User guide

ManualsBrandsADEUNIS ManualsComputer equipmentARF45

Wi-Fi b/g Modem

User Guide

Summary of content (88 pages)

PAGE 1
Wi-Fi b/g Modem User Guide
PAGE 2
No part of this document may be reproduced or transmitted (in electronic or paper version, photocopy) without Adeunis RF consent. This document is subject to change without notice. All trademarks mentioned in this guide are the property of their respective owner. ADEUNIS RF 283, rue Louis Néel 38920 Crolles France Phone Fax +33 (0)4 76 92 07 77 +33 (0)4 76 08 97 46 Ref.
PAGE 3
ARF45-PRO User Guide Table of contents About this document ...................................................3 Declaration of conformity ...........................................4 Feature’s Overview .....................................................5 Power supply ...............................................................8 Serial link wiring .........................................................9 Connection during serial configuration phase ...........................
PAGE 4
ARF45-PRO User Guide Port numbers ........................................................................48 Modem emulation mode ........................................................49 Entering Command mode on the ARF45-PRO ..........................51 Security modes in details ..........................................53 Features overview .................................................................53 EAP methods supported .........................................................
PAGE 5
ARF45-PRO User Guide About this document This guide describes the ARF45-PRO devices, their options and accessories. Ref.
PAGE 6
ARF45-PRO User Guide Declaration of conformity Manufacturer’s name: Manufacturer’s address ADEUNIS R.F. Parc Technologique PRE ROUX IV 283 rue Louis NEEL 38920 CROLLES - FRANCE declares that the product if used and installed according to the user guide available on our web site www.adeunis-rf.
PAGE 7
ARF45-PRO User Guide Feature’s Overview - ARF45-PRO is a device that adds secure wireless 802.11 b/g (Wi-Fi) networking capability to any device with a serial interface. Basically the ARF45-PRO can be seen as a RS232/WIFI gateway. - The ARF45-PRO enables remote access to a serial port over a wireless network. The data from the serial link is encapsulated into TCP or UDP packets which can travel through any IP based wireless network.
PAGE 8
ARF45-PRO User Guide Infrastructure mode: The ARF45-PRO is connected to an Access Point Ad-hoc mode: The ARF45-PRO is directly connected to another WI-FI station. In this mode, point to point communication between two ARF45-PRO modems is also possible. Ref.
PAGE 9
ARF45-PRO User Guide The following topology is also possible using Wi-Fi Ad-hoc mode: - The ARF45-PRO contains a full-featured TCP/IP stack and supports the following communication and management protocols: ARP, IP, TCP, UDP, ICMP, BOOTP, DHCP AutoIP, Telnet, FTP, TFTP, HTTP(S), SSH, SSL/TLS, SNMP, DNS, PPP , as well as the complete suite of 802.1X Enterprise Authentication Protocols (EAP) including EAP-TLS, EAP-TTLS, PEAP and LEAP.
PAGE 10
ARF45-PRO User Guide Power supply To perform wiring of these products, the bottom part of the housing (part with stuffing box) has to be opened by unscrewing the two stainless steel screws on each side. Retirer les visthese de la partie Remove screws avec presse étoupe The ARF45PRO product must be supplied from a DC voltage source. This voltage source must be 8V minimum and must not exceed 36 VDC. + - RTS RX TX CTS WLAN ACT + DC Supply Ref.
PAGE 11
ARF45-PRO User Guide Serial link wiring The WIFI modem serial interface wiring is a two-step connection process: First connect the modem to a PC to set up the modem configuration, Then connect the modem to the final equipment for data transmission. Connection during serial configuration phase For the initial configuration phase, the WIFI modem has to be connected on to a PC COM port. The set-up configuration software does not require RTS/CTS wiring.
PAGE 12
ARF45-PRO User Guide Modem (DCE) + - RTS RX TX CTS WLAN ACT 5 7 2 SUB-D 9 3 8 PC (DTE) ARF45-PRO Configuration The ARF45-PRO comes with a default configuration. The configuration is then modifiable through access to a set of parameters that are detailed further below. In order to fit the application, the ARF45-PRO’s configuration parameters can easily be modified using two different methods.
PAGE 13
ARF45-PRO User Guide - Through the Command Line Interface (accessible either over the network by making a Telnet connection or locally by connecting a terminal to the ARF45-PRO’s serial port): the advantage of this method is that the user can access the ARF45-PRO configuration without having the knowledge of its WLAN settings (for instance in order to perform the very first configuration of the product which contains the factory settings).
PAGE 14
ARF45-PRO User Guide - Basic parameters: Network name (also called SSID), network Topology and frequency channel (applicable only in Ad-hoc topology). - Advanced parameters: TX data rate, TX power settings. - Security parameters: Parameters pertaining to the encryption and authentication methods.
PAGE 15
ARF45-PRO User Guide Figure 1 By default, the ARF45-PRO product comes with two default profiles: one which enables the connection to an Infrastucture Network (profile name is: default_infrastructure_profile) and another one which enables the connection to an Ad-Hoc network (profile name is: default_adhoc_profile). Both of these profiles are set up with default network names (respectively Lantronix Initial Infra Network and Lantronix Initial Adhoc Network) and no security level activated.
PAGE 16
ARF45-PRO User Guide PRO can be configured over the network through an AP (Infrastructure) or a Wireless Network Card (Ad-Hoc). The prerequisite for this is to apply the ARF45-PRO’s default WLAN settings to the AP or the Wireless Card. On top of this, a DHCP server must be present in the network in order to be able to proceed to the very first configuration of the product over the network!! The ARF45-PRO also gives the possibility to create new WLAN profiles.
PAGE 17
ARF45-PRO User Guide Figure 2 Ref.
PAGE 18
ARF45-PRO User Guide Figure 3 Ref.
PAGE 19
ARF45-PRO User Guide Figure 4 Ref.
PAGE 20
ARF45-PRO User Guide Figure 5 The “EAP_TLS_secured_profile” and “PEAP_secured_profile” WLAN profiles are profiles with the EAP authentication mode enabled. From figure 1, we can see that the “default infrastructure profile” has precedence over the EAP_TLS profile which means that the ARF45-PRO will first search for a wireless Access Point with the same SSID, Channel number and Security mode as the ones contained in the “default infrastructure profile” profile.
PAGE 21
ARF45-PRO User Guide In the case where more than one of the active profiles is available in the surrounding environment, it is important to note that the signal strength (from the Access Point) also comes into play when selecting the profile to which the ARF45-PRO is going to connect to.
PAGE 22
ARF45-PRO User Guide out the very first configuration of the product (either using directly the CLI command mode or through the Adeunis configuration application. Here are described below on figure 6 the steps to follow when the ARF45PRO device contains the default factory settings: Figure 6 Web-based configuration To access the Web Manager: 1. Open a standard web browser (such as Netscape Navigator, Internet Explorer, Mozilla Firefox). Ref.
PAGE 23
ARF45-PRO User Guide 2. Enter the IP address of the ARF45-PRO in the address bar. 3. Enter your user name and password. Note: The factory-default user name is admin and the factory-default password is PASS. The Web Manager home page displays: Figure 7 Ref.
PAGE 24
ARF45-PRO User Guide Command mode configuration As an alternative to using the Web Manager, you can configure the ARF45PRO through the command line interface (CLI) using a series of commands. The command mode interface can be accessed through a Telnet session or a direct connection to a serial port. Configuration using Telnet session To configure the ARF45-PRO device using a Telnet session over the network, establish a Telnet connection: 1. From the Windows Start menu, click Run.
PAGE 25
ARF45-PRO User Guide Configuration using a Serial Port connection To configure the ARF45-PRO device locally using a serial port, connect a terminal or a PC running a terminal-emulation program to the device’s serial port. Figure 9 Note: Configure the terminal for 9600 baud, 8-bit, no parity, 1 stop bit, and no flow control. Ref.
PAGE 26
ARF45-PRO User Guide At boot time, executing the following sequence enables to enter the command mode: Press and hold down the exclamation point (!) key. Then, when an exclamation point (!) appears on the terminal or PC screen, type xyz within 5 seconds to display the command mode prompt. At any time: There is also the possibility for the ARF45-PRO device to enter the command mode at any time, even while a connection with a remote device is set up.
PAGE 27
ARF45-PRO User Guide Figure 10 To move to a different level: Enter the name of that level from within its parent level. For example: >enable (enable)#tunnel 2 Note: Some levels require a number to indicate one of several level instances. In the example above the number 2 indicates that we would like to configure the settings for tunneling on serial port 2. To exit and return to one level higher: Type exit and press the Enter key. Ref.
PAGE 28
ARF45-PRO User Guide Note: Typing exit at the login level or the enable level will close the CLI session. To view the current configuration at any level: Type show. The configuration for that level displays. To view the list of commands available at the current level: At the command prompt, type the question mark “?”. The list of current commands displays. (There is no need to press Enter.) Note: Items within < > (e.g. ) are required parameters.
PAGE 29
ARF45-PRO User Guide Summary: Configuration How-To Figure 11 Duplicating configuration The ARF45-PRO device supports XML-based configuration which make device configuration transparent to users. The XML is easily editable with a standard text or XML editor. Using XML-based configuration file provide a straightforward and flexible way to manage the configuration of multiple devices.
PAGE 30
ARF45-PRO User Guide When exporting the current system configuration in XML format, the generated XML file can be imported later to restore a configuration. It can also be modified and imported to update the configuration on this ARF45PRO device or another ARF45-PRO device. The XML data can be exported to the browser window or to a file on the file system.
PAGE 31
ARF45-PRO User Guide Figure 12 By default the network interface settings are not exported. This is so that if you later export the entire XML configuration, it will not break your network connectivity. Ref.
PAGE 32
ARF45-PRO User Guide Figure 13 Duplicating configuration through the Command Line Interface An XML configuration file can be imported (captured) or exported (dumped) directly to a Telnet or serial line session. Capturing an XML configuration record can be started by pasting a valid XML configuration file directly into the Command line interface. Ref.
PAGE 33
ARF45-PRO User Guide To dump the current configuration, use the following command: xcr dump By default param is empty and the whole configuration is dumped and displayed on the terminal window. The user may choose to export only part of the configuration by setting param to the group’s names that have to be exported: Example: xcr dump interface:2,arp,ppp will export and display the content of the arp group, the content of the ppp group and and the content oif the instance 2 of the interface group.
PAGE 34
ARF45-PRO User Guide XML group Here is below the list of XML group. This table indicates whether each item can be imported, exported, or exported with the placeholder “”: Figure 14 Ref.
PAGE 35
ARF45-PRO User Guide Figure 15 Ref.
PAGE 36
ARF45-PRO User Guide Figure 16 Ref.
PAGE 37
ARF45-PRO User Guide Figure 17 Ref.
PAGE 38
ARF45-PRO User Guide Figure 18 Ref.
PAGE 39
ARF45-PRO User Guide Figure 19 Ref.
PAGE 40
ARF45-PRO User Guide Figure 20 Ref.
PAGE 41
ARF45-PRO User Guide Figure 21 Ref.
PAGE 42
ARF45-PRO User Guide Figure 22 Ref.
PAGE 43
ARF45-PRO User Guide Figure 23 Ref.
PAGE 44
ARF45-PRO User Guide Figure 24 Ref.
PAGE 45
ARF45-PRO User Guide Network Communication mode A serial tunneling communication is a communication between two serial devices connected over an IP-based network. Two ARF45-PRO modem devices can be used to create a “serial tunnel” over an IP network (it does not matter whether the connection is a point to point connection, in the case of ad-hoc network, or a connection via an AP, in case of infrastructure network). This can be thought of as cable replacement.
PAGE 46
ARF45-PRO User Guide Figure 25 Connect Mode supports the following protocols: - TCP AES encryption over UDP AES encryption over TCP SSH (the ARF45-PRO is the SSH client) UDP (available only in Connect Mode because it is a connectionless protocol). Ref.
PAGE 47
ARF45-PRO User Guide Connect Mode has five states: - Disabled (no connection) Enabled (always makes a connection) Active if it sees any character from the serial port Active if it sees a specific (configurable) character from the serial port. Modem emulation Accept mode In this mode, the ARF45-PRO listens for a connection. In other words, the ARF45-PRO behaves like an IP server. A node on the network initiates the connection.
PAGE 48
ARF45-PRO User Guide Figure 26 Ref.
PAGE 49
ARF45-PRO User Guide Figure 27 Ref.
PAGE 50
ARF45-PRO User Guide Figure 28 Port numbers Every TCP connection and every UDP datagram is defined by a destination and source IP address, and a destination and source port number. Ref.
PAGE 51
ARF45-PRO User Guide For example, a Telnet server commonly uses port number 23.
PAGE 52
ARF45-PRO User Guide Figure 29 Ref.
PAGE 53
ARF45-PRO User Guide All of these commands behave like a modem. For commands that are valid but not applicable to the ARF45-PRO, an “OK” message is sent (but the command is silently ignored). The ARF45-PRO attempts to make a Command Mode connection as per the IP/DNS/port numbers defined in Connect Mode. It is possible to override the remote address, as well as the remote port number. When using ATD, enter 0.0.0.0 to switch to Command Mode.
PAGE 54
ARF45-PRO User Guide Figure 30 Ref.
PAGE 55
ARF45-PRO User Guide Security modes in details Features overview The ARF45-PRO device enables to add Wi-Fi networking capability to devices with the highest WPA2/802.11i enterprise-grade security and authentication protocols. Like the ARF45, the ARF45-PRO supports the WPA/WPA2 Personal mode which is a security mode that uses pre-shared key (PSK) for authentication.
PAGE 56
ARF45-PRO User Guide Note: WPA and WPA2/IEEE 802.11i are not available for Ad-hoc topology. EAP methods supported Here are the EAP methods that are supported by the ARF45-PRO: LEAP = Lightweight Extensible Authentication Protocol. EAP-TLS = Extensible Authentication Protocol - Transport Layer Security: requires authentication certificates on both the network side and the ARF45PRO side. EAP-TTLS = Extensible Authentication Protocol - Tunneled Transport Layer Security.
PAGE 57
ARF45-PRO User Guide able to verify the Radius server’s certificate. In case of EAP-TLS also a certificate and matching private key need to be configured to authenticate the ARF45-PRO to the Radius server (that is to identify itself ) and sign its messages. Prior to embark on the configuration of the ARF45-PRO, both EAP-TLS and PEAP based authentication methods require the RADIUS server and the access point (which is also called the RADIUS client) to be correctly configured.
PAGE 58
ARF45-PRO User Guide Figure 32 - Click Next. In the New Object – User dialog box, type a password of your choice in Password and Confirm password. Clear the User must change password at next logon check box, and then click Next. This is shown in the following figure. Ref.
PAGE 59
ARF45-PRO User Guide Figure 33 - In the final New Object – User dialog box, click Finish. Allow wireless access to users: - In the Active Directory Users and Computers console tree, click the Users folder, right-click WirelessUser, click Properties, and then click the Dial-in tab. - Select Allow access, and then click OK. Add groups to the domain: - In the Active Directory Users and Computers console tree, rightclick Users, click New, and then click Group.
PAGE 60
ARF45-PRO User Guide Figure 34 Add users to the WirelessUsers group : - In the details pane of the Active Directory Users and Computers, double-click WirelessUsers. - Click the Members tab, and then click Add. - In the Select Users, Contacts, Computers, or Groups dialog box, type wirelessuser in Enter the object names to select. - Click OK. In the Multiple Names Found dialog box, click OK. The WirelessUser user account is added to the WirelessUsers group.
PAGE 61
ARF45-PRO User Guide - In the console tree of the Internet Authentication Service snap-in, right-click RADIUS Clients, and then click New RADIUS Client. - On the Name and Address page of the New RADIUS Client wizard, in Friendly name, type WirelessAP. In Client address (IP or DNS), type the IP address of the AP on the network, and then click Next. This is shown in the following figure. Figure 35 - Click Next.
PAGE 62
ARF45-PRO User Guide Figure 36 - Click Finish. Create and configure remote access policy : - In the console tree of the Internet Authentication Service snap-in, right-click Remote Access Policies, and then click New Remote Access Policy. - On the Welcome to the New Remote Access Policy Wizard page, click Next. - On the Policy Configuration Method page, type Wireless access to intranet in Policy name. This is shown in the following figure. Ref.
PAGE 63
ARF45-PRO User Guide Figure 37 - Click Next. On the Access Method page, select Wireless. This is shown in the following figure. Figure 38 - Click Next. On the User or Group Access page, select Group. This is shown in the following figure. Ref.
PAGE 64
ARF45-PRO User Guide Figure 39 - Click Add. In the Select Groups dialog box, click Locations, select example.com, and then click OK. - Type wirelessusers in the Enter the object names to select box. This is shown in the following figure. Figure 40 - Click OK. The WirelessUsers group in the example.com domain is added to the list of groups on the User or Group Access page. This is shown in the following figure. Ref.
PAGE 65
ARF45-PRO User Guide Figure 41 - Click Next. On the Authentication Methods page, select “Smart card or other certificate” (for EAP-TLS deployment) or “Protected EAP” (for PEAP deployment). In case of PEAP deployment, the user also has to choose the inner-authentication method (MS-CHAP v2, CHAP …) to be used. - Click Next. On the Completing the New Remote Access Policy page, click Finish.
PAGE 66
ARF45-PRO User Guide - Entering the shared secret, which must match the shared secret previously entered on the RADIUS server. EAP-TLS based deployment There are several steps that have to be carried out in order to deploy the EAP-TLS based security mode on the ARF45-PRO device. The EAP-TLS method requires authentication certificates on both the network side (that is on the authentication RADIUS server) and the ARF45-PRO side.
PAGE 67
ARF45-PRO User Guide Figure 42 - On the Windows server, open a web browser (e.g. Internet Explorer), and enter http://127.0.0.1/certsrv for the address. If prompted for user name and password, enter those configured for the EAP authentication user. Ref.
PAGE 68
ARF45-PRO User Guide Figure 43 - Click on “Request a certificate”. On the page that loads, click on “advanced certificate request”. Ref.
PAGE 69
ARF45-PRO User Guide Figure 44 - On the next page click on “Create and submit a request to this CA”. Ref.
PAGE 70
ARF45-PRO User Guide Figure 45 - On the page that loads select “User” under Certificate Template. Make sure “Mark keys as exportable” is selected, and also select “Export keys to file”. Then select a full path name to save the private key to under “Full path name:” The request format should be set to CMC. Select a Friendly name in the box provided. Once completed, click on the “Submit” button. If prompted whether or not you want to request a certificate now, click “Yes”. Ref.
PAGE 71
ARF45-PRO User Guide Figure 46 - When prompted to create a private key password, select “None”. Figure 47 Ref.
PAGE 72
ARF45-PRO User Guide - On the next page, make sure that “DER encoded” is selected, and click on “Download certificate”. Figure 48 Here are described below the steps to follow in order to generate the CA root certificate: - Open the Certificate Authority Program (assumes certificate authority is already setup). You can find the CA in Start Menu/Administrative Tools/Certificate Authority. Ref.
PAGE 73
ARF45-PRO User Guide Figure 49 - Right click on the CA and select “Properties”. Then click on “View Certificate”. Ref.
PAGE 74
ARF45-PRO User Guide Figure 50 - Click on the Details tab, and then the “Copy to File” button. Figure 51 Ref.
PAGE 75
ARF45-PRO User Guide - Click “Next” on the initial certificate export wizard window. Then select “DER encoded binary X.509 (.CER)” and click the “Next” button. Figure 52 - Select a file path to export to by clicking on the browse button, name the file and click save. Then click “Next”. Ref.
PAGE 76
ARF45-PRO User Guide Figure 53 - Now click Finish. You will see “The Export was successful.” Window and click OK. Then click OK twice more to exit all windows and close the CA program. Figure 54 Certificate conversion Then the second step consists in converting the certificates’s format onto a format that is supported by the ARF45-PRO, that is the PEM format. Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM.
PAGE 77
ARF45-PRO User Guide The user certificate as well as the CA certificate have been generated in the DER format. However the ARF45-PRO only supports for certificate in PEM format => thus a conversion has to be performed in order for the certificates to be uploaded onto the ARF45-PRO. For this purpose two utility tools are required: openssl and pvktool.
PAGE 78
ARF45-PRO User Guide Figure 55 User Certificate and private key: Under Upload Certificate set the paths where the converted PEM encoded certificate and private key are stored. Once complete, click on the Submit button to commit the changes. Ref.
PAGE 79
ARF45-PRO User Guide CA certificate: Under “Upload Authority Certificate”, select browse to the path where the converted PEM encoded certificate is stored and click “Submit”. Figure 56 Setting the security suite The last step consists in setting the security parameters on the ARF45-PRO side Login to the ARF45-PRO and go to the WLAN Profile page. Ref.
PAGE 80
ARF45-PRO User Guide Click on the existing profile you want to use for EAT-TLS security deployment or you can create a new profile dedicated to EAP-TLS deployment. Figure 57 Choose EAP-TLS from the drop down box for the IEEE 802.1X Configuration. Check the boxes for CCMP & TKIP for Encryption and click submit. If the profile is a newly created one, don’t forget to add it in the list of active profile in the network page: Ref.
PAGE 81
ARF45-PRO User Guide Figure 58 You are now ready to use your ARF45-PRO to authenticate to the RADIUS server and get access to your wireless network. PEAP based deployment There are several steps that have to be carried out in order to deploy the PEAP based security mode on the ARF45-PRO device. Ref.
PAGE 82
ARF45-PRO User Guide PEAP have been developed to avoid the requirement of certificates on the client side which makes deployment more cumbersome. So PEAP methods requires only one authority certificate to be installed on the ARF45-PRO so to be able to verify the Radius server’s certificate. All the steps (listed on the previous chapter) that apply to the EAP-TLS method also apply to the PEAP method.
PAGE 83
ARF45-PRO User Guide Figure 59 Ref.
PAGE 84
ARF45-PRO User Guide Roaming capability The ARF45-PRO provides roaming capability across WLAN networks. When WPA2 is enabled, pre-authentication enables smooth and automatic transition to an access point with a stronger signal. The roaming feature of the ARF45-PRO can be enabled from the Network-> Network 2-> configuration pages using the web-based method. Figure 60 Checking Enabled enables roaming to other Access Points with the same SSID. Ref.
PAGE 85
ARF45-PRO User Guide COM port redirector A COM Port Redirector (CPR) is application software that enables COM Portbased applications to communicate over a network to remote equipment. The main purpose is to enable the control of COM port-based equipment over an IP-based network. Com Port Redirector maps ‘virtual COM’ ports on a PC platform.
PAGE 86
ARF45-PRO User Guide Firmware Upgrade There exists several way for upgrading the firmware of the ARF45-PRO modem. In every case, the firmware is written into a RAM memory (as a zipped file) as it is being downloaded. Then once the download is completed the firmware is unzipped and written to flash memory=> so in case the download process does not run until completion (for instance: because of a failure on the radio link), there are no impact at all on the current firmware.
PAGE 87
ARF45-PRO User Guide Figure 62 Ref.
PAGE 88
ARF45-PRO User Guide Specifications RF Frequency range : Radiated RF power : Sensitivity : Range : Standards compliance : WIFI Network standard : Security : Radio data rate : Supported LAN Protocols : Modem interface Serial data rate : Serial ports : Flow control : Set-up and configuration : Mode : General information Power supply : Electric Power Operating temperature : Size : Packaging : 2.412 – 2.484 GHz + 15 dBm - 91 dBm @ 1 Mbps 200 m in open field EN 300-328 – EN301-489 802.11b; 802.