Cambium Networks XN4 Wireless LAN Array User Manual xirrus PDF

Xirrus, Inc. Wireless LAN Array xirrus PDF

User Manual 3

Wi-Fi ArrayThe Command Line Interface 331filter The  filter command [Xirrus_Wi-Fi_Array(config-filter)#] is used to manage protocol filters and filter lists.Command Descriptionadd Add a filter.FORMAT:filter add [name]add-list Add a filter list.FORMAT:filter add-list [name]del Delete a filter.FORMAT:filter del [name]del-list Delete a filter list.FORMAT:filter del-list [name]edit Edit a filter.FORMAT:filter edit [name type]edit-list Edit a filter listFORMAT:filter edit-list [name type]enable Enable a filter list.FORMAT:filter enable move Change a filter priority.FORMAT:filter move [name priority]
Wi-Fi Array332 The Command Line Interfaceoff Disable a filter list.FORMAT:filter offon Enable a filter list.FORMAT:filter on reset Delete all protocol filters and filter lists.FORMAT:filter resetCommand Description
Wi-Fi ArrayThe Command Line Interface 333fips The  fips command [Xirrus_Wi-Fi_Array(config)# fips] is used to set the parameter values required for FIPS 140-2, Level 2 security. For more information, see Appendix E: Implementing FIPS Security. Command Descriptiondisable Reverts FIPS settings to the values they had before performing a fips on command. FORMAT:fips disableenable Set FIPS security on the Array. Remembers the values of parameters prior to setting them.FORMAT:fips enableoff Reverts FIPS settings to the values they had before performing a fips on command. FORMAT:fips offon Set FIPS security on the Array. Remembers the values of parameters prior to setting them.FORMAT:fips on
Wi-Fi Array334 The Command Line Interfacegroup The group command [Xirrus_Wi-Fi_Array(config)# group] is used to create and configure user groups. User groups allow administrators to assign specific network parameters to users through RADIUS privileges rather than having to map users to a specific SSID. Groups provide flexible control over user privileges without the need to create large numbers of SSIDs. For more information, see “Groups” on page 247. hostname The  hostname command [Xirrus_Wi-Fi_Array(config)# hostname] is used to change the hostname used by the Array.Command Descriptionadd Create a new user group. FORMAT:group add [group-name]del Delete a user group.FORMAT:group del [group-name]edit Set parameters values for a group. FORMAT:group edit [group-name]reset Reset the group.FORMAT:group resetCommand Descriptionhostname Change the hostname of the Array.FORMAT:hostname [name]
Wi-Fi ArrayThe Command Line Interface 335https The  https command [Xirrus_Wi-Fi_Array(config)# https] is used to enable or disable the Web Management Interface (https), which is enabled by default. It also allows you to establish a timeout for your Web management session.Command Descriptiondisable Disable the https feature.FORMAT:https disableenable Enable the https feature.FORMAT:https enableoff Disable the https feature.FORMAT:https offon Enable the https feature.FORMAT:https ontimeout Define an elapsed period (in seconds) after which the Web Management Interface will time out.FORMAT:https timeout 5000
Wi-Fi Array336 The Command Line Interfaceinterface The interface command [Xirrus_Wi-Fi_Array(config)# interface] is used to select the interface that you want to configure. To see a listing of the commands that are available for each interface, use the ? command at the selected interface prompt. For example, using the ? command at the Xirrus_Wi-Fi_Array(config-gig1}#prompt displays a listing of all commands for the gig1 interface.Command Descriptionconsole Select the console interface. The console interface is used for management purposes only.FORMAT:interface consoleeth0 Select the Fast Ethernet interface. The Fast Ethernet interface is used for management purposes only.FORMAT:interface eth0Note: To configure a static route for management traffic, next enter:static-route addr [ip-addr]static-route mask [subnet-mask]gig1 Select the Gigabit 1 interface.FORMAT:interface gig1gig2 Select the Gigabit 2 interface.FORMAT:interface gig2iap Select an IAP.FORMAT:interface iap
Wi-Fi ArrayThe Command Line Interface 337licenseThe license command [Xirrus_Wi-Fi_Array(config)# license] is used to set the license key for the Array. A valid license is required for Array operation, and it controls the features available on the Array. load The  load command [Xirrus_Wi-Fi_Array(config)# load] loads a configuration file.Command Description<cr> Set the license for the Array.FORMAT:license <license-key>When you enter the new key obtained from Xirrus, simply hit the Enter key <cr> to apply it.Command Descriptionfactory.conf Load the factory settings configuration file. FORMAT:load [factory.conf]lastboot.conf Load the configuration file from the last boot-up. FORMAT:load [lastboot.conf][myfile].conf If you have saved a configuration, enter its name to load it. FORMAT:load [myfile.conf]saved.conf Load the configuration file with the last saved settings. FORMAT:load [saved.conf]
Wi-Fi Array338 The Command Line Interfacelocation The location command [Xirrus_Wi-Fi_Array(config)# location] is used to set the location for the Array.management The management command [Xirrus_Wi-Fi_Array(config)# management] enters management mode, where you may configure console management parameters.more The more command [Xirrus_Wi-Fi_Array(config)# more] is used to turn terminal pagination ON or OFF.Command Description<cr> Set the location for the Array.FORMAT:location [newlocation]Command Description<cr> Enter management mode.FORMAT:management <cr>Command Descriptionoff Turn OFF terminal pagination.FORMAT:more offon Turn ON terminal pagination.FORMAT:more on
Wi-Fi ArrayThe Command Line Interface 339netflowThe netflow command [Xirrus_Wi-Fi_Array(config-netflow)#] is used to enable or disable, or configure sending IP flow information (traffic statistics) to the collector you specify.Command Descriptiondisable Disable netflow.FORMAT:netflow disableenable Enable netflow.FORMAT:netflow enableoff Disable netflow.FORMAT:netflow offon Enable netflow.FORMAT:netflow oncollector Set the netflow collector IP address or fully qualified domain name (host.domain). Only one collector may be set. If port is not specified, the default is 2055. FORMAT:netflow collector host {<ip-addr> | <domain>} [port <port#>]
Wi-Fi Array340 The Command Line Interfaceno The no command [Xirrus_Wi-Fi_Array(config)# no] is used to disable a selected element or set the element to its default value.Command Descriptionacl Disable the Access Control List.FORMAT:no acldot11a Disable all 802.11a(n) IAPs (radios).FORMAT:no dot11adot11bg Disable all 802.11bg(n) IAPs (radios).FORMAT:no dot11bghttps Disable https access.FORMAT:no httpsintrude-detect Disable intrusion detection.FORMAT:no intrude-detectmanagement Disable management on all Ethernet interfaces.FORMAT:no managementmore Disable terminal pagination.FORMAT:no morentp Disable the NTP server.FORMAT:no ntp
Wi-Fi ArrayThe Command Line Interface 341snmp Disable SNMP features.FORMAT:no snmpssh Disable ssh access.FORMAT:no sshsyslog Disable the Syslog services.FORMAT:no syslogtelnet Disable Telnet access.FORMAT:no telnetETH-NAME Disable the selected Ethernet interface (eth0, gig1 or gig2). You cannot disable the console interface. with this command.FORMAT:no eth0 (gig1 or gig2)Command Description
Wi-Fi Array342 The Command Line Interfacepci-audit The  pci-audit command [Xirrus_Wi-Fi_Array(config)# pci-audit] checks the configuration of the Array for conformance with PCI DSS standards. When you enter the pci-audit command, it lists any settings that violate PCI DSS requirements. In addition, if pci-audit is on (enabled), the Array will warn you if you change any parameters in a way that violates PCI DSS requirements. For example, if you enable pci-audit and then set encryption to none on an SSID (in the CLI or the WMI), a warning will be displayed and a Syslog message will be issued. For more information, see Appendix D: Implementing PCI DSS. Command Descriptiondisable The Array will not check configuration changes for PCI DSS violations. FORMAT:pci-audit disableenable The Array reports any current settings that violate PCI DSS, and will warn you and issue a Syslog message if you attempt to save configuration changes that violate PCI DSS. FORMAT:pci-audit enableoff The Array will not check configuration changes for PCI DSS violations. FORMAT:pci-audit offon The Array reports any current settings that violate PCI DSS, and will warn you and issue a Syslog message if you make configuration changes that that violate PCI DSS. FORMAT:pci-audit on
Wi-Fi ArrayThe Command Line Interface 343quit The  quit command [Xirrus_Wi-Fi_Array(config)# quit] is used to exit the Command Line Interface.radius-server The  radius-server command [Xirrus_Wi-Fi_Array(config-radius-server)#] is used to configure the external and internal RADIUS server parameters.Command Description<cr> Exit the Command Line Interface.FORMAT:quitIf you have made any configuration changes and your changes have not been saved, you are prompted to save your changes to Flash.At the prompt, answer Yes to save your changes, or answer No to discard your changes.Command Descriptionexternal Configure an external RADIUS server.FORMAT:radius-server externalTo configure a RADIUS server (primary, secondary, or accounting server, by IP address or host name), and the reporting interval use:radius-server external accountinginternal Configure the external RADIUS server.FORMAT:radius-server internaluse Choose the active RADIUS server (either external or internal).FORMAT:use external (or internal)
Wi-Fi Array344 The Command Line Interfacereboot The reboot command [Xirrus_Wi-Fi_Array(config)# reboot] is used to reboot the Array. If you have unsaved changes, the command will notify you and give you a chance to cancel the reboot. reset The  reset command [Xirrus_Wi-Fi_Array(config)# reset] is used to reset all settings to their default values then reboot the Array.Command Description<cr> Reboot the Array.FORMAT:rebootdelay Reboot the Array after a delay of 1 to 60 seconds.FORMAT:reboot delay [n]Command Description<cr> Reset all configuration parameters to their factory default values.FORMAT:resetThe Array is rebooted automatically.preserve-ip-settingsPreserve all ethernet and VLAN settings and reset all other configuration parameters to their factory default values.FORMAT:reset preserve-ip-settingsThe Array is rebooted automatically.
Wi-Fi ArrayThe Command Line Interface 345run-tests The  run-tests command [Xirrus_Wi-Fi_Array(run-tests)#] is used to enter run-tests mode, which allows you to perform a range of tests on the Array.Command Description<cr> Enter run-tests mode.FORMAT:run-tests iperf  Execute iperf utility.FORMAT:run-tests iperfkill-beacons Turn off beacons for selected single IAP.FORMAT:run-tests kill-beacons [off | iap-name] kill-probe-responses Turn off probe responses for selected single IAP.FORMAT:run-tests kill-probe-responses [off | iap-name] led  LED test.FORMAT:run-tests led [flash | rotate] memtest  Execute memory tests.FORMAT:run-tests memtestping  Execute ping utility.FORMAT:run-tests ping [host-name | ip-addr]
Wi-Fi Array346 The Command Line Interfaceradius-ping  Special ping utility to test the connection to a RADIUS server.FORMAT:run-tests radius-ping [external | ssid <ssidnum>] [primary | secondary] user <raduser> password <radpasswd> auth-type [CHAP | PAP]run-tests radius-ping [internal | server <radserver> port <radport> secret <radsecret> ] user <raduser> password <radpasswd> auth-type [CHAP | PAP]You may select a RADIUS server that you have already configured (ssid or external or internal) or specify another server (server). rlb  Run manufacturing radio loopback test.FORMAT:run-tests rlb {optional command line switches}self-test  Execute self-test.FORMAT:run-tests self-test {logfile-name (optional)]site-survey  Enable or disable site survey mode.FORMAT:run-tests site-survey [on | off | enable | disable] ssh  Execute ssh utility.FORMAT:run-tests ssh [hostname | ip-addr]      [command-line-switches (optional)] tcpdump  Execute tcpdump utility to dump traffic for selected interface or VLAN. FORMAT:run-tests tcpdumpCommand Description
Wi-Fi ArrayThe Command Line Interface 347security The  security command [Xirrus_Wi-Fi_Array(config-security)#] is used to establish the security parameters for the Array.telnet  Execute telnet utility.FORMAT:run-tests telnet [hostname | ip-addr]      [command-line-switches (optional)] traceroute  Execute traceroute utility.FORMAT:run-tests traceroute [host-name | ip-addr]Command Descriptionwep Set the WEP encryption parameters.FORMAT:security wepwpa Set the WEP encryption parameters.FORMAT:security wpaCommand Description
Wi-Fi Array348 The Command Line Interfacesnmp The  snmp command [Xirrus_Wi-Fi_Array(config-snmp)#] is used to enable, disable, or configure SNMP.ssh The ssh command [Xirrus_Wi-Fi_Array(config)# ssh] is used to enable or disable the SSH feature. The Array only allows SSH-2 connections, so be sure that your SSH client is configured to use SSH-2.  Command Descriptionv2 Enable SNMP v2.FORMAT:snmp v2v3 Enable SNMP v3.FORMAT:snmp v3trap Configure traps for SNMP. Up to four trap destinations may be configured, and you may specify whether to send traps for authentication failure. FORMAT:snmp trap Command Descriptiondisable Disable SSH.FORMAT:ssh disableenable Enable SSH.FORMAT:ssh enable
Wi-Fi ArrayThe Command Line Interface 349off Disable SSH.FORMAT:ssh offon Enable SSH.FORMAT:ssh ontimeout Set the SSH inactivity timeout.FORMAT:ssh timeout 300 (in seconds)Command Description
Wi-Fi Array350 The Command Line Interfacessid The ssid command [Xirrus_Wi-Fi_Array(config-ssid)#] is used to establish your SSID parameters.standby The  standby command [Xirrus_Wi-Fi_Array(config-ssid)#] sets this Array to function as a standby unit for another Array.Command Descriptionadd Add an SSID.FORMAT:ssid add [newssid]del Delete an SSID.FORMAT:ssid del [oldssid]edit Edit an existing SSID.FORMAT:ssid edit [existingssid]reset Delete all SSIDs and restore the default SSID.FORMAT:ssid resetCommand Descriptionmode Enable or disable standby mode on this Array.FORMAT:standby mode [disable|enable|off|on]target Specify the MAC address of the target Array to be monitored for failure.FORMAT:standby target [AA:BB:CC:DD:EE:FF]
Wi-Fi ArrayThe Command Line Interface 351syslog The  syslog command [Xirrus_Wi-Fi_Array(config-syslog)#] is used to enable, disable, or configure the Syslog server.Command Descriptionconsole Enable or disable the display of Syslog messages on the console, and set the level to be displayed. All messages at this level and lower (i.e., more severe) will be displayed.FORMAT:syslog console [on/off] level [0-7]disable Disable the Syslog server.FORMAT:syslog disableemail Disable the Syslog server.FORMAT:syslog email from [email-from-address]    level [0-7]   password [email-acct-password]   server [email-server-IPaddr]    test [test-msg-text]   to-list [recipient-email-addresses]   user [email-acct-username]enable Enable the Syslog server.FORMAT:syslog enablelocal-file Set the size and/or severity level (all messages at this level and lower will be logged).FORMAT:syslog local-file size [1-500] level [0-7]no Disable the selected feature.FORMAT:syslog no [feature]
Wi-Fi Array352 The Command Line Interfaceoff Disable the Syslog server.FORMAT:syslog offon Enable the Syslog server.FORMAT:syslog onprimary Set the IP address of the primary Syslog server and/or the severity level of messages to be logged.FORMAT:syslog primary [1.2.3.4] level [0-7]secondary Set the IP address of the secondary (backup) Syslog server and/or the severity level of messages to be logged.FORMAT:syslog primary [1.2.3.4] level [0-7]Command Description
Wi-Fi ArrayThe Command Line Interface 353telnet The telnet command [Xirrus_Wi-Fi_Array(config)# telnet] is used to enable or disable Telnet.uptime The uptime command [Xirrus_Wi-Fi_Array(config)# uptime] is used to display the elapsed time since you last rebooted the Array. Command Descriptiondisable Disable Telnet.FORMAT:telnet disableenable Enable Telnet.FORMAT:telnet enableoff Disable Telnet.FORMAT:telnet offon Enable Telnet.FORMAT:telnet ontimeout Set the Telnet inactivity timeout.FORMAT:telnet timeout 300 (in seconds)Command Description<cr> Display time since last reboot.FORMAT:uptime
Wi-Fi Array354 The Command Line Interfacevlan The vlan command [Xirrus_Wi-Fi_Array(config-vlan)#] is used to establish your VLAN parameters.Command Descriptionadd Add a VLAN.FORMAT:vlan add [newvlan]default-route Assign a VLAN for the default route (for outbound management traffic).FORMAT:vlan default-route [defaultroute]delete Delete a VLAN.FORMAT:vlan delete [oldvlan]edit Modify an existing VLAN.FORMAT:vlan edit [existingvlan]native-vlan Assign a native VLAN (traffic is untagged).FORMAT:vlan native-vlan [nativevlan]no Disable the selected feature.FORMAT:vlan no [feature]reset Delete all existing VLANs.FORMAT:vlan reset
Wi-Fi ArrayThe Command Line Interface 355Sample Configuration TasksThis section provides examples of some of the common configuration tasks used with the Wi-Fi Array, including:z“Configuring a Simple Open Global SSID” on page 356.z“Configuring a Global SSID using WPA-PEAP” on page 357.z“Configuring an SSID-Specific SSID using WPA-PEAP” on page 358.z“Enabling Global IAPs” on page 359.z“Disabling Global IAPs” on page 360.z“Enabling a Specific IAP” on page 361.z“Disabling a Specific IAP” on page 362.z“Setting Cell Size Auto-Configuration for All IAPs” on page 363z“Setting the Cell Size for All IAPs” on page 364.z“Setting the Cell Size for a Specific IAP” on page 365.z“Configuring VLANs on an Open SSID” on page 366.z“Configuring Radio Assurance Mode (Loopback Tests)” on page 367.To facilitate the accurate and timely management of revisions to this section, the examples shown here are presented as screen images taken from a Secure Shell (SSH) session (in this case, PuTTY). Depending on the application you are using to access the Command Line Interface, and how your session is set up (for example, font and screen size), the images presented on your screen may be different than the images shown in this section. However, the data displayed will be the same.Some of the screen images shown in this section have been modified for clarity. For example, the image may have been “elongated” to show all data without the need for additional images or scrolling. We recommend that you use the Adobe PDF version of this User’s Guide when reviewing these examples—a hard copy document may be difficult to read.As mentioned previously, the root command prompt is determined by the host name assigned to your Array.
Wi-Fi Array356 The Command Line InterfaceConfiguring a Simple Open Global SSIDThis example shows you how to configure a simple open global SSID.Figure 162. Configuring a Simple Open Global SSID
Wi-Fi ArrayThe Command Line Interface 357Configuring a Global SSID using WPA-PEAPThis example shows you how to configure a global SSID using WPA-PEAP encryption in conjunction with the Array’s Internal RADIUS server.Figure 163. Configuring a Global SSID using WPA-PEAP
Wi-Fi Array358 The Command Line InterfaceConfiguring an SSID-Specific SSID using WPA-PEAPThis example shows you how to configure an SSID-specific SSID using WPA-PEAP encryption in conjunction with the Array’s Internal RADIUS server.Figure 164. Configuring an SSID-Specific SSID using WPA-PEAP
Wi-Fi ArrayThe Command Line Interface 359Enabling Global IAPsThis example shows you how to enable all IAPs (radios), regardless of the wireless technology they use.Figure 165. Enabling Global IAPs
Wi-Fi Array360 The Command Line InterfaceDisabling Global IAPsThis example shows you how to disable all IAPs (radios), regardless of the wireless technology they use.Figure 166. Disabling Global IAPs
Wi-Fi ArrayThe Command Line Interface 361Enabling a Specific IAPThis example shows you how to enable a specific IAP (radio). In this example, the IAP that is being enabled is a1 (the first IAP in the summary list).Figure 167. Enabling a Specific IAP
Wi-Fi Array362 The Command Line InterfaceDisabling a Specific IAPThis example shows you how to disable a specific IAP (radio). In this example, the IAP that is being disabled is a2 (the second IAP in the summary list).Figure 168. Disabling a Specific IAP
Wi-Fi ArrayThe Command Line Interface 363Setting Cell Size Auto-Configuration for All IAPsThis example shows how to set the cell size for all enabled IAPs to be auto-configured (auto). (See “Fine Tuning Cell Sizes” on page 53.) The auto_cell option may be used with global_settings, global_a_settings, or global_bg_settings. It sets the cell size of the specified IAPs to auto, and it launches an auto-configuration to adjust the sizes. Be aware that if the intrude-detect feature is enabled on abg(n)2, its cell size is unaffected by this command. Also, any IAPs used in WDS links are unaffected. Auto-configuration may be set to run periodically at intervals specified by auto_cell period (in seconds) if period is non-zero. The percentage of overlap allowed between cells in the cell size computation is specified by auto_cell overlap (0 to 100). This example sets auto-configuration to run every 1200 seconds with an allowed overlap of 5%. It sets the cell size of all IAPs to auto, and runs a cell size auto-configure operation which completes successfully. Figure 169. Setting the Cell Size for All IAPs
Wi-Fi Array364 The Command Line InterfaceSetting the Cell Size for All IAPsThis example shows you how to establish the cell size for all IAPs (radios), regardless of the wireless technology they use. Be aware that if the intrude-detectfeature is enabled on abg(n)2 the cell size cannot be set globally—you must first disable the intrude-detect feature on abg(n)2.In this example, the cell size is being set to small for all IAPs. You have the option of setting IAP cell sizes to small, medium, large, or max. See also, “Fine Tuning Cell Sizes” on page 53.Figure 170. Setting the Cell Size for All IAPs
Wi-Fi ArrayThe Command Line Interface 365Setting the Cell Size for a Specific IAPThis example shows you how to establish the cell size for a specific IAP (radio). In this example, the cell size for a2 is being set to medium. You have the option of setting IAP cell sizes to small, medium, large, or max (the default is max). See also, “Fine Tuning Cell Sizes” on page 53.Figure 171. Setting the Cell Size for a Specific IAP
Wi-Fi Array366 The Command Line InterfaceConfiguring VLANs on an Open SSIDThis example shows you how to configure VLANs on an Open SSID.Figure 172. Configuring VLANs on an Open SSID#Setting the default route enables the Array to send management traffic, such as Syslog messages and SNMP information to a destination behind a router.
Wi-Fi ArrayThe Command Line Interface 367Configuring Radio Assurance Mode (Loopback Tests)The Array uses the built-in monitor radio, IAP abg(n)2, to monitor other radios in the Array. Tests include sending probes on all channels and checking for a response, and checking whether beacons are received from the other radio. If a problem is detected, corrective actions are taken to recover. Loopback mode operation is described in detail in “Array Monitor and Radio Assurance Capabilities” on page 406. The following actions may be configured: zalert-only—the Array will issue an alert in the Syslog. zrepair-without-reboot—the Array will issue an alert and reset radios at the Physical Layer (Layer 1) and possibly at the MAC layer. The reset should not be noticed by users, and they will not need to reassociate. zreboot-allowed—the Array will issue an alert, reset the radios, and schedule the Array to reboot at midnight (per local Array time) if necessary. All stations will need to reassociate to the Array. zoff—Disable IAP loopback tests (no self-monitoring occurs). Radio Assurance mode is off by default.This is a global IAPs setting—abg(n)2 will monitor all other radios according to the settings above, and it cannot be set up to monitor particular radios. Radio assurance mode requires Intrusion Detection to be set to Standard.The following example shows you how to configure a loopback test.
Wi-Fi Array368 The Command Line InterfaceFigure 173. Configuring Radio Assurance Mode (Loopback Testing)
Wi-Fi Array369Appendices
Wi-Fi Array370Page is intentionally blank
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 371Appendix A: Servicing the Wi-Fi ArrayThis appendix contains procedures for servicing the Xirrus Wi-Fi Array, including the removal and reinstallation of major hardware components. Topics include:z“Removing the Access Panel” on page 373.z“Reinstalling the Access Panel” on page 376.z“Replacing the FLASH Memory Module” on page 378.z“Replacing the Main System Memory” on page 380.z“Replacing the Integrated Access Point Radio Module” on page 382.z“Replacing the Power Supply Module” on page 385.!!!Always disconnect the power source from the Array before attempting to remove or replace components. Never work on the unit with the power connected.You must be grounded and the work surface must be static-free.Caution! The Array contains a battery which is not to be replaced by the customer. Danger of Explosion exists if the battery is incorrectly replaced. Figure 174. Disconnecting Power from the Array#Most service activities are performed with the Array placed face-down on a flat work surface. To avoid damaging the finished enclosure, we recommend using a protective material between the work surface and the unit (a clean sheet of paper will do the trick).Power switchAC power cord receptacle
Wi-Fi Array372 Appendix A: Servicing the Wi-Fi ArraySee AlsoReinstalling the Access PanelRemoving the Access PanelReplacing the FLASH Memory ModuleReplacing the Integrated Access Point Radio ModuleReplacing the Main System MemoryReplacing the Power Supply Module
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 373Removing the Access PanelUse this procedure when you want to remove the system’s access panel. You must remove this panel whenever you need to service the internal components of the Array.1. Turn OFF the Array’s main power switch (XS-3900 and XS-3700 only). 2. Disconnect the AC power cord or Ethernet cable supplying power from the Array.3. Place the Array face-down on a flat surface. Avoid moving the unit to reduce the risk of damage (scratching) to the finished enclosure.4. Remove the screws (3 places) that secure the access panel to the main body of the Array.Figure 175. Removing the Access Panel ScrewsScrewScrewScrew
Wi-Fi Array374 Appendix A: Servicing the Wi-Fi Array5. Lift up the access panel to reveal the main system board.Figure 176. Removing the Access Panel6. Disconnect the connectors to the power supply and the fan.Figure 177. Disconnecting the Power Supply and Fan7. The access panel can now be safely removed.Lift up the access panelPower supply connectorFan connector
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 375See AlsoReinstalling the Access PanelReplacing the FLASH Memory ModuleReplacing the Integrated Access Point Radio ModuleReplacing the Main System MemoryReplacing the Power Supply ModuleAppendix A: Servicing the Wi-Fi Array
Wi-Fi Array376 Appendix A: Servicing the Wi-Fi ArrayReinstalling the Access PanelUse this procedure when you need to reinstall the access panel after servicing the Array’s internal components.1. Reconnect the fan and power supply.Figure 178. Reconnecting the Fan and Power Supply2. Reinstall the access panel and secure the panel with the three screws.Figure 179. Reinstalling the Access PanelPower supply connectorFan connectorScrew!Do not overtightenScrew!Do not overtightenScrew!Do not overtighten
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 3773. Reconnect the power source and turn ON the main power switch (if applicable).See AlsoRemoving the Access PanelReplacing the FLASH Memory ModuleReplacing the Integrated Access Point Radio ModuleReplacing the Main System MemoryReplacing the Power Supply ModuleAppendix A: Servicing the Wi-Fi Array
Wi-Fi Array378 Appendix A: Servicing the Wi-Fi ArrayReplacing the FLASH Memory ModuleUse this procedure when you want to replace the system’s FLASH memory module.1. Remove the system’s access panel. Refer to “Removing the Access Panel” on page 373.2. Remove the FLASH memory module, taking care not to “wiggle” the module and risk damaging the connection points.Figure 180. Removing the FLASH Memory Module3. The removal procedure is complete. You can now reinstall the FLASH memory module (or install a new module).FLASH memory module
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 3794. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 376).See AlsoReinstalling the Access PanelRemoving the Access PanelReplacing the Integrated Access Point Radio ModuleReplacing the Main System MemoryReplacing the Power Supply ModuleAppendix A: Servicing the Wi-Fi Array
Wi-Fi Array380 Appendix A: Servicing the Wi-Fi ArrayReplacing the Main System MemoryUse this procedure when you want to replace the main system memory.1. Remove the access panel (refer to “Removing the Access Panel” on page 373).2. Remove the DIMM memory module, taking care not to “wiggle” the module and risk damaging the connection points.Figure 181. Removing the DIMM Memory Module3. The removal procedure is complete. You can now reinstall the DIMM memory module (or install a new module). Ensure that the DIMM memory module is seated evenly and the locking tabs are in the upright position. The DIMM memory module is keyed to fit in its socket in one direction only.4. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 376).See AlsoReinstalling the Access PanelRemoving the Access PanelReplacing the FLASH Memory ModuleDIMM memory modulePush down on the two locking tabs to release the DIMM memory module
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 381Replacing the Integrated Access Point Radio ModuleReplacing the Power Supply ModuleAppendix A: Servicing the Wi-Fi Array
Wi-Fi Array382 Appendix A: Servicing the Wi-Fi ArrayReplacing the Integrated Access Point Radio ModuleUse this procedure when you want to replace the integrated access point radio module.1. Remove the access panel (refer to “Removing the Access Panel” on page 373).2. Remove the locking screws (8 places) that secure the chassis cover to the main body of the Wi-Fi Array.Figure 182. Removing the Chassis Cover Screws3. Lift and remove the chassis cover.Figure 183. Removing the Chassis CoverScrews (8 places)Remove the chassis cover
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 3834. Lift the edge of the integrated access point module.Figure 184. Lifting the Integrated Access Point Module5. Slide the integrated access point module away from the unit to disconnect it from the main system board.Figure 185. Disconnect the Integrated Access Point Module6. The removal procedure is complete. You can now reinstall the integrated access point module (or install a new module).Lift here (do not force)Disconnect the module
Wi-Fi Array384 Appendix A: Servicing the Wi-Fi Array7. Reinstall the chassis cover (see warnings).8. Reinstall the locking screws (8 places) to secure the chassis cover in place—do not overtighten.9. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 376).See AlsoReinstalling the Access PanelRemoving the Access PanelReplacing the FLASH Memory ModuleReplacing the Main System MemoryReplacing the Power Supply ModuleAppendix A: Servicing the Wi-Fi Array!!When reinstalling the chassis cover, take care to align the cover correctly to avoid damaging the antenna modules. Do not force the chassis cover onto the body of the unit.Do not overtighten the locking screws.
