User's Manual

ManualsBrands3e Technologies International ManualsElectronicsWireless Mesh Access Point/Bridge/Switch

Rhein Tech Laboratories, Inc. Client: 3e Technologies Int’l

360 Herndon Parkway Model: 3e-527A3

Suite 1400 Standards: FCC 15.247 & RSS-210

ID’s: QVT-527A3/6780A-527A3 Herndon, VA 20170

http://www.rheintech.com

Report #: 2006146

Page 81 of 114

Appendix K: User Manual

Please refer to the following pages.

Summary of content (112 pages)

PAGE 1
Rhein Tech Laboratories, Inc. 360 Herndon Parkway Suite 1400 Herndon, VA 20170 http://www.rheintech.com Appendix K: Client: Model: Standards: ID’s: Report #: 3e Technologies Int’l 3e-527A3 FCC 15.247 & RSS-210 QVT-527A3/6780A-527A3 2006146 User Manual Please refer to the following pages.
PAGE 2
ERRATA SHEET Changes to 29000152-001 Revision C Chapter 6, page 99, Paragraph titled “Radio Frequency Interference Requirements” The text currently reads: “This device has been tested and found to comply with the limits for a Class A Digital Device, pursuant to Part 15 of the Federal Communications Commission’s Rules and Regulations.
PAGE 3
� Wireless Access Point – 8 Port User's Guide Model 3e–527A3 3e Technologies International 700 King Farm Blvd., Suite 600 Rockville, MD 20850 (301) 670-6779 www.3eti.com 29000152-001 B publ.
PAGE 4
This page intentionally left blank.
PAGE 5
3e Technologies International's Wireless Access Point – 8 Port User's Guide Model 3e–527A3
PAGE 6
Copyright © 2006 3e Technologies International, Inc. All rights reserved. No part of this documentation may be reproduced in any form or by any means or to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3e Technologies International.
PAGE 7
Table of Contents SAFETY INFORMATION ............................................................................................ vi Chapter 1: Introduction...................................................................................................1 Basic Features .............................................................................................................2 Wireless Basics............................................................................................................3 802.
PAGE 8
Rogue AP Detection ..............................................................................................34 Advanced................................................................................................................35 Wireless Bridge.........................................................................................................35 Services Settings.......................................................................................................36 DHCP Server ...............
PAGE 9
Virtual Server .........................................................................................................77 Demilitarized Zone (DMZ) ..................................................................................78 Advanced................................................................................................................79 Chapter 5: Wireless Bridge Configuration ................................................................81 Introduction ...................................
PAGE 10
SAFETY INFORMATION Please follow thes guidelines when installing and using the 3e–527A3 product. ! WARNING Warnings must be followed carefully to avoid bodily injury. ! CAUTION Cautions must be observed to avoid damage to your equipment. NOTE: vi Notes contain important information about this product.
PAGE 11
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction Chapter 1: Introduction This manual covers the installation and operation of the 3e Technologies International’s 3e–527A3 Wireless Access Point. The 3e–527A3 is a ruggedized access point/gateway/bridge which is intended for use in industrial and external environments. It accommodates 802.11a/b/g, and 802.
PAGE 12
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction Basic Features The 3e–527A3 is housed in a sturdy case which is not meant to be opened except by an authorized technician for maintenance or repair. If you wish to reset to factory settings, use the reset function available through the web-screen management module. The 3e–527A3 is wall-mountable.
PAGE 13
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction Wireless Basics Wireless networking uses electromagnetic radio frequency waves to transmit and receive data. Communication occurs by establishing radio links between the wireless access point and devices configured to be part of the WLAN. The 3e–527A3 incorporates 802.11a, the 802.11b (WiFi) standard, the 802.11g standard and the most state of the art encryption for a very powerful and secure wireless environment. 802.11b The IEEE 802.
PAGE 14
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction 802.11a Turbo 802.11a Turbo technology provides speed and throughput of more than double standard wireless LAN technologies in networking products such as PCs, access points, routers and PC cards. It is very helpful to users who require additional bandwidth (over standard WLAN technologies) that results in higher throughput necessary for a variety of functions such as: streaming media (video, DVD, MPEG), VoIP, etc.
