LevelOne WAB-1000 Outdoor Access Point/Bridge User Guide
Copyright © 2004 All rights reserved. No part of this documentation may be reproduced in any form or by any means or to make any derivative work (such as translation, transformation, or adaptation) without written permission from the manufacturer. The manufacturer reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of the manufacturer to provide notification of such revision or change.
Table of Contents Chapter 1: Introduction............................................................................................................ 1 Basic Features...................................................................................................................... 1 Wireless Basics.................................................................................................................... 2 802.11b ...................................................................................
General .......................................................................................................................... 18 Encryption ..................................................................................................................... 21 WEP Encryption ........................................................................................................ 21 WPA Encryption........................................................................................................
Chapter 5: Technical Support ................................................................................................ 51 Manufacturer’s Statement.................................................................................................. 51 Radio Frequency Interference Requirements .................................................................... 51 Channel Separation and WLAN Cards.............................................................................. 51 Glossary ...................
Chapter 1: Introduction This manual covers the installation and operation of Level One’s WAB-1000 Outdoor Access Point. The WAB-1000 is a ruggedized access point/ bridge, which is intended for use in industrial and external environments. It accommodates both 802.11b WLAN and 802.11g WLAN access and uses Power over Ethernet (PoE) access to the Ethernet WAN to eliminate the need for internal access point power supply units (AC-DC converters) and 110-220V cabling installations.
to reset to factory settings, use the reset function available through the web-screen management module, or keep pressing the reset button located at the bottom of the device for 5 seconds. It has the following features: • Ethernet uplink WAN port • Local Ethernet LAN port (for configuration only) • Wireless (802.
02.11b The IEEE 802.11b standard, developed by the Wireless Ethernet Compatibility Alliance WECA) and ratified by IEEE, establishes a stable standard for compatibility. A user with an 802.11b product can use any brand of access point with any other brand of client hardware that is built to the 802.11b standard for basic interconnection. 802.11b devices provide 11 Mbps transmission in the 2.4 GHz band.
configured on the same subnetwork as the wired network interface and can be accessed by devices on the wired network. Possible AP Topologies 1. An access point can be used as a single AP without any connection to a wired network. In this configuration, it simply provides a stand-alone wireless network for a group of wireless devices. 2. The WAB-1000 can be used as one of a number of APs connected to an existing Ethernet network to bridge between the wired and wireless environments.
Bridging A wireless bridge is an access point configured to allow wireless communication from access point to access point. The wireless bridging function in the WAB-1000 allows use as a wireless bridge, in a number of alternate configurations, including the following popular configurations: • Point-to-point bridging of 2 Ethernet Links; • Point-to-multipoint bridging of several Ethernet links; • Repeater mode (wireless client to wireless bridge.
SSID The Service Set ID (SSID) is a string used to define a common roaming domain among multiple wireless access points. Different SSIDs on access points can enable overlapping wireless networks. The SSID can act as a basic password without which the client cannot connect to the network. However, this is easily overridden by allowing the wireless AP to broadcast the SSID, which means any client can associate with the AP.
3DES is modeled on the older DES standard but encrypts data three times over. 3DES uses more CPU resources than AES because of the triple encryption. MAC Address Authentication The MAC address, short for Media Access Control address, is a hardware address that uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC) layer of the OSI Reference Model is divided into two sub-layers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer.
Management After initial setup, maintenance of the system and programming of security functions are performed by personnel trained in the procedure using the embedded web-based management screens. The next chapter covers the basic procedure for setting up the hardware.
Chapter 2: Hardware installation Preparation for use The Level One WAB-1000 Outdoor Access Point requires physical mounting and installation on the site, following a prescribed placement design to ensure optimum operation and roaming. The determination and planning of the wireless network solution should have been determined by a wireless LAN site survey team prior to purchase. This is not part of the scope of this user’s guide.
Installation Instructions The WAB-1000 intended to be installed as part of a complete wireless design solution. This manual deals only and specifically with the single WAB-1000 device as a unit. The purpose of this chapter is the description of the device and its identifiable parts so that the user is sufficiently familiar to interact with the physical unit. Preliminary setup information provided below is intended for information and instruction of the wireless LAN system administration personnel.
The WAN port is used to connect the WAB-1000 to the organization’s LAN. The Ethernet cable is run from the WAB-1000 WAN port to the power injector which is then connected to a power source and the wired LAN. A second (LAN Port) Ethernet connector is designed for use during initial configuration only. This uses an RJ45 cable to connect the WAB-1000 to a laptop. The reset button is for set the WAB-1000 to the factory default.
Sealing Antenna Connections Once all antennas have been installed, the connection should be sealed to protect them in an exterior harsh environment using a self amalgamating polyisobutylene tape which, over a period of hours, adheres to itself and forms a single amalgamated rubber molding conforming to the shape of the item it is covering. Be sure that it is completely dry when applied. If you need to uninstall it after it has sealed for 30 minutes or more, cut it away with a sharp knife.
Chapter 3: Configure the WAB-1000 for use as an access point Introduction The WAB-1000 Gateway comes with the capability to be configured as an access point. It can be further configured for Bridging. This is discussed in Chapter 4. Configured as an access point, it allows one LAN to freely exchange data with another LAN without restriction. In the case of the WAB-1000, it allows the configuration of a WLAN and wireless connection to the LAN.
Initial setup using the “Local” port Plug one end of an RJ-45 Ethernet cable to the LAN port of the WAB-1000 (see page 11) and the other end to an Ethernet port on your laptop. This LAN port in the WAB-1000 connects you to the device’s internal DHCP server, which will dynamically assign an IP address to your laptop so you can access the device for reconfiguration.
NOTE: You will be asked for your user name and password. The default is "crypto" with the password "officer" to give full access for setup configuration. (This password is casesensitive.) System Configuration General You will immediately be directed to the System Configuration—General page for the WAB-1000 access point. This screen lists the firmware version number for your WAB-1000 and allows you to set the Host Name and Domain Name as well as establish system date and time.
Go next to the System Configuration—WAN page. WAN Click the entry on the left hand navigation panel for System Configuration-WAN. This directs you to the System Configuration – WAN page.
If not using DHCP to get an IP address, input the information that the access point requires in order to allow the wireless devices it controls access to the wired LAN. This will be the IP address, Subnet Mask, Default Gateway, and, where needed, DNS 1 and 2. Click Apply to accept changes. LAN This sets up the default numbers for the four octets for a possible private LAN function for the access point. It also allows changing the default numbers for the LAN Subnet Mask.
Wireless Setup General Wireless Setup allows your computer’s PC card to talk to the access point. Once you have completed wireless configuration, you can complete the rest of the configuration wirelessly if you wish, assuming that you have installed and configured a wireless PC card on your computer. (If you have not done so, you will have to do that to establish communications. Follow the manufacturer's instructions to set up the PC card on each wireless device that will be part of the WLAN.
will accommodate legacy systems. The 802.11g improves the wireless power but limits use to those WLANs that have only 802.11g clients. The 802.11 b/g mixed allows you to use both 802.11b and 802.11g clients but limits power to that of the 802.11b band. You can assign a channel number to the AP (if necessary) and modify the Tx Pwr Mode. The Channel Number is a means of assigning frequencies to a series of access points, when many are used in the same WLAN, to minimize interference.
If you click on the button Select the optimal channel, a popup screen will display the choices. This action does not select the channel for you but shows you what will most probably be the channel selected if you leave the following dropdown menu at Yes. Tx Pwr Mode and Fixed Pwr Level: The Tx Power Mode defaults to Auto, giving the largest range of radio transmission available under normal conditions.
All Rates The rate at which all data frames will be transmitted. 1 Mbps 2 Mbps 5.5 Mbps 6 Mbps 11 Mbps 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps Preamble Short/Long Preamble Specifies whether frames are transmitted with the Short or Long Preamble Broadcast SSID Enabled/disabled When disabled, the AP hides the SSID in outgoing beacon frames and stations cannot obtain the SSID through passive scanning.
deployed on client stations and access points. But the use of WEP encryption provides some measure of security. In WEP, you can set the Authentication Type for Open System, Shared Key, or Open/Shared. Select 64-bit, 128-bit or 152-bit encryption and enter the WEP key or keys as appropriate.
Radius Server, and either AES-CCMP encryption standard, or TKIP, whichever is most suitable for your system. If you are a SOHO user, selecting pre-shared key means that you don’t have the expense of installing a Radius Server. Simply input up to 63 character/numeric/hexadecimals in the Passphrase field. If your clients use WPA-TKIP, select TKIP as encryption type. If your clients use WPA-AES, select AES-CCMP. For highest security, select the lowest re-keying interval.
MAC Address Filtering The factory default for MAC Address filtering is disabled. If you enable MAC Address filtering, you should also set the toggle for Filter Type. This works as follows: • If Filtering is enabled and Filter Type is Allow Access, only those devices equipped with the authorized MAC addresses will be able to communicate with the access point. In this case, input the MAC addresses of all the PC cards that will be authorized to access this access point.
Bridging and Bridging Encryption Bridging is covered in Chapter Four. If you will be deploying this WAB-1000 as a bridge, follow the instructions in Chapter Four. The Bridging and Bridging Encryption screens are shown below for reference. See Chapter Four for details about bridging.
See Chapter Four for details about bridging. Rogue AP Detection The Rogue AP Detection page allows the network administrator to set up rogue AP detection. If you enable rogue AP detection, also enter the MAC address of each AP in the network that you want the AP being configured to accept as a trusted AP. (You may add up to 20 APs.) Enter an email address for notification of any rogue or non-trusted APs. (The MAC address for the WAB-1000 is located on the Wireless Configuration—General page.
Advanced The Advanced page allows you to enable or disable load balancing. Load balancing is enabled by default. Load balancing distributes traffic efficiently among network servers so that no individual server is overburdened. For example, the load balancing feature balances the wireless clients between APs. If two APs with similar settings are in a conference room, depending on the location of the APs, all wireless clients could potentially associate with the same AP, leaving the other AP unused.
Services Settings DHCP Server This page allows configuration of the DHCP server function accessible from the Local LAN port for internal management of the WAB-1000. The default factory setting for the DHCP server function is enabled. You can disable the DHCP server function, if you wish. You can also set the range of addresses to be assigned. The DHCP server function, accessible only from the LAN port, is used for initial configuration of the management functions.
The Windows Internet Naming Service, (WINS) server, is used for name resolution. It is similar in function to DNS. It allows you to search for resources by computer name instead of IP address. This software release has added the field: Lease period for the DHCP server function. The lease times you can select are: 1 hour, 2 hours, 1 day, 2 days, or 1 week. SNMP Agent The SNMP agent setup page allows you to set up an SNMP agent.
User Management List All Users The List All Users page simply lists all administrator accounts configured for the unit.
Add New User The Add New User screen allows you to add new Crypto Officers or Administrators, assigning and confirming the password for each. The roles of the “Crypto Officer” and “Administrator” are different, with the administrator role being more limited. NOTE: There is no default Administrator account. You must login as the role of “Crypto Officer” and assign other Administrator account after login. Monitoring/Reports This section gives you a variety of lists and status reports.
System Status This screen displays the status of the WAB-1000 device and network interface details and the routing table. There are also some pop-up informational menus on this screen that give detailed information about CPU, PCI, Interrupts, Processes, and Interfaces. Bridging Status This screen displays the Ethernet port STP status, wireless port STP status, and wireless bridging information.
Wireless Clients The Wireless Clients report screen displays the MAC address of all wireless clients and their signal strength and transmit rate.
Adjacent AP List The Adjacent AP list shows all the APs on the network which are not seen by the subject AP as trusted clients. DHCP Client List The DHCP client list displays all clients currently connected to the WAB-1000 via DHCP server, including their hostnames, IP addresses, and MAC addresses. Use the Remove button to clear any DHCP client entries you wish to remove.
System Log The system log displays system-facility-messages with date and time stamp. These are messages documenting functions performed internal to the system, based on the system’s functionality. Generally, the Administrator would only use this information if trained as or working with a field engineer or as information provided to technical support. The system log will continue to accumulate listings. If you wish to clear listings manually, use the Clear button.
change operating mode, etc., using the web browser. It establishes a running record regarding what actions were performed and by whom. The Web access log will continue to accumulate listings. If you wish to clear listings manually, use the Clear button. Network Activity The Network Activity Log keeps a detailed log of all activities on the network which can be useful to the network administration staff. The Network Activities log will continue to accumulate listings.
System Administration The System administration screens contain administrative functions. The screens and functions are detailed in the following section. Firmware Upgrade The System Upgrade utility is a functionality built into the WAB-1000 for updates to the device’s firmware as they become available. When a new upgrade file becomes available, find it and upload it to the WAB-1000 from this page.
Remote Logging Remote logging allows you to forward the syslog data from each machine to a central remote logging server. In the WAB-1000, this function uses the syslogd daemon. You can find more information about syslogd by searching for "syslogd" in an Internet search engine (such as Google®) to find a version compatible with your operating system. If you enable Remote Logging, input a System Log Server IP Address and System Log Server Port. Click Apply to accept these values.
Utilities This screen gives you ready access to two useful utilities: Ping and Traceroute. Simply enter the IP address or hostname you wish to ping or traceroute and click either the Ping or Traceroute button, as appropriate.
Chapter 4: Configure the WAB-1000 as a bridge Introduction In the WAB-1000, wireless bridging uses a second WLAN card to set up an independent wireless bridge connection. Since wireless bridging provides a mechanism for APs to collaborate, it is possible to extend the basic service set (BSS) of a standalone AP and to connect two separate LANs without installing any cabling. The wireless bridging function in the WAB-1000 allows you to set a number of alternate bridging configurations.
In the Wireless Configuration—General screen, if you are setting up the WAB-1000 only as a bridge, the SSID can remain in its default setting, since the bridge uses the BSSID for purposes of establishing contact. The BSSID is shown on the Wireless Configuration—Bridging page (see page 44). It is the MAC Address for the bridge WLAN card. Channel number is a means of assigning frequencies to access points used in proximity or series to minimize interference or "noise.
The Wireless Configuration—Bridging Encryption page is used to configure static encryption keys for the wireless bridge. This is an important page to set up to ensure that your bridge is working correctly. The encryption key that you use on this screen must be the same for any bridge connected to your bridging network in order for communication to occur. And on this screen, you can only select either a static 192 bit 3DES key or an AES key of either 128-bit, 192bit, or 256-bit length.
The following sections describe the setup for three types of bridging configuration: point-topoint, point-to-multipoint, or, lastly, repeater. Set up bridging type Point-to-point bridge configuration A point-to-point link is a direct connection between two, and only two, locations or nodes. Because the WAB-1000’s bridge function uses a separate WLAN card for bridging, you can also set up WLANs on the separate AP WLAN card.
For the two bridges that are to be linked to communicate properly, they have to be set up with compatible commands in the setup screens. For instance, the bridges must have the same channel number. Because there is a separate WLAN card for bridging, there can be a separate WLAN on the 802.11b/g card with no loss efficiency, as long as you set the channel numbers so there's no conflict or noise with the channel assigned to the bridge.
Navigate to the Wireless Configuration—Bridging screen. In the first section: General, you will see the MAC address of the bridging card. This is used as the BSSID on other WAB-1000s that will be communicating with this one. Wireless mode can be set to 802.11g for best rate, to 802.11b (if necessary) or to mixed 802.11b/g. Set basic and supported rates. Channel number must be set the same for each bridge to communicate. TX Pwr mode can be left on auto unless the power needs to be regulated.
enter only hexadecimal numbers, no colons. Data entry is not case sensitive. You may also enter a note that defines the location of the remote bridge. Then click Add to accept. The remote bridge's BSSID will now appear in the third section of the page. If, at some time you wish to delete the entry, simply click the check box next to it and confirm by clicking Delete. Next, navigate to Wireless Configuration—Bridging Encryption. Select the appropriate key type and length and the key value.
You must complete the configuration of your Bridge 1 by following the general instructions in Chapter 3 of this guide to establish any other required configuration options such as General, WAN and LAN settings. Configure the second of your two point-to-point bridges following the instructions given for Bridge 1 above.
bridging encryption of each must be set to the appropriate type and key length and must be the same on all. Because the WAB-1000 has two separate WLAN cards, one for the AP card and one for the bridging card, each bridge can have a WLAN on the 802.11b/g protocol with no loss of efficiency in bridging if you wish. The following diagram pictures a point-to-multipoint setup, which might be of use where a company's network spans several buildings within a campus-like setting.
Wireless Configuration – Bridging Encryption Select appropriate key type/length and value. Must be the same key as Bridge 2~n. Select appropriate key type/length and value. Must be the same key as Bridge 1. The above recommended setup requires only Bridge 1 to be set in point-to-multipoint mode. It is possible to set all bridges in point-to-multipoint mode, in which case, each bridge would have to contain the BSSID for each of the other bridges and Spanning Tree Protocol must be enabled.
BSSID Add Bridge 2's BSSID Add Bridge 1's and Bridge 3's BSSID Add Bridge 2's BSSID Wireless Configuration – Bridging Encryption Select appropriate key type/length and enter key value. Must be the same as that on the other 2 Bridges. Select appropriate key type/length and enter key value. Must be the same as that on the other 2 Bridges. Select appropriate key type/length and enter key value. Must be the same as that on the other 2 Bridges.
Chapter 5: Technical Support Manufacturer’s Statement The WAB-1000 is provided with warranty. It is not desired or expected that the user open the device. If malfunction is experienced and all external causes are eliminated, the user should return the unit to the manufacturer and replace it with a functioning unit.
Glossary 3DES Also referred to as Triple DES, a mode of the DES encryption algorithm that encrypts data three times. 802.11 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. 802.11b (also referred to as 802.11 High Rate or WiFi) 802.11b is an extension to 802.
DHCP Dynamic Host Configuration Protocol, DHCP, is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device’s IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.
WPA WPA stands for WiFi Protected Access. It’s an interim standard developed by the WiFi Alliance pending full ratification of the 802.11i standard, to protect the wired band and improve upon the old WEP encryption standard.
