background image

3-10   

CB3000 Client Bridge User’s Guide

 

4. Click 

Apply

 to apply and save the settings, or 

Cancel

 to exit the screen without saving your changes. 

3.1.3.3 Configuring WPA1 (TKIP) Security Settings

WPA, referred to as WPA1 within the CB3000 console, provides more sophisticated data encryption than 
WEP. The CB3000’s WPA encryption scheme uses 

Temporal Key Integrity Protocol

 (TKIP). TKIP addresses 

WEP’s weaknesses with a re-keying mechanism, a per-packet mixing function, a message integrity check, 
and an extended initialization vector with sequencing rules. 

Also, WPA provides strong user authentication based on 802.1x EAP. The CB3000 supports three EAP types 
suitable for deployments with wireless LANs. They are: 

• TLS – Transport Layer Security

• TTLS – Tunneled Transport Layer Security

• PEAP – Protected EAP

For overview information on WPA1, see 

Appendix D, WPA1 (TKIP) Security

Passphrase Algorithm

Select the passphrase algorithm used to encrypt the passphrase.

Symbol PassKey

 – With Symbol’s proprietary algorithm the CB3000 can 

share a common passkey with other Symbol clients capable of decoding 
it. The CB3000 decodes the PassKey into a set of 4 WEP keys using MD5 
algorithms. The WEP keys display as alphanumeric text in the key fields 
until saved or the user navigates away from the WEP screen. Like a 
passphrase, the PassKey provides an easy to remember way of entering 
WEP key data without having to manually enter the keys each time WEP 
keys are created.

Generic PassPhrase

 –

 A passphrase used as a standard means of 

creating WEP keys between the Symbol CB3000 and non-Symbol clients. 
The CB3000 decodes the passphrase into a set of 4 WEP keys, with the 
length depending on the 64 or 128 bit key length. The WEP keys display 
as alphanumeric text in the key fields until saved or the user navigates 
away from the WEP screen. The PassPhrase provides an easy to 
remember way of entering WEP key data without having to manually 
enter the keys each time WEP keys are created.

Note: 

Both the CB3000 and its networked devices are required to use the 

same key and key length to interoperate.

Passphrase

Specify a 4 to 32 character passphrase, then click the 

Generate Keys

 

button.

The CB3000, other proprietary routers and Symbol devices use an algorithm 
to convert the ASCII passphrase string to the same hexadecimal number. 
This conversion is not required for a wireless connection. Wireless devices 
without Symbol adapters need to use WEP keys manually configured as 
hexadecimal numbers.

Содержание CB3000 - Client Bridge - Wireless Access Point

Страница 1: ...M CB3000 Client Bridge User s Guide ...

Страница 2: ... reserved MOTOROLA and the Stylized M Logo are registered in the US Patent Trademark Office Symbol is a registered trademark of Symbol Technologies Inc All other product or service names are the property of their respective owners ...

Страница 3: ...1 6 Chapter 2 Getting Started 2 1 Basic Requirements 2 1 2 2 Verifying the Package Contents 2 1 2 3 Observing Placement and Range Guidelines 2 2 2 4 Cabling the CB3000 2 2 2 5 Logging into the CB3000 2 4 2 5 1 Discovery Tool Login 2 4 2 5 2 Changing the IP address for a new Client Bridge 2 6 2 5 3 Web Interface Login 2 8 2 6 Viewing CB3000 Information 2 9 2 7 CB3000 Antenna Settings 2 10 Chapter 3...

Страница 4: ... 4 2 5 Time Settings 4 14 Chapter 5 Administrative Options 5 1 Changing the Password 5 1 5 2 Rebooting or Restoring a Device 5 2 5 2 1 Rebooting the Device 5 2 5 2 2 Restoring the Device 5 3 5 3 Importing or Exporting the Configuration File 5 5 5 3 1 Using FTP 5 5 5 3 2 Using HTTP 5 7 5 4 Loading Firmware 5 10 5 5 Logging Settings 5 12 5 6 Troubleshooting Options 5 14 Appendix A CB3000 Technical S...

Страница 5: ...specific items in the general text and to identify chapters and sections in this and related documents Bullets indicate action items lists of alternatives lists of required steps that are not necessarily sequential Sequential lists those describing step by step procedures appear as numbered lists NOTE Indicates tips or special requirements CAUTION Indicates conditions that can cause equipment dama...

