December 20, 2004 SCP-LPS20x-011-012-01H In North America, you would create the following installation (Figure 18). cell 1 channel = 1 cell 2 channel = 6 cell 3 channel = 11 06-LPS20xR1 Figure 18. North America Installation Transmission delays are reduced by using different operating frequencies. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 However, it is possible to stagger your cells to reduce overlap and increase channel separation (Figure 19). 100m 300 feet cell 1 channel = 1 100m 300 feet cell 2 channel = 6 100m 300 feet cell 3 channel = 11 cell 4 channel = 1 07-LPS20xR1 Figure 19. Stagger Cells Figure 19 uses only three frequencies across multiple cells (North America). 76 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H This stategy can be expanded to cover an even larger area using three channels (Figure 20). cell 1 channel = 1 cell 2 channel = 6 cell 3 channel = 11 cell 4 channel = 1 cell 5 channel = 11 cell 6 channel = 1 cell 7 channel = 6 cell 8 channel = 11 08-LPS20xR1 Figure 20. Expanded Coverage using Three Channels The areas in gray indicate where two cells overlap that are using the same frequency. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 DISTANCE BETWEEN ACCESS POINTS In environments where the number of wireless frequencies are limited, it can be beneficial to adjust the receiver sensitivity of the LPS-20x. To make the adjustment, open the Wi-Fi page on the Wireless menu. For most installations, the Large setting should be used.
December 20, 2004 SCP-LPS20x-011-012-01H CONFIGURING THE CONNECTION TO THE ACCESS CONTROLLER The LPS-20x uses the services of an access controller to manage access to the public access network. Unlike a traditional bridge which automatically forwards all traffic between ports, the LPS-20x features an intelligent bridge which can apply filters to maintain the security of the network. When the security filters are active, the LPS-20x only allows traffic to flow between itself and the access controller.
SCP-LPS20x-011-012-01H December 20, 2004 INTELLIGENT BRIDGE The intelligent bridge uses filters to only allow traffic to flow between itself and an access controller. Traffic is filtered as it is received by the upstream, downstream, or wireless ports. Each port has its own specific set of filters. Filters apply only to data being received by the port (incoming traffic). Upstream Port Filter (incoming traffic) Accepted • Any traffic from the access controller.
December 20, 2004 SCP-LPS20x-011-012-01H NETWORK PORT CONFIGURATION The LPS-20x has three communication ports: upstream, downstream and wireless: • Upstream - Used to connect the LPS-20x to the downstream port on another LPS-20x, to an access controller, or to a wired LAN. • Downstream - Used to connect the LPS-20x to the upstream port on another LPS-20x or to a wired network. • Wireless - Used to connect with wireless client stations. All three ports are bridged and share the same IP address.
SCP-LPS20x-011-012-01H December 20, 2004 3. Select DHCP Client and click the Configure button. 4. Set optional AP ID. 5. Click Save when you are done. ASSIGN IP ADDRESS VIA PARAMETERS DHCP client Dynamic host configuration protocol. Your ISP’s DHCP server will automatically assign an address to the LPS-20x which functions as a DHCP client. Static This option enables you to manually assign an IP address to the LPS-20x. VLAN Defines the default VLAN.
December 20, 2004 SCP-LPS20x-011-012-01H DOWNSTREAM PORT LINK SETTINGS Duplex • Auto: Allows the LPS-20x to automatically set duplex mode based on the type of equipment it is connected to • Full: Forces the port to operate in full duplex mode • Half: Forces the port to operate in half duplex mode SETTING PARAMETER DHCP Client ID Specify an ID to identify the LPS-20x to the DHCP server. This parameter is not required by all ISPs.
SCP-LPS20x-011-012-01H December 20, 2004 SETTING A STATIC IP ADDRESS To set a static IP address, do the following: 1. On the main menu, click Network. 2. Click Ports.The Network configuration page opens. 3. Select Static and click the Configure button. 84 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H 4. Set the IP address, mask and default gateway. IMPORTANT ! The default gateway must be set to the IP address of the access controller. 5. Click Save when you are done. SETTINGS PARAMETERS IP Address Specify the static IP address you want to assign to the port. Address Mask Select the appropriate mask for the IP address you specified. Default Gateway Identifies the IP address of the gateway the LPS-20x will forward all outbound traffic to.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURE ATM SETTINGS This option allows you to specify the VPI, VCI and encapsulation methods to use for the User and Management PVCs. The LPS-202 screens are shown for setting the ATM settings; however, the LPS-200 screens work the same way. 1. On the main menu, click Network. 2. Click Ports.The Network configuration page opens. 3. Click the ATM settings Configure button. 86 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H 4. Configure the ATM settings. 5. Click Save when you are done. USER PVC PARAMETERS The User PVC is the ATM PVC to use for all user (non-management) traffic. VPI The ATM VP Index to use as configured upstream or on the network. VCI The ATM VC Index to use as configured upstream. Encapulation The ATM Encapulation to use as configured upstream.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURE G.SHDSL SETTINGS (LPS-200 ONLY) 1. On the main menu, click Network. 2. Click Ports.The Network configuration page opens. 3. Click the G.SHDSL settings Configure button. 4. Configure the G.SHDSL settings. 5. Click Save when you are done. 88 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H G.SHDSL SETTING PARAMETERS Standard Annex You may provision which Annex mode the access point will operate in. By default, the access point is configured to support both A and B Annex standards and will automatically detect which standard is in use. Annex type must match the setting at the STU-C. Startup SNR Margin Specifies the downstream target SNP margin for a SHDSL line. The SNR Margin is the difference between the desired SNR and the actual SNR.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURE ADSL SETTINGS (LPS-202 ONLY) 1. On the main menu, click Network. 2. Click Ports.The Network configuration page opens. 3. Click the ADSL settings Configure button. 4. Configure the ADSL settings. 5. Click Save when you are done. 90 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H ADSL SETTINGS (CODING TYPE) PARAMETER The Coding Type determines the ADSL modulation the LPS-20x will use on the ADSL line. Selections other than “Auto” require the Coding Type to match the Coding Type configured at the ATU-C. Selecting “Auto” allows the LPS-20x to negotiate the Coding Type with the “ATU-C”. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 CONNECTING TO A WIRED LAN By attaching the LPS-20x to an Ethernet hub, you can connect wired computers to the public access network (Figure 21). These computers will need to login, just as computers on the WLAN do. Standard Ethernet cable Ethernet Hub 27-LPS20xR1 Figure 21. Connecting to a Wired LAN BRIDGE The LPS-20x acts as a bridge between the wireless LAN and the wired LAN.
