Motorola CB3000 - Client Bridge - Wireless Access Point, User Manual

Page 1: ...M CB3000 Client Bridge User s Guide ...

Page 2: ... reserved MOTOROLA and the Stylized M Logo are registered in the US Patent Trademark Office Symbol is a registered trademark of Symbol Technologies Inc All other product or service names are the property of their respective owners ...

Page 3: ...1 6 Chapter 2 Getting Started 2 1 Basic Requirements 2 1 2 2 Verifying the Package Contents 2 1 2 3 Observing Placement and Range Guidelines 2 2 2 4 Cabling the CB3000 2 2 2 5 Logging into the CB3000 2 4 2 5 1 Discovery Tool Login 2 4 2 5 2 Changing the IP address for a new Client Bridge 2 6 2 5 3 Web Interface Login 2 8 2 6 Viewing CB3000 Information 2 9 2 7 CB3000 Antenna Settings 2 10 Chapter 3...

Page 4: ... 4 2 5 Time Settings 4 14 Chapter 5 Administrative Options 5 1 Changing the Password 5 1 5 2 Rebooting or Restoring a Device 5 2 5 2 1 Rebooting the Device 5 2 5 2 2 Restoring the Device 5 3 5 3 Importing or Exporting the Configuration File 5 5 5 3 1 Using FTP 5 5 5 3 2 Using HTTP 5 7 5 4 Loading Firmware 5 10 5 5 Logging Settings 5 12 5 6 Troubleshooting Options 5 14 Appendix A CB3000 Technical S...

Page 5: ...specific items in the general text and to identify chapters and sections in this and related documents Bullets indicate action items lists of alternatives lists of required steps that are not necessarily sequential Sequential lists those describing step by step procedures appear as numbered lists NOTE Indicates tips or special requirements CAUTION Indicates conditions that can cause equipment dama...

Page 6: ...formation If the problem cannot be solved over the phone you may need to return your equipment for servicing If that is necessary you will be given specific directions NOTE Motorola is not responsible for any damages incurred during shipment if the approved shipping container is not used Shipping the units improperly can possibly void the warranty If the original shipping container was not kept co...

Page 7: ...Ethernet connectivity The CB3000 has an on board TCP IP stack to provide a reliable transport mechanism The CB3000 bridge can initiate a permanent client connection to your server or accept datagrams from multiple sources Use the CB3000 Client Bridge to network devices that do not have a PC Card slot or PCI card slot printers scanners Internet appliances etc Up to 16 devices can be networked simul...

Page 8: ...ess point when operating in Infrastructure mode For more information on CB3000 Client Bridge Infrastructure mode operation see Infrastructure Mode on page 1 3 1 1 2 Feature Summary The CB3000 Client Bridge Client Bridge has the following feature set Device driver free installation Multi functional status LEDs Updatable device firmware IEEE 802 11a b g device interoperability Automatic rate selecti...

Page 9: ...Peer Mode 1 2 1 1 Infrastructure Mode In infrastructure mode the CB3000 Client Bridge connects to a LAN through a wireless access point Ethernet client devices such as PCs printers POS devices and other Ethernet capable devices connect to the CB3000 Client Bridge either directly or through a hub or switch The CB3000 Client Bridge associates with a nearby access point which sees the CB3000 Client B...

Page 10: ...eamble settings and security settings are required to be the same for the units to communicate Figure 1 3 Ad hoc Mode 1 2 2 Media Access Control MAC Layer Bridging Like other Ethernet devices the CB3000 Client Bridge has a hardware factory encoded address called a MAC address The address consists of a 48 bit number written as six hexadecimal bytes separated by colons The CB3000 Client Bridge maint...

Page 11: ...mitted over a medium and successfully de modulated at the receiving end The 802 11b standard uses Direct Sequence Spread System DSSS while 802 11a g uses Orthogonal Frequency Division Multiplexing OFDM to accommodate higher data rates on any medium 1 2 5 Web Management Support The Motorola CB3000 Client Bridge contains a built in browser interface that enables you to configure and manage the devic...

