background image

29000132-001 A 

 

 

 

 

 

 

 

 

      1

Chapter 1: Introduction

This manual covers the installation and operation of the 3e Technolo-

gies International’s 3e-525A Wireless Access Point. The 3e-525A is a rug-

gedized access point/gateway/bridge which is intended for use in indus-

trial and external environments. It accommodates both 802.11b WLAN 

and 802.11g WLAN access and uses Power over Ethernet (PoE) access to 

the Ethernet WAN to eliminate the need for internal access point power 

supply units (AC-DC converters) and 110-220V cabling installations.  The 

wireless LANs can include mobile devices such as handheld Personal 

Data Assistants (PDAs), mobile web pads, and wireless laptops. 

If encryption is desired for the WLAN, you can employ diffent en-

cryption depending on the mode you are in. If you are using FIPS 140-2 

mode (highly secure) you can set encryption for None, Static AES, Static 

3DES or Dynamic Ket Exchange. If you are using the 3e-525A as an access 

point but not using FIPS 140-2 mode, you can select None, or Statis 3DES, 

or Static AES, Static WEP, or WPA. WPA uses TKIP or AES-CCMP so you 

can employ legacy client WEP cards and still secure the wireless band. 

If it is desired that the access point employ state-of-the-art AES or 

3DES encryption, wireless devices must have the 3e-010F Crypto Client 

software installed. (The 3e-010F Crypto Client software is sold with the 

3e-110 long range PC Card or sold separately for use with other compat-

ible PC Cards.) 

The 3e-525A incorporates IEEE 802.3af (Power over Ethernet) and the 

capability for the highest security functionality (AES) as well as long-

range RF capability. The PoE interface on the 3e-525A is compatible with 

commercial vendor “injected power” hub units (also known as Ethernet 

Power Supply or Power over Ethernet Hubs). 

The 3e-525A includes AES/3DES cryptographic modules for wireless 

encryption  and HTTPS/TLS, for secure web communication. In addition, 

it contains the capability to use the traditional WEP algorithm, either as 

static WEP or managed under WPA. The 3e-525A has an Ethernet WAN 

interface for communication to the wired LAN backbone, Ethernet LAN 

local port for purposes of initial setup and configuration, and two wire-

less LAN antennas for communicating on the 802.11b or 802.11g  frequen-

cy. Further, it has the capability for use of an external (remote) antenna 

(purchased separately), for bridging, using the 802.11b or 802.11g frequen-

cy. The 802.11g frequency is very suitable for use when configuring the 

unit to be used as a bridge. 

Summary of Contents for 3e-525A

Page 1: ...e Technologies International Inc 360 Herndon Parkway Model 3e 525A Suite 1400 Standards FCC 15 247 FCC ID QVT 525A Herndon VA 20170 http www rheintech com Report 2004121 Page 63 of 81 APPENDIX I MANUAL Please refer to the following pages ...

Page 2: ...Wireless Access Point User s Guide Model 3e 525A 3e Technologies International 700 King Farm Blvd Suite 600 Rockville MD 20850 301 670 6779 www 3eti com 29000132 001 A publ 7 09 04 ...

Page 3: ...This page intentionally left blank ...

Page 4: ...If AC power will be used the socket outlet shall be installed near the equipment and shall be easily accessible CAUTION If this device contains a battery there is risk of exposure if the battery is re placed by an incorrect type Dispose of any used batteries according to the instructions on the battery ...

Page 5: ... Technologies International and a copy will be provided to you ___________________________________ UNITED STATES GOVERNMENT LEGEND If you are a United States Government agency then this documentation and the product described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is deli...

Page 6: ...or Use 9 Installation Instructions 10 Minimum System and Component Requirements 10 Ensure the Cabling is Correctly Installed 10 The Indicator Lights 12 Chapter 3 Access Point Configuration 13 Introduction 13 Preliminary Configuration Steps 13 Initial Setup using the Local Port 14 System Configuration 15 General 15 WAN 16 LAN 17 Operating Mode 17 Submodes 18 Wireless Configuration 19 General 19 Sec...

Page 7: ...Logging 42 Reboot 43 Utilities 43 Chapter 4 Gateway Configuration 45 Introduction 45 Configuring in Gateway Mode 47 System Configuration 48 General 48 WAN 49 LAN 50 Operating Mode 51 Wireless Configuration 51 General 51 Advanced Options 53 Encryption 54 No Encryption 54 Static WEP Encryption 54 WPA non FIPS 55 Static AES Key Open System Authentication 57 Static 3DES Key Open System Authentication ...