Страница 6: ...formation If the problem cannot be solved over the phone you may need to return your equipment for servicing If that is necessary you will be given specific directions NOTE Motorola is not responsible for any damages incurred during shipment if the approved shipping container is not used Shipping the units improperly can possibly void the warranty If the original shipping container was not kept co...

Страница 7: ...Ethernet connectivity The CB3000 has an on board TCP IP stack to provide a reliable transport mechanism The CB3000 bridge can initiate a permanent client connection to your server or accept datagrams from multiple sources Use the CB3000 Client Bridge to network devices that do not have a PC Card slot or PCI card slot printers scanners Internet appliances etc Up to 16 devices can be networked simul...

Страница 8: ...ess point when operating in Infrastructure mode For more information on CB3000 Client Bridge Infrastructure mode operation see Infrastructure Mode on page 1 3 1 1 2 Feature Summary The CB3000 Client Bridge Client Bridge has the following feature set Device driver free installation Multi functional status LEDs Updatable device firmware IEEE 802 11a b g device interoperability Automatic rate selecti...

Страница 9: ...Peer Mode 1 2 1 1 Infrastructure Mode In infrastructure mode the CB3000 Client Bridge connects to a LAN through a wireless access point Ethernet client devices such as PCs printers POS devices and other Ethernet capable devices connect to the CB3000 Client Bridge either directly or through a hub or switch The CB3000 Client Bridge associates with a nearby access point which sees the CB3000 Client B...

Страница 10: ...eamble settings and security settings are required to be the same for the units to communicate Figure 1 3 Ad hoc Mode 1 2 2 Media Access Control MAC Layer Bridging Like other Ethernet devices the CB3000 Client Bridge has a hardware factory encoded address called a MAC address The address consists of a 48 bit number written as six hexadecimal bytes separated by colons The CB3000 Client Bridge maint...

Страница 11: ...mitted over a medium and successfully de modulated at the receiving end The 802 11b standard uses Direct Sequence Spread System DSSS while 802 11a g uses Orthogonal Frequency Division Multiplexing OFDM to accommodate higher data rates on any medium 1 2 5 Web Management Support The Motorola CB3000 Client Bridge contains a built in browser interface that enables you to configure and manage the devic...

Страница 12: ...es support for the following wireless security protocols WEP Security WPA1 Security with TKIP algorithm WPA2 Security with TKIP CCMP AES algorithms Secure 802 1x Security with MD5 MSCHAPV2 PEAP TLS TTLS EAP types For more information on these security types refer Appendix D Wireless Security Basics ...

Страница 13: ...device configuration The PC must have an RJ 45 Ethernet port and a CDROM drive The PC must be running the following Windows 2000 or XP operating system Microsoft Internet Explorer 5 0 or later or Netscape Navigator 6 0 or later An access point for infrastructure mode operation or a networked client for Ad hoc peer to peer mode operation 2 2 Verifying the Package Contents Before installing the CB30...

Страница 14: ...ld not be near other equipment transformers fluorescent lights etc that could interfere with the CB3000 s radio transmissions The site should be within 330 ft for 802 11a and 250 ft for 802 11g of the LAN or wireless access point connected to the CB3000 2 4 Cabling the CB3000 To cable the CB3000 follow these steps 1 Screw the antenna clockwise onto the antenna connector on the rear of the CB3000 a...

Страница 15: ...built in power converter automatically selects and adjusts the power for the appropriate voltage 6 Verify the installation by checking the status of the LEDs on the front of the CB3000 Figure 2 2 Front of the CB3000 Table 2 1 describes the CB3000 LED indicators If the CB3000 s LED functionality has been verified log into the CB3000 console to begin basic device configuration see Logging into the C...

Страница 16: ...iscovered it is listed within the Discovery Tool interface By selecting a discovered unit within the Discovery Tool you can log into its console Table 2 1 CB3000 LEDs LED Label Activity Description Power LEDs Status OFF Power OFF Error Orange ON Hardware error Status Green ON Power ON Device ready Status Green Blinking Booting system self test or firmware upgrade Radio LEDs 802 11a 802 11b g OFF C...

Страница 17: ...s of the CB3000 you wish to log into 4 A Security Alert dialog box displays Click Yes to proceed Figure 2 4 Security Alert Dialog Box 5 A CB3000 Login dialog box displays Enter a username and password to log onto the CB3000 console The default username and password are admin and symbol respectively NOTE If the subnet of the PC where the tool is run is different from the current ip address of the C...

