IEEE 802.11g Wireless Dual-Radio Bridge-AP User’s Guide Version: 1.
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiated radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
R&TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999/5/CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal equipment and the mutual recognition of their conformity (R&TTE). The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) as of April 8,2000.
Table of Contents 1. Introduction ......................................................................................................................... 1 1.1. Overview................................................................................................................... 1 1.2. Features.................................................................................................................... 1 1.3. LED Definitions ......................................................................
3.6.1. Packet Filters................................................................................................ 37 3.6.1.1. Ethernet Type Filters .......................................................................... 37 3.6.1.2. IP Protocol Filters ............................................................................... 37 3.6.1.3. TCP/UDP Port Filters ......................................................................... 38 3.6.2. Management..............................................
1. Introduction 1.1. Overview The wireless Dual-Radio Bridge-AP (DRBAP for short) is a multifunction device that has two independently configurable IEEE 802.11g interfaces. Each IEEE 802.11g interface can be configured either as an AP (Access Point) interface or a LAN-to-LAN bridge interface. An AP interface enables wireless clients to associate with this device for IEEE 802.11 infrastructure applications and the wireless clients can be authenticated by IEEE 802.1x/RADIUS.
functionality is disabled, a client computer cannot connect to the AP interface with an "any" SSID; the correct SSID has to be specified on client computers. MAC-address-based access control. Blocking unauthorized wireless client computers based on MAC (Media Access Control) addresses. The ACL (Access Control List) can be downloaded from a TFTP server. WPA (Wi-Fi Protected Access). The AP interface supports the WPA standard proposed by the Wi-Fi Alliance (http://www.wi-fi.org).
bridge links can be protected by WEP encryption for better security. Transmit power control. Transmit power of the DRBAP’s RF modules can be adjusted to change RF coverage of the DRBAP. Detachable antennas. The factory-mounted antennas can be replaced with high-gain antennas for different purposes. DHCP client. The DRBAP can automatically obtain an IP address from a DHCP server. DHCP server.
Remote log by SNMP trap. Systems events are sent in the form of SNMP traps to a remote SNMP management server. Power over Ethernet (optional). Supplying power to a DRBAP over an Ethernet cable using PowerDsine (http://www.powerdsine.com) technology (IEEE 802.3af compliant in the future). This feature facilitates large-scale wireless LAN deployment. Hardware Watchdog Timer. If the firmware gets stuck in an invalid state, the hardware watchdog timer will detect this situation and restart the DRBAP.
2. First-Time Installation and Configuration 2.1. Selecting a Power Supply Method Optionally, the DRBAP can be powered by the supplied power adapter or POE (Power over Ethernet). The DRBAP automatically selects the suitable one depending on your decision. To power the DRBAP by the supplied power adapter: 1. Plug the power adapter to an AC socket. 2. Plug the connector of the power adapter to the power jack of the DRBAP.
Fig. 1. Mounting the DRBAP on a wall. 2.3. Preparing for Configuration For you to configure a DRBAP, a managing computer with a Web browser is needed. For first-time configuration of a DRBAP, an Ethernet network interface card (NIC) should have been installed in the managing computer. For maintenance-configuration of a deployed DRBAP, either a wireless computer (if the DRBAP is configured to act as an AP Repeater or Dual AP) or a wired computer can be employed as the managing computer.
Cross-over Ethernet cable Normal Ethernet cable Managing Computer Normal Ethernet cable Ethernet Hub/Switch Managed DRBAP Fig. 2. Connecting a managing computer and a DRBAP via Ethernet. You can use either a cross-over Ethernet cable (included in the package) or a switch/hub with 2 normal Ethernet cables. NOTE: One connector of the Ethernet cable must be plugged into the LAN/CONFIG Ethernet jack of the DRBAP for configuration. 2.3.2.
right to access the Web-based Network Manager. For first-time configuration, use the default user name “root” and default password “root”, respectively. Fig. 3. Entering the user name and password. NOTE: It is strongly recommended that the password be changed to other value for security reasons. On the start page, click the General, Password link to change the value of the password (see Section 3.3.1 for more information).
2.4.2. Step 1: Selecting an Operational Mode Fig. 5. Operational modes. Go to the General, Operational Mode section to select an operational mode for the DRBAP. There are 3 operational modes—Bridge Repeater, AP Repeater, and Dual AP. Bridge Repeater. In this mode, both WLAN interfaces are configured as LAN-to-LAN bridge interfaces. A bridge repeater forwards packets between two wireless LAN-to-LAN bridges.
handle twice the number of wireless clients than a normal AP. It can be treated as “two APs in a box.” LAN IEEE 802.11b Channel 1 IEEE 802.11b Channel 6 Dual AP Notebook Computer Fig. 8. Dual AP mode. The following table shows the type of each WLAN interface for each operational mode. WLAN 1 Interface Type WLAN 2 Interface Type LAN-to-LAN Bridge LAN-to-LAN Bridge AP Repeater AP LAN-to-LAN Bridge Dual AP AP AP Bridge Repeater 2.4.3. Step 2: Configuring TCP/IP Settings Fig. 9.
2.4.4. Step 3: Configuring IEEE 802.11 Settings Go to the IEEE 802.11, Communication section to configure IEEE 802.11g-related communication settings, including Regulatory Domain, Channel Number, Network Name (SSID), and Bridge Links, for both WLAN interfaces, depending on their interface types. No matter the type of a WLAN interface is AP or LAN-to-LAN bridge, Regulatory Domain, Channel Number, and Network Name have to be configured.
Fig. 12. Sample wireless bridge network topology. WARNING: Don’t let your network topology consisting of wireless DRBAPs, wireless bridges, Ethernet switches, Ethernet links, and WDS links contains loops. If any loops exist, packets will circle around the loops and network performance will be seriously degraded. Fig. 13. Network topology containing a loop. TIP: You can check whether the WDS links of the DRBAP are functioning by using Wireless Network Manager.
Fig. 14. Link health monitoring. Run Wireless Network Manager on a computer and locate the DRBAP you want to manage. Go to the WDS tab, and then click Test. The test results (OK or Broken) will be shown in the Link Status column of the WDS links table. 2.4.5. Step 4: Reviewing and Applying Settings Fig. 15. Settings changes are highlighted in red. On the start page, you can review all the settings you have made. Changes are highlighted in red.
2.5. Deploying the DRBAP After the settings have been configured, deploy the DRBAP to the field application environment. Connect the DRBAP to a LAN segment through an Ethernet switch/hub. If external high-gain directional antennas are used for LAN-to-LAN bridge interfaces, it’s difficult to adjust alignments of the antennas when distance between the DRBAP and its peer bridge is long. To adjust the alignments of directional antennas: 1. Connect each device to a computer via Ethernet. 2.
Fig. 17. Antenna alignment assistance. Instead of using PING.exe, you can run Wireless Network Manager on Computer 1, and go to the Antenna Alignment tab. Click Start to begin monitoring the WDS link quality. Adjust the alignment of the antenna of DRBAP as Bridge 1 until the Link quality indicator shows a relatively maximal value. Finally, click Stop to stop monitoring WDS link quality.
3. Using Web-Based Network Manager In this chapter, we’ll explain each Web management page of the Web-based Network Manager. 3.1. Overview Fig. 18. The Start page. 3.1.1. Menu Structure The left side of the start page contains a menu for you to carry out commands. Here is a brief description of the hyperlinks in the menu: Home. For going back to the start page. Status. Status information. Wireless Clients. The status of the wireless clients currently associated with the DRBAP. DHCP Mappings.
Password. For gaining rights to change the settings of the DRBAP. Firmware Tools. For upgrading the firmware of the DRBAP, backing up and restoring configuration, and configuration reset settings of the DRBAP. TCP/IP. TCP/IP-related settings. Addressing. IP address settings for the DRBAP to work with TCP/IP. DHCP Server. Settings for the DHCP (Dynamic Host Configuration Protocol) server on the DRBAP. IEEE 802.11. IEEE 802.11g-related settings. Communications. Basic settings for the IEEE 802.
Fig. 20. Settings have been changed. 3.1.3. Home and Refresh Commands Fig. 21. Home and Refresh. At the bottom of each status page that shows read-only information, there are two buttons—Home and Refresh. Clicking Home brings you back to the start page. Clicking Refresh updates the shown status information. 3.2. Viewing Status 3.2.1. Associated Wireless Clients Fig. 22. Status of associated wireless clients.
3.2.2. Current DHCP Mappings Fig. 23. Current DHCP mappings. On this page, all the current static or dynamic DHCP mappings are shown. A DHCP mapping is a correspondence relationship between an IP address assigned by the DHCP server and a computer or device that obtains the IP address. A computer or device that acts as a DHCP client is identified by its MAC address. A static mapping indicates that the DHCP client always obtains the specified IP address from the DHCP server.
3.3. General Operations 3.3.1. Specifying Operational Mode Fig. 25. Operational modes. On this page, you can specify the operational mode for the DRBAP. There are 3 modes: Bridge Repeater. In this mode, both WLAN interfaces are configured as LAN-to-LAN bridge interfaces. A bridge repeater forwards packets between two wireless LAN-to-LAN bridges. It’s possible to use multiple bridge repeaters between two LAN-to-LAN bridges if the distance is very long.
Notebook Computer LAN WDS Link Wireless Bridge AP Repeater Fig. 27. AP Repeater mode. Dual AP. In this mode, both WLAN interfaces are configured as AP interfaces. The dual AP can handle twice the number of wireless clients than a normal AP. It can be treated as “two APs in a box.” LAN IEEE 802.11b Channel 1 Dual AP IEEE 802.11b Channel 6 Notebook Computer Fig. 28. Dual AP mode. TIP: After you have selected the operational mode of the DRBAP, go to the IEEE 802.
On this page, you could change the password for the right to modify the configuration of the DRBAP. The new password must be typed twice for confirmation. 3.3.3. Managing Firmware Fig. 30. Firmware management protocol setting. Firmware management operations for the DRBAP include firmware upgrade, configuration backup, configuration restore, and configuration reset. Firmware upgrade, configuration backup, and configuration restore can be achieved via HTTP or TFTP.
“000102334455.hex”. Don’t change the configuration file name in the Save As dialog box. Select a folder in which the configuration file is to be stored. And then, click Save. NOTE: The procedure may be a little different with different Web browsers. Fig. 33. Configuration restore by HTTP. To restore configuration of the DRBAP by HTTP: 1. Click Browse and then select a correct configuration .hex file. You have to make sure the file name is the DRBAP’s MAC address.
4. On the computer, run the TFTP Server utility. And specify the folder in which the firmware files reside. 5. On the computer, run a Web browser and click the General, Firmware Tools hyperlink. 6. Choose TFTP as the Firmware management protocol. 7. Specify the IP address of the computer, which acts as a TFTP server. If you don’t know the IP address of the computer, open a Command Prompt, and type IpConfig, then press the Enter key. 8. Trigger the firmware upgrade process by clicking Upgrade. Fig.
the Timeout and Max no. of retries settings of TFTP Server for remote TFTP upgrade to succeed. 3.3.3.4. Backing up and Restoring Configuration Settings by TFTP Fig. 37. Configuration backup/restore. To back up configuration of the DRBAP by TFTP: 1. Get a computer that will be used as a TFTP server and as a managing computer to trigger the backup process. 2. Connect the computer and one of the LAN Ethernet switch port with a normal Ethernet cable. 3.
6. Choose TFTP as the Firmware management protocol. 7. Within the Configuration Backup/Restore section, specify the IP address of the computer, which acts as a TFTP server. If you don’t know the IP address of the computer, open a Command Prompt, and type IpConfig, then press the Enter key. 8. Trigger the restoring process by clicking Restore. The DRBAP will then download the configuration backup file from the TFTP server. NOTE: Make sure the file is a valid configuration backup file for the DRBAP.
3.4.2. DHCP Server 3.4.2.1. Basic Fig. 40. Basic DHCP server settings. The DRBAP can automatically assign IP addresses to client computers by DHCP. In this section of the management page, you can specify the Default gateway, Subnet mask, Primary DNS server, and Secondary DNS server settings that will be sent to a client at its request. Additionally, you can specify the first IP address that will be assigned to the clients and the number of allocateable IP addresses.
signed the same IP address. To always assign a static IP address to a specific DHCP client: 1. Specify the MAC address of the DHCP client and the IP address to be assigned to it. Then, give a description for this mapping. 2. Select the corresponding Enabled check box. 3.5. Configuring IEEE 802.11g-Related Settings 3.5.1. Communication An AP interface needs the Basic communication settings, and a LAN-to-LAN bridge interface needs the Basic communication settings and the Bridge Links settings. 3.5.1.1.
Fig. 43. Bridge links settings. To enable a WDS link: 1. Specify the MAC address of the bridge at the other end of the WDS link. 2. Select the corresponding Enabled check box. For example, assume you want a DRBAP with MAC addresses 00-02-65-01-62-C5 and a wireless bridge/AP with MAC address 00-02-65-01-62-C6 to establish a WDS link between them.
Fig. 45. Link health monitoring. Run Wireless Network Manager on a computer and locate the bridge you want to manage. Go to the WDS tab, and then click Test. The test results (OK or Broken) will be shown in the Link Status column of the WDS links table. 3.5.1.3. Link Integrity Fig. 46. Link integrity settings.
3.5.1.5. AP Load Balancing Fig. 48. AP load balancing settings. Several APs can form a load-balancing group if they are set with the same Group ID. The load-balancing policy can be by Number of Users or by Traffic Load. If the by-number-of-users policy is selected, a new wireless user can only associate with an AP that has the smallest number of associated wireless users in the group.
DRBAP as an AP cannot see each other, and wireless-to-wireless traffic between the STAs is blocked. When the setting is set to All APs in This Subnet, traffic among wireless users of different APs in the same IP subnet is blocked. The behaviors are illustrated in the following figures. STA 1 STA 3 STA 2 AP 1 AP 2 WCI: This AP Only WCI: This AP Only Switch Wireless Link Ethernet Link Fig. 50. Behavior of the “This AP Only” wireless client isolation option.
Static WEP. WEP (Wired Equivalent Privacy) keys must be manually configured. Static TKIP (WPA-PSK). Only TKIP (Temporal Key Integrity Protocol) mechanism of WPA (Wi-Fi Protected Access) is enabled. In this mode, you have to specify the Pre-shared key, which will be used by the TKIP engine as a master key to generate keys that actually encrypt outgoing packets and decrypt incoming packets. NOTE: The number of characters of the Pre-shared key setting must be at least 8 and can be up to 63. IEEE 802.
1. Select Enabled from the Functionality drop-down list. 2. Set the Access control type to exclusive. 3. Specify the MAC address of a wireless client to be denied access, and then click Add. 4. Repeat Steps 3 for other wireless clients. To grant wireless clients’ access to the wireless network: 1. Select Enabled from the Functionality drop-down list. 2. Set the Access control type to inclusive. 3. Specify the MAC address of a wireless client to be denied access, and then click Add. 4.
2. Specify the name of the MAC ACL file on the TFTP server in the MAC ACL file name text box. 3. Click Download. 3.5.2.2. LAN-to-LAN Bridge Interface Fig. 55. IEEE 802.11g security settings for a LAN-to-LAN bridge interface. Data transmitted over the bridge links can be encrypted by WEP (Wired Equivalent Privacy). Therefore, there are 3 security modes: Open System. No data encryption. Static WEP. WEP (Wired Equivalent Privacy) keys must be manually configured.
wireless client computer and its associated wireless access point. To sum up, EAP-MD5 supports only user authentication, while EAP-TLS supports user authentication as well as dynamic encryption key distribution. IEEE 802.1x-Compliant Wireless Client Wireless AP user authentication Internet Wireless AP user authentication RADIUS Server User Database Fig. 56. IEEE 802.1x and RADIUS. A wireless access point supporting IEEE 802.1x can be configured to communicate with two RADIUS servers.
mation about deploying secure WLANs with IEEE 802.1x support. 3.6. Configuring Advanced Settings 3.6.1. Packet Filters The DRBAP provides layer 2 (Ethernet Type Filters), layer 3 (IP Protocol Filters), and layer 4 (TCP/UDP Port Filters) filtering capabilities. The configuration processes for the filters are similar. Functionality: whether this filtering capability is enabled or disabled. Policy for matched packets: how a matched packet is processed—discard or pass.
The protocol, source address, and destination address fields of a packet incoming from the WLAN or Ethernet interface is inspected for filtering. In a rule, specify the hex-decimal protocol number, source IP address range (Source IP Address AND Source Subnet Mask), and destination IP address range (Destination IP Address AND Destination Subnet Mask).
3.6.2.2. System Log Fig. 62. System log settings. System events can be logged to the on-board RAM of the DRBAP (Local log) or sent to a remote computer on which an SNMP trap monitor program runs (Remote log by SNMP trap). See the next subsection for more information about SNMP trap settings. The system events are divided into the following categories: General: system and network connectivity status changes. Built-in AP: wireless client association and WEP authentication status changes.
1. Type the IP address of the target host. 2. Type the Community for the host. 3. Select the corresponding check box next to the IP address text box.
Appendix A: Default Settings TIP: Press the SF-Reset switch on the housing of a powered-on DRBAP to reset the configuration settings to factory-default values. Setting Name Default Value Global User Name root Password root Operational Mode AP Repeater IEEE 802.11g Regulatory Domain FCC (U.S.
Appendix B: Troubleshooting Check the following first: Make sure that the power of the DRBAP is on and the Ethernet cables are connected firmly to the RJ-45 jacks of the DRBAP. Make sure that the LED ALV of the DRBAP is blinking to indicate the DRBAP is working. Make sure the types of the Ethernet cables are correct. Recall that there are two types—normal and crossover. The DRBAP has been set to obtain an IP address automatically by DHCP.
Contact our technical support representatives for repair.
Appendix C: Additional Information C-1: Firmware Upgrade Using Xmodem Upgrade Fig. 65. Xmodem Upgrade. To upgrade the firmware of DRBAP using Xmodem Upgrade over RS232: 1. Power off the DRBAP whose firmware will be upgraded. 2. Connect the managing PC and the DRBAP with an RS232 Null Modem cable. 3. Select the serial port (COM1 or COM2) you use for connecting the device from the Serial port drop-down list and click Connect. 4. Chose the folder in which the firmware files reside by click Browse. 5.
