Welcome to the Airespace Product Guide! Airespace Product Guide Airespace System 1.2: Last Updated October 10, 2003 Refer to the OVERVIEWS section to see a big picture view of Airespace products and features. See the SOLUTIONS section to look through real-world network and applicationspecific solutions to real-world problems. Go to the TASKS section to find detailed instructions on how to install, configure, use, and troubleshoot Airespace products and supported 802.11 networks.
Legal Information Legal Information This section includes the following legal information: • Limited Warranty • Software License Agreement • SSH Source Code Statement • OpenSSL Project License Statements • Trademarks and Service Marks 10/10/03 90-100584-004 Legal Information Airespace Product Guide ii
Limited Product Warranty Limited Product Warranty The following describes the Airespace, Inc. standard Product Warranty for End Customers.
The limited warranty for the Product does not apply if, in the judgment of Airespace, the Product fails due to damage from shipment, handling, storage, accident, abuse or misuse, or it has been used or maintained in a manner not conforming to Product manual instructions, has been modified in any way, or has had any Serial Number removed or defaced. Repair by anyone other than Airespace or an approved agent will void this warranty.
Software License Agreement Software License Agreement PLEASE READ THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”) CAREFULLY BEFORE USING THE SOFTWARE AND ASSOCIATED DOCUMENTATION THAT IS PROVIDED WITH THIS AGREEMENT (“SOFTWARE,” “DOCUMENTATION,” AND COLLECTIVELY, “LICENSED MATERIALS”). BY USING ANY LICENSED MATERIALS, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND YOU WILL BE CONSENTING TO BE BOUND BY THEM.
THEREOF, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THOSE ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. AIRESPACE’S SUPPLIERS MAKE NO DIRECT WARRANTY OF ANY KIND TO LICENSEE FOR THE LICENSED MATERIALS.
SSH Source Code Statement SSH Source Code Statement Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Trademarks and Service Marks Trademarks and Service Marks Airespace™, AireOS™ and AireWave Director Software™ are trademarks of Airespace, Inc. All other trademarks, service marks, and product names used in this document are the property of their respective owners.
Contacting Airespace Technical Support Airespace Technical Support Contact Airespace Technical Support 24 hours a day at 1-866-546-2100 (U.S.A. only) or 1-408-635-2000 for assistance.
FCC Statements for Airespace APs FCC Statements for Airespace APs This section includes the following FCC statements for the Airespace AP: • Class A Statement • RF Radiation Hazard Warning • Non-Modification Statement • Deployment Statement Class A Statement Class A Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules.
FCC Statements for Airespace Switches and Appliances FCC Statements for Airespace Switches and Appliances This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Notes: Notes 10/10/03 90-100584-004 Notes Airespace Product Guide xii
Table of Contents Table of Contents Welcome to the Airespace Product Guide! Legal Information Limited Product Warranty iii Products iii Limited Warranty iii Exclusive Remedy iii Warranty Claim Procedures iii Exclusions and Restrictions iii Software License Agreement v SSH Source Code Statement vii OpenSSL Project License Statements vii Trademarks and Service Marks viii Contacting Airespace Technical Support FCC Statements for Airespace APs Class A Statement x RF Radiation Hazard Warning x Non-Modifi
Airespace Switch and Appliance Features 28 Airespace Switch and Appliance Model Numbers 30 Airespace Wireless Switch Direct Connect Mode 31 Airespace Switches and Appliances in Appliance Mode 32 Airespace Wireless Switch Hybrid Mode 33 About the Distribution System Port 34 About the Service (Management) Port 35 About the Startup Wizard 36 About Airespace Switch and Appliance Memory 37 Airespace Switch and Appliance Failover Protection 38 Switched Network Connection to the Airespace Switch or Appliance 39 Mo
Configuring AireOS for SpectraLink NetLink Telephones Using the Airespace Command Line Interface 79 Using the Airespace Web Browser Interface 80 Using the Airespace Control System Software 81 Using Management over Wireless Using the Airespace Command Line Interface 82 Using the Airespace Web Browser Interface 82 Configuring a WLAN for a DHCP Server Using the Airespace Command Line Interface 83 Using the Airespace Web Browser Interface 83 Customizing the Web Auth Login Screen Default Web Auth Operation
Configuring SNMP 119 Configuring Other Ports and Parameters 120 Service (Management) Port 120 AireOS AireWave Director Software 120 Serial (CLI Console) Port 120 802.3x Flow Control 120 System Logging 120 Transferring Files To and From an Airespace Switch or Appliance 121 Updating the AireOS Software 122 Using the Startup Wizard 124 Adding SSL to the Web Browser Interface 125 Locally-Generated Certificate 125 Externally-Generated Certificate 126 Adding SSL to the 802.