Страница 18: ...r data received and transmitted through the CB3000 2 5 2 Changing the IP address for a new Client Bridge The CB3000 is factory configured with DHCP enabled and ready to associate with a wireless network using an ESSID of 101 When the device is booted up it tries to associate to a network with ESSID 101 and obtain its IP address from the DHCP server If the device is unable to obtain and IP address ...

Страница 19: ...an choose to select the network adapter to connect to To do so select the appropriate network adapter from the Network adapter drop down list box 5 Click the OK button to save the changes and close the dialog box You are prompted for the password for the admin account for the CB3000 Figure 2 8 Confirm IP Change by providing password here 6 The information is saved to the CB3000 The Discovery Tool ...

Страница 20: ...sing an IP address 1 The CB3000 console is accessible via a Web browser using HTTP over SSL secure socket layer protocol Simply this means you need to add an s in the intro of the URL For example https Enter the IP address URL for the CB3000 within your Web browser The default CB3000 address is 10 10 1 1 2 A Security Alert dialog box displays click Yes to proceed Figure 2 10 Security Alert Dialog ...

Страница 21: ...creen displays The Information screen includes four data fields Client Bridge Information Includes the factory settings such as device name MAC address firmware version radio version and country of origin for the device Ethernet Settings Includes IP address information for the Ethernet port and ultimately the IP address of the device Also whether the device is assigned an IP through DHCP or a stat...

Страница 22: ...end to use a different model antenna that antenna needs to be selected from the Antenna Settings screen in order to adjust the transmit power accordingly To select an antenna for use with the CB3000 1 Select Settings Wireless Settings Antenna Settings from the CB3000 menu tree The Antenna Settings screen displays 2 Select an antenna from the Antenna Selection drop down menu To use an antenna not l...

Страница 23: ...ts Other the text entry field is blank and the user must enter a gain value The gain is a positive value with no more than 1 decimal place 4 Refer to the Additional System Loss parameter If the user selects any antenna except Other the loss value cannot be modified If the user selects Other then the text entry field is blank and the user must enter a loss value 5 Click Apply to save the settings T...

Страница 24: ...2 12 CB3000 Client Bridge User s Guide ...

Страница 25: ...tworks and then configure different aspects of a wireless LAN Available Networks Network Configurations Security Encryption Configurations Client Management 3 1 1 Available Networks A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionality of a wired LAN A CB3000 can locate WLANs within its radio coverage area and connect to them A WLAN does not req...

Страница 26: ...eer Indicates ad hoc mode To change the network mode see Network Configurations on page 3 3 SSID The Service Set Identifier SSID of the access point or peer device The name is case sensitive and cannot exceed 32 characters MAC Address The MAC address for the access point or peer A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons it cannot be modified RSSI The Rel...

Страница 27: ...000 default mode To configure the CB3000 Client Bridge within an infrastructure network follow these steps 1 Select Settings Wireless Settings WLAN Settings from the CB3000 menu tree The WLAN Settings screen displays 2 For the Network Mode field select Infrastructure AP The Infrastructure Configuration screen displays Channel The direct sequence channel that the access point or peer is currently u...

Страница 28: ...o connect to 4 Select the Frequency Band Options include a b g a or b g Ensure the frequency band selected is consistent with the WLAN network By restricting the Frequency Band on the CB3000 you can reduce the time the CB3000 takes to search for available APs 5 Click the View Available Networks link to view the Available Networks screen Use this screen to view a list of available ESSIDs networks a...

Страница 29: ...g your CB3000 illegally To configure the CB3000 for AD Hoc operation 1 Select Settings Wireless Settings WLAN Settings from the CB3000 menu tree 2 For the Network Mode field select Ad hoc Peer to Peer The Ad Hoc Configuration screen displays 3 Configure the remainder of the fields as appropriate per the following descriptions IBSSID Wireless LAN Service Area Select from one of the following radio ...

Страница 30: ...et data rates for the ad hoc configured CB3000 click the Data Rate button The Set Data Rates screen displays NOTE The CB3000 must already be configured to run in ad hoc mode in order to set data rates If the unit is configured for infrastructure mode the Data Rate button is disabled NOTE To change the mode in which the CB3000 Client Bridge runs select the appropriate mode from the Network Mode dro...

Страница 31: ...be maintained 5 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes To configure the CB3000 into an Infrastructure network instead see Configuring Infrastructure Settings on page 3 3 NOTE Select supported rates in respect to the data rates supported by the peer devices within the ad hoc network For example if several of the peers within the network a...

