Nortel 120 Скачать руководство пользователя | Manualshive

Страница: 93 / 130

background image

WebUI navigation

93

Wireless security considerations

Security mechanism

Client support

Implementation
considerations

WPA2 with 802.1X

Requires WPA-enabled
system and network card
driver

• Provides the strongest
security in WPA2-only mode
• Provides robust security in
mixed mode for WPA and
WPA2 clients
• Offers fast roaming
for time-sensitive client
applications
• Requires configured RADIUS
server
• 802.1X EAP type can
require management of digital
certificates for clients and
server
• Clients can require hardware
upgrade to be WPA2 compliant

WPA2 PSK Mode

Requires WPA-enabled
system and network card
driver

• Provides robust security in
small networks
• Requires manual
management of preshared
key
• Clients can require hardware
upgrade to be WPA2 compliant

Note: You must enable data encryption through the Web interface to
enable all types of encryption (WEP, TKIP, or AES) in the access point.

The access point can simultaneously support clients using various different
security mechanisms. The configuration for these security combinations are
outlined in the following table. Note that MAC address authentication can
be configured independently to work with all security mechanisms and is
indicated separately in the table. Required RADIUS server support is also
listed.

Security combinations

Security combinations

Client security
combination

Configuration summary

1

MAC authentication

2

RADIUSserv
er

No encryption and
no authentication

Interface Detail Settings:
Authentication: Open
System
Encryption: Disable
802.1x: Disable

Local, RADIUS, or Disabled

No

BAP120

Using the Nortel Business Access Point 120

NN47921-301

01.01

Standard

1.0

August 2006

Copyright © 2006, Nortel Networks

Nortel Networks Confidential

.

«
...
91
92
93
94
95
...
»

Содержание 120

Страница 1: ...BAP120 Using the Nortel Business Access Point 120 NN47921 301 ...

Страница 2: ...e accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks Nortel Nortel Logo the Globemark and This is the way This is Nortel Design mark are trademarks of Nortel Networks Microsoft MS MS DOS Windows and Windows...

Страница 3: ...System defaults 18 BAP120 installation and initial configuration 23 Installing the BAP120 hardware 25 BAP120 hardware installation procedures 25 Mounting the access point on a wall or ceiling 27 Mounting the BAP120 on a horizontal surface 28 Attaching the antenna 29 Powering up the BAP120 30 Configuring the network 33 Procedure job aid 33 Configuring the BAP120 the first time it is powered up 35 T...

Страница 4: ...ment 63 Administration 64 Changing the password 64 Setting the timeout interval 65 Upgrading Firmware 65 System log 68 Enabling system logging 68 Configuring SNTP 70 SNMP 70 Configuring SNMP and Trap message parameters 71 Configuring SNMPv3 users 74 Configuring SNMPv3 trap filters 75 Configuring SNMPv3 targets 77 Radio interface 78 Slot 0 Radio A 802 11a 79 Configuring VAP radio settings 79 Config...

Страница 5: ... Access Point 123 Ad hoc 123 Advanced Encryption Standard AES 123 Authentication 123 Backbone 123 Basic Service Set BSS 124 Beacon 124 Broadcast key 124 CSMA CA 124 Dynamic Host Configuration Protocol DHCP 124 Encryption 124 Extended Service Set ESS 124 Extensible Authentication Protocol EAP 124 Ethernet 124 File Transfer Protocol FTP 124 Hypertext Transfer Protocol HTTP 125 Internet Control Messa...

Страница 6: ...127 Simple Network Management Protocol SNMP 127 Simple Network Time Protocol SNTP 127 Temporal Key Integrity Protocol TKIP 127 Trivial File Transfer Protocol TFTP 127 Virtual Access Point VAP 127 Virtual LAN VLAN 127 Wi Fi protected access 127 Wired Equivalent Privacy WEP 128 WPA Preshared Key PSK 128 BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copy...

Страница 7: ...derable cost savings over wired LANs which include long term maintenance overhead for cabling Navigation BAP120 Fundamentals page 9 BAP120 installation and initial configuration page 23 Installing the BAP120 hardware page 25 Configuring the network page 33 Configuring the BAP120 the first time it is powered up page 35 Troubleshooting page 41 System configuration management page 45 References page ...

Страница 8: ...8 Introduction BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 9: ...n operate in one of four modes Access Point Providing connectivity to wireless clients in the service area Repeater Providing an extended link to a remote access point from the wired LAN In this mode the access point does not have a cable connection to the wired Ethernet LAN In this mode at least one access point must have wired connectivity to enable the signal to repeat to the next unwired acces...

Страница 10: ...lf duplex connection to Ethernet networks for each active channel or up to 108 Mbps when using turbo mode on the 802 11a interface The access point also supports Super A for 108 Mb s on 802 11a mode and Super G for 108 Mb s on 802 11g mode BAP120 user interfaces You can manage the switch using one of the following Web based management You can manage the network from the World Wide Web Access the W...

