Rhein Tech Laboratories, Inc. 360 Herndon Parkway Suite 1400 Herndon, VA 20170 http://www.rheintech.com Client: Model: Standards: FCC ID: Report #: APPENDIX I: 3e Technologies International 3e-528 FCC 15.247 QVT-528 2004120 MANUAL Please refer to the following pages.
T F Wireless Video Server User's Guide Model 3e-528 A R D 3e Technologies International 700 King Farm Blvd., Suite 600 Rockville, MD 20850 (301) 670-6779 www.3eti.com 29000141-001 A publ.
This page intentionally left blank.
3e Technologies International's Wireless Video Server User's Guide Model 3e-528
Copyright © 2005 3e Technologies International. All rights reserved. No part of this documentation may be reproduced in any form or by any means or to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3e Technologies International.
Table of Contents Chapter 1: Introduction...................................................................................................1 Capabilities...............................................................................................................1 Functionality ............................................................................................................1 Video System Features............................................................................................
Rogue AP Detection ..............................................................................................35 Advanced................................................................................................................36 Services Settings.......................................................................................................37 DHCP Server ..........................................................................................................37 Subnet Roaming...............
3e-528 Wireless Video Server Chapter 1: Introduction Chapter 1: Introduction The 3e-528 Wireless Video Server system (WVS) is a key component of any Critical Infrastructure Protection System implementation. 3e-528 WVS is a combination of products and services which enable the design, provisioning, implementation, operation, and maintenance of an integrated network to provide advanced video surveillance.
3e-528 Wireless Video Server Chapter 1: Introduction media. Because the 3e-528 WVS system has dual mode wireless capability (802.11g and 802.11b), local 802.11b 11Mbps wireless hotspots can be enabled around the video server locations. These hotspots serve to provide high speed mobile data access to police, emergency management personnel, and other municipal/government first responders.
3e-528 Wireless Video Server Chapter 1: Introduction — — — — — Wireless connectivity for viewing 4 live camera feeds Simultaneous use of all functions Access user restrictions Supports central operation/access of all cameras Non-proprietary output format for admissibility in court (JPEG, M-JPEG, NTSC Video, etc.) — Camera control via 1 serial interface If encryption is desired for the WLAN, you can employ different encryption depending on the mode you are in.
3e-528 Wireless Video Server Chapter 1: Introduction The following cryptographic modules have been implemented in the 3e-528 . • • • • • AES (128/192/256 bit) 3DES (192 bit) WEP WPA 802.1x/EAP-TLS for authentication Wireless Basics Wireless networking uses electromagnetic radio frequency waves to transmit and receive data. Communication occurs by establishing radio links between the wireless access point and devices configured to be part of the WLAN.
3e-528 Wireless Video Server Chapter 1: Introduction Network Configuration The 3e-528 is a wireless video server and access point with bridging capability: The wireless bridging function supports a number of bridging configurations. We discuss the most popular settings in this manual.
3e-528 Wireless Video Server Chapter 1: Introduction Possible AP Topologies 1. An access point can be used as a stand-alone AP without any connection to a wired network. In this configuration, it simply provides a stand-alone wireless network for a group of wireless devices with or without a video connection in the AP (3e-528). �� 2. There can be multiple APs with video access (3e-528) connected to an existing Ethernet network to bridge between the wired and wireless environments.
3e-528 Wireless Video Server Chapter 1: Introduction 3. The last and most prevalent use is multiple APs connected to a wired network and operating off that network’s DHCP server to provide a wider coverage area for wireless devices, enabling the devices to “roam” freely about the entire site. The APs have to use the same SSID. This is the topology of choice today. �� ����� ��� Bridging The 3e-528 can also function as a bridge.
3e-528 Wireless Video Server Chapter 1: Introduction SSID The Service Set ID (SSID) is a string used to define a common roaming domain among multiple wireless access points. Different SSIDs on access points can enable overlapping wireless networks. The SSID can act as a basic password without which the client cannot connect to the network. However, this is easily overridden by allowing the wireless AP to broadcast the SSID, which means any client can discover the AP.
3e-528 Wireless Video Server Chapter 1: Introduction MAC Address Filtering The MAC address, short for Media Access Control address, is a hardware address that uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC) layer of the OSI Reference Model is divided into two sub-layers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. The MAC layer interfaces directly with the network media.
