Airgo Networks AGN1202AP0000 802.11 a/b/g True MIMO Access Point User Manual 1
Airgo Networks Inc. 802.11 a/b/g True MIMO Access Point 1
Contents
User Manual 1
Airgo Networks, Inc.
900 Arastradero Road
Palo Alto, CA 94304
P: 650-475-1900
F: 650-475-1708
www.airgonetworks.com Part Number: 640-00068-00
Published: July 2004
Installation and
Configuration Guide
Airgo Access Point
Copyright © 2004 by Airgo, Inc. All Rights Reserved.
No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of
Airgo unless such copying is expressly permitted by U.S. copyright law.
Installation and Configuration Guide: Airgo Access Point iii
Contents
Preface - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - x
1 Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
Product Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
Product Suite - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
Features Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2
Radio Resource Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3
Mobility Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 3
Portal Architecture - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4
Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5
VLANs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5
Quality of Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6
IP Routing - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6
Multiple SSIDs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6
Guest Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6
Rogue AP Detection and Classification - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6
Standards and Data Rates - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7
Integration With the Existing Wired Network - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7
Management Interface Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 8
2 Planning Your Installation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9
Example Wireless Network Installation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9
Assessing Coverage and Capacity Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 10
Site Surveys - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11
Assessing Security Needs and Architecture - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11
Selecting a Network Management Method - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 12
Planning Network Features - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 14
Example Deployment Scenarios - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16
Example 1: Small office, single AP, possible future growth - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16
Example 2: Small to mid-size business with wireless backhaul - - - - - - - - - - - - - - - - - - - - - - - - - - 18
Example 3: Mid-size business, multiple SSIDs, multiple VLANs - - - - - - - - - - - - - - - - - - - - - - - - - 19
Example 4: Large business, guest access, extended network services - - - - - - - - - - - - - - - - - - - - - - 21
Example 5: Large Campus with Branch Offices - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 23
3 Installing the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25
Using the Configuration Interfaces - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25
Hardware Components - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25
System Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25
Installation Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 25
Installation and Configuration Guide: Airgo Access Point iv
Power and Cabling Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 26
Network Information Requirements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 26
Installing the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 26
Using Power Over Ethernet - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 27
Placement and Orientation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 27
Verifying the Installation - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 28
Interpreting the LEDs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 28
Connecting the Serial Port - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29
Resetting the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29
Using the Configuration Interfaces - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30
Using the Web Browser Interface - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 30
Using AP Quick Start to Initialize the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 31
Initializing a Normal AP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 33
Initializing the Portal AP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36
Navigating the Web Interface - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 37
The Home Panel - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 37
Quick Start Panels - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 39
Other Panels - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45
NM Portal Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45
Configuration Wizards - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45
User Security Wizard - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45
Guest Access Wizard - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 50
4 Configuring Radio Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 55
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 55
Configuring Radio Parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 56
Global Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 57
Admin State Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 62
Channel Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 64
Performance - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 66
Admission - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 68
Setting the Advanced Radio Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 69
802.11 Policy - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 69
MAC Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 71
Viewing Radio Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 72
Radio State - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 72
Radio Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 75
Viewing Radio Neighbor Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 77
Configuring SSID Parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 78
SSIDs and Service Profiles - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 79
SSID Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 80
SSID Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 82
Profile Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 84
Multiple SSIDs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 85
Managing Client Stations - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 86
Stations - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 87
Installation and Configuration Guide: Airgo Access Point v
Link Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 88
Security Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 89
Configuring Inter Access Point Protocol (IAPP) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 90
IAPP Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 91
IAPP Topology - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 91
IAPP Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 92
Performing Radio Diagnostics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 93
Link Test - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 94
Walk Test - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 97
5 Configuring Networking Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 99
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 99
Interfaces - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 99
Configuring Bridging Services - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 100
Bridge and STP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 100
Bridge Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 102
ARP Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 102
Configuring IP Routes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 103
Configuring VLANs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105
VLAN Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 106
Interface VLAN - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 107
User VLAN - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 108
VLAN Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 110
Configuring Quality of Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 111
Ingress QOS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 113
Egress COS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 114
QoS Stats - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 115
Configuring Advanced QoS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 115
Class-Order - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 116
IP-DSCP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 117
IP Protocol - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 118
IP Precedence - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 119
Configuring Packet Filters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 119
Filter Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 119
Filter Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 121
Configuring Interfaces - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 121
Interface Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122
Interface Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123
Configuring SNMP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123
Ping Test - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 125
6 Configuring a Wireless Backhaul - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127
Use of Radios for Backhaul - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Wireless Backhaul Trunks - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Wireless Backhaul security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 128
Installation and Configuration Guide: Airgo Access Point vi
Setting Up a Wireless Backhaul - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129
Link Criteria - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129
Candidate APs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 131
Trunk Table - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 131
Trunk Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 132
7 Managing Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 135
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 135
AP Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 136
Administrative Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 136
User Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 136
Data Encryption - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 137
Configuring Wireless Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 138
Security Mode - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 138
SSID Authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 140
Configuring Authentication Zones - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 143
Authentication Zones - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 143
Authentication Servers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 144
Configuring Administrator Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 144
External RADIUS Server Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 145
Viewing Security Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 146
Authentication Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 146
Supplicant Statistics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 147
Authentication Diagnostics - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 149
Configuring Advanced Parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 150
8 Configuring Guest Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 153
Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 153
Internal Landing Page - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 154
External Landing Page - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 155
Open Subnet - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 156
Configuring Guest Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 156
Guest Access Services Panel - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 158
Guest Access Security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 160
9 Managing the Network - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 163
Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 163
Using NM Portal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 164
Home Panel - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 164
Menu Tree - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 164
Using the Network Topology Menu - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 165
Enrolling APs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 165
Viewing Backhaul Topology - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 168
Viewing IP Topology - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 169
Displaying Discovered Radios - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 171
Managing Rogue Access Points - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 173
Installation and Configuration Guide: Airgo Access Point vii
IP Rogue AP Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 174
Wireless Rogue AP Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 176
Using the NM Services Menu - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 179
Working With Policies - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 179
Configuring Network Discovery - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 182
Configuring Portals - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 185
Configuring the DHCP Server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 188
Managing Network Faults - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 192
Viewing Alarms - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 192
Viewing the Syslog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 202
Managing Users - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 203
Adding Wireless Users - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 203
Adding Administrative Users - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 205
Adding MAC-ACL Users - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 206
10 Maintaining the Access Point - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 209
Rebooting the AP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 209
Managing the System Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 209
IP Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 210
Syslog Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 211
License Management - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 212
NMS Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 212
Hardware Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 213
Managing the AP Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 214
Secure Backup - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 214
Configuration Reports - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 215
Reset Configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 217
TFTP Backup - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 218
Upgrading Software - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 219
Software Image File - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 220
Upgrading the AP Software - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 220
Canceling a Distribution - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 223
Download Status - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 223
Image Recovery - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 224
Common Problems and Solutions - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 224
A Using the Command Line Interface - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 227
Using the Command Line Interface - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 227
Using the Console Port for CLI Access - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 228
B Regulatory and License Information - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 231
C Alarms - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 233
Discovery: Discovered new node - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 235
Discovery: Node deleted from network - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 235
Discovery: Managed nodes limit exceeded - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 236
Enrollment: Node Enrolled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 236
Installation and Configuration Guide: Airgo Access Point viii
Enrollment: Node Un-enrolled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 237
Policy: Policy Download Successful - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 238
Policy: Policy Download Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 238
Software Download: Image Download Succeeded - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 239
Software Download: Image Download Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 239
Software Download: Software Distribution Succeeded - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 240
Wireless: Radio enabled (BSS Enabled) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 241
Wireless: Radio Disabled (BSS disabled) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 241
Wireless: BSS Enabling Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 242
Wireless: Frequency Changed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 242
Wireless: STA Association Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 243
Wireless: STA Associated - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 244
Wireless: STA Disassociated - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 245
Wireless: WDS Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 246
Wireless: WDS Up - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 246
Wireless: WDS Down - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 247
Security: Guest Authentication Succeeded - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 248
Security: Guest Authentication Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 249
Security: User rejected by RADIUS Server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 249
Security: BP rejected by RADIUS Server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 250
Security: RADIUS Server timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 251
Security: Management User login success - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 252
Security: Management User login failure - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 253
Security: STA failed EAPOL MIC check - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 253
Security: STA attempting WPA PSK – no Pre-shared Key is set for SSID - - - - - - - - - - - - - - - - - 254
Security: Auth Server Improperly configured on this SSID - - - - - - - - - - - - - - - - - - - - - - - - - - - 255
Security: STA failed to send EAPOL-Start - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 256
Security: RADIUS sent a bad response - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 256
Security: RADIUS timeout too short - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 257
Security: STA authentication did not complete in time - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 258
Security: Upstream AP is using an untrusted auth server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 259
Security: Upstream AP is using a non-portal node as its auth server - - - - - - - - - - - - - - - - - - - - - 260
Security: Upstream AP failed MIC check during BP authentication - - - - - - - - - - - - - - - - - - - - - 260
Security: Premature EAP-Success received - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 261
Security: Profile not configured for user-group - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 262
Security: STA has failed security enforcement check - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 263
Security: Guest Authentication Failed - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 264
Security: AP Detected Bad TKIP MIC - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 265
Security: BP Detected Bad TKIP MIC on Incoming Unicast - - - - - - - - - - - - - - - - - - - - - - - - - - 266
Security: BP Detected Bad TKIP MIC on Incoming Multicast/Broadcast - - - - - - - - - - - - - - - - - 266
Security: STA Detected Bad TKIP MIC on Incoming Unicast - - - - - - - - - - - - - - - - - - - - - - - - - 267
Security: STA Detected Bad TKIP MIC on Incoming Multicast/Broadcast - - - - - - - - - - - - - - - - 268
Security: TKIP counter-measures lockout period started - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 268
Security: EAP User-ID timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 269
Security: EAP response timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 270
Installation and Configuration Guide: Airgo Access Point ix
Security: EAPOL Key exchange – message 2 timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 271
Security: EAPOL Group 2 key exchange timeout - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 272
Glossary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 275
Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 281
Installation and Configuration Guide: Airgo Access Point x
Preface
This guide explains how to install and configure the Airgo Access Point (Airgo AP), which is used
with Wi-Fi certified clients to provide PC laptop and desktop users with wireless network access.
The Airgo Access Point provides the following features:
•High throughput and range through dual-band radio transceivers
•Easy installation
•Wireless networking features that include bridging, VLAN, Quality of Service (QoS), IP
routing, and network backhaul capabilities
•Comprehensive security that includes support for WEP, TKIP, AES, EAP-PEAP, EAP-TLS,
and RADIUS
•Automated radio resource management, including controls for operating channels, capacity,
and range
•Policy-based management
Audience
This guide is designed to help you install and configure the Airgo Access Point successfully even if
you are unfamiliar with wireless networking technology. Some familiarity with local area
networking technology is assumed. If you encounter a term or acronym with which you are
unfamiliar, refer to the glossary at the end of the guide, just before the index.
Organization of this Guide
This guide consists of the following chapters:
• Chapter 1, “Overview,” provides a high-level overview of the Airgo Access Point products.
• Chapter 2, “Planning Your Installation,” describes various deployment scenarios and helps
determine how many Airgo Access Points will be needed and the appropriate network
management scheme.
• Chapter 3, “Installing the Access Point,” describes how to install the Airgo Access Point and
how to use the Quick Start panels for fast and easy configuration. Also explains how to use the
Airgo AP web interface.
• Chapter 4, “Configuring Radio Settings,” explains how to configure the Airgo Access Point
radios.
• Chapter 5, “Configuring Networking Settings,” explains how to configure the advanced
networking features of the Airgo Access Point.
• Chapter 6, “Configuring a Wireless Backhaul,” explains how to use the wireless backhaul
feature to configure a wireless distribution system that can cover a large area with limited wired
network connectivity.
• Chapter 7, “Managing Security,” describes the encryption and authentication features of the
Airgo Access Point and explains how configure the security options.
• Chapter 8, “Configuring Guest Access,” describes how to configure guest access for the
network.
Preface
xi Installation and Configuration Guide: Airgo Access Point
• Chapter 9, “Managing the Network,” explains how to use the NM Portal features of the
Airgo Access Point to manage multiple APs across your network.
• Chapter 10, “Maintaining the Access Point,” describes the tools available to maintain the
Airgo Access Point.
• Appendix A, “Using the Command Line Interface,” describes how to use the console and
command line interface (CLI) to configure the Airgo Access Point, with cross-references to the
Airgo Command Line Interface Reference Manual.
• Appendix B, “Regulatory and License Information,” provides regulatory specifications. for
the Airgo Access Point.
• Appendix C, “Alarms,” provides a description of the alarms generated by the Airgo Access
Point.
• Glossary— Provides definitions for acronyms, networking terminology, and Airgo-specific
terms.
Conventions Used in this Guide
This guide uses the following conventions for instructions and information.
Notes, Cautions, and Warnings
Notes, cautions, and time-saving tips use the following conventions and symbols.
Command Conventions
Table 1 describes the command syntax used in this document.
NOTE: Notes contain helpful suggestions or information that may be of
importance to the task at hand.
CAUTION: Caution indicates that there is a risk of equipment damage or loss
of data when certain actions are performed.
WARNING: Warnings are intended to alert you to situations that could result
in injury (such as exposure to electric current, for example).
Table 1:Command Conventions
Convention Description
boldface Commands and keywords.
italic Command input that is supplied by you.
[ ] Optional keywords and default responses to system
prompts appear within square brackets.
{x|x|x} A choice of keywords (represented by x) appears in
braces separated by vertical bars. You must select one.
Ctrl Represents the key labeled Ctrl. For example, when you
read ^D or Ctrl-D, you should hold down the Control
key while you press the D key.
panel font Examples of information displayed on a panel.
boldface panel font Examples of information the user must enter.
Preface
Installation and Configuration Guide: Airgo Access Point xii
Related Documentation
The following documentation related to the Airgo wireless networking product line is available on
CD-ROM and also on the Airgo website, http://www.airgonetworks.com.
• Airgo Client Installation and User Guide — Explains how to install and configure the Airgo
Wireless LAN Client Adapter, which provides PC laptop and desktop users with access to the
Airgo Access Point products.
• Airgo NMS Pro Installation and Configuration Guide — Explains how to use Airgo NMS
Pro to manage an enterprise wireless network.
• Airgo Command Line Interface (CLI) Reference Manual — Provides a listing of all the
commands available for Airgo wireless products through serial console access and the
command line interface. Intended for advanced users and system administrators.
Preface
xiii Installation and Configuration Guide: Airgo Access Point
Installation and Configuration Guide: Airgo Access Point 1
1Overview
This chapter introduces the features and capabilities of the Airgo Access Point and presents the
following topics:
•Product Overview
•Features Overview
•Standards and Data Rates
•Radio Resource Management
•Mobility Management
•Portal Architecture
•Security
•Integration With the Existing Wired Network
•Management Interface Options
Product Overview
The Airgo Access Point is part of an innovative suite of wireless technology products designed to
dramatically improve the quality and convenience of wireless networking. By greatly increasing
the range, speed, reliability, security, and ease-of-use of wireless LAN (WLAN) systems, Airgo
products help to promote the mainstream adoption of wireless technology, and help to foster new
wireless applications.
Product Suite
The Airgo product suite comprises these wireless networking products:
•Airgo Access Point
•Airgo Wireless LAN Client Adapter
•Airgo Professional Network Management System (NMS Pro)
Airgo Access Points
Airgo Access Points (Airgo AP) provide network connectivity for wireless client stations.
Incorporating the latest technological advances in radio design and implementation, the dual-radio
Airgo Access Point offers very high wireless performance, financial-grade security, and extended
wireless coverage.
Airgo Wireless LAN Client Adapter
The Airgo Wireless LAN Client Adapter provides the communications link between laptop or
desktop PC users and wireless network. Available in PC Card and Mini PCI Card form factors, the
Airgo Wireless LAN Client Adapter is designed to take full advantage of the performance, range,
security, and management capabilities of the Airgo Access Point. For more information, refer to the
Airgo Wireless LAN Client Adapter Installation and User Guide.
1 Overview
2 Installation and Configuration Guide: Airgo Access Point
Airgo NMS Pro
Airgo’s NMS Pro provides enterprise-class management for the wireless network, including
complete configuration and image control, security, and performance and fault monitoring. For
more information, refer to the NMS Pro Installation and Configuration Guide.
Figure 1 shows how Airgo products operate in concert to create a wireless network.
Figure 1: Airgo Wireless Network
Features Overview
Airgo Access Points extend the range, coverage, and bandwidth of traditional wireless equipment,
while also supporting the latest network security and management features. All Airgo Access Point
models include the following features:
•Dual radios, each operating in 802.11b/g or 802.11a mode
•Optional Airgo enhanced data rates up to 108 Mbps
•Automated frequency management
•Cell size and range management
•Support for all current IEEE 802.11 standards and draft versions of 802.11 standards
•Multiple SSID support
•Bridging, including layer 2 filtering, encapsulation modes, 802.1x support, and static
forwarding
•Easy installation and configuration
•Single and multiple VLAN support, interface-based and user-based
•802.11 roaming support
•Web and command line user interfaces
Client(s)
DNS & DHCP
Server
RADIUS
Server
Access
Point
Wireless Clients
Wireless Clients Wireless Clients
Access
Point
Access
Point
Enterprise
Network
A0001D
NMS Pro
Server
Features Overview
Installation and Configuration Guide: Airgo Access Point 3
•Embedded Network Management and Security Portal services
•Financial grade security
•Effective security management
•Guest user access
•Rogue AP detection
•Quality of service (QoS)
•Wireless backhaul modes
•Integration with existing wired network infrastructure
•Static IP routing
•SNMP MIB support
•Authentication using RADIUS services
•Software and firmware upgrades
•Back up and restoration of AP configuration data
•SYSLOG and diagnostic tools for monitoring and troubleshooting
Radio Resource Management
The Airgo AP supports management of radio channels, cell size, and range.
Channel management features include automatic channel selection, support for international
channel sets, dynamic channel changes in response to network conditions, and the ability to assign
channels manually to fine tune channel quality. Cell size and range capabilities enable you to
optimize equipment placement, eliminate dead spots, and reduce interference.
Mobility Management
Mobility management features include Layer 2 roaming (as users move from one coverage area of
an access point to another or are switched for load balancing purposes), quality of service support,
and comprehensive security features. The Airgo AP also provides support for 802.11f based Inter-
Access Point Protocol (IAPP).
1 Overview
4 Installation and Configuration Guide: Airgo Access Point
Portal Architecture
To support the range of network sizes and configurations served by Airgo products, Airgo has
designed a built-in, flexible, portal services architecture for management and security. Each AP can
be configured as an NM Portal AP to support the following services:
Figure 2 illustrates portal services within the Airgo network. NM Portal provides overall network
management functionality and monitoring. The enrollment portal feature enables verification of
additional APs and authorization for operation in the network. The security portal feature verifies
the identity of individual users wanting access to the network.
Figure 2: Portal Services
Regardless of network size, configuring one or more Airgo APs as NM Portals yields the following
benefits:
•Even with as few as two APs in a network, NM Portal offers a single point of focus for
monitoring the network and managing security. Configuring the first AP as an NM Portal
makes it easy to enroll additional APs.
•The configuration of the NM Portal AP is easily distributed to the other APs in the network,
assuring consistent application of configuration parameters.
Service Description
Management NM Portal services provide network management functionality for small to
mid-size wireless networks. Each Airgo AP configured as an NM Portal can
operate in stand-alone mode to provide network management for the entire
network or as a location or branch manager working in conjunction with NMS
Pro, the Airgo Professional Network Management System.
Security Security portal services include support for secure user authentication by way
of a RADIUS server internal to the Airgo AP. Security portal services are part
of NM Portal, but can also be configured independently for backup
authentication in the event that the primary internal RADIUS server becomes
unavailable.
Enrollment Each Airgo wireless network requires an enrollment server to verify the
identity of Airgo APs and authorize them for operation in the network. The
enrollment portal feature is automatically enabled in the access point as part of
NM Portal. NM Portal should be used for enrollment unless NMS Pro has
been implemented as the enterprise network management solution.
A0028B
NM Portal:
Manage and
Monitor the
Network
Other APs
Enrollment Portal:
Verify AP Identity
Security Portal:
Authenticate Clients
Features Overview
Installation and Configuration Guide: Airgo Access Point 5
•NM Portal can provide user authentication services for an entire small to mid size network or
serve as a backup security server if an external RADIUS authentication service is used.
Security
Airgo offers a comprehensive security solution that adheres to the following industry standards and
draft standards:
•Data encryption—WEP, Wi-Fi Protected Access (WPA) with TKIP or AES encryption
•User authentication—IEEE 802.1x authentication, including EAP-PEAP or EAP-TLS; WPA-
PSK
•Key management—Microsoft-IAS, FUNK-RADIUS, Airgo NMS Pro, Airgo integrated
security portal, and manual key management capabilities
These features are part of a security architecture that provides the wireless network a greater degree
of security than most traditional wired networks. The following security features are included with
all Airgo AP:
•Built-in maximum industry-standard security
•Auto-detection of the security capability of clients and APs
•Policy-based configuration of security settings
•Hardware support for high-performance encryption
•Support for installations ranging from the small-office/home-office (SOHO) to multi-site
enterprises
•Command-line access using SSH (secure shell)
•Web-based management interface and policy-based management using HTTPS (SSL)
•SNMP management interface through SNMPv3
•IEEE 802.11i standards
•User-authentication using EAP-TLS, EAP-PEAP, WPA-PSK, WEP
•Rogue AP detection
•Rogue client detection
VLANs
By decoupling traffic flow and network services from the physical network topology, virtual LANs
(VLANs) enable enterprises improve network traffic flow, increase load, and deliver varying levels
of service and access to different groups of users. The Airgo AP VLAN feature readily extends an
existing wired VLAN structure to the wireless network. It can also be used to implement new
network privileges and services; for example, user VLANs are integral to the Airgo guest access
feature (see “Guest Access” on page 6).
Airgo supports interface-based VLANs and user-based VLANs. Interface VLANs separate traffic
according to the Ethernet and radio interfaces on the Airgo AP. Packets destined for a specific
interface VLAN are directed to the port with that VLAN assigned. By contrast, user VLANs
separate traffic according to user groups. Users can be assigned to the same VLAN even if they are
in different physical LANs and at geographically dispersed locations. User VLANs are useful for
managing manage enterprise work groups and differentiating among categories of users. The Airgo
Access Point supports up to 16 VLANs, including a default VLAN.
1 Overview
6 Installation and Configuration Guide: Airgo Access Point
Quality of Service
Quality of Service (QoS) features enable differential treatment of network traffic types to support
special applications or extend priority access to designated groups of users. For example,
applications as streaming media and voice over Internet suffer serious quality degradation if data
transmission is interrupted or bandwidth fluctuates excessively. You can assign a higher quality of
service to applications of this type, while still maintaining adequate service for less intensive
applications such as print and file sharing. Network utilization is increased with little to no negative
effect on user productivity. QoS can also be used to lower the priority for non-critical applications.
For example, FTP transfers, which are generally not time critical but can consume significant
network bandwidth, can be assigned lower priority than streaming media applications or database
transactions.
QoS can also be assigned on a user group basis. For example, network administrators can be
assigned a higher quality of service than other employees, thereby enhancing their ability to
manage and troubleshoot a heavily loaded network.
Airgo implements quality of service features using classes of service (COS). Eight COS levels are
available for assignment according to user or application based rules. The COS approach does not
guarantee bandwidth, but it does give “best effort” priority according to the assigned level. A
flexible approach to service quality, it scales easily and accommodates a variety of mapping rules.
MAC layer mappings for COS levels and COS to IP layer mappings are supported, and priority
settings can be assigned for different COS mapping rules.
IP Routing
IP routing adds flexibility to AP management and expands the addressing capability of the AP. You
can specify static IP addresses outside the local subnet along with routing information to reach the
addresses.
Multiple SSIDs
The Airgo AP supports multiple SSIDs within each individual AP. Using the multiple SSID feature,
users can access separate networks through a single physical infrastructure. For example, if you
want to create different levels of resource access for employees and visitors, you can create two
SSIDs, one with high security and one with open security.
Guest Access
The Airgo AP supports flexible, secure managing of guest access at corporate locations. By
contrast with most other guest access solutions, the Airgo AP supports guest access without
requiring any changes to the physical network topology. VLAN tags on the existing access points
segregate users into corporate and guest VLANs, and guests are automatically directed to an
internal or external web landing page. Guest passwords can be assigned statically or change
dynamically according to a pre-set schedule. An open access option is available to provide
unauthenticated guests with access to an open subnet.
Rogue AP Detection and Classification
Maintaining a secure wireless network requires ongoing monitoring of potential rogue access
points and the ability to classify them as known to the local or neighboring network, or as true
rogues. The network management functions of NM Portal include automatic network scanning and
display of all the detected APs that potentially qualify as rogues. Using the information included in
Standards and Data Rates
Installation and Configuration Guide: Airgo Access Point 7
the display, network administrators can identify and classify the APs that are known. The remaining
APs are classified as rogues. By examining the information available for each rogue AP, it is
generally possible to pinpoint the location of the rogue and take action to remove it from the
network.
Standards and Data Rates
Airgo supports the wireless networking standards shown in Table 2.
The 802.11 standard specifies the following data rates:
•802.11b: DSSS (1, 2, 5.5 and 11 Mbps)
•802.11a: OFDM (6, 9, 12, 18, 24, 36, 48, 54 Mbps)
•802.11g: OFDM (6, 9, 12, 18, 24, 36, 48, 54 Mbps)
Airgo also offers enhanced data rates of 72, 96, and 108 Mbps for enhanced performance.
Integration With the Existing Wired Network
Airgo wireless networking solutions are standards-compliant to ensure seamless integration with
existing wired network infrastructures. The following integration features are included with all
Airgo APs:
•10/100 Ethernet connectivity
•802.1Q VLAN support
•802.1p QOS support
•802.3af Power-over-Ethernet support
Table 2: Supported Wireless Networking Standards
Standard Area Status
IEEE 802.11b Wireless LAN Approved Standard
IEEE 802.11a Wireless LAN Approved Standard
IEEE 802.11g Wireless LAN Approved Standard
IEEE 802.11d World Mode Support Approved Standard
IEEE 802.11e HCF & eDCF Draft Standard
IEEE 802.11f Inter-AP Protocol (IAPP) Draft Standard
IEEE 802.11h TPC and DFS additional regulatory domains Approved Standard
IEEE 802.11i Wireless Security Approved Standard
IETF Standards Security EAP-TLS Draft Standard
Microsoft Standard Security EAP-PEAP Draft Standard
IETF SNMP MIBs Numerous RFC MIBs Standard
IETF Protocols Bridging, Routing Standard
WPA Security Standard Standard
Wi-Fi Alliance Wireless Interoperability Certification
1 Overview
8 Installation and Configuration Guide: Airgo Access Point
•Layer 2 and Layer 3 QoS support
•DHCP server and client support
•NTP for time-synchronization
Management Interface Options
Management support for the Airgo AP is available through four different interfaces:
Interface Description
Web Browser Interface This is the primary user interface for basic and advanced AP
configuration support for a single AP. This guide presents all
configuration tasks using the web browser interface.
NM Explorer A built-in NM Portal web interface is available to manage multiple APs.
For details on using NM Portal, see Chapter 9, “Managing the Network.”
Command Line
Interface (CLI) The command line interface (CLI) for the Airgo AP is accessible through
a local 9-pin serial console port or over SSH. For more information on
using the CLI to configure the AP, see Appendix A, “Using the
Command Line Interface.”
NMS Pro The NMS Pro user interface provides access to AP configuration
functions and is designed to manage very large numbers of access points
and networks. For more information, see the NMS Pro Installation and
User Guide.
Installation and Configuration Guide: Airgo Access Point 9
2Planning Your Installation
This chapter provides guidelines on planning a wireless network. It includes example network
configurations and explains how to plan for coverage, capacity, security, and network management.
The chapter includes the following topics:
•Introduction
•Assessing Coverage and Capacity Requirements
•Assessing Security Needs and Architecture
•Planning Network Features
Introduction
Careful planning of a new wireless network can greatly enhance your ability to install, maintain,
manage, and expand the network. There are several dimensions to installation planning:
•Coverage and capacity requirements—Identify the numbers and types of access points to install
and determine optimal placement.
•Security needs—Choose a security architecture and features.
•Network management—Choose a method to manage the network and monitor its health.
•Network features—Determine VLAN assignment, user groups, services, and privileges.
If planned properly, a wireless network can be easily expanded and adjusted to changing conditions
and requirements while preserving effective security and enabling network-wide management
support.
Example Wireless Network Installation
Figure 3 shows the elements of a typical Airgo wireless network. Airgo Access Points provide
wireless connectivity to client stations (laptop or desktop computers) and connect in turn to the
existing wired network infrastructure and beyond to the Internet. Network size and complexity may
also dictate the need for an external RADIUS server for user authentication, as well as installation
of Airgo NMS Pro for enterprise network management.
2 Planning Your Installation
10 Installation and Configuration Guide: Airgo Access Point
Figure 3: Typical Wireless Network
Assessing Coverage and Capacity Requirements
Airgo wireless technology significantly increases wireless coverage or capacity by comparison
with other wireless LAN products. This wireless advantage allows an access point to service a large
area or provide higher data rates, depending upon the conditions at your location. Figure 4
illustrates the contrast between typical wireless coverage and Airgo wireless coverage. Each Airgo
AP can service a wider area or provide higher data rates than alternative solutions.
Precise coverage and capacity vary considerably depending on factors such as the specific 802.11
protocol being used, antenna placement and location, building construction materials, and local
obstructions.
Enterprise Boundry
NMS
Pro
RADIUS
10/100 Ethernet
Corporate
Network
Internet
LAN Switch/Router
WAN Router
with Firewall
Network Operations Center
AP with
2 Radios AP with
1 Radio
AP with
1 Radio
802.11a
802.11g/b
802.11a
(or 802.11g/b)
802.11g/b
(or 802.11a)
A0008C
Assessing Security Needs and Architecture
Installation and Configuration Guide: Airgo Access Point 11
Figure 4: Airgo AP Coverage Compared with Other Access Points
Site Surveys
Site surveys are used to measure the wireless characteristics of the physical environment and
thereby determine cost-efficient placement of equipment in the network. They are important
because the physical attributes of a location may have a significant impact on realized coverage and
data rates. The site survey involves a detailed assessment of the radio signal environment of the site
based on experiments and testing. After the wireless network equipment is installed, radio signals
are sent between the AP and a mobile client (laptop) to effectively tune the placement of APs.
A professional site survey is highly recommended for large installations, but can be an expensive
and time-consuming process, especially for installations with a variety of buildings and building
materials, radio signal conditions, and restrictions on equipment placement. Thanks to the dramatic
improvements in capacity and coverage provided by Airgo APs, many small to mid-size companies
can forgo the traditional site survey process and rely instead on general guidelines.
Assessing Security Needs and Architecture
The latest security innovations and standards make it possible to provide complete and effective
security for wireless networks. The specifics of an optimal security solution will vary according to
the type and size of organization. For each environment, Airgo offers a selection of features to
satisfy all your security needs.
Three aspects of security require planning and decisions:
•Enrollment—Specifying the Airgo AP or NMS Pro server used to verify which access points
are authorized to be part of the wireless network.
108 Mbps
54 Mbps
Access Point
Location
Typical
Wireless Coverage
Legacy
Coverage
Coverage
Data
Rate
Legacy
Wireless
Coverage
A0020A
2 Planning Your Installation
12 Installation and Configuration Guide: Airgo Access Point
•Data encryption—Specifying the method of security for wireless data communications
between client stations and the AP.
•Authentication—Specifying the method to verify the identity of users who want to access the
wireless network, and assign access restrictions and services to them.
Enrollment
Enrollment is the process of verifying the identity of APs and confirming that they are authorized to
be a legitimate part of the wireless network. It is recommended to designate a single enrollment
server for the entire network. For small and mid-size networks, this should be an AP configured as
an NM Portal (see “Selecting a Network Management Method” on page 12). For large offices and
campuses, it is recommended to use the enrollment module within NMS Pro as the enrollment
server. The process of enrollment is discussed in “Enrolling APs” on page 165.
Data Encryption
Data encryption is the process whereby data packets are encoded to prevent intruders from
deciphering the content. The first wave of IEEE 802.11 products introduced encryption based on
the Wired Equivalent Privacy (WEP) standard. The WEP algorithm uses keys configured on the AP
and in the user client software to encrypt wireless data. Unfortunately, WEP is vulnerable to
compromise and difficult to manage and configure. Temporal Key Integrity Protocol (TKIP) is the
secure successor to WEP.
The current state of the art for data encryption is the Advanced Encryption Standard (AES),
adopted by the Wi-Fi Alliance as part of the IEEE 802.11i working group efforts and grouped under
the heading Wi-Fi Protected Access (WPA). The new IEEE 802.11i standard provides financial-
grade security with extremely strong AES over-the-air encryption. The keys used for every user
session are unique and are established automatically using the IEEE 802.1x protocol.
Unless your wireless network must support WEP encryption, using WPA with AES for data
encryption, regardless of your network size or complexity, is recommended.
User Authentication
User authentication is the process of verifying user identity and assigning access rights based on
predetermined rules. For small to mid-size networks, the internal RADIUS server within the Airgo
AP security portal provides authentication services across the network. A second AP can also be
configured as a backup security portal.
For large office and campus installations, one or more external RADIUS authentication servers
may already be in place to provide authentication services for the wired network based on the IEEE
802.1x RADIUS standard. It is a straightforward exercise to extend that infrastructure to the
wireless network, thereby creating an integrated user authentication process for the entire enterprise
network.
The security portal feature of the Airgo AP plays a special role in wireless backhaul authentication.
For more information, see Chapter 6, “Configuring a Wireless Backhaul.”
Selecting a Network Management Method
As with user authentication, appropriate network management solutions depend upon the size and
complexity of the network, and Airgo products and features are available to support the full range
of possibilities.
Assessing Security Needs and Architecture
Installation and Configuration Guide: Airgo Access Point 13
For small and mid-sized networks, it is recommended to configure one of the APs on the network
as a portal AP to provide NM Portal, security portal, and enrollment services. It is also
recommended to designate another AP as a backup for the security portal.
For large offices and campuses, enterprise-wide control and advanced network management
features become essential to reliable network operations. For these networks, it is recommended to
use the Airgo NMS Pro network management application, which provides a comprehensive
network management solution. Install the NMS Pro server on any suitably configured network
computer, and permit network administrators to obtain access from any designated client station.
For more information, see the Airgo NMS Pro Installation and Configuration Guide.
NMS Pro can be installed as a stand-alone network management solution, or it can be used in
conjunction with NM Portal APs to create an efficient distribution system for network management
data and policies across multiple locations. For enterprises with multiple locations, an AP in each
location can be assigned as the NM Portal. The NM Portal serves an auxiliary function, executing
commands for AP management updates and distributing them to all the APs at the remote location
or collecting data from all the APs at the location and sending the data back to NMS Pro. This
model can significantly reduce the time and network load associated with performing network
management functions such as policy distribution and software updates.
2 Planning Your Installation
14 Installation and Configuration Guide: Airgo Access Point
Planning Network Features
The Airgo AP offers an extensive set of configuration parameters and network service features.
Automated and default options are available for most of these, making it necessary to configure
only a few of the AP parameters to set up a basic network. As needs change, additional features can
be configured to support new network services.
Network feature planning involves the following decisions:
Feature Planning Issues
Physical
Network Estimate how many APs are expected initially and with growth. Determine whether
wireless backhaul will be required.
Network
Management Determine the network management structure.
•A network management solution such as NM Portal or NMS Pro is strongly
recommended for all multiple AP installations.
•NM Portal is recommended for small to mid-size networks.
•NMS Pro is recommended for large enterprise networks. NMS Pro can be used in
conjunction with NM Portal for an efficient, hierarchical network management
solution.
•If wireless backhaul is selected, then network management must include NM
Portal.
Authentication Determine how to verify the identity of users requesting access to the network. An
authentication scheme is required for all except Open access.
• Pre-shared key (PSK) authentication uses matching keys assigned prior to the
authentication session and stored on the AP and in the client. With PSK, no external
authentication server is required. This approach is useful for small to mid-size
networks in which keys can be easily configured and modified, as needed.
• RADIUS user authentication relies upon individual login and password. This
approach is preferred for medium-large and enterprise networks that must
accommodate large, changing user populations. RADIUS is the most common
protocol used in authentication servers.
The Airgo AP can take advantage of the authentication services provided by an
external third party RADIUS server, or the internal RADIUS security portal on the
Airgo AP can be used. In conjunction with an external RADIUS server, the security
portal provides wireless backhaul authentication services and can serve as a back-
up authentication server if the external RADIUS server is not available.
An authentication zone is a group of one or more RADIUS servers providing user
authentication services within an SSID. If multiple SSIDs are configured, then you
can create an authentication zone for each.
The chosen authentication method influences how services can be configured in the
network.
Security Modes Choose WPA, WEP, or open security modes.
•WPA is recommended, unless WEP is required for communication with legacy
systems.
•WPA security is compatible with WEP and with open security. WEP is not
compatible with open security.
•Guest access requires the open security mode.
•The preferred encryption method is AES, unless TKIP or WEP are required for
compatibility with legacy systems.
Planning Network Features
Installation and Configuration Guide: Airgo Access Point 15
VLAN VLANs permit the network to be segmented according to functional needs without the
restrictions of the physical topology.
•If your enterprise uses multiple VLANS, they can be supported in the wireless
network.
•Multiple VLANs are required for guest access.
SSID Decide whether one or multiple SSIDs will be supported.
•Multiple SSIDs are desirable for applications such as wireless Internet service
(WISP), in which a single physical access point supports multiple user populations
in distinct networks.
•Multiple SSIDs permit support of multiple service levels in networks that rely on
PSK rather than user-based authentication. Services are bound to the SSID rather
than to specific user groups.
Quality of
Service Quality of Service (QoS) allows you to set priorities for user traffic, thereby increasing
the likelihood that critical data will obtain the needed priority.
QoS is implemented by way of class of service (COS) mappings. Accept the default
mappings or define custom mappings to create special high or low priority classes of
service.
•Default and custom mappings are compatible with other feature selections.
Service Profile Service profiles specify the services available for an SSID or for designated user
groups within an SSID. Accept the default service profile or create custom service
profiles to provide varying levels of service. The service profile includes VLAN
assignment, COS, and minimum security.
Once created, a service profile can be bound to an SSID with or without a specified
user group.
•If a user group is included in the binding of a service profile to an SSID, then
members of the user group are automatically assigned that profile when
authenticated.
•If no user groups are specified, then all users who access the SSID are assigned the
same profile.
Guest Access Guest access refers to special treatment of users who are not authorized to access the
main corporate network. The guest access feature allows non-authorized users to gain
network access in a controlled way.
Decide whether the network will support guest users and if so, how guest access will
be managed.
•Guest access requires open access security, and is not compatible with WEP.
•Guest users can be authenticated by way of an internal or external web landing
page, or can be given open access to a restricted portion of the corporate network.
Feature Planning Issues
2 Planning Your Installation
16 Installation and Configuration Guide: Airgo Access Point
Example Deployment Scenarios
This section describes the feature decisions for an example company as a function of network size,
management structure, and network services.
Example 1: Small office, single AP, possible future growth
Acme Works begins as a small company with 20 users. The office is at a single location served by
one access point connected to the wired backbone. The elements of the network are shown in
Figure 5.
Figure 5: Example 1 Network
One AP is able to meet current coverage and capacity needs. The AP is configured as an NM Portal
to assure that the appropriate network management structure will be in place in the event that the
business expands and additional APs are required. Since the user base is small, there is no need for
a RADIUS authentication infrastructure. The security mode is WPA with pre-shared keys (PSK)
and AES encryption. A single SSID is in place, and the default VLAN, QoS, and service profiles
are used.
Figure 6: Example 1 Feature Decisions
A0037C
AP (NM Portal Mode)
A0036A
Physical Network One AP Multiple APs Wireless Backhaul
Network Management NM Portal
Default VLAN
Single SSID (default)
Default COS Mappings Custom COS Mappings
Default Service Profile Custom Service Profiles
Disabled (default) Enabled
Multiple SSIDs
Multiple VLANs
NMS PRO
User Authentication Built-In Security Portal External RADIUS Server
Security Modes WPA (default) Open WEP
VLAN
SSID
Quality of Service
(Class of Service - COS)
Service Profile
Guest Access
Example Deployment Scenarios
Installation and Configuration Guide: Airgo Access Point 17
The following table lists the tasks required for configuration and provides pointers to the detailed
instructions in this guide.
Table 3: Example 1 Configuration Tasks
Task Process
Bring up the first (or
only) Airgo AP 1Make sure a DHCP server is available on the network, and create a DHCP
reservation for the MAC address of this AP.
2Have the information sheet shipped with the AP available.
3Bootstrap the AP as an NM Portal. Defaults are acceptable for most
settings.
4Choose an SSID (wireless network name).
5Choose an administrative password and WPA pre-shared key.
6Configure clients with compatible WPA security using the same pre-
shared key.
References: “Initializing a Normal AP” on page 33, “Initializing the Portal
AP” on page 36
Confirm that the
network is up •Open the IP Topology panel in NM Portal to confirm that the AP is listed
as discovered.
•Open the Station Management panel at any time to view a list of client
stations associated to the AP.
References: “Viewing IP Topology” on page 169 and “Managing Client
Stations” on page 86.
2 Planning Your Installation
18 Installation and Configuration Guide: Airgo Access Point
Example 2: Small to mid-size business with wireless backhaul
Acme Works has now grown to 70 users. The site is the same as in Example 1; however Acme
wants to provide coverage to a temporary building that has no wired connection. An additional AP
is added to provide user access via a wireless backhaul (Figure 7).
Figure 7: Example 2 Network
Figure 8 summarizes the feature decisions for this example. The security portal capability within
NM Portal provides authentication for the backhaul AP. The security mode is WPA with pre-shared
keys (PSK). A single SSID is in place, and the default VLAN, QoS, and service profiles are used.
Figure 8: Example 2 Feature Decisions
A0042
E
SSID="Corp" SSID="Corp"
10/100 Switched Ethernet
A0036B
Physical Network One AP Multiple APs Wireless Backhaul
Network Management NM Portal
Default VLAN
Single SSID (default)
Default COS Mappings Custom COS Mappings
Default Service Profile Custom Service Profiles
Disabled (default) Enabled
Multiple SSIDs
Multiple VLANs
NMS PRO
User Authentication Built-In Security Portal External RADIUS Server
Security Modes WPA (default) Open WEP
VLAN
SSID
Service Profile
Guest Access
Quality of Service
(Class of Service - COS)
Example Deployment Scenarios
Installation and Configuration Guide: Airgo Access Point 19
Example 3: Mid-size business, multiple SSIDs, multiple VLANs
Now a successful business, the management at Acme Works wants to position the company for
continued growth. The company decides to deploy an external RADIUS server to manage user
authentication centrally for the entire company. The RADIUS authentication infrastructure works
well for a changing user population (employees joining, leaving, or moving to new departments)
and readily supports further network service enhancements.
The company creates two SSIDs as a way to separate the Finance department network traffic from
the main corporate network traffic. Two RADIUS servers are configured, each in its own
authentication zone. To separate Finance department traffic from the overall network traffic, a
Finance VLAN is created. A Finance service profile is also created and bound to the Finance SSID.
The service profile is configured to include the Finance VLAN, high security and higher-than-
normal COS. Once this structure is in place and a member of the Finance group is authenticated by
way of the RADIUS server, the Finance group tag is passed to the Airgo AP, and the Finance
service profile is applied to the user.
The network configuration for this example is shown in Figure 9, and the feature decisions are
shown in Figure 10.
Figure 9: Example 3 Network
RADIUS
Server
A0044B
CorporateVLAN
CorporateVLAN
VLAN Switch
FinanceVLAN
FinanceVLAN
Corporate Finance
2 Planning Your Installation
20 Installation and Configuration Guide: Airgo Access Point
Figure 10: Example 3 Feature Decisions
The following table lists the tasks required to link to an external RADIUS server and add multiple
VLANs, and provides pointers to the detailed instructions in this guide.
Table 4: Example 3 Configuration Tasks
Task Explanation
Add authentication
servers and zones 1Identify the RADIUS server for each authentication zone.
2Select the authentication option for the SSID, with reference to the defined
authentication zone.
References: “Configuring SSID Parameters” on page 78 and “Configuring
Authentication Zones” on page 143
Set up VLANs 1Choose the VLAN structure for the network.
2Configure the VLANs.
Reference: “Configuring VLANs” on page 105.
Add VLANs to the
service profiles 1Define or modify service profiles to include VLAN selection.
2Bind each profile to an SSID with an existing or new user group.
Reference: “Profile Table” on page 84 and “SSID Details” on page 82.
A0036A
Physical Network One AP Multiple APs Wireless Backhaul
Network Management NM Portal
Default VLAN
Single SSID (default)
Default COS Mappings Custom COS Mappings
Default Service Profile Custom Service Profiles
Disabled (default) Enabled
Multiple SSIDs
Multiple VLANs
NMS PRO
User Authentication Built-In Security Portal External RADIUS Server
Security Modes WPA (default) Open WEP
VLAN
SSID
Service Profile
Guest Access
Quality of Service
(Class of Service - COS)
Example Deployment Scenarios
Installation and Configuration Guide: Airgo Access Point 21
Example 4: Large business, guest access, extended network services
Acme Works is now a widely known and successful enterprise. With an ever increasing number of
visitors requiring network access, the network administrator decides to implement a corporate guest
access solution.
A guest VLAN and service profile are created and bound to the Corporate SSID, and a guest
password is created. Guests can now visit Acme Works, log in using the guest password through a
web browser, and obtain access to the resources available on the guest VLAN.
As additional needs arise, the network administrator can easily add new VLANs and service
profiles, and change the available levels of service. New VLANs are created to segregate traffic for
the Manufacturing and Engineering departments, and new service profiles are created to
accommodate members of those departments. Special classes of service are assigned for
applications sensitive to interruption or bandwidth fluctuation, such as voice over IP, and low
priority, bandwidth-intensive applications such as FTP transfers.
The network configuration for this example is shown in Figure 11, and the feature decisions are
shown in Figure 12.
Figure 11: Example 4 Network
RADIUS
Server
A0045D
Corp
VLAN
Corp-VLAN
VLAN Switch
Guest
VLAN
Guest-VLAN
Corp Guest Access
Guest
ID
Password
2 Planning Your Installation
22 Installation and Configuration Guide: Airgo Access Point
Figure 12: Example 4 Feature Decisions
The following table lists the tasks required to configure guest access and provides pointers to the
detailed instructions in this guide.
Table 5: Example 4 Configuration Tasks
Task Explanation
Set up guest VLANs •Configure a VLAN for guest access.
Reference: “Configuring VLANs” on page 105.
Create guest service
profile •Add a guest service profile with the guest VLAN and desired COS and
open security.
Reference: “Profile Table” on page 84 and “SSID Details” on page 82.
Configure landing page 1Choose an internal or external landing page.
2Assign guest password.
Reference: “Configuring Guest Access” on page 156
A0036A
Physical Network One AP Multiple APs Wireless Backhaul
Network Management NM Portal
Default VLAN
Single SSID (default)
Default COS Mappings Custom COS Mappings
Default Service Profile Custom Service Profiles
Disabled (default) Enabled
Multiple SSIDs
Multiple VLANs
NMS PRO
User Authentication Built-In Security Portal External RADIUS Server
Security Modes WPA (default) Open WEP
VLAN
SSID
Service Profile
Guest Access
Quality of Service
(Class of Service - COS)
Example Deployment Scenarios
Installation and Configuration Guide: Airgo Access Point 23
Example 5: Large Campus with Branch Offices
With continued growth, the original Acme Works building is now surrounded by multiple buildings
within a large campus setting. The company also has two branch offices in neighboring
communities. The decision is made to implement NMS Pro for enterprise-class network
management. This solution will provide network administrators with extensive control and
oversight, centralized monitoring, and fault management.
The campus buildings and branch offices lend themselves to a hierarchical management structure in
which an NM Portal AP is configured in each building. Each NM Portal AP handles policy
distribution and software upgrades at its location as directed by NMS Pro. The NM Portal AP also
serves as a backup security portal in the event that another RADIUS authentication server in its
zone becomes unavailable.
The network configuration for this example is shown in Figure 13, and the feature decisions are
shown in Figure 14.
Figure 13: Example 5 Network
A0046C
NMS Pro
Server
NM Portal AP
Enterprise
Network
RADIUS
Server
NM Portal AP
Location A Location B
2 Planning Your Installation
24 Installation and Configuration Guide: Airgo Access Point
Figure 14: Example 5 Feature Decisions
The following table summarizes the tasks required to provide network management for the campus
installation:
Table 6: Example 5 Configuration Tasks
Task Explanation
Install NMS Pro Reference: NMS Pro Installation and Configuration Guide
Enroll APs •Use the NM Portal in the local building or the campus NMS Pro system to
enroll additional APs.
Reference: “Enrolling APs” on page 165 or the NMS Pro Installation and
Configuration Guide
Create and distribute
policies •Use NMS Pro to create configuration policies and distribute them to APs
across the network.
Reference: NMS Pro Installation and Configuration Guide
A0036A
Physical Network One AP Multiple APs Wireless Backhaul
Network Management NM Portal
Default VLAN
Single SSID (default)
Default COS Mappings Custom COS Mappings
Default Service Profile Custom Service Profiles
Disabled (default) Enabled
Multiple SSIDs
Multiple VLANs
NMS PRO
User Authentication Built-In Security Portal External RADIUS Server
Security Modes WPA (default) Open WEP
VLAN
SSID
Service Profile
Guest Access
Quality of Service
(Class of Service - COS)
Installation and Configuration Guide: Airgo Access Point 25
3Installing the Access Point
Using the Configuration Interfaces
This chapter explains how to install and quickly configure the Airgo Access Point and provides
instructions for accessing the web and command line interfaces. The chapter includes the following
topics:
•Hardware Components
•System Requirements
•Installation Requirements
•Installing the Access Point
•Using the Configuration Interfaces
•Using AP Quick Start to Initialize the Access Point
•Navigating the Web Interface
•Configuration Wizards
Hardware Components
The Airgo Access Point shipping package contains the following items:
•Airgo Access Point
•Power supply and separate AC cord
•Software and documentation
System Requirements
The following are required to connect to the Airgo Access Point:
•For web browser or network management portal access, a computer with a web browser
capable of secure HTTP connections (HTTPS)
•For SSH connection, a computer with an SSH utility (the PuTTY application meets this
requirement and is available as freeware)
•10/100 Ethernet cable to connect to the AP
The computer designated for AP access should be located on the same Local Area Network (LAN),
with a compatible IP address and subnet mask, or it must be able to be routed to the AP.
To connect directly to the console port in order to access the command line interface, have the
following available:
•A 9-pin DCE female to female null modem connector to connect the PC to the Access Point
•Terminal emulator software
Installation Requirements
Airgo Access Points are radio frequency devices and are therefore susceptible to RF interference
and obstructions. When selecting locations for AP placement, try to choose places that are free of
3 Using the Configuration Interfaces
26 Installation and Configuration Guide: Airgo Access Point
large metallic structures such as equipment racks, steel bookcases or filing cabinets, or crowded by
computer enclosures.
If using an external antenna with the AP (optional), try to place the unit as high as possible, where
it is free of obstruction. Install the AP away from sources of RF interference, such as microwave
ovens, cordless phones, electric motors, and similar appliances.
Power and Cabling Requirements
The following equipment is required to install the Airgo Access Point:
•AC power outlet (100-240V, 50-60Hz standard) to power the AP (a surge-protected power
supply is recommended)
•RJ-45 port on a standard 10/100BaseT Ethernet device (hub, switch, router, or similar device),
if connecting to a wired network
•Industry standard Category 5 UTP Ethernet cables
•9-pin-to-9-pin DCE serial null modem cable or serial to USB cable, if connecting the console
Network Information Requirements
Have the following information accessible before configuring the AP:
•IP address assigned to the AP (fixed IP address or DHCP-reserved address)
•IP addresses for the default gateway, DNS Server and NTP Server, if DHCP is not used to
provide IP addresses
•IP address of the SMTP email server, if the AP is to send alerts to a specified email address
•Email address of the administrator who will receive the alerts
Installing the Access Point
Follow these steps to install the Airgo Access Point:
1Connect the Ethernet cable to the RJ-45 Ethernet connector on the AP (see Figure 15).
2Plug the other end of the Ethernet cable into an available Ethernet port on your wired network.
3(Optional) If an external antenna is to be used, attach it to the AP. Place or mount the antenna in
an unobstructed location.
4Plug the AC power cable into the power module.
5Plug the other end of the AC power cable into an approved three-prong grounded outlet (surge-
protected and/or UPS is recommended).
6Connect the power module connector to the power connector on the AP.
The Airgo Access Point powers up automatically.
Installing the Access Point
Installation and Configuration Guide: Airgo Access Point 27
Figure 15: Airgo AP Connections
Using Power Over Ethernet
Power-over-Ethernet, based on the 802.3af standard, can be used to supply power to the Airgo AP.
If both DC power and power-over-Ethernet are used at the same time, then failover takes place
automatically in the event that one of the power sources is lost. For failover, the following rules
apply:
•The AP uses the power source with the highest voltage.
•Unplugging either cable causes power to switch automatically to the other source.
Placement and Orientation
Make sure that the Airgo AP is positioned in an upright position for airflow and antenna placement
(Figure 16).
100/10BaseT
Ethernet port
Default
Reset
A0003B
Console port
DC power
3 Using the Configuration Interfaces
28 Installation and Configuration Guide: Airgo Access Point
Figure 16: Airgo AP Placement
Verifying the Installation
To verify the Airgo Access Point is operational, examine the front of the AP.
•Is the status LED red or green? If not, check the power connections and whether or not the AC
outlet has power.
•(For wired-AP installations) Is the Ethernet connection LED on? If not, check the Ethernet
cable to make sure it is seated securely in both the AP and the network port.
Interpreting the LEDs
Refer to Figure 17 and Table 7 for LED definition.
Figure 17: Airgo AP LEDs
Reset
Default
LEDs
Console port
100/100BaseT
Ethernet port
Power connector
A0002B
A0004A
Installing the Access Point
Installation and Configuration Guide: Airgo Access Point 29
Connecting the Serial Port
Follow these steps to connect a terminal to the serial port for command line interface access:
1Attach a serial null modem cable to the AP (see Figure 15).
2Attach the other end of the cable to the serial port of your computer.
3Use a terminal emulation tool such as HyperTerminal. Configure the terminal as follows:
• 115,200 BAUD
• 8-bits
• No parity
• 1 stop bit
• No flow control
A command prompt should now be available to access the command line interface.
Resetting the Access Point
Reset the AP in any of the following ways. If the AP has a buzzer installed, the AP beeps once
when reset. If the AP has a buzzer installed and is reset to factory defaults, then the AP beeps twice
when booted.
Table 7: LED Definitions
LED Description
WLAN1 Blinks green for activity.
AP STAT There are two AP status LEDs that indicate the AP status. When the AP is
reset or powered on, the bottom LED turns red and then the top LED blinks
green. Once the AP successfully boots up, the top LED turns green and stays
green.
When the AP is reset to defaults, the LEDs light up in the same sequence as
described above. If the AP has a buzzer installed, two short beeps indicate that
the AP is being reset to defaults.
ETH ACT Blinks green for activity.
100/10 Indicates Ethernet Link. Two LEDs. Only one of them will be lit up at a time.
•Top LED: 100BT Link – Lights up Green when 100 Mbit link is
established. Off means no link on 100 Mbit.
•Bottom LED: 10BT Link – Lights up Yellow when 10 Mbit link is
established. Off means no link on 10 Mbit.
WLAN0 Blinks green for activity.
Method Description
Web browser interface Use the Configuration Management panel under System Configuration. See
“Reset Configuration” on page 217.
Reset button Press the reset button on the side of the AP.
Power down Power down the AP by disconnecting the power cable (not recommended).
3 Using the Configuration Interfaces
30 Installation and Configuration Guide: Airgo Access Point
Reset the configuration of the AP to the factory default in any of the following ways:
Using the Configuration Interfaces
Four different secure interfaces are available for administering the Airgo Access Point:
•Web browser (https)
•Command line interface (SSH or console)
•SNMP (SNMPv3)
•Policy management (https, XML-based)
This section explains how to access each of these interfaces. The configuration procedures in this
guide are all presented using the web browser interface. For additional information on the CLI, see
the CLI Reference Manual.
Using the Web Browser Interface
The Airgo AP web browser interface is the easiest way to configure an AP or check the current
settings. It includes the QuickStart facility to get the AP running as quickly as possible and full set
of AP features. NM Portal can also be launched from the web interface.
Method Description
Web browser interface Use the Configuration Management panel under System Configuration. See
“Reset Configuration” on page 217.
CLI Use the command sequence
config
system >
reset-to-defaults factory-defaults
Reset buttons on the AP This is useful if the administrative password is lost; however, before
performing the reset, make sure to have the original factory-assigned AP
password available. Follow these steps:
1Make sure the AP is connected to power (power adaptor or Power-over-
Ethernet).
2On the side of the AP, hold down both the Reset and the Default buttons.
The button closest to the antenna is the Reset button. The button below it is
the Default button.
3Release only the Reset button and continue to hold down the Default
button. After 10 seconds, the Status LED blinks from Red to Green twice.
If the AP has a buzzer, a beep indicates that the restore operation has
started.
4Now release the Default button. The AP continues to reboot.The Status
LED turns Green when the reboot is successful and the AP is operational.
During this process, all passwords and configurations are reset to factory
defaults. If the AP was previously enrolled in a network, it must be re-
enrolled. The new administrator password is now the original AP unique
password that was set at the factory.
NOTE: In the web interface, a red asterisk (*) next to a field name indicates that the field is
required. Error messages are presented in text near the top of the panel.
Using AP Quick Start to Initialize the Access Point
Installation and Configuration Guide: Airgo Access Point 31
To connect to the AP using the web browser interface requires an IP connection to the AP network
and a computer with a browser capable of Secure Sockets Layer (SSL) connections. Follow these
steps:
1Launch the web browser.
aIf your network has a DHCP server, enter the DHCP-assigned address of the AP in the
address bar.
bIf your network does not use a DHCP server, assign the static address 192.168.1.1/24 to your
computer, and then enter https://192.168.1.254 in the browser address bar.
2Depending on the browser security settings, a security alert may open with a prompt on
whether to accept the Airgo security certificate. Click Yes to accept the certificate and to open
the login panel.
3In the login panel, enter or confirm the administrative user name, enter the password, select a
language, and click OK to open the web interface. The factory default for administrator access
is user name: admin. If the AP has not been initialized, the user name field is grayed out. The
factory default password is shipped with the AP on a paper insert. Use the password from the
insert to log in.
4The system response at this point depends upon whether the AP has already been initialized.
aIf the AP has been initialized, the Home feature panel opens. See “The Home Panel” on
page 37.
bIf the AP has not been initialized, the QuickStart Welcome panel opens. Use the QuickStart
panels, described in the next section, to quickly configure the AP.
Using AP Quick Start to Initialize the Access Point
When accessing the web interface for the first time or after resetting the AP to factory defaults, the
Welcome panel of the AP Quick Start Wizard opens (Figure 18). From this panel, initialize the AP
in either of two roles:
•Normal Access Point
•Portal Access Point (NM Portal)
NOTE: Each AP has DHCP enabled by default. If you are installing the AP on a
network that already has a DHCP server, enter the DHCP-assigned address of the AP to
access the web interface.
3 Using the Configuration Interfaces
32 Installation and Configuration Guide: Airgo Access Point
Figure 18: AP Quick Start Welcome Panel
Both roles allow the AP to function as an IEEE 802.11 wireless network node. As a portal AP, the
following additional functions are available:
•Configuration of the Airgo wireless network using secure AP enrollment and policy-based
configuration of APs
•Authentication of wireless users via built-in RADIUS server and certificate based identity
management system
•Monitoring of Airgo network for faults, configuration alerts, performance and security
(FCAPS)
•Upgrade of the Airgo AP network with new software images
Using AP Quick Start to Initialize the Access Point
Installation and Configuration Guide: Airgo Access Point 33
Initializing a Normal AP
1Click Bootstrap Normal AP from the Quick Start Welcome panel to open the first
initialization panel (Figure 19).
Figure 19: QuickStart Configuration Parameters
The following fields are available on this panel; however, none is required to get the AP up and
running:
NOTE: Click Logout if it is necessary to leave the Quick Start panels. If you log out
prior to completing the set-up process, then settings are not saved.
Field Description
AP Hostname Alphanumeric name for the AP. The factory default for this field is AP
followed by the MAC address of the AP’s Ethernet interface (eth0).
Enable DHCP Assigned
IP Address Checkbox that indicates whether DHCP is used to obtain an IP address. If the
box is cleared, the static Management IP Address fields are activated; if the
box is selected, the static Management IP Address fields are inactive.
IP Address/Maskbits Static IP address and subnet prefix for the AP. Required if the IP address is
not obtained automatically. The default is 192.168.1.254/24.
3 Using the Configuration Interfaces
34 Installation and Configuration Guide: Airgo Access Point
2Click Next to continue to the next panel (Figure 20). Use this panel to configure network
identity.
Figure 20: QuickStart Network Identity
3Configure the following information on this panel:
Default Gateway IP address of the gateway to the wired network. Required if the IP address is
not obtained automatically to provide complete network access. The default
is the existing network gateway.
Domain Name Servers IP address of the server supplying DNS service. Required if the IP address is
not obtained automatically to provide complete network access. The default
is the DNS server for the existing network.
Date Current date in MM/DD/YYYY format
Time Current time in HH:MM:SS format (hours 0-23)
Time Zone US-zone or GMT option. For US zone, click the radio button and select a
time zone. For GMT, click the radio button and select an offset in HH:MM
format.
Field Description
SSID Name Service set identifier for the network, also known as the Wireless Network
Name. The default name must be changed. (required)
Network Density Indication of how close the APs will be to each other. For closely spaced APs
that can support high data rates, select the high density option. For maximum
coverage at lower data rates, selection the low density option. The default
setting is Low.
Field Description
Using AP Quick Start to Initialize the Access Point
Installation and Configuration Guide: Airgo Access Point 35
4Click Next after making selections.
The last two panels (Figure 21) configure each of up to two radios on the AP. After entering
settings on the first of the two panels, click Next to open the second panel.
Figure 21: QuickStart Radio Parameters
5Set the following information:
Bootstrap Security
Mode WPA-PSK, WEP-64, WEP-128, or Open security option. The option
determines the security mode for the AP.
WPA-PSK Security
Mode Activated if WPA is selected as the security mode. Enter a alphanumeric
string at least eight characters in length. (required if security mode is WPA-
PSK).
WEP Key Activated if WEP is selected as the security mode. Enter a WEP key. A WEP-
64 key is 10 hex characters, and a WEP-128 key is 26 hex characters.
(required if security mode is WEP)
Field Description
Select Radio Interface Specific radio to be configured on the AP (wlan0 or wlan1). These correspond
to the WLAN0 and WLAN1 LEDs on the front of the AP.
Select Operating Band
and Mode 802.11b mode in the 2.4-GHz band, 802.11b or g mode in the 2.4-GHz band,
802.11a mode in the 5-GHz band, or auto selection (Any).
Configure Channel Select Auto-Select Channel or Assign Fixed Channel options:
•Auto-Select: Select At Start-up to automatically determine the channel
when the AP is booted, or Periodic to auto-select the channel at the
specified number of minutes.
•Assign Fixed Channel: Select a static channel.
In both of these cases, the channel set used for auto-scanning can also be
restricted.
Field Description
3 Using the Configuration Interfaces
36 Installation and Configuration Guide: Airgo Access Point
6After entering settings for both radios, click Finish to complete the initialization process. (If
initializing a portal AP, as described in the next section, the button is labeled Next.)
Initializing the Portal AP
Using the QuickStart panels to initialize NM Portal is similar to initializing a normal AP. The first
four panels, as described in the previous section, are the same as for the normal AP. When
configuring the second radio, click Next to set the administration and networking configuration
(Figure 22).
Figure 22: Portal QuickStart panel
7Enter the following information consistent with your corporate standards:
8Click Finish to complete the initialization process and bring up the AP Explorer Home panel.
The process takes approximately two minutes. When the process is complete, the Home panel
opens.
NOTE: The defaults for radio configuration have been selected for the best operational
radio behavior across a variety of environments. Modifying these parameters alters
radio behavior, which may have an impact on network performance or services. For
example, selecting an operating band of 5GHz (802.11a) may prevent legacy client
adapters from associating to the AP.
Field Description
Admin Password Enter and confirm the password used to manage this AP and other enrolled
APs. The password must be between 8 and 32 characters and is used for local
administrator login and SNMP v3 login. (required)
SMTP Server Name or
IP Address Address of your SMTP server
Administrator Email
Address Email address of the person to be notified regarding alerts
Navigating the Web Interface
Installation and Configuration Guide: Airgo Access Point 37
Navigating the Web Interface
The Airgo AP web interface is divided into three main areas. The menu tree (Figure 23) provides
access to all the panels and features of the web interface. To expand a menu in the menu tree, click
the arrow to the left of the menu name.
Figure 23: Menu Tree
The lower left alarm panel (Figure 24) lists the number of current alarms.To update the alarm
summary, periodically click the browser refresh button.
Figure 24: Alarm Area
When you select an item from the menu tree, the information is displayed in the Detail panel, which
takes up most of the browser window (shown for the Home panel in Figure 25).
The Home Panel
The Home panel (Figure 25) opens when you first log in to the web interface, or if Home is
selected from the menu tree. The Home screen contains top-level summary information about the
AP. To access detailed information, click More for any of the following sections:
•AP Summary—Opens the Bootstrap Configuration panel under the AP Quick Start menu (see
“Quick Start Panels” on page 39).
•Version Summary—Opens a detailed list of model and serial numbers and hardware and
software versions (see “Version Table” on page 44).
•Wireless Summary links—Opens panels to configure SSID, client stations, radios, and
encryption.
•Management Summary—Shows current network management address settings.
3 Using the Configuration Interfaces
38 Installation and Configuration Guide: Airgo Access Point
Figure 25: Home Panel
Navigating the Web Interface
Installation and Configuration Guide: Airgo Access Point 39
Quick Start Panels
Use the AP Quick Start menu items to open the Bootstrap Configuration and Version panels. Each
of the tabs in the Bootstrap Configuration panel corresponds to one of the screens used to initialize
an AP in AP Quick Start.
IP Config Tab
The IP Config tab opens when you choose Bootstrap Configuration is selected from the AP Quick
Start menu (Figure 26). Use this tab to configure addresses for the bootstrap configuration.
Figure 26: AP Quick Start - Bootstrap Configuration - IP Config
This tab contains the following settings:
Field Description
DHCP Assigned IP
Address Indicate whether to use DHCP to obtain an IP address for the AP. If the box is
cleared, the other Management IP Configuration fields are activated; if the
box is selected, the other Management IP Configuration fields are inactive.
APs.
3 Using the Configuration Interfaces
40 Installation and Configuration Guide: Airgo Access Point
Click Apply to save changes in each section on the screen or Reset to return to previously saved
values.
Radio Config Tab
Use the Radio Config tab (Figure 27) to configure bootstrap parameters for the two AP radios.
DNS IP Address Enter the IP address of the server or servers supplying DNS service. This is
required if the IP address is not obtained automatically. The default is the
DNS server for the existing network.
Multiple DNS server addresses may be specified, space-separated. The AP
will use the addresses in the order specified. Manually configured DNS
addresses always take precedence over the DNS addresses returned by a
DHCP server. If the DNS IP Address field is empty, then all manually
configured DNS server addresses will be removed.
If you delete DNS servers, only those added manually are deleted. DHCP-
assigned DNS servers continue to be available.
Management IP
Address/Maskbits Enter the IP address and subnet prefix for this AP. This is required if the IP
address is not obtained automatically. The default is 192.168.1.254/
24.
Gateway IP Address Enter the IP address of the gateway to the wired network. This is required if
the IP address is not obtained automatically. The default is the existing
network gateway.
Host Name Enter an alphanumeric name for the AP. The factory default for this field is
AP followed by the MAC address of the AP’s Ethernet interface (eth0).
AP Location Enter the physical location of the AP as a text string.
Administrator Contact Enter contact information for the person responsible for managing this AP
(phone or email address).
Field Description
Navigating the Web Interface
Installation and Configuration Guide: Airgo Access Point 41
Figure 27: AP Quick Start - Bootstrap Configuration - Radio Config
This tab contains the following settings:
Field Description
Radio Admin State Select each AP radio (wlan0 or wlan1) to enable or disable.
Network Connectivity Indicate whether the radio will be used in a normal AP connected to the wired
network (Wired-Only), for wireless backhaul (Wireless-Only), or may be used
for either (Any). If Any is specified, the system will automatically choose one.
Network Density Indicate the relative concentration of APs in the network. For closely spaced
APs that can support high data rates, select the high density option. For
maximum coverage at lower data rates, selection the low density option. The
default setting is Low.
Multi Domain Support Enable or disable 802.11d operation. If Enable is selected, the radio advertises
country, channel and associated maximum transmit power information in
beacons and probes responses to stations or clients in the BSS. The default
setting is enabled.
World Mode - Country
Code Select Default to set the channel and power for the radio to the factory default
country setting (U.S.). Alternatively, enter a country code.
World Mode -
Deployment
Environment
Specify the type of environment in which the AP is installed (indoor, outdoor,
or both). The Environment setting determines the maximum transmit power
and allowed channels of operation.
3 Using the Configuration Interfaces
42 Installation and Configuration Guide: Airgo Access Point
For further information regarding these settings, see Chapter 4, “Configuring Radio Settings.”
Clock Config Tab
Use the Clock Config tab (Figure 28) to set time parameters for the bootstrap configuration.
Figure 28: AP Quick Start - Bootstrap Configuration - Clock Config
This tab contains the following settings:
Configure Channel Select Auto-Select Channel or Assign Fixed Channel options:
•Auto-Select: Select At Start-up to automatically determine the channel
when the AP is booted, or Periodic to auto-select the channel at the
specified number of minutes. The default is Periodic and 30 minutes.
•Assign Fixed Channel: Select a static channel.
In both of these cases, the channel set used for auto-scanning can also be
restricted.
Field Description
Date Current date in MM/DD/YYYY format
Time Current time in HH:MM:SS format (hours 0-23)
Time Zone US-zone or GMT option. For US zone, click the radio button and select a
time zone. For GMT, click the radio button and select an offset in HH:MM
format.
Field Description
Navigating the Web Interface
Installation and Configuration Guide: Airgo Access Point 43
Portal Config Tab
Use the Portal Config tab (Figure 29) to enable portal services on this AP. See “Portal Architecture”
on page 4 for a description of the portal services.
Figure 29: AP Quick Start - Bootstrap Configuration - Portal Config
Admin Email Tab
If the AP is configured as a portal AP, use the Admin Email tab (Figure 30) to specify how to alert
the network administrator regarding critical faults or security breaches. Configure the following
fields:
Synchronize Clock Indicate whether time will be synchronized manually through the date and
time fields, or by way of an NTP server. If you select the server option, enter
the IP address of the server in the space provided. If an NTP is currently
assigned, the address of the server is displayed, as shown in Figure 28.
Multiple NTP servers may be specified (space separated). If more than one
server is specified, they are contacted in the order given. If the Synchronize
Clock is empty, then all manually configured NTP servers will be deleted.
If the AP is configured to receive an IP address via DHCP, then the DHCP
server could also return the set of NTP servers. In such a scenario the
manually configured NTP servers take precedence over the DHCP returned
NTP servers.
If you delete NTP servers, only those added manually are deleted. DHCP-
assigned NTP servers continue to be available.
Field Description
SMTP Server Address Enter the IP address of the SMTP server used to reach the network
administrator.
Admin E-mail Address Enter the email address of the network administrator.
Field Description
3 Using the Configuration Interfaces
44 Installation and Configuration Guide: Airgo Access Point
Figure 30: AP Quick Start - Bootstrap Configuration - Admin Email
Version Table
The Version Table panel (Figure 25) lists model number, serial number, and hardware and software
version information.
Figure 31: AP Quick Start - Version Table
rjones@acmeworks.com
Configuration Wizards
Installation and Configuration Guide: Airgo Access Point 45
Other Panels
The other panels accessible from the menu tree contain detailed information and fields to set the AP
configuration. Most of the panels have multiple tabs, and some have special entry panels.
NM Portal Access
If the AP is booted in Portal mode, the left side of the browser interface includes a Manage Wireless
Network button just below the menu tree. Click the button to open a new browser window for NM
Portal services. For information on using portal services, see Chapter 9, “Managing the Network.”
Configuration Wizards
The Airgo AP web interface includes wizards that enable fast configuration of user security and
guest access.
User Security Wizard
The User Security wizard provides a one-stop interface for configuring user security parameters.
You can use the wizard to configure security or make changes to individual security screens in the
AP web browser interface. For detailed information on security options, see Chapter 7, “Managing
Security.”
To open the User Security wizard:
Click User Security Wizard under AP Quick Start on the side menu. The User Access wizard
opens (Figure 32).
Figure 32: User Security Wizard
3 Using the Configuration Interfaces
46 Installation and Configuration Guide: Airgo Access Point
The wizard presents several options for configuring user security. For additional information about
these options, see Chapter 7, “Managing Security.”
The security option you select determines the next step of the User Security wizard.
To configure WPA-EAP:
1In the User Security Wizard, select Using WPA-EAP.
2Click Next to open the next User Security wizard panel (Figure 33).
Figure 33: User Security Wizard - WPA-EAP
3Confirm the SSID (wireless network name).
4Select whether to use the internal RADIUS server included in the AP or an external RADIUS
server.
5Click Finish.
Option Description
WPA-EAP (with AES
encryption) Configures the AP to work with RADIUS authentication servers.
•The wizard prompts for selection of the internal RADIUS server included
in the AP or an external RADIUS server.
WPA-PSK Configures the AP to work with pre-shared key authentication.
•The wizard prompt for the pre-shared security key.
WEP Configures the AP to use WEP encryption to support legacy equipment.
•The wizard prompts for selection of 64-bit or 128-bit key length option, up
to four distinct WEP keys, and determination of which will be the default.
Open Access Configures the AP with no authentication or encryption.
•The wizard prompts for confirmation that this is desired.
Configuration Wizards
Installation and Configuration Guide: Airgo Access Point 47
To configure WPA-PSK:
1In the User Security Wizard, select Using WPA-PSK.
2Click Next to open the next User Security wizard panel (Figure 34).
Figure 34: User Security Wizard - WPA-PSK
3Enter the pre-shared key to use for network authentication and confirm your entry.
4Click Finish.
3 Using the Configuration Interfaces
48 Installation and Configuration Guide: Airgo Access Point
To configure WEP:
1Select Using WEP, and click Next to open the next User Security wizard panel (Figure 35).
Figure 35: User Security Wizard - WEP
2Select the WEP key length.
3Enter up to four WEP keys, and indicate which will be the default.
4Click Finish.
Configuration Wizards
Installation and Configuration Guide: Airgo Access Point 49
To configure open access:
1Select Open Access, and click Next to open the next User Security wizard panel (Figure 36).
Figure 36: User Security Wizard - Open Access
2Confirm that you want to configure the AP without user security.
3Click Finish.
3 Using the Configuration Interfaces
50 Installation and Configuration Guide: Airgo Access Point
Guest Access Wizard
The Guest Access wizard enables you to configure the network to give guest users limited access
while protecting the network from unauthorized use. For a complete description of guest access
rules and options, see Chapter 8, “Configuring Guest Access.”
To open the Guest Access wizard:
•Click Guest Access Wizard under AP Quick Start on the side menu.
The wizard (Figure 37) provides options to configure an internal landing page or an external
landing page for users who open a web browser while on site.
Figure 37: Guest Access Wizard
Configuration Wizards
Installation and Configuration Guide: Airgo Access Point 51
To use an internal landing page:
1In the Guest Access wizard, select Internal.
2Click Next to open the next wizard panel.
3Enter and confirm a guest password (Figure 38). The password must be from 1 to 63 characters
in length and may be manually distributed to guests who visit your corporate facility.
Figure 38: Guest Access Wizard - Internal Landing Page
4Indicate whether the guest users will be able to access a subnet before they are authenticated as
guest users. If yes, enter the IP address of the subnet.
5Click Next.
3 Using the Configuration Interfaces
52 Installation and Configuration Guide: Airgo Access Point
6Select an existing VLAN in which to place authenticated guest users, or create a new VLAN by
entering a numeric VLAN ID and VLAN name (Figure 39). The list of existing VLANS
includes only those that support open access.
Figure 39: Guest Access Wizard - VLAN Entry
7Click Finish.
Guest access is now configured. When guests access the external landing page, they follow an
externally-determined process to log in to the network. If a subnet has been specified, then guests
can access the subnet even if they are not able to log in. For further information about guest access,
or to modify guest access parameters, see Chapter 7, “Managing Security.”
Configuration Wizards
Installation and Configuration Guide: Airgo Access Point 53
To use an external landing page:
1In the Guest Access wizard, select External.
2Click Next to open the next wizard panel.
Figure 40: Guest Access Wizard - External Landing Page
3Enter the full URL for the external landing page (Figure 39). The URL for the landing page
must use an IP address rather than a domain name. Regardless of the authentication process
selected for the external page, it is necessary to forward authentication results to the AP upon
completion of successful or unsuccessful guest authentication. The Airgo AP is shipped with an
sample external landing page.
4Enter the shared secret string that the AP will use to authenticate itself to the web server. The
code must be from 1 to 63 characters in length.
5Indicate whether the guest users will be able to access a subnet before they are authenticated as
guest users. If yes, enter the IP address of the subnet.
6Click Next.
7Select an existing VLAN in which to place authenticated guest users, or create a new VLAN by
entering a numeric VLAN ID and VLAN name (Figure 39 on page 52). The list of existing
VLANS includes only those that support open access.
8If desired, select a quality of service (QoS) level. Numeric QoS values range from 0 (lowest
priority) to 7 (highest priority).
9Click Finish.
Guest access is now configured. When guests access the external landing page, they follow an
externally-determined process to log in to the network. If a subnet has been specified, then guests
can access the subnet even if they are not able to log in. For further information about guest access,
or to modify guest access parameters, see Chapter 7, “Managing Security.”
3 Using the Configuration Interfaces
54 Installation and Configuration Guide: Airgo Access Point
Installation and Configuration Guide: Airgo Access Point 55
4Configuring Radio Settings
This chapter describes the configuration settings for the Airgo Access Point radios and explains
how to set the configuration using the Airgo AP web interface. It covers all the features accessible
from the Wireless Services menu except backhaul configuration, which is discussed in Chapter 6.
The chapter includes the following topics:
•Introduction
•Configuring Radio Parameters
•Setting the Advanced Radio Configuration
•Viewing Radio Statistics
•Viewing Radio Neighbor Details
•Configuring SSID Parameters
•Multiple SSIDs
•Configuring Inter Access Point Protocol (IAPP)
•Performing Radio Diagnostics
Introduction
The Airgo Access Point can be configured with one or two radios, each of which forms a distinct
wireless cell or basic service set (BSS), as shown in Figure 41. Each radio can operate in either of
the following modes:
•In normal mode, the AP is connected to the wired network, and the radio directly services
downstream client stations or access points, or both. (AP mode).
•In wireless backhaul mode, the radio establishes a wireless link to a radio in AP mode on
another Airgo AP in order to relay data through the wireless medium. The AP is not attached to
a wired connection, instead it is connected through the wireless medium to another AP.1 In this
mode, the radio is called a Backhaul Point (BP mode). Wireless backhaul is also known as a
wireless distribution system (WDS).
1Except in certain special configurations.
4 Configuring Radio Settings
56 Installation and Configuration Guide: Airgo Access Point
Figure 41: AP Radios and Coverage
Use the Wireless Services items on the menu tree to access wireless parameters. The following
rules apply to the wireless settings:
•Some of the settings apply globally (for both radios); others apply on a per-radio basis.
•For configuration and reference purposes, the individual radios are labeled wlan0 and wlan1.
The wired Ethernet interface is labeled eth0.
•Some of the commands apply only to one mode (AP or BP).
•If the radio is in BP mode, parameters are stored and later applied if and when the radio takes
on the AP mode.
Each of the items in the Wireless Services menu leads to a specific area of radio configuration:
To open one of the Wireless Services panels, choose the topic from the menu tree.
Configuring Radio Parameters
Choose Radio Configuration from the Wireless Services menu to open the AP Radio
Configuration panel. The panel contains the following tabs:
•Global Configuration—Set parameters that apply to both of the AP radios.
•Persona Configuration—Set the radio mode or persona for normal (AP) operation or wireless
backhaul (BP).
Menu Item Description
Radio Configuration General radio parameters
Advanced Configuration 802.11 mode for each radio
Radio State & Statistics Detailed status and statistics for each radio
Radio Neighbors Identity of neighboring APs within beacon range
SSID Configuration Identification of the SSID parameters and assignment of service profiles
Backhaul Configuration Configuration of wireless backhaul links (See Chapter 6, “Configuring a
Wireless Backhaul.”)
Station Management List of stations associated to the Airgo AP
IAPP Configuration Configuration of Inter-Access Point Protocol for roaming and load balancing
Radio Diagnostics Interface to perform link and walk tests
AP2 CellAP1 Cell
AP1
(Wired AP)
AP2
(Backhaul Point)
Wired Network
A0019A
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 57
•Channel Configuration—Configure channel usage for each radio.
•Performance—Configure enhanced data rates and performance attributes.
•Admission—Specify categories of client stations that are permitted to associate to the selected
radio.
To configure settings on these tabs, select each in sequence, or step through using the Go links at
the bottom of the panel (shown in Figure 42).
Many of the radio parameters are interdependent, and the Airgo AP performs consistency checks
during configuration to prevent user actions from adversely affecting radio performance. This is
especially true of dual radio APs, due to the proximity of the two radios. If you attempt to make
configuration changes that are not accepted by the AP, an error message may or may not appear.
Consult the appropriate section in this chapter to determine which parameters are in conflict.
Global Configuration
Use the Global Configuration tab (Figure 42) to define settings that apply to both of the Airgo AP
radios.
Figure 42: Radio Configuration - Global Config
NOTE: All the settings on this tab are optional. If the AP radio is enabled when the
global configuration is changed, then it is necessary to reset the AP for the changes to
take effect. If the radio is disabled, the changes take effect once the radio is enabled.
4 Configuring Radio Settings
58 Installation and Configuration Guide: Airgo Access Point
Set the following global parameters on this tab:
Field Description
Network Connectivity Specify the mode of connectivity to the wired network.
•The default value of Any means that the AP auto-determines whether or
not to initiate a backhaul based on the presence or absence of an active
Ethernet link. The Any setting is influenced by the number of radios in the
Airgo AP and whether or not the AP has active Ethernet connectivity. If
Any is selected, then the Airgo AP is allowed to change between wireless
and wired mode based on a change in Ethernet status.
•The Wired-Only setting means that the Airgo AP operates only as wired
node. The node is disabled if the Ethernet link is not active. All radios take
on the AP persona unless explicitly configured as a BP radio.
•The Wireless value means that the AP operates only as a wireless backhaul
node with wireless backhaul connectivity to the wired network. One radio
is automatically assigned the BP persona and one the AP persona. Applies
to dual radio APs only.
The default setting of Any is recommended.
Network Density Set the wireless network density (low, medium, or high). Moving APs closer
to each other increases wireless capacity by providing higher data rates to
clients. To support this configuration, select the high density option. For
maximum coverage at lower data rates, use the low density setting. Each
setting determines the defer threshold parameters for the Airgo AP. The
default is low; the default setting of “low” is appropriate for maximum
coverage.
World Mode - Multi-
Domain Support Enables or disables 802.11d operation. If Enable is selected, the radio
advertises country, channel and associated maximum transmit power
information in beacons and probes responses to stations or clients in the BSS.
The default setting is enabled.
World Mode - Country
Code Specify the country of operation of the AP. Select Default to set the channel
and power for the radio to the factory default country setting (U.S.).
Alternatively, enter a country code from the pull-down menu.
World Mode -
Deployment
Environment
Specify the type of environment in which the AP is installed (indoor, outdoor,
or both). Choosing the environment and country influences the channels of
operation that the AP or BP operate in or use for scanning and the maximum
radio transmit power. If the country or environment is changed, the following
occur:
•The channel selection setting is reset to auto-select channel at startup. To
configure a radio on a specific channel, apply the country configuration
and then specify the channel using the Channel Configuration tab (see
“Channel Configuration” on page 64).
•The channel set configuration is set to system determined band
configuration.
•All radios in the AP are reset.
For reference, Table 8 provides a list of world modes, including countries,
environments, bands, and valid channels.
AP Name in Beacon Confirm the AP node name advertised in beacons and probe responses. This is
the AP name that clients see when they scan for access points. The default is
the unique ID derived from the Ethernet MAC address of the AP. It is
recommended to accept the default setting. (required, AP radio only)
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 59
Click Apply to save changes or Reset to return to previously saved values.
Background Scanning Enable or disable background scanning. Background scanning is performed to
collect interference and radio neighbor information from the surrounding RF
environment. If auto-select-channel is enabled with the Periodic option,
background scanning should also be enabled. See “Channel Configuration” on
page 64.
Field (continued) Description
Table 8:World Modes
Country Environment Band Valid Channel Numbers
USA Any 2.4 1,2,3,4,5,6,7,8,9,10,11
USA Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11
USA Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11
USA Any 5 52,56,60,64,149,153,157,161
USA Indoor 5 36,40,44,48,52,56,60,64,149,153,157,161
USA Outdoor 5 52,56,60,64,149,153,157,161
Mexico Any 2.4 1,2,3,4,5,6,7,8,9,10,11
Mexico Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Mexico Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Mexico Any 5 149,153,157,161
Mexico Indoor 5 36,40,44,48,52,56,60,64,149,153,157,161
Mexico Outdoor 5 149,153,157,161
Argentina Any 2.4 1,2,3,4,5,6,7,8,9,10,11
Argentina Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Argentina Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Argentina Any 5 52,56,60,64,149,153,157,161
Argentina Indoor 5 52,56,60,64,149,153,157,161
Argentina Outdoor 5 52,56,60,64,149,153,157,161
Brazil Any 2.4 1,2,3,4,5,6,7,8,9,10,11
Brazil Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Brazil Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11
Brazil Any 5 149,153,157,161
Brazil Indoor 5 149,153,157,161
Brazil Outdoor 5 149,153,157,161
Countries listed under the leading Europe include major European countries not explicitly listed by name
in this table.
Europe Any 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Europe Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Europe Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Europe Any 5 100,104,108,112,116,120,124,128,132,126,140
4 Configuring Radio Settings
60 Installation and Configuration Guide: Airgo Access Point
Europe Indoor 5 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,
126,140
Europe Outdoor 5 100,104,108,112,116,120,124,128,132,126,140
France Any 2.4 9
France Indoor 2.4 9
France Outdoor 2.4 9
France Any 5 Not allowed
France Indoor 5 36,40,44,48,52,56,60,64
France Outdoor 5 9,10,11,12,13
Austria Any 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Austria Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Austria Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Austria Any 5 Not allowed
Austria Indoor 5 36,40,44,48,52,56,60,64
Austria Outdoor 5 Not Allowed
Belgium Any 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Belgium Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Belgium Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Belgium Any 5 Not allowed
Belgium Indoor 5 36,40,44,48,52,56,60,64
Belgium Outdoor 5 Not Allowed
Spain Any 2.4 10,11
Spain Indoor 2.4 10,11
Spain Indoor 2.4 10,11
Spain Any 5 100,104,108,112,116,120,124,128,132,126,140
Spain Indoor 5 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,
126,140
Spain Outdoor 5 100,104,108,112,116,120,124,128,132,126,140
Switzerland Any 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Switzerland Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Switzerland Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13
Switzerland Any 5 Not allowed
Switzerland Indoor 5 36,40,44,48
Switzerland Outdoor 5 Not Allowed
Japan Any 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13,14
Japan Indoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13,14
Japan Outdoor 2.4 1,2,3,4,5,6,7,8,9,10,11,12,13,14
Table 8:World Modes (continued)
Country Environment Band Valid Channel Numbers
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 61
Japan Any 5 34,38,42,46
Japan Indoor 5 34,38,42,46
Japan Outdoor 5 34,38,42,46
Singapore Any 2.4 9,10,11,12,13
Singapore Indoor 2.4 9,10,11,12,13
Singapore Outdoor 2.4 9,10,11,12,13
Singapore Any 5 52,56,60,64,149,153,157,161
Singapore Indoor 5 36,40,44,48,52,56,60,64,149,153,157,161
Singapore Outdoor 5 52,56,60,64,149,153,157,161
Israel Any 2.4 4,5,6,7,8,9
Israel Indoor 2.4 4,5,6,7,8,9
Israel Outdoor 2.4 4,5,6,7,8,9
Israel Any 5 52,56,60,64,149,153,157,161
Israel Indoor 5 36,40,44,48,52,56,60,64,149,153,157,161
Israel Outdoor 5 52,56,60,64,149,153,157,161
Table 8:World Modes (continued)
Country Environment Band Valid Channel Numbers
4 Configuring Radio Settings
62 Installation and Configuration Guide: Airgo Access Point
Admin State Configuration
Use the Admin State tab (Figure 43) to assign the mode or persona of each radio interface.
Figure 43: Radio Configuration - Admin State
Set the following parameters on this tab:
Click Apply to save changes or Reset to return to previously saved values. Click Reset Radio to
Default to return the settings on all the radios to their factory defaults.
Feature Description
Select Radio Interface Select the AP radio (wlan0 or wlan1)
Admin State of Selected
Radio Enable or disable the selected radio. When the AP radio is in the disabled
state, all valid configuration settings are saved. When the AP radio is enabled,
the latest configuration is applied. It is not possible to disable the BP radio by
administrative intervention. (AP radio only)
Persona of Selected
Radio Select whether the AP radio is to operate as a normal AP (AP) or in backhaul
point mode (BP). Select Any to determine the radio mode automatically based
on network connectivity, configuration, number of radios, and presence of
Ethernet connectivity. It is recommended to accept the default setting of Any.
NOTE: Each access point can have at most one BP radio.
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 63
Interdependencies
If Network Connectivity on the Radio Global tab (“Global Configuration” on page 57) is set to
Wireless, then at least one radio must have the BP or Any persona. If the Network Connectivity
setting is Wired or Any, then the personas of AP, BP, and Any are all permitted.
Table 9 shows how the Network Connectivity setting on the Global Configuration tab relates to the
Radio Persona Configuration on the Admin state tab.
Table 9: Radio Settings for Network Connectivity and Persona
Number of
Radios Wired
Connectiona
aWired Connection means that the AP has Ethernet connectivity and that the connection is active.
Network
Connectivity
Setting Persona Setting Resulting radio persona or mode
One Yes Any Any or AP AP
One Yes Any BP BP
Two Yes Any All combinations
of Any and AP Both radios AP
Two Yes Any All combinations
that specify a BP
radio
1 radio AP, 1 radio BP
Two No Any One radio set as
BP 1 radio AP, 1 radio BP
Two No Any Both radios AP Not permitted
One Yes Wired Any AP
Two Yes Wired All combinations
of Any and AP Both radios AP
Two No Wireless All combinations
except both
radios AP
1 radio AP, 1 radio BP
Two No Wireless Both radios AP Not permitted
4 Configuring Radio Settings
64 Installation and Configuration Guide: Airgo Access Point
Channel Configuration
Use the Channel Configuration tab (Figure 44) to define rules for selecting radio channels. If two
radios are installed in the same AP, each radio operates in a different band (2.4 GHz for one radio
and 5 GHz for the other).
Figure 44: Radio Configuration - Channel Config
Set the following values in the Radio Interface Selection and Channel Configuration areas of the
tab:
Feature Description
Select Radio Interface Select the AP radio (wlan0 or wlan1).
Channel Number Select a valid channel for radio operation, or accept the Automatic Channel
Selection option.
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 65
Click Apply to save changes or Reset to return to previously saved values. Click Force Select Best
Channel to trigger the channel selection algorithm for the AP radio, including a switch-over to a
better channel, if available. The Force Select Reselect Channel button applies only to the selected
AP radio interface.
Automatic channel
selection Specify whether the channel is chosen when the AP is started, or whether it is
selected periodically. The time range for periodic channel selection is 30
minutes to 24 hours (1440 minutes). It is recommended to accept the default
setting of automatic channel selection of periodic at 30 minutes.
Channel Set Determine which channels the AP scans in order to determine the best channel
for operation. If Auto-Selection is enabled, this determines the channel set for
auto-selection. The following choices are available for channel set:
Band—Select a specific band, or the system-determined band option
(recommended).
•The System Determined Band setting means that the system chooses the
channel list or band for each radio based on the number of AP radios, the
persona of the radio, and the channel set of any second radio in the AP. If
the radio is in AP mode, then the node selects the best channel across both
bands. If the radio is in BP mode, then the BP radio scans on both bands.
•If the Airgo AP is configured with two AP radios and Auto-Selection is
chosen for both, then the preferred band configuration for both radios is
System Determined. If both radios are in AP mode, then one operates in
the 2.4 GHz band and the other in the 5 GHz band.
•If the Channel Set is 2.4 or 5GHz, then the AP radio operates only in the
specified band. If it is set to 2.4 GHz, the AP chooses only non-
overlapping channels for operation (for example 1, 6, and 11). It is not
acceptable to set both radios to operate in the 2.4 GHz or 5GHz band.
•If both bands are selected, the AP radio chooses the best channel based on
the mode and band of the other radio on the AP (if installed).
•If a BP radio establishes a backhaul in the same band as the other AP radio,
this triggers the AP radio to change bands, provided that the AP radio is
configured for auto-selection and the system determined band.
Channel List—Enter a specific list of channels to be scanned, separated by a
single space (e.g.,1 2 6 11 13...). Overlapping channels can be specified in the
2.4 GHz band.
NOTE: World mode and environment settings influence the channel and channel set
configurations. See “Global Configuration” on page 57 for information on world
modes.
Feature (continued) Description
4 Configuring Radio Settings
66 Installation and Configuration Guide: Airgo Access Point
Performance
Use the Performance tab (Figure 45) to configure enhanced data rates of 72, 96, or 108 Mbps.
Figure 45: Radio Configuration - Performance
Set the following values on this tab:
Feature Description
Select Radio Interface Select the AP radio (wlan0 or wlan1)
Enhanced Data Rates Enable or disable the Airgo enhanced data rates of (72, 96, and 108 Mbps).
This setting is rejected if the enhanced Dot11 extensions are disabled and an
attempt is made to configure enhanced data rates. It is recommended to accept
the default of Enabled.
Rate Adaptation Enables or disables automatic data rate adaptation in the system. To use auto-
adaptation, select the Auto Adapt button and select the Basic or Advanced
option. Otherwise, select fixed along with a fixed rate. It is recommended to
accept the default value of Auto Adapt and Basic.
Configuring Radio Parameters
Installation and Configuration Guide: Airgo Access Point 67
Click Apply to save changes or Reset to return to previously saved values.
Interdependencies
Some restrictions apply to combinations of settings on the Channel Configuration and Performance
tabs.
•For fixed data rate configurations:
• If the configured channel is in the 5 GHz band or the Channel Set Band/List is 5 GHz,
System Determined, or Both, then at least one of the fixed rates must be other than an 11b
rate (1,2,5.5,or 11).
• If the configured channel is in the 2.4 GHz band or the Channel Set Band/List is 2.4 GHz
only, then only 11b/g rates are accepted.
• Assigning an enhanced rate (72, 96, and 108 Mbps), requires that the enhanced rates option
be enabled.
•To enable the Dot11 QoS settings on the Performance tab, you must enable the standard Dot-11
extensions on the 802.11 Policy tab (see “802.11 Policy” on page 69).
Ack Mode Determines the acknowledgement policy for data packets. The following
selections are available:
•Immediate Ack – Acknowledgement is sent for every packet received.
This is the default setting.
•No Ack – No acknowledgement is sent when data packets are received.
• To enable high performance, use this setting together with one of the
enhanced data rates.
• If this setting is used, then auto-adaptation cannot be enabled for the
selected radio. Only the fixed rate setting applies.
• This mode setting can be used for operations with Airgo clients.
•Auto-ack – The acknowledgement policy is selected automatically based
on current link conditions.
Dot11 QoS Enables or disables 802.11e QoS. If enabled, the MAC mode is set to EDCF
or HCF. If disabled, then the MAC mode is DCF. It is recommended to accept
the default of Enabled.
Feature (continued) Description
4 Configuring Radio Settings
68 Installation and Configuration Guide: Airgo Access Point
Admission
Use the Admission tab (Figure 45) to specify categories of client stations that are permitted to
associate to the selected radio.
Figure 46: Radio Configuration - Admission
Set the following values on this tab:
Feature Description
Select Radio Interface Select the AP radio (wlan0 or wlan1).
802.11b-g STA
Admission Criteria -
Accept Association
from
Applies to the 2.4 Ghz band only. Specify the type of 802.11g or 802.11b and
g client stations permitted to associate. Selecting 802.11g-only keeps 802.11b
stations from degrading BSS performance. 802.11b and g is the default
setting.
Multi-Vendor STA
Admission Criteria -
Multi-Vendor Station
Accept allows all stations to associate; Reject restricts association to
compatible client stations, excluding non-compatible or non-Airgo stations.
Backhaul Admission
Criteria - Accept
Association From
Indicates whether to accept association from client stations, trunks or both:
STA or Trunk—Accept association from client stations or BP radios.
STA Only—Accept associations only from client stations.
Trunk Only—Accept associations only from BP radios.
Max Number of Trunks Determines the maximum number of trunks which are allowed to form with
the AP radio (range is 1-10). Default is 6.
Setting the Advanced Radio Configuration
Installation and Configuration Guide: Airgo Access Point 69
Setting the Advanced Radio Configuration
Select Advanced Configuration from the Wireless Services menu to open the Advanced
Configuration feature panel. The panel contains the following tabs:
•802.11 Policy—Set the 802.11 modes for the AP radios.
•MAC Config—Set details of the radio beacon and MAC configuration for each radio.
To configure settings on these tabs, select each in sequence, or step through the tabs using the Go
links at the bottom of the panel (Figure 47).
802.11 Policy
Use the 802.11 tab(Figure 47) to set the 802.11 modes and data rates for each AP radio.
Figure 47: Advanced Configuration - 802.11 Policy
Set the following values on this panel:
Feature Description
Select Radio Interface Select the AP radio (wlan0 or wlan1).
IEEE 802.11 Mode in
2.4 Band Select whether the radio is configured for 802.11b or 802.11g operation when
it operates in the 2.4 GHz band.
4 Configuring Radio Settings
70 Installation and Configuration Guide: Airgo Access Point
Click Apply to save changes or Reset to return to previously saved values.
IEEE 802.11 Extensions Indicate whether to support standard Dot11 extensions, enhanced extensions,
or both. The checkboxes enable or disable standard 802.11 extensions such as
11h, 11e, 11g or 11i, or Airgo enhanced features, which are compatible only
with Airgo client stations. If the Enhanced 802.11 extensions option is
selected, then it is possible to enable the following through the CLI (they are
not automatically enabled).
•Enhanced rate set (specific flag needs to be set)
•Proprietary burst ack
•Advanced rate adaptation
•Wireless backhaul AP name in beacon (if not enabled, the AP name in
beacon is suppressed)
802.11G Protection Select to enable 802.11g protection mode, short slot time, and short preamble
if the radio is operating in 802.11g mode.
If the checkbox is selected, all 3 aspects are enabled; if not, all 3 aspects are
disabled. The default setting is disabled.
Select Basic Rate Set Enter basic data rates for the different 802.11 modes. To set rates, select Set
and enter the rates with a space as the delimiter. The basic 802.11 rates are
advertised in beacons and inform the client stations of the minimum set of
rates it must support to be part of the BSS. 802.11 control frames such as
ACKS, CTS, and RTS are transmitted at basic rates.
Feature (continued) Description
Setting the Advanced Radio Configuration
Installation and Configuration Guide: Airgo Access Point 71
MAC Configuration
Use the MAC Configuration tab (Figure 48) under special circumstances if it is necessary to tune
low level operational parameters of the radio MAC (Medium Access Control) layer.
Figure 48: MAC Configuration Tab
NOTE: Changes on the MAC Configuration tab should only be made by trained
network personnel. The AP radio restarts automatically when these parameter changes
are applied.
4 Configuring Radio Settings
72 Installation and Configuration Guide: Airgo Access Point
Set the following parameters on the MAC Configuration tab:
Click Apply to save changes or Reset to return to previously saved values. The changes take effect
immediately if the radio is enabled.
Viewing Radio Statistics
Select Radio State & Statistics from the Wireless Services menu to view the current state of each
radio and the current communication statistics. This panel contains the following tabs:
•Radio State—View current configuration.
•Radio Statistics—View information about current operation.
Radio State
The Radio State tab (Figure 49) contains details on the current configuration and utilization of each
radio interface. The state information varies according to whether the radio is operating as a normal
access point radio (AP mode) or as a backhaul point (BP mode).
Field Description
Select Radio Interface Select the AP radio (required, wlan0 or wlan1).
Beacon Period Enter the desired interval between RF beacons, in milliseconds. It is
recommended to accept the default of 100 ms. (required).
DTIM (Delivery Traffic
Indication Message)
Period
Enter the interval between the times that the radio forwards multicast and
broadcast packets to client stations. It is recommended to accept the default of
1 beacon period. (required).
Fragmentation
Threshold Enter the maximum packet size that can be transmitting as a single unit. A low
setting may be desirable in areas that have significant interference or poor
signal conditions. The range is 256-2346. It is recommended to accept the
default of 2000.
RTS Threshold Enter a packet size greater than which the AP issues a request-to-send (RTS)
message before sending the packet. Enter a low threshold if the ambient
conditions might make it relatively difficult for clients to associate to the AP.
The range is 0-2347. It is recommended to accept the default of 2347.
Short Retry Limit Enter a number of transmission retries (greater than or equal to data frame
MSDU size) after which a transmission is deemed a failure. The range is 1-
255.
Long Retry Limit Enter a number of transmission retries (greater than or equal to data frame
MSDU size) after which a transmission is deemed a failure. The range is 1-
255.
Viewing Radio Statistics
Installation and Configuration Guide: Airgo Access Point 73
Figure 49: Radio State Tab
Use the pull-down list to switch between radios. This tab contains the following information:
Field Description
Radio Persona Mode of the radio - AP or BP
Radio MAC Address MAC address of radio
Radio Admin State Administrative status of the radio (enabled or disabled)
Radio Operation State Operational status of the radio (enabled or disabled)
Operating Band Current band of operation
4 Configuring Radio Settings
74 Installation and Configuration Guide: Airgo Access Point
Current Channel
Number Current channel of operation
Number of channel
changes Number of times the channel has changed since boot-up (AP persona only)
Channel Change Cause Reason the frequency changed since boot-up, if appropriate, due to user
intervention or performance degradation (AP persona only)
Number of Associated
Stations The number of stations that are associated to the radio (AP persona only)
Number of trunks Number of backhaul trunks associated with the radio (AP persona only)
Average Station Load Average load on client stations in percent (AP persona only)
Average Channel
Utilization Average load on channels in percent (AP persona only)
Radio QoS Mode Mode used for class of service mapping
Load Balanced Number of stations that are load balanced (AP persona only)
CFP-Period Number of DTIM intervals between the start of Contention Free Periods
(CFPs).
CFP Max Duration Maximum duration of the CFP in time units that may be generated by the AP.
Privacy Option
Implemented Security setting
Basic Rate Set Set of basic rates for BSS (AP persona only)
Operational Rate Set Set of operational rates for BSS
CCA mode supported List of all of the Clear Channel Assessment (CCA) modes supported by the
PHY
Current CCA mode current CCA method in operation
Temp Type Current physical operating temperature range capability.
Max Receive Lifetime Maximum MSDU receive lifetime
External antenna Indication of whether the radio has an external antenna (true) or not (false)
Interference Radio interference in the surrounding wireless environment pertaining to the
channel of operation, in dBm. (AP persona only)
Field (continued) Description
Viewing Radio Statistics
Installation and Configuration Guide: Airgo Access Point 75
Radio Statistics
The Radio Statistics tab (Figure 50) contains information on the operation of each radio. This
information varies according to whether the radio is in the AP or BP persona. The statistics refresh
every 10 seconds.
Figure 50: Radio Statistics Tab
Use the pull-down list to switch between radios. This tab contains the following information:
Field Description
Transmitted Fragment
Count Number of transmitted fragments (MAC Protocol Data Units) that have been
acknowledged since last power-up or last Clear Statistics request
Transmitted Multicast
Frame Count Number of transmitted multicast frames (MAC Service Data Units)
Failed Count Count of MSDU not transmitted successfully due to the number of transmit
attempts exceeding either the dot11ShortRetryLimit or dot11LongRetryLimit.
Received Fragment
Count Count for successfully received MPDUs of type Data or Management.
Received Frame Count Count of successfully received frames (MSDUs)
4 Configuring Radio Settings
76 Installation and Configuration Guide: Airgo Access Point
FCS Error Count Count of FCS errors detected when receiving a MPDU.
Received Multicast
Frame Count Count when a MSDU is received with the multicast bit set in the destination
MAC address.
Multiple Retry Count Count of successful transmissions after more than one retransmission.
Retry Count Count of successful transmissions after one or more retransmission
Frame Duplicate Count Count of frames received in which the Sequence Control field indicates it is a
duplicate frame.
Ack Failure Count Count of expected acks not received.
RTS Success Count Count of successful CTS received in response to a RTS
RTS Fail Count Count of RTS for which a CTS response is not received.
Transmitted Frame
Count Count for successfully transmitted MSDUs.
WEP Undecryptable
Count Number of times a frame is received with the WEP subfield of the Frame
Control field set to one and the WEPOn value for the key mapped to the
Transmitter MAC address indicates that the frame should not have been
encrypted or that frame is discarded due to the receiving STA not
implementing the privacy option. (Valid only if encryption is WEP)
# of transmitted Beacons Count of successfully transmitted beacons
Field (continued) Description
Viewing Radio Neighbor Details
Installation and Configuration Guide: Airgo Access Point 77
Viewing Radio Neighbor Details
A radio neighbor is a radio whose beacon frame is detected by the AP. Select Radio Neighbors
from the Wireless Services menu to view summary information on all the neighboring APs within
beacon range (Figure 51).
Figure 51: Radio Neighbors
The summary table lists the following information:
Field Description
Interface The AP radio (wlan0 or wlan1)
BSSID The MAC address of the neighboring AP radio, which determines the BSS
SSID The name of the network (ESS) in which the AP is operating
BSS Type Infrastructure or ad-hoc network arrangement
Channel Current channel of operation for the neighboring BSS
AP Beacon Name Name of the neighboring AP in the beacon frame
Compatibility Status Indication of whether or not the neighbor is an AP with which the IAPP
protocol can be established
Strength Strength of Radio neighbor signal, in percent
Load percentage Load on the AP, in percent
STA Count Number of client stations served by the neighboring AP
4 Configuring Radio Settings
78 Installation and Configuration Guide: Airgo Access Point
Use the scrolling bars to display the full range of interfaces and data.
Configuring SSID Parameters
A wireless network is formed when a set of APs advertises the same value as the SSID, or network
name. Figure 52 shows the Acme Works network with multiple Airgo APs, each advertising the
same “Corporate” SSID.
Figure 52: Example “Corporate” Network
Each Airgo AP is shipped with a default SSID, which must be replaced during the bootstrap
process (see “Using AP Quick Start to Initialize the Access Point” on page 31) or from the SSID
Configuration panel, as explained in this section. Multiple SSIDs are also supported. “Multiple
SSIDs” on page 85 explains how to enable this feature and permit clients to access multiple
wireless networks through the same access point.
A0042D
SSID="Corp" SSID="Corp"
10/100 Switched Ethernet
Configuring SSID Parameters
Installation and Configuration Guide: Airgo Access Point 79
SSIDs and Service Profiles
A service profile consists of VLAN, COS, and minimal security attributes applied to a network or
to designated classes of users once they are authenticated by a RADIUS authentication server
(security portal or external authentication server). If the service profile is defined without reference
to a specific user group and bound to an SSID, then the profile is applied to all users who access the
network.
Figure 53 illustrates the relationship between users, user groups, service profiles, and SSID. A
RADIUS authentication server stores user group information and uses that information to match
users to groups during authentication. Upon authentication, a previously-defined service profile is
assigned to the user based on user group membership. The service profile, in turn, is bound to the
SSID and thereby determines level of service awarded to the user.
Figure 53: SSIDs and Service Profiles
From the SSID Configuration panels, you can define service profiles for user groups and then bind
the profiles to the SSID. A user who requests access to the network is authenticated and placed into
the appropriate user group, and the AP software automatically applies the privileges and
restrictions defined in the service profile for that group. Each user group can be assigned to just one
service profile, but multiple groups can share the same service profile.
Select SSID Configuration from the Wireless Services menu to open the SSID Configuration
panel. The panel contains the following tabs:
•SSID Table—View the current SSID configuration, modify the configuration, or add new
SSIDs.
•SSID Details—View the association between SSIDs and service profiles.
•Profile Table—Manage service profiles.
•Multiple SSID—Enable the multiple SSID feature.
NOTE: The SSID settings in this section apply only to AP mode radios. The Backhaul
Configuration panel described in “Configuring a Wireless Backhaul” on page 127 is
used to configure the SSID for the BP radio. Make sure that the SSID configuration for
the AP matches that of the other APs in the network.
A0029
User Groups
Assigned to Service Profile
VLAN
QOS
Encryption
Bound to
SSID
Users
Members of
Users
4 Configuring Radio Settings
80 Installation and Configuration Guide: Airgo Access Point
SSID Table
Select SSID Configuration from the Wireless Services menu to open the SSID Table (Figure 54).
Figure 54: SSID Configuration - SSID Table
The table lists the following information about each SSID:
Field Description
SSID Name Name (maximum 32 alphanumeric characters). This name is used only by
the radio in AP mode, and is broadcast in its beacon. For a radio in
backhaul point mode, the SSID name is entered in the Backhaul
Configuration, Link Criteria tab (see Chapter 6).
Max stations The maximum number of stations that can be associated to this SSID on this
AP. The range is 1-512. If the maximum number of stations is reached
and a new client tries to associate to the AP, the association attempt is
rejected. Association is also rejected if the number of clients is less
than the maximum but exceeds the number of client stations permitted
by the AP license.
Auth Zone The RADIUS authentication zone for the SSID
PSK-Type The type of pre-shared key used, if WPA is the encryption suite
MAC-ACL MAC-ACL authentication enabled or disabled
Auth Servers The RADIUS server used for user authentication
Configuring SSID Parameters
Installation and Configuration Guide: Airgo Access Point 81
Follow these steps to rename the SSID or modify its configuration:
1Click Modify to open the SSID Details table, which also provides access to service profiles for
the SSID.
2Enter the new SSID name.
3Click Apply. If an SSID is renamed, all configuration details related to the old SSID name,
such as service profile associations and security configuration, are automatically transferred,
and the radios that operate in AP mode now broadcast the new SSID in the beacon.
The default SSID cannot be modified. If an attempt is made to modify the default SSID, the system
prompts you to first rename it. If you select the current SSID in the table and click Delete, the SSID
reverts to the default.
The Airgo AP can be configured to support multiple SSIDs. If this feature is enabled on the
Multiple SSID tab (“Multiple SSIDs” on page 85), then it is possible to add new SSIDs from the
SSID Table tab, in addition to modifying or deleting an existing SSID.
Perform the following functions on the SSID Table tab:
Function Description
Add new SSID (if multiple
SSID is enabled) 1Click Add and enter the following information:
• SSID name—This name is used only by the radio in AP mode. For
a radio in backhaul point mode, enter the SSID name in the
Backhaul Configuration, Link Criteria tab (see Chapter 6).
• Max Number of Stations—Enter a maximum number of clients
stations, if desired. The range of values is 1-512. If the maximum
number of stations is reached and a new client tries to associate to
the AP, the association attempt is rejected. Association is also
rejected if the number of clients is less than the maximum but
exceeds the number of client stations permitted by the AP license.
2Click Apply.
Modify an existing SSID 1Select the SSID and click Modify to open the SSID Details table,
which also provides access to service profiles for the SSID.
2Enter the new SSID name.
3Confirm the maximum number of stations
4Click Apply.
Delete an SSID (if multiple
SSID is enabled) Click Delete, and click OK to confirm.
Change the SSID broadcast
setting (single SSID
configurations only)
For single SSID configurations, the SSID Table tab provides the option to
broadcast the SSID in the AP beacon, or to suppress broadcast of the
SSID for increased security. The SSID is never broadcast in multiple
SSID configurations.
To change the SSID broadcast setting:
1Select no or yes.
2Click Apply.
4 Configuring Radio Settings
82 Installation and Configuration Guide: Airgo Access Point
SSID Details
Use the SSID Details Tab (Figure 55) to modify an SSID and bind service profiles to an SSID.
Figure 55: SSID Configuration - SSID Details
The tab contains two areas. Use the Modify SSID Configuration area to change the current SSID
configuration, as described in “SSID Table” on page 80. The bottom area shows the service profiles
currently bound to the SSID. This list includes the following information for each service profile:
Feature Description
User Group User group linked to the service profile. If this entry is empty, the user group
is null. The null user group is automatically assigned to the default service
profile, unless it is explicitly bound to another service profile. RADIUS
authentication must be active in order for user groups to be effective. The user
group for a given client is passed to the AP as a RADIUS attribute for each
successfully-authenticated user. To edit the group information, click the group
name link. Any attempt to delete the null user group, automatically associates
it to the default service profile.
Profile Service profile name.
VLAN VLAN assigned to the service profile.
COS Class of service values assigned to the service profile.
Configuring SSID Parameters
Installation and Configuration Guide: Airgo Access Point 83
Perform the following functions from the service profile list on this tab:
Figure 56: SSID Configuration - Bind Service Profile to SSID
Security Enforcement Type of encryption required for the service profile. For user groups assigned
to this service profile, the security enforcement setting supersedes the
encryption type configured for the overall network.
Function Steps
Bind an existing service
profile to an SSID 1Click Add to open the Bind Service Profile to SSID entry panel
(Figure 56).
2Select the profile name, or click Add New Profile to create a new
profile according to the instructions in “Profile Table” on page 84.
3Select a group name from the existing RADIUS group names to
associate with the profile, or select New Group and enter a new user
group name.
4Click Apply.
Change service profile
binding 1Select the checkbox for the user group and profile, and click Modify
to open the Bind Service Profile to SSID entry panel (Figure 56) in
modify mode.
2Select a profile to bind to the SSID, or click Add New Profile to
create a new profile according to the instructions in “Profile Table” on
page 84.
3Click Apply.
Delete service profile binding 1Select the checkbox for the user group and profile, and click Delete.
2Click OK to confirm.
Configure security for the
SSID Click Go at the bottom of the panel. The button leads to the SSID
Authentication tab of the Wireless Security panel. For instructions on
defining the security settings, refer to “SSID Authentication” on
page 140. After defining the security settings, click Back on the browser
to return to the SSID Details tab.
Feature (continued) Description
4 Configuring Radio Settings
84 Installation and Configuration Guide: Airgo Access Point
Profile Table
The Profile Table tab (Figure 57) lists all the currently defined service profiles. Each service profile
includes attributes for security enforcement, VLAN ID, and COS value. Binding a service profile to
an SSID determines the privileges and restrictions that apply to user groups associated with the
profile.
Figure 57: SSID Configuration - Profile Table
NOTE: Changes made to SSID or service profiles cause affected users to be
automatically disassociated from the AP. The AP then attempts to reassociate them
automatically. This causes a momentary interruption in service.
Configuring SSID Parameters
Installation and Configuration Guide: Airgo Access Point 85
Perform the following functions from this tab:
Multiple SSIDs
With the multiple SSID feature, the same physical network infrastructure can support multiple
wireless networks. Each network (identified by SSID) can have its own service profile and
associated level of service. For example, Figure 58 shows how Acme Works configured two SSIDs:
one to accommodate the normal corporate network and one for a separate video conference
network, which requires a higher quality of service.
Figure 58: Example Use of Multiple SSIDs to Differentiate Levels of Service
Function Steps
Add a new service
profile 1Click Add to create a new service profile.
2Enter the profile name, which must be unique. (required)
3Select the VLAN for the profile.
4Enter a COS value for the profile. The range is 0-7. For more information,
see “Configuring Quality of Service” on page 111.
5Select an enforcement level for data encryption to apply to the profile. This
setting provides fine-grained security options at the user group level.
Default-enforcement refers to the encryption settings that prevail in the
network at large. The security enforcement applies after authentication is
complete.
6Enter a description, if desired.
7Click Apply to save the profile or Cancel to return to the Profile Table.
Modify a profile 1Select the profile from the table and click Modify.
2Make changes as desired, and click Apply, or click Cancel to return to the
Profile Table without saving changes. User groups bound to the profile
automatically inherit any modified attributes.
It is not possible to modify the default profile.
Delete a profile A service profile can only be deleted if there are no groups under the SSID
bound to the profile. It is not possible to delete the default profile.
A0043B
SSID="Corporate" SSID="Video"
10/100 Switched Ethernet
Corporate Video
COS=7COS=4
4 Configuring Radio Settings
86 Installation and Configuration Guide: Airgo Access Point
Use the Multiple SSID tab (Figure 59) to enable the multiple SSID feature. Make a selection, and
click Apply. After enabling the multiple SSID feature, additional SSIDs can be added on the SSID
Table (see “SSID Table” on page 80).
When multiple SSIDs are enabled on the Airgo AP, that AP no longer broadcasts an SSID in its
beacon frame. In order for a client to associate with the Airgo AP configured for multiple SSIDs, a
profile for each target SSID must be created on the client workstation using the Windows Zero
Config (WZC) Add function or the Airgo Client Utility Create function.
Figure 59: SSID Configuration - Multiple SSID
Managing Client Stations
Select Station Management from the Wireless Services menu to open the Station Associations
panel. The panel contains the following tabs:
•Stations—View all client stations associated to this Airgo AP.
•Link Stat—View signal strength, signal quality and all the MAC level statistics.
•Security Stat—View 802.1x security statistics.
Managing Client Stations
Installation and Configuration Guide: Airgo Access Point 87
Stations
The Stations tab (Figure 60) shows the client stations that are currently associated to the AP.
Figure 60: Station Management - Stations
Use this panel to control association to the Airgo AP. The panel lists the following information for
each client station associated to the AP:
Field Description
Interface The AP radio (wlan0, wlan1)
MAC address MAC address of the client station
User Name User name assigned through the RADIUS server. If MAC ACL is used, then
the user name is the MAC address of the client station
Encryption Type of encryption used by client station (AES, TKIP, WEP or no encryption)
Authentication Type of authentication used by the client station (Open, Shared Key, EAP or
MAC-ACL)
SSID SSID to which the client station is associated
Group name Group to which the client station belongs
Association Type Normal or transferred. Transferred means that the client station has been
moved from the mate AP radio.
Association Status Associated or Reassociated to the AP
4 Configuring Radio Settings
88 Installation and Configuration Guide: Airgo Access Point
Select a station from the list and click a button at the bottom of the panel to perform any of the
following functions:
Link Statistics
The Link Stats table (Figure 61) provides details on the signal quality and strength between the AP
and client station.
Figure 61: Station Link Statistics
Select a station from the Station Associations table and click Link Stats to display the following
information:
Item Description
Disassociate Detach the station from the AP and remove station related information.
Link Stats Display information about the link strength and quality between the AP and
station
Security Stats Display current security statistics
Field Description
Station MAC address The MAC address that identifies the station
Mode 802.11 mode used by the station (11a, 11b or 11g)
Uplink Signal Strength Average signal strength on uplink (station to AP direction) as a percentage
Managing Client Stations
Installation and Configuration Guide: Airgo Access Point 89
Security Statistics
The Security Stats table (Figure 62) provides detailed security information for the connection
between the AP and client station.
Figure 62: Station Security Statistics
Uplink Signal Quality Average signal quality on uplink (station to AP direction) as a percentage
Uplink Rate Average uplink data rate on uplink (Mbps)
Downlink rate Average downlink data rate on uplink (Mbps
Received Bytes Bytes received from the station
Transmitted Bytes Bytes transmitted to station
Transmitted Fragments Count of transmitted MPDUs
Failed Transmitted
Packets Number of MSDUs that were not transmitted successfully since retries
exceeded short or long retry limit
Single Retry Packets Number of packets that were successfully transmitted after one retry
Multiple Retry Packets Number of packets that were successfully transmitted after multiple retries
Acknowledgement
Timeouts Number of packets that did not receive expected acknowledgement
Field (continued) Description
4 Configuring Radio Settings
90 Installation and Configuration Guide: Airgo Access Point
Select a station from the Station Associations table and click Security-Stats to display the
following information:
Configuring Inter Access Point Protocol (IAPP)
Inter-Access Point Protocol enables neighboring access points to keep up-to-date information
concerning the status of roaming client stations. Select IAPP Configuration from the Wireless
Services menu to configure the IAPP settings and to view the associated topology and statistics.
The panel contains the following tabs:
•IAPP Service—Enable or disable IAPP.
•Topology—View BSSID, IP address, and compatibility details.
•Stats—View statistics details, including notifications sent and received, “move” notification
and response details, and details on Intra-AP moves.
Field Description
Station MAC address The MAC address that identifies the station
Auth Type Authentication used by station (Open, Shared key, EAP or MAC-ACL)
Encryption Encryption used by station (AES, TKIP, WEP, or open access)
AES Transmitted
Blocks Number of AES transmitted blocks. Valid only if encryption is AES
AES Received blocks Number of AES received blocks. Valid only if encryption is AES
AES Replays Number of AES replays. Valid only if encryption is AES
AES Decrypt Errors Number of AES decryption errors. Valid only if encryption is AES
WEP Excluded Count Number of WEP exclude packets Valid only if encryption is WEP
WEP Undecryptable
Count Number of times frames were not encrypted or a frame was discarded due to
the receiving station not implementing the privacy option. (Valid only if
encryption is WEP.)
Configuring Inter Access Point Protocol (IAPP)
Installation and Configuration Guide: Airgo Access Point 91
IAPP Service
Use the IAPP Service tab (Figure 63) to enable IAPP. Selecting Enable initializes IAPP to perform
network discovery and communicate with other APs. Click Apply to save changes.
Figure 63: IAPP Configuration - IAPP Service
IAPP Topology
The read-only IAPP Topology tab (Figure 64) displays information about all the neighboring APs
this AP has discovered, including the BSSID, IP address, and Compatibility (whether the IAPP
protocol can be established with the neighboring AP).
Figure 64: IAPP Configuration - IAPP Topology
4 Configuring Radio Settings
92 Installation and Configuration Guide: Airgo Access Point
IAPP Statistics
The IAPP Stats tab (Figure 65) lists information about IAPP activity.
Figure 65: IAPP Configuration - IAPP Stats
This tab contains the following information:
Item Description
Add Notifications Sent Number of add-notifications sent to other APs in the local multicast domain
due to stations associating to the AP
Add Notifications
Received Number of add-notifications received by the AP due to stations associating
with other APs in the local multicast domain
Move Notifications Sent Number of move notifications sent to other APs where the stations were
previously associated
Move Notifications
Received Number of move notifications received from other APs to which the stations
are currently associated
Move Responses Sent Number of move responses sent to other APs when stations have reassociated
with the other APs
Move Responses
Received Number of move responses received from other APs in the process of stations
reassociating with this AP
Move Notifications
Timeouts Number of move notifications which were not sent in the maximum time
allowed for a move transaction
Move Notifications
Retransmitted Number of times the move notifications were retransmitted for all the move
transactions (not supported)
Performing Radio Diagnostics
Installation and Configuration Guide: Airgo Access Point 93
Click Clear Statistics to return the statistics to zero and begin re-collecting them, and click
Refresh to update the display with the most current information.
Performing Radio Diagnostics
Choose Radio Diagnostics from the Wireless Services menu to test the radio signal between the
AP and a client station. The panel contains 2 tabs:
•Link Test—Test the radio link between the AP and a client station.
•Walk Test—Advanced parameters regarding rate and range performance testing.
Move Response Failures
Sent Number of move responses with a FAILURE status sent to other APs during
the station reassociating process
Move Response Failures
Received Number of move responses with a FAILURE status received from other APs
during the station reassociating process
Number of Intra-AP
Moves Number of successful station reassociations between APs
Number of Intra-AP
Moves Failures Number of unsuccessful station reassociations between APs
Item Description
4 Configuring Radio Settings
94 Installation and Configuration Guide: Airgo Access Point
Link Test
Use the Link Test tab (Figure 66) to test connections to IP devices or run performance tests on
specified links.
Figure 66: Radio Diagnostics - Link Test
The Link Test tab includes the following information for each defined link test:
Field Description
Interface Select the AP radio
Station MAC Select the MAC address of the station included in the link test
Packet Size Specify the size of each link packet (in bytes)
Duration Period during which the which the test runs
Average Interval Sampling interval
Status Current status of the link test. Click the Link Test tab to refresh
Performing Radio Diagnostics
Installation and Configuration Guide: Airgo Access Point 95
To perform a link test:
1Click Add to open the Link Test Setup entry panel (Figure 66).
Figure 67: Radio Diagnostics - Link Test - Setup
2Configure the following:
3Click OK to save the test.
To confirm that the test is running, click Link Test to return to the Link Test table. Scroll the table
columns to the right to view the Status column. When the test begins, the column displays the
message: Link Test Active. Continue to refresh the display until you see the message: Link
Test Completed Successfully.
Other recommendations for running a link test:
•Set the test duration to be greater than 5 minutes (or equivalent number of packets, for example
5 minutes = 1200 packets), and set the averaging interval greater than 30 seconds. This
compensates for any momentary glitches in the wireless link.
•Generate traffic (such as ping traffic) to the station when performing the link test. If rate
adaptation is active, this helps the uplink and downlink data rates settle at the maximum
sustainable rates for that link.
A maximum of 10 link tests can be active on an AP at one time. The collected link test data is
retained even after the link test is retained until manually deleted.
To graph the results of a link test, select the test on the Link Test tab, and click Graph. The Graph
panel (Figure 68) opens.
Field Description
Interface Select the AP radio
Station MAC Address Select the MAC address of the station included in the link test
Test Criteria Select whether the test is for a specified duration (seconds) or number of
packets. Enter the duration in the area to the right of the Test Criteria pull-
down list.
Packet Size Specify the size of each link packet (in bytes)
Average Interval Enter the interval over which link test data such as signal strength or signal
quality is averaged
4 Configuring Radio Settings
96 Installation and Configuration Guide: Airgo Access Point
Select from the following set of link test parameters to display a graph of the test results:
When a parameter is selected, that graph is displayed.
Figure 68: Radio Diagnostics - Link Test - Graph
Item Description
Downlink signal
strength Strength of the signal sent from the AP to the client station (percentage).
Uplink signal strength Strength of the signal sent from the client station to the AP (percentage).
Downlink signal quality Quality of the signal sent from the AP to the client station (percentage).
Uplink signal quality Quality of the signal sent from the client station to the AP (percentage).
Downlink data rate Transmission rate from the AP to the client station (Mbps).
Uplink data rate Transmission rate from the client station to the AP (Mbps).
Performing Radio Diagnostics
Installation and Configuration Guide: Airgo Access Point 97
Walk Test
Figure 69: Radio Diagnostics - Walk Test
CAUTION: These Radio Diagnostics are to be used only by Product Engineers. The
information below is for reference only.
Parameter Parameter Description Range/Units
WNI_CFG_CURRENT_TX_ANTENNA #of TX chains 1 to 2 / +
WNI_CFG_CURRENT_RX_ANTENNA # of RX chains 1 to 3 / –
WNI_CFG_DEFER_THRESHOLD Packet Detection Threshold 0–254 / dBm + 130
WNI_CFG_ACK_TIMEOUT_11A Ack Timeout 802.11a 0 - 100 / Micro
seconds
WNI_CFG_ACK_TIMEOUT_11B Ack Timeout 802.11b 0 - 100 / Micro
seconds
WNI_CFG_MAX_ACK_RATE_11A Max Ack Rate 802.11a MAC rate encoding:
Rate - Entered Value
6 - 12
9 - 18
12 - 24
18 - 36
24 - 48
36 - 72
4 Configuring Radio Settings
98 Installation and Configuration Guide: Airgo Access Point
WNI_CFG_MAX_ACK_RATE_11B Max Ack Rate 802.11b MAC rate encoding:
Rate - Entered Value
1 - 2
2 - 4
5.5 - 11
11 - 22
WNI_CFG_SHORT_PREAMBLE Enables or Disables Short
Preamble DISABLE (0),
ENABLE (1)
WNI_CFG_CWMIN_0_11A Min Contention Window
Size for 802.11a (TC0) 0 - 1023 / slots
WNI_CFG_CWMIN_0_11B Min Contention Window
Size for 802.11b (TC0) 0 - 1023 / slots
WNI_CFG_CWMIN_0_11G Min Contention Window
Size for 802.11g (TC0) 0 - 1023 / slots
WNI_CFG_CWMAX_0_11A Max Contention Window
Size for 802.11a (TC0) 0 - 1023 / slots
WNI_CFG_CWMAX_0_11B Max Contention Window
Size for 802.11b (TC0) 0 - 1023 / slots
WNI_CFG_CWMAX_0_11G Max Contention Window
Size for 802.11g (TC0) 0 - 1023 / slots
WNI_CFG_PROXIMITY Used to set the transmit
power for radio 0 (operates at max
power), 1 (operates at
reduced power)
Parameter (continued) Parameter Description Range/Units
Installation and Configuration Guide: Airgo Access Point 99
5Configuring Networking Settings
This chapter explains how to configure the advanced networking features of the Airgo Access
Point. It includes the following topics:
•Introduction
•Configuring Bridging Services
•Configuring IP Routes
•Configuring VLANs
•Configuring Quality of Service
•Configuring Advanced QoS
•Configuring Packet Filters
•Configuring Interfaces
•Configuring SNMP
•Ping Test
Introduction
The Airgo Access Point provides advanced features to configure wireless networking services and
extend services to network users. From the Networking Services menu, assign interfaces, define
quality of service, configure VLANs, and define packet filters. Statistics are also available to
monitor network activity.
Interfaces
Figure 70 illustrates the physical and logical elements of an Airgo wireless network. Each Airgo
Access Point has virtual interfaces that correspond to specific communications functions, as listed
in Table 10. The interfaces wlan0 and wlan1 provide access to the BSS created on the AP radios;
the interface eth0 provides access to the Ethernet network. In addition, a separate interface is
reserved for each wireless backhaul trunk.
NOTE: It is not necessary to modify any of the default networking settings in order to
get a wireless network up and running. The default settings may also be acceptable for
normal operation of small to mid-size networks.
5 Configuring Networking Settings
100 Installation and Configuration Guide: Airgo Access Point
Figure 70: Airgo Wireless Network Elements
Configuring Bridging Services
Use the Bridging panel, accessible from the Networking Services menu, to view the relationships
among bridges, interfaces, and client stations. The panel contains the following tabs:
•Bridge & STP—View bridges, their interface members, and spanning tree protocol (STP)
settings.
•Bridge Stats—View packet counts for each bridge.
•ARP Table—View the ARP cache.
Bridge and STP
Choose Bridging from the Networking Services menu to open the Bridge & STP tab (Figure 71),
The tab displays how bridging is currently configured and lists the interfaces and MAC addresses
Table 10: AP Interfaces
Interface Description
eth0 Wired Ethernet interface
wlan0 Wireless interface, radio 0
wlan1 Wireless interface, radio 1
wlan0.tkx Backhaul x created on wlan0. Each radio can support multiple backhauls.
wlan1.tkx Backhaul x created on wlan1. Each radio can support multiple backhauls.
Enterprise Boundry
NMS
Pro
RADIUS
10/100 Ethernet
Corporate
Network
Internet
LAN Switch/Router
WAN Router
with Firewall
Network Operations Center
AP with
2 Radios AP with
1 Radio
AP with
1 Radio
802.11a
802.11g/b
802.11a
(or 802.11g/b)
802.11g/b
(or 802.11a)
A0008C
Configuring Bridging Services
Installation and Configuration Guide: Airgo Access Point 101
learned at each interface (port) of the bridge. The bridge configuration is automatic and requires no
user configuration.
Figure 71: Bridge Configuration - Bridge & STP
Each bridge name is composed of a prefix, br, together with a bridge number. When the VLAN
feature is enabled, the VLAN ID is used as the bridge number. br1 represents VLAN 1 and is the
default bridge for forwarding user data traffic. br4094 represents VLAN 4094, which is an
internal VLAN assigned to the default bridge used for the Spanning Tree Protocol (see “Spanning
Tree Protocol (STP)” on page 101).
The Bridge table on the Summary tab lists each bridge and its associated interfaces (or ports). The
Bridge Forwarding table, located at the bottom of the panel, lists each bridge and interface, and
specifies which MAC addresses are learned at the interface.
Spanning Tree Protocol (STP)
The Summary tab also provides an option for enabling or disabling Spanning Tree Protocol (STP).
STP is a protocol that prevents bridging loops from forming due to incorrectly configured
networks. STP provides protection against looping, but it does increase network overhead. Before
STP allows traffic through a specific port, there may be a time lapse of 30 seconds. Operations may
also take longer than normal.
5 Configuring Networking Settings
102 Installation and Configuration Guide: Airgo Access Point
The default setting for STP is enabled. Disable STP if the network is small to mid-size and
looping is not a concern.
Bridge Statistics
The Bridge Stats tab (Figure 72) provides a summary of transmit/receive statistics for each bridge
or VLAN. The statistics are calculated from the last time the AP was rebooted or the Clear
Statistics button was selected. Click Clear Statistics to return the collected values to zero and start
collecting statistics again.
Figure 72: Bridge Configuration - Bridge Stats
ARP Table
The Address Resolution Protocol (ARP) tab (Figure 73) displays the current mapping of IP
addresses to MAC addresses associated with the listed interface. During normal operations, the
ARP table is updated automatically based on the number of MAC entities in the network. If a
mapping changes, however, some entries of the ARP table may become invalid. In this case, click
Clear ARP Cache on the tab to remove the current ARP entries and repopulate the table
automatically with valid entries. Click Refresh to update the display.
Configuring IP Routes
Installation and Configuration Guide: Airgo Access Point 103
Figure 73: Bridge Configuration - ARP Table
Configuring IP Routes
IP routing expands the addressing capability of the Airgo AP and allows you to mange the AP from
outside its local subnet. Use the IP Routing panel (Figure 73) to explicitly address subnets that are
not local. If a destination subnet is not entered into this panel, then default network routing applies.
Figure 74: IP Routing
The Route table shows the static route entries currently configured on the AP and bound to bridging
interfaces. To create a new route, click Add, enter the following information, and click Save.
Field Description
Destination IP Enter the IP address of the subnet to which packets can be forwarded, along
with the subnet prefix for the address.
5 Configuring Networking Settings
104 Installation and Configuration Guide: Airgo Access Point
Gateway IP Enter the IP address of the gateway that will route traffic between this AP and
the destination subnet.
Interface Name Enter the name of the bridging interface. Use the br prefix, as described in
“Configuring Bridging Services” on page 100.
Field Description
Configuring VLANs
Installation and Configuration Guide: Airgo Access Point 105
Configuring VLANs
VLANs are key to helping enterprises improve network traffic flow, increase load, and deliver
varying levels of service and access to different groups of users. For example, Figure 75 shows how
Acme Works uses two VLANs: one for normal corporate traffic and one for Finance Department
traffic. When a Finance Department user logs in to the network, the Finance group tag is passed to
the Airgo AP, and the Finance service profile, including Finance VLAN, is applied to the user.
Database transaction traffic, which was previously a burden on the overall network, is now handled
through the Finance VLAN and is transparent to normal corporate users.
Figure 75: Example Use of VLANs to Manage Enterprise Traffic
The Airgo AP supports up to 16 VLANs including the default VLAN. Use the VLAN
Configuration panel, accessible from the Networking Services menu, to add new VLANs and map
VLANs to specific AP interfaces. The VLAN panel contains a list of users assigned to user
VLANs; to make user VLAN assignments, use service profiles (“SSIDs and Service Profiles” on
page 79).
The VLAN Configuration panel contains the following tabs:
•VLAN Table—View the list of currently defined VLANs and add or modify VLANs.
•Interface VLAN—Assign VLANs for untagged frames arriving at the AP.
•User VLAN—View the list of users assigned to each VLAN by virtue of user group
membership.
•VLAN Stats—View packet statistics for each VLAN.
RADIUS
Server
A0044B
CorporateVLAN
CorporateVLAN
VLAN Switch
FinanceVLAN
FinanceVLAN
Corporate Finance
5 Configuring Networking Settings
106 Installation and Configuration Guide: Airgo Access Point
VLAN Table
Choose VLAN from the Networking Services menu to list information about each VLAN and
interface (Figure 76).
Figure 76: VLAN Configuration - VLAN Table
The VLAN table contains the following columns of information:
Field Description
VLAN ID Identifier for the VLAN. In bridging notation, this is the numeric ID that
follows the br prefix.
Name Alphanumeric name of the VLAN. The field is optional, unless it is the
default VLAN. The maximum length of VLAN Name is 80 characters.
IP Address The IP address and subnet prefix assigned to the VLAN. Assigning an IP
address enables the VLAN to be managed from this AP.
Management VLAN Indication of whether this VLAN is the management VLAN or not.
Interface The logical AP interface. The table contains a separate row for each VLAN/
interface combination.
Configuring VLANs
Installation and Configuration Guide: Airgo Access Point 107
Use the buttons on the Summary tab to add a new VLAN, configure an existing VLAN, delete an
interface from a VLAN, delete IP addresses from a VLAN, or set an interface as part of the
management VLAN. The default VLAN cannot be modified.
To add a new VLAN, click Add to open the Add VLAN Entry panel (Figure 77).
Figure 77: VLAN Configuration - Add VLAN Entry Panel
Enter the following information to define the new VLAN:
Click Apply to create the new VLAN and return to the VLAN table.
Interface VLAN
When the AP receives a frame, it must determine the VLAN to which the frame belongs. If the
received frame is tagged, then VLAN is already known, and the AP can route the packet
Tagged Indication of whether the identity of the VLAN is explicitly encoded in
transmitted packets. Each frame contains a four-byte tag that encodes the
VLAN to which the packet belongs when it is sent on a tagged interface. If the
received packet is untagged, the packet is classified as belonging to the
interface VLAN. If the VLAN interface is not tagged, then the AP drops any
VLAN-tagged packet. When the packet is transmitted from the interface, it is
be untagged.
Field Description
VLAN Name Enter an alphanumeric name for the VLAN. The maximum length of VLAN
name is 80 characters. (optional)
VLAN ID Enter a numeric identifier for the VLAN. This number is used for table
references and as part of the bridging ID. The range is 2 - 4093. (required)
IP Address/Maskbits Enter the IP address and maskbits used to access the VLAN for management
purposes. If the address is to be assigned by a DHCP server, select
DHCP Assigned.
If the VLAN is to be used for guest access, you must assign an IP address. See
“Configuring Guest Access” on page 156
Select Interface Select interfaces for the VLAN. If an interface is assigned to the VLAN, then
packets transmitted over that interface are included in that VLAN.
Tagged Select Tagged for an interface to mark packets sent out over the interface as
belonging to the VLAN.
Field Description
5 Configuring Networking Settings
108 Installation and Configuration Guide: Airgo Access Point
accordingly. The Interface VLAN tab (Figure 78) specifies treatment of frames that arrive at the AP
in an untagged state. Each interface is assigned to a VLAN, which then receives all untagged
frames arriving at the interface.
Figure 78: VLAN Configuration - Interface VLAN
Make sure that the VLAN is defined before assigning an interface, and then configure the following
fields:
Click Add to assign the interface to the specified VLAN.
User VLAN
The read-only User VLAN tab (Figure 79) lists the client stations mapped to each VLAN by way of
bound service profiles. The tab contains the following information:
See “Configuring SSID Parameters” on page 78 for information on service profiles.
Field Description
Select Interface Select the AP interface.
VLAN ID Enter the VLAN ID. (required)
Default Select to assign this as the default VLAN for untagged frames.
Field Description
VLAN ID VLAN identifier
VLAN name Alphanumeric name of the VLAN
IP Address Address used to access the VLAN
MAC Address MAC addresses of the client stations that are mapped to this VLAN through
their user group’s service profile
Configuring VLANs
Installation and Configuration Guide: Airgo Access Point 109
Figure 79: VLAN - User VLAN
5 Configuring Networking Settings
110 Installation and Configuration Guide: Airgo Access Point
VLAN Statistics
The VLAN Stats tab (Figure 80) provides a summary of transmit/receive statistics for each VLAN.
The statistics are calculated from the last time that the AP was rebooted or the Clear Statistics
button was selected. Click Refresh to update the statistics or Clear Statistics to return the collected
values to zero and start collecting statistics again.
Figure 80: VLAN - Stats
Configuring Quality of Service
Installation and Configuration Guide: Airgo Access Point 111
Configuring Quality of Service
Under normal network conditions, traffic in the wireless network is routed on a best-effort basis,
and all types of traffic are treated with equal priority. Quality of Service (QoS) permits priority
setting for different types of traffic, which can be important for applications in which even minor
interruptions in packet transmission can have a deleterious effect on perceived results. Examples
include streaming media or voice-over-IP (VoIP). With a QoS process in place, multiple clients can
run applications with varying traffic delivery requirements over a single shared network.
Airgo supports QoS through hierarchical classes of service (COS) that control how network
bandwidth is shared among multiple entities. COS specifies a numeric class code with values
ranging from 0 (lowest priority) to 7 (highest priority). This method does not guarantee bandwidth
for different traffic types, but does assure that high COS traffic will be given preference.
For example, when Acme Works wanted to set up a video conference center, it was important to
provide a higher quality of service for the video conference application. The company accordingly
set up a structure of multiple SSIDs in which a higher COS value was assigned to the service
profile for the Video SSID (Figure 81).
Figure 81: Example Applications with Different COS Levels
The Airgo AP supports several options for assigning COS to the packets passing into the AP (the
ingress to the AP).
Rule Description
TCID-to-COS mapping Defines a COS mapping based on the Traffic Class Identifier (TCID), which
is part of the standard 802.11 frame header. Incoming packets with a TCID
value assigned can be mapped to COS.
VLAN-to-COS Defines a COS mapping for packets that are not VLAN-tagged upon arrival at
the AP.
Interface-to-COS Associates a COS value to each of the AP interfaces (eth0, wlan0, wlan1).
MAC Uses the COS value from the user group’s service profile (see “Configuring
SSID Parameters” on page 78).
A0043B
SSID="Corporate" SSID="Video"
10/100 Switched Ethernet
Corporate Video
COS=7COS=4
5 Configuring Networking Settings
112 Installation and Configuration Guide: Airgo Access Point
Use the QoS Configuration panel to define TCID, VLAN, and Interface COS mappings. Use the
Advanced QoS Configuration panel (“Configuring Advanced QoS” on page 115) to define the IP
and DSCP mapping and to assign class order.The QoS Configuration panel is divided into the
following tabs:
•Ingress QOS—Define COS mappings packets entering the AP.
•Egress COS—Assign priority to the 802.11 packets leaving the AP.
•QOS Stats—Display QoS statistics for each of the AP interfaces.
IP Precedence Defines a mapping based on the first 3 bits in the Type of Service (TOS) byte
of the IP header. Incoming packets that have an IP Precedence value can be
mapped to COS.
DiffServ Code point
(DSCP)-to-COS Defines a mapping based on the first 6 bits in the TOS byte of the IP header.
Incoming packets that have a DSCP value can be mapped to COS.
IP Protocol Assigns COS value based on the standard numbers for individual IP protocols.
Class Order Determines the order in which all the COS mapping rules are applied.
Rule (continued) Description
Configuring Quality of Service
Installation and Configuration Guide: Airgo Access Point 113
Ingress QOS
Use the Ingress QOS tab to assign COS values to incoming 802.11 packets. If a packet has a COS
value in the VLAN tag when it arrives at the AP, then its COS value is honored by the AP. If the
packet is not VLAN-tagged, then it can be classified at the ingress interface by way of a COS map
defined on the Ingress QOS tab (Figure 82).
Figure 82: QOS Configuration - Ingress QOS
5 Configuring Networking Settings
114 Installation and Configuration Guide: Airgo Access Point
Perform the following functions on this tab:
Egress COS
Use the Egress COS tab (Figure 84) to modify the default priorities assigned to 802.11 packets
leaving the AP by creating a COS-to-TCID mapping.
If a TCID to COS mapping is defined, the TCID value is obtained from the mapping table of the
interface based on the COS field of the frame. By default, COS-to-TCID mapping is one-to-one,
i.e. COS 0 maps TCID 0, 1 maps to 1, … and 7 maps to 7. If your network supports fewer than 8
priority levels, you can map multiple COS levels to a single TCID value.
Figure 83: QOS Configuration - Egress COS
Function Steps
Define TCID to COS
mapping 1Select the radio interface for the mapping.
2Select a COS value for each TCID value, or select Default to accept the
default mapping.
3Click Apply.
Define VLAN-to-COS
mapping 1Click Add.
2Select the AP interface.
3Select the VLAN ID. (See “Configuring VLANs” on page 105 for
information on VLAN IDs.)
4Select a COS value or select Default to use the default mapping.
5Click Apply.
Interface-to-COS 1Click Add.
2Select the AP interface.
3Select a COS value or select Default to use the default mapping.
4Click Apply.
Configuring Advanced QoS
Installation and Configuration Guide: Airgo Access Point 115
Configure the following fields on this tab:
Click Apply to save your changes or Reset to return to previously saved values.
QoS Stats
The QoS Stats tab (Figure 84) presents incoming packet and outgoing packet counts for each of the
AP interfaces. The counts are indexed to one of the eight available COS levels. Every statistic is a
comma-separated set of numbers, each of which corresponds to one of the COS levels: 0-7. For
example, the out-of-packet count for wlan0 in the figure shows 77614 packets at COS level 0 and
36127 packets at COS level 7.
Click Clear Statistics to return the values to zero and restart the collection process.
Figure 84: QOS Configuration - QOS Stats
Configuring Advanced QoS
Use the Advanced QoS panel to assign COS values to packets entering the AP based on IP layer
information and choose the QoS class order. The panel contains the following tabs:
•Class-Order—Determine the order in which to apply all the QoS rules.
•IP-DSCP—Define COS mapping based on the first 6 bits in the TOS byte of the IP header.
•IP Protocol—Use standard IP protocol numbers assigned to different IP layer protocols.
•IP Precedence—Define COS mapping based on the first 3 bits in the TOS byte of the IP header.
Field Description
Select Radio Interface Select the AP interface.
Default Select to use the default mapping.
TCID If Default is not selected, map each COS level to a TCID level.
5 Configuring Networking Settings
116 Installation and Configuration Guide: Airgo Access Point
Class-Order
The COS mappings on the QoS and Advanced QoS Configuration panels may yield conflicting
results for ingress packet priority. Use the Class-Order tab (Figure 84) to specify the order in which
to apply each of the rules. When a packet arrives at the AP, the AP checks to see whether a mapping
exists for the first rule in the class-order list. If so, that mapping is applied to the packet. If not, the
AP checks whether a mapping exists for the second rule. If so, that mapping is applied. If not, the
AP continues down the class-order list.
The default class order is:
•TCID
• IP Protocol
•DSCP
• IP Precedence
•MAC
•VLAN
• Interface
Figure 85: Advanced QOS Configuration - Class-Order
Configure the following fields on the Class-Order tab:
Field Description
Select Radio Interface Select the AP interface.
Ingress Class Order -
Default Select to use the default mapping.
Ingress Class Order -
Move to Top If the default order is not chosen, select a COS mapping type and click Apply
to move it to the top of the class-order priority list. Repeat as needed to create
the desired ordering.
Configuring Advanced QoS
Installation and Configuration Guide: Airgo Access Point 117
Click Apply to save all the changes on the tab.
IP-DSCP
Use the IP-DSCP tab (Figure 86) to map DiffServ Code point (DSCP) values to COS and to view the
current DSCP to COS maps. DSCP uses the first 6 bits in the TOS byte of the IP header, so the possible
values range from 0 to 63.
Figure 86: Advanced QOS Configuration - IP-DSCP
5 Configuring Networking Settings
118 Installation and Configuration Guide: Airgo Access Point
Configure the following fields on this tab:
Click Apply to save all the changes on the tab.
IP Protocol
Use the IP Protocol tab (Figure 87) to base the COS mapping on IP protocol numbers, as defined in
Version 4 of the IP protocol. Current protocol number assignments are available at http://
www.iana.org.
Figure 87: Advanced QOS Configuration - IP Protocol
Configure the following fields to define the IP Protocol-to-COS map:
Click Apply to save all the changes on the tab.
Field Description
Select Radio Interface Select the AP interface.
Default Select to use the default mapping.
DSCP String If Default is not chosen, enter up to eight DSCP values that you want to map
to a specific COS value.
COS Select the COS value.
Field Description
Select Radio Interface Select the AP interface.
IP Protocol ID Enter the number assigned to the IP protocol.
COS Select the COS value.
Configuring Packet Filters
Installation and Configuration Guide: Airgo Access Point 119
IP Precedence
Use the IP Precedence tab (Figure 88) to base the COS mapping on the first 3 bits in the TOS byte
of the IP header.
Figure 88: Advanced QOS Configuration - IP Precedence
Configure the following fields to define an IP Precedence-to-COS map:
Click Apply to save all the changes on the tab.
Configuring Packet Filters
Use the Filter Configuration panel, accessible from the Networking Services menu, to define packet
filtering rules for the specific AP interfaces. Filters can help improve performance by reducing load
on the wireless side of the network.
The panel contains the following tabs:
•Filter Table—View currently-defined packet filters and add or edit filters.
•Filter Stats—View counts of packets that match the filter criteria.
Filter Table
Choose Filter Configuration from the Networking Services menu to open the Filter Table tab
(Figure 89). By default, an incoming and outgoing filter is defined for each of the interfaces wlan0,
wlan1, and eth0. The Filter table displays the name of the interface, whether it is for incoming or
outgoing traffic, whether to accept or discard the packet, and the criterion used to accept or discard
it.
Field Description
Select Radio Interface Select the AP interface.
Default Select to apply the default mapping
COS If Default is not chosen, select the desired COS values.
5 Configuring Networking Settings
120 Installation and Configuration Guide: Airgo Access Point
Figure 89: Filter Configuration - Filter Table
From the Filter Table tab, add a new filter by clicking Add, or edit an existing one by selecting the
filter and clicking Edit. The Add Filter Entry panel opens(Figure 90). Enter or select values for the
following fields:
Click Apply to save the values and return to the Summary tab. Click Cancel to return to the
Summary tab without saving the values.
Field Description
Interface Name If creating a new filter, select an interface from the pull-down list.
Filter Direction Specify whether the filter is for incoming (ingress) or outgoing (egress)
communications. It is necessary to create a separate filter for each.
Accept/Discard Indicate whether the filtering rule is to accept or discard the packet.
Select Match Indicate if the filter rule is satisfied when a packet contains an Ether Type
value that matches the specified Ether Type, or if the filter rule is satisfied
when a packet contains an Ether Type that does not match any other filter rule.
Ether Type is the standard Ethernet code for the type of packet (e.g., for IP,
the code is 2048, or 0x800 hex).
Configuring Interfaces
Installation and Configuration Guide: Airgo Access Point 121
Figure 90: Filter Configuration - Add Filter Entry Panel
Filter Statistics
The Filter Stats tab (Figure 91) lists statistics for each defined filter. The statistics are calculated
from the last time that the AP was rebooted or the Clear Statistics button was selected. The Hits
column shows the number of packets of the specified type received on the interface with the
defined filter. Click Refresh to update the statistics or Clear Statistics to return the collected
values to zero and start collecting statistics again.
Figure 91: Filter Configuration - Stats Tab
Configuring Interfaces
Use the Interface Configuration panel, accessible from the Networking Services menu, to configure
the physical AP interfaces (wlan0, wlan1, eth0). The panel contains the following tabs:
•IF Table—View the administrative and operation state of each of the interfaces, and bind an IP
address to each interface.
•IF Stats—View the packet and byte statistics for traffic traversing each interface.
5 Configuring Networking Settings
122 Installation and Configuration Guide: Airgo Access Point
Interface Table
Choose Interface from the Networking Services menu to open the Interface Table (Figure 92). Use
this tab to assign an IP address to each interface, thereby making it possible to route traffic to the
interface. Without an assigned IP address, traffic can only be bridged to the interface, not routed.
Figure 92: Interface Configuration - IF Table
The Interface table lists each interface along with its IP address, enabled or disabled flag, and
indication of whether the interface is currently operational. Enable, disable, or delete an IP address
assigned to an interface by selecting the interface entry and clicking Enable, Disable, or Delete-IP.
To assign an IP address to an interface, enter the following values under IP Address Configuration,
and click Apply:
Use the Encapsulation Configuration section at the bottom of the tab to ensure that the AP can
operate with older equipment that is not fully 802.11-compatible. 802.1h is the current standard for
encapsulation. For other, incompatible equipment, select Encapsulated to encase the Ethernet
frames from the equipment within standard 802.11 frames. Click Apply after making any change.
Field Description
Interface Name Select the AP interface name from the pull-down list
IP Address Enter the IP address to assign to the interface (required)
Maskbits Enter the subnet prefix length for the IP address (required)
Configuring SNMP
Installation and Configuration Guide: Airgo Access Point 123
Interface Statistics
The Interface Statistics tab (Figure 93) shows packet and byte statistics for each of the AP
interfaces. The statistics are calculated from the last time that the AP was rebooted or the Clear
Statistics button was selected. Click Refresh to update the statistics or Clear Statistics to return the
collected values to zero and start collecting statistics again.
Figure 93: Interface - Stats Tab
Configuring SNMP
Simple Network Management Protocol (SNMP) is an industry standard protocol used to manage
interactions with the Airgo APs. The protocol works through message passing between SNMP
managers and agents, which are devices that comply with the SNMP protocol. The information of
interest to the SNMP manager is stored in the agents’ management information bases (MIBs) and
sent to the SNMP manager upon request.
SNMP communities restrict access to the MIBs to authorized agents. Each community can be
earmarked with read or read/write status, indicating the type of authorized MIBs access. An SNMP
trap filters the SNMP messages and saves or drops them, depending upon how the system is
configured.
Choose SNMP Configuration from the Networking Services menu to open the SNMP panel
(Figure 94) to configure SNMP parameters.
5 Configuring Networking Settings
124 Installation and Configuration Guide: Airgo Access Point
Figure 94: SNMP Configuration
Enter values in the following fields to define the basic SNMP configuration:
Click Apply to save your changes, or Reset to return to previously saved values.
The bottom of the SNMP panel contains a table of currently defined traps. To delete a trap, select it
in the SNMP Agent Table, and click Delete.
Field Description
Community String Enter the alphanumeric community string (required)
Community Read/Write
Status Indicate the read or read/write status of the community
Trap Sink IP Address Enter the IP address where SNMP traps should be sent (required)
Trap Community Enter the community for SNMP traps
Trap Sink Port Indicate the port identified for the SNMP traps (default is 162)
Ping Test
Installation and Configuration Guide: Airgo Access Point 125
Ping Test
Use the Ping Test panel to execute an ICMP Echo Request to check network connectivity to a
remote IP host. Enter the hostname or IP address of the remote host. Figure 95 shows the Ping Test
panel with test results presented.
Figure 95: Ping Test
5 Configuring Networking Settings
126 Installation and Configuration Guide: Airgo Access Point
Installation and Configuration Guide: Airgo Access Point 127
6Configuring a Wireless Backhaul
This chapter explains how to set up a wireless distribution system to cover a large area with limited
wired network connectivity. It covers the following topics:
•Introduction
•Setting Up a Wireless Backhaul
Introduction
Wireless backhaul refers to the process of delivering data from a node on the wireless network back
to the wired network. In a wireless backhaul configuration, some APs connect directly to the wired
network, while others relay wireless signals from clients to the APs that are connected to the wired
network. Wireless backhaul interconnects multiple Airgo Access Points to form a wireless
distribution system, in which an 802.11x network covers large areas, such as a campus or open area
with relatively few wired access points (Figure 96).
Figure 96: Wireless Backhaul Network
Applications of wireless backhaul include building-to-building bridging and 802.11b traffic
aggregation. Airgo support for wireless backhaul includes bridge creation, instantiation of logical
bridge ports on radios, and bridging functions such as address learning, packet forwarding, and
Spanning Tree Protocol (STP).
A0007B
Wireless Backhaul =
10/100 Switched Ethernet
6 Configuring a Wireless Backhaul
128 Installation and Configuration Guide: Airgo Access Point
Use of Radios for Backhaul
Each access point in a backhaul configuration must have two radios and be enrolled in the network.
One of the radios operates in normal mode to serve downstream APs or clients. The other radio
assumes the backhaul role (BP), relaying network traffic from clients or other APs through the
backhaul arrangement up to the wired network. Each radio operates in a different band.
For a backhaul point radio to establish a link with an AP, it must be able to receive its radio signals.
Accordingly, the AP node with the BP radio must be within range of the upstream AP radio. A
radio can be configured to operate in the BP mode even if its node is directly connected to the wired
network, as in the case of building-to-building bridge applications.
From the perspective of the wired APs, each backhaul AP appears as a client; however, these
“clients” are not identified in the RADIUS user database. For authentication purposes, identity
information for the backhaul APs is automatically entered into the internal RADIUS database on
the security services portal AP upon enrollment of the backhaul node. Users cannot view or modify
this information.
Wireless Backhaul Trunks
A trunk is a wireless connection from one access point radio to another. An access point that is not
connected to the wired network or an access point explicitly configured in the BP mode tries to
establish a wireless trunk connection to another access point. A succession of trunks established
between access points provides a path from client stations through the wireless network to the
wired network.
If a trunk connection fails or a backhaul link goes down, then the access point that established the
trunk re-scans the wireless environment and attempts to connect to another AP radio with
compatible wireless and network characteristics. This process is called retrunking.
Backhaul retrunking usually occurs quickly (2-3 seconds) if uplink candidates are available.
Subnets do not change as a result of retrunking. If a backhaul trunk fails and the BP radio cannot
reestablish (recover) backhaul within 30 minutes, all backhaul links formed with its uplink AP
radio are brought down. This gives an opportunity for the downlink nodes to attempt to form
alternate backhaul paths.
Wireless Backhaul security
After enrollment, the BP radio uses WPA (EAP) for authentication and AES for encryption on its
trunk or trunks. The following security restrictions apply:
•The upstream AP must have WPA enabled.
•All WPA-compatible authentication and encryption schemes are permitted.
•WEP may be enabled in addition to WPA on the upstream AP
•Both upstream and downstream APs must be enrolled by NM Portal.
For more information on security, see Chapter 7, “Managing Security.”
NOTE: The access point must have a wired connection to be enrolled in the network
(see “Enrolling APs” on page 165). After the AP is enrolled, the wired connection can
be removed.
Setting Up a Wireless Backhaul
Installation and Configuration Guide: Airgo Access Point 129
Setting Up a Wireless Backhaul
Choose Wireless Backhaul from the Wireless menu to bring up the Wireless Backhaul
configuration panel. The panel contains 4 tabs:
•Link Criteria—Configure criteria for backhaul trunk formation.
•Candidate APs—Identify APs to use for the uplink.
•Trunk Table—View the list of current backhaul trunks.
•Trunk Stats—View statistics for the backhaul trunks.
Link Criteria
Use the Link Criteria tab (Figure 97) to set up the network parameters for the wireless backhaul.
These parameters specify the rules that apply to the backhaul point (BP) radios which form uplink
backhaul trunks by associating to normal radios (AP). These rules are used to determine the
candidate parent list of upstream APs for the backhaul trunk.
Figure 97: Backhaul Configuration - Link Criteria
6 Configuring a Wireless Backhaul
130 Installation and Configuration Guide: Airgo Access Point
The Uplink Configuration settings on this tab restrict how the backhaul is configured. Select some
or all of the settings, or leave this section blank to permit unrestricted choice of uplinks:
After making changes in the Uplink Criteria Configuration section, click Apply. Click Reset to
return the parameters on the panel to the previous saved values.
Use the area at the bottom of the tab to specify the BSSID criteria (in conjunction with the Uplink
BSSID buttons):
After adding BSSIDs, click Apply. The BP now attempts to establish a backhaul link based upon
the configured rules.
Click Delete to remove a BSSID from the list.
Field Description
Select Radio Interface Select radio wlan0 or wlan1.
SSID Criteria Select Detected SSID to connect to a specific network. To add an SSID which
is not currently in operation, select New SSID and enter the name of the SSID.
This configuration is one of the attributes used by the radio in BP mode to
form a backhaul.
IP Subnet Criteria Enter an IP address and subnet prefix length to restrict the backhaul to a
specific subnet. The BP radio selects those APs as candidates that advertise
the specified subnet. If the IP address is 0.0.0.0, the BP radio ignores the
subnet ID as a criterion when selecting AP candidates for trunk formation.
Path Selection Criteria Choose the criterion for selecting the best wireless backhaul route from the
following three options:
•Lowest Weighted Cost—Candidate parent APs are selected in ascending
order of path cost. (The candidate parent with lowest path cost to the wired
network is the one with highest priority). Path cost is a cumulative metric
in which each hop contributes to the path cost value. The calculation
factors in the backhaul and non-backhaul traffic load on the candidate AP
and quality of the link between the backhaul end points.
•Smallest Hop Count—Candidate parents are selected in ascending order of
hop count (number of hops to the wired network).
•Highest Node priority—Candidate parents are selected in ascending order
of priority as determined by the configured uplink BSSID list.
Uplink BSSID Criteria This parameter is used in conjunction with the area entitled BSSIDs For
Uplink Criteria at the bottom of the tab to restrict uplink candidates to a
specific set of BSSIDs or to permit all BSSIDs except a designated list.
•To restrict candidates to a designated list, select Accept from BSSIDs.
•To avoid candidates on a specified list, select Discard from BSSIDs.
Field Description
Add BSSID To add BSSIDs to the Selected list, add from the pull-down list, and click
Add. Alternatively, enter the name of a BSSID, and click Add. The saved
BSSIDs are displayed in the selected BSSIDs list on the right. This list that
determines acceptable uplink candidates (if Accept from BSSIDs was selected
in Uplink BSSID Criteria), or eliminated uplink candidates (if Discard from
BSSIDs was selected).
Setting Up a Wireless Backhaul
Installation and Configuration Guide: Airgo Access Point 131
Candidate APs
Select the Candidate APs tab (Figure 98) to identify the access points that can be used to create the
uplink to the wired network.
Figure 98: Backhaul Configuration - Candidate APs
The panel displays the discovered APs that are able to provide uplink connectivity. The table of
uplink candidate APs shows the following information:
If no uplink candidate APs are available, the table is empty.
Trunk Table
Select the Trunk Table tab (Figure 99) to view the list of current backhaul trunks. The backhaul is
established if the MAC address of the backhaul trunk is listed in the table.
Figure 99: Backhaul Configuration - Trunk Table
Feature Description
Interface Radio interface of uplink candidate parent
Destination MAC
Address BSSID of the remote uplink candidate parent
AP beacon name Name of the AP node of the candidate parent, sent in beacons
6 Configuring a Wireless Backhaul
132 Installation and Configuration Guide: Airgo Access Point
This tab contains the following information:
If no trunks are detected, the table is empty.
Trunk Statistics
Select the Trunk Statistics tab (Figure 100) to statistics for the available backhaul trunks. If no
trunks are detected, the table is empty. To clear the cumulative statistics, click Clear Statistics.
Figure 100: Backhaul Configuration - Trunk Stats
This tab contains the following information:
Feature Description
Interface Name Radio interface of the BP radio (uplink) or AP radio to which downlink trunks
are connected. Applies to uplink and downlink trunks.
Band (2.4 GHz or 5
GHz, or both) Operating band of the uplink or downlink trunks. Applies to uplink and
downlink trunks. For the uplink trunk the band is the operating band of the BP
radio. For downlink trunks the band is the operating band of the AP radio.
Trunk Dest MAC MAC address (BSSID) of the remote backhaul destination. For Uplink trunks
this is the MAC address of the parent AP; for downlink trunks it is the MAC
address of the BPs (children) associated with the AP radio. Applies to uplink
and downlink trunks.
Channel ID of the channel on which the backhaul trunks (uplink and downlink) are
operating. Applies to uplink and downlink trunks.
Re-trunk counts Number of times the BP (uplink) retrunked (could be due to trunk failure or
trunk optimization). Applies only to the uplink trunk.
Link Type Indication of whether the interface is an uplink or downlink trunk
Field Description
Interface The AP radio interface (wlan0 or wlan1)
Rx Bytes Number of bytes received at this AP
Rx Packets Number of packets received at this AP
Setting Up a Wireless Backhaul
Installation and Configuration Guide: Airgo Access Point 133
Click Clear Statistics to return the counts in this tab to zero and begin collecting statistics again.
Tx Bytes Number of packets transmitted by this AP
Tx Packets Number of packets transmitted by this AP
Rx Multicast Packets Number of multicast packets received by this AP
Field Description
6 Configuring a Wireless Backhaul
134 Installation and Configuration Guide: Airgo Access Point
Installation and Configuration Guide: Airgo Access Point 135
7Managing Security
This chapter describes the encryption and authentication features of the Airgo Access Point and
explains how to set the security configuration. The chapter includes the following topics:
•Introduction
•Configuring Wireless Security
•Configuring Authentication Zones
•Configuring Administrator Security
•Viewing Security Statistics
•Configuring Advanced Parameters
Introduction
Airgo offers the strongest available security options for wireless networking, as listed here and
illustrated in Figure 101:
•AP Security verifies the identity of individual APs and authorizes them to be part of the
wireless network. APs can be enrolled individually or pre-enrolled as group. The process uses a
certificate and password to fully verify the identity of the AP. By clearly identifying which APs
belong to the authorized set, the enrollment process can also help identify unauthorized or
rogue APs.
•Administrator security authorizes designated users to access the configuration and management
capabilities of the AP using HTTPS, SSH, or SNMPv3 for the web interface, CLI, or network
management system.
•User security encompasses authentication and encryption. Authentication verifies the identity
of individual users and gives them access to the network, restricted to specific network service
profiles. Once the network and authenticated users are in place, data encryption protects the
privacy of user data transmitted over the wireless network.
•Guest access security provides password or custom access control for guest users, including the
configuration of a guest-VLAN for Internet access and session management.
NOTE: For information on security for access point enrollment, refer to Chapter 9,
“Managing the Network.”
7 Managing Security
136 Installation and Configuration Guide: Airgo Access Point
Figure 101: Elements of Airgo Security
AP Security
Airgo provides a highly secure process to enroll access points. Three distinct levels of identification
verify the AP: Device ID, Thumbprint, and a bootstrap password unique to the AP. To assure
central control of the verification process, it is recommended that a single enrollment server handle
enrollment for the entire wireless network. The architecture supports two enrollment server
options:
•AP Enrollment Server—Designate an NM Portal AP as the enrollment server for the network.
For instructions, see Chapter 9, “Managing the Network.”
•NMS Pro—The NMS Pro network management system, offered as a separate product, operates
as a complete enrollment solution for the enterprise. In addition to supporting manual AP
enrollment, NMS Pro includes automatic AP pre-enrollment by way of a bar code reader
interface. For information on using NMS Pro, see the NMS Pro Installation and Configuration
Guide.
Administrative Security
SSH, https, and SNMPv3 are used for secure administrative access to the AP.
User Security
Acceptable and effective solutions for user authentication depend upon the network size,
complexity, and existing authentication infrastructure.
Users Security
• All WPA Modes
• EAP-TLS, -PEAP, -PSK
• AES, TKIP or WEP Encryption
A0047
AP Security
• Secure AP Enrollment
• Batch or One-Click
• Certificates & Password
Admin Security
• Admin & Operator
• Username, Password
• SSH, HTTPS, SNMPv3
Guest Security
• Password or Custom Access Control
• Guest-VLAN for Internet Access
• Session Management
Guest Security
User Security
Admin Security
AP
Security
Data Encryption
Installation and Configuration Guide: Airgo Access Point 137
Current user authentication standards are based on the IEEE 802.1x specification, which identifies
users and permits connectivity based upon policies established in a central server. Many
authentication servers use the Remote Authentication Dial-In User Service (RADIUS) protocol,
which enables remote access servers to communicate with the central server to authenticate users
and authorize service or system access. Within the RADIUS context, the most effective
authentication methods use versions of the Extensible Authentication Protocol (EAP) for the end-
to-end authentication of the client by the authentication server.
The Airgo AP can meet all the user authentication needs for the full range of wireless networks.
(See Chapter 2, “Planning Your Installation.”) Airgo supports several modes of authentication, as
listed in Table 11. WPA-PSK uses pre-shared keys (PSK) that is configured directly by the
administrator into the AP and network clients. Based on the network wide key, the clients and AP
receive unique session keys for each client session. This approach can be effective for small
businesses for whom strong encryption is desired but a centralized authentication infrastructure is
not available. EAP-TLS (EAP with Transport Layer Security) is a certificate-based authentication
method based on the TLS protocol. The RADIUS security services within the Airgo AP provide
EAP-TLS for user authentication. Airgo also supports integration with RADIUS servers that
support EAP-TLS or EAP-PEAP.
In addition to the EAP-based authentication methods, Airgo supports WEP-based encryption for
legacy clients. Airgo also supports the option of no user authentication.
Data Encryption
Table 12 lists the available options for data encryption, in order of decreasing protection. The
current standard for data encryption is WPA-AES, which provides financial-grade protection. The
WEP encryption options use 64-bit or 128-bit encryption keys, assigned manually or dynamically,
as dictated by the capabilities of the client. These offer some protection against casual interlopers;
however, the WEP algorithms are vulnerable to compromise and can be difficult to maintain. WPA-
TKIP closes the major WEP loopholes and can be an acceptable alternative to standard WEP. Open
Table 11: Authentication Options
Type Description
EAP-TLS Certificate-based authentication, used by the Airgo security services portal and
many external RADIUS servers
EAP-PEAP EAP-PEAP RADIUS based authentication
WPA - PSK Authentication acceptable for small to mid-size installations, in which manual
distribution of keys is convenient and centralized management is not required
Dynamic WEP with
802.1x Not recommended due to limitations of the WEP algorithms. If it is necessary
to use this option to support legacy equipment, make sure that a RADIUS
server configured for the SSID. The RADIUS server should be configured to
support EAP-TLS or EAP-PEAP. Note that the Airgo Wireless LAN Client
Adapter does not support dynamic WEP.
None No user authentication