Page 12: ...es support for the following wireless security protocols WEP Security WPA1 Security with TKIP algorithm WPA2 Security with TKIP CCMP AES algorithms Secure 802 1x Security with MD5 MSCHAPV2 PEAP TLS TTLS EAP types For more information on these security types refer Appendix D Wireless Security Basics ...

Page 13: ...device configuration The PC must have an RJ 45 Ethernet port and a CDROM drive The PC must be running the following Windows 2000 or XP operating system Microsoft Internet Explorer 5 0 or later or Netscape Navigator 6 0 or later An access point for infrastructure mode operation or a networked client for Ad hoc peer to peer mode operation 2 2 Verifying the Package Contents Before installing the CB30...

Page 14: ...ld not be near other equipment transformers fluorescent lights etc that could interfere with the CB3000 s radio transmissions The site should be within 330 ft for 802 11a and 250 ft for 802 11g of the LAN or wireless access point connected to the CB3000 2 4 Cabling the CB3000 To cable the CB3000 follow these steps 1 Screw the antenna clockwise onto the antenna connector on the rear of the CB3000 a...

Page 15: ...built in power converter automatically selects and adjusts the power for the appropriate voltage 6 Verify the installation by checking the status of the LEDs on the front of the CB3000 Figure 2 2 Front of the CB3000 Table 2 1 describes the CB3000 LED indicators If the CB3000 s LED functionality has been verified log into the CB3000 console to begin basic device configuration see Logging into the C...

Page 16: ...iscovered it is listed within the Discovery Tool interface By selecting a discovered unit within the Discovery Tool you can log into its console Table 2 1 CB3000 LEDs LED Label Activity Description Power LEDs Status OFF Power OFF Error Orange ON Hardware error Status Green ON Power ON Device ready Status Green Blinking Booting system self test or firmware upgrade Radio LEDs 802 11a 802 11b g OFF C...

Page 17: ...s of the CB3000 you wish to log into 4 A Security Alert dialog box displays Click Yes to proceed Figure 2 4 Security Alert Dialog Box 5 A CB3000 Login dialog box displays Enter a username and password to log onto the CB3000 console The default username and password are admin and symbol respectively NOTE If the subnet of the PC where the tool is run is different from the current ip address of the C...

Page 18: ...r data received and transmitted through the CB3000 2 5 2 Changing the IP address for a new Client Bridge The CB3000 is factory configured with DHCP enabled and ready to associate with a wireless network using an ESSID of 101 When the device is booted up it tries to associate to a network with ESSID 101 and obtain its IP address from the DHCP server If the device is unable to obtain and IP address ...

Page 19: ...an choose to select the network adapter to connect to To do so select the appropriate network adapter from the Network adapter drop down list box 5 Click the OK button to save the changes and close the dialog box You are prompted for the password for the admin account for the CB3000 Figure 2 8 Confirm IP Change by providing password here 6 The information is saved to the CB3000 The Discovery Tool ...

Page 20: ...sing an IP address 1 The CB3000 console is accessible via a Web browser using HTTP over SSL secure socket layer protocol Simply this means you need to add an s in the intro of the URL For example https Enter the IP address URL for the CB3000 within your Web browser The default CB3000 address is 10 10 1 1 2 A Security Alert dialog box displays click Yes to proceed Figure 2 10 Security Alert Dialog ...

Page 21: ...creen displays The Information screen includes four data fields Client Bridge Information Includes the factory settings such as device name MAC address firmware version radio version and country of origin for the device Ethernet Settings Includes IP address information for the Ethernet port and ultimately the IP address of the device Also whether the device is assigned an IP through DHCP or a stat...

Page 22: ...end to use a different model antenna that antenna needs to be selected from the Antenna Settings screen in order to adjust the transmit power accordingly To select an antenna for use with the CB3000 1 Select Settings Wireless Settings Antenna Settings from the CB3000 menu tree The Antenna Settings screen displays 2 Select an antenna from the Antenna Selection drop down menu To use an antenna not l...

Page 23: ...ts Other the text entry field is blank and the user must enter a gain value The gain is a positive value with no more than 1 decimal place 4 Refer to the Additional System Loss parameter If the user selects any antenna except Other the loss value cannot be modified If the user selects Other then the text entry field is blank and the user must enter a loss value 5 Click Apply to save the settings T...

