Strix Systems ACCESS-ONE-32 802.11 a/g Wireless, Mesh Type Networking Device User Manual accessone userguide

Strix Systems, Inc. 802.11 a/g Wireless, Mesh Type Networking Device accessone userguide

UserManual.wiki >

Strix Systems >

ACCESS-ONE-32 User Manual >

Users Manual Part IV

Contents

Users Manual Part IV

Access / One® NetworkManaging the Network 1135The Inventory FunctionThis function provides you with an inventory view of your Access/One Network andincludes the following commands:◗Print Friendly Format◗Export to CSVThe inventory list is displayed in a tree structure that can be expanded (default) orcollapsed (show nodes only). The structure of the list consists of the Node ID, itsserial number and name, IP address and MAC address, the node type, thetechnology it uses, and the current firmware version it is running. To compliment fulltwo-way authentication, the inventory list is synchronized and maintained betweenall Strix devices. See also “Inventory or Auto Discovered” on page 63.Figure 86. Inventory ListManual additions (by node serial number)Unreachable devices are listed here

Access / One® Network114 Managing the Network5The inventory list allows you to manually add nodes, at your discretion. To add anode to the inventory list, enter the node’s serial number in the Node ID field thenclick on the Add button. Nodes that cannot be detected by the network will appearin the Unreachable Devices frame.You also have the option of manually deleting nodes from the inventory list. Todelete a node, simply click on the X icon next to the node you want to delete. Thesystem will then prompt you for a confirmation. Click on the OK button to delete theselected node, or click on the Cancel button to cancel your request.Figure 87. Deleting a Node from the Inventory ListPrint Friendly FormatThis option converts the inventory list into a printer friendly format that can beprinted on standard letter size paper. After converting the inventory list, the systemprompts you for your printer’s destination. To initiate the printing process, click onthe Print button.Figure 88. Printing the Inventory ListThe node’s alphanumeric serial number is case-sensitive, with all alphacharacters being upper case.

Access / One® NetworkManaging the Network 1155Export to CSVThis option allows you to export the inventory file to a CSV (Comma SeparatedValues) format that can be edited within a compatible spreadsheet application, suchas Microsoft Excel®.Figure 89. CSV FileImporting the CSV File to an Excel SpreadsheetWhen the CSV file is created, use the following procedure to import the file into anExcel spreadsheet for editing.1. Click in the header of the CSV file to make the CSV window active.2. Press Ctrl+A to select all text in the CSV file.3. Press Ctrl+C to copy the selected text to the clipboard.4. Open a new Excel workbook, then press Ctrl+V to paste the CSV text into acell in the workbook.5. Go to Data in the Excel menu bar and choose Text to Columns... from thepull-down list.6. On the first page of the wizard in Excel select the Delimited option, thenclick on the Next button.7. On the second page of the wizard check the Comma check box to enablethe conversion with comma delimiters.8. On the third and last page of the wizard, click on the Finish button toconvert the raw text into editable columns.

Access / One® Network116 Managing the Network5The Monitor FunctionThis function provides you with tools that allow you to view your network’soperation and performance, and includes the following commands:◗Tools•AP Monitor•Network Connect Monitor•Wireless Client Query•Rogue Monitor–Scan–Ignore All–Include AllToolsClicking on Tools in Manager/One’s toolbar generates a pull-down menu containingall the commands that are available within the Monitor function.AP MonitorThe AP Monitor provides a snapshot in table form of all active Client Connectdevices on a selected subnet.Figure 90. AP Monitor (Default View)

Access / One® NetworkManaging the Network 1175The table displayed in the AP Monitor window can be customized to show a definednumber of entries in the table, and the table can be sorted in either ascending ordescending order based on any selected column. For example, if you want to sortthe table by channel, click in the column header for Channel—the table is thensorted according to the channels used by the Client Connects.The target subnet can also be changed by selecting another subnet (as long as thesubnet exists in the pull-down list). In addition, the table offers instant access to theassigned BSSID information for each node and you can log in to any node by simplyclicking on its IP address (all links are underlined).Figure 91. An Overview of Monitor Tables (AP Monitor)To define how the table is sorted, simply click in a column header to toggle betweenascending or descending for the data in that column to become the primary sortcriteria. The data in the AP Monitor table can be refreshed at any time.BSSID InformationSorted by ChannelSubnetRefreshTotal Entries

Access / One® Network118 Managing the Network5Network Connect MonitorThe Network Connect Monitor provides a snapshot in table form of all activeNetwork Connect devices on a selected subnet.Figure 92. Network Connect MonitorAlthough the displayed data is different, the organization of tables in all monitors isthe same. For information about how to define the sort criteria within the NetworkConnect Monitor table, see Figure 91.The only difference in the navigational content between the Network ConnectMonitor and the AP Monitor is the Network Connect Monitor also includes aninformation button (i) in the top right corner of the window. Clicking on this buttongenerates the RSSI Legend pop-up window that provides a reference for the iconsdisplayed in the RSSI (dBm) column.Figure 93. RSSI Legend

Access / One® NetworkManaging the Network 1195Wireless Client QueryThe Wireless Client Query Monitor provides a search tool that allows you to run aquery through the network and locate Wi-Fi clients based on the following searchcriteria:◗Find a client based on a specific MAC address◗Find clients with an RSSI value of less than -85 dBmFigure 94. Wireless Client Query MonitorIf you choose to search for a client based on its MAC address, the system promptsyou for the address. After entering the MAC address, click on the OK button to startthe search.Figure 95. MAC Address PromptAlthough the displayed data is different, the organization of tables in all monitors isthe same. For information about how to define the sort criteria within the WirelessClient Query Monitor table, see Figure 91. And similar to the Network ConnectMonitor, the Wireless Client Query Monitor also includes the information button (i)in the top right corner of the window. Clicking on this button generates the RSSILegend pop-up window (see Figure 93).

Access / One® Network120 Managing the Network5Rogue MonitorThe Rogue Monitor provides a snapshot in table form of all rogue devices detectedon a selected subnet.Figure 96. Rogue MonitorAlthough the displayed data is different, the organization of tables in all monitors isthe same. For information about how to define the sort criteria within the RogueMonitor table, see Figure 91. And similar to the Network Connect Monitor and theWireless Client Query Monitor, the Rogue Monitor also includes the informationbutton (i) in the top right corner of the window. Clicking on this button generatesthe RSSI Legend pop-up window (see Figure 93).ScanUse this command if you want to initiate an active scan for rogue devices. Activescans can take up to one minute to complete and network traffic will be disruptedduring the scanning process. Results from the scan are reported in the RogueMonitor table (see Figure 96).Ignore AllUse this command to refresh the Rogue Monitor table with all detected roguedevices ignored. All ignored devices are grayed out.Include AllUse this command to refresh the Rogue Monitor table with all detected roguedevices included.