PAGE 15
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction Access Point Configurations When a 3e–527A3 is used as an access point, IP addresses for wireless devices are typically assigned by the wired network’s DHCP server. The wired LAN’s DHCP server assigns addresses dynamically, and the AP virtually connects wireless users to the wired network.
PAGE 16
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction 3. The last and most prevalent use is multiple APs connected to a wired network and operating off that network’s DHCP server to provide a wider coverage area for wireless devices, enabling the devices to “roam” freely about the entire site. The APs have to use the same SSID. This is the topology of choice today. �� Bridging The 3e–527A3 can also function as a bridge.
PAGE 17
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction AES and 3DES The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information. It has the ability to use even larger 192-bit and 256-bit keys, if desired. 3DES is also incorporated on the 3e–527A3 .
PAGE 18
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction The Crypto Officer initially installs and configures the 3e–527A3 after which the password MUST be changed from the default password. The ID and Password are case sensitive. Management After initial setup, maintenance of the system and programming of security functions are performed by personnel trained in the procedure using the embedded web-based management screens. The next chapter covers the basic procedure for setting up the hardware.
PAGE 19
3e–527A3 Wireless Access Point – 8 Port Chapter 1: Introduction 3e-527A3 Navigation Options Access Point/Bridge Mode System Configuration General Operating Mode WAN LAN Encrp Port Wireless Access Point General Security • Static AES • Static 3DES • Dynamic Key Exchange • FIPS 802.
PAGE 20
3e–527A3 Wireless Access Point – 8 Port 10 Chapter 1: Introduction System Administration Email Notification Conf Configuration Button System Upgrade • Firmware Upgrade • Local Configuration Upgrade • Remote Configuration Upgrade Factory Default System Admnistration Email Notification Conf Configuration Button System Upgrade • Firmware Upgrade • Local Configuration Upgrade • Remote Configuration Upgrade Factory Default Remote Logging Remote Logging Reboot Reboot Utilities Utilities 29000152-001 B
PAGE 21
3e–527A3 Wireless Access Point – 8 Port Chapter 2: Hardware Installation Chapter 2: Hardware installation Preparation for Use The 3e Technologies International's 3e–527A3 Wireless Access Point requires physical mounting and installation on the site, following a prescribed placement design to ensure optimum operation and roaming.
PAGE 22
3e–527A3 Wireless Access Point – 8 Port Chapter 2: Hardware Installaton It is intended that the user not open the unit. Any maintenance required is limited to the external enclosure surface, cable connections, and to the management software (as described in chapter three through five) only. A failed unit should be returned to the manufacturer for maintenance. Minimum System and Component Requirements The 3e–527A3 is designed to be attached to the wall at appropriate locations.
PAGE 23
3e–527A3 Wireless Access Point – 8 Port Chapter 2: Hardware Installation A MGMT Port is designed for use during initial configuration only. This uses an RJ45 cable to connect the 3e–527A3 to a laptop. The ENCRP port is a dedicated Ethernet port used for connecting to the Ethernet port of a DSL modem or any device that requires layer encryption. This port is encrypted and is configureable for AES-128, 192, or 256 and also contains a message integrity check. Ports X1-3 and Y1-3 are mode-dependent.
PAGE 24
3e–527A3 Wireless Access Point – 8 Port Chapter 2: Hardware Installaton The Indicator Lights Po we r WA N W LA N 1 W LA N 2 W LA NS S FIP S/M OD E The top panel of the 3e–527A3 contains a set of indicator lights (Light Emitting Diodes or LEDs) that help describe the state of various networking and connection operations. Detail of LEDs on the face of the 3e–527A3 LED Description Power The Power indicator LED indicates when the device is powered on.
PAGE 25
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Chapter 3: Access Point Configuration Introduction The 3e–527A3 comes with the capability to be configured as an access point. As it incorporates two separate 802.11 wireless cards, one for configuring a local WLAN and one for use in bridging, it can also be configured for bridging, either with access point or gateway configuration on the WLAN side.
PAGE 26
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Initial Setup using the “Local” Port Plug one end of an RJ-45 Ethernet cable to the LAN port of the 3e– 527A3 (see page 11) and the other end to an Ethernet port on your laptop. This LAN port in the 3e–527A3 connects you to the device’s internal DHCP server which will dynamically assign an IP address to your laptop so you can access the device for configuration.