December 20, 2004 SCP-LPS20x-011-012-01H DISABLING THE SECURITY FILTERS The intelligent bridge is enabled by default. To disable it, do the following: 1. On the main menu, click Security and then click Access controller. The Access controller configuration page opens. 2. Clear the Security filters check box. 3. Click Save. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 SERVICE SENSOR The service sensor enables the LPS-20x to determine if access to the network or a particular server is available. If not, the LPS-20x automatically shuts off its radio transmitter taking down the wireless cell. This feature can be used to create backup operation of the network in case of equipment failure. For example, you could install two LPS-20xs, each operating on a different channel within close proximity of one another.
December 20, 2004 SCP-LPS20x-011-012-01H SERVICE SENSOR PARAMETERS Default Gateway Select this option to poll the default gateway. If the gateway does not respond to the poll within 1 second, the radio is turned off. This setting is not configurable. If Security filters are enabled, the default gateway must be the address of the access controller. Custom Select this option to manually specify the IP address or domain name of the device to poll, the retry limit and timeout.
SCP-LPS20x-011-012-01H December 20, 2004 MAC-LEVEL FILTERING MAC-level filtering enables you to control access to the LPS-20x based on the MAC addresses of client stations. You can either block access or allow access depending on your requirements. CONFIGURATION PROCEDURE 1. On the main menu, click Wireless and then click MAC filtering. The MAC filtering configuration page opens. 2. Configure the parameters as described in the section that follows. 3. Click Save when you are done.
December 20, 2004 SCP-LPS20x-011-012-01H LOCATION-AWARE AUTHENTICATION This feature enables you to control logins to the public access network based on the wireless access point a customer is connected to. IMPORTANT ! This feature can only be used when the LPS-20x is installed in conjunction with an access controller. This feature does not support 802.1x customers and devices using MAC-based authentication.
SCP-LPS20x-011-012-01H December 20, 2004 LOCATION-AWARE AUTHENTICATION PARAMETERS This feature enables you to control logins to the public access network based on the wireless access point a customer is connected to. When enabled, the LPS-20x will return the value you specify in the Called-Station-ID when it generates a RADIUS access request for a customer login. Group Name Specify a group name for the access point. This name is used to identify customer logins via the Called-Station-ID.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS BRIDGING OVERVIEW The wireless bridging feature enables you to use the wireless radio to create point-to-point wireless links to other access points (Figure 22). Each LPS-20x can support up to six wireless bridges, which can operate at the same time as the network serving wireless customers.
SCP-LPS20x-011-012-01H December 20, 2004 SETTING UP A WIRELESS LINK This screen shows the status of the wireless links to remote LPS-20xs. IMPORTANT ! Both ends of the wireless link will need to be provisioned for this function to work properly. 1. On the Wireless menu, click Wireless links. The Wireless links page opens. 2. Click the wireless link you want to configure. The configuration page for the link opens. 3. In the Settings box, select Enabled. 4. In the Security box, select Security.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS LINK CONFIGURATION PARAMETERS Status Indicates if the link is enabled or disabled. Name Name of the link. Click to configure it. Remote MAC Address MAC address of the remote LPS-20x. SETTING PARAMETERS When the link is enabled, it is ready to establish a connection with the remote LPS-20x. Link Name Identifies the link. Speed Sets the speed the link will operate at. Choose auto to always use the fastest speed.
SCP-LPS20x-011-012-01H December 20, 2004 WIRELESS NEIGHBORHOOD The wireless neighborhood feature enables you to view a list of all authorized and unauthorized access points that are operating nearby. At a preset interval, the LPS-20x automatically scans all operating frequencies to identify active access points. The result of this scan is presented in the All access points list.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS NEIGHBORHOOD PARAMETERS List of authorized access points Specify the URL of the file that contains a list of all authorized access points. The format of this file is XML. Each entry in the file is composed of two items: MAC Addres and SSID. Each entry should appear on a new line. The easiest way to create this file is to wait for a scan to complete, then open the list of access points in Brief format.
SCP-LPS20x-011-012-01H December 20, 2004 PER-SSID VLAN Each wireless profile can be mapped to its own VLAN. Wireless clients that connect to a profile with VLAN support are bridged to the appropriate VLAN via the LPS-20x’s LAN port. Address allocation and security measures are the responsibility of the target network. IMPORTANT ! Per-SSID VLANs cannot have the same VLAN ID as the default VLAN ID assigned to the LAN port.
December 20, 2004 SCP-LPS20x-011-012-01H SCENARIO In this scenario, VLANs and multiple SSIDs are used to enable public and private users to share the same infrastructure with complete security. How it works The wireless network is split into two WLANs: public and private (Figure 23). • Wireless users on the public WLAN are mapped to the access controller via VLAN 60. • Wireless users on the private WLAN are mapped to one of the VLANs on the corporate intranet based on a setting in their RADIUS account.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURATION ROADMAP The following configuration steps provide an overview on how to set up this scenario. On the Access Controller 1. Open the Security > RADIUS page. • Add a RADIUS profile that connects to the corporate RADIUS server. 2. Open the Security > Authentication page. • In access controller authentication, define settings to connect to the corporate RADIUS server via the profile you just added. 3. Open the Wireless > WLAN profiles page.
December 20, 2004 SCP-LPS20x-011-012-01H VLAN STATUS Use the VLAN option on the Status menu to determine the status of the virtual LAN. WIRELESS CLIENT STATION PARAMETERS Mac address The Ethernet address of client station(s) that are associated to the AP. SSID The SSID that the client station(s) is associated with. Association time Indicates how long the client station has been associated with the LPS-20x. Authorized Applies to client stations using 802.1x only. A value of “Yes” indicates that 802.
SCP-LPS20x-011-012-01H December 20, 2004 WEP SECURITY Wired equivalent privacy (WEP) provides protection for wireless traffic by encrypting all transmissions. Multiple keys can be defined allowing stations to rotate key usage for enhanced security. WARNING ADC does not recommend the use of WEP alone for the creation of secure wireless networks. CONFIGURATION PROCEDURE 1. On the main menu, click Wireless. The Wireless configuration page opens. 2. Check the wireless protection box. 3.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS PROTECTION PARAMETER The parameters that are visible depend on the settings you make for the Use dynamic key rotation. Keys 1, 2, 3, 4 The number of characters you specify for a key determines the level of encryption the LPS-20x will provide. • For 40-bit encryption, specify 5 ASCII characters or 10 HEX digits. • For 128-bit encryption, specify 13 ASCII characters or 26 HEX digits.
SCP-LPS20x-011-012-01H December 20, 2004 WPA SECURITY Wi-Fi Protected Access (WPA) provides protection for users with WPA client software. CONFIGURATION PROCEDURE 1. On the main menu, click Wireless. The Wireless configuration page opens. 2. Check the wireless protection box. 3. In the Wireless protection box, choose WPA. The following parameters are displayed: 4. Configure the parameters as described in the section that follows. 5. Click Save when you are done. 110 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS PROTECTION PARAMETER The parameters that are visible depend on the settings you make for the Use dynamic key rotation. Key Source This option determines how the TKIP keys are generated. RADIUS: The LPS-20x obtains the MPPE key from the RADIUS server. This is a dynamic key that changes each time the user logs in and is authenticated. The MPPE key is used to generate the TKIP keys that encrypt the wireless data stream. Select the appropriate RADIUS server.
SCP-LPS20x-011-012-01H December 20, 2004 802.1X SECURITY 802.1x provides protection for users with 802.1x client software. CONFIGURATION PROCEDURE 1. On the main menu, click Wireless. The Wireless configuration page opens. 2. Check the wireless protection box. 3. In the Wireless protection box, choose 802.1x. The following parameters are displayed: 4. Configure the parameters as described in the section that follows. 5. Click Save when you are done. 112 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H WIRELESS PROTECTION PARAMETER This option enables support for users with 802.1x client software. The LPS-20x supports 802.1x client software that uses EAP-TLS, EAP-TTLS, and PEAP. Note that all authentication tasks are handled by the LPS-20x and not the wireless client station. This means that the RADIUS server must be reachable via the downstream port. IMPORTANT ! 802.1x sessions are terminated by the LPS-20x.
SCP-LPS20x-011-012-01H December 20, 2004 WIRELESS STATUS 1. On Status menu, click Wireless. The Access Point status page opens. ACCESS POINT STATUS PARAMETERS Wireless Port • UP: Port is operating normally • DOWN: Port is not operating normally Device Name The name that identifies the LPS-20x on your wireless network (for information only). Wireless Network Name (SSID) The name assigned to the LPS-20x wireless network. 114 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H Frequency The current operating frequency. Protocol Identifies the wireless protocol (802.11b) used by the LPS-20x to communicate with client stations. Tx Packets The total number of packets transmitted. Tx Dropped The number of packets that could not be transmitted. This can occur when the wireless configuration is being changed. Tx Errors The total number of packets that could not be sent to the following errors: Rx retry limit exceeded and Tx discards wrong SA.
SCP-LPS20x-011-012-01H December 20, 2004 Tx Discards The number of transmitted requests that were discarded to free up buffer space on the LPS-20x. This can be caused by packets being queued too long in one of the transmit queues or because too many retires and defers occurred or otherwise not being able to transmit (e.g., when scanning). Tx Retry Limit Exceeded The number of times an MSDU is not transmitted successfully because the retry limit is reached due to no acknowledge or no CTS received.
December 20, 2004 SCP-LPS20x-011-012-01H Rx Discards no Buffer The number of received MPDUs that were discarded because of lack of buffer space. Rx Discards WEP Excluded The number of discarded packets, excluding WEP-related errors. Rx Discards WEP ICV Error The number of discarded MPDUs that were discarded due to malformed WEP packets.
SCP-LPS20x-011-012-01H December 20, 2004 WIRELESS CLIENT STATION PARAMETERS MAC Address The hard coded media access number of the client station. VLAN Indicates the virtual LAN associated with the LPS-20x. SSID Indicates the name of the client station associated with the LPS-20x. Association Time Indicates how long the client station has been associated with the LPS-20x. Signal Indicates the strength of the radio signal received from client stations. Signal strength is expressed in dBm.
December 20, 2004 SCP-LPS20x-011-012-01H BRIDGE STATUS 1. On Status menu, click Bridge. The Bridge stats page opens. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 BRIDGE STAT PARAMETERS State Current state of the bridge. • Listening: Initial state. Port is not forwarding packets but listens for other bridges. • Learning: Bridge learns about other bridges on that port. Port is not forwarding packets. • Forwarding: Port is forwarding packets. Bridge is operational on the port. • Blocking: Port is not forwarding. A loop was detected in the bridging network. ID Unique ID assigned to a port. This ID cannot be changed.
December 20, 2004 SCP-LPS20x-011-012-01H G.SHDSL PORTS STATUS (LPS-200 ONLY) 1. On Status menu, click Ports. The Port stats page opens. G.SHDSL STAT PARAMETERS Operational State Showtime Indicates an active G.SHDSL link. Idle Indicates the link is down and no attempt is being made to initialize the link. Handshake Indicates the ATU_C and ATU_R are negotiating the link speed. Framer Framer is synchronizing with far end Framer. Current Bit Rate Shows current bit rate in Kbps.
SCP-LPS20x-011-012-01H December 20, 2004 LOSW Errors A LOSW occurs when at least three consecutive received frames contain one or more errors in the framing bits. CRC Errors A CRC error is declared when the CRC bits generated locally on the data in the received xDSL frame do not match the CRC bits received from the transmitter. ES Count An ES count is incremented when one or more CRC errors and/or one or more LOSW errors are declared.
December 20, 2004 SCP-LPS20x-011-012-01H DOWNSTREAM PORT STATS IP Address The IP address assigned to the port. Mask The mask assigned to the port. Tx Packets Number of packets transmitted. Tx Dropped Number of transmitted packets dropped. Tx Errors Number of packets with transmission errors. This can be caused by: loss of carrier, no heartbeat, late collision, too many retransmits (too many collisions when transmitting a packet). Rx Packets Number of packets received.
SCP-LPS20x-011-012-01H December 20, 2004 ADSL PORTS STATUS (LPS-202 ONLY) 1. On Status menu, click Ports. The Port stats page opens. ADSL STAT PARAMETERS Operational State Showtime Indicates an active ADSL link. Idle Indicates link is down and no attempt is being made to initialize the link. Handshake Indicates the ATU-C and ATU-R are in the process of synchronizing over the link. Training Indicates the ATU-C and ATU-R are negotiating link speed.
December 20, 2004 SCP-LPS20x-011-012-01H Coding type The active ADSL line-encoding type configured at the CO. Supported coding types are: Inactive, G.dmt-Annex A, Alcatel 1.4, Alcatel, ADI, and ANSI TI.413i2 Framing Mode The active ADSL framing mode configured at the CO. Supported framing modes are: Type0, Type1, Type2, Type3, and Type3ET Latency The ADSL latency mode configured at the CO.
SCP-LPS20x-011-012-01H December 20, 2004 Local HEC ATM over ADSL cell header error checksum counts since power-up, measured at the ATU-R. Local CRC Cyclical Redundancy Check counts since power-up, measured at the ATU-R. Remote FEC Forward Error Correction counts since power-up, measured at the ATU-C. Remote HEC ATM over ADSL cell header error checksum counts since power-up, measured at the ATU-C.
December 20, 2004 SCP-LPS20x-011-012-01H DOWNSTREAM PORT STATS IP Address The IP address assigned to the port. Mask The mask assigned to the port. Tx Packets Number of packets transmitted. Tx Dropped Number of transmitted packets dropped. Tx Errors Number of packets with transmission errors. This can be caused by: loss of carrier, no heartbeat, late collision, too many retransmits (too many collisions when transmitting a packet). Rx Packets Number of packets received.
SCP-LPS20x-011-012-01H December 20, 2004 SECURITY RADIUS – ADD NEW PROFILE Each RADIUS profile defines the settings for a RADIUS client connection. To support a client connection, you must create a client account (e.g., RAS account) on the RADIUS server. The settings for the account must match the profile settings you define on the LPS-20x. For backup redundancy, each profile supports a primary and secondary server. The LPS-20x will function with any RADIUS server that supports RFC 2865 and RFC 2866.
December 20, 2004 SCP-LPS20x-011-012-01H PROFILE NAME PARAMETER Specify the name to identify the profile. SETTING PARAMETERS Authentication Port Specify the port to use for authentication. By default, RADIUS servers use port 1812. Accounting Port Specify the port to use for accounting. By default, RADIUS servers use port 1813. Retry Interval Controls the retry interval (in seconds) for access and accounting requests that time-out.
SCP-LPS20x-011-012-01H December 20, 2004 Always Try Primary Server First Set this option to force the LPS-20x to contact the primary server first. Otherwise, the LPS-20x sends the first RADIUS access request to the last known RADIUS server that replied to any previous RADIUS access request. If the request times out, the next request is sent to the other RADIUS server (if defined).
December 20, 2004 SCP-LPS20x-011-012-01H SECURITY CERTIFICATES Use this option to replace the SSL certificate that ships with the LPS-20x with one of your own. This certificate is used when validating user logins to the management tool via SSL. 1. On the main menu, click Security. 2. Click Certificates.The Certificate Management page opens. 3. Select View to see the contents of the certificate. The View Certificate page opens. The certificate field shows the contents of the CN field in the certificate.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURING THE SNMP INTERFACE This section provides an overview of the SNMP interface and the MIBs supported by the LPS-20x. The LPS-20x SNMP interface can be reached both locally and remotely for complete flexibility. TO CONFIGURE SNMP OPTIONS 1. On the main menu, click Management, then click SNMP. The SNMP configuration page opens. 2. Enable the options that you require. The options are described in the sections that follow. 3. Click Save.
December 20, 2004 SCP-LPS20x-011-012-01H AGENT Enables/disables support for SNMP. Port Specify the port and protocol the LPS-20x will use to respond to SNMP requests. The default port is 161. SNMP Protocol Specify the SNMP version. TRAPS Enables/disables support for SNMP traps. The LPS-20x supports the following MIB II traps: • coldStart • linkUp • linkDown • authenticationFailure In addition, the LPS-20x supports a number of ADC-specific traps as described in the MIBs. The MIBs are available from ADC.
SCP-LPS20x-011-012-01H December 20, 2004 STANDARD MIBS The LPS-20x supports the following MIBs: • IEEE8021-PAE-MIB • RFC1213-MIB – Full read support. Write support as defined below. • 802.11b The MIB defined in "IEEE Std 802.11b/D8.0, September 2001 Annex D" has been moved under the MIB (COLUBRIS-IEEE802DOT11). • Colubris MIB MANAGEMENT CONSOLES • To manage the LPS-20x, third-party SNMP management consoles must support the SNMPV2c protocol.
December 20, 2004 Set SCP-LPS20x-011-012-01H Group OID N ipRouteMetric5 N ipNetToMediaIfIndex N ipNetToMediaNetAddress N ipNetToMediaType(4) N Tcp ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 COLUBRIS ENTERPRISE MIB The Colubris Enterprise MIB is available (refer to Product Support on page 177). It is organized as follows: • COLUBRIS-802DOT1X-MIB.my • COLUBRIS-CDP-MIB.my • COLUBRIS-IEEE802DOT11.my • COLUBRIS-MAINTENANCE-MIB.my • COLUBRIS-PRODUCTS-MIB.my • COLUBRIS-PUBLIC-ACCESS-MIB.my • COLUBRIS-SMI.my • COLUBRIS-SYSLOG-MIB.my • COLUBRIS-SYSTEM-MIB.my • COLUBRIS-TC.my Table 15.
December 20, 2004 SCP-LPS20x-011-012-01H Group OID Get Set dot11Privacy dot11PrivacyInvoked Y Y dot11WEPDefaultKeyID Y Y dot11WEPKeyMappingLength N N dot11ExcludeUnencrypted Y Y N N Dot11RTSThreshold Y N Dot11ShortRetryLimit Y N Dot11LongRetryLimit Y N Dot11FragmentationThreshold Y N Dot11MaxTransmitMSDULifetime Y N Dot11MaxReceiveLifetime Y N Y N Dot11Address N N Dot11GroupAddressesStatus N N Dot11CurrentRegDomain Y N Dot11CurrentTxAntenna Y N Dot11Curren
SCP-LPS20x-011-012-01H Group December 20, 2004 OID Get Set dot11PhyIR Dot11CCAWatchdogTimerMax N N Dot11CCAWatchdogCountMax N N Dot11CCAWatchdogTimerMin N N Dot11CCAWatchdogCountMin N N Y N Dot11SupportedTxAntenna Y N Dot11SupportedRxAntenna Y N Dot11DiversitySelectionRx Y N SupportedDataRatesTx Y N SupportedDataRatesRx Y N dot11RegDomainsSupported dot11AntennasList Traps Not applicable. 138 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H SSL CERTIFICATES This section explains how to create and install SSL certificates to secure communications with the LPS-20x. OVERVIEW OF SSL CERTIFICATES The only way to securely access a web server is to encrypt the data stream that is exchanged between the browser and the web server.
SCP-LPS20x-011-012-01H December 20, 2004 ABOUT CERTIFICATE WARNING MESSAGES The default certificate installed on the LPS-20x is not registered with an authority certificate. It is a self-signed certificate which is attached to the default IP address (192.168.1.1) for the LPS-20x. This results in the following warning message each time a web browser attempts to validate the certificate. There are three types of possible warnings in the Security Alert: 1.
December 20, 2004 SCP-LPS20x-011-012-01H INSTALLING A NEW SSL CERTIFICATE Do the following to create and install a new certificate on the LPS-20x. 1. Obtain or create a new SSL certificate. For instructions, see Step 1: Creating SSL Certificates on page 142. 2. Prepare the certificate chain. For instructions, see Step 2: Preparing the certificate chain on page 155. 3. Convert the Certificate. For instructions, see Step 3: Converting a Certificate to PKCS #12 Format on page 156. 4.
SCP-LPS20x-011-012-01H December 20, 2004 STEP 1: CREATING SSL CERTIFICATES There are three ways to create a digital certificate: 1. Obtain a certificate from a recognized certificate authority: This is the best option, since it ensures that your certificate can be validated by any web browser. A number of companies offer this service for a nominal charge. These include: Thawte, Verisign, and Entrust. 2.
December 20, 2004 SCP-LPS20x-011-012-01H ....................................++++++ ..................................++++++ e is 65537 (0x10001) Enter PEM pass phrase: your_password At this stage, the private key has been generated and you are prompted to specify the secret password that will protect the key. Do not forget this password, otherwise you will lose access to the private key. From this point on, this password will be referred to as the key password.
SCP-LPS20x-011-012-01H December 20, 2004 Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:cb:bb:24:82:9d:f6:24:ee:8f:f4:ec:39:5c:88: a2:c3:08:96:68:1b:0b:c8:a8:48:09:db:6f:01:c2: 45:41:d0:a4:eb:b0:11:78:3d:55:ea:49:26:e1:dc: 9a:02:79:ae:fc:2c:4a:8a:d7:d7:eb:50:49:ec:08: d3:7b:fe:66:52:fd:74:0a:9d:f4:e1:79:95:3a:7f: 46:d6:79:ea:04:7c:63:1b:36:9c:c2:28:4f:1a:01: 9a:90:90:6f:7c:f3:b4:d7:0d:d5:9d:e0:bf:b3:af: b9:8a:95:6a:87:20:0b:e8:28:29:03:cb:1d:54:9f: 6d:c5:67:d6:1d:6b:
December 20, 2004 SCP-LPS20x-011-012-01H At this stage, two files have been created in C:\certificates: • www.company.com.key: This file contains the private key for the server. • www.company.com.req: This file contains the certificate request. Next, send the certificate request to a Trusted Certificate Authority to obtain a public key certificate from the CA. The certificate file will be protected by the password you specified.
SCP-LPS20x-011-012-01H December 20, 2004 Country Name (2 letter code) [US]: State or Province Name (full name) [Minnesota]: Locality Name (eg, city) [Minneapolis]: Organization Name (eg, company) [ADC Inc.]:Company Inc. Organizational Unit Name (eg, section) [Research & Development]:Department Your Name []:Test-Only Certificate Authority Email Address [wsd.support@adc.com]:ca@company.com The certificate for your CA will then be displayed.
December 20, 2004 SCP-LPS20x-011-012-01H -----BEGIN CERTIFICATE----MIICvDCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0Ex DzANBgNVBAgTBlF1ZWJlYzEOMAwGA1UEBxMFTGF2YWwxFTATBgNVBAoTDENvbXBh bnkgSW5jLjETMBEGA1UECxMKRGVwYXJ0bWVudDEoMCYGA1UEAxMfVGVzdC1Pbmx5 IENlcnRpZmljYXRlIEF1dGhvcml0eTEdMBsGCSqGSIb3DQEJARYOY2FAY29tcGFu eS5jb20wHhcNMDIwMjI3MjE0NjQwWhcNMDMwMjI3MjE0NjQwWjCBozELMAkGA1UE BhMCQ0ExDzANBgNVBAgTBlF1ZWJlYzEOMAwGA1UEBxMFTGF2YWwxFTATBgNVBAoT DENvbXBhbnkgSW5jLjETMBEGA1UECxMKRGVwYXJ0bWVudDEoMCYGA
SCP-LPS20x-011-012-01H December 20, 2004 Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
December 20, 2004 SCP-LPS20x-011-012-01H Signature Algorithm: md5WithRSAEncryption 35:04:94:33:7e:13:86:05:9e:dd:49:4d:eb:d7:cb:21:6c:8b: aa:84:2a:6b:9b:ff:49:7d:6f:06:49:c8:ba:18:8b:b7:ad:4b: ab:3d:2d:91:79:1f:c3:48:a1:83:7b:d4:38:b6:10:1c:87:bd: e6:46:41:69:b1:1a:ec:31:19:cc:05:44:46:24:7b:3b:b4:e2: f3:54:94:36:90:f3:5f:f8:94:23:95:e6:26:0f:c7:36:39:44: 5d:94:85:e6:64:10:ae:b5:4e:a0:3b:ca:bd:e0:ae:eb:ad:af: 44:bf:20:a2:f8:30:cc:14:f1:0a:0e:3b:b5:32:a3:c9:2a:14: 05:25 -----BEGIN CERTIFICATE REQUEST----MI
SCP-LPS20x-011-012-01H December 20, 2004 At this stage, two files have been created: • www.company.com.pem, which contains the X.509 certificate for the web • www.company.com.key, which contains the private key for the server. server’s public key. A copy of www.company.com.pem has been created as: C:\certificates\DemoCA\CA\newcerts\01.pem The file containing the next serial number that will be used for the next certificate to be signed has been updated: C:\certificates\DemoCA\CA\serial The previous versio
December 20, 2004 SCP-LPS20x-011-012-01H You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
SCP-LPS20x-011-012-01H December 20, 2004 00:d7:63:8f:5f:ee:29:99:6e:6a:c5:06:61:30:e7: 87:3e:5b:d5:04:af:ba:92:cd:f1:cc:f4:19:4a:95: ec:79:76:47:b5:5a:0d:4d:aa:7d:27:c2:d5:1c:bf: 4a:04:3a:34:6e:86:6d:34:40:1a:15:1b:21:4c:44: eb:50:f4:27:19:bd:59:0f:80:a9:85:a7:0b:4e:5d: 1e:c8:b8:ff:1a:c4:d9:18:2a:9d:a9:c9:1c:0f:17: 92:38:58:89:ac:1e:b6:d4:b0:97:5d:47:41:28:ea: ef:f5:cf:ac:c1:cc:0e:d9:9f:71:d6:74:ec:32:af: a9:26:5b:11:cf:96:be:09:c9 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 38:f2:
December 20, 2004 SCP-LPS20x-011-012-01H VIEWING THE CERTIFICATE It is important to confirm that the company details are correct and in this case, you will see that the Issuer and the Subject are different. The content of the certificate CA be displayed using viewcert. C:\certificates\DemoCA>viewcert www.company.com Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=Minnesota, L=Minneapolis, O=ADC Inc.
SCP-LPS20x-011-012-01H December 20, 2004 ba:bd:64:1b:f0:6b:f4:a8:b8:14:dc:8b:1f:25:f9:04:25:85: 82:d5:07:8b:26:90:7d:c7:c8:71:ba:37:e0:a8:42:91:31:30: 2b:56:4a:34:70:14:22:38:7c:3f:99:5d:a5:5c:2c:a0:52:58: cc:b0:87:5d:14:ff:c3:7e:c8:ed:4e:a8:7b:ca:f3:d3:e3:85: 99:88:a4:7f:26:15:a1:14:61:01:87:18:53:ab:48:d4:f8:f9: aa:2d -----BEGIN CERTIFICATE----MIID0DCCAzmgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMCQ0Ex DzANBgNVBAgTBlF1ZWJlYzEOMAwGA1UEBxMFTGF2YWwxFTATBgNVBAoTDENvbXBh bnkgSW5jLjETMBEGA1UECxMKRGVwYXJ0
December 20, 2004 SCP-LPS20x-011-012-01H STEP 2: PREPARING THE CERTIFICATE CHAIN When a web browser connects to the LPS-20x using SSL, the LPS-20x only sends its own SSL certificate to the browser.
SCP-LPS20x-011-012-01H December 20, 2004 STEP 3: CONVERTING A CERTIFICATE TO PKCS #12 FORMAT Before you can install a certificate on the LPS-20x, you need to convert it to PKCS #12 format. This can be done with the openssl program pemtopkcs12. Execute the command: pemtopkcs12 certificate Replace certificate with the name of the certificate file. Make sure that the .PEM and .KEY file are in the same folder and have the same name (with a different extension).
December 20, 2004 SCP-LPS20x-011-012-01H STEP 4: INSTALLING A NEW SSL CERTIFICATE Use this procedure to replace the SSL certificate that ships with the LPS-20x with one of your own. This certificate is used when validating user logins to the management tool via SSL. Before you can install a new SSL certificate, make sure that it conforms to the following: • It must be in PKCS #12 format. Refer to Step 3: Converting a Certificate to PKCS #12 Format on page 156 for instructions on how to do this.
SCP-LPS20x-011-012-01H December 20, 2004 STEP 5: INSTALLING CERTIFICATES IN A BROWSER If you are operating as your own certificate authority, installing a certificate signed by your own CA will still cause a security warning to appear when customers open the LPS-20x’s Login page. This occurs because your CA is not part of the group of well-known certificate authorities included with most browsers. This means customers will get a security warning when establishing the SSL connection with the Login page.
December 20, 2004 SCP-LPS20x-011-012-01H 4. Click Import. The Certificate Import Wizard starts. Click Next. 5. Click Browse. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 6. Specify *.pem in the File name box, and press the Enter key, then select CAcert.pem and click Open. 7. Click Next. 160 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H 8. Click Next. 9. Click Finish. 10. Click Yes. Customers who do this will no longer see any security warnings. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 NETSCAPE NAVIGATOR To eliminate the certificate warning message in Netscape Navigator 7.1, do the following: 1. On the Edit menu, click Preferences. 2. Click Privacy & Security. 3. Click Certificates. 4. Click Manage Certificates. 5. Click Authorities. 6. Click Import. 7. Select your Public Key certificate. (If you are using the examples in this section, select C:\certificates\ca\private\CAcert.pem.) 8. Click Open. 9. Select Trust this CA to identify web sites. 10.
December 20, 2004 SCP-LPS20x-011-012-01H THE CONFIGURATION FILE This section provides an overview of the configuration file and explains how to edit it. MANUALLY EDITING THE CONFIG FILE The configuration file contains the settings for all customizable parameters on the LPS-20x. Almost all of these parameters can be set using the web-based management tool. However, certain infrequently-used parameters can only be set by manually editing the configuration file.
SCP-LPS20x-011-012-01H December 20, 2004 CONFIGURATION FILE STRUCTURE The configuration file is an ASCII file and can be edited in a standard text editor. Key components in the file are: • Block: A block contains sections, sub-sections, and parameters. Blocks start with: %begin block_name and end with: %end block_name • Section: A section contains sub-sections and parameters. Sections start with: [SECTION_NAME] and end with another block or section name. Section names are not case-sensitive.
December 20, 2004 SCP-LPS20x-011-012-01H TROUBLESHOOTING SYSTEM LOG The system log maintains a record of the last 400 events that occurred on the LPS-20x. The log file is reset if the LPS-20x loses power or is restarted abnormally. 1. On the main menu, click Tools. 2. Click System Log. The System log page opens. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 SETTING PARAMETERS Filter Specify the type of messages that will be recorded in the log. Each message level includes all those below it. For example, if you select “notice,” then all messages under it in the list are included. This means that selecting “debugs” logs all messages.
December 20, 2004 SCP-LPS20x-011-012-01H SYSTEM TOOLS The system tools enables you to obtain detailed information on the internal operation of the LPS-20x. 1. On the main menu, click Tools. 2. Click System Tools. The System tools page opens. 3. Select the desired tool in the pull-down window. 4. Click on Run. The detailed information screen opens. ADC Telecommunications, Inc.
SCP-LPS20x-011-012-01H December 20, 2004 IP TRACE The IP trace enables you to capture detailed information on the data streaming through the LPS-20x. 1. On the main menu, click Tools. 2. Click IP Trace. The IP trace page opens. 3. Click on Start Trace. 4. Click on Stop Trace to review the results. 168 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H IP TRACE PARAMETERS Port to Trace Choose the port to apply the trace to. Destination Select where the trace file will be stored/sent: • Local: Trace file is stored on the LPS-20x. Size of the trace file is limited by available memory. When space is exhausted, the trace is truncated. • Remote URL: Specify the URL of the remote device to send the trace file to. Trace data is automatically sent as it is gathered; therefore, there is no size limit to the trace.
SCP-LPS20x-011-012-01H December 20, 2004 Filter Lets you specify a filter expression which controls which packets will be captured by the trace. Leave the filter blank to trace all packets. The filter expression has the same format and behavior as the expression parameter used by the well-known TCPDUMP command. Table 16 is a summary of syntax of this command. For more detailed information, consult one of the many TCPDUMP pages available on the Internet. The filter consists of one or more primitives.
December 20, 2004 SCP-LPS20x-011-012-01H In addition to Table 16, there are some special “primitive” keywords that do not follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. For more detailed information, consult one of the many TCPDUMP pages available on the Internet. More complex filter expressions are built up by using the words: “and”, “or”, and “not” to combine primitives. For Example: host 192.168.30.
SCP-LPS20x-011-012-01H December 20, 2004 Trace Results Displays the results of the trace after it stops. Start Trace Starts the trace. Data captured by the trace is not displayed until the trace has stopped. Stop Trace Stops the trace and displays the captured data in the Trace results box. Save Trace in Text Format Click this button to save the captured data to an ASCII file.
December 20, 2004 SCP-LPS20x-011-012-01H REGULATORY, WIRELESS INTEROPERABILITY, AND HEALTH INFORMATION REGULATORY INFORMATION The LPS-20x complies with the following radio frequency and safety standards. CANADA - INDUSTRY CANADA (IC) This device complies with RSS 210 of Industry Canada. Cet appareil numérique de la classe B est conforme à la norme NMB-003 et CNR 210 d’Industrie Canada. EUROPE - EU DECLARATION OF CONFORMITY This device is for indoor use only.
SCP-LPS20x-011-012-01H December 20, 2004 Interference Statement The LPS-20x has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. The LPS-20x generates, uses, and can radiate radio frequency energy. If not installed and used in accordance with the instructions, it may cause harmful interference to radio communications.
December 20, 2004 SCP-LPS20x-011-012-01H ACRONYMS A ADSL – Asymmetric Digital Subscriber Line AP – Span-Powered Access Point ATM – Asynchronous Transfer Mode AWG – American Wire Gauge C CA – Certificate Authority CO – Central Office CTS – Clear To Send D DHCP – Dynamic Host Configuration Protocol DLC – Digital Loop Carrier DN – Distinguished Name DNS – Domain Naming System DSL – Digital Subscriber Loop DSLAM – Digital Subscriber Line Access Multiplexer DSSS – Direct Sequence Spread Spectrum E ES – Erro
SCP-LPS20x-011-012-01H December 20, 2004 P POTS – Plain Old Telephone Service Q QoS – Quality of Service R RADIUS – Remote Authentication Dial-In Service RAM – Remote Access Multiplexer RMA – Return Material Authorization RTS – Request To Send S SCB – Serial Communication Bus SES – Severely Errored Seconds SNMP – Simple Network Management Protocol SSID – Service Set Identifier (Wireless Network Name) SSL – Secure Sockets Layer T TC-PAM – Trellis Coded Pulse Amplitude Modulation TKIP – Temporary Key In
December 20, 2004 SCP-LPS20x-011-012-01H PRODUCT SUPPORT TECHNICAL SUPPORT Technical Assistance is available 24 hours a day, 7 days a week by contacting the Customer Service Engineering group at: Telephone: 800.366.3891 The 800 telephone support line is toll-free in the U.S. and Canada. Email: wsd.support@adc.com Knowledge www.adc.com/Knowledge_Base/index.jsp Base: Web: www.adc.com LIMITED WARRANTY Product warranty is determined by your service agreement.
SCP-LPS20x-011-012-01H December 20, 2004 4. Pack the equipment in a shipping carton. 5. Write ADC’s address and the RMA Number you received from the RMA Department clearly on the outside of the carton. All shipments are to be returned prepaid. ADC will not accept any collect shipments. FCC CLASS B COMPLIANCE This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules.
World Headquarters: ADC Telecommunications, Inc. PO Box 1101 Minneapolis, Minnesota USA 55440-1101 For Technical Assistance: 800.366.