Reinitializing the ACS Software Database 182 Administering ACS Users and Passwords 183 Using the Airespace Web Browser Interface Adding Airespace APs to an Airespace Switch or Appliance 187 Adding CA Certificates to an Airespace Switch or Appliance 188 Adding ID Certificates and Keys to an Airespace Switch or Appliance 189 Troubleshooting Using Error Messages 191 Using Reason and Status Codes in the Trap Log 195 Client Reason Codes 195 Client Status Codes 196 REFERENCES Glossary Airespace System Suppo
show inventory 258 show load-balancing 259 show loginsession 260 show macfilter 261 show mgmtuser 262 show mobility summary 263 show msglog 264 show netuser 265 show network 266 show port 267 show radius acct statistics 268 show radius auth statistics 269 show radius summary 270 show rogue-ap detailed 271 show rogue-ap summary 272 show route all 273 show serial 274 show seviceport 275 show sessions 276 show snmpcommunity 277 show snmptrap 278 show snmpv3user 279 show snmpversion 280 show spanningtree port 2
config 802.11b dtim 317 config 802.11b enable 318 config 802.11b rate 319 config 802.11b txPower 320 config advanced 802.11a channel foreign 321 config advanced 802.11a channel load 322 config advanced 802.11a channel noise 323 config advanced 802.11a channel update 324 config advanced 802.11a factory 325 config advanced 802.11a group-mode 326 config advanced 802.11a logging channel 327 config advanced 802.11a logging coverage 328 config advanced 802.11a logging foreign 329 config advanced 802.
config advanced 802.11b profile customize 368 config advanced 802.11b profile exception 369 config advanced 802.11b profile foreign 370 config advanced 802.11b profile level 371 config advanced 802.11b profile noise 372 config advanced 802.11b profile throughput 373 config advanced 802.
config network vlan 419 config network webmode 420 config port adminmode 421 config port autoneg 422 config port lacpmode 423 config port linktrap 424 config port physicalmode 425 config port power 426 config prompt 427 config radius acct add 428 config radius acct delete 429 config radius acct disable 430 config radius acct enable 431 config radius auth add 432 config radius auth delete 433 config radius auth disable 434 config radius auth enable 435 config rogue-ap 436 config route add 437 config route de
config trapflags aaa 470 config trapflags ap 471 config trapflags authentication 472 config trapflags client 473 config trapflags configsave 474 config trapflags ipsec 475 config trapflags linkmode 476 config trapflags multiusers 477 config trapflags rogueap 478 config trapflags rrm-params 479 config trapflags rrm-profile 480 config trapflags stpmode 481 config virtual-address 482 config wlan blacklist 483 config wlan create 484 config wlan delete 485 config wlan dhcp_server 486 config wlan disable 487 conf
clear webimage 521 clear webmessage 522 clear webtitle 523 Uploading and Downloading Files and Configurations transfer download certpassword 525 transfer download datatype 526 transfer download filename 527 transfer download mode 528 transfer download path 529 transfer download serverip 530 transfer download start 531 transfer upload datatype 532 transfer upload filename 533 transfer upload mode 534 transfer upload path 535 transfer upload serverip 536 transfer upload start 537 Troubleshooting debug aaa
Step B. Determine How Many APs are Needed 16 Step C. Optional Minimal Site Survey 16 Step D. Place Access Points 17 Step 3: Optional Minimal Site Survey 18 Collecting Tools and Materials 18 Selecting Airespace AP Locations 18 Enabling Site Survey Mode 19 Preparing Optional Airespace AP Tripod Test Assemblies 22 Positioning an Airespace AP at Each Planned Location 23 Verifying Airespace AP Coverage Using the Site Survey Tool 23 Step 4.
Step 3: Installing Client Software 6 Step 4: Starting and Stopping the ACS Software Server 7 Starting the ACS Software Server as an Application 7 Starting the ACS Software Server as a Service 7 Stopping the ACS Software Server Application 9 Stopping the ACS Software Service 9 Step 5: Configuring an ACS Software Client 10 ACS Software Server on the Same Platform 10 ACS Software Server on a Remote Platform 11 Step 6: Starting and Stopping an ACS Software Client 12 Starting an ACS Software Client 12 Stopping
Ports > Configure 52 Port > Configure 53 Master Switch Configuration 56 Wireless Menu Bar Selection Airespace APs 58 Airespace APs > Details 59 802.11a Airespace Radios 61 802.11a Airespace APs > Configure 62 802.11 AP Interfaces > Performance Profile 64 802.11 AP Interfaces > Details 65 802.11b/g Airespace Radios 71 802.11b/g Airespace APs > Configure 72 Third Party APs 74 Third Party APs > New 75 802.11a Global Parameters 76 802.11a Global Parameters > Auto RF 77 802.11b/g Global Parameters 80 802.
SNMP Trap Receiver 117 SNMP Trap Receiver > New 118 SNMP Trap Receiver > Edit 119 SNMP Trap Controls 120 Trap Logs 123 HTTP Configuration 125 Telnet-SSH Configuration 126 Serial Port Configuration 127 Local Management Users 128 Local Management Users > New 129 CLI Sessions 130 Syslog Configuration 131 Mgmt Via Wireless 132 Commands Menu Bar Selection Upload File 134 Download File 135 System Reboot 136 System Reboot > Save? 137 System Reboot > Confirm 138 Reset to Factory Default 139 Set Time 140 Airespace
Notes: Notes 10/10/03 90-100584-004 Notes Airespace Product Guide xxviii
OVERVIEWS OVERVIEWS Refer to the following for information about the Airespace Wireless Enterprise Platform (Airespace System) and other high-level subjects: • About the Airespace System - AireOS - Single-Airespace Switch or Appliance Deployments - Multiple-Airespace Switch and Appliance Deployments - AireOS Security - Airespace Wired Security - AireWave Director Software - Client Roaming - External DHCP Servers - Airespace Mobility Group - Airespace Wired Connections - Airespace W
About the Airespace System About the Airespace System The Airespace Wireless Enterprise Platform (Airespace System) is designed to provide 802.11 wireless networking solutions for enterprises and service providers. The Airespace System simplifies deploying and managing large scale wireless LAN networks and enables a unique best-in-class security infrastructure.
Refer to the following for more information: • AireOS • Single-Airespace Switch or Appliance Deployments • Multiple-Airespace Switch and Appliance Deployments • AireOS Security • Airespace Wired Security • AireWave Director Software 10/10/03 90-100584-004 About the Airespace System Airespace Product Guide 3
About the AireOS AireOS The AireOS, or Airespace Operating System, is software that controls Airespace Wireless Switches and Airespace Access Points. It includes AireOS Security and AireWave Director Software functions.
Single-Airespace Switch or Appliance Deployments Single-Airespace Switch or Appliance Deployments As described in About the Airespace System, a standalone Airespace Wireless Switch or WLAN Appliance can support Airespace Access Points (Airespace APs) and third-party APs across multiple floors and buildings simultaneously, and supports the following features: • Autodetecting and autoconfiguring Airespace APs as they are added to the network, as described in AireWave Director Software.
• In Appliance Mode, Airespace APs connect to the Model 4012 or 4024 Airespace Wireless Switch or 4101 or 4102 Airespace WLAN Appliances through the switched network. The switched network equipment may or may not provide Power Over Ethernet to the Airespace APs. Note that the 4102 Airespace WLAN Appliance uses two redundant GigE connections to bypass single network failures. At any given time one of the 4102 Airespace WLAN Appliance GigE connections is active and the other is passive.
• In Hybrid Mode, the APs simultaneously connect to the Model 4012 or 4024 Airespace Wireless Switch in Direct Connect and Appliance Mode, with or without the Airespace Wireless Switch or the switched network equipment providing Power Over Ethernet to the Airespace APs.
Multiple-Airespace Switch and Appliance Deployments Multiple-Airespace Switch and Appliance Deployments Each Airespace Wireless Switch can support Airespace APs and third-party APs across multiple floors and buildings simultaneously. Similarly, each Airespace WLAN Appliance can support Airespace APs across multiple floors and buildings simultaneously. However, the Airespace System’s full functionality is realized when it includes multiple Airespace Switches and Appliances.
About AireOS Security AireOS Security AireOS Security bundles Layer 1, Layer 2 and Layer 3 802.11 Access Point security components into a simple, system-wide policy manager that creates independent security policies for each of up to 16 Airespace WLANs and one third-party WLAN. (Refer to Airespace WLANs.) One of the barriers that made enterprises avoid deploying 802.11 networks was the inherent weakness of WEP (Wired Equivalent Privacy) encryption.
About Airespace Wired Security Airespace Wired Security Many traditional Access Point vendors concentrate on security for the Wireless interface similar to that described in the AireOS Security section.
About AireWave Director Software AireWave Director Software Airespace, Inc. is the only company to offer the powerful, comprehensive, and dynamic AireWave Director Software solution to the 802.11 market. The AireWave Director Software allows Airespace Switches and Appliances to continually monitor their associated Airespace APs for the following information: • Traffic Load -- How much total bandwidth is used for transmitting and receiving traffic.
The AireWave Director Software controls produce a network that has optimal capacity, performance, and reliability. The AireWave Director Software functions also free the operator from having to continually monitor the network for noise and interference problems, which can be transient and difficult to troubleshoot. Finally, the AireWave Director Software controls ensure that clients enjoy a seamless, trouble-free connection through the Airespace 802.11 network.
About the Master Airespace Switch or Appliance Master Airespace Switch or Appliance When you are adding Airespace APs to a Multiple-Airespace Switch and Appliance Deployments network configured in Appliance Mode, it is convenient to have all of the Airespace APs associate with one Master Airespace Wireless Switch or WLAN Appliance on the same subnet.
About the Primary Airespace Switch or Appliance Primary Airespace Switch or Appliance In Multiple-Airespace Switch and Appliance Deployments networks, Airespace APs can associate with any Airespace Wireless Switch or WLAN Appliance in Appliance Mode on the same subnet. To ensure that each Airespace AP associates with a particular Airespace Switch or Appliance, the operator can assign a Primary Airespace Switch or Appliance to the Airespace AP.
About Client Roaming Client Roaming The Airespace System supports seamless client roaming across APs managed by the same Airespace Wireless Switch or WLAN Appliance, between Airespace Switches and Appliances on the same subnet, and across Airespace Switches and Appliances on different subnets. The following chapters describes the three modes of roaming supported by the Airespace System.
About External DHCP Servers External DHCP Servers The AireOS is designed to operate as a ‘DHCP Proxy’ with industry-standard external DHCP Servers that support DHCP Relay. This means that each Airespace Wireless Switch or WLAN Appliance appears as a DHCP Relay agent to the DHCP Server. This also means that the Airespace Switch or Appliance appears as a DHCP Server to wireless clients at the virtual IP address.
About Airespace Mobility Groups Airespace Mobility Group Airespace System operators can define Mobility Groups to allow client roaming across groups of Airespace Wireless Switches and WLAN Appliances. Because the Airespace Switches and Appliances in Multiple-Airespace Switch and Appliance Deployments can detect each other across the switched network and over the air, it is important that each enterprise, institution, and wireless internet service provider isolate their Airespace Switches and Appliances.
Note: Because the Airespace Switches and Appliances talk to each other when they are in the same mobility group, Airespace recommends that operators do not add physically-separated Airespace Switches and Appliances to the same static mobility group to avoid unnecessary traffic on the switched network.
About Airespace Wired Connections Airespace Wired Connections The Airespace System components communicate with each other using industry-standard Ethernet cables and connectors. The following sections contain details of the Airespace wired connections. Between Airespace Wireless Switches and APs Between Airespace Wireless Switches and APs When operated in Direct Connect Mode, the 4012 and 4024 Airespace Switches and Appliances uses standard 802.
When the Airespace Wireless Switch or WLAN Appliance is operated in Appliance Mode, the Airespace APs communicate with the Airespace Switch or Appliance through the switched network. The 4012 and 4024 Airespace Wireless Switches connect to the switched network using a copper 10/100Base-T cable or a copper or fiber-optic GigE cable. The 4101 Airespace WLAN Appliance connects to the switched network using a fiber-optic GigE cable.
Between Airespace Switches and Appliances and Other Network Devices Between Airespace Switches and Appliances and Other Network Devices The 4012 and 4024 Airespace Wireless Switches communicate with other Airespace Wireless Switches and WLAN Appliances or network devices through standard CAT-5 cable connected to front-panel Port 1, which supports up to 100 Mbps, or through Gigabit Ethernet (or GigE) cabling, which supports up to 1 Gbps (1,000 Mbps).
About Airespace WLANs Airespace WLANs The Airespace System can control up to 16 Wireless LANs for Airespace Access Points plus one WLAN for Third-Party Access Points. Each WLAN has a separate WLAN ID (1 through 17), a separate WLAN SSID (WLAN Name), and can be assigned unique security policies. A separate WLAN 17 can be created for Third-Party Access Points connected to a Model 4012 or 4024 Airespace Wireless Switch front panel in Direct Connect Mode.
About File Transfers Transferring Files The Airespace System operator can upload and download code, configuration, and certificate files to and from an Airespace Wireless Switch or WLAN Appliance using Airespace CLI commands, Airespace Web Browser Interface commands, or Airespace Control System Software (ACS Software) commands.
About Power Over Ethernet Power Over Ethernet Airespace Wireless Switches and WLAN Appliances and Airespace APs supports 802.3af-compliant Power over Ethernet (PoE), which can reduce the cost of discrete power supplies, additional wiring, conduits, outlets, and installer time. PoE also frees installers from having to mount Airespace Access Points or other powered equipment near AC outlets, providing greater flexibility in positioning Airespace APs for maximum coverage.
About Airespace Switches and Appliances Airespace Switches and Appliances The Airespace Wireless Switch and WLAN Appliance are enterprise-class high-performance wireless switching platforms that support 802.11a and 802.11b/802.11g (802.11b/g) protocols. They operate under control of the AireOS, and includes wire-speed Layer 2 switching designed to support the Airespace Switched Architecture, which results in an Airespace System that can automatically adjust to real-time changes in the 802.
4012 and 4024 Airespace Wireless Switch Models 4012 and 4024 Airespace Wireless Switch Models About the Airespace System gives a comprehensive overview of the Airespace System and the place of the Airespace Wireless Switches and WLAN Appliances in that system. The following figure shows the 4024 Airespace Wireless Switch. The 4012 Airespace Wireless Switch is similar to the 4024, but has 12 front-panel RJ-45 jacks instead of 24.
4101 and 4102 Airespace WLAN Appliance Models 4101 and 4102 Airespace WLAN Appliance Models The following figure shows the 4102 Airespace WLAN Appliance. The 4101 Airespace WLAN Appliance is similar to the 4102, but has one front-panel SX/LC jack instead of two. Figure - 4102 Airespace WLAN Appliance The 4101 and 4102 Airespace WLAN Appliances are one-unit high 802.
Airespace Switch and Appliance Features Airespace Switch and Appliance Features Because Airespace Wireless Switches and WLAN Appliances perform most of the processes normally performed by SOHO Access Points, it can reduce the amount of inter-AP traffic on the wired backbone network when used in Direct Connect Mode. When operated in Appliance Mode, Airespace Switches and Appliances connect to the associated Airespace APs through the switched network.
• Distribution System Port • Service (Management) Port • Airespace Switch and Appliance Memory • Startup Wizard • Airespace Switch and Appliance Failover Protection • Switched Network Connection to an Airespace Switch or Appliance • Enhanced Security Module • Airespace Access Points • Airespace WLANs • Transferring Files • Configuring the Airespace Switch or Appliance • Transferring Files To and From an Airespace Switch or Appliance • Updating the AireOS Software • Clearing Config
Airespace Switch and Appliance Model Numbers Airespace Switch and Appliance Model Numbers The Airespace Wireless Switch and WLAN Appliance models are as follows: • AS-4012 - Twelve-Port Airespace Wireless Switch with an optional 1000Base-T or 1000Base-SX/LC Network Adapter, used in Direct Connect Mode, Appliance Mode, and Hybrid Mode.
Airespace Wireless Switch Direct Connect Mode Direct Connect Mode The 4012 and 4024 Airespace Wireless Switches can be operated in Direct Connect Mode, in Appliance Mode, or in Hybrid Mode. In Direct Connect Mode, the Airespace Wireless Switches are directly connected to up to 24 (Model 4024) or up to 12 (Model 4012) Airespace APs and/or third-party APs over CAT-5 or higher Ethernet cabling. The benefit of this mode is that the Airespace Wireless Switches can provide Power Over Ethernet.
Airespace Switches and Appliances in Appliance Mode Appliance Mode All 4012 and 4024 Airespace Wireless Switches and 4101 and 4102 Airespace WLAN Appliances can be operated in Appliance Mode. (The 4012 and 4024 Airespace Wireless Switches can also be operated in Direct Connect Mode or Hybrid Mode.
Airespace Wireless Switch Hybrid Mode Hybrid Mode The 4012 and 4024 Airespace Wireless Switches can be operated in Hybrid Mode, Appliance Mode or Direct Connect Mode. In Hybrid Mode, the Airespace Wireless Switch communicates directly and indirectly with up to 24 (Model 4024) or up to 12 (Model 4012) associated Airespace APs and/or third-party APs over Ethernet cabling, and with associated Airespace APs through the switched network. The following figure shows an Airespace Wireless Switch in Hybrid Mode.
About the Distribution System Port Distribution System Port As described in Switched Network Connection to an Airespace Switch or Appliance, the 4012 and 4024 Airespace Wireless Switch and 4101 Airespace WLAN Appliance logical Distribution System port can be assigned to only one physical port (Airespace Wired Connections), and can communicate with the switched network through one physical port.
About the Service (Management) Port Service (Management) Port The Service Port on the Airespace Wireless Switch or WLAN Appliance front panel is a 10/100Base-T Ethernet port dedicated to AireOS management. The Service Port is configured with an IP address, subnet mask, and IP assignment protocol separate from the Distribution System Port. This allows the operator to manage the Airespace Switch or Appliance directly or through a dedicated AireOS management network, such as 10.1.2.
About the Startup Wizard Startup Wizard When an Airespace Wireless Switch or WLAN Appliance is powered up with a new factory AireOS software load or after being reset to factory defaults, the bootup script runs the Startup Wizard, which prompts the installer for initial configuration. The Startup Wizard: • Ensures that the Airespace Switch or Appliance has a System Name, up to 32 characters. • Adds an Administrative User Name and Password, each up to 24 characters.
About Airespace Switch and Appliance Memory Airespace Switch and Appliance Memory The Airespace Wireless Switches and WLAN Appliances contain two kinds of memory: volatile RAM, which holds the current, active Airespace Switch or Appliance configuration, and NVRAM (non-volatile RAM), which holds the reboot configuration.
Airespace Switch and Appliance Failover Protection Airespace Switch and Appliance Failover Protection Each Airespace Wireless Switch and WLAN Appliance with front-panel 10/100Base-T ports can normally associate with as many primary Airespace APs as it has physical ports. Thus, a 12-port 4012 Airespace Wireless Switch can associate with 12 primary Airespace APs, and a 24-port 4024 Airespace Wireless Switch can associate with 24 primary Airespace APs.
Switched Network Connection to the Airespace Switch or Appliance Switched Network Connection to an Airespace Switch or Appliance The 4012 and 4024 Airespace Wireless Switch can be operated in Hybrid Mode, Appliance Mode or Direct Connect Mode. The 4101 and 4102 Airespace WLAN Appliance can be operated in Appliance Mode. Regardless of operating mode, the Airespace Switches and Appliances use the switched network as an 802.11 Distribution System.
Model 4101 and 4102 Airespace WLAN Appliances Model 4101 and 4102 Airespace WLAN Appliances The 4101 and 4102 Airespace WLAN Appliances can communicate with the switched network through one (4101) or two (4102) physical interfaces, and the logical Distribution System Port can be assigned to the one or two physical ports. The physical interfaces areas follows: • A GigE 1000Base-SX fiber-optic cable can plug into the LC connector on the front of the 4101 Airespace WLAN Appliance.
Enhanced Security Module Enhanced Security Module The 4012 and 4024 Airespace Wireless Switches can be equipped with an optional Enhanced Security Module (AS-Switch-ESM), which slides into the rear panel of the Airespace Wireless Switches, and which is factory-installed inside the chassis in the 4101 and 4102 Airespace WLAN Appliances.
About Airespace Access Points Airespace Access Points The Airespace AP is a part of the innovative Airespace Wireless Enterprise Platform (Airespace System). When associated with an Airespace Switches and Appliances as described below, the Airespace AP provides advanced 802.11a and/or 802.11b/g Access Point functions in a single aesthetically pleasing enclosure. The following figure shows the Airespace Access Point.
Note that the Airespace AP is manufactured in a neutral color so it blends into most environments (but can be painted), contains pairs of high-gain internal antennas for unidirectional (180-degree) or omnidirectional (360-degree) coverage (Airespace AP External and Internal Antennas), and is plenum-rated for installations in hanging ceiling spaces.
About Airespace AP Models Airespace AP Models The Airespace AP includes one 802.11a radio (AS-1200-A), one 802.11b/802.11g radio (AS-1200-BG), or one 802.11a and one 802.11b/g radio (AS-1200-ABG). The Airespace AP is available in the following configurations: • AS-1200-A - Airespace AP with one 802.11a radio, two high-gain internal antennas, and one 5 GHz external antenna adapter • AS-1200-A-int - Airespace AP with one 802.
About Airespace AP External and Internal Antennas Airespace AP External and Internal Antennas Note: Airespace APs must use the factory-supplied internal or external antennas to avoid violating FCC requirements and voiding the user’s authority to operate the equipment. Refer to FCC Statements for Airespace APs for detailed information. The 1200 Airespace AP enclosure contains one 802.11a and/or one 802.11b/g radio and four (two 802.11a and two 802.
Figure - 1200 Airespace AP 802.11a OMNI (Dual Internal) Azimuth Antenna Gain Pattern Figure - 1200 Airespace AP 802.
Figure - 1200 Airespace AP 802.11a Sectorized (Single Internal) Azimuth Antenna Gain Pattern Figure - 1200 Airespace AP 802.
802.11b/g Internal Antenna Patterns 802.11b/g Internal Antenna Patterns The 1200 Airespace AP enclosure can contain one 802.11b/g radio which drives two fully-enclosed high-gain antennas which can provide a large 360-degree coverage area. The two internal antennas can be used at the same time to provide a 360-degree (Omnidirectional) coverage area, or either antenna can be disabled to provide a 180-degree (Sectorized) coverage area. The 802.
Figure - 1200 Airespace AP 802.11b/g Sectorized (Single Internal) Azimuth Antenna Gain Pattern Figure - 1200 Airespace AP 802.
802.11a/b/g Internal Antenna Patterns 802.11a/b/g Internal Antenna Patterns The AS-1200-ABG Airespace AP enclosure contains one 802.11a and one 802.11b/g radio and four fully-enclosed high-gain antennas which provide large 360-degree 802.11a and 802.11b/g coverage areas, a shown in the 802.11a Internal Antenna Patterns and 802.11b/g Internal Antenna Patterns sections. Note that the 802.11b/g radio supports receive and transmit diversity between the internal antennas, while the 802.
About Airespace AP LEDs Airespace AP LEDs Each Airespace AP is equipped with four LEDs across the top of the case. They can be viewed from nearly any angle. The LEDs indicate power and fault status, 2.4 GHz (802.11b/g) radio activity, and 5 GHz (802.11a) radio activity. This LED display allows the wireless LAN manager to quickly monitor the Airespace AP status. For more detailed troubleshooting instructions, refer to the Troubleshooting section.
About Airespace AP Connectors Airespace AP Connectors The Airespace AP has the following external connectors: • One RJ-45 Ethernet jack, used for connecting the Airespace AP to the 4012 or 4024 Airespace Wireless Switch or to the switched network. • One 48 VDC power input jack, used to plug in an optional factory-supplied external power adapter. • Three male reverse-polarity TNC antenna jacks, used to plug optional external antennas into the Airespace AP: two for an 802.
The Airespace AP can be powered from an optional factory-supplied external AC-to-48 VDC power adapter. If you are powering the Airespace AP using an external adapter, plug the adapter into the 48 VDC power jack on the side of the Airespace AP. The Airespace AP includes two 802.11a and two 802.11b/g high-gain internal antennas, which provide omnidirectional coverage.
About Airespace AP Power Requirements Airespace AP Power Requirements The Airespace AP requires a 48 VDC nominal (between 38 and 57 VDC) power source capable of providing 7 Watts. The polarity of the DC source does not matter because the Airespace AP can use either a +48 VDC or a -48 VDC nominal source. Airespace APs can receive power from an external power converter (see figure below) plugged into the side of the Airespace AP case, or from Power Over Ethernet.
About Airespace AP External Power Converter Airespace AP External Power Converter The Airespace AP can receive power from an external 115 VAC-to-48 VDC power converter or from Power Over Ethernet equipment. The external power converter plugs into a secure 115 VAC convenience outlet (to avoid having cleaning personnel unplug the converter when they use power cleaning equipment). The converter produces the required 48 VDC output (Airespace AP Power Requirements) for the Airespace AP.
About Airespace AP Mounting Options Airespace AP Mounting Options Refer to the Airespace Access Point Quick Installation Guide for the Airespace AP mounting options.
About Airespace AP Physical Security Airespace AP Physical Security The side of the Airespace AP housing includes a slot for a Kensington MicroSaver Security Cable. You can use any MicroSaver Security Cable to ensure that your Airespace AP stays where you mounted it! Refer to the Kensington website for more information about their security products, or to the Airespace Access Point Quick Installation Guide for installation instructions.
About Airespace AP Monitor Mode Monitor Mode The Airespace APs, Airespace Wireless Switches, and Airespace WLAN Appliances are capable of performing rogue detection and containment while providing regular service. However, if the administrator would prefer to dedicate specific Airespace APs to rogue detection and containment, or if a network that provides IDS only functions is desired, the Monitor mode should be enabled. The Monitor function is set for all 802.
About Third-Party Access Points Third-Party Access Points The Airespace System can control all parameters for existing Cisco 1200, Cisco 350 and ORiNOCO 2000 Access Points using the third-party user interface from within the Airespace Control System Software application. In addition, the Airespace System can be used to enforce real-time control of system-wide 802.1x security policies for third-party AP WLANs as described in AireOS Security.
About Rogue Access Points Rogue Access Points Because they are inexpensive an readily available, clients are plugging unauthorized rogue access points (rogue APs) into existing LANs and building ad hoc wireless networks without IT department knowledge or consent. These rogues can be a serious breach of network security, because they can be plugged into a network port behind the corporate firewall.
Rogue AP Tagging and Containment Rogue AP Tagging and Containment This built-in detection, tagging, monitoring and containment capability allows system administrators to take required actions: • Receive new rogue notifications, eliminating hallway scans. • Monitor unknown rogues until they are eliminated or acknowledged. • Determine the closest authorized Airespace Access Points and Third-Party Access Points, making directed scans faster and more effective.
About the Airespace Control System Software Airespace Control System Software The Airespace Control System Software (ACS Software Server) is an AireOS management tool that extends the capabilities of the Airespace Web Browser Interface and the Airespace Command Line Interface from an individual Airespace Wireless Switch or WLAN Appliance to a network of Airespace Switches and Appliances.
About ACS Airespace Switch and Appliance Autodiscovery ACS Airespace Switch and Appliance Autodiscovery Manually adding Airespace Switch and Appliance data to a management database can be time consuming, and is susceptible to data entry errors. The Airespace Control System Software (ACS Software Server) includes a built-in Airespace Wireless Switch and WLAN Appliance Autodiscovery function that speeds up database creation while eliminating errors.
About the Airespace Web Browser Interface Airespace Web Browser Interface The Airespace Web Browser Interface is built into each Airespace Switch and Appliance. The Web Browser Interface allows up to five users to simultaneously browse into the built-in Airespace Wireless Switch or WLAN Appliance http/https (http + SSL) Web server, configure parameters, and monitor operational status for the Airespace Switch or Appliance and its associated Access Points.
About the Airespace Command Line Interface Airespace Command Line Interface The Airespace Command Line Interface (CLI) is built into the Airespace Wireless Switches and WLAN Appliances, and is one of the AireOS management interfaces described in About the Airespace System. The Airespace CLI allows operators to use a VT-100 emulator to locally or remotely configure, monitor and control individual Airespace Switches and Appliances, and to access extensive debugging capabilities.
Notes: Notes 10/10/03 90-100584-004 Notes Airespace Product Guide 66
SOLUTIONS SOLUTIONS SOLUTIONS • AireOS Security • Configuring a Firewall for ACS Software Server • Configuring AireOS for SpectraLink NetLink Telephones • Management over Wireless • Configuring a WLAN for a DHCP Server • Customizing the Web Auth Login Screen 10/10/03 90-100584-003 © 2003 Airespace, Inc. All Rights Reserved.
AireOS Security AireOS Security AireOS Security includes the following sections: • Overview • Layer 1 Solutions • Layer 2 Solutions • Layer 3 Solutions • Single Point of Configuration Policy Manager Solutions • Rogue AP Solutions • Integrated Security Solutions • Simple, Cost-Effective Solutions 10/10/03 90-100584-003 AireOS Security Airespace Product Guide 68
Overview Overview The industry-leading AireOS Security solution bundles potentially complicated Layer 1, Layer 2 and Layer 3 802.11 Access Point security components into a simple policy manager that customizes system-wide security policies on a per-WLAN basis (AireOS Security). Unlike SOHO (small office, home office) 802.11 products, the AireOS Security solution included in the Airespace Wireless Enterprise Platform (Airespace System) provides simpler, unified, and systematic security management tools.
Layer 1 Solutions Layer 1 Solutions The AireOS Security solution ensures that all clients gain access within an operator-set number of attempts. Should a client fail to gain access within that limit, it is automatically blacklisted (blocked from access) until the operator-set timer expires.
Layer 2 Solutions Layer 2 Solutions If a higher level of security and encryption is required, the network administrator can also implement industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extended authorization protocol), or WPA (Wi-Fi protected access) dynamic keys.