PAGE 27
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Login On your computer, pull up a browser window and put the default URL for the 3e–527A3 Local LAN in the address line. (https:// 192.168.15.1) You will be asked for your User Name and Password. The default is "CryptoOfficer" with the password "CryptoFIPS" to give full access for setup configuration. (This password is case-sensitive.
PAGE 28
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration System Configuration General You will immediately be directed to the System Configuration — General screen for the 3e–527A3 access point. This screen lists the firmware version number for your 3e–527A3 and allows you to set the Host Name and Domain Name as well as establish system date and time. (Host and Domain Names are both set at the factory for “default” but can optionally be assigned a unique name for each.
PAGE 29
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Operating Mode This screen allows you to set the operating mode to either Wireless Access Point/Bridge or Gateway/Bridge mode. You only need to visit this page only if you will be changing from Access Point to Gateway mode, if you want to change your submode to IPv6, or if you want to configure the wireless cards. Note that if you change modes from AP to Gateway, your configuration is not lost.
PAGE 30
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Configure Wireless Cards The factory default for the two wireless cards are: • • 802.11b/g for the AP 802.11a/TurboA for the Bridge If you want to swap the cards and make the 802.11a/TurboA card for the AP and the 802.11b/g card for the Bridge. Select the appropriate button.
PAGE 31
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration WAN Click the entry on the left hand navigation panel for System Configuration — WAN. This directs you to the System Configuration — WAN screen. If not using DHCP to get an IP address, input the static IP information that the access point requires in order to be managed from the wired LAN. This will be the IP address, Subnet Mask, Default Gateway, and, where needed, DNS 1 and 2. Click Apply to accept changes.
PAGE 32
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration LAN Click the entry on the left hand navigation panel for System Configuration — LAN. This directs you to the System Configuration — LAN screen. This sets up the default numbers for the four octets for a possible private LAN function for the access point. It also allows changing the default numbers for the LAN Subnet Mask. The Local LAN port provides local access for configuration.
PAGE 33
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Encrp Port Click the entry on the left hand navigation panel for System Configuration — Encrp Port. This directs you to the System Configuration — Encrp Port screen. You can set the link speed and duplex for the encrp port in the Encrp Link field. Your options are: Auto, 10M Half Duplex, 10M Full Duplex, 100M Half Duplex, or 100M Full Duplex.
PAGE 34
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Static AES Key The Advanced Encryption Standard (AES) uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information. With the ability to use even larger 192-bit and 256-bit keys, if desired, it offers higher security against brute-force attacks than the older 56-bit DES keys. The Key Generator button automatically generates a randomized key of the appropriate length.
PAGE 35
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Static 3DES Key To use 3DES, enter a 192-bit key as 48 hexadecimal digit (0-9, a-f, or A-F). The Key Generator button automatically generates a randomized key of the appropriate length. This key is initially shown in plain text so the user has the opportunity to copy the key. Once the key is applied, the key is no longer displayed in plain text.
PAGE 36
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Wireless Access Point Configuration General Wireless Setup allows your computer’s PC Card to communicate with the access point. Once you have completed wireless access point configuration, you can complete the rest of the configuration wirelessly unless you will be employing the FIPS 140-2 secure mode, assuming that you have installed and configured a wireless PC card on your computer.
PAGE 37
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Select the wireless mode from the drop-down list. You can choose from the following options: • • • 802.11b 802.11g 802.11b/g Mixed You can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. The Channel Number is a means of assigning frequencies to a series of access points, when many are used in the same WLAN, to minimize noise. There are 11 channel numbers that may be assigned.
PAGE 38
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Tx Pwr Mode and Fixed Pwr Level: The Tx Power Mode defaults to Auto, giving the largest range of radio transmission available under normal conditions. As an option, the AP's broadcast range can be limited by setting the Tx Power Mode to Fixed and choosing from 1-8 for Fixed Pwr Level (1 being the shortest distance.) Finally, if you want to prevent any radio frequency transmission, set Tx Pwr Mode to Off.
PAGE 39
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Security The Wireless Access Point — Security screen displays a default factory setting of AES encryption, but the encryption key is not set and it will not communicate to any clients unless the encryption is set by the CryptoOfficer. NOTE: One of the encryption options must be selected and applied in order for the AP to communicate with other APs.
PAGE 40
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Static 3DES Key To use 3DES, enter a 192-bit key as 48 hexadecimal digit (0-9, a-f, or A-F). The Key Generator button automatically generates a randomized key of the appropriate length. This key is initially shown in plain text so the user has the opportunity to copy the key. Once the key is applied, the key is no longer displayed in plain text.
PAGE 41
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Dynamic Key Exchange Dynamic key management requires the installation of the 3e-030 Security Server software which resides on a self-contained workstation connected to the 3e–527A3 over the WAN port.
PAGE 42
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration FIPS 802.11i If you wish to use FIPS 802.11i on the 3e–527A3, enable either Preshared Key Settings or 802.1x Settings. If you are a SOHO user, selecting pre-shared key means that you don’t have the expense of installing a Radius Server. Simply input up to 63 character / numeric / hexadecimals in the Passphrase field.
PAGE 43
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration MAC Address Filtering The Wireless Access Point — MAC Address Filtering screen is used to set up MAC address filtering for the 3e–527A3 device. The factory default for MAC Address filtering is Disabled. If you enable MAC Address filtering, you should also set the toggle for Filter Type.
PAGE 44
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Rogue AP Detection The Wireless Access Point — Rogue AP Detection screen allows the network administrator to set up rogue AP detection. Enable rogue AP detection and enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP. (You may add up to 128 MAC addresses.) Enter an email address for notification of any rogue or non-trusted APs.
PAGE 45
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Advanced The Wireless Access Point — Advanced screen allows you to enable or disable load balancing and publicly secure packet forwarding. Load balancing is disabled by default. The load balancing feature balances the wireless clients between APs.
PAGE 46
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Services Settings DHCP Server The Service Settings — DHCP Server screen is used for configuring the DHCP server function accessible from the Local LAN port. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish, but it is not recommended. You can also set the range of addresses to be assigned.
PAGE 47
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Subnet Roaming The 3e-527A3 supports subnet roaming with 3eTI's subnet roaming coordinator server installed. Subnet roaming occurs when a user roams to an access point that is connected to a different subnet than its home subnet. If subnet roaming is supported by the wireless infrastructure, the client is able to continue its network connectivity without having to change its IP address.
PAGE 48
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration SNMP Agent The Service Settings — SNMP Agent screen allows you to set up an SNMP Agent. The agent is a software module that collects and stores management information for use in a network management system. The 3e–527A3's integrated SNMP agent software module translates the device’s management information into a common form for interpretation by the SNMP Manager, which usually resides on a network administrator’s computer.
PAGE 49
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration The SNMP configuration consists of several fields, which are explained below: • • • Community –The Community field for Get (Read Only), Set (Read & Write), and Trap is simply the SNMP terminology for “password” for those functions. Source –The IP address or name where the information is obtained. Access Control –Defines the level of management interaction permitted.
PAGE 50
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Admin User Management List All Users The Admin User Management — List All Users screen lists the Crypto Officer and administrator accounts configured for the unit. You can edit or delete users from this screen. If you click on Edit, the Admin User Management — Edit User screen appears. On this screen you can edit the user ID, password, role, and note fields.
PAGE 51
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Add New User The Admin User Management — Add New User screen allows you to add new Administrators and CryptoOfficers, assigning and confirming the password. Administrators can view the system but this role has limited access to change settings. CryptoOfficers can view and change any of the settings on the system.
PAGE 52
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration User Password Policy The Admin User Management — User Password Policy screen is always enabled. The definition of a complex password is a password that contains characters from all of the following 4 groups and at least 2 of each group: uppercase letters, lowercase letters, numerals, and symbols found on the keyboard. The minimum password length is 10 characters and the maximum length is 30.
PAGE 53
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration End User Authentication In the 3e-527A3, all end users (wireless and wired), may require an account in order to have access to the Internet. Each end user is required to input their user name and password to authenticate with the system. Once you have authenticated, you will not need to re- authenticate for 24 hours unless your CryptoOfficer requires you to. To authenticate, open a browser and enter any resolvable URL.
PAGE 54
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration User List The End User Authentication — User List screen lists all end user information. The CryptoOfficer can edit, delete, and unlock users from this screen. If you click on Edit, the End User Authentication — Edit User screen appears. On this screen you can edit the user ID, password, role, and note fields.
