M CB3000 Client Bridge User’s Guide
© 2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents About This Guide Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .v Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TOC-iv CB3000 Client Bridge User’s Guide Chapter 4: Management Options 4.1 Statistics and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.1.1 Viewing Wireless Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 4.1.2 Viewing RF Statistics . . . . . . . . . . . . . . . . . . . . . . .
About This Guide Introduction This guide provides configuration and setup information for the CB3000 Client Bridge. Document Conventions The following document conventions are used in this document: NOTE Indicates tips or special requirements CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.
vi CB3000 Client Bridge User’s Guide Service Information If a problem is encountered with the CB3000, contact Motorola Customer Support. Before calling, have the model number and serial number at hand. See Appendix C, Customer Support for more information. If the problem cannot be solved over the phone, you may need to return your equipment for servicing. If that is necessary, you will be given specific directions.
Introduction This chapter introduces the Motorola CB3000 Client Bridge, and describes its operational environment and its primary operating principles and features. It includes the following sections: • General Overview • CB3000 Client Bridge Operational Principles 1.1 General Overview The CB3000 Client Bridge is an IEEE 802.11a/b/g compliant wireless LAN Ethernet adapter.
1-2 CB3000 Client Bridge User’s Guide 1.1.1 Within the Network A CB3000 Client Bridge establishes an average communication range with its associated device(s) called a Basic Service Set (BSS) or cell. When in a particular cell, the devices can locate and communicate with the CB3000 Client Bridge. Each cell has a basic service set identifier (BSS_ID). In IEEE 802.11, the CB3000 Client Bridge MAC address represents the BSS_ID. Figure 1.
Introduction 1-3 1.2 CB3000 Client Bridge Operational Principles To improve CB3000 Client Bridge management and performance, users need to understand basic network operating mode functionality and configuration options. These topics are described in the following sections: • CB3000 Client Bridge Network Operating Modes • Media Access Control (MAC) Layer Bridging • DHCP Support • Modulation • Web Management Support • Wireless Security Support 1.2.
1-4 CB3000 Client Bridge User’s Guide Client Bridge Access Point Printer Storage CB3K007 Figure 1.2 Infrastructure Mode 1.2.1.2 Ad-hoc (Peer-to-Peer) Mode The Ad-hoc (Peer-to-Peer) mode allows two or more CB3000 Client Bridge units to communicate exclusively with one another without using an access point. In the simplest of terms, this mode uses the CB3000 Client Bridge to bridge two or more Ethernet devices.
Introduction 1-5 1.2.3 DHCP Support The CB3000 Client Bridge can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on the BOOTP protocol and can co-exist or interoperate with BOOTP. Configure the CB3000 Client Bridge to send a DHCP request searching for a server to acquire the required IP address information.
1-6 CB3000 Client Bridge User’s Guide 1.2.6 Wireless Security Support CB3000 Client Bridge provides support for the following wireless security protocols. • WEP Security • WPA1 Security with TKIP algorithm • WPA2 Security with TKIP / CCMP (AES) algorithms • Secure 802.1x Security with MD5/MSCHAPV2/PEAP/TLS/TTLS EAP types For more information on these security types refer Appendix D, Wireless Security Basics.
Getting Started Before installing the CB3000 Client Bridge, review the installation guidelines in the following sections: • Basic Requirements • Verifying the Package Contents • Observing Placement and Range Guidelines • Cabling the CB3000 • Logging into the CB3000 • Viewing CB3000 Information • CB3000 Antenna Settings 2.1 Basic Requirements The following hardware and software resources are required to install and operate a CB3000: • Networked PC to be used during device configuration.
2-2 CB3000 Client Bridge User’s Guide NOTE: Contact Motorola Support Center to report any components that are missing or not functioning properly. For more information, see Appendix C, Customer Support. 2.3 Observing Placement and Range Guidelines Before installing the CB3000, verify the installation site meets the following requirements: • The site should meet the Environmental Specifications as defined in Appendix A, CB3000 Technical Specifications.
Getting Started 2-3 Figure 2.1 Rear of the CB3000 2. Attach one end of an Ethernet cable to a RJ-45 jack on a networked computer or router. 3. Connect the other end of the Ethernet cable to the LAN connector on the rear of the CB3000. 4. Plug the power adapter into the DC-IN connector on the rear of the CB3000. WARNING! Only use the power adapter supplied by Motorola with the CB3000. Using an incorrect power adapter could damage the CB3000 and void the product warranty. 5.
2-4 CB3000 Client Bridge User’s Guide Table 2-1. CB3000 LEDs LED Label Activity Description Power LEDs Status OFF Power OFF Error Orange ON Hardware error Status Green ON Power ON/Device ready Status Green Blinking Booting, system self-test or firmware upgrade Radio LEDs 802.11a, 802.11b/g OFF Connectivity disabled 802.11a Orange ON 802.11a radio associated 802.11a Orange Blinking 802.11 a radio scanning 802.11b/g Green ON 802.11b/g radio associated 802.11b/g Green Blinking 802.
Getting Started 2-5 NOTE: If the subnet of the PC where the tool is run is different from the current ipaddress of the CB3000, a window displays with the option to change the IP address of the Client Bridge. This is password protected (use admin/symbol). To know how to change the IP address for a CB3000, refer Changing the IP address for a new Client Bridge on page 2-6. To run the Discovery Tool: 1. Locate the Discovery Tool (discover.
2-6 CB3000 Client Bridge User’s Guide Figure 2.5 Login Dialog Box 6. Upon logging in, the CB3000 Information screen displays. See Viewing CB3000 Information on page 2-9 for more details. 7. Proceed to the following sections to configure the CB3000: • Understanding and Configuring Ethernet Settings – This includes configuring identification settings for the CB3000 within the network.
Getting Started 2-7 Figure 2.7 Set IP address of CB3000 screen “ 3. By default, the Use following IP Address option is selected. You must enter the IP address for the CB3000 and the Subnet mask for the network in their respective text boxes. To obtain an IP address automatically from a DHCP server, select the Obtain IP address automatically option. 4. If the PC you are connecting this CB3000 to has more than one network adapter, you can choose to select the network adapter to connect to.
2-8 CB3000 Client Bridge User’s Guide Figure 2.9 IP Changed 7. To continue, double click the IP address of the CB3000. 2.5.3 Web Interface Login After logging into the CB3000 console using the Discovery Tool (See Discovery Tool Login on page 2-4), save the IP address and log into the console in the future using the CB3000’s IP address. To log into the CB3000 console using an IP address: 1. The CB3000 console is accessible via a Web browser using HTTP over SSL (secure socket layer) protocol.
Getting Started 2-9 Figure 2.11 Login Dialog Box 4. Upon logging in, the CB3000 Information screen displays. See Viewing CB3000 Information on page 2-9 for more details. 5. Proceed to the following sections to configure the CB3000. • Understanding and Configuring Ethernet Settings – Includes configuring identification settings for the CB3000.
2-10 CB3000 Client Bridge User’s Guide Figure 2.12 CB3000 Information Screen 2.7 CB3000 Antenna Settings A CB3000 ships with antenna model ML-2452-APA1-01. This is an 802.11 a/b/g omni directional dipole antenna. However, if you intend to use a different model antenna, that antenna needs to be selected from the Antenna Settings screen in order to adjust the transmit power accordingly. To select an antenna for use with the CB3000: 1.
Getting Started 2-11 3. Refer to the Antenna Gain parameter. Information the CB3000 derives from the antenna look-up table is based on the antenna the user selects. The antenna gain parameter is read-only with no user editable values. If the user selects any antenna except ‘Other’, the gain value cannot be modified. If the user selects ‘Other’, the text entry field is blank and the user must enter a gain value. The gain is a positive value with no more than 1 decimal place. 4.
2-12 CB3000 Client Bridge User’s Guide
Network Configuration This chapter discusses the network configuration required for the CB3000 Client Bridge to communicate with network hosts, mobile units, access points, or other CB3000 Client Bridge devices. It includes the following sections: • Understanding and Configuring Wireless Settings • Understanding and Configuring Ethernet Settings • Client Management 3.
3-2 CB3000 Client Bridge User’s Guide Figure 3.1 Example of Available Networks Table 3-1 describes the parameters in the Available Networks screen. Click Refresh to update the list, if necessary. If an access point or peer supported WLAN provides a better CB3000 connection option than the WLAN that the CB3000 is currently connected to, change the CB3000 connection. See Network Configurations on page 3-3 for more details. Table 3-1.
Network Configuration 3-3 Table 3-1. Available Networks Parameters Descriptions (continued) Parameter Channel Description The direct-sequence channel that the access point or peer is currently using. The CB3000 and its connected device are required to use the same channel to interoperate. NOTE: Ensure the channel selected is appropriate for the intended country of operation, or risk operating the CB3000 illegally. Band The frequency band the CB3000 is operating in. Either a or b/g, for 802.11a or 802.
3-4 CB3000 Client Bridge User’s Guide Figure 3.2 WLAN Settings—Infrastructure Network Configuration 3. Configure the ESSID (Wireless LAN Service ID) field, as appropriate: • Attach to any ESSID automatically – Select this radio button to enable the CB3000 to randomly select a target WLAN for connection. • Specify the ESSID – Select this button to enter the name of a target WLAN or use the drop-down menu to select an existing WLAN.
Network Configuration 3-5 7. In the Country/Region section, select the appropriate operating region/country. NOTE: Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted. Consequently, selecting a country different from the country you are actually operating the CB3000 in results in the illegal operation of the CB3000. 8.
3-6 CB3000 Client Bridge User’s Guide • Click the ‘View’ Available Networks link to view the available networks first, if unsure of the network options. • Data Rate – See step 4 for more details on configuring the data rate. NOTE: The CB3000 must already be configured to run in ad hoc mode in order to set data rates. If the unit is configured for infrastructure mode, the Data Rate button is disabled.
Network Configuration 3-7 Figure 3.3 Set Data Rates (for Ad Hoc Configured Devices Only) Select at least one Basic Rate as a minimum transmit rate value for the CB3000 radio. Within the Supported Rates, select the data rate the CB3000 radio defaults to if a higher selected data rate cannot be maintained. NOTE: Select supported rates in respect to the data rates supported by the peer devices within the ad hoc network. For example, if several of the peers within the network are 802.
3-8 CB3000 Client Bridge User’s Guide 3.1.3 Security Encryption Configurations Security measures for the CB3000 and its connected network devices is critical regardless of your operating environment (retail, enterprise etc.). Use the available CB3000 security options to protect the CB3000 managed LAN from wireless vulnerabilities, and safeguard the transmission of RF packets between the CB3000 and its connected devices.
Network Configuration 3-9 Figure 3.4 WEP Configuration 3. Configure the remainder of the fields, as appropriate, per the following descriptions. Authentication Type Specify whether a shared key is implemented between the CB3000 and its connected device or no key is used (Open System). If a shared key is used, both the CB3000 and its connected device are required to use the same key (1 through 4) to interoperate.
3-10 CB3000 Client Bridge User’s Guide Passphrase Algorithm Select the passphrase algorithm used to encrypt the passphrase. • Symbol PassKey – With Symbol’s proprietary algorithm the CB3000 can share a common passkey with other Symbol clients capable of decoding it. The CB3000 decodes the PassKey into a set of 4 WEP keys using MD5 algorithms. The WEP keys display as alphanumeric text in the key fields until saved or the user navigates away from the WEP screen.
Network Configuration 3-11 For more details on encryption types, pros and cons of different encryption types and required configuration parameters, see the Wi-Fi Alliance Web site at: http://www.wifialliance.org/knowledge_center_overview.php. NOTE: Only ‘Open’ and ‘WPA’ security settings are available for the Ad-hoc (Peerto-Peer) network mode. Infrastructure (AP) network mode supports all the different security settings. To configure WPA1 (TKIP) security settings: 1.
3-12 CB3000 Client Bridge User’s Guide Configuring WPA1 (TKIP) Personal Parameters WPA1 Personal type is used for small and home offices. The WPA1 Personal type provides basic level of security that is adequate for usage in the above organizations. Figure 3.6 WPA1 Type Screen - Personal Configure the fields as per the following description: WPA1 Algorithm WPA1 uses TKIP algorithm: • TKIP – Defines a ‘wrapper’ that goes around an existing WEP encryption algorithm.
Network Configuration 3-13 Figure 3.7 WPA1 Type Screen - Enterprise Configure the WPA1 Enterprise type fields as per the following description: Configuring WPA1 Enterprise - EAP-TLS Extensible Authentication Protocol (EAP) is an authentication framework that provides common functions and a method to negotiate a desired authentication medium. EAP-Transport Layer Security (EAP-TLS) uses client side certificates to ensure that security is not compromised. See Figure 3.
3-14 CB3000 Client Bridge User’s Guide WPA1 Key Password The key password. WPA1 TLS Key / WPA1 TLS Key Import The WPA1 TLS Key. The key can be uploaded to the device by: • Pasting the TLS key in the Paste TLS Key text area. To upload the key, click the Apply button located at the bottom of the screen. • By providing the path to the file containing the key in the Import text box. Use the Browse button to display the Open File dialog box from where the file can be selected.
Network Configuration 3-15 . Figure 3.8 WPA1 Enterprise Type - EAP-TTLS Inner Authentication Method Select the authentication method used inside the tunnel. Select from: • CHAP – Challenge-Handshake Authentication Protocol (CHAP) provides security by the Challenge-Response method of authentication. • MS CHAP - Microsoft CHAP (MS CHAP) is Microsoft’s implementation of the CHAP protocol. • MS CHAP v2 – An enhanced version of MS CHAP that plugs some security loopholes of MS CHAP.
3-16 CB3000 Client Bridge User’s Guide WPA1 Algorithm WPA1 uses TKIP algorithm: • TKIP – Defines a ‘wrapper’ that goes around an existing WEP encryption algorithm. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. TKIP changes the key used for each packet.
Network Configuration 3-17 Configuring WPA1 Enterprise - EAP-PEAP Extensible Authentication Protocol (EAP) is an authentication framework that provides common functions and a method to negotiate a desired authentication medium. EAP-Protected EAP (PEAP) is similar to EAPTTLS and uses a server side certificate to create a secured tunnel between the client and the server. It then uses this tunnel to authenticate the client. Figure 3.
3-18 CB3000 Client Bridge User’s Guide WPA1 Root Certificate / The WPA1 Root Certificate. The Root Certificate can be uploaded to the WPA1 Root Certificate device by: Import • Pasting the certificate in the Paste Root Certificate text area. To upload the certificate, click the Apply button at the bottom of the screen. • By providing the path to the file containing the certificate in the Import text box. Use the Browse button to display the Open File dialog box from where the file can be selected.
Network Configuration 3-19 4. Select an algorithm from the WPA2 Algorithm drop-down menu. The algorithms are described as follows. • TKIP – Defines a “wrapper” that goes around an existing WEP encryption algorithm. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. TKIP changes the key used for each packet.
3-20 CB3000 Client Bridge User’s Guide Configuring WPA2 (CCMP) Personal Parameters WPA2 Personal type is use for small offices and home offices. The WPA2 Personal type provides basic level of security that is adequate for usage in the above organizations. Figure 3.11 WPA2 Type Screen - Personal Configure the fields as per the following description: WPA2 Algorithm Select the WPA2 algorithm to use: • TKIP – Defines a ‘wrapper’ that goes around an existing WEP encryption algorithm.
Network Configuration 3-21 Configuring WPA2 (CCMP) Enterprise Parameters WPA2 (CCMP) Enterprise type provides enterprise class security to the devices connected to the CB3000. WPA2 Enterprise type provides a wide range of EAP types to ensure secure WLAN connections. Figure 3.
3-22 CB3000 Client Bridge User’s Guide Configuring WPA2 Enterprise - EAP-TLS Extensible Authentication Protocol (EAP) is an authentication framework that provides common functions and a method to negotiate a desired authentication medium. EAP-Transport Layer Security (EAP-TLS) uses client side certificates to ensure that security is not compromised. See Figure 3.12 for WPA1 Enterprise EAP-TLS security fields.
Network Configuration 3-23 WPA2 Root Certificate / The WPA2 Root Certificate. The Root Certificate can be uploaded to the WPA2 Root Certificate device by: Import • Pasting the certificate in the Paste Root Certificate text area. To upload the certificate, click the Apply button at the bottom of the screen. • By providing the path to the file containing the certificate in the Import text box. Use the Browse button to display the Open File dialog box from where the file can be selected.
3-24 CB3000 Client Bridge User’s Guide Validate Server Certificate Check to force the CB3000 to validate the Server Certificate. Inner Authentication Method Select the authentication method used inside the tunnel. Select from: • CHAP – Challenge-Handshake Authentication Protocol (CHAP) provides security by the Challenge-Response method of authentication. • MS CHAP - Microsoft CHAP (MS CHAP) is Microsoft’s version of the CHAP protocol.
Network Configuration 3-25 WPA1 Root Certificate / The WPA1 Root Certificate. The Root Certificate can be uploaded to the WPA1 Root Certificate device by: Import • Pasting the certificate in the Paste Root Certificate text area. To upload the certificate, click the Apply button at the bottom of the screen. • By providing the path to the file containing the certificate in the Import text box. Use the Browse button to display the Open File dialog box from where the file can be selected.
3-26 CB3000 Client Bridge User’s Guide Validate Server Certificate Check to force the CB3000 to validate the Server Certificate. WPA2 Algorithm Select the WPA2 algorithm to use: • TKIP – Defines a ‘wrapper’ that goes around an existing WEP encryption algorithm. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. TKIP changes the key used for each packet.
Network Configuration 3-27 3.1.3.5 Configuring Secure 802.1x Security Settings The Secure 802.1x security option provides the CB3000 and its associated clients an additional measure of security for data transmitted over the wireless network. Secure 802.1x uses (EAP) as an authentication mechanism between devices that is achieved through the exchange and verification of certificates. A client should not be able to access the network if not authenticated.
3-28 CB3000 Client Bridge User’s Guide • MD5 – The MD5 authentication method takes a message of arbitrary length as input and produces a 128-bit fingerprint. The MD5 algorithm is intended for digital signature applications, in which a large file must be compressed in a secure manner before being encrypted with a private (secret) key under a public-key cryptographic system. • MSCHAPV2 – Microsoft Challenge Handshake Authentication Protocol Version 2.
Network Configuration 3-29 manually enter the keys each time WEP keys are created 7. Specify a 4 to 32 character Passphrase and click the Generate Keys button. The passphase is helpful for entering keys without having to remember all of the characters comprising the key. The pass key can be any alphanumeric string. The CB3000, other proprietary routers and Symbol devices use the algorithm to convert an ASCII string to the same hexadecimal number. This conversion is not required for a wireless connection.
3-30 CB3000 Client Bridge User’s Guide 3.2 Understanding and Configuring Ethernet Settings Configuring the CB3000’s Ethernet Settings entails specifying a name and network address information for the CB3000 device. To configure Ethernet settings for the CB3000: 1. Select Settings > Ethernet Settings from the CB3000 menu tree. Figure 3.16 Ethernet Settings 2. Assign a CB3000 device name and set CB3000 network address information. • Device Name – A device name for the CB3000.
Network Configuration 3-31 • Speed Mode – The connection speed. This option is available when Auto Negotiate/AutoSense is Off. • Duplex Mode – The connection type. This option is available when Auto Negotiate/AutoSense is Off. 3. Click Apply to apply and save the settings, or Cancel to exit the screen without saving your changes.
3-32 CB3000 Client Bridge User’s Guide 3.3 Client Management The CB3000 can support a maximum 16 devices within the CB3000 supported subnet as prioritized devices. Once located and added to the client prioritization list, clients can be moved off of the list in order to maintain the maximum of 16 devices. Of the maximum 16 devices supported by the CB3000 client prioritization list, only one can be a POS (point-of-sale) device.
Network Configuration 3-33 legacy devices. Only one client per CB3000 is supported. In this mode, the MAC address of the MU is visible on the network. • This option allows you to select the method by which the device attached to this CB3000 Client Bridge is discovered. You can either opt to discover the device or add the client manually. Figure 3.18 CB3000 Client Bridge Bridging Mode Selection Select Auto-Detect Client for CB3000 Client Bridge to discover the client connected to it.
3-34 CB3000 Client Bridge User’s Guide 3.4 Configuring a Wired Ethernet ACL The CB3000 supports Ethernet MAC filtering. Only client devices with a MAC address within the range specified can pass traffic through the CB3000. If the list is empty, all clients are allowed. The Client Bridge allows all connected clients to configure the CB3000 through the User Interface and have access through SNMP. To create a list of prioritized CB3000 client devices: 1.
Management Options This chapter describes the statistic tracking functionality included with the CB3000. This includes Ethernet statistics, wireless, and client-related displays. A CB3000-specific event log is also continually maintained. This chapter also discusses a number of management protocols that have specific settings to support monitored statistics and logs. These include configuration settings related to SNMP, radio antennas, DHCP functionality, time settings, and log files.
4-2 CB3000 Client Bridge User’s Guide Figure 4.1 Wireless Statistics Screen The Wireless Statistics screen is partitioned into four detailed fields: • Information – Displays basic device address and location information. • Traffic – Displays statistics for cumulative packets, throughput, bit speed, RF utilization and other details received and transmitted over the CB3000 radio. • RF Status – Displays information including average MU signal, noise, and signal to noise ratio information.
Management Options 4-3 Table 4-1. Wireless Statistics Screen Details (continued) Statistic Description Power The power level in dbm for RF signal strength. a Reset roam count Click this button to reset the roam count. Traffic Panel Details Pkts per second The Total column displays the average total packets per second crossing the radio. The Rx column displays the average total packets per second received. The Tx column displays the average total packets per second transmitted.
4-4 CB3000 Client Bridge User’s Guide 4.1.2 Viewing RF Statistics RF Statistics track CB3000 activity over the device radio. To view CB3000 RF statistics, select Statistics > RF Statistics from the CB3000 menu tree. Figure 4.2 RF Statistics 1. Refer to the Packet Retry Histrogram field for an overview of the retries transmitted by the CB3000 radio and whether those retries contained any data packets. Use this information to assess overall radio performance. 2.
Management Options 4-5 Figure 4.3 Ethernet Statistics Screen The Ethernet Statistics screen is partitioned into three detailed fields. • Information – Displays basic device address information and link connection status. • Received – Displays statistics for the cumulative packets, bytes, and errors received since the CB3000 was last rebooted or the data collection statistics refreshed.
4-6 CB3000 Client Bridge User’s Guide Table 4-2. Ethernet Statistics Screen Details (continued) Statistic Speed Mode Description The CB3000 network connection speed displayed in Mbps. For example, 100 Mbps. If the throughput speed is not achieved, examine the number of transmit and receive errors, or consider increasing the supported data rate. Duplex Mode The CB3000 connection type. For example, Full. IP Addresses IP address of the CB3000.
Management Options 4-7 Figure 4.
4-8 CB3000 Client Bridge User’s Guide 4.2 Configuring Management Protocols Numerous management protocol settings are required to support the monitoring and logging mechanisms of the CB3000. To configure these management protocol settings, see the following: • HTTP, HTTPS Configuration Settings • SNMP Settings • DHCP Server Settings • Time Settings 4.2.1 HTTP, HTTPS Configuration Settings The CB3000 supports both HTTP and HTTPS Web access mechanisms.
Management Options 4-9 SNMP allows a network administrator to manage network performance, find and solve network problems, and plan for network growth. The CB3000 supports SNMP management functions for gathering information from its network components, and communicating that information to specified users. The CB3000 SNMP agent functions as a command responder and is a multilingual agent responding to SNMPv1 and v2c managers (command generators).
4-10 CB3000 Client Bridge User’s Guide • Process Failure - Trap generated when a system critical process (Linux process) fails and is re-started. 1. To modify these default SNMP trap definition settings, select Management > SNMP > SNMP Trap Selection from the CB3000 menu tree. The SNMP Trap Selection screen displays. 2. Unselect a trap, if desired, then click Accept to save the setting. Figure 4.6 SNMP Trap Selection 4.2.2.2 SNMP Access Use the CB3000 SNMP interface to restrict access using IP addresses.
Management Options 4-11 Figure 4.7 SNMP Access Control 2. Select the Enable SNMP Access checkbox to enable/disable the CB3000 SNMP interface 3. Enter a 4-32 character string for read-only SNMP permissions in the Read Only field. The default is "public". 4. Enter a 4-32 character string for read/write SNMP permissions in the Read Write field. The default is "private". 5. Enter Start IP and End IP addresses to specify a range of users that can access the CB3000 SNMP interface.
4-12 CB3000 Client Bridge User’s Guide 4.2.2.3 SNMP Destination Traps generated by the CB3000 can be sent to one or more destinations. To configure a SNMP trap destination for receiving SNMP traps generated by the CB3000: 1. Select Management > SNMP > SNMP Trap Destinations from the CB3000 menu tree. The SNMP Trap Destinations screen displays. Figure 4.8 SNMP Trap Destinations 2. Configure the remainder of the fields.
Management Options 4-13 Figure 4.9 SNMP RF Trap Thresholds 2. Configure the fields. • Pkts/s – Configure the number of packets per second value for 802.11b/g and 802.11a on exceeding which the SNMP trap is set. • Throughput – Configure the throughput value in Mbps on exceeding which the relevant SNMP trap is set. This is set for both 802.11b/g and 802.11a. • Average Retries – Configure the number of retires for 802.11b/g and 802.11a on exceeding which the relevant SNMP trap is set. 3.
4-14 CB3000 Client Bridge User’s Guide Figure 4.10 DHCP Server Settings 2. Select the Enable DHCP Server support radio button. This enables the CB3000 to act as a host server to allocate IP addresses to those devices joining the CB3000 initiated Ad-hoc network. 3. Configure the DHCP server settings, as follows: • IP Range for DHCP – This range provides a means of controlling a low and high value for the IP addresses on the CB3000 network.
Management Options 4-15 . Figure 4.11 Time Settings 2. Select either Manual Time Setting or Enable NTP on CB3000 to specify how CB3000 system time is configured. • Manual Time Setting – If selected, the CB3000 system time is based on the time entered within the Local Time Settings fields. • Local Time Settings – Current time based on the CB3000 system clock. If NTP is disabled or if there are no servers available, the system time displays the CB3000 uptime. The time does not automatically update.
4-16 CB3000 Client Bridge User’s Guide
Administrative Options This chapter discusses administrative options to configure support settings of the CB3000 rather than central operational settings. These include: • Changing the Password • Rebooting or Restoring a Device • Importing or Exporting the Configuration File • Loading Firmware • Logging Settings • Troubleshooting Options 5.
5-2 CB3000 Client Bridge User’s Guide 2. Enter the username and password used to log into the console in the Username and Old Password fields. 3. Enter a new password in the New Password field. The new password can be from 0 - 8 characters 4. Enter the new password a second time in the Re-enter Password field. 5. Click Apply to save the settings, or Cancel to exit the screen without saving your changes. To restore the username and password to default values, click the Restore Default button.
Administrative Options 5-3 Figure 5.2 Reset / Restore CB3000 Screen 2. Click the Reboot button to restart the CB3000. The CB3000’s network connection is disrupted for a few moments while the CB3000 reboots. NOTE: If rebooting the CB3000 does not alleviate the device’s poor performance. Consider restoring the CB3000’s out-of-box default configuration. For more information, see Restoring the Device on page 5-3.. 5.2.
5-4 CB3000 Client Bridge User’s Guide Figure 5.3 Reset/Restore CB3000 Screen 3. Click the Restore button. The CB3000’s network connection is disrupted for a few moments while the CB3000 loads its default (outof-box) configuration, then restores the screen. Once the default configuration is restored, restore the last saved configuration or reconfigure the device. NOTE: Restoring the device is the same as the “Reset to initial” option available on the Troubleshooting screen.
Administrative Options 5-5 5.3 Importing or Exporting the Configuration File A CB3000 configuration file can be saved and downloaded (exported) to be used later for importing to other CB3000 units, or to restore a CB3000 temporarily reset to factory defaults. Using the file-based configuration feature speeds up the setup process at sites using multiple CB3000s. To create an import-able/export-able CB3000 configuration file, select Tools > Configuration File from the CB3000 menu tree.
5-6 CB3000 Client Bridge User’s Guide Figure 5.4 Config Import/Export 2. Configure the FTP Import/Export settings to import or export a CB3000 configuration file. • Configfile Type – Type of the file to export. Select from Binary or Text. • Filename – Name of the configuration file written to the FTP server. • File Path - Defines the path to the specified filename. • Server IP – IP address of the destination FTP server where configuration file is imported or exported.
Administrative Options 5-7 • If importing, click the FTP Import or TFTP Import button. The system displays a confirmation window indicating the administrator must log out of the CB3000 after the operation completes for the changes to take effect. Click Yes to continue the operation, or No to cancel the configuration file import. • If exporting, click the FTP Export or TFTP Export button. The saved configuration file should be found/available on the specified FTP server. 5.3.
5-8 CB3000 Client Bridge User’s Guide Figure 5.6 Download Complete Dialog Box • Click Open to open the file. As the file does not have an extension, the Open With pop-up window opens. Figure 5.7 Open With Dialog Box • In the Open With pop-up window, select Internet Explorer and click OK to open the configfile with Internet Explorer. • Use Internet Explorer’s File > Save As dialog box to save the configfile as a text file.
Administrative Options 5-9 Figure 5.8 Save File As Dialog Box • From the Save as Type drop-down, select Text File (*.txt). Click Save to save the file.
5-10 CB3000 Client Bridge User’s Guide 5.4 Loading Firmware Motorola periodically releases updated versions of the CB3000 device firmware to the following URL: http://support.symbol.com/support/product/softwaredownloads.do If the CB3000 firmware version displayed on the Information or Troubleshooting screens are older than the version on the Web site, Motorola recommends updating the CB3000 to the latest firmware for full feature functionality.
Administrative Options 5-11 3. Refer to the CB3000 Version displayed at the top of the screen to assess whether a firmware update is required. Compare the installed version with the version available at: http://support.symbol.com/support/product/softwaredownloads.do If a firmware update is required, proceed to step 4. 4. Get the firmware file from either an FTP/TFTP server, or locally, via HTTP, by clicking on the appropriate radio button in the upper and lower panels on the screen. 5.
5-12 CB3000 Client Bridge User’s Guide 5.5 Logging Settings The CB3000 continually logs system events which can prove useful later in assessing the throughput and performance of the CB3000 or troubleshooting problems on the CB3000-managed LAN. The type of event message and where they should be logged can also be configured from the CB3000 console. To configure event logging for the CB3000: 1. Select Tools > Logging Configurations from the CB3000 menu tree. The Logging Configurations screen displays.
Administrative Options 5-13 • eMail address – Enter an email address as the target destination for the log file. • Your Outgoing Mail Server– Enter the IP address of the outgoing mail server required to route the log file to the destination email address. 3. Click Apply to save any changes. 4. Click Undo Changes to undo any changes made. Configurations revert to the last saved configuration.
5-14 CB3000 Client Bridge User’s Guide 5.6 Troubleshooting Options The CB3000 console includes utilities for testing IP network or local network communication issues between the device and host. These utilities (as well as a button to restore the CB3000 to its factory configuration) are available in the CB3000 Troubleshooting screen. Access the Troubleshooting screen by selecting Tools > Troubleshooting from the CB3000 menu tree.
Administrative Options 5-15 d. Click the ICMP Ping Test button. Results of the ping test displays in the Status box. Figure 5.12 Ping Test with Associated Device Status Example Use the results to determine whether the device association should be maintained or replaced by a device association providing better network coverage and signal strength. • Ping the Host – The CB3000 can verify its link with its host by sending WNMP ping packets to the host’s IP address.
5-16 CB3000 Client Bridge User’s Guide
CB3000 Technical Specifications The CB3000 client bridge has the following technical specifications: Weight (with antenna) 0.65 lbs (0.30 kg) Dimensions 7 in. wide x 4 in. deep x 1.2 in. high (17.78 cm. wide x 10.16 cm. deep x 3.05 cm high) excluding external antenna and foot stand Protocol Support TCP/IP, DHCP Standards Conformance IEEE 802.11 IEEE802.3 IEEE802.1d IEEE 802.11a IEEE 802.11g IEEE802.1x IEEE802.
A-2 CB3000 Client Bridge User’s Guide Security 64/128-Bit WEP IEEE 802.1x WPA1 (TKIP) WPA2 (CCMP) Peak Antenna Gain 3 dBi at 2.
SNMP MIB Support The reference design has support for SNMP v2. The SNMP agents WILL be accessible through SNMP manager applications such as HP Open View, MIB browsers. The SNMP agent WILL support read-write, read only or disabled modes. The following are the supported SNMP MIBs. MIB Name Description Supported BRIDGE Module for managing devices supporting 802.1D .1.3.6.1.2.17 IEEE802dot11 Standard MIB for 802.11 devices and includes entities for station management, MAC and PHY settings. .1.2.840.
B-2 CB3000 Client Bridge User’s Guide
Customer Support Motorola’s Enterprise Mobility Support Center If you have a problem with your equipment, contact Enterprise Mobility support for your region. Contact information is available at: http://www.symbol.com/contactsupport.
C-2 CB3000 Client Bridge User’s Guide
Wireless Security Basics CB3000 Client Bridge provides support for the following wireless security protocols. • WEP Security • WPA1 (TKIP) Security • WPA2 (CCMP) Security • Secure 802.
D-2 CB3000 Client Bridge User’s Guide D.1 WEP Security All WLAN devices face possible information theft. Theft occurs when an unauthorized user eavesdrops to obtain information illegally. The absence of a physical connection makes wireless links particularly vulnerable to this form of theft. Most forms of security rely on encryption to various extents. Encryption entails scrambling and coding information, typically with mathematical formulas called algorithms, before the information is transmitted.
D-3 D.2 WPA1 (TKIP) Security Wi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i. WPA is a security standard for systems operating with a Wi-Fi wireless connection. WPA is designed for corporate networks and small-business (retail) environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person.
D-4 CB3000 Client Bridge User’s Guide Table D-1 summarizes the major differences between the protocols. Table D-1.
D-5 Table D-1. Detailed Comparison of TLS-based EAP Methods (continued) EAP Type Authentication Direction Protection of User Identity Exchange TLS (RFC 2716)a TTLS (Internet draft)b PEAP (Internet draft)c Mutual: Uses digital certificates both ways Mutual: Certificate for server authentication, and tunneled method for client Mutual: Certificate for server, and protected EAP method for client No Yes; protected by TLS Yes; protected by TLS a.
D-6 CB3000 Client Bridge User’s Guide D.3 WPA2 (CCMP) Security WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected Access (WPA) and WEP. CCMP is the security standard used by the Advanced Encryption Standard (AES). AES serves the same function TKIP does for WPA-TKIP. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is the preferred encryption protocol in the 802.11i standard.
D-7 D.4 Secure 802.1x Security The Secure 802.1x security option feature provides the CB3000 Client Bridge and its associated clients an additional measure of security for data transmitted over the wireless network. Secure 802.1x uses the Extensible Authentication Protocol (EAP) as an authentication mechanism between devices achieved through the exchange and verification of certificates. The IEEE 802.1x standard ties the 802.1x EAP authentication protocol to both wired and wireless LAN applications.
D-8 CB3000 Client Bridge User’s Guide
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.