3e-528 Wireless Video Server Chapter 1: Introduction 3e-528 Navigation Options Non FIPS 140-2 System Configuration General WAN LAN Operating Mode Wireless Access Point General Security • None • Static WEP • WPA • Static AES • Static 3DES ACCESS POINT FIPS 140-2 System Configuration General WAN LAN Operating Mode Wireless Access Point General Security • None • Static AES • Static 3DES • Dynamic Key Exchange MAC Address Filtering Bridging • Monitoring Bridging Encryption Rogue AP Detection Advanced Servic
3e-528 Wireless Video Server Chapter 2: Hardware Installation Chapter 2: Hardware installation Preparation for Use The 3e Technologies International's 3e-528 Wireless Video Server requires physical mounting and installation on the site, following a prescribed placement design to ensure optimum operation and roaming.
3e-528 Wireless Video Server Chapter 2: Hardware Installation To comply with FCC RF exposure compliance requirements, the antennas used with the 528 must be installed with a minimum separation distance of 20 cm from all persons, and must not be colocated or operated in conjunction with any other antenna or transmitter. Installation should be accomplished using the authorized cables and/or connectors provided with the device or available from the manufacturer/ distributor for use with this device.
3e-528 Wireless Video Server Chapter 2: Hardware Installation Cabling The following illustration shows the external cable connectors on the 3e-528. Power LED 3 Bridging Antennas Connectors Ground AP Antenna Connector 3 Ethernet LAN Config Ports 4 Pan/Tilt/Zoom Connectors 4 Video Connectors 4 Camera Power Connectors WAN Port AC Power The WAN connector is used to connect the 3e–528 to the organization's LAN.
3e-528 Wireless Video Server Chapter 2: Hardware Installation External Camera Power Cable The 528 distributes AC power to up to four cameras. CAUTION: Do not use any camera device that consumes more than 2A power consumption on the power distribution channels. The following cable diagram is for an AC output NEMA-015 receptacle (standard AC receptacle). 2 1 3 3 Meters or 10 Feet NOTES: 1.
3e-528 Wireless Video Server Chapter 2: Hardware Installation External Power Cable The 3e-528 has an external power cable for connection to a 110VAC outlet. The cable is an AC input NEMA-015 plug (standard AC plug). 2 4 2 Grommet part of item 3 See Detail A 3 6FT MIN - 8FT MAX NOTES: 1. BEFORE ASSEMBLING ITEM 4 ON CABLE PRINT PART NUMBER (32000466-001) AND CURRENT REV. 2.
3e-528 Wireless Video Server Chapter 2: Hardware Installation Pan/Tilt/Zoom Cable The pan/tilt/zoom cable connects to a PTZ port on the 3e-528. There are four PTZ ports, one for each camera. Below is a diagram of the cable and the pinout and bill of materials. 4 1 CABLE DRAIN WIRE 2 3 MALE DB9 CONNECTOR 3.
3e-528 Wireless Video Server Chapter 2: Hardware Installation WAN/LAN Cable The 3e-528 comes with two Cat5 red cables (part number 90000776001) which can be used for the WAN and LAN (Config) ports. Here is the pinout information. Plug 1 RJ-45 Pin 1 Pin 2 Pin 3 Pin 4 Pin 5 Pin 6 Pin 7 Pin 8 Plug 2 RJ-45 Pin 1 Pin 2 Pin 3 Pin 4 Pin 5 Pin 6 Pin 7 Pin 8 Signal Name TD+ TDRD+ N/A N/A RDN/A N/A Video In Cable The pinout information for the video in cable (part number 90000926001) is provided below.
3e-528 Wireless Video Server Chapter 2: Hardware Installation Bridge Antenna Installation The illustration below shows the guidelines required for antenna installation co-location in order to ensure optimal system performance. It is recommended that the bridging antennas be spaced at least five feet apart from each other and be pointed in different (non-overlapping) directions. If the antennas are too close or pointed int he same direction, then there will be interference and poor signal strength.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Chapter 3: Access Point Configuration Introduction The 3e-528 features three bridging ports interconnected to each other internally. The first bridging port, accessible from the CONFIG 1 port, can also act as an access point. This unit incorporates two separate 802.11 wireless cards, one 802.11b card that acts as a WLAN, and one dual 802.11b/g card for use in wireless bridging.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Initial Setup using the “CONFIG 1” Port Plug setup cable into the LAN (CONFIG 1) port of the 3e-528 (see page 13) and the other end to an Ethernet port on your laptop. This LAN port in the 3e528 connects you to the Access Point’s internal DHCP server which will dynamically assign an IP address to your laptop so you can access the device for configuration.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration On your computer, pull up a browser window and put the default URL for the 3e-528 Local LAN in the address line. (https://192.168.15.1) NOTE: be sure that you use the https prefix, not http. You will be asked for your User Name and Password. The default is "CryptoOfficer" with the password "CryptoFIPS" to give full access for setup configuration. (This password is case-sensitive.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration System Configuration General You will immediately be directed to the System Configuration—General screen for the 3e-528. This screen lists the firmware version number for your 3e-528 and allows you to set the Host Name and Domain Name as well as establish system date and time. (Host and Domain Names are both set at the factory for “default” but can optionally be assigned a unique name for each.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration WAN Click the entry on the left hand navigation panel for System Configuration -WAN. This directs you to the System Configuration – WAN screen. If not using DHCP to get an IP address, input the static IP information that the access point requires in order to be managed from the wired LAN. This will be the IP address, Subnet Mask, Default Gateway, and, where needed, DNS 1 and 2. Click Apply to accept changes.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration LAN This sets up the default numbers for the four octets for a possible private LAN function for the access point. It also allows changing the default numbers for the LAN Subnet Mask and the link speed. The Local LAN port provides local access for configuration. It is not advisable to change the private LAN address while doing the initial setup as you are connected to that LAN.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration industry, some networking functions that cannot support IPv6 are disabled such as DHCP server and WPA-802.1x. When in IPv6 mode, the AP can be accessed from the management port using IP address 192.168.15.1. This is the default IP address and it can not be changed. The WAN port can not be accessed using IPv4 addresses.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Wireless Configuration General Wireless Setup allows your computer’s PC Card to communicate with the access point. WARNING: If you are configuring this 3e-528 in FIPS 140-2 secure mode, your configuration will have to be accomplished through the LAN port due to the secure nature of the access point. The Wireless Configuration — General screen lists the MAC Address of the AP.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration You can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. The Channel Number is a means of assigning frequencies to a series of access points, when many are used in the same WLAN, to minimize interference. There are 11 channel numbers that may be assigned.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Security The 3e-528 will display a default factory setting of no encryption, but for security reasons will not communicate to any clients unless the encryption is set by the administrator. There will be different encryption options for the AP in FIPS Mode and the non-FIPS Mode.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Static AES Key The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting information. With the ability to use even larger 192-bit and 256-bit keys, if desired, it offers higher security against brute-force attack than the old 56-bit DES keys.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Dynamic Key Exchange Dynamic key management requires the installation of the 3e-030 Security Server software which resides on a self-contained workstation connected to the 3e-528 over the WAN port.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration No Encryption (non-FIPS) In order to the 3e-528 with no encryption, you must actively select None and click Apply. A screen will appear, asking if you really want to operate in Bypass mode. If you answer Yes, no encryption will be applied. Static WEP Encryption (non-FIPS) If you choose to use WEP encryption, you can also select whether it will be Open System or Shared Key authentication.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration that of a wired LAN but has come under attack for its defaults and is not now state of the art. WEP relies on the use of identical static keys deployed on client stations and access points. But the use of WEP encryption provides some measure of security.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration As an alternative, for business applications who have installed Radius Servers, select WPA 802.1x and input the Primary and Backup Radius Server settings. Use of Radius Server for key management and authentication requires that you have installed a separate certification system and each client must have been issued an authentication certificate. Once you have selected the options you will use, click Apply.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration MAC Address Filtering The factory default for MAC Address filtering is Disabled. If you enable MAC Address filtering, you should also set the toggle for Filter Type. This works as follows: • • 34 If Filtering is enabled and Filter Type is Allow Access, only those devices equipped with the authorized MAC addresses will be able to communicate with the access point.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Bridging and Bridging Encryption Bridging is covered in Chapter 5. If you will be deploying this 3e-528 as a bridge, follow the instructions in chapter five. Rogue AP Detection The Rogue AP Detection screen allows the network administrator to set up rogue AP detection. If you enable rogue AP detection, also enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Advanced The Advanced screen allows you to enable or disable load balancing and to control bandwidth. Load balancing is enabled by default. The load balancing feature balances the wireless clients between APs. If two APs with similar settings are in a conference room, depending on the location of the APs, all wireless clients could potentially associate with the same AP, leaving the other AP unused.
3e-528 Wireless Video Server Chapter 3: Access Point Configuration Services Settings DHCP Server This screen allows configuration of the DHCP server function accessible from the Local LAN port. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish. You can also set the range of addresses to be assigned. The Lease period (after which the dynamic address can be reassigned) can also be varied.