Access/One™ Network User Guide
ACCESS/ONE™ NETWORK User Guide Part Number: 210-0007-01 Revision B, June 2005 All rights reserved. This document may not be reproduced or disclosed in whole or in part by any means without the written consent of Strix Systems, Inc. © Strix Systems, Inc. 310 N. Westlake Blvd., Suite 150 • Westlake Village, CA 91362 USA Tel 805.777.7911 • Fax 805.777.7916 http://www.strixsystems.
FCC Notice The enclosed wireless network device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1. This device may not cause harmful interference. 2. This device must accept any interference received, including interference that may cause undesired operation. This wireless network device has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
The Access/One™ Network contains a Lithium battery in the BME base module which is NOT replaceable by the user CAUTION: Discard used batteries according to manufacturer's instructions. ATTENTION: Mettre au rebut les batteries usagées conformément aux instructions du fabricant. VORSICHT: Entsorgung gebrauchter Batterian nach Angaben des Herstellers. Installation Warning Warning Read the installation instructions before you connect the wireless network device to its power source.
Table of Contents INTRODUCTION....................................1 INSTALLATION .....................................2 ASSEMBLY AND SELF IDENTIFICATION ...2 MANAGER/ONE..........................................2 HOST NETWORK REQUIREMENTS ...........9 USER SECURITY CONSIDERATIONS .......11 MANAGEMENT ...................................13 LOAD IMAGE ...........................................16 REBOOT NETWORK ................................17 UPDATE NAMES.......................................
U S E R G U I D E Introduction T his User Guide describes the Strix Access/One Network and its elements. Access/One Network is a wireless LAN infrastructure that is designed to be simple and secure. This guide follows the same approach. It is comprised and written as a series of short, simple and largely independent sections that can be read in any order. This user guide covers wireless network installation, configuration, security and management.
U S E R G U I D E Installation T his chapter provides instructions on how to assemble the Nodes and to install and use Manager/One utility. It also lists the services/servers which Access/One Network expects to be present in the host wired network infrastructure. ASSEMBLY AND SELF IDENTIFICATION Each Network Node arrives in its own well-marked box that contains its disassembled and individually wrapped constituent modules.
U S E R G U I D E To install Manager/One, follow these simple steps: 1- Download the Manager/One plug-in file (.zip) from http://www.strixsystems.com 2- Open the zip file and run the setup.exe file. The following window will appear: 3- After a few seconds the following window will appear. When it does, click on the ‘Next’ button.
U S E R G U I D E 4- When the following window appears, read the Software License, select “I accept the terms in the license agreement” and click the ‘Next’ button. If you select “I do not accept the terms in the license agreement” the installation will terminate. 5- When the following window appears, enter your User Name and your Organization, and select who the application will be installed for (“all users” or “me”). Click the ‘Next’ button when ready.
U S E R G U I D E 6- When the following window appears, select “Complete” as the setup type and click the ‘Next’ button. 7- When the following window appears, click the ‘Install’ button.
U S E R G U I D E 8- The following window will then appear. The installation process can be cancelled at any moment by clicking the ‘Cancel’ button. 9- When the following window appears, click the ‘Finish’ button to complete the installation process.
U S E R G U I D E 10- The next time you launch your Web browser, a Manager/One icon will be placed in the top menu, similar to the figure below.
U S E R G U I D E You can now select (double-click) any Node in the list to expand it, and right-click on the selected module to page, ping, or Telnet into it as shown in the figure below: To manage Access/One Network click on any listed Network Server, which you will see when you expand a Node that contains one. A login window (shown below) will appear and the Manager/One utility window will close.
U S E R G U I D E Enter the administrator User Name – “Admin” and a Password. The default password is “Admin” but we strongly recommend that you to change it immediately after logging into the Manager/One application. Click the ‘OK’ button to login to Manager/One. An initial network view page will appear. Refer to the Management and Configuration section for more information about how to use Manager/One to configure and manage your network.
U S E R G U I D E FTP server – is required to transfer firmware and configuration from distribution media to Access/One Network modules. Software distribution via an FTP server relies on user accounts to maintain security. Access/One Network modules are capable of specifying a user name and password (including anonymous) to log into an FTP server. Directory access may be configurable based on the FTP server software, so Access/One Network related files may be available only to Access/One Network modules.
U S E R G U I D E USER SECURITY CONSIDERATIONS The topic of security may be split into two categories: network-level security (inter-Network Node) and user security (station/user device to Network Node). Network-level security is an integral part of the Access/One Network and requires no external resources.
U S E R G U I D E Local Authentication – The Access/One Network is responsible for determining whether the user device/station has network privileges. Since most access points don’t have a user database, there is typically very little information for a system like Access/One Network. One mechanism to determine user privileges is an Access Control List, which disallows (or allows) any user based on their MAC address. However, MAC addresses can be spoofed so this method is not secure.
U S E R G U I D E Management M Anagement of the Access/One Network has been designed to be as simple as possible. This chapter describes the network views, naming conventions and rules to include and associate a newly installed Network Node as part of your Access/One Network. Visual cues are provided that indicate network ‘health’, along with the presence of unattached or rogue Node/devices. Explanations of other management windows are also provided, such as the Node detail and status windows.
U S E R G U I D E Click anywhere within the frame in order to enter the cloud (IP subnet) and view the details. In the below example, notice that some of the Network Nodes are sky blue in color and some are dark grey in color. The Nodes that are sky blue have yet to be included as part of the new Access/One Network that was named in the previous step and are still associated to the default network name (AccessOne), as listed below each Node.
U S E R G U I D E As shown below, if the screen displays Nodes that are red in color but that do not have a lock symbol on them, these are nodes that are in alert status which should be investigated further. The white box below each Node is a label provided for Node identification purposes, and is set as the Base Module’s serial number in the default configuration. This label can be changed to be more meaningful, e.g. Room123.
U S E R G U I D E LOAD IMAGE Click on the ‘Load Image’ command in the ‘Manage’ sub menu to send the command to load a new image to each of the modules in all of the Nodes within the network. The parameters of the FTP location where the new software image resides should be set via the ‘Configure’ tab (use the ‘Firmware FTP’ command in the submenu) before attempting to load a new image to the network.
U S E R G U I D E REBOOT NETWORK The ‘Reboot Network’ command will reboot each of the modules in all of the Nodes within the Access/One Network. This is required when network-level configuration changes are made or a new image is loaded. The Network Server will generate the request in stages in order to monitor the progress of the network reboot.
U S E R G U I D E UPDATE MEMBERSHIP The cloud display indicates all of the Network Nodes in the network (including rogue Strix Nodes). Nodes which belong to the Network Server cloud name are dark grey in color and have a checkbox that is checked. Nodes which are sky blue in color and have an unchecked checkbox are not part of the cloud but may be admitted. Nodes which have no checkbox or are red with a lock symbol may not be admitted to the cloud.
U S E R G U I D E Status results of commands issued to an Access/One Network module: Running: there are no pending commands against this module and it is communicating with the Network Server Link Lost: Manager/One has lost contact with this module for more than a minute Command Started: Manager/One is attempting the command Command Sent Successfully: the command was received by the module Command Sent: the module replied that it was received Command Executed Successfully: the command was executed on the
U S E R G U I D E NODE STATUS Selecting any Node listed on the network view will update a frame on the left side of the window showing the Node’s status and its components. You may close this frame at any time by selecting the “<<” button on the line separating the frames. This frame shows all the Node components, their roles, IP addresses and status.
U S E R G U I D E The Monitor frame in the main network window presents a summary of the network health. Nodes under heavy load or losing management connectivity are considered less stable and will not be counted as a stable Node in the Access/One Network.
U S E R G U I D E Configuration U se information in this chapter to configure all or any subset of Access/One Network Nodes simultaneously. Individual modules within the Nodes will present similar configuration screens if and when you drill down to the module-level configuration screens. Module-level configuration is described in Appendix 1. SYSTEM CONFIGURATION The system configuration allows the following changes to be made: DNS settings, administrator password, or outdoor environment selection.
U S E R G U I D E • User Name: Enter the user name that is required to access the web server interface within the Network Server Module. The default value for the User Name is ‘Admin’. The user name is case sensitive. • Password: Enter the password that is required to access the web server interface within the Network Server Module. The default value for the Password is ‘Admin’. The password is case sensitive.
U S E R G U I D E WIFI The Wi-Fi network settings can be configured from this window, including SSID, SSID parameters, and 802.11a and 802.11g Wireless options. • SSID: This field defines the identifier of the Service Set to which all the Access/One Network Wireless Modules belong. User devices must provide this SSID to connect to Access/One Network. You may enter an alphanumeric string that is between 1 and 32 characters in length that user devices will associate with in Infrastructure mode.
U S E R • G U I D E Enabling 802.11g Only Mode: Clicking on the ‘enable 802.11g Only mode’ checkbox will configure all 802.11g Wireless Modules in the Access/One Network to support 802.11g only. In this mode each 802.11g Wireless Module will only support 802.11g user devices, which will improve the performance of the 802.11g network. If this mode is not enabled (default configuration) the 802.11g Wireless Modules will support both 802.11b and 802.11g user devices simultaneously.
U S E R G U I D E ADVANCED WIFI Advanced Wi-Fi network settings are configurable from this window. • Country Code: The Regulatory Domain for all Access/One Network Node is preconfigured in manufacturing and can not be changed by the user. • Data Rate: Select a data transmission rate from the drop-down menu. The ‘best’ selection will adapt the rate to the best available.
U S E R G U I D E • Transmit Power: Select the Wireless Modules’ level of transmit power from the dropdown list box. The choices are Full, Half (-3dB), Quarter (-6dB), Eighth (-9dB) and Minimum. Decrease the transmit power if you wish to decrease the range of the Wireless Modules in the Access/One Network. The default value is ‘Full’. Note: the Wireless Modules themselves will adapt to the conditions in the RF ‘neighborhood’ automatically, so Strix does not recommend changing this parameter.
U S E R G U I D E • Protection Rate: Determines the rate to generate the RTS/CTS frames when protection mode is enabled. • Protection Type: The protection will apply to CTS (Clear To Send) or both RTS and CTS. The RTS-CTS setting provides more robust protection but performance will be reduced for 802.11g. • Short Slot Time: If the network contains a combination of 802.11b and 802.11g user devices, enabling this will give precedence to 802.11g traffic.
U S E R G U I D E FIRMWARE FTP This window is where FTP parameters are set at the network level in order for software updates to be made to the Access/One Network. • Host Name: FTP server host name. • User Name: FTP server user name. • Password: FTP server password. • Path: Identify any accessible directory for downloading an image. Note: The downloaded file will always be ‘accessone.bin’ when configured via Manager/One.
U S E R G U I D E Security WIFI SECURITY This window is where Wi-Fi network Security parameters are set for Access/One Network. • Authentication Mode: This option selects the authentication type that will be used. o Open: Local authentication. o Shared Key: A static shard WEP key will be used for authentication. This option is not recommended since all users will be using the same key. o Dynamic Key: The authentication server (RADIUS) will give a key to each user for unicast traffic.
U S E R G U I D E • Encryption Mode: This option selects the type of encryption used. o Clear: Available for Open or Dynamic authentication. Messages will be sent unencrypted between user devices and the Access/One Network Nodes. o WEP: Wired Equivalency Privacy (WEP) is a security protocol for WLAN. It encrypts data using an RC4 stream cipher with a seed of 64, 128 or 152 bits.
U S E R G U I D E If ‘Dynamic’ key is selected for Authentication Mode, a Security Server Configuration appears: The user can enter RADIUS (Remote Authentication Dial In User Service) Server parameters here or on the next tab (Security Server). For dynamic encryption, the Access/One Network Nodes communicate with an authentication server to obtain encryption keys to use. • RADIUS Server: Specify the Host name or IP address of the RADIUS Server. • RADIUS Port: Specify the RADIUS port number.
U S E R G U I D E The Network Connect solution for Access/One Network prevents unauthorized wireless connections from being established to the network by blocking user traffic in two scenarios: 1. If the Network Connect is configured for the default cloud name (AccessOne), Manager/One forces the Administrator to approve/admit the Network Node to the cloud before user traffic is bridged to the network. 2.
U S E R G U I D E o Strict: Only stations assigned ALLOW permissions in the ACL will be granted access to the network, regardless of encryption settings. In addition, if the entry is configured for an encryption key, the station is also required to match that key before gaining access. If no ACL entry exists for a MAC address it will not be allowed to associate with the network.
U S E R G U I D E Inventory T his tab provides administrator with an inventory view of the Access/One Network. The inventory list consists of Module serial numbers, Module types, Module status and IP addresses assigned. Apply Configuration T his tab is used to apply any changes that have been made at either the network (cloud) or subnet (sub-cloud) level. Once this tab has been clicked, the changes are propagated and applied to all Network Nodes and modules within the Access/One Network.
U S E R G U I D E Appendix 1: Module / Device Management DEVICE The ‘Device’ tab has two submenu items. The ‘About’ submenu provides information about the selected module, such as code version, serial number, MAC address, etc. The ‘Reboot’ submenu is used when a reboot needs to be performed on just this module, and is immediate.
U S E R G U I D E CONFIGURE The ‘Configure’ tab enables the module-level configuration to be performed. Click the ‘Update’ button at the bottom of the page for any changes to be saved. A ‘Reboot’ button will appear after clicking ‘Update’ as it is necessary to reboot the module after changes are made. The ‘Module’ submenu (shown below) is used to configure basic module-level details, such as name, network assignment, static IP address, static DNS and management password.
U S E R G U I D E The ‘WiFi Radio’ submenu (shown below) is used to configure module-level Wi-Fi settings, such as module role (Client Connect, Network Connect), SSID, RF type, etc. The ‘Advanced WiFi’ submenu (shown below) is used to configure advanced module-level WiFi settings, such as country code, data rate, transmit power, etc.
U S E R G U I D E The ‘Script’ submenu (shown below) is used to configure an individual module with a text script. The ‘Firmware FTP’ submenu (shown below) is used to configure module-level FTP settings, such as host name, user name, password, file path, file name, etc.
U S E R G U I D E The ‘Factory Default’ submenu (shown below) is used to reset the module back to its factory default configuration. SECURITY The ‘Security’ tab enables the module-level security configuration to be performed. Click the ‘Update’ button at the bottom of the page for any changes to be saved. A ‘Reboot’ button will appear after clicking ‘Update’ as it is necessary to reboot the module after changes are made.
U S E R G U I D E The ‘WiFi ACL’ submenu (shown below) is used to configure module-level Wi-Fi Access Control List (ACL) settings, such as ACL mode, add/remove stations, etc. MONITOR The ‘Monitor’ tab provides module-level monitoring functions. The ‘Radio Statistics’ submenu (shown below) is used to view module-level details and statistics, such as status, authentication / deauthentication / association / disassociation attempts, receive/transmit packet statistics, error statistics, etc.
U S E R G U I D E The ‘Station List’ submenu (shown below) is used to view a list of devices/stations that are attached to the specific module being managed. Each station’s ID, MAC address and state are provided. Any station’s MAC address can be clicked on for more detailed statistics summary for that station.
U S E R G U I D E Appendix 2: Specifications T His chapter lists the basic protocols and features supported by the Access/One Network and its Network Nodes. It also includes the environmental and regulatory characteristics of the hardware. For more up-to-date information, please refer to the Strix Access/One Network data sheets. PHYSICAL ATTRIBUTES Module Description User Interfaces Size BME0 Base Module with no RJ-45 18V DC input 5.0” x 3.65” x 1.
U S E R G U I D E USER COVERAGE RANGES FOR 802.11A, 802.11B, & 802.11G Exact range calculations for each of the technologies cannot be provided as many factors impact the range and coverage area. These factors include; physical environment configuration, interfering factors (such as walls, cubicles, desks, elevators, etc), and use of external versus antenna module, to name just a few.
U S E R G U I D E Appendix 3: CLI Commands T his chapter lists the Command Line Interface (CLI) commands available through every Access/One Network module. A Telnet session can be started by ‘right-clicking’ on the module displayed in the Manager/One window of your browser. The term ‘cloud’ used in the commands is refers to the Access/One Network as a whole, while ‘sub-cloud’ denotes an IP subnet or other arbitrary grouping of the Access/One Network Nodes.
U S E R G U I D E ftransfer params set … - Set ftp parameters hostname username password path filename ftransfer params get - Get ftp parameters ftransfer download image - Download image file ftransfer download configuration - Download configuration file ftransfer restore image - Restore previous image ftransfer restore configuration - Restore previous configuration ftransfer upload image current - Upl
U S E R G U I D E get ipmask - Display IP Subnet Mask get login - Display Login User Name get nameaddr - Display IP address of name server get cloudname - Display Cloud Name get subcloudname - Display Subcloud Name get stackid - Display Stack Id get outdoorenviron - Display outdoor environment get radiusname - Display RADIUS server name or IP address get radiusport - Display RADIUS port number get snmp - Display SNMP Community Name get sntpserver - Display SNTP/NTP Server IP address
U S E R G U I D E quit - Logoff rawftp - Software update via FTP reboot - Reboot Access/One remotenc add - Add remote network server IP address remotenc remove - Remove remote network server IP address remotenc show - Show remote network server IP address run - Run command file set cloudname - Set cloud name set dhcp disable - Disable DHCP set dhcp enable - Enable DHCP set domainsuffix - Set Domain Name Server suffix set factorydefault - Restore to default factory settings set snmp
U S E R G U I D E set pager off - Module LED returns to current state set pager on - Module LED repeats Red, Green, Orange sequence set password - Modify Password set radiusname - Set RADIUS name or IP address set radiusport - Set RADIUS port number set radiussecret - Set RADIUS shared secret set sntpserver - Set SNTP/NTP Server IP Address set syslog server - Syslog server configuration set syslog console - Syslog console configuration set syslog file - Syslog file configuration set sy
U S E R G U I D E bc shownodes bc showdevices bc sendcfg cloud bc sendcfg subcloud bc imageload cloud bc imageload subcloud bc pagerenable cloud bc pagerenable subcloud bc pagerdisable cloud bc pagerdisable subcloud bc reboot cloud bc reboot subcloud bc setview cloud bc setview subcloud bc setview device bc include all bc include devices bc exclude all bc exclude devices bc changestname bc help -Show nodes in cloud -Show devices in
U S E R G U I D E Appendix 4: Frequently Asked Questions NETWORK ELEMENTS QWhat are the elements that make up the Strix Systems product? A- Access/One Network is a modular system with several categories of building blocks that perform specific roles within the system. These categories are Client Connect, Network Connect, Wireless Workgroup, and Network Server.
U S E R G U I D E PRODUCT ASSEMBLY AND SETUP QWhich modules can be used for wireless Network Connect. A- Both the WM11A and WM11G Wireless Modules can function as either Network Connect (wireless uplink) or a Client Connect (for user connectivity). The exact function of a WM11A or WM11G Module is determined automatically by the Access/One Network based on needs of the Node.
U S E R G U I D E PRODUCT PERFORMANCE QWhat bandwidth can I expect? A- Actual data throughput is approximately one-half the link rate at these ranges for 802.11 technology, which is standard for these types of products. Q- How many Network Server Modules do I need? A- A single Network Server is needed for every eight (8) Network Nodes in the Access/One Network, regardless of the RF technology is being used.
U S E R G U I D E Q- Describe the “Active Discovery” process and how it works. A- When a Network Node is turned on in an Access/One Network the individual modules within the Node automatically discover each other and determine their physical position and role within the Node, including whether the interface to the network is wired or wireless. The Network Node then automatically discovers the rest of the Nodes in the Access/One Network via the wired or wireless Network Connect.
U S E R G U I D E These security features provide various options to prevent access to the wireless network by unauthorized devices. In addition, the Access/One Network contains a RADIUS client that can interface with a RADIUS network server for user-level authentication (i.e. by providing a unique username and password). This is an important extra level of security for customers that are concerned that device-level security is not enough.
U S E R G U I D E The configuration function consists of items such as general and advanced parameters, security and privacy settings, firmware updates, and SNMP configuration. As you would expect, from these screens all of the standard networking and wireless parameters can be defined and set. Examples include SSID, Turbo on/off, DHCP/static IP, Encryption on/off, WEP/TKIP/AES, Encryption key and length, 802.1x enable, and RADIUS setup.
U S E R G U I D E For 802.11a, either the Antenna Module can be used or one of Strix’ external antennas can be attached via the external Reverse SMA connectors. Again, the recommendation is to use the Antenna Module for most applications unless there is a requirement satisfied by an external antenna. Q- What LEDs exist and what do they mean? A- Each Access/One Network module, with the exception of the Antenna Module, contains a single multi-state LED on the front panel.
U S E R G U I D E Appendix 5: Security Overview W ireless network security is challenging for several reasons. First, the problem is very different from the wired network security because the boundaries have changed. In addition, initial attempts at wireless security (e.g., 802.11b) were seriously flawed, but commercially successful. Solutions that hope to capitalize on these markets must compensate for their flaws while remaining compatible.
U S E R G U I D E AUTHENTICATION The authentication process begins with one of two local authentication procedures and may optionally include a remote authentication for additional security. A pre-authentication MAC address filter (Access Control List) can be used to prevent devices from authentication attempts, but is difficult to manage scale and MAC address substitution is supported on almost all wireless network interface cards (NICs). Local authentication choices are open or shared key.
U S E R G U I D E Variations on the EAP theme MD5: The MD5 protocol is essentially CHAP (RFC 1994) over EAP. When the identification request is made to the user device (supplicant), the user name is sent to the RADIUS server. The RADIUS server sends a challenge to the supplicant, which the supplicant responds to with a one-way hash based on its known password. The server compares the challenge response with its version of a one-way hash based on what it knows as the password.
U S E R G U I D E TTLS: Tunneled TLS uses a TLS tunnel to create a secure connection between the device and the AP before user credentials are exchanged. The TLS tunnel is created using a server based certificate only. Once the TLS tunnel exists, the supplicant authenticates with the server with CHAP or MSCHAP. The credentials can even use clear text because the traffic is protected.
U S E R G U I D E Unique Key: The unique key slot is supported by some NICs and allows a more robust static key operation by assigning a specific key to each device based on the MAC address. The unique key is used to encrypt unicast packets, as the default session key is still necessary for broadcast packets. SOME ATTACK TYPES Wireless attacks can be categorized into two types: passive and active.
U S E R G U I D E WI-FI AND WPA REQUIREMENTS WPA is a subset of the 802.11i standard and boosts the original static WEP security by mandating 802.1x remote authentication procedures and the advent of Temporal Key Integrity Protocol (TKIP) which is comprised of the following improvements: Longer IV: The initialization vector for WEP is 24 bits long and is subject to reuse after a short period. The new IV is 48 bits long, making it less susceptible to reuse.
U S E R G U I D E Glossary 802.11: An IEEE specification that defines wireless LAN (WLAN) data link and physical layers. The specification includes data link layer media access control (MAC) sub-layer, and two sublayers of the physical (PHY) layer—a frequency-hopping spread-spectrum (FHSS) and a directsequence spread-spectrum (DSSS). 802.11a: A supplement to the IEEE 802.
U S E R G U I D E AP: access point. A physical edge device that allows wireless user devices to access network resources. Sometimes it is referred to as a base station or a Node. ARP: address resolution protocol. A TCP/IP protocol that binds logical (IP) addresses to physical (MAC) addresses. authentication: The process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication: open system and shared key.
U S E R G U I D E DHCP: dynamic host configuration protocol. A method for dynamically assigning IP addresses to devices on a network. Issues IP addresses automatically within a specified range to devices such as PCs when they are first powered up. The device retains the use of the IP address for a specific license period defined by the system administrator. DSSS: direct sequence spread spectrum.
U S E R G U I D E FTP: file transfer protocol. A TCP/IP based protocol for file transfer. FTP is defined by RFC 959. GMK: group master key. A cryptographic key used to derive a group transient key (GTK) for the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). GTK: group transient key. A cryptographic key used to encrypt broadcast and multicast packets for transmissions using the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
U S E R G U I D E Odyssey: An 802.1X security and access control application for wireless LANs (WLANs), developed by Funk Software, Inc. OFDM: orthogonal frequency division multiplexing. A technique that splits a wide frequency band into a number of narrow frequency bands and sends data across the sub-channels. The 802.11a and 802.11g standards are based on OFDM. open system authentication: The IEEE 802.11 default authentication method.
U S E R G U I D E plenum: A compartment or chamber to which one or more air ducts are connected. plenum-rated cable: A type of cable approved by an independent test laboratory for installation in ducts, plenums, and other air-handling spaces. PMK: pair-wise master key. A code derived from a master secret and used as an encryption key for IEEE 802.11 encryption algorithms. A PMK is also used to derive a pair-wise transient key (PTK) for IEEE 802.11i robust security. PoE: Power over Ethernet.
U S E R G U I D E RA: registration authority. Network software that verifies a user (client) request for a digital certificate and instructs the certificate authority (CA) to issue the certificate. Registration authorities are part of a public-key infrastructure (PKI), which enables secure exchanges of information over a network. The digital certificate contains a public key for encrypting and decrypting messages and digital signatures.
U S E R G U I D E TLS: transport layer security protocol. An authentication and encryption protocol that is the successor to the Secure Sockets Layer (SSL) protocol for private transmission over the Internet. Defined in RFC 2246, TLS provides mutual authentication with non-repudiation, encryption, algorithm negotiation, secure key derivation, and message integrity checking. TLS has been adapted for use in wireless LANs (WLANs) and is used widely in IEEE 802.1X authentication.
U S E R G U I D E WEP: wired equivalent privacy. An optional IEEE 802.11 function that offers frame transmission privacy similar to a wired network. The Wired Equivalent Privacy generates secret shared encryption keys that both source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers. Wi-Fi Alliance: a nonprofit international association formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802.11 specification.