Page 24: ...2 12 CB3000 Client Bridge User s Guide ...

Page 25: ...tworks and then configure different aspects of a wireless LAN Available Networks Network Configurations Security Encryption Configurations Client Management 3 1 1 Available Networks A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionality of a wired LAN A CB3000 can locate WLANs within its radio coverage area and connect to them A WLAN does not req...

Page 26: ...eer Indicates ad hoc mode To change the network mode see Network Configurations on page 3 3 SSID The Service Set Identifier SSID of the access point or peer device The name is case sensitive and cannot exceed 32 characters MAC Address The MAC address for the access point or peer A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons it cannot be modified RSSI The Rel...

Page 27: ...000 default mode To configure the CB3000 Client Bridge within an infrastructure network follow these steps 1 Select Settings Wireless Settings WLAN Settings from the CB3000 menu tree The WLAN Settings screen displays 2 For the Network Mode field select Infrastructure AP The Infrastructure Configuration screen displays Channel The direct sequence channel that the access point or peer is currently u...

Page 28: ...o connect to 4 Select the Frequency Band Options include a b g a or b g Ensure the frequency band selected is consistent with the WLAN network By restricting the Frequency Band on the CB3000 you can reduce the time the CB3000 takes to search for available APs 5 Click the View Available Networks link to view the Available Networks screen Use this screen to view a list of available ESSIDs networks a...

Page 29: ...g your CB3000 illegally To configure the CB3000 for AD Hoc operation 1 Select Settings Wireless Settings WLAN Settings from the CB3000 menu tree 2 For the Network Mode field select Ad hoc Peer to Peer The Ad Hoc Configuration screen displays 3 Configure the remainder of the fields as appropriate per the following descriptions IBSSID Wireless LAN Service Area Select from one of the following radio ...

Page 30: ...et data rates for the ad hoc configured CB3000 click the Data Rate button The Set Data Rates screen displays NOTE The CB3000 must already be configured to run in ad hoc mode in order to set data rates If the unit is configured for infrastructure mode the Data Rate button is disabled NOTE To change the mode in which the CB3000 Client Bridge runs select the appropriate mode from the Network Mode dro...

Page 31: ...be maintained 5 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes To configure the CB3000 into an Infrastructure network instead see Configuring Infrastructure Settings on page 3 3 NOTE Select supported rates in respect to the data rates supported by the peer devices within the ad hoc network For example if several of the peers within the network a...

Page 32: ...non secure connection security is available among the CB3000 security options To set CB3000 security to Open no data protection 1 Select Settings Wireless Settings Security from the CB3000 menu tree The Security screen is displayed 2 Select Open from the Security Mode drop down menu 3 Click Apply to save and apply the setting 3 1 3 2 Configuring WEP Security Settings WEP is an encryption security ...

Page 33: ... device are required to use the same key 1 through 4 to interoperate A shared key increases the level of security within the network as opposed sending information without one Default Transmit Key Specify which one key is used to transmit WEP algorithm information between the CB3000 and its connected device WEP Encryption Select a WEP encryption model 64 bits Encrypts using a 40 bit key The keys a...

Page 34: ...WEP keys using MD5 algorithms The WEP keys display as alphanumeric text in the key fields until saved or the user navigates away from the WEP screen Like a passphrase the PassKey provides an easy to remember way of entering WEP key data without having to manually enter the keys each time WEP keys are created Generic PassPhrase A passphrase used as a standard means of creating WEP keys between the ...

Page 35: ... the CB3000 menu tree 2 Select WPA1 from the Security Mode drop down menu Figure 3 5 WPA1 Configuration 3 Select a WPA1 Type of either WPA1 Personal or WPA1 Enterprise NOTE Only Open and WPA security settings are available for the Ad hoc Peer to Peer network mode Infrastructure AP network mode supports all the different security settings WPA1 Personal In this mode a pre shared key password is used...

Page 36: ... type provides a wide range of Extensible Authentication Protocol EAP types to ensure secure WLAN connections WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each p...

Page 37: ...ecurity is not compromised See Figure 3 7 for WPA1 Enterprise EAP TLS security fields WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created...

Page 38: ...e WPA1 User Certificate The user certificate can be uploaded to the device by Pasting the certificate in the Paste User Certificate text area To upload the certificate click the Apply button located at the bottom of the screen By providing the path to the file containing the WPA1 User Certificate in the Import text box Use the Browse button to display the Open File dialog from where the file can b...

Page 39: ...basic authentication protocol that transmits unencrypted ASCII passwords over the network MD5 Message Digest algorithm 5 MD5 is a cryptographic hash algorithm that uses a 128 bit hash value GTC Generic Token Card GTC is a protocol that enables the exchange of clear text authentication credentials across a network This protocol uses one time password and therefore is not vulnerable to replay attack...

Page 40: ...te WPA1 Root Certificate Import The WPA1 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from ...

Page 41: ...alidate the Server Certificate WPA1 Algorithm WPA1 uses TKIP algorithm TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created by mixing together a combination of things including a...

Page 42: ...Configuration 3 Select a WPA2 Type of either WPA2 Personal or WPA2 Enterprise menu WPA1 Root Certificate WPA1 Root Certificate Import The WPA1 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing ...

Page 43: ...ansmitting station and the serial number for the packet This mixing operation is designed to put a minimum demand on the CB3000 and its supported clients but enough cryptographic strength so it cannot easily be broken CCMP AES Utilizes an Advanced Encryption Standard AES 128 bit key algorithm with a 48 bit initialization vector IV for replay detection The Counter Mode CM component of CCMP is the a...

Page 44: ...anges the key used for each packet The key is created by mixing together a combination of things including a base key called a Pairwise Transient Key the MAC address of the transmitting station and the serial number for the packet CCMP AES Utilizes an Advanced Encryption Standard AES 128 bit key algorithm with a 48 bit initialization vector IV for replay detection The Counter Mode CM component of ...

Page 45: ...rise type provides enterprise class security to the devices connected to the CB3000 WPA2 Enterprise type provides a wide range of EAP types to ensure secure WLAN connections Figure 3 12 WPA2 Type Screen Enterprise Configure the WPA2 Enterprise type fields as per the following description ...

Page 46: ...Message Authentication Code CBC MAC component of CCMP provides data integrity and authentication Both Select this option to enable CB3000 to support devices that use both TKIP and CCMP algorithms Use this option when the number of devices is large WPA2 User ID The User ID for authentication WPA2 Key Password The key password WPA2 TLS Key WPA2 TLS Key Import The WPA2 TLS Key The key can be uploaded...

Page 47: ...e WPA2 Root Certificate Import The WPA2 Root Certificate The Root Certificate can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from w...

Page 48: ...PEAP to provide server authentication WPA2 Algorithm Select the WPA2 algorithm to use TKIP Defines a wrapper that goes around an existing WEP encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP However the key used for encryption in TKIP is 128 bits long TKIP changes the key used for each packet The key is created by mixing together a combination of thi...

Page 49: ...te can be uploaded to the device by Pasting the certificate in the Paste Root Certificate text area To upload the certificate click the Apply button at the bottom of the screen By providing the path to the file containing the certificate in the Import text box Use the Browse button to display the Open File dialog box from where the file can be selected To upload the file containing the certificate...

Page 50: ... data integrity and authentication Both Select this option to enable CB3000 to support devices that use both TKIP and CCMP algorithms Use this option when the number of devices is large WPA2 User ID The User ID for authentication WPA2 Password The WPA2 user password Clean User ID and Password Check to prevent the CB3000 from saving the WPA user name and its password in its cache WPA2 Root Certific...

Page 51: ...ion on configuring 802 1x see Appendix D Secure 802 1x Security For more details on encryption types pros and cons of different encryption types and required configuration parameters see the Wi Fi Alliance Web site at http www wifialliance org OpenSection index asp To configure Secure 802 1x security settings 1 Select Settings Wireless Settings Security from the CB3000 menu tree 2 Select Secure 80...

Page 52: ...an extensible set of user authentication methods 4 Use the Default Transmit Key checkboxes to specify which one key is used to transmit WEP algorithm information between the CB3000 and its connected device 5 Select either 64 bits or 128 bits from the WEP Encryption drop down menu For WEP 64 40 bit key the keys are 10 hexadecimal characters in length For WEP 128 104 bit key the keys are 26 hexadeci...

Page 53: ...evices without Symbol adapters need to use WEP keys manually configured as hexadecimal numbers 8 Enter the User ID and Password to verify your user credentials against the user and password credentials used by the authentication server 9 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes Only for PEAP and TTLS EAP Types By default the User ID and Pa...

Page 54: ...is using a DHCP server to obtain an IP address Bootp for DHCP Discover Select from Broadcast or Unicast Default is Broadcast Use the Following IP Address Select this option if an IP address is entered manually static IP Address If no DHCP resources are available specify the static IP address of CB3000 This IP address is visible to the Internet Subnet Mask If no DHCP resources are available specify...

Page 55: ... This option is available when Auto Negotiate Auto Sense is Off Duplex Mode The connection type This option is available when Auto Negotiate Auto Sense is Off 3 Click Apply to apply and save the settings or Cancel to exit the screen without saving your changes ...

Page 56: ...ying client access to the CB3000 supported WLAN by way of exception By default all located clients have the ability to connect and interoperate with the CB3000 It is only when the client list exceeds 16 devices that clients require removal from the list The list can be refreshed periodically to remove devices that have lost their CB3000 To create a list of prioritized CB3000 client devices 1 Selec...

Page 57: ...in the CB3000 supported subnet Of these devices only one can be a point of sale POS device Once located and added to the client prioritization list clients can be moved off of the list in order to maintain the maximum of 16 devices Device MAC addresses are not visible on the network in this mode and are replaced by the CB3000 s MAC address 3 To add a client enter the client s MAC address in the MA...

Page 58: ...ient devices 1 Select Settings Wired Ethernet ACL from the CB3000 menu tree The Wired Ethernet ACL screen displays 2 To add a MAC address range enter the client MAC address range in the MAC Address field in both the start and stop MAC address fields Click Add The MAC address range is added to an Ethernet Access Control List 3 Delete the MAC address range from the Ethernet Access Control list to gr...

Page 59: ... can be used to assess the CB3000 s overall performance and whether an optimal data rate can be achieved and maintained in respect to the devices with which the CB3000 is interoperating Transmit and receive statistics can also be displayed for the CB3000 radio The wireless radio statistics information is useful in assessing the CB3000 s radio RF utilization and the level of RF interference current...

Page 60: ...ither gave up on or could not decrypt Table 4 1 Describes the Wireless Statistics Click Refresh to update to the latest statistics Table 4 1 Wireless Statistics Screen Details Statistic Description Information Panel Details Physical Address MAC address of the CB3000 housing the radio The MAC address is hard coded into the device at the factory and cannot be changed Current Channel Channel for comm...

Page 61: ...eceived packets Approximate RF Utilization Approximate RF utilization of the CB3000 radio This value is calculated as the throughput divided by average bit speed Non unicast pkts Percentage of total radio packets that are non unicast Non unicast packets include broadcast and multicast packets RF Status Panel Details Avg MU Signal Average RF signal strength in dBm for all devices interoperating wit...

Page 62: ...am for each of the client bridge radios The Packets Sent Histogram displays a percentage of the packets sent over the CB3000 radio at the data rate Mbps each was sent If the majority of the packets sent are at a slower data rate then the one configured for the CB3000 radio network problems are preventing the CB3000 from transmitting at an optimum speed and you need to troubleshoot the device 3 Cli...

Page 63: ...ebooted or the data collection statistics refreshed Table 4 2 describes Ethernet statistics Click Refresh to update to the latest statistics Table 4 2 Ethernet Statistics Screen Details Statistic Description Information Panel Details Physical Address The MAC address of the CB3000 The MAC address is hard coded into the device at the factory and cannot be changed Subnet Mask Subnet mask IP address f...

Page 64: ...ality of the current CB3000 network connection RX Dropped Number of data packets that fail to reach the CB3000 If this number appears excessive consider establishing a new connection to the client RX Overruns Buffer overruns to the CB3000 These occur when packets are received faster than the CB3000 can handle them If the number seems excessive consider reducing the data rate see Configuring Ad Hoc...

Page 65: ...Management Options 4 7 Figure 4 4 View Log Screen ...

Page 66: ...agement HTTP from the CB3000 menu tree Figure 4 5 HTTP HTTPS Configuration Settings The HTTP HTTPS Configuration Settings screen displays By default HTTPS is enabled 2 To change Web access to HTTP select the HTTP radio button Click Apply This enables HTTP access to the Client Bridge If you select HTTP the CB3000 is accessible through HTTPS as well If HTTPS is selected however access is only permit...

Page 67: ...possibly altering the SNMP agent s configuration or protocol entity implementation SNMP ACL Violation Trap generated whenever a SNMP client cannot access SNMP management functions or data due to an Access Control List ACL violation This can result from a missing incorrect IP address entered within the Ethernet Settings screen SNMP Authentication Failures Trap generated whenever a SNMP capable clie...

Page 68: ... save the setting Figure 4 6 SNMP Trap Selection 4 2 2 2 SNMP Access Use the CB3000 SNMP interface to restrict access using IP addresses Those who are allowed access to the CB3000 SNMP interface have access to read the SNMP generated information and if allowed modify related settings from an SNMP capable client To configure SNMP user access control for the CB3000 1 Select Management SNMP SNMP Acce...

Page 69: ... default is private 5 Enter Start IP and End IP addresses to specify a range of users that can access the CB3000 SNMP interface Use just the Start IP Address field to specify a single SNMP user To leave access unrestricted do not enter an IP address For additional access control an SNMP capable client can be set up whereby only the administrator can use a read write community definition 6 Click Ad...

Page 70: ... receives the traps SNMP Version Use the SNMP Version drop down menu to specify v1 or v2 Some SNMP clients support only SNMP v1 traps while others support SNMP v2 traps and possibly both verify the correct traps are in use with clients that support them 3 For each specified destination IP click Add to add the destination to the list of locations 4 Select the checkbox for the destination IP address...

Page 71: ...e relevant SNMP trap is set 3 Use the Minimum number of Packets required for a trap to fire text box to enter the minimum number of packets that are required for the SNMP traps to fire 4 Click Apply button to accept the changes to this screen Click Undo Changes to revert back to older values supplied for this screen 4 2 4 DHCP Server Settings A CB3000 in an Ad hoc network can serve as a DHCP serve...

Page 72: ... 255 0 Gateway IP address of the DHCP server First DNS A DNS server translates human readable addresses i e www motorola com into an IP address readable by a computer Second DNS Backup DNS server 4 Click Apply to save the settings or Cancel to exit the screen without saving your changes 4 2 5 Time Settings Time synchronization is recommended for the CB3000 s network operations Therefore setting th...

Page 73: ... entered within the Server Configuration fields Preferred time Server IP address and port of the primary NTP server The default port is 123 First Alternate time Server Optionally specify the IP address and port of an alternative NTP server to use for time synchronization if the primary NTP server goes down Second Alternate time Server Optionally specify the IP address and port of yet another NTP s...

Page 74: ...4 16 CB3000 Client Bridge User s Guide ...

Page 75: ...ing the Configuration File Loading Firmware Logging Settings Troubleshooting Options 5 1 Changing the Password Before setting CB3000 security options verify that an administrative password exists for the CB3000 that is different from the default password for the device that can be easily obtained To password protect and restrict CB3000 device access 1 Select Tools Change Password from the CB3000 m...

Page 76: ...actory state this is also a viable option Restoring the device wipes out all previously configured settings Motorola recommends saving a configuration file before restoring the device See Importing or Exporting the Configuration File on page 5 5 See the following for more information on rebooting or restoring the CB3000 Rebooting the Device Restoring the Device 5 2 1 Rebooting the Device To reboot...

Page 77: ...e 5 5 To restore the CB3000 to the out of box default configuration 1 Save the CB3000 s current configuration before updating the firmware After the firmware update the configuration file can be imported in order to restore the CB3000 to the configuration saved before the update See Importing or Exporting the Configuration File on page 5 5 for more information 2 Select Tools Reset Restore from the...

Page 78: ...ion is disrupted for a few moments while the CB3000 loads its default out of box configuration then restores the screen Once the default configuration is restored restore the last saved configuration or reconfigure the device NOTE Restoring the device is the same as the Reset to initial option available on the Troubleshooting screen ...

Page 79: ...iles not located with the CB3000 but on an accessible FTP server HTTP is useful to import export configuration files locally Refer to the following depending on your import export requirements Using FTP Using HTTP 5 3 1 Using FTP To import or export a CB3000 configuration file using an FTP server 1 Select Tools Configuration File Settings from the CB3000 menu tree The Config Import Export screen d...

Page 80: ...in to the FTP server Password Password associated with username allowing access to the FTP server for the operation Config File Types CB3000 Client Bridge allows export of device configuration information as binary or text file types Binary files are used when upgrading CB3000 Client Bridge device firmware from version 1 0 to version 1 1 Text files are human readable and are a important while trou...

Page 81: ...orting or exporting a configuration file If importing follow these steps Click Browse to define a location on the system for the imported configuration file Click the Apply Uploaded File button to apply the configuration If successful the following message displays Configuration file has successfully updated Rebooting Please wait If exporting follow these steps Click the Generate File button to ge...

Page 82: ... As the file does not have an extension the Open With pop up window opens Figure 5 7 Open With Dialog Box In the Open With pop up window select Internet Explorer and click OK to open the configfile with Internet Explorer Use Internet Explorer s File Save As dialog box to save the configfile as a text file ...

Page 83: ...Administrative Options 5 9 Figure 5 8 Save File As Dialog Box From the Save as Type drop down select Text File txt Click Save to save the file ...

Page 84: ...ality To conduct a CB3000 firmware update 1 Save the CB3000 current configuration before updating the firmware After the update the configuration file can be imported to restore the CB3000 to the settings before the update See Importing or Exporting the Configuration File on page 5 5 for more information 2 Select Tools Load Firmware from the CB3000 menu tree The Load Firmware screen displays Figur...

Page 85: ...ther the FTP or TFTP server radio button as required to define whether the firmware file resides on a FTP or TFTP server d Set the following parameters IP Address IP address for the FTP or TFTP server Username for FTP server only Username to log into the server Password for FTP server only Password associated with the username e Continue with step 7 6 If loading the firmware file from a locally st...

Page 86: ...able 1 Alert Action on these types of events must be taken immediately 2 Critical States a critical condition 3 Errors Describes an error 4 Warning Action should be taken as soon as possible 5 Notice A normal but important event 6 Info Nothing to do since information only 7 Debugging purposes only saved locally Select this radio button to save the log file to the host to which the CB3000 is physic...

Page 87: ...n for the log file Your Outgoing Mail Server Enter the IP address of the outgoing mail server required to route the log file to the destination email address 3 Click Apply to save any changes 4 Click Undo Changes to undo any changes made Configurations revert to the last saved configuration ...

Page 88: ... site Go to http support symbol com support product softwaredownloads do to compare the versions To update the firmware see Loading Firmware on page 5 10 The MAC Address and Serial Number are hardcoded to the CB3000 during the manufacturing and are located on the bottom of the CB3000 Keep the MAC address and the serial number readily available since these addresses are required when contacting Sym...

Page 89: ...the host s IP address To conduct an ICMP ping test with the CB3000 s host a Enter the IP address of the host b Specify the length of each data packet transmitted to the target device during the test This increment is defined in bytes If you don t know enter a large arbitrary amount like 500 c Specify the number of ping packets to transmit d Click the Comm Connection Test button Results of the test...

Page 90: ...5 16 CB3000 Client Bridge User s Guide ...

Page 91: ...x IEEE802 3u HTTP Network Architectures Infrastructure Access Points Ad Hoc Peer to Peer Operating Frequencies 802 11a 4 9 5 9 GHz 802 11b g 2 4 2 5 GHz LAN Ethernet Connection One 10 100 Base T Ethernet Frame Ethernet_II and IEEE 802 3 Data Rate IEEE 802 11a 54 48 36 24 18 12 9 6 Mbps IEEE 802 11b 11 5 5 2 1 Mbps IEEE 802 11g 54 48 36 24 18 12 9 6 Mbps Modulation IEEE 802 11a Orthogonal Frequency...

Page 92: ...us Storage Temperature 20 70 Celsius Operating Humidity 10 90 relative humidity non condensing Storage Humidity 5 85 relative humidity non condensing Power Supply Switching DC 12V 1A Other Features Supports SNMP MIBs Simple network management protocol Features Embedded HTTP Web management server in each access point works with any web browser that supports HTML and Javascript ...

Page 93: ...ork interface sub layers This is an updated version of the MIB II Table 1 3 6 1 2 1 2 2 1 1 IP FORWARD MIB Module for managing CIDR multipath routes 1 3 6 1 2 1 4 24 IP MIB MIB for managing IP and ICMP implementations excludingthemanagementof IP routes 1 3 6 1 2 1 4 IP 1 3 1 6 2 1 5 ICMP 1 3 1 6 2 1 48 XXX DOT11EXT2 MIB Vendor specific extensions to the standard 802 11 MIB for additional station m...

Page 94: ...B 2 CB3000 Client Bridge User s Guide ...

Page 95: ...t forth in support agreements If you purchased your Enterprise Mobility business product from a Motorola business partner contact that business partner for support Customer Support Web Site Motorola s Support Central Web site located at http support symbol com support provides information and online assistance including developer tools software downloads product manuals and online repair requests ...

Page 96: ...C 2 CB3000 Client Bridge User s Guide ...

Page 97: ...Wireless Security Basics CB3000 Client Bridge provides support for the following wireless security protocols WEP Security WPA1 TKIP Security WPA2 CCMP Security Secure 802 1x Security ...

Page 98: ...r decryption function is performed The device takes plain text encrypts or scrambles the text typically by mathematically combining the key with the plain text as instructed by the algorithm then transmits the data over the network At the receiving end another device takes the encrypted text and decrypts or unscrambles the text revealing the original message An unauthorized user can know the algor...

Page 99: ...rotocol TKIP TKIP addresses WEP s weaknesses with a re keying mechanism a per packet mixing function a message integrity check and an extended initialization vector with sequencing rules WPA also provides strong user authentication based on 802 1x EAP Two requirements strong encryption to prevent eavesdropping and mutual authentication to ensure that sensitive information is transmitted only over ...

Page 100: ...ablish TLS session and validate certificates on both client and server Two phases Establish TLS between client and TTLS server Exchange attribute value pairs between client and server Two parts Establish TLS between client and PEAP server Run EAP exchange over TLS tunnel Fast Session Reconnect No Yes Yes WEP Integration Server can supply WEP key with external protocol e g RADIUS extension PKI and ...

Page 101: ...y TLS a TLS is secure but the requirement for client certificates is too big a hurdle for most institutions to deal with b TTLS at least initially is much more widely implemented than PEAP and therefore has a slight convenience advantage over the comparable PEAP method c PEAP uses the TLS channel to protect a second EAP exchange PEAP is backed by Microsoft Table D 1 Detailed Comparison of TLS base...

Page 102: ...the 802 11i standard CCMP computes a Message Integrity Check MIC using the proven Cipher Block Message Authentication Code CBC MAC technique Changing just one bit in a message produces a totally different result WPA2 CCMP is based on the concept of a Robust Security Network RSN which defines a hierarchy of keys with a limited lifetime similar to TKIP Like TKIP the keys the administrator provides a...

Page 103: ...ted supplicant client device tries to connect with an authenticator in this case the CB3000 Client Bridge The CB3000 Client Bridge passes EAP packets from the client to an authentication server on the wired side of the CB3000 Client Bridge All other packet types are blocked until the authentication server typically a RADIUS server verifies the MU s identity Using Secure 802 1x a user requests devi...

Page 104: ...D 8 CB3000 Client Bridge User s Guide ...

Page 105: ......

Page 106: ...MOTOROLA INC 1303 E ALGONQUIN ROAD SCHAUMBURG IL 60196 http www motorola com 72E 122702 01 Revision A August 2009 ...