Page 8: ...ge Setup 75 Setting Up Bridging Type 78 Point to Point Bridge Configuration 78 Point to Point Bridging Setup Guide 79 Point to Multipoint Bridge Configuration 82 Point to Multipoint Bridging Setup Guide 83 Repeater Bridge Configuration 83 Repeater Bridging Setup Guide 83 Chapter 6 The RF Manager Function 85 Introduction 85 How to Access the RF Manager Function 86 How to Program the RF Manager 87 C...

Page 9: ...vi 29000132 0001 A This page intentionally left blank ...

Page 10: ...d If it is desired that the access point employ state of the art AES or 3DES encryption wireless devices must have the 3e 010F Crypto Client software installed The 3e 010F Crypto Client software is sold with the 3e 110 long range PC Card or sold separately for use with other compat ible PC Cards The 3e 525A incorporates IEEE 802 3af Power over Ethernet and the capability for the highest security f...

Page 11: ...S WEP encryption or WPA with TKIP depending on setup HTTPS TLS secure Web 802 1x DHCP client Access Point or Gateway with Bridging also available in either mode Bandwidth control Adjustable Radio Power MAC address filtering Load Balancing Rogue AP Detection The following cryptographic modules have been implemented in the 3e 525A AES for wireless 128 192 256 bit 3DES for wireless 192 bit WEP WPA 80...

Page 12: ...es en abled must conform and If MAC filtering is used the 3e 525A must be configured to allow the wireless device s MAC address to associate com municate with the 3e 525A wireless interface 802 11g Because 802 11g is backwards compatible with 802 11b it is a popular component in LAN construction 802 11g broadens 802 11b s data rates to 54 Mbps within the 2 4 GHz band using OFDM orthogonal frequenc...

Page 13: ...rk interface and can be accessed by devices on the wired network Possible AP Topologies 1 An access point can be used as a single AP without any connec tion to a wired network In this configuration it simply provides a stand alone wireless network for a group of wireless devices 2 The 3e 525A can be used as one of a number of APs connected to an existing Ethernet network to bridge between the wire...

Page 14: ...Encryption and Security The 3e 525A Wireless Access Point includes advanced wireless secu rity features Over the AP band you have a choice of no security Static WEP WPA AES 3DES depending on your mode of operation Some level of security is suggested Static WEP gives you a choice of 64 bit 128 bit or 152 bit encryption WPA includes the option of using a WPA pre shared key or for the enterprise that...

Page 15: ...out the additional expense of VPN firewall technology It includes the use of the 802 1x standard and the Extensible Authentica tion Protocol EAP In addition it uses for encryption the Temporal Key Integrity Protocol TKIP and WEP 128 bit encryption keys Finally a message integrity check MIC is used to prevent an attacker from captur ing and altering or forging data packets In addition it can employ...

Page 16: ...o associate MAC addresses are assigned and registered to each of the wireless cards used by the portable computing devices dur ing initial setup and after physical installation of the access points DHCP Server The DHCP function is accessible only from the local LAN port to be used for initial configuration Operator Authentication and Management Authentication mechanisms are used to authenticate an...

Page 17: ...ging Bridging Encryption Bridging Encryption Bridging Encryption Rogue AP detection Rogue AP detection Rogue AP detection Advanced Advanced Advanced Services Settings Services Settings Services Settings DHCP Server DHCP Server DHCP Server SNMP agent SNMP agent SNMP agent Misc Service Misc Service Misc Service Firewall Firewall Firewall Content Filtering IP Filtering Port Filtering Virtual Server D...

Page 18: ...as PDF files on CD ROM Registration card Warranty card The 802 11g antenna port is used when configuring the unit to be used as a bridge The 802 11g port uses an omni directional antenna The 3e 525A can be mounted outdoors on a high post to achieve the best bridge result It has a lightening protection option to prevent lightning damage The antennas used with the 525A must be installed with a minim...

Page 19: ...o be attached to the wall at appropriate locations To complete the configuration you should have at least the following compo nents PCs with one of the following operating systems installed Windows NT 4 0 Windows 2000 or Windows XP A compatible 802 11b or 802 11g PC Card or 802 11b or 802 11g device for each computer that you wish to wirelessly connect to your wireless network For wireless cards a...