Страница 32: ...non secure connection security is available among the CB3000 security options To set CB3000 security to Open no data protection 1 Select Settings Wireless Settings Security from the CB3000 menu tree The Security screen is displayed 2 Select Open from the Security Mode drop down menu 3 Click Apply to save and apply the setting 3 1 3 2 Configuring WEP Security Settings WEP is an encryption security ...

Страница 33: ... device are required to use the same key 1 through 4 to interoperate A shared key increases the level of security within the network as opposed sending information without one Default Transmit Key Specify which one key is used to transmit WEP algorithm information between the CB3000 and its connected device WEP Encryption Select a WEP encryption model 64 bits Encrypts using a 40 bit key The keys a...

Страница 34: ...WEP keys using MD5 algorithms The WEP keys display as alphanumeric text in the key fields until saved or the user navigates away from the WEP screen Like a passphrase the PassKey provides an easy to remember way of entering WEP key data without having to manually enter the keys each time WEP keys are created Generic PassPhrase A passphrase used as a standard means of creating WEP keys between the ...

Страница 35: ... the CB3000 menu tree 2 Select WPA1 from the Security Mode drop down menu Figure 3 5 WPA1 Configuration 3 Select a WPA1 Type of either WPA1 Personal or WPA1 Enterprise NOTE Only Open and WPA security settings are available for the Ad hoc Peer to Peer network mode Infrastructure AP network mode supports all the different security settings WPA1 Personal In this mode a pre shared key password is used...

Страница 36: ... type provides a wide range of Extensible Authentication Protocol EAP types to ensure secure WLAN connections WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each p...

Страница 37: ...ecurity is not compromised See Figure 3 7 for WPA1 Enterprise EAP TLS security fields WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created...

Страница 38: ...e WPA1 User Certificate The user certificate can be uploaded to the device by Pasting the certificate in the Paste User Certificate text area To upload the certificate click the Apply button located at the bottom of the screen By providing the path to the file containing the WPA1 User Certificate in the Import text box Use the Browse button to display the Open File dialog from where the file can b...

Страница 39: ...basic authentication protocol that transmits unencrypted ASCII passwords over the network MD5 Message Digest algorithm 5 MD5 is a cryptographic hash algorithm that uses a 128 bit hash value GTC Generic Token Card GTC is a protocol that enables the exchange of clear text authentication credentials across a network This protocol uses one time password and therefore is not vulnerable to replay attack...

Страница 40: ...te WPA1 Root Certificate Import The WPA1 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from ...

Страница 41: ...alidate the Server Certificate WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created by mixing together a combination of things including a...

Страница 42: ...Configuration 3 Select a WPA2 Type of either WPA2 Personal or WPA2 Enterprise menu WPA1 Root Certificate WPA1 Root Certificate Import The WPA1 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing ...

Страница 43: ...ansmitting station and the serial number for the packet This mixing operation is designed to put a minimum demand on the CB3000 and its supported clients but enough cryptographic strength so it cannot easily be broken CCMP AES Utilizes an Advanced Encryption Standard AES 128 bit key algorithm with a 48 bit initialization vector IV for replay detection The Counter Mode CM component of CCMP is the a...

Страница 44: ...anges the key used for each packet The key is created by mixing together a combination of things including a base key called a Pairwise Transient Key the MAC address of the transmitting station and the serial number for the packet CCMP AES Utilizes an Advanced Encryption Standard AES 128 bit key algorithm with a 48 bit initialization vector IV for replay detection The Counter Mode CM component of ...

Страница 45: ...rise type provides enterprise class security to the devices connected to the CB3000 WPA2 Enterprise type provides a wide range of EAP types to ensure secure WLAN connections Figure 3 12 WPA2 Type Screen Enterprise Configure the WPA2 Enterprise type fields as per the following description ...

Страница 46: ...Message Authentication Code CBC MAC component of CCMP provides data integrity and authentication Both Select this option to enable CB3000 to support devices that use both TKIP and CCMP algorithms Use this option when the number of devices is large WPA2 User ID The User ID for authentication WPA2 Key Password The key password WPA2 TLS Key WPA2 TLS Key Import The WPA2 TLS Key The key can be uploaded...

Страница 47: ...e WPA2 Root Certificate Import The WPA2 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from w...