PAGE 55
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Add New User The End User Authentication — Add New User screen allows you to add new end users, assigning and confirming the password. Administrators can view the system but this role has limited access to change settings. CryptoOfficers can view and change any of the settings on the system. The password policy is the same as the Admin User Management — User Password Policy screen.
PAGE 56
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Add Authenticated MAC Usually the authenticated MAC is valid for 24 hours. You will be requested to re-authenticate after it expires. In case there is a client without user interaction (for example, a server), you may not want to authenticate that client every 24 hours. You can manually set the authenticated MAC in the authenticated list and mark the entry Permanent.
PAGE 57
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Monitoring/Reports This section gives you a variety of lists and status reports. Most of these are self-explanatory. System Status The Monitoring/Report — System Status screen displays the status of the 3e–527A3 device, the network interface, and the routing table. There are some pop-up informational menus that give detailed information about CPU, PCI, Interrupts, Process, and Interfaces.
PAGE 58
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Bridging Status The Monitoring/Report — Bridging Status screen displays the Ethernet Port STP status, Encryp Port STP status, Wireless Port STP status, and Wireless Bridging information.
PAGE 59
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Bridge Site Map The Bridge Site Map shows the spanning tree network topology of both wired and wireless nodes connected to the network. The root STP node is always on top and the nodes of the hierarchy are displayed below it. Wired links are double dotted lines and wireless links are single dotted lines (the channel number of this wireless link is also shown). This map does not update dynamically.
PAGE 60
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Wireless Clients The Monitoring/Report — Wireless Clients screen displays the MAC Address of all wireless clients and their signal strength and transmit rate. The screen shown here emulates the FIPS 140-2 setup and contains a column for EMCON response. The EMCON feature only works with 3e-010F Crypto Client in FIPs mode.
PAGE 61
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Once the transmit power is re-enabled and clients re-associate to the AP, EMCON information is maintained for them. If a new client that wasn't associated previously associates with the AP after the EMCON mode, its EMCON status appears as "-", which indicates the status record is not applicable. Adjacent AP List The Monitoring/Report — Adjacent AP List screen shows all the APs on the network.
PAGE 62
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration DHCP Client List The Monitoring/Report — DHCP Client List screen displays all clients currently connected to the 3e–527A3 via DHCP server, including their hostnames, IP addresses, and MAC Addresses. The DHCP Client list constantly collects entries. To remove entries from the list, check mark the Revoke Entry selection and click Remove to confirm the action.
PAGE 63
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Web Access Log The Web Access Log displays system facility messages for any configuration changes via the web GUI. Along with the old value and new value, the when/who/what changes are also recorded. For security reasons, some sensitive data may not be recorded (for example, the encryption key) or may not be completely recorded (for example, the authenticated MAC).
PAGE 64
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Network Activity The Network Activity Log keeps a detailed log of all activities on the network which can be useful to the network administration staff. The Network Activities log will continue to accumulate listings and rotates when the log reaches the defined maximum size. You can never delete this log but you can export the log to a file on a PC.
PAGE 65
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Auditing The 3e-527A3 collects audit data and provides an interface for authorized administrators to review generated audit records. It generates records for two separate classes of events: authentication/access to the system, and actions taken directly on the system.
PAGE 66
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Report Query The Auditing—Report Query screen allows you to query on report based on start time, end time, MAC address, or unique record IDs. Configuration The Auditing—Configuration screen is used to configure the auditing settings. You can enable and disable the auditing function on this screen. You can select which audit event types you wish to log.
PAGE 67
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Event Type Description Audit Log Configuration Modified Any modification to the audit log configuration (enable/disable, recorded event types, etc) will trigger the creation of an audit record. Key Transfer Error Any error detected during the dynamic key exchange, either to the station or the authentication server. Key Zeroized The keys are zeroized including: 1. Transitioning from static key to DKE (and vice versa) 2.
PAGE 68
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration System Administration The System administration screens contain administrative functions. The screens and functions are detailed in the following section. Email Notification Configuration All system notification emails need to be set up using the System Administration — Email Notification Configuration screen. Your email server must support SMTP protocol.
PAGE 69
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Configuration-Button The System Administration—Configuration Button screen is used in conjunction with the physical Configuration/RESET button which is accessible from the outside of the 3e–527A3 unit. The Configuration/RESET button is located directly under the number “1” on the front panel.
