MTI WCAP6220APU WiFi transceiver User Manual KarlBridge Configuration User Guide
MTI Co., Ltd. WiFi transceiver KarlBridge Configuration User Guide
MTI >
Contents
- 1. Manual revised 1
- 2. Manual 2
Manual 2
59
Configuration
WLAN Cable Access Point 6220 (APU, CSU) have a various features
about a management and operation as listed below.
Software Installation
APU Basic Configuration and Operation Test
APU Basic Configuration and Operation Test
Testing the connection between APU and CSU
Testing Wireless Network Performance
Basic Configuration
Advanced and Optional Configuration
60
Software Installation (AP Configurator)
The WLAN Cable AP Configurator is used to configure your wireless
networking devices. Both the executable file needed to install the
Configurator and the online help for the Configurator (*.chm) are
included on the Software CD that you received with your hardware
device. Refer to the online help or the WLAN Cable AP Configuration
User Guide on the Document CD for detailed instructions on how to
configure your device. This section explains the system configuration in
detail..
Note: The features available to you in the WLAN Cable AP
Configuration vary depending on the version of the software. This
section explains all possible features involved in basic configuration.
Your actual software may not display all of the features and fields
described.
Installing the Configurator Software
1. Insert the Software CD into your PC’s/laptop’s CD ROM drive, then
you can see the installation web page as below.
Figure 4-1
Software CD Starting Display
2. Click the installation button and press “open” button while finding
the dialog box.
3. Double click the name of the Configurator Installation program
(the .exe file on your Software CD).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
61
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
Figure 4-2
Software Installation Launching
3. Follow the onscreen instructions to install the Configurator.
Figure 4-3
Installation Dialog Window
If you are installing the Configurator for the first time, files are stored in the
directory Program Files/Nortel/WLAN Cable AP Configurator. If you are
upgrading from a previous Configurator installation, your files will be stored
in the directory where you last saved the Configurator files. The Install
Shield also installs shortcuts to the Configurator on your desktop.
62
Procedure 3-1
APU Basic configuration and Operation Test
Action
Step Action
1. Prepare a Laptop computer and a client unit to test and configure the
APU at the installation field.
2. There are two kinds of test setup between APU and Wi-Fi Radio card
as below.
A. Type I (Radio Connection: Primary)
This type of test setup is very simple and reliable to setup and test
the operation of APU without additional accessories except
PCMCIA type radio card.
APU operation test can be performed with only a radio
connection between the antenna of the APU and Wi-Fi Radio
Card in Laptop PC as shown in Figure 4.4
B. Type II (RF Cable Connection: Secondary)
In case the more secure and reliable set, APU operation test can
be performed with a RF cable between the antenna of the APU
and Wi-Fi Radio Card in Laptop PC.
This type of test setup may be a little cumbersome but, can check
more securely APU operation and configuration excluded in any
interference from a various radio devices around the site.
Please make sure the cable has each different termination type at
both ends (APU side: N type Male, Radio card side: PC card)
3. Be aware that the APU initially unpacked has the default parameter
followed as below
Factory Default
IP address: DHCP Client (Ethernet 1)
Read Write Password: public
SNMP Secure Configuration Password: public
IEEE 802.11 Interface Setup
- Mode Selection: 802.11 compatible Access Point Mode
- Frequency: CH1 (2412 MHz)
- Transmit Rate: 11Mbps
- SSID: WLAN Cable AP
- WEP Encryption: Disable
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
63
Figure 4-4
Test Network Configuration (Radio Connection)
4. Search the APU by scanning it’s default SSID “WLAN Cable AP” at
a laptop computer and connect to the entity and then, check if the
radio signal shows a good performance.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
64
5. Launch the Configurator by either double clicking the WLAN Cable
AP Configurator icon in your desktop or by opening the file
config.exe from the directory “C:\Program Files\Nortel\WLAN
Cable AP Configurator” where software is installed
6. The Configurator runs and the IP Address for your APU (and the IP
addresses for any other devices in your network) appears in the
Configurator window, as shown below.
Figure 4-5
Configurator Starting Window
7. Make sure that the laptop computer gets an IP address from the
DHCP server at Network Center by checking an IP address list box at
the left side of the configurator window.
8. If the APU you wish to configure is on the same network subnet as
your computer, you can select it from the list that is automatically
displayed in the IP Address window. Press the<F5> key to refresh
the scan list. Alternately, you can also right click anywhere in the
scan window and select Re-scan local network.
Note: To differentiate the APU to be configured, you should check the
AP MAC address of APU which is printed on the label attached on the
side of APU.
9. If you can find out the IP address of APU on the IP address window,
Move a mouse pointer on the IP address.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
65
Figure 4-6
IP address list box
10. Right click on the IP address, and click the Configure button below
the list box on the left side of a configurator window. The
Read/Write Password screen is displayed, as shown below.
Figure 4-7
SNMP Password (Read/Write)
11. Enter the password “public” for the device you have selected at both
text boxes, and then click the OK button.
12. If the Setup tab is displayed in the main window as shown below,
SNMP checking is a success.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
66
Figure 4-8
Setup Tab
Note: When you test the APU with Test CSU, you don’t have to change
the parameters of APU with AP configurator. But, after all test
completed, you should configure APU according to your local network
design idea.
13. Perform Ping Test to the specific IP address of network entity which
is located at the public internet network during the defined minutes
(1 ~ 2 minutes)
14. Click the Start Button at the left corner of windows and the Run
button.
15. Enter a command “cmd” and find out “DOS Command window”
16. Enter a ping command “ping –t < Destination IP address > “
17. You can see Ping response from the destination.
18. After the defined ending time, Ctrl + “C” and record the ping
response result.
19. Perform the FTP Download/Upload Test with the Test server through
the Network Center.
20. Alternatively, you can access directly a commercial web site with a
web browser in a test laptop PC.
21. Configure APU with your final setup parameters for one of both
operation mode as Wi-Fi or Secure Data Mode (APU).
22. For more detail setup, Refer to the procedure 3-5(Basic
Configuration) and 3-6(Advanced and Optional Configuration).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
67
Procedure 3-2
CSU Basic configuration and Operation Test
Action
Step Action
1. Connect the Ethernet cable(straight) between Laptop PC and CSU
via POE Injector.
2. Launch the Configurator by either double clicking the WLAN Cable
AP Configurator icon in your desktop or by opening the file
config.exe from the directory “C:\Program Files\Nortel\WLAN
Cable AP Configurator” where software is installed
3. The Configurator will be opended and the IP Address for your APU
and Test CSU (and the IP addresses for any other devices in your
network) appears in the Configurator window as shown below.
Figure 4-9
Configurator Starting Window
4. Note the device in the List of Scanned Devices window showing the
green exclamation point”198.17.74.254”. This is the device(CSU)
you need to configure. Right click on this device, and then select
Configure This Device. The Change IP window is displayed, as
shown in the following screenshot.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
68
Figure 4-10
IP setup dialog box
5. Enter an IP address that will be local to the IP of the PC/laptop
running the Configurator, and then click the OK button. The main
window is redisplayed.
For example, In case the IP address of Laptop computer is
192.168.0.100/24, that of CSU will be allowable in 192.168.0.1/24 ~
192.168.0.254/24 as IP address subnet group.
Note: The IP address to enter should be included in the same subnet area
with PC/Laptop Computer for access to CSU.
6. The SNMP Password dialog box is displayed, as shown below.
Figure 4-11
SNMP Read Write Password dialog box
7. Enter a proper password in the basic SNMP password box.
8. Click the OK button.
9. The Interface Setup screen is enabled and displayed, as shown in the
Figure 4-12
10. Click the Interface Setup button. The Interface Setup screen is
displayed, as shown in Figure 4-13. And you do not need to set up
the Ethernet Interface.
11. If you have an 802.11b radio card, click the Setup 2 button to set up
the 802.11b interface.
12. Click the Setup 2 button. The IEEE 802.11 Setup screen is displayed,
as shown in Figure 4-14.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
69
Figure 4-12
AP Configurator Main window
Figure 4-13
Interface setup dialog box
13. Make sure CSU Secure Data Mode in the left portion of Mode
Selection is selected.
14. Select the Enable Signal Quality Front Panel Display checkbox if
your unit has a front panel display that is capable of displaying the
signal quality.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
70
Figure 4-14
Interface setup dialog box
15. Click the Advanced button for setting up a crucial parameters as
Radio Frequency, Transmit Rate(Bandwidth), Network ID
16. The 802.11b Advanced Setup screen for a Secure Data Mode is
shown below.
Figure 4-15
Advanced setup dialog box
17. Select Frequency and Transmit Rate in 802.11b Radio Setting.
18. Select Network ID in Network Settings
19. In case you know only Network ID, enable the auto channel scan by
checking the checkbox in the networks setting box.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
71
20. Please see the appendix G “Wireless Network Planning”.
Note: the Secure Data Mode network ID number (0-15) is used to
differentiate between multiple Secure Data Mode stations using the same
System Access Pass Phrase. This is used to allow a Secure Data Mode
CSU to specify the APU that it wants to connect to if two APU can be
seen by the same CSU. Generally, this value should be the same as the
Channel Number.
Note: Radio Transmit Rate should be chosen in the below list while
considering the service level of the user.
Auto-select (IEEE 802.11 only)
Low (1 Mbps)
Standard (2 Mbps)
Medium (5.5 Mbps)
High (11 Mbps)
Note: The channel/frequency values are usually determined by network
administrators. If you set the channel and frequency ensure that there are
at least four numerical channels difference between two overlapping
cells to avoid interference. For example, channels 1, 6 and 11 don’t
overlap, but channels 1 and 3 will do.
21. Click the Setup Æ IP Setup button. The IP Setup screen is displayed,
as shown below.
Note: The IP Setup screen allows you to set the Secure Data Mode
Station's IP Addressing information. The Secure Data Mode Station must
have an IP address assigned to it if you wish to connect to it using the
Configurator tool, which makes use of SNMP to connect to the Secure
Data Mode Station.
22. Select “2 IEEE 802.11” as the interface which is used to get DHCP
IP address from DHCP Server.
Note: You can choose to set up the APU to obtain an IP address from
DHCP server. If you select this option, you must also choose the
interface on which you would like the APU to send the request. This
option causes your APU to send a broadcast request for its IP address,
subnet mask, and default router over the given interface at APU startup
time. If you select the DHCP option, it is recommended (though not
required) that you set up your DHCP server to always provide the same
IP address to this Secure Data Mode Station system.
23. For more detail setup, Refer to the procedure 3-5(Basic
Configuration) and 3-6(Advanced and Optional Configuration).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
72
Figure 4-16
IP setup dialog box
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
73
Procedure 3-3
Testing the connection between APU and CSU
The Configurator’s Wireless Link Test screen is used to diagnose the
wireless link quality between your APU and any CSU associated with
the APU.
The Wireless Link Test displays the diagnostic counters that apply to the
radio interface and a single remote station connected to this APU.
To assess the overall wireless performance in the wireless area served by
the APU, you might need to run Remote Link Tests with multiple CSU
(one by one).
Action
Step Action
1. Prepare a Laptop computer and configure the test network as shown
in Figure 4-17.
2. Prepare a CSU module, POE Injector and Power supply system like a
Power booster in a vehicle or regular power outlet in home.
Note: Make sure that CSU and Laptop computer are set to DHCP Client
so that they can get IP address dynamically through APU from Server.
3. Be aware that the CSU has the same parameters with APU to test in
the operation mode as followed below
Table 4-1
System Main Parameters
Parameter APU CSU
IP address DHCP Client DHCP Client
Read Write Password User-specific User-specific
SNMP Secure
Configuration Password User-specific User-specific
Mode Selection APU Secure Data Mode CSU Secure Data Mode
Base Station Mode Polling(Primary) N/A
Frequency User-specific Auto scanning support
Transmit Rate User-specific User-specific
Network ID User-specific User-specific
Others User-specific User-specific
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
74
Figure 4-17
Test Network Configuration (Maintenance & Testing Setup)
4. Launch the Configurator by either double clicking the WLAN Cable
AP Configurator icon in your desktop or by opening the file
config.exe from the directory “C:\Program Files\Nortel\WLAN
Cable AP Configurator” where software is installed
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
75
5. The Configurator runs and the IP Address for your APU and Test
CSU (and the IP addresses for any other devices in your network)
appears in the Configurator window, as shown below.
Figure 4-18
Configurator Starting Window
6. Make sure that the laptop computer gets an IP address from the
DHCP server at Network Center by checking an IP address list box at
the left side of the configurator window.
7. Check if a Dynamic IP address is allocated APU and Test CSU
8. If the APU you wish to configure is on the same network subnet as
your computer, you can select it from the list that is automatically
displayed in the IP Address window. Press the<F5> key to refresh
the scan list. Alternately, you can also right click anywhere in the
scan window and select Re-scan local network.
Note: To differentiate the APU to be configured, you should check the
AP MAC address of APU which is printed on the label attached on the
side of APU.
9. If you can find out the IP address of APU on the IP address window,
Move a mouse pointer on the IP address.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
76
Figure 4-19
IP address list box
10. Right click on the IP address, and click the Configure button below
the list box on the left side of a configurator window. The
Read/Write Password screen is displayed, as shown below.
Figure 4-20
SNMP Password (Read/Write)
11. Enter the password “public” for the device you have selected at both
text boxes, and then click the OK button.
12. If the Setup tab is displayed in the main window as shown below,
SNMP checking is a success.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
77
Figure 4-21
Setup Tab
Note: When you test the APU with Test CSU, you don’t have to change
the parameters of APU with AP configurator. But, after all test
completed, you should configure APU according to your local network
design idea.
13. Select Wireless Link Test from the Analyze Tab. The Enter IP
Address screen is displayed, as shown below.
Figure 4-22
SNMP Password (Read/Write)
14. Enter the Remote IP Address and Read/Write password for the
wireless station you wish to test. The Select a Remote Link Partner
screen is displayed, as shown below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
78
Figure 4-23
Remote Link List window
15. From the list of station names, select the remote station or client you
wish to test. Select a station from the list, and then click on the Link
Test button to perform a link test.
Note: Clicking the Explore button refreshes the list of stations that
can be selected.
16. Click the Link Test button to start the link test.
Note: When you open this screen, the base station will need
approximately 20 seconds to build the list of stations and forward this
information to your configurator station. Due to the dynamic
characteristics of mobile wireless stations, the base station will
rebuild the list of connected stations each time you select a different
station, or after clicking the Explore button. If this screen does not
display any station, there might be no wireless station up and running
in the vicinity of the selected base station.
17. The Remote Link Test screen displays the results of your wireless
link test, as shown below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
79
Figure 4-24
Remote Link Test Status Window
18. The advice button enables you to investigate the outcome of the
Remote Link Test assessment in more detail and provides you with
troubleshooting hints to improve the quality of the link between the
two remote nodes. The following table summarizes the possible
results of clicking the Advice button, and what action is warranted
based on the results:
19. It is necessary that you adjust the vertical tilt and horizontal angle
toward APU at the mounting point of CSU, while monitoring the RF
link quality status window so that SNR and Link status bar keep a
best quality.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
80
Table 4-2
Radio Link Status
Status Risk Action
Excellent None You do not need to perform further
diagnostics.
Good None You may try to optimize antenna
placement to see whether this will
improve the Link Quality result.
Marginal Communication is still
possible, but this
situation may affect the
unit's performance.
View Link Test Details to verify.
The unit may have to retransmit lost
packets.
Verify the Signal Level indicator. A
low Signal Level indicates the unit
has moved away from the base
station.
View Link Test Details to verify the
Noise Level indicator. A high Noise
Level indicates a source of
interference in the signal path
between the unit and the base
station.
Select another unit to verify if the
base station is functioning properly.
Try to optimize antenna placement
to improve the Signal Level or move
it away from the source of
interference.
“No
Connection” Communication is no
longer possible. If the
unit was in the process
of transferring files, data
may not have arrived at
the intended destination,
or it may have been
corrupted.
View Link Test Details to verify the
Signal Level indicator. A low Signal
Level indicates the unit has moved
away from the base station.
View Link Test Details to verify the
Noise Level indicator. A high Noise
Level indicates a source of
interference in the signal path
between the unit and the base
station.
Select another unit to verify if the
base station is functioning properly.
Try to optimize antenna placement
to improve the Signal Level or move
it away from the source of
interference.
Quality
Indicator is None. The base station
may be busy collecting
If the indicator remains blank, click
the other button to return to the
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
81
Black diagnostic measurement
results from the unit. Select a Remote Link Partner screen.
Click the Explore button to refresh
the list of Link Test Partners. If the
initial partner no longer appears, it
may have been switched off, or have
been moved outside the range of the
selected Initiator Station.
Select another Link Test Partner to
verify if the base station is
functioning properly.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
82
Procedure 3-4
Testing Wireless Network Performance
FTP Up/Download Test
Action
Step Action
1. Launch the Configurator by either double clicking the WLAN Cable
AP Configurator icon in your desktop or by opening the file
config.exe from the directory “C:\Program Files\Nortel\WLAN
Cable AP Configurator” where software is installed
2. The Configurator runs and the IP Address for your APU and Test
CSU (and the IP addresses for any other devices in your network)
appears in the Configurator window
Figure 4-25
Configurator Starting Window
3. Make sure that the laptop computer gets an IP address from the
DHCP server at Network Center by checking an IP address list box at
the left side of the configurator window.
4. Check if a Dynamic IP address is allocated at APU
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
83
5. If the APU you wish to configure is on the same network subnet as
your computer, you can select it from the list that is automatically
displayed in the IP Address window. Press the<F5> key to refresh
the scan list. Alternately, you can also right click anywhere in the
scan window and select Re-scan local network.
6. If you can find out the IP address of APU on the IP address window,
Move a mouse pointer on the IP address.
Figure 4-26
IP address list box
7. Perform Ping Test to the specific IP address of network entity which
is located at the public internet network during the typical minutes(1
~ 2 minutes)
8. Click the Start Button at the left corner of windows and the Run
button.
9. Enter a command “cmd” and find out “DOS Command window”
10. Enter a ping command “ping –t < Destination IP address > “
11. You can see Ping response from the destination.
12. After the defined ending time, Ctrl + “C” and record the ping
response result.
13. Perform the FTP Download/Upload Test with the Test server through
the Network Center.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
84
Testing Wireless Network Performance (Ping Fill Test)
Action
Step Action
1. On the Analyze tab, click the Ping Fill Test button. The Enter IP
Address screen is displayed.
Note: The above IP address should be that of CSU (Client of APU)
which can get the IP address list box at AP configurator.
Figure 4-27
IP Address Tab
2. Enter the IP address and Read/Write Password of the Internet host with
which you would like to test throughput, and click the OK button. The
Ping Fill Test Parameters screen is displayed. .
Note: To test wireless performance, the target system can be one of the
APU Secure Data Mode station's clients. You can also use a wired host
to test wired interface performance.
3. Enter the Test Window Size, Max Packets, and Test Running Time.
Ex) Packet Length: 60, Window size: 80, Maximum Packets: 20,
Number of Second: 5
4. Click the OK button. You will see some warning messages, and then
the Ping Fill test will run. The results of the test are then displayed in
the Ping Fill Results screen.
5. Choosing the correct parameters is crucial to obtain accurate Ping Fill
Test results. To find out more about each of the parameters, click in the
fields shown in the screenshot below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
85
Figure 4-28
Ping Fill Test Parameters
6. As soon as Ping Fill test is over, you can see result windows as
below.
7. Record Average Transfer Rate of the result items
It is recommended that the result window to be captured as a picture
and saved in the file.
Figure 4-29
Ping Fill Test Results Window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
86
Procedure 3-5
Basic Configuration
Set Up General Configuration Options
The Setup tab is used to define the configuration options for the device,
and the General Setup screen is used to enable various setup options.
Click on the Setup tab, then click the General Setup button to display the
General Setup screen, shown below:
Figure 4-30
General Setup window
Note: This menu has been modified for use in this manual. This menu
has all supported features checked (enabled) and is NOT typical of the
menu you will see. Each of the fields on the screen is explained below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
87
Figure 4-31
General Setup window
Enable Bridging
Selecting this checkbox in General Setup will allow you to access the
Bridge Setup screen, which you can use to enable your device’s
transparent Ethernet bridging feature. This allows for the transference of
Ethernet packets between physical networks connected directly to the
base station.
If enabled, the base station will transfer Ethernet packets from one
interface to the other (for example, between the wireless and the wired
networks). The default behavior is to bridge all Ethernet protocols. You
can set which Ethernet protocols to bridge or deny, as well as, Ethernet
stations that will be allowed or disallowed to send packets over the
bridge using Bridge Setup from the Setup tab.
If disabled, only IP packets with correct IP Routes set up in IP Router
Setup will be bridged between the base station's various interfaces;
general Ethernet packets will not be transferred across the base station.
This would be useful in a situation where you want to enable IP traffic,
but not general Ethernet traffic between (sub) networks.
Enable IP Routing
Selecting this checkbox in General Setup will enable your hardware
device to route IP packets between its various interfaces.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
88
If enabled, you will need to set up routes on the IP Routing screen or you
will not be able to access your hardware unit when you exit the
Configurator program.
Enable Remote Bridging Using IP Tunnels
This option allows you to encapsulate Ethernet packets of any protocol in
IP and then send them to another Secure Data Mode Bridge/Router to de-
encapsulation. Select this checkbox to enable this capability.
Some versions of the Secure Data Mode Station support a special feature
which will enable Ethernet packets of any protocol type to be
encapsulated in IP and then sent to other Secure Data Mode Stations for
de-encapsulation. This method can be used to set up "virtual" Ethernet
LANs between several points using the IP network as the transport layer.
This feature can be used to create a Virtual Private Network when used
in conjunction with the Data Encryption option.
Enable Watchdog Reboot Timer
Select this item in General Setup to enable the watchdog timer reboot
feature. If packets are not seen on the network for more than 10 minutes
(a very rare occurrence), the Secure Data Mode Station will reboot itself.
Once it has rebooted, the 10 minute reboot timer will not activate again
until a packet has been seen on one of the interfaces. This is to ensure
that only one reboot will occur if the entire network is truly shut down.
Enable IP UDP/TCP Security Filters
Select this option in General Setup to enable the base station's Firewall
(IP Security Filter) features. You can set the base station to explicitly or
implicitly allow or deny IP connections to specific UDP or TCP ports,
and/or between specific IP addresses or subnets. For more information,
see Firewall Setup.
Note: This option is only available when the MAC Authentication
Access Control button has been selected on the General Setup screen.
Enable Outgoing Network Address Translation
Select this checkbox if you will be using Outgoing NAT to multiplex
traffic from all the computers on your internet network through the
Secure Data Mode Bridge/Router.
Outgoing Network Address Translation (NAT) allows multiple
computers to share a single IP address to connect to an IP network,
including the Internet. This allows homes, small businesses, and Internet
Service Providers to have Internet service for all of their computers
without having to pay for additional IP addresses. The NAT feature
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
89
serves as a simple firewall for incoming connections, since only traffic
initiated by an interior computer is permitted through the NAT.
Enable Incoming Network Address Translation
Select this checkbox if you will be using Incoming NAT to multiplex
traffic from the network to all the computers on the internal network.
Incoming Network Address Translations (NAT) is used to redirect
requests to servers in the local address space based on the port of the
request. If, for example, the client at local address 10.0.1.2 is serving
web pages, and a request comes to the access point on that port for a web
session, then the request will be forwarded to the web server on 10.0.1.2.
The server will respond with the web page to the address of the original
request.
Note: Incoming NAT only needs to be configured if servers in the local
(private) address space need to connect with clients in the global (public)
address space.
Enable DHCP Server
Select this checkbox if you are using the Secure Data Mode Bridge/
Router to provide DHCP information to the computers on your network.
Note: If you do not check this option, you will not be able to access the
DHCP Server screen.
Enable Secure Data Mode Radius Authentication
Select this checkbox if you wish to enable RADIUS authentication for
your Secure Data Mode stations.
Enable Network Address Translation Redirector
Select this checkbox if you wish to enable network address translation
(NAT) redirection, which is used to forward the packets sent to a
particular port number to a specified IP address, regardless of the original
destination IP address.
Access Control Buttons
The access control buttons determine how authentication is controlled.
There are three possible means of authentication control:
Disable - Selecting Disable turns off MAC authentication entirely.
Legacy Access Control - Selecting Legacy Access Control enables
access to the Access Control Setup screen and disables access to the
Advanced Authentication screen
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
90
MAC Authentication Access Control - Selecting MAC
Authentication Access Control enables access to the Advanced
Authentication Setup screen, which provides more detailed MAC
authentication setup options, and disables access to the Access
Control Setup screen.
Set Up Interfaces
Once you have enabled various configuration options, you need to define
the network interfaces for your hardware device. You will typically set
up one or more of the following interfaces:
As the name suggests, the Interface Setup screen is used to set up
network interfaces. From the Setup tab, click the Interface Setup button.
The Interface Setup screen is displayed, as shown below:
Figure 4-32
Interface setup window
Interface (APU)
Interface (CSU)
The following rules apply for setting up network interfaces:
You do not need to set up the Ethernet Interface.
If you have an 802.11b radio card, click the Setup 2 button to set up
the 802.11b interface.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
91
Remote Checkbox -- Select this checkbox if all traffic coming in on this
interface is to be viewed as remote traffic for firewall, bridging, filtering,
and routing purposes. If this checkbox is not selected, then all traffic on
this interface will be considered local traffic. Note that the “Remote”
designation is significant only for the Security filters, and does not imply
physical location. The security filters will pass (permit) or drop (deny)
packets of particular types from being forwarded between interfaces
designated as “Local” (unchecked) and those designated as “Remote”.
Note: At least one enabled interface must be a remote interface.
Enabled -- Select this checkbox if this interface should be enabled. If this
box is not selected, then the base station will disable the interface and it
will not be used, and the interface itself will be "down" from an
administrative standpoint.
Note: At least one enabled interface must be a remote interface.
Maximum Transfer Rate (Kbits/sec) -- The maximum transfer rate is the
number of bits that can be used for sending and receiving packets. If you
wish to limit the maximum data transfer rate for a particular interface,
enter the maximum number of kilobits per second that can be transmitted
from and to the base station. This helps to reduce the risk of over-
powering remote sites and to limit the bandwidth used by a particular
base station.
Note: The transfer rate represents the total transfer rate for both sending
and receiving packets. For example, if you set the transfer rate to 10,000
Kbits (10 Mbits) per second, then 10 Mbits represents the maximum rate
available for both sending and receiving packets. Therefore, if you use 7
Mbits per second in sending the packets, then only 3 Mbits per second
are available for receiving packets.
Setup 1, 2, 3-- The Setup 1, 2 buttons are used to define the available
interfaces. In the screenshot shown above, clicking Setup 1 will display
the Ethernet Setup screen, clicking Setup 2 will display the 802.11b
Setup screen. Each of the Interface Setup screens is explained in more
detail below.
Set up Ethernet
Clicking the Setup 1 button on the Interface Setup screen displays the
Ethernet Setup screen.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
92
Figure 4-33
Ethernet Setup window
The Secure Data Mode station will automatically set up the Ethernet
interface to use the type of medium that has been connected to the unit.
By default, the Ethernet connection is set at 10 Mbit/sec for both half
duplex and full duplex. Therefore, you do not need to configure special
settings for the Ethernet hardware interface. If you wish to customize the
Ethernet settings, you can change the settings listed below. However,
you do not need to change any settings for your hardware device to be
functional.
The Secure Data Mode Station supports both Ethernet IEEE 802.3
and DIX Ethernet frame types.
Protocols are set in the Interface Setup window of the Setup Tab.
Note: Do not change the default setup “10Mbit/sec Auto Duplex” in this
setup window without a technical consult of manufacturer.
Ethernet Type -- The Ethernet type options provide a variety of Ethernet
settings. The default value for Ethernet type will vary, depending on
your hardware device. Only the settings that are enabled on your screen
are supported by your particular hardware device. If your switch or
Ethernet card supports different speeds, you may want to change the
speed setting.
Set Up 802.11b
Clicking the Setup 2 button on the Interface Setup screen displays the
802.11b Setup screen. The 802.11b Setup screen is used to set up the
interface to your 802.11b network devices.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
93
Figure 4-34
802.11 Radio Interface Setup window (APU Secure Data Mode)
Figure 4-35
802.11 Radio Interface Setup window (APU Wi-Fi Hotspot Mode)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
94
Figure 4-36
802.11 Radio Interface Setup window (CSU)
802.11b Network Name-- The 802.11b Network Name is used in
standard IEEE 802.11b networks to distinguish stations in your 802.11b
network from stations that belong to a neighboring 802.11 network.
The value used for the radio interface on this station should be the same
for all wireless stations in the 802.11b network. Only stations configured
with the proper 802.11b Network Name will be able to connect to the
802.11b station's radio interface.
The Network Name can be any alphanumeric string in the range of "a" to
"z,” "A" to "Z" and "0" to "9,” and can contain from 1 to 32 characters.
If you wish to allow access to the wireless network to be open to all
wireless stations, the Network Name should be set to ANY.
Note: The Network Name is used only when the 802.11b radio interface
(for example, Orinoco) is set to run in IEEE 802.11 Access Point Mode.
802.11 Compatible Access Point-- When this option is selected on the
802.11a or 802.11b Setup screen, the card attached to this interface will
act as a standard 802.11a or 802.11b access point.
Use this setting when:
Connecting to any 802.11 radios acting as mobile units
Operating this interface for compatibility with other manufacturers'
access point hardware
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
95
Communication over the wireless network is light, or is limited
primarily to one satellite
Note: When using this mode, you will not be able to connect to multiple
Access Points over the same interface.
If you wish to support a LAN (either wired or wireless) connected to the
far side of a remote 802.11 device, you must use a Secure Data Mode
Network setup by choosing one of the Secure Data Mode Station modes
(see Related Topics for more information).
The IEEE 802.11b Access Point mode is useful primarily for indoor
wireless LAN's that have no hidden nodes. For wireless network
infrastructure connections you should use one of the Secure Data Mode
Station types.
Super Ethernet Converter-- When this option is selected, the card
attached to this interface will act as a Mobile Router.
You must also uncheck the Enable Bridging checkbox in General Setup
(of the Mobile Router. An Access Point acting as an IEEE Compatible
Mobile Router will allow only IP traffic to be transmitted between the
Remote IP LAN and the Secure Data Mode Network. The remote LAN
must be using IP in order to connect to the IEEE network, but can use
additional protocols as well.
In order to bridge Ethernet traffic over the wireless network between
remote LANs, you must select one of the Secure Data Mode station types.
Secure Data Mode No Base Stations-- Select this option to set your
802.11b device's radio card on this interface to run as a Secure Data
Mode Network without a Secure Data Mode Base Station (i.e. peer-to-
peer).
Use this setting only in the rare instance when all Secure Data Mode
stations are able to "see" each other (i.e., there are no hidden nodes).
When all connected Secure Data Mode Stations are not able to "'see" one
another, this setting should not be used. In that case, you should set one
of your Secure Data Mode Station stations to Secure Data Mode Base
Station, and the others to Remote (Satellite) Secure Data Mode Stations.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
96
APU Secure Data Mode-- Selecting this option sets the Secure Data
Mode Station to run as a Secure Data Mode Base Station over the
802.11b device's radio interface. Every system that needs to connect to
the wireless network must be able to connect to the Secure Data Mode
Base Station.
When you select this Base Station type, you must select one of the
Protocol Filtering Modes. The Protocol Filtering Mode determines how
the base will interact with the satellite (slave) stations. Is it recommended
that you use the Enable Filters between Slaves mode.
The possible base station modes are as follows:
Non-Polling Base Station
The non-polling Secure Data Mode Base Station Mode is provided
mostly for compatibility with older Secure Data Mode Networks, but
may give increased performance over other (polling) Secure Data Mode
Base Station modes in a lightly loaded network, or in a network with
only a few satellites.
Setting a base station to non-polling mode may increase performance in
the rare case where all satellites can hear one another (i.e. there are no
hidden nodes), or when there is sporadic network use. In an environment
where most network traffic is with one satellite, and other satellites rarely
transmit data, this setting may also increase performance. However, it is
highly recommended that you select one of the polling modes.
Selecting this Secure Data Mode Base Station Mode takes full advantage
of the features of a Secure Data Mode Network.
Polling Base Station
Selecting this Secure Data Mode Base Station Mode sets the Secure Data
Mode Station to run as a Secure Data Mode Base Station which performs
a highly optimized Nortel Networks-proprietary polling of the satellite
stations for data. In the Non-Polling Base Station mode, all wireless
stations must be able to 'hear' each others' traffic, or performance may
degrade considerably (the hidden node problem). In polling mode, the
Base Station will poll each station for data, and also offer the opportunity
for 'free-for-all' sending of data at set intervals.
In conjunction with the standard features of the Secure Data Mode
Network, this Secure Data Mode Base Station Mode offers a significant
performance increase over other wireless protocols when the network is
under heavy load.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
97
ISP Base Station
Selecting this Secure Mode Base Station sets the Secure Mode Station to
run as a base station for connections to Microsoft Windows PC Clients.
This mode takes full advantage of the features of a Secure Mode
Network and allows Windows clients to connect directly to the base
station, eliminating the need for an Ethernet connection to a second
Secure Mode Station running as a Remote Secure Mode Station.
The following Windows clients are supported:
Windows 95a (with the Winsock 2 update)
Windows 95b
Windows 98
Windows NT 4.0
Windows XP
To filter Ethernet protocols that are transferred between the wireless
stations (for example, to disable the Windows Network Neighborhood),
select ISP Base Station with Protocol Filtering. Filters set in Bridge
Setup... are not applied to wireless-only traffic in the non-filtering ISP
Secure Data Mode Base Station Mode.
We strongly recommend that you set your Secure Data Mode Base
Station to ISP Base Station with Protocol Filtering mode when
connecting Windows PC Client satellites.
ISP Base Station with Protocol Filtering
Selecting this Secure Data Mode Base Station Mode gives you the same
functionality of the ISP Base Station mode, with an added filtering
function that applies the bridge filters set in Bridge Setup to traffic sent
over the wireless network as well.
With the non-filtering ISP Secure Data Mode Base Station Mode, all
traffic between two wireless stations is permitted. Bridge filters do not
apply to wireless-only traffic in the non-filtering ISP Secure Data Mode
Base Station Mode.
When using the ISP Base Station with Protocol Filtering setting, you can
set the bridge filters so that each wireless machine (or LAN behind
another connected Secure Data Mode Station) is 'hidden' from all other
machines or LAN's connected to the Secure Data Mode Network.
Properly setting up Protocol Filtering will disable the Windows 'Network
Neighborhood' from seeing other machines connected on the wireless
network.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
98
If you do not deny IP and IP-ARP packet types in Protocol Filtering,
wireless machines are still able to connect to each other via IP packets,
including TCP and UDP. Permitting only IP traffic over the wireless
network will allow your wireless clients to interact as if they were
connected to the Internet, but not together on a private network. For
added security, the firewall features of the bridge can be used to deny
certain types of IP packets from flowing between the wireless stations.
We strongly recommend that you select ISP Base Station with Protocol
Filtering when the Secure Data Mode Base Station will service satellites
running the PC Client.
CSU Secure Data Mode-- Selecting this option in IEEE 802.11b sets the
Secure Data Mode Station to Connect to an APU Secure Data Mode
Station over this 802.11b device’s radio interface.
To properly use this setting, you must be sure that the following items
match the APU Secure Data Mode Station Settings:
Network ID(NWID)
System Access Pass phrase
Frequency Channel
Enable Signal Quality Front Panel Display-- On units that have a front
panel display that is capable of displaying the signal quality, selecting
this checkbox will enable the signal quality display.
Deny Inter-Client Traffic on this Interface-- Select this checkbox if you
wish to prevent wireless stations from sending packet directly to each
other. Usually, the AP will repeat station-to-station traffic and will not
send it to the bridge and firewall filters. This is because bridging routines
historically work between physical interfaces only.
Since an Ethernet packet sent between two Ethernet hosts on the same
Ethernet subnet will automatically be seen by the destination host—with
wireless, the packet must be repeated by the AP. This turns off the AP’s
packet repeating code.
Secure Data Mode Advanced Setup
Clicking the Advanced Button on the 802.11b Setup screen displays the
802.11b Advanced Setup screen, which allows you to configure more
options related to the setup of your and 802.11b network devices.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
99
The appearance of the 802.11b Setup screen varies depending on which
options are set on the 802.11b Setup screen. The 802.11b Advanced
Setup screen for a Secure Data Mode Base Station is shown below.
Figure 4-37
Secure Data Mode Advanced Setup window
The 802.11b Secure Data Mode Base Station Advanced Setup screen is
used to set up advanced features for an 802.11b Secure Data Mode base
station.
Network ID-- Enter the Secure Data Mode network ID number (0-15)
used to differentiate between multiple Secure Data Mode stations using
the same System Access Pass Phrase. This is used to allow a Secure Data
Mode satellite to specify the Base Station it wants to connect to if two
base stations can be seen by the same satellite. Generally, this value
should be the same as the Channel Number.
Radio Transmit Rate-- Select the radio bit rate used to transmit.
Your choices are:
Auto-select (IEEE 802.11 only)
Low (1 Mbps)
Standard (2 Mbps)
Medium (5.5 Mbps)
High (11 Mbps)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
100
A lower signal will increase the noise. In essence, the poorer the signal-
to-noise ratio, the lower this rate should be set.
Note: The transmit rate affects only the transmissions made by this
station.
802.11b Frequency Setup-- Clicking the Frequency button on the
802.11b Setup screen displays the 802.11b Frequency Setup screen,
which allows you to set the Frequency Channel for your 802.11b radio
card.
The 802.11b Frequency Setup screen is used to change the channel and
frequency for one of the remote devices on your network. Note that this
screen is only accessible if you have identified remote devices in your
network. If all devices are in your local network, then the Frequency
Setup screen is unavailable.
Channel/Frequency-- Select the channel and frequency for the remote
device from the drop-down list. See Frequency Channels for a more
detailed explanation of the frequency channels.
Note: The channel/frequency values are usually determined by network
administrators. If you set the channel and frequency ensure that there are
at least four numerical channels difference between two overlapping
cells to avoid interference. For example, channels 1, 6 and 11 don’t
overlap, but channels 1 and 3 do.
Hotspot Mode Advanced Setup
Clicking the Advanced Button on the 802.11b Setup screen displays the
802.11b Advanced Setup screen, which allows you to configure more
options related to the setup of your and 802.11b network devices.
The appearance of the 802.11b Setup screen varies depending on which
options are set on the 802.11b Setup screen. The 802.11b Advanced
Setup screen for a Hotspot Mode Base Station is shown below.
The 802.11b Hotspot Mode Base Station Advanced Setup screen is used
to set up advanced features for an 802.11b Secure Data Mode base
station.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
101
Figure 4-38
Hotspot Mode Advanced Setup window
Channel/Frequency-- Select the channel and frequency for the remote
device from the drop-down list. See Frequency Channels for a more
detailed explanation of the frequency channels.
Radio Transmit Rate-- Select the radio bit rate used to transmit.
Your choices are:
Auto-select (IEEE 802.11 only)
Low (1 Mbps)
Standard (2 Mbps)
Medium (5.5 Mbps)
High (11 Mbps)
Multicast Rate-- Select one of the following values:
1 Mbit/sec
2 Mbits/sec
5.5 Mbits/sec
11 Mbits/sec
Note that for data communication with wireless clients in its vicinity, the
802.11 device is able to determine the appropriate Transmit Rate for each
client individually.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
102
However, for "anonymous data traffic" such as Multicast messages that
must be transmitted to all stations simultaneously, the LAN
Administrator must identify the correct Multicast Rate.
Warning: Selecting the 5.5 Mbits/sec or 11 Mbits/sec values in
network environments that do not satisfy these requirements may result
in Multicast messages getting lost.
Enable RTS/CTS - Select this checkbox to enable the Medium
Reservation mechanism.
When you enable Medium Reservation, the APU will use the Request to
Send/Clear to Send (RTS/CTS) protocol to control wireless data
transmissions, based on the length of the data frame that is to be
transmitted.
RTS/CTS Threshold-- Enter a Medium Reservation Threshold value.
Valid values are any decimal value in the range of 0 to 2347. The default
value of 2347 indicates that Medium Reservation is disabled.
Note: Most vendors recommend using a threshold of around 500.
DTIM Period-- The Delivery Traffic Indication Map (DTIM) parameter
influences the handling of Multicast messages that need to be transmitted
to the wireless medium.
Valid values are any digit in the range of 1 through 65535. The
recommended value is 1. Note that the default value of "0" indicates the
default used by the manufacturer of the radio card, not "0" milliseconds.
Distance between access points—This selection impacts the multicast
rate. ALL stations connected to an AP need to receive broadcasts/
multicasts or some protocols (e.g. IP ARP) will not work. Therefore, the
distance between the multiple AP multicasts without negatively
impacting performance. The value set (Small, Medium, Large) should be
the value that guarantees that all stations will receive the broadcasts.
The following table explains the relationship between these two fields:
Multicast Rate Then Set Distance Between APs to ...
1 Mbps Large
2 Mbps Medium
5.5 Mbps Medium
11 Mbps Small
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
103
802.11b Security Setup
Clicking the Security button on the 802.11b Setup screen displays the
802,11b Security Setup screen, which allows you to set up security for
your 802.11b devices. Note that the fields shown in the screenshot
below will vary depending on the version of the Configurator you are
using and the options contained in the .bin file. The screen below shows
all available options.
Figure 4-39
802.11 Security Setup window
Disable WEP Encryption-- Select this button if you wish to disable
Wired Equivalent Privacy (WEP) encryption.
If you are not concerned about security (for example, home users using
this device only to browse the Internet), and if you are not concerned
your AP is used by others, then select this checkbox.
Note: For simple security, you can disable WEP encryption and select
the Closed Wireless System checkbox.
Static WEP Keys Only-- Select this button if you wish to enter Wired
Equivalent Privacy (WEP) keys identically on each access point/station
and Secure Data Mode unit in the network. When you select this button,
the four Static EP Encryption key fields are enabled on the right side of
the screen.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
104
802.1x Auto WEP Key Generation-- Select this option if you wish to
automatically create Wired Equivalent Privacy (WEP) keys using the
802.1x protocol. Selecting this option prevents you from creating static
WEP keys.
802.1x & Static WEP Mixed Mode-- Select this option if you wish to
automatically create Wired Equivalent Privacy (WEP) keys using the
802.1x protocol and also allow static keys.
Deny Non-Encrypted Data-- Select this checkbox if you want to deny all
received data that is not encrypted. When this checkbox is selected, any
packet received that is not encrypted using one of the four WEP
Encryption keys listed above will be dropped. When this checkbox is not
selected, unencrypted packets will be accepted and/or forwarded.
Warning: You should always select this checkbox if WEP is enabled in
any form. If disabled, clients without WEP can access your network!
Distribute WEP Keys-- If auto key generation is done in any form (auto-
only or mixed mode), then the keys must be distributed to the stations. If
you have 802.1x enabled on the interface, and STATIC generation
ONLY, then the statically defined keys can still be distributed to 802.1x
stations. However, if you do not have 802.1x, you cannot distribute WEP
keys; and you must use Static keys and enter them manually.
Regenerate New WEP Keys Every n Minutes-- When generating keys,
change them every n minutes and send them to the access point/station.
Note: This option is only available for 802.1x devices.
Note: This option only applies if you have selected Auto WEP Key
Generation.
Use n-bit WEP Keys-- Select either 64-bit (silver) or 128-bit (gold)
encryption keys. The higher bit count provides somewhat higher security.
Static WEP Encryption Keys-- If you use static encryption keys, you
must enter each key in the Static WEP Encryption Keys fields. Note that
these keys must be entered identically on each access point/station and
Secure Data Mode unit in the network.
Encrypt Data Transmission Using Key n-- Enter the key number that
should be used to encrypt data on this interface. Note that you can
receive using any key, but will generally always transmit using a single
key. Unicast transmissions to an 802.1x station with dynamic keys will
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
105
use that’s station’s dynamic key, but all broadcasts, multicasts, and other
unicasts will be encrypted using the key identified in this field.
Closed Wireless System-- Select this checkbox if you wish to require
802.11 stations to have the 802.11 Service Set Identifier/Network Name
entered on their system. Stations without the correct network name will
be denied access. Selecting this option indicates that you do not want the
AP to broadcast the SSID. For example, if you select this checkbox,
then Windows XP will not be able to see the AP.
Note: For simple security, you can disable WEP encryption and select
the Closed Wireless System checkbox. Note, however, the Closed
Wireless System checkbox applies only to Orinoco radios.
Configure the APU for Basic MAC Authentication
Advanced Authentication allows you to restrict access to an 802.11
access point by specifying the MAC Addresses of stations that can use
the wireless bridge
1. Select the Setup Tab, and then click the General Setup button. The
General Setup screen is displayed, as shown below.
2. Select the MAC Authentication Access Control radio button, as
shown in the screenshot, then click OK to close the General Setup
screen.
3. Click the Advanced Authentication button. The Advanced
Authentication Setup screen is displayed, as shown in Figure 4-40.
Figure 4-40
General Setup Window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
106
Figure 4-41
Advanced Authentication Setup Window
When a station tries to connect to the hardware device (via Ethernet,
802.11, etc.), the AP can decide whether or not to forward packets to or
from that station based on authorization criteria. There are three
authentication modules that comprise MAC authentication, but the
network administrator determines which of those three modules are used.
• Access Control List (ACL)
• MAC RADIUS Authentication (with optional WARP support)
• 802.1x
These modules are enabled on a per-interface basis. This provides
greater control for the network administrator. In essence, the
administrator decides whether there will be more or less (or no)
authentication on an interface-by-interface basis.
For example, an administrator can permit MAC addresses entered as part
of the ACL only on 802.11b, but can permit MAC addresses entered
through RADIUS Setup for both the Ethernet and 802.11b interfaces.
The modules are checked in the order in which they appear on the
Advanced Authentication Setup screen, and the options that have been
selected (checked) determine how authentication is carried out.
Assuming that all options are selected, the first method used is the
Access Control List, followed by MAC Address Radius, followed by
802.1x authentication. If no options are selected, then no authentication
takes place. Zero to three of the modules can be enabled, but at least one
module must be enabled for advanced authentication to take place.
The process by which authentication takes place is as follows:
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
107
The first module in the list (for example, ACL) checks the source
address of the incoming packet to see if it is permitted to send
packets on the selected interfaces.
The module will designate the address as one of the following:
• Permit -- the MAC address is permitted on this interface, and
packets are forwarded
• Deny - the MAC address is denied on this interface, and the
packets are not sent
• Unknown - the MAC address is not known on this interface, and
is passed to the next authentication module
If the designation is unknown, then it is passed to the next module in
the list (for example, from the ACL to MAC RADIUS
Authentication), and the process starts again.
Ensure that the MAC Address RADIUS Authentication checkbox is
enabled, and then click the Setup button. The Authentication Module
Setup screen is displayed as shown below.
Note: The number of tabs displayed on this screen will vary depending
on which Advanced Authentication options you have selected on the
Advanced Authentication Setup screen. In the screenshot below, all
Advanced Authentication options have been enabled.
Figure 4-42
Authentication Module Setup Window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
108
4. Click the MAC RADIUS tab. The MAC RADIUS Setup screen is
displayed, as shown below.
Figure 4-43
Authentication Module Setup Windows
The MAC RADIUS Setup screen is used to define advanced
authentication and accounting options for clients that are authenticated
via RADIUS using the client's MAC Address as the RADIUS username.
RADIUS authentication and accounting server IP addresses and port
numbers are set up using the MAC RADIUS Setup screen. Note that this
particular MAC RADIUS module applies only to Ethernet and 802.11
access point interfaces.
This screen is used in conjunction with the RADIUS Server Setup screen
to define various authentication options. If you wish to use accounting,
you must first set up accounting parameters on the RADIUS Server
Setup screen.
5. Enter values in the RADIUS Server Setup screen to configure your
RADIUS server. Each field on the screen is explained in more detail
below.
Use formatted MAC Address for username-- Select “A1-2B-3C-45-CD-
EF” if you wish to use all uppercase formatting for MAC address
accounting. This format corresponds to the new RFC RADIUS
standards.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
109
Select a1b2c3-d4e5f6 if you wish to use the older formatting of MAC
addresses. Select EAP packet username if you wish to the EAP packet
username(802.1x Authentication only).
Enable this method on the following interfaces.
Select the interfaces used for MAC RADIUS authentication.
Note: You can select either the Ethernet or 802.11b interface if you wish
to use WARP.
Retry Interval-- The retry interval for authentication, in tenths of a
second. The default value is 5, or a retry interval of .5 seconds. You can
set the retry interval to any value between 3 (.3 seconds) and 30 (3
seconds).
Maximum Retries-- The number of times the access point will retry to
connect with the server. The default value is 8(eight), and the range for
retries is between 1(one) and 10(ten).
Idle User Timeout (sec)
Enter a value in this field if you wish to disconnect users after a period of
inactivity. The value entered will be the number of seconds that must
pass without activity before users are disconnected.
The default value is 300 seconds (or five minutes). The range of
accepted values is between 0 and 3825.
Disable Grace Period -- The grace period allows a client to roam between
access points without losing open TCP connections. Select this
checkbox if you wish to disable the grace period. If selected, the user
does not receive a grace period; if unselected, the user receives a grace
period.
Note: The Grace Period must be enabled (unchecked) if you wish to use
WARP.
Re-authenticate Rejected Users Every n Minutes -- Select the interval at
which users who have not been authenticated will be allowed to re-
authenticate. The default interval is 60 minutes.
Accept the User-- Select this radio button if you wish to allow network
access to the user if the RADIUS server is down.
Reject the User -- Select this radio button if you wish to deny network
access to the user if the RADIUS server is down.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
110
Do not change user authentication state-- Select this checkbox if you
wish to keep the user authentication state the same as that before the
RADIUS server went down. When this checkbox is selected, if the user
was authenticated before the server went down, then the user will remain
authenticated. If the user was not authenticated before the RADIUS
server went down, then the user will remain unauthenticated.
Note: This field is used in conjunction with the "After n Failed
Authentication
Attempts and "Make users wait n seconds" fields.
Attempt Re-authentication Every n Minutes -- If the RADIUS server
cannot be reached, the access point will attempt to authenticate all clients
via the RADIUS server according to the interval specified here. The re-
authentication interval must be specified in increments of 15 minutes.
Valid values are 15, 30, 45, etc.
Enable RADIUS Accounting --Select this button if you wish to enable
RADIUS accounting. Accounting keeps track of the number of bytes
and packets sent by a client. It also keeps track of the amount of time a
client has been authenticated. You will want to select this button if you
wish to monitor the amount of traffic a client passes, or the amount of
time a user is logged on. Typically, you will do this if you wish to bill
the client based on time or traffic.
Note: Accounting must be used with authentication. You cannot use
accounting without authentication.
Enable RADIUS Accounting Interim Updates -- Select this checkbox if
you wish to allow RADIUS accounting updates. If this feature is
enabled, the number of bytes and packets sent by a client will be updated
according to the update interval defined on the Advanced RADIUS Setup
screen.
WARP Settings Button -- Clicking this button displays the WARP
Settings screen, which allows you to define various IP addresses and
ports that will be used for Wireless Authentication and Registration
Protocol (WARP).
Advanced RADIUS Settings Button -- Clicking this button displays the
Advanced RADIUS Settings screen, which enables you to define more
advanced RADIUS parameters.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
111
Configure the APU for Advanced RADIUS MAC Authentication
1. From the MAC RADIUS Setup screen, click the Advanced RADIUS
Settings button. The Advanced RADIUS Setup screen is displayed,
as shown below.
Figure 4-44
Advanced RADIUS Setup Window
The Advanced RADIUS Setup screen is used to configure optional
RADIUS-related parameters.
2. Enter values in the Advanced RADIUS Setup screen, as indicated by
the field descriptions below.
NAS Identifier - This field displays your Network Access Server (NAS)
name. The access point's SNMP System Name is used as the NAS
Identifier, and is shown here for your convenience.
Note: The NAS ID takes the place of the IP address that would normally
be used to identify the AP.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
112
Use New Accounting Session ID After Authentication – Select this
checkbox if you wish to use another ID for accounting after
authentication has taken place.
Interim Update Interval -- Set the interval (in minutes) between interim
updates.
The interim update is used to send information in between normal
"start/stop" packets. Interim updates are useful because they provide a
log of network traffic at a regular interval.
The default value for the interim update interval is 15 minutes. The
interim update must be between 1 - 60 minutes.
Retry Interval (1/10 sec) -- The retry interval for accounting, in tenths of
a second. The default value is 5 (or a retry interval of .5 seconds). You
can set the retry interval to any value between 3 and 30.
Maximum Retries -- The number of times the access point will retry to
connect with the server. The default value is 8, and the range for retries
is between 1 and 10.
Set Up Realms for -- When an access client sends user credentials, a user
name is often included. Within the user name are two elements:
• Identification of the user account name
• Identification of the user account location
For example, for the user name user1@microsoft.com, user1 is the user
account name and microsoft.com is the location of the user account. The
identification of the location of the user account is known as a realm.
With RADIUS, a realm is used to separate one name space from another.
This allows you to create a login such as user@dom1.com and another
login such as user@dom2.com. RADIUS realms also allow Internet
Service Providers (ISPs) to segment customer logins, so authentications
go to the appropriate RADIUS server(s).
A domain is registered with the InterNIC, and used for mapping servers
and services to IP addresses, such as Web, e-mail, etc. Typically, a
RADIUS realm corresponds to a domain name (e.g., microsoft.com;
yahoo.com). However, there is no requirement to do so, and in fact ISPs
often assign realms with no top-level domain (for example, user@dom1 -
- without a .com extension).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
113
From the dropdown list, select the accounting or authorization feature for
which to provide special handling of <RADIUS realms>. Options
currently include:
• 802.1x Accounting
• 802.1x Authorization
• Access Control List (ACL) RADIUS Accounting
• MAC RADIUS Accounting
• MAC RADIUS Authorization
For each of the above Authentication/Accounting types, special handling
of RADIUS Realms can be enabled or disabled using the "Enabled
RADIUS Realms in this mode" checkbox. Depending on the selected
Authentication/Accounting type, different options are available for how
to handle RADIUS realms.
Following Realm Name -- Select the type of behavior that will be used
for the realm. The behavior determines how the access point handles the
realm. Select one of the following realm types:
Append -- Takes the user supplied user name, and appends the realm
name onto it (for example, if the user name is smith and the realm name
is microsoft.com, then the append action produces
smith@microsoft.com)
Supply -- Supplies the selected realm name if the user does not already
have one selected. If the user provided a realm name, then use the
provided realm name, and do not use the one provided
• Example #1: User provided smith, Behavior is set to Supply, and
user did not provide a realm name. The supply action produces
jsmith@microsoft.com.
• Example #2: User provided smith, Behavior is set to Supply, and
user provided the realm name yahoo.com. The supply action
produces jsmith@yahoo.com).
Require -- Requires the user to use the selected realm name (or none, if
none is selected). If there is a realm name in the realm name field, the
user must have the realm name indicated by the radio button. If the user
does not, then he or she is not authenticated. If none is selected, then the
user is required not to have a realm name.
• Example #1: User provided smith, Behavior is set to require,
user has the realm name microsoft.com, but yahoo.com is entered
in the realm name field. The user is not authenticated.
• Example #2: User provided smith, Behavior is set to require,
user has the realm name microsoft.com and microsoft.com is
entered in the realm name field. The user is authenticated.)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
114
Force -- Replaces any realm name supplied by the user with the selected
realm name, or strips off the realm name supplied by the user in the case
of none.
• Example: User provided smith, Behavior is set to Force, user
provides the realm name microsoft.com, but yahoo.com is
entered in the realm name field. The user is authenticated as
jsmith@yahoo.com)
Note: The available behaviors vary depending on the type of accounting
or authorization realm selected. The following table shows the types of
behaviors available for each type of accounting or authorization realm.
Table 4-3
Type of Accounting/Authorization Realm Behavior(s) Available
802.1x Accounting • Append
802.1x Authentication • Append
• Supply
• Require
• Force
ACL Radius Accounting • Append
MAC RADIUS Accounting • Append
MAC RADIUS Authentication • Append
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
115
Set Up HotSpot Functionality
You are now ready to set up HotSpot functionality.
1. From the MAC RADIUS Setup screen, click the WARP Settings
button. The WARP Settings screen is displayed, as shown below.
Enter the HotSpot configuration information on this screen, as
explained below.
Figure 4-45
WARP Settings Window
The WARP Settings screen is used to set up parameters for Wireless
Authentication and Registration Protocol (WARP).
The WARP feature enables the creation of Hotspots for wireless access.
This allows wireless users to access the Internet from their laptops or
PDAs, typically on a pay-per-use basis. When WARP is enabled, all
traffic is redirected to a login web server, and users will be unable to
access other web pages until they have successfully logged in.
Each of the fields and buttons on the WARP Setup screen are explained
below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
116
Enable Wireless Authentication and Registration Protocol -- Select
this checkbox to enable the Wireless Authentication and Registration
Protocol (WARP) feature. Note that once this checkbox is selected, the
other fields on the screen become available.
Enable fast user redirection (redirect before checking with RADIUS)
-- Select this checkbox if you wish to provide immediate access to the
Internet without going through the RADIUS authentication process.
When enabled, this option redirects all users without consulting the
RADIUS server. Users who have an account with time left do not have to
repeat the login process. This is particularly useful for roaming,
recovery from idle timeouts, and fast Internet access. It is also useful if
you wish to show a "splash screen" to all users.
If unselected, users will be redirected to the login server or their home
page. The AP is put in a "grace period" and a request is sent to the
RADIUS server. Established TCP connections may continue while the
request is pending (supports roaming without re-login at each AP). When
the response is received, the AP is either redirected to login, or allowed
full access to the Internet. Users with time remaining are given a link that
bypasses the registration process, and proceed directly to the redirect
through the login trigger port. Note that users with no account go
through the normal login procedure.
Authentication Web Server IP Address -- Enter the IP address of the
web server that should be used for WARP. When WARP is enabled, all
traffic will be redirected to this login web server, and users will be
unable to access other web pages until they have successfully logged in
on a pay-per-use basis.
Authentication Web Server Login Trigger Port -- Enter the number of
the port used in conjunction with the IP address of the login web server
for WARP. The login server directs successful logins to the trigger port,
which makes the access point attempt a second RADIUS authentication.
This authentication should be successful because the login updated the
RADIUS server client list. The second RADIUS request is done by the
access point when it sees traffic to the trigger port.
Note: The login trigger port cannot be the same port as the port used for
the login page or the logout trigger port.
Authentication Web Server Logout Trigger Port -- Enter the number
of the port used in conjunction with the IP address of the logout web
server for WARP. The logout server directs successful logouts to the
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
117
trigger port, which attempts a second RADIUS authentication. This
authentication should fail because the logout updated the RADIUS server
client list. The second RADIUS request is done by the access point
when it sees traffic to the logout trigger port.
Note: The logout trigger port cannot be the same port as the port used
for the login page or the login trigger port.
Identification Trigger Port n is redirected to Login Server –
Enter the port number that the client will be redirected to when the web
server needs to obtain the client's identification information. When the
Access Point sees the client attempting to connect to the Identification
Trigger Port, the client will be redirected to the login server at port 80
and the URL will be filled in with the client's MAC Address by the
Access Point.
Note: The Identification URL is independent of the White list URL
displayed at the bottom of the WARP Settings screen.
Web Server White list -- The Web Server White list allows you to add
or edit IP address/subnet mask pairs that correspond to websites that can
be accessed before the user is authenticated. For example, if HotSpot
access is being used in a coffee shop, the coffee shop might provide
access to its own web site without requiring authentication.
These IP address/subnet mask appear in the Web Server White list
window once they have been created.
Clicking the Add button displays the IP Address White list Entry screen,
and allows you to add new IP address/subnet mask pairs to your white
list.
Selecting an IP address/subnet mask pair in your white list and clicking
the Edit button also displays the IP Address White list Entry screen, and
allows you to edit one or both of the IP address/subnet mask entries for a
particular website.
Selecting an IP address/subnet mask pair in your white list and clicking
the Delete button deletes that entry from your white list. You are
prompted before the delete occurs.
Clicking the Delete All button deletes every entry in your white list.
You are prompted before the delete occurs.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
118
Clicking the Save File button allows you to save the IP address/subnet
mask entries in your white list to an external file, which can then be
imported at a later time.
Clicking the Import File button displays the standard Windows Open
File dialog, and allows you to navigate to the directory where a
previously saved white list can be selected and imported into the
configurator.
Redirect all other sites to IP Address -- Enter the IP address that will
be used to redirect all other sites. The IP address should be associated
with the URL entered in the field below.
Using the URL -- Enter the URL (using format
http://www.sitename.extension) to which all other sites will be redirected.
The URL must be associated with an IP address entered in the web
server white list or the WARP login server, or the AP will be redirected
forever.
If no URL is given, APs will be redirected to "http://<server-IP>/login".
This URL is useful to hide the IP, to change the location of the login
page, or to redirect to a non-login home page. Note that you must enable
the Identification Trigger Port to complete the login process.
Configure the RADIUS Server for Hotspot Service
Once the AP has been configured for basic operation, you are ready to
configure the device for HotSpot Mode and Firewall functionality.
This is a four-step process:
• Configure the RADIUS Server for Authentication (and,
optionally, Accounting)
• Configure the APU for Basic RADIUS MAC Authentication.
• Configure the APU for Advanced RADIUS MAC Authentication.
• Set up HotSpot Functionality
Each step is explained in more detail below. Note that this section
assumes that you have launched the AP Configurator and that you have
completed all steps in Configure the Access Point for Basic Operation
section.
1. From the Setup tab on the Configurator, click the RADIUS Server
button. The RADIUS Authentication and Accounting Server Setup
screen is displayed, as shown below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
119
Figure 4-46
RADIUS Setup Window
The RADIUS Server Setup screen is used to configure authentication and
accounting parameters for terminal servers that speak the RADIUS
protocol.
RADIUS is the de-facto standard protocol for authenticating users and
for recording accounting information. Accounting keeps tracks of the
number of bytes and packets sent by a client. It also keeps track of the
amount of time a client has been authenticated. It is commonly used by
Terminal Servers or Network Access Servers (NASs) whenever a user
logs on and off a dialup Internet service.
Note: This screen is only available if the MAC Authentication Access
Control button on the General Setup screen has been selected.
There are two main sections in the RADIUS server setup dialog:
RADIUS Authentication Setup and RADIUS Accounting Setup. In most
cases you will want to set up both, although you do not have to set up
Accounting. The two are almost identical except for the Authorization
Lifetime, which appears only with Authentication.
To set up RADIUS authentication and accounting:
1. Enter values in the RADIUS Authentication and Accounting Server
Setup screen to configure your RADIUS server. Each field on the
screen is explained in more detail below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
120
Authorization Lifetime -- Authorization lifetime is the length of time the
authorization is valid. Users will need to be-authenticated/re-authorized
after this time expires. You should set this value to the maximum time
you wish a user to be able to use your service without the need to be re-
authenticated.
Shared Secret -- The client file for your RADIUS server contains the IP
address and password for the base station you are setting up. You must
add the IP address and password (shared secret) from this file in the
RADIUS Server Setup screen.
Note: There are separate shared secrets (passwords) for authentication
setup and accounting setup. The shared secret is an ASCII string that
should be between 2 - 32 characters and should not start with a space.
Primary Server IP Address -- In the RADIUS dialog, enter the IP address
for the RADIUS server (the host).
Primary Server Authentication Port -- In the RADIUS dialog, enter the
authentication port (default = 1812) for the RADIUS server (the host).
Secondary Server IP Address -- If you are using a second RADIUS
server for network robustness, enter the IP address of that RADIUS
server.
Primary Server Accounting Port -- In the RADIUS dialog, enter the
accounting port (default = 1812) for the RADIUS server (the host).
Secondary Server Authentication Port -- If you are using a second
RADIUS server for network robustness, enter the authentication port
(default = 1812) for that RADIUS server (the host).
Secondary Server Accounting Port -- If you are using a second RADIUS
server for network robustness, enter the accounting port (default = 1812)
for that RADIUS server (the host).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
121
Procedure 3-6
Advanced and Optional Configuration
Once you have set up the basic network configuration, you may choose
to set up one or more optional or advanced configuration components.
This chapter describes how to configure the following optional and
advanced components:
Set Up the Bridge
The Bridge Setup screen is used to set up the bridge. In addition, you
may use the following screens to set up optional bridge components:
The Bridge Setup screen is used to set up the parameters used for
bridging. In most cases you will not need to modify the factory
configured Bridge Setup. If you are working with an extensive network
environment, however, and if you are an experienced network
administrator, you may want to modify some of the parameters to fit
specific network requirements.
The top half of the screen allows you to define different handling options
based on different protocols. The bottom half of the screen allows you to
define different handling options based on individual MAC addresses.
Note: This screen is only available when the Enable Bridging checkbox
has been selected on the General Setup screen.
Figure 4-47
Bridge Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
122
Protocol Filtering
The Protocol Filtering section of the Bridge Setup screen allows you
to select a handling method (Bridge, Deny, or Tunnel) for the most
common protocols.
Figure 4-48
Protocol Filtering Setup window
1. Select the protocols from the list that you wish to handle separately,
or click the Custom button to add an unlisted protocol. Click the OK
button when finished to re-display the Bridge Setup screen. Note
that the protocols you have selected are listed in the Protocol
Filtering window, and that all protocols are denied by default.
2. If you wish to Bridge or Tunnel any of the protocols in the list, select
the protocol, then click either the Bridge or Tunnel buttons
3. At the bottom of the Protocol Filtering list, click the Bridge, Deny, or
Tunnel button to define how all other non-listed protocols should be
handled.
Note: You can add new protocols to the list at any time by clicking the
Edit button and checking additional protocol check boxes.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
123
Tunnel Button--The Tunnel button is used in conjunction with the
protocols listed in the Protocol Filtering list. Select a protocol from the
list and click the Tunnel button to indicate that the selected protocol
should be tunneled.
Deny Button-- the Deny button is used in conjunction with the protocols
listed in the Protocol Filtering list. Select a protocol from the list and
click the Deny button to indicate that the selected protocol should be
denied.
Bridge Button-- the Bridge button is used in conjunction with the
protocols listed in the Protocol Filtering list. Select a protocol from the
list and click the Bridge button to indicate that the selected protocol
should be bridged.
Bridge MAC Address Filtering Overview
You can specify static MAC Address filters in Bridge Setup to optimize
the performance and increase security on your wireless (and wired)
network. You can permit or deny access to individual stations by
specifying their particular MAC Addresses, or to multiple stations by
using an X as a wildcard character. You can also permit or deny
Ethernet multicast address all traffic that does not match one of the pairs
explicitly listed in the Ethernet pair list will be permitted or denied based
on your selection.
Table 4-4
Traffic Filtering
Selection Traffic Matching Listed Pairs Traffic Not Matching Listed
Pairs
Permit Following Ethernet Pair Permit Deny
Deny Following Ethernet Pair Deny Permit
Stations to be filtered are identified by their MAC Address and whether
they are on a remote or local interface. The Interface parameter indicates
whether the station with the specified MAC Address is located on the
wired or wireless interface of the base station. Use the Add, Delete, and
Edit buttons to modify the entries of the list.
Permit Ethernet Broadcasts-- If you wish to deny broadcast traffic in
your bridged network, deselect this option. Normally, however, you will
select this option to permit Ethernet broadcasts.
Note: This option applies to all Ethernet interfaces, and not simply to
Ethernet traffic.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
124
Permit Ethernet Multicasts-- If you wish to deny multicast traffic in your
bridged network, deselect this option. Normally, however, you will select
this option to permit Ethernet multicasts.
Note: This option applies to all Ethernet interfaces, and not simply to
Ethernet traffic.
Advanced Bridging Features
The Advanced Bridge features can be accessed by clicking the Advanced
Features button on the Bridge Setup screen.
MAC Layer (Ethernet) Filters allow you to filter Ethernet traffic due to
bad or unknown
DHCP Filtering allows you to limit DHCP responses to a particular
DHCP server.
IP/ARP Filtering allows you to prevent unnecessary IP/ARP packets
from being sent over the wireless link.
Incoming Broadcast Filters allow you to prevent broadcast and multicast
packets arriving from the remote interface(s) from being transmitted on
the local interface(s).
Outgoing Broadcast Filters allow you to prevent broadcast and multicast
packets sent from the local interface(s) from being transmitted out the
remote interface(s).
Miscellaneous Statistics Gathering allows you to enable some
miscellaneous advanced bridging features.
Figure 4-49
Advanced Bridging Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
125
Permit Multicast Button-- Select this checkbox if you wish to permit
multicast.
Prune Multicast Button-- Select this checkbox if you wish to prune
multicast.
Enable Learned Table Lockdown--A standard Bridge/Router watches the
source addresses of each packet it receives on any of its interfaces.
As new addresses are seen, entries are added in the “learned table” that
contain the particular source address and the interface number that
address was received on. If that source address is later seen on a
different interface, the Bridge will immediately change the interface
number in the learned entry table. This condition could happen in a
correctly functioning network if someone moved the computer to a
different part of the network.
This could also happen if someone was trying to capture network
packets by spoofing the Bridge. Enabling learned table lockdown will
prevent the interface number from being changed once the source
address has been seen.
A standard Bridge will also time-out the learned table records every ten
(10) minutes. If learned table lockdown is enabled, these records will not
be timed-out. Once a record is learned, it will not be changed or deleted
until either the Secure Data Mode station reboots or the learned table
becomes completely filled and needs to be reset.
Note: A typical Secure Data Mode learned table can contain over
12,000 records.
Enable Expanded IP/ARP Support
Enabling this feature will cause the Secure Data Mode station to watch
the IP/ARP packets that occur on the network. Normally, no action is
taken in response to an IP/ARP packet that is not destined for a host that
is being Proxy ARPed by the Secure Data Mode station. When this
function is selected, the Secure Data Mode station will add the IP address
to its IP/ARP table when it sees an ARP packet from another source.
This feature is helpful on an ARP network because it will build a
database of MAC layer address to IP address pairs.
Note: The IP/ARP table is never timed out in this mode.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
126
Storm Threshold Setup
The Storm Thresholds screen is used to set threshold values for broadcast
and multicast messages.
In most situations, you will not need to set the Storm Thresholds.
However, if intensive multicast or broadcast messaging is typical of the
network protocols used in your network environment, you may wish to
control the maximum number of broadcast and multicast messages. If the
maximum value of broadcast or multicasts per second is exceeded, the
Secure Data Mode Station will ignore all subsequent messages issued by
the particular network device, or ignore all messages of that type coming
on that particular interface.
You can use the Storm Threshold screen to:
Specify a maximum value as received from a single network device
(identified by its MAC address).
Specify an absolute maximum of messages per second per Interface.
You can specify a set of thresholds for each Interface of the Secure Data
Mode Station access point, identifying separate values for the number of
Broadcast messages/second and Multicast messages/second.
Figure 4-50
Broadcast Storm Setup window
Broadcast Address Threshold
Enter the maximum number of broadcast messages per second that will
be received from a single network device (identified by its MAC
address).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
127
Multicast Address Threshold-- Enter the maximum number of multicast
messages per second that will be received from a single network device
(identified by its MAC address).
Broadcast Interface 1 Threshold-- Enter the maximum number of
broadcast messages per second that will be received on Interface 1
(typically Ethernet).
Multicast Interface 1 Threshold-- Enter the maximum number of
multicast messages per second that will be received on Interface 1
(typically Ethernet).
Broadcast Interface 2 Threshold-- Enter the maximum number of
broadcast messages per second that will be received on Interface 2
(typically 802.11b).
Multicast Interface 2 Threshold-- Enter the maximum number of
multicast messages per second that will be received on Interface 2
(typically 802.11b).
Broadcast Interface 3 Threshold-- Enter the maximum number of
broadcast messages per second that will be received on Interface 3
(typically 802.11a).
Multicast Interface 3 Threshold-- Enter the maximum number of
multicast messages per second that will be received on Interface 3.
Preset Button-- Clicking the Present button sets all broadcast and
multicast rates to their default values. The default values are as follows:
Table 4-5
Default Threshold values
Item Broadcast Multicast
Address Threshold 30 30
Interface1 Threshold 60 60
Interface2 Threshold 60 60
Interface3 Threshold 60 60
Spanning Tree Setup
The Spanning Tree Setup screen allows you to configure your bridges so
that they will dynamically discover a loop-free subset of the LAN
topology (a tree), that provides the most efficient level of connectivity
between every pair of physically connected Local Area Network
segments. See Spanning Tree for more information about how the
spanning tree algorithm works. The default settings for the Spanning
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
128
Tree Algorithm will provide satisfactory performance for most Local
Area Network (LAN) topologies.
Enable Spanning Tree-- Select this checkbox if you wish to enable
Spanning Tree capabilities.
Figure 4-51
VLAN Spanning Tree Setup window
Bridge Priority-- The Bridge Priority parameter allows you to influence
the choice of the Root Bridge and Designated Bridge as calculated by the
Spanning Tree Algorithm.
Valid Values: 0 - 65000
Default: 32768
A low numerical value makes the bridge more likely to become the
designated bridge or root bridge (typically 0).
The recommended value is 32768.
You may assign a duplicate priority value to multiple bridges, provided
that it is a non-zero value. Bridges that have an identical Bridge Priority
level are typically not intended to function as the root bridge.
Max Age-- The Max Age parameter identifies the maximum age of
received Spanning Tree protocol information.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
129
When the bridge receives protocol information that exceeds the Max Age
value, the bridge will discard the information and start the Forward
Delay timer to allow other bridges to forward updated topology
information (for example, that another bridge has become the Root
Bridge).
Note: Recommended Value (20 seconds)
A low Max Age value occasionally may cause the Spanning Tree to
reconfigure unnecessarily, resulting in temporary loss of connectivity
throughout the network.
A high Max Age value will cause the LAN to take longer than necessary
to rebuild the Spanning Tree whenever a link or bridge unit breaks down
or becomes available again.
Hello Time-- The Spanning Tree Hello Time parameter identifies the
time interval between Configuration PBDU transmitted by a root bridge,
or a bridge that is attempting to become the root bridge.
Note: Recommended Value (2 seconds)
Shortening the Hello Time will make the protocol more robust,
especially when the probability of loss of configuration messages is high.
Lengthening the Hello Time will lower the overhead of the algorithm
since the interval between the transmissions of configuration messages
will be longer.
Forward -- The Forward Delay is a timer that prevents a bridge to
forward data packets when:
• The bridge receives information that the active Spanning Tree
topology must be updated (for example when a bridge breaks down
or when somebody modified the Bridge Priority or Path Cost value of
a particular bridge).
• The bridge registers that the protocol information exceeds the
specified Max Age value.
• Changes in the Spanning Tree topology must be communicated to all
bridges in the bridged network. The Forward Delay timer will
compensate for the propagation delays that occur in passing the
protocol information, allowing all bridges to close the old data paths,
before the new data paths are activated.
Note: Recommended Value (15 seconds)
A lower value may result in temporary loops as the Spanning Tree
Algorithm converges.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
130
A higher value may result in longer partitions after the Spanning Tree
reconfigures.
Port Priority-- Normally the Bridge Port priority in Spanning Tree
topologies is imposed by the Root Bridge and the applicable values of
the Path Cost to the Root Bridge.
When concurrent bridge ports of a single bridge unit are connected in a
loop, this parameter enables you to influence which port should be
included in the Spanning Tree.
Valid Values: 0 - 255
Default: 128
A lower value makes a port more likely to become selected in the
Spanning Tree than the concurrent one that has a higher numerical value.
A higher value makes a port less likely to be selected in the Spanning
Tree than a port with a lower numerical value.
Path Cost-- The Path Cost value is used to determine the preferred data
paths between bridges throughout the network and the root bridge.
The Root Bridge transmits BPDU messages throughout the Local Area
Network. When a bridge unit receives a BPDU message at one of its
ports, it will add the value in the Path Cost field for that port to the value
in the Root Path Cost Field of the BPDU message before forwarding the
message again. This will help the other bridges to determine the Total
Path Cost to the Root Bridge via this port.
Valid Values: 0 - 255
Default: 100
A lower Path Cost value would typically be used for ports to LAN
segments closer to the Root Bridge.
A higher Path Cost value would typically be used for ports to LAN
segments that are the "leafs" of the Spanning Tree.
For example, when using the Secure Data Mode Station as an access
point for wireless stations to the Ethernet, a high Path Cost for the
wireless interface will minimize unnecessary use of the bandwidth for
the wireless medium (recommended value 255).
When using Secure Data Mode Stations in a wireless point-to-point link
to interconnect two LAN segments, a low Path Cost for the wireless
interface will prioritize this link as compared to other physical links, such
as a leased line or low-bandwidth connections.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
131
Set Up IP for APU and CSU
The IP Setup screen allows you to set the Secure Data Mode Station's IP
Addressing information. The Secure Data Mode Station must have an IP
address assigned to it if you wish to connect to it using the Configuration
tool, which makes use of SNMP to connect to the Secure Data Mode
Station.
Note: This screen is only available when the Enable IP Routing, Enable
Outgoing Network Address Translation, and Enable Incoming Network
Address Translation checkboxes been de-selected on the General Setup
screen.
Figure 4-52
IP Setup window
You can choose to set up the base station to obtain an IP address from
DHCP server. If you select this option, you must also choose the
interface on which you would like the base station to send the request.
This option causes your base station to send a broadcast request for its IP
address, subnet mask, and default router over the given interface at base
station startup time. If you select the DHCP option, it is recommended
(though not required) that you set up your DHCP server to always
provide the same IP address to this Secure Data Mode Station system.
You can also manually specify an IP Address to set the IP Address for
the base station yourself:
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
132
You can set the life expectancy for packets originating from this Secure
Data Mode Station using the Default TTL (Time to Live) field.
You can use syslog messages to log information such as logins, service
errors and general configuration information. Since there is no storage
on a base station, a general purpose computer is needed to log these
messages. To set the syslog host that will accept syslog messages, use
the Syslog Host Address and Syslog Host Facility fields.
Obtain an IP Address from DHCP Server-- Select this radio button if you
wish to obtain an IP address from the DHCP Server.
If you select this option, you must also choose the interface on which
you would like the base station to send the request. This option causes
your base station to send a broadcast request
For its IP address, subnet mask, and default router over the given
interface at base station startup time. If you select the DHCP option, it is
recommended (though not required) that you set up your DHCP server to
always provide the same IP address to this Secure Data Mode Station
system.
Using Interfaces-- Select the interface for which you wish to obtain an IP
address. A base station has several network interfaces to which it may be
connected. The network interfaces are numbered (1, 2, 3...), and the
interface numbers may be found by selecting Interface Setup from the
Setup Menu.
Specify an IP Address-- Select this radio button if you wish to enter an
IP address manually.
Our IP Address-- This is the address of the Secure Data Mode
Bridge/Router itself. If you wish to configure or monitor your Secure
Data Mode Bridge/Router, or if your network supports IP and you wish
to enable the Ping support and IP/SNMP support of the Secure Data
Mode Bridge/Router, set this to a valid IP address. After setting this
address to 0.0.0.0, enter the IP address of the base station.
Please note that unless you enable IP Routing on the IP Router Setup
screen, the Bridge/Router is not an IP router. It has only one IP address,
and that address applies to both the remote and local networks (i.e., both
sides of the Bridge). Having two Ethernet interfaces with the same IP
address is different than a standard IP host, but is appropriate for a
Transparent Bridge. The Ethernet address of both interfaces is also the
same.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
133
Note: This field is only enabled when the Specify an IP Address radio
button has been selected.
Our Subnet Mask-- Enter the subnet mask for the base station.
Note: This field is only enabled when the Specify an IP Address radio
button has been selected.
Default Router IP-- Enter the IP address of the router.
Note: This field is only enabled when the Specify an IP Address radio
button has been selected.
Select Button-- Clicking this button displays the IP Mask List screen,
which allows you to select a particular IP mask.
IP Mask List-- The IP Mask List window displays a list of common IP
subnet masks for a given size IP subnet.
Default TTL-- The Time To Live (TTL) counter avoids endless
forwarding of message frames with incorrect addressing by defining a
maximum number of hops a packet can take. Each time the frame is
forwarded by a router, the TTL counter decreases by one.
When the TTL = 0, the frame is rejected.
Syslog Host Address-- Syslog messages can be used to log information
such as logins, service errors and general configuration information.
Since there is no storage on a base station, a general purpose computer is
needed to log these messages.
The Syslog Host Address is the IP Address of the system which accepts
"syslog" system logging packets from the base station.
Syslog Host Facility
Syslog messages can be used to log information such as logins, service
errors and general configuration information. Since there is no storage
on a base station, a general purpose computer is needed to log these
messages.
The Syslog Host Facility describes the part of the system generating the
syslog message, and in UNIX-based systems usually uses one of the
following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark,
news, syslog, user, uucp, and local0 through local7.
The base station is capable of sending messages using the local0-local7
facilities. Enter the correct syslog facility number (0-7) that corresponds
to the local facility type on your syslog host.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
134
Set Up SNMP
The SNMP Setup screen allows you to manage a network environment
that includes multiple base stations where you can use the Simple
Network Management Protocol (SNMP).
SNMP setup allows you to create multiple authorization levels for
network management that are password protected.
Figure 4-53
SNMP Setup window
Read Password-- This password enables you to create a network
management level where a local LAN Administrator can view, but not
modify, the SNMP parameters.
Read/Write Password -- This password enables you to create a network
management level where only a Network Supervisor knowing the right
Read/Write password will be able to view or modify the SNMP
parameters.
Contact--Optionally, enter the name or address of the Network
Administrator.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
135
System Name-- Optionally, enter the logical location of a base station
(for example, the network segment to which the base station has been
connected).
System Location-- The optional field to identify the physical location of
a base station. For example, the building or room where the base station
is located at
Trap Host IP Address-- The IP Address of the network management
station that collects the SNMP Trap messages.
The Trap Host is the station in an SNMP managed network where SNMP
trap messages are collected. Trap messages are sent to the trap host when
certain events occur, such as rebooting.
Trap Host Password-- The Trap Host is the station in a SNMP managed
network where SNMP trap messages are collected. Trap messages are
sent to the trap host when certain events occur, such as rebooting.
Enter a password that corresponds to the password set at the Trap Host to
filter unsolicited or unauthorized SNMP Trap messages at the Trap Host.
The Trap Host IP Password will be embedded in the SNMP Trap
messages sent by this base station. If the Trap Host receives a message
without or with an unknown password, the Trap message will be ignored.
SNMP IP Access List-- The SNMP IP Access List displays the IP
addresses and subnet masks of those stations that you have designated as
stations that will manage networks using SNMP.
In addition to the Read and Read/Write passwords, you can use the
SNMP Access List to prevent unauthorized users from modifying the
SNMP setup of your base stations.
The SNMP IP Access List enables you to authorize SNMP management
to a restricted group of SNMP Management stations identified by:
The unique IP address of the Management Station(s)
The interfaces via which the base station will be accessed.
Click the Add button to display the Input SNMP Access List to add new
IP addresses to the list.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
136
Input SNMP Access List Dialog - Overview
Clicking the Add button displays the SNMP Access List Dialog, which
allows you to enter the IP addresses and subnet masks of those stations
that you have designated as stations that will manage networks using
SNMP.
Figure 4-54
Input SNMP Setup window
IP Address-- The unique IP address of the SNMP management station
you wish to add or edit.
IP Mask-- Enter the Subnet mask, or clicks the Select button to display
the IP Mask List and select a mask from the list.
Note: A subnet mask value of 255.255.255.255 will authorize only the
station with the address specified in the IP address. A subnet mask value
of 255.255.255.0 will authorize all stations that have an IP address
within the range of that particular subnet (the IP address field will
display the value xxx.xxx.xxx.0).
Warning: The subnet mask value 0.0.0.0 will authorize any station to
view or modify SNMP IP setup of the base station via the interface
identified in the Interface field.
Interface-- The number of the interfaces over which packets on this route
is sent.
Select Button-- Clicking this button displays the IP Mask List screen,
which allows you to select a particular IP mask.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
137
Set Up IP Routing
The IP Router Setup screen is used to set up IP Routing. This enables the
base station to send IP packets to the appropriate subnet or router. Once
you have set up the basic IP Router configuration, you may also want to
set up the following optional components:
Note: This option is only available if the Enable IP Routing checkbox
on the General Setup screen has been selected.
Figure 4-55
IP Router Setup window
IP Route List
This pane displays the list of IP Routes that this Router has been
configured to use. To add additional direct or indirect routes, click on the
Add/Direct or Add/Indirect buttons.
Table 4-6
IP Route List
IP Route List
This pane displays the list of IP Routes that this Router has been
configured to use. To add additional direct or indirect routes,
click on the Add/Direct or Add/Indirect buttons.
Mask The Subnet Mask of the IP Address, which shows which
addresses should be routed using this route.
Target For a Direct Route, the word Direct appears in this field. For an
Indirect Route, this field shows the Default Router.
Interface/Cost For direct routes, the interface to use when sending packets
using this route. For indirect routes, the cost metric of using this
route (used to determine the best route to use for a given packet).
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
138
Default Router IP Address-- Enter the IP Address of the router that the
base station should use to communicate with networked devices outside
its current subnet.
Default Router Serial Interface-- The Secure Data Mode station has
several network interfaces to which it may be connected. An interface
number is required for the Secure Data Mode station to know which
interface to use to send packets addressed to a given destination. This
field displays the serial interface that the router will use by default.
Preferred IP Address-- From time to time, the Secure Data Mode
Bridge/Router will transmit unsolicited IP packets such as SNMP traps,
Syslog, RIP, or IP/ARP packets. Most routers randomly use one of the IP
addresses from one of the router interfaces as the source IP address for
these packets. However, in the Preferred IP Address field, you can
specify the source IP address that you prefer to use for these packets.
Default TTL-- The Time To Live (TTL) counter avoids endless
forwarding of message frames with incorrect addressing by defining a
maximum number of hops a packet can take. Each time the frame is
forwarded by a router, the TTL counter decreases by one. When the TTL
= 0, the frame is rejected.
Syslog Host Address-- Syslog messages can be used to log information
such as logins, service errors and general configuration information.
Since there is no storage on a base station, a general purpose computer is
needed to log these messages.
The Syslog Host Address is the IP Address of the system that accepts
"syslog" system logging packets from the base station.
Syslog Host Facility-- Syslog messages can be used to log information
such as logins, service errors and general configuration information.
Since there is no storage on a base station, a general purpose computer is
needed to log these messages.
The Syslog Host Facility describes the part of the system generating the
syslog message, and in UNIX-based systems usually uses one of the
following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark,
news, syslog, user, uucp, and local0 through local7.
The base station is capable of sending messages using the local0-local7
facilities. Enter the correct syslog facility number (0-7) that corresponds
to the local facility type on your syslog host.
Disable ARP Cache Aging-- Select this checkbox to stop the Address
Resolution Protocol (ARP) table from removing entries after a certain
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
139
period of time. The IP ARP table relates each (wired or wireless)
station's IP address to its physical MAC Address so the base station
knows how to address Ethernet messages bound for a particular IP
Address. If you disable (uncheck) ARP cache aging, the base station will
not remove entries from this table, and it may fill up over time. The base
station can hold up to 10,000 entries in the ARP table.
Enable Multicast Pruning-- Select this checkbox if you want to enable
multicast pruning.
IP multicast is a bandwidth-conserving technology that reduces traffic by
simultaneously delivering a single stream of information to potentially
thousands of corporate recipients and homes.
Without multicast pruning, multicast traffic is treated in the same manner
as broadcast traffic. That is, it is forwarded to all ports. However, with
multicast pruning, you choose to permit only the packets that are a part
of multicast group in your network. Multicast pruning generates no
additional network traffic, allowing you to significantly reduce multicast
traffic passing through your switch.
Add Direct IP Routes
Clicking the Add/Direct button displays the Add Direct IP Route screen,
which allows you to add new direct IP routes.
When the Secure Data Mode station has two or more IP subnets directly
attached to its different interfaces, it can route IP packets between those
subnets using a direct route. This screen is used to specify the direct
routes for each of the interfaces on the Secure Data Mode Bridge/Router.
A direct route consists of an IP address, which specifies the basic IP
address to route, a Subnet Mask which defines the basic class of IP
addresses that will be routed, and an interface number which specifies
where the IP subnet is attached. When IP packets addressed to a system
arrives at the Secure Data Mode station, the Secure Data Mode station
will send it directly to the target machine on the interface specified.
Figure 4-56
Direct IP Route Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
140
IP Address-- The IP address specifies the basic IP address to route.
IP Mask-- The Subnet Mask which defines the basic class of IP
addresses that will be routed. Clicking the Select button displays the IP
Mask List, which the shows the IP Masks that can be used as public or
private IP masks for IP routing. The list consists of all possible subnet
masks, and represents the range of addresses that will be translated.
Interface-- An interface number specifies where the IP subnet is attached.
Add Indirect IP Routes
The Add Indirect IP Route screen is used to add indirect IP routes.
When the base station needs to send IP packets between IP subnets
which are not directly connected to one of its interfaces (i.e., not on the
same network segment), it must have an indirect route for sending those
packets.
An indirect route consists of:
An IP Address which specifies the basic IP address to route,
A Subnet Mask which defines the class of IP addresses that will be
routed,
A Target Router that will relay the IP packet, and
A Cost value, which specifies the number of "hops" required for the
indirect route.
When an IP packet addressed to a system on the indirectly routed subnet
arrives at the base station, the base station will route it over the interface
specified to the Target Router to be further routed.
Figure 4-57
Indirect IP Route Setup window
IP Address-- The IP Address which specifies the basic IP address to
route.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
141
IP Mask-- Enter the IP subnet mask for the IP address to be routed, or
click the Select button and choose a subnet mask from the list. Clicking
the Select button displays the IP Mask List, which the shows the IP
Masks that can be used as public or private IP masks for IP routing. The
list consists of all possible subnet masks, and represents the range of
addresses that will be translated.
Target Router-- Enter the IP address of the router that you wish to use as
the target router.
A target router is the IP address of the router that knows how to handle
the IP packet that is being routed. When used in indirect routes, it could
specify the router that is attached directly to the subnet of the packet's
final destination, or a router that knows where to send it.
Cost-- The cost value reflects the number of "hops" required for the
connection. The default value of 1 indicates that only one "hop" is
required. The lower the cost value, the more likely that route will be
chosen.
Advanced IP Routing Setup
The More IP Router Setup screen is used to set up advanced IP router
interfaces.
Figure 4-58
Advanced IP Routing Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
142
Send RIP-2 Default Route-- If the base station sends the Routing
Information Protocol (RIP) default route (0.0.0.0) to other routers and
hosts attached to a particular interface, select that interface's checkbox on
the Send RIP Default Route line. By default, the base station will not
send the Default Route on a particular interface unless this box is
checked.
In the example shown in the screenshot, the base station will send RIP
routes only on interfaces 1 and 2.
Send RIP-2 Routes -- If the base station should SEND Routing
Information Protocol (RIP) Routes for routes of which it has knowledge
to other routers on a particular interface, select that interface's checkbox
on the Send RIP Routes line. By default, the base station will not send
RIP Routes on a particular interface unless this box is checked.
For the given example, the base station will send RIP Routes only on
interface 1.
Listen to RIP-2-- If the base station should ACCEPT Routing
Information Protocol (RIP) routes from other routers on a particular
interface, select that interface's checkbox on the Listen to RIP line. By
default, the Secure Data Mode Station will not accept RIP Routes from
other routers, so you must select the interfaces if you wish to listen to
RIP. For the given example, the Secure Data Mode Station will listen to
RIP Routes on Interfaces 1 and 2, but will not accept RIP routes sent to it
on interface 3.
Enable Proxy ARP-- Enabling Proxy ARP for a particular interface tells
the base station that when it receives an ARP request for a particular
client connected by that interface, that the base station itself should
respond to the ARP Request, fulfilling the request with information that
is in its IP ARP Table.
For example, Proxy ARP is enabled on interface 2. The IP ARP Table
contains (among others) the following entry:
Table 4-7
IP ARP Table
Interface Physical Address IP Address Media Type
2 00:60:1d:04:4d:88 10.7.3.5 dynamic
Since Proxy ARP is enabled for interface 2, when the base station
receives a broadcast ARP Request for 10.7.3.5, instead of passing the
ARP on to 10.7.3.5, the base station will answer the request with
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
143
information its own IP ARP table, that is: IP Address 10.7.3.5 -> MAC
Address 00:60:1d:04:4d:88.
Proxy ARP is useful in many situations to reduce unnecessary network
traffic, but is especially useful when you have clients in power-save
mode, to prevent them from being 'woken up' whenever an ARP is done.
Enable BOOTP/DHCP Forwarding -- Select the interfaces for which you
would like the base station to forward BOOTP and DHCP requests on to
the BOOTP/DHCP server, which is specified in 'Forwarding Host’.
Forwarding BOOTP and DHCP requests is necessary when the
BOOTP/DHCP clients are not on the same IP subnet as the
BOOTP/DHCP server.
If you are using BOOTP/DHCP, forwarding should most likely be
DISABLED for the interface through which the BOOTP/DHCP server is
located, and ENABLED for the other interfaces.
In the displayed screen, the BOOTP/DHCP Server is located via
interface 1, so forwarding is enabled for interfaces 2 and 3, since clients
on interfaces 2 and 3 have no other way of accessing the BOOTP/DHCP
server.
Forwarding Host -- If you have enabled BOOTP/DHCP forwarding for
one or more interfaces, enter the IP address of the BOOTP/DHCP server
or relay agent to which you should forward BOOTP/DHCP requests.
In this example, the BOOTP/DHCP Forwarding host is 10.2.3.1.
Accept RIP-2 for the Following Routes-- In addition to the other
Advanced IP Router features which allow you to accept RIP routes from
particular interfaces, you can specify which RIP Routes you would like
to accept. You are also able to specify the interfaces from which you
would like to accept those particular RIP Routes.
The base station will accept RIP only for three particular routes. In the
More IP Router Setup screen, it was specified that the base station should
listen to RIP Routes on interfaces 1 and 2. This section further specifies
that the base station should listen to the following RIP Routes ONLY:
10.17.42.0 (mask 255.255.255.0) only if it comes from interface 1
10.20.24.0 (mask 255.255.248.0) only if it comes from interface 2
10.220.23.0 (mask 255.255.255.0) on any interface
All other RIP routes will be ignored.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
144
DHCP Server Setup
The DHCP Server Setup screen is used to set up the base station's
Dynamic Host Configuration Protocol (DHCP) Server feature. The
DHCP Server feature is a basic DHCP Server that can enable any and all
wireless (or other) clients that connect to the base station to obtain their
IP Address information from this Secure Data Mode.
Warning: If you have set up the base station to Obtain IP Address from
DHCP Server on the IP Host Setup screen, do not enter anything in the
Domain Name Info section of this screen. When the base station gets its
own IP Address by DHCP, it will automatically determine the correct
Domain Name information. You should, however, set up the IP Range
and Gateway/Router Info section and select the correct interface.
Note: This screen is only available when the Enable DHCP Server
checkbox has been selected on the General Setup screen.
Figure 4-59
DHCP Server Setup window
Offered IP Address-- Enter the beginning and ending IP addresses for the
IP address range that the Secure Data Mode Station should offer to
DHCP clients. When DHCP requests are received by the Secure Data
Mode Station, it will offer the IP Starting Address to the first client, and
increment the IP address offered to each consequent DHCP client until it
reaches the IP Ending Address. IP Address leases must be renewed by
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
145
the DHCP client within the given Lease Time, or the IP Address will be
made available to another client.
Note: The Secure Data Mode Station does NOT store DHCP address
assignments between restarts. If the Secure Data Mode Station is
rebooted, it will ARP for each address in the provided address range,
recording which client is using which IP address.
Note: Be careful not to include the default router's IP address in the
Offered IP
Address range.
Default Router Address-- Enter the default router IP address for the
Secure Data Mode Station's DHCP clients.
Note: The default router IP address must be outside of the range defined
by the Offered IP Starting Address and Offered IP Ending Address.
Default Router Mask-- Enter the subnet mask for the default router, or
click the Select button to display the IP Mask List, and select a subnet
mask from the list.
Lease Time in Minutes-- A DHCP lease is the amount of time that the
DHCP server grants permission to the DHCP client to use a particular IP
address. Enter the lease time (in minutes) for your DHCP server.
DNS Server IP Addresses-- Enter the IP address for the DNS server.
Warning: If you have set up the base station to Obtain IP Address from
DHCP Server on the IP Host Setup screen, do not enter any DNS server
IP addresses or a domain name. When the base station gets its own IP
Address by DHCP, it will automatically determine the correct Domain
Name information. You should, however, set up the IP Range (IP
starting and ending addresses) and Gateway/Router Info section and
select the correct interface.
Domain Name-- Enter the name of the domain.
Warning: If you have set up the base station to obtain IP Address from
DHCP Server on the IP Host Setup screen, do not enter any DNS server
IP addresses or a domain name. When the base station gets its own IP
Address by DHCP, it will automatically determine the correct Domain
Name information. You should, however, set up the IP Range (IP
starting and ending addresses) and Gateway/Router Info section and
select the correct interface.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
146
Enable DHCP Server on Interface-- Select the interface on which you
wish to enable the DHCP server.
Set Up Outgoing Network Address Translation (NAT)
Outgoing Network Address Translation (NAT) allows multiple
computers to share a single IP address to connect to an IP network,
including the Internet. This allows homes, small businesses, and Internet
Service Providers to have Internet service for all of their computers
without having to pay for additional IP addresses. The NAT feature
serves as a simple firewall for incoming connections, since only traffic
initiated by an interior computer is permitted through the NAT.
In the screen shown below, when the client 10.0.1.1 wants to send data to
the Internet, the access point will take the packet, replace the return
address of 10.0.1.1 with 140.254.5.147, and then send the packet to the
Internet. When a response comes from the Internet, the access point
sends it to the correct client in the local address space.
Note: This screen is only available when the Enable Outgoing NAT
checkbox has been selected on the General Setup screen.
Note: You do not need to turn on Outgoing NAT if you are using
Incoming NAT, and vice versa. Incoming NAT only needs to be
configured if servers in the local (private) address space need to connect
with clients in the global (public) address space.
Figure 4-60
Outgoing NAT Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
147
Public IP Address-- The IP address/mask seen by the external network.
Note: The IP address and subnet mask must be the same as the one in the
IP Setup dialog under the Setup menu.
Public IP Mask-- The IP mask seen by the external network.
Note: The IP address and subnet mask must be the same as the one in the
IP Setup dialog under the Setup menu.
Select IP Mask Button-- Clicking this button displays the IP Mask List,
which the shows the IP Masks that can be used as public or private IP
masks for outgoing NAT. The list consists of all possible subnet masks,
and represents the range of addresses that will be translated.
Private IP Address-- The IP address that is seen by the local/internal
network.
Note: The IP will be combined with the subnet mask, and the range of
addresses that results will be translated. This range of IP set must match
the addresses of the clients that connect to the base station.
Private IP Mask-- The IP mask that is seen by the local/internal network.
Note: The IP will be combined with the subnet mask, and the range of
addresses that results will be translated. This range of IP set must match
the addresses of the clients that connect to the base station.
Inhibit Private NAT IP Address through this interface
This option allows you to select one or more interfaces in which NAT
will not be permitted. By default, no interfaces are selected. To select
more than one interface, hold down the <Ctrl> key and click the names
of the interfaces you wish to inhibit. Typically, you will inhibit the
public interfaces because you will generally have users behind the
private side (i.e., the private side is NATed to the public side).
Therefore, you must inhibit the interface used on the public side,
whichever it may be. For example, in the screen shown below, the
Ethernet 10.* network is NATed to the 140.* public wireless network.
Therefore, NAT must be inhibited on the public interface, in this case the
802.11b interface. To do this, you would select 802.11b from the list, and
click the OK button.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
148
Set Up Incoming Network Address Translation (NAT)
Incoming Network Address Translations (NAT) is used to redirect
requests to servers in the local address space based on the port of the
request. If, for example, the client at local address 10.0.1.2 is serving
web pages, and a request comes to the access point on that port for a web
session, then the request will be forwarded to the web server on 10.0.1.2.
The server will respond with the web page to the address of the original
request.
Note: This screen is only available when the Enable Incoming NAT
checkbox has been selected on the General Setup screen.
Note: Incoming NAT only needs to be configured if servers in the local
(private) address space need to connect with clients in the global (public)
address space. You do not need to turn on Incoming NAT if you are
using Outgoing NAT, and vice versa.
To set up incoming NAT:
1. From the Setup tab, select General Setup. The General Setup screen
is displayed.
2. Make sure that the Enable IP Routing checkbox is unchecked.
3. Select the Enable Incoming Network Address Translation checkbox,
and then click OK to close the General Setup screen.
4. Click the Incoming NAT button on the Setup tab. The Incoming
Network Address Translation Setup screen is displayed, and any
public and private IP address/port pairs that you have previously
defined are displayed in the window.
Figure 4-61
Incoming NAT Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
149
IP Addresses/Ports-- This window displays the public and private IP
address/port pairs that you have previously defined.
Public IP Mask-- The public subnet mask for your local (internal) servers
in the dialog. The public IP mask is paired with the Public IP address on
the Input IP Address screen, as shown in the screens below.
Note: The public IP Mask must be the same subnet mask that was used
in the setup of the external (or global) address of the base station.
Private IP Address-- The private IP address for your local (internal)
servers in the dialog.
Note: The Private IP Address must be the same as the address and subnet
mask that was selected for your internal network.
Private IP Mask-- The private subnet mask for your local (internal)
servers in the dialog.
Note: The private IP Mask must be the same as the subnet mask that was
selected for your internal network.
Add IP Address/Port Pairs-- Clicking the Add button displays the Add IP
Address/Port Pair screen is used to add new pairs of incoming ports, and
the IP address to which they should be directed.
Figure 4-62
Input IP address/Port (NAT) Setup window
Public IP Address-- The public IP address for the service you wish to use.
On the incoming NAT, there can only be one public address. You can
map ports to specific local servers, but you must use the same public IP
address, as configured on the incoming NAT screen.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
150
Note: The Public IP address is paired with the Public IP mask on the
Incoming Network Address Setup screen, as shown in the screenshots
below.
Public Port-- The public port for the service you wish to use. For a
discussion of the ports on which well known services run, see
http://www.tatanka.com/doc/technote/tn0081.htm.
Note: The public IP address must be the same for different local servers,
but the port will be different (e.g. different ports for SMTP, FTP, web
servers, etc.).
Private Server IP Address-- The local (private) IP address of the server to
which the request should be forwarded.
Private Server Port-- The local (private) port on the server to which the
request should be forwarded.
Set up IP/UDP/TCP Filters-- Select the Firewall option from the Setup
Tab to set up the IP TCP/UDP firewall (filtering) features.
IP Firewalls are used to restrict access between (sub) networks to certain
IP hosts, types of IP packets, or connections to certain ports. You can set
up the firewall to completely block all external IP traffic, or restrict
access to certain machines, ports, or packet types.
Note: You must select the Enable IP/TCP/UDP Security Filters
checkbox on the General Setup screen in order to access this screen.
Remote IP Address and Mask-- This column of the TCP/UDP Filter List
displays the IP Address and Subnet Mask of the (un-trusted) remote sub
network or machine for which you have chosen to set up this IP
UDP/TCP filter.
Local IP Address and Mask-- This column of the TCP/UDP Filter List
displays the IP Address and Subnet Mask of the local sub network or
machine that is being protected by this particular firewall filter.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
151
Figure 4-63
Firewall Setup window
Add/Edit IP Address Mask Pair
The Add/Edit IP Address Mask Pair screen is used to enter both the IP
Address and Subnet Mask of both the local network (or machine) you
would like to protect and the remote network (or host) you would like to
protect it from.
A particular filter is applied only to traffic between the specific local and
remote networks (or hosts) shown in the list. If you wish to filter all
traffic, set the Remote IP Address and Subnet Mask both to '0.0.0.0'.
Figure 4-64
Input IP address (Firewall) Setup window
TCP Security Filters
To set the TCP ports to which a given filter will be applied, select the
filter you want to modify in the TCP/UDP Filter List and click the TCP
Ports button.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
152
Figure 4-65
TCP Security Filter Setup window
TCP Port Options
Clicking the Port Options button on the TCP Security Filter screen
displays the TCP Port Options screen. To set how the firewall filter is
applied for a given port, select the port (or the line labeled 'All other
ports') from the Selected TCP Ports list, and click on the 'Port Options'
button. This will display the window below, which you can click on for
more information. If you select the line 'All Other Ports' and then click
the 'Port Options' button, you will see a screen similar to the one
described in the UDP Port Options screen.
Figure 4-66
TCP Port Options Setup window
UDP Port Filters
To set the UDP ports to which a given filter will be applied, select the
filter you want to modify in the TCP/UDP Filter List and click the 'UDP
Ports' button.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
153
Figure 4-67
UDP Port Options Setup window
UDP Port Options
Clicking the Portion Options button on the UDP Security Filters screen
displays the UDP Port Options screen. To set how the firewall filter is
applied for a given port, select the port (or the line labeled 'All other
ports') from the Selected UDP Ports list, and click on the 'Port Options'
button. The window displayed below is for the 'All Other Ports' line,
which sets the filter settings for all ports not explicitly listed in the
Selected UDP Ports list. See TCP Port Options for an example using a
specific port.
Figure 4-68
UDP Port Options Setup window
Firewall Setup Options
The Firewall Setup Options screen allows you to set handling options for
a particular filter. Select the filter from the list on the Firewall Setup
screen, and then click the Options button to display the following options.
Alternately, you can simply double click the filter in the list to display
the Firewall Setup Options screen.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
154
Figure 4-69
Firewall Option Setup window
Enable Data Encryption-- Select this option if you wish to enable the
data in packets sent between the IP hosts or subnets specified in this filter
to be encrypted/decrypted by the Secure Data Mode Station. This option
is not available if Data Encryption is not enabled on the General Setup
screen.
Permit Non UDP/TCP Packets-- Select this option if you would like the
Secure Data Mode Station to allow IP packets that are neither TCP nor
UDP, such as ICMP. The firewall does not have specific filters for IP
protocols other than TCP, UDP, and ICMP. If you want to deny other
relatively rare protocols, do not select this checkbox.
Permit IP Source Routed Packets-- Select this option if you want the
Secure Data Mode Station to allow Source-Routed IP packets to the local
hosts protected by this filter. Source-Routed packets contain routing
information inside the packet headers, instead of allowing network
routers to decide the best route for the packet. They are primarily used in
network troubleshooting, but may be used to 'fool' the firewall that the
packets are coming from a trusted host. We strongly recommend that
you do not permit source routed packets.
Permit Fragments-- Select this option if you would like the Secure Data
Mode Station to permit fragmented IP packets to be passed through the
firewall. IP packets may be incorrectly fragmented, creating security
problems for hosts that may not properly handle incorrectly fragmented
IP packets.
Respond with Unreachable Messages-- Select this option if you want the
Secure Data Mode Station to respond to remote hosts attempting to
connect to local machines with Destination Unreachable messages when
the connection is denied by this security filter.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
155
Log Non UDP/TCP & Source Routed & Fragment Packets-- Select this
option if you want to log to the syslog for all packets that are not
UDP/TCP, are source-routed, or are fragmented.
Trap Non UDP/TCP & Source Routed & Fragment Packets-- Select this
option if you want the Secure Data Mode Station to SNMP Trap
messages whenever a non-TCP or non-UDP, Source Routed, or
Fragmented IP packet is received by the Secure Data Mode Station.
SNMP Traps are sent to the SNMP Trap Host specified in SNMP Setup.
Record Non UDP/TCP & Source Routed & Fragment Packets-- Select
this option if you want the Secure Data Mode Station to record all
packets that are not UDP/TCP, are source-routed, or are fragmented.
IP Protocol Filters
Clicking the IP Protocols button displays the IP Protocol Filters screen,
which allows you to set the IP protocols to which a given filter will be
applied. Select the filter you want to modify on the Firewall Setup
screen, and click the IP Protocols button.
Less Frequently Used IP Protocols-- This list displays some of the less
commonly used protocols that run over IP If you wish to filter one of
these protocols, select it and click the [ -> ] button. Then set the action
to take using the Protocol Options button.
Selected IP Protocols-- Select one of the protocols added to the list and
then click the Protocol Options button to set the action for this protocol.
Select “All Protocols" or "All Other Protocols" to set a default action
when a packet is received from a protocol for which no action has been
defined.
Figure 4-70
IP Protocol Filter Setup window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
156
Custom IP Protocol-- If you wish to explicitly allow or deny access to a
given IP protocol not listed in the two panels above, you can add that
protocol to the list by simply typing it in the Custom IP Protocol field
and clicking on the right arrow button [->] next to the text field. You do
not need to add a protocol to the list unless you have specific
requirements for that particular protocol.
IP Protocol Options
Clicking the Protocol Options button displays the IP Protocol Options
screen, which allows you to define an action to take when data using that
protocol is sent or received. When you select a protocol to filter, you
will need to define an action to take when data using that protocol is sent
or received. Initially, you will need to indicate whether you wish to
permit or deny that protocol. In addition, you can optionally choose to
log, trap, or record all packets, and to dynamically deny all other
protocols.
Figure 4-71
IP Protocol Option Setup window
Permit All Other Protocols Button-- Select this button if you wish to
permit all other protocols.
Deny All Other Protocols Button-- Select this button if you wish to deny
all other protocols.
Log All Packets-- Select this checkbox if you wish to log all packets.
Trap All Packets-- Select this checkbox if you wish to trap all packets.
Record All Packets-- Select this checkbox if you wish to record all
packets.
Dynamically Deny All Other Protocols-- Select this checkbox if you
wish to dynamically deny all other protocols.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
157
Outgoing ICMP Filters
Clicking on the Outgoing ICMP button on the Firewall Setup screen
displays the Outgoing ICMP Filters screen, which allows you to permit
or deny ICMP packets from going out from the local to remote interfaces.
This allows you to deny diagnostic messages requested by internal
(private) sources in this filter from being sent to external (un-trusted)
machines.
Figure 4-72
Outgoing ICMP Filter Setup window
Permit Outgoing Echo Request and Incoming Reply-- Permit Echo
(ping) Requests sent from local stations to remote stations, and the
remote stations' replies.
Permit Outgoing Time Request and Incoming Reply-- Permit local
stations' Time Requests sent to remote stations and the replies from
remote machines.
Permit Outgoing Info Request and Incoming Reply-- Permit local
stations' Information Request packets sent to remote stations, and the
remote stations' replies.
Permit Outgoing Mask Request and Incoming Reply-- Permit local
stations' Mask Request packets sent to remote stations, and the remote
stations' replies.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
158
Permit Outgoing Destination Unreachable-- Permit Destination
Unreachable packets generated on the (private) local network to be sent
to external machines
Permit Outgoing Source Quench-- Permit Source Quench messages
generated by gateways on the local network to be sent to remote
machines sending packets to that gateway.
Permit Outgoing Redirect-- Permit Redirect messages generated by
gateways on the local network to be sent to remote machines sending
packets to that gateway.
Permit Outgoing Time Exceeded-- Permit Time Exceeded messages
generated by gateways on the local network to be sent to remote
machines sending packets to that gateway.
Permit Outgoing Parameter Problem-- Permit the local network to send
Parameter Problem messages to the remote network when there was a
problem with the header parameters of a packet.
Permit Other Outgoing ICMP Packets-- Permit other ICMP packets not
listed above to be sent from the local network to the remote network.
Permit All Button-- Clicking this button selects all checkboxes on the
Outgoing ICMP Filters screen.
Deny All Button-- Clicking this button de-selects (un-checks) all
checkboxes on the Outgoing ICMP Filters screen.
Permit Conservative Button-- Clicking this button automatically selects
all checkboxes on the Outgoing ICMP Filters screen except for the
Permit Other Outgoing ICMP Packets checkbox.
Incoming ICMP Filters
Clicking on the Incoming ICMP button on the Firewall Setup screen
displays the Incoming ICMP Filter screen, which allows you to permit or
deny ICMP packets from coming in from 'remote' to 'local' interfaces.
This allows you to deny diagnostic messages requested from external
(untrusted) sources in this filter from being sent to your local (private)
machines.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
159
Figure 4-73
Incoming ICMP Filter Setup window
Permit Incoming Echo Request and Outgoing Reply-- Permit Echo
Requests sent from remote (un-trusted) computers to be sent to machines
on the local (private) network, and allow the local machine to reply to
them.
Permit Incoming Time Request and Outgoing Reply-- Permit Timestamp
Requests sent from remote (un-trusted) computers to be sent to machines
on the local (private) network, and allow the local machine to reply to
them.
Permit Incoming Info Request and Outgoing Reply-- Permit Information
Request packets sent from remote (un-trusted) computers to be sent to
machines on the local (private) network, and allow the local machine to
reply to them.
Permit Incoming Mask Request and Outgoing Reply-- Permit Mask
Request packets sent from remote (un-trusted) computers to be sent to
machines on the local (private) network, and allow the local machine to
reply to them.
Permit Incoming Destination Unreachable-- Permit Destination
Unreachable messages generated by remote computers to be sent to
machines on the local network.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
160
Permit Incoming Source Quench-- Permit Source Quench packets
generated by gateways on the remote network to be sent to gateways on
the local network.
Permit Incoming Redirect-- Permit ICMP Redirect packets generated by
gateways on the remote network to be sent to machines on the local
network.
Permit Incoming Time Exceeded-- Permit Time Exceeded messages
generated by machines on the remote network to be sent to machines on
the local network.
Permit Incoming Parameter Problem-- Permit Parameter Problem
messages generated by machines on the remote network to be sent to
machines on the local network.
Permit Other Incoming ICMP Packets-- Permit other ICMP packets not
listed above to be sent from the (un-trusted) remote network to the
(private) local network.
Permit All Button-- Clicking this button automatically selects all
checkboxes on the Incoming ICMP Filters screen.
Deny All Button-- Clicking this button automatically de-selects (un-
checks) all checkboxes on the Incoming ICMP Filters screen.
Permit Conservative Button-- Clicking this button automatically selects
the following checkboxes on the Incoming ICMP Filters screen:
Permit Incoming Echo Request and Outgoing Reply
Permit Incoming Destination Unreachable
All other checkboxes are automatically de-selected (unchecked).
Add Authentication Record
The Add Authentication Record screen is used to add an SNMP-based
username/password firewall authentication bypass class. The
Authentication class works much like a UNIX user group does; you can
specify what types of packets a person in this authentication class can
pass through the firewall when logged in with the approved username
and password.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
161
Figure 4-74
SNMP Authentication Record Setup window
Authentication Class Number-- Enter a number for an SNMP-based
username/password firewall authentication bypass class. The
Authentication class works much like a UNIX user group does; you can
specify what types of packets a person in this authentication class can
pass through the firewall when logged in with the approved username
and password.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
163
Administration
WLAN Cable Access Point 6220 (APU, CSU) have a various features
about a management and operation listed below.
164
Save configuration
Saving the current configuration settings to the hardware device is a one-
step process:
Use this File Menu option to save the base station configuration
parameters to the location from which they were read. If the
configuration was read from a base station, it will be saved to the APU
and CSU from which it was read. If the configuration was read from a
file, the modified configuration will be saved back to that file.
To import a saved configuration to an APU or CSU, first connect to the
base station using Open Remote Config, then use Import Config File.
1. From the File Menu, select Save Config.
Figure 5-1
Save Config Menu
2. Click on the ‘Yes’ button
Figure 5-2
Confirm Save Config Window
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
165
3. The message box will be displayed, as shown below, and then left click on
the OK button.
Figure 5-3
Reboot Message Dialog Box
4. Just after this saving, APU or CSU will be restarting automatically.
Load new configuration
The 'import config file' option enables you to 'copy' the parameter values
that you entered to configure the first Secure Data Mode Station to the other
units. The “import config file” option enables you to 'copy' the parameter
values that you entered to configure the first Secure Data Mode Station to
the other units.
1. From the File menu, select Open/Config Bin File.
Figure 5-4
Open Config/Bin File Menu
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
166
2. And the browse window will appear.
Figure 5-5
Open Config File Window
3. Select the configuration file in the specific folder, and Click ‘Open’
button,
4. Then, bridge/brouter Configuration Program” screen will appear.
Figure 5-6
Confirm Open Config File Dialog Box
5. Left click on the OK button.
Load new license
There are ten steps that must be done to import the .bin file and its
corresponding license file. Be sure you have downloaded and know the
location of your files before you start.
1. From the File menu, select Upload Software, and the browse window
will appear.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
167
Figure 5-7
Upload Software Menu
2. Browse to the location of your .bin file, and select it.
Figure 5-8
Open binary Window
3. Click on the ‘Open’ button, and the "License Key Setup" screen will
appear:
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
168
Figure 5-9
License Key Setup Window
4. Click on the "Import License Key" button, and an "Open" dialog box
will appear:
Figure 5-10
Open License Key Window
5. Select the license file that corresponds to the Ethernet MAC of the unit
you are working with. (If you have "Licenses for this MAC address"
selected in the file type drop box, only the licenses for the MAC of the
current unit will appear.)
6. Click on the ‘Open’ button
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
169
Figure 5-11
License key setup window
7. Click on the ‘OK’ button
Figure 5-12
Setup window
8. You can see an initial setup windows and then, From the File menu,
select upload software as below.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
170
Figure 5-13
Selecting Upload Software
Figure 5-14
Enter IP address dialog
9. Enter the IP address of the unit to upload new software binary and Click
on the ‘OK’ button.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
171
Figure 5-15
Uploading Confirmation Dialog 1
10. Click on the ‘OK’ button
Figure 5-16
Uploading Confirmation Dialog 2
11. Click on the ‘OK’ button
Figure 5-17
Uploading Binary Information Dialog Box
12. Click on the ‘OK’ button
13. “Saving ….Please be patient” screen will appear as below
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
172
Figure 5-18
Saving software uploading window
14. Click on the ‘OK’ button
Figure 5-19
Reboot Message Dialog Box
15. Click on the ‘OK’ button
16. Software Uploading complete.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
173
Troubleshooting
174
1. APU Power cannot be Turned ON.
Check if a CATV Power (45VAC ~ 95VAC) is supplied thorough coaxial line
by measuring an AC Voltage Level.
If no power signal is detected at the end of coaxial cable, you should search a
problem point on CATV Network while moving up toward ONU and UPS
Power supply.
2. LED 2(Link 1) is continuously blinking after running a long time and all
network entity including APU cannot receive IP address from DHCP
server.
Measure RF signal level at the end of coaxial cable or monitoring port in APU
enclosure. And check if RF signal level is beside the range of signal required or
not. If so, you should adjust the power level by tuning all related network facility
to meet the requirement for operation of Cable Modem.
* Normal Power level (DOCSIS) : +15 to -15 dBmV
3. LED 3(Link 2)/LED 4(Radio Link) are turned off.
In the AP Configurator, select and click the setup tap, move to “interface” and
See if Ethernet 2 and 802.11 is enabled or not. If disabled, check each interface.
If the LED lights are still turned off in spite of this work, APU system may be
failed so that you should contact Nortel local representative or technical support
center.
4. How do I see and configure a setup parameter of CSU without radio
connection to APU?
The only devices that will display in the Configurator local scan window are the
units in the same subnet as your management computer. The device in question
would not display in your local scan window.
Therefore, you should change IP address (Client PC) to any one of the subnet IP
address group “198.17.74.XXX”. and then, you can find out CSU entity having
IP address “198.17.74.254”.
5. Why can CSU setup a radio connection to APU?
Such a situation is caused by a various reason as below:
- Mismatching between the radio setup parameter of APU and that of CSU
+ Radio Channel
+ Network ID (NWID)
+ WEP Encryption Key
- Radio Link Designing Problem(Link Distance, Antenna Direction and so
on)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
175
6. How many CSU subscribers can connect to a single WLAN Cable Access
Point (APU Secure Data mode)?
Currently, the highest number of CSU Secure Data mode connections per APU
Secure Data mode Base Station mode is 8 due to the restriction of allowed user a
t the cable modem. Conventionally, DOCSIS Cable Modem supports only 15(Fi
fteen) users or entries, which means only at most seven(7) PC clients can connec
t to public network except eight(8) CSU.
7. How does the number of CSU Secure Data modes affect wireless
throughput?
As more CSU Secure Data modes are added, the APU Secure Data mode Base S
tation mode is still able to effectively manage the throughput of the overall wirel
ess link. Just as on any shared medium, each station's throughput is determined b
y the overall usage of the wireless link. The more stations transmitting on the lin
k at a time, the lower each individual station's throughput goes. However, Secure
Data mode performs in such a way that up to a point, the more heavily loaded th
e network becomes, the higher the overall throughput becomes.
For example, due to the intricacies of our Adaptive Dynamic Polling algorithms
and Secure Data mode 'fairness' principles, a single-user FTP session does not
use all of the possible wireless bandwidth. But when performing several
different transfers to and from different CSU Secure Data modes, the actual
overall bandwidth of the Secure Data mode network increases. In general, the
heavier a Secure Data mode network is loaded, the higher the total bandwidth
used becomes.
8. How do I check throughput?
Network throughput can be tested and analyzed using the Ping Fill test. This test
dynamically fills the network connection with ICMP Echo (ping) packets and w
aits for the responses from the target station. Since each packet sent is echoed ba
ck to the sender, this tests the overall wireless throughput in both directions.
Choosing the correct parameters is crucial to obtaining accurate Ping Fill test res
ults. The speed at which the target station responds to the ICMP Echo packets is
crucial to correctly assess the speed of the wireless link.
The IP stacks in some PC operating systems, such as Microsoft Windows, often
do not respond quickly enough to the ICMP Echo packets to obtain an accurate a
ssessment of your network throughput. When running the Ping Fill test to a Micr
osoft Windows system, your results may be slightly lower than normal throughp
ut.
9. How do I read the configuration from a device if I cannot see the unit in the
local scan window?
The only devices that will display in the Configurator local scan window are the
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
176
units in the same subnet as your management computer. For example your PC ha
s an IP address 64.22.33.13 with a subnet mask of 255.255.255.0 and your devic
e has an IP address of 65.23.11.2 with a subnet mask of 255.255.0.0. The device
in question would not display in your local scan window.
Even though you may be able to ping the unit it may not be visible in the local s
can window. In the Configurator, select the file menu, and then open remote con
fig and then type in the IP and the password. It may be necessary to select the "t
his device is in my local subnet" check box to actually read the configuration fro
m the unit. Attempt to read the configuration with it un-checked first. If the confi
guration cannot be read try with this box checked.
10. I seem to have lost or forgotten the read/write password to manage my
product.
How can I get back in to manage the unit?
If the read/write password has been lost or forgotten there is only one thing that
can be done about this in order to be able to manage the unit again. The unit mus
t be put into force reload mode and the firmware must be reloaded. All configura
tion settings will be lost. Physical access to the unit is required in order to accom
plish this procedure.
11. I am performing a wireless link test from a CSU Secure Data mode and one
of my C SU Secure Data modes on the other side of my base station is
showing up, is this a problem?
It is a normal function to be able to see the other units in the wireless link test thi
s way. This shows you what devices are within range that the radio can "hear”.
As long as the units are set as Secure Data mode CSU Secure Data modes, there
are no way they will actually be communicating with each other. They are receiv
ing radio signals from each other that they have to interpret and dump. This is no
t an optimal solution and should be changed when it is practical to do so by isola
ting antennas, changing polarity or reducing output power if possible.
12. Please provide the list of parameters for the different levels of signal
strengths i.e. No Connection, Poor, Acceptable, Good, and Excellent. How
do I determine what is good and bad?
What these values will mean, is somewhat specific to the environment being
worked under. For example, a Signal to Noise Ratio of 15 may be fine for one
area and 15 may not work very well in a high noise area. So here are some gener
al guidelines, Keep in mind all the information below is related to Secure Data
mode, for 802.11b mode replaces retransmit with dropped packets:
There are some further items to note:
Link planning should be done in your general geographic area and your links sh
ould be set up with an extra margin that your company determines.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
177
Links are best performed when possible with high gain antennas as opposed to l
ow gain amplified antennas
Noise is typically introduced by failing amplifiers and problems with connectors
and defective radios. Signal typically drops with bad cabling, connectors or ante
nna misalignment, radio power issues Network ID and Channel values being the
same, may help stability in marginal links
Marginal (sporadic links) typically occur in SNR ranges from 5-9, 10-15 usually
will keep association with retransmits or some packet loss.SNR from 16 and up
usually are acceptable for every day operation.
If SNR is over 25 and throughput is poor it overdriving or multi-path may be the
cause of the problems.
Secure Data Mode Station Entries - Provides information on octal packet, retrans
mitted packets and failed packets. A value other than 0 under failed packets typi
cally points to a link issue. Keep in mind TC retransmits a packet 9 times, (with
the initial packet 10 total).
This has occurred and the packet has been dropped when a failure occurs. Retran
smits should be 15% or less of total transmits, this may indicate signal, noise or
antenna alignment issues.
Remote Statistics - Check each Ethernet Interface, any errors or collisions may b
e signs of link speed or greater network related issues.
Check each wireless interface. Specifically, compare the Frame Check Sequence
errors to the bytes in values. Typically FCS occurs on any wireless connection.
This should only be a concern if the value exceeds approximately 10% of the by
tes in value. This may be an indicator of signal/multi-path issues.
13. Can I block unwanted MAC addresses from the Ethernet interface?
It is possible to set an Access Control List to set all of your allowable MAC's on
the Ethernet (everything else on the Ethernet will be denied) by reading the confi
guration from the unit with the WLAN Cable AP Configurator. Go to the Setup t
ab -- General Setup -- Select the Mac Authentication Access control radio button
and click OK. Then select the Setup tab -- Advanced Authentication -- check th
e Access Control List and then click the Setup button. Add all your allowable M
AC's and select the Ethernet interface to apply the ACL.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
180
Appendix A. Specification
Access Point Unit(APU)
General
o Case: Aluminum alloy steel (Waterproof, EMI protection, Vibration Robust)
o Size: 300 (W) x 232.6 (L) x 112 (D) (mm)
11.81 (W) x 9.157 (L) x 4.40 (D) (inch)
o Weight(without antenna): 3.14 Kg / 6.9234 lbs
o Elements: Access Point, Cable Modem, HFC Signal Filter, Power Supply Unit
o Ports: Coaxial Cable Port, Monitoring Port, Antenna Port (N-type)
o LED Panel: Power, Cable Modem Link, LAN, WLAN, CM-AP Link
o Temperature: -40 ~ 65 ºC (Operating)
o Power supply: Input Power 45 ~ 95VAC (Supplied by CATV UPS)
Output Power 3.3VDC (3A), 9VDC (1.5A)
o Power Consumption : MAX 12W (Current < 0.5A)
Hardware
Radio Card
o Operation Frequency: 2.4 ~ 2.4835GHz (ISM Band; a/b/g ready with radio
upgrade)
o Wireless LAN standard: IEEE 802.11b (a/b/g ready w/ radio upgrade)
o Frequency: 2.4GHz ISM band(North America 11 Channels)
o Modulation: Direct Sequence Spread Spectrum (DBPSK, DQPSK, CCK)
o Data rate: 1M, 2M, 5.5M, 11Mbps with auto fall-back
o Receive sensitivity: Min. -83dBm at 11Mbps
HFC Filter
o Input Signal : HFC Signal(-15dBmV ~ +15dBmV), AC Power (45VAC ~
95VAC/ Max: 135VAC)
o Output : AC Power, HFC Signal, Monitoring Signal(Attenuated by 20dB)
Power Converter (AC-DC)
o Input Voltage Range: 45 VAC ~ 135VAC
o Output Voltage/Current: +3.3Vdc(3A), +9V(1.5A)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
181
Software
o Firmware : APU Secure Data Mode(Base Station), Wi-Fi Access Point
o Wireless Service Protocol : Secure Data Mode, Dynamic Polling
o 802.1x - MD5, TLS, TTLS, PEAP over EAP
o MAC access control – 32 local MAC Address Table
o Standard RADIUS server support
o Wired Equivalent Privacy encryption - 64, 128
o Firewall(ICMP/UDP/TCP/IP Protocol Filtering)
o Layer 2 Protocol Filtering
o BOOTP/DHCP(Server, Relay, Client), Static IP
o NAT(Incoming/Outgoing)
o Routing Protocol(RIP v2, Static)
o Restriction of Broadcast Storm
o SNMP v1, Software upgrade via TFTP
o GUI Program : Windows Based
o Throughput Analysis: Ping Fill
o Radio Performance Testing Tool: Antenna Alignment
o Remote Statistics Monitoring
o SNMP Traps
o MIB II
Cable Modem Specification (Hardware / Software)
o Standard : DOCSIS 2.0 compliant
o Frequency : 5~42MHz (Upstream), 88~860MHz (Downstream)
o Modulation : QPSK/16QAM/64QAM/128QAM(Upstream),
64QAM/256QAM (Downstream)
o Data Rate: 5.12Mbps/QPSK, 30.34Mbps / 64QAM (Upstream)
30.34Mbps/64QAM, 42.88Mbps / 256QAM (Downstream)
o Channel Bandwidth
Upstream: 200 KHz, 400 KHz, and 800 KHz, 1.6 MHz, 3.2 MHz, 6.4 MHz
Downstream: 6MHz
o Error correction : Reed-Solomon (Upstream), Reed-Solomon
Trellis(Downstream)
o Signal Level : + 8dBmV ~ + 53dBmV(All Modulation),
-15dBmV ~ + 15dBmV
o Input Impedance: 75 Ohm
o Interface: RJ 45 Ethernet port, USB 1.1 port
o SNMP v1, Software upgrade via TFTP
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
182
Corporate service unit (CSU)
General
o Case: Aluminum alloy steel (Body), RADOME
o Size: 180 (W) x 239 (L) x 81 (D) (mm)
7.08 (W) x 9.40 (L) x 3.19 (D) (inch)
o Weight: 1.3 Kg / 2.8659 lbs
o Elements: Access Point, POE Splitter, Built-in Antenna in CSU body,
RADOME
o Ports: POE Ethernet Port(RJ-45/CAT5), 12V DC Jack
o Temperature: -40 ~ 65 ºC (Operating)
o Power supply(Option): 802.3af compliant POE Injector(45V DC, 315 mA)
o Power Consumption : MAX 10W (Current < 0.4A)
Hardware
Radio Card
o Operation Frequency: 2.4 ~ 2.4835GHz (ISM Band; a/b/g ready with radio
upgrade)
o Wireless LAN standard: IEEE 802.11b (a/b/g ready w/ radio upgrade)
o Frequency: 2.4GHz ISM band(North America 11 Channels)
o Modulation: Direct Sequence Spread Spectrum (DBPSK, DQPSK, CCK)
o Data rate: 1M, 2M, 5.5M, 11Mbps with auto fall-back
o Receive sensitivity: Min. -83dBm at 11Mbps
POE Splitter
o IEEE 802.3af Compatible
o Input Signal : DC Power (48V DC, Max 315mA), Base-band Signal(Ethernet)
o Output : DC Power(3.3V DC), Base-band Signal(Ethernet)
POE Injector
o IEEE 802.3af Compatible
o Input Signal : AC Power (90~264V), Base-band Signal(Ethernet)
o Output : POE Signal(DC Power(48V), Base-band Signal(Ethernet))
Software
o Firmware : CSU Secure Data Mode(Subscriber Station), Wi-Fi Access Point
o Wireless Service Protocol : Secure Data Mode, Dynamic Polling
o 802.1x - MD5, TLS, TTLS, PEAP over EAP
o MAC access control – 32 local MAC Address Table
o Standard RADIUS server support
o Wired Equivalent Privacy encryption - 64, 128
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
183
o Firewall(ICMP/UDP/TCP/IP Protocol Filtering)
o Layer 2 Protocol Filtering
o BOOTP/DHCP(Server, Relay, Client), Static IP
o NAT(Incoming/Outgoing)
o Routing Protocol(RIP v2, Static)
o Restriction of Broadcast Storm
o SNMP v1, Software upgrade via TFTP
o GUI Program : Windows Based
o Throughput Analysis: Ping Fill
o Radio Performance Testing Tool: Antenna Alignment
o Remote Statistics Monitoring
o SNMP Traps
o MIB II
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
184
Appendix B. DOCSIS Specification
Figure A.1
CATV Frequency Range
Upstream (DOCSIS) Downstream (DOCSIS)
CATV: UPSTREAM 5-42(30) MHz, DOWNSTREAM 50-750(550) MHz
DATA: UPSTREAM 5-65MHz, DOWNSTREAM 88-750(550) MHz
Figure A.2
DOCSIS Reference System Diagram
54 MHz 750 MHz
CATV Channel
Data
Service
5.75~41.75 MHz 552 MHz 864 MHz
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
185
Table A.1
DOCSIS RF Specification Table
27.6Mbps
30.72Mbps
10.24Mbps
18.4Mbps
20.48Mbps
5.12Msps
9.2Mbps
10.24Mbps
5.12Msps
6.4MHz
37Mbps Effective Data Rate
42.9Mbps Total Data Rate
5.360Mbps SYMBOL Rate
256QAM Modulation TYPE
27Mbps Effective Data Rate
30.34Mbps Total Data Rate
5.057Msps SYMBOL Rate
64QAM Modulation TYPE
6MHz RF BW
9.2Mbps 4.5Mbps 2.3Mbps 1.2Mbps 0.6Mbps Effective Data Rate
10.24Mbps 5.12Mbps 2.56Mbps 1.28Mbps 0.64Mbps Total Data Rate
2.56Msps 1.28Msps 0.64Msps 0.32Msps 0.16Msps SYMBOL Rate
16QAM Modulation TYPE
4.6Mbps 2.3Mbps 1.2Mbps 0.6Mbps 0.3Mbps Effective Data Rate
5.12Mbps 2.56Mbps 1.28Mbps 0.64Mbps 0.32Mbps Total Data Rate
2.56Msps 1.28Msps 0.64Msps 0.32Msps 0.16Msps SYMBOL Rate
QPSK Modulation TYPE
3.2MHz 1.6MHz 800 KHz RF BW 200 KHz 400 KHz
DOCSIS 1.1
Upstream
Maximum
DOCSIS 2.0
Upstream
Maximum
DOCSIS
1.1&2.0
Down stream
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
186
Appendix C. Antenna Type
NTA.2407 Panel Antenna
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
187
NTA.2412 Bidirectional Antenna
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
188
NTA.2400 Omni directional Antenna
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
189
ET-PR12 Built-in Panel Antenna
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
190
Appendix D. Enclosure Dimension
Access Point Unit(APU)
Figure A.3
APU Dimension
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
191
Corporate service unit(CSU)
Figure A.4
CSU Dimension
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
192
Appendix E. Site Survey
Calculating the system parameters
Free Space
Microwave signal will be attenuated as it travels through space according
to the following equation
Gs = Ptx + Gtx + Grx – (RS)
Gs : System Gain
Ptx : Transmit power level in dBm
Gtx : Transmit antenna gain in dBi
FSL: Free space loss attenuation in dB
Grx : Receive antenna gain in dBi
RS : Receiver Sensitivity in dBm
Lt = FSL + Mp
Lt : Transmission Loss
FSL : Free Space Loss
FM : Fade Margin + Other Loss(Cable)
FSL : 92.4 + 20Log(F) + 20Log(R)
F: Frequency (MHz)
R: Range (Km)
Radio Signal transmitted at one side can be reach the other end only
when the system gain is equal or larger than Transmission Loss.
An install engineer should determine the antenna gain at both sites to
meet the above condition while EIRP, the summation of the antenna gain
and the output power do not exceed Radio Regulation (FCC)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
193
Figure A.5
Radio Link Analysis
Determining the Distance between both sites
Gs = Lt = Ptx + Gtx + Grx –(RS) = (92.4 + 20Log(F) + 20Log(R))+10
Gs = Constant = (36.6 + 20Log(F) + 20Log(R))+10
Calculating Distance (R) between both sites
Case Study
Transmitter: APU, Receiver: CSU
Ptx : 15dBm
Gtx : 7dBi(Omni-directional)
Grx : 18dBi
RS : - 83dBm
F : 2.4 GHz
R: 5 mile
FM: 12 dB (Conventional Setting Value)
Gs = Ptx + Gtx + Grx – (RS)
Gs(Flat Panel) = 15 + 15 + 18 - (-83) = 131
FSL : 36.6 + 20Log(F) + 20Log(R)
FSL = 36.6 + 20Log(2400) + 20Log(5) = 118.2 dB
Lt = FSL + FM
Lt = 118.2 + 12 = 130.2
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
194
FRESNEL ZONE
For a link to truly be line-of-sight, no objects such as buildings, cars, etc.
or the ground may be within a certain height perpendicular to the line of
sight path called the first fresnel (pronounced fray-nell) zone.
This height of the fresnel zone H (in feet) is specified by the equation
below.
H = 43.3 x sqrt (D/ (4xF))
D: distance in miles between antennas
F: Frequency in GHz
Case Study
D: 10
F: 2.4
H = 43.3 x sqrt (10/ (4x2.4))
H = 44.19 feet
HF = 44.19 * 0.6 = 26.5 feet
If 60 percent of the FRESNEL ZONE is free from obstructions the link
will generally behave as LOS (Line of sight).
Figure A.6
FRESNEL ZONE
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
195
Earth bulge
For long links the curvature of the earth will may block the line of sight
path unless the antennas at both ends of the link are positioned high
enough above the ground. This height must be added to the FRESNEL
ZONE height for each antenna.
HE = D^2/8
H = Earth bulge height in feet
D=distance between antennas in miles
Case Study
D: 10 mile
HE = D^2/8 = 10^2/8 = 12.5 feet
Figure A.7
Earth Bulge
Total height required at midpoint
HT = HF + HE
Figure A.8
Total height
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
196
Appendix F. Wireless Network Planning
This section provides a general concept and designing tips about typical Point to Multi-
Point (PMP) and Point to Point (PTP) network configuration.
Selecting Antenna Type
Directional Antenna (NTA 2407)
Flat panel antennas have a directional gain and are ideally suited for
short and medium range bridging. For example, two office buildings that
are across the street from one another and need to share a network
connection would be a good scenario to use flat panel (directional)
antennas.
Figure A.9
Directional Antenna concept (Flat Panel Antenna)
Omni-Directional Antenna (NTA 2412)
Omni-directional antennas are used when coverage in all directions
around the horizontal axis of the antenna is required. Omni-directional
antennas are most effective where large coverage areas are needed
around a central point, they commonly used for point-to-multipoint
designs with a star topology.
The antenna should be placed on top of a structure (such as a building) in
the middle of the coverage area. For example, in a college campus the
antenna might be placed in the centre of the campus for the greatest
coverage area.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
197
Figure A.10
Omni-directional Antenna concept
Bi-directional Antenna (NTA 2400)
Bi-directional antennas are used when coverage is required in a selected
horizontal axis of the antenna is required. Bi-directional antennas are
most effective where a particular coverage area is needed around a
central point. For example, placing a bi-directional antenna along a street
would provide coverage on each side of the street. The antenna pattern is
similar to a Figure A.10 pattern.
Figure A.11
Bi-directional Antenna concept
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
198
Selecting Radio Channel
Direct-Sequence Channel Layout
Most locations are deploying 802.11 products based on direct-sequence
technology because the WLAN products are based on direct-sequence
technologies. Direct Sequence underlies both the 2-Mbps DS PHY and
the 11-Mbps HR/DSSS PHY. Both standards use identical channels and
power transmission requirements.
Direct-sequence products transmit power across a 25-MHz band. Any
access points must be separated by five channels to prevent inter-access
point interference. Selecting frequencies for wireless LAN operation is
based partly on the radio spectrum allocation where the wireless LAN is
installed. See Table A.2
Table A.2
Radio channel usage in different countries
Channel number Channel
frequency (GHz) US/Canada ETSIbFrance
1 2.412 • •
2 2.417 • •
3 2.422 • •
4 4.427 • •
5 2.432 • •
6 2.437 • •
7 2.442 • •
8 2.447 • •
9 2.452 • •
10 c 2.457 • • •
11 2.462 • • •
12 2.467 • •
13 2.472 • •
Access points can have overlapping coverage areas with full throughput,
provided the radio channels differ by at least five. Only wireless LANs in
the U.S., Canada, and Europe that have adopted the ETSI
recommendations can operate access points with overlapping coverage
areas at full throughput.
After locating the access points, make sure that any access points with
overlapping coverage are separated by at least five channels. The
cellular-telephone industry uses the “hex pattern” shown Figure A.11 to
cover large area.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
199
Part of the site survey is to establish the boundaries of access point
coverage to prevent more than three access points from mutually
overlapping, unless certain areas use multiple channels in a single area
for greater throughput.
Figure A.12
Frequency planning
6
11 1
6 1
1 11
6 6
1
11 11
6
1 1
11
6
1
11
Limitations of direct-sequence channel layout
One of the problems with 802.11 direct-sequence networks and 802.11b
Direct-sequence networks is that there are only three no overlapping
channels. Four channels are required for no overlapping coverage in two
dimensions, and more channels are required for three dimensions. When
laying out frequency channels in three dimensions, always keep in mind
that radio signals may penetrate the floor and ceiling.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
200
Designing a wireless network
Figure A.13
PMP (Point to Multi-Point)
Figure A.14
PTP (Point to Point)
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
201
Sample Networks
Figure A.15
PMP Topology
Only directional Antenna
Figure A.16
PTP Topology
Flat Panel Antenna
Even though Network ID and Channel are each different numbering concept,
It is convenient that both parameters are set to be the same number.
But, these tips can be changed in accordance with RF channel designing.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
202
Figure A.17
PMP Topology
Only Bi-directional Antenna
Figure A.18
PMP Topology
Bi & Omni directional Antenna
Even though Network ID and Channel are each different numbering concept,
It is convenient that both parameters are set to be the same number.
But, these tips can be chan
g
ed in accordance with RF channel desi
g
nin
g
.
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
203
Appendix G. SNMP MIB List & Example values
1: [Loaded: RFC1213-MIB] sysDescr.0 (octet string) KarlBridge/Router v4.44-00-
112900 SN-KNRG+a35CT3020551 V4.35
2: sysObjectID.0 (object identifier) kbridge-mib
3: sysUpTime.0 (timeticks) 6 days 00h:57m:11s.44th (52183144)
4: sysContact.0 (octet string) (zero-length)
5: sysName.0 (octet string) ABG-Proxim_ED
6: sysLocation.0 (octet string) (zero-length)
7: sysServices.0 (integer) 2
8: ifNumber.0 (integer) 2
9: ifIndex.1 (integer) 1
10: ifIndex.2 (integer) 2
11: ifDescr.1 (octet string) MACphyter Fast Ethernet
12: ifDescr.2 (octet string) AR5001-0000-0000 Wireless LAN Reference Card
13: ifType.1 (integer) ethernet-csmacd(6)
14: ifType.2 (integer) ethernet-csmacd(6)
15: ifMtu.1 (integer) 2042
16: ifMtu.2 (integer) 1522
17: ifSpeed.1 (gauge) 10000000
18: ifSpeed.2 (gauge) 54000000
19: ifPhysAddress.1 (octet string) 00.20.F6.04.03.A0 (hex)
20: ifPhysAddress.2 (octet string) 00.20.A6.4C.C7.51 (hex)
21: ifAdminStatus.1 (integer) up(1)
22: ifAdminStatus.2 (integer) up(1)
23: ifOperStatus.1 (integer) up(1)
24: ifOperStatus.2 (integer) up(1)
25: ifLastChange.1 (timeticks) 0 days 00h:00m:00s.00th (0)
26: ifLastChange.2 (timeticks) 0 days 00h:02m:00s.00th (12000)
27: ifInOctets.1 (counter) 1229704
28: ifInOctets.2 (counter) 86674413
29: ifInUcastPkts.1 (counter) 7078
30: ifInUcastPkts.2 (counter) 43463
31: ifInNUcastPkts.1 (counter) 4202
32: ifInNUcastPkts.2 (counter) 548012
33: ifInDiscards.1 (counter) 0
34: ifInDiscards.2 (counter) 41
35: ifInErrors.1 (counter) 0
36: ifInErrors.2 (counter) 2125
37: ifInUnknownProtos.1 (counter) 0
38: ifInUnknownProtos.2 (counter) 0
39: ifOutOctets.1 (counter) 8477301
40: ifOutOctets.2 (counter) 70108529
41: ifOutUcastPkts.1 (counter) 5799
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
204
42: ifOutUcastPkts.2 (counter) 41946
43: ifOutNUcastPkts.1 (counter) 27181
44: ifOutNUcastPkts.2 (counter) 529297
45: ifOutDiscards.1 (counter) 0
46: ifOutDiscards.2 (counter) 1
47: ifOutErrors.1 (counter) 0
48: ifOutErrors.2 (counter) 0
49: ifOutQLen.1 (gauge) 0
50: ifOutQLen.2 (gauge) 0
51: [Loaded: EtherLike-MIB] ifSpecific.1 (object identifier) dot3
52: ifSpecific.2 (object identifier) iso.2.840.10036
53: ipForwarding.0 (integer) not-forwarding(2)
54: ipDefaultTTL.0 (integer) 255
55: ipInReceives.0 (counter) 52133
56: ipInHdrErrors.0 (counter) 0
57: ipInAddrErrors.0 (counter) 0
58: ipForwDatagrams.0 (counter) 0
59: ipInUnknownProtos.0 (counter) 0
60: ipInDiscards.0 (counter) 0
61: ipInDelivers.0 (counter) 34869
62: ipOutRequests.0 (counter) 34856
63: ipOutDiscards.0 (counter) 0
64: ipOutNoRoutes.0 (counter) 0
65: ipReasmTimeout.0 (integer) 0
66: ipReasmReqds.0 (counter) 0
67: ipReasmOKs.0 (counter) 0
68: ipReasmFails.0 (counter) 0
69: ipFragOKs.0 (counter) 0
70: ipFragFails.0 (counter) 0
71: ipFragCreates.0 (counter) 0
72: ipAdEntAddr.192.168.0.2 (ipaddress) 192.168.0.2
73: ipAdEntIfIndex.192.168.0.2 (integer) 1
74: ipAdEntNetMask.192.168.0.2 (ipaddress) 255.255.255.0
75: ipAdEntBcastAddr.192.168.0.2 (integer) 1
76: ipAdEntReasmMaxSize.192.168.0.2 (integer) 0
77: ipRouteDest.0.0.0.0 (ipaddress) 0.0.0.0
78: ipRouteIfIndex.0.0.0.0 (integer) 0
79: ipRouteMetric1.0.0.0.0 (integer) 1
80: ipRouteMetric2.0.0.0.0 (integer) -1
81: ipRouteMetric3.0.0.0.0 (integer) -1
82: ipRouteMetric4.0.0.0.0 (integer) -1
83: ipRouteNextHop.0.0.0.0 (ipaddress) 192.168.0.1
84: ipRouteType.0.0.0.0 (integer) indirect(4)
85: ipRouteProto.0.0.0.0 (integer) local(2)
86: ipRouteAge.0.0.0.0 (integer) 0
87: ipRouteMask.0.0.0.0 (ipaddress) 0.0.0.0
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
205
88: ipRouteMetric5.0.0.0.0 (integer) -1
89: ipRouteInfo.0.0.0.0 (object identifier) (null-oid) 0.0
90: ipNetToMediaIfIndex.2.192.168.0.1 (integer) 2
91: ipNetToMediaIfIndex.2.192.168.0.50 (integer) 2
92: ipNetToMediaPhysAddress.2.192.168.0.1 (octet string) 00.01.24.70.0B.E2 (hex)
93: ipNetToMediaPhysAddress.2.192.168.0.50 (octet string) 00.50.8B.AD.3F.B2 (hex)
94: ipNetToMediaNetAddress.2.192.168.0.1 (ipaddress) 192.168.0.1
95: ipNetToMediaNetAddress.2.192.168.0.50 (ipaddress) 192.168.0.50
96: ipNetToMediaType.2.192.168.0.1 (integer) dynamic(3)
97: ipNetToMediaType.2.192.168.0.50 (integer) dynamic(3)
98: ipRoutingDiscards.0 (counter) 0
99: icmpInMsgs.0 (counter) 33234
100: icmpInErrors.0 (counter) 0
101: icmpInDestUnreachs.0 (counter) 0
102: icmpInTimeExcds.0 (counter) 30928
103: icmpInParmProbs.0 (counter) 0
104: icmpInSrcQuenchs.0 (counter) 19904
105: icmpInRedirects.0 (counter) 2000
106: icmpInEchos.0 (counter) 33234
107: icmpInEchoReps.0 (counter) 0
108: icmpInTimestamps.0 (counter) 0
109: icmpInTimestampReps.0 (counter) 0
110: icmpInAddrMasks.0 (counter) 0
111: icmpInAddrMaskReps.0 (counter) 0
112: icmpOutMsgs.0 (counter) 33234
113: icmpOutErrors.0 (counter) 0
114: icmpOutDestUnreachs.0 (counter) 3
115: icmpOutTimeExcds.0 (counter) 0
116: icmpOutParmProbs.0 (counter) 0
117: icmpOutSrcQuenchs.0 (counter) 30928
118: icmpOutRedirects.0 (counter) 40960
119: icmpOutEchos.0 (counter) 0
120: icmpOutEchoReps.0 (counter) 33234
121: icmpOutTimestamps.0 (counter) 0
122: icmpOutTimestampReps.0 (counter) 0
123: icmpOutAddrMasks.0 (counter) 0
124: icmpOutAddrMaskReps.0 (counter) 0
125: udpInDatagrams.0 (counter) 1699
126: udpNoPorts.0 (counter) 3
127: udpInErrors.0 (counter) 0
128: udpOutDatagrams.0 (counter) 1685
129: udpLocalAddress.0.0.0.0.161 (ipaddress) 0.0.0.0
130: udpLocalPort.0.0.0.0.161 (integer) 161
131: dot3StatsIndex.1 (integer) 1
132: dot3StatsIndex.2 (integer) 2
133: dot3StatsAlignmentErrors.1 (counter) 0
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
206
134: dot3StatsAlignmentErrors.2 (counter) 0
135: dot3StatsFCSErrors.1 (counter) 0
136: dot3StatsFCSErrors.2 (counter) 0
137: dot3StatsSingleCollisionFrames.1 (counter) 1647
138: dot3StatsSingleCollisionFrames.2 (counter) 0
139: dot3StatsMultipleCollisionFrames.1 (counter) 545
140: dot3StatsMultipleCollisionFrames.2 (counter) 0
141: dot3StatsSQETestErrors.1 (counter) 0
142: dot3StatsSQETestErrors.2 (counter) 0
143: dot3StatsDeferredTransmissions.1 (counter) 18
144: dot3StatsDeferredTransmissions.2 (counter) 0
145: dot3StatsLateCollisions.1 (counter) 0
146: dot3StatsLateCollisions.2 (counter) 0
147: dot3StatsExcessiveCollisions.1 (counter) 0
148: dot3StatsExcessiveCollisions.2 (counter) 0
149: dot3StatsInternalMacTransmitErrors.1 (counter) 0
150: dot3StatsInternalMacTransmitErrors.2 (counter) 0
151: dot3StatsCarrierSenseErrors.1 (counter) 0
152: dot3StatsCarrierSenseErrors.2 (counter) 0
153: dot3StatsFrameTooLongs.1 (counter) 0
154: dot3StatsFrameTooLongs.2 (counter) 0
155: dot3StatsInternalMacReceiveErrors.1 (counter) 0
156: dot3StatsInternalMacReceiveErrors.2 (counter) 0
157: snmpInPkts.0 (counter) 1298
158: snmpOutPkts.0 (counter) 1298
159: snmpInBadVersions.0 (counter) 0
160: snmpInBadCommunityNames.0 (counter) 0
161: snmpInBadCommunityUses.0 (counter) 3
162: snmpInASNParseErrs.0 (counter) 0
163: snmpInTooBigs.0 (counter) 0
164: snmpInNoSuchNames.0 (counter) 0
165: snmpInBadValues.0 (counter) 0
166: snmpInReadOnlys.0 (counter) 0
167: snmpInGenErrs.0 (counter) 0
168: snmpInTotalReqVars.0 (counter) 1511
169: snmpInTotalSetVars.0 (counter) 4
170: snmpInGetRequests.0 (counter) 97
171: snmpInGetNexts.0 (counter) 1211
172: snmpInSetRequests.0 (counter) 4
173: snmpInGetResponses.0 (counter) 0
174: snmpInTraps.0 (counter) 0
175: snmpOutTooBigs.0 (counter) 0
176: snmpOutNoSuchNames.0 (counter) 3
177: snmpOutBadValues.0 (counter) 0
178: snmpOutGenErrs.0 (counter) 0
179: snmpOutGetRequests.0 (counter) 0
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
207
180: snmpOutGetNexts.0 (counter) 0
181: snmpOutSetRequests.0 (counter) 0
182: snmpOutGetResponses.0 (counter) 1322
183: snmpOutTraps.0 (counter) 0
184: snmpEnableAuthenTraps.0 (integer) enabled(1)
185: mib-2.17.1.1.0 (octet string) 00.20.F6.04.03.A0 (hex)
186: mib-2.17.1.2.0 (integer) 2
187: mib-2.17.1.3.0 (integer) 2
188: mib-2.17.1.4.1.1.1 (integer) 1
189: mib-2.17.1.4.1.1.2 (integer) 2
190: mib-2.17.1.4.1.2.1 (integer) 1
191: mib-2.17.1.4.1.2.2 (integer) 2
192: mib-2.17.1.4.1.3.1 (object identifier) (null-oid) 0.0
193: mib-2.17.1.4.1.3.2 (object identifier) (null-oid) 0.0
194: mib-2.17.1.4.1.4.1 (counter) 0
195: mib-2.17.1.4.1.4.2 (counter) 0
196: mib-2.17.1.4.1.5.1 (counter) 0
197: mib-2.17.1.4.1.5.2 (counter) 0
198: mib-2.17.4.1.0 (counter) 0
199: mib-2.17.4.2.0 (integer) 300
200: mib-2.17.4.3.1.1.0.1.36.112.11.226 (octet string) 00.01.24.70.0B.E2 (hex)
201: mib-2.17.4.3.1.1.0.32.246.4.3.160 (octet string) 00.20.F6.04.03.A0 (hex)
202: mib-2.17.4.3.1.1.0.32.246.4.12.163 (octet string) 00.20.F6.04.0C.A3 (hex)
203: mib-2.17.4.3.1.1.0.32.246.4.26.159 (octet string) 00.20.F6.04.1A.9F (hex)
204: mib-2.17.4.3.1.1.0.32.246.4.34.23 (octet string) 00.20.F6.04.22.17 (hex)
205: mib-2.17.4.3.1.1.0.32.246.4.34.75 (octet string) 00.20.F6.04.22.4B (hex)
206: mib-2.17.4.3.1.1.0.64.244.114.215.152 (octet string) 00.40.F4.72.D7.98 (hex)
207: mib-2.17.4.3.1.1.0.80.139.173.63.178 (octet string) 00.50.8B.AD.3F.B2 (hex)
208: mib-2.17.4.3.1.1.0.80.186.71.245.19 (octet string) 00.50.BA.47.F5.13 (hex)
209: mib-2.17.4.3.1.2.0.1.36.112.11.226 (integer) 2
210: mib-2.17.4.3.1.2.0.32.246.4.3.160 (integer) 2
211: mib-2.17.4.3.1.2.0.32.246.4.12.163 (integer) 2
212: mib-2.17.4.3.1.2.0.32.246.4.26.159 (integer) 2
213: mib-2.17.4.3.1.2.0.32.246.4.34.23 (integer) 2
214: mib-2.17.4.3.1.2.0.32.246.4.34.75 (integer) 2
215: mib-2.17.4.3.1.2.0.64.244.114.215.152 (integer) 2
216: mib-2.17.4.3.1.2.0.80.139.173.63.178 (integer) 2
217: mib-2.17.4.3.1.2.0.80.186.71.245.19 (integer) 1
218: mib-2.17.4.3.1.3.0.1.36.112.11.226 (integer) 5
219: mib-2.17.4.3.1.3.0.32.246.4.3.160 (integer) 3
220: mib-2.17.4.3.1.3.0.32.246.4.12.163 (integer) 3
221: mib-2.17.4.3.1.3.0.32.246.4.26.159 (integer) 3
222: mib-2.17.4.3.1.3.0.32.246.4.34.23 (integer) 3
223: mib-2.17.4.3.1.3.0.32.246.4.34.75 (integer) 3
224: mib-2.17.4.3.1.3.0.64.244.114.215.152 (integer) 3
225: mib-2.17.4.3.1.3.0.80.139.173.63.178 (integer) 3
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
208
226: mib-2.17.4.3.1.3.0.80.186.71.245.19 (integer) 3
227: mib-2.17.4.4.1.1.1 (integer) 1
228: mib-2.17.4.4.1.1.2 (integer) 2
229: mib-2.17.4.4.1.2.1 (integer) 0
230: mib-2.17.4.4.1.2.2 (integer) 0
231: mib-2.17.4.4.1.3.1 (counter) 11280
232: mib-2.17.4.4.1.3.2 (counter) 29716
233: mib-2.17.4.4.1.4.1 (counter) 29716
234: mib-2.17.4.4.1.4.2 (counter) 11280
235: mib-2.17.4.4.1.5.1 (counter) 0
236: mib-2.17.4.4.1.5.2 (counter) 0
237: karlnet.1.1.0 (integer) 0
238: karlnet.1.2.0 (integer) 32
239: karlnet.1.3.0 (integer) 25
240: karlnet.1.4.0 (integer) 20
241: karlnet.1.5.0 (ipaddress) 198.17.74.250
242: karlnet.1.6.0 (integer) 0
243: karlnet.1.7.0 (integer) 0
244: karlnet.1.8.0 (integer) 0
245: karlnet.1.9.0 (integer) 0
246: karlnet.1.10.0 (integer) 0
247: karlnet.1.11.0 (integer) 0
248: karlnet.1.12.0 (integer) -10000
249: karlnet.1.13.0 (integer) 0
250: karlnet.1.14.0 (integer) 0
251: karlnet.1.15.0 (integer) 0
252: karlnet.1.16.0 (integer) 0
253: karlnet.1.17.0 (integer) 0
254: karlnet.1.18.0 (integer) 0
255: karlnet.1.19.0 (integer) 0
256: karlnet.1.20.0 (integer) 0
257: karlnet.1.21.0 (integer) 0
258: karlnet.1.22.0 (integer) 0
259: karlnet.1.23.0 (integer) 0
260: karlnet.1.24.0 (integer) 0
261: karlnet.1.25.0 (integer) 0
262: karlnet.1.26.0 (integer) 0
263: karlnet.1.27.0 (integer) 0
264: kbWirelessStationNumber.0 (integer) 1
265: kbWirelessStationIndex.1 (integer) 1
266: kbWirelessStationInterfaceNumber.1 (integer) 2
267: kbWirelessStationName.1 (octet string) 5.8 ISP_Base
268: kbWirelessStationExclHellos.1 (counter) 520801
269: kbWirelessStationGoodHellos.1 (counter) 4
270: kbWirelessStationLowHellos.1 (counter) 0
271: kbWirelessStationSignalLevel.1 (integer) 90
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004
209
272: kbWirelessStationNoiseLevel.1 (integer) 10
273: kbWirelessStationSignalQuality.1 (integer) 0
274: kbWirelessStationPktTransmits.1 (counter) 49643
275: kbWirelessStationMACAddress.1 (octet string) 00.01.24.70.0B.E2 (hex)
276: kbWirelessStationTransmits.1 (counter) 48696
277: kbWirelessStationBadTransmits.1 (counter) 0
278: kbWirelessStationReTransmits.1 (counter) 179
279: kbWirelessStationIPAddress.1 (ipaddress) 10.0.1.129
280: kbWirelessStationType.1 (integer) tc_Base_Station(3)
281: kbWirelessStationSNR.1 (integer) excellent_SNR(4)
282: kbWirelessStationState.1 (integer) online(1)
283: kbWirelessPoll.1 (counter) 0
284: kbWirelessPollData.1 (counter) 0
285: kbWirelessPollNoData.1 (counter) 0
286: kbWirelessPollMoreData.1 (counter) 0
287: kbWirelessPollTimeouts.1 (counter) 0
288: kbWirelessPollOfflines.1 (counter) 0
289: kbWirelessTestTime.1 (integer) 0
290: kbWirelessTestInterval.1 (integer) 0
291: kbWirelessTestPacketSize.1 (integer) 0
292: kbWirelessTestOurTx.1 (counter) 0
293: kbWirelessTestOurRx.1 (counter) 0
294: kbWirelessTestHisTx.1 (counter) 0
295: kbWirelessTestHisRx.1 (counter) 0
296: kbWirelessTestOurCurSignalLevel.1 (integer) 0
297: kbWirelessTestOurCurNoiseLevel.1 (integer) 0
298: kbWirelessTestOurCurSignalQuality.1 (integer) 0
299: kbWirelessTestOurCurSNR.1 (integer) 0
300: kbWirelessTestOurMinSignalLevel.1 (integer) 0
301: kbWirelessTestOurMinNoiseLevel.1 (integer) 0
302: kbWirelessTestOurMinSignalQuality.1 (integer) 0
303: kbWirelessTestOurMinSNR.1 (integer) 0
304: kbWirelessTestOurMaxSignalLevel.1 (integer) 0
305: kbWirelessTestOurMaxNoiseLevel.1 (integer) 0
306: kbWirelessTestOurMaxSignalQuality.1 (integer) 0
307: kbWirelessTestOurMaxSNR.1 (integer) 0
308: kbWirelessTestHisCurSignalLevel.1 (integer) 0
309: kbWirelessTestHisCurNoiseLevel.1 (integer) 0
310: kbWirelessTestHisCurSignalQuality.1 (integer) 0
311: kbWirelessTestHisCurSNR.1 (integer) 0
312: kbWirelessTestHisMinSignalLevel.1 (integer) 0
313: kbWirelessTestHisMinNoiseLevel.1 (integer) 0
314: kbWirelessTestHisMinSignalQuality.1 (integer) 0
315: kbWirelessTestHisMinSNR.1 (integer) 0
316: kbWirelessTestHisMaxSignalLevel.1 (integer) 0
317: kbWirelessTestHisMaxNoiseLevel.1 (integer) 0
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Aug 2004
210
318: kbWirelessTestHisMaxSignalQuality.1 (integer) 0
319: kbWirelessTestHisMaxSNR.1 (integer) 0
320: kbWirelessTestLinkUp.1 (integer) down(0)
321: kbWirelessTestLostLink.1 (integer) 0
322: kbWirelessTestLostTestPkts.1 (counter) 0
323: kbWirelessStationRadioType.1 (integer) waveLAN_I(0)
324: kbWirelessRecordType.1 (integer) turboCell(2)
325: kbWirelessStationPktReceives.1 (counter) 70964
326: kbWirelessStationReceives.1 (counter) 0
327: kbWirelessStationBytesReceives.1 (counter) 11395282
328: kbWirelessStationBytesTransmits.1 (counter) 4239031
329: kbWirelessRegistrationRecord.1 (octet string)
00.00.00.00.02.00.AE.01.00.01.24.70.0B.E2.07.00.0A.00.00.00.B8.82.00.00.00.08.00.0
0.00.00.00.00.00.00.00.00.E8.03.14.00.6C.BE.6D.BE.00.00.8F.B9.0A.00.01.81.9A.2E.
00.00.35.2E.38.20.49.53.50.5F.42.61.73.65.00.00.00.00.00.00.00.00.00.00.00.00.00.00.
00.00.00.00.00.00.00.00.00.00.6D.BE.00.00.B3.00.00.00.00.00.00.00.38.15.01.00.22.C
2.00.00.80.E1.AD.00.11.AF.40.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.
00.00.00.00.00.00.00.5A.0A.00.00.62.F2.07.00.04.00.00.00.00.00.00.00.00.00.00.00.00
.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.
00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.
00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.
00.00.00.00.00.00.00.00.00.00.00.00.00.00.00 (hex)
330: kbWirelessStationFragmentDiscards.1 (counter) 0
331: kbWirelessStationFragmentMissings.1 (counter) 0
332: kbWirelessStationFragmentLostFrames.1 (counter) 0
333: kbWirelessStationFragmentErrors.1 (counter) 0
334: kbWirelessLocalInterfaceType.1 (integer) 1
335: kbWirelessLocalInterfaceType.2 (integer) 4
336: kbWirelessTestExploreTime.1 (integer) 0
337: kbWirelessTestExploreTime.2 (integer) 0
338: kbWirelessTestExploreRate.1 (integer) 0
339: kbWirelessTestExploreRate.2 (integer) 0
WLAN Cable Access Point 6220 NTPM99CA Rel 1.0 Issue 1 Oct. 2004