Wireless Access Point User's Guide Model 3e-531AP 29000125-001 C 3e Technologies International 700 King Farm Blvd., Rockville, MD 20850 (301) 670-6779 www.3eti.com publ.
This page intentionally left blank.
e Technologies International's Wireless Access Point User's Guide Model 3e-531AP Safety Requirements • If AC power will be used, the socket outlet shall be installed near the equipment and shall be easily accessible. • CAUTION: Risk of explosion if battery is replaced by an incorrect type. DIspose of used batteries according to the instructions. • External Power to Earth (PE) or ground connector must be connecetd first and shall always be connected if power is applied to the unit.
Copyright © 2004 3e Technologies International. All rights reserved. No part of this documentation may be reproduced in any form or by any means or to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3e Technologies International.
3e-531AP Wireless Access Point Table of Contents Table of Contents Chapter 1: Introduction...................................................................................................1 Basic Features .............................................................................................................2 Wireless Basics............................................................................................................3 802.11b ............................................................
3e-531AP Wireless Access Point Table of Contents Monitoring/Reports................................................................................................29 System Status .........................................................................................................29 Bridging Status.......................................................................................................30 Wireless Clients.....................................................................................
3e-531AP Wireless Access Point Table of Contents Web Access Log .....................................................................................................62 Network Activites .................................................................................................63 System Administration ...........................................................................................63 Firmware Upgrade ...........................................................................................
3e-531AP Wireless Access Point Navigation Options 3e-531AP Navigation Options Not FIPS 140-2 System Configuration General WAN LAN Operating Mode Gateway Not FIPS 140-2 System Configuration General WAN LAN Operating Mode Wireless configuration General Encryption Bridging MAC Address Filtering Rogue AP detection 802.
3e-531AP Wireless Access Point Chapter 1: Introduction Chapter 1: Introduction This manual covers the installation and operation of the 3e Technologies International’s 3e-531AP Wireless Access Point, which conforms to the requirements of FIPS PUB 140-2, Security Requirements for Cryptographic Modules. The 3e-531AP Wireless Access Point provides a connection between an Ethernet LAN and a wireless LAN (WLAN).
3e-531AP Wireless Access Point Chapter 1: Introduction Diffie-Hellman Key Exchange; and HTTPS/TLS for web services via a secure link.
3e-531AP Wireless Access Point Chapter 1: Introduction Wireless Basics Wireless networking uses electromagnetic radio frequency waves to transmit and receive data. Communication occurs by establishing radio links between the wireless gateway and devices configured to be part of the WLAN. The 3e-531AP incorporates the 802.11b (Wi-Fi) standard and the most state of the art encryption for a very powerful and secure wireless environment. 802.11b The IEEE 802.
3e-531AP Wireless Access Point Chapter 1: Introduction Network Configuration The 3e-531AP is capable of various configurations. The three basic configurations are: • • • Access point mode with wired infrastructure Gateway mode with wired infrastructure Wireless bridging with choice of: — Point-to-point setup — Point-to-multipoint setup — Repeater setup Bridging actually has more choices, but the above choices are popular and are discussed later in this user guide.
3e-531AP Wireless Access Point Chapter 1: Introduction �� �������� �� ���� �� ���� �� 3. And lastly, multiple APs connected to a wired network and operating off that network’s DHCP server can provide a wider coverage area for wireless devices, enabling the devices to “roam” freely about the entire site.
3e-531AP Wireless Access Point ���� Chapter 1: Introduction ����� ��� ������� ������� ����������� �� ������� ������� �� ������� �� ������� ���� �������� ������������ Alternately, if you wish, the network administrator can assign static addresses to the member wireless devices. In order to set static addresses, the system administrator will need to manually configure the TCP/IP configuration on each wireless device.
3e-531AP Wireless Access Point Chapter 1: Introduction SSID The Service Set ID (SSID) is a string used to define a common roaming domain among multiple wireless access points. Different SSIDs on gateways can enable overlapping wireless networks. The SSID can act as a basic password without which the client cannot connect to the network. However, this is easily overridden by allowing the wireless AP to broadcast the SSID, which means any client can associate with the AP.
3e-531AP Wireless Access Point Chapter 1: Introduction DHCP Server and NAT In AP mode, the 3e-531AP has a DHCP (Dynamic Host Configuration Protocol) server function that is accessible to the LAN port. If the 3e531AP is set up in gateway mode, this DHCP function is available, with many firewall functions in addition, to both the LAN and WLAN ports. DHCP is a protocol for assigning dynamic IP addresses. When the 3e-531AP is in access point mode, the DHCP function is accessible only from the local LAN port.
3e-531AP Wireless Access Point Chapter 2: Hardware Installation Chapter 2: Hardware Installation Preparation for Use The 3e Technologies International's 3e-531AP Wireless Access Point requires physical mounting and installation on the site, following a prescribed placement design to ensure optimum operation and roaming. Professional installation is required.
3e-531AP Wireless Access Point Chapter 2: Hardware Installation The antennas used with the 525A must be installed with a minimum separation distance of 20 cm from all persons, and must not be co-located or operated in conjunction with any other antenna or transmitter. Installation should be accomplished using the authorized cables and/or connectors provided with the device or available from the manufacturer/distributor for use with this device.
3e-531AP Wireless Access Point Chapter 2: Hardware Installation • Access to at least one laptop or PC with an Ethernet card and cable that can be used to complete the initial configuration of the unit. (The cable required will have a standard RJ-45 connector on one end and a circular connector on the other.) • A Web browser program (such as Microsoft Internet Explorer 5.5 or later, or Netscape 6.2 or later) installed on the PC or laptop you will be using to configure the Gateway.
3e-531AP Wireless Access Point Chapter 2: Hardware Installation cable is thus run from the 3e-531AP to the PoE-capable hub switch which is then connected to the wired LAN and to a power source. The 3e-531AP design includes an external Power Switch for the purpose of disabling power to the unit for servicing or removal.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Chapter 3: Access Point Configuration Introduction The 3e-531AP Gateway comes with the capability to be configured as either an access point, a gateway, or a bridge. An “access point” is a device configured to allow one LAN to freely exchange data with another LAN without restriction. This is useful if you have an existing network and you want to extend it with a wireless network.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Preliminary Configuration Steps For preliminary installation the security officer (CryptoOfficer) should have the following information: • • • • • • • • IP address – a list of IP addresses that are assignable to be used for assignment to the APs Subnet Mask for the LAN Default IP address of the 3e-531AP DNS IP address SSID – an ID number/letter string that you want to use in the configuration process to identify all members of the wirel
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Once the DHCP server has recognized your laptop and has assigned a dynamic IP address, you will need to find that IP address. Again, the procedure is similar for Windows 95/98/Me machines and slightly different for Windows 2000/XP machines. In Windows 95/98/Me, click Start, then Run and type winipcfg in the run instruction box. Then click OK.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration System Configuration General You will immediately be directed to the System Configuration—General page for the 3e-531AP access point. This screen lists the firmware version number for your 3e-531AP and allows you to set the Host Name and Domain Name as well as establish system date and time. (Host and Domain Names are both set at the factory for “default” but can optionally be assigned a unique name for each.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration WAN Next, click the entry on the left hand navigation panel for System Configuration -WAN. You will be directed to the System Configuration – WAN page. This screen allows you to set Link Speed and Duplex of the WAN port.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration LAN This sets up the default numbers for the first, second, or third octet for a possible private LAN function for the access point. The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port. It is not advisable to change the private LAN address while doing the initial setup as you are connected to that LAN.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Wireless Setup General Wireless Setup allows your comupter's PC card to talk to the Access Point. On the Wireless Configuration — General page, you must enter the SSID for the wireless LAN. This is also where you can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. The SSID can be any set of letters and numbers assigned by the network administrator.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration If you have the 3e AP configured in any mode except FIPS, setting TX Pwr Mode to Off will only shut off the power on that one AP. If you have the 3e AP configured in FIPS mode and you have deployed the 3e-010F Crypto Client software v 2.6 or higher, however, you can use this management screen to turn off TX power to this particular AP and all client devices associated with it.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Encryption The default factory setting for the 3e-531AP is no encryption. It is recommended that you set encryption as soon as possible. If your mode setting includes FIPS 140-2 mode, WEP encryption is not an option. WEP will appear as an option in AP mode if not using the ultra-secure FIPS 140.2 encryption settings.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Static AES Key/Open System Authentication The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration MAC Address Filtering The factory default for MAC Address filtering is Disabled. If you enable MAC Address filtering, you should also set the toggle for Filter Type. This works as follows: • • If Filtering is enabled and Filter Type is Allow Access, only those devices equipped with the authorized MAC addresses will be able to communicate with the access point.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Rogue AP Detection The Rogue AP Detection page allows the network administrator to set up rogue AP detection. If you enable rogue AP detection, also enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP. (You may add up to 20 APs.) Enter an email address for notification of any rogue or non-trusted APs. (The MAC Address for the 3e-531AP is located on the Setup—General page.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Advanced The Advanced page allows you to enable or disable load balancing and to control bandwidth. Load balancing is enabled by default. Load balancing distributes traffic efficiently among network servers so that no individual server is overburdened. For example, the load balancing feature balances the wireless clients between APs.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Services Settings DHCP Server This page allows configuration of the DHCP server function accessible from the Local LAN port. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish. You can also set the range of addresses to be assigned. Print Server The print server function can be enabled or disabled. It is enabled by default.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration SNMP The SNMP (simple network management protocol) Agent is not available if you are using the FIPS 140-2 setup. SNMP is available in access point mode if FIPS 140-2 is left unchecked. The SNMP Agent setup page allows you to set up an SNMP Agent. The agent is a software module that collects and stores management information for use in a network management system.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration User Management List All Users The List All Users page simply lists all Crypto Officers and Administrators assigned. Add New User The Add New User screen allows you to add new Administrator users, assigning and confirming passwords. Only the Crypto Officer role is allowed to add a new Administrator to the 3e-531AP.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Monitoring/Reports This section gives you a variety of lists and status reports. Most of these are self-explanatory. System Status This screen displays the status of the 3e-531AP device and network interface details and the Routing Table.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Bridging Status This screen displays the Ethernet Port STP Status, Wireless Port STP Status, and Wireless Bridging Information. Wireless Clients The Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration If Transmit power is disabled, either by setting TX Pwr Mode to Off on the management screen or by using the RF Manager (Chapter 7), the Wireless Clients page will show the results from each associated client in the EMCON Response column. If the client responds to the "disable" command, a Yes is displayed.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Rogue AP List The rogue AP list shows all the APs on the network which are not seen by the subject AP as trusted clients. DHCP Client List The DHCP client list displays all clients currently connected to the 3e-531AP via DHCP server, including their hostnames, IP addresses, and MAC Addresses. The DHCP client list will continue to accumulate listings unless you periodically clear it using the Clear button.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration System Log The system log displays system facility messages with date and time stamp. These are messages documenting functions performed internal to the system, based on the system’s functionality. Generally, the Administrator would only use this information if trained as or working with a field engineer or as information provided to technical support.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Network Activites The Network Activities Log keeps a detailed log of all activities on the network which can be useful to the network administration staff. The Network Activities Log will continue to accumulate listings unless you periodically clear it using the Clear button.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Self-Test Both Crypto Officer and Administrator functions can access the self-test functions. Self-tests are mandated by FIPS 140-2 and should be employed if you are operating in FIPS 140-2 mode. These include both power-up tests (such as cryptographic algorithm tests, software/firmware integrity tests, and critical function tests) and conditional tests.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Factory Default The "Restore" button is a fallback troubleshooting function that should only be used to reset to original settings. Only the Crypto Officer role has access to the Restore button. Remote Logging If enabled, input a System Log Server IP Address and System Log Server Port. Click Apply to accept these values.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration Reboot The Reboot utility allows you to reboot the 3e-531AP without changing any preset functionality. Both Crypto Officer and Administrator functions have access to this function. Utilities This screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP Address or hostname you wish to ping or tracerout and click either the Ping or Traceroute button, as appropriate.
3e-531AP Wireless Access Point Chapter 3: Access Point Configuration This page intentionally left blank.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Chapter 4: Gateway Configuration Introduction Chapter 3 covered the default configuration of the 3e-531AP Wireless Access Point as an access point, for use as part of a host wired network. This chapter covers configuration as a gateway. If additional security for the wireless network is desired (differentiating it from the wired network to which it is connected), set it up in gateway mode.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration A comparison of gateway and access point setup for the 3e-531AP ������� ���� ������ ����� ���� �������� ������� �������� ������� ������������ ������������ ���� ������ ���� ������ ������������ ������������ �� ���� ��� �� �� �� ��� �� �� �� �� ������������ ���� � �� �� � � �� ��� �� ����� �� � �� �� �� ���� � �� �� �� � ���� ������ ����������� ������������ ���� ������ ������� ������� ���� ������������ ������������� ����������
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Configuring in Gateway Mode To configure the 3e-531AP in gateway mode, complete the following steps. Open a web browser on your monitor (using Netscape Navigator 3.0 or better or Internet Explorer 4.0 or better) and type in the default IP address of the gateway on its WAN port (for example, https:// 192.168.254.254).
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Using the navigation bar to the left, navigate to the System Configuration — Operating Mode page, select the Gateway Mode radio button, and click Apply. The 3e-531AP will reboot in gateway mode and reset all prior settings to factory default state. You can then proceed to change the management screens as necessary to reconfigure the device as a gateway. Configuration in gateway mode allows you to set firewall parameters.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration System Configuration General The System Configuration—General page for the 3e-531AP gateway lists the firmware Version for your 3e-531AP and allows you to set the Host Name and Domain Name as well as establish system date and time. (Host and Domain Names are both set at the factory for “default” but can optionally be assigned a unique name for each.) When you are satisfied with your changes, click Apply.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration LAN This sets up the default numbers for the first, second or third octet for a possible private LAN function for the access point. The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Operating Mode This is the page you accessed to change mode. You need to visit this page only if you will be changing mode from Gateway to Access Point or Bridge. Note that if you change mode, all previously entered information will be reset to factory settings. Wireless Configuration General Wireless configuration allows your computer’s wireless PC Card to talk to the access point.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration On the Wireless Configuration — General page, you must enter the SSID for the wireless LAN. This is also where you can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. There are some advanced options which are detailed in the chart below. The SSID can be any set of letters and numbers assigned by the network administrator.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Encryption The default factory setting for the 3e-531AP is no encryption. It is recommended that you set encryption as soon as possible. WEP (RC4) Data Encryption Using the 3e-531AP in gateway mode allows you to employ s the WEP (RC4) encryption standard if you wish. WEP is not available in AP or Bridge mode for security reasons. If using WEP, authentication type can be set to either Open System or Shared Key.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Static AES Key/Open System Authentication The Advanced Encryption Standard (AES) was selected by National Institute of Standards and Technology (NIST) in October 2000 as an upgrade from the previous DES standard. AES uses a 128-bit block cipher algorithm and encryption technique for protecting computerized information.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Mac Address Filtering The factory default for MAC Address filtering is Disabled. If you enable MAC Address filtering, only those devices equipped with the authorized MAC addresses will be able to communicate with the access point. Input the MAC addresses of all the PC cards that will be authorized to access this device. The MAC address is engraved or written on the PC (PCMCIA) Card.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Rogue AP Detection The Rogue AP Detection page allows the network administrator to set up rogue AP detection. If you enable rogue AP detection, also enter the MAC Address of each AP in the network that you want the AP being configured to accept as a trusted AP. (You may add up to 20 APs.) Enter an email address for notification of any rogue or non-trusted APs.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Advanced The Advanced page allows you to enable or disable load balancing and to control bandwidth. Load balancing is enabled by default. Load balancing distributes traffic efficiently among network servers so that no individual server is overburdened. For example, the load balancing feature balances the wireless clients between APs.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Services Settings DHCP Server This page allows configuration of the DHCP server function accessible from the LAN port. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish. You can also set the range of addresses to be assigned.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Print Server The print server function can be enabled or disabled. It is enabled by default. If you do not plan to set up the print server function, you can click Disable and leave the metal plate on the printer port. The metal plate is provided to protect that port from water. SNMP Agent The SNMP (simple network management protocol) Agent setup page allows you to set up an SNMP Agent.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Firewall Content Filtering The Content Filtering page allows the system administrator to identify particular hosts or IPs that will be blocked from access by the gateway. Simply input the IP address and click Add. Be aware, however, that the Content Filtering function does not exclude multihomed websites. Multihomed websites are those having two or more associated network addresses.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration IP Filtering The IP Filtering page will block certain IPs on the Private LAN from accessing your Internet connection. It restricts clients to those with a specific IP Address. Port Filtering Port filtering permits you to configure the Gateway to block outbound traffic on specific ports. It can be used to block the wireless network from using specific protocols on the network. Following is a list of well known TCP and UDP ports.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Virtual Server In order to protect the Private Network, the built-in NAT firewall filters out traffic to the private network. Since all clients on the Private Network are normally not visible to outside users, the virtual server function allows some clients on the Private Network to be accessed by outside users by configuring the application mapping function offered on this page.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Demilitarized Zone (DMZ) The Demilitarized Zone (DMZ) host allows one computer on the Private Network to be totally exposed to the wired network or Internet for unrestricted two-way communication. This configuration is typically used when a computer is operating a proprietary client software or 2-way communication such as video-teleconferencing, where multiple TCP port assignments are required for communication.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Block WAN ICMP If you enable ICMP (Internet Control Message Protocol) Blocking, a device outside the WLAN will not get a response to a ping or traceroute request. The default is disabled which will allow response to ping or traceroute for connectivity testing. User Management List All Users This List All User page simply lists all Crypto Officers and Administrators assigned.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Add New User The Add New User screen allows the Crypto Officer to add new Administrator users, assigning and confirming passwords. The Administrator role performs general security services, including cryptographic operations and other approved security functions.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Monitoring/Reports This section gives you a variety of lists and status reports. Most of these are self-explanatory. System Status This screen displays the status of the 3e-531AP device and network interface details. Wireless Clients The Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Rogue AP List The rogue AP list shows all the APs on the network which are not seen by the subject AP as trusted clients. DHCP Client List The DHCP client list displays all clients currently connected to the 3e-531AP via DHCP server, including their hostnames, IP addresses, and MAC Addresses.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration System Log The system log displays system facility messages with date and time stamp. These are messages documenting functions performed internal to the system, based on the system’s functionality. Generally, the Administrator would only use this information if trained as or working with a field engineer or as information provided to technical support.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Network Activites The Network Activities Log keeps a detailed log of all activities on the network which can be useful to the network administration staff. System Administration The System administration functions contain administrative functions, some of which can be performed only if the user is logged on as a Crypto Officer. The screens and functions are detailed in the following section.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration Factory Default The Factory Default or "Restore" button is a fallback troubleshooting function that should only be used to reset to original settings. Only the Crypto Officer role has access to the Restore button. Remote Logging If enabled, input a System Log Server IP Address and System Log Server Port. Click Apply to accept these values.
3e-531AP Wireless Access Point Chapter 4: Gateway Configuration Reboot The Reboot utility allows you to reboot the Gateway without changing any preset functionality. Both Crypto Officer and Administrator functions have access to this function. Utilities This screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button, as appropriate.
3e-531AP Wireless Access Point Chapter 4 Gateway Configuration This page intentionally left blank.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration Chapter 5: Bridge Configuration Introduction The wireless bridging function in the 3e-531AP allows setup as a bridge, in a number of alternate configurations. We discuss some of the most popular settings in this chapter: 1. Point-to-point bridging of 2 Ethernet Links; 2. Point-to-multipoint bridging of several Ethernet links; 3. Back-to-back bridging mode (with point-to-point bridging) to deliver mobile wireless connectivity; and 4.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration General Bridge Setup Once the unit is in access point mode, the navigation bar on the left side of the management module will include some screens that relate specifically to bridging. The screens that you may need to modify, regardless of what type of bridging mode you choose, will be in the Wireless Configuration section.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration The Wireless Configuration — Encryption screen sets the encryption type and level for the WLAN. This page is only needed for repeater setup. The Wireless Configuration — MAC Address Filtering screen would be used if the wireless LAN is using MAC Filtering. This page is only needed for repeater setup.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration The Wireless Configuration — Bridging screen is used to enable/ disable Wireless Client Access and Spanning Tree Protocol and to configure the BSSID of the peer bridges. This page is important in setting up your bridge configuration. We recommend that you disable Wireless Client Access for all bridge setups except repeater. Spanning Tree Protocol should be enabled if there is any possibility that a bridging loop could occur.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration The following sections describe the setup for four types of bridging configuration: point-to-point, point-to-multipoint, back-to-back or, lastly, repeater. Bridging Type Configuration Point-to-Point Bridge Configuration A point-to-point link is a direct connection between two, and only two, locations or nodes.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration For the two bridges that are to be linked to communicate properly, they have to be set up with compatible commands in the setup screens. For instance, the bridges must have the same channel number. Both must be set for bridging with Wireless Client Access set to Disable.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration Navigate to the Wireless Configuration — Bridging screen. In the first section: General, set Wireless Client Access to Disable and set Spanning Tree Protocol to Enable. Click Apply to accept your changes but remain on that screen.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration In the second section on the Wireless Configuration — Bridging screen, add the BSSID of the remote bridge. The BSSID corresponds to that bridge's MAC address. In entering the BSSID, enter only hexadecimal numbers, no colons. Data entry is not case sensitive. You may also enter a note that defines the location of the remote bridge. Then click Add to accept. The remote bridge's BSSID will now appear in the third section of the page.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration Point-to-Multipoint Bridge Configuration A point-to-multipoint configuration allows you to set up three or more 3e-531AP access points in bridging mode and accomplish bridging between 3 or more locations wirelessly. For the three bridges that are to be linked to communicate properly, they have to be set up with compatible commands in their setup screens. For instance, all bridges must have the same channel number.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration Point-to-Multipoint Bridging Setup Guide Direction Bridge 1 Bridge 2 ~ n Mode Bridging Bridging default default 6 6 Wireless Configuration – General SSID Channel Wireless Configuration – Encryption N/A N/A Wireless Client Access Disable Disable Spanning Tree Protocol Enable (or Disable if no bridging loop possible) Enable (or Disable if no bridging loop possible) BSSID (the MAC Address, from the Wireless Configuration — Gen
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration The following chart maps the basic procedure to be followed in configuring the three units as shown above. Essentially, you can follow the procedure as laid out in the section on point-to-point bridging. It is the BSSID and the Bridging Encryption that allows the two bridges to communicate. Needless to say, the configuration of the access point determines the functioning of the dependent WLAN.
3e-531AP Wireless Access Point Chapter 5: Bridge Configuration Repeater Bridge Configuration A repeater setup can be used to extend the wireless signal from one bridge connected to an Ethernet LAN wirelessly so that another bridge can control a wireless LAN at a distance.
3e-531AP Wireless Access Point Chapter 6: PC Card Installation on a Laptop Chapter 6: PC Card Installation on a Laptop If you are setting up the 3e-531AP as part of a secure wireless LAN using AES or 3DES encryption options, you need to purchase and install an IEEE 802.11b PC Card on each laptop that will be a client on the network. The laptop must have a PCMCIA Card Type II or Type III slot. You will need to install the 3e-010 Crypto Client Software (separately sold with the 3e-110 Wireless PC Card).
3e-531AP Wireless Access Point Chapter 6: PC Card Installation on a Laptop Performs Site Survey P û Resets to factory default P û Changes power level on Client device (laptop) P P Can turn Radio On/Off on laptop P P Performs Rescan P P Performs Self-test P P You may need some or all of the following information handy as you install the FIPS secure drivers on your wireless device’s PC Card interface: • • • • • The driver configuration utility login.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function Chapter 7: The RF Manager Function Introduction his chapter addresses a function of the 3e AP which facilitates remote management and programming of the Radio Frequency function for multiple 3e APs located on a common network. This function allows you to remotely manage the Radio Frequency Power levels.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function How to Access the RF Manager Function The RF Manager can be installed from the CD that came with the 3e-531AP Install Kit to the desktop of anyone who needs to manage the wireless LAN. Click on RF Manager on the CD main menu to start the autoinstall. If, for any reason, the autoinstall doesn't initiate, open a window from the My Computer icon to your CD drive and double-click the autoinstall icon in the RF Manager folder on the CD.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function How to Program the RF Manager Before you are able to remotely manage access points, you need to program the RF Manager by putting the static IP Address of APs you want to manage in a configuration file. Click on the Browse button. This will open a window with some sample files that you can edit. You should edit the contents of SampleRadioOn.3eti and SampleRadioOff.3eti.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function You can now edit the file by adding the IP addresses of the 3e-531APs that you want to manage, each in a pair of brackets [ ]. The two files SampleRadioOn.3eti and SampleRadioOff.3eti must be edited as a minimum. This will permit you to turn all the APs on or off at will. You can save them to another file name if you wish (maintaining the same file extension.) You can customize files to control only certain APs or groups of APs.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function Once you have edited the file, save it. You can now update the APs you have included in your configuration files from an Ethernet connection on your network. To test out the files you have edited, on the main RF Manager screen, browse to and select the file that you want to use to manage your APs. That file name should now appear in the Configuration File window. Now enter the Password for that group of APs.
3e-531AP Wireless Access Point Chapter 7: The RF Manager Function If any part of your update has failed, the Configure Status window will show you that it has failed in part or in whole and direct you to the area of the configuration file that you need to fix.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup Chapter 8: Network Printer Setup If you want to have the 3e AP operate as a printer server, connect a printer to the wireless gateway now. The following instructions cover how to set it up using Windows 2000 as your operating system. (See the Troubleshooting chapter if you have Windows 95/98. Windows XP is similar to Windows 2000.) Install Print Service for Unix (Windows 2000): 1. Open the Control Panel and select Add/Remove Programs 2.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup 3. In the Add/Remove Windows Components wizard, select Other Network File and Print Services. 4. Click Next and the wizard will install this component. You may need your windows install CD. 5. Windows informs you that the action is complete. Click Finish and close the prior screen. Printer Setup Now you are prepared to set up your new printer resource. Follow this procedure: 1.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup 2. From the Printers window, select Add Printer. 3. The Add Printer Wizard starts. Click Next. 4. From the following screen, select Local Printer and uncheck the selection: Automatically detect and install my Plug and Play printer. Then click Next.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup 5. Select Create a new port and use the arrow to find and highlight LPR Port. Then click Next. 6. Next, in the field for Name or address of the server providing lpd: type the IP address assigned to the 3e-520 Gateway LAN. In the field for Name of printer or print queue on the server: type lp. Then click OK.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup 7. In the next screen, locate first the manufacturer for the printer you are using, then the specific model of printer you are using. Then click Next. 8. You will be asked to provide additional information. Continue through the wizard screens until you reach the last. Then click Finish. Important Note: On the Printer Sharing screen, do not select to "share" the printer. The Access Point does the sharing, not the printer.
3e-531AP Wireless Access Point Chapter 8: Network Printer Setup This page intentionally left blank.
3e-531AP Wireless Access Point Chapter 9: Technical Support Chapter 9: Technical Support Manufacturer’s Statement The 3e-531AP is provided with warranty. It is not desired or expected that the user open the device. If malfunction is experienced and all external causes are eliminated, the user should return the unit to the manufacturer and replace it with a functioning unit. If you are experiencing trouble with this unit, the point of contact is: support@3eti.com or visit our website at www.3eti.
3e-531AP Wireless Access Point Chapter 9: Technical Support This page intentionally left blank.
3e-531AP Wireless Access Point Glossary Glossary 802.11 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. 802.11b (also referred to as 802.11 High Rate or Wi-Fi) 802.11b is an extension to 802.11 that applies to wireless LANs and provides 11 Mbps transmission (with a fallback to 5.
3e-531AP Wireless Access Point Glossary tion hosts. Typically, the DMZ contains web servers, FTP servers, SMTP (email) servers, and DNS servers. NAT (Network Address Translation) an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. NMS (Network Management Station) Includes such management software as HP Openview and IBM Netview.