Страница 11: ...helping to avoid multi path fading effects When receiving the access point checks both antennas and selects the one with the strongest signal When transmitting it continues to use the antenna previously selected for receiving The access point never transmits from both antennas at the same time BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 20...

Страница 12: ...en Fully functional Indicates that the system is working normally Flashing Amber Initialization phase Indicates that the system is running a self test or loading the software program PWR Flashing Prolonged Indicates system errors On Green Functional not ongoing transmission Indicates a valid 10 100 Mb s Ethernet cable link Link Flashing Green Transmitting Indicates that the access point is transmi...

Страница 13: ...etwork activity 11b g Off Indicates that the 802 11b g radio is disabled Security slot The access point includes a Kensington security slot on the rear panel You can prevent unauthorized removal of the access point by wrapping the Kensington security cable not provided around an unmovable object inserting the lock into the slot and turning the key Console port The console port is only used for mai...

Страница 14: ...ton as a last resort for resetting the access point Nortel recommends that you use the reset options that are available through the WebUI Power connector The access point does not have a power switch It is powered on when connected to the AC power adapter and the power adapter is connected to a power source The power adapter automatically adjusts to any voltage between 100 240 volts at 50 or 60 Hz...

Страница 15: ...ture wireless LAN Infrastructure wireless LAN for roaming wireless PCs The BSS defines the communications domain for each access point and its associated wireless clients The BSS ID is a 48 bit binary number based on the wireless MAC address for the access point and is set automatically and transparently when clients associate with the access point The BSS ID is used in frames sent between the acc...

Страница 16: ...n roam freely All wireless network cards and adapters and wireless access points within a specific ESS must be configured with the same SSID Infrastructure wireless LAN for roaming wireless PCs Infrastructure wireless bridge The IEEE 802 11 standard defines a Wireless Distribution System WDS for bridge connections between BSS areas access points The access point uses WDS to forward traffic on link...

Страница 17: ...wireless bridge network When using WDS on a radio band only wireless bridge units can associate with each other Wireless clients can only associate with the access point using a radio band set to access point or repeater mode Infrastructure wireless bridge Infrastructure wireless repeater The access point can also operate in a bridge repeater mode to extend the range of links to wireless clients T...

Страница 18: ...channel Infrastructure wireless repeater System defaults The following table lists some of the BAP120 basic system defaults System defaults System defaults Feature Parameter Default Identification System Name Business Access Point 120 User Name nnadmin Administration Password PlsChgMe HTTP Server Enabled General HTTP Server Port 80 BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 0...

Страница 19: ...ession Timeout 0 minutes disabled Local MAC System Default Allowed MAC Authentication Local MAC Permission Allowed Status Disabled Broadcast Key Refresh 0 minutes disabled Session Key Refresh 0 minutes disabled 802 1X Authentication Re authentication Refresh Rate 0 seconds disabled Management VLAN ID 1 VLAN ID VAP Interface 1 VLAN VLAN Tag Support Disabled QoS QoS Mode Off Local Bridge Disabled AP...

Страница 20: ... Logging Host Disabled Logging Console Disabled IP Address Host Name 0 0 0 0 Logging Level Informational System logging Logging Facility Type 16 SNTP Server Status Disabled SNTP Server 1 IP 0 0 0 0 SNTP Server 2 IP 0 0 0 0 Date and Time 00 00 Jan 1 1970 when there is no time server Daylight Saving Time Enabled System clock Time Zone GMT 5 Eastern Time US and Canada Ethernet interface Speed and Dup...

Страница 21: ...ethod Diversity Antenna ID 0x0000 Wireless interface 802 11a Antenna Location Indoor Authentication Type Open System Data Encryption Disabled WEP Key Type Alphanumeric WEP Transmit Key Number 1 WEP Keys null WPA Configuration Mode WEP Only Disabled WPA Key Management WPA Pre shared Key WPA PSK Type Alphanumeric VAP0 SSID BAP120_11A_SSID 0 VAP1 SSID BAP120_11A_SSID 1 VAP2 SSID BAP120_11A_SSID 2 Wir...

Страница 22: ...0000 Wireless interface 802 11b g Antenna Location Indoor Authentication Type Open System Data Encryption Disabled WEP Key Type Alphanumeric WEP Transmit Key Number 1 WEP Keys null WPA Configuration Mode WEP Only Disabled WPA Key Management WPA Pre shared Key WPA PSK Type Alphanumeric VAP0 SSID BAP120_11G_SSID 0 VAP1 SSID BAP120_11G_SSID 1 VAP2 SSID BAP120_11G_SSID 2 Wireless security 802 11b g VA...

Страница 23: ...dapter and power cord four rubber feet one mounting bracket three Philips screws three nylon anchors two antennas optional two directional antennas BAP120 Quick Installation Guide Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Use them again to repack the product in case there is a need to return it BAP1...

Страница 24: ...n and initial configuration navigation Installing the BAP120 hardware page 25 Configuring the network page 33 Configuring the BAP120 the first time it is powered up page 35 BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 25: ...ea Mount away from any signal absorbing or reflecting structures such as those containing metal Mount the BAP120 on a wall or a ceiling or rest it on a high shelf If you are mounting on a horizontal surface shelf your BAP120 can use Power over Ethernet PoE and does not need to be connected to an AC power source If a PoE connection is not available connect the AC power adapter to the BAP120 and the...

Страница 26: ... a wall or ceiling page 27 Mounting the BAP120 on a horizontal surface page 28 Attaching the antenna page 29 Powering up the BAP120 page 30 Configuring the BAP120 the first time it is powered up page 35 BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 27: ...120 from the mounting surface Leave enough space above wall mount or behind ceiling mount to connect the power cord and Ethernet cable 2 Use the screws provided to screw the mounting plate to the mounting surface with the tab facing up wall mount or behind ceiling mount 3 Slide the pins on the base of the BAP120 into the keyhole slots on the mounting bracket BAP120 installed on mounting bracket 4 ...

Страница 28: ...er feet provided in the accessory kit to the marked circles on the bottom of the access point BAP120 rubber feet installation 2 Lock the BAP120 in place 3 Optionally protect the BAP120 from unauthorized removal with a Kensington Slim microsaver security cable optional BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel ...

Страница 29: ...teps Step Action 1 Attach the antennas to the BAP120 2 Rotate each antenna so that it is perpendicular to the computers served by the BAP120 BAP120 antenna placement BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 30: ...ged BAP120 rear panel connections ATTENTION If the access point is connected to both a PoE source device and an AC power source the AC power is disabled 2 Connect the Ethernet cable to the RJ 45 port and then connect the cable to an Ethernet or PoE port on your Ethernet switch The BAP120 automatically requests an IP address from the DHCP server on your LAN by default If no response is received fro...

Страница 31: ... LED Indicators page 12 During initialization the LED is amber and flashing If the PWR LED does not stop flashing the self test has not completed correctly For more information see Troubleshooting page 41 End BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 32: ...32 Installing the BAP120 hardware BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 33: ...he Infrastructure wireless LAN page 14 uses the default values that are listed in System defaults page 18 4 Delay making the changes to the default values until after you have initially installed the BAP120 For further information see Configuring the BAP120 the first time it is powered up page 35 5 Connect the BAP120 to your LAN through the RJ 45 port End Procedure job aid Wireless networks suppor...

Страница 34: ... following measures Limit any possible sources of radio interference within the service area Increase the distance between neighboring access points Decrease the signal strength of neighboring access points Increase the channel separation of neighboring access points for example up to 5 channels of separation for 802 11b and 802 11g BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 ...

Страница 35: ...ger must be installed Procedure steps Step Action 1 Start the Element Manager 2 Choose Network Find Network Elements Business Access Point from the Element Manager menu 3 Enter the range 192 168 1 1 to 192 168 1 255 and then click OK BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 36: ... value for Read Community is PlsChgMe RO and for Write Community it is PlsChgMe RW 5 Click the Web Page button on the Element Manager menu 6 Enter the default username nnadmin and password PlsChgMe to log on to the BAP120 BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 37: ... country code to the country in which the BAP120 is operating 8 Select Administration Quick Start from the main menu BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 38: ...hannel Radio Setting Channel and Radio Setting page 11 Enable DHCP for IP Configuration TCP IP settings 12 Set the security type if required 13 Click Submit to save your configuration BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 39: ...onfiguration System Administration and click Reboot to restart the BAP120 End BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 40: ...onfiguring the BAP120 the first time it is powered up BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 41: ...ess clients cannot access the network If wireless clients cannot access the network perform the following checks Procedure steps Step Action 1 Be sure the access point and the wireless clients are configured with the same Service Set ID SSID 2 If authentication or encryption are enabled ensure that the wireless clients are properly configured with the appropriate authentication or encryption keys ...

Страница 42: ...ng checks Procedure steps Step Action 1 If you are connecting to the access point through the wired Ethernet interface check the network cabling between the management station and the access point 2 Check that you have a valid network connection to the access point and that the Ethernet port or the wireless interface that you are using is not disabled 3 If VLANs are enabled on the access point the...

Страница 43: ...e log on details are lost If you forgot or lost the password perform the following steps Procedure steps Step Action 1 Use the default username nnadmin and password PlsChgMe to access the management interface 2 If you still cannot access the management interface set the access point to its default configuration by pressing the reset button on the back panel for 5 seconds or more then repeat the pr...

Страница 44: ... not displaying accurate information perform the following steps Procedure steps Step Action 1 On the browser application click Shift Refresh The displayed panel data is pulled from the network to display the current information in each window panel End Troubleshooting when WebUI does not log on correctly If your WebUI session has timed out and you experience difficulty either displaying panel dat...

Страница 45: ...ment JRE is installed on your computer Download the latest version from www java com Java scripting and Java applet are enabled Starting the WebUI Use the following procedure to open the BAP120 Web User Interface Procedure steps Step Action 1 Select the BAP120 device from the list of network elements on the Element Manager tree 2 Click the Web Page button on the Element Manager menu 3 Enter the us...