Access / One® NetworkManaging the Network 1215The Apply Configuration FunctionThis function is used to apply any configuration changes that have been made ateither the network or subnet level. When BLUE, click on this tab to propagate andapply your changes to all nodes and wireless modules within your Access/OneNetwork or a specific subnet.Figure 97. Apply ConfigurationImportant Notes About Apply ConfigurationThe following notes are important considerations when using the ApplyConfiguration function.For changes to be applied at the network or subnet level, you mustreboot the network after clicking on the Apply Configuration tab,otherwise your changes will not be implemented.The Apply Configuration function is not available when configuringindividual modules, because configuration changes at the module levelare applied automatically when you click on the Update button.Apply Configuration

Access / One® Network122 Managing the Network5Enabling Communication Between Remote SubnetsYour Access/One Network can be configured to enable communication betweennetwork servers on remote subnets, allowing you to manage subnets from anynetwork server on the network, regardless of its location. For example, remotesubnets in New York and Los Angeles can be configured and managed from thesame Manager/One interface.ExampleLos Angeles and New York each have their own network:◗Los Angeles (LA): 172.20.0.0◗New York (NY): 192.152.1.0)You want both networks to be managed by the same Manager/One interface, andyou can assume that a network server in Los Angeles (172.20.0.50) is the primaryserver for the Access/One Network.See also, “Starting a New Network” on page 32.It is recommended that you complete all of your configuration changesbefore using the Apply Configuration command to propagate yourchanges throughout the network. Once the Apply Configurationcommand has been initiated, you cannot make any further changesuntil the command cycle has been completed.It is strongly recommended that customers use an NTP (Network TimeProtocol) server to synchronize Access/One Network to one clock. Thiswill ensure that the system's internal Syslog time-stamping process ismaintained correctly. See also, “Enabling Windows 2000 Servers forNTP Requests” on page 33. Without an NTP server (no universal clock),each network server will use its own internal clock and stamp timesaccordingly.

Access / One® NetworkManaging the Network 1235ProcedureConfigure a single remote network server for each subnet (NY: 192.162.1.22) on theLA server. Within a few minutes, Strix’s mesh topology feature will cause all of theremote subnets to automatically appear in each network server. Your Access/OneNetwork is now manageable from any of the network servers in the network.Removing the NS to NS FeatureTo remove the NS to NS communication feature, delete all of the remote serverentries on the LA server. When done, click on the Update button, then click on theApply Configuration tab and reboot the network (to apply your changes).Managing Remote Subnets from Manager/OneIn most cases, configuration of your Access/One Network will apply to all subnets tomaintain an homogeneous network. There are a few commands which can only beapplied at the subnet level. The following commands apply to the network levelonly (regardless of what view is currently displayed):◗Load Firmware on Network◗The Apply Configuration FunctionThe following commands apply at the network or subnet level (depending on whatview is currently displayed):◗Reboot Network (network only)◗Reboot... (subnet / network)The following commands are applicable only at the subnet level:◗Update Network Membership◗Update Node Names

Access / One® Network124 Managing the Network5

Access / One® NetworkManaging Subnets and Nodes 1256Managing Subnets and NodesThis chapter covers management tasks at the subnet and node levels—you can onlymanage a subnet or node (you cannot configure subnets or nodes independent ofthe network). If you are managing your Access/One Network at the network level, ormanaging an individual module (for example, a wireless module or network server),go to the relevant chapter:◗“Managing the Network” on page 65.◗“Managing Modules” on page 131.The following graphic shows the subnet (subcloud) view in Manager/One’s mainwindow. The subnet view displays all nodes within the selected subnet and providesinterface features that are not available at the network level. All tasks in this chapterare performed at the subnet or node levels.Figure 98. Subnet (Subcloud) ViewIP AddressDetails Pane Subnet (Subcloud)ViewsDiscovery Options

Access / One® Network126 Managing Subnets and Nodes6Interface Features in the Subnet ViewThe interface features that are unique to the subnet view have already beendiscussed in Chapter 4, The Manager/One Interface. They are listed here for yourconvenience, and include:◗“A Choice of Layouts” on page 45.◗“The Details Pane” on page 56.◗“Inventory or Auto Discovered” on page 63.The Manage FunctionTo avoid repetition, this section only addresses the management commands at thesubnet and node levels that are different from the equivalent commands at thenetwork level, or management commands that are unique to the subnet and nodelevels. Therefore, the section headings included here are limited to the followingcommands in the Manage function only:◗Commands (at the Subnet Level)•Load Firmware...–Subnet–Network•Reboot...–Subnet–Network◗Commands (at the Node Level)•Update Node Names•Update Network MembershipAll other commands that are available at the subnet level but not listed here can befound in Chapter 5, Managing the Network. You can also find them in the Table ofContents and the Index.

Access / One® NetworkManaging Subnets and Nodes 1276Commands (at the Subnet Level)Load Firmware...This command allows you to load a new firmware image to each of the modulescontained in all network nodes within your Access/One Network or to a specificsubnet. However, before you can load a new image, your FTP server parametersmust be established correctly to let Manager/One know where to locate the newimage (BIN) file.To establish the correct FTP parameters and load new firmware at the network orsubnet levels, go to “Updating the Firmware” on page 35.SubnetChoose this option to load new firmware to all devices within the selected subnet.NetworkChoose this option to load new firmware to all subnets and devices within yourentire Access/One Network.Reboot...This command reboots each module in all nodes within your Access/One Networkor a selected subnet. Rebooting is required when configuration changes are made ora new firmware image is loaded. To monitor the progress of the reboot operation,the network server generates the request in stages. When each module reportsreceiving the reboot command and successfully reboots, the network serverperforms a final self-reboot. You can monitor reboot progress reports with the ViewAction Status command or from the Command Progress pane.Figure 99. Command Progress PaneSuccess

Access / One® Network128 Managing Subnets and Nodes6Whenever you initiate the Reboot... command, the system warns you that this actionwill affect multiple devices on the network (or subnet) and asks you to confirm therequest. If you want to proceed, click on the OK button to initiate the rebootprocess, otherwise click on the Cancel button to abort the command.See also, “Important Note About Rebooting” on page 4.SubnetChoose this option to reboot the selected subnet.NetworkChoose this option to reboot your entire Access/One Network.Commands (at the Node Level)Update Node NamesThe ability to assign names to your nodes is provided as a convenience to users whowant their nodes to have meaningful names (for example, based on the node’slocation).Figure 100. Node Name (Flat View)In Manager/One, the node name appears below the node in an editable text field.You can assign any name with up to 15 alphanumeric characters, but the name mustbe unique within your Access/One Network. If you attempt to enter a name thatalready exists (a duplicate name), Manager/One will prompt you for a new name.Name changes do not require a reboot, but may take between 10 and 15 secondsbefore the change is reported. Refresh your browser window frequently to ensurethat the latest information is displayed.Node Name