Page 20: ...LAN A second LAN Port Ethernet connector is designed for use during initial configuration only This uses an RJ45 cable to connect the 3e 525A to a laptop The following diagram demonstrates the setup Connect 802 11b g RF Antenna for AP Connect 802 11b g RF Antenna for AP WAN Ethernet Port PoE LAN Ethernet Port Power Injector 110V Power Ethernet switch hub Hardware Setup for 3e Technologies Internat...

Page 21: ...e Strength LED indicator indicates the strength of the connection 1 LED Off means on connection on the bridge side or the signal is very weak 2 LED blinks slowly every 1 second means there is a connection and the signal quality is poor 3 LED blinks fast means there is a connection and the signal quality is good 4 LED steady on means there is a connection and the signal quality is excellent FIPS MO...

Page 22: ... 2 mode There are a few differ ences in non FIPS mode which are described in the Navigation chart on page 8 Preliminary Configuration Steps For preliminary installation the 3e 525A network administrator may need the following information IP address a list of IP addresses available on the organization s LAN that are available to be used for assignment to the AP s Subnet Mask for the LAN Default IP ...

Page 23: ...ess automatically is checked In Windows 2000 XP follow the path Start à Settings à Net work and Dialup Connections à Local Area Connection and select the Properties button In the Properties window highlight the TCP IP protocol and click properties Make sure that the radio button for Obtain an IP address automatically is checked Once the DHCP server has recognized your laptop and has assigned a dyn...

Page 24: ... access for setup configuration This password is case sensitive System Configuration General You will immediately be directed to the System Configuration Gen eral page for the 3e 525A access point This screen lists the firmware version number for your 3e 525A and allows you to set the Host Name and Domain Name as well as establish system date and time Host and Domain Names are both set at the fac ...

Page 25: ... next to the System Configuration WAN page WAN Click the entry on the left hand navigation panel for System Configu ration WAN This directs you to the System Configuration WAN page If not using DHCP to get an IP address input the information that the ...

Page 26: ... LAN Subnet Mask The Local LAN port provides local access for configuration It is not advisable to change the private LAN ad dress while doing the initial setup as you are connected to that LAN Operating Mode This screen allows you to set the operating mode to either Wireless Access Point Bridging or Gateway mode You only need to visit this page if you will be changing from Access Point to Gateway...

Page 27: ...and LAN ports In IPv6 mode the AP can be managed and pass traffic using IPv6 addresses Since IPv6 is relatively new in the industry some networking functions that cannot support IPv6 are disabled such as DHCP server and WPA 802 1x If Use IPv6 mode is selected as a submode then you will need to enter a IPv6 address under System Configuration WAN and LAN screens ...

Page 28: ...LAN port due to the secure nature of the access point The Wireless Configuration General page lists the MAC Address of the 3e 525A device This is not the MAC Address that will be used for the BSSID for bridging setup however That is found on the Bridging page If you will be using an SSID for a wireless LAN enter it here and in the setup of each wireless client This nomenclature has to be set on th...

Page 29: ...o avoid interference Generally it has been found that selecting Channel 4 for Bridging and Channel 11 for AP gives a good spread If you click on the button Select the optimal channel a popup screen will display the choices This action does not select the channel for you but shows you what will most probably be the channel selected if you leave the following dropdown menu at Yes Tx Pwr Mode and Fix...

Page 30: ...ement frames Basic Rates for 802 11g or 802 11b g mixed 1 and 2 Mbps 1 2 5 5 11 12 and 24 Mbps The basic rates used and reported by the AP The highest rate specified is the rate that the AP uses when transmitting broadcast multicast and management frames Supported Rates Supported Rates for 802 11b All Rates 1 Mbps 2 Mbps 5 5 Mbps 11 Mbps The rate at which all data frames will be transmitted Suppor...

Page 31: ...ncryption Options on the 3e 525A In FIPS 140 2 Mode In non FIPS AP Mode None None Static AES AES ECB Static WEP Static 3DES WPA Preshared Key or 802 1x us ing Radius Server and TKIP or AES CCMP Dynamic Key Exchange with 3e 030 Security Server pur chased separately In the following explanations the FIPS Mode security options are discussed first No Encryption In order to the 3e 525A with no encrypti...

Page 32: ...ck cipher algorithm and encryption technique for protecting computerized infor mation With the ability to use even larger 192 bit and 256 bit keys if desired it offers higher security against brute force attack than the old 56 bit DES keys The specific AES algorithm authorized for use in FIPS 140 2 mode is AES ECB Static 3DES Key To use 3DES enter a 192 bit key as 48 hexidecimal digit 0 9 a f or A...

