS server clients and 2 configure your IEEE 802 1x wireless clients to use PEAP...

Page 128: ...EAP then click 1 2 Enable click to check IEEE 8021x authentication Properties Enable auto key option Disable click to un check Choose secured password EAP MSCHAP v2 Validate server certificate then click Configure Disable click to un check option to automatically use Windows logon name and password 3 4 ...

Page 129: ...word to authenticate with the network Association Tab Network Authentication Open Data Encryption WEP Note An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking CRC of each IEEE 802 11 frame This is the same encryption algorithm as is used for Static WEP therefore the data encryption method configured on the client for this mode is WEP This key is provided for me au...

Page 130: ...ection 4 Obtain a certificate for this client as described in Obtaining a TLS EAP Certificate for a Client on page 145 If you configured the Vivato Wi Fi AP Bridge to use IEEE 802 1x security mode with an external RADIUS server then configure IEEE 802 1x security with certificate authentication on each client as follows Note If you want to use IEEE 802 1x mode with EAP TLS certificates for authent...

Page 131: ...se Smart Card Certificate then click Properties 1 2 Enable click to check IEEE 8021x authentication Enable auto key option Enable click to check Validate server certificate 3 Select check the name of certificate on this client downloaded from RADIUS server in a prerequisite procedure ...

Page 132: ...es The certif icate you installed is used when you connect so you will not be prompted for login information The certifi cate is automatically sent to the RADIUS server for authentication and authorization Association Tab Network Authentication Open Data Encryption WEP Note An RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking CRC of each IEEE 802 11 frame This is t...

Page 133: ...in Authentication server you must configure client stations to use WPA with RADIUS and EAP PEAP If you configure the network AP Bridge to use this security mode with an external RADIUS server you must configure the client stations to use WPA with RADIUS and whichever security protocol your RADIUS server is configured to use WPA with RADIUS Client Using EAP PEAP The Built In Authentication Server o...

Page 134: ...ge to use WPA with RADIUS security mode and to use either the Built in Authentication Server or an external RADIUS server that uses EAP PEAP First set up user accounts on the AP Bridge User Management then configure WPA security with PEAP authentication on each client as follows ...

Page 135: ... or AES for the Data Encryption mode Choose WPA Choose Protected EAP PEAP then click Properties 1 2 Disable click to un check Choose secured password EAP MSCHAP v2 Validate server certificate then click Configure Disable click to un check this option 3 4 ...

Page 136: ...tocol EAP Transport Layer Security TLS or EAP TLS is an authentica tion protocol that supports the use of smart cards and certificates You have the option of using EAP TLS with both WPA with RADIUS and IEEE 802 1x modes if you have an external RADIUS server on the net Association Tab Network Authentication WPA Data Encryption TKIP or AES depending on how this option is configured on the AP Bridge ...

Page 137: ...PA with RADIUS security mode with an external RADIUS server then configure WPA security with certificate authentication on each client as follows Note If you want to use IEEE 802 1x mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS server and a Public Key Author ity Infrastructure PKI server including a Certificate Authority CA configur...

Page 138: ...ation WPA Choose either TKIP or AES for the Data Encryption mode Choose WPA Choose Smart Card or other then click 1 2 certificate and enable Authenticate as computer when info is available Properties Enable click to check Validate server certificate 3 Select check the name of certificate on this client downloaded from RADIUS server in a prerequisite procedure ...

Page 139: ...ate you installed is used when you connect so you will not be prompted for login information The certificate is automatically sent to the RADIUS server for authentication and authorization Data Encryption TKIP or AES depending on how this option is configured on the AP Bridge Note When the Cipher Suite on the AP Bridge is set to Both then TKIP clients with a valid TKIP key and AES cli ents with a ...

Page 140: ... use WPA PSK security mode then configure WPA PSK security on each client as follows Association Tab Network Authentication WPA PSK Data Encryption TKIP or AES depending on how this option is configured on the AP Bridge Note When the Cipher Suite on the AP Bridge is set to Both then TKIP clients with a valid TKIP key and AES clients with a valid CCMP AES key can associate with the AP Bridge For mo...

Page 141: ...used when you connect Network Key Provide the key you entered on the AP Bridge Security settings for the cipher suite you are using For example if the key on the AP Bridge is set to use a TKIP key of 012345678 then a TKIP client specify this same string as the network key The key is provided for me automatically This box should be disabled automatically based on other set tings Authentication Tab ...

Page 142: ...andle authentication and authorization of wireless clients for the VA4200 This procedure is required per AP Bridge If you have more than one AP Bridge with which you plan to use an external RADIUS server you need to follow these steps for each of those VA4200s Keep in mind that the information you need to provide to the RADIUS server about the AP Bridge corre sponds to settings on the AP Bridge SS...

Page 143: ...anel right click on RADIUS Clients node and choose New Radius Client from the popup menu 3 On the first screen of the New RADIUS Client wizard provide information about the Vivato Wi Fi AP Bridge to which you want your clients to connect A logical friendly name for the AP Bridge You might want to use DNS name or location IP address for the AP Bridge ...

Page 144: ...ext 4 For the Shared secret enter the RADIUS Key you provided to the AP Bridge on the INTERFACE MANAGEMENT SSID Configuration page Re type the key to confirm 5 Click Finish The AP Bridge is now displayed as a client of the Authentication Server ...

Page 145: ...icate Authority CA depending on the configuration of your infrastructure 2 Click Yes to proceed to the secure Web page for the server Note If you want to use IEEE 802 1x mode with EAP TLS certificates for authentication and authorization of clients you must have an external RADIUS server and a Public Key Author ity Infrastructure PKI server including a Certificate Authority CA configured on your n...

Page 146: ...word to access the RADIUS server 5 Click User Certificate on the next page displayed Note The user name and password you need to provide here is for access to the RADIUS server for which you will already have user accounts configured at this point This doc ument does not describe how to set up Administrative user accounts on the RADIUS server Please consult the documentation for your RADIUS server...

Page 147: ...es on the dialog displayed to install the certificate 7 Click Submit to complete and click Yes to confirm the submittal on the popup dialog 8 Click Install this certificate to install the newly issued certificate on your client station Also click ...

Page 148: ...ht 2004 2005 Vivato Inc 148 Yes on the popup windows to confirm the install and to add the certificate to the Root Store A success message is displayed indicating the certificate is now installed on the client ...

Page 149: ... above or below that channel As shown below this leaves channels 1 6 and 11 as the only channels that can be used at the same time with a minimum interference with each other Figure 10 ISM Band Channel Spacings for Channels 1 to 11 Unfortunately many devices are deployed using channels other than 1 6 or 11 This means that they can interfere and often do interfere with 802 11 devices using these no...

Page 150: ...called clear channel assessment CCA A channel sharing feature carrier sense multiple access with collision avoidance CSMA CA is intended to prevent signal collisions and data loss If another 802 11a b g system is using the same channel the AP Bridge and therefore the clients that it serves must wait for a clear channel before sending data Conversely while the AP Bridge or one of its clients is tra...

Page 151: ...has to take place between the periods where a channel is used during the hopping operation When overlapping hopping is used the channels being used will overlap with at least two of the three non overlapping channels 1 6 and 11 effectively limiting the AP Bridge s operation to the one remaining non overlapped channel and therefore limiting data throughput When one of these situations exists you ca...

Page 152: ... level is high enough the resulting signal to noise ratio will be too low to demodulate the desired signal In this case the best thing to do is to change the channel of the other system to a non overlapping channel 6 or 11 The only alternative in this case is to set all of the AP Bridge s wireless interfaces to channel 11 to prevent operation on channel 3 from interfering with the AP Bridge s oper...

Page 153: ...n is off for 8 to 10ms repeating this cycle whenever the oven is operating Using the 802 11 CSMA function clients and access points will either see a busy channel or an open clear channel depending on whether the magnetron is currently transmitting If it is transmitting 802 11 transmissions are held off If the magnetron is not transmitting 802 11 transmissions will begin Because the period of time...

Page 154: ...hold If valid packets are detected above the threshold the channel is determined to be busy At the highest sensitivity setting 1 the default carrier detect level is approximately 99 dBm This means that a valid 802 11 packet detected on a channel that is greater than this level will prevent the AP Bridge from transmitting on that channel If the signals from the intended clients are well above this ...

Page 155: ...Wi Fi AP Bridge and the direction of the origin of these signals Using the Neighboring AP Bridges Feature to Analyze Interfering Signals The AP Bridge s Neighboring AP Bridges feature is used when the AP Bridge is mounted at its proposed location to determine the best channel to use when automatic channel assignment is not used By looking at the signal strength and channel number of local signals ...

Page 156: ...C layer for the 802 family of standards 802 3 IEEE 802 3 IEEE Std 802 3 2002 defines the MAC layer for networks that use CSMA CA Ethernet is an example of such a network 802 11 IEEE 802 11 IEEE Std 802 11 1999 is a medium access control MAC and physical layer PHY specification for wireless connectivity for fixed portable and moving stations within a local area It uses direct sequence spread spectr...

Page 157: ...niques such as Advanced Encryption Standard AES IEEE 802 11i is still a draft IEEE standard most recent version is D5 0 August 2003 A currently available subset of 802 11i is the Wi Fi Protected Access WPA standard 802 1Q IEEE 802 1Q is the IEEE standard for Virtual Local Area Networks VLANs specific to wireless technologies See http www ieee802 org 1 pages 802 1Q html The standard addresses the p...

Page 158: ...ode a station needs the beacon interval to know when to wake up to receive the bea con The Capability Information lists requirements of stations that want to join the WLAN For example it indicates that all stations must use WEP The Service Set Identifier SSID The Basic Rate Set is a bitmap that lists the rates that the WLAN supports The optional Parameter Sets indicates features of the specific si...

Page 159: ...el The Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving Each 802 11 standard offers a number of channels dependent on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission FCC the European Telecommunications Standards Institute ETSI the Korean Communications Commission or the Telecom Engin...

Page 160: ...lly used to report the signal level of an associated client DCF The Distribution Control Function is a component of the IEEE 802 11e Quality of Service QoS technology standard The DCF coordinates channel access among multiple stations on a wireless network by controlling wait times for channel access Wait times are determined by a random backoff timer which is configurable by defining minimum and ...

Page 161: ...ss LEAP Protected EAP PEAP EAP TLS and EAP Tunnelled TLS EAP TTLS ESS An extended service set ESS is an Infrastructure Mode Wireless Networking Framework with multiple AP Bridges forming a single subnetwork that can support more clients than a basic service set BSS Each AP Bridge supports a number of wireless stations providing broader wireless coverage for a large space for example an office Ethe...

Page 162: ...nother network A gateway also often provides a proxy server and a firewall It is associated with both a router which use headers and forwarding tables to determine where packets are sent and a switch or bridge which provides the actual path for the packet in and out of the gateway Before a host on a LAN can access the Internet it needs to know the address of its default gateway HTML The Hypertext ...

Page 163: ...etwork or system attack from someone attempting to break into the system It reports access attempts using unsupported or known insecure protocols IP The Internet Protocol IP specifies the format of packets also called datagrams and the addressing scheme IP is a connectionless best effort packet switching protocol It provides packet routing fragmentation and re assembly It is combined with higher l...

Page 164: ...ther across a network If packets are not transmitted at a consistent rate including Latency QoS for some types of data can be affected For example inconsistent transmission rates can cause distortion in VoIP and streaming media QoS is designed to reduce jitter along with other factors that can impact network performance Latency Latency also known as delay is the amount of time it takes to transmit...

Page 165: ... and MDI X Medium Dependent Interface MDI and MDI crossover MDIX are twisted pair cabling technologies for Ethernet ports in hardware devices Built in twisted pair cabling and auto sensing enable connection between like devices with the use of a standard Ethernet cable For example if a wireless AP Bridge supports MDI MDIX one can successfully connect a PC and that AP Bridge with an Ethernet cable ...

Page 166: ...seven layers Layer 1 the Physical layer identifies the physical medium used for communication between nodes In the case of wireless networks the physical medium is air and radio frequency RF waves are a com ponents of the physical layer Layer 2 the Data Link layer defines how data for transmission will be structured and formatted along with low level protocols for communication and addressing For ...

Page 167: ...ata on a medium including defining cables NICs and physical aspects Ethernet and the 802 11 family are protocols with physical layer components PID The Process Identifier PID is an integer used by Linux to uniquely identify a process A PID is returned by the fork system call It can be used by wait or kill to perform actions on the given process PoE Power Over Ethernet PoE provides the ability to p...

Page 168: ...itter Packet Loss and network congestion and provide a way of allocating dedicated bandwidth for high priority network traffic The IEEE standard for implementing QoS on wireless networks is currently in work by the 802 11e task group A subset of 802 11e features is described in the WME specification RADIUS The Remote Authentication Dial In User Service RADIUS provides an authentication and account...

Page 169: ... encryption and decryption It is also called secret key or symmetric key encryption Also see Public Key SNMP The Simple Network Management Protocol SNMP was developed to manage and monitor nodes on a network It is part of the TCP IP protocol suite SNMP consists of managed devices and their agents and a management system The agents store data about their devices in Management Information Bases MIBs...

Page 170: ...55 0 the resulting Network address is 192 168 2 0 The bitwise AND operator compares two bits and assigns 1 to the result only if both bits are 1 The following table shows the details of the netmask Supported Rate Set The supported rate set defines the transmission rates that are available on this wireless network A station may be able to receive data at any of the rates listed in this set All stat...

Page 171: ...n program Unicast A Unicast sends a message to a single specified receiver In wireless networks unicast usually refers to an interaction in which the AP Bridge sends data traffic in the form of IEEE 802 1x Frames directly to a single client station MAC address on the network Some wireless security modes distinguish between how unicast multicast and broadcast frames are encrypted or whether they ar...

Page 172: ...gured with a static 64 bit 40 bit secret key 24 bit initialization vector IV or 128 bit 104 bit secret key 24 bit IV Shared Key for data encryption It uses a RC4 stream cipher to encrypt the frame body and CRC of each 802 11 frame before transmission Wi Fi A test and certification of interoperability for WLAN products based on the IEEE 802 11 standard promoted by the Wi Fi Alliance a non profit tr...

Page 173: ...IEEE 802 11i standard It provides more sophisticated data encryption than WEP and also provides user authentication WPA includes TKIP and 802 1x mechanisms WRAP Wireless Robust Authentication Protocol WRAP is an encryption method for 802 11i that uses AES but another encryption mode OCB for encryption and integrity XML The Extensible Markup Language XML is a specification developed by the W3C XML ...

Page 174: ... 45 WDS bridging 66 wireless settings 56 associated wireless clients 77 authentication in different security modes 92 authentication server for IEEE 802 1x security mode 102 for WPA with RADIUS security mode 104 Auto VLAN Settings 89 B backup links WDS 67 beacon interval configuring 52 bridges WDS 66 C certificate obtaining TLS EAP certificate for client 145 security for IEEE 802 1x client 130 sec...

Page 175: ... 25 DNS servers specifying 43 documentation feedback 13 DTIM period configuring 52 E EAP PEAP configuring on IEEE 802 1x client 127 configuring on WPA with RADIUS client 133 encryption in different security modes 92 event log 75 events monitoring 75 extended service set with WDS bridging 66 F factory defaults described 21 returning to 79 features overview 17 feedback documentation 13 firmware upgr...

Page 176: ... IEEE 802 1x radio mode configuring 52 IEEE 802 1x security mode client configuration 127 configuring 102 when to use 93 IEEE rate set configuring 52 Interference 149 interference signal 33 interframe spaces as related to QoS 61 IP address setting 44 IP addresses understanding policies for self managed VWBSs 25 K key management security 92 L LED indicators 18 logging syslog 90 112 logon administra...

Page 177: ...ons indoor 35 36 P packet bursting as related to QoS 62 password configuring administrator 72 network setting for administrator 40 on Network Basic Settings 40 password recovery 114 PEAP configuring on IEEE 802 1x client 127 configuring on WPA with RADIUS client 133 plain text security mode client configuration 124 configuring 98 when to use 92 platform administrator requirements 22 client require...

Page 178: ... comparison of modes 92 configuring on the access point 97 configuring on wireless clients 120 features overview 17 IEEE 802 1x 102 plain text 98 pros and cons of different modes 91 static WEP 98 WEP 98 WPA with RADIUS 104 WPA PSK 108 serial port 19 SNMP Network Management 110 spanning tree protocol STP 67 Spectrallink Voice Priority SVP 60 starting the network 41 static WEP security mode configur...

Page 179: ...nitoring 76 transmit receive information 76 U upgrading the firmware 80 user accounts for built in authentication server 45 user authentication configuring on IEEE 802 1x client 127 configuring on WPA with RADIUS client 133 V Voice over IP improved service with QoS 59 W Warranty and End User License 3 WDS configuring 69 example 70 explanation 66 rules 69 weight indoor switch 32 WEP security mode c...

Page 180: ...right 2004 2005 Vivato Inc 180 settings 56 WPA with RADIUS security mode client configuration 133 configuring 104 when to use 94 WPA PSK security mode client configuration 140 configuring 108 when to use 96 ...

Page 181: ... circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation FCC...

Reviews:

No comments