SPEEDLAN TM 6000 OPERATOR’S MANUAL Version 1.0 Last revised June, 2000 941-358-9283 941-355-0219 FAX 800-721-9283 www.speedlan.com sales@speedlan.com Division 1748 Independence Blvd.
SPEEDLAN TM PRODUCT LICENSE AGREEMENT It is important for users of Wave Wireless hardware and software to take time to read this License Agreement associated with this software PRIOR TO ITS USE. The Customer or Reseller has paid a License fee to Wave Wireless for use of this software on one bridge or bridge/router.
SPEEDLAN TM Return for Credit All returns to Wave Wireless MUST have a valid RMA number written clearly on the outside of the box or the shipment will be refused. No returns for credit after 30 days will be approved. Products must be returned undamaged and in original packaging or they will be subject to a minimum 20% restocking/refurbishing fee. Return freight charges must be prepaid.
SPEEDLAN TM Table of Contents 1. INTRODUCTION........................................7 Features and Benefits..............................9 Features Chart........................................10 2. USING CONFIGURATOR.......................11 Installation and Description.....................13 3.CONFIGURING SPEEDLAN TM..............15 General Setup.........................................17 Interface and Advanced Interface .........20 The Setup Buttons...................................
SPEEDLAN TM INTRODUCTION
SPEEDLAN TM Features and Benefits Transparent Ethernet Bridging with Advanced Filtering for Security and Network Reliability SPEEDLAN TM supports what is known as Transparent Ethernet Bridging with no Spanning Tree or Source Routing support.
SPEEDLAN TM Features Chart Hardware Supported 10/100BASE-T Ethernet Card SPEEDLAN Wireless Radio Bridging Features Transparent Bridging Filtering by Ethernet Multicast, Broadcast and Bad Packets Filtering by Protocol Filtering by Ethernet Address Pair Generic Ethernet Tunneling through IP Networks Learned Table Lockdown Expanded IP ARP Support Automatic Broadcast Storm Protection and Notification SNMP Features IP “ping” Support IP SNMP Support (MIB II, Ethernet, Inteface, SNMP, and Bridge MIB) IP SNMP Wave
SPEEDLAN TM USING CONFIGURATOR 11
SPEEDLAN TM Windows 95/98/NT 4.0 SPEEDLAN TM Configurator Installing the Windows SPEEDLAN TM Configurator 1. Shut down all programs and applications. 2. Note: The SPEEDLAN TM Configurator uses digital libraries, which reside on your Windows 95/ 98/NT 4.0 PC. If a program or application is open, the Setup will not install correctly. If the configurator is not installed correctly, the brouter could be rendered and inoperable after saving a configuration. 3. Insert the CD into your floppy drive (i.e.
SPEEDLAN TM Exporting and Importing a Configuration Once you have opened a remote brouter, you can take a “snapshot” of the current configuration with the “Save Config as...” function. This function will result in creating a CNF file. The extension .CNF is used to denote the special exported binary configuration file. The CNF file created with the “Save as...
SPEEDLAN TM CONFIGURING SPEEDLAN TM 15
SPEEDLAN TM General Setup Menu The third menu from the left is the Setup Menu. In this menu are the screens you will use to configure your brouters. Below are descriptions of the menu items and the settings found on their respective screens. General Setup Enable Bridging - The transparent bridging function will be enabled when this is item is checked. If you want the brouter to perform the bridging function,you must enable this. When bridging is enabled, the Bridge Setup Screen will be accessible.
SPEEDLAN TM Enable Data Encryption - This optional feature allows you to encrypt wireless data transmissions on top of the encryption provided by the radio. It provides 56 bit DES encryption. It is not shipped standard as part of the XE units. If you did not purchase it when you originally bought the SPEEDLAN TM units, it can be purchased later as a software upgrade. Data encryption is disabled by default. Check the box labeled “Enable Encryption” to enable the encryption features.
SPEEDLAN TM Enable Outgoing Network Address Translation - This option enables a company to map the private networks IP addresses into one or more global public network IP addresses. This means that outsiders will only view the single (or more if designated) IP network address assigned for global viewing on the Internet. For more informatoin, see Setting UP NAT, page 61.
SPEEDLAN TM Interface & Advanced Interface Setup The interfaces that are installed in your brouter will be represented on this screen. The Remote check box is used to designate which interfaces will be considered local and remote. The local interface is consider to be the interface that connects directly to the local LAN with respect to the unit. The remote interface is considered to be the interface that connects with the remote LAN.
SPEEDLAN TM The Setup Buttons Setup 1 - Ethernet Setup SPEEDLAN products come standard with a 10/100 Base-T interface to connect to your wired network. Although the interface is capable of operating at both 10 Mbps and 100 Mbps, it is not autosensing or autoswitching. The default setting is for 10 Mbps half-duplex operation. If you which to connect your SPEEDLAN unit to a 100 Mbps port, the Ethernet interface can be manually switched to 100 Mbps in this portion of the setup.
