Cambium Networks XS35004 XS-3500 Wireless LAN Array User Manual xirrus

Xirrus, Inc. XS-3500 Wireless LAN Array xirrus

UserManual.wiki >

Cambium Networks >

XS35004 User Manual >

Users Manual Part 3

Contents

Users Manual Part 3

Wireless LAN ArrayConfiguring the Xirrus Array 69Configuring the Xirrus ArrayThis chapter covers configuration and management tasks using the product’s embedded Web Management Interface (WMI). It also includes a procedure for logging in to the XS-3900/XS-3700/XS-3500 with your Web browser.Section headings for this chapter include:z“Logging In” on page 69z“Making Configuration Changes to the Array” on page 70Logging InUse this procedure to log in to the WMI via your Web browser.1. Establish a network connection and open your Web browser.2. Connect to the Wireless LAN Array via its default IP address (10.0.1.1) or via a DHCP assigned IP address.3. When connected to the Array, a login prompt appears on your screen. The default login for the user name and password is admin for both. Login names and passwords are case-sensitive.4. To log in to the Array’s Web Management Interface, enter admin when prompted for a user name and password.Figure 46. WMI: Logging In to the Wireless LAN Array

Wireless LAN Array70 Configuring the Xirrus ArrayMaking Configuration Changes to the ArrayThis section has been organized into functional areas that reflect the flow and content of the WMI. Configuration instructions to the Wireless LAN Array require you to input data in one or more of the following formats:zSpecifying data (for example, IP addresses, descriptions, etc.).zMaking selections from pull-down lists.zChoosing an option by clicking on a radio button (for example, on/off).zClicking on a check box to activate/deactivate a feature.zClicking on a button to confirm a command or apply your changes.Array StatusThis is a status only page that provides a snapshot of the global configuration settings for all XS-3900/XS-3700/XS-3500 network interfaces and radios. You must go to the appropriate configuration page to make changes to any of the settings displayed here (configuration changes cannot be made from this page).Figure 47. WMI: Array Status Page

Wireless LAN ArrayConfiguring the Xirrus Array 71The Array Status page is sub-divided into the Network Interface and IAP Interface (radio) sections and provides you with the following information:zAll devices: A listing of the available Network Interfaces and IAPs with each item containing a link to the associated configuration page. Linked items are shown UNDERLINED. For example:Figure 48. Linked ItemszAll devices: The current status of each device, whether enabled or disabled. Devices that are disabled are shown in RED. For example:Figure 49. WMI: Disabled Device (Partial View)zNetwork Interface devices:zThe Management column indicates whether the network interface device is enabled or disabled. Network interfaces are enabled or disabled on the Network Settings page.zThe Configuration column shows how each network interface obtains its IP address—either dynamically via DHCP or entered manually by you (static configuration) on the Network Settings page.These items are linkedDisabled devices are shown in RED

Wireless LAN Array72 Configuring the Xirrus ArrayzThe IP Address column shows the current IP address being used by each network interface device.zIAP Interface devices:zThe Channel column shows on which channel each IAP (radio) is operating. Channel selections are made on the IAP Settings page from a pull-menu. To avoid co-channel interference, adjacent radios should not be using adjacent channels.zThe Cell Size column indicates which cell size setting is currently active for each radio—either small, medium, large or manually defined by you. The cell size of a radio is a function of its transmit power and determines the radio’s overall coverage. Cell sizes are defined on the IAP Settings page. For additional information about cell sizes and the importance of planning for and defining the optimum sizes for your Array, go to “Coverage and Capacity Planning” on page 25.Figure 50. IAP CellszThe Associated Users column informs you how many users are currently associated with each radio. The high-capacity XS-3900 can handle up to 64 concurrent users per individual IAP radio (1024 or 960 users per Array when the monitor is enabled).

Wireless LAN ArrayConfiguring the Xirrus Array 73Express SetupThis page allows you to establish global configuration settings that will enable basic Array functionality. Any changes you make on this page will affect all radios. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.Figure 51. WMI: Express Setup Page (Part 1)more ...

Wireless LAN Array74 Configuring the Xirrus ArrayFigure 52. WMI: Express Setup Page (Part 2)Procedure for Performing an Express Setup1. Host Name: Specify a unique host name for this Array. The host name is used to identify the Array on the network. Use a name that will be meaningful within your network environment, up to 64 alphanumeric characters.2. Location Information: Enter a brief but meaningful description that accurately defines the physical location of the Array. In an environment where multiple units are installed, clear definitions for their locations are important if you want to identify a specific unit.3. Admin Contact: Enter the name and contact information of the person who is responsible for administering the Array at the designated location.4. Admin Email: Enter the email address of the admin contact you entered in Step 3.5. Admin Phone: Enter the telephone number of the admin contact you entered in Step 3.6. Enable/Configure All IAPs: Click on the Execute button to enable and auto configure all IAPs (a message displays the countdown time—in seconds—to complete the auto-configuration task).... continued

Wireless LAN ArrayConfiguring the Xirrus Array 757. Configure the Fast Ethernet (10/100 Megabit), Gigabit 1 and Gigabit 2 network interfaces. The fields for each of these interfaces are the same, and include:a. Enable Interface: Choose Yes to enable this network interface, or choose No to disable the interface.b. Allow Management on Interface: Choose Yes to allow management of the Array via this network interface, or choose No to deny all management privileges for this interface.c. Configuration Server Protocol: Choose DHCP to instruct the Array to use DHCP to assign IP addresses to the Array’s Ethernet interfaces, or choose Static IP if you intend to enter IP addresses manually. If you choose the Static IP option, you must enter the following information:zIP Address: Enter a valid IP address for this Array. To use any of the remote connections (Web, SNMP, or SSH), a valid IP address must be used.zIP Subnet Mask: Enter a valid IP address for the subnet mask (the default is 255.255.255.0). The subnet mask defines the number of IP addresses that are available on the routed subnet where the Array is located.zDefault Gateway: Enter a valid IP address for the default gateway. This is the IP address of the router that the Array uses to forward data to other networks.8. SSID (Wireless Network Name): The SSID (Service Set Identifier) is a unique name that identifies a wireless network. All devices attempting to connect to a specific WLAN must use the same SSID. The default for this field is “xirrus.”For additional information about SSIDs, go to the Multiple SSIDs section of “Frequently Asked Questions” on page 222.

Wireless LAN Array76 Configuring the Xirrus Array9. Wireless Security: Select the desired wireless security scheme (Open, WEP or WPA). Make your selection from the choices available in the pull-down list.OpenThis option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy.WEP (Wired Equivalent Privacy)An optional IEEE 802.11 function that offers frame transmission privacy similar to a wired network. WEP generates secret shared encryption keys that both source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers.WPA (Wi-Fi Protected Access)A Wi-Fi Alliance standard that contains a subset of the IEEE 802.11i standard, using TKIP or AES as an encryption method and 802.1X for authentication. WPA is the stronger of the two wireless security schemes.For more information about security, including a full review of all security options and settings, go to“Security Management” on page 113.10. Wireless Key/Passphrase: Depending on the wireless security scheme you selected, enter a unique WEP key or WPA passphrase.a. Confirm Key/Passphrase: If you entered a WEP key or WPA passphrase, confirm it here.11. New Admin Password: If desired, enter a new administration password for managing this Array. Choose a password that is not obvious, and one that you can remember. If you forget your password, you must reset the Array to its factory defaults so that the password is reset to admin (its default setting).#Security settings will only take effect if they are assigned to a specific SSID. Refer to “SSID” on page 107.

Wireless LAN ArrayConfiguring the Xirrus Array 77a. Confirm Admin Password: If you entered a new administration password, confirm the new password here.12. Adjust Time (hrs:min:sec): Check this box if you want to adjust the current system time. When the box is checked, the time fields become active. Enter the revised time (hours, minutes, seconds, am/pm) in the corresponding fields. If you don’t want to adjust the current time, this box should be left unchecked (default).13. Adjust Date (day/month/year): Check this box if you want to adjust the current system date. When the box is checked, the date fields become active. Enter the revised date (day, month, year) in the corresponding fields. If you don’t want to adjust the current date, this box should be left unchecked (default).14. Auto Adjust Daylight Savings: Check this box if you want the system to adjust for daylight savings automatically, otherwise leave this box unchecked (default).15. Time Zone: Select a time zone from the choices available in the pull-down list.Figure 53. WMI: Time Zones

Wireless LAN Array78 Configuring the Xirrus Array16. Use NTP (IP Address): Check this box if you want to use an NTP (Network Time Protocol) server to synchronize the Array’s clock. This ensures that syslog time-stamping is maintained across all units. Without an NTP server assigned (no universal clock), each Array will use its own internal clock and stamp times accordingly, which may result in discrepancies. When this box is checked, the NTP and NTP 2 IP address fields become active. If you don’t want to use an NTP server, leave this box unchecked (default), otherwise enter the IP address or DNS name of the NTP server.Figure 54. Enabling the NTP Featurea. NTP 2 (IP Address): If you enabled the NTP option and the site is using a secondary NTP server, enter the IP address or DNS name of the secondary NTP server.17. Click on the Apply button to apply the new settings to this session18. Click on the Save button to save your changes (otherwise your new settings will not take effect).This ends the Express Setup procedure.NTP enabled

Wireless LAN ArrayConfiguring the Xirrus Array 79Network InterfacesThis is a status only page that provides a snapshot of the configuration settings currently established for the 10/100 Fast Ethernet interface and the 10/100/1000 Gigabit 1 and Gigabit 2 interfaces. You must go to the appropriate configuration page to make changes to any of the settings displayed here (configuration changes cannot be made from this page). You can click on any item (underlined) in the Interface column to “jump” to the associated configuration page.Figure 55. WMI: Network Interfaces PageWMI pages that allow you to change or view configuration settings associated with the network interfaces include:z“Network Settings” on page 80.z“Network Statistics” on page 84.z“DHCP Settings” on page 85.z“DNS Settings” on page 87.

Wireless LAN Array80 Configuring the Xirrus ArrayNetwork SettingsThis page allows you to establish configuration settings for the 10/100 Fast Ethernet interface and the 10/100/1000 Gigabit 1 and Gigabit 2 interfaces.When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.Figure 56. WMI: Network Settings Page (Part 1)#Gigabit 2 settings will “mirror” Gigabit 1 settings (except for MAC addresses) and cannot be configured separately.more ...

Wireless LAN ArrayConfiguring the Xirrus Array 81Figure 57. WMI: Network Settings Page (Part 2)Network Interface PortsThe following diagram shows the location of each network interface port on the underside of the Array.Figure 58. Network Interface Ports... continuedSerialFast EthernetGigabit 1Gigabit 2

Wireless LAN Array82 Configuring the Xirrus ArrayProcedure for Configuring the Network Interfaces1. Configure the Fast Ethernet, Gigabit 1 and Gigabit 2 network interfaces. The fields for each of these interfaces are the same, and include:a. Enable Interface: Choose Yes to enable this network interface (Fast Ethernet, Gigabit 1 or Gigabit 2), or choose No to disable the interface.b. Allow Management on Interface: Choose Yes to allow management of this Array via the selected network interface, or choose No to deny all management privileges for this interface.c. Auto Negotiate: This feature allows the Array to negotiate the best transmission rates automatically. Choose Yes to enable this feature, or choose No to disable this feature—the default is enabled. If you disable the Auto Negotiate feature, you must define the Duplex and Speed options manually (otherwise these options are not available).zDuplex: Full-duplex refers to the transmission of data in two directions simultaneously (for example, a telephone is a full-duplex device because both parties can talk and be heard at the same time). In contrast, half-duplex allows data transmission in one direction at a time only (for example, a walkie-talkie is a half-duplex device because it allows only one party to talk at any one time). If the Auto-Negotiate feature is disabled, you can manually choose Half or Full duplex for your data transmission preference.zSpeed: If the Auto-Negotiate feature is disabled, you can manually choose the desired data transmission speed from the pull-down list, either Fast Ethernet or Gigabit.d. MTU Size: Specify the MTU (Maximum Transmission Unit) size. When you specify the MTU, you are defining—in bytes—the largest physical packet size that the network can transmit. Any messages larger than the MTU that you specify here are divided into smaller packets before being sent. The default is 1504 bytes.

Wireless LAN ArrayConfiguring the Xirrus Array 83e. Configuration Server Protocol: Choose DHCP to instruct the Array to use DHCP when assigning IP addresses to the Array, or choose Static IP if you intend to enter IP addresses manually.zIP Address: If you selected the Static IP option, enter a valid IP address for the Array. To use any of the remote connections (Web, SNMP, or SSH), a valid IP address must be established.zIP Subnet Mask: If you selected the Static IP option, enter a valid IP address for the subnet mask (the default for Class C is 255.255.255.0). The subnet mask defines the number of IP addresses that are available on the routed subnet where the Array is located.zDefault Gateway: If you selected the Static IP option, enter a valid IP address for the default gateway. This is the IP address of the router that the Array uses to transmit data to other networks.2. Click on the Apply button to apply the new settings to this session.3. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN Array84 Configuring the Xirrus ArrayNetwork StatisticsThis is a status only page that allows you to review statistical data associated with each network interface and its activity. You can Refresh the data (update the page with the latest information) or Clear the data (reset all content to zero and begin counting again) at any time by clicking on the appropriate button. If you are experiencing problems, you may also want to print this page for your records.Figure 59. WMI: Network Statistics Page

Wireless LAN ArrayConfiguring the Xirrus Array 85DHCP SettingsThis page allows you to enable/disable DHCP (Dynamic Host Configuration Protocol) server functionality. DHCP allows the Array to provide wireless clients with IP addresses and other networking information. The DHCP server will not provide DHCP services to the wired side of the network.If you enable the DHCP server, you need to define the DHCP lease time (default and maximum) and establish the IP address range that the DHCP server can use. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.Figure 60. WMI: DHCP Settings Page

Wireless LAN Array86 Configuring the Xirrus ArrayProcedure for Configuring the DHCP Server1. Enable DHCP Server: Choose Yes to enable DHCP services, or choose No to disable DHCP services.2. Default Lease (seconds): This field defines the default DHCP lease time (in seconds). The factory default is 300 seconds, but you can change the default at any time.3. Maximum Lease (seconds): Enter a value (in seconds) to define the maximum allowable DHCP lease time. The default is 300 seconds.4. Starting IP Range: Enter an IP address to define the start of the IP range that will be used by the DHCP server. The default is 192.168.1.100.5. End IP Range: Enter an IP address to define the end of the IP range that will be used by the DHCP server. The DHCP server will only use IP addresses that fall between the start and end range that you define on this page. The default is 192.168.1.200.6. Click on the Apply button to apply the new settings to this session.7. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN ArrayConfiguring the Xirrus Array 87DNS SettingsThis page allows you to establish your DNS (Domain Name System) settings. At least one DNS server must be set up if you want to offer clients associating with the Array the ability to use meaningful host names instead of numerical IP addresses. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.Figure 61. WMI: DNS Settings Page

Wireless LAN Array88 Configuring the Xirrus ArrayProcedure for Configuring DNS Servers1. DNS Host Name: Enter a valid DNS host name.2. DNS Domain: Enter the DNS domain name.3. DNS Server 1: Enter the IP address of the primary DNS server.4. DNS Server 2: Enter the IP address of the secondary DNS server.5. DNS Server 3: Enter the IP address of the tertiary DNS server.6. Click on the Apply button to apply the new settings to this session.7. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN ArrayConfiguring the Xirrus Array 89IAP InterfacesThis is a status only page that allows you to review configuration data associated with each Integrated Access Point (radio). It includes a list of which IAP radios are enabled, the channel that each radio is currently using, cell sizes, and how many users are currently associated with each radio. There are no configuration options available on this page, but if you are experiencing problems or simply reviewing the radio assignments, you may want to print this page for your records.You can click on any item in the IAP column to “jump” to the associated configuration page.Figure 62. WMI: IAP Interfaces Page

Wireless LAN Array90 Configuring the Xirrus ArrayIAP SettingsThis page allows you to enable/disable Integrated Access Points (radios), define the wireless mode for each radio, specify the channel to be used and the cell size for each radio, establish transmit/receive parameters, and select antennas. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. To see a diagram of the layout and naming of radios, go to Figure 6 on page 10.Figure 63. WMI: IAP Settings Page

Wireless LAN ArrayConfiguring the Xirrus Array 91Procedure for Auto Configuring IAPs (Radios)You can auto-configure radios by clicking on the Auto Configure button on the relevant WMI page (auto configuration only applies to enabled radios):zFor all radios, go to the “Global Settings” on page 93.zFor all 802.11a radios, go to the “Global Settings .11a” on page 96.zFor all 802.11b/g radios, go to the “Global Settings .11bg” on page 99.Procedure for Manually Configuring IAPs (Radios)1. In the Enabled column, check the box of a corresponding radio to enable the radio, or uncheck the box if you want to disable the radio.2. In the Mode column, select the wireless mode for this radio from the choices available in the pull-down menu (either .11a or .11b/g).3. In the Channel column, select the channel you want this radio to use from the channels available in the pull-down list.The sample pull-down list shown here is for the abg2 radio with its mode set to .11b/g. Any channels appearing in this pull-down list that are shown in RED are not recommended.4. In the Cell Size column, choose either Small, Medium, or Large to define the desired pre-configured cell size, or choose Manual to define the wireless cell size manually. If you choose Manual, you must specify the transmit and receive power—in dB—in the Tx Power dB (transmit) and Rx dB (receive) fields.The number of users and their applications are major drivers of bandwidth requirements. The network architect must account for the number of users within the Array’s cell diameter.

Wireless LAN Array92 Configuring the Xirrus ArrayIn a large office, or if multiple Arrays are in use, you should choose Small cells to achieve a higher data rate, since walls and other objects will not define the cells naturally.For additional information about cell sizes, go to “Coverage and Capacity Planning” on page 25.5. In the Antenna Select column, choose the antenna you want this radio to use from the pull-down list. The list of available antennas will be different (or no choices will be available), depending on the wireless mode you selected for the radio.The sample pull-down list shown here is for an 11a radio. In cases where the configuration of the Array limits the antenna choice (for example, if no external antenna is available), the Antenna Select column is greyed out.6. Click on the Apply button to apply the new settings to this session.7. Click on the Save button to save your changes (otherwise your new settings will not take effect at the next reboot).

Wireless LAN ArrayConfiguring the Xirrus Array 93Global SettingsThis page allows you to establish global IAP (radio) settings. Global IAP settings include enabling or disabling all radios (regardless of their operating mode), auto-configuring channel allocations, enabling or disabling the Beacon World Mode and EDCF, specifying the short and long retry limits, and defining the beacon interval and DTIM period. Changes you make on this page are applied to all IAPs (radios), without exception.Figure 64. WMI: Global Settings Page

Wireless LAN Array94 Configuring the Xirrus ArrayProcedure for Configuring Global IAP Settings1. IAP Status: Click on the Enable All IAPs button to enable all radios for this Array, or click on the Disable All IAPs button to disable all radios.2. Channel Configuration: Click on the Auto Configure button to instruct the Array to determine the best channel allocation settings for each radio and select the channel automatically, based on changes in the environment. This is the recommended method for channel allocations.3. Auto Channel Configuration Mode: This option allows you to instruct the Array to auto-configure channel selection for each enabled IAP when the Array is powered up. Choose On Array PowerUp to enable this feature, or choose Disabled to disable this feature.4. Auto Configure on Time: This option allows you to instruct the Array to auto-configure channel selection for each enabled IAP at a time you specify here (in hours and minutes, using the format: hh:mm). Leave this field blank unless you want to specify a time at which the auto-configuration utility is initiated.5. Short Retry Limit: This attribute indicates the maximum number of transmission attempts for a frame, the length of which is less than or equal to the RTS Threshold, before a failure condition is indicated. The default value is 7. Enter a new value (1 to 128) in the Short Retry Limit field if you want to increase or decrease this attribute.6. Long Retry Limit: This attribute indicates the maximum number of transmission attempts for a frame, the length of which is greater than the RTS Threshold, before a failure condition is indicated. The default value is 4. Enter a new value (1 to 128) in the Long Retry Limit field if you want to increase or decrease this attribute.7. Beacon Interval: When the XS-3900 sends a beacon, it includes with it a beacon interval, which specifies the period of time before it will send the beacon again. Enter the desired value in the Beacon Interval field, between 20 and 1000. The value you enter here is applied to all radios.

Wireless LAN ArrayConfiguring the Xirrus Array 958. DTIM Period: A DTIM (Delivery Traffic Indication Message) is a signal sent as part of a beacon by the Array to a client device in sleep mode, alerting the device to a packet awaiting delivery. Enter the desired value in the DTIM Period field, between 1 and 255. The value you enter here is applied to all radios.9. Station Re-Authentication Period: This option allows you to specify a time (in seconds) for the duration of station reauthentications.10. Station Timeout Period: Specify a time (in seconds) in this field to define the timeout period for station associations.11. Max Station Association per IAP: This option allows you to define how many station associations are allowed per IAP (up to 64 stations per IAP).12. Click on the Apply button to apply the new settings to this session.13. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN Array96 Configuring the Xirrus ArrayGlobal Settings .11aThis page allows you to establish global 802.11a IAP (radio) settings. These settings include defining which 802.11a data rates are supported, enabling or disabling all 802.11a radios, auto-configuration of channel allocations for all 802.11a radios, and specifying the fragmentation and RTS thresholds for all 802.11a radios.Figure 65. WMI: Global Settings .11a Page

Wireless LAN ArrayConfiguring the Xirrus Array 97Procedure for Configuring Global 802.11a IAP Settings1. 802.11a Data Rates: The Array allows you to define which data rates are supported for all 802.11a radios.Figure 66. Specifying 802.11a Data RatesSelect (or deselect) data rates by clicking in the corresponding Supported and Basic data rate check boxes.zBasic Rate—a wireless station (client) must support this rate in order to associate.zSupported Rate—the Array will use this data rate for transmissions to clients.2. Optimize Data Rates: The Xirrus Wireless LAN Array can optimize your 802.11a data rates automatically, based on range or throughput. Click on the Range button to optimize data rates based on range, or click on the Throughput button to optimize data rates based on throughput.3. 802.11a IAP Status: Click on the Enable 802.11a IAPs button to enable all 802.11a radios for this Array, or click on the Disable 802.11a IAPs button to disable all 802.11a radios.4. Channel Configuration: Click on the Auto Configure button to instruct the Array to determine the best channel allocation settings for each 802.11a radio and select the channel automatically, based on changes in the environment. This is the recommended method for 802.11a channel allocations.

Wireless LAN Array98 Configuring the Xirrus Array5. Fragmentation Threshold: This is the maximum size for directed data packets transmitted over the 802.11a radio. Larger frames fragment into several packets, their maximum size defined by the value you enter here. Smaller fragmentation numbers can hellp to “squeeze” packets through in noisy environments. Enter the desired Fragmentation Threshold value in this field, between 256 and 2346).6. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet—useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347.7. Click on the Apply button to apply the new settings to this session.8. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN ArrayConfiguring the Xirrus Array 99Global Settings .11bgThis page allows you to establish global 802.11b/g IAP (radio) settings. These settings include defining which 802.11b and 802.11g data rates are supported, enabling or disabling all 802.11b/g radios, auto-configuration of channel allocations for all 802.11b/g radios, and specifying the fragmentation and RTS thresholds for all 802.11b/g radios.Figure 67. WMI: Global Settings .11bg Page

Wireless LAN Array100 Configuring the Xirrus ArrayProcedure for Configuring Global 802.11b/g IAP Settings1. 802.11g Data Rates: The Array allows you to define which data rates are supported for all 802.11g radios.Figure 68. Specifying 802.11g Data RatesSelect (or deselect) data rates by clicking in the corresponding Supported and Basic data rate check boxes.zBasic Rate—a wireless station (client) must support this rate in order to associate.zSupported Rate—the Array will use this data rate for transmissions to clients.2. 802.11b Data Rates: This task is similar to Step 1, but these data rates apply only to 802.11b radios.Figure 69. Specifying 802.11b Data Rates3. Optimize Data Rates: The Xirrus Wireless LAN Array can optimize your 802.11b/g data rates automatically, based on range or throughput. Click on the Range button to optimize data rates based on range, or click on the Throughput button to optimize data rates based on throughput.

Wireless LAN ArrayConfiguring the Xirrus Array 1014. 802.11bg IAP Status: Click on the Enable 802.11b/g IAPs button to enable all 802.11b/g radios for this Array, or click on the Disable 802.11b/g IAPs button to disable all 802.11b/g radios.5. Channel Configuration: Click on the Auto Configure button to instruct the Array to determine the best channel allocation settings for each 802.11b/g radio and select the channel automatically, based on changes in the environment. This is the recommended method for 802.11b/g channel allocations.6. 802.11g Only: Select On if you want to restrict use to 802.11g mode only.. In this mode, no 802.11b rates are transmitted. Also, stations that only support 802.11b will not be able to associate.7. 802.11g Protection: Select Auto to provide automatic protection for all 802.11g radios.8. 802.11g Slot: Select Auto to instruct the Array to manage the 802.11g slot times automatically, or choose Short Only. Xirrux recommends using Auto for this settings, especially if 802.11b devices are present.9. 802.11b Preamble: The preamble contains information that the Array and client devices need when sending and receiving packets. All compliant 802.11b systems have to support the long preamble (a short preamble improves the efficiency of a network's throughput when transmitting special data, such as voice, VoIP (Voice-over IP) and streaming video.Select Auto to instruct the Array to manage the preamble (long and short) automatically, or choose Long Only.10. Fragmentation Threshold: This is the maximum size for directed data packets transmitted over the 802.11b/g radio. Larger frames fragment into several packets, their maximum size defined by the value you enter here. Enter the desired Fragmentation Threshold value in this field, between 256 and 2346).

Wireless LAN Array102 Configuring the Xirrus Array11. RTS Threshold: The RTS (Request To Send) Threshold specifies the packet size. Packets larger than the RTS threshold will use CTS/RTS prior to transmitting the packet—useful for larger packets to help ensure the success of their transmission. Enter a value between 1 and 2347.12. Click on the Apply button to apply the new settings to this session.13. Click on the Save button to save your changes (otherwise your new settings will not take effect).IAP LED SettingsThis page allows you to set up the Array’s IAP LEDs, including the assignment of behavior preferences.Figure 70. WMI: IAP LED Settings Page

Wireless LAN ArrayConfiguring the Xirrus Array 103Procedure for Configuring the IAP LEDs1. LED State: This option determines which event triggers the LEDs, either when a radio is enabled or when a radio first associates with the network. Choose On Radio Enabled or On First Association, as desired.2. LED Blink Behavior: This option allows you to select when the IAP LEDs blink, based on the activities you check here. From the choices available, select one or more activities to trigger when the LEDs blink.3. Click on the Apply button to apply the new settings to this session.4. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN Array104 Configuring the Xirrus ArrayStatisticsThis is a status only page that provides an overview of the statistical data associated with individual radios. For more detailed information about a specific radio, simply click on any radio in the left column, or go to the statistics page for the desired radio (for example, Statistics IAP abg4). You can Refresh or Clear the data on this page at any time by clicking on the appropriate button.Figure 71. WMI: Statistics Page

Wireless LAN ArrayConfiguring the Xirrus Array 105Statistics (for specific radios)These pages provide a detailed statistical summary of each radio’s performance, displayed either numerically or by percentage (your choice). The following image shows an example from the XS-3700 product of the Statistics IAP a4 page (for the a4 radio).The default Statistics Type is NUMERIC, but you can change this to PERCENTAGE from the pull-down menu at the top of the page. In addition, you can Refresh or Clear the data on this page at any time by clicking on the appropriate button.Figure 72. WMI: Statistics for IAP a4 Page (XS-3700)

Wireless LAN Array106 Configuring the Xirrus ArrayStatistics (for all radios)Theis page provides a detailed statistical summary of the performance of all radios, displayed either numerically or by percentage (your choice). The following image shows an example from the XS-3700 product.The default Statistics Type is NUMERIC, but you can change this to PERCENTAGE from the pull-down menu at the top of the page. In addition, you can Refresh or Clear the data on this page at any time by clicking on the appropriate button.Figure 73. WMI: Statistics for All IAPs Page (XS-3700)

Wireless LAN ArrayConfiguring the Xirrus Array 107SSIDThis is a status only page that allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, and radio availability per SSID. There are no configuration options available on this page, but if you are experiencing problems or reviewing SSID management parameters, you may want to print this page for your records.For information to help you understand SSIDs and how multiple SSIDs are managed by the XS-3900, go to the Multiple SSIDs section of “Frequently Asked Questions” on page 222.Figure 74. WMI: SSID Page

Wireless LAN Array108 Configuring the Xirrus ArrayUnderstanding SSIDsThe SSID (Service Set Identifier) is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or sub-network can use the same SSIDs. SSIDs are case-sensitive and can contain up to 32 alphanumeric characters (do not include spaces when defining SSIDs).Multiple SSIDsA BSSID (Basic SSID) refers to an individual access point radio and its associated clients. The identifier is the MAC address of the access point radio that forms the BSS. A group of BSSs can be formed to allow stations in one BSS to communicate to stations in another BSS by way of a backbone that interconnects each access point.The Extended Service Set (ESS) refers to the group of BSSIDs that are grouped together to form one ESS. The ESSID (often referred to as SSID or “wireless network name”) identifies the Extended Service Set. Clients must associate to a single ESS at any given time. Clients ignore traffic from other Extended Service Sets that do not have the same SSID.Legacy access points typically support one SSID per access point. Xirrus Wireless LAN Arrays support the ability for multiple SSIDs to be defined and used simultaneously.Using SSIDsThe creation of different wireless network names allows system administrators to separate types of users with different requirements. The following policies can be tied to an SSID:zThe wireless security mode needed to join this SSID.zThe wireless Quality of Service (QoS) desired for this SSID.zThe wired VLAN associated with this SSID.

Wireless LAN ArrayConfiguring the Xirrus Array 109As an example, one SSID named accounting might require the highest level of security, while another SSID named guests might have low security requirements.Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest possible Quality of Service (QoS) definition. This type of SSID might also forward traffic to specific VLANs on the wired network.SSID ManagementThis page allows you to manage SSIDs (create, edit and delete), and assign security parameters and VLANs on a per SSID basis. When finished, click on the Save button to save your changes, otherwise your changes will not take effect.Figure 75. WMI: SSID Management Page

Wireless LAN Array110 Configuring the Xirrus ArrayProcedure for Managing SSIDs1. New SSID: Enter a new SSID definition.2. Security: From the pull-down list, choose the security that will be required by users for this SSID, either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35.3. Qos Priority: From the pull-down list, select a Quality of Service (QoS) setting. The QoS setting you define here will prioritize wireless traffic for this SSID over other SSID wireless traffic. This step is optional.4. VLAN ID: From the pull-down list, select a VLAN that you want this traffic to be forwarded to on the wired network. This step is optional.5. Band Association: The Array allows you to choose which wireless band the SSID will be beaconed on. Select either 802.11a, 802.11b/g or Both.6. Click on the Create button to create this SSID. The SSID you just created will appear in the SSID List below.Editing SSIDs7. SSID: Choose the SSID that you want to edit or delete from the list. If you are deleting a selected SSID, click on the Delete SSID button, otherwise go to Step 2.8. Public SSID: Click on the Assign Public button to make the selected SSID visible to all clients on the network. Although the XS-3900 will not broadcast SSIDs that are hidden, clients can still associate to a hidden SSID if they know the SSID name to connect to it. Choose No if you do not want this SSID to be visible on the network.

Wireless LAN ArrayConfiguring the Xirrus Array 1119. Security: From the pull-down list, choose the security that will be required by users for the selected SSID—either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35.10. QoS Priority: From the pull-down list, select a Quality of Service (QoS) setting. The QoS setting you define here will prioritize wireless traffic for the selected SSID over other SSID wireless traffic. This step is optional.11. VLAN ID: From the pull-down list, select a VLAN that you want this traffic to be forwarded to on the wired network. This step is optional.12. Band Association: The Array allows you to choose which wireless band to associate with each SSID. Select either 802.11a, 802.11b/g or Both.13. Click on the Modify button to edit the selected SSID.14. Click on the Save button to save your changes (otherwise your new settings will not take effect).

Wireless LAN Array112 Configuring the Xirrus ArraySecurityThis is a status only page that allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, WEP and WPA status, and RADIUS configuration settings. There are no configuration options available on this page, but if you are experiencing issues with security, you may want to print this page for your records.For additional information about wireless network security, refer to:z“Security Planning” on page 35.zThe Security section of “Frequently Asked Questions” on page 222.Figure 76. WMI: Security Page

Wireless LAN ArrayConfiguring the Xirrus Array 113Security ManagementThis page allows you to establish the security parameters for your wireless network, including WEP, WPA and RADIUS authentication. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.For additional information about wireless network security, refer to “Security Planning” on page 35.Figure 77. WMI: Security Management Page

Wireless LAN Array114 Configuring the Xirrus ArrayUnderstanding SecurityThe Xirrus Wireless LAN Array incorporates many security features that administrators can configure. After initially installing an Array, always change the default administrator password (the default is admin), and choose a strong replacement password (a strong password contains letters, numbers and special characters). When appropriate, issue read only administrator accounts.Other security considerations include:zSSH versus Telnet: Be aware that Telnet is not secure over network connections and should be used only with a direct serial port connection. When connecting to the unit’s Command Line Interface over a network connection, you must use a Secure SHell (SSH) utility. The most commonly used freeware providing SSH tools is PuTTY.zConfiguration auditing: The optional Xirrus Wireless Management System (XM-3300) offers powerful management features for small or large Xirrus Wireless LAN deployments, and can audit your configuration settings automatically. In addition, using the XM-3300 eliminates the need for an FTP server.zChoosing an encryption method: Wireless data encryption prevents eavesdropping on data being transmitted or received over the airwaves. The Array allows you to establish the following data encryption configuration options:zOpen—this option offers no data encryption and is not recommended, though you might choose this option if clients are required to use a VPN connection through a secure SSH utility, like PuTTy.zWEP (Wired Equivalent Privacy)—this option provides minimal protection (though much better than using an open network). An early standard for wireless data encryption and supported by all Wi-Fi certified equipment, WEP is vulnerable to hacking and is therefore not recommended for use by Enterprise networks.

Wireless LAN ArrayConfiguring the Xirrus Array 115zWPA (Wi-Fi Protected Access)—this is a much stronger encryption mode than WEP and uses TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) to encrypt data.WPA solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and prevents active attacks on the wireless network.AES is the strongest encryption standard and is used by government agencies; however, old legacy hardware may not be capable of supporting the AES mode (it probably won’t work on older wireless clients). Because AES is the strongest encryption standard currently available, it is highly recommended for Enterprise networks.Any of the above encryption modes can be used, but only one may be used per SSID. If multiple security methods are needed, you must define multiple SSIDs.zChoosing an authentication method: User authentication ensures that users are who they say they are. For this purpose, the Array allows you to choose between the following user authentication methods:zPre-Shared Key—users must manually enter a key (passphrase) on the client side of the wireless network that matches the key stored by the administrator in the Array.This method should be used only for smaller networks when a RADIUS server is unavailable. If PSK must be used, choose a strong passphrase containing between 8 and 63 characters (20 is preferred). Always use a combination of letters, numbers and special characters. Never use English words separated by spaces.

Wireless LAN Array116 Configuring the Xirrus ArrayzRADIUS 802.1x with EAP—802.1x uses a RADIUS server to authenticate large numbers of clients, and can handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAP-TTLS and EAP-PEAP. The RADIUS server can be internal (provided by the XS-3900) or external. An external RADIUS server offers more functionality and security, and is recommended for large deployments. When using this method, user names and passwords must be entered into the RADIUS server for user authentication.The Xirrus Wireless LAN Array will accept up to 512 ACL entries.zMAC Address ACLs (Access Control Lists)—MAC address ACLs provide a list of client adapter MAC addresses that are allowed or denied access to the wireless network. Access Control Lists work well when there are a limited number of users—in this case, enter the MAC addresses of each user in the Allow list. In the event of a lost or stolen MAC adapter, enter the affected MAC address in the Deny list.Procedure for Configuring Network Security1. WPA Enabled: Choose Yes to enable WPA (Wi-Fi Protected Access), or choose No to disable WPA.2. TKIP Enabled: Choose Yes to enable TKIP (Temporal Key Integrity Protocol), or choose No to disable TKIP.3. AES Enabled: Choose Yes to enable AES (Advanced Encryption Standard), or choose No to disable AES.4. WPA Group Rekey Time (in seconds): Enter a value to specify the group rekey time (in seconds). The default is 600.5. PSK Authentication: Choose Yes to enable PSK (Pre-Shared Key) authentication, or choose No to disable PSK.

Wireless LAN ArrayConfiguring the Xirrus Array 1176. WPA Preshared Key / Verify Key: If you enabled PSK, enter a passphrase here, then re-enter the passphrase to verify that you typed it correctly.7. EAP Authentication: Choose Yes to enable EAP (Extensible Authentication Protocol) or choose No to disable EAP.8. WEP Enabled: Choose Yes to enable WEP (Wired Equivalent Privacy) or choose No to disable WEP.9. Key Length / Mode: If you enabled WEP, choose the desired key length (either 40 or 128) and the mode (either ASCII or Hex) from the pull-down lists. You must now provide the encryption key(s).a. Encryption Key 1 / Verify Key 1: Enter an encryption key of the length specified (either 10 hex or 26 hex characters), then re-enter the key to verify that you typed it correctly—hexadecimal characters are defined as ABCDEF and 0-9.b. Encryption Key 2 / Verify Key 2 (optional): If desired, enter a second encryption key, then re-enter the key to verify that you typed it correctly.c. Encryption Key 3 / Verify Key 3 (optional): If desired, enter a third encryption key, then re-enter the key to verify that you typed it correctly.d. Encryption Key 4 / Verify Key 4 (optional): If desired, enter a fourth encryption key, then re-enter the key to verify that you typed it correctly.10. Default Key: Choose which key you want to assign as the default key. Make your selection from the pull-down list.11. Click on the Apply button to apply the new settings to this session.#A RADIUS server must be defined to use EAP.

Wireless LAN Array118 Configuring the Xirrus Array12. Click on the Save button to save your changes.Radius ServerThis page allows you to set up the Array’s internal RADIUS server, or define the use of an external RADIUS server for user authentication.When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes.Figure 78. WMI: Radius Server Page#After configuring network security, the configuration must be applied to an SSID for the new functionality to take effect.#The internal RADIUS server will only authenticate wireless clients that want to associate to the Array. This can be useful if an external RADIUS server is not available.