Page 33: ...ver software application is discussed in a separate manual If you have installed the Security Server software Dynamic Key Management is the preferred security setup Get the IP Address and password of the Security Server and the Key type Key type will be either 3DES 192 bit or AES 128 bit 192 bit or 256 bit Thereafter the Security Server handles authentication dynamically Once you have selected the...

Page 34: ... to 40 bit or 128 bit encryption WEP Wired Equivalent Privacy Encryption is a security protocol for wireless local area networks WLANs defined in the 802 11b standard WEP was originally designed to provide the same level of security for wireless LANs as that of a wired LAN but has come under attack for its defaults and is not now state of the art WEP relies on the use of identical static keys depl...

Page 35: ...then each wireless de vice must also be coded for shared key To use WEP encryption iden tify the level of encryption the Default WEP key and designate the WEP keys as shown on the screen WPA non FIPS Wi Fi Protected Access or WPA was designed to enable use of wire less legacy systems employing WEP while improving security WPA uses improved data encryption through the temporal key integrity protoco...

Page 36: ...elect the lowest re keying interval As an alternative for business applications who have installed Radius Servers select WPA 802 1x and input the Primary and Backup Radius Server settings Use of Radius Server for key management and authenti cation requires that you have installed a separate certification system and each client must have been issued an authentication certificate Once you have selec...

Page 37: ...e from communication with the access point and input those MAC Addresses to the MAC Address list Bridging and Bridging Encryption Bridging is covered in chapter five If you will be deploying this 3e 525A as a bridge follow the instructions in chapter five Rogue AP Detection The Rogue AP Detection page allows the network administrator to set up rogue AP detection If you enable rogue AP detection al...

Page 38: ...to 500 kbps or 0 5 Mbps the network can only serve a maximum of 0 5 mbps per client Even if only one client is on the network a maximum of 0 5 Mbps will be allowed If on the other hand the BW Control is set to a higher number say 3 Mbps a single client can take up to 3 Mbps of bandwidth when it requires while the other clients will share the remain ing bandwidth The decision as to who gets the 3 M...

Page 39: ...SNMP Manager which usually resides on a network administrator s computer The SNMP Manager function interacts with the SNMP Agent to execute applications to control and manage object variables interface features and devices in the gateway Common forms of managed infor mation include number of packets received on an interface port status dropped packets and so forth SNMP is a simple request and resp...

Page 40: ... The IP address or name where the information is ob tained Access Control Defines the level of management interaction per mitted Misc Services Print Server The print server function can be enabled or disabled It is enabled by default If you do not plan to set up the print server function you can click disable ...

Page 41: ...3e 525A Outdoor Access Point 32 29000132 001 A ...

Page 42: ...ed for the unit Add New User The Add New User screen allows you to add new Administrators as signing and confirming the password for the administrator The screen shown above is the screen as it will appear in FIPS 140 2 mode The Password complexity check and the Minimal Password length are established on the User Management Password Policy page ...

Page 43: ...that contains characters from 3 of the follow ing 4 groups uppercase letters lowercase letters numerals and symbols If enabled you must also select minimum password length Click Apply to save your selection Monitoring Reports This section gives you a variety of lists and status reports Most of these are self explanatory System Status This screen displays the status of the 3e 525A Device and Networ...

Page 44: ...e pop up informational menus that give detailed infor mation about CPU PCI Interrupts Process and Interfaces Bridging Status This screen displays the Ethernet Port STP Status Wireless Port STP Status and Wireless Bridging Information ...

Page 45: ...he Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate The screen shown here emulates the FIPS 140 2 setup and contains a column for EM CON response The non FIPS mode doesn t display this column ...

Page 46: ... a No this can mean either the client didn t receive the command or the client is no longer in the areas or the client software doesn t support the RF management feature This status information remains active for 5 minutes after the clients are disabled Once the transmit power is re enabled and clients re associate to the AP EMCON information is maintained for them If a new client that wasn t asso...

Page 47: ... click the Make Trusted button the AP will thereaf ter be accepted by the 3e 525A as a trusted AP DHCP Client List The DHCP client list displays all clients currently connected to the 3e 525A via DHCP server including their hostnames IP addresses and MAC Addresses The DHCP Client list will continue to collect entries To remove entries from t he list check mark the Revoke Entry selection and click ...

Page 48: ...cal support The System log will continue to accumulate listings If you wish to clear listings manually use the Clear button Web Access Log The Web Access Log displays system facility messages with date and time stamp for any actions involving web access For example this log re cords when you set encryption mode change operating mode etc using the web browser It establishes a running record regardi...