Wi-Fi ArrayAppendix A: Servicing the Wi-Fi Array 385Replacing the Power Supply ModuleUse this procedure when you want to replace the power supply module.1. Remove the access panel (refer to “Removing the Access Panel” on page 373).2. Because the power supply unit is molded into the access panel, you must install a new access panel assembly (with the power supply attached). Refer to “Reinstalling the Access Panel” on page 376.Figure 186. Installing a New Access Panel (with Power Supply)See AlsoReinstalling the Access PanelRemoving the Access PanelReplacing the FLASH Memory ModuleReplacing the Integrated Access Point Radio ModuleReplacing the Main System MemoryAppendix A: Servicing the Wi-Fi ArrayAccess panel (with power supply and fan)
Wi-Fi Array386 Appendix A: Servicing the Wi-Fi ArrayUse this Space for Your Notes
Wi-Fi ArrayAppendix B: Quick Reference Guide 387Appendix B: Quick Reference GuideThis section contains product reference information. Use this section to locate the information you need quickly and efficiently. Topics include:z“Factory Default Settings” on page 387.z“Keyboard Shortcuts” on page 394.Factory Default SettingsThe following tables show the Wi-Fi Array’s factory default settings.Host NameNetwork InterfacesSerialSetting Default ValueHost name Xirrus-WiFi-ArraySetting Default ValueBaud Rate 115200Word Size 8 bitsStop Bits 1Parity No parityTime Out 10 seconds
Wi-Fi Array388 Appendix B: Quick Reference GuideGigabit 1 and Gigabit 2Fast EthernetSetting Default ValueEnabled YesDHCP Bind YesDefault IP Address 10.0.2.1Default IP Mask 255.255.255.0Default Gateway NoneAuto Negotiate OnDuplex FullSpeed 1000 MbpsMTU Size 1504Management Enabled YesSetting Default ValueEnabled YesDHCP Bind YesDefault IP Address 10.0.1.1Default IP Mask 255.255.255.0Default Gateway NoneAuto Negotiate OnDuplex FullSpeed 100 Mbps
Wi-Fi ArrayAppendix B: Quick Reference Guide 389Integrated Access Points (IAPs)MTU Size 1500Management Enabled YesSetting Default ValueIAP abg2 Defaults EnabledMode = MonitorChannel = MonitorCell Size = ManualAntenna = Internal-OmniEnabled (Radio State) NoModezXS16, XS-3900zXS12zXS8, XS-3700zXS4, XS-3500802.11a for a1 to a12802.11bg for abg1 to abg4802.11a for a1 to a8802.11bg for abg1 to abg4802.11a for a1 to a4802.11bg for abg1 to abg4802.11bg for abg1 to abg4Channel AutoCell Size MaxMaximum Transmit Power 20Antenna Selected InternalSetting Default Value
Wi-Fi Array390 Appendix B: Quick Reference GuideServer SettingsNTPSyslogSNMPSetting Default ValueEnabled NoPrimary time.nist.govSecondary pool.ntp.orgSetting Default ValueEnabled YesLocal Syslog Level InformationMaximum Internal Records 500Primary Server NonePrimary Syslog Level InformationSecondary Server NoneSecondary Syslog Level InformationSetting Default ValueEnabled YesRead-Only Community String xirrus_read_onlyRead-Write Community String xirrusTrap Host null (no setting)
Wi-Fi ArrayAppendix B: Quick Reference Guide 391DHCPDefault SSIDTrap Port 162Authorization Fail Port OnSetting Default ValueEnabled NoMaximum Lease Time 300 minutesDefault Lease Time 300 minutesIP Start Range 192.168.1.2IP End Range 192.168.1.254NAT DisabledIP Gateway NoneDNS Domain  NoneDNS Server (1 to 3) NoneSetting Default ValueID xirrusVLAN NoneEncryption OffEncryption Type NoneQoS 2Enabled YesSetting Default Value
Wi-Fi Array392 Appendix B: Quick Reference GuideSecurity   Global Settings - Encryption   External RADIUS (Global) Broadcast OnSetting Default ValueEnabled YesWEP Keys null (all 4 keys)WEP Key Length null (all 4 keys)Default Key ID 1WPA Enabled NoTKIP Enabled YesAES Enabled YesEAP Enabled YesPSK Enabled NoPass Phrase nullGroup Rekey DisabledSetting Default ValueEnabled YesPrimary Server NonePrimary Port 1812Setting Default Value
Wi-Fi ArrayAppendix B: Quick Reference Guide 393Internal RADIUSPrimary Secret xirrusSecondary Server null (no IP address)Secondary Port 1812Secondary Secret null (no secret)Time Out (before primary server is retired) 600 secondsAccounting DisabledInterval 300 secondsPrimary Server NonePrimary Port 1813Primary Secret xirrusSecondary Server NoneSecondary Port 1813Secondary Secret null (no secret)Setting Default ValueEnabled NoThe user database is cleared upon reset to the factory defaults. For the Internal RADIUS Server you have a maximum of 1,000 entries.Setting Default Value
Wi-Fi Array394 Appendix B: Quick Reference GuideAdministrator Account and PasswordManagementKeyboard ShortcutsThe following table shows the most common keyboard shortcuts used by the Command Line Interface.Setting Default ValueID adminPassword adminSetting Default ValueSSH OnSSH timeout 300 secondsTelnet OffTelnet timeout 300 secondsSerial OnSerial timeout 300 secondsManagement over IAPs Offhttp timeout 300 secondsAction ShortcutCut selected data and place it on the clipboard. Ctrl + XCopy selected data to the clipboard. Ctrl + C
Wi-Fi ArrayAppendix B: Quick Reference Guide 395See AlsoAn OverviewPaste data from the clipboard into a document (at the insertion point). Ctrl + VGo to top of screen. Ctrl + ZCopy the active window to the clipboard. Alt + Print ScreenCopy the entire desktop image to the clipboard. Print ScreenAbort an action at any time.  EscGo back to the previous screen. bAccess the Help screen. ?Action Shortcut
Wi-Fi Array396 Appendix B: Quick Reference GuideUse this Space for Your Notes
Wi-Fi ArrayAppendix C: Technical Support 397Appendix C: Technical SupportThis appendix provides valuable support information that can help you resolve technical difficulties. Before contacting Xirrus, review all topics below and try to determine if your problem resides with the Wi-Fi Array or your network infrastructure. Topics include:z“General Hints and Tips” on page 397z“Frequently Asked Questions” on page 398z“Array Monitor and Radio Assurance Capabilities” on page 406z“Upgrading the Array via CLI” on page 409z“Power over Gigabit Ethernet Compatibility Matrix” on page 414z“Contact Information” on page 417General Hints and TipsThis section provides some useful tips that will optimize the reliability and performance of your Wi-Fi Arrays.zThe Wi-Fi Array requires careful handling. For best performance, units should be mounted in a dust-free and temperature-controlled environment.zIf using multiple Arrays in the same area, maintain a distance of at least 100 feet (30m) between Arrays if there is direct line-of-sight between the units, or at least 50 feet (15 m) if a wall or other barrier exists between the units.zKeep the Wi-Fi Array away from electrical devices or appliances that generate RF noise. Because the Array is generally mounted on ceilings, be aware of its position relative to lighting (especially fluorescent lighting).zIf using AC power, each Wi-Fi Array requires its own dedicated AC power outlet. Do not attempt to “piggy-back” AC power to multiple units. To avoid needing to run separate power cables to one or more Arrays, consider using Power over Gigabit Ethernet.
Wi-Fi Array398 Appendix C: Technical SupportzIf you are deploying multiple units, the Array should be oriented so that the  abg(n)2 radio is oriented in the direction of the least required coverage, because when in monitor mode the abg(n)2 radio does not function as an AP servicing stations.zThe Wi-Fi Array should only be used with Wi-Fi certified client devices.See AlsoContact InformationMultiple SSIDsSecurityVLAN SupportFrequently Asked QuestionsThis section answers some of the most frequently asked questions, organized by functional area.Multiple SSIDsQ. What Are BSSIDs and SSIDs?A. BSSID (Basic Service Set Identifier) refers to an individual access point radio and its associated clients. The identifier is the MAC address of the access point radio that forms the BSS.A group of BSSs can be formed to allow stations in one BSS to communicate to stations in another BSS by way of a backbone that interconnects each access point.The Extended Service Set (ESS) refers to the group of BSSIDs that are grouped together to form one ESS. The ESSID (often referred to as SSID or “wireless network name”) identifies the Extended Service Set. Clients must associate to a single ESS at any given time. Clients ignore traffic from other Extended Service Sets that do not have the same SSID.Legacy access points typically support one SSID per access point. Xirrus Wi-Fi Arrays support the ability for multiple SSIDs to be defined and used simultaneously.
Wi-Fi ArrayAppendix C: Technical Support 399Q. What would I use SSIDs for?A. The creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID:zMinimum security required to join this SSID.zThe wireless Quality of Service (QoS) desired for this SSID.zThe wired VLAN associated with this SSID.As an example, one SSID named accounting might require the highest level of security, while another SSID named guests might have low security requirements.Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest possible Quality of Service (QoS) definition. This type of SSID might also forward traffic to specific VLANs on the wired network.Q. How do I set up SSIDs?A. Use the following procedure as a guideline. For more detailed information, go to “SSIDs” on page 235.1. From the Web Management Interface, go to the SSID Management page.2. Select Yes to make the SSID visible to all clients on the network. Although the Wi-Fi Array will not broadcast SSIDs that are hidden, clients can still associate to a hidden SSID if they know the SSID name to connect to it.3. Select the minimum security that will be required by users for this SSID.4. If desired (optional), select a Quality of Service (QoS) setting for this SSID. The QoS setting you define here will prioritize wireless traffic for this SSID over other SSID wireless traffic.5. If desired (optional), select a VLAN that you want this traffic to be forwarded to on the wired network.
Wi-Fi Array400 Appendix C: Technical Support6. If desired (optional), you can select which radios this SSID will not be available on—the default is to make this SSID available on all radios.7. Click on the Apply button to apply your changes to this session.8. Click on the Save button to save your changes.9. If you need to edit any of the SSID settings, you can do so from the SSID Management page.See AlsoContact InformationGeneral Hints and TipsSecuritySSIDsSSID ManagementVLAN SupportSecurityQ. How do I ensure that an Array meets FIPS requirements?A. To meet the Level 2 security requirements of FIPS 140-2, follow the instructions in Appendix E: Implementing FIPS Security.Q. How do I ensure that an Array meets PCI DSS requirements?A. To meet PCI DSS requirements, follow the instructions in Appendix D: Implementing PCI DSS.Q. How do I know my management session is secure?A. Follow these guidelines:zAdministrator passwordsAlways change the default administrator password (the default is  admin), and choose a strong replacement password. When appropriate, issue read only administrator accounts.zSSH versus Telnet
Wi-Fi ArrayAppendix C: Technical Support 401Be aware that Telnet is not secure over network connections and should be used only with a direct serial port connection. When connecting to the unit’s Command Line Interface over a network connection, you must use a Secure SHell (SSH) utility. The most commonly used freeware providing SSH tools is PuTTY. The Array only allows SSH-2 connections, so your SSH utility must be set up to use SSH-2. zConfiguration auditingDo not change approved configuration settings. The optional Xirrus Management System (XMS) offers powerful management features for small or large Wi-Fi Array deployments, and can audit your configuration settings automatically. In addition, using the XMS eliminates the need for an FTP server.Q. Which wireless data encryption method should I use?A. Wireless data encryption prevents eavesdropping on data being transmitted or received over the airwaves. The Wi-Fi Array allows you to establish the following data encryption configuration options:zOpenThis option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy.zWEP (Wired Equivalent Privacy)This option provides minimal protection (though much better than using an open network). An early standard for wireless data encryption and supported by all Wi-Fi certified equipment, WEP is vulnerable to hacking and is therefore not recommended for use by Enterprise networks.zWPA (Wi-Fi Protected Access)This is a much stronger encryption model than WEP and uses TKIP (Temporal Key Integrity Protocol) with AES (Advanced Encryption Standard) to prevent WEP cracks.
Wi-Fi Array402 Appendix C: Technical SupportTKIP solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and prevents active attacks on the wireless network.AES is the strongest encryption standard and is used by government agencies; however, old legacy hardware may not be capable of supporting the AES mode (it probably won’t work on older wireless clients). Because AES is the strongest encryption standard currently available, it is highly recommended for Enterprise networks.Any of the above encryption modes can be used (and can be used at the same time).Q. Which user authentication method should I use?A. User authentication ensures that users are who they say they are. For example, the most obvious example of authentication is logging in with a user name and password. The Wi-Fi Array allows you to choose between the following user authentication methods:zPre-Shared KeyUsers must manually enter a key (pass phrase) on the client side of the wireless network that matches the key stored by the administrator in your Wi-Fi Arrays.zRADIUS 802.1x with EAP802.1x uses a RADIUS server to authenticate large numbers of clients, and can handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAP-TTLS and EAP-PEAP. The RADIUS server can be internal (provided by the Wi-Fi Array) or external. An external RADIUS server offers more functionality and is recommended for large Enterprise deployments.When using this method, user names and passwords must be entered into the RADIUS server for user authentication.
Wi-Fi ArrayAppendix C: Technical Support 403zMAC Address ACLs (Access Control Lists)MAC address ACLs provide a list of client adapter MAC addresses that are allowed or denied access to the wireless network. Access Control Lists work well when there are a limited number of users—in this case, enter the MAC addresses of each user in the Allow list. In the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list.Q. Why do I need to authenticate my Wi-Fi Array units?A. When deploying multiple Wi-Fi Arrays, you may need to define which units are part of which wireless network (for example, if you are establishing more than one network). In this case, you need to employ the Xirrus Management System (XMS) which can authenticate your Arrays automatically and ensure that only authorized units are associated with the defined wireless network.Q. What is rogue AP (Access Point) detection?A. The Wi-Fi Array has a dedicated radio, IAP abg(n)2, which constantly scans the local wireless environment for rogue APs (non-Xirrus devices that are not part of your wireless network), unencrypted transmissions, and other security issues. Administrators can then classify each rogue AP and ensure that these devices do not interrupt or interfere with the network.See AlsoContact InformationGeneral Hints and TipsMultiple SSIDsVLAN SupportVLAN SupportQ. What Are VLANs?A. VLANs (Virtual Local Area Networks) are a logical grouping of network devices that share a common network broadcast domain. Members of a
Wi-Fi Array404 Appendix C: Technical Supportparticular VLAN can be on any segment of the physical network but logically only members of a particular VLAN can see each other.VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged for transmission on a particular VLAN according to the IEEE 802.1Q standard, with VLAN switches processing packets according to the tag.Q. What would I use VLANs for?A. Logically separating different types of users, systems, applications, or other logical division aids in performance and management of different network devices. Different VLANs can also be assigned with different packet priorities to prioritize packets from one VLAN over packets from another VLAN.VLANs are managed by software settings—instead  of physically plugging in and moving network cables and users—which helps to ease network management tasks.Q. What are Wireless VLANs?A. Wireless VLANs allow similar functionality to the wired VLAN definitions and extend the operation of wired VLANs to the wireless side of the network.Wireless VLANs can be mapped to wireless SSIDs so that traffic from wired VLANs can be sent to wireless users of a particular SSID. The reverse is also true, where wireless traffic originating from a particular SSID can be tagged for transmission on a particular wired VLAN.Sixteen SSIDs can be defined on your Wi-Fi Array, allowing a total of sixteen VLANs to be accessed (one per SSID).As an example, to provide guest user access an SSID of guest might be created. This SSID could be mapped to a wired VLAN that segregates unknown users from the rest of the wired network and restricts them to Internet access only. Wireless users could then associate to the wireless network via the guest SSID and obtain access to the Internet through the
Wi-Fi ArrayAppendix C: Technical Support 405selected VLAN, but would be able to access other privileged network resources.See AlsoContact InformationGeneral Hints and TipsMultiple SSIDsSecurity
Wi-Fi Array406 Appendix C: Technical SupportArray Monitor and Radio Assurance CapabilitiesAll models of the Wi-Fi Array have a monitor radio, abg(n)2, that checks that the Array’s radios are functioning correctly, and acts as a dedicated threat sensor to detect and prevent intrusion from rogue access points. Enabling Monitoring on the ArrayIAP abg(n)2 may be set to monitor the Array or to be a normal IAP radio. In order to enable the functions required for intrusion detection and for monitoring the other Array radios, you must configure abg(n)2 on the IAP Settings window as follows:zCheck the Enabled checkbox.zSet Mode to Monitor.zSet Channel to Monitor.The settings above will automatically set the Antenna selection to Internal-Omni., also required for monitoring. See the “IAP Settings” on page 255for more details. The values above are the factory default settings for the Array. How Monitoring WorksWhen the monitor radio abg(n)2 has been configured as just described, it performs these steps continuously (24/7) to check the other radios on the Array and detect possible intrusions:1. The monitor radio scans all channels with a 200ms dwell time, hitting all channels about once every 10 seconds.2. Each time it tunes to a new channel it sends out a probe request in an attempt to smoke out rogues.3. It then listens for all probe responses and beacons to detect any rogues within earshot.4. Array radios respond to that probe request with a probe response.Intrusion Detection is enabled or disabled separately from monitoring. See Step 1in “Advanced RF Settings” on page 275. Note that the Advanced setting is only used with the optional Xirrus Defense Module (XDM) software package.
Wi-Fi ArrayAppendix C: Technical Support 407Radio AssuranceThe Array is capable of performing continuous, comprehensive tests on its radios to assure that they are operating properly. Testing is enabled using the Radio Assurance Mode setting on the Advanced RF Settings window (Step 5 in “Advanced RF Settings” on page 275). When this mode is enabled, IAP abg(n)2performs loopback tests on the Array. Radio Assurance Mode requires Intrusion Detection to be set to Standard (See Step 1 in “Advanced RF Settings” on page 275). When Radio Assurance Mode is enabled:1. The Array keeps track of whether or not it hears beacons and probe responses from the Array’s radios. 2. After 10 minutes (roughly 60 passes on a particular channel by the monitor radio), if it has not heard beacons or probe responses from one of the Array’s radios it issues an alert in the Syslog. If repair is allowed (see “Radio Assurance Options” on page 408), the Array will reset and reprogram that particular radio at the Physical Layer (PHY—Layer 1). This action takes under 100ms and stations are not deauthenticated, thus users should not be impacted.3. After another 10 minutes (roughly another 60 passes), if the monitor still has not heard beacons or probe responses from the malfunctioning radio it will again issue an alert in the Syslog. If repair is allowed, the Array will reset and reprogram the MAC (the lower sublayer of the Data Link Layer) and then all of the PHYs. This is a global action that affects all radios. This action takes roughly 300ms and stations are not deauthenticated, thus users should not be impacted.4. After another 10 minutes, if the monitor still has not heard beacons or probe responses from that radio, it will again syslog the issue. If reboot is allowed (see “Radio Assurance Options” on page 408), the Array will schedule a reboot. This reboot will occur at one of the following times, whichever occurs first:•When no stations are associated to the Array•Midnight
Wi-Fi Array408 Appendix C: Technical SupportRadio Assurance OptionsIf the monitor detects a problem with an Array radio as described above, it will take action according to the preference that you have specified in the Radio Assurance Mode setting on the Advanced RF Settings window (see Step 5page 278):zFailure alerts only—The Array will issue alerts in the Syslog, but will not initiate repairs or reboots.zFailure alerts & repairs, but no reboots—The Array will issue alerts and perform resets of the PHY and MAC as described above. zFailure alerts & repairs & reboots if needed—The Array will issue alerts, perform resets of the PHY and MAC, and schedule reboots as described above. zDisabled—Disable IAP loopback tests (no self-monitoring occurs). Loopback tests are disabled by default.
Wi-Fi ArrayAppendix C: Technical Support 409Upgrading the Array via CLIIf you are experiencing difficulties communicating with the Array using the Web Management Interface, the Array provides lower-level facilities that may be used to accomplish an upgrade via the CLI and the Xirrus Boot Loader (XBL).1. Download the latest software update from the Xirrus FTP site using your Enhanced Care FTP username and password. If you do not have an FTP username and password, contact Xirrus Customer Service for assistance (support@xirrus.com). The software update is provided as a zip file. Unzip the contents to a local temp directory. Take note of the extracted file name in case you need it later on—you may also need to copy this file elsewhere on the network depending on your situation.2. Install a TFTP server software package if you don't have one running. It may be installed on any PC on your network, including your desktop or laptop. The Solar Winds version is freeware and works well. http://support.solarwinds.net/updates/New-customerFree.cfm?ProdId=52The TFTP install process creates the TFTP-Root directory on your C: drive, which is the default target for sending and receiving files. This may be changed if desired. This directory is where you will place the extracted Xirrus software update file(s). If you install the TFTP server on the same computer to which you extracted the file, you may change the TFTP directory to C:\xirrus if desired. You must make the following change to the default configuration of the Solar Winds TFTP server. In the File/Configure menu, select Security, then select Tra nsmit only and click OK.3. Determine the IP address of the computer hosting the TFTP server. (To display the IP address, open a command prompt and type ipconfig)4. Connect your Array to the computer running TFTP using a serial cable, and open a terminal program if you haven't already. Attach a network cable to the Array’s GIG1 port, if it is not already part of your network.
Wi-Fi Array410 Appendix C: Technical SupportBoot your Array and watch the progress messages. When Press space bar to exit to bootloader: is displayed, press the space bar. The rest of this procedure is performed using the bootloader. The following steps assume that you are running DHCP on your local network. 5. Type  dhcp and hit return. This instructs the Array to obtain a DHCP address and use it during this boot in the bootloader environment. 6. Type dir and hit return to see what's currently in the compact flash. 7. Type del and hit return to delete the contents of the compact flash. 8. Type  update server <TFTP-server-ip-addr> xs-3.x-xxxx.bin (the actual Xirrus file name will vary depending on Array model number and software version—use the file name from your software update) and hit return. The software update will be transferred to the Array's memory and will be written to the it’s compact flash card. (See output below.)9. Type  reset and hit return. Your Array will reboot, running your new version of software. Sample Output for the Upgrade Procedure:The user actions are highlighted in the output below, for clarity.Username: adminPassword: *****Xirrus-WiFi-Array# configureXirrus-WiFi-Array(config)# rebootAre you sure you want to reboot? [yes/no]: yesArray is being rebooted.Xirrus Boot Loader 1.0.0 (Oct 17 2006 - 13:11:42), Build: 2725Processor  | Motorola PowerPC, PVR=80200020 SVR=80300020Board      | Xirrus MPC8540 CPU BoardClocks     | CPU : 825 MHz   DDR : 330 MHz   Local Bus: 41 MHz
Wi-Fi ArrayAppendix C: Technical Support 411L1 cache   | Data:  32 KB    Inst:  32 KB    Status   : EnabledWatchdog   | Enabled (5 secs)I2C Bus    | 400 KHzDTT        | CPU:34C  RF0:34C  RF1:34C  RF2:27C  RF3:29CRTC        | Wed 2007-Nov-05  6:43:14 GMTSystem DDR | 256 MB, Unbuffered Non-ECC (2T)L2 cache   | 256 KB, EnabledFLASH      |   4 MB, CRC: OKFPGA       |   2 Devices programmedPacket DDR | 256 MB, Unbuffered Non-ECC, EnabledNetwork    | Mot FEC    Mot TSEC1 [Primary]  Mot TSEC2IDE Bus 0  | OKCFCard     | 122 MB, Model: Hitachi XXM2.3.0Environment|   4 KB, InitializedIn:    serialOut:   serialErr:   serialPress space bar to exit to bootloader: XBL>dhcp[DHCP  ] Device  : Mot TSEC1 1000BT Full Duplex[DHCP  ] IP Addr : 192.168.39.195XBL>dir[CFCard] Directory of /    Date      Time      Size     File or Directory name----------- --------  --------   ---------------------------2007-Nov-05  6:01:56        29   lastboot2007-Apr-05 15:47:46  28210390   xs-3.1-0433.bak2007-Mar-01 16:39:42             storage/2007-Apr-05 15:56:38  28210430   xs-3.1-0440.bin2007-Mar-03  0:56:28             wpr/3 file(s), 2 dir(s)
Wi-Fi Array412 Appendix C: Technical SupportXBL>del * [CFCard] Delete  : 2 file(s) deletedXBL>update server 192.168.39.102 xs-3.0-0425.bin[TFTP  ] Device  : Mot TSEC1 1000BT Full Duplex[TFTP  ] Client  : 192.168.39.195[TFTP  ] Server  : 192.168.39.102[TFTP  ] File    : xs-3.0-0425.bin[TFTP  ] Address : 0x1000000[TFTP  ] Loading : ##################################################[TFTP  ] Loading : ##################################################[TFTP  ] Loading : ###### done[TFTP  ] Complete: 12.9 sec, 2.1 MB/sec[TFTP  ] Bytes   : 27752465 (1a77811 hex)[CFCard] File    : xs-3.0-0425.bin[CFCard] Address : 0x1000000[CFCard] Saving  : ############################################### done[CFCard] Complete: 137.4 sec, 197.2 KB/sec[CFCard] Bytes   : 27752465 (1a77811 hex)XBL>reset[RESET ]Xirrus Boot Loader 1.0.0 (Oct 17 2006 - 13:11:42), Build: 2725Processor  | Motorola PowerPC, PVR=80200020 SVR=80300020Board      | Xirrus MPC8540 CPU BoardClocks     | CPU : 825 MHz   DDR : 330 MHz   Local Bus: 41 MHzL1 cache   | Data:  32 KB    Inst:  32 KB    Status   : EnabledWatchdog   | Enabled (5 secs)I2C Bus    | 400 KHzDTT        | CPU:33C  RF0:32C  RF1:31C  RF2:26C  RF3:27CRTC        | Wed 2007-Nov-05  6:48:44 GMTSystem DDR | 256 MB, Unbuffered Non-ECC (2T)
Wi-Fi ArrayAppendix C: Technical Support 413L2 cache   | 256 KB, EnabledFLASH      |   4 MB, CRC: OKFPGA       |   2 Devices programmedPacket DDR | 256 MB, Unbuffered Non-ECC, EnabledNetwork    | Mot FEC    Mot TSEC1 [Primary]  Mot TSEC2IDE Bus 0  | OKCFCard     | 122 MB, Model: Hitachi XXM2.3.0Environment|   4 KB, InitializedIn:    serialOut:   serialErr:   serialPress space bar to exit to bootloader: [CFCard] File    : xs*.bin[CFCard] Address : 0x1000000[CFCard] Loading : ############################################### done[CFCard] Complete: 26.9 sec, 1.0 MB/sec[CFCard] Bytes   : 27752465 (1a77811 hex)[Boot  ] Address : 0x01000000[Boot  ] Image   : Verifying checksum .... OK[Boot  ] Unzip   : Multi-File Image   .... OK[Boot  ] Initrd  : Loading RAMDisk Image[Boot  ] Initrd  : Verifying checksum .... OK[Boot  ] Execute : Transferring control to OSInitializing hardware ........................................ OKXirrus Wi-Fi ArrayArrayOS Version 3.0-425Copyright (c) 2005-2007 Xirrus, Inc.http://www.xirrus.comUsername:
Wi-Fi Array414 Appendix C: Technical SupportPower over Gigabit Ethernet Compatibility MatrixThe Xirrus Power over Gigabit Ethernet (PoGE) solution includes different modules to be used with particular Array models. The following two tables indicate the proper PoGE injector/splitters to use with each Array. X indicates products are INCOMPATIBLE. NA=Not Applicable.Table 1: Current PoGE Injectors/SplittersArray Model Compatible Xirrus Injector/SplitterXP1-MSI-X InjectorXP8-MSIInjectorXP1-MSIInjectorXP1-SPLSplitterXS4 Works with any PoGE injector/splitter3333XS8, XN4 Works with any PoGE injector, no splitter required333NAXN16/XN12/XN8/XN4, XS16/XS12 Works with two injector options, no splitter required3311. The 8-port XP8-MSI-H and XP8-MSI injectors each power up to eight 4-port or 8-port Arrays; or four 16-port Arrays. XNAXS-3500-4 Works with any PoGE injector/splitter3333XS-3700-8, DC (modified)22. To see whether an Array is modified, see Figure 188 on page 416.Works only with legacy injector/splitter models, see Table 2.X X  XXXS-3900-16, DC (modified)2X X  XXXS-3700-8, DC (unmodified) DO NOT connect unmodified XS-3700/3900 with -H or -HX injectors or splitter.  X333XS-3900-16, DC (unmodified)  X3133
Wi-Fi ArrayAppendix C: Technical Support 415Table 2: Legacy PoGE Models#IMPORTANT NOTE: Only use -H versions of injectors/splitters together, and use non-H versions of injectors/splitters together - do not mix or match the two types.Array ModelCompatible Xirrus Injector/SplitterXP1-MSI-HInjectorXP1-MSI-HX InjectorXP8-MSI-HInjectorXP1-SPL-HSplitterXS4 Works with any PoGE injector/splitter3333XS8 Works with any PoGE injector, no splitter required333NAXS16/XS12  Works with two injector options, no splitter required  X3311. The 8-port XP8-MSI-H and XP8-MSI injectors each power up to eight 4-port or 8-port Arrays; or four 16-port Arrays.NAXS-3500-4 Works with any PoGE injector/splitter3333XS-3700-8, DC (modified)22. To see whether an Array is modified, see Figure 188 on page 416.Works only with -H version injector/splitters3333XS-3900-16, DC (modified)2Works only with -HX or XP8 version injector/splitters  X3313XS-3700-8, DC (unmodified) DO NOT connect unmodified XS-3700/3900 with -H or -HX injectors or splitter.  X X X XXS-3900-16, DC (unmodified)  X X X X
Wi-Fi Array416 Appendix C: Technical SupportDetermining If an XS-3700 or XS-3900 is Modified for PoGEThe following pictures show how different Array power supply types look. On the XS-3700/XS-3900 Arrays, it is VERY important to note the yellow sticker (Figure 188 on page 416) that differentiates between modified and unmodified DC power versions. Figure 187. XN8/XN12/XN16/XS8/XS12/XS16: Integrated SplitterFigure 188. Determining if XS-37000/3900 is modifiedConnect Data OUTto Gig1 or Gig2 port with short cableConnect Cat 5e(from PoGE Injector) to IN portModified XS-3700/XS-3900 (DC Version)Accepts XP1-SPL-H splitter outputMust have yellow labelUnmodified XS-3700/XS-3900 (DC Version)Accepts XP1-SPL splitter outputHas no yellow label
Wi-Fi ArrayAppendix C: Technical Support 417Contact InformationXirrus, Inc. is located in Thousand Oaks, California, just 55 minutes northwest of downtown Los Angeles and 40 minutes southeast of Santa Barbara.Xirrus, Inc.2101 Corporate Center DriveThousand Oaks, CA 91320USATel: 1.805.262.16001.800.947.7871 Toll Free in the USFax: 1.866.462.3980www.xirrus.comsupport.xirrus.com
Wi-Fi Array418 Appendix C: Technical Support
Wi-Fi ArrayAppendix D: Implementing PCI DSS 419Appendix D: Implementing PCI DSS The Payment Card Industry (PCI) Data Security Standard (DSS) was developed by major credit card companies to help those that process credit card transactions (or cardholder information) in order to secure cardholder information and protect it from unauthorized access, fraud and other security issues. The major contributors to the standard are VISA, MasterCard, American Express, JCB, and Discover. The standard also helps consolidate various individual standards that were developed by each of the listed card companies. Merchants or others who process credit card transactions are required to comply with the standard and to prove their compliance by way of an audit from a Qualified Security Assessor.PCI DSS lays out a set of requirements that must be met in order to provide adequate security for sensitive data. Payment Card Industry Data Security Standard Overview The PCI Data Security Standard (PCI DSS) has 12 main requirements that are grouped into six control objectives. The following table lists each control objective and the specific requirements for each objective. For the latest updates to this list, check the PCI Security Standards Web site: www.pcisecuritystandards.org.PCI DSS Control Objectives and Associated RequirementsObjective: Build and Maintain a Secure NetworkzRequirement 1: Install and maintain a firewall configuration to protect cardholder data.zRequirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.Objective: Protect Cardholder DatazRequirement 3: Protect stored cardholder data.zRequirement 4: Encrypt transmission of cardholder data across open, public networks.
Wi-Fi Array420 Appendix D: Implementing PCI DSSPCI DSS and Wireless The Xirrus Wi-Fi Array provides numerous security features that allow it to be a component of a PCI DSS-compliant network. The following sections indicate the specific features that allow the Xirrus Wi-Fi Array to operate in a PCI DSS mode. Objective: Maintain a Vulnerability Management ProgramzRequirement 5: Use and regularly update anti-virus software.zRequirement 6: Develop and maintain secure systems and applications.Objective: Implement Strong Access Control MeasureszRequirement 7: Restrict access to cardholder data by business need-to-know.zRequirement 8: Assign a unique ID to each person with computer access.zRequirement 9: Restrict physical access to cardholder data. Objective: Regularly Monitor and Test NetworkszRequirement 10: Track and monitor all access to network resources and cardholder data.zRequirement 11: Regularly test security systems and processes.Objective: Maintain an Information Security PolicyzRequirement 12: Maintain a policy that addresses information security.PCI DSS Control Objectives and Associated Requirements
Wi-Fi ArrayAppendix D: Implementing PCI DSS 421The Xirrus Array PCI Compliance Configuration The check list below is designed to help ensure that Xirrus Wi-Fi Arrays are configured in a manner that is supportive of PCI Data Security Standards. Detailed configuration steps for each item are found in the referenced section of the User’s Guide.3Xirrus Wi-Fi Array Configuration for PCI DSS See...(  )(  )Register at the Xirrus Support Site to ensure notification and access to software updates.Confirm that the latest version of the Array OS is being used by checking the Xirrus web site.support.xirrus.com(  ) Enable PCI Mode after configuring the Array in a PCI compliant state to ensure configuration changes cannot be saved that would invalidate a PCI compliant configuration. This item is covered on the following pages.The pci-audit Command, p. 422(  ) Allow only necessary protocols and networks to be accessed by configuring your corporate firewall or using the internal Array firewall. Filters, p. 289(  )(  )(  )(  )(  )(  )Change the default Admin account password. Remove any unnecessary admin or user accounts.Change the SNMP community string from the default password.Use WPA2 and 802.1x authentication.Change default SSID from Xirrus to a user-defined SSID.Disable SSID broadcast for all PCI compliant SSIDs.Express Setup, p. 176Admin Management, p. 215SNMP, p. 200SSIDs, p. 235 and Global Settings, p. 225SSIDs, p. 235SSIDs, p. 235(  )(  )(  )Enable Secure Shell (ssh) for CLI (command line) access.Confirm telnet access is disabled (done by default).Confirm management over the wireless network is disabled.Management Control, p. 219Global Settings (IAP), p. 260
Wi-Fi Array422 Appendix D: Implementing PCI DSSAdditional information regarding implementation of PCI DSS on the Wi-Fi Array is described in the Xirrus White Paper, PCI Data Security Standard, available on the Xirrus web site. The pci-audit CommandThe Array provides a CLI command, pci-audit, that checks whether the Array’s configuration satisfies PCI DSS wireless requirements. This command does not change any parameters, but will inform you of any violations that exist. Furthermore, the command pci-audit enable will put the Array in PCI Mode and monitor changes that you make to the Array’s configuration in CLI or the WMI. PCI Mode will warn you (and issue a Syslog message) if the change violates PCI DSS requirements. A warning is issued when a non-compliant change is first applied to the Array, and also if you attempt to save a configuration that is non-compliant. Use this command in conjunction with The Xirrus Array PCI (  )(  )Check that external RADIUS servers have been configured for use with 802.1x and WPA/WPA2 wireless security.Ensure that Array Administration Accounts are being validated by External RADIUS servers. SSIDs, p. 235 and Global Settings, p. 225Admin RADIUS, p. 216(  ) Ensure that each Xirrus Array is physically inaccessible such that console ports and management ports are not accessible.Securing the Array, p. 94See Indoor Enclosure (  )(  )Enable syslog messaging and define a syslog server on the wired network to receive syslog messages.Enable NTP and define an NTP server (optional).System Log, p. 197Time Settings (NTP), p. 194(  ) Enable the RF Monitor radio in the Xirrus Array. Categorize known or approved devices as such. Respond to any alert of unknown or unapproved wireless devices discovered by the RF Monitor.IAP Settings, p. 255Rogue Control List, p. 233Intrusion Detection, p. 1483Xirrus Wi-Fi Array Configuration for PCI DSS See...
Wi-Fi ArrayAppendix D: Implementing PCI DSS 423Compliance Configuration above to ensure that you are using the Array in accordance with the PCI DSS requirements. The pci-audit command checks items such as: zTelnet is disabled.zAdmin RADIUS is enabled (admin login authentication is via RADIUS server).zAn external Syslog server is in use. zAll SSIDs must set encryption to WPA or better (which also enforces 802.1x authentication)Sample output from this command is shown below. Figure 189. Sample output of pci-audit commandAdditional Resources zPCI Security Standards Web site: www.pcisecuritystandards.orgzList of Qualified PCI Security Assessors: www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdfzFor the latest version of the Xirrus White Paper, PCI Data Security Standard, and the latest versions of Xirrus software, please check www.xirrus.comSS-Array(config)# pci-auditPCI audit failure: telnet enabled.PCI audit failure: admin RADIUS authentication disabled.PCI audit failure: SSID ssid2 encryption too weak.PCI audit failure: SSID ssid3 encryption too weak.PCI audit failure: SSID ssid4 encryption too weak.PCI audit failure: SSID ssid5 encryption too weak.PCI audit failure: SSID ssid6 encryption too weak.
Wi-Fi Array424 Appendix D: Implementing PCI DSS
Wi-Fi ArrayAppendix E: Implementing FIPS Security 425Appendix E: Implementing FIPS Security Wi-Fi Arrays may be configured to satisfy the requirements for Level 2 of Federal Information Processing Standard (FIPS) Publication 140-2. The procedure in this section lists simple steps that must be followed exactly to implement FIPS 140-2, Level 2. The procedure includes physical actions, and parameters that must be set in Web Management Interface (WMI) windows in the Security section and in other sections.The following topics are discussed:z“To implement FIPS 140-2, Level 2 using WMI” on page 425.z“To check if an Array is in FIPS mode:” on page 431z“To implement FIPS 140-2, Level 2 using CLI:” on page 431To implement FIPS 140-2, Level 2 using WMI1. Apply the supplied tamper-evident seals to the unit as indicated in the figures below. The procedure is slightly different, depending on the model.•Before you apply the tamper-evident seal, clean the area of any grease, dirt, or oil. We recommend using alcohol-based cleaning pads for this. •Each seal must be applied to straddle both sides of an opening so that it will show if an attempt has been made to open the Array.
Wi-Fi Array426 Appendix E: Implementing FIPS Security•XS16, XS12, XS8, XS-3900, or XS-3700—Apply two seals, one on either side of the Array about 180° apart from each other, as shown. Apply a third seal to the access panel opening, as shown. IMPORTANT: Make sure that each seal straddles a seam. Figure 190. Applying Three Seals to XS16/XS12/XS8 or XS-3900/XS-3700123
Wi-Fi ArrayAppendix E: Implementing FIPS Security 427•XS4 or XS-3500—Apply two seals, one on either side of the Array about 180° apart from each other, as shown. IMPORTANT: Make sure that each seal straddles a seam. Figure 191. Applying Two Tamper-evident seals to the XS4 or XS-35002. Enable HTTPS using the CLI if it is not already enabled, using the following command:Xirrus_Wi-Fi_Array(config)# https onThis allows the Web Management Interface to be used for the rest of this procedure. HTTPS is enabled on Arrays by default. 12
Wi-Fi Array428 Appendix E: Implementing FIPS Security3. Select the SSIDs/SSID Management window. Set Encryption Type to WPA2 (Figure 192 ). Click Modify, then Save. Make sure that this is set for each SSID. Figure 192.  SSID Management Window
Wi-Fi ArrayAppendix E: Implementing FIPS Security 4294. In the Security/Global Settings window, select No for TKIP Enabled and Yes for AES Enabled. Click Apply, then Save. Figure 193. Security/Global Settings Window
Wi-Fi Array430 Appendix E: Implementing FIPS Security5. In the Security/Management Control window, select Yes for Enable Management over SSH. Select No for Enable Management over Telnetand for Enable Management over IAPs. Click Apply, then Save. Figure 194. Security/Management Control Window6. In the Services/SNMP window, select No for Enable SNMP. Click Apply, then Save. Figure 195. Services/SNMP Window
Wi-Fi ArrayAppendix E: Implementing FIPS Security 4317. In the IAPs/Global Settings window, select Off for Fast Roaming. Click Apply, then Save. Figure 196. IAPs/Global Settings ScreenTo check if an Array is in FIPS mode: You may determine whether or not the Array is running in FIPS mode by verifying that the settings described in the previous procedure are in effect. To implement FIPS 140-2, Level 2 using CLI: 1. The following CLI command will perform all of the settings required to put the Array in FIPS mode:. Xirrus_Wi-Fi_Array(config}# fips on This command remembers your previous settings for FIPS-related attributes. They will be restored if you use the fips off command. Use the save command to save these changes to flash memory.2. Use the fips off command if you would like to revert the FIPS settings back to the values they had before you entered the fips on command. Xirrus_Wi-Fi_Array(config}# fips off Use the save command to save these changes to flash memory.
Wi-Fi Array432 Appendix E: Implementing FIPS SecuritySee AlsoThe Web Management InterfaceThe Command Line Interface
Wi-Fi ArrayAppendix F: Notices 433Appendix F: NoticesThis appendix contains the following information:z“Notices” on page 433z“EU Directive 1999/5/EC Compliance Information” on page 436z“Safety Warnings” on page 443z“Translated Safety Warnings” on page 444z“Software Warranty and License Agreement” on page 445z“Hardware Warranty Agreement” on page 452NoticesFCC NoticeThis device complies with Part 15 of the FCC Rules, with operation subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause unwanted operation.This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate RF energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following safety measures:zReorient or relocate the receiving antenna.zIncrease the separation between the equipment and the receiver.zConsult the dealer or an experienced wireless technician for help.Use of a shielded twisted pair (STP) cable must be used for all Ethernet connections in order to comply with EMC requirements.
Wi-Fi Array434 Appendix F: NoticesRF Radiation Hazard WarningTo ensure compliance with FCC RF exposure requirements, this device must be installed in a location where the antennas of the device will have a minimum distance of at least 25 cm (9.84 inches) from all persons. Using higher gain antennas and types of antennas not certified for use with this product is not allowed. The device shall not be co-located with another transmitter.Non-Modification StatementUnauthorized changes or modifications to the device are not permitted. Use only the supplied internal antenna, or external antennas supplied by the manufacturer. Modifications to the device will void the warranty and may violate FCC regulations. Please go to the Xirrus Web site for a list of all approved antennas.Indoor UseThis product has been designed for indoor use. Operation of channels in the 5150MHz to 5250MHz band is permitted indoors only to reduce the potential for harmful interference to co-channel mobile satellite systems.Cable Runs for Power over Gigabit Ethernet (PoGE)If using PoGE, the Array must be connected to PoGE networks without routing cabling to the outside plant—this ensures that cabling is not exposed to lightning strikes or possible cross over from high voltage.Battery WarningCaution! The Array contains a battery which is not to be replaced by the customer. Danger of Explosion exists if the battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.Power CordIf you will be using the Array with a power cord, you must use a UL-Approved cord (supplied with the unit). Order new power cords from the Xirrus product list—Xirrus supplies only UL-approved power cords.
Wi-Fi ArrayAppendix F: Notices 435Maximum Antenna GainCurrently, the maximum antenna gain for external antennas is limited to 5.2dBi for operation in the 2400MHz to 2483.5MHz, 5150MHz to 5250MHz and 5725MHz to 5825MHz bands. The antenna gains must not exceed maximum EIRP limits set by the FCC / Industry Canada.High Power RadarsHigh power radars are allocated as primary users (meaning they have priority) in the 5150MHz to 5250MHz and 5650MHz to 5850MHz bands. These radars could cause interference and/or damage to LELAN devices used in Canada.Industry Canada Notice and MarkingThis Class A digital apparatus complies with Canadian ICES-003.Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.The term “IC:” before the radio certification number only signifies that Industry Canada technical specifications were met.To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the equivalent isotropically radiated power (EIRP) is not more than that required for successful communication.
Wi-Fi Array436 Appendix F: NoticesEU Directive 1999/5/EC Compliance InformationThis section contains compliance information for the Xirrus Wi-Fi Array family of products, which includes the XN16, XN12, XN8, XN4, XS16, XS12, XS8, XS4, XS-3900, XS-3700 and XS-3500. The compliance information contained in this section is relevant to the European Union and other countries that have implemented the EU Directive 1999/5/EC.Declaration of ConformityCesky [Czech] Toto zahzeni je v souladu se základnimi požadavky a ostatnimi odpovidajcimi ustano veni mi SmČrnice 1999/5/EC.Dansk [Danish] Dette udstyr er i overensstemmelse med de væsentlige krav og andre relevante bestemmelser i Direktiv 1999/5/EF.Deutsch [German] Dieses Gerat entspricht den grundlegenden Anforderungen und den weiteren entsprechenden Vorgaben der Richtinie 1999/5/EU.Eesti [Estonian] See seande vastab direktiivi 1999/5/EU olulistele nöuetele ja teistele as jakohastele sätetele.English This equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.Español [Spain] Este equipo cump le con los requisitos esenciales asi como con otras disposiciones de la Directiva 1999/5/CE.ǼȜȜȘȞȣțȘ [Greek] ǹȣIJȩȗ Ƞ İȟȠʌȜIJıȝȩȗ İȓȞĮȚ ıİ ıȣȝȝȩȡijȦıȘ ȝİ IJȚȗ ȠȣıȚȫįİȚȗ ĮʌĮȚIJȒıİȚȗ țĮȚ ȪȜȜİȗ ıȤİIJȚțȑȗ įȚĮIJȐȟİȚȗ IJȘȗ ȅįȘȖȚĮȗ 1999/5/EC.Français [French] Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC.
Wi-Fi ArrayAppendix F: Notices 437Ďslenska [Icelandic] Þetta tæki er samkvæmt grunnkröfum og öðrum viðeigandi ákvæðum Tilskipunar 1999/5/EC.Italiano [Italian] Questo apparato é conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/CE.Latviski [Latvian] ŠƯ  iekƗrta atbilst DirektƯvas 1999/5/EK bnjtiskajƗprasƯbƗm un citiem ar to saistƯtajiem noteikumiem.Lietuviǐ [Lithuanian] Šis  Ƴrenginys tenkina 1995/5/EB Direktyvos esminius reikalavimus ir kitas šios direktyvos nuostatas.Nederlands [Dutch] Dit apparant voldoet aan de essentiele eisen en andere van toepassing zijnde bepalingen van de Richtlijn 1995/5/EC.Malti [Maltese] Dan l-apparant huwa konformi mal-htigiet essenzjali u l-provedimenti l-ohra rilevanti tad-Direttiva 1999/5/EC.Margyar [Hungarian] Ez a készülék teljesiti az alapvetö követelményeket és más 1999/5/EK irányelvben meghatározott vonatkozó rendelkezéseket.Norsk [Norwegian] Dette utstyret er i samsvar med de grunnleggende krav og andre relevante bestemmelser i EU-direktiv 1999/5/EF.Polski [Polish] Urządzenie jest zgodne z ogólnymi wymaganiami oraz sczególnymi mi warunkami okreĞlony mi Dyrektywą. UE:1999/5/EC.Portuguès [Portuguese] Este equipamento está em conformidade com os requisitos essenciais e outras provisões relevantes da Directiva 1999/5/EC.Slovensko [Slovenian] Ta naprava je skladna z bistvenimi zahtevami in ostalimi relevantnimi popoji Direktive 1999/5/EC.
Wi-Fi Array438 Appendix F: NoticesAssessment CriteriaThe following standards were applied during the assessment of the product against the requirements of the Directive 1999/5/EC:zRadio: EN 301 893 and EN 300 328 (if applicable)zEMC: EN 301 489-1 and EN 301 489-17zSafety: EN 50371 to EN 50385 and EN 60601CE MarkingFor the Xirrus Wi-Fi Array (XN16, XN12, XN8, XN4, XS16, XS12, XS8, XS4, XS-3900, XS-3700 and XS-3500), the CE mark and Class-2 identifier opposite are affixed to the equipment and its packaging: Slovensky [Slovak] Toto zariadenie je v zhode so základnými požadavkami a inými prislušnými nariadeniami direktiv: 1999/5/EC.Suomi [Finnish] Tämä laite täyttää direktiivin 1999/5//EY olennaiset vaatimukset ja on siinä asetettujen muiden laitetta koskevien määräysten mukainen.Svenska [Swedish] Denna utrustning är i överensstämmelse med de väsentliga kraven och andra relevanta bestämmelser i Direktiv 1999/5/EC.
Wi-Fi ArrayAppendix F: Notices 439WEEE CompliancezNatural resources were used in the production of this equipment.zThis equipment may contain hazardous substances that could impact the health of the environment.zIn order to avoid harm to the environment and consumption of natural resources, we encourage you to use appropriate take-back systems when disposing of this equipment.zThe appropriate take-back systems will reuse or recycle most of the materials of this equipment in a way that will not harm the environment.zThe crossed-out wheeled bin symbol (in accordance with European Standard EN 50419) invites you to use those take-back systems and advises you not to combine the material with refuse destined for a land fill.zIf you need more information on collection, re-use and recycling systems, please contact your local or regional waste administration.zPlease contact Xirrus for specific information on the environmental performance of our
Wi-Fi Array440 Appendix F: NoticesNational RestrictionsIn the majority of the EU and other European countries, the 2.4 GHz and 5 GHz bands have been made available for the use of Wireless LANs. The following table provides an overview of the regulatory requirements in general that are applicable for the 2.4 GHz and 5 GHz bands.*Dynamic frequency selection and Transmit Power Control is required in these frequency bands.**France is indoor use only in the upper end of the band.The requirements for any country may change at any time. Xirrus recommends that you check with local authorities for the current status of their national regulations for both 2.4 GHz and 5 GHz wireless LANs.The following countries have additional requirements or restrictions than those listed in the above table:BelgiumThe Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link having a range exceeding 300 meters. Xirrus recommends checking at www.bipt.be for more details.Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te worden bij het Belgisch Instituut voor postdiensten en telecommunicatie (BIPT). Zie www.bipt.be voor meer gegevens.Frequency Band (MHz)Max Power Level (EIRP) (mW) Indoor  Outdoor 2400–2483.5 100 X X**5150–5350* 200 X N/A5470–5725* 1000 X X
Wi-Fi ArrayAppendix F: Notices 441Les liasons sans fil pour une utilisation en extérieur d’une distance supérieure à 300 mèters doivent être notifiées à l’Institut Belge des services Postaux et des Télécommunications (IBPT). Visitez www.bipt.be pour de plus amples détails.GreeceA license from EETT is required for the outdoor operation in the 5470 MHz to 5725 MHz band. Xirrus recommends checking www.eett.gr for more details.Ǿ įȘ ȚȠȣȡȖȕȐȚțIJ ȦȞİȟȦIJİȡȚțȠ ȡȠȣıIJȘ ȗ ȞȘıȣ ȞȠIJ IJȦȞ 5470–5725 ȂǾz İ ȚIJȡ İIJȐȚȦȞȠ İIJȐȐ ȩȐįİȚȐ IJȘȢ ǼǼȉȉ, Ƞȣ ȠȡȘȖİȕIJȐȚ ıIJİȡȐ Ȑ ȩ ı ijȦȞȘ ȖȞ Ș IJȠȣ īǼǼĬǹ. İȡȚııȩIJİȡİȢ Ȝİ IJȠȝ ȡİȚİȦıIJȠ www.eett.grItalyThis product meets the National Radio Interface and the requirements specified in the National Frequency Allocation Table for Italy. Unless this wireless LAN product is operating within the boundaries of the owner’s property, its use requires a “general authorization.” Please check with www.communicazioni.it/it/ for more details.Questo prodotto é conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripartizione delle frequenze in Italia. Se non viene installato all’interno del proprio fondo, l’utilizzo di prodotti wireless LAN richiede una “autorizzazione Generale.” Consultare www.communicazioni.it/it/ per maggiori dettagli.Norway, Switzerland and LiechtensteinAlthough Norway, Switzerland and Liechtenstein are not EU member states, the EU Directive 1999/5/EC has also been implemented in those countries.Calculating the Maximum Output Power The regulatory limits for maximum output power are specified in EIRP (radiated power). The EIRP level of a device can be calculated by adding the gain of the antenna used (specified in dBi) to the output power available at the connector (specified in dBm).
Wi-Fi Array442 Appendix F: NoticesAntennasThe Xirrus Wi-Fi Array employs integrated antennas that cannot be removed and which are not user accessible. Nevertheless, as regulatory limits are not the same throughout the EU, users may need to adjust the conducted power setting for the radio to meet the EIRP limits applicable in their country or region. Adjustments can be made from the product’s management interface—either Web Management Interface (WMI) or Command Line Interface (CLI).Operating FrequencyThe operating frequency in a wireless LAN is determined by the access point. As such, it is important that the access point is correctly configured to meet the local regulations. See National Restrictions in this section for more information.If you still have questions regarding the compliance of Xirrus products or you cannot find the information you are looking for, please contact us at:Xirrus, Inc.2101 Corporate Center DriveThousand Oaks, CA 91320USATel: 1.805.262.16001.800.947.7871 Toll Free in the USFax: 1.866.462.3980www.xirrus.com
Wi-Fi ArrayAppendix F: Notices 443Safety WarningsTranslated safety warnings appear on the following page. !Safety WarningsRead all user documentation before powering this device. All Xirrus interconnected equipment should be contained indoors. This product is not suitable for outdoor operation. Please verify the integrity of the system ground prior to installing Xirrus equipment. Additionally, verify that the ambient operating temperature does not exceed 50°C.!Explosive Device Proximity WarningDo not operate the XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/XS-3500 unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use.!Lightning Activity WarningDo not work on the XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/XS-3500 or connect or disconnect cables during periods of lightning activity.!Circuit Breaker WarningThe XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/ XS-3500 relies on the building’s installation for over current protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A (U.S.) or 240 VAC, 10A (International) is used on all current-carrying conductors.
Wi-Fi Array444 Appendix F: NoticesTranslated Safety WarningsAvertissements de Sécurité!SécuritéLisez l'ensemble de la documentation utilisateur avant de mettre cet appareil sous tension. Tous les équipements Xirrus interconnectés doivent être installés en intérieur. Ce produit n'est pas conçu pour être utilisé en extérieur. Veuillez vérifier l'intégrité de la terre du système avant d'installer des équipements Xirrus. Vérifiez également que la température de fonctionnement ambiante n'excède pas 50°C.!Proximité d'appareils explosifsN'utilisez pas l'unité XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/XS-3500 à proximité d'amorces non blindées ou dans un environnement explosif, à moins que l'appareil n'ait été spécifiquement modifié pour un tel usage.!FoudreN'utilisez pas l'unité XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/XS-3500 et ne branchez pas ou ne débranchez pas de câbles en cas de foudre.!DisjoncteurL'unité XN16/XN12/XN8/XN4/XS16/XS12/XS8/XS4/XS-3900/XS-3700/XS-3500 dépend de l'installation du bâtiment pour ce qui est de la protection contre les surintensités. Assurez-vous qu'un fusible ou qu'un disjoncteur de 120 Vca, 15 A (États-Unis) ou de 240 Vca, 10 A (International) maximum est utilisé sur tous les conducteurs de courant.
Wi-Fi ArrayAppendix F: Notices 445Software Warranty and License AgreementTHIS SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (“CUSTOMER”) AND LICENSOR (AS DEFINED BELOW) AND GOVERNS THE USE OF THE SOFTWARE INSTALLED ON THE PRODUCT (AS DEFINED BELOW). IF YOU ARE AN EMPLOYEEbo OR AGENT OF CUSTOMER, YOU HEREBY REPRESENT AND WARRANT TO LICENSOR THAT YOU HAVE THE POWER AND AUTHORITY TO ACCEPT AND TO BIND CUSTOMER TO THE TERMS AND CONDITIONS OF THIS AGREEMENT (INCLUDING ANY THIRD PARTY TERMS SET FORTH HEREIN). IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT RETURN THE PRODUCT AND ALL ACCOMPANYING MATERIALS (INCLUDING ALL DOCUMENTATION) TO THE RELEVANT VENDOR FOR A FULL REFUND OF THE PURCHASE PRICE THEREFOR. CUSTOMER UNDERSTANDS AND AGREES THAT USE OF THE SOFTWARE SHALL BE DEEMED AN AGREEMENT TO THE TERMS AND CONDITIONS GOVERNING SUCH SOFTWARE AND THAT CUSTOMER IS BOUND BY AND BECOMES A PARTY TO THIS AGREEMENT.1. Definitions1.1 “Documentation” means the user manuals and all other all documentation, instructions or other similar materials accompanying the Software covering the installation, application, and use thereof.1.2 “Licensor” means XIRRUS and its suppliers.1.3 “Product” means a multi-radio access point containing four or more distinct radios capable of simultaneous operation on four or more non-overlapping channels.1.4 “Software” means, collectively, each of the application and embedded software programs delivered to Customer in connection with this Agreement. For purposes of this Agreement, the term Software shall be deemed to include any and all Documentation and Updates provided with or for the Software. 1.5 “Updates” means any bug-fix, maintenance or version release to the Software that may be provided to Customer from Licensor pursuant to this Agreement or pursuant to any separate maintenance and support agreement entered into by and between Licensor and Customer.
Wi-Fi Array446 Appendix F: Notices2. Grant of Rights2.1 Software. Subject to the terms and conditions of this Agreement, Licensor hereby grants to Customer a perpetual, non-exclusive, non-sublicenseable, non-transferable right and license to use the Software solely as installed on the Product in accordance with the accompanying Documentation and for no other purpose.    2.2 Ownership. The license granted under Sections 2.1 above with respect to the Software does not constitute a transfer or sale of Licensor's or its suppliers' ownership interest in or to the Software, which is solely licensed to Customer. The Software is protected by both national and international intellectual property laws and treaties. Except for the express licenses granted to the Software, Licensor and its suppliers retain all rights, title and interest in and to the Software, including (i) any and all trade secrets, copyrights, patents and other proprietary rights therein or thereto or (ii) any Marks (as defined in Section 2.3 below) used in connection therewith. In no event shall Customer remove, efface or otherwise obscure any Marks contained on or in the Software. All rights not expressly granted herein are reserved by Licensor. 2.3 Copies. Customer shall not make any copies of the Software but shall be permitted to make a reasonable number of copies of the related Documentation. Whenever Customer copies or reproduces all or any part of the Documentation, Customer shall reproduce all and not efface any titles, trademark symbols, copyright symbols and legends, and other proprietary markings or similar indicia of origin (“Marks”) on or in the Documentation.2.4 Restrictions. Customer shall not itself, or through any parent, subsidiary, affiliate, agent or other third party (i) sell, rent, lease, license or sublicense, assign or otherwise transfer the Software, or any of Customer's rights and obligations under this Agreement except as expressly permitted herein; (ii) decompile, disassemble, or reverse engineer the Software, in whole or in part, provided that in those jurisdictions in which a total prohibition on any reverse engineering is prohibited as a matter of law and such prohibition is not cured by the fact that this Agreement is subject to the laws of the State of California, Licensor agrees to grant Customer, upon Customer's written request to Licensor, a limited reverse engineering license to permit interoperability of the Software with other software or code used by Customer; (iii) allow access to the Software by any user other than by Customer's employees and contractors who are bound in writing to confidentiality and non-use restrictions at least as protective as those set forth herein; (iv) except as expressly set forth herein, write or develop any derivative software or any other software program based upon the Software; or (v) use any
Wi-Fi ArrayAppendix F: Notices 447computer software or hardware which is designated to defeat any copy protection or other use limiting device, including any device intended to limit the number of users or devices accessing the Product. 3. Limited Warranty and Limitation of Liability3.1 Limited Warranty & Exclusions. Licensor warrants that the Software will perform in substantial accordance with the specifications therefor set forth in the Documentation for a period of ninety [90] days after Customer's acceptance of the terms of this Agreement with respect to the Software (“Warranty Period”). If during the Warranty Period the Software does not perform as warranted, Licensor shall, at its option, correct the relevant Software giving rise to such breach of performance or replace such Software free of charge. THE FOREGOING ARE CUSTOMER'S SOLE AND EXCLUSIVE REMEDIES FOR BREACH OF THE FOREGOING WARRANTY. THE WARRANTY SET FORTH ABOVE IS MADE TO AND FOR THE BENEFIT OF CUSTOMER ONLY. The warranty will apply only if (i) the Software has been used at all times and in accordance with the instructions for use set forth in the Documentation and this Agreement; (ii) no modification, alteration or addition has been made to the Software by persons other than Licensor or Licensor's authorized representative; and (iii) the Software or Product on which the Software is installed has not been subject to any unusual electrical charge.3.2 DISCLAIMER. EXCEPT AS EXPRESSLY STATED IN THIS SECTION 3, ALL ADDITIONAL CONDITIONS, REPRESENTATIONS, AND WARRANTIES, WHETHER IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, ACCURACY, AGAINST INFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY DISCLAIMED BY LICENSOR AND ITS SUPPLIERS. THIS DISCLAIMER SHALL APPLY EVEN IF ANY EXPRESS WARRANTY AND LIMITED REMEDY OFFERED BY LICENSOR FAILS OF ITS ESSENTIAL PURPOSE. ALL WARRANTIES PROVIDED BY LICENSOR ARE SUBJECT TO THE LIMITATIONS OF LIABILITY SET FORTH IN THIS AGREEMENT. 3.3 HAZARDOUS APPLICATIONS. THE SOFTWARE IS NOT DESIGNED OR INTENDED FOR USE IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF A NUCLEAR FACILITY, AIRCRAFT NAVIGATION OR COMMUNICATIONS SYSTEMS, AIR TRAFFIC CONTROLS OR OTHER
Wi-Fi Array448 Appendix F: NoticesDEVICES OR SYSTEMS IN WHICH A MALFUNCTION OF THE SOFTWARE WOULD RESULT IN FORESEEABLE RISK OF INJURY OR DEATH TO THE OPERATOR OF THE DEVICE OR SYSTEM OR TO OTHERS (“HAZARDOUS APPLICATIONS”). CUSTOMER ASSUMES ANY AND ALL RISKS, INJURIES, LOSSES, CLAIMS AND ANY OTHER LIABILITIES ARISING OUT OF THE USE OF THE SOFTWARE IN ANY HAZARDOUS APPLICATIONS.3.4 Limitation of Liability. (a) TOTAL LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN, ALL LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER FOR THE RELEVANT SOFTWARE, OR PORTION THEREOF, THAT GAVE RISE TO SUCH LIABILITY OR ONE HUNDRED UNITED STATES DOLLARS (US$100), WHICHEVER IS GREATER. THE LIABILITY OF LICENSOR AND ITS SUPPLIERS UNDER THIS SECTION SHALL BE CUMULATIVE AND NOT PER INCIDENT.(b) DAMAGES. IN NO EVENT SHALL LICENSOR, ITS SUPPLIERS OR THEIR RELEVANT SUBCONTRACTORS BE LIABLE FOR (A) ANY INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, LOST PROFITS OR LOST OR DAMAGED DATA, OR ANY INDIRECT DAMAGES, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE OR (B) ANY COSTS OR EXPENSES FOR THE PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES IN EACH CASE, EVEN IF LICENSOR OR ITS SUPPLIERS HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.3.5 Exclusions. SOME JURISDICTIONS DO NOT PERMIT THE LIMITATIONS OF LIABILITY AND LIMITED WARRANTIES SET FORTH UNDER THIS AGREEMENT. IN THE EVENT YOU ARE LOCATED IN ANY SUCH JURISDICTION, THE FOREGOING LIMITATIONS SHALL APPLY ONLY TO THE MAXIMUM EXTENT PERMITTED IN SUCH JURISDICTIONS. IN NO EVENT SHALL THE FOREGOING EXCLUSIONS AND LIMITATIONS ON DAMAGES BE DEEMED TO APPLY TO ANY LIABILITY BASED ON FRAUD, WILLFUL MISCONDUCT, GROSS NEGLIGENCE OR PERSONAL INJURY OR DEATH.
Wi-Fi ArrayAppendix F: Notices 4494. Confidential Information4.1 Generally. The Software (and its accompanying Documentation) constitutes Licensor's and its suppliers' proprietary and confidential information and contains valuable trade secrets of Licensor and its suppliers (“Confidential Information”). Customer shall protect the secrecy of the Confidential Information to the same extent it protects its other valuable, proprietary and confidential information of a similar nature but in no event shall Customer use less than reasonable care to maintain the secrecy of the Confidential Information. Customer shall not use the Confidential Information except to exercise its rights or perform its obligations as set forth under this Agreement. Customer shall not disclose such Confidential Information to any third party other than subject to non-use and non-disclosure obligations at least as protective of a party's right in such Confidential Information as those set forth herein. 4.2 Return of Materials. Customer agrees to (i) destroy all Confidential Information (including deleting any and all copies contained on any of Customer's Designated Hardware or the Product) within fifteen (15) days of the date of termination of this Agreement or (ii) if requested by Licensor, return, any Confidential Information to Licensor within thirty (30) days of Licensor's written request. 5. Term and Termination5.1 Term . Subject to Section 5.2 below, this Agreement will take effect on the Effective Date and will remain in force until terminated in accordance with this Agreement.5.2 Termination Events. This Agreement may be terminated immediately upon written notice by either party under any of the following conditions: (a) If the other party has failed to cure a breach of any material term or condition under the Agreement within thirty (30) days after receipt of notice from the other party; or(b) Either party ceases to carry on business as a going concern, either party becomes the object of the institution of voluntary or involuntary proceedings in bankruptcy or liquidation, which proceeding is not dismissed within ninety (90) days, or a receiver is appointed with respect to a substantial part of its assets.
Wi-Fi Array450 Appendix F: Notices5.3 Effect of Termination. (a) Upon termination of this Agreement, in whole or in part, Customer shall pay Licensor for all amounts owed up to the effective date of termination. Termination of this Agreement shall not constitute a waiver for any amounts due. (b) The following Sections shall survive the termination of this Agreement for any reason: Sections 1, 2.2, 2.4, 3, 4, 5.3, and 6. (c) No later than thirty (30) days after the date of termination of this Agreement by Licensor, Customer shall upon Licensor's instructions either return the Software and all copies thereof; all Documentation relating thereto in its possession that is in tangible form or destroy the same (including any copies thereof contained on Customer's Designated Hardware). Customer shall furnish Licensor with a certificate signed by an executive officer of Customer verifying that the same has been done.6. MiscellaneousIf Customer is a corporation, partnership or similar entity, then the license to the Software and Documentation that is granted under this Agreement is expressly conditioned upon and Customer represents and warrants to Licensor that the person accepting the terms of this Agreement is authorized to bind such entity to the terms and conditions herein. If any provision of this Agreement is held to be invalid or unenforceable, it will be enforced to the extent permissible and the remainder of this Agreement will remain in full force and effect. During the course of use of the Software, Licensor may collect information on your use thereof; you hereby authorize Licensor to use such information to improve its products and services, and to disclose the same to third parties provided it does not contain any personally identifiable information. The express waiver by either party of any provision, condition or requirement of this Agreement does not constitute a waiver of any future obligation to comply with such provision, condition or requirement. Customer and Licensor are independent parties. Customer may not export or re-export the Software or Documentation (or other materials) without appropriate United States, European Union and foreign government licenses or in violation of the United State's Export Administration Act or foreign equivalents and Customer shall comply with all national and international laws governing the Software. This Agreement will be governed by and construed under the laws of the State of California and the United States as applied to agreements entered into and to be performed entirely within California, without regard to conflicts of laws provisions thereof and the parties expressly exclude the application of the United Nations Convention on Contracts for the International Sales of Goods and the Uniform Computer
Wi-Fi ArrayAppendix F: Notices 451Information Transactions Act (as promulgated by any State) to this Agreement. Suits or enforcement actions must be brought within, and each party irrevocably commits to the exclusive jurisdiction of, the state and federal courts located in Ventura County, California. Customer may not assign this Agreement by operation of law or otherwise, without the prior written consent of Licensor and any attempted assignment in violation of the foregoing shall be null and void. This Agreement cancels and supersedes all prior agreements between the parties. This Agreement may not be varied except through a document agreed to and signed by both parties. Any printed terms and conditions contained in any Customer purchase order or in any Licensor acknowledgment, invoice or other documentation relating to the Software shall be deemed deleted and of no force or effect and any additional typed and/or written terms and conditions contained shall be for administrative purposes only, i.e. to identify the types and quantities of Software to be supplied, line item prices and total price, delivery schedule, and other similar ordering data, all in accordance with the provisions of this Agreement.
Wi-Fi Array452 Appendix F: NoticesHardware Warranty AgreementPLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS PRODUCTBY USING THIS PRODUCT, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, RETURN THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.LIMITED WARRANTY. Xirrus warrants that for a period of one year from the date of purchase by the original purchaser (“Customer”): (i) the Xirrus Equipment (“Equipment”) will be free of defects in materials and workmanship under normal use; and (ii) the Equipment substantially conforms to its published specifications. Except for the foregoing, the Equipment is provided AS IS. This limited warranty extends only to Customer as the original purchaser. Customer's exclusive remedy and the entire liability of Xirrus and its suppliers under this limited warranty will be, at Xirrus' option, repair, replacement, or refund of the Equipment if reported (or, upon request, returned) to the party supplying the Equipment to Customer. In no event does Xirrus warrant that the Equipment is error free or that Customer will be able to operate the Equipment without problems or interruptions. This warranty does not apply if the Equipment (a) has been altered, except by Xirrus, (b) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by Xirrus, (c) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident, or (d) is used in ultra-hazardous activities. DISCLAIMER. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. IN NO EVENT WILL XIRRUS OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE EQUIPMENT EVEN IF XIRRUS OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall Xirrus' or its suppliers' liability to Customer,
Wi-Fi ArrayAppendix F: Notices 453whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer.The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. SOME STATES DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. The above warranty DOES NOT apply to any evaluation Equipment made available for testing or demonstration purposes. All such Equipment is provided AS IS without any warranty whatsoever. Customer agrees the Equipment and related documentation shall not be used in life support systems, human implantation, nuclear facilities or systems or any other application where failure could lead to a loss of life or catastrophic property damage, or cause or permit any third party to do any of the foregoing. All information or feedback provided by Customer to Xirrus with respect to the Product shall be Xirrus' property and deemed confidential information of Xirrus.Equipment including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re-export, or import Equipment.This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Warranty shall remain in full force and effect. This Warranty constitutes the entire agreement between the parties with respect to the use of the Equipment. Manufacturer is Xirrus, Inc.  2101 Corporate Center Drive  Thousand Oaks, CA 91320
Wi-Fi Array454 Appendix F: Notices
Wi-Fi ArrayGlossary of Terms 455Glossary of Terms802.11aA supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 5 GHz and data rates of up to 54 Mbps.802.11bA supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 11 Mbps.802.11dA supplement to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs. It allows Access Points to communicate information on the permissible radio channels with acceptable power levels for user devices. Because the 802.11 standards cannot legally operate in some countries, 802.11d adds features and restrictions to allow WLANs to operate within the rules of these countries.802.11gA supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 54 Mbps.802.11nA supplement to the IEEE 802.11 WLAN specification that describes enhancements to 802.11a/b/g to greatly enhance reach, speed, and capacity.802.1QAn IEEE standard for MAC layer frame tagging (also known as encapsulation). Frame tagging uniquely assigns a user-defined ID to each frame. It also enables a switch to communicate VLAN membership information across multiple (and multi-vendor) devices by frame tagging.AES(Advanced Encryption Standard) A data encryption scheme that uses three different key sizes (128-bit, 192-bit, and 256-bit). AES was adopted by the U.S. government in 2002 as the encryption standard for protecting sensitive but unclassified electronic data.
Wi-Fi Array456 Glossary of TermsauthenticationThe process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication, open system and shared key.bandwidthSpecifies the amount of the frequency spectrum that is usable for data transfer. In other words, it identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power).beacon intervalWhen a device in a wireless network sends a beacon, it includes with it a beacon interval, which specifies the period of time before it will send the beacon again. The interval tells receiving devices on the network how long they can wait in low power mode before waking up to handle the beacon. Network administrators can adjust the beacon interval—usually measured in milliseconds (ms) or its equivalent, kilo-microseconds (Kmsec).bit rateThe transmission rate of binary symbols ('0' and '1'), equal to the total number of bits transmitted in one second.BSS(Basic Service Set) When a WLAN is operating in infrastructure mode, each access point and its connected devices are called the Basic Service Set.BSSIDThe unique identifier for an access point in a BSS network. See also, SSID.CDP(Cisco Discovery Protocol) CDP is a layer 2 network protocol which runs on most Cisco equipment and some other network equipment. It is used to share information with other directly connected network devices. Information such as the model, network capabilities, and IP address is shared. Wi-Fi Arrays can both advertise their presence by sending CDP announcements, and gather and display information sent by neighbors.
Wi-Fi ArrayGlossary of Terms 457cellThe basic geographical unit of a cellular communications system. Service coverage of a given area is based on an interlocking network of cells, each with a radio base station (transmitter/receiver) at its center. The size of each cell is determined by the terrain and forecasted number of users.channelA specific portion of the radio spectrum—the channels allotted to one of the wireless networking protocols. For example, 802.11b and 802.11g use 14 channels in the 2.4 GHz band, only 3 of which don't overlap (1, 6, and 11). In the 5 GHz band, 802.11a uses 8 channels for indoor use and 4 for outdoor use, none of which overlap. In the U.S., additional channels are available, to bring the total to 24 channels. CoS(Class of Service) A category based on the type of user, type of application, or some other criteria that QoS systems can use to provide differentiated classes of service.default gatewayThe gateway in a network that a computer will use to access another network if a gateway is not specified for use. In a network using subnets, a default gateway is the router that forwards traffic to a destination outside of the subnet of the transmitting device.DHCP(Dynamic Host Configuration Protocol) A method for dynamically assigning IP addresses to devices on a network. DHCP issues IP addresses automatically within a specified range to client devices when they are first powered up.DHCP leaseThe DHCP lease is the amount of time that the DHCP server grants to the DHCP client for permission to use a particular IP address. A typical DHCP server allows its administrator to set the lease time.
Wi-Fi Array458 Glossary of TermsDNS(Domain Name System) A system that maps meaningful domain names with complex numeric IP addresses. DNS is actually a separate network—if one DNS server cannot translate a domain name, it will ask a second or third until a server is found with the correct IP address.domainThe main name/Internet address of a user's Internet site as registered with the InterNIC organization, which handles domain registration on the Internet. For example, the “domain” address for Xirrus is: http://www.xirrus.com, broken down as follows:zhttp:// represents the Hyper Text Teleprocessing Protocol used by all Web pages.zwww is a reference to the World Wide Web.zxirrus refers to the company.zcom specifies that the domain belongs to a commercial enterprise.DTIM(Delivery Traffic Indication Message) A DTIM is a signal sent as part of a beacon by an access point to a client device in sleep mode, alerting the device to a packet awaiting delivery.EAP(Extensible Authentication Protocol) When you log on to the Internet, you're most likely establishing a PPP connection via a remote access server. The password, key, or other device you use to prove that you are authorized to do so is controlled via PPP’s Link Control Protocol (LCP). However, LCP is somewhat inflexible because it has to specify an authentication device early in the process. EAP allows the system to gather more information from the user before deciding which authenticator to use. It is called extensible because it allows more authenticator types than LCP (for example, passwords and public keys).
Wi-Fi ArrayGlossary of Terms 459EDCF(Enhanced Distributed Coordinator Function) A QoS extension which uses the same contention-based access mechanism as current devices but adds “offset contention windows” that separate high priority packets from low priority packets (by assigning a larger random backoff window to lower priorities than to higher priorities). The result is “statistical priority,” where high-priority packets usually are transmitted before low-priority packets.encapsulationA way of wrapping protocols such as TCP/IP, AppleTalk, and NetBEUI in Ethernet frames so they can traverse an Ethernet network and be unwrapped when they reach the destination computer.encryptionAny procedure used in cryptography to translate data into a form that can be decrypted and read only by its intended receiver.Fast EthernetA version of standard Ethernet that runs at 100 Mbps rather than 10 Mbps.FCC(Federal Communications Commission) US wireless regulatory authority. The FCC was established by the Communications Act of 1934 and is charged with regulating Interstate and International communications by radio, television, wire, satellite and cable.FIPSThe Federal Information Processing Standard (FIPS) Publication 140-2 establishes a computer security standard used to accredit cryptographic modules. The standard is a joint effort by the U.S. and Canadian governments. frameA packet encapsulated to travel on a physical medium, like Ethernet or Wi-Fi. If a packet is like a shipping container, a frame is the boat on which the shipping container is loaded. Gigabit 1The primary Gigabit Ethernet interface. See also, Gigabit Ethernet.
Wi-Fi Array460 Glossary of TermsGigabit 2The secondary Gigabit Ethernet interface. See also, Gigabit Ethernet.Gigabit EthernetThe newest version of Ethernet, with data transfer rates of 1 Gigabit (1,000 Mbps).GroupA user group, created to define a set of attributes (such as VLAN, traffic limits, and Web Page Redirect) and privileges (such as fast roaming) that apply to all users that are members of the group. This allows a uniform configuration to be easily applied to multiple user accounts. The attributes that can be configured for user groups are almost identical to those that can be configured for SSIDs. host nameThe unique name that identifies a computer on a network. On the Internet, the host name is in the form comp.xyz.net. If there is only one Internet site the host name is the same as the domain name. One computer can have more than one host name if it hosts more than one Internet site (for example, home.xyz.netand comp.xyz.net). In this case, comp and home are the host names and xyz.net is the domain name.IPsecA Layer 3 authentication and encryption protocol. Used to secure VPNs.MAC address(Media Access Control Address) A 6-byte hexadecimal address assigned by a manufacturer to a device.Mbps(Megabits per second) A standard measure for data transmission speeds (for example, the rate at which information travels over the Internet). 1 Mbps denotes one million bits per second.
Wi-Fi ArrayGlossary of Terms 461MTU(Maximum Transmission Unit) The largest physical packet size—measured in bytes—that a network can transmit. Any messages larger than the MTU are divided into smaller packets before being sent. Every network has a different MTU, which is set by the network administrator. Ideally, you want the MTU to be the same as the smallest MTU of all the networks between your machine and a message's final destination. Otherwise, if your messages are larger than one of the intervening MTUs, they will get broken up (fragmented), which slows down transmission speeds.NTP(Network Time Protocol) An Internet standard protocol (built on top of TCP/IP) that ensures the accurate synchronization (to the millisecond) of computer clock times in a network of computers. Running as a continuous background client program on a computer, NTP sends periodic time requests to servers, obtaining server time stamps and using them to adjust the client's clock.packetData sent over a network is broken down into many small pieces—packets—by the Transmission Control Protocol layer of TCP/IP. Each packet contains the address of its destination as well the data. Packets may be sent on any number of routes to their destination, where they are reassembled into the original data. This system is optimal for connectionless networks, such as the Internet, where there are no fixed connections between two locations.PLCP(Physical Layer Convergence Protocol) Defined by IEEE 802.6, a protocol specified within the Transmission Convergence layer that defines exactly how cells are formatted within a data stream for a particular type of transmission facility.PoGEThis refers to the optional Xirrus XP1 Power over Gigabit Ethernet modules that provide DC power to Arrays. Power is supplied over the same Cat 5e or Cat 6 cable that supplies the data connection to your gigabit Ethernet switch, thus eliminating the need to run a power cable. See “Power over Gigabit Ethernet Compatibility Matrix” on page 414 for a list of Xirrus PoGE modules and the modules that are compatible with each Array.
Wi-Fi Array462 Glossary of TermspreamblePreamble (sometimes called a header) is a section of data at the head of a packetthat contains information that the access point and client devices need when sending and receiving packets. PLCP has two structures, a long and a short preamble. All compliant 802.11b systems have to support the long preamble. The short preamble option is provided in the standard to improve the efficiency of a network's throughput when transmitting special data, such as voice, VoIP (Voice-over IP) and streaming video.private keyIn cryptography, one of a pair of keys (one public and one private) that are created with the same algorithm for encrypting and decrypting messages and digital signatures. The private key is provided only to the requestor and never shared. The requestor uses the private key to decrypt text that has been encrypted with the public key by someone else.PSK(Pre-Shared Key) A TKIP passphrase used to protect your network traffic in WPA.public keyIn cryptography, one of a pair of keys (one public and one private) that are created with the same algorithm for encrypting and decrypting messages and digital signatures. The public key is made publicly available for encryption and decryption.QoS(Quality of Service) QoS can be used to describe any number of ways in which a network provider prioritizes or guarantees a service's performance.RADIUS(Remote Authentication Dial-In User Service) A client-server security protocol, developed to authenticate, authorize, and account for dial-up users. The RADIUS server stores user profiles, which include passwords and authorization attributes.RSSI(Received Signal Strength Indicator) A measure of the energy observed by an antenna when receiving a signal.
Wi-Fi ArrayGlossary of Terms 463SDMA(Spatial Division Multiple Access) A wireless communications mode that optimizes the use of the radio spectrum and minimizes cost by taking advantage of the directional properties of antennas. The antennas are highly directional, allowing duplicate frequencies to be used for multiple zones.SNMP(Simple Network Management Protocol) A standard protocol that regulates network management over the Internet.SNTP(Simple Network Time Protocol) A simplified version of NTP. SNTP can be used when the ultimate performance of the full NTP implementation described in RFC 1305 is not needed or justified.SSH(Secure SHell) Developed by SSH Communications Security, Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. The Array only allows SSH-2 connections. SSH-2 provides strong authentication and secure communications over insecure channels. SSH-2 protects a network from attacks, such as IP spoofing, IP source routing, and DNS spoofing. Attackers who has managed to take over a network can only force SSH to disconnect—they cannot “play back” the traffic or hijack the connection when encryption is enabled. When using SSH-2's slogin (instead of rlogin) the entire login session, including transmission of password, is encrypted making it almost impossible for an outsider to collect passwords. Be aware that your SSH utility must be set up to use SSH-2. SSID(Service Set IDentifier) Every wireless network or network subset (such as a BSS) has a unique identifier called an SSID. Every device connected to that part of the network uses the same SSID to identify itself as part of the family—when it wants to gain access to the network or verify the origin of a data packet it is sending over the network. In short, it is the unique name shared among all devices in a WLAN.
Wi-Fi Array464 Glossary of Termssubnet maskA mask used to determine what subnet an IP address belongs to. An IP address has two components: (1) the network address and (2) the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.TKIP(Temporal Key Integrity Protocol) Provides improved data encryption by scrambling the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the encryption keys haven’t been tampered with.transmit powerThe amount of power used by a radio transceiver to send the signal out. Transmit power is generally measured in milliwatts, which you can convert to dBm.User groupSee Group. VLAN(Virtual LAN) A group of devices that communicate as a single network, even though they are physically located on different LAN segments. Because VLANs are based on logical rather than physical connections, they are extremely flexible. A device that is moved to another location can remain on the same VLAN without any hardware reconfiguration.VLAN tagging(Virtual LAN tagging) Static port-based VLANs were originally the only way to segment a network without using routing, but these port-based VLANs could only be implemented on a single switch (or switches) cabled together. Routing was required to transfer traffic between unconnected switches. As an alternative to routing, some vendors created proprietary schemes for sharing VLAN information across switches. These methods would only operate on that vendor's equipment and were not an acceptable way to implement VLANs. With the adoption of the 802.11n standard, traffic can be confined to VLANs that exist on
Wi-Fi ArrayGlossary of Terms 465multiple switches from different vendors. This interoperability and traffic containment across different switches is the result of a switch's ability to use and recognize 802.1Q tag headers—called VLAN tagging. Switches that implement 802.1Q tagging add this tag header to the frame directly after the destination and source MAC addresses. The tag header indicates:1. That the packet has a tag.2. Whether the packet should have priority over other packets.3. Which VLAN it belongs to, so that the switch can forward or filter it correctly.WDS (Wireless Distribution System)WDS creates wireless backhauls between arrays. These links between arrays may be used rather than having to install data cabling to each array. WEP(Wired Equivalent Privacy) An optional IEEE 802.11 function that offers frame transmission privacy similar to a wired network. The Wired Equivalent Privacy generates secret shared encryption keys that both source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers.Wi-Fi AllianceA nonprofit international association formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802.11 specification. The goal of the Wi-Fi Alliance's members is to enhance the user experience through product interoperability.Wi-Fi ArrayA high capacity Wi-Fi networking device consisting of multiple radios arranged in a circular array.WPA(Wi-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of the IEEE 802.11i standard, using TKIP as an encryption method and 802.1x for authentication.
Wi-Fi Array466 Glossary of TermsWPA2 (Wi-Fi Protected Access 2) WPA2 is the follow-on security method to WPA for wireless networks and provides stronger data protection and network access control. It offers Enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Like WPA, WPA2 is designed to secure all versions of 802.11 devices, including 802.11a, 802.11b, 802.11g, and 802.11n, multi-band and multi-mode.Xirrus Management System (XMS)A Xirrus product used for managing large Wi-Fi Array deployments from a centralized Web-based interface.XP-3100The Xirrus XP Power System (XP-3100) is a discontinued Xirrus product that provides distributed DC power to multiple XS-3900 units.XP1 and XP8—Power over Gigabit Ethernet modulesSee PoGE.XPS—Xirrus Power System A family of optional Xirrus products that provides power over Gigabit Ethernet. See PoGE.
Wi-Fi ArrayIndex 467IndexNumerics11nsee IEEE 802.11n 594.9 GHz Public Safety Band 282802.11a 7, 9, 255, 267802.11a/b/g 48802.11a/b/g/n 17802.11a/n 17, 107, 240802.11b 7, 9, 269802.11b/g 255, 269802.11b/g/n 17, 107, 240802.11e 19802.11g 7, 9, 269802.11i 9, 112, 176802.11nsee IEEE 802.11n 59WMI page 273802.11p 19802.11q 19802.1x 9, 70, 79, 112, 176, 400Aabg(n)nomenclature 4abg(n)2intrusion detection 277self-monitoringradio assurance (loopback mode) 278AC power 69, 81, 83, 373, 376Access Control List 209Access Control Lists 400access control lists (ACLs) 223Access Panel 373, 376, 385access panelreinstalling 376removing 373ACLs 70, 209, 400Address Resolution Protocolwindow 138Address Resolution Protocol (ARP)264Admin 400Admin ID 215admin IDauthentication via RADIUS 216Admin Management 215admin RADIUS accountif using Console port 216admin RADIUS authentication 216administration 112, 176, 209Administrator Account 394Advanced Encryption Standard 70, 400advanced intrusion detection 277AES 9, 18, 70, 79, 112, 176, 392, 400allow trafficsee filters 289approvedsetting rogues 148APs 79, 148, 233, 400rogues, blocking 276APs, roguesee rogue APs 275ARP filtering 264ARP table window 138Array 50, 86, 94, 95, 107, 120, 176, 183connecting 86dismounting 95management 295mounting 86powering up 107securing 94Web Management Interface 120ArrayOSupgrade 297
Wi-Fi Array468 Indexassociated users 50assurance (radio loopback testing) 275authentication 18of admin via RADIUS 216authoritycertificate 213, 221auto negotiate 183auto-blockingrogue APs 276auto-configuration 112, 260, 267, 269channel and cell size 275Bbackhaulsee WDS 76backup unitsee standby mode 275band association 240beacon interval 260Beacon World Mode 260beam distribution 17benefits 16blockingrogue APs 276blocking rogue APs 275boot 297broadcast 265fast roaming 265browsercertificate error 213, 221BSS 398BSSID 148, 398buttons 124Ccapacityof 802.11n 66cascading style sheetsample for web page redirect 301cdp 322CDP (Cisco Discovery Protocol)settings 191cdp CLI command 322cellsharp cell 275cell size 50, 255, 389auto-configuration 275cell size configuration 275certificateabout 213, 221authority 213, 221error 213, 221install Xirrus authority 221X.509 213, 221channelauto-configuration 275configuration 275list selection 275public safety 275channels 50,  148,  255,  260,  267,  269, 389factory default 280factory presets 281non-overlapping 18Chassis Cover 382chassis cover 382Cisco Discovery Protocolsee cdp 322Cisco Discovery Protocol (CDP) 191CLI 9, 79, 83, 110, 307executing from WMI 303using to upgrade software image409CLI commandssee commands 322clientweb page redirect 300Command Line Interface 9, 75, 83, 107, 110, 307, 400configuration commands 320
Wi-Fi ArrayIndex 469getting help 309getting started 309inputting commands 309sample configuration tasks 355SSH 308top level commands 311command, utilitiesping, traceroute, RADIUS ping 301commandsacl 320admin 321cdp 322clear 323configure 312contact-info 324date-time 325dhcp-server 326dns 327file 328filter 331fips 333group 334hostname 334https 335interface 336license 337load 337location 338management 338more 338netflow 339no 340pci-audit 342quit 343radius-server 343reboot 344, 353reset 344run-tests 345security 347show 315snmp 348ssh 348ssid 350standby 350statistics 318syslog 351telnet 353vlan 354Community String 390configuration 175, 400express setup 176reset to factory defaults 298configuration changesapplying 126configuration filesdownload 298update from local file 298update from remote file 298connectiontracking window 140Console portlogin via 216Contact Information 417contact information 417coverage 50, 83extended 17coverage patterns 9critical messages 123CTS/RTS 267, 269Ddata rate 267, 269data ratesincreased by 802.11n 65DC power 69, 83defaultpreset channels 281default gateway 112, 183default settings 387Default Value 391, 392
Wi-Fi Array470 IndexDHCP 391defaultsreset configuration to factory de-faults 298Delivery Traffic Indication Message260deny trafficsee filters 289deployment 48, 57, 75, 79, 83, 400ease of 19examples 57scenarios 57DHCP 50, 110, 112, 176, 183, 390default settings 391leases window 139DHCP Server 193diagnosticslog, create file 299DIMM 380DIMM Memory Module 380DIMM modulereplacing 380DNS 112, 176, 190DNS domain 190DNS server 190Domain Name System 190DTIM 260DTIM period 260duplex 183dynamic VLANoverridden by group 250EEAP 392, 400EAP-MDS 18EAP-PEAP 400EAP-TLS 18, 70, 400EAP-TTLS 18, 70, 400EDCF 260Encryption 392, 400encryption 18encryption methodrecommended (WPA2 with AES)211setting 211support of multiple methods 211encryption method (encryption mode)Open, WEP, WPA, WPA2, WPA-Both 210encryption standardAES, TKIP, both 211setting 211End User License Agreement 81Enterprise 2, 7, 400WLAN 7Enterprise Class Management 9Enterprise Class Security 9ESS 398ESSID 398Ethernet 83, 86, 94, 107, 110, 112, 176EULA 81event logsee system log 173event messages 123Express Setup 94, 112, 176express setup 112, 176Extended Service Set 398Extensible Authentication Protocol 400external RADIUS server 802.1x 47Ffactory default settings 387factory defaults 389, 390, 391, 392, 394DHCP 391reset configuration to 298factory presetchannels 281factory.conf 298fail-overstandby mode 275
Wi-Fi ArrayIndex 471failover 67, 79Fan 373, 376FAQs 398Fast Ethernet 83, 110, 176, 183, 387fast roaming 19, 135, 265about 254features 16, 75, 183, 196, 197, 260, 400and license key 297Federal Information Processing Stan-dard (FIPS)see FIPS 425feedback 124filter list 290filter name 291filters 289, 290, 291statistics 171FIPSCLI command 333FIPS 140-2 Security 425firewall 289and port usage 72FLASH 378FLASH memoryreplacing 378FLASH Memory Module 378fragmentation threshold 267, 269frequently asked questions 398FTP 400FTP server 47GGeneral Hints 397getting startedexpress setup 176Gigabit 83, 110, 112, 176, 183, 387global settings 260, 267, 269glossary of terms 455Groupmanagement 249group 247CLI command 334VLAN overrides dynamic VLAN250Group Rekey 392guard intervalshort, for IEEE 802.11n 64HHelp button 120help button 124host name 112, 120, 176, 190hs.css 301HTTPScertificate, see certificate 221HyperTerminal 46, 83IIAP 50,  107,  112,  176,  255,  267,  269, 283, 389fast roaming 254naming 4settings 255IAP LED 107, 283IAP LED settings 283IAPsdefault channels 280IEEE 7, 112, 176IEEE 802.11ncapacity, increased 66deployment considerations 59guard interval, short 64improved MAC throughput 64increased data rates 65MIMO 60multiple data streams 62spatial multiplexing 62WMI page 273IEEE 802.1Q 403imageupgrade software image 297
Wi-Fi Array472 Indeximplementing Voice over Wi-Fi 48, 205, 237installation 45, 80, 86, 369installing the MCAP-3616 83mounting the unit 86requirements 45unpacking the unit 81workflow 80installation workflow 80Integrated Access Point Module 382integrated radio modulereplacing 382interfaces 176Web 119Internet Explorer 46intrusion detection 148, 277configuration 275setting as approved or known 148IP Address 50, 112, 120, 126, 148, 176, 183, 190, 197, 200, 295, 390IP Subnet Mask 112Kkeylicense, setting 337upgrade 297key features 16Keyboard Shortcuts 394keyboard shortcuts 394knownsetting rogues 148Llastboot.conf 298Layer 3fast roaming 254lease 390Lease Time 390leases, DHCPviewing 139LEDs 107sequence 107settings 283license Keyupgrading 297license keysetting 337list, access controlsee access control list 223list, MAC accesssee access control list 223location information 112, 120, 176logdiagnostics, create file 299log messagescounters 124log, system (event)viewing window 173logging in 110, 126Login 126loginvia Console port 216login pageweb page redirect 300logout 305long retry limit 260loopbacksee radio assurance 367loopback testingradio assurance mode 275MMAC 70, 110, 398, 400MAC Access Control Lists 70MAC Access List 223MAC address 223, 398, 400MAC throughputimproved by IEEE 802.11n 64Main System Memory 380Management 394, 400
Wi-Fi ArrayIndex 473managementof Arrays 295Web Management Interface (WMI)119maximum lease 390Maximum Lease Time 390Megabit 112Message Integrity Check 400messagessyslog counters 124MIC 18, 400MIMO (Multiple-In Multiple-Out) 60monitoringintrusion detection 148see intrusion detection 277mounting 86mounting plate 86, 94, 95mounting the unit 86MTU 183size 183multiple data streams 62NNATtable - see connection tracking 140Netflow 196netflowCLI command 339Netscape Navigator 45, 46networkinterfaces 182settings 183network connections 83, 126, 400network installation 45, 369network interface ports 110network interfaces 183, 387network statusARP table window 138connectiontracking window 140routing table window 138viewing leases 139Network Time Protocol 112, 176, 194nomenclature 4non-overlapping channels 18NTP 112, 176, 194, 390NTP Server 194OOpen (encryption method) 210optimization, VLAN 265overview 9Ppassphrase 70, 112, 176Password 394, 400password 126Payment Card Industry Data Security Standardsee PCI DSS 419PCI DSS 419CLI command 342pci-auditCLI command 342PDF 81PEAP 18, 287performance 16Ping 295ping 301planning 67, 69, 70, 75failover 67network management 75port failover 67power 69security 70switch failover 67WDS 76PoGE 13, 45see Power over Gigabit Ethernet 13port failover 67
Wi-Fi Array474 Indexport requirements 72power cord 373power distribution 13power outlet 45Power over Gigabit Ethernet 3, 13, 21, 27, 35, 40, 45, 69, 84compatibility with Array models414Power over Gigabit Ethernet (PoGE) 13power planning 69Power Supply 373, 376, 385power supplyreplacing 385power switch 373pre-shared key 70, 79, 400Print button 120print button 124probesee Netflow 196product installation 45, 369product overview 9product specifications 20, 27, 34, 39PSK 79, 392public safety band 282public safety channels 275PuTTY 45, 75, 112, 176, 400PuTTy 46QQoS 19, 240, 391, 398, 462conflicting values 239levels defined 241, 250priority 240SSID 236, 241about setting QoS 399default QoS 391user group 250Quality of Service 19see QoS 241, 250Quick Install Guide 81quick reference guide 387quick startexpress setup 176Rradioassurance (self-test) 278radio assurance (loopback testing) 275radio assurance (loopback) mode 278radio distribution 16radiosdefault channels 280naming 4RADIUS 9,  45,  70,  79,  209, 223,  390, 400admin authentication 216RADIUS Ping command 301RADIUS Server 390RADIUS server 47README file 81reauthentication 260reboot 297redirect (WPR) 300registration card 81remote DC power 13Reset 295, 390reset configurationto factory defaults 298RFintrusion detection 275spectrum management 275RF configuration 275RF managementsee channel 275RF resilience 275RFprotect, see XDM 277roaming 19, 135, 265roaming, fast 254Rogue AP 9, 75, 148, 233, 400rogue AP
Wi-Fi ArrayIndex 475blocking 276Rogue AP List 148rogue APsblocking 275Rogue Control List 233rogue detection 17roguessetting as known or approved 148root command prompt 311routetrace route utility 301routing table window 138RSSI 148RTS 267, 269RTS threshold 267, 269Ssample Perl and CSS files for 300savewith reboot 297Save button 120saved.conf 298scalability 7scheduleauto channel configuration 275Secondary Port 390Secondary Server 390secret 390Secure Shell 46secure Shell 45SecurityFIPS 425PCI DSS 419security 9, 18, 209, 398, 400certificate, see certificate 221see group 247self-monitoring 277radio assurance 367radio assurance options 278self-testradio assurance mode 278serial port 46, 110, 400server, VTunsee VTun 208Service Set Identifier 112Services 193, 373, 376, 398servicing 371servicing the unit 369settings 176setup, express 176sharp cell 275setting in WMI 280short retry limit 260signal processingMIMO 61SNMP 9,  14,  112,  176,  183,  193,  200, 390required for XMS 200, 201softwareupgrade license key 297software imageupgrading via CLI 409Software Upgrade 295software upgrade 297spatial multiplexing 62specifications 20, 27, 34, 39spectrum (RF) management 275speed 7, 110, 18311 Mbps 754 Mbps 7splash pageweb page redirect 300SSH 45, 46, 75, 112, 176, 183, 210, 394, 400SSH-2 210SSID 9,  112,  120,  148,  176,  233,  240, 391, 398, 403about usage 399QoS 236, 241about using 399
Wi-Fi Array476 IndexQoS, about usage 399SSID Management 240, 391, 398standby mode 275static IP 112, 176, 183station timeout period 260Stations 398stationsrogues 148statistics 171statistics per station 172statistics 176filters 171netflow 196per-station 172stations 171WDS 170status bar 120, 124submitting comments 124subnet 45, 67, 112, 183switch failover 67synchronize 112, 176, 194Syslog 112, 120, 176, 193, 197, 390time-stamping 112syslog messagescounters 124Syslog reporting 197Syslog Server 197system commandsping, trace route, RADIUS ping301System Configuration Reset 295System Log 197system logviewing window 173system memoryreplacing 380System Reboot 295System Tools 295system tools 296TT-bar 86T-bar clips 86TCPport requirements 72technical supportcontact information 417frequently asked questions 398Telnet 210, 394, 400Temporal Key Integrity Protocol 400Time Out 390time zone 112, 176, 194timeout 260, 295Tips 397TKIP 18, 70, 79, 112, 176, 392, 400toolping, trace route, RADIUS ping301Tools 295, 400tools, system 296trace route utility 301trafficfiltering 289transmit power 50, 389Trap Host 390trap port 200, 390tunneledfast roaming 265tunnelssee VTun 205, 208UUDPport requirements 72Unit 86attaching 86mounting 86unknownsetting rogues 148unpacking the unit 81
Wi-Fi ArrayIndex 477upgradelicense key 297software image 297upgrading software imagevia CLI 409UPS 45, 79user group 247QoS 250user interface 119utilitiesping, trace route, RADIUS ping301utility buttons 124Vvirtual tunnelssee VTun 208VLAN 9, 79, 240, 391, 398, 403broadcast optimization 265dynamicoverridden by group 250group (vs. dynamic VLAN) 250VLAN ID 240voicefast roaming 254implementing on Array 48,  205, 237Voice-over IP 269VoIP 269VoWLAN 19VPN 112, 176, 400VTSVirtual Tunnel Server 205, 208VTunspecifying tunnel server 205, 208understanding 205Wwall thickness considerations 48warning messages 123WDS 285, 287about 76planning 76statistics 170WDS Client Links 287Web interfacestructure and navigation 123web interface 119Web Management Interface 75,  94, 107, 110, 126, 398Web Management Interface (WMI) 119web page redirect 300install files for 300remove files for 301sample WPR files 301WEP 18,  70,  112,  176,  209,  240,  392, 400WEP (Wired Equivalent Privacy)encryption method 211Wi-Fi Protected Access 9, 70, 112, 176, 400Wired Equivalent Privacy 112, 400Wireless Distribution System 285wireless LAN 7wireless security 176WLAN 176WMI 9, 75, 79, 110, 119, 255certificate error 213, 221executing CLI commands 303workflow 80WPA 9, 79, 112, 176, 209, 240, 392, 400WPA (Wi-Fi Protected Access) and WPA2encryption method 211WPA2 9WPR 300wpr.pl 300, 301XX.509
Wi-Fi Array478 Indexcertificate 213, 221Xirruscertificate authority 221Xirrus Defense Module (XDM) 277Xirrus Management System 9, 14, 19, 47SNMP required 200, 201Xirrus Power over Gigabit Ethernet 45Xirrus Power over Gigabit Ethernet (PoGE) 13Xirrus Remote DC Power System 2, 45, 83Xirrus Roaming Protocol 19, 135, 265Xirrus Wireless Management System2, 45, 75, 400XM-3300 2, 9, 45, 75, 79, 200, 400XMS 9, 14, 19, 47port requirements 72setting IP address of 200SNMP required 200, 201XN Arrayssee also IEEE 802.11n 59XN16management 295XP1, XP8see Power over Gigabit Ethernet 13XP-3100 2, 45, 79, 83XPS 45XRP 19, 135, 265xs_current.conf 298xs_diagnostic.log 299XS16management 127, 175, 295XS-3500 2, 9XS-3700 2, 9XS-3900 2, 9, 50, 70, 240, 260, 382, 398, 400, 403management 127, 175, 295

Navigation menu