PAGE 70
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration To use the Configuration/RESET button push the button for two seconds. After two seconds the WLAN2 and WLANSS LEDs are turned off. These two LEDs can then be used as input indicators. The procedure to enter the password is: Example: 11111111 Push the Configuration/RESET button once (input is acknowledged by the signal strength LED) and wait for one second. The WLAN2 LED blinks to acknowledge the first digit was accepted.
PAGE 71
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration System Upgrade The System Administration — System Upgrade screen gives you the ability to upload updates to the 3e–527A3 device’s firmware as they become available. When a new upgrade file becomes available, you can do a firmware upgrade from the Firmware Upgrade window.
PAGE 72
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Local Configuration Upgrade On the System Administration — System Upgrade screen, click on the Local Configuration Upgrade tab to upload and download configuration files to access points connected to the network. To upload a configuration file, select the file using the browse button and enter the passphrase for that file. The passphrase protects the file from unauthorized users.
PAGE 73
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration The random configuration feature is intended to reduce the effort to generate new keys for the system and to create a new password for the CryptoOfficer role that is performing this operation. When the generate button is pushed, the following parameters are randomized: • • • • • • • • AD SSID AP encryption key (AES-192) Bridge SSID Bridge encryption key (AES-192) Bridge channel (802.11a, random channel in 5.
PAGE 74
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Remote Configuration Upgrade On the System Administration — System Upgrade screen, click on the Remote Configuration Upgrade tab to upload and download configuration files to access points in remote locations which are not configured. This remote configuration upgrade feature allows you to selectively transfer a configuration file to other APs. Once the file is transferred, the remote AP will be rebooted.
PAGE 75
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration The random configuration file is used to update the bridging SSID and bridging encryption on other devices using the existing bridging link. If the bridging key or the bridging SSID is changed on the normal configuration screen, then the bridging link to the other devices will be terminated, and the configuration can not be updated. To create a randomly generated bridging configuration file, click Generate.
PAGE 76
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration You have the option to configure the second byte of the IP address to limit the range in which the IP addresses are distributed. For example, if your network already uses the 10.0.0.0 network address for other devices, you can limit the auto configuration to an upper range of 10.128.0.0 and the IP addresses will start from that number.
PAGE 77
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Remote Logging The System Administration —Remote Logging screen allows you to forward the syslog data from each machine to a central remote logging server. In the 3e–527A3, this function uses the syslogd daemon. If you enable Remote Logging, input a System Log Server IP Address and System Log Server Port. Click Apply to accept these values.
PAGE 78
3e–527A3 Wireless Access Point – 8 Port Chapter 3: Access Point Configuration Utilities The System Administration — Utilities screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button, as appropriate.
PAGE 79
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration Chapter 4: Gateway Configuration Introduction Chapter 3 covered the default configuration of the 3e–527A3 Wireless Access Point as an access point, for use as part of a host wired network. This chapter covers configuration as a gateway. If additional security for the wireless network is desired (differen– tiating it from the wired network to which it is connected), set it up in gateway mode.
PAGE 80
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration A comparison of gateway and access point setup for the 3e–527A3 ��
PAGE 81
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration Configuring in Gateway Mode To configure the 3e–527A3 in gateway mode, complete the following steps. 1. Login on to the 3e–527A3 (see Chapter 3, page 21). 2. Using the navigation bar to the left, navigate to the System Configuration — Operating Mode screen, select the Gateway Mode radio button, and click Apply. The 3e–527A3 AP will reboot in gateway mode.
PAGE 82
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration WAN In Gateway mode, the System Configuration–WAN screen has two tabs: Main IP Setting and IP Aliasing. Main IP Setting The Main IP Setting screen allows you to set Link Speed and Duplex of the WAN port.
PAGE 83
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration IP Aliasing You can add up to ten additional IP aliases on the WAN port. The IP aliasing entries can be used by the virtual server to map a public IP address to a private IP address. If the virtual server needs to map multiple public IP addresses to multiple private Ip addresses, the IP aliasing entries can be used to create additional public IP addresses. These entries are always static entries and can not use DHCP.
