3e Technologies International AirGuard 3e-525C-3, User Manual

Page 1: ...AirGuard Wireless Access Point User s Guide Model 3e 525C 3 3e Technologies International 700 King Farm Blvd Suite 600 Rockville MD 20850 301 670 6779 www 3eti com 29000171 001 A publ 12 12 05 ...

Page 2: ...This page intentionally left blank ...

Page 3: ...3e Technologies International s AirGuard Wireless Access Point User s Guide Model 3e 525C 3 ...

Page 4: ... contact 3e Technologies International and a copy will be provided to you ___________________________________ UNITED STATES GOVERNMENT LEGEND If you are a United States Government agency then this documentation and the product described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Softw...

Page 5: ...C 3 Navigation Options 12 Chapter 2 Hardware installation 13 Preparation for Use 13 Installation Instructions 14 Minimum System and Component Requirements 14 Cabling 15 Bridge Transmit Distance 16 Bridge Antenna Location 16 Outdoor Protection Kit Installation 17 Earth Ground Connection 18 Lighnting Arrestor Installation 18 Antenna Installation 20 Sealing Antenna Connections 20 Mounting Kit Setup 2...

Page 6: ...Log 50 System Administration 51 System Upgrade 51 Firmware Upgrade 51 Local Configuration Upgrade 52 Remote Configuration Upgrade 53 Factory Default 55 Remote Logging 56 Reboot 56 Utilities 57 Chapter 4 Gateway Configuration 59 Introduction 59 Configuring in Gateway Mode 61 WAN 62 Main IP Setting 62 IP Aliasing 63 LAN 64 Security 65 Firewall 65 Content Filtering 65 IP Filtering 66 Port Filtering 6...

Page 7: ...ridging Setup Guide Auto Mode 81 Point to Multipoint Bridge Configuration 85 Point to Multipoint Bridging Setup Guide Manual Mode 86 Point to Multipoint Bridging Setup Guide Auto Mode 86 Repeater Bridge Configuration 87 Repeater Bridging Setup Guide Manual Mode 87 Repeater Bridging Setup Guide Auto Mode 88 Chapter 6 Technical Support 89 Manufacturer s Statement 89 Radio Frequency Interference Requ...

Page 8: ...vi 29000171 001 A ...

Page 9: ...loy different encryption depending on the mode you are in You can select None Static WEP WPA or WPA2 WPA uses TKIP or AES CCMP so you can employ legacy client WEP cards and still secure the wireless band The 3e 525C 3 incorporates Power over Ethernet The PoE interface on the 3e 525C 3 is compatible with commercial vendor injected power hub units The 3e 525C 3 includes cryptographic modules for wir...

Page 10: ...n only Wireless VLAN Wireless AP with operating range of 2000 feet Wireless Bridge Power over Ethernet PoE Above average temperature range for extreme environments with TEC option WEP encryption or WPA WPA2 AES CCM with TKIP HTTPS TLS secure Web DHCP client Adjustable Radio Power MAC address filtering Load Balancing Rogue AP Detection The following security modules have been implemented in the 3e ...

Page 11: ...tup so that the wireless device is seen to be part of the network by the 3e 525C 3 Encryption and authentication capabilities and types en abled must conform and If MAC filtering is used the 3e 525C 3 must be configured to allow disallow the wireless device s MAC address to associate communicate with the 3e 525C 3 wireless inter face 802 11g Because 802 11g is backwards compatible with 802 11b it ...

Page 12: ...ng 2 4GHz WLANs that don t use Super G because there isn t enough room in the 2 4GHz wireless LAN spectrum for the increased spectrum used by channel bonding Moreover Super G doesn t check to see if 11b or 11g standards compliant devices are in range before using its non standard techniques Network Configuration The 3e 525C 3 is an access point with bridging setup capability Access point Gateway p...

Page 13: ...Ethernet network to bridge between the wired and wireless environments Each AP can operate independently of the other APs on the LAN Multiple APs can coexist as separate individual networks at the same site with a different network ID SSID 3 The last and most prevalent use is multiple APs connected to a wired network and operating off that network s DHCP server to provide a wider coverage area for...

Page 14: ...8 bit encryption WPA includes the option of using a WPA pre shared key or for the enterprise that has a Radius Server installed configura tion to use the Radius Server for key management with either TKIP or AES CCMP Bridging encryption is established between 3e 525C 3 s and includes use of AES CCMP encryption SSID The Service Set ID SSID is a string used to define a common roam ing domain among mu...

Page 15: ...ly integrated systems that do not support software upgrades by a third party such as some cell phones intended for e g the 3G market Non tightly integrated products like most laptop and PDU adapt ers still must support EAP TLS to receive WPA2 certifica tion 3eTI wireless client and wireless access point devices use standards based EAP TLS with no modifications for complete interoperability with 80...

Page 16: ...ty authentication of the entire packet including the MAC header AES CCMP has been deemed to surpass the RC4 stream cipher upon which the older WEP and WPA security protocols are based 3eTI was the first company to take it s AES algorithm through the NIST CCM algorithm certification process thereby ensuring that 3eTI s AES CCMP is standards based non proprietary and ready for wide WPA2 interoperabi...

Page 17: ...N exists The mapping between the wireless network and the wireless VLAN happens inside the AP Each Wireless VLAN can set its own security level For example the VLAN for an enterprise network access may use 802 11i with EAP TLS authentication while the VLAN for guest internet access may simply use 802 11i with Pre Shared Key 3e 525C 3 supports up to 16 VLANs When VLAN is enabled all data coming out...

Page 18: ...vices for all users of the wireless network when they first attempt to connect While the user must log in basic non user generated information is allowed to pass on the wireless network prior to authentication including the authentication data to and from the authentication server and audit records passed from the client to the server The user is not allowed to specifically send any traffic over t...

Page 19: ...e Crypto Officer initially installs and configures the 3e 525C 3 after which the password should be changed from the default password The ID and Password are case sensitive Management After initial setup maintenance of the system and programming of security functions are performed by personnel trained in the procedure using the embedded web based management screens The next chapter covers the basi...

Page 20: ...mode only Services Settings Services Settings SNMP Agent SNMP Agent Firewall Firewall Content Filtering IP Filtering Port Filtering Virtual Server DMZ Advanced Admin User Management Admin User Management List All Users Edit Delete List All Users Edit Delete Add New User Add New User Monitoring Reports Monitoring Reports System Status System Status Bridging Status Bridging Status Bridging Site Map ...

Page 21: ... degrees C to 70 degrees C The latter version of the product employs ThermoElectric Cooler TEC technology to extend the product into the higher temperature environment The TEC Technology comes with a price it requires power to transfer the heat Unfortunately this raises the electric current requirement to 25 watts beyond the 802 3af specification of 15 4 watts To ensure that the 3e 525C 3 with TEC...

Page 22: ... and its iden tifiable parts so that the user is sufficiently familiar to interact with the physical unit Preliminary setup information provided below is intended for information and instruction of the wireless LAN system administra tion personnel It is intended that the user not open the unit Any maintenance re quired is limited to the external enclosure surface cable connections and to the manag...

Page 23: ...ector which runs DC power through the Ethernet cable to the unit The Ethernet cable is thus run from the 3e 525C 3 to the power injector which is then connected to a power source and the wired LAN A second LAN Port Ethernet connector is designed for use during initial configuration only This uses an RJ45 cable to connect the 3e 525C 3 to a laptop The following diagram demonstrates the setup Connec...

Page 24: ...loss Where LP free space path loss between antennas F frequency in GHz D path length in miles Bridge Antenna Location When as bridge device the 3e 525C 3 may need to be mounted out doors on a high place to achieve the best bridge result The Fresnel zone and Earth bulge dominate to decide how high that the unit s Antenna need be put The total antenna height equals the width of Fresnel zone plus the...

Page 25: ...mounted outdoors where CE Mark certification is required use of the Outdoor Protection Kit or equivalent is MANDATORY Failure to install this protection will void the warranty The Outdoor Protection Kit 3e OPK 3 contains the following items 10 inch 10AWG wire with 8 ring terminal on one end and a 10 ring terminal on the other end 12 inch 10 AWG wire with 8 ring terminal on one end and a 10 ring te...

Page 26: ...the ring terminal attached to the 3e 525C 3 s grounding stud Make sure the ring terminal is against the unit s metal case The earth ground ring terminal should be the first con nection on the unit s grounding stud NOTE The cable used to connect to a proper earth ground must be AWG 10 or heavier This cable should be kept as short as possible Lighnting Arrestor Installation Examine the lightning arr...

Page 27: ...2 inch wire is mounted closer to the ground stud see figure Tighten the two lightning arrestors to the N connector finger tight Attach the ring terminal from the Lightning Arrestors ground cable to the grounding stud on the 3e 525C 3 unit The lightning arrestor s ring terminal should be attached to the unit after the earth ground ring terminal is attached Perform this same procedure for every ante...

Page 28: ...talled the connections should be sealed to protect them from the exterior harsh environment Use a self amalgamating polyisobutylene tape which over a period of hours ad heres to itself and forms a single amalgamated rubber molding conform ing to the shape of the item it is covering Once the tape is in place for several hours it forms a shaped rubber molding that is resistant to water and most solv...

Page 29: ... unit high in the air Use the U ring screws and nuts to attach the mounting plate to the post Next attach the 3e 525C 3 to the mounting plate with screws The Indicator Lights The top panel of the 3e 525C 3 contains a set of indicator lights Light Emitting Diodes or LEDs that help describe the state of various network ing and connection operations Power WAN WLAN 1 WLAN 2 WLAN SS ...

Page 30: ...LED indicator indicates the strength of the Bridge connection WLAN2 1 LED Off means no connection on the bridge side or the signal is very weak 2 LED blinks slowly every 1 second means there is a connec tion and the signal quality is poor 3 LED blinks fast means there is a connection and the signal quality is good 4 LED steady on means there is a connection and the signal quality is excellent Note...

Page 31: ...le of configuration we have chosen to present all the screens in the FIPS 140 2 mode There are a few differ ences in non FIPS mode which are described in the Navigation chart on page 8 Preliminary Configuration Steps For preliminary installation the 3e 525C 3 network administrator may need the following information IP address a list of IP addresses available on the organization s LAN that are avai...

Page 32: ... for Obtain an IP address automatically is checked In Windows 2000 XP follow the path Start à Settings à Net work and Dialup Connections à Local Area Connection and select the Properties button In the Properties window highlight the TCP IP protocol and click properties Make sure that the radio button for Obtain an IP address automatically is checked Once the DHCP server has recognized your laptop ...

Page 33: ...URL for the 3e 525C 3 Local LAN in the address line https 192 168 15 1 You will be asked for your User Name and Password The default is crypto with the password officer to give full access for setup configu ration This password is case sensitive Please read the terms and condi tions and check the checkbox then click Sign In to continue configuration ...

Page 34: ...h set at the fac tory for default but can optionally be assigned a unique name for each You can also enter a description of the physical location of the unit in the Description field This is useful when deploying units to remote lcoations To set the date and time you can do it manually or set it based on the NTP server Also you can modify the terms and conditions login banner on the login screen T...

Page 35: ...creen allows you to set the operating mode to either Wireless Access Point Bridge or Gateway Bridge mode You only need to visit this page if you will be changing from Access Point to Gateway or if you want to change your submode Note that if you change modes from AP to Gateway your configura tion is not lost ...

Page 36: ...or System Configu ration WAN This directs you to the System Configuration WAN screen If not using DHCP to get an IP address input the static IP information that the access point requires in order to be managed from the wired LAN This will be the IP address Subnet Mask Default Gateway and where needed DNS 1 and 2 Click Apply to accept changes ...

Page 37: ... the System Configuration LAN screen This sets up the default numbers for the four octets for a possible pri vate LAN function for the access point It also allows changing the default numbers for the LAN Subnet Mask The Local LAN port provides local access for configuration It is not advisable to change the private LAN ad dress while doing the initial setup as you are connected to that LAN ...

Page 38: ...f you have not done so you will have to do that to establish communications Follow the manufacturer s instructions to set up the PC Card on each wireless device that will be part of the WLAN The Wireless Access Point General screen lists the MAC Address of the AP card This is not the MAC Address that will be used for the BS SID for bridging setup however That is found on the Wireless Bridge Genera...

Page 39: ...hen channel 11 and then continue with 1 6 11 you will have the optimum frequency spread to decrease noise If you click on the button Select the optimal channel a popup screen will display the choices It will select the optimal channel for you You can also set it up to automatically select the optimal channel at boot up CHANNEL NO OPTIONS Wireless Mode Channel No 802 11b 802 11g 802 11b g Mixed 1 2...

Page 40: ...RTS threshold the RTS CTS handshaking is performed DTIM 1 255 The number of beacon intervals that broadcast and multicast traffic is buffered for a client in power save mode Basic Rates Basic Rates for 802 11b 1 and 2 Mbps 1 2 5 5 and 11 Mbps The basic rates used and reported by the AP The highest rate specified is the rate that the AP uses when transmitting broadcast multicast and management fram...

Page 41: ...ryption is set by the CryptoOfficer There are different encryption options for the AP The following chart shows the differences Encryption Options None 802 11i and WPA Preshared Key or 802 1x us ing Radius Server and TKIP or AES CCMP Static WEP No Encryption In order to the 3e 525C 3 with no encryption you must actively select None and click Apply A screen will appear asking if you really want to ...

Page 42: ...rovide the same level of security for wireless LANs as that of a wired LAN but has come under attack for its defaults and is not now state of the art WEP relies on the use of identi cal static keys deployed on client stations and access points But the use of WEP encryption provides some measure of security Utilities exist for scanning for networks and logging all the networks it runs into includin...

Page 43: ...c hexadecimals in the Passphrase field If your clients use WPA TKIP select TKIP as encryption type If your clients use WPA AES select AES CCMP If a combination select AUTO Enable pre authentication to allow a client to authenticate in advance with the AP before the client is associated with it Allowing the AP to pre authenticate a client decreases the transition time when a client roams between AP...

Page 44: ...3e 525C 3 Wireless Access Point Chapter 3 Access Point Configuration 36 29000171 001 A If you will be using MAC Address filtering navigate next to the MAC Address Filtering screen ...

Page 45: ...sed to terminate the VLAN traffic Data originating from or targeting to a wireless network cli ent is tagged with the VLAN ID corresponding to an SSID it is associated with Data generated by an Access Point itself is tagged with the manage ment VLAN ID To create a new VLAN enter a VLAN ID range from 1 to 4094 and an SSID Set the security to None Static WEP or IEEE 802 11i and WPA After you create ...

Page 46: ...ped with the authorized MAC addresses will be able to communicate with the access point In this case input the MAC addresses of all the PC cards that will be authorized to access this access point The MAC ad dress is engraved or written on the PC PCMCIA Card If Filtering is enabled and Filter Type is Allow All Except Those Listed Below those devices with a MAC address which has been entered in the...

Page 47: ...s for notification of any rogue or non trusted APs The MAC Address for the 3e 525C 3 is located on the System Configuration General screen You can also select the follow ing filter options SSID FIlter Check the SSID option to only send rogue APs that match the AP s SSID or wireless bridge s SSID Channel Filter Check the channel filter option to only send rogue APs that match the AP s channel or th...

Page 48: ... between APs If two APs with similar settings are in a conference room depending on the location of the APs all wire less clients could potentially associate with the same AP leaving the other AP unused Load balancing attempts to evenly distribute the wireless clients on both APs Layer 2 isolation prevents wireless clients that associate with the same AP from communicating with each other Once you...

Page 49: ...tation by the SNMP Manager which usually resides on a network administra tor s computer The SNMP Manager function interacts with the SNMP Agent to execute applications to control and manage object variables interface features and devices in the gateway Common forms of managed infor mation include number of packets received on an interface port status dropped packets and so forth SNMP is a simple r...

Page 50: ...ite and Trap is simply the SNMP terminology for password for those functions Source The IP address or name where the information is ob tained Access Control Defines the level of management interaction per mitted If using SNMPv3 enter a username minimum of eight characters authentication type with key and data encryption type with a key This configuration information will also need to be entered in...

Page 51: ... Users The Admin User Management List All Users screen lists the Crypto Officer and administrator accounts configured for the unit You can edit or delete users from this screen If you click on Edit the Admin User Management Edit User screen appears On this screen you can edit the user ID password role and note fields ...

Page 52: ...Access Point Chapter 3 Access Point Configuration 44 29000171 001 A Add New User The Admin User Management Add New User screen allows you to add new Administrators and CryptoOfficers assigning and confirming the password ...

Page 53: ...riety of lists and status reports Most of these are self explanatory System Status The Monitoring Report System Status screen displays the status of the 3e 525C 3 device the network interface and the routing table There are some pop up informational menus that give detailed infor mation about CPU PCI Interrupts Process and Interfaces ...

Page 54: ...ter 3 Access Point Configuration 46 29000171 001 A Bridging Status The Monitoring Report Bridging Status screen displays the Eth ernet Port STP status Ethernet DSL Port STP status Wireless Port STP status and Wireless Bridging information ...

Page 55: ...ing tree network topology of both wired and wireless nodes connected to the network The root STP node is always on top and the nodes of the hierarchy are displayed below it Wired links are double dotted lines and wireless links are single dotted lines This map does not update dynamically You must press the Update button to refresh the map ...

Page 56: ...t AP List The Monitoring Report Adjacent AP List screen shows all the APs on the network If you select the check box next to any AP shown the AP will thereafter be accepted by the 3e 525C 3 as a trusted AP These APs are detected by the AP s wireless card and the wireless bridge s wireless card The list of APs are only within the band that can be seen from a particular channel For example if the AP...

Page 57: ...tion and click Remove to confirm the action Logs There are two logs available for viewing and exporting System Log The Logs System Log screen displays system facility messages with date and time stamp These are messages documenting functions performed internal to the system based on the system s functionality Generally the Administrator would only use this information if trained as or working with...

Page 58: ...e stamp for any actions involving web access For example this log re cords when you set encryption mode change operating mode etc using the web browser It establishes a running record regarding what actions were performed and by whom The Web access log will continue to accumulate listings If you wish you can export the log and save it as a file on your PC Click on Export ...

Page 59: ...lso a configuration file transfer option which allows the system configuration file from one AP to be transferred to another AP in order to minimize the administration of the APs Only configuration parameters that can be shared between APs are downloaded in the con figuration file WAN IP address and hostname are not transferred in the configuration file Click on the Local Configuration Upgrade and...

Page 60: ...passphrase for that file The passphrase protects the file from unauthorized users It prevents unauthorized users from applying the system configuration file to an unauthorized AP to gain access to the network Before downloading the system configuration file to a local com puter the user must enter a passphrase to protect the file Before the sys tem configuration file can be uploaded onto another A...

Page 61: ...nfiguration file to other APs Once the file is transferred the remote AP will be rebooted Once the remote units are rebooted the site map can be updated and the File Tag will show the status of the units If the tag matches the local tag the unit was updated successfully The random configuration file is used to update the bridging SSID and bridging encryption on other devices using the existing bri...

Page 62: ...lied the unit will reboot and start using the new configuration file The automatic IP address configuration feature can be used to assign a remote device an IP address This feature minimizes the effort to con figure IP addresses in a wireless network The IP addresses are assigned on the private class A IP address range 10 0 0 0 By default this feature is enabled so if you want to assign your own I...

Page 63: ...es There is a small chance for duplicate MACs However if a duplicate IP address is detected the bridge site map will show this device with a red IP address The distributed default gateway is the first IP address in the valid range For example for 10 128 0 0 the default gateway is 10 128 0 1 The distributed netmask is 255 0 0 0 Factory Default The System Administration Factory Default screen is use...

Page 64: ...f you enable Remote Logging input a System Log Server IP Address and Sys tem Log Server Port Click Apply to accept these values Reboot The System Administration Reboot screen allows you to reboot the 3e 525C 3 without changing any preset functionality Both Crypto Of ficer and Administrator functions have access to this function You can also reboot the 3e 525C 3 by pressing and holding the reset bu...

Page 65: ...29000171 001 A 57 Utilities The System Administration Utilities screen gives you ready access to two useful utilities Ping and Traceroute Simply enter the IP Address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button as appropriate ...

Page 66: ...3e 525C 3 Wireless Access Point Chapter 3 Access Point Configuration 58 29000171 001 A This page intentionally left blank ...

Page 67: ...ce s desktop type arp d and hit return This reconfigures the MAC address in the wireless device s PC card so that it is now visible to the gateway Chapter 4 Gateway Configuration Introduction Chapter 3 covered the default configuration of the 3e 525C 3 Wireless Access Point as an access point for use as part of a host wired network This chapter covers configuration as a gateway If additional secur...

Page 68: ...3e 525C 3 Wireless Access Point Chapter 4 Gateway Configuration 60 29000171 001 A A comparison of gateway and access point setup for the 3e 525C 3 ...

Page 69: ... you can log on to the 3e 525C 3 in gateway mode Also note that if you change modes from AP to Gateway your con figuration is not lost However if you switch from FIPS 140 2 submode to non FIPS all previously entered information will be reset to factory settings You can then proceed to change the management screens as necessary to reconfigure the device as a gateway Configuration in gateway mode al...

Page 70: ... be obtained The WAN IP address is the Public IP address required to link the private WLAN users to the external network which is to be outside the protected wireless LAN Normally you will be provided with the IP address Subnet Mask Default Gateway and DNS to assign by the Net work Administrator for the Ethernet Network There are two ways to configure the WAN IP address 1 Obtain an IP address Auto...

Page 71: ... port The IP aliasing entries can be used by the virtual server to map a public IP address to a private IP address If the virtual server needs to map multiple public IP addresses to multiple private IP addresses the IP aliasing entries can be used to create additional public IP addresses These entries are always static entries and can not use DHCP ...

Page 72: ...Con figuration LAN This directs you to the System Configuration LAN screen This sets up the default numbers for the four octets for a possible pri vate LAN function for the access point You can also change the default subnet mask The Local LAN port provides DHCP server functionality to automatically assign an IP address to a computer Ethernet port ...

Page 73: ...encryption is set by the CryptoOfficer It is recommended that you set encryption as soon as possible Gateway mode has the same encryption options as the AP mode Firewall Content Filtering Click the entry on the left hand navigation panel for Firewall Con tent Filtering The Content Filtering screen allows the system adminis trator to identify particular hosts or IPs that will be blocked from access...

Page 74: ...rtain IPs on the Private LAN from ac cessing your Internet connection It restricts clients to those with a specific IP Address Port Filtering Click the entry on the left hand navigation panel for Firewall Port Filtering Port filtering permits you to configure the Gateway to block outbound traffic on specific ports It can be used to block the wireless network from using specific protocols on the ne...

Page 75: ...rt 23 FTP port 21 and Web server port 80 Client computers on the Private LAN can host these applications and allow users from the Internet to access these applications hosted on the virtual servers This is done by mapping virtual servers to private IP addresses according to the specific TCP port application As the planning table below shows we have identified a Telnet port 23 virtual server for pr...

Page 76: ...d to the wired network or Internet for unrestricted two way communication This configuration is typically used when a computer is operating a proprietary client software or 2 way communication such as video teleconferencing where multiple TCP port assignments are required for communication To assign a PC the DMZ host status fill in the Private IP address which is identified as the exposed host and...

Page 77: ...ay Configuration 29000171 001 A 69 Advanced Firewall As advanced firewall functions you can enable disable Block Ping to WAN Web based management from WAN port SNMP management from WAN port These options allow you more control over your environment ...

Page 78: ...3e 525C 3 Wireless Access Point Chapter 4 Gateway Configuration 70 29000171 001 A This page intentionally left blank ...

Page 79: ...dging of two Ethernet links Point to multipoint bridging of several Ethernet links Repeater mode The wireless bridging screens are the same whether you are in access point or gateway mode Bridging is a function that is set up in addition to basic access point or gateway setup If you will be using the 3e 525C 3 solely as a bridge some of the settings you may have selected for access point gateway u...

Page 80: ...ss bridging AWB with a maximum num ber of allowable bridges the default is 40 Auto forming Wireless Bridging When the wireless bridge is in auto forming mode the wireless bridge sniffs for beacons from other wireless bridges and identifies APs that match a policy such as SSID and channel Instead of simply adding the APs with the same SSID channel to the network a three way association handshake is...

Page 81: ...allowed Bridge Priority 1 40 Determines the root leaf STP node The lowest bridge priority in the net work will become the STP root Signal Strength Threshold 27 21 15 9 Prevents the node under the thresh old from associating and joining the network Broadcast SSID Diable Enable When disabled the AP hides the SSID in outgoing beacon frames and sta tions cannot obtain the SSID through passive scanning...

Page 82: ...rength LED MAC Not Assigned Allows you to set the number of one of the Remote APs which will be listed at the bottom of the screen once the system is operational This wireless bridge be comes the guiding port that is displayed in the WLANNSS LED on the front of the 3e 525C 3 as a signal Spanning Tree Protocol STP Enable Disable Enable STP is there is any possiblity that a bridging loop could occur...

Page 83: ...Information If you select Enable refesh you can set the bridge refresh interval from 5 seconds to 30 minutes Refreshing the screen allows you to see the effect of aiming the antenna to improve signal strength Wireless Bridge Radio The Wireless Bridge Radio screen contains wireless bridging information including the channel number Tx rate Tx power spanning tree protocol 802 1d enable disable and re...

Page 84: ... optimal rate for the chan nel If a fixed rate is used the card will only transmit at that rate 802 11a Turbo AUTO The card attempts to select the opti mal rate for the channel Channel No 802 11b g Mixed 1 2 412 GHz 2 2 417 GHz 3 2 422 GHz 4 2 427 GHz 5 2 432 GHz 6 2 437 GHz 7 2 442 GHz 8 2 447 GHz 9 2 452 GHz 10 2 457 GHz 11 2 462 GHz Sets the channel frequency for the wireless bridge 802 11g Sup...

Page 85: ...wireless bridge when the Tx Pwr Mode is off Fixed Pwr Level 1 2 3 4 5 Select a range when Rx Pwr Mode is set to FIXED Level 1 is the shortest distance Level 1 7dBm and Level 5 is the longest Level 5 15dBm Propagation Distance 5 Miles 5 10 Miles 11 15 Miles 16 20 Miles 21 25 Miles 26 30 Miles 30 Miles Set the distance based on the distance between this bridge and furthest bridge that is connected t...

Page 86: ...ncryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur On this screen you can select None or AES CCM If you select AES CCM enter a 128 bit key as 32 hexadecimal digits or use the Key Generator button to automatically generate a randomized key of the appropriate length This key is initially shown in plain text...

Page 87: ...reless Bridge MAC Address Filtering screen functions just like the AP MAC Address Filter see page 38 but it is only used in auto bridging mode and only controls access to the wireless bridge network The following sections describe the setup for three types of bridging configuration point to point point to multipoint or lastly repeater ...

Page 88: ...idging there can be a separate WLAN on the AP WLAN card with no loss efficiency as long as you set the channel numbers so there s no conflict or noise with the channel as signed to the bridge Spanning Tree Protocol may be set to Enable if there is any possibility of a bridging loop or to Disable which is more efficient if there s no possibility of a bridging loop Each bridge must contain the other...

Page 89: ... Must be the same key as Bridge 1 Point to Point Bridging Setup Guide Auto Mode Direction Bridge 1 Bridge 2 Wireless Bridge Genral Auto Bridging Mode Bridging Mode Auto bridging selected Auto bridging selected SSID Must be the same as Bridge 2 Must be the same as Bridge 1 Max Auto Bridges 40 range 1 40 40 range 1 40 Bridge Priority 40 range 1 40 40 range 1 40 Signal Strength Threshold 9 9 Broadcas...

Page 90: ... Next select the Channel Number The Channel Number must be set to the same frequency in order for each bridge to communicate TX Pwr Mode can be left on Auto unless the power needs to be regulated Select the Propagation Distance which is based on the distance be tween a bridge and the furthest bridge that is connected to it Set the RTS Threshold which is the number of bytes used for the RTS CTS han...

Page 91: ...rom this screen you can also choose to delete a remote AP s MAC ad dress Click Apply to accept your changes If you choose Auto Bridging mode then you will need to enter the follwoing information Enter the SSID This can be any set of letters and numbers assigned by the network administrator This nomenclature has to be set on the wireless bridge and each wireless device in order for them to communi ...

Page 92: ...ss bridge will be indicated on the Signal Strength LED located on the front of the case Next navigate to the Wireless Bridge Encryption screen Select the appropriate key type and length and the key value The encryption key value and type for Bridge 1 must be the same as for Bridge 2 For wireless bridging only None and Static AES CCM are available for en cryption ...

Page 93: ...t have the same channel number Span ning Tree Protocol will usually be set to Enable If configured as in the diagram following Bridge 1 must contain all of the others BSSIDs while Bridge 2 n must only contain Bridge 1 s BSSID The BSSID of each is equivalent to the MAC address found on the Wireless Bridge Radio page Enter only hexadecimal numbers Data entry is not case sensitive Finally the wireles...

Page 94: ...gth and value Must be the same key as Bridge 1 Point to Multipoint Bridging Setup Guide Auto Mode Direction Bridge 1 Bridge 2 n Wireless Bridge General Auto Bridging Mode Bridging Mode Auto bridging selected Auto bridging selected SSID Must be the same as Bridge 2 n Must be the same as Bridge 1 Max Auto Bridges 40 range 1 40 40 range 1 40 Bridge Priority 40 range 1 40 40 range 1 40 Signal Strength...

Page 95: ...gnal Strength LED MAC Not Assigned select from drop down list Not Assigned select from drop down list Not Assigned select from drop down list Spanning Tree Protocol Enable or Disable if no bridging loop pos sible Enable or Disable if no bridging loop pos sible Enable or Disable if no bridging loop possible Wireless Bridge Radio Wireless Mode 802 11a 802 11a 802 11a Tx Rate AUTO AUTO AUTO Channel N...

Page 96: ...o Propagation Dis tance 5 Miles 5 Miles 5 Miles RTS Threshold 2346 2346 2346 Wireless Bridge Encyption Wireless Configu ration Bridging Encryption Select appropriate key type length and enter key value Must be the same as that on the other 2 Bridges Select appropriate key type length and enter key value Must be the same as that on the other 2 Bridges Select appropriate key type length and enter ke...

Page 97: ...eral Communications Commission s Rules and Regulations These limits are designed to pro vide reasonable protection against harmful interference when the equip ment is operated in a commercial environment This equipment gener ates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications...

Page 98: ...3e 525C 3 Wireless Access Point Chapter 6 Technical Support 90 29000171 001 A This page intentionally left blank ...

Page 99: ...ent from the controlling network Bridge A device that connects two local area networks LANs or two segments of the same LAN that use the same protocol such as Ethernet or Token Ring DHCP Short for Dynamic Host Configuration Protocol DHCP is a protocol for assigning dy namic IP addresses to devices on a network With dynamic addressing a device can have a different IP address every time it connects ...

Page 100: ...TKIP Temporal Key Integrity Protocol TKIP is a protocol used in WPA It scrambles the keys using a hashing algorithm and by adding an integrity checking feature ensures that the keys haven t been tampered with VPN Virtual Private Network A VPN uses encryption and other security mechanisms to ensure that only authorized us ers can access the network and that the data cannot be intercepted WLAN Wirel...