Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

Bluesocket BlueSecure Controller (BSC) FAQ

Updated 11/07/2011

20MB space error when attempting to upload AP firmware to the BSC

When attempting to upload AP firmware to the BSC under wireless>firmware the

following error may be received:

"Only 20MB of space is available for upload"

The BSC has 20 MB of space allocated for AP firmware. If the above error is received perform

the following:

1. Delete the previous version of AP firmware under wireless>firmware BEFORE attempting to

upload new AP firmware.

2. Delete any un-used firmware. For example the BSC software image includes BSAP-

1800v2/1840 and BSAP-1800v1 AP firmware. Perhaps you only have BSAP-15XXs. If so you

could delete the 18XX firmware to make room for the BSAP-15XX Firmware

3. If you have more than 2 BSAP model types you may be required to swap AP firmware as

needed when bringing up new BSAPs for the first time or alternatively configure the BSC to

store AP firmware on a TFTP server external to the BSC.

Apple Bonjour (Formerly Rendezvous) is unable to locate devices and services that are on

the sameBSC managed network as as each other.

Apple Bonjour (Formerly Renezvous) is Apple Inc.'s trade name for its implementation of

Zeroconf, a service discovery protocol. The software comes built into Apple's Mac OS X

operating system and iOS for iPhone, iPod touch, and iPad from version 10.2 onward, and can

be installed onto computers using Microsoft Windows operating systems. Bonjour is also used

by several application such as iTunes.

Bonjour locates devices such as printers, other computers, and the services that those devices

offer on a local network using broadcast, and multicast traffic. By default BlueSecure Access

Points (BSAPs) tunnel traffic back to the BlueSecure Controller (BSC) in EtherIP (IP Protocol

97). By default the BSC does not send broadcast and multicast traffic back out the EtherIP

tunnels therefore other clients will not see the traffic and not be able to locate devices and

Summary of content (31 pages)

PAGE 1
Bluesocket BlueSecure Controller (BSC) FAQ Updated 11/07/2011 20MB space error when attempting to upload AP firmware to the BSC When attempting to upload AP firmware to the BSC under wireless>firmware the following error may be received: "Only 20MB of space is available for upload" The BSC has 20 MB of space allocated for AP firmware. If the above error is received perform the following: 1. Delete the previous version of AP firmware under wireless>firmware BEFORE attempting to upload new AP firmware. 2.
PAGE 2
services. In order to send broadcast and multicast traffic back out the EtherIP tunnels the following routes must be added under network>routing table>create static route entry for the appropriate managed interface. Broadcast Traffic Route Destination 192.168.160.255 Route Gateway 255.255.255.255 Netmask 255.255.255.255 Interface Managed This above example assumes we are referring to the managed physical network and the subnet is 192.168.160.0/24.
PAGE 3
BSAP limits. Are the concurrent authenticated user and BSAP limits of the BSC hard limits or can they be over-subscribed? The concurrent authenticated user limits are hard limits. For example the BSC-600 supports 64 concurrent authenticated users. The 65th user will not be able to authenticate. The BSAP limits are not currently hard limits but may be enforced in future releases. If you over-subscribe the BSAP limit you will receive the following message in the web based administrative gui.
PAGE 4
where dy is day of week: 1-7 for Sunday through Saturday, mm is month: 1-12 for Jan through Dec dd is day of month: 1-31 and yyyy is year: 2000-2099 set time hh:mm:ss 4. Verify time and date with: show time 5. Push the restart button on the front of the box. 6. After the BSC restores log in to the web based administrative console and go to general>time. 7. Set the BSC to synchronize at boot time and configure a valid NTP server to prevent the issue from re-occurring.
PAGE 5
configured, as soon as traffic is received from a client on that interface, the BSC automatically puts the user in that role. 1. Go to Network>Managed. 2. If you have more than 1 managed interface click to edit the appropriate one that corresponds to the client. If you only have 1 managed interface configured the properties of that interface will be displayed. 3. Click the interface tab if not already selected. 4. Scroll down to the default role. 5. Select un-registered.
PAGE 6
Protocol (HSRP) with virtual IP addresses. Do I need an additional power supply to enable POE on the managed interface ports of the BSC-600/1200? I have enabled Power Over Ethernet (PoE) on each of the 4 managed interface ports of my BSC600/1200 but the 802.3af compliant access points connected will not power up.
PAGE 7
tagging is performed inside the tunnel and not exposed to the switch. If you are using BlueSecure access points you are not required to put the BSAPs or the BSC's managed interface on trunk ports. They can be placed on access ports. This may be referred to as untagged ports on some switches. The exception to this is the BSAP-1600. BSAP-1600s do not support EtherIP tunneling.
PAGE 8
tagged e11,e12 This example assumes the BSC's Protected interface is plugged into switchport e10, Managed interface into e11, and 3rd Party AP into e12. ***Notice the protected physical and managed physical interfaces are untagged and the managed vlan interfaces are tagged. The physical interfaces of the BSC cannot send or receive dot1q tags, only the vlan interfaces can.
PAGE 9
How do I reset the password of the default administrator user name (admin) of the BSC? Connect to the serial console port using a 9 pin null modem serial cable and a terminal emulation program (9600, 8, none, 1, none). The serial console password is wg1000s. Choose option "a" for admin password recovery. The password of the default administrator username (admin) will be defaulted to blue.
PAGE 10
ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh 0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9 BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8z
PAGE 11
2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcml z aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIA Yb4 RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHRE
PAGE 12
The BSC polls the BSAPs for the information displayed under Status>Active Connections>APs based on the "Time in minutes between checking APs" setting under wireless>AP. By default this is set to 10 minutes so the BSAPs will be polled every 10 minutes for this information. Adjust to 1 minute. I am setting up Internal 802.1x Authentication on the BSC. The BSC is configured to proxy to RADIUS.
PAGE 13
interface IP address or DNS name. 3rd Party access points however do not tunnel RADIUS request to the BSC and therefore you are required to configure a RADIUS client in the RADIUS server for every single 3rd Party AP. Alternatively configure a RADIUS client in the RADIUS server for the 3rd Party APs with an IP range. I am trying to renew my ssl certificate on the BSC but I do not see an option to generate a CSR on the weblogins>ssl>renewal tab.
PAGE 14
When two client computers try to use the server message block (SMB) protocol to connect to the same server across a network address translation (NAT) device, the more recent client connection may reset the earlier client connection. If a client and a server that use the SMB protocol over a NAT device are copying files, that session may be reset when another client uses the SMB protocol over the same NAT device to the same server.
PAGE 15
Redirect to hostname requires both an A record (forward) and PTR record (reverse) in your organizations DNS server for the BSC's Fully Qualified Domain Name (FQDN) and the protected interface IP address. The FQDN entered in your DNS server must match the common name (FQDN) you used when generating the CSR. Check to make sure you have BOTH these records in your organizations DNS server. If redirect to hostname is enabled and not functioning it is likely you are missing the PTR.
PAGE 16
I upgraded from one BSC to another for example a BSC-5000 to a BSC-5200. Can I restore the configuration from the BSC-5000 to the BSC-5200? Yes. On the BSC-5000 for example go to maintenance>configuration backup/restore and backup your configuration. Then on the BSC-5200 for example go to maintenance>configuration>backup/restore and restore the configuration that you previously backed up from the BSC-5000.
PAGE 17
Requirements Ensure that you meet these requirements before you attempt this process: -Basic knowledge of how to use a terminal emulation application such as Microsoft HyperTerminal. - Physical access to the BSC's serial console port. -A nine pin null-modem serial cable. -A laptop running a terminal emulation application such as Microsoft HyperTerminal. Components Used The information in this document is based on these hardware and software versions: - BSC-2100/2200/3200/5200 running any software image.
PAGE 18
The second line of the boot interrupt indicates the two partitions. The first in list is the ACTIVE partition. The second in list is the ALTERNATE partition. 3. At the boot: prompt type hda5 or hda6 and then press enter. You want to choose the second in the list for the alternate partition. 4. If you can successfully boot to the alternate partition you can then perform an upgrade. The upgrade is applied to the alternate partition so it will repair the original partition.
PAGE 19
-Physical access to the BSC's serial console port. -A nine pin null-modem serial cable. -A laptop running a terminal emulation application such as Microsoft HyperTerminal. Components Used The information in this document is based on these hardware and software versions: -BSC-600/1200 running any software image. -A laptop running a terminal emulation application such as Microsoft HyperTerminal. In summary we will access the BSC via the serial console port.
PAGE 20
a key bit length of 1024 or 2048 when generating a CSR. No redirect to the BSC's login page with Windows 7 clients Allow HTTP outgoing to the OCSP and CRL urls of your SSL certificate in the unregistered role. The default behavior of many of the browsers today for example Windows 7 with IE8 is if it cannot check the validity of the SSL certificate it considers it invalid.
PAGE 21
BSAP-18XX -In the web based administrative console of the BSC go to Wireless>AP. The serial number is located in the serial number column. If the serial number column is not displayed it may be necessary to scroll to the right to click customize to add the serial number column. -In the web based administrative console of the vWLAN go to Provision>Wireless>AP. The serial number is located in the serial number column.
PAGE 22
Backup/Restore>Show_Tech Obtaining Software/Firmware and Patch versions of BSC, BSAP, BVMS, and vWLAN BSC Software -In the web based administrative console Go to Maintenance>Upgrade and look for Current Version BSC Patches -In the web based administrative console go to Maintenance>Patch. Under Installed patches you will find a list of patches installed. BVMS Software -In the web based administrative console go to BlueView>upgrade. Under Current Partition Information look for the version.
PAGE 23
4. Upload your ap firmware. 5. Now change go back and change the web server hold time back to 10. It is important the web server hold time is set to 10 during normal operation. Slow or no redirect to the BSC's login page and slow or no access to the BSC's web based administration console Adjust the seconds a client is allowed to hold the web server under general>http from a default value of 300 to 10.
PAGE 24
This BSC is not associated to a wireless regulatory domain error message I am receiving the following error: "This BSC is not associated to a wireless regulatory domain. Click here to go to the AP setup to enter the authorization code". All radios are disabled. What is this code for and where can I obtain it? Based on United States FCC and European DFS and ETSI regulations, Bluesocket now requires customers to validate the country that Bluesocket Access Points are being operated in.
PAGE 25
3. Allow HTTP outgoing to the OCSP and CRL urls of your SSL certificate in the un-registered role. The default behavior of many of the browsers today for example Windows 7 with IE8 is if it cannot check the validity of the SSL certificate it considers it invalid. The unfortunate thing is the browser does not display a message or anything to indicate it could not validate the certificate it simply just doesn't display a page or displays a generic page cannot be displayed message.
PAGE 26
the EtherIP tunnels therefore other clients will not see the traffic and not be able to see file and printer shares. In order to send broadcast traffic back out the EtherIP tunnels the following routes must be added under network>routing table>create static route entry for the appropriate managed interface. Broadcast Traffic Route Destination 192.168.160.255 Route Gateway 255.255.255.255 Netmask 255.255.255.
PAGE 27
Users that are inactive or have gone out of wireless range for some period of time are getting dropped from active connections of the BSC and have to re-authenticate. An example would be a device that has gone into sleep mode or an employee who has taken their laptop with them outside of the wireless coverage area for a lunch meeting. You can adjust the "Time in seconds before idle connections are timed out" under general>misc>connection tracking. The default is 600 seconds (10 minutes).
PAGE 28
What is the difference between Transparent 802.1x and Internal 802.1x authentication on the BSC? Transparent 802.1x -Supports the following EAP types. -EAP-TLS -TTLS -PEAP -Cisco-LEAP -MD5 -Supports machine authentication. -Required to apply group policy, run login scripts, and allow logins by non-cached domain users. -Access points send RADIUS requests to RADIUS server. -Requires certificate installed on RADIUS server. Internal 802.1x -Supports the following EAP types.
PAGE 29
192.168.160.1/24 DHCP Server enabled Admin 10.1.1.
PAGE 30
-Pubcookie What will cause a primary BSC to failover to a standby BSC? 1. Losing link status on either the protected, managed, or failover interfaces 2. Losing power either abruptly or with a graceful shutdown 3. Internal crash due to a software failure 4. Exceeding preset thresholds -High Average CPU/Memory Utilization -Hard Disk Usage Preset thresholds are configured in the web based administrative console under General>thresholds.
PAGE 31
If you refresh the screen a few moments later do you still receive the error? In releases prior to 6.5 the BSC could potentially start the web server before reading the license file. You could therefore access the web based administrative console because the web server had started but you would receive a license file required error because the license file had not yet been read. Wait a few moments, once the license file is read you will no longer receive the error.