Installation and Configuration Guide Airgo Access Point Airgo Networks, Inc. 900 Arastradero Road Palo Alto, CA 94304 P: 650-475-1900 F: 650-475-1708 www.airgonetworks.
Copyright © 2004 by Airgo, Inc. All Rights Reserved. No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Airgo unless such copying is expressly permitted by U.S. copyright law.
Contents Preface 1 --------------------------------------------------------------x Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 Product Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Product Suite - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Features Overview - - - -
Power and Cabling Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Network Information Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Installing the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Using Power Over Ethernet - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Placement and Or
Link Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Security Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Configuring Inter Access Point Protocol (IAPP) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IAPP Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IA
Setting Up a Wireless Backhaul - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Link Criteria - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Candidate APs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Trunk Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - T
IP Rogue AP Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Wireless Rogue AP Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Using the NM Services Menu - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Working With Policies - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Configuring Network Disco
Enrollment: Node Un-enrolled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Policy: Policy Download Successful - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Policy: Policy Download Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Software Download: Image Download Succeeded - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Software Download: Image Download F
Security: EAPOL Key exchange – message 2 timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 271 Security: EAPOL Group 2 key exchange timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 272 Glossary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 275 Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 281 Installatio
Preface This guide explains how to install and configure the Airgo Access Point (Airgo AP), which is used with Wi-Fi certified clients to provide PC laptop and desktop users with wireless network access.
Preface • Chapter 9, “Managing the Network,” explains how to use the NM Portal features of the Airgo Access Point to manage multiple APs across your network. • Chapter 10, “Maintaining the Access Point,” describes the tools available to maintain the Airgo Access Point. • Appendix A, “Using the Command Line Interface,” describes how to use the console and command line interface (CLI) to configure the Airgo Access Point, with cross-references to the Airgo Command Line Interface Reference Manual.
Preface Related Documentation The following documentation related to the Airgo wireless networking product line is available on CD-ROM and also on the Airgo website, http://www.airgonetworks.com. • Airgo Client Installation and User Guide — Explains how to install and configure the Airgo Wireless LAN Client Adapter, which provides PC laptop and desktop users with access to the Airgo Access Point products.
Preface xiii Installation and Configuration Guide: Airgo Access Point
1 Overview This chapter introduces the features and capabilities of the Airgo Access Point and presents the following topics: • • • • • • • • • Product Overview Features Overview Standards and Data Rates Radio Resource Management Mobility Management Portal Architecture Security Integration With the Existing Wired Network Management Interface Options Product Overview The Airgo Access Point is part of an innovative suite of wireless technology products designed to dramatically improve the quality and conv
1 Overview Airgo NMS Pro Airgo’s NMS Pro provides enterprise-class management for the wireless network, including complete configuration and image control, security, and performance and fault monitoring. For more information, refer to the NMS Pro Installation and Configuration Guide. Figure 1 shows how Airgo products operate in concert to create a wireless network.
Features Overview • • • • • • • • • • • • • • Embedded Network Management and Security Portal services Financial grade security Effective security management Guest user access Rogue AP detection Quality of service (QoS) Wireless backhaul modes Integration with existing wired network infrastructure Static IP routing SNMP MIB support Authentication using RADIUS services Software and firmware upgrades Back up and restoration of AP configuration data SYSLOG and diagnostic tools for monitoring and troubleshoot
1 Overview Portal Architecture To support the range of network sizes and configurations served by Airgo products, Airgo has designed a built-in, flexible, portal services architecture for management and security. Each AP can be configured as an NM Portal AP to support the following services: Service Description Management NM Portal services provide network management functionality for small to mid-size wireless networks.
Features Overview • NM Portal can provide user authentication services for an entire small to mid size network or serve as a backup security server if an external RADIUS authentication service is used. Security Airgo offers a comprehensive security solution that adheres to the following industry standards and draft standards: • Data encryption—WEP, Wi-Fi Protected Access (WPA) with TKIP or AES encryption • User authentication—IEEE 802.
1 Overview Quality of Service Quality of Service (QoS) features enable differential treatment of network traffic types to support special applications or extend priority access to designated groups of users. For example, applications as streaming media and voice over Internet suffer serious quality degradation if data transmission is interrupted or bandwidth fluctuates excessively.
Standards and Data Rates the display, network administrators can identify and classify the APs that are known. The remaining APs are classified as rogues. By examining the information available for each rogue AP, it is generally possible to pinpoint the location of the rogue and take action to remove it from the network. Standards and Data Rates Airgo supports the wireless networking standards shown in Table 2. Table 2: Supported Wireless Networking Standards Standard Area Status IEEE 802.
1 Overview • Layer 2 and Layer 3 QoS support • DHCP server and client support • NTP for time-synchronization Management Interface Options Management support for the Airgo AP is available through four different interfaces: 8 Interface Description Web Browser Interface This is the primary user interface for basic and advanced AP configuration support for a single AP. This guide presents all configuration tasks using the web browser interface.
2 Planning Your Installation This chapter provides guidelines on planning a wireless network. It includes example network configurations and explains how to plan for coverage, capacity, security, and network management.
2 Planning Your Installation Figure 3: Typical Wireless Network Enterprise Boundry NMS Pro RADIUS WAN Router with Firewall Internet Corporate Network 10/100 Ethernet Network Operations Center LAN Switch/Router AP with 2 Radios AP with 1 Radio 802.11a 802.11g/b AP with 1 Radio 802.11a (or 802.11g/b) 802.11g/b (or 802.
Assessing Security Needs and Architecture Figure 4: Airgo AP Coverage Compared with Other Access Points 108 Mbps Coverage Data Rate 54 Mbps Legacy Coverage Access Point Location Typical Wireless Coverage Legacy Wireless Coverage A0020A Site Surveys Site surveys are used to measure the wireless characteristics of the physical environment and thereby determine cost-efficient placement of equipment in the network.
2 Planning Your Installation • Data encryption—Specifying the method of security for wireless data communications between client stations and the AP. • Authentication—Specifying the method to verify the identity of users who want to access the wireless network, and assign access restrictions and services to them. Enrollment Enrollment is the process of verifying the identity of APs and confirming that they are authorized to be a legitimate part of the wireless network.
Assessing Security Needs and Architecture For small and mid-sized networks, it is recommended to configure one of the APs on the network as a portal AP to provide NM Portal, security portal, and enrollment services. It is also recommended to designate another AP as a backup for the security portal. For large offices and campuses, enterprise-wide control and advanced network management features become essential to reliable network operations.
2 Planning Your Installation Planning Network Features The Airgo AP offers an extensive set of configuration parameters and network service features. Automated and default options are available for most of these, making it necessary to configure only a few of the AP parameters to set up a basic network. As needs change, additional features can be configured to support new network services.
Planning Network Features Feature Planning Issues VLAN VLANs permit the network to be segmented according to functional needs without the restrictions of the physical topology. • If your enterprise uses multiple VLANS, they can be supported in the wireless network. • Multiple VLANs are required for guest access. SSID Decide whether one or multiple SSIDs will be supported.
2 Planning Your Installation Example Deployment Scenarios This section describes the feature decisions for an example company as a function of network size, management structure, and network services. Example 1: Small office, single AP, possible future growth Acme Works begins as a small company with 20 users. The office is at a single location served by one access point connected to the wired backbone. The elements of the network are shown in Figure 5.
Example Deployment Scenarios The following table lists the tasks required for configuration and provides pointers to the detailed instructions in this guide. Table 3: Example 1 Configuration Tasks Task Process Bring up the first (or only) Airgo AP 1 Make sure a DHCP server is available on the network, and create a DHCP reservation for the MAC address of this AP. 2 Have the information sheet shipped with the AP available. 3 Bootstrap the AP as an NM Portal. Defaults are acceptable for most settings.
2 Planning Your Installation Example 2: Small to mid-size business with wireless backhaul Acme Works has now grown to 70 users. The site is the same as in Example 1; however Acme wants to provide coverage to a temporary building that has no wired connection. An additional AP is added to provide user access via a wireless backhaul (Figure 7). Figure 7: Example 2 Network 10/100 Switched Ethernet SSID="Corp" SSID="Corp" A0042E Figure 8 summarizes the feature decisions for this example.
Example Deployment Scenarios Example 3: Mid-size business, multiple SSIDs, multiple VLANs Now a successful business, the management at Acme Works wants to position the company for continued growth. The company decides to deploy an external RADIUS server to manage user authentication centrally for the entire company.
2 Planning Your Installation Figure 10: Example 3 Feature Decisions Physical Network One AP Multiple APs Network Management NM Portal NMS PRO User Authentication Built-In Security Portal External RADIUS Server Security Modes WPA (default) WEP VLAN Default VLAN Multiple VLANs SSID Single SSID (default) Multiple SSIDs Default COS Mappings Custom COS Mappings Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled Quality of Service (
Example Deployment Scenarios Example 4: Large business, guest access, extended network services Acme Works is now a widely known and successful enterprise. With an ever increasing number of visitors requiring network access, the network administrator decides to implement a corporate guest access solution. A guest VLAN and service profile are created and bound to the Corporate SSID, and a guest password is created.
2 Planning Your Installation Figure 12: Example 4 Feature Decisions Physical Network One AP Multiple APs Network Management NM Portal NMS PRO User Authentication Built-In Security Portal External RADIUS Server Security Modes WPA (default) WEP VLAN Default VLAN Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled
Example Deployment Scenarios Example 5: Large Campus with Branch Offices With continued growth, the original Acme Works building is now surrounded by multiple buildings within a large campus setting. The company also has two branch offices in neighboring communities. The decision is made to implement NMS Pro for enterprise-class network management. This solution will provide network administrators with extensive control and oversight, centralized monitoring, and fault management.
2 Planning Your Installation Figure 14: Example 5 Feature Decisions Physical Network One AP Multiple APs Network Management NM Portal NMS PRO User Authentication Built-In Security Portal External RADIUS Server Security Modes WPA (default) WEP VLAN Default VLAN Multiple VLANs SSID Single SSID (default) Multiple SSIDs Quality of Service Default COS Mappings Custom COS Mappings Service Profile Default Service Profile Custom Service Profiles Guest Access Disabled (default) Enabled
3 Installing the Access Point Using the Configuration Interfaces This chapter explains how to install and quickly configure the Airgo Access Point and provides instructions for accessing the web and command line interfaces.
3 Using the Configuration Interfaces large metallic structures such as equipment racks, steel bookcases or filing cabinets, or crowded by computer enclosures. If using an external antenna with the AP (optional), try to place the unit as high as possible, where it is free of obstruction. Install the AP away from sources of RF interference, such as microwave ovens, cordless phones, electric motors, and similar appliances.
Installing the Access Point Figure 15: Airgo AP Connections Reset Default 100/10BaseT Ethernet port Console port DC power A0003B Using Power Over Ethernet Power-over-Ethernet, based on the 802.3af standard, can be used to supply power to the Airgo AP. If both DC power and power-over-Ethernet are used at the same time, then failover takes place automatically in the event that one of the power sources is lost.
3 Using the Configuration Interfaces Figure 16: Airgo AP Placement Reset LEDs Default 100/100BaseT Ethernet port Console port Power connector A0002B Verifying the Installation To verify the Airgo Access Point is operational, examine the front of the AP. • Is the status LED red or green? If not, check the power connections and whether or not the AC outlet has power.
Installing the Access Point Table 7: LED Definitions LED Description WLAN1 Blinks green for activity. AP STAT There are two AP status LEDs that indicate the AP status. When the AP is reset or powered on, the bottom LED turns red and then the top LED blinks green. Once the AP successfully boots up, the top LED turns green and stays green. When the AP is reset to defaults, the LEDs light up in the same sequence as described above.
3 Using the Configuration Interfaces Reset the configuration of the AP to the factory default in any of the following ways: Method Description Web browser interface Use the Configuration Management panel under System Configuration. See “Reset Configuration” on page 217.
Using AP Quick Start to Initialize the Access Point To connect to the AP using the web browser interface requires an IP connection to the AP network and a computer with a browser capable of Secure Sockets Layer (SSL) connections. Follow these steps: 1 Launch the web browser. a If your network has a DHCP server, enter the DHCP-assigned address of the AP in the address bar. b If your network does not use a DHCP server, assign the static address 192.168.1.1/24 to your computer, and then enter https://192.168.
3 Using the Configuration Interfaces Figure 18: AP Quick Start Welcome Panel Both roles allow the AP to function as an IEEE 802.11 wireless network node.
Using AP Quick Start to Initialize the Access Point Initializing a Normal AP 1 Click Bootstrap Normal AP from the Quick Start Welcome panel to open the first initialization panel (Figure 19). NOTE: Click Logout if it is necessary to leave the Quick Start panels. If you log out prior to completing the set-up process, then settings are not saved.
3 Using the Configuration Interfaces Field Description Default Gateway IP address of the gateway to the wired network. Required if the IP address is not obtained automatically to provide complete network access. The default is the existing network gateway. Domain Name Servers IP address of the server supplying DNS service. Required if the IP address is not obtained automatically to provide complete network access. The default is the DNS server for the existing network.
Using AP Quick Start to Initialize the Access Point Field Description Bootstrap Security Mode WPA-PSK, WEP-64, WEP-128, or Open security option. The option determines the security mode for the AP. WPA-PSK Security Mode Activated if WPA is selected as the security mode. Enter a alphanumeric string at least eight characters in length. (required if security mode is WPAPSK). WEP Key Activated if WEP is selected as the security mode. Enter a WEP key.
3 Using the Configuration Interfaces NOTE: The defaults for radio configuration have been selected for the best operational radio behavior across a variety of environments. Modifying these parameters alters radio behavior, which may have an impact on network performance or services. For example, selecting an operating band of 5GHz (802.11a) may prevent legacy client adapters from associating to the AP. 6 After entering settings for both radios, click Finish to complete the initialization process.
Navigating the Web Interface Navigating the Web Interface The Airgo AP web interface is divided into three main areas. The menu tree (Figure 23) provides access to all the panels and features of the web interface. To expand a menu in the menu tree, click the arrow to the left of the menu name. Figure 23: Menu Tree The lower left alarm panel (Figure 24) lists the number of current alarms.To update the alarm summary, periodically click the browser refresh button.
3 Using the Configuration Interfaces Figure 25: 38 Home Panel Installation and Configuration Guide: Airgo Access Point
Navigating the Web Interface Quick Start Panels Use the AP Quick Start menu items to open the Bootstrap Configuration and Version panels. Each of the tabs in the Bootstrap Configuration panel corresponds to one of the screens used to initialize an AP in AP Quick Start. IP Config Tab The IP Config tab opens when you choose Bootstrap Configuration is selected from the AP Quick Start menu (Figure 26). Use this tab to configure addresses for the bootstrap configuration.
3 Using the Configuration Interfaces Field Description DNS IP Address Enter the IP address of the server or servers supplying DNS service. This is required if the IP address is not obtained automatically. The default is the DNS server for the existing network. Multiple DNS server addresses may be specified, space-separated. The AP will use the addresses in the order specified. Manually configured DNS addresses always take precedence over the DNS addresses returned by a DHCP server.
Navigating the Web Interface Figure 27: AP Quick Start - Bootstrap Configuration - Radio Config This tab contains the following settings: Field Description Radio Admin State Select each AP radio (wlan0 or wlan1) to enable or disable. Network Connectivity Indicate whether the radio will be used in a normal AP connected to the wired network (Wired-Only), for wireless backhaul (Wireless-Only), or may be used for either (Any). If Any is specified, the system will automatically choose one.
3 Using the Configuration Interfaces Field Description Configure Channel Select Auto-Select Channel or Assign Fixed Channel options: • Auto-Select: Select At Start-up to automatically determine the channel when the AP is booted, or Periodic to auto-select the channel at the specified number of minutes. The default is Periodic and 30 minutes. • Assign Fixed Channel: Select a static channel. In both of these cases, the channel set used for auto-scanning can also be restricted.
Navigating the Web Interface Field Description Synchronize Clock Indicate whether time will be synchronized manually through the date and time fields, or by way of an NTP server. If you select the server option, enter the IP address of the server in the space provided. If an NTP is currently assigned, the address of the server is displayed, as shown in Figure 28. Multiple NTP servers may be specified (space separated). If more than one server is specified, they are contacted in the order given.
3 Using the Configuration Interfaces Figure 30: AP Quick Start - Bootstrap Configuration - Admin Email rjones@acmeworks.com Version Table The Version Table panel (Figure 25) lists model number, serial number, and hardware and software version information.
Configuration Wizards Other Panels The other panels accessible from the menu tree contain detailed information and fields to set the AP configuration. Most of the panels have multiple tabs, and some have special entry panels. NM Portal Access If the AP is booted in Portal mode, the left side of the browser interface includes a Manage Wireless Network button just below the menu tree. Click the button to open a new browser window for NM Portal services.
3 Using the Configuration Interfaces The wizard presents several options for configuring user security. For additional information about these options, see Chapter 7, “Managing Security.” Option Description WPA-EAP (with AES encryption) Configures the AP to work with RADIUS authentication servers. WPA-PSK Configures the AP to work with pre-shared key authentication. • The wizard prompts for selection of the internal RADIUS server included in the AP or an external RADIUS server.
Configuration Wizards To configure WPA-PSK: 1 In the User Security Wizard, select Using WPA-PSK. 2 Click Next to open the next User Security wizard panel (Figure 34). Figure 34: User Security Wizard - WPA-PSK 3 Enter the pre-shared key to use for network authentication and confirm your entry. 4 Click Finish.
3 Using the Configuration Interfaces To configure WEP: 1 Select Using WEP, and click Next to open the next User Security wizard panel (Figure 35). Figure 35: User Security Wizard - WEP 2 Select the WEP key length. 3 Enter up to four WEP keys, and indicate which will be the default. 4 Click Finish.
Configuration Wizards To configure open access: 1 Select Open Access, and click Next to open the next User Security wizard panel (Figure 36). Figure 36: User Security Wizard - Open Access 2 Confirm that you want to configure the AP without user security. 3 Click Finish.
3 Using the Configuration Interfaces Guest Access Wizard The Guest Access wizard enables you to configure the network to give guest users limited access while protecting the network from unauthorized use. For a complete description of guest access rules and options, see Chapter 8, “Configuring Guest Access.” To open the Guest Access wizard: • Click Guest Access Wizard under AP Quick Start on the side menu.
Configuration Wizards To use an internal landing page: 1 In the Guest Access wizard, select Internal. 2 Click Next to open the next wizard panel. 3 Enter and confirm a guest password (Figure 38). The password must be from 1 to 63 characters in length and may be manually distributed to guests who visit your corporate facility. Figure 38: Guest Access Wizard - Internal Landing Page 4 Indicate whether the guest users will be able to access a subnet before they are authenticated as guest users.
3 Using the Configuration Interfaces 6 Select an existing VLAN in which to place authenticated guest users, or create a new VLAN by entering a numeric VLAN ID and VLAN name (Figure 39). The list of existing VLANS includes only those that support open access. Figure 39: Guest Access Wizard - VLAN Entry 7 Click Finish. Guest access is now configured. When guests access the external landing page, they follow an externally-determined process to log in to the network.
Configuration Wizards To use an external landing page: 1 In the Guest Access wizard, select External. 2 Click Next to open the next wizard panel. Figure 40: Guest Access Wizard - External Landing Page 3 Enter the full URL for the external landing page (Figure 39). The URL for the landing page must use an IP address rather than a domain name.
3 Using the Configuration Interfaces 54 Installation and Configuration Guide: Airgo Access Point
4 Configuring Radio Settings This chapter describes the configuration settings for the Airgo Access Point radios and explains how to set the configuration using the Airgo AP web interface. It covers all the features accessible from the Wireless Services menu except backhaul configuration, which is discussed in Chapter 6.
4 Configuring Radio Settings Figure 41: AP Radios and Coverage Wired Network AP1 (Wired AP) AP2 (Backhaul Point) AP1 Cell AP2 Cell A0019A Use the Wireless Services items on the menu tree to access wireless parameters. The following rules apply to the wireless settings: • Some of the settings apply globally (for both radios); others apply on a per-radio basis. • For configuration and reference purposes, the individual radios are labeled wlan0 and wlan1. The wired Ethernet interface is labeled eth0.
Configuring Radio Parameters • Channel Configuration—Configure channel usage for each radio. • Performance—Configure enhanced data rates and performance attributes. • Admission—Specify categories of client stations that are permitted to associate to the selected radio. To configure settings on these tabs, select each in sequence, or step through using the Go links at the bottom of the panel (shown in Figure 42).
4 Configuring Radio Settings Set the following global parameters on this tab: Field Description Network Connectivity Specify the mode of connectivity to the wired network. • The default value of Any means that the AP auto-determines whether or not to initiate a backhaul based on the presence or absence of an active Ethernet link. The Any setting is influenced by the number of radios in the Airgo AP and whether or not the AP has active Ethernet connectivity.
Configuring Radio Parameters Field (continued) Description Background Scanning Enable or disable background scanning. Background scanning is performed to collect interference and radio neighbor information from the surrounding RF environment. If auto-select-channel is enabled with the Periodic option, background scanning should also be enabled. See “Channel Configuration” on page 64. Click Apply to save changes or Reset to return to previously saved values.
4 Configuring Radio Settings Table 8:World Modes (continued) 60 Country Environment Band Valid Channel Numbers Europe Indoor 5 Europe France France France France France France Outdoor Any Indoor Outdoor Any Indoor Outdoor 5 2.4 2.4 2.
Configuring Radio Parameters Table 8:World Modes (continued) Country Environment Band Valid Channel Numbers Japan Japan Japan Any Indoor Outdoor 5 5 5 34,38,42,46 34,38,42,46 34,38,42,46 Singapore Singapore Singapore Singapore Singapore Singapore Any Indoor Outdoor Any Indoor Outdoor 2.4 2.4 2.
4 Configuring Radio Settings Admin State Configuration Use the Admin State tab (Figure 43) to assign the mode or persona of each radio interface. Figure 43: Radio Configuration - Admin State Set the following parameters on this tab: Feature Description Select Radio Interface Select the AP radio (wlan0 or wlan1) Admin State of Selected Radio Enable or disable the selected radio. When the AP radio is in the disabled state, all valid configuration settings are saved.
Configuring Radio Parameters Interdependencies If Network Connectivity on the Radio Global tab (“Global Configuration” on page 57) is set to Wireless, then at least one radio must have the BP or Any persona. If the Network Connectivity setting is Wired or Any, then the personas of AP, BP, and Any are all permitted. Table 9 shows how the Network Connectivity setting on the Global Configuration tab relates to the Radio Persona Configuration on the Admin state tab.
4 Configuring Radio Settings Channel Configuration Use the Channel Configuration tab (Figure 44) to define rules for selecting radio channels. If two radios are installed in the same AP, each radio operates in a different band (2.4 GHz for one radio and 5 GHz for the other).
Configuring Radio Parameters Feature (continued) Description Automatic channel selection Specify whether the channel is chosen when the AP is started, or whether it is selected periodically. The time range for periodic channel selection is 30 minutes to 24 hours (1440 minutes). It is recommended to accept the default setting of automatic channel selection of periodic at 30 minutes. Channel Set Determine which channels the AP scans in order to determine the best channel for operation.
4 Configuring Radio Settings Performance Use the Performance tab (Figure 45) to configure enhanced data rates of 72, 96, or 108 Mbps. Figure 45: Radio Configuration - Performance Set the following values on this tab: 66 Feature Description Select Radio Interface Select the AP radio (wlan0 or wlan1) Enhanced Data Rates Enable or disable the Airgo enhanced data rates of (72, 96, and 108 Mbps).
Configuring Radio Parameters Feature (continued) Description Ack Mode Determines the acknowledgement policy for data packets. The following selections are available: • Immediate Ack – Acknowledgement is sent for every packet received. This is the default setting. • No Ack – No acknowledgement is sent when data packets are received. • To enable high performance, use this setting together with one of the enhanced data rates.
4 Configuring Radio Settings Admission Use the Admission tab (Figure 45) to specify categories of client stations that are permitted to associate to the selected radio. Figure 46: Radio Configuration - Admission Set the following values on this tab: Feature Description Select Radio Interface Select the AP radio (wlan0 or wlan1). 802.11b-g STA Admission Criteria Accept Association from Applies to the 2.4 Ghz band only. Specify the type of 802.11g or 802.
Setting the Advanced Radio Configuration Setting the Advanced Radio Configuration Select Advanced Configuration from the Wireless Services menu to open the Advanced Configuration feature panel. The panel contains the following tabs: • 802.11 Policy—Set the 802.11 modes for the AP radios. • MAC Config—Set details of the radio beacon and MAC configuration for each radio.
4 Configuring Radio Settings Feature (continued) Description IEEE 802.11 Extensions Indicate whether to support standard Dot11 extensions, enhanced extensions, or both. The checkboxes enable or disable standard 802.11 extensions such as 11h, 11e, 11g or 11i, or Airgo enhanced features, which are compatible only with Airgo client stations. If the Enhanced 802.11 extensions option is selected, then it is possible to enable the following through the CLI (they are not automatically enabled).
Setting the Advanced Radio Configuration MAC Configuration Use the MAC Configuration tab (Figure 48) under special circumstances if it is necessary to tune low level operational parameters of the radio MAC (Medium Access Control) layer. NOTE: Changes on the MAC Configuration tab should only be made by trained network personnel. The AP radio restarts automatically when these parameter changes are applied.
4 Configuring Radio Settings Set the following parameters on the MAC Configuration tab: Field Description Select Radio Interface Select the AP radio (required, wlan0 or wlan1). Beacon Period Enter the desired interval between RF beacons, in milliseconds. It is recommended to accept the default of 100 ms. (required). DTIM (Delivery Traffic Indication Message) Period Enter the interval between the times that the radio forwards multicast and broadcast packets to client stations.
Viewing Radio Statistics Figure 49: Radio State Tab Use the pull-down list to switch between radios.
4 Configuring Radio Settings 74 Field (continued) Description Current Channel Number Current channel of operation Number of channel changes Number of times the channel has changed since boot-up (AP persona only) Channel Change Cause Reason the frequency changed since boot-up, if appropriate, due to user intervention or performance degradation (AP persona only) Number of Associated Stations The number of stations that are associated to the radio (AP persona only) Number of trunks Number of backh
Viewing Radio Statistics Radio Statistics The Radio Statistics tab (Figure 50) contains information on the operation of each radio. This information varies according to whether the radio is in the AP or BP persona. The statistics refresh every 10 seconds. Figure 50: Radio Statistics Tab Use the pull-down list to switch between radios.
4 Configuring Radio Settings 76 Field (continued) Description FCS Error Count Count of FCS errors detected when receiving a MPDU. Received Multicast Frame Count Count when a MSDU is received with the multicast bit set in the destination MAC address. Multiple Retry Count Count of successful transmissions after more than one retransmission.
Viewing Radio Neighbor Details Viewing Radio Neighbor Details A radio neighbor is a radio whose beacon frame is detected by the AP. Select Radio Neighbors from the Wireless Services menu to view summary information on all the neighboring APs within beacon range (Figure 51).
4 Configuring Radio Settings Use the scrolling bars to display the full range of interfaces and data. Configuring SSID Parameters A wireless network is formed when a set of APs advertises the same value as the SSID, or network name. Figure 52 shows the Acme Works network with multiple Airgo APs, each advertising the same “Corporate” SSID.
Configuring SSID Parameters SSIDs and Service Profiles A service profile consists of VLAN, COS, and minimal security attributes applied to a network or to designated classes of users once they are authenticated by a RADIUS authentication server (security portal or external authentication server). If the service profile is defined without reference to a specific user group and bound to an SSID, then the profile is applied to all users who access the network.
4 Configuring Radio Settings SSID Table Select SSID Configuration from the Wireless Services menu to open the SSID Table (Figure 54). Figure 54: SSID Configuration - SSID Table The table lists the following information about each SSID: Field Description SSID Name Name (maximum 32 alphanumeric characters). This name is used only by the radio in AP mode, and is broadcast in its beacon.
Configuring SSID Parameters Follow these steps to rename the SSID or modify its configuration: 1 Click Modify to open the SSID Details table, which also provides access to service profiles for the SSID. 2 Enter the new SSID name. 3 Click Apply. If an SSID is renamed, all configuration details related to the old SSID name, such as service profile associations and security configuration, are automatically transferred, and the radios that operate in AP mode now broadcast the new SSID in the beacon.
4 Configuring Radio Settings SSID Details Use the SSID Details Tab (Figure 55) to modify an SSID and bind service profiles to an SSID. Figure 55: SSID Configuration - SSID Details The tab contains two areas. Use the Modify SSID Configuration area to change the current SSID configuration, as described in “SSID Table” on page 80. The bottom area shows the service profiles currently bound to the SSID.
Configuring SSID Parameters Feature (continued) Description Security Enforcement Type of encryption required for the service profile. For user groups assigned to this service profile, the security enforcement setting supersedes the encryption type configured for the overall network. Perform the following functions from the service profile list on this tab: Function Steps Bind an existing service profile to an SSID 1 Click Add to open the Bind Service Profile to SSID entry panel (Figure 56).
4 Configuring Radio Settings Profile Table The Profile Table tab (Figure 57) lists all the currently defined service profiles. Each service profile includes attributes for security enforcement, VLAN ID, and COS value. Binding a service profile to an SSID determines the privileges and restrictions that apply to user groups associated with the profile. NOTE: Changes made to SSID or service profiles cause affected users to be automatically disassociated from the AP.
Configuring SSID Parameters Perform the following functions from this tab: Function Steps Add a new service profile 1 Click Add to create a new service profile. 2 Enter the profile name, which must be unique. (required) 3 Select the VLAN for the profile. 4 Enter a COS value for the profile. The range is 0-7. For more information, see “Configuring Quality of Service” on page 111. 5 Select an enforcement level for data encryption to apply to the profile.
4 Configuring Radio Settings Use the Multiple SSID tab (Figure 59) to enable the multiple SSID feature. Make a selection, and click Apply. After enabling the multiple SSID feature, additional SSIDs can be added on the SSID Table (see “SSID Table” on page 80). When multiple SSIDs are enabled on the Airgo AP, that AP no longer broadcasts an SSID in its beacon frame.
Managing Client Stations Stations The Stations tab (Figure 60) shows the client stations that are currently associated to the AP. Figure 60: Station Management - Stations Use this panel to control association to the Airgo AP. The panel lists the following information for each client station associated to the AP: Field Description Interface The AP radio (wlan0, wlan1) MAC address MAC address of the client station User Name User name assigned through the RADIUS server.
4 Configuring Radio Settings Select a station from the list and click a button at the bottom of the panel to perform any of the following functions: Item Description Disassociate Detach the station from the AP and remove station related information.
Managing Client Stations Field (continued) Description Uplink Signal Quality Average signal quality on uplink (station to AP direction) as a percentage Uplink Rate Average uplink data rate on uplink (Mbps) Downlink rate Average downlink data rate on uplink (Mbps Received Bytes Bytes received from the station Transmitted Bytes Bytes transmitted to station Transmitted Fragments Count of transmitted MPDUs Failed Transmitted Packets Number of MSDUs that were not transmitted successfully since re
4 Configuring Radio Settings Select a station from the Station Associations table and click Security-Stats to display the following information: Field Description Station MAC address The MAC address that identifies the station Auth Type Authentication used by station (Open, Shared key, EAP or MAC-ACL) Encryption Encryption used by station (AES, TKIP, WEP, or open access) AES Transmitted Blocks Number of AES transmitted blocks.
Configuring Inter Access Point Protocol (IAPP) IAPP Service Use the IAPP Service tab (Figure 63) to enable IAPP. Selecting Enable initializes IAPP to perform network discovery and communicate with other APs. Click Apply to save changes.
4 Configuring Radio Settings IAPP Statistics The IAPP Stats tab (Figure 65) lists information about IAPP activity.
Performing Radio Diagnostics Item Description Move Response Failures Sent Number of move responses with a FAILURE status sent to other APs during the station reassociating process Move Response Failures Received Number of move responses with a FAILURE status received from other APs during the station reassociating process Number of Intra-AP Moves Number of successful station reassociations between APs Number of Intra-AP Moves Failures Number of unsuccessful station reassociations between APs Clic
4 Configuring Radio Settings Link Test Use the Link Test tab (Figure 66) to test connections to IP devices or run performance tests on specified links.
Performing Radio Diagnostics To perform a link test: 1 Click Add to open the Link Test Setup entry panel (Figure 66). Figure 67: Radio Diagnostics - Link Test - Setup 2 Configure the following: Field Description Interface Select the AP radio Station MAC Address Select the MAC address of the station included in the link test Test Criteria Select whether the test is for a specified duration (seconds) or number of packets.
4 Configuring Radio Settings Select from the following set of link test parameters to display a graph of the test results: Item Description Downlink signal strength Strength of the signal sent from the AP to the client station (percentage). Uplink signal strength Strength of the signal sent from the client station to the AP (percentage). Downlink signal quality Quality of the signal sent from the AP to the client station (percentage).
Performing Radio Diagnostics Walk Test CAUTION: These Radio Diagnostics are to be used only by Product Engineers. The information below is for reference only. Figure 69: Radio Diagnostics - Walk Test Parameter Parameter Description Range/Units WNI_CFG_CURRENT_TX_ANTENNA #of TX chains 1 to 2 / + WNI_CFG_CURRENT_RX_ANTENNA # of RX chains 1 to 3 / – WNI_CFG_DEFER_THRESHOLD Packet Detection Threshold 0–254 / dBm + 130 WNI_CFG_ACK_TIMEOUT_11A Ack Timeout 802.
4 Configuring Radio Settings Parameter (continued) Parameter Description Range/Units WNI_CFG_MAX_ACK_RATE_11B Max Ack Rate 802.11b MAC rate encoding: Rate - Entered Value 1-2 2-4 5.5 - 11 11 - 22 98 WNI_CFG_SHORT_PREAMBLE Enables or Disables Short Preamble DISABLE (0), ENABLE (1) WNI_CFG_CWMIN_0_11A Min Contention Window Size for 802.11a (TC0) 0 - 1023 / slots WNI_CFG_CWMIN_0_11B Min Contention Window Size for 802.
5 Configuring Networking Settings This chapter explains how to configure the advanced networking features of the Airgo Access Point.
5 Configuring Networking Settings Figure 70: Airgo Wireless Network Elements Enterprise Boundry NMS Pro RADIUS WAN Router with Firewall Internet Corporate Network 10/100 Ethernet Network Operations Center LAN Switch/Router AP with 2 Radios AP with 1 Radio 802.11a 802.11g/b AP with 1 Radio 802.11a (or 802.11g/b) 802.11g/b (or 802.
Configuring Bridging Services learned at each interface (port) of the bridge. The bridge configuration is automatic and requires no user configuration. Figure 71: Bridge Configuration - Bridge & STP Each bridge name is composed of a prefix, br, together with a bridge number. When the VLAN feature is enabled, the VLAN ID is used as the bridge number. br1 represents VLAN 1 and is the default bridge for forwarding user data traffic.
5 Configuring Networking Settings The default setting for STP is enabled. Disable STP if the network is small to mid-size and looping is not a concern. Bridge Statistics The Bridge Stats tab (Figure 72) provides a summary of transmit/receive statistics for each bridge or VLAN. The statistics are calculated from the last time the AP was rebooted or the Clear Statistics button was selected. Click Clear Statistics to return the collected values to zero and start collecting statistics again.
Configuring IP Routes Figure 73: Bridge Configuration - ARP Table Configuring IP Routes IP routing expands the addressing capability of the Airgo AP and allows you to mange the AP from outside its local subnet. Use the IP Routing panel (Figure 73) to explicitly address subnets that are not local. If a destination subnet is not entered into this panel, then default network routing applies.
5 Configuring Networking Settings 104 Field Description Gateway IP Enter the IP address of the gateway that will route traffic between this AP and the destination subnet. Interface Name Enter the name of the bridging interface. Use the br prefix, as described in “Configuring Bridging Services” on page 100.
Configuring VLANs Configuring VLANs VLANs are key to helping enterprises improve network traffic flow, increase load, and deliver varying levels of service and access to different groups of users. For example, Figure 75 shows how Acme Works uses two VLANs: one for normal corporate traffic and one for Finance Department traffic.
5 Configuring Networking Settings VLAN Table Choose VLAN from the Networking Services menu to list information about each VLAN and interface (Figure 76). Figure 76: VLAN Configuration - VLAN Table The VLAN table contains the following columns of information: 106 Field Description VLAN ID Identifier for the VLAN. In bridging notation, this is the numeric ID that follows the br prefix. Name Alphanumeric name of the VLAN. The field is optional, unless it is the default VLAN.
Configuring VLANs Field Description Tagged Indication of whether the identity of the VLAN is explicitly encoded in transmitted packets. Each frame contains a four-byte tag that encodes the VLAN to which the packet belongs when it is sent on a tagged interface. If the received packet is untagged, the packet is classified as belonging to the interface VLAN. If the VLAN interface is not tagged, then the AP drops any VLAN-tagged packet. When the packet is transmitted from the interface, it is be untagged.
5 Configuring Networking Settings accordingly. The Interface VLAN tab (Figure 78) specifies treatment of frames that arrive at the AP in an untagged state. Each interface is assigned to a VLAN, which then receives all untagged frames arriving at the interface. Figure 78: VLAN Configuration - Interface VLAN Make sure that the VLAN is defined before assigning an interface, and then configure the following fields: Field Description Select Interface Select the AP interface. VLAN ID Enter the VLAN ID.
Configuring VLANs Figure 79: VLAN - User VLAN Installation and Configuration Guide: Airgo Access Point 109
5 Configuring Networking Settings VLAN Statistics The VLAN Stats tab (Figure 80) provides a summary of transmit/receive statistics for each VLAN. The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics button was selected. Click Refresh to update the statistics or Clear Statistics to return the collected values to zero and start collecting statistics again.
Configuring Quality of Service Configuring Quality of Service Under normal network conditions, traffic in the wireless network is routed on a best-effort basis, and all types of traffic are treated with equal priority. Quality of Service (QoS) permits priority setting for different types of traffic, which can be important for applications in which even minor interruptions in packet transmission can have a deleterious effect on perceived results. Examples include streaming media or voice-over-IP (VoIP).
5 Configuring Networking Settings Rule (continued) Description IP Precedence Defines a mapping based on the first 3 bits in the Type of Service (TOS) byte of the IP header. Incoming packets that have an IP Precedence value can be mapped to COS. DiffServ Code point (DSCP)-to-COS Defines a mapping based on the first 6 bits in the TOS byte of the IP header. Incoming packets that have a DSCP value can be mapped to COS.
Configuring Quality of Service Ingress QOS Use the Ingress QOS tab to assign COS values to incoming 802.11 packets. If a packet has a COS value in the VLAN tag when it arrives at the AP, then its COS value is honored by the AP. If the packet is not VLAN-tagged, then it can be classified at the ingress interface by way of a COS map defined on the Ingress QOS tab (Figure 82).
5 Configuring Networking Settings Perform the following functions on this tab: Function Steps Define TCID to COS mapping 1 Select the radio interface for the mapping. 2 Select a COS value for each TCID value, or select Default to accept the default mapping. 3 Click Apply. Define VLAN-to-COS mapping 1 Click Add. 2 Select the AP interface. 3 Select the VLAN ID. (See “Configuring VLANs” on page 105 for information on VLAN IDs.) 4 Select a COS value or select Default to use the default mapping.
Configuring Advanced QoS Configure the following fields on this tab: Field Description Select Radio Interface Select the AP interface. Default Select to use the default mapping. TCID If Default is not selected, map each COS level to a TCID level. Click Apply to save your changes or Reset to return to previously saved values. QoS Stats The QoS Stats tab (Figure 84) presents incoming packet and outgoing packet counts for each of the AP interfaces.
5 Configuring Networking Settings Class-Order The COS mappings on the QoS and Advanced QoS Configuration panels may yield conflicting results for ingress packet priority. Use the Class-Order tab (Figure 84) to specify the order in which to apply each of the rules. When a packet arrives at the AP, the AP checks to see whether a mapping exists for the first rule in the class-order list. If so, that mapping is applied to the packet. If not, the AP checks whether a mapping exists for the second rule.
Configuring Advanced QoS Click Apply to save all the changes on the tab. IP-DSCP Use the IP-DSCP tab (Figure 86) to map DiffServ Code point (DSCP) values to COS and to view the current DSCP to COS maps. DSCP uses the first 6 bits in the TOS byte of the IP header, so the possible values range from 0 to 63.
5 Configuring Networking Settings Configure the following fields on this tab: Field Description Select Radio Interface Select the AP interface. Default Select to use the default mapping. DSCP String If Default is not chosen, enter up to eight DSCP values that you want to map to a specific COS value. COS Select the COS value. Click Apply to save all the changes on the tab.
Configuring Packet Filters IP Precedence Use the IP Precedence tab (Figure 88) to base the COS mapping on the first 3 bits in the TOS byte of the IP header. Figure 88: Advanced QOS Configuration - IP Precedence Configure the following fields to define an IP Precedence-to-COS map: Field Description Select Radio Interface Select the AP interface. Default Select to apply the default mapping COS If Default is not chosen, select the desired COS values. Click Apply to save all the changes on the tab.
5 Configuring Networking Settings Figure 89: Filter Configuration - Filter Table From the Filter Table tab, add a new filter by clicking Add, or edit an existing one by selecting the filter and clicking Edit. The Add Filter Entry panel opens(Figure 90). Enter or select values for the following fields: Field Description Interface Name If creating a new filter, select an interface from the pull-down list.
Configuring Interfaces Figure 90: Filter Configuration - Add Filter Entry Panel Filter Statistics The Filter Stats tab (Figure 91) lists statistics for each defined filter. The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics button was selected. The Hits column shows the number of packets of the specified type received on the interface with the defined filter.
5 Configuring Networking Settings Interface Table Choose Interface from the Networking Services menu to open the Interface Table (Figure 92). Use this tab to assign an IP address to each interface, thereby making it possible to route traffic to the interface. Without an assigned IP address, traffic can only be bridged to the interface, not routed.
Configuring SNMP Interface Statistics The Interface Statistics tab (Figure 93) shows packet and byte statistics for each of the AP interfaces. The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics button was selected. Click Refresh to update the statistics or Clear Statistics to return the collected values to zero and start collecting statistics again.
5 Configuring Networking Settings Figure 94: SNMP Configuration Enter values in the following fields to define the basic SNMP configuration: Field Description Community String Enter the alphanumeric community string (required) Community Read/Write Status Indicate the read or read/write status of the community Trap Sink IP Address Enter the IP address where SNMP traps should be sent (required) Trap Community Enter the community for SNMP traps Trap Sink Port Indicate the port identified for the
Ping Test Ping Test Use the Ping Test panel to execute an ICMP Echo Request to check network connectivity to a remote IP host. Enter the hostname or IP address of the remote host. Figure 95 shows the Ping Test panel with test results presented.
5 Configuring Networking Settings 126 Installation and Configuration Guide: Airgo Access Point
6 Configuring a Wireless Backhaul This chapter explains how to set up a wireless distribution system to cover a large area with limited wired network connectivity. It covers the following topics: • Introduction • Setting Up a Wireless Backhaul Introduction Wireless backhaul refers to the process of delivering data from a node on the wireless network back to the wired network.
6 Configuring a Wireless Backhaul Use of Radios for Backhaul Each access point in a backhaul configuration must have two radios and be enrolled in the network. One of the radios operates in normal mode to serve downstream APs or clients. The other radio assumes the backhaul role (BP), relaying network traffic from clients or other APs through the backhaul arrangement up to the wired network. Each radio operates in a different band.
Setting Up a Wireless Backhaul Setting Up a Wireless Backhaul Choose Wireless Backhaul from the Wireless menu to bring up the Wireless Backhaul configuration panel. The panel contains 4 tabs: • • • • Link Criteria—Configure criteria for backhaul trunk formation. Candidate APs—Identify APs to use for the uplink. Trunk Table—View the list of current backhaul trunks. Trunk Stats—View statistics for the backhaul trunks.
6 Configuring a Wireless Backhaul The Uplink Configuration settings on this tab restrict how the backhaul is configured. Select some or all of the settings, or leave this section blank to permit unrestricted choice of uplinks: Field Description Select Radio Interface Select radio wlan0 or wlan1. SSID Criteria Select Detected SSID to connect to a specific network. To add an SSID which is not currently in operation, select New SSID and enter the name of the SSID.
Setting Up a Wireless Backhaul Candidate APs Select the Candidate APs tab (Figure 98) to identify the access points that can be used to create the uplink to the wired network. Figure 98: Backhaul Configuration - Candidate APs The panel displays the discovered APs that are able to provide uplink connectivity.
6 Configuring a Wireless Backhaul This tab contains the following information: Feature Description Interface Name Radio interface of the BP radio (uplink) or AP radio to which downlink trunks are connected. Applies to uplink and downlink trunks. Band (2.4 GHz or 5 GHz, or both) Operating band of the uplink or downlink trunks. Applies to uplink and downlink trunks. For the uplink trunk the band is the operating band of the BP radio. For downlink trunks the band is the operating band of the AP radio.
Setting Up a Wireless Backhaul Field Description Tx Bytes Number of packets transmitted by this AP Tx Packets Number of packets transmitted by this AP Rx Multicast Packets Number of multicast packets received by this AP Click Clear Statistics to return the counts in this tab to zero and begin collecting statistics again.
6 Configuring a Wireless Backhaul 134 Installation and Configuration Guide: Airgo Access Point
7 Managing Security This chapter describes the encryption and authentication features of the Airgo Access Point and explains how to set the security configuration. The chapter includes the following topics: • • • • • • Introduction Configuring Wireless Security Configuring Authentication Zones Configuring Administrator Security Viewing Security Statistics Configuring Advanced Parameters NOTE: For information on security for access point enrollment, refer to Chapter 9, “Managing the Network.
7 Managing Security Figure 101: Elements of Airgo Security Users Security Guest Security • All WPA Modes • EAP-TLS, -PEAP, -PSK • AES, TKIP or WEP Encryption • Password or Custom Access Control • Guest-VLAN for Internet Access • Session Management Guest Security User Security Admin Security AP Security AP Security Admin Security • Secure AP Enrollment • Batch or One-Click • Certificates & Password • Admin & Operator • Username, Password • SSH, HTTPS, SNMPv3 A0047 AP Security Airgo provides a hig
Data Encryption Current user authentication standards are based on the IEEE 802.1x specification, which identifies users and permits connectivity based upon policies established in a central server. Many authentication servers use the Remote Authentication Dial-In User Service (RADIUS) protocol, which enables remote access servers to communicate with the central server to authenticate users and authorize service or system access.