PAGE 84
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration LAN Click the entry on the left hand navigation panel for System Configuration — LAN. This directs you to the System Configuration — LAN screen. This sets up the default numbers for the four octets for a possible private LAN function for the access point. You can also change the default subnet mask. The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port.
PAGE 85
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration Security Click the entry on the left hand navigation panel for Wireless Access Point — Security. This directs you to the Wireless Access Point — Security screen. The default factory setting for the 3e–527A3 in gateway mode is no encryption but for security reasons it will not communicate to any clients unless the encryption is set by the CryptoOfficer. It is recommended that you set encryption as soon as possible.
PAGE 86
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration IP Filtering Click the entry on the left hand navigation panel for Firewall — IP Filtering. The IP Filtering screen blocks certain IPs on the Private LAN from accessing your Internet connection. It restricts clients to those with a specific IP Address. Port Filtering Click the entry on the left hand navigation panel for Firewall — Port Filtering.
PAGE 87
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration Virtual Server Click the entry on the left hand navigation panel for Firewall — Virtual Server. In order to protect the Private Network, the built-in NAT firewall filters out traffic to the private network.
PAGE 88
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration It is recommend that IP addresses of virtual server computers hosted on the Private Network be manually (statically) assigned to coincide with a static server mapping to that specific IP address. Virtual servers should not rely on the dynamic IP assignment of the DHCP server function which could create unmapped IP address assignments.
PAGE 89
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration Advanced Click the entry on the left hand navigation panel for Firewall — Advanced. As advanced firewall functions, you can enable/disable • • • Block Ping to WAN Web-based management from WAN port SNMP management from WAN port These options allow you more control over your environment.
PAGE 90
3e–527A3 Wireless Access Point – 8 Port Chapter 4: Gateway Configuration This page intentionally left blank.
PAGE 91
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Chapter 5: Wireless Bridge Configuration Introduction In the 3e–527A3, wireless bridging uses a second WLAN card to set up an independent wireless bridge connection. Since wireless bridging provides a mechanism for APs to collaborate, it is possible to extend the basic service set (BSS) of a standalone AP and to connect two separate LANs without installing any cabling.
PAGE 92
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Wireless Bridge — General The Wireless Bridge — General screen contains wireless bridging information including the channel number, Tx rate, Tx power, spanning tree protocol (802.1d) enable/disable, and remote AP's BSSID. This page is important in setting up your bridge configuration.
PAGE 93
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration AUTO BRIDGING GENERAL SETTINGS OPTIONS Bridging Mode Auto Bridging auto bridging selected SSID numbers or letters Can be any set of letters and numbers assigned by the network administrator. This nomenclature has to be set on the wireless bridge and each wireless device in order for them to communicate. Max Auto Bridges 1-40 Maximum number of auto bridges allowed. Bridge Priority 1-40 Determines the root STP node.
PAGE 94
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Manual Bridging When the wireless bridge is in manual bridging mode, you can manually select a signal strength LED MAC and enable or disable spanning tree protocol. You can also delete remote AP's MAC addresses.
PAGE 95
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Monitoring In the upper right-hand corner of the Wireless Bridge — General screen there is a button called Monitoring. f you click on this button, a pop-up window will appear (WDS Information). If you select Enable refresh, you can set the bridge refresh interval from 5 seconds to 30 minutes. Refreshing the screen allows you to see the effect of aiming the antenna to improve signal strength.
PAGE 96
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Radio Settings Wireless Mode 802.11a 802.11a Turbo Tx Rate Sets the wireless mode for the wireless bridge. 802.11a AUTO, 6, 9, 12, 18, 24, 36, 48, 54 Mbps When set to AUTO, the card attempts to select the optimal rate for the channel. If a fixed rate is used, the card will only transmit at that rate. AUTO The card attempts to select the optimal rate for the channel. 802.11a Turbo Channel No. 802.11a 149 (5.
PAGE 97
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Wireless Bridge — Encryption The Wireless Bridge — Encryption screen is used to configure static encryption keys for the wireless bridge. This is an important page to set up to ensure that your bridge is working correctly. The encryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur.
PAGE 98
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Wireless Bridge — MAC Address FIltering The Wireless Bridge — MAC Address Filtering screen functions just like the AP MAC Address Filter (see page 36) but it is only used in auto bridging mode and only controls access to the wireless bridge network. The following sections describe the setup for three types of bridging configuration: point-to-point, point-to-multipoint, or, lastly, repeater.
PAGE 99
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Setting Up Bridging Type Point-to-Point Bridge Configuration A point-to-point link is a direct connection between two, and only two, locations or nodes. Because the bridge function uses a separate WLAN card for bridging, you can also set up WLANs on the separate AP WLAN card.
PAGE 100
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Point-to-Point Bridging Setup Guide - Manual Mode Direction Bridge 1 Bridge 2 Wireless Bridge — General (Manual Bridging Mode) Bridging Mode manual briding selected Signal Strength LED MAC Not Assigned (select from Not Assigned (select from drop-down list) drop-down list) Spanning Tree Protocol (STP) Enable (or Disable if no bridging loop possible) Enable (or Disable if no bridging loop possible) Wirelss Mode 802.
PAGE 101
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration The following sequence walks you through the setup of bridge 1. Bridge 2 would duplicate this procedure, with the BSSID of bridge 2 being the MAC address of bridge 1 and vice versa. Navigate to the Wireless Bridge — Radio screen. In the first section you will see the MAC Address of the bridging card. This is used as the BSSID on other 3e–527A3s that will be communicatingwith this one.
PAGE 102
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Next go to the Wireless Bridge — General screen. Select either manual or auto bridging. If you choose Manual Bridging then you will have to set Spanning Tree Protocol to Enable unless you are sure that there is no chance of a loop. You can also assign a Signal Strength LED MAC.
PAGE 103
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration wireless bridge will be indicated on the Signal Strength LED located on the front of the case. Next, navigate to the Wireless Bridge — Encryption screen. Select the appropriate key type and length and the key value. The encryption key value and type for Bridge 1 must be the same as for Bridge 2. For wireless bridging, only AES and 3DES are available for encryption.
PAGE 104
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Point-to-Multipoint Bridge Configuration A point-to-multipoint configuration allows you to set up three or more 3e–527A3 access points in bridging mode and accomplish bridging between 3 or more locations wirelessly. For the three bridges that are to be linked to communicate properly, they have to be set up with compatible commands in their setup screens. For instance, all bridges must have the same channel number.
PAGE 105
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Point-to-Multipoint Bridging Setup Guide - Manual Mode Direction Bridge 1 Bridge 2 ~ n Wirelss Mode 802.11a 802.11a Tx Rate AUTO AUTO Channel No.
PAGE 106
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration The above recommended setup requires only Bridge 1 to be set in point-to-multipoint mode. It is possible to set all bridges in point-tomultipoint mode, in which case , each bridge would have to contain the BSSID for each of the other bridges and Spanning Tree Protocol must be Enabled. Complete any other setup screens following general instructions in Chapter 3.
PAGE 107
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration Repeater Bridging Setup Guide - Auto Mode Direction Bridge 1 Bridge 2 Bridge 3 Wireless Bridge — Radio Wireless Mode 802.11a 802.11a 802.
PAGE 108
3e–527A3 Wireless Access Point – 8 Port Chapter 5: Wireless Bridge Configuration This page intentionally left blank.
PAGE 109
3e–527A3 Wireless Access Point – 8 Port Chapter 6: Technical Support Chapter 6: Technical Support Manufacturer’s Statement The 3e–527A3 is provided with warranty. It is not desired or expected that the user open the device. If malfunction is experienced and all external causes are eliminated, the user should return the unit to the manufacturer and replace it with a functioning unit. If you are experiencing trouble with this unit, the point of contact is: support@3eti.
PAGE 110
3e–527A3 Wireless Access Point – 8 Port Chapter 6: Technical Support This page intentionally left blank.
PAGE 111
3e–527A3 Wireless Access Point – 8 Port Glossary Glossary 3DES Also referred to as Triple DES, a mode of the DES encryption algorithm that encrypts data three times. 802.11 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. 802.11b (also referred to as 802.11 High Rate or WiFi) 802.
PAGE 112
3e–527A3 Wireless Access Point – 8 Port Glossary A handheld device. SNMP Simple Network Management Protocol SSID A Network ID unique to a network. Only clients and access points that share the same SSID are able to communicate with each other. This string is case-sensitive. Wireless LANs offer several security options, but increasing the security also means increasing the time spent managing the system. Encryption is the key. The biggest threat is from intruders coming into the LAN.