Страница 48: ...PEAP to provide server authentication WPA2 Algorithm Select the WPA2 algorithm to use TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created by mixing together a combination of thi...

Страница 49: ...te can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from where the file can be selected To upload the file containing the certificate...

Страница 50: ... data integrity and authentication Both Select this option to enable CB3000 to support devices that use both TKIP and CCMP algorithms Use this option when the number of devices is large WPA2 User ID The User ID for authentication WPA2 Password The WPA2 user password Clean User ID and Password Check to prevent the CB3000 from saving the WPA user name and its password in its cache WPA2 Root Certific...

Страница 51: ...ion on configuring 802 1x see Appendix D Secure 802 1x Security For more details on encryption types pros and cons of different encryption types and required configuration parameters see the Wi Fi Alliance Web site at http www wifialliance org OpenSection index asp To configure Secure 802 1x security settings 1 Select Settings Wireless Settings Security from the CB3000 menu tree 2 Select Secure 80...

Страница 52: ...an extensible set of user authentication methods 4 Use the Default Transmit Key checkboxes to specify which one key is used to transmit WEP algorithm information between the CB3000 and its connected device 5 Select either 64 bits or 128 bits from the WEP Encryption drop down menu For WEP 64 40 bit key the keys are 10 hexadecimal characters in length For WEP 128 104 bit key the keys are 26 hexadeci...

Страница 53: ...evices without Symbol adapters need to use WEP keys manually configured as hexadecimal numbers 8 Enter the User ID and Password to verify your user credentials against the user and password credentials used by the authentication server 9 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes Only for PEAP and TTLS EAP Types By default the User ID and Pa...

Страница 54: ...is using a DHCP server to obtain an IP address Bootp for DHCP Discover Select from Broadcast or Unicast Default is Broadcast Use the Following IP Address Select this option if an IP address is entered manually static IP Address If no DHCP resources are available specify the static IP address of CB3000 This IP address is visible to the Internet Subnet Mask If no DHCP resources are available specify...

Страница 55: ... This option is available when Auto Negotiate Auto Sense is Off Duplex Mode The connection type This option is available when Auto Negotiate Auto Sense is Off 3 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes ...

Страница 56: ...ying client access to the CB3000 supported WLAN by way of exception By default all located clients have the ability to connect and interoperate with the CB3000 It is only when the client list exceeds 16 devices that clients require removal from the list The list can be refreshed periodically to remove devices that have lost their CB3000 To create a list of prioritized CB3000 client devices 1 Selec...

Страница 57: ...in the CB3000 supported subnet Of these devices only one can be a point of sale POS device Once located and added to the client prioritization list clients can be moved off of the list in order to maintain the maximum of 16 devices Device MAC addresses are not visible on the network in this mode and are replaced by the CB3000 s MAC address 3 To add a client enter the client s MAC address in the MA...

Страница 58: ...ient devices 1 Select Settings Wired Ethernet ACL from the CB3000 menu tree The Wired Ethernet ACL screen displays 2 To add a MAC address range enter the client MAC address range in the MAC Address field in both the start and stop MAC address fields Click Add The MAC address range is added to an Ethernet Access Control List 3 Delete the MAC address range from the Ethernet Access Control list to gr...

Страница 59: ... can be used to assess the CB3000 s overall performance and whether an optimal data rate can be achieved and maintained in respect to the devices with which the CB3000 is interoperating Transmit and receive statistics can also be displayed for the CB3000 radio The wireless radio statistics information is useful in assessing the CB3000 s radio RF utilization and the level of RF interference current...

Страница 60: ...ither gave up on or could not decrypt Table 4 1 Describes the Wireless Statistics Click Refresh to update to the latest statistics Table 4 1 Wireless Statistics Screen Details Statistic Description Information Panel Details Physical Address MAC address of the CB3000 housing the radio The MAC address is hard coded into the device at the factory and cannot be changed Current Channel Channel for comm...

Страница 61: ...eceived packets Approximate RF Utilization Approximate RF utilization of the CB3000 radio This value is calculated as the throughput divided by average bit speed Non unicast pkts Percentage of total radio packets that are non unicast Non unicast packets include broadcast and multicast packets RF Status Panel Details Avg MU Signal Average RF signal strength in dBm for all devices interoperating wit...

Страница 62: ...am for each of the client bridge radios The Packets Sent Histogram displays a percentage of the packets sent over the CB3000 radio at the data rate Mbps each was sent If the majority of the packets sent are at a slower data rate then the one configured for the CB3000 radio network problems are preventing the CB3000 from transmitting at an optimum speed and you need to troubleshoot the device 3 Cli...

