NTPM99CA Nortel Networks WLAN Cable Access Point 6220 Release 2.0 CSU User Guide Standard Release 2.
Copyright © 2005 Nortel Networks All rights reserved. July 2005. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photocopying, recording or otherwise without the prior writing of the publisher. Nortel Networks and the Nortel Networks logo are trademarks of Nortel Networks, Inc.
Publication history December 2005 Issue 1.
5 Contents ABOUT THIS DOCUMENT 7 OVERVIEW 13 INTRODUCTION 13 PRODUCT DESCRIPTION 15 CSU (CORPORATE SERVICE UNIT) 17 PLANNING YOUR WLAN NETWORK 21 SITE SURVEY & PLANNING 22 WIRELESS NETWORK PLANNING 23 INSTALLATION 25 CSU INSTALLATION & CONFIGURATION 25 PROCEDURE 1-1 28 PROCEDURE 1-2 30 CONFIGURATION 33 SOFTWARE INSTALLATION (AP CONFIGURATOR) 34 PROCEDURE 3-1 36 PROCEDURE 3-2 44 PROCEDURE 3-3 52 PROCEDURE 3-4 61 PROCEDURE 3-5 63 PROCEDURE 3-6 98 ADMINISTRATION 141 SAVING CONFIGURATION 142 LOADING NEW CONFIG
WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
7 About this document This document describes the system features used in the WLAN Cable Access Point 6220 Release 2.0 Product.
Audience The intended audience for this document includes: • • • • • Installers Technicians Nnetwork planners Network & system engineers Network administrators List of Abbreviations AP APU ARP BPDU BPSK CATV CM CMTS CPE CSU DBPSK DHCP DOCSIS DQPSK DVM EAP EIRP EMI FCC FCS FTP HFC ICMP IEEE ISM ISP ITU LOS MAC MIB NAS NAT Access Point Access Point Unit Address Resolution Protocol Bridge Protocol Data Unit Binary Phase-Shift Keying Community Antenna Television Cable Modem Cable Modem Termination System
NLOS NMS NWID OLOS ONU PCMCIA PI POE PSU QAM QPSK RADIUS RF RIP SEC SMTP SNMP SNR SSID TCP TLS TTL UDP UNII UPS VLAN VSWR WEP WLAN Non Line of Sight Network Management System Network ID Optical Line of Sight Optical Network Unit Personal Computer Memory Card International Association Power Inserter Power over Ethernet Power Supply Unit Quadrature Amplitude Modulation Quadrature Phase Shift Keying Remote Authentication Dial-In User Services Radio Frequency Routing Information Protocol Super Ethernet Conv
Technical Support and Information If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support for that distributor or reseller for assistance. If you purchased a Nortel Networks service program, contact Nortel Networks Technical Support as indicated in the following table. Internet http://www.nortelnetworks.com/cgibin/comments/comments.
11 Safety guidelines This chapter contains safety guidelines that you must follow for personal safety and for the correct handling and operation of equipment. Warning and safety precautions To prevent personal injury, equipment damage, or service interruption, follow all precautionary messages found in WLAN Cable Access Point 6220 documentation and the safety procedures established by your company.
Summary of Warning and Safety Precautions REFER SERVICING TO A QUALIFIED TECHNICIAN TO REDUCE THE RISK OF ELECTRIC SHOCK WHEN THE UNIT DOES NOT APPEAR TO OPERATE NORMALLY OR EXHIBITS A MARKED CHANGE IN PERFORMANCE. WHEN INSTALLING THE UNIT, CHOOSE A LOCATION THAT PROVIDES A MINIMUM SEPARATION OF 20 cm FROM ALL PERSONS DURING NORMAL OPERATION.
Overview Introduction This document describes the system features used in the WLAN Cable Access Point 6220 Release 1.0 Product. The Wireless LAN Cable Access Point 6220 is an outdoor hardened, strandmountable access point solution designed to extend the reach of the cable operators’ hybrid fiber coax network utilizing wireless technologies from existing rights of ways.
Security Security is of the highest importance when delivering wireless services. The WLAN Cable Access Point 6220 adheres to industry standards for 802.11 devices and augments those standards with additional security features designed to provide both the cable operator and the end-user maximum protection.
Product Description Table 1-1 WLAN Cable Access Point 6220 Products PEC DESCRIPTION CSU NTPM99BC NTPM99BJ CSU,2.4G/5.8G,RADIO,Flat Panel, NA, 6Mhz CSU,POE INJECTOR Accessories NTPM99EG CSU MOUNTING KIT Documentation NTPM99CA NTPM99CB R1.0 WLAN6220 CAP DOC,PAPER R1.0 WLAN6220 CAP DOC,CD Software NTPM99DA NTPM99DB R1.0 WLAN6220 CAP SOFTWARE,CD CERTIFICAT,WLAN6220,R1.0,1/APU NTPM99DC APU Software Licenses NTPM99FA NTPM99GA CERTIFICAT,WLAN6220,R1.
CSU (Corporate Service Unit) The following is a list of WLAN Cable Access Point 6220 CSU features: • Enclosure has a POE connection interface and a DC Power Adapter Jack at the bottom of the CSU. • Operation Power & Data Traffic are mixed at POE Injector and supplied to the Ethernet Port on the CSU through CAT5 Cable. • Two types of mounting alternatives are available, pole mount and wall mount. If wall mount is used a mounting kit will be required.
Figure 1-3 WLAN Cable Access Point 6220 CSU (Bottom) Figure 1-4 WLAN Cable Access Point 6220 CSU (Front) WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
Figure 1-5 WLAN Cable Access Point 6220 CSU (Back) Figure 1-6 WLAN Cable Access Point 6220 CSU WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
Table 1-2.
21 Planning your WLAN Network The wireless network is much different than a wired network. The Installation of a wireless network requires some additional planning. This planning includes RF Link Engineering like RF Path planning, site selection, and back-bone network preparation.
22 Site Survey & Planning Definition A site survey is a task-by-task process by which the surveyor discovers the RF behavior, coverage, interference, and determines proper hardware placement in a facility. The site survey’s primary objective is to ensure that mobile workers and the wireless LAN’s clients experience continuously strong RF signal as they move around the facility.
23 Wireless Network Planning Procedure 1 (Location) 1. Select and identify enough location candidates to determine freely as the install point regardless of some design change to some extent. 2. The most crucial parameter is the range at which APU and CSU or other Wi-Fi Client is required to operate. The range can be determined by a conventional formula which consider a various kinds of environmental and radio equipment. 3.
25 Installation General This section provides a complete set of procedures for the installation of WLAN 6220 equipment. It includes cable assembling information as well as required connection information for the WLAN 6220 units, mounting and powering instructions. It is intended for use by trained installers familiar with Wireless Radio equipment installations.
26 Required Tools and Materials Before you install the WLAN Cable Access Point 6220, ensure you have the following: CSU IEEE 802.3af-2003-compliant Power over Ethernet (POE) injector Note: Ensure that the POE Injector is UL/cUL approved, with LPS (limited power source) output. Heat gun with propane/ Mapp torch 1 CAT5 Ethernet Extender Coupler “Document CD” and “Software CD” that contains the AP Configurator, online help for the System Configuration, and various documents.
27 CSU Installation & Configuration Mounting and Installation Concept Figure 3-1 CSU Installation Concept #1 on User’s facility Figure 3-2 CSU Installation Concept #2 on User’s facility By default, CSU is pole mounted. Each unit is shipped with a pole mounting module. ENSURE THE CSU HAS BEEN POSITIONED NO LESS THAN 3 FEET ABOVE THE GROUND, OR FROM A ROUGHLY HORIZONTAL SURFACE. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
28 Procedure 1-1 Mounting the CSU on the Steel Wire Strand Action Step Action 1. Prior to an installation, check if the Pole has the strength and stability to sustain the weight of CSU in a strong wind 2. Please find a mounting tool for installing CSU illustrated in Figure 330 3. Place the CSU face (RADOME side) down on a flat surface. 4.
29 Figure 3-4 Assembling the mounting bracket with a installation tool 8. Adjust the up/down tilt (- 50 º to 50 º) and move the top or bottom of the CSU until the unit is roughly positioned at the correct angle and height. Figure 3-5 CSU Pole Mounting and Antenna Tilting 100 º WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
30 Procedure 1-2 Mounting the CSU on the Steel Wire Strand Action Step Action 1. Loosen the EMI cap and slide the CAT5 or 6 cables without the RJ45 connector into the hole of the EMI hood shaped cap. 2. Follow the conventional procedure of creating a CAT5 or 6 Ethernet cable.
31 4. Secure the cable in the EMI cap by tightening it with a cable tie. Cover the connectors with black self amalgamating tape or shrink wrap tubing to ensure a waterproof seal. This is the most crucial step in the installation. If this procedure is disregarded or done insufficiently an unexpected system fault could occur in a normal operation and affect on the system performance factor relevant to the long term reliability. 5.
32 Figure 3-9 Connecting CSU and User PC by an Ethernet Cable though POE Injector Mounting Tips • Verify the Line-of-Sight -- Before installing CSU, make sure a clear line-ofsight exists. Line of sight (LOS) can be defined as each antenna clearly seeing the other antenna, and seeing the remote locations when viewing from the central base location. Be sure to look level with the center of origin of the transmission (i.e., the middle of the antenna). Repeat this procedure from the remote location.
33 Configuration WLAN Cable Access Point 6220 CSU (APU, CSU) has the following management and operational features listed below: Software Installation APU mode Basic Configuration and Operation Test CSU mode Basic Configuration and Operation Test Testing the connection between APU & CSU (APU mode) and CSU Testing Wireless Network Performance Basic Configuration Advanced and Optional Configuration
34 Software Installation (AP Configurator) The WLAN Cable AP Configurator is used to configure your wireless networking devices. Both the executable file needed to install the Configurator and the online help for the Configurator (*.chm) are included on the Software CD that you received with your hardware device. Refer to the online help or the WLAN Cable AP Configuration User Guide on the Document CD for detailed instructions on how to configure your device.
35 Figure 4-2 Software Installation Launching 3. Follow the onscreen instructions to install the Configurator. Figure 4-3 Installation Dialog Window If you are installing the Configurator for the first time, files are stored in the directory Program Files/Nortel/WLAN Cable AP Configurator. If you are upgrading from a previous Configurator installation, your files will be stored in the directory where you last saved the Configurator files.
36 Procedure 3-1 Basic configuration and Operation Test (APU Mode) Action Step Action 1. The CSU(APU mode) has the following factory default parameters: Factory Default IP address: DHCP Client (Ethernet 1) Read Write Password: public SNMP Secure Configuration Password: public IEEE 802.11 Interface Setup - Mode Selection: APU SDM(Secure Data Mode) - Base station mode: Polling(Primary) - Frequency Æ 802.11b/g Unit: CH1 (2412 MHz) Æ 802.
37 Figure 4-4 Test Network Configuration (Radio Connection) 3. Prepare a Laptop computer and a client unit to test and configure the CSU at the installation location. 4. Connect Laptop PC to CSU Ethernet port with a straight-forward cable to setup. 5. Launch the Configurator by either double clicking the WLAN Cable AP Configurator icon on your desktop or by opening the file config.exe from the directory “C:\Program Files\Nortel\WLAN Cable AP Configurator” where software is installed at. 6.
38 Figure 4-5 Configurator Starting Window 7. Right click on the IP address of CSU, and then select ‘Configure This Device’. or click “Configure Remote” button below the list box. 8. The Change IP window is displayed, as shown in the following screenshot. Figure 4-6 IP setup dialog box 9. Enter an IP address that will be local to the IP of the PC/laptop running the Configurator, and then click the OK button in Read Write Password window.
39 10. The SNMP Password dialog box is displayed, as shown below. 11. Press “Enter” key or enter a new password instead of the default password “public” in the basic SNMP password box. Figure 4-7 SNMP Read Write Password dialog box 12. The main window is redisplayed. 13. To setup the interface, Click on the Interface Setup button. 14. The Interface Setup screen is enabled and displayed, as shown in the Figure 4-9 Figure 4-8 AP Configurator Main window WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
40 Figure 4-9 Interface setup dialog box 15. If you have an 802.11 radio card, click the Setup 2 button to set up the 802.11 interface. 16. Click the Setup 2 button. The IEEE 802.11 Setup screen is displayed, as shown in Figure 4-10. 17. Select a radio standard to use according to the built-in antenna specification like a operating frequency range. Ex) 2.4GHz antenna : 802.11b/g, 5.8GHz antenna: 802.11a 18.
41 20. Click on the advanced button to set up crucial parameters such as Radio Frequency, Transmit Rate (Bandwidth) and Network ID. 21. The Advanced Setup screen for a Secure Data Mode is shown below. 22. Setup all radio parameters including a frequency channel and transmit power referring to the permitted setting value specified in the following tables per radio standard. Figure 4-11 Advanced setup dialog box [802.
42 [802.11g] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 54 Mbps 6 Mbps 48Mbps 11 Mbps 36 Mbps 5.5 Mbps 24 Mbps 2 Mbps 12 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard.
43 [802.11b] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 11 Mbps 5.5 Mbps 2 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
44 23. Select the Network ID in Network Settings referring to Appendix G “Wireless Network Planning”. Note: the Secure Data Mode network ID number (0-15) is used to differentiate between multiple Secure Data Mode stations using the same System Access Pass Phrase. This is used to allow a Secure Data Mode CSU to specify the APU mode unit that it wants to connect to if two APU mode units can be seen by the same CSU. Generally, this value should be the same as the Channel Number.
45 26. Select “Specify an IP address” and type a specific IP address and gateway IP address. Click OK button. Note: Except for cable modem built-in APU, the CSU to operate as APU mode is required to set a mandatory static IP address for the unit even though it can be set in both static IP and DHCP setup. But, you can set DHCP mode to the CSU(APU mode) so that it can retrieve it’s IP address from a remote or local DHCP server.
46 Procedure 3-2 Basic configuration and Operation Test (CSU Mode) Action Step Action 1. The CSU(CSU mode) has the following factory default parameters: Factory Default IP address: DHCP Client (IEEE 802.11 2) Read Write Password: public SNMP Secure Configuration Password: public IEEE 802.11 Interface Setup - Mode Selection: CSU SDM(Secure Data Mode) - Base station mode : N/A - Frequency Æ 802.11b/g Unit: CH1 (2412 MHz) Æ 802.11a Unit: CH149 (5745 MHz) - Network ID: 0 - Transmit Rate Æ 802.
47 Figure 4-14 Test Network Configuration (Radio Connection) 3. Prepare a Laptop computer and a client unit to test and configure the CSU at the installation location. 4. Connect Laptop PC to CSU Ethernet port with a straight-forward cable to setup. 5. Launch the Configurator by either double clicking the WLAN Cable AP Configurator icon on your desktop or by opening the file config.exe from the directory “C:\Program Files\Nortel\WLAN Cable AP Configurator” where software is installed at. 6.
48 Figure 4-15 Configurator Starting Window 7. Right click on the IP address of CSU, and then select ‘Configure This Device’. or click “Configure Remote” button below the list box. 8. The Change IP window is displayed, as shown in the following screenshot. Figure 4-16 IP setup dialog box 9. Enter an IP address that will be local to the IP of the PC/laptop running the Configurator, and then click the OK button in Read Write Password window.
49 For example, in case the IP address of Laptop computer is 192.168.0.100/24, the CSU will be allowable in 192.168.0.1/24 ~ 192.168.0.254/24 as the IP address subnet group. 10. The SNMP Password dialog box is displayed, as shown below. 11. Press “Enter” key or enter a new password instead of the default password “public” in the basic SNMP password box. Figure 4-17 SNMP Read Write Password dialog box 12. The main window is redisplayed. 13. To setup the interface, Click on the Interface Setup button. 14.
50 Figure 4-19 Interface setup dialog box 15. If you have an 802.11 radio card, click the Setup 2 button to set up the 802.11 interface. 16. Click the Setup 2 button. The IEEE 802.11 Setup screen is displayed, as shown in Figure 4-20. 17. Select a radio standard to use according to the built-in antenna specification like a operating frequency range. Ex) 2.4GHz antenna : 802.11b/g, 5.8GHz antenna: 802.11a 18.
51 20. The Advanced Setup screen for a Secure Data Mode is shown below. 21. Setup all radio parameters including a frequency channel and transmit power referring to the permitted setting value specified in the following tables per radio standard. Figure 4-21 Advanced setup dialog box [802.11a] Frequency Channel 149 5745 MHz 153 5765 MHz 157 5785 MHz 161 5805 MHz Transmit Power Maximum 50% 25% 12.
52 [802.11g] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 54 Mbps 6 Mbps 48Mbps 11 Mbps 36 Mbps 5.5 Mbps 24 Mbps 2 Mbps 12 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard.
53 [802.11b] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 11 Mbps 5.5 Mbps 2 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
54 22. Select the Network ID in Network Settings referring to Appendix G “Wireless Network Planning”. Note: the Secure Data Mode network ID number (0-15) is used to differentiate between multiple Secure Data Mode stations using the same System Access Pass Phrase. This is used to allow a Secure Data Mode CSU to specify the APU mode unit that it wants to connect to if two APU mode units can be seen by the same CSU. Generally, this value should be the same as the Channel Number.
55 25. Select “Specify an IP address” and type a specific IP address and gateway IP address. Click OK button. Figure 4-23 IP setup dialog box Note: Except for cable modem built-in APU, the CSU to operate as CSU mode is required to set a mandatory static IP address for the unit even though it can be set in both static IP and DHCP setup. For your reference, APU and CSU (APU mode) have DHCP Server feature which can assign an IP address to all networks entities like CSU and PC in the sub-network.
56 Note: If you select the DHCP option, it is recommended (though not required) that you set up your DHCP server to always provide the same IP address to this Secure Data Mode Station system. 26. For a more detailed setup, refer to the procedure 3-5(Basic Configuration) and 3-6(Advanced and Optional Configuration). WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
57 Procedure 3-3 Testing the connection between APU & CSU(APU mode) and CSU The Configurators’ Wireless Link Test screen is used to diagnose the wireless link quality between your APU and any CSU associated with the APU. The Wireless Link Test displays the diagnostic counters that apply to the radio interface and a single remote station connected to this APU.
58 Figure 4-25 Test Network Configuration (Maintenance & Testing Setup) WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
59 4. Launch the Configurator by either double clicking the WLAN Cable AP Configurator icon on your desktop or by opening the file config.exe from the directory “C:\Program Files\Nortel\WLAN Cable AP Configurator” where software is installed. 5. The Configurator runs the IP Address for your APU and the Test CSU (and the IP addresses for any other devices in your network) appears in the Configurator window, as shown below. Figure 4-26 Configurator Starting Window 6.
60 9. If you can find out the IP address of the APU on the IP address window, move the cursor to the appropriate IP address. Figure 4-27 IP address list box 10. Right click on the IP address, and click the Configure button below the list box on the left side of a configurator window. The Read/Write Password screen is displayed, as shown below. Figure 4-28 SNMP Password (Read/Write) 11. Enter the password “public” for the device you have selected at both text boxes, and then click the OK button.
61 12. If the Setup tab is displayed in the main window as shown below, SNMP checking is a success. Figure 4-29 Setup Tab Note: When you test the CSU(APU mode) with Test CSU, you don’t have to change the parameters of CSU(APU mode) with AP configurator. After all the tests are completed, you should configure the CSU(APU mode) according to your local network design idea. 13. Select Wireless Link Test from the Analyze Tab. The Enter IP Address screen is displayed, as shown below.
62 14. Enter the Remote IP Address and Read/Write password for the wireless station you wish to test. The Select a Remote Link Partner screen is displayed, as shown below. Figure 4-31 Remote Link List window 15. From the list of station names, select the remote station or client you wish to test. Select a station from the list, and then click on the Link Test button to perform a link test. Note: Clicking the Explore button refreshes the list of stations that can be selected. 16.
63 Figure 4-32 Remote Link Test Status Window 18. The advice button enables you to investigate the outcome of the Remote Link Test assessment in more detail and provides you with troubleshooting hints to improve the quality of the link between the two remote nodes. The following table summarizes the possible results of clicking the Advice button, and what action is warranted based on the results: 19.
64 Table 4-4 Radio Link Status Status Excellent Risk None Good None Marginal Communication is still possible, but this situation may affect the unit's performance. “No Connection” Communication is no longer possible. If the unit was in the process of transferring files, data may not have arrived at the intended destination, or it may have been corrupted. Action You do not need to perform further diagnostics.
65 Quality Indicator is Black None. The base station may be busy collecting diagnostic measurement results from the unit. If the indicator remains blank, click the other button to return to the Select a Remote Link Partner screen. Click the Explore button to refresh the list of Link Test Partners. If the initial partner no longer appears, it may have been switched off, or have been moved outside the range of the selected Initiator Station.
66 Procedure 3-4 Testing Wireless Network Performance Testing Wireless Network Performance (Ping Fill Test) Action Step Action 1. On the Analyze tab, click the Ping Fill Test button. The Enter IP Address screen is displayed. Note: The above IP address should be that of the CSU (Client of APU) which can get the IP address list box at the AP configurator. Figure 4-33 IP Address Tab 2.
67 Figure 4-34 Ping Fill Test Parameters 6. As soon as Ping Fill test is over, you can see the result windows as below. 7. Record the results of Average Transfer Rate. It is recommended that the results window be captured as a picture and saved in the file. Figure 4-35 Ping Fill Test Results Window WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
68 Procedure 3-5 Basic Configuration Set Up General Configuration Options The Setup tab is used to define the configuration options for the device, and the General Setup screen is used to enable various setup options. Click on the Setup tab, then click the General Setup button to display the General Setup screen as shown below: Figure 4-36 General Setup window Note: This menu has been modified for use in this manual.
69 Figure 4-37 General Setup window Enable Bridging Selecting this checkbox in General Setup will allow you to access the Bridge Setup screen, which you can use to enable your device’s transparent Ethernet bridging feature. This allows for the transference of Ethernet packets between physical networks connected directly to the base station. If enabled, the base station will transfer Ethernet packets from one interface to the other (for example, between the wireless and the wired networks).
70 If enabled, you will need to set up routes on the IP Routing screen or you will not be able to access your hardware unit when you exit the Configurator program. Enable Remote Bridging Using IP Tunnels This option allows you to encapsulate Ethernet packets of any protocol in IP and then send them to another Secure Data Mode Bridge/Router to deencapsulation. Select this checkbox to enable this capability.
71 serves as a simple firewall for incoming connections, since only traffic initiated by an interior computer is permitted through the NAT. Enable Incoming Network Address Translation Select this checkbox if you will be using Incoming NAT to multiplex traffic from the network to all the computers on the internal network. Incoming Network Address Translations (NAT) is used to redirect requests to servers in the local address space based on the port of the request.
72 MAC Authentication Access Control - Selecting MAC Authentication Access Control enables access to the Advanced Authentication Setup screen, which provides more detailed MAC authentication setup options, and disables access to the Access Control Setup screen. Set Up Interfaces Once you have enabled various configuration options, you need to define the network interfaces for your hardware device.
73 and routing purposes. If this checkbox is not selected, then all traffic on this interface will be considered local traffic. Note that the “Remote” designation is significant only for the Security filters, and does not imply physical location. The security filters will pass (permit) or drop (deny) packets of particular types from being forwarded between interfaces designated as “Local” (unchecked) and those designated as “Remote”. Note: At least one enabled interface must be a remote interface.
74 Figure 4-39 Ethernet Setup window The Secure Data Mode station will automatically set up the Ethernet interface to use the type of medium that has been connected to the unit. By default, the Ethernet connection is set at 10 Mbit/sec for both half duplex and full duplex. Therefore, you do not need to configure special settings for the Ethernet hardware interface. If you wish to customize the Ethernet settings, you can change the settings listed below.
75 Figure 4-40 802.11 Radio Interface Setup window (APU Secure Data Mode) Figure 4-41 802.11 Radio Interface Setup window (CSU Secure Data Mode) 802.11 Network Name-- The 802.11 Network Name is used in standard IEEE 802.11 networks to distinguish stations in your 802.11 network from stations that belong to a neighboring 802.11 network.. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
76 The value used for the radio interface on this station should be the same for all wireless stations in the 802.11 network. Only stations configured with the proper 802.11 Network Name will be able to connect to the 802.11 station's radio interface. The Network Name can be any alphanumeric string in the range of "a" to "z,” "A" to "Z" and "0" to "9,” and can contain from 1 to 32 characters.
77 Setting a base station to non-polling mode may increase performance in the rare case where all satellites can hear one another (i.e. there are no hidden nodes), or when there is sporadic network use. In an environment where most network traffic is with one satellite, and other satellites rarely transmit data, this setting may also increase performance. However, it is highly recommended that you select one of the polling modes.
78 Setup... are not applied to wireless-only traffic in the non-filtering ISP Secure Data Mode Base Station Mode. We strongly recommend that you set your Secure Data Mode Base Station to ISP Base Station with Protocol Filtering mode when connecting Windows PC Client satellites.
79 Frequency Channel Enable Signal Quality Front Panel Display-- On units that have a front panel display that is capable of displaying the signal quality, selecting this checkbox will enable the signal quality display. Deny Inter-Client Traffic on this Interface-- Select this checkbox if you wish to prevent wireless stations from sending packets to each other directly. Usually, the AP will repeat station-to-station traffic and will not send it to the bridge and firewall filters.
80 [802.11g] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 54 Mbps 6 Mbps 48Mbps 11 Mbps 36 Mbps 5.5 Mbps 24 Mbps 2 Mbps 12 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard.
81 [802.11b] Frequency Channel 1 2412 MHz 2 2417 MHz 3 2422 MHz 4 2427 MHz 5 2432 MHz 6 7 8 9 10 11 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz Transmit Rate 11 Mbps 5.5 Mbps 2 Mbps 1 Mbps Transmit Power Maximum 50% 25% 12.5% Antenna Gain Max allowable antenna gain: 12 dBi Caution: Do not use any other antennas except as ET-PR12 exceeding the allowed Max antenna gain value (12dBi) in case you select 802.11g/b as operation radio standard. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
82 Network ID-- Enter the Secure Data Mode network ID number (0-15) used to differentiate between multiple Secure Data Mode stations using the same System Access Pass Phrase. This is used to allow a Secure Data Mode satellite to specify the Base Station it wants to connect to if two base stations can be seen by the same satellite. Generally, this value should be the same as the Channel Number. 802.11 Frequency Setup-- Clicking the Frequency button on the 802.11 Setup screen displays the 802.
83 24Mbps [802.11g] Transmit Rate 54 Mbps 6 Mbps 48Mbps 11 Mbps 36 Mbps 5.5 Mbps 24 Mbps 2 Mbps 12 Mbps 1 Mbps [802.11b] Transmit Rate 11 Mbps 5.5 Mbps 2 Mbps 1 Mbps A lower signal will increase the noise. In essence, the poorer the signalto-noise ratio, the lower this rate should be set. Note: The transmit rate affects only the transmissions made by this station. Note: The channel/frequency values are usually determined by network administrators.
84 802.11 Security Setup Clicking the Security button on the 802.11 Setup screen displays the 802,11 Security Setup screen, which allows you to set up security for your 802.11 devices. Note that the fields shown in the screenshot below will vary depending on the version of the Configurator you are using and the options contained in the .bin file. The screen below shows all available options. Figure 4-43 802.
85 Deny Non-Encrypted Data-- Select this checkbox if you want to deny all received data that is not encrypted. When this checkbox is selected, any packet received that is not encrypted using one of the four WEP Encryption keys listed above will be dropped. When this checkbox is not selected, unencrypted packets will be accepted and/or forwarded. Warning: You should always select this checkbox if WEP is enabled in any form.
86 Figure 4-44 General Setup Window Figure 4-45 Advanced Authentication Setup Window When a station tries to connect to the hardware device (via Ethernet, 802.11, etc.), the AP can decide whether or not to forward packets to or from that station based on authorization criteria. There are three authentication modules that comprise MAC authentication, but the network administrator determines which of those three modules are used.
87 administrator decides whether there will be more or less (or no) authentication on an interface-by-interface basis. For example, an administrator can permit MAC addresses entered as part of the ACL only on 802.11, but can permit MAC addresses entered through RADIUS Setup for both the Ethernet and 802.11 interfaces.
88 Figure 4-46 Authentication Module Setup Window 4. Click the MAC RADIUS tab. The MAC RADIUS Setup screen is displayed, as shown below. Figure 4-47 Authentication Module Setup Windows WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
89 The MAC RADIUS Setup screen is used to define advanced authentication and accounting options for clients that are authenticated via RADIUS using the client's MAC Address as the RADIUS username. RADIUS authentication and accounting server IP addresses and port numbers are set up using the MAC RADIUS Setup screen. Note that this particular MAC RADIUS module applies only to Ethernet and 802.11 access point interfaces.
90 Enter a value in this field if you wish to disconnect users after a period of inactivity. The value entered will be the number of seconds that must pass without activity before users are disconnected. The default value is 300 seconds (or five minutes). The range of accepted values is between 0 and 3825. Disable Grace Period -- The grace period allows a client to roam between access points without losing open TCP connections. Select this checkbox if you wish to disable the grace period.
91 time a user is logged on. Typically, you will do this if you wish to bill the client based on time or traffic. Note: Accounting must be used with authentication. You cannot use accounting without authentication. Enable RADIUS Accounting Interim Updates -- Select this checkbox if you wish to allow RADIUS accounting updates. If this feature is enabled, the number of bytes and packets sent by a client will be updated according to the update interval defined on the Advanced RADIUS Setup screen.
92 Configure the APU for Advanced RADIUS MAC Authentication 1. From the MAC RADIUS Setup screen, click the Advanced RADIUS Settings button. The Advanced RADIUS Setup screen is displayed, as shown below. Figure 4-48 Advanced RADIUS Setup Window The Advanced RADIUS Setup screen is used to configure optional RADIUS-related parameters. 2. Enter values in the Advanced RADIUS Setup screen, as indicated by the field descriptions below. NAS Identifier - This field displays your Network Access Server (NAS) name.
93 Use New Accounting Session ID After Authentication -- Select this checkbox if you wish to use another ID for accounting after authentication has taken place. Interim Update Interval -- Set the interval (in minutes) between interim updates. The interim update is used to send information in between normal "start/stop" packets. Interim updates are useful because they provide a log of network traffic at a regular interval. The default value for the interim update interval is 15 minutes.
94 • • • Access Control List (ACL) RADIUS Accounting MAC RADIUS Accounting MAC RADIUS Authorization For each of the above Authentication/Accounting types, special handling of RADIUS Realms can be enabled or disabled using the "Enabled RADIUS Realms in this mode" checkbox. Depending on the selected Authentication/Accounting type, different options are available for how to handle RADIUS realms. Following Realm Name -- Select the type of behavior that will be used for the realm.
95 • Example: User provided smith, Behavior is set to Force, user provides the realm name microsoft.com, but yahoo.com is entered in the realm name field. The user is authenticated as jsmith@yahoo.com) Note: The available behaviors vary depending on the type of accounting or authorization realm selected. The following table shows the types of behaviors available for each type of accounting or authorization realm.
96 Configure the RADIUS Server Once the AP has been configured for basic operation, you are ready to configure the device for HotSpot Mode and Firewall functionality. This is a four-step process: • • • • Configure the RADIUS Server for Authentication (and, optionally, Accounting) Configure the APU for Basic RADIUS MAC Authentication. Configure the APU for Advanced RADIUS MAC Authentication. Set up HotSpot Functionality Each step is explained in more detail below.
97 amount of time a client has been authenticated. It is commonly used by Terminal Servers or Network Access Servers (NASs) whenever a user logs on and off a dialup Internet service. Note: This screen is only available if the MAC Authentication Access Control button on the General Setup screen has been selected.
98 Primary Server Accounting Port -- In the RADIUS dialog, enter the accounting port (default = 1812) for the RADIUS server (the host). Secondary Server Authentication Port -- If you are using a second RADIUS server for network robustness, enter the authentication port (default = 1812) for that RADIUS server (the host). Secondary Server Accounting Port -- If you are using a second RADIUS server for network robustness, enter the accounting port (default = 1812) for that RADIUS server (the host).
99 Procedure 3-6 Advanced and Optional Configuration Once you have set up the basic network configuration, you may choose to set up one or more optional or advanced configuration components. This chapter describes how to configure the following optional and advanced components: Set Up the Bridge The Bridge Setup screen is used to set up the bridge.
100 Protocol Filtering The Protocol Filtering section of the Bridge Setup screen allows you to select a handling method (Bridge, Deny, or Tunnel) for the most common protocols. Figure 4-51 Protocol Filtering Setup window 1. Select the protocols from the list that you wish to handle separately, or click the Custom button to add an unlisted protocol. Click the OK button when finished to re-display the Bridge Setup screen.
101 Tunnel Button--The Tunnel button is used in conjunction with the protocols listed in the Protocol Filtering list. Select a protocol from the list and click the Tunnel button to indicate that the selected protocol should be tunneled. Deny Button-- the Deny button is used in conjunction with the protocols listed in the Protocol Filtering list. Select a protocol from the list and click the Deny button to indicate that the selected protocol should be denied.
102 Permit Ethernet Multicasts-- If you wish to deny multicast traffic in your bridged network, deselect this option. Normally, however, you will select this option to permit Ethernet multicasts. Note: This option applies to all Ethernet interfaces, and not simply to Ethernet traffic. Advanced Bridging Features The Advanced Bridge features can be accessed by clicking the Advanced Features button on the Bridge Setup screen.
103 Permit Multicast Button-- Select this checkbox if you wish to permit multicast. Prune Multicast Button-- Select this checkbox if you wish to prune multicast. Enable Learned Table Lockdown--A standard Bridge/Router watches the source addresses of each packet it receives on any of its interfaces. As new addresses are seen, entries are added in the “learned table” that contain the particular source address and the interface number that address was received on.
104 Storm Threshold Setup The Storm Thresholds screen is used to set threshold values for broadcast and multicast messages. In most situations, you will not need to set the Storm Thresholds. However, if intensive multicast or broadcast messaging is typical of the network protocols used in your network environment, you may wish to control the maximum number of broadcast and multicast messages.
105 Multicast Address Threshold-- Enter the maximum number of multicast messages per second that will be received from a single network device (identified by its MAC address). Broadcast Interface 1 Threshold-- Enter the maximum number of broadcast messages per second that will be received on Interface 1 (typically Ethernet). Multicast Interface 1 Threshold-- Enter the maximum number of multicast messages per second that will be received on Interface 1 (typically Ethernet).
106 spanning tree algorithm works. The default settings for the Spanning Tree Algorithm will provide satisfactory performance for most Local Area Network (LAN) topologies. Enable Spanning Tree -- Select this checkbox if you wish to enable Spanning Tree capabilities. Figure 4-54 VLAN Spanning Tree Setup window Bridge Priority -- The Bridge Priority parameter allows you to influence the choice of the Root Bridge and Designated Bridge as calculated by the Spanning Tree Algorithm.
107 When the bridge receives protocol information that exceeds the Max Age value, the bridge will discard the information and start the Forward Delay timer to allow other bridges to forward updated topology information (for example, that another bridge has become the Root Bridge). Note: Recommended Value (20 seconds) A low Max Age value occasionally may cause the Spanning Tree to reconfigure unnecessarily, resulting in temporary loss of connectivity throughout the network.
108 A higher value may result in longer partitions after the Spanning Tree reconfigures. Port Priority-- Normally the Bridge Port priority in Spanning Tree topologies is imposed by the Root Bridge and the applicable values of the Path Cost to the Root Bridge. When concurrent bridge ports of a single bridge unit are connected in a loop, this parameter enables you to influence which port should be included in the Spanning Tree.
109 Set Up IP for APU and CSU The IP Setup screen allows you to set the Secure Data Mode Station's IP Addressing information. The Secure Data Mode Station must have an IP address assigned to it if you wish to connect to it using the Configuration tool, which makes use of SNMP to connect to the Secure Data Mode Station.
110 You can set the life expectancy for packets originating from this Secure Data Mode Station using the Default TTL (Time to Live) field. You can use syslog messages to log information such as logins, service errors and general configuration information. Since there is no storage on a base station, a general purpose computer is needed to log these messages. To set the syslog host that will accept syslog messages, use the Syslog Host Address and Syslog Host Facility fields.
111 Note: This field is only enabled when the Specify an IP Address radio button has been selected. Our Subnet Mask-- Enter the subnet mask for the base station. Note: This field is only enabled when the Specify an IP Address radio button has been selected. Default Router IP-- Enter the IP address of the router. Note: This field is only enabled when the Specify an IP Address radio button has been selected.
112 Set Up SNMP The SNMP Setup screen allows you to manage a network environment that includes multiple base stations where you can use the Simple Network Management Protocol (SNMP). SNMP setup allows you to create multiple authorization levels for network management that are password protected. Figure 4-56 SNMP Setup window Read Password-- This password enables you to create a network management level where a local LAN Administrator can view, but not modify, the SNMP parameters.
113 System Name-- Optionally, enter the logical location of a base station (for example, the network segment to which the base station has been connected). System Location-- The optional field to identify the physical location of a base station. For example, the building or room where the base station is located at Trap Host IP Address-- The IP Address of the network management station that collects the SNMP Trap messages.
114 Input SNMP Access List Dialog - Overview Clicking the Add button displays the SNMP Access List Dialog, which allows you to enter the IP addresses and subnet masks of those stations that you have designated as stations that will manage networks using SNMP. Figure 4-57 Input SNMP Setup window IP Address-- The unique IP address of the SNMP management station you wish to add or edit. IP Mask-- Enter the Subnet mask, or clicks the Select button to display the IP Mask List and select a mask from the list.
115 Set Up IP Routing The IP Router Setup screen is used to set up IP Routing. This enables the base station to send IP packets to the appropriate subnet or router. Once you have set up the basic IP Router configuration, you may also want to set up the following optional components: Note: This option is only available if the Enable IP Routing checkbox on the General Setup screen has been selected.
116 Default Router IP Address-- Enter the IP Address of the router that the base station should use to communicate with networked devices outside its current subnet. Default Router Serial Interface-- The Secure Data Mode station has several network interfaces to which it may be connected. An interface number is required for the Secure Data Mode station to know which interface to use to send packets addressed to a given destination.
117 period of time. The IP ARP table relates each (wired or wireless) station's IP address to its physical MAC Address so the base station knows how to address Ethernet messages bound for a particular IP Address. If you disable (uncheck) ARP cache aging, the base station will not remove entries from this table, and it may fill up over time. The base station can hold up to 10,000 entries in the ARP table. Enable Multicast Pruning-- Select this checkbox if you want to enable multicast pruning.
118 IP Address-- The IP address specifies the basic IP address to route. IP Mask-- The Subnet Mask which defines the basic class of IP addresses that will be routed. Clicking the Select button displays the IP Mask List, which the shows the IP Masks that can be used as public or private IP masks for IP routing. The list consists of all possible subnet masks, and represents the range of addresses that will be translated. Interface-- An interface number specifies where the IP subnet is attached.
119 IP Address-- The IP Address which specifies the basic IP address to route. IP Mask-- Enter the IP subnet mask for the IP address to be routed, or click the Select button and choose a subnet mask from the list. Clicking the Select button displays the IP Mask List, which the shows the IP Masks that can be used as public or private IP masks for IP routing. The list consists of all possible subnet masks, and represents the range of addresses that will be translated.
120 Send RIP-2 Default Route-- If the base station sends the Routing Information Protocol (RIP) default route (0.0.0.0) to other routers and hosts attached to a particular interface, select that interface's checkbox on the Send RIP Default Route line. By default, the base station will not send the Default Route on a particular interface unless this box is checked. In the example shown in the screenshot, the base station will send RIP routes only on interfaces 1 and 2.
121 information its own IP ARP table, that is: IP Address 10.7.3.5 -> MAC Address 00:60:1d:04:4d:88. Proxy ARP is useful in many situations to reduce unnecessary network traffic, but is especially useful when you have clients in power-save mode, to prevent them from being 'woken up' whenever an ARP is done. Enable BOOTP/DHCP Forwarding -- Select the interfaces for which you would like the base station to forward BOOTP and DHCP requests on to the BOOTP/DHCP server, which is specified in 'Forwarding Host’.
122 DHCP Server Setup The DHCP Server Setup screen is used to set up the base station's Dynamic Host Configuration Protocol (DHCP) Server feature. The DHCP Server feature is a basic DHCP Server that can enable any and all wireless (or other) clients that connect to the base station to obtain their IP Address information from this Secure Data Mode.
123 the DHCP client within the given Lease Time, or the IP Address will be made available to another client. Note: The Secure Data Mode Station does NOT store DHCP address assignments between restarts. If the Secure Data Mode Station is rebooted, it will ARP for each address in the provided address range, recording which client is using which IP address. Note: Be careful not to include the default router's IP address in the Offered IP Address range.
124 Enable DHCP Server on Interface-- Select the interface on which you wish to enable the DHCP server. Set Up Outgoing Network Address Translation (NAT) Outgoing Network Address Translation (NAT) allows multiple computers to share a single IP address to connect to an IP network, including the Internet. This allows homes, small businesses, and Internet Service Providers to have Internet service for all of their computers without having to pay for additional IP addresses.
125 Public IP Address-- The IP address/mask seen by the external network. Note: The IP address and subnet mask must be the same as the one in the IP Setup dialog under the Setup menu. Public IP Mask-- The IP mask seen by the external network. Note: The IP address and subnet mask must be the same as the one in the IP Setup dialog under the Setup menu.
126 Set Up Incoming Network Address Translation (NAT) Incoming Network Address Translations (NAT) is used to redirect requests to servers in the local address space based on the port of the request. If, for example, the client at local address 10.0.1.2 is serving web pages, and a request comes to the access point on that port for a web session, then the request will be forwarded to the web server on 10.0.1.2. The server will respond with the web page to the address of the original request.
127 IP Addresses/Ports-- This window displays the public and private IP address/port pairs that you have previously defined. Public IP Mask-- The public subnet mask for your local (internal) servers in the dialog. The public IP mask is paired with the Public IP address on the Input IP Address screen, as shown in the screens below. Note: The public IP Mask must be the same subnet mask that was used in the setup of the external (or global) address of the base station.
128 Note: The Public IP address is paired with the Public IP mask on the Incoming Network Address Setup screen, as shown in the screenshots below. Public Port-- The public port for the service you wish to use. For a discussion of the ports on which well known services run, see http://www.tatanka.com/doc/technote/tn0081.htm. Note: The public IP address must be the same for different local servers, but the port will be different (e.g. different ports for SMTP, FTP, web servers, etc.).
129 Figure 4-66 Firewall Setup window Add/Edit IP Address Mask Pair The Add/Edit IP Address Mask Pair screen is used to enter both the IP Address and Subnet Mask of both the local network (or machine) you would like to protect and the remote network (or host) you would like to protect it from. A particular filter is applied only to traffic between the specific local and remote networks (or hosts) shown in the list. If you wish to filter all traffic, set the Remote IP Address and Subnet Mask both to '0.0.
130 Figure 4-68 TCP Security Filter Setup window TCP Port Options Clicking the Port Options button on the TCP Security Filter screen displays the TCP Port Options screen. To set how the firewall filter is applied for a given port, select the port (or the line labeled 'All other ports') from the Selected TCP Ports list, and click on the 'Port Options' button. This will display the window below, which you can click on for more information.
131 Figure 4-70 UDP Port Options Setup window UDP Port Options Clicking the Portion Options button on the UDP Security Filters screen displays the UDP Port Options screen. To set how the firewall filter is applied for a given port, select the port (or the line labeled 'All other ports') from the Selected UDP Ports list, and click on the 'Port Options' button.
132 Figure 4-72 Firewall Option Setup window Enable Data Encryption-- Select this option if you wish to enable the data in packets sent between the IP hosts or subnets specified in this filter to be encrypted/decrypted by the Secure Data Mode Station. This option is not available if Data Encryption is not enabled on the General Setup screen. Permit Non UDP/TCP Packets-- Select this option if you would like the Secure Data Mode Station to allow IP packets that are neither TCP nor UDP, such as ICMP.
133 Log Non UDP/TCP & Source Routed & Fragment Packets-- Select this option if you want to log to the syslog for all packets that are not UDP/TCP, are source-routed, or are fragmented. Trap Non UDP/TCP & Source Routed & Fragment Packets-- Select this option if you want the Secure Data Mode Station to SNMP Trap messages whenever a non-TCP or non-UDP, Source Routed, or Fragmented IP packet is received by the Secure Data Mode Station. SNMP Traps are sent to the SNMP Trap Host specified in SNMP Setup.
134 Custom IP Protocol-- If you wish to explicitly allow or deny access to a given IP protocol not listed in the two panels above, you can add that protocol to the list by simply typing it in the Custom IP Protocol field and clicking on the right arrow button [->] next to the text field. You do not need to add a protocol to the list unless you have specific requirements for that particular protocol.
135 Outgoing ICMP Filters Clicking on the Outgoing ICMP button on the Firewall Setup screen displays the Outgoing ICMP Filters screen, which allows you to permit or deny ICMP packets from going out from the local to remote interfaces. This allows you to deny diagnostic messages requested by internal (private) sources in this filter from being sent to external (un-trusted) machines.
136 Permit Outgoing Destination Unreachable-- Permit Destination Unreachable packets generated on the (private) local network to be sent to external machines Permit Outgoing Source Quench-- Permit Source Quench messages generated by gateways on the local network to be sent to remote machines sending packets to that gateway. Permit Outgoing Redirect-- Permit Redirect messages generated by gateways on the local network to be sent to remote machines sending packets to that gateway.
137 Figure 4-76 Incoming ICMP Filter Setup window Permit Incoming Echo Request and Outgoing Reply-- Permit Echo Requests sent from remote (un-trusted) computers to be sent to machines on the local (private) network, and allow the local machine to reply to them. Permit Incoming Time Request and Outgoing Reply-- Permit Timestamp Requests sent from remote (un-trusted) computers to be sent to machines on the local (private) network, and allow the local machine to reply to them.
138 Permit Incoming Source Quench-- Permit Source Quench packets generated by gateways on the remote network to be sent to gateways on the local network. Permit Incoming Redirect-- Permit ICMP Redirect packets generated by gateways on the remote network to be sent to machines on the local network. Permit Incoming Time Exceeded-- Permit Time Exceeded messages generated by machines on the remote network to be sent to machines on the local network.
139 Figure 4-77 SNMP Authentication Record Setup window Authentication Class Number-- Enter a number for an SNMP-based username/password firewall authentication bypass class. The Authentication class works much like a UNIX user group does; you can specify what types of packets a person in this authentication class can pass through the firewall when logged in with the approved username and password. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
141 Administration The WLAN Cable Access Point 6220 CSU has the following management and operational features listed below: Saving Configuration Loading new Configuration Uploading Software Rebooting the remote station
142 Saving configuration Saving the current configuration settings to the hardware device is a onestep process: Use this File Menu option to save the base station configuration parameters to the location from which they were read. If the configuration was read from a base station, it will be saved to the CSU from which it was read. If the configuration was read from a file, the modified configuration will be saved back to that file.
143 3. The message box will be displayed, as shown below, and then left click on the OK button. Figure 5-3 Reboot Message Dialog Box 4. Just after this saving, APU or CSU will be restarting automatically. Loading new configuration The 'import config file' option enables you to 'copy' the parameter values that you entered to configure the first Secure Data Mode Station to the other units.
144 2. And the browse window will appear. Figure 5-5 Open Config File Window 3. Select the configuration file in the specific folder, and Click ‘Open’ button, 4. Then, bridge/brouter Configuration Program” screen will appear. Figure 5-6 Confirm Open Config File Dialog Box 5. Left click on the OK button. Uploading Software There are ten steps that must be done to import the .bin file and its corresponding license file. Be sure you have downloaded and know the location of your files before you start. 1.
145 Figure 5-7 Upload Software Menu 2. Browse to the location of your .bin file, and select it. Figure 5-8 Open binary Window 3. Click on the ‘Open’ button, and the "License Key Setup" screen will appear: WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
146 Figure 5-9 License Key Setup Window 4. Click on the "Import License Key" button, and an "Open" dialog box will appear: Figure 5-10 Open License Key Window 5. Select the license file that corresponds to the Ethernet MAC of the unit you are working with. (If you have "Licenses for this MAC address" selected in the file type drop box, only the licenses for the MAC of the current unit will appear.) 6. Click on the ‘Open’ button WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
147 Figure 5-11 License key setup window 7. Click on the ‘OK’ button Figure 5-12 Setup window 8. You can see an initial setup windows and then, From the File menu, select upload software as below. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
148 Figure 5-13 Selecting Upload Software Figure 5-14 Enter IP address dialog 9. Enter the IP address of the unit to upload new software binary and Click on the ‘OK’ button. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
149 Figure 5-15 Uploading Confirmation Dialog 1 10. Click on the ‘OK’ button Figure 5-16 Uploading Confirmation Dialog 2 11. Click on the ‘OK’ button Figure 5-17 Uploading Binary Information Dialog Box 12. Click on the ‘OK’ button 13. “Saving ….Please be patient” screen will appear as below WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
150 Figure 5-18 Saving software uploading window 14. Click on the ‘OK’ button Figure 5-19 Reboot Message Dialog Box 15. Click on the ‘OK’ button 16. Software Uploading complete. WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
151 Reboot a Remote Station(APU and CSU) The Reboot Remote option of the file menu allows you to reboot remote devices if stations get dropped from the network. Please follow the rebooting procedure to reboot a station from a remote location. 1. Select File/Open Remote Config. 2. Enter the IP address and read/write password for the target base station. 3. Once the configuration has been read from bridge, select File/Reboot Remote. 4. The APU or CSU will restart and run startup diagnostics.
153 Troubleshooting
154 1. Why can CSU setup a radio connection to the APU? Such situations are caused by various reasons as below: - Mismatching between the radio setup parameter of APU and that of CSU + Radio Channel + Network ID (NWID) + WEP Encryption Key - Radio Link Designing Problem(Link Distance, Antenna Direction and so on) 2. How many CSU subscribers can connect to a single WLAN Cable Access Point (APU Secure Data mode)? Eight CSU subscribers can connect to a single WLAN Cable Access Point in secure data mode. 3.
155 The IP stacks in some PC operating systems, such as Microsoft Windows, often do not respond quickly enough to the ICMP Echo packets to obtain an accurate assessment of your network throughput. When running the Ping Fill test to a Microsoft Windows system, your results may be slightly lower than normal throughput. 5.
156 8. Please provide the list of parameters for the different levels of signal strengths i.e. No Connection, Poor, Acceptable, Good, and Excellent. How do I determine what is good and bad? What these values will mean, is somewhat specific to the environment being worked under. For example, a Signal to Noise Ratio of 15 may be fine for one area and 15 may not work very well in a high noise area. So here are some general guidelines.
157 9. Can I block unwanted MAC addresses from the Ethernet interface? It is possible to set an Access Control List to set all of your allowable MAC's on the Ethernet (everything else on the Ethernet will be denied) by reading the configuration from the unit with the WLAN Cable AP Configurator. Go to the Setup tab -- General Setup -- Select the Mac Authentication Access control radio button and click OK.
157 Appendix A. Specification A.1 General A.2 Antenna A.3 RF Filter Protector B. Enclosure Dimension C.
160 Appendix A. Specification General o o o o o o o o Case: Aluminum alloy steel (Body), RADOME Size: 180 (W) x 239 (L) x 81 (D) (mm) 7.08 (W) x 9.40 (L) x 3.19 (D) (inch) Weight: 1.3 Kg / 2.8659 lbs Elements: Access Point, POE Splitter, Built-in Antenna in CSU body, RADOME Ports: POE Ethernet Port(RJ-45/CAT5), 12V DC Jack Temperature: -40 ~ 65 ºC (Operating) Power supply(Option): 802.3af compliant POE Injector (45V DC, 315 mA) Power Consumption : MAX 10W (Current < 0.
161 Software o o o o o o o o o o o o o o o o o Firmware : CSU Secure Data Mode (Subscriber Station) Wireless Service Protocol : Secure Data Mode, Dynamic Polling Standard RADIUS server support Wired Equivalent Privacy encryption - 64, 128, AES Firewall (ICMP/UDP/TCP/IP Protocol Filtering) Layer 2 Protocol Filtering BOOTP/DHCP (Server, Relay, Client), Static IP NAT (Incoming/Outgoing) Routing Protocol (RIP v2, Static) Restriction of Broadcast Storm SNMP v1, Software upgrade via TFTP GUI Program : Windows B
162 ET-PR12 Built-in Panel Antenna (2.4GHz) WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
163 ET-5PR12W Built-in Panel Antenna (5.8GHz) WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
164 Appendix B. Enclosure Dimension WLAN Cable Access Point 6220 CSU NTPM99CA Rel 2.
165 Appendix C. Site Survey Calculating the system parameters Free Space Microwave signal will be attenuated as it travels through space according to the following equation Gs = Ptx + Gtx + Grx – (RS) Gs : System Gain Ptx : Transmit power level in dBm Gtx : Transmit antenna gain in dBi FSL: Free space loss attenuation in dB Grx : Receive antenna gain in dBi RS : Receiver Sensitivity in dBm Lt = FSL + Mp Lt : Transmission Loss FSL : Free Space Loss FM : Fade Margin + Other Loss(Cable) FSL : 92.
166 Figure A.5 Radio Link Analysis Determining the Distance between both sites Gs = Lt = Ptx + Gtx + Grx –(RS) = (92.4 + 20Log(F) + 20Log(R))+10 Gs = Constant = (36.6 + 20Log(F) + 20Log(R))+10 Calculating Distance (R) between both sites Case Study Transmitter: APU, Receiver: CSU Ptx : 15dBm Gtx : 7dBi (Omni-directional) Grx : 18dBi RS : - 83dBm F : 2.4 GHz R: 5 mile FM: 12 dB (Conventional Setting Value) Gs = Ptx + Gtx + Grx – (RS) Gs(Flat Panel) = 15 + 15 + 18 - (-83) = 131 FSL : 36.
167 FRESNEL ZONE For a link to truly be line-of-sight, no objects such as buildings, cars, etc. or the ground may be within a certain height perpendicular to the line of sight path called the first fresnel (pronounced fray-nell) zone. This height of the fresnel zone H (in feet) is specified by the equation below. H = 43.3 x sqrt (D/ (4xF)) D: distance in miles between antennas F: Frequency in GHz Case Study D: 10 F: 2.4 H = 43.3 x sqrt (10/ (4x2.4)) H = 44.19 feet HF = 44.19 * 0.6 = 26.
168 Earth bulge For long links the curvature of the earth will may block the line of sight path unless the antennas at both ends of the link are positioned high enough above the ground. This height must be added to the FRESNEL ZONE height for each antenna. HE = D^2/8 H = Earth bulge height in feet D=distance between antennas in miles Case Study D: 10 mile HE = D^2/8 = 10^2/8 = 12.5 feet Figure A.7 Earth Bulge Total height required at midpoint HT = HF + HE Figure A.