User's Manual

Manuals Brands Tranzeo Wireless Technologies Manuals Electronics WIRELESS MESH ROUTER

Document No. TR0149 Rev C5

EnRoute500

User’s Guide

Rev. C5

Next Generation Mesh Networks, Today™

Tranzeo Confidential

Tranzeo Wireless Technologies Inc.

19473 Fraser Way, Pitt Meadows, BC, Canada, V3Y 2V4

www.tranzeo.com

technical support email: support@tranzeo.com

Summary of content (104 pages)

PAGE 1

Document No. TR0149 Rev C5 EnRoute500 User’s Guide Rev. C5 Next Generation Mesh Networks, Today™ Tranzeo Confidential Tranzeo Wireless Technologies Inc. 19473 Fraser Way, Pitt Meadows, BC, Canada, V3Y 2V4 www.tranzeo.com technical support email: support@tranzeo.
PAGE 2

EnRoute500 User’s Guide Tranzeo, the Tranzeo logo and EnRoute500 are trademarks of Tranzeo Wireless Technologies Inc. All rights reserved. All other company, brand, and product names are referenced for identification purposes only and may be trademarks that are the properties of their respective owners. Copyright © 2007, Tranzeo Wireless Technologies Inc. TR0149 Rev.
PAGE 3

EnRoute500 User’s Guide FCC Notice to Users and Operators This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for Class B Digital Device, pursuant to Part 15 of the FCC Rules.
PAGE 4

EnRoute500 User’s Guide Table of Contents 1 1.1 1.2 1.3 1.4 1.5 1.5.1 1.5.2 Working with the EnRoute500........................................................................... 8 EnRoute500 Capabilities.......................................................................................8 Network Topology .................................................................................................9 Network Terminology .................................................................................
PAGE 5

EnRoute500 User’s Guide 4 Initial Configuration of an EnRoute500 .......................................................... 32 5 5.1 5.2 5.3 5.4 5.5 Configuration Profile Management................................................................. 34 Saving the Current Configuration ........................................................................34 Load a Configuration Profile................................................................................34 Delete a Configuration Profile .........
PAGE 6

EnRoute500 User’s Guide 9.6.1 9.6.2 9.6.3 9.7 9.8 9.8.1 9.8.2 9.8.3 9.9 Access Point IP Address .................................................................................... 63 IP Configuration of Clients Devices via DHCP ................................................... 63 Manual IP Configuration of Client Devices ......................................................... 63 Client Devices .....................................................................................................
PAGE 7

EnRoute500 User’s Guide 16 16.1 Hardware Configuration ................................................................................ 102 Power Over Ethernet Source ............................................................................102 17 17.1 17.2 Firmware Management .................................................................................. 104 Displaying the Firmware Version.......................................................................104 Upgrading the Firmware..............
PAGE 8

EnRoute500 User’s Guide 1 Working with the EnRoute500 Thank you for choosing the Tranzeo EnRoute500 Wireless Mesh Router. The EnRoute500 allows a wireless mesh network to be rapidly deployed with little configuration required by the end user. This user’s guide presents a wide array of configuration options, but only a limited number of options have to be configured in order to deploy a mesh network of EnRoute500s. 1.
PAGE 9

EnRoute500 User’s Guide 1.2 Network Topology EnRoute500s can be used to create two network topologies: a stand-alone network or an Internet extension network that attaches to a network with connectivity to the Internet. RPT GW Repeater Gateway Internet Internet RPT RPT RPT GW RPT RPT RPT RPT RPT RPT RPT Figure 2.
PAGE 10

EnRoute500 User’s Guide 1.3 Network Terminology The following terms will be referred to throughout this manual. Mesh cloud – a group of nodes configured as one or more clusters Mesh cluster – a group of two or more EnRoute500s with at least one configured as a gateway Mesh node – a single EnRoute500 device that is part of a mesh 1.4 EnRoute500 Interfaces The EnRoute500 has four external interfaces: power, Ethernet and two radio ports. Mesh radio port AP radio port Power Ethernet Figure 4.
PAGE 11

EnRoute500 User’s Guide Interface Power Mesh radio port AP radio port Ethernet Passive PoE Description Power input (100-240VAC 50-60 Hz) N-type antenna connector for mesh radio N-type antenna connector for access point radio 10/100 Mbit Ethernet interface PoE secondary power input (9-28VDC, 12W) Not compatible with IEEE 802.3af Table 1. EnRoute500 Interfaces The EnRoute500 is equipped with an auto-sensing Ethernet port that allows both regular and cross-over cables to be used to connect to it.
PAGE 12

EnRoute500 User’s Guide Mesh antenna Access point antenna Figure 5. Connecting the mesh and access point antennas 1.5 Deployment Considerations The EnRoute500’s radios operate in the unlicensed 2.4 GHz and 5.8 GHz ISM bands. It is possible that there will be other devices operating in these bands that will interfere with the EnRoute500’s radios. Interference from adjacent EnRoute500s can also degrade performance, if the EnRoute500s are not configured properly.
PAGE 13

EnRoute500 User’s Guide devices, a tool such as Netstumbler (http://www.netstumbler.com/downloads/) can be used. A spectrum analyzer can be used for further characterization of interference in the band. 1.5.1 Mesh channel selection The mesh radio channel must be the same for all EnRoute500s in a given mesh cluster. Adjacent mesh clusters will get a performance benefit if they are on different channels as the clusters will not interfere with each other. The 802.
PAGE 14

EnRoute500 User’s Guide 2 Using the Command Line Interface All configurable EnRoute500 parameters can be accessed with a Command Line Interface (CLI). The CLI allows you to: • • • • Modify and verify all configuration parameters Save and restore device configurations Reboot the device Upgrade the firmware 2.1 Accessing the CLI The EnRoute500’s command-line interface (CLI) is accessible through the device’s network interfaces using an SSH client.
PAGE 15

EnRoute500 User’s Guide 3. Login to the node using an SSHv2-capable client application with the credentials provided in Table 3. Windows XP does not include an SSH client application. You will need to install a 3rd-party client such as SecureCRT from Van Dyke software (http://www.vandyke.com/products/securecrt) or the free PuTTY SSH client (http://www.putty.nl/) to connect to an EnRoute500 using SSH.
PAGE 16

EnRoute500 User’s Guide users can only be set by the ‘admin’ user. The procedure for changing passwords is described in section 6.1. 2.3 CLI Interfaces The CLI provides the user with a number of interfaces that contain related parameters and controls. Some of these interfaces are actual hardware interfaces, such as Ethernet, while others are virtual interfaces that contain a set of related parameters.
PAGE 17

EnRoute500 User’s Guide 2.4.3 Searching the Command History The command history can be searched by pressing Ctrl+R and entering a search string. The most recently executed command that matches the string entered will be displayed. Press ‘Enter’ to execute that command. 2.4.4 Executing a Previous Command By using the up and down arrow keys you can select previously executed commands. When you find the command you wish to execute, you can either edit it or press ‘Return’ to execute it. 2.
PAGE 18

EnRoute500 User’s Guide 2.5.3 ‘help’ command help [command|parameter] Syntax where [command] is one of the CLI commands or [parameter] is a parameter in the currently selected interface. Description When no argument follows the help command, a help menu showing a list of available commands is displayed. When a command is supplied as the argument, a help message for that particular command is displayed.
PAGE 19

EnRoute500 User’s Guide 2.5.5 ‘use’ command Syntax use where is one of the EnRoute500’s interfaces. A complete list of interfaces is available with the ‘show’ command. Description Selects an interface to use. By selecting an interface you can view and modify the parameters associated with the interface. Example use mesh0 will select the backhaul mesh radio interface and change the CLI prompt to mesh0> to reflect the interface selection. TR0149 Rev.
PAGE 20

EnRoute500 User’s Guide 2.5.6 ‘set’ command Syntax set = where is the parameter being set and is the value it is being set to. Description Sets a configuration parameter. Note that is only possible to set the parameters for the currently selected interface. If the value of the parameter contains spaces, the value must be surrounded by double quotes (“ “). If a valid 'set' command is entered, it will output its result and any effects on other parameters.
PAGE 21

EnRoute500 User’s Guide 2.5.7 ‘get’ command Syntax get where is the parameter whose value is being fetched Description Gets the value of one or more configuration parameters for the currently selected interface. The ‘*’ character can be used to specify wildcard characters. This allows multiple values to be fetched with a single command. Example With the ‘sys’ interface selected get id.node will return the node’s ID, while get id.
PAGE 22

EnRoute500 User’s Guide 2.5.8 ‘list’ command Syntax list Description Lists all parameters for the selected interface Example With the ‘firewall’ interface selected list will display firewall.gateway.enable : prevent uninitiated incoming connections past the gateway? firewall.node.allowc2c.eth0 : allow clients to see each other if .role=access firewall.node.allowc2c.wlan1 : allow clients to see each other if .role=access firewall.node.allowc2c.wlan2 : allow clients to see each other if .
PAGE 23

EnRoute500 User’s Guide 2.5.10 ‘ifconfig’ command Syntax ifconfig Description Displays information, such as IP address and MAC address, for a particular network interface. Example ifconfig wlan1 will display wlan1 2.5.11 Link encap:Ethernet HWaddr 00:15:6D:52:01:FD inet addr:10.2.10.1 Bcast:172.29.255.255 Mask:255.255.0.
PAGE 24

EnRoute500 User’s Guide 2.5.13 ‘history’ command Syntax history Description Shows the command history since the node was last rebooted Example After switching to the ‘wlan1’ interface, inspecting the ESSID setting, and then changing it history will display 1: use wlan1 2: get essid 3: set essid=er500ap TR0149 Rev.
PAGE 25

EnRoute500 User’s Guide 2.5.14 ‘!’ command Syntax ! ! !! Description Executes a previously-executed command based either on a command history number or matching a string to the start of a previously-executed command. Note that there is no space between the ‘!’ and the argument. The ‘history’ command shows the command history, with a number preceding each entry in the command history.
PAGE 26

EnRoute500 User’s Guide 2.5.15 ‘exit’ command Syntax exit Description Terminates the current CLI session and logs out the user 2.5.16 ‘quit’ command Syntax quit Description Terminates the current CLI session and logs out the user TR0149 Rev.
PAGE 27

EnRoute500 User’s Guide 3 Using the Web Interface The EnRoute500 has a web interface accessible through a browser that can also be used to configure the node and display status parameters. 3.1 Accessing the Web Interface You can access the web interface by entering one of the node’s IP addresses preceded by “https://” in the URL field of a web browser (see section 2.1 for a description of how to access an unconfigured node using its Ethernet interface).
PAGE 28

EnRoute500 User’s Guide Figure 7. Certificate warning 3.2 Status Page A status page is loaded by default after the login process has been completed.
PAGE 29

EnRoute500 User’s Guide Figure 8. Sample status page 3.3 Setting Parameters Many of the web interface pages allow you to set EnRoute500 operating parameters. Each page that contains settable parameters has a “Save Changes” button at the bottom of the page. When you have made your changes on a page and are ready to commit the new configuration, click on the “Save Changes” button. It typically takes a few seconds to save the changes, after which the page will be reloaded. TR0149 Rev.
PAGE 30

EnRoute500 User’s Guide For the changes to take effect, the node must be rebooted. After a change has been committed, a message reminding the user to reboot the node will be displayed at the top of the screen. Figure 9. Sample page showing "Save Changes" button and message prompting the user to reboot 3.4 Help Information Help information is provided on most web GUI pages. The help information is shown on the right-hand side of the page.
PAGE 31

EnRoute500 User’s Guide Figure 10. Rebooting the node TR0149 Rev.
PAGE 32

EnRoute500 User’s Guide 4 Initial Configuration of an EnRoute500 This user’s guide provides a comprehensive overview of all of the EnRoute500’s features and configurable parameters. However, it is possible to deploy a network of EnRoute500s while only changing a limited number of the settable parameters. The list below will guide you through a minimal configuration procedure that prepares a network of EnRoute500s for deployment. 1 Change the ‘admin’ and ‘monitor’ passwords.
PAGE 33

EnRoute500 User’s Guide After these settings have been changed, the EnRoute500s will be able to form a mesh cluster and you will be able to configure the nodes from a central location. This minimal configuration must be performed prior to deployment, but all other configuration can be carried out after deployment. To simplify initial configuration, the web GUI has a page that allows the user to change all the parameters listed in this section on a single page.
PAGE 34

EnRoute500 User’s Guide 5 Configuration Profile Management Configuration profiles describe an EnRoute500’s configuration state and can be created to simplify the provisioning and management of nodes.
PAGE 35

EnRoute500 User’s Guide uploaded to the node. Choose a profile name from the “Existing Profiles” box and then click on “Load Profile”. It is necessary to reboot the node for the loaded profile settings to take effect. Figure 13. Load a configuration profile 5.3 Delete a Configuration Profile A locally-stored configuration profile can be deleted using the “Delete” tab on the “Profile Management“ page of the web interface.
PAGE 36

EnRoute500 User’s Guide listed on this page. Click on the one that is to be downloaded to a computer and you will be given the option to specify where the profile should be save on the host computer. Figure 15. Downloading a configuration profile from a node 5.5 Uploading a Configuration Profile to a Node A configuration profile can be uploaded to a node using the “Upload to node” tab on the “Profile Management“ page of the web interface.
PAGE 37

EnRoute500 User’s Guide 6 System Settings This section describes settings that are applicable to the overall operation of the EnRoute500, but are not related directly to a particular interface. 6.1 User Passwords The passwords for the ‘admin’ and ‘monitor’ users can be set using the ‘password.admin’ and ‘password.monitor’ parameters in the ‘sys’ interface. By default, both user accounts have the password ‘mesh’. The passwords will not be displayed when using the ‘get’ command with these parameters.
PAGE 38

EnRoute500 User’s Guide • • All ER500s will be configured as ‘aprepeater’ nodes to create a stand-alone mesh cluster All but one of the ER500s in a mesh cluster will be configured as ‘aprepeater’ nodes, with one node configured as an ‘apgateway’. The ‘apgateway’ node is connected to an external network using the node’s Ethernet interface. This network configuration will create an Internet extension network. Mode Description The EnRoute500 will function as a relay in the mesh network.
PAGE 39

EnRoute500 User’s Guide Figure 18. Setting the operating scheme 6.3 Mesh / Node ID An EnRoute500 must be assigned a mesh ID and a node ID before it is deployed as part of a mesh cluster. The mesh ID identifies nodes that are members of the same mesh cluster and the node ID uniquely identifies a node within a mesh cluster. The mesh ID must be the same for all nodes in a mesh cluster.
PAGE 40

EnRoute500 User’s Guide 6.4 Mesh Prefix The mesh prefix parameter sets the first two octets of a node’s mesh interface IP address. The mesh prefix is set with the ‘id.meshprefix’ parameter in the ‘sys’ interface as shown in the example below. The mesh prefix must be set the same for all nodes in a given mesh cluster. The recommended range of values is 172.16 through 172.30. > use sys sys> set id.meshprefix=172.
PAGE 41

EnRoute500 User’s Guide 10 . 12 . 107 . 0 LAN prefix Mesh ID Node ID Figure 22. Subnet address structure A node’s subnet is split up between its different client interfaces (eth0, wlan1-4). By default the subnet is split as shown in Table 5. See sections 8.1.4 and 9.6.3 for instructions on how to adjust how the subnet is segmented between interfaces. Interface wlan1 wlan2 wlan3 wlan4 eth0 Interface address subnet.1 subnet.129 subnet.161 subnet.193 subnet.225 Broadcast address subnet.127 subnet.
PAGE 42

EnRoute500 User’s Guide Figure 23. Setting the DNS server(s) 6.7 DNS Proxy Configuration DNS proxy entries can be added to an EnRoute500 to force local resolution of host names to IP addresses. A list of hostname/IP address to be resolved locally can be specified using the ‘dnsproxy.hosts’ parameter in the ‘sys’ interface. If multiple hostname/IP address entries are specified, they must be separated by semi-colons, as shown in the example below.
PAGE 43

EnRoute500 User’s Guide Figure 24. Setting the Netbios server(s) 6.9 Location Two types of node location information can be stored: • • Latitude/longitude/altitude Postal address or description a node’s location The GPS location of the node can be stored in the following fields in the ‘sys’ interface: • • • sys.location.gps.altitude sys.location.gps.latitude sys.location.gps.longitude Note that these values are not automatically updated and must be entered after a node has been installed.
PAGE 44

EnRoute500 User’s Guide Figure 25. Setting location information 6.10 Certificate Information A certificate for use with splash pages and the web interface is locally generated on the node. The information embedded in this certificate can be set using the ‘organization’ parameters in the ‘sys’ interface. These parameters are: • • • • sys.organization.name –name of organization (must be enclosed in quotes if it contains spaces) sys.organization.
PAGE 45

EnRoute500 User’s Guide Figure 26. Setting certificate information 6.11 CLI timeout The CLI will automatically log out a user if the interface has remained inactive for a certain length of time. The time, in minutes, that a shell must remain inactive before a user is automatically logged out is set with the ‘shell.timeout’ parameter in the ‘sys’ interface, as shown in the example below. The maximum idle time that can be set is 360 minutes. > use sys sys> set shell.timeout=15 TR0149 Rev.
PAGE 46

EnRoute500 User’s Guide 7 Mesh Radio Configuration The EnRoute500 has an 802.11a radio dedicated to mesh backhaul traffic. The settings for this radio are independent of any settings for the radio used for the EnRoute500’s built-in access points. The majority of the mesh radio settings must be the same on all nodes in a given mesh cluster for the nodes to be able to communicate. Figure 27. Mesh interface parameters 7.1 Channel The 802.11a radio can be set to operate in the channels listed in Table 6.
PAGE 47

EnRoute500 User’s Guide > use mesh0 mesh0> set channel=157 The mesh radio channel can be set via the web interface using the “Mesh” tab on the “Wireless Interfaces” page (see Figure 27). 7.2 ESSID The ESSID, or Extended Service Set Identifier, is used in 802.11 communication to identify a particular network. It differentiates logical networks that operate on the same radio channel. The mesh radio ESSID for all the nodes in a mesh cluster must be the same.
PAGE 48

EnRoute500 User’s Guide mesh0> set key=”s:abcdefghijklmnop” or using a hexadecimal key with > use mesh0 mesh0> set key=”0123456789abcdef0123456789abcdef” Encryption can be disabled by specifying a blank value as shown below. > use mesh0 mesh0> set key= The mesh radio encryption key can be set via the web interface using the “Mesh” tab on the “Wireless Interfaces” page (see Figure 27).
PAGE 49

EnRoute500 User’s Guide txpower 1 9 14 18 22 26 29 33 60 Output Power (dBm) 9 10 12 14 16 18 20 22 24 Table 7. Mesh radio output power settings 7.5 IP Configuration The IP address, broadcast address, and netmask associated with the mesh radio interface can be viewed, but not directly changed through the ‘mesh’ interface. To change the IP settings, the ‘id’ settings in the ‘sys’ interface, from which the IP settings are derived, must be changed (see sections 6.3 and 6.4).
PAGE 50

EnRoute500 User’s Guide Figure 28. Mesh neighbor status information TR0149 Rev.
PAGE 51

EnRoute500 User’s Guide 8 Ethernet Interface Configuration The function of the Ethernet interface (eth0) depends on the operating scheme that has been selected (see section 6.2). In ‘aprepeater’ mode, the Ethernet interface can be used to connect client devices to the mesh cluster. In ‘apgateway’ mode, the Ethernet interface is used as a backhaul link that connects the mesh cluster to a WAN. Client devices cannot connect through the Ethernet interface in this mode. 8.
PAGE 52

EnRoute500 User’s Guide • • • The address segment size and start address must be chosen such that the address segment does not cross a netmask boundary. Table 8 lists allowed combinations. The address spaces for enabled interfaces must start at different addresses. The address spaces for enabled interfaces should not overlap. ip.start.requested 1 33 65 97 129 161 193 225 31 Yes Yes Yes Yes Yes Yes Yes Yes ip.size.
PAGE 53

EnRoute500 User’s Guide Figure 30. ‘eth0’ DHCP and address space settings Each of the enabled interfaces’ address segments should be configured to avoid overlap with the other interfaces’ address segments. In the case where a node is not configured such that this requirement is met, address spaces will be automatically reduced in size to prevent overlap. The actual start address and size of a segment are accessible via the ‘ip.start.actual’ and ‘ip.size.actual’ parameters. TR0149 Rev.
PAGE 54

EnRoute500 User’s Guide 8.1.2 Ethernet Interface IP Address The EnRoute500’s Ethernet interface address should not be changed directly using the ‘ip.*’ parameters in the ‘eth0’ interface when it is in repeater mode. To set the IP address to the desired value, modify the ‘id.node’, ‘id.mesh’, and ‘id.lanprefix’ parameters in the ‘sys’ interface and the ‘ip.start.requested’ parameter in the ‘eth0’ interface (see sections 6.3 and 6.5).
PAGE 55

EnRoute500 User’s Guide eth0.ip.netmask = 255.255.255.224 [read-only] If the local DHCP server is enabled for the Ethernet interface, addresses must be reserved for statically-configured devices by setting the ‘dhcp.reserve’ parameter in the ‘eth0’ interface. This will reserve the specified number of addresses at the bottom of the IP range for the interface. For example, if the interface has been assigned the address 10.2.4.225, the netmask 255.255.255.224, and the ‘dhcp.
PAGE 56

EnRoute500 User’s Guide set the value of the ‘dhcp.role’ parameter in the ‘eth0’ interface to ‘client’, as shown in the example below. When configured as a DHCP client, the EnRoute500 will continually attempt to contact a DHCP server until it is successful. > use eth0 eth0> set dhcp.role=client The ‘dhcp.reserve’ parameter (described in section 6.1.1) has no effect when the ‘dhcp.role’ parameter is set to ‘client’. To disable DHCP client mode, set the ‘dhcp.role’ parameter to ‘none’.
PAGE 57

EnRoute500 User’s Guide eth0> set ip.broadcast_force=192.168.1.255 eth0> set ip.gateway_force=192.168.1.1 eth0> set ip.netmask_force=255.255.255.0 The ‘ip.address_force’, ‘ip.gateway_force’, and ‘ip.netmask_force’ parameters can be set via the web interface using the “Wired/Backhaul Interface” page (see Figure 31). Note that for the manually configured address to be used, the ‘dhcp.role’ setting must be set to ‘none’ if the node is connected to a network which provides access to a DHCP server.
PAGE 58

EnRoute500 User’s Guide 9 Access Point (AP) Configuration The EnRoute500 has an 802.11b/g radio dedicated to access point traffic. The settings for this radio are independent of any settings for the radio used for the mesh backhaul traffic. The settings for the access points can vary from node to node in the mesh, but typically it is desirable to set certain parameters to the same value for all the access points in a mesh to allow clients to roam in the network.
PAGE 59

EnRoute500 User’s Guide 9.2 Access Point Client Device Address Space The enabled wlanN interfaces are assigned segments of the class C address space that each node has to share between its client interfaces, which include eth0, wlan1, wlan2, wlan3, and wlan4. The start address of the address segment and its size can be set with the ‘ip.size.requested’ and ‘ip.start.requested’ variables.
PAGE 60

EnRoute500 User’s Guide Figure 33. ‘wlanN’ DHCP and address space settings 9.3 Enabling and Disabling Access Points An access point can be enabled with the ‘enable’ parameter in the ‘wlanN’ interface as shown below. TR0149 Rev.
PAGE 61

EnRoute500 User’s Guide > use wlan1 wlan1> set enable=yes An access point can be disabled with the following commands. > use wlan1 wlan1> set enable=no The access point status can be set via the web interface using the appropriate “wlanN” tab on the “Wireless Interfaces” page (see Figure 32). An access point can be configured when it is disabled and parameters are maintained when it is disabled. 9.4 Channel The 802.11b/g radio can be set to operate in the channels listed in Table 9.
PAGE 62

EnRoute500 User’s Guide wlan1> set channel=6 The access point channel can be set via the web interface using the appropriate “wlanN” tab on the “Wireless Interfaces” page (see Figure 32). 9.5 ESSID The ESSID, or Extended Service Set Identifier, is used in 802.11 communication to identify a particular network. It is used to differentiate logical networks that operate on the same channel. Each access point can be configured with a different ESSID.
PAGE 63

EnRoute500 User’s Guide 9.6.1 Access Point IP Address The IP address, broadcast address, and netmask associated with an access point interface can be viewed, but not directly changed through the ‘wlanN’ interface. To set the IP address to the desired value, modify the ‘id.node’, ‘id.mesh’, and ‘id.lanprefix’ parameters in the ‘sys’ interface. You can view the resulting settings for the AP interface with the ‘ip.*’ parameters in the ‘wlanN’ interface as shown in the example below (see sections 6.3 and 6.
PAGE 64

EnRoute500 User’s Guide The ‘dhcp.reserve’ value can be set via the web interface using the “DHCP” sub-tab on the “DHCP” tab on the “System Parameters” page (see Figure 33). 9.7 Client Devices Each access point has a status page that displays information about attached clients and total throughput through the access point. The signal strength of each client device, it’s MAC address, its IP address, and the time since data was last received from it are listed.
PAGE 65

EnRoute500 User’s Guide Figure 35. Access point authentication and encryption settings 9.8.1 WEP Encryption The access points can be protected with a WEP-based encryption key to prevent unauthorized users from intercepting or spoofing traffic. To enable WEP-based encryption, set the ‘key’ parameter in the ‘wlanN’ interface. The length of the encryption key is determined by the format used to specify the ‘key’ value.
PAGE 66

EnRoute500 User’s Guide or using a hexadecimal key with > use wlan1 wlan1> set key=”0123456789abcdef0123456789” WEP encryption can be disabled by specifying a blank value as shown below. > use wlan1 wlan1> set key= WEP encryption can be enabled and the key can be set via the web interface using the “WPA/WEP” sub-tab under the “AAA” tab on the “System Parameters” page (see Figure 35).
PAGE 67

EnRoute500 User’s Guide • • • wpa.auth.server.addr wpa.auth.server.port wpa.auth.server.shared_secret The supported EAP modes are: • • • TLS TTLS PEAP The ‘wpa.key_mgmt’ parameter must be set to indicate that both PSK and EAP modes can be supported, as shown in the example below. The ‘wpa.auth.server.addr’ parameter is the IP address of the 802.1x server that will be used for authentication and the ‘wpa.auth.server.
PAGE 68

EnRoute500 User’s Guide The values for ‘txpower’ in the ‘wlanN’ interfaces must be no greater than the values listed in Table 11 to be in compliance with FCC regulations. Note that the power limit is dependent on the channel selected. The example below shows how to set the access point radio’s transmit power. > use wlan1 wlan1> set txpower=25 The access points transmit power can be set via the web interface using the appropriate “wlanN” tab on the “Wireless Interfaces” page (see Figure 32).
PAGE 69

EnRoute500 User’s Guide 10 Client DHCP Configuration Two configuration options exists for assigning IP addresses to client devices using DHCP: • • Each EnRoute500 hosts a local DHCP server and supplies addresses to devices attaching to any of the client interfaces A centralized DHCP server supplies addresses to client devices, with the EnRoute500s in a mesh relaying DHCP messages between client devices and the centralized server.
PAGE 70

EnRoute500 User’s Guide End address = . . . - - 2 Figure 36. Access point DHCP configuration The EnRoute500 can be configured to set aside a number of addresses for client devices that will use a static address. These addresses are taken from the pool that DHCP assigns addresses from.
PAGE 71

EnRoute500 User’s Guide may reserve the entire range of addresses, but the EnRoute500 will use at least the top address in the range for DHCP. > use wlan1 wlan1> set dhcp.reserve=5 The ‘dhcp.reserve’ setting for all access points and the wired interface can be set via the web interface using the “DHCP” sub-tab under the “DHCP” tab on the “System Parameters” page (see Figure 36). If the ‘dhcp.reserve’ value is non-zero, the DHCP range start address will be affected as shown below Start address = 10.
PAGE 72

EnRoute500 User’s Guide node) must also have addresses that belong to this address space in order to facilitate DHCP relay and selection of client addresses from the correct DHCP scope on servers that serve hosts connected to different subnets. The client interface addresses need to be configured statically. It is recommended that a contiguous range of addresses at the lower end of the address space be set aside, one for each client interface on the mesh nodes.
PAGE 73

EnRoute500 User’s Guide The IP address of the central DHCP server is set with the ‘dhcp.relay.server’ parameter in the ‘sys’ interface. The server must be reachable through the mesh gateway’s wired backhaul interface. In the example below, the central DHCP server resides on a host on the same segment to which the mesh gateway’s wired interface is connected. > use sys sys> set dhcp.relay.server=192.168.5.
PAGE 74

EnRoute500 User’s Guide On the gateway: > use sys sys> set dhcp.relay.base=3 on the first repeater node: > use sys sys> set dhcp.relay.base=8 and on the second repeater node: > use sys sys> set dhcp.relay.base=13 The ‘dhcp.relay.base’ parameter can be set via the web interface on the “DHCP Relay” sub-tab under the “DHCP” tab on the “System Parameters” page (see Figure 37). 10.2.2 Configuring the Central DHCP Server Guidelines for configuring the central DHCP server are provided below.
PAGE 75

EnRoute500 User’s Guide 11 Connecting an EnRoute500 Gateway to a WAN The options for connecting an EnRoute500 gateway to a WAN are described below. 11.1 Manual Configuration An EnRoute500 gateway can be directly connected to a WAN without using Network Address Translation. With this gateway configuration, the router on the network that the gateway is attached to must be configured to forward the mesh subnet and the LAN subnets to the gateway’s Ethernet IP address.
PAGE 76

EnRoute500 User’s Guide • You only consume a single IP address on your existing network when connecting the mesh cluster to it. The main disadvantage of using NAT is • You are not able to initiate connections with nodes in the mesh cluster or their clients from outside the mesh cluster. To set the NAT state, use the commands > use sys sys> set nat.enable= The NAT state can be set via the web interface on the “Wired/Backhaul Interface” page (Figure 38). Figure 38. NAT setting 11.
PAGE 77

EnRoute500 User’s Guide • A secure path between the mesh and a host, which can monitor and reconfigure the mesh, is established. The control and status traffic passing between the mesh and the host is protected if it passes over a public network at any point. The state of the VPN client on the EnRoute500 is set with the ‘vpn.enable’ parameter in the ‘eth0’ interface. The address of the VPN server and port are specified with the ‘vpn.server’ and ‘vpn.port’ parameters in the ‘eth0’ interface.
PAGE 78

EnRoute500 User’s Guide 12 Controlling Access to the EnRoute500 The EnRoute500 supports the following methods for restricting access to the node and the network that it is connected to: • • • • Firewall Gateway firewall Client-to-client communication blocking White lists / black lists 12.1 Firewall The EnRoute500 has a firewall that blocks traffic to the EnRoute500. This prevents client devices attached to a node and devices on the mesh gateway WAN from connecting to the node.
PAGE 79

EnRoute500 User’s Guide Function SSH HTTPS HTTP redirect DNS DHCP DHCP Roaming support Roaming support Port 22 443 3060 53 67 68 7202 7203 Type Source & destination Destination Destination Source & destination Destination Destination Destination Destination Protocol TCP TCP TCP UDP UDP UDP UDP UDP Table 13. Source and destination ports allowed by default If ports that are open by default are reconfigured to be closed, certain EnRoute500 functions will be affected.
PAGE 80

EnRoute500 User’s Guide 12.3 Blocking Client-to-Client Traffic Client-to-client traffic can be blocked or permitted on a per-interface basis. By enabling clientto-client traffic blocking for one or more of an EnRoute500’s client interfaces, the clients that attach to that particular interface will not be able to communicate with any clients attached to that or any other client interface in the mesh. Client-to-client traffic can be controlled for interfaces wlan1, wlan2, wlan3, wlan4, and eth0.
PAGE 81

EnRoute500 User’s Guide Figure 40. Client-to-client firewall settings Note that devices connected to different interfaces can only communicate with each other if client-to-client isolation is disabled for both interfaces. Client-to-client isolation is only enabled if the EnRoute500 node firewall (firewall.node.enable) is enabled (section 12.1). 12.4 Access Control Lists (ACLs) Access control lists can be created for each of the access point interfaces and the mesh interface. TR0149 Rev.
PAGE 82

EnRoute500 User’s Guide 12.4.1 Access Point Access Control Lists (ACLs) The access control lists (ACLs) for the access point interfaces (wlan1-wlan4) block access to any device with a MAC address matching those on the list. Individual ACLs can be defined for each access point. The ACLs can be defined via the web interface on the appropriate “wlanN” sub-tab under the “ACL” tab on the “Security” page. Enter a MAC address and click on the “Add MAC” button to add the address to the ACL for that access point.
PAGE 83

EnRoute500 User’s Guide address to the ACL for that access point. Once an address has been added, it will appear at the bottom of the page. To delete a MAC address in an ACL, click on the “Delete MAC” button next to the address. The ACL for an access point must be enabled after it has been created. Choose “whitelist” from the drop-down menu and click on “Change ACL Mode” to enable the list.
PAGE 84

EnRoute500 User’s Guide 13 Quality of Service (QoS) Configuration The EnRoute500 has extensive support for quality of service settings that allow traffic to be prioritized based on the source interface, destination interface, and type of traffic. The EnRoute500 QoS scheme allows both rate limiting and rate reservation for all interfaces. 13.1 Priority Levels The available priority levels are listed in Table 14.
PAGE 85

EnRoute500 User’s Guide to the outbound interface. Rate reservation and rate limiting, described in the following sections, can be used to avoid one interface dominating the use of the mesh interface bandwidth. Figure 43. QoS settings The absolute value of the priority settings do not have any weighting effect. If a priority is higher for one interface than another, the former will always be prioritized with any remaining bandwidth allocated to the other one.
PAGE 86

EnRoute500 User’s Guide As a rule, locally generated traffic should always have the highest priority so that EnRoute500 control traffic has precedence over client traffic and the mesh can be maintained. The ‘in..hwpri.max’ and ‘in..hwpri.min’ parameters can be used to limit the hardware priority queues that traffic from a particular interface can use for outbound traffic. Valid values for these parameters are from 1 to 4, which are the priority levels listed in Table 14.
PAGE 87

EnRoute500 User’s Guide The example below shows how to configure the system such that all traffic from ‘wlan2’ with a ‘Background’ or ‘Best Effort’ priority will be increased to a ‘Video’ priority. Traffic with ‘Video’ and ‘Voice’ priorities will not be affected. > use qos qos> set in.wlan2.hwpri.min=2 This does not affect the rate limiting and reservation (section 13.2), it only affects which output hardware queues are used. 13.
PAGE 88

EnRoute500 User’s Guide The maximum output data rate for interfaces can be limited with the ‘out..limit’ parameters in the ‘qos’ interface, where is one of the following: default, eth0, mesh0, wlan1, wlan2, wlan3, wlan4. The ‘out.default.limit’ value is applied to interfaces that have the ‘out..limit’ parameter set to ‘inherit’. These parameters can be set via the web interface under the “QoS” tab on the “QoS” page (see Figure 43).
PAGE 89

EnRoute500 User’s Guide The ‘out.default.default.limit’ value is applied to interfaces that have the ‘out...limit’ parameter set to ‘inherit’. The example below shows how to limit the maximum output rate of voice, video, best effort, and background traffic from wlan1 through the mesh0 interface to 256 kbps, 1 Mbps, 256 kbps, and 256 kbps, respectively. > use qos qos> set out.mesh0.wlan1.vo.limit=256 qos> set out.mesh0.wlan1.vi.limit=1024 qos> set out.mesh0.wlan1.be.
PAGE 90

EnRoute500 User’s Guide Output mesh0 eth0 wlan1 wlan2 wlan3 wlan4 wlan2 wlan3 wlan4 QoS Control Point QOS local mesh0 eth0 wlan1 VI VO BK BE VI VO BK BE VI VO BK BE VI VO BK BE VI VO BK BE VI VO BK BE VI VO BK BE Input Figure 46. Quality of Service rate reservation control points All rate reservation parameter values are in kbps. If no rate reservation parameter is set, rate reservation will be disabled for that interface or interface and traffic combination.
PAGE 91

EnRoute500 User’s Guide Rate reservations can also be set based on traffic type through an interface. A rate reservation for a certain type of traffic that enters the EnRoute500 through a particular interface and exits it through another interface can be set with the ‘out....reserve.
PAGE 92

EnRoute500 User’s Guide 14 Enabling VLAN Tagging The EnRoute500 supports VLAN tagging, with each client interface capable of supporting a different VLAN tag. If VLAN tagging is enabled for an interface, client devices that connect to the interface must be capable of receiving VLAN-tagged frames. 14.1 Client Interface Configuration VLAN tagging can be independently controlled on each client interface (eth0, wlan1-4). The ‘vlan.
PAGE 93

EnRoute500 User’s Guide Figure 47. Configuring VLAN for access point interfaces 14.2 Gateway Configuration For VLAN tags to be preserved on traffic that exits a mesh cluster, VLAN support must be enabled for the Ethernet interface on the mesh cluster’s gateway node. The ‘vlan.enable’ parameter in the ‘eth0’ interface controls the state of VLAN tagging. The example below shows how to enable VLAN tagging on a gateway node.
PAGE 94

EnRoute500 User’s Guide Figure 48. Configuring VLAN for backhaul interface TR0149 Rev.
PAGE 95

EnRoute500 User’s Guide 15 Integration with Enterprise Equipment The EnRoute500 supports authentication, accounting, and monitoring services that easily integrate with enterprise equipment. In this section the following topics are described: • • • Splash pages Backhaul health monitoring Layer 2 client emulation 15.1 Configuring Splash Pages The EnRoute500 supports splash pages, which can be used to restrict access to the mesh network and provide information to users that connect to the mesh.
PAGE 96

EnRoute500 User’s Guide > use sys sys> set splash.auth.server.enable.wlan1=yes The “Require Login” settings on the “Splash Pages” sub-tab under the “AAA” tab on the “System Parameters” page (see Figure 49) is used to configure this parameter via the web interface. Figure 49. Splash page configuration 15.1.2 Configuring Splash URLs The URL that a user is redirected to for login purposes can be individually configured for each client interface that supports splash pages (wlan1-4).
PAGE 97

EnRoute500 User’s Guide The ‘splash.url..login’ parameter in the ‘sys’ interface, where is either ‘wlan1’, ‘wlan2’, ‘wlan3’, or ‘wlan4’, sets the URL that a user is redirected to when they attach to the interface and have not yet been authenticated. This parameter should not be left blank if splash pages are enabled for the interface since no client would be able to access the network through the interface if it does not point to a valid URL. The ‘splash.url..
PAGE 98

EnRoute500 User’s Guide entry, which will be different for each node in the network, must be mapped to one of the node’s IP addresses (see section 6.7 for more information on DNS proxy configuration). The example below shows how to configure the DNS proxy assuming the login page redirects to the host ‘redirect.domain.com’ and the IP address of the wlan1 interface is 10.1.2.1. > use sys sys> set dnsproxy.enable=yes sys> set dnsproxy.hosts=”dns.proxy.name.here=10.1.2.
PAGE 99

EnRoute500 User’s Guide 1 2 3 4 5 6 7 8 9 10 11 Test Login Page
Welcoming text or 'Terms of Service' could go here.

Figure 51. Sample HTML code for web page when authentication is disabled 15.1.
PAGE 100

EnRoute500 User’s Guide parameter in the ‘sys’ interface. The MAC addresses are specified as a list of 48-bit addresses separated by commas. An example of setting this parameter is shown below. > use sys sys> set splash.trusted_macs="aa:bb:cc:00:00:01,aa:bb:cc:00:00:02" 15.2 Backhaul Health Monitoring A gateway node can monitor its connectivity to a remote device to ensure that its backhaul connection is functioning properly.
PAGE 101

EnRoute500 User’s Guide It is recommended that an IP address, rather than a hostname, is specified for the ‘monitor.health.host’ parameter to avoid a DNS failure from causing the gateway to believe that its backhaul link is down. The IP address of the closest backhaul router would be an appropriate host to specify. 15.3 Layer 2 Emulation Certain back-end systems (Internet gateways) use the MAC addresses of client devices for authentication and accounting purposes.
PAGE 102

EnRoute500 User’s Guide 16 Hardware Configuration An EnRoute500 can be equipped with a number of optional hardware components, such as a Power-over-Ethernet (PoE) source and a back-up battery. The “Hardware” tab on the “System” page in the web interface displays whether these optional hardware components are installed or not. If they are installed, their current operational state will be displayed. Figure 52. Node hardware configuration on node without PoE source capability 16.
PAGE 103

EnRoute500 User’s Guide Figure 53. Node hardware configuration on node with PoE source capability TR0149 Rev.
PAGE 104

EnRoute500 User’s Guide 17 Firmware Management The EnRoute500 supports secure remote firmware upgrade. 17.1 Displaying the Firmware Version Firmware version information is available in the ‘version’ interface. The example below shows how to display the current firmware version. > use version version> get release release = ENROUTE500_20060419_00_00_0133 The firmware version is also displayed at the top of the “Status” page accessible via the web interface. 17.