Страница 63: ...ebooted or the data collection statistics refreshed Table 4 2 describes Ethernet statistics Click Refresh to update to the latest statistics Table 4 2 Ethernet Statistics Screen Details Statistic Description Information Panel Details Physical Address The MAC address of the CB3000 The MAC address is hard coded into the device at the factory and cannot be changed Subnet Mask Subnet mask IP address f...

Страница 64: ...ality of the current CB3000 network connection RX Dropped Number of data packets that fail to reach the CB3000 If this number appears excessive consider establishing a new connection to the client RX Overruns Buffer overruns to the CB3000 These occur when packets are received faster than the CB3000 can handle them If the number seems excessive consider reducing the data rate see Configuring Ad Hoc...

Страница 65: ...Management Options 4 7 Figure 4 4 View Log Screen ...

Страница 66: ...agement HTTP from the CB3000 menu tree Figure 4 5 HTTP HTTPS Configuration Settings The HTTP HTTPS Configuration Settings screen displays By default HTTPS is enabled 2 To change Web access to HTTP select the HTTP radio button Click Apply This enables HTTP access to the Client Bridge If you select HTTP the CB3000 is accessible through HTTPS as well If HTTPS is selected however access is only permit...

Страница 67: ...possibly altering the SNMP agent s configuration or protocol entity implementation SNMP ACL Violation Trap generated whenever a SNMP client cannot access SNMP management functions or data due to an Access Control List ACL violation This can result from a missing incorrect IP address entered within the Ethernet Settings screen SNMP Authentication Failures Trap generated whenever a SNMP capable clie...

Страница 68: ... save the setting Figure 4 6 SNMP Trap Selection 4 2 2 2 SNMP Access Use the CB3000 SNMP interface to restrict access using IP addresses Those who are allowed access to the CB3000 SNMP interface have access to read the SNMP generated information and if allowed modify related settings from an SNMP capable client To configure SNMP user access control for the CB3000 1 Select Management SNMP SNMP Acce...

Страница 69: ... default is private 5 Enter Start IP and End IP addresses to specify a range of users that can access the CB3000 SNMP interface Use just the Start IP Address field to specify a single SNMP user To leave access unrestricted do not enter an IP address For additional access control an SNMP capable client can be set up whereby only the administrator can use a read write community definition 6 Click Ad...

Страница 70: ... receives the traps SNMP Version Use the SNMP Version drop down menu to specify v1 or v2 Some SNMP clients support only SNMP v1 traps while others support SNMP v2 traps and possibly both verify the correct traps are in use with clients that support them 3 For each specified destination IP click Add to add the destination to the list of locations 4 Select the checkbox for the destination IP address...

Страница 71: ...e relevant SNMP trap is set 3 Use the Minimum number of Packets required for a trap to fire text box to enter the minimum number of packets that are required for the SNMP traps to fire 4 Click Apply button to accept the changes to this screen Click Undo Changes to revert back to older values supplied for this screen 4 2 4 DHCP Server Settings A CB3000 in an Ad hoc network can serve as a DHCP serve...

Страница 72: ... 255 0 Gateway IP address of the DHCP server First DNS A DNS server translates human readable addresses i e www motorola com into an IP address readable by a computer Second DNS Backup DNS server 4 Click Apply to save the settings or Cancel to exit the screen without saving your changes 4 2 5 Time Settings Time synchronization is recommended for the CB3000 s network operations Therefore setting th...

Страница 73: ... entered within the Server Configuration fields Preferred time Server IP address and port of the primary NTP server The default port is 123 First Alternate time Server Optionally specify the IP address and port of an alternative NTP server to use for time synchronization if the primary NTP server goes down Second Alternate time Server Optionally specify the IP address and port of yet another NTP s...

Страница 74: ...4 16 CB3000 Client Bridge User s Guide ...

Страница 75: ...ing the Configuration File Loading Firmware Logging Settings Troubleshooting Options 5 1 Changing the Password Before setting CB3000 security options verify that an administrative password exists for the CB3000 that is different from the default password for the device that can be easily obtained To password protect and restrict CB3000 device access 1 Select Tools Change Password from the CB3000 m...

Страница 76: ...actory state this is also a viable option Restoring the device wipes out all previously configured settings Motorola recommends saving a configuration file before restoring the device See Importing or Exporting the Configuration File on page 5 5 See the following for more information on rebooting or restoring the CB3000 Rebooting the Device Restoring the Device 5 2 1 Rebooting the Device To reboot...

Страница 77: ...e 5 5 To restore the CB3000 to the out of box default configuration 1 Save the CB3000 s current configuration before updating the firmware After the firmware update the configuration file can be imported in order to restore the CB3000 to the configuration saved before the update See Importing or Exporting the Configuration File on page 5 5 for more information 2 Select Tools Reset Restore from the...

Страница 78: ...ion is disrupted for a few moments while the CB3000 loads its default out of box configuration then restores the screen Once the default configuration is restored restore the last saved configuration or reconfigure the device NOTE Restoring the device is the same as the Reset to initial option available on the Troubleshooting screen ...

Страница 79: ...iles not located with the CB3000 but on an accessible FTP server HTTP is useful to import export configuration files locally Refer to the following depending on your import export requirements Using FTP Using HTTP 5 3 1 Using FTP To import or export a CB3000 configuration file using an FTP server 1 Select Tools Configuration File Settings from the CB3000 menu tree The Config Import Export screen d...

Страница 80: ...in to the FTP server Password Password associated with username allowing access to the FTP server for the operation Config File Types CB3000 Client Bridge allows export of device configuration information as binary or text file types Binary files are used when upgrading CB3000 Client Bridge device firmware from version 1 0 to version 1 1 Text files are human readable and are a important while trou...

Страница 81: ...orting or exporting a configuration file If importing follow these steps Click Browse to define a location on the system for the imported configuration file Click the Apply Uploaded File button to apply the configuration If successful the following message displays Configuration file has successfully updated Rebooting Please wait If exporting follow these steps Click the Generate File button to ge...

Страница 82: ... As the file does not have an extension the Open With pop up window opens Figure 5 7 Open With Dialog Box In the Open With pop up window select Internet Explorer and click OK to open the configfile with Internet Explorer Use Internet Explorer s File Save As dialog box to save the configfile as a text file ...

Страница 83: ...Administrative Options 5 9 Figure 5 8 Save File As Dialog Box From the Save as Type drop down select Text File txt Click Save to save the file ...

Страница 84: ...ality To conduct a CB3000 firmware update 1 Save the CB3000 current configuration before updating the firmware After the update the configuration file can be imported to restore the CB3000 to the settings before the update See Importing or Exporting the Configuration File on page 5 5 for more information 2 Select Tools Load Firmware from the CB3000 menu tree The Load Firmware screen displays Figur...

Страница 85: ...ther the FTP or TFTP server radio button as required to define whether the firmware file resides on a FTP or TFTP server d Set the following parameters IP Address IP address for the FTP or TFTP server Username for FTP server only Username to log into the server Password for FTP server only Password associated with the username e Continue with step 7 6 If loading the firmware file from a locally st...

Страница 86: ...able 1 Alert Action on these types of events must be taken immediately 2 Critical States a critical condition 3 Errors Describes an error 4 Warning Action should be taken as soon as possible 5 Notice A normal but important event 6 Info Nothing to do since information only 7 Debugging purposes only saved locally Select this radio button to save the log file to the host to which the CB3000 is physic...

Страница 87: ...n for the log file Your Outgoing Mail Server Enter the IP address of the outgoing mail server required to route the log file to the destination email address 3 Click Apply to save any changes 4 Click Undo Changes to undo any changes made Configurations revert to the last saved configuration ...

Страница 88: ... site Go to http support symbol com support product softwaredownloads do to compare the versions To update the firmware see Loading Firmware on page 5 10 The MAC Address and Serial Number are hardcoded to the CB3000 during the manufacturing and are located on the bottom of the CB3000 Keep the MAC address and the serial number readily available since these addresses are required when contacting Sym...

Страница 89: ...the host s IP address To conduct an ICMP ping test with the CB3000 s host a Enter the IP address of the host b Specify the length of each data packet transmitted to the target device during the test This increment is defined in bytes If you don t know enter a large arbitrary amount like 500 c Specify the number of ping packets to transmit d Click the Comm Connection Test button Results of the test...

Страница 90: ...5 16 CB3000 Client Bridge User s Guide ...

Страница 91: ...x IEEE802 3u HTTP Network Architectures Infrastructure Access Points Ad Hoc Peer to Peer Operating Frequencies 802 11a 4 9 5 9 GHz 802 11b g 2 4 2 5 GHz LAN Ethernet Connection One 10 100 Base T Ethernet Frame Ethernet_II and IEEE 802 3 Data Rate IEEE 802 11a 54 48 36 24 18 12 9 6 Mbps IEEE 802 11b 11 5 5 2 1 Mbps IEEE 802 11g 54 48 36 24 18 12 9 6 Mbps Modulation IEEE 802 11a Orthogonal Frequency...

Страница 92: ...us Storage Temperature 20 70 Celsius Operating Humidity 10 90 relative humidity non condensing Storage Humidity 5 85 relative humidity non condensing Power Supply Switching DC 12V 1A Other Features Supports SNMP MIBs Simple network management protocol Features Embedded HTTP Web management server in each access point works with any web browser that supports HTML and Javascript ...

Страница 93: ...ork interface sub layers This is an updated version of the MIB II Table 1 3 6 1 2 1 2 2 1 1 IP FORWARD MIB Module for managing CIDR multipath routes 1 3 6 1 2 1 4 24 IP MIB MIB for managing IP and ICMP implementations excludingthemanagementof IP routes 1 3 6 1 2 1 4 IP 1 3 1 6 2 1 5 ICMP 1 3 1 6 2 1 48 XXX DOT11EXT2 MIB Vendor specific extensions to the standard 802 11 MIB for additional station m...

Страница 94: ...B 2 CB3000 Client Bridge User s Guide ...

Страница 95: ...t forth in support agreements If you purchased your Enterprise Mobility business product from a Motorola business partner contact that business partner for support Customer Support Web Site Motorola s Support Central Web site located at http support symbol com support provides information and online assistance including developer tools software downloads product manuals and online repair requests ...

Страница 96: ...C 2 CB3000 Client Bridge User s Guide ...

Страница 97: ...Wireless Security Basics CB3000 Client Bridge provides support for the following wireless security protocols WEP Security WPA1 TKIP Security WPA2 CCMP Security Secure 802 1x Security ...

Страница 98: ...r decryption function is performed The device takes plain text encrypts or scrambles the text typically by mathematically combining the key with the plain text as instructed by the algorithm then transmits the data over the network At the receiving end another device takes the encrypted text and decrypts or unscrambles the text revealing the original message An unauthorized user can know the algor...

Страница 99: ...rotocol TKIP TKIP addresses WEP s weaknesses with a re keying mechanism a per packet mixing function a message integrity check and an extended initialization vector with sequencing rules WPA also provides strong user authentication based on 802 1x EAP Two requirements strong encryption to prevent eavesdropping and mutual authentication to ensure that sensitive information is transmitted only over ...

Страница 100: ...ablish TLS session and validate certificates on both client and server Two phases Establish TLS between client and TTLS server Exchange attribute value pairs between client and server Two parts Establish TLS between client and PEAP server Run EAP exchange over TLS tunnel Fast Session Reconnect No Yes Yes WEP Integration Server can supply WEP key with external protocol e g RADIUS extension PKI and ...

Страница 101: ...y TLS a TLS is secure but the requirement for client certificates is too big a hurdle for most institutions to deal with b TTLS at least initially is much more widely implemented than PEAP and therefore has a slight convenience advantage over the comparable PEAP method c PEAP uses the TLS channel to protect a second EAP exchange PEAP is backed by Microsoft Table D 1 Detailed Comparison of TLS base...

Страница 102: ...the 802 11i standard CCMP computes a Message Integrity Check MIC using the proven Cipher Block Message Authentication Code CBC MAC technique Changing just one bit in a message produces a totally different result WPA2 CCMP is based on the concept of a Robust Security Network RSN which defines a hierarchy of keys with a limited lifetime similar to TKIP Like TKIP the keys the administrator provides a...

Страница 103: ...ted supplicant client device tries to connect with an authenticator in this case the CB3000 Client Bridge The CB3000 Client Bridge passes EAP packets from the client to an authentication server on the wired side of the CB3000 Client Bridge All other packet types are blocked until the authentication server typically a RADIUS server verifies the MU s identity Using Secure 802 1x a user requests devi...

Страница 104: ...D 8 CB3000 Client Bridge User s Guide ...

Страница 105: ......

Страница 106: ...MOTOROLA INC 1303 E ALGONQUIN ROAD SCHAUMBURG IL 60196 http www motorola com 72E 122702 01 Revision A August 2009 ...

Отзывы: