manualshive.com logo in svg

Quatech WLNG-AN-DP500 Series, Справочное руководство, Страница: 38 / 120

Поделиться
Скачать
Quatech WLNG-AN-DP500 Series Скачать руководство пользователя страница 38

Company Confidential

  

 

Quatech, Inc.

 

38 

Airborne CLI Reference Manual

 

100-8081-100

 

Command 

Description 

pw-leap MyUserPassword 

Defines the password for the user name 
defined by 

user-leap

. This must match the 

password on the RADIUS authentication server. 

 

10.4  WPA2 Security 

WiFi Protected Access 2 (WPA2) is a compatibility certification program created 
by the WiFi Alliance to indicate compliance to a minimum set of security and 
functional capabilities for 802.11 devices. The WPA2 certification program was 
created to enhance the security provided by WPA and utilize more fully the IEEE 
802.11i standard and the available advanced hardware. 

WPA2 implements the mandatory elements of the IEEE 802.11i standard and 
replaces TKIP with AES-CCMP encryption and is considered fully secure at this 
time. WPA2 has two configurations Personal and Enterprise, the Personal 
version utilizes the PSK as supported by WPA, the Enterprise supports a set of 
EAP (802.1x) protocols to provide the highest level of security available for 
802.11 implementations. 

WPA2-Enterprise, as defined by the WiFi Alliance, requires any product to 
support the following EAP processes: 

 

EAP-TLS (Mandatory) 

 

PEAPv0/EAP-MSCHAPv2 

 

PEAPv1/EAP-GTC 

 

EAP-TTLS/MSCHAPv2 

 

EAP-SIM 

Since all but the EAP-TLS are optional, many companies claim WPA2-Enterprise 
compliance with minimal support (EAP-TLS only). Since there is no requirement 
from the WiFi Alliance to make the implementation of the security standards 
user-friendly, it is not always the case that configuring an embeddable WiFi 
device for these advanced security methods is easy, let alone possible. 

The implementation of WPA2-Personal follows very closely the WPA example, in 
fact to the user the configuration is identical, and the underlying security 
improvements are hidden by the device. The device supports both ASCII string 
and precalculated hex keys as valid input, a description of the configuration 
requirements can be seen in Table 6 and Table 7. 

The implementation of WPA2-Enterprise is more complex and requires not only 
configuration of the device but, in most cases, delivery of certificates and private 
keys as well. These are small (2K-6K files) that the client uses to authenticate 
with an infrastructures’ RADIUS server. For the different EAP processes to work 
it is required to define which process and underlying encryption methods to use, 
along with identification of the appropriate certificates and private keys. Each 
EAP process has a different requirement. Although they utilize the same 
common elements, each treats the authentication process differently and 
accordingly requires the credentials to be presented in a particular way.  

Содержание WLNG-AN-DP500 Series

Страница 1: ...ce Manual Airborne Command Line Interface CLI Enterprise Addendum WLNG SE SP AN ET DP500 Series Revision 1 0 April 09 File name airborne enterprise command line reference guide doc Document Number 100 8081 100 ...

Страница 2: ...Company Confidential Quatech Inc 2 Airborne CLI Reference Manual 100 8081 100 Page Intentionally Left Blank ...

Страница 3: ...nt The reader remains responsible for the system design and for ensuring that the overall system satisfies its design objectives taking due account of the information presented herein the specifications of other associated equipment and the test environment QUATECH Inc has made commercially reasonable efforts to ensure that the information contained in this document is accurate and reliable Howeve...

Страница 4: ...Company Confidential Quatech Inc 4 Airborne CLI Reference Manual 100 8081 100 Page Intentionally Left Blank ...

Страница 5: ...Mode Serial UART SPI Interface Only 19 6 3 6 CLI Session Startup Modes 19 6 4 CLI Server Escape Processing 20 6 5 Detecting and Executing the Escape Sequence 20 6 6 CLI Conventions 21 6 7 ASCHEX vs Binary Values 22 6 8 Command Responses 22 7 0 A Typical Development System 23 8 0 Serial Device Server Use 24 8 1 Data Bridging 24 8 1 1 Bridging from the Serial Interface 24 8 1 2 Bridging from a TCP c...

Страница 6: ...red 75 clear 76 del cert 77 clear wep 78 default cfg 79 radio on 80 radio off 81 ping 82 stats 83 ftp server address 84 ftp server path 85 ftp user 86 ftp password 87 ftp filename 88 save 89 telnet port 90 http port 91 eth ip 92 eth gateway 93 eth subnet 94 eth mode 95 wl specific scan 96 apply cfg 97 wl assoc backoff 99 arp reachable time 100 arp staleout time 101 del cfg 102 discover 103 intf ty...

Страница 7: ...elivery Methods 43 Tables Table 1 Public Network Configuration 32 Table 2 Private Network Interface Configuration 34 Table 3 WEP Configuration Parameters 36 Table 4 WPA Personal PSK Configuration 37 Table 5 WPA LEAP Configuration 37 Table 6 WPA2 Personal PSK ASCII PSK Configuration 39 Table 7 WPA2 Personal PSK Precalculated Key Configuration 39 Table 8 PEAPv0 EAP MSCHAPv2 Configuration 39 Table 9 ...

Страница 8: ...Company Confidential Quatech Inc 8 Airborne CLI Reference Manual 100 8081 100 Page Intentionally Left Blank ...

Страница 9: ...d LEAP The best security and advanced networking is no good if you cannot connect your device to the Airborne Device Server Airborne offers the widest range of Serial and Ethernet based interfaces in the industry With flexibility and performance the WLNG XX DP500 series lets you decide how you want to use it Designed by the Quatech Engineers specifically to meet the demands of the industrial autom...

Страница 10: ... The following convention will be used The area next to the indicator will identify the specific information and make any references necessary The area next to the indicator will identify the specific information and make any references necessary 2 3 Caution A caution contains information that if not followed may cause damage to the product or injury to the user The shaded area next to the indicat...

Страница 11: ... pressing the Enter key displays the result of a command wl info cr Module Firmware Version 1 00 Radio Firmware Version 5 0 21 210 p17 Link Status Connected SSID Quatech_Connected MAC Address 000B6B77619E BSSID 0016B637880D Transmit Rate Mb s 54 Signal Level dBm 40 Noise Level dBm 92 IP Address 192 168 1 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 1 Primary DNS 68 107 28 42 Secondary D...

Страница 12: ...d functionality of the Airborne Device Servers and Bridges Support for a specific function is dependent upon the device configuration chosen It will be noted within each section to which configuration it applies 3 2 Understanding the CLI This section will cover the use of the CLI and describe the action and reaction to the specific functional calls and commands Methods of connection and delivery o...

Страница 13: ...on methods supported EAP and the certificates delivery and deployment will be reviewed 3 7 WLAN Roaming This section will outline the commands that impact the roaming performance of the module Discussion of configuration options based upon application requirements is also included 3 8 FTP Configuration The Airborne Enterprise Device Server family supports delivery of certificates private keys conf...

Страница 14: ...t No Description WLNG SE DP5XX 802 11b g to RS232 422 485 and UART Serial Device Server Module Enterprise Class WLNG AN DP5XX 802 11b g to UART Serial Device Server Module Enterprise Class WLNG SP DP5XX 802 11b g to SPI Serial Device Server Module Enterprise Class WLNG ET DP5XX 802 11b g to 10 100 Ethernet Bridge NAT Level3 Module Enterprise Class WLNG EK DP5XX Enterprise Class Airborne Developmen...

Страница 15: ...s specifically noted within the device description 5 1 UART The UART Universal Asynchronous Receiver Transmitter interface is a digital interface that supports full duplex transfer of data serially between the module and a connected host It supports the following settings BAUD 300 600 1200 2400 4800 9600 14400 19200 28800 38400 57600 115200 230400 460800 921600 Flow Control None Hardware CTS RTS S...

Страница 16: ... 16 Airborne CLI Reference Manual 100 8081 100 The interface supports the following settings Auto Negotiate 10Mbps Half Duplex 10Mbps Full Duplex 100Mbps Half Duplex 100Mbps Full Duplex Rx Rx Tx and Tx Default settings Auto Negotiate ...

Страница 17: ...ts a Telnet connection with the following restrictions Telnet option negotiation should be turned off Telnet commands such as DO WONT and DON must not be issued Network Virtual Terminal codes are not supported NUT 7 bit encoding does not allow 8 bit data transfers The CLI Server s wireless interface is characterized as follows The CLI Server listens on the TCP port specified by the wl telnet port ...

Страница 18: ...I Mode is the command processing mode of the CLI Session CLI Mode allows users and OEM applications to simply execute Airborne WLN Module commands as described in the section CLI Commands A CLI Session may transition into CLI Mode automatically at startup of the CLI Session if so configured See section CLI Session Startup Modes for details on startup modes CLI Sessions may transition manually to C...

Страница 19: ... Commands for more details on these commands 6 3 4 PASS Mode for the Wireless Interface When the CLI Session on the wireless interface attempts to transition to PASS Mode the CLI Server establishes a data bridge to the CLI Session on the serial interface if the following conditions are both true The CLI Session on the serial interface is in LISTEN Mode No other CLI Session on the wireless interfac...

Страница 20: ...ng for the user defined escape string in the data stream The escape string is a five 5 character string configurable via the escape CLI command When escape processing is configured to use the BREAK signal the CLI Server will parse the data stream for the BREAK signal 6 5 Detecting and Executing the Escape Sequence Upon detection of the escape sequence the CLI Server applies the follow rules for tr...

Страница 21: ...nsist of a string of printable characters including the command and optional arguments delimited by one or more spaces or tabs Multiple consecutive spaces or tabs are considered as one delimiter Commands and arguments are case sensitive except hexadecimal values and port IDs which can be uppercase or lowercase Arguments enclosed within are optional All arguments are literal ASCII text except where...

Страница 22: ...the LAN device or from the Host For example the digits 31 correspond to the ASCII character 1 If you issue a putget or putexpect command with the senddata value of 314151 the destination receives the ASCII characters 1 A and Q 6 8 Command Responses The Module responds to CLI commands with a response indicating whether the CLI command was executed successfully All responses are terminated by CR LF ...

Страница 23: ... 0 A Typical Development System A typical evaluation system includes A Serial Host A computer connected to the serial port of the Airborne WLN Module A LAN Host A computer that communicates wirelessly with the Module through an Access Point AP An Access Point An Airborne WLN Module ...

Страница 24: ...Bridging The Airborne WLN Module provides data bridging via the PASS and LISTEN Modes of the CLI Session During data bridging the raw payload of the incoming TCP or UDP packet is transmitted to the serial interface while the raw data stream from the serial interface is transmitted as the payload of the outgoing TCP or UDP packet There are multiple ways to setup a data bridge using the Airborne WLN...

Страница 25: ...Quatech Inc Company Confidential 100 8081 100 Airborne CLI Reference Manual 25 Figure 1 Bridging from the Serial Interface Manually Using the pass Command ...

Страница 26: ... on the wl telnet port A user or OEM application connected over TCP to the wl telnet port of the Module may create a data bridge to the serial interface by issuing the pass command The pass command will succeed if there is no other data bridge active and the CLI Session on the serial interface is in LISTEN Mode The following figure illustrates a sequence of commands that create a data bridge from ...

Страница 27: ...unnel port commands The rules for TCP connections to the wl tunnel port are as follows wl tunnel must be enabled set to 1 wl tunnel mode must be set to tcp or udp wl tunnel port must be set to a non zero value which is not the same as the Web Server port or the telnet port The CLI Session on the serial interface must be in LISTEN Mode There are no other CLI Sessions currently bridged If all of the...

Страница 28: ...is issued from a secondary network CLI session The network server or host terminates the TCP IP or UDP session The TCP IP connection inactivity timer wl tcp timeout expires The escape sequence is detected After the data bridge is terminated the CLI Session on the serial interface remains in LISTEN Mode and escape detection is enabled if configured Using the following sequence a user can configure ...

Страница 29: ...broadcast a UDP datagram on a specific UDP port This also allows the Module to forward data received on its specified UDP receive port to the serial interface The UDP port tunneling feature is configurable via the wl tunnel wl tunnel mode wl udp xmit wl xmit type wl udp rxport wl udp port and wl udp ip CLI commands Whenever the CLI Server transitions to PASS Mode either via the startup serial defa...

Страница 30: ...ablished the endpoints may transfer raw binary data Some systems may choose to apply a protocol such as ZMODEM or XMODEM etc For systems using XMODEM protocol the following guildelines must be adhered to XMODEM works with 8 bit connections only If you communicate with the Module via a serial port connection configure your communication settings as follows Data bits 8 Parity None Stop bits 1 Run XM...

Страница 31: ...l 3 device the modification of the packet headers provides for a translation between a single public IP address that of the wireless interface and the IP address of the devices on the private network wired Ethernet interface The Airborne Bridge wireless interface is considered the public address and will be the point of contact on the target network see Figure 5 This interface supports all the wir...

Страница 32: ...st to be shipped without any configuration changes Port forwarding Allows you to decide if web page telnet or FTP access should be forwarded to the private network or handled by the Airborne Bridge Plug n Play In most cases all that is required for full functionality is configuration of the wireless interface for the target network This can be done before deployment to minimize deployment time and...

Страница 33: ... telnet port 23 to be directed to either the Airborne device server or the device connected on the wired port If enabled all traffic on the telnet port will be handled by the Airborne device If the application requires that a telnet server on the host attached to the wired port respond to remote accesses this parameter must be disabled The public address becomes the target address for all accesses...

Страница 34: ...es the default mode of the interface auto Auto negotiate 10half 10Mbps half duplex 10full 10Mbps full duplex 100half 100Mbps half duplex 100full 100Mbps full duplex It is recommended that auto be used as this will provided the greatest level of compatibility on the Ethernet interface The private network supports the Airborne discovery protocol and will respond to discovery requests The subnet for ...

Страница 35: ...rface and Ethernet client on the private network will not be broadcast on to the public network unless it is directed at the public network For most users there will be no modification of the private network settings needed and if the target Ethernet client uses DHCP to obtain an IP address no change in configuration will be required either ...

Страница 36: ... this protocol is not secure and is open to attack and intrusion Devices and data on such a network should be considered at risk This configuration is not recommended for anything other than initial set up of the device 10 2 WEP Security Wired Equivalent Privacy WEP was the original security protocol adopted by 802 11 WEP uses the stream cipher RC4 for confidentiality and CRC 32 checksum for messa...

Страница 37: ...gate the issues created by the devaluation of the WEP security standard WPA utilizes part of the 802 11i security standard but relies upon the same RC4 cipher as WEP WPA introduced Temporal Key Interchange Protocol TKIP to 802 11 security and this significantly mitigated the flaws that existed in WEP It not only hid the key more securely but provided packet sequencing and Message Integrity Checkin...

Страница 38: ... Since all but the EAP TLS are optional many companies claim WPA2 Enterprise compliance with minimal support EAP TLS only Since there is no requirement from the WiFi Alliance to make the implementation of the security standards user friendly it is not always the case that configuring an embeddable WiFi device for these advanced security methods is easy let alone possible The implementation of WPA2...

Страница 39: ...password Defines the precalculated hex key used by the AP Must be 64 ASCII Hex digits long Table 8 PEAPv0 EAP MSCHAPv2 Configuration Command Description wl security peap Sets the EAP authentication process to be used eap ident client username from RADIUS server Sets the username for the client There must be a valid username on the RADIUS server that matches this name Replace the client username fr...

Страница 40: ...h MSCHAPV2 Identifies the inner authentication type to be used In this case MSCHAPv2 Table 10 EAP TLS MSCHAPv2 Configuration Command Description wl security tls Sets the EAP authentication process to be used eap ident client username from RADIUS server Sets the username for the client There must be a valid username on the RADIUS server that matches this name Replace the client username from RADIUS...

Страница 41: ...orne Device Server supports both pushing and pulling of certificates and private key files to the device utilizing FTP and Xmodem transfer protocols The different methods can be seen in Figure 7 The CLI commands that manage the delivery process are described in Table 11 Table 11 Certificate Delivery Commands Command Description put cert file name Will cause the device server that you are going to ...

Страница 42: ...address This defines the IP address of the target FTP server The address must be in the standard format XXX XXX XXX XXX Where XXX can have a value between 1 and 254 ftp server path This defines the directory path for the subdirectory that contains the target certificate to be downloaded This does not need to be set if the file is in the default directory for the specified ftp user ftp user Defines...

Страница 43: ...rtificates resident on the module including files that have been transferred but not yet saved to the module The command will list files that have been delivered but not saved del cert cert name The command deletes certificates that are stored on the module the command requires a filename argument to be supplied The filename argument does support wild cards e g del cert Will delete all certificate...

Страница 44: ...m2 filename priv key password priv key2 password eapfast pac filename eap password eap ident eap anon ident eap phase1 eap phase2 subject match subject match2 alt subject match alt subject match2 user wpa supp filename clear parameter This command allows a single parameter to be cleared The following commands can be cleared ca cert filename ca cert2 filename client cert filename client cert2 filen...

Страница 45: ...cert makes any certificate deletions permanent The Airborne Enterprise Device Server is capable of storing multiple certificates The number of certificates is limited only by available resources typically up to twenty 20 certificates can be held by the device server at any one time This allows multiple individual WPA2 Enterprise configurations to be applied to the device server without needing add...

Страница 46: ...pecific scan Determines how the device server scans for AP 0 Use Broadcast Probes to attempt to find an Access Point 1 Use Directed Probes to attempt to find an Access Point In this mode only AP s with matching SSID s to the module will be probed When using Broadcast probes all AP advertising their SSID s will respond to the scan this will cause a result for wl scan command that will provide a lis...

Страница 47: ...en AP that is in range Therefore as the Device Server becomes mobile it may associate with an AP that is not in your expected network Due to the functionality of the any SSID you have little to no control over the roaming behavior of the device server If wl ssid is set to a value that is not the any string the Device Server will scan for APs that match the SSID and 802 11 capability information he...

Страница 48: ...ined by ftp server address ftp filename Defines the name of the certificate or private key file to be uploaded or downloaded The file extension must be included The filename does not support wildcards To facilitate this function it is necessary to configure the internal FTP Client with the necessary information for the file upload the commands in Table 14 Once the FTP configuration is applied all ...

Страница 49: ...radio will initiate and attempt to locate a valid wireless network to associate with If one is found it will attempt to associate authenticate radio off Disables power to the 802 11b g radio After the command is issued the device server will close all TCP IP and UDP connections and power down the radio When in this state the device server will no longer be associated with a wireless network and an...

Страница 50: ...r and Ethernet Bridge family The CLI interface provides the following on line help support 1 Trailing a command with a will return a description of the command function and valid argument list e g pm mode returns Usage pm mode active doze Sets the Module s power management mode Parameters are active and doze Default is active 2 Entering a after authentication will provide a full list of the availa...

Страница 51: ...rect Ethernet Module WPA Security WLNB ET DP1XX ABDB ET DP1XX 5 802 11b AirborneDirect Ethernet Module LEAP Security WLNB ET DP5XX ABDB ET DP5XX 6 802 11b Airborne SPI Module WPA Security WLNB AN DP102 7 802 11b Airborne UART Module LEAP Security WLNB AN DP502 8 802 11b g Airborne UART Module LEAP Security WLNG AN DP1XX 9 802 11b g AirborneDirect Ethernet Module LEAP Security WLNG ET DP1XX ABDG ET...

Страница 52: ...P wpa leap64 Migration mode w Cipher suite TKIP 40 bit WEP using EAP LEAP Requires LEAP username and password wpa leap128 Migration mode w Cipher suite TKIP 128 bit WEP using EAP LEAP Requires LEAP username and password wpa psk64 Migration mode w Cipher suite TKIP 40 bit WEP using WPA PSK Requires WPA Passphrase wpa psk128 Migration mode w Cipher suite TKIP 128 bit WEP using WPA PSK Requires WPA P...

Страница 53: ...he following commands ftp server path ftp server address ftp user ftp password ftp filename Once the download is complete it is necessary for the save command to be issued this will cause the certificate to be stored to the device server For the Serial UART SPI device servers it is required that the device is associated and authenticated with a network and has a valid IP address before issuing thi...

Страница 54: ...figuration file to be stored to the device server There are two valid configuration files that may be down loaded user_cfg txt User configuration file This file contains the user configuration commands and parameters OEM_cfg txt OEM default configuration file This contains the OEM default settings for the device server These settings are installed upon the issuing of a factory reset command or har...

Страница 55: ...he device server to wait for an X modem file transfer of certificate from the host device connected to the serial interface Once the download is complete it is necessary for the save command to be issued this will cause the certificate to be stored to the device server It is required that the host use Xmodem 1K or Xmodem 1K CRC This command is supported via the serial interface or a telnet session...

Страница 56: ... to be issued this will cause the configuration file to be stored to the device server There are two valid configuration files that may be down loaded user_config txt User configuration file This file contains the user configuration commands and parameters OEM_config txt OEM default configuration file This contains the OEM default settings for the device server These settings are installed upon th...

Страница 57: ...efault none Description This command defines the Certificate Authority CA filename to be used with the chosen authentication method The certificate can contain one or more trusted CA certificates A trusted CA certificate should always be configured when using EAP TLS EAP TTLS or PEAP The file must be in PEM or DER format for the device server to recognize it as a valid certificate ...

Страница 58: ...ault none Description This command defines a second Certificate Authority CA filename to be used with the chosen authentication method The certificate can contain one or more trusted CA certificates A trusted CA certificate should always be configured when using EAP TLS EAP TTLS or PEAP The file must be in PEM or DER format for the device server to recognize it as a valid certificate ...

Страница 59: ... ASCII Text filename extension Device Type All Default none Description This command defines the Client certificate filename to be used with the chosen authentication method A client certificate should always be configured when using EAP TLS The file must be in PEM or DER format for the device server to recognize it as a valid certificate ...

Страница 60: ...SCII Text filename extension Device Type All Default none Description This command defines a second Client certificate filename to be used with the chosen authentication method A client certificate should always be configured when using EAP TLS The file must be in PEM or DER format for the device server to recognize it as a valid certificate ...

Страница 61: ...I Text filename extension Device Type All Default none Description This command defines the Client Private Key filename to be used with the chosen authentication method When PKCS 12 PFX files are used the ca cert filename should not be used The file must be in PEM or DER format for the device server to recognize it as a valid private key ...

Страница 62: ...Text filename extension Device Type All Default none Description This command defines a second Client Private Key filename to be used with the chosen authentication method When PKCS 12 PFX files are used the ca cert filename should not be used The file must be in PEM or DER format for the device server to recognize it as a valid private key ...

Страница 63: ...v key password Arguments ASCII Text password Device Type All Default blank Description This command defines the Client Private Key password to be used with the Private Key file identified by the priv key filename command The private key is an ASCII text string provided by the generator of the Private Key file ...

Страница 64: ... key2 password Arguments ASCII Text password Device Type All Default blank Description This command defines the Client Private Key password to be used with the Private Key file identified by the priv key2 filename command The private key is an ASCII text string provided by the generator of the Private Key file ...

Страница 65: ...ent with a command the device server will display the arguments for the command and describe the function of the command as an ASCII text response Note that there must be no other arguments with the command for the help to be displayed get cfg Usage get cfg String Uses FTP to get a configuration file from an FTP server It uses the ftp server address ftp server path ftp user and ftp password to get...

Страница 66: ...ts none Device Type All Default none Description This command provides text help When used by itself at the command prompt it will cause the device server to display all available commands The list is not device functionality sensitive This response is identical to the command when used without a command ...

Страница 67: ... format This is an optional configuration file for setting parameters for an ephemeral DH key exchange In most cases the default RSA authentication does not use this configuration However it is possible to setup RSA to use ephemeral DH key exchange In addition ciphers with DSA keys always use ephemeral DH keys This can be used to achieve forward secrecy If the file is in DSA parameters format it w...

Страница 68: ...CII characters This field can include either the plaintext password using ASCII or hex string or a NtPasswordHash 16 byte MD4 hash of password in hash 32 hex digits format NtPasswordHash can only be used when the password is for MSCHAPv2 or MSCHAP EAP MSCHAPv2 EAP TTLS MSCHAPv2 EAP TTLS MSCHAP LEAP EAP PSK 128 bit PSK EAP PAX 128 bit PSK and EAP SAKE 256 bit PSK is also configured using this field...

Страница 69: ...0 8081 100 Airborne CLI Reference Manual 69 eap ident Command eap ident Arguments text string Device Type All Default blank Description Identity string for EAP Typically the RADIUS server user login name Max length of 64 ASCII characters ...

Страница 70: ... Command eap anon ident Arguments text string Device Type All Default blank Description Anonymous identity string for EAP Max length of 64 ASCII characters Used as the unencrypted identity with EAP types that support different tunneled identity e g EAP TTLS Typical format anonident example com ...

Страница 71: ...Pv1 or newer is being utilized Some servers may require this setting for use with PEAPv1 peapver 0 Forces use of PEAPv0 peapver 1 Forces use of PEAPv1 peap_outer_succes s 0 Terminates PEAP authentication on tunneled EAP Success This is required with some RADIUS servers that implement draft josefsson pppext eap tls eap 05 txt e g Lucent NavisRadius v4 4 0 with PEAP in IETF Draft 5 mode include_tls_...

Страница 72: ...APv0 or EAP PEAPv1 autheap MSCHAPV2 Sets the inner encryption to MSCHAPv2 Required for EAP TTLS MSCHAPv2 autheap MD5 Sets the inner encryption to MD5 Required for EAP TTLS MD5 This is a string with field value pairs e g auth MSCHAPV2 for EAP PEAP or autheap MSCHAPV2 autheap MD5 for EAP TTLS The following certificate private key fields are used in inner Phase2 authentication when using EAP TTLS or ...

Страница 73: ...ed against the subject of the authentication server certificate If this string is set the server certificate is only accepted if it contains this string in the subject The subject string is in following format C US ST CA L San Francisco CN Test AS emailAddress as example com Example EMAIL server example com Example DNS server example com DNS server2 example com Following types are supported EMAIL ...

Страница 74: ...hed against the subject of the authentication server certificate If this string is set the server certificate is only accepted if it contains this string in the subject The subject string is in following format C US ST CA L San Francisco CN Test AS emailAddress as example com Example EMAIL server example com Example DNS server example com DNS server2 example com Following types are supported EMAIL...

Страница 75: ...ted parameters are wl security ca cert filename ca cert2 filename client cert filename client cert2 filename priv key filename priv key2 filename dh parm filename dh parm2 filename priv key password priv key2 password eapfast pac filename eap password eap ident eap anon ident eap phase1 eap phase2 subject match subject match2 alt subject match alt subject match2 user wpa supp filename Clearing all...

Страница 76: ...fast pac filename eap password eap ident eap anon ident eap phase1 eap phase2 subject match subject match2 alt subject match alt subject match2 user wpa supp filename Device Type All Default blank Description Removes specified parameter value from the user configuration You must commit the changes in order for the user credentials to be permanently cleared from the module Clearing any single secur...

Страница 77: ...s The argument can be a filename or a wildcard for a group of one or more certificates to be deleted You must save the changes in order for the user credentials to be permanently removed from the module del cert Will delete all certificates del cert user Will delete all certificates beginning with user It is required to issue the save command after this command to permanently delete the files from...

Страница 78: ...none Device Type All Default blank Description Removes all WEP keys from the module You must commit the changes in order for the WEP keys to be permanently removed from the module If you remove all the WEP keys from the module you may be unable to regain a wireless network connection if the access points require them ...

Страница 79: ...e settings in memory will be set to default values You must commit the changes if you desire them to remain in the default state after a module restart All user settings will be lost if you issue this command and commit the changes This will potentially make the device server unable to connect to valid wireless network or communicate over the serial interface Make sure that the factory default set...

Страница 80: ...ech Inc 80 Airborne CLI Reference Manual 100 8081 100 radio on Command radio on Arguments none Device Type All Default none Description Turns on power to the radio The radio will attempt to regain a wireless network connection ...

Страница 81: ...er to the 802 11b g radio After the command is issued the device server will close all TCP IP and UDP connections and power down the radio When in this state the device server will no longer be associated with a wireless network and any network based communication will not be possible The device server will lose connection to the wireless network when this command is issued ...

Страница 82: ...4 bytes from 69 36 15 130 seq 1 ttl 50 time 100 134 ms 64 bytes from 69 36 15 130 seq 2 ttl 50 time 100 166 ms 64 bytes from 69 36 15 130 seq 3 ttl 50 time 97 474 ms www quatech com ping statistics 4 packets transmitted 4 packets received 0 packet loss round trip min avg max 97 474 99 152 100 166 ms OK or ping 192 168 1 105 PING 192 168 1 105 192 168 1 105 56 data bytes 64 bytes from 192 168 1 105...

Страница 83: ... Displays radio statistics ethernet Displays wired Ethernet statistic Only applies to Ethernet device Example stats radio Rx Packets 7839 Rx Bytes 910915 Rx Errors 0 Rx Dropped 0 Rx Overruns 0 Tx Packets 202 Tx Bytes 16159 Tx Errors 0 Tx Dropped 0 Tx Overruns 0 stats ethernet Rx Packets 16819 Rx Bytes 70915 Rx Errors 0 Rx Dropped 234 Rx Overruns 0 Tx Packets 17602 Tx Bytes 16159 Tx Errors 4 Tx Dro...

Страница 84: ...Device Type All Default blank Description This value defines the IP address of the target FTP server used for firmware certificate or configuration file download The IP address format follows the standard ASCII format XXX XXX XXX XXX where XXX 1 254 Must be specified in order for the following commands to function correctly update ftp get cert get cfg ...

Страница 85: ...ank Description The path on the target FTP server that contains the firmware certificate or configuration files to be downloaded This does not need to be set if the file is in the default directory for the specified ftp user Example ftp server path firmware latest This defines that the file to be uploaded resides in the firmware latest subdirectory of the FTP users root directory ...

Страница 86: ... text username Device Type All Default blank Description Defines the username for the FTP account associated to the FTP server defined by ftp server address Must be specified in order for the following commands to function correctly update ftp get cert get cfg Please note that anonymous user credentials are not supported ...

Страница 87: ...ommand ftp password Arguments ASCII text password Device Type All Default blank Description Defines the password for the FTP account associated to the FTP server defined by ftp server address Must be specified in order for the following commands to function correctly update ftp get cert get cfg ...

Страница 88: ...filename extension Device Type All Default blank Description Defines the name of the firmware certificate or configuration file to be uploaded or downloaded If not specified update ftp will uploaded the newest file in the target directory Must be specified in order for the following command to function correctly update ftp ...

Страница 89: ...uments none Device Type All Default blank Description Saves all user uploaded certificates private keys and configuration files to flash If save is not issued after uploading files all files uploaded after the last save command will be discarded and require uploading after next restart or power cycle ...

Страница 90: ...sfer all telnet port 23 traffic to its internal IP stack when disabled all telnet traffic will be forwarded to the wired interface disable The module will transfer all telnet port 23 traffic to the wired Ethernet interface enable The module will transfer all telnet port 23 traffic to its internal IP stack Disabling the telnet port will prevent any telnet port 23 connections from being accepted by ...

Страница 91: ...fer all HTTP traffic port 80 traffic to its internal HTTP server when disabled all HTTP traffic will be forwarded to the wired interface disable The module will transfer all HTTP port 80 traffic to the wired Ethernet interface enable The module will transfer all HTTP port 80 traffic to its internal IP stack Disabling the http port will prevent any web port 80 connections from being accepted by the...

Страница 92: ... module will lease this address to the client in response to the DHCP request If the client is not using DHCP this address must match the static IP address on the client so that IP routing will work correctly The IP address of the client and the Ethernet gateway must be in the same subnet for IP routing to work correctly The subnet for the wired IP and gateway IP addresses Ethernet and public IP a...

Страница 93: ...s the IP address of the Ethernet gateway This is the IP address used by the client to communicate with the gateway module The IP address of the client and the Ethernet gateway must be in the same subnet for IP routing to work correctly The subnet for the wired IP and gateway IP addresses Ethernet and public IP address 802 11 obtained by the module via the wireless interface and must not be the sam...

Страница 94: ...4 Airborne CLI Reference Manual 100 8081 100 eth subnet Command eth subnet Arguments Valid subnet mask Device Type Ethernet Default 255 255 255 0 Description Configures the subnet mask for the Ethernet gateway and wired interface client ...

Страница 95: ...nd eth mode Arguments auto 10half 10full 100half 100full Device Type Ethernet Default auto Description Configures the connection rate for the wired Ethernet interface auto Auto negotiate 10half 10Mbps half duplex 10full 10Mbps full duplex 100half 100Mbps half duplex 100full 100Mbps full duplex ...

Страница 96: ...rols how the module scans for Access Points 0 Use Broadcast Probes to attempt to find an Access Point 1 Use Directed Probes to attempt to find an Access Point In this mode only AP s with matching SSID s to the module will be probed Some network administrators disable responses to Broadcast Probes on the Access Point To support scanning on these networks set wl specific scan 1 ...

Страница 97: ...wl dns2 wl dhcp mode wl dhcp interval wl dhcp fb wl dhcp acqlimit wl dhcp fbip wl dhcp fbsubnet wl dhcp fbauto wl dhcp fbper wl con led wl security pw wpa psk pw leap user leap wl auth wl def key wl wpa format wl key1 wl key2 wl key3 wl key4 wl rate wl region ca cert filename ca cert2 filename client cert filename client cert2 filename priv key filename priv key2 filename dh parm filename dh parm2...

Страница 98: ...lies the following port settings telnet port http port Any settings applied with this command are temporary and will not be persistent across a restart or power cycle Any settings applied by this command can be made persistent across restarts and power cycles by issuing the commit command ...

Страница 99: ...erence Manual 99 wl assoc backoff Command wl assoc backoff Arguments Integer Range 0 20000 Device Type All Default 10000 Description The amount of time in milliseconds to backoff after three 3 failed association attempts Range 0 20000 milliseconds 0 to 20 seconds ...

Страница 100: ...ype All Default 120 Description The average amount of time before sending an ARP to each device in the ARP table The actual rate is a random amount of time between 0 5 and 1 5 times this value Value has the range of 1 254 seconds The default time is 120 seconds The device server requires a restart or power cycle for this parameter change to take effect ...

Страница 101: ...vice Type All Default 120 Description The amount of time since the last observation of the IP address before scheduling that entry for removal from the device severs internal ARP table Value has the range of 1 254 seconds The default time is 120 seconds The device server requires a restart or power cycle for this parameter change to take effect ...

Страница 102: ... save command to be issued this will cause the configuration file to be deleted permanently from the device server The following files can be deleted using this command user_config txt User configuration file This file contains the user configuration commands and parameters OEM_config txt OEM default configuration file This contains the OEM default settings for the device server These settings are...

Страница 103: ...he same physical network as the device that initiated the process A typical response will be Device Name IP Address MAC Address Device Type FW Ver Veyron_1 192 168 1 108 000B6B7784C5 AIRBORNE 1 02M This process may take several seconds to respond The discovery process uses UDP broadcasts for the discovery protocol if your network infrastructure does not allow UDP broadcasts the discovery process w...

Страница 104: ...d intf type Arguments rs232 rs422 rs485 Device Type Serial Default rs232 Description Sets the serial interface for RS 232 RS 422 or RS 485 communications Enables interface pins 17 19 and 22 See 802 11b g High Performance Device Server Product Specification for detailed description of pin function ...

Страница 105: ...0 Airborne CLI Reference Manual 105 list cfg Command list cfg Arguments None Device Type All Default none Description Displays a list of all the configuration files resident on the device server including files that have been loaded but not saved ...

Страница 106: ...s none Device Type All Default none Description Generates the SSH keys using the key length specified by ssh keysize You must issue a commit or save to store the generated keys once generated Key generation may take several seconds the OK response will be returned by the device server when the keys have been generated ...

Страница 107: ...lt 1024 Description Defines the size of the SSH RSA key The key length must be from 1024 2048 and MUST be divisable by 8 The default is 1024 If you change the ssh keysize and SSH keys already exist you will be prompted to remove the existing keys using clear ssh key and to reissue ssh keygen to generate new SSH keys This command is used by ssh keygen ...

Страница 108: ...ice Type All Default Ready Description ACSII Text message that is displayed when the device server has completed a restart or power cycle Once displayed the device is available for interaction using CLI The ASCII text message can be a maximum of 31 characters terminated by CR LF For the message to be displayed startup msg must be enabled ...

Страница 109: ... up message defined by startup text once the device server has completed a restart or power cycle 0 Disables the start up text No message will be displayed after a restart or power cycle 1 Enables the start up text The startup msg text message will be displayed after a restart or power cycle Once the message is displayed the device server is available for interaction on the CLI interface ...

Страница 110: ...Confidential Quatech Inc 110 Airborne CLI Reference Manual 100 8081 100 ver fw Command Ver fw Arguments none Device Type All Default none Description Returns the current version of firmware loaded on the module ...

Страница 111: ...fidential 100 8081 100 Airborne CLI Reference Manual 111 ver radio Command ver radio Arguments none Device Type All Default none Description Returns the current version of radio firmware being run on the device servers radio ...

Страница 112: ...tial Quatech Inc 112 Airborne CLI Reference Manual 100 8081 100 ver uboot Command ver uboot Arguments none Device Type All Default none Description Returns the version of uboot loader code resident on the device server ...

Страница 113: ... CLI Reference Manual 113 wl dhcp vendorid Command wl dhcp vendorid Arguments ASCII Text Device Type All Default Empty String Description Configures the DHCP Vendor Class ID String to use in the DHCP requests Parameter can by up to 31 ASCII characters long ...

Страница 114: ...vice Type All Default 0 Description Periodically ping the configured UDP server This causes the ARP cache to be periodically refreshed to prevent unnecessary ARPs from being transmitted Since ARPs are broadcast and pings are unicast packets total network overhead is reduced if pings are used instead of ARPs 0 Disabled 1 Enabled ...

Страница 115: ...nts IP Address Device Type All Default 0 0 0 0 Description Configures the Primary WINS Server Address This value is used for WINS lookups if the lookup fails using the value from wl dns1 or wl dns2 If the DHCP Client is enabled the wl wins1 value will be updated if the DHCP Server provides one Default is 0 0 0 0 ...

Страница 116: ...ts IP Address Device Type All Default 0 0 0 0 Description Configures the Secondary WINS Server Address This value is used for WINS lookups if the lookup fails using the value from wl dns1 or wl dns2 If the DHCP Client is enabled the wl wins1 value will be updated if the DHCP Server provides one Default is 0 0 0 0 ...

Страница 117: ...g those not yet committed no parameter Lists current configuration all parameters active Lists the current active configuration all parameters factory Lists the factory default configuration all parameters oem Lists the OEM configuration all parameters user Lists the saved user configuration all parameters wpa Lists the contents of the WPA supplicant configuration file This is the contents of wpa ...

Страница 118: ...Company Confidential Quatech Inc 118 Airborne CLI Reference Manual 100 8081 100 Comments Notes ...

Страница 119: ...nfidential 100 8081 100 Airborne CLI Reference Manual 119 15 0 Change Log The following table indicates all changes made to this document Version Date Section Change Description Author 1 0 04 16 2009 Preliminary Release ACR ...

Страница 120: ...675 Hudson Industrial Parkway Hudson OH 44236 USA Telephone 330 655 9000 Toll Free USA 800 553 1170 Fax 330 655 9010 Technical Support 714 899 7543 E mail Support wirelesssupport quatech com Web Site www quatech com ...

Отзывы:

Нет отзывов