Page 49: ...ity The Network Activity Log keeps a detailed log of all activities on the network which can be useful to the network administration staff The Network Activities log will continue to accumulate listings If you wish to clear listings manually use the Clear button ...

Page 50: ...e firmware integrity tests and critical function tests and conditional tests The 3e 525A self test suite includes AES 3DES SHA 1 Algorithms Random Number Generation Diffie Hellman for Dynamic Key Exchange RSA and HMAC SHA 1 Algorithm for firmware verification If you want to perform a self test click on the start test button A warning message will appear stating If self test fails the system will h...

Page 51: ...rward the syslog data from each machine to a central remote logging server In the 3e 525A this function uses the syslogd daemon You can find more information about syslogd by searching for syslogd in an Internet search engine such as Google to find a version compatible with your operating system If you enable Remote Logging input a System Log Server IP Address and System Log Server Port Click Appl...

Page 52: ...3e 525A without changing any preset functionality Utilities This screen gives you ready access to two useful utilities Ping and Traceroute Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button as appropriate ...

Page 53: ...3e 525A Outdoor Access Point 44 29000132 001 A This page intentionality left blank ...

Page 54: ...r 4 Gateway Configuration Introduction Chapter 3 covered the default configuration of the 3e 525A Wireless Access Point as an access point for use as part of a host wired network This chapter covers configuration as a gateway If additional security for the wireless network is desired differen tiating it from the wired network to which it is connected set it up in gateway mode Gateway mode takes ad...

Page 55: ...3e 525A Wireless Access Point 46 29000132 001 A A comparison of gateway and access point setup for the 3e 525A AP ...

Page 56: ... the LAN address was changed to 10 0 0 then you would enter https 10 0 0 1 Then click Go on the Web browser You will be asked for your user name and password You will need to have the ID and password for the Crypto Officer role to change the mode from access point to gateway If that has not yet been changed use the default CryptoOfficer with the password CryptoFIPS to allow full ac cess Click on O...

Page 57: ... 2 compliant in gateway mode The following sections cover the functions and screens in gateway mode Much of the infomation is similar to the access point mode but is presented here for your convenience System Configuration General The System Configuration General page for the 3e 525A AP gate way lists the firmware version for your 3e 525A AP and allows you to set the Host Name and Domain Name as w...

Page 58: ...ink the pri vate WLAN users to the external enterprise or shipboard network which is to be outside the protected wireless LAN Normally you will be provided with the IP address Subnet Mask Default Gateway and DNS to assign by the Network Administrator for the Ethernet Network There are two ways to configure the WAN IP address 1 Obtain an IP address Automatically This configuration allows the Ethern...

Page 59: ...up the default numbers for the four octets for a possible pri vate LAN function for the access point You can also change the default subnet mask The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port ...

Page 60: ...on will be reset to factory settings Wireless Configuration General Wireless configuration allows your computer s wireless PC Card to talk to the access point Once you have completed wireless configuration of the 3e 525A AP you can set up the rest of the configuration wirelessly if you wish This assumes that you have installed and configured the secure wireless card on your computer If you have no...

Page 61: ... assigning frequencies to access points when many are used in the same WLAN to minimize interfer ence There are 11 channel numbers that may be assigned Tx Pwr Mode and Fixed Pwr Level The Tx Power Mode defaults to Auto giving the largest range of radio transmission available under ambient conditions As an option the AP s broadcast range can be limited by setting the Tx Power Mode to Fixed and choo...

Page 62: ... Basic Rates for 802 11b 1 and 2 Mbps 1 2 5 5 and 11 Mbps The basic rates used and reported by the AP The highest rate specified is the rate that the AP uses when transmitting broadcast multicast and man agement frames Basic Rates for 802 11g or 802 11b g mixed 1 and 2 Mbps 1 2 5 5 11 12 and 24 Mbps The basic rates used and reported by the AP The highest rate specified is the rate that the AP uses...

Page 63: ... reasons it will not communicate to any clients unless the encryption is set by the administrator It is recommended that you set encryption as soon as possible No Encryption In order to use the 3e 525A with no encryption you must actively select None and click Apply A screen will appear asking if you really want to operate in Bypass mode If you answer Yes no encryption will be applied Static WEP E...

Page 64: ...er on each wireless device Key management becomes increasingly difficult as the number of clients increases but the use of WEP encryption on small office wireless networks provides some measure of security WEP was never intended to be a complete security solution but rather provides protection equivalent to that of wired networks WPA non FIPS Wi Fi Protected Access or WPA was designed to enable us...

Page 65: ... don t have the expense of installing a Radius Server Simply input up to 63 character numeric hexadecimals in the Passphrase field If your clients use WPA TKIP select TKIP as encryption type If your clients use WPA AES select AES CCMP If a combination select AUTO For highest security select the lowest re keying interval As an alternative for business applications who have installed Radius Servers ...

Page 66: ...use even larger 192 bit and 256 bit keys if necessary it offers higher security against brute force attack than the old 56 bit DES keys For even greater security you can select a 192 bit or 256 bit key Once you have selected the options you will use click Apply Static 3DES Key Open System Authentication The 3e 525A AP in gateway mode can accommodate advanced static encryption using either AES or 3...

Page 67: ...ll be able to communicate with the access point Input the MAC addresses of all the PC cards that will be authorized to access this device The MAC address is engraved or written on the PC PCMCIA Card The MAC Addresses you have input and any identify ing note will appear in the lower window once you click the Add button You delete MAC Addresses by simply clicking the Delete button next to the MAC Ad...

Page 68: ... allows you to enable or disable load balancing and to control bandwidth Load balancing is enabled by default Load balancing distributes traf fic efficiently among network servers so that no individual server is over burdened For example the load balancing feature balances the wireless clients between APs If two APs with similar settings are in a conference room depending on the location of the AP...

Page 69: ... Server This page allows configuration of the DHCP server function accessible from the LAN port The default factory setting for the DHCP server func tion is enabled You can disable the DHCP server function if you wish You can also set the range of addresses to be assigned ...

Page 70: ...ion interacts with the SNMP Agent to execute applications to control and manage object variables interface features and devices in the gateway Common forms of managed infor mation include number of packets received on an interface port status dropped packets and so forth SNMP is a simple request and response protocol allowing the manager to interact with the agent to either Get Allows the manager ...

Page 71: ...tained Access Control Defines the level of management interaction per mitted Misc Service The print server function can be enabled or disabled It is enabled by default If you do not plan to set up the print server function you can click Disable Firewall Content Filtering The Content Filtering page allows the system administrator to identi fy particular hosts or IPs that will be blocked from access...

Page 72: ...ddress Port Filtering Port filtering permits you to configure the Gateway to block outbound traffic on specific ports It can be used to block the wireless network from using specific protocols on the network Following is a list of well known TCP and UDP ports Port Range Protocol 20 21 FTP 23 Telnet 25 SMTP Simple Mail Transfer for email sending 80 HTTP World Wide Web 110 POP3 Post Office Protocol ...

Page 73: ...as Telnet port 23 FTP port 21 and Web server port 80 Client computers on the Private LAN can host these applications and allow users from the Internet to access these applications hosted on the virtual servers This is done by mapping virtual servers to private IP addresses according to the specific TCP port application As the planning table below shows we have identified a Telnet port 23 virtual s...

Page 74: ...ed on the Private Network be manually statically assigned to coincide with a static server mapping to that specific IP address Virtual servers should not rely on the dynamic IP assignment of the DHCP server function which could create unmapped IP address assignments Protocol Selection of either UDP TCP or Both TCP and UDP al lows these specified network protocols to pass through during the TCP por...

Page 75: ...button However any Internet user who knows the WAN IP address of the gateway can connect to the DMZ host since the firewall feature is disabled for this device causing a potential security risk to data residing on that host Again it is recommended that IP addresses of DMZ host computers on the Private Network be manually statically assigned to coincide with a static DMZ host mapping to that specif...

Page 76: ...he Crypto Officer to add new Administrator users assigning and confirming passwords The Admin istrator role performs general security services including cryptographic operations and other approved security functions The Administrator role does not however perform cryptographic initialization or management functions such as module initialization input or output of cryptographic keys and CSPs and au...

Page 77: ...8 29000132 001 A Monitoring Reports This section gives you a variety of lists and status reports Most of these are self explanatory System Status This screen displays the status of the 3e 525A AP device and network interface details ...

Page 78: ...Status This screen displays the Ethernet Port STP Status Wireless Port STP Status and Wireless Bridging Information Wireless Clients The Wireless Clients report screen displays the MAC Address of all wireless clients and their signal strength and transmit rate ...

Page 79: ...ient list displays all clients currently connected to the 3e 525A AP via DHCP server including their hostnames IP addresses and MAC Addresses System Log The system log displays system facility messages with date and time stamp These are messages documenting functions performed internal to the system based on the system s functionality Generally the Admin istrator would only use this information if...

Page 80: ...volving web access For example this log re cords when you set encryption mode change operating mode etc using the web browser It establishes a running record regarding what actions were performed and by whom Network Activites The Network Activities Log keeps a detailed log of all activities on the network which can be useful to the network administration staff ...

Page 81: ... 001 A System Administration The System administration functions contain administrative func tions some of which can be performed only if the user is logged on as a Crypto Officer The screens and functions are detailed in the following section ...

Page 82: ...find it and upload it to the 3e 525A AP from this page Only the Crypto Officer role can access this function Factory Default The Factory Default or Restore button is a fallback troubleshooting function that should only be used to reset to original settings Only the Crypto Officer role has access to the Restore button Remote Logging If enabled input a System Log Server IP Address and System Log Ser...

Page 83: ... any preset functionality Both Crypto Officer and Administrator func tions have access to this function Utilities This screen gives you ready access to two useful utilities Ping and Traceroute Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button as appropriate ...

Page 84: ... whether you are in access point or gateway mode General Bridge Setup Bridging is a function that is set up in addition to basic access point setup If you will be using the 3e 525A solely as a bridge some of the settings you may have selected for access point gateway use will not be necessary If setting up as a bridge during initial setup you can either use the LAN Port directly wired by Ethernet ...

Page 85: ...eries to minimize interference or noise There are 11 channel numbers that can be assigned TX Pwr Mode can be left in its default of Auto The Wireless Configuration Bridging screen contains wireless bridging information including the channel number Tx power spanning tree protocol 802 1d enable disable and remote OAP BSSID This page is important in setting up your bridge configuration Spanning Tree ...

Page 86: ...ridge This is an impor tant page to set up to ensure that your bridge is working correctly The en cryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur And on this screen you can only select either a static 192 bit 3DES key or an AES key of either 128 bit 192 bit or 256 bit ...

Page 87: ...odes Because the bridge function uses a separate WLAN card for bridging you can also set up WLANs on the separate AP WLAN card For the two bridges that are to be linked to communicate properly they must be set up with compatible commands in the setup screens For instance the bridges must have the same channel number Be cause there is a separate WLAN card for bridging there can be a separate WLAN o...

Page 88: ...tion Encryption Set for 802 11b g WLAN Set for 802 11b g WLAN Wireless Configuration Bridging Channel 4 4 Tx Power Auto Auto Wireless Client Access Enable Enable Spanning Tree Protocol Enable or Disable if no bridging loop pos sible Enable or Disable if no bridging loop pos sible BSSID Add Bridge 2 BSSID Add Bridge 1 BSSID Wireless Configuration Bridging Encryption Select appropriate key type leng...

Page 89: ...f the Remote APs which will be listed in section 3 at the bottom of the screen once the system is operational as the guiding port that you wish to have display in the WLANSS LED on the front of the 3e 525A as a signal If you don t wish to display any connection signal simply leave this set at 0 Click Apply to accept your changes but remain on that screen In the second section on the Wireless Confi...

Page 90: ...ate to Wireless Configuration Bridging Encryption Select the appropriate key type and length and the key value The encryp tion key value and type for Bridge 1 must be the same as for Bridge 2 For wireless bridging only AES and 3DES are available for encryption ...

Page 91: ...reens For instance all bridges must have the same channel number Span ning Tree Protocol will usually be set to Enable If configured as in the diagram following Bridge 1 must contain all of the others BSSIDs while Bridge 2 n must only contain Bridge 1 s BSSID The BSSID of each is equivalent to the MAC address found on the Wireless Configuration Bridging page Enter only hexadecimal numbers no colon...

Page 92: ... Bridge 2 n BSSIDs Add Bridge 1 BSSID Wireless Configuration Bridging Encryption Select appropriate key type length and value Must be the same key as Bridge 2 n Select appropriate key type length and value Must be the same key as Bridge 1 The above recommended setup requires only Bridge 1 to be set in point to multipoint mode It is possible to set all bridges in point to multipoint mode in which c...

Page 93: ...to Auto BSSID Add Bridge 2 s BSSID Add Bridge 1 s and Bridge 3 s BSSID Add Bridge 2 s BS SID Wireless Configu ration Bridging Encryption Select appropriate key type length and enter key value Must be the same as that on the other 2 Bridges Select appropriate key type length and enter key value Must be the same as that on the other 2 Bridges Select appropriate key type length and enter key value Mu...

Page 94: ...ted with it The basic architecture is shown in the chart below RF Manager Disable Tx Power Client 1 Disable Tx Power Client 2 Disable Tx Power Client 2 Acknowledges Disabling Power Client 1 Acknowledges Disabling Power 10 seconds after RF Manager Request Client 1 Disables Power Client 2 Disables Power AP Disables Power Access Point Client 1 Client 2 CAUTION You can not use this utility if you are ...

Page 95: ...k on RF Manager on the Installation CD main menu to start the autoinstall If for any reason the autoinstall function doesn t initiate open a window from the My Computer icon on your desktop to your CD drive and double click the 3E RFMGR EXE icon in the RF Manager folder on the CD Once the RF Manager is installed use the path Start Programs 3e RF Manager and click on 3e RF Manager The main RF Manag...

Page 96: ... see the contents of one of these files simply right click the file name and select Open from the dropdown menu Because the file has an extension 3eti which Windows is not yet familiar with the very first time you attempt to open it Windows will ask you what program you want to open it with as shown in the screen on the following page Choose a text editor that you are comfortable with such as Word...

Page 97: ...e individually re engaged either by rebooting or by re inserting the PC Card You can customize files to control only certain APs or groups of APs Each AP that you group into a configuration file must have the same Ad min Password The following gives you a sample of the code that you can use from the SampleRadioOn 3eti file Sample of coding in SampleRadioOn 3eti file This Sample Configuration file ...

Page 98: ...ager screen browse to and select the file that you want to use to manage your APs That file name should now appear in the Configuration File window Now enter the Password for that group of APs Finally hit the Configure button The Configure Status window will keep you informed of the progress of the update If your update has been successful you should see a message that indicates you have successfu...

Page 99: ...cess Point 90 29000132 001 A If any part of your update has failed the Configure Status window will show you that it has failed in part or in whole and direct you to the area of the configuration file that you need to fix ...

Page 100: ... gateway now The following instructions cover how to set it up using Windows 2000 as your operating system Win dows XP is similar to Windows 2000 Install Print Service for Unix Windows 2000 1 Open the Control Panel and select Add Remove Programs 2 In the Add Remove Programs window on the left navigation bar select Add Remove Windows Components ...

Page 101: ...ll this component You may need your windows install CD 5 Windows informs you that the action is complete Click Finish and close the prior screen Set Up the Printer Now you are prepared to set up your new printer resource Follow this procedure 1 Access the Control Panel and select the Printers icon as shown on the following picture 2 From the Printers window select Add Printer ...

Page 102: ...0132 001 A 93 3 The Add Printer Wizard starts Click Next 4 From the following screen select Local Printer and uncheck the selection Automatically detect and install my Plug and Play printer Then click Next ...

Page 103: ...t and use the arrow to find and highlight LPR Port Then click Next 6 Next in the field for Name or address of the server providing lpd type the IP address assigned to the 3e 525A LAN In the field for Name of printer or print queue on the server type lp or lpusb Then click OK ...

Page 104: ... screen do not select to share the printer The Access Point does the sharing not the printer It is a good idea to print a test page to confirm that the setup has been successful After you complete the printer s setup you will also need to ensure that each device that needs to access the printer on the network is properly configured by performing the procedure detailed above The above procedure app...

Page 105: ...3e 525A Wireless Access Point 96 29000132 001 A This page intentionally left blank ...

Page 106: ...s These limits are designed to pro vide reasonable protection against harmful interference when the equip ment is operated in a commercial environment This equipment gener ates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is...

Page 107: ...oint One is used for the Access Point function the other is used for the Bridge Channel Separa tion is required to reduce interference between the AP and Bridge WLAN cards We have found that assigning 11 to the AP WLAN card channel and 4 to the Bridge WLAN card has given the optimum channel separa tion in test installations ...

Page 108: ...nction and therefore ac cepts IP address assignment from the controlling network AES Short for Advanced Encryption Standard a symmetric 128 bit block data encryption tech nique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen The U S government adopted the algorithm as its encryption technique in October 2000 replacing the DES encryption it used AES works at multiple network laye...

Page 109: ...ity code called an SSID in each wireless device and they thereafter operate as a group TKIP Temporal Key Integrity Protocol TKIP is a protocol used in WPA It scrambles the keys using a hashing algorithm and by adding an integrity checking feature ensures that the keys haven t been tampered with VPN Virtual Private Network A VPN uses encryption and other security mechanisms to ensure that only auth...

Reviews: