Extricom EXRP-30N 802.11a/b/g/n Wireless Access Point User Manual manual pt 2

Download:
Mirror Download [FCC.gov]
Document ID	1243026
Application ID	lrPqS6QM45GEL6uej8SUPQ==
Document Description	manual pt 2
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	273.04kB (3412983 bits)
Date Submitted	2010-02-18 00:00:00
Date Available	2010-02-24 00:00:00
Creation Date	2010-02-09 19:08:40
Producing Software	GPL Ghostscript 8.15
Document Lastmod	2010-02-09 19:08:40
Document Title	Microsoft Word - The Extricom WLAN System User Guide v4.2 docv4.0 part B
Document Creator	PScript5.dll Version 5.2
Document Author:	Fred

Maximum Retries
Select the number of times to try to resend a packet if the
transmission of the packet fails.
Enable Short
Preamble:
This option becomes available only when selecting 802.11b as
the WLAN mode. In this case, mark the checkbox to allow a
short preamble.
Enable Rate
Adaptation
Check this box if you want to enable rate adaptation.
•
•
For 802.11a/b/g, all enabled
rates participate in the rate
adaptation.
For 802.11n devices, rate
adaptation will not change the
number of data streams .(MCS 0
to 7, or MCS 8 to 15)
The following parameters are available if one of the 802.11n-WLAN modes has
been selected.
Select 802.11n
Channel Width
Select the width of the 802.11n channel , 20MHz or 40MHz
Select 802.11n
Secondary Channel
If 20/40MHz channel width is selected using the Select Width
option, the system automatically configures the second 20MHz
channel that will be used for bonding as either above (Upper) or
below (Lower)the primary 20MHz channel that is was chosen by
the Select channel option).
Select 802.11n
Blanket operational
Mode
Two modes are supported:
• Mixed mode – In this mode, the Channel Blanket is available
to all WLAN clients (802.11a/b/g/n) where 802.11n clients
are working in mixed mode
• HT only – In this mode, the Channel Blanket is available for
802.11n clients only. Note that in this mode, the 802.11n
devices are in fact working in a mixed mode, but the switch
will not allow a/b/g devices to connect.
Select 802.11n
Guard Interval
Guard interval can be configured to short (400 nano seconds) or
long (800 nano seconds). Note that when a 20MHz channel is
configured, it is not possible to configure short guard interval.
Select 802.11n MCS
Selecting the MCS is equivalent to setting the rate in legacy
radios; MCS 0-7 use one data stream, while MCS 8-15 use two
data streams.
The Extricom WLAN System User Guide
802.11a/b/g Rate
Configuration
Data rate configuration is only applicable to 802.11a/b/g
Channel Blankets.
For each of the data rates listed, select whether the rate is Basic,
Optional, or Disabled.
When configuring the data rates, you should consider the data
rate capabilities of the wireless devices in your enterprise.
 Basic – The Basic data rates are usually the data rates that the
vast majority of your wireless devices can support. Only
wireless devices that support all the Basic data rates will be
connected to the WLAN system. Therefore, it is
recommended that you configure a minimal number of Basic
data rates that the vast majority or all your wireless devices
can support. When working in Mixed Mode, there should be
at least one Basic data rate from the 802.11b rates.
 Optional – If you configure a data rate as Optional, the
network will provide that data rate to wireless devices that
can support it.
 Disabled – Disabled data rates are not available to wireless
devices.
Since the Extricom WLAN system allows
for dense deployment of APs, it is
recommended, where applicable, to
disable low data rates. Not doing so could
possibly lead to an “edge user” effect, in
which a client reduces aggregate network
throughput by moving to the edge of the
coverage area.
Table 1: Radio Configuration Parameters
Configuring WMM
Wi-Fi Alliance WMM is an 802.11 quality of service (QoS) implementation based on a subset of
the draft 802.11e standard supplement. The WMM specification provides basic prioritization of data
packets based on four categories - voice, video, best effort, and background.
Prioritization is based on the original Carrier Sense Multiple Access/Collision Avoidance Protocol
in the 802.11 standard. In 802.11 the DCF Distributed Coordination Function (DCF) mechanism
uses a simple listen-before-talk algorithm to minimize the chance of packet collisions caused by
more than one device accessing the wireless medium at the same time. A client must wait for a
randomly selected time period and then "listen" to find whether any other device is communicating
before starting to transmit. The random back-off period gives all devices a fair opportunity to
transmit.
Troubleshooting
WMM (based on 802.11e standard) enhances the DCF by defining a Enhanced Distributed Channel
Access (EDCA). EDCA specifies different fixed and random wait times for the four prioritization
categories to provide more favorable network access for applications that are less tolerant of packet
delays. Devices that have less time to wait have a better chance of being able to transmit than those
that have a longer wait. In order of highest priority, the access prioritization categories are voice,
video, best effort and background.
By default, these four WMM prioritization categories are statically mapped to Ethernet 802.1p
prioritization tags to allow consistent QoS across wireless and wired network segments. Flow
arriving from the wired network tagged with 802.1p priority is mapped to the appropriate Access
category, while WMM flow arrived from the wireless medium is encapsulated and tagged with the
appropriate 802.1p priority.
The default mappings can be changed by using the pull-down menus that appear under DiffServe
conversion to WMM, in Figure 1. Options are Video, Voice, Best Effort, and Background.
The back-off timing for each access category consists of a fixed period called the Arbitrary InterFrame Space Number (AIFSN) followed by a random period called the Contention Window (CW),
both specified in multiples of the slot time. The CW maintains the DCF random back-off
component to help avoid collisions of packets from the same access category. The CW range
doubles each time there is a collision (starts CWmin up to CWmax) and is reset to its minimum
value after a successful transmission.
EDCA uses a mechanism called a Transmit Opportunity (TXOP) – a bounded time interval during
which a station can send as many frames as possible, but the transmission time must not extend
beyond the maximum duration of the TXOP. Each priority level is assigned a TXOP, and this
mechanism prevents low speed stations from spending too much time using the media when other
clients (including those with traffic in higher priority queues) are waiting.
Another mechanism introduced by WMM is per access category Acknowledgment policy (Normal
or No ACK); Normal means that acknowledge packet is returned for every packet received. This
provides a more reliable transmission but increases traffic load, which decreases performance.
However one may choose to cancel the acknowledgement by selecting "No ACK" for each access
category. This can be useful for Voice, for example, where speed of transmission is important and
packet loss is tolerable to a certain degree.
Figure 1: WMM Configuration Tab
WMM is configured per radio; all parameters are displayed only in this stage.
Field
Description
ACK policy
Configurable per access category, when this option is set, the
switch will ask WMM stations NOT to send ACK for WMM
flow of this category
CWmin
Min Contention window for the Access category
CWmax
Maximum Contention window
AIFSN
Arbitration Inter Frame Spacing Number
TXOP-11a/g
Interval during which a station can send as many frames as
possible
Table 2: WMM Parameter Descriptions
Configuring WMM Parameters
1. Select the radio for which you want to define WMM parameters
2. Enable or disable WMM
3. If you have enabled WMM, select the appropriate WMM parameters.
Troubleshooting
The following values are mapped for a marked Ethernet frame:
Background
Best Effort
Video
Voice
Table 3: VPT To WMM Destination
0x08
0x20
0x28
0xa0
Background
Video
0x30
0xe0
0x88
Voice
0xb8
Other
Best Effort
Table 4: ToS To WMM Destination
WLAN Wizard
The ‘WLAN Wizard’ tab folder provides a convenient tool that simplifies the radio configuration
for the user by serializing the following steps:
•
Access point type selection
•
Rogue AP detection presence (yes/no)
•
Blanket type selection
•
True Reuse selection (yes/no)
•
Summary and confirmation
The Wizard tab folder is shown below, at step 1:
Figure 2: WLAN Wizard
As selections are made, they are listed on the right side of the screen under WLAN configuration.
Troubleshooting
ESSID Assignment
Use the ESSID Assignment web page to assign ESSID to a specific radio (Radio 1 to 4).
Figure 3: ESSID Assignment Page
The web page displays a cross-reference table of previously defined ESSIDs and Radios (1 to 4). Check
the box for each ESSID you wish to assign to any of the four radios.
Powering Access Points
The only AP configuration required in the Extricom WLAN architecture is activation or
deactivation of AP ports.
Figure 4: Access Point Configuration Window
To configure AP PoE status:
Toggle an individual APs PoE state by clicking on the RJ45 connector image of the access
point. The RJ45 connector image will change colors (to grey or green). You need to click
the Apply button to immediately activate your selection.
Green indicates that PoE is active. Grey indicates that PoE is off.
A graphic of an AP connected to the RJ45 connector will appear if an AP is powered-on and
connected to the port.
To power-on all APs with PoE, select Power on all.
To power-off PoE to all APs, select Power off all.
Note: the image of the switch on top of the page also color illustrates the PoE status of the APs.
Troubleshooting
Cascaded APs
When two switches have been cascaded together as Primary and Secondary (see Chapter 1, Switch
Cascade section on p. Error! Bookmark not defined., for details about Switch Cascade) the
Access Point window is somewhat different. A tree of the two switches appears on the left to allow
the user to easily toggle between views of the APs of each cascaded switch. The secondary switch
AP Configuration window is shown below:
Figure 5: Access Point Configuration Window Secondary Switch
System Tools Configuration
This web page includes the following system tools tabs:
Apply – Use this Web page to start the reconfigure process
Reboot –Use this Web page to reboot the system.
Maintenance
Time & Date – Use this Web page to set time and date
Password
Upgrade
Certificate (Multi Service 1000 platform only)
Application (Multi Service 1000 platform only)
Figure 6: System Tools Configuration Page
Applying Saved Changes
Not every change in an Extricom switch’s configuration requires system reboot. Some parameters
can be changed and the changes will take effect immediately. The Apply button checks whether a
full reboot is required. In case reboot is not required, the update will take effect immediately.
10
Troubleshooting
Rebooting the Switch
You must reboot the switch after upgrading/downgrading the firmware, and in some other cases
such as returning a Switch Cascade from failover to normal operation. Situations in which a reboot
is required are indicated in the User Guide.
A switch reboot will cause a temporary loss of WLAN service until the reboot
process is complete.
To reboot the Extricom switch:
1. In the Reboot tab, click Reboot.
2. A new screen opens, prompting you “Are you sure you want to reboot?”
3. Click Reboot to reboot.
4. Note: rebooting before applying saved changes will discard the saved changes.
Maintenance tab
Use the maintenance tab to:
Save current configuration to a disk
Upload configuration (Switch , MAC ACL , Allowed ESSID)
Reset to factory defaults
Undo configuration changes
Figure 7: Maintenance Configuration Page
12
Field
Description
Save
Save current configuration to an offline disk
Upload
This is used to upload configuration from an offline disk (Use
the browse field to locate file). You will see a popup window
stating “Please select configuration elements to upload”; you
can select a Switch , MAC ACL, or Allowed ESSID
configuration file
Factory Defaults
Restore factory default configuration. You will see a popup
window stating “Please select configuration elements to
upload”. You can select Switch, MAC ACL, Allowed ESSID
configuration file, and/or Captive Portal Custom page
Troubleshooting
Field
Description
Undo Configuration
Changes
Returns to the last applied configuration.
All unapplied configuration changes will be
lost.
Table 5: Maintenance Configuration Tab
Time & Date Setting
Figure 8: Time & Date Configuration Page
The Extricom system supports two ways of setting Date and Time (refer to Figure 8)
To manually set the time and date on your Extricom Switch:
1. Select manually radio button.
2. Enter the time and date in the format hh:mm:ss dd-mm-yy.
3. Click Apply to set the time.
To set the time and date on your Extricom Switch using NTP protocol:
1. Select Internet Time radio button.
2. Select the Timezone.
3. Select NTP server (main and backup) You can enter Custom IP address using (in the Custom
Server IP: field)
4. Add the NTP update interval (hour based) by updating the Update Every (1-168): hours field.
5. Click Save to save the configuration and start the NTP process.
6. Click Update now to start NTP time-setting immediately.
Setting Passwords for the Extricom Switch
Passwords are set according to user levels. Refer to Table 6 for a description of the user access
levels and their default passwords.
User Access
Level
Privileges
Default
Password
admin
Accessing the Web configuration.
Switch1
operator
User account , SSH access
12345
root
Super user
octopus
Table 6: Default Passwords
The “operator” and “root” passwords are used when accessing the switch for
maintenance and service purposes. Changing these passwords should be performed
only by an Extricom-authorized engineer.
For security purposes, it is important that all the passwords (including operator
and root passwords) be changed from the default values when the switch is first
installed, as well as periodically updated.
Record all passwords and store them in a safe location.
To set and change a password for the Extricom switch:
1. Select the Passwords tab.
2. Enter the user access level whose password you want to change.
3. Enter the current password.
4. Enter the new password.
5. Re-type the new password.
Upgrading Extricom Firmware
Extricom firmware can be upgraded using Upgrade tab.
14
Troubleshooting
To upgrade Extricom firmware:
1. Download the upgrade to your computer from the CD supplied with your purchase.
or
Obtain an upgrade file from your authorized Extricom reseller or distributor.
2. Create a backup of the configuration file that contains the current configuration.
3. In the Upgrade tab, click Browse and browse to the location of the upgraded firmware. The
file’s path appears in the Upgrade Firmware field.
4. Click Update to upgrade the firmware and wait for the upgrade process to end. A message will
appear when the upgrade ended and will ask you to reboot he switch.
5. Reboot the switch (use the Reboot tab)
The firmware upgrade file is GNU zipped (gzip). Some Internet browsers are
configured to automatically unzip files when downloading. Verify that this option is
disabled so that the upgrade file remains zipped after downloading.
Upgrading a Switch Cascade pair is done via the primary switch GUI.
Upload a Switch Certificate and Key
The first time that a Captive Portal user logs in from his browser, he/she will receive a notice about
the switch security certificate such as “There is a problem with the website’s security certificate.
Click on “Continue to this website (not recommended)”.
To avoid this, the WLAN operator can purchase a signed certificate from an issuing authority.
Signed certificates are installed on the switch using the Certificate tab folder.
Application
The Application tab folder brings up the following window:
Figure 9: Application Type Window
The Application window is the first window to use when configuring a switch
cascade (see Chapter 1, Switch Cascade section, for details about Switch Cascade).
After the Application window must be used to define the switch roles before
accessing the Redundancy window in the System Tools to complete the
configuration.
“Application Type” refers to the role of the switch currently being accessed by the web interface.
The available application types are as follows:
16
Troubleshooting
Application Type
Description
Switch Types That Support This
Mode
WLAN Switch
Standalone edge switch
EXSW-1600
WLAN Primary
Switch
Primary switch in a Cascade
configuration
EXSW-1600, EXSW-1600C
WLAN Secondary
Switch
Secondary switch in a Cascade
configuration
EXSW-1600, EXSW-1600C
Table 7: Application Types
Steps To Installing A Switch Cascade
1. Referring to the instructions in Chapter 2 above, connect each switch to the LAN and connect
each switch to its AP’s. Do not interconnect the switches yet.
2. Ensure that you have the latest available version of switch firmware with Switch Cascade
support.
3. Read the release notes for that firmware version, and follow the installation instructions.
Advanced Configuration of the Extricom WLAN
The Advanced configuration page of the Extricom WLAN includes the following tabs:
Redundancy
Rogue
Syslog &Monitor
SNMP parameters.
Centralized configuration
IDS
Captive Portal
Others
To configure the Advanced Features parameters:
1. Click Advanced in the navigation tree. The Redundancy configuration page appears.
2. Select the appropriate tab for configuring Redundancy, Syslog & Monitor ,SNMP parameters,
Centralized configuration, IDS, Captive Portal, or other features.
18
Troubleshooting
Configuring Redundancy
When clicking on the Redundancy tab folder, the window in Figure 10 below appears:
Figure 10: Redundancy Window
The fields available in the Redundancy tab folder change depending on whether the switch has been set to
function as a primary switch in a cascade topology, or has been set to function as a standalone edge
switch.
To activate a switch cascade, one switch must be set as the Primary, and another
switch set as the Secondary, using the Application Type tab folder in the System
Tools (see page 64). Then, in the Redundancy tab folder, the Redundancy Mode of
the Primary switch must be set to Cascade. Please refer to the release notes for your
firmware version of Switch Cascade.
Redundancy Fields For Primary Switch
The following table lists the available fields when the switch is functioning as a Primary switch. When a
secondary switch is being viewed, the same fields will be visible but they will be read-only.
Field
Description
Redundancy Mode
Select redundancy mode. Possible options are:
 Disable - no switch redundancy. A cascaded pair will still
provide seamless channel blanket(s) extending across the
two switches, but the cascade pair will not have LAN
redundancy.
 Cascade – Switch Cascade with LAN redundancy
 Normal – do not use this setting
Set Switch As
(Not relevant for Cascade)
Standby Switch IP
(Not relevant for Cascade)
Reference IP
IP address of a reference network element. This is used to test
connectivity to the LAN. The reference element must be
operational and respond to pings.
Secondary Switch IP
IP address of the Secondary switch in the cascade pair.
Testing Interval
Interval in msec between keep-alive packets sent to Reference
IP.
Activate After XX
failures
The number of lost keep-alive packets before activating failover
Core Redundancy
Interval
Interval in seconds between heartbeats sent from switch to
switch, across the switch interconnect.
Core Redundancy
Timeout
Elapsed time before activating failover. Resets every time there
is heartbeat.
Table 8: Redundancy Tab Folder Fields When Switch Set As Primary
The Testing Interval and Activate After XX failures parameters monitor LAN link and switch interconnect
health.
The Core Redundancy Interval and Core Redundancy Timeout monitor the health of the cascaded
switches.
After making these changes, you must click “Save”, then go to System Tools and click on “Apply
Changes” in order for them to take effect.
20
Troubleshooting
!
To activate a switch cascade, one switch must first be designated as the Primary, and
another switch designated as the Secondary, using the Application Type tab folder in
the System Tools. Then, in the Redundancy tab folder, the Redundancy Mode of the
Primary switch must be set to Disable or Cascade.
When a switch failure or link failure has been detected, a failover occurs and the cascaded switch that
remains fully operational goes into standalone mode. In two cases below, both switches remain fully
operational so they both go into standalone mode. A switch that goes into standalone mode continues to
provide switching service to its APs only.
The following table indicates which cascaded APs provide service in the event of a failover, assuming
Redundancy mode is set to “Cascade”:
Failure Type
Primary APs
Secondary
APs
Comments
Switch Interconnect
√
√1
Primary and secondary switch
failover to standalone mode.
Even though APs of both
switches are functioning, there
is no seamless mobility
between the switches.
Primary LAN Link
√1
Secondary switch failover to
standalone mode.
Secondary LAN Link
√
√
No switch failover. Seamless
mobility between switches.
Secondary switch heartbeat
checks of Primary switch are
turned off.
Primary Switch Failure
√1
Secondary switch failover to
standalone mode.
Secondary Switch Failure
√
Table 9: Switch Cascade Failover Behavior
Notes:
1. Traffic interruption time during a failover depends on the link and switch core monitoring
parameters chosen (see Table 9 above).
2. √ = Full service
3. X = Not in service
4. The cascaded switches contain the same configuration file, so in the event of a primary or
secondary failure, the same configuration file is used by the remaining switch.
5. A Primary switch can function as standalone edge switch without requiring a failover.
Once the fault that caused the switchover has been resolved, both switches must be
rebooted in order for them to return to normal cascade operation. Otherwise, they
will continue to operate in standalone mode.
GUI Operation In Normal Cascade and Failover Operation
The Primary switch GUI is fully operational, if the Primary switch is interconnected to a functional
Secondary switch. Otherwise, it is read-only, except for the “Reboot” function and the Application tab
folder.
The Secondary switch GUI is always read-only, except for the “Reboot” function and the Application tab
folder, regardless of whether the Secondary switch is operating as a secondary switch or standalone
switch.
Normal Redundancy Mode
This is a legacy redundant mode which has been superseded by Switch Cascade. In normal redundancy
mode, one switch functions as the main switch while the second switch functions in a hot standby mode
(“Standby” switch) only. The second switch and all of its APs do not carry any traffic while the standby
switch is running in hot standby. When one of the switchover conditions are met, the standby switch and
its APs carry traffic. A Normal Redundancy topology is illustrated below:
Main
Standby
Figure 11: Normal Redundancy Deployment
Redundancy Fields For Standalone Edge Switch
The following table lists the available fields when switch is functioning as a standalone edge switch:
22
Troubleshooting
Field
Description
Redundancy Mode
Select redundancy mode. Possible options are:
 Disable - switch operates as a standalone edge switch
 Normal redundancy – switch operates as part of a hot
standby configuration
Set switch as
Designate the switch as a Main switch or a Standby switch.
Standby switch IP
IP address of the standby switch.
Reference IP
IP address of a reference network element. This is used to test
connectivity to the LAN.
Testing Interval
Interval in msec between keep-alive packets sent to Reference
IP.
Activate After XX
failures
The number of lost keep-alive packets before activating failover
Table 10: Redundancy Tab Folder Fields When Switch Set As a Standalone Edge
If “Disable” is chosen in the Redundancy Mode field, all other fields in this tab
folder are inactive.
Configuring Rogue
Rogue access points represent the biggest threat to Wi-Fi security. Rogue APs are unauthorized APs
that are physically connected to the wired Ethernet LAN.
The Rogue mechanism implemented in the EXSW switches requires a dedicated radio to scan the
wireless media and detect Rogue APs. Therefore, one of the radios must be defined as “Rogue” in
the Radio Settings page.
The Rogue tab folder allows you to edit a "white list" of independent APs that you allow to operate
in your environment.
Figure 12: Syslog & Monitor Tab
Field
Description
Allowed BSSIDs
ADD BSSID
Add a BSSID (MAC address) of an AP that you permit to
operate in your network
Edit
Edit the list of legal BSSIDs
Remove
Remove a BSSID from the white list
Table 11: Redundancy Tab Folder Fields When Switch Set As Primary
24
Troubleshooting
Configuring Syslog & Monitor
Currently, in most common operational scenarios, Syslog and monitor utilities should not be used (unless
used for troubleshooting). The Monitor utility can be used only if Extricom’s dedicated network
monitoring tool is enabled; otherwise do not enable this feature.
Figure 13: Syslog & Monitor Tab
Field
Description
Enable Syslog
Check to record system information in the System Log.
Syslog Address
In most common operational scenarios, this
option should be unchecked (unless used for
troubleshooting).
Enter the IP address of the computer to which to send the
System Log.
Field
Description
Interval (sec)
Specifies how often information is sent to the System Log.
The default is 1 second, and this is the recommended setting.
Enable Monitor
The Monitor Log is only relevant if using Extricom’s
dedicated network status monitoring tool (not provided with
the switch.)
By default, this option is not checked.
Check this option only if you are using the
Extricom dedicated network monitoring tool,
otherwise unnecessary data packets are sent
through the Ethernet.
Monitor Address
Enter the address of the Monitor Log if using the Extricom
dedicated network monitoring tool.
Interval (sec)
Specifies how often information is sent to the Monitor Log.
The default setting is 1 second and this is the recommended
interval.
Configure this parameter only if using the
dedicated network monitoring tool.
Table 12: Syslog & Monitor Configuration Parameters
26
Troubleshooting
Configuring SNMP
The Extricom switch generates a rich variety of traps to describe events occurring within the
WLAN. In general, the traps can be categorized as follows:
•
AP events (connections, disconnections, etc.)
•
Client events (associations, disassociations, etc.)
•
Switch events
•
Configuration events
•
Radius events
•
Redundancy events (for Switch Cascade)
•
Security events (intrusion detection, rogue AP detection, etc.)
Traps are displayed at the bottom of the web interface, as illustrated in Figure 14 below.
Figure 14: SNMP Configuration Tab
Traps can also be sent over a northbound interface to network management devices, such as
Extricom’s EXNM-2000. The northbound interface is enabled using the SNMP configuration tab,
as described below:
Field
Description
Enable Traps
Check this option to enable SNMP traps over the northbound
interface.
Community name
Enter the community name.
Manager IP
Enter the manager’s IP address.
Table 13: SNMP Configuration Features
The following is a subset of the traps that are sent northbound from the Extricom switch when
Enable Traps is checked:
1. Client  has associated to  - This trap is sent after successful
association with the client MAC address and the ESSID the client associated to.
2. Client  has disassociated from . Reason:  - This trap is sent
after client disassociation/disconnection from an ESSID. The reason code is an 802.11 reason
code.
3. Client:  - ESSID:  - Cipher suite:  - This trap is sent in case
of any key error during four-way handshake (MIC error) or as a result of any key error when
receiving data from client.
4. New Rogue Detected  - This trap is sent when a
new Rogue AP is detected. The trap includes the AP’s BSSID, the switch port which detected
the Rogue AP, the channel of the Rogue AP and the Rogue AP signal level (RSSI).
5. Rogue Updated  - This trap is sent when an
existing previously detected Rogue AP is re-detected with change in one of its parameters. The
trap includes the AP’s BSSID, the switch port which detected the Rogue AP, the channel of the
Rogue AP and the Rogue AP signal level (RSSI).
6. Rogue Removed  - This trap is sent when a new
Rogue AP is detected. The trap includes the AP’s BSSID, the switch port which detected the
Rogue AP, the channel of the Rogue AP and the Rogue AP signal level (RSSI).
7. RADIUS Timeout <# of timeouts> - This trap is sent when the RADIUS timeout had
elapsed and includes the ESSID and the number of timeouts that occurred.
8. RADIUS Redundancy Selection Changed <#of RADIUS>to<# of RADIUS> - This
trap is sent when the RADIUS selection has been changed from one server to another, and
includes the ESSID, the number of the previous server and the number of the new server.
9. No RADIUS  - This trap is sent when the last RADIUS server failed and includes the
ESSID.
10. Configured and connected APs of channel [] - This trap provides a
summary of all APs and their status. This trap is typically sent after an event of AP removal or
connection from/to the switch.
11. AP  has been connected - This trap is typically sent after an event of
connecting an AP to the switch.
12. AP  has been disconnected - This trap is typically sent after an event
of disconnecting an AP from the switch.
13. Reference Host is up – This trap is sent when the Reference host is up and active. Sent by the
Main switch.
14. Reference Host is down - This trap is sent when the Reference host is down. Sent by the Main
Switch.
15. Standby Switch is up - This trap is sent when the Standby Switch is up & active.
28
Troubleshooting
16. Standby Switch is down - This trap is sent when the Standby Switch is down.
17. Inactive - Reference Host is down - This trap is sent when the Reference host is down, and
hence the Main switch becomes inactive.
18. Inactive Standby Switch - Main Switch is up - This trap is sent when the Main Switch becomes
active again and hence the Standby Switch becomes inactive (Switch over).
19. Main Switch is active again - This trap is sent when the Main Switch changes status from
inactive to active and regains the Main switch status.
20. Failure detected in Main Switch - Switching Over. - This trap is sent when the Main Switch is
about to go down and the Standby Switch is becoming Active.
Centralized Configuration Tab
Centralized Configuration allows you to manage a group of identical Extricom switches (slaves)
from one single master switch. You should decide which switch will act as master. Extricom
switches have a built-in mechanism to discover the presence of other Extricom switches.
Note: from version 4.1, only autodiscovery of
potential slave switches is supported. Manual
addition of slave switches is no longer supported.
Configuration changes on the master switch are propagated to the slave switches via a secured
mechanism. For this authentication scheme to work, the slave switches need to obtain a copy of the
master's public key prior to the centralized configuration. This is done in the initial phase of the
switch’s configuration by first retrieving the master's public key and then uploading it to the
designated slave switches.
Figure 15: Centralized Configuration Master Page
To configure Centralized Configuration parameters:
Initial Setup
1. Configure the LAN settings on the Master switch.
30
Troubleshooting
2. Generate an SSH key pair on the Master switch (select master first). This is done by
clicking on the Generate button.
3. Retrieve the SSH public key from the Master switch and save it in a file on your PC.
4. Manually configure each of the Slave switch’s LAN settings, and continue by uploading the
previously saved master's public key on every Slave you wish to manage. This allows the
Slave switch to be configured only by the Master switch which generated the public key.
Figure 16: Centralized Configuration Slave Page
Slave Switch Configuration
1. On the Master switch, open the Centralized Configuration web page and click on the
Update button in the Switches Table section. This will retrieve and generate the Slave
switches’ information and all the relevant dialog boxes will be populated with data.
2. Configure the slave switch, i.e. copy the configuration file of the master with appropriate
changes to the slave.
Figure 17: Action Options
3. Reboot the Slave switches.
IDS Tab
Malicious WLAN clients can cause a “denial of service” condition by flooding the WLAN network.
A denial of service condition is identified through attack signatures or other factors, most of which
are well-known. The IDS tab allows the user to enable this mechanism, set thresholds for
identifying an attack and choose type of attack to be detected. The IDS mechanism detects 802.11
duration attacks and 802.11 management message flooding attacks. Upon attack detection, the
system sends a Trap message notifying of the event and when applicable provides attacker details
(i.e. MAC address). Network administrators can use this information to take action and block
malicious users.
Figure 18: IDS Configuration Tab
32
Troubleshooting
Field
Description
Enable
Enables Intrusion detection
Duration Attack
WLAN devices reserve the channel for a particular period of
time and then start using the radio channel. This time period is
the Network Allocation Vector (NAV) in 802.11. .By using high
NAV values, an attacker can prevent other WLAN devices from
utilizing the wireless network
Enable
Select check box to enable this feature
11b/g , 11a µsec box
Define the Max NAV period after which attack is discovered
Flood attacks
Malicious users can flood the WLAN with 802.11 management
messages
Number of Events
Thresholds During xx
Sec.
Time window (in seconds)
Per station
Number of times a specific event is allowed during the event
threshold. Each of the possible attack types listed below is
assigned a limit per station
All station
Number of times a specific event is allowed during the event
threshold. Each of the possible attack types listed below is
assigned with a limit to all stations
Authentication Flood
Flooding the WLAN with authentication requests
De-Authentication
Flood
Flooding the WLAN with de-authentication requests
Association Flood
Flooding the WLAN with association requests
Dis-Association Flood
Flooding the WLAN with dis-association - requests
Invalid Authentication
Request
Flooding the WLAN with invalid authentication requests
EAPOL Start
Flooding the WLAN with EAP authentication ”EAPOL Start”
EAPOL Logoff
Flooding the WLAN with EAP authentication ”EAPOL Logoff”
Defaults
Restore defaults
IDS Default Configuration
Table 14: IDS Configuration Features
Portal Tab (Captive Portal)
The Captive Portal mechanism restricts user Internet access by redirecting user web access requests
to a Captive Portal web page.
There are two Captive Portal web page types:
SSL-based Secured Logging: In Secured Logging, a user is initially authenticated before
they are allowed internet access. The user enters their username and password using SSL.
The Switch then authenticates the user via RADIUS Server. Secured Logging is used for
applications that require authentication-based access such as hotels, guest access, etc.
Open Access: In an Open Access model, a user trying to access the web is redirected to a
welcome web page, which might, for example, contain Terms of Use to which the user must
agree before being allowed internet access. Open Access is used for applications that enable
open access such as free Airport networks, etc.
The Portal tab allows you to configure the following Captive Portal settings:
Enable/Disable Captive Portal
Set Captive Portal parameters
Set Walled Garden configuration( Pre-authentication allowed destinations)
Define a customized Captive Portal web page
Upload a customized Captive Portal web page
Figure 19: Captive Portal Configuration
34
Troubleshooting
Field
Description
Enable captive portal
You must enable this option system wide if you want to
configure captive portal on any ESSID.
VLAN
Set the Captive Portal VLAN. When ESSID is set to be Captive
Portal restricted, the ESSID VLAN is automatically set to this
VLAN
Secured Login
Set the type of the Captive portal web page, either required
authentication via RADIUS server, or Open Access login.
Using RADIUS
Set the RADIUS server used for Secured Logging
Force SSL (HTTPS)
When this option is activated, any client that attempts to
connect using http: will be redirected to SSL (https:)
communication.
If this feature is not activated, the type of session will depend
solely on the protocol (http:// or https://) specified at the
beginning of the URL string entered into the client’s browser.
Multiple Clients Per
User
Enables additional clients to connect via the portal, when they
are using the same user name and password of an already
connected client.
Walled Garden
(pre-authentication
allowed destination)
You can define a list of up to 10 free access network
destinations (10 rules). WLAN clients associated to the captive
portal restricted ESSID can reach these destinations without
going through the Captive portal authentication process.
A network destination (a rule) can be composed of any IP
address/Sub Net mask, Port number and IP protocol type.
Customize default
page
If you don’t check the “Use Customized Page” check box , then
the captive portal web page will be set to Extricom default web
page, otherwise follow the instructions to customize the page
Use Upload page
Allows you to upload your own captive portal web page. Use
the instruction link to build your web page.
Table 15: Captive Portal Fields
Figure 20: Extricom Default Captive Portal Web Page
36
Troubleshooting
Others Tab
This tab provides other advanced configuration functions such as AeroScout and 802.11d.
Select the 802.11d Support check box if you wish to enable this option. You can enable it
per ESSID or for all ESSIDs.
Select the AeroScout Support check box if you wish to enable this option.
Select the In Band management check box if you wish to enable this option (This is a
general enable for the option and requires per ESSDI configuration).
Rate Adaptation algorithm fine-tuning
Set Rate adaptation offset [0-20] (default is 0) – The Rate adaptation algorithm is based
on received RSSI values. This parameter will change the sensitivity of the effect of RSSI
value changes on the rate adaptation. The higher the value the less sensitive it will be.
Set RSSI aging (default is 15) - This parameter determines the period of time to wait
before switching to the lowest rate if no RSSI information is received from a client. This
is measured in multiplication of 100msec (every beacon interval)
Select PCI enhanced mode (Checked by default) – This is related to different HW versions
of the EXRP boards. If the Access Points don’t function , uncheck this selection (notify the
Extricom support team )
To activate these options per ESSID, after selecting the above check boxes go to the WLAN
Settings page.
Figure 21: Other Configuration Tab
Viewing Events and Reports
The Events & Reports page provides performance reports and list of events.
To view Reports & Events:
1. Click Events & Reports in the navigation tree.
2. Select the Reports tab to view TrueReuse performance and downlink throughput. The screen
updates every few seconds.
3. Select the System Events tab to view system alarms and events.
4. Select the Clients Events tab to view client association and disassociation events only.
5. Select Pause /Continue if you wish to stop/start the events flow.
6. If a message is signed with the sign in the Add field, by clicking this message (of an associated
user), the user's MAC address will be automatically inserted into the MAC ACL list.
7. Press History to see past events (up to a maximum of 1000 most recent events).
8. Press Export to export the alarms and events to a .CSV file.
Figure 22: Event Log Page
38
Troubleshooting
Reports Window - Details
The Reports window, shown below, provides a wide range of statistics:
Figure 23: Reports Window – Top
Statistics are available on a per radio channel basis, as well as per switch. The following table
describes the information that is available on this page:
Field
Description
Downlink
Throughput
Mbps. Based on a 1 second snapshot of data volume carried by all
downlinks on a particular radio channel (channel blanket).
Total
Total downlink throughput of the switch, based on a 1 second
snapshot of data volume.
Available only if TrueReuse is enabled. Ranges from 1-3.
Indicates the current downlink throughput relative to what the
downlink throughput would have been if TrueReuse was not
enabled. Computes the average no. of downlinks transmitting
simultaneously per radio channel. The average is computed based
on several snapshots taken during a 1 second time interval.
TrueReuse Factor
Example: a value of 3 means that downlink throughput with
TrueReuse is currently 3x higher on average on that radio channel
than if TrueReuse had been disabled.
Avg.
TrueReuse Factor averaged over all radio channels
Field
Description
Clients /ESSID
# of clients connected per ESSID per radio channel
Clients/ESSID
Totals
Total Clients per ESSID per radio channel, over all channels, per
switch
MAC Address
Used to search for a MAC address on the page. Any matching
MAC address in the list of Clients’ MAC Addresses will be
highlighted.
Display IP Address
Hide or display the IP address of each client.
Colored Status Icon
Green = client connected to AP.
Red = client connection problem
Notes:
1. “Client connection problem” means a client that
for too long, is in an interim state between
disconnected and connected. For example, a client
that is associated but not authenticated. After the
disassociation timeout (default 1 hour), the switch
will disconnect such a client.
Disconnect Selected
Client/s
Used to reset a client connection, in order to help a client establish
a working connection.
Table 16: Reports Window Fields
Note: the statistics window does not refresh
automatically. Click on Refresh to update the
statistics.
Further down the screen in this tab folder, the clients (MACs) per AP are listed:
40
Troubleshooting
Figure 24: Reports Window – Bottom
A client can be temporarily disconnected using the Disconnect button. The client must then
reauthenticate to reconnect to the WLAN.
Viewing an Overview of the Configuration
The Overview page provides a summary of the current configuration.
To view a summary of the updated configuration:
1. Click Overview in the navigation tree.
Figure 25: Configuration Overview
Refer to Table 17 for a description of the summary information.
Field
Description
Date
Displays the date and time the summary was created.
Uptime
Displays the amount of time the switch has been active.
LAN Configuration
Main
IP address of the switch.
Network mask
Default gateway
WLAN Configuration
42
Regulatory
Domain
Displays the regulatory domain name currently in use by the switch.
WLAN mode
Displays the WLAN mode for each radio.
(Disabled, 802.11a, 802.11b, 802.11g, 802.11b/g, 802.11n/a,
802.11n/g, 802.11n/b/g, or Rogue)
Troubleshooting
Field
Description
Channel
Displays the channel for each radio (1 – 4,Rogue)
ESSIDs (vlan)
Displays the ESSIDs and their related VLANs, defined and assigned
to each radio (1-4, Rogue)
TrueReuse
Displays TrueReuse status for each radio
Other ESSIDs
Displays other ESSIDs that are defined but are not assigned to a
specific radio.
Connected
Access Points
List of the active APs.
Powered Ports
List of WLAN ports which have PoE enabled.
Switch Configuration
MAC address
Displays the base MAC address of the switch near the MAC address.
Serial Number
Displays the switch unique serial number
Domain
RF localization indication
OctopusFS:
Extricom firmware application version and build date
AppsFS
Third-party software application version and build date
RootFS
Linux file system build date
Kernel
Extricom-specific Linux kernel build date
Redboot
Linux redboot build date
Table 17: Summary Page Features
Chapter
Troubleshooting
Table 18 lists problems you may encounter with your WLAN and provides possible solutions. If
after trying the solutions you are still experiencing difficulties, contact Extricom Customer Support.
Problem
Solution
The AP Power LED
is not lit.
A wireless device
can’t associate with a
specific ESSID
Cannot connect to
the Extricom web
configuration pages
Low data rates
Wireless devices
disconnect in a
specific location
44
Verify that the AP Ethernet cable is connected to the switch and to
the AP. The APs get PoE from the switch.
Verify that the AP is not turned off in the Access Points Web
configuration page (refer to page 44).
Verify that the wireless device supports the same 802.11 standard
as configured for the ESSID (802.11/a/b/g).
Verify that the wireless device is set to connect to the specific
ESSID.
Verify that the wireless device supports the security standard used
by the ESSID, e.g., WEP.
Verify that the security settings are configured to use the same
authentication method.
If the RADIUS Server is used, verify that the wireless device is
registered and has the necessary authorization.
Verify that the switch is connected to the LAN.
Verify that the correct IP address is used.
Verify that the switch was not mistakenly configured to use low
data rates.
Verify that there is no additional cause of interference (e.g., an
additional WLAN network in the same proximity using the same
frequencies as the Extricom WLAN, or that there are no cordless
phones using the same frequencies, or microwave oven
interference).
Verify that there is no additional cause of interference (e.g., an
additional WLAN network in the same proximity using the same
frequencies as the Extricom WLAN, or that there are no cordless
phones using the same frequencies, or microwave oven
interference).
Add an additional AP to cover the area. Plug another AP into the
switch, or relocate an existing Access Point.
Troubleshooting
Problem
Solution
Cannot access the
switch’s Web
configuration GUI
Verify that the workstation on which the Web browser is running is
connected to the same LAN as the switch.
Verify that the URL entered for the switch begins with https.
Table 18: Troubleshooting
Appendix
Internal Access Point Mounting Template
4.25 inches
10.8 cm.
Important Note: Due to variations in printers, when printing this page,
printer Page Scaling should be set to “None” or diagram may be
automatically reduced in size. As a double-check, make sure distance
between drill points is as indicated above.
Figure 26: Access Point Mounting Template
The Extricom WLAN System User Guide
46

---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.3
Linearized                      : No
Page Count                      : 46
Producer                        : GPL Ghostscript 8.15
Create Date                     : 2010:02:09 19:08:40
Modify Date                     : 2010:02:09 19:08:40
Title                           : Microsoft Word - The Extricom WLAN System User Guide v4.2 docv4.0 part B
Creator                         : PScript5.dll Version 5.2
Author                          : Fred

EXIF Metadata provided by EXIF.tools