Страница 46: ...igures the RADIUS server for wireless client authentication and accounting See RADIUS page 50 Authentication Configures MAC address authentication See Authentication page 52 Filter Control Filters communications between wireless clients access to the management interface from wireless clients and traffic matching specific Ethernet protocol types See Filter control page 55 VLAN Enables VLAN support...

Страница 47: ...iguring SNMPv3 targets page 77 Country Code Sets the BAP120 to the regulations for the selected country A reset of the BAP120 is required after the country code is set See Country Code selection page 37 SLOT 0 Radio A Configures the IEEE 802 11a interface See Radio interface page 78 Radio Settings Configures common radio signal parameters and other settings for each VAP interface See Slot 0 Radio ...

Страница 48: ...identification The system name for the access point can be left at its default setting However modifying this parameter can help you to more easily distinguish different devices in your network System identification System Name An alias for the access point enabling the device to be uniquely identified on the network Default Business Access Point BAP120 Range 1 32 characters TCP and IP settings Co...

Страница 49: ...rk DHCP server Default Enabled DHCP Client Disable Select this option to manually configure a static address for the access point IP Address The IP address of the access point Valid IP addresses consist of four decimal numbers 0 to 255 separated by periods Subnet Mask The mask that identifies the host address bits used for routing to specific subnets Default Gateway The default gateway is the IP a...

Страница 50: ...t requires access to the network A primary RADIUS server must be specified for the access point to implement IEEE 802 1X network access control and Wi Fi Protected Access WPA wireless security A secondary RADIUS server can also be specified as a backup if the primary server fails or becomes inaccessible In addition the configured RADIUS server can also act as a RADIUS Accounting server and receive...

Страница 51: ... IEEE 802 1X and a central RADIUS server The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network VLAN IDs can be entered as hexadecimal numbers or as ASCII strings Primary Radius Server Setup Configure the following settings to use RADIUS authentication on the access point IP Address Specifies the IP address or host name of the RADIUS server BAP120 ...

Страница 52: ... backup in case the primary server fails The access point uses the secondary server if the primary server fails or becomes inaccessible When the access point switches over to the secondary server it periodically attempts to establish communication again with primary server If communication with the primary server is reestablished the secondary server reverts to a backup role Authentication Wireles...

Страница 53: ...so provides a mechanism for enhanced network security using dynamic encryption key rotation or W Fi Protected Access WPA Note If you configure RADIUS MAC authentication together with 802 1X RADIUS MAC address authentication is performed prior to 802 1X authentication If RADIUS MAC authentication succeeds then 802 1X authentication is performed If RADIUS MAC authentication fails 802 1X authenticati...

Страница 54: ...tabase The MAC database provides a mechanism to take certain actions based on a wireless client s MAC address The MAC list can be configured to allow or deny network access to specific clients System Default Specifies a default action for all unknown MAC addresses that is those not listed in the local MAC database Deny Blocks access for all MAC addresses except those listed in the local database a...

Страница 55: ... Intra VAP client communication When enabled clients associated with a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Prevent Inter and Intra VAP client communication When enabled clients cannot establish wireless communications with any other client either those associated to the same VAP inte...

Страница 56: ...point VLAN The access point can employ VLAN tagging support to control access to network resources and increase security VLANs separate traffic passing between the access point associated clients and the wired network There can be a VLAN assigned to each associated client a default VLAN for each VAP Virtual Access Point interface and a management VLAN for the access point Note the following points...

Страница 57: ...llows traffic tagged with assigned VLAN IDs or default VLAN IDs to access clients associated on each VAP interface When VLAN support is enabled on the access point traffic passed to the wired network is tagged with the appropriate VLAN ID either an assigned client VLAN ID default VLAN ID or the management VLAN ID Traffic received from the wired network must also be tagged with one of these known V...

Страница 58: ...igured VLAN ID on the RADIUS server the access point assigns the client to the configured default VLAN ID for the VAP interface Note When using IEEE 802 1X to dynamically assign VLAN IDs the access point must have 802 1X authentication enabled and a RADIUS server configured Wireless clients must also support 802 1X client software When setting up VLAN IDs for each user on the RADIUS server be sure...

Страница 59: ...ess MAC address of all units to which you want to forward traffic Up to six WDS bridge or repeater links can be specified for each unit in the wireless bridge network The Spanning Tree Protocol STP can be used to detect and disable network loops and to provide backup links between bridges Using the STP a wireless bridge can interact with other bridging devices that is an STP compliant switch bridg...

Страница 60: ... Other bridges need to specify one Parent link to the root bridge or to a bridge connected to the root bridge The other five WDS links are available as Child links to other bridges Bridge Role Each radio interface can be set to operate in one of the following four modes Default AP Access Point AP Operates as an access point for wireless clients providing connectivity to a wired LAN BAP120 Using th...

Страница 61: ...port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determin...