SPEEDLAN TM Transport Methods The industry compatible method of transmitting and receiving data over wireless networks cause data packets to frequently be lost. This is due to the fact that a wireless network does not have the ability to detect collisions like a wired Ethernet network. On an Ethernet network collisions can be detected by the hardware and are automatically retransmitted. Ethernet is refered to as CSMA/CD (Carrier Sense Multiple Access with Collision Detection).
SPEEDLAN TM and greatly improves the performance of a base station wireless network cell when the total number of satellite stations is greater then 5 to 10 stations. As the number of stations increases, the usage of the wireless network cell increases and efficiency is proportionately improved. Campus PRC (This is a Satellite Station) - This is the configuration required for stations that are to be installed into a wireless network cell that utilizes a base station.
SPEEDLAN TM Standard – This setting limits the card to providing 2 Mbps of bandwidth. The receiver sensitivity of the radio with this setting is –89 dBm. You must use this setting if you want your XE unit to communicate with an older SPEEDLAN unit that uses a 2 Mbps radio. Low - This setting limits the card to providing 1 Mbps of bandwidth. The receiver sensitivity of the radio with this setting is –92 dBm.
SPEEDLAN TM BRIDGING SETUP
SPEEDLAN TM The SPEEDLAN TM is an IEEE 802.3 MAC- layer bridge. The bridge can be configured to bridge or pass any 802.3 frame type protocols, including Novell IPX, TCP/ IP, AppleTalk, etc. The SPEEDLAN TM can also be configured to filter packets by their destination and origin. This is done using the unique MAC (Media Access Control) addresses that all network interface devices have assigned to them at the factory. Protocol Filtering - By default, the SPEEDLAN is configured to pass all network protocols.
SPEEDLAN TM MAC Filtering - By default, the SPEEDLAN TM is configured to pass all traffic between all MAC-Address pairs. To add an address pair into the filter, click on the Add button in the MAC Filtering box. You will be prompted to enter the Remote Address, which will be the MAC Address that resides on the remote side of the brouter, and the Local Address, which will be the MAC Address that resides on the local side of your network.
SPEEDLAN TM Pass Unseen Ethernet Source - Standard Ethernet bridges will always forward packets with destination addresses that have not been learned (i.e., have not previously been seen as a source address of a packet). This characteristic is needed for the proper operation of an Ethernet bridge. The downside to this, as our studies have shown, is that the failure mode of many Ethernet interface cards is to send out erroneous packets with good CRCs but with random Ethernet destination and source addresses.
SPEEDLAN TM Address Threshold - This setting determines the maximum number of broadcast or multicast packets that can occur during a one-second period before a storm condition is declared for a particular Ethernet address (host). Once it is determined that a storm is occurring, any additional broadcast or multicast packets from that host address will be denied until the storm is determined to be over.
SPEEDLAN TM Encrypt Bridge Tunnel Packets - If purchased, brouters (from Wave Wireless) may contain a special software-encryption algorithm that is distinct from the optional SPEEDLAN encryption chip on the brouters. If Data Encryption is enabled on the General Setup menu and if an Encryption Key is set up in the Data Encryption menu, enabling encryption here will cause all Ethernet packets transmitted to tunnel partners to be encrypted and encapsulated inside IP packets.
SPEEDLAN TM 32
SPEEDLAN TM Setting Up the IP Addresses (IP Host Setup) 33
SPEEDLAN TM Use DHCP to set up the server and client IP addressing for the network. Use NAT to set up the translation for incoming and outgoing network IP addresses. If you do not understand the basics of IP addressing, DHCP, or NAT please read the next section, Part I - Quick Overview of IP Addressing, below. Otherwise, skip to Part II - Setting Up the IP Address, page 56 .
SPEEDLAN TM In fact, IP defines five classes: • Class A addresses use 8 bits (1 octet) for the network portion and 24 bits (3 octets) for the node (or host) section of the address. This provides up to 128 networks with 16.7 million nodes for each network. • First byte is assigned as network address • Remaining bytes used for node addresses • Format: network, node, node, node • In IP address 49.22.102.70, “49” is network address and “22.102.
SPEEDLAN TM Note: Non-public Addresses can include network address assigned from the network administrator or from the IP provider. Also, there is one network in each class that is defined for private use, allowing the creation of internal networks. These addresses are Class A: 10.0.0.0, Class B: 172.10.0.0, and Class C: 192.168.0.0. Subnetting a Network The increasing number of hosts and networks make impractical address blocks that are not smaller than 245.
SPEEDLAN TM Figure of Subnetting a Network Internet Subnet B Subnet A IP Address: 195.172.3.64 Subnet Mask: 255.255.255.192 IP Address: 195.172.3.1 Subnet Mask: 255.255.255.192 Router D Computer Computer Computer Computer Computer Long Street Router A Router B Subnet D IP Address: 195.172.3.192 Subnet Mask: 255.255.255.192 Subnet C Computer IP Address: 195.172.3.128 Subnet Mask: 255.255.255.
SPEEDLAN TM How does a network administrator assign an IP address? IP addresses are supplied by the network administrator (you), the ISP, or hosting company. The two types of IP addressing – manual (static) and automatic (dynamic) addressing – are described below. Manual (static) Addressing - Each device connected to the Internet must have its own unique IP address. Also, if a computer is being used as a server, you will assign it a permanent IP address. This enables other computers to connect to it.
SPEEDLAN TM Figure of DHCP Addressing Client 1. 2. 3. 4. DHCP Server The client asks DHCP server for IP address and configuration if needed. The DHCP server assigns an available IP address to client. The client takes IP address from DHCP server and requests for any configuration needed. DHCP server confirms IP address and configuration.
SPEEDLAN TM Outgoing NAT As the packet is transmitted from the private network across the public network, the packet will be re-addressed as 204.101.20.3 (public address of SPEEDLAN TM). When the packet returns to the SPEEDLAN TM and then back to the private network, the packet will be re-addressed (the IP address of the private network) by using the MAC address contained in the header to identify the destination.
SPEEDLAN TM Incoming NAT Incoming NAT allows you to specify ports on the private network that you would like to be available on the public network. For example, if a web server on a server is IP Address 10.0.0.3, you can create a pair that will specify that all requests received on the public IP address, Port 80, be forwarded to IP Address 10.0.0.3 on the private IP address, Port 80.
SPEEDLAN TM Part II - Setting Up the IP Address In this section you will first assign a static IP address or enable the DHCP client. Second, choose the appropriate interface for the DHCP client. Third, enable the DHCP Server on the SPEEDLAN TM. Note: Confirm the IP address of your SPEEDLAN TM units by performing the following tasks. Open the SPEEDLAN TM Configurator. From the File menu, choose Open Remote Config. Then, click Scan. The Scan dialog box appears. Select the appropriate brouter and click OK.
SPEEDLAN TM 2. Select the Specify an IP address option. Enter the following information: • • Our IP Address – The unique number assigned by the network administrator, ISP or host provider. This tells network the location (IP address) of the computer on the Internet (i.e., 128.104.224.2). Our Subnet Mask - This term allows network administrators to mask section(s) (depending on the class specified) of the octets in the network address. Each octet used in the subnet mask is assigned to a data link.
SPEEDLAN TM Enabling the DHCP Client and Choosing the Appropriate Interface To enable the DHCP client and choose the appropriate interface, do the following: 1. From the Setup menu, choose IP Setup. The IP Setup dialog box appears. 2. Select the Obtain an IP address from DHCP Server option. 3. Next, select the interface for Ethernet or wireless network from the Using Interface drop-down list. Make sure that you select the interface that the DHCP server is located on. .
SPEEDLAN TM Enabling the DHCP Server on the SPEEDLAN TM To enable the DHCP Server on the SPEEDLAN TM, do the following: 1. From the Setup menu, choose General Setup. The General Setup dialog box appears. 2. Select the Enable DHCP Server check box; this will enable you to set up the DHCP Server.
SPEEDLAN TM 4. Enter the IP range and gateway/router information: • Offered IP Starting Address – This is the start of the block of allowed IP addresses. For example, the “offered” IP address between a block of 20 to 40 is 20. • Offered IP Ending Address – This is the end of the block of allowed IP addresses. For example, the “ending” IP address between a block of 20 and 40 is 40.
SPEEDLAN TM Part III - Setting UP NAT This section explains how to setup outgoing and incoming Network Address Translation (NAT). For more information on outgoing and incoming NAT, see pages 54 and 55. To setup outgoing NAT, do the following: 1. From the Setup menu, choose General Setup. The General Setup dialog box appears. 2. Select the Enable Outcoming Network Address Translation check box. Click OK. 3. From the Setup menu, choose Outgoing Network Address Translation Setup. 4.
SPEEDLAN TM Note: NAT is a useful tool that will be enabled the majority of the time on the client or satellite side of the SPEEDLAN ISP or SPEEDLAN MP. It is rarely enabled on the base unit. NAT is also useful to have private networks connected to public networks (i.e., the Internet) without needed a public IP address for every node. By using only one pulbic IP address, NAT controls who in the private network made a request to an address in the public network.
SPEEDLAN TM To set up incoming IP network address for NAT, do the following: 1. From the Setup menu, choose General Setup. The General Setup dialog box appears. 2. Select the Enable Incoming Network Address Translation check box. Click OK. 3. From the Setup menu, choose Incoming Network Address Translation Setup. 4. The Incoming Address Translation Setup dialog box appears (as shown on the next page).
SPEEDLAN TM 5. Enter the appropriate incoming information: • Public IP Address – This is the IP address for the outside network. If you have more than one public address you can assign it to a node on the private network (One-to-One NAT). Therefore, all requests for a particular IP address from the outside or public network will be translated to the appropriate private IP address. This may be necessary if you have a server or workstation (or computer) that needs to be connected to a remote network.