Access / One® NetworkManaging Subnets and Nodes 1296To change a name, simply enter a new name in the text field below the node andselect the Update Node Names command. When prompted, click on the OK buttonto apply your change.Update Network MembershipThe subnet (subcloud) displays all of the nodes residing in the network. Nodesalready assigned to the network (members) are GREY in color and the check boxbelow the node is checked.Figure 101. Network MembershipYou can add or remove nodes from the network by checking or unchecking thecheck box below the node, then selecting the Update Network Membershipcommand. This action forces a reboot of the nodes which have changed theirmembership status (nodes not admitted to a network, other than the default, will notbridge user traffic).IWS nodes that are BLUE do not have a check mark in the check box,and although they are currently not assigned to the network, they canbe admitted (become members). All nodes admitted to the network willbe rebooted. Nodes that are RED also do not have a check mark in thecheck box, but these nodes are unavailable and cannot be assigned tothe network.

Access / One® Network130 Managing Subnets and Nodes6Use this Space for Your Notes

Access / One® NetworkManaging Modules 1317Managing ModulesThis chapter covers management and configuration tasks at the individual modulelevel (for example, wireless modules or network servers). It is generally sufficient toconfigure your Access/One Network as a whole without configuring specificmodules. If you are managing the network, a subnet or node, go to the relevantchapter:◗“Managing the Network” on page 65.◗“Managing Subnets and Nodes” on page 125.When a module is configured, the module’s manually configured parameters willalways override the global network parameters that are configured or defaulted atthe network level. It is presumed that if a module is manually configured, then themodule’s values take precedence over global network values.Manger/One at the Module LevelWhen you drill down to the module level in Manager/One you will notice that thefunction tabs and available commands change, depending on what type of moduleyou have selected (wireless module or network server). For example, If you arelogged in to a wireless module, Manager/One presents you with a Rogue Devicesfunction and Wi-Fi commands under the Configure function—none of these optionsbeing available if you are logged in to a network server (they are not required fornetwork servers).Also, and regardless of what type of module you are logged in to, the ApplyConfiguration tab is not available at the module level. The Apply Configuration tabis only applicable at the network level where you need to propagate yourconfiguration changes across the entire network.To avoid repetition, this chapter only addresses the commands at the module levelthat are different from the equivalent commands at the network level, or commandsthat are unique to individual modules. For your convenience, cross-references areincluded that will take you to the corresponding commands at the network level.

Access / One® Network132 Managing Modules7When you initiate a command at the module level, the configuration pages that aredisplayed contain the configuration settings that are currently applied to the selectedmodule only (not the network or any other module).The Manage FunctionThis function provides you with the tools you need to manage individual modulesand includes the following commands:◗Actions•Factory Defaults•Load Firmware/Configuration•Page Device•RebootIn most cases, the only difference between a configuration windowgenerated at the network level and the same window generated at themodule level is the inclusion of pre-configured module data (if any) inthe fields contained within the window.

Access / One® NetworkManaging Modules 1337ActionsThis area of Manger/One applies to all modules (wireless modules and networkservers) and contains commands that allow you to establish factory default settings,load firmware and/or configuration files, and page or reboot the module.Factory DefaultsThis command allows you to set the module’s configuration settings to their factorydefault state or remove the subnet and/or network configuration parameters from themodule.Figure 102. Device Configuration WindowMake your selection(s) from the available options:◗Set Device Configuration To Factory DefaultsEnable this option to reset the module to its factory default state.◗Remove Sub-cloud Configuration From DeviceEnable this option to remove any configuration settings that were applied tothe module at the subnet level.◗Remove Cloud Configuration From DeviceEnable this option to remove any configuration settings that were applied tothe module at the network level.After making your selections, click on the Factory Default button to apply yourchanges, then click on the Reboot button to reboot the module.

Access / One® Network134 Managing Modules7Load Firmware/ConfigurationThis command allows you to load a new firmware image and /or configuration fileto the module, restore a previous version (or backup file), or upload a backupfirmware image and /or configuration file. The following graphic shows the LoadFirmware/Configuration window with its options set for uploading a backupconfiguration file.Figure 103. Loading a New Firmware Image or Configuration FileGo to “Firmware Updates” on page 143 and establish the FTP server parameters toinform Manager/One where to locate the new firmware image or configuration file,and which file to use. The following options are available with this command:◗Action TypeChoose Download, Restore Previous Version, or Upload.◗File VersionDefine the file version, either Current or Backup (only available if you areuploading a file).◗File TypeDefine the file type, either Image or Configuration.Click on the Download Now,Restore Now, or Upload Now button (depending onwhich action you defined) to execute the command, then click on the Rebootbutton to reboot the module.

Access / One® NetworkManaging Modules 1357Page DeviceThis command allows you to page the module (device) that you are currently loggedin to.Figure 104. Paging a DeviceTo page the module, simply click on the Page Device button. When an IWS (IndoorWireless System) module is paged, the module’s LED blinks between GREEN andRED, indicating that communication with the module is successful. The module willbe paged until you click on the Disable Page button.RebootThis command allows you to reboot the module.Figure 105. Rebooting a ModuleClick on the Reboot button to reboot the module, or click on the Cancel button tocancel the request.

Access / One® Network136 Managing Modules7The Configure FunctionThis function provides you with the tools you need to configure individual modulesand includes the following commands:◗System•User Login•Network Management–General–SNMP–Trusted IP Addresses•TCP/IP Settings•Priority/One - Class of Service•Radius Accounting•Syslog•Date and Time•Operating Environment•Firmware Updates◗Wi-Fi (Wireless Modules Only)•Radio Parameters•Client Connect•Network Connect•Rogue ScanSystemThis area of Manger/One applies to all modules (wireless modules and networkservers) and contains commands that allow you to configure the module’s system-level parameters. Any configuration parameters that you apply to the module willsupersede the equivalent system-level parameters that were applied at the networklevel and propagated to the module from the Apply Configuration tab.

Access / One® NetworkManaging Modules 1377User LoginThis command allows you to establish the identity of this module, define its physicallocation within the environment based on latitude, longitude and elevation, and setup the module’s login parameters (username and password).Figure 106. Module Identity and User Management (Login) ParametersThe following options are available with this command:◗Module NameEdit the existing name or enter a new name for this module. If no name isdefined for the module, the system automatically sets the module’s factorydefault serial number as the name.◗Network NameThis field (not editable) shows the name of the network that this module isassociated with. If you need to change the network association for thismodule, go to “Update Network Membership” on page 129.◗LatitudeThis field allows you to define the specific latitude for where this module islocated (more relevant to OWS modules where physical location andenvironment can be extreme). This setting must be within the range of -90degrees/minutes to +90 degrees/minutes. The default is +0.000000.

Access / One® Network138 Managing Modules7◗LongitudeThis field allows you to define the specific longitude for where this module islocated (more relevant to OWS modules where physical location andenvironment can be extreme). This setting must be within the range of -180degrees/minutes to +180 degrees/minutes. The default is +0.000000.◗ElevationThis field allows you to define the specific elevation (in feet) for where thismodule is located (more relevant to OWS modules where physical locationand environment can be extreme). The default is +0 feet (sea level).◗User nameSelect a user name from the pull-down list (Admin or Guest). Any changesyou make to the password in the following field will affect logins to thismodule for the selected user name only.◗PasswordEnter a password (between 5 and 32 characters). All passwords are case-sensitive. Any change you make to the password will affect logins for thismodule only.◗Confirm PasswordRe-enter the password to confirm that you typed it correctly.◗Password EncryptionCheck this box if you want Access/One Network to encrypt your password foradditional security.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.The default for the user name and the password for all moduleswithin your Access/One Network is Admin (with a capitalized A)for both. We strongly recommend that you change the defaultpassword immediately after your initial login.

Access / One® NetworkManaging Modules 1397Network ManagementThis command generates three sub-commands (General, SNMP, and Trusted IPAddresses) that allow you to define parameters for how the module is managedwithin your Access/One Network. For the most part, these commands are the sameas their corresponding commands at the network level (with some minor exceptionsthat are documented here).GeneralUnless you are logged in to a network server, this command is the same as itscorresponding command at the network level. In this case, go to “General” onpage 73 to configure all options under this command. If you are logged in to anetwork server, the window generated by this command includes an additionaloption called Client Connect Privacy Tags.Figure 107. Client Connect Privacy Tags◗Client Connect Privacy TagsCheck the box for Preserve Tags on Egress to LAN if you want this module topreserve any client connect privacy tags that have been assigned to yourAccess/One Network. See also, “Client Connect” on page 98.

Access / One® Network140 Managing Modules7When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.SNMPThe only difference between the SNMP configuration window generated at themodule level and the corresponding window at the network level is the addition ofthe Description and Name identifier fields, specific to the module. For all otherSNMP configuration options, go to “SNMP” on page 75.Figure 108. Module Description and NameThe Description field provides a description of the module and is not editable. Ifdesired, you can enter a new name for the module in the Name field.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.

Access / One® NetworkManaging Modules 1417Trusted IP AddressesThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Trusted IP Addresses” on page 141.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.TCP/IP SettingsThis command is similar to the TCP/IP Settings command used at the network level,with the addition of the IP Settings option. For all other TCP/IP configurationoptions, go to “TCP/IP Settings” on page 78.Figure 109. TCP/IP Settings (Module Level)◗IP SettingsChoose whether you want the system to use DHCP to obtain the module’s IPaddress automatically (default), or use a pre-configured static IP address. Ifyou choose the latter option, you must enter a valid IP address and SubnetMask in the appropriate fields.

Access / One® Network142 Managing Modules7When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Priority/One - Class of ServiceThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Priority/One - Class of Service” onpage 81.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Radius AccountingThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Radius Accounting” on page 84.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.SyslogThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Syslog” on page 85.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.

Access / One® NetworkManaging Modules 1437Date and TimeThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Date and Time” on page 88.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Operating EnvironmentThis command is the same as its corresponding command at the network level. Toconfigure these options for the module, go to “Operating Environment” on page 91.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Firmware UpdatesThis option is similar to the Firmware Updates command used at the network level,but without the FTP Update Aggressiveness options, and with the addition of the FileName field (for defining a new configuration file). For all other Firmware Updatesconfiguration options, go to “Firmware Updates” on page 91.Figure 110. Setting Up the FTP Server (Module Level)

Access / One® Network144 Managing Modules7◗File NameIf you are calling a file other than accessone.bin or accessone_m.bin for thismodule, enter the name of the file in this field.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Wi-FiThis area of Manger/One applies only to wireless modules (not network servers) andcontains commands that allow you to configure the module’s Wi-Fi parameters. Anyconfiguration parameters that you apply to the module will supersede the equivalentsystem-level parameters that were applied at the network level and propagated tothe module from the Apply Configuration tab.The menu structure under the Wi-Fi option is slightly different, depending onwhether you are logged in to a single band wireless module or a dual band wirelessmodule. The differences between the menus are as follows:Figure 111. Single and Dual Band Wi-Fi Menu Structure◗Wi-Fi (single band radio)•Radio Parameters•Client Connect•Network Connect•Rogue Scan◗Wi-Fi (dual band radio)•802.11a Radio–Parameters–Client Connect–Network Connect–Rogue Scan•802.11g Radio–Parameters–Client Connect–Network Connect–Rogue Scan

Access / One® NetworkManaging Modules 1457Radio ParametersThis command is similar to the Radio Parameters command used at the networklevel, but with fields that are relevant only to the selected wireless module. To avoidconfusion, the page generated by this command will be documented here in full. Allchanges made to this page will be applied only to the module you are currentlylogged in to (not to the entire network).The following graphic shows an example of the Radio Parameters page for an802.11a wireless module.Figure 112. Radio Parameters (Module Level)

Access / One® Network146 Managing Modules7The following options are available with this command:◗Active Country CodeThis field (not editable) shows the currently active country code.◗Config Country CodeThis field is not editable because this model of your Access/One Networkapplies only to the United States (which is the only country code available).◗Operating ModeThis option allows you to select the operating mode (either Client Connect orNetwork Connect) manually, or choose Automatic Selection if you want themodule to select its operating mode automatically. ◗Wireless ModeThis option allows you to select the wireless mode for this module. Thefollowing modes are available:•802.11a–802.11a: This is the default standard 802.11a wireless mode.–802.11a Turbo: This configures the module to operate in Turbomode, allowing it to operate with data rates at speeds up to 108Mbps. This translates to nearly double the throughput, but all userdevices must be capable of running the 802.11a Turbo mode and beconfigured for it. Turbo mode is not an industry standard and so notall 802.11a user devices support this feature.•802.11g–802.11g: This is the default standard 802.11g wireless mode.–802.11g Only: This mode restricts the module to the 802.11gwireless mode only and does not allow 802.11b compatibility.

Access / One® NetworkManaging Modules 1477–802.11g Super: This mode provides support for the Atheros Super GFastFrames throughput enhancement technology, with data rates upto 108Mbps and compatible with the 802.11g (54 Mbps) wirelesstechnology. This translates to nearly double the throughput, but thereare some limitations, including:–Only one operating channel is supported.–All user devices must also be capable of running 802.11g SuperG and be configured for it. Super G is not an industry standardand so not all 802.11g user devices support this feature.–802.11b Only (No 802.11g): This mode restricts the module to the802.11b mode only and does not allow 802.11g compatibility.◗Allow Association Over Long DistancesThis option allows you to set a distance (up to 25 miles) for wirelessassociations over long distances (the default is 3 miles).◗WLAN Radio Client LimitsThis option allows you to restrict the number of clients that can associate withthe module. The default is 128. Setting this field to 0 (zero) prevents all clientaccess to the module.◗Frequency/Rate/PowerThese options define the operating frequency, data rate and transmit powerfor the module. The fields for these options include:•Active Radio FrequencyThis field displays the active radio frequency that this module is currentlyusing.•Radio FrequencyThis option allows you to manually change the operating frequency fromthe frequencies available in the pull-down list. Alternatively, you canchoose the SmartSelect option which will instruct the system to select thebest frequency automatically.

Access / One® Network148 Managing Modules7•Data RateThis option allows you to select the data rate for the wireless modulefrom the choices available in the pull-down list. All data rates arespecified in Mbps (Megabits per second). You can choose a specific datarate from the pull-down list, or choose the Best option, which willinstruct the system to select the best data rate for the wireless moduleautomatically. The available data rates are determined by which type ofwireless module (802.11a or 802.11g) you are logged in to.•Transmit PowerThis option allows you to select the level of transmit power for thewireless module from the choices available in the pull-down list (eitherFull, Half, Quarter, One Eighth, or Minimum). You can decrease thetransmit power to decrease the range of the module. The default value forthis parameter is Full (maximum power).Depending on the selected antenna(s) for your application—especiallyrelevant to the OWS—it may be necessary to configure the transmitpower. It is the installer's responsibility to ensure that the transmit poweris set correctly for the chosen antenna(s). Operation in a manner otherthan is represented in this document is a violation of FCC rules.For a complete listing of the maximum power settings allowed forantennas, go to “Power Settings for Antennas” on page 165.

Access / One® NetworkManaging Modules 1497◗802.11a Channel SelectorThese options extend the range of 802.11a wireless capability by allowingyou to select 802.11a wireless channels. Check the corresponding box toenable an 802.11a channel of your choice.◗802.11g Channel SelectorThese options extend the range of 802.11g wireless capability by allowingyou to select 802.11g wireless channels. Check the corresponding box toenable an 802.11g channel of your choice.◗802.11g (only)These options allow you to set up how your 802.11g wireless moduleperforms (not applicable to 802.11a radios). Options that are specific to802.11g radios include:•Protection ModeThis is a mechanism to let 802.11g devices know when they should usemodulation techniques to communicate with another 802.11b device,especially in wireless networks where there is a mixed environment thathas 802.11g and 802.11b clients (and the clients are hidden from eachother. The protection mode options are:–NoneThis assumes there are no wireless stations using 802.11b (11 Mbps)technology. If operating in a mixed 802.11b/g network with minimal802.11b traffic, choose this option to ensure the best performance foryour 802.11g stations.–AlwaysProtects 802.11b traffic from colliding with 802.11g traffic. Thismode is not recommended, especially if only a few wireless stationsare operating with 802.11b. Only use this mode in environmentswith heavy 802.11b traffic or where there is interference.

Access / One® Network150 Managing Modules7–AutoThis is the default mode and will enable protection for 802.11gstations if your Access/One Network finds an 802.11b client. In thismode, if the 802.11b client leaves the network the protection modewill revert to None automatically.•Protection RateSets the data rate at which the RTS-CTS (Request-to-Send and Clear-to-Send) packets are sent (either 1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps).The 11 Mbps data rate is the default.•Protection TypeThis option is only relevant when the Protection Mode is on. The optionshere are CTS-only or RTS-CTS. With CTS-only, the client is not requiredto send an RTS (Request-to-Send) to the AP. As long as the client receivesa CTS (Clear-to-Send) frame from the AP then the client is free to senddata. With the RTS-CTS option enabled, the client is required to send anRTS to the AP and wait for a CTS from the AP before it can send data (thisoption creates additional overhead and can cause performancedegradation). The default is CTS-only.•Short Slot Time802.11g defines the long slot time as 20 microseconds and a short slottime as 9 microseconds. 802.11b only supports the long slot time of 20microseconds. In an environment with 802.11g devices only, this option(Short Slot Time) must be enabled for better performance—givingprecedence to 802.11g traffic. Only disable this option in mixed(802.11b and 802.11g) environments. The default is enabled.•Short Slot PreambleShort slot preamble improves network efficiency by reducing thepreamble from 128 bits to 56 bits. 802.11g is required to support bothshort and long preambles (802.11b support for a short preamble isoptional). If this option is enabled, any 802.11b clients associated withthe network must support a short preamble. The default for this option isenabled.

Access / One® NetworkManaging Modules 1517◗Advanced SettingsThese advanced settings are preconfigured with the optimum settings for yourwireless module. Changing any of these settings may negatively affect themodule’s performance. For best results, leave these settings at their defaultvalues.•Beacon IntervalThe beacon is a uniframe system packet broadcast by the AP to keep themodule synchronized. Enter a value in this field between 20 and 1000(milliseconds) that specifies the beacon interval. The default value is 100.•Delivery Traffic Indication Message (DTIM Period)Enter a value between 1 and 255 that specifies the Delivery TrafficIndication Message (DTIM). Increasing this interval allows the station tosleep for longer periods of time resulting in power savings (in exchangefor some degradation in performance). The default value is 1.•Fragment LengthEnter a value between 256 and 2346. This setting determines the size ofthe wireless frame. Wireless frames are reassembled by the wirelessmodule before being forwarded to the Ethernet port, but only if the frameis smaller than the Ethernet MTU (1536 bytes). The default value is 2346.•RTS/CTS ThresholdThis is a value that determines at what frame length the RTS-CTS functionis triggered. By default, the threshold is set at its highest value. A lowervalue means that the RTS-CTS function is triggered for smaller framelengths. A lower threshold value may be necessary in environments withexcessive signal noise or hidden nodes, but may result in someperformance degradation. Enter a value between 256 and 2346 to specifythe RTS/CTS threshold. The default value is 2346.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.

Access / One® Network152 Managing Modules7Client ConnectThis command is similar to its corresponding command at the network level. Theonly difference between the configuration windows is that the Client ConnectPrivacy Tags option is not displayed at the module level. To configure your ClientConnect options for a wireless module, go to “Client Connect” on page 98.Figure 113. Client Connect Configuration WindowWhen finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.

Access / One® NetworkManaging Modules 1537Network ConnectThis command is similar to its corresponding command at the network level, withthe addition of the Target MAC Address and Ignore RTD options. For all otherconfiguration options, go to “Network Connect” on page 106.Figure 114. Network Connect Configuration Window◗Target MAC AddressEnter the MAC address for the wireless module to enable peer-to-peerconnectivity based on the module’s MAC address. You only need to completethe MAC address (the first three fields are inputted automatically).◗Ignore RTDCheck this box to instruct the system to ignore the RTD (Round Trip Delay),which ensures that the backhaul will stay connected to an AP even if the RTDis zero. When RTD from a Client Connect is set to 0 (zero) a NetworkConnect will drop its wireless connection to that Client Connect and scan fora peer with a non zero RTD (that can ping the gateway). Ignoring the RTDwill keep the link up to that peer regardless, and eliminate self-healing. Thedefault is to ignore the RTD (enabled).

Access / One® Network154 Managing Modules7When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.Rogue ScanThis option allows you to define which channels are scanned for rogue devices bythe defined country code (similar to its corresponding command at the networklevel, but without the option for defining a rogue list refresh period). To configurerogue scan channel selections for the module, go to “Rogue Scan” on page 111.When finished, click on the Update button to update this page and apply yourchanges, then click on the Reboot button to reboot the module. If necessary, youcan click on the Refresh button in the toolbar to reset all parameters on this page totheir original values.

Access / One® NetworkManaging Modules 1557The Monitor FunctionThis function provides you with the tools you need to monitor the performance ofindividual modules and includes the following commands:◗Reports•Radio StatisticsApplicable to wireless modules only.•Wireless NeighborsApplicable to wireless modules only.•Wireless Client MonitorApplicable to wireless Client Connect modules only.•SSIDs / VLANs ListApplicable to wireless Client Connect modules only.•Device InformationApplicable to all wireless modules and network servers.

Access / One® Network156 Managing Modules7ReportsThis area of Manger/One applies to all wireless modules and network servers andcontains commands that allow you to monitor the performance of individualmodules within your Access/One Network. It should be noted that the menustructure under the Reports option is slightly different, depending on whether youare logged in to a single band wireless module or a dual band wireless module. Thedifferences between the menus are as follows:Figure 115. Single and Dual Band Reports Menu StructureThe Radio Statistics,Statistics (dual band radios only) and Wireless Neighborscommands are only available when logged in to a wireless module—not a networkserver.The Wireless Client Monitor and SSIDs / VLANs List commands are only availablewhen logged in to a wireless module that is configured as a Client Connect—not aNetwork Connect or network server.The Device Information command is available for all wireless modules, includingnetwork servers.◗Reports (single band radio)•Radio Statistics•Wireless Neighbors•Wireless Client Monitor•SSIDs / VLANs List•Device Information◗Reports (dual band radio)•802.11a Radio–Statistics–Wireless Neighbors–Wireless Client Monitor–SSIDs / VLANs List•802.11g Radio–Statistics–Wireless Neighbors–Wireless Client Monitor–SSIDs / VLANs List•Device Information

Access / One® NetworkManaging Modules 1577Radio StatisticsThis command is used to generate a statistical performance report relative to theselected wireless module. You can Clear the data or Recalculate the data that isdisplayed on this page, as required.Clearing the data resets all values to zero. If you recalculate (refresh) the data, thewireless module is polled and current operating data is displayed. Clicking on theRefresh button in the toolbar has the same effect as recalculating the data.The following graphic shows an example of the Radio Statistics report for an802.11a wireless module operating in the 5 GHz band with a data rate of 54 Mbps.Figure 116. Radio StatisticsClearRecalculate

Access / One® Network158 Managing Modules7Wireless NeighborsThis command is used to generate a report that shows all wireless neighbors for themodule, including any rogue devices (if enabled). To generate the report, click onthe Scan button—it may take up to one minute to complete the scan for wirelessneighbors and return the results. To include rogue devices in the scan, simply checkthe Show Rogue Devices check box. The default is to include rogue devices.Figure 117. Wireless NeighborsThe table displayed in the Wireless Neighbors window can be customized to show adefined number of entries in the table, and the table can be sorted in eitherascending or descending order based on any selected column. For example, if youwant to sort the table by wireless technology, click in the column header forTechnology—the table is then sorted according to the wireless technology used byeach wireless neighbor. The default is to have the table sorted by BSSID indescending order. You can refresh the data on this page by clicking on the Refreshbutton in the toolbar. In addition, you can view the RSSI legend by clicking on theInformation button (i) in the toolbar.Scan for NeighborsShow Rogue Devices

Access / One® NetworkManaging Modules 1597Wireless Client MonitorThis command is used to generate a report that shows all Client Connects that arecurrently associated with the module you are logged in to.Figure 118. Wireless Client MonitorThe table displayed in the Wireless Client Monitor window can be customized toshow a defined number of entries in the table, and the table can be sorted in eitherascending or descending order based on any selected column. For example, if youwant to sort the table by the IP address of each client, click in the column header forClient IP Address—the table is then sorted according to the IP address designated foreach client. The default is to have the table sorted by Client BSSID in descendingorder. You can refresh the data on this page by clicking on the Refresh button in thetoolbar. In addition, you can view the RSSI legend by clicking on the Informationbutton (i) in the toolbar.If you know the username and password, you can also log in to a client by clickingon its IP address, or you can click on a client’s BSSID and view the BSSIDinformation associated with the client (see also, “AP Monitor” on page 116).The far right column offers a convenient tool for disconnecting from any of theclients in the table—simply click on the disconnect icon in this column todisconnect from the associated client.

Access / One® Network160 Managing Modules7SSIDs / VLANs ListThis command is used to generate a report that shows all SSIDs and VLANs currentlyassociated with the module you are logged in to.Figure 119. SSID / VLANs ListThe table displayed in the SSIDs / VLANs List window can be sorted in eitherascending or descending order based on any selected column. For example, if youwant to sort the table by the priority assigned to each VLAN, click in the columnheader for Priority—the table is then sorted according to the VLAN priority. Thedefault is to have the table sorted by VLAN in descending order.You can refresh the data on this page by clicking on the Refresh button in thetoolbar. In addition, you can view the Wi-Fi legend by clicking on the Informationbutton (i) in the toolbar. The legend shows the meaning of the icon displayed in theType column.Client Connect (Virtual/Strix) is the system topology that enables your Access/OneNetwork to support and provide access to client devices using most wirelesstechnologies, including 802.11a or 802.11g. With Client Connect you cancustomize each network node to support the wireless technologies you need in thelocations you need them. Any mix of these technologies can be supported within asingle node or across the entire Access/One Network. To understand how SSIDs andVLANs are assigned to clients, go to “Client Connect” on page 152.

Access / One® NetworkManaging Modules 1617Device InformationThis command is used to generate a report that shows information about the moduleyou are logged in to. Figure 120 shows the Device Information window generatedwhile logged in to an 802.11a wireless module. Unlike most monitoring windows,pages generated by the Device Information command are not configurable.Figure 120. Device Information (802.11a Module)Figure 121 shows the Device Information window generated while logged in to anetwork server module.Figure 121. Device Information (Network Server)

Access / One® Network162 Managing Modules7The Rogue Devices FunctionThis function provides you with a rogue scanning tool that allows you to scan for allrogue devices. The scanning tool offered here is similar to the Rogue Monitor toolprovided at the network level, but applies only to rogue devices detected by thewireless module that you are logged in to.CommandsThis area of Manger/One applies to wireless modules only.ScanUse this command if you want to initiate an active scan for rogue devices. Activescans can take up to one minute to complete and traffic to and from the module willbe disrupted during the scanning process. Results from the scan are reported in theRogue Monitor table.Figure 122. Rogue Monitor TableThe table displayed in the Rogue Monitor table can be sorted in either ascending ordescending order based on any selected column. For example, if you want to sortthe table by technology, click in the column header for Technology—the table isthen sorted according to the wireless technology used by the rogue device. Thedefault is to have the table sorted by BSSID in descending order.

Access / One® NetworkManaging Modules 1637You can refresh the data on this page by clicking on the Refresh button in thetoolbar. In addition, you can view the RSSI legend by clicking on the Informationbutton (i) in the toolbar.In addition, you can click on a rogue’s BSSID and view the BSSID informationassociated with the rogue device. For example:Figure 123. BSSID Information for Rogue DeviceFor more information about rogue devices, go to:◗“Detecting Rogue Devices” on page 13.◗“Rogue Scan” on page 111.◗“Rogue Monitor” on page 120.◗“Rogue Scan” on page 154.

Access / One® Network164 Managing Modules7Use this Space for Your Notes

Access / One® Network165APower Settings for AntennasThe following tables show the maximum power settings based on the type ofantenna1 being used and the wireless band.Channels for IEEE 802.11b/g* Listed power level settings are average power.1. In order to comply with FCC regulations, for transmissions in the 5.725 - 5.850 GHzband using the 23 dBi Patch Panel antenna in the United States, a band pass filter mustbe used (K&L Microwave part number 6C50-5787.5/U120-n/n or equivalent), andalso for transmissions in the 2.4 GHz band in the United States using full power onchannels 1 or 11 (RF Linx Corporation part number 2400BPF-8-FB or equivalent).12 dBi Omni Antenna (2.4 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *CCK ODFM1 2412 Yes Half (+24dBm) Half (+23dBm)2 2417 Yes Half (+24dBm) Half (+23dBm)3 2422 Yes Half (+24dBm) Half (+23dBm)4 2427 Yes Half (+24dBm) Half (+23dBm)5 2432 Yes Half (+24dBm) Half (+23dBm)6 2437 Yes Half (+24dBm) Half (+23dBm)7 2442 Yes Half (+24dBm) Half (+23dBm)8 2447 Yes Half (+24dBm) Half (+23dBm)9 2452 Yes Half (+24dBm) Half (+23dBm)10 2457 Yes Half (+24dBm) Half (+23dBm)11 2462 Yes Half (+24dBm) Half (+23dBm)

Access / One® Network166A* Listed power level settings are average power.16.4 dBi Sector Antenna (2.4 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *CCK ODFM1 2412 Yes Quarter (+21dBm) Quarter (+20dBm)2 2417 Yes Quarter (+21dBm) Quarter (+20dBm)3 2422 Yes Quarter (+21dBm) Quarter (+20dBm)4 2427 Yes Quarter (+21dBm) Quarter (+20dBm)5 2432 Yes Quarter (+21dBm) Quarter (+20dBm)6 2437 Yes Quarter (+21dBm) Quarter (+20dBm)7 2442 Yes Quarter (+21dBm) Quarter (+20dBm)8 2447 Yes Quarter (+21dBm) Quarter (+20dBm)9 2452 Yes Quarter (+21dBm) Quarter (+20dBm)10 2457 Yes Quarter (+21dBm) Quarter (+20dBm)11 2462 Yes Quarter (+21dBm) Quarter (+20dBm)

Access / One® Network167AChannels for IEEE 802.11a* Listed power level settings are average power.* Listed power level settings are average power.12 dBi Omni Antenna (5.25 – 5.35 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *ODFM52 5260 No Quarter (+17dBm)56 5280 No Quarter (+17dBm)60 5300 No Quarter (+17dBm)64 5320 No Quarter (+17dBm)12 dBi Omni Antenna (5.725 – 5.85 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *ODFM149 5745 No Half (+23dBm)153 5765 No Full (+26dBm)157 5765 No Full (+26dBm)161 5805 No Full (+26dBm)165 5825 No Half (+23dBm)

Access / One® Network168A* Listed power level settings are average power.* Listed power level settings are average power.23 dBi Patch Panel Antenna (5.25 – 5.35 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *ODFM52 5260 No Minimum (+5dBm)56 5280 No Minimum (+5dBm)60 5300 No Minimum (+5dBm)64 5320 No Minimum (+5dBm)23 dBi Patch Panel Antenna (5.725 – 5.85 GHz)ChannelIdentifierFrequency (MHz) FilterPower Level (dBm) *ODFM149 5745 Yes Half (+23dBm)153 5765 Yes Full (+26dBm)157 5765 Yes Full (+26dBm)161 5805 Yes Full (+26dBm)165 5825 Yes Half (+23dBm)

Access / One® Network169BTechnical SupportStrix has partnered with industry leading resellers and system integrators and hasequipped them with all of the training and support tools needed to service our end-user customers. Strix Partners may log in to the Partner Page for detailed supportinformation.Figure 124. Partner Login PageWarrantyOur Access/One Network ships with a standard warranty of one year for hardwareand software. See also, Access/One® Indoor and Outdoor Wireless System LimitedWarranty and Software License Agreement in the front matter In addition towarranty services, Strix offers technical support services for firmware and software,and advanced replacements for Access/One products.Priority Assignment

Access / One® Network170BStrix recognizes our customers’ reliance on our products to gain a competitive edgein their respective industries. Therefore, Strix offers priority assignment of ourtechnical resources and expertise for those support situations where there is acritical impact to the customers’ business operations.Partner TrainingStrix provides training to our partners on product features and benefits, including:◗Wireless network design, including mesh implementation◗Network operation and management◗Wireless securityOur partners are experienced at installing, configuring, operating andtroubleshooting your Access/One Network.Partner ToolsOnce a VAR becomes a Strix partner, they have access to our Partners Web page,where they are equipped with sales tools, product documentation, competitivecomparisons, case studies and support instructions.IntegrationAccess/One Network fits easily into existing customer installations. The network isdesigned to be fully compatible in most switching/routing environments with nospecial software, servers, or power injectors required. IWS equipment may beinstalled on ceilings and walls, mounted above the ceiling, or placed on a desktopor cubicle divider. The OWS is usually mounted on a pole, though mounting optionsare dictated by the environment.GoalOur goal is to provide easy-to-deploy products that are backed by reliable andresponsive support.

Access / One® Network171BSyslog MessagesFormatThe following format is used for all Access/One Network syslog messages:<recv-time> <code> <ip> <seqNumber:time-stamp, CloudName, subcloudName, StackId, Module, sysName, subSystem> <source> <sw-version> <syslog message>SubsystemsSyslog messages are assigned to the following subsystems:◗Wireless◗Security◗Management◗OthersElement Definitionrecv-time Time when the syslog message is received.code As defined by RFC for syslog daemons.ip Sender's IP address.seqNumber Internal sequence number (generated for all syslog messages).time-stamp Time when the message is generated.Module Module type.source Internal source information, containing event-module & event-type.sw-version Software build version numberSyslog message Format is a string of ASCII text delimited by separators.

Access / One® Network172BSeverity LevelsThe following severity levels are assigned to syslog messages (shown here indescending order from the most severe):◗EMERGENCY◗ALERT◗CRITICAL◗ERROR◗WARNING◗NOTICE◗INFORM◗DEBUGAssigning a severity level informs the system to automatically log all messages inthat level, and all messages above that level (messages below the assigned level arenot logged).Message ListingThe following tables list syslog messages by subsystem.Security SubsystemSeverity Syslog MessageALERT Telnet local authentication failed.WARNING Super user login failed, invalid character.WARNING Super user login failed, invalid password.WARNING Telnet login failed, invalid password.WARNING CLI login failed, invalid password.WARNING Telnet login failed, invalid password.

Access / One® Network173BWireless SubsystemWARNING CLI login failed, invalid password.WARNING Too many invalid login attempts.NOTICE Telnet user logged in, user:XXXXX.NOTICE CLI user logged in, user:XXXXX.NOTICE Telnet user logged out, user:XXXXX.NOTICE CLI user logged out, user:XXXXX.NOTICE Super user logged in.Severity Syslog MessageEMERGENCY Failed to start the radio.EMERGENCY AP/STA features not enabled.EMERGENCY Error while starting the module. Wireless services disabled.EMERGENCY Radio interference detected on selected channel.WARNING Backhaul key mismatch. Putting it in RESTRICTED mode,mac:xx.xx.xx.xx.xx.xx.ALERT Radius authentication failed, mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, can't find station in table, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.x.ERROR Reassociation fails, can't find station in table, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.x.ERROR Association fails, not authenticated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.Severity Syslog Message

Access / One® Network174BERROR Reassociation fails, not authenticated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, already associated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Reassociation fails, already associated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, can't authenticate during scan, ssid:ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Reassociation fails, can't authenticate during scan, ssid:ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, reason:xxxx, wlanmode:xxxx, ssid:XXXXXX, vlan:[Id=x Tag=x],mac:xx:xx:xx:xx:xx:xx.ERROR Reassociation fails, reason:xxxx, wlanmode:xxxx, ssid:XXXXXX, vlan:[Id=x Tag=x],mac:xx:xx:xx:xx:xx:xx.ERROR Bad authentication transaction sequence, number:XX, type=XXXXX, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[1] fails, can't find station in table, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[1] fails, can't authenticate in scan mode, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[3] fails, can't find station in table, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[3] done, error in Tx, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.ERROR Deauthentication requested, can't find station in table, mac:xx.xx.xx.xx.xx.xx.Severity Syslog Message

Access / One® Network175BERROR Association fails, module is not ready, mac:xx:xx:xx:xx:xx:xx.ERROR Reassociation fails, module is not ready, mac:xx:xx:xx:xx:xx:xx.WARNING Authentication[3] fails, auth:shared, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Unsupported 802.11 authentication request, auth:LEAP, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Unsupported 802.11 authentication request, auth:x(hex), wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Deauthentication fails, incorrect source, mac:xx.xx.xx.xx.xx.xx.WARNING Deauthentication fails, unknown source, mac:xx.xx.xx.xx.xx.xx.WARNING Association fails, wrong ssid, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.WARNING Reassociation fails, wrong ssid, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.WARNING NC-sel approves RESTRICTED Mode.WARNING Backhaul [mac:xx:xx:xx:xx:xx:xx] at if=XXXX is put to RESTRICTED mode.WARNING Loop is detected at if=XX. Mac:xx:xx:xx:xx:xx:xx.NOTICE NC-sel approves OPEN Mode.NOTICE Backhaul is using default cloud name. Putting it in RESTRICTED mode,mac:xx.xx.xx.xx.xx.xx.NOTICE AP has put backhaul in RESTRICTED mode.Severity Syslog Message

Access / One® Network176BNOTICE Stack ID is available, stackId:XXXXXX.NOTICE The unit/Radio x will operate as - Network Connect.NOTICE The unit/Radio x will operate as - Client Connect.NOTICE The unit/Radio x will switch to - Client Connect.NOTICE Added station, mac:xx.xx.xx.xx.xx.xx.NOTICE Deauthentication completed, mac:xx.xx.xx.xx.xx.xx.NOTICE Association with AP done, response NOT sent, wlanmode:X, ssid:XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Reassociation with AP done, response NOT sent, wlanmode:X, ssid:XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Loop is cleared at if=XX. mac:xx:xx:xx:xx:xx:xx.NOTICE WLNC link [if=XX] state is up. SSID=XX, BSSID=xx:xx:xx:xx:xx:xx:xx, Channel=XX, Wireless Mode=XXXX.NOTICE WLNC link [if=XX] state is down.NOTICE Access Point state is up.NOTICE Access Point state is downNOTICE Association done, ssid:XXXX, vlan:[Id=x Tag=x], mac:xx:xx:xx:xx:xx:xx:xx.NOTICE Reassociation done, ssid:XXXX, vlan:[Id=x Tag=x], mac:xx:xx:xx:xx:xx:xx:xx.NOTICE Disassociation done, mac:xx:xx:xx:xx:xx:xx.NOTICE Backhaul [mac:xx:xx:xx:xx:xx:xx] at if=XXXX is approved with OPEN mode.Severity Syslog Message

Access / One® Network177BManagement SubsystemNOTICE Authentication failed, type=XXX, reason=XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Authentication done, type=XXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Device will switch to Access Point.Severity Syslog MessageWARNING Fan failed.WARNING Temperature alarm on.WARNING DHCP Bind failed.WARNING Image load failed.NOTICE xx.xx.xx.xx detected rogue device [xx:xx:xx:xx:xx:xx] with RSSI [xxxx] channel [xxxx] SSID [XXXXX].NOTICE Rogue device [xx:xx:xx:xx:xx:xx] detected by xx.xx.xx.xx aged out.NOTICE Detected Rogue Device [xx:xx:xx:xx:xx:xx