Страница 62: ...0 seconds Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Bridge Forwarding Delay The maximum time in seconds this device waits before changing states that is discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting...

Страница 63: ... access point specific interfaces can be disabled and management restricted to a single IP address or a limited range of IP addresses After you specify an IP address or range of addresses access to management interfaces is restricted to the specified addresses If anyone tries to access a management interface from an unauthorized address the access point rejects the connection AP management UI Mana...

Страница 64: ...ss point and network security Note Pressing the Reset button on the back of the access point for more than five seconds resets the username and password to the factory defaults For this reason Nortel recommends that you protect the access point from physical access by unauthorized persons ATTENTION The Reset button should be used as a last resort for resetting the access point Nortel recommends th...

Страница 65: ...e You can upgrade new access point software from a local file on the management workstation or from an FTP or TFTP server New software can be provided periodically from your distributor After upgrading new software you must reboot the access point to implement the new code Until a reboot occurs the access point continues to run the software it used before the upgrade started Upgrading Firmware BAP...

Страница 66: ...n the server with a username and password If VLANs are configured on the access point ensure the VLAN ID with which the FTP or TFTP server is associated is the same VLAN ID that is configured for the access point and the management station If you are managing the access point from a wireless client the VLAN ID for the wireless client must be configured on a RADIUS server Perform local disk file up...

Страница 67: ...P TFTP server Select Import to download a file from an FTP TFTP server Config file Specifies the name of the configuration file A path on the server can be specified using in the name providing the path already exists for example myfolder syscfg Other than to indicate a path the file name must not contain any slashes or the leading letter cannot be a period and the maximum length for file names on...

Страница 68: ...he correct time and date System log Enabling system logging The access point supports a logging process that can control error messages saved to memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Server 1 4 Enables the sending of log messages to a Syslo...

Страница 69: ...nditions for example return false unexpected return Notice Normal but significant condition such as cold start Informational Informational messages only Debug Debugging messages Note The access point error log can be viewed using the Event Logs window in the Status section For further information see Event Logs page 108 The Event Logs window displays the last 128 messages logged in chronological o...

Страница 70: ... it attempts an update from the secondary server Note Using the access point you can also disable SNTP and set the system clock manually Set Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours your time...

Страница 71: ...MP management the access point must first have an IP address and subnet mask configured either manually or dynamically Access to the onboard agent using SNMP v1 and v2c is controlled by community strings To communicate with the access point the management station must first submit a valid community string for authentication Access to the access point using SNMP v3 provides additional security feat...

Страница 72: ...p to four of SNMP notifications Trap Destination IP Address Specifies the recipient of SNMP notifications Enter the IP address or the host name Host Name 1 to 63 characters case sensitive Trap Destination Community Name The community string sent with the notification operation Maximum length 23 characters case sensitive Default PlsChgMe RO Engine ID Sets the engine identifier for the SNMPv3 agent ...

Страница 73: ...n changed dot11StationAssociation A client station has successfully associated with the access point dot11StationReAssociation A client station has successfully reassociated with the access point dot11StationAuthentication A client station has been successfully authenticated dot11StationRequestFail A client station has failed association reassociation or authentication dot11InterfaceBFail The 802 ...

Страница 74: ...ntified by its IP address iappContextDataSent A client station s Context Data has been sent to another access point with which the station has associated sntpServerFail The access point has failed to set the time from the configured SNTP server wirelessExternalAntenna An external antenna has been enabled dot11WirelessStationDeauthenticate A client station has deauthenticated from the network dot11...

Страница 75: ... a new user to the list Click the edit button to change details of an existing user Click the Del button to remove a user from the list Note Users must be assigned to groups that have the same security levels For example a user who has Auth Type and Priv Type configured to MD5 and DES respectively that is it uses both authentication and data encryption must be assigned to the RWPriv group If this ...

Страница 76: ...igured Define a filter name and subtree ID to be filtered Select the filter type include or exclude from the drop down list Click Apply to create the filter Configuring the SNMP filter ID To add more subtree IDs to the filter return to the SNMP Trap Filters page and click the Edit button In the Edit page click the New button to access the Add SNMP Notification Subtree page and configure a new subt...

Страница 77: ...nfiguring SNMPv3 trap filters page 75 To configure a new notification receiver target click the New button A new page opens to configure the settings see the following figure To edit an existing target select the radio button next to the entry in the table and then click the Edit button To delete targets select the radio button next to the entry in the table and then click the Delete button Config...

Страница 78: ...fined notification filter that is applied to the target Radio interface The IEEE 802 11a and 802 11b g interfaces include configuration options for radio signal characteristics and wireless security features The configuration options are nearly identical and are therefore both covered in this section of the manual The access point can operate in three modes IEEE 802 11a only 802 11b g only or a mi...

Страница 79: ...page 111 Slot 0 Radio A 802 11a The IEEE 802 11a interface operates within the 5 GHz band at up to 54 Mb s in normal mode or up to 108 Mb s in Turbo mode First configure the radio settings that apply to the individual VAPs Virtual Access Point and the common radio settings that apply to the overall system After you have configured the radio settings go to the Security page under the 802 a Interfac...

Страница 80: ...P interface does not include its SSID in beacon messages Nor does it respond to probe requests from clients that do not include a fixed SSID Default Disable Authentication Timeout Interval The time within which the client must finish authentication before authentication times out Range 5 60 minutes Default 60 minutes BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 ...

Страница 81: ...t the VAP holds in a cache When the lifetime expires the security association and keys are deleted from the cache If the client returns to an access point after the association has been deleted it requires full reauthentication Range 1 1 440 minutes Default 720 minutes Configuring common radio settings To configure common radio settings select the Radio Settings page and scroll down to below the V...

Страница 82: ...ted from the access point The higher the transmission power the farther the transmission range Power selection is not just a trade off between coverage area and maximum supported clients You must also ensure that high power signals do not interfere with the operation of other radio devices in the service area Options 100 50 25 12 minimum Default 100 Note When operating the access point using 5 GHz...

Страница 83: ...orrect location ensures that the access point only uses radio channels that are permitted in the country of operation Default Indoor MIC Mode The Michael Integrity Check MIC is part of the Temporal Key Integrity Protocol TKIP encryption used in Wi Fi Protected Access WPA security The MIC calculation is performed in the access point for each transmitted packet and this can impact throughput and per...

Страница 84: ...ut delays the transmission of broadcast and multicast frames or both Range 1 255 beacons Default 1 beacon Fragmentation Length Configures the minimum packet size that can be fragmented when passing through the access point Fragmentation of the PDUs Package Data Unit can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame ...

Страница 85: ...c and optimize performance when multiple applications compete for wireless network bandwidth at the same time WMM employs techniques that are a subset of the developing IEEE 802 11e QoS standard and it enables the access point to inter operate with both WMM enabled clients and other devices that may lack any WMM functionality Access categories WMM defines four access categories ACs voice video bes...

Страница 86: ...ut a priority tag are always added to the Best Effort AC queue From the four queues an internal virtual collision resolution mechanism first selects data with the highest priority to be granted a transmit opportunity Then the same collision resolution mechanism is used externally to determine which device has access to the wireless medium For each AC queue the collision resolution mechanism is dep...

Страница 87: ...high priority traffic the AIFSN and CW values are smaller The smaller values equate to less backoff and wait time and therefore more transmit opportunities To configure WMM select the Radio Settings page and scroll down to the WMM configuration settings Configuring WMM Backoff Wait Times BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nor...

Страница 88: ... initial upper limit of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and the CWMin value Specify the CWMin value in the range 0 15 Note that the CWMin value must be equal or less than the CWMax value logCWMax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium ac...

Страница 89: ...mation see Security page 91 enable the radio service for any of the VAP interfaces and then set an SSID to identify the wireless network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Note You must first enable VAP interface 0 before the other interfaces can be enabled Most of the 802 11b g commands are identical to those used by the 802 11a int...

Страница 90: ...on neighboring access points at least five channels apart to avoid interference with each other For example in the United States you can deploy up to three access points in the same area for example channels 1 6 11 Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked Auto Channel Select Enables the access point to a...

Страница 91: ...t is configured by default as an open system which broadcasts a beacon signal including the configured SSID Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point To improve wireless network security you have to implement two main functions Authentication It must be verified that clie...

Страница 92: ...figured RADIUS server 802 1X EAP type can require management of digital certificates for clients and server MAC Address Filtering Uses the MAC address of client network card Provides only weak user authentication Management of authorized MAC addresses Can be combined with other methods for improved security Optionally configured RADIUS server WPA over 802 1X Mode Requires WPA enabled system and ne...

Страница 93: ...iant Note You must enable data encryption through the Web interface to enable all types of encryption WEP TKIP or AES in the access point The access point can simultaneously support clients using various different security mechanisms The configuration for these security combinations are outlined in the following table Note that MAC address authentication can be configured independently to work wit...

Страница 94: ...ed Set 802 1x key refresh and re authentication rates Local RADIUS or Disabled Yes 802 1x WPA only Interface Detail Settings Authentication WPA Encryption Enable WPA Configuration Required Cipher Suite TKIP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or Disabled Yes WPA Pre Shared Key only Interface Detail Settings Authentication WPA PSK Encryption Enable WPA Configurat...

Страница 95: ...802 1x key refresh and reauthentication rates Local or Disabled Yes Static and dynamic 802 1x WEP keys and 802 1x WPA Enter 1 to 4 WEP keys Select a WEP transmit key Interface Detail Settings Authentication WPA Encryption Enable WPA Configuration Supported Cipher Suite WEP 802 1x Supported Set 802 1x key refresh and reauthentication rates Local or Disabled Yes 802 1x WPA2 only Interface Detail Set...

Страница 96: ...WPA WPA2 Mixed Mode Pre Shared Key Interface Detail Settings Authentication WPA WPA2 PSK mixed Encryption Enable WPA Configuration Required Cipher Suite TKIP 802 1x Disable WPA Pre shared Key Type Hexadicmal or Alphanumeric Enter a WPA Preshared key Local or Disabled No 1 The configuration summary does not include the setup for MAC authentication or RADIUS server 2 The configuration of RADIUS MAC ...

Страница 97: ... the WEP WPA and 802 1X security settings described in the following sections After you have finished configuring the security settings return to the main Security page shown in the following figure start the required VAP interfaces by clicking the Enable checkbox and then click Apply Enabling the VAPs Enable Enables radio communications on the VAP interface Default Disabled Note You must first en...

Страница 98: ...entication and data encryption Up to four keys can be specified These four keys are used for all VAP interfaces on the same radio To set up WEP shared keys click Radio Settings under Radio A or Radio G Setting up WEP shared keys Key Type Select the preferred method of entering WEP encryption keys on the access point and enter up to four keys Hexadecimal Enter keys as 10 hexadecimal digits 0 9 and ...

Страница 99: ...tem that accepts network access attempts from any client or with clients using preconfigured static shared keys Default Open System Open System If you do not set up any other security mechanism on the access point the network has no protection and is open to all users This is the default setting Shared Key Sets the access point to use WEP shared keys If this option is selected you must configure a...

Страница 100: ...ed network card driver and 802 1X client software that supports the EAP authentication type that you want to use Windows XP provides native WPA support other systems require additional software Temporal Key Integrity Protocol TKIP WPA specifies TKIP as the data encryption method to replace WEP TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys Basically TKIP s...

Страница 101: ...tion Standard AES WPA2 uses AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 bit key The AES CCMP encryption cipher is specified as a standard requirement for WPA2 However the computational intensive operations of AES CCMP requires...

Страница 102: ...nclude the client s security association information Then when the client sends an association request to the new access point the client is known to be already authenticated so it proceeds directly to key exchange and association To configure WPA click Security under Radio A or Radio G Select one of the VAP interfaces by clicking More Select one of the WPA options in the Authentication Setup tabl...

Страница 103: ...with a Preshared Key are accepted for authentication WPA Configuration Each VAP interface can be configured to allow only WPA enabled clients to access the network Required or to allow access to both WPA and WEP clients Supported Default Required Cipher Suite Selects an encryption method for the global key used for multicast and broadcast traffic which is supported by all wireless clients WEP WEP ...

Страница 104: ...zed access to the network by requiring an 802 1X client application to submit user credentials for authentication The 802 1X standard uses the Extensible Authentication Protocol EAP to pass user credentials either digital certificates usernames and passwords or other from the client to the RADIUS server Client authentication is then verified on the RADIUS server before the access point grants clie...

Страница 105: ...he access point initiates authentication Only those clients successfully authenticated with 802 1X are allowed to access the network Note If 802 1X is enabled on the access point then RADIUS setup must be completed For further information see RADIUS page 50 When 802 1X is enabled the broadcast and session key rotation intervals can also be configured Broadcast Key Refresh Rate Sets the interval at...

Страница 106: ...ystem configuration settings as well as the settings for the wireless interface Access Point Status settings AP System Configuration The AP System Configuration table displays the basic system configuration settings System Up Time Length of time the management agent has been up Ethernet MAC The physical layer address for the Ethernet port Radio A MAC The physical layer address for the 802 11a inte...

Страница 107: ...lowing listed radio and VAP interface settings Note that Interface Wireless A refers to the 802 11a radio and Interface Wireless G refers the 802 11b g radio SSID The service set identifier for the VAP interface Radio Channel The radio channel through which the access point communicates with wireless clients Encryption The key size used for data encryption Authentication Type Shows the type of aut...

Страница 108: ...er authentication is completed stations can associate with the current access point or reassociate with a new access point Using the association procedure the wireless system can track the location of each mobile client and ensure that frames destined for each client are forwarded to the appropriate access point Forwarding Allowed Shows if the station has passed 802 1X authentication and is now al...

Страница 109: ... Access point was set to Shared Key Authentication but a client sent an authentication frame for Open System WEP keys do not match When the access point uses Shared Key Authentication but the key used by client and access point are not the same the frame is decrypted incorrectly using the wrong algorithm and sequence number STP Status The STP Status window shows the STP status for each port STP St...

Страница 110: ...ation management State Display the STP state for the specified port BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 111: ...can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV te...

Страница 112: ...ve priority of the 5250 5350 MHz and 5470 5725 MHz bands These radars could cause interference and or damage to the access point when used in Canada The term IC before the radio certification number only signifies that Industry Canada technical specifications were met Industry Canada Class B This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus ...

Страница 113: ...ill automatically limit the allowable channels determined by the current country of operation Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other systems The user is obligated to ensure the device is operating according to the channel limitations indoor outdoor restrictions and license requirements for each European Community co...

Страница 114: ...peration Using 5 GHz Channels in the European Community The user installer must use the provided configuration utility to check the current channel of operation and make necessary configuration changes to ensure operation occurs in conformance with European National spectrum usage laws as described below and elsewhere in this document Allowed 5GHz Channels in Each European Community Country Allowe...

Страница 115: ...s 115 Declaration of Conformity in Languages of the European Community BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 116: ...sconnecting the power cord from the outlet This unit operates under SELV Safety Extra Low Voltage conditions according to IEC 60950 The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions The PoE Power over Ethernet which is to be interconnected with other equipment that must be contained within the same building including the interconnected...

Страница 117: ...with NEMA 5 15P 15 A 125 V or NEMA 6 15P 15 A 250 V configuration Denmark The supply plug must comply with Section 107 2 D1 Standard DK2 1a or DK2 5a Switzerland The supply plug must comply with SEV ASE 1011 The supply plug must comply with BS1363 3 pin 13 A and be fitted with a 5 A fuse which complies with BS1362 U K The mains cord must be HAR or BASEC marked and be of type HO3VVF3GO 75 minimum T...

Страница 118: ...118 References Power Cord Safety France BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 119: ...gulatory compliances 119 Power Cord Safety Germany BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 120: ...Also an RJ 45 connector must be attached to both ends of the cable CAUTION Each wire pair must be attached to the RJ 45 connectors in a specific orientation CAUTION DO NOT plug a phone jack connector into the RJ 45 port Use only twisted pair cables with RJ 45 connectors that conform with FCC standards BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copy...

Страница 121: ...s 328 feet The RJ 45 port on the access point is wired with MDI pinouts This means that you must use crossover cables for connections to PCs or servers and straight through cable for connections to switches or hubs However when connecting to devices that support automatic MDI MDI X pinout configuration you can use either straight through or crossover cable 10 100BASE TX MDI port pinouts 10 100BASE...

Страница 122: ... only have MDI X ports Straight through wiring configuration Wiring map for serial cable Wiring map for serial cable DB9 Male AP Console DB9 Male PC DTE Pin Function Pin Function 1 GND ground 5 GND ground 2 Unused 4 Unused 3 RXD receive data 3 TXD transmit data 4 TXD transmit data 2 RXD receive data 5 Unused 1 Unused 6 Unused 9 Unused 7 RTS request to send 8 CTS clear to send 8 CTS clear or send 7...

Страница 123: ...ts wired and wireless networks Access points attached to a wired network support the creation of multiple radio cells that enable roaming throughout a facility Ad hoc A group of computers connected as an independent wireless network without an access point Advanced Encryption Standard AES An encryption algorithm that implements symmetric key cryptography AES provides very strong encryption using a...

Страница 124: ... allocation of reusable network addresses and additional configuration options Encryption Data passing between the access point and clients can use encryption to protect from interception and eavesdropping Extended Service Set ESS More than one wireless cell can be configured with the same Service Set Identifier to allow mobile users can roam between different cells with the Extended Service Set E...

Страница 125: ...s communications in the 2 4 GHz band using Orthogonal Frequency Division Multiplexing OFDM The standard provides for data rates of 6 9 11 12 18 24 36 48 54 Mb s IEEE 802 11g is also backward compatible with IEEE 802 11b IEEE 802 1X Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication Infrastructure An integrated wireles...

Страница 126: ...ng of access point s and network devices and significantly decreased installation costs RADIUS A logon authentication protocol that uses software running on a central server to control access to the network Roaming A wireless LAN mobile user moves around an ESS and maintains a continuous connection to the infrastructure network RTS threshold Transmitters contending for the medium may not be aware ...

Страница 127: ...nt VAP Virtual AP technology multiplies the number of Access Points present within the RF footprint of a single physical access device With Virtual AP technology WLAN users within the device footprint can associate with what appears to be different access points and their associated network services All the services are delivered using a single radio channel enabling Virtual AP technology to optim...

Страница 128: ...rk traffic WPA Preshared Key PSK PSK can be used for small office networks that do not have the resources to configure and maintain a RADIUS server WPA provides a simple operating mode that uses just a preshared password for network access BAP120 Using the Nortel Business Access Point 120 NN47921 301 01 01 Standard 1 0 August 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Страница 129: ......

Страница 130: ...da and the United States of America The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information ...

Отзывы:

Нет отзывов

Похожие инструкции для 120

Бренд: ALCON Страницы: 46

3CRWX385075A - Wireless LAN Managed Access Point...

Бренд: 3Com Страницы: 4

Бренд: Digisol Страницы: 142

Бренд: Edimax Страницы: 15

Бренд: EliteConnect Страницы: 214

Бренд: D-Link Страницы: 18

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 49

Бренд: D-Link Страницы: 68

Бренд: D-Link Страницы: 46

Бренд: D-Link Страницы: 64

Бренд: D-Link Страницы: 12

Бренд: D-Link Страницы: 75

Бренд: D-Link Страницы: 36

Бренд: D-Link Страницы: 92

Бренд: D-Link Страницы: 110

Бренд: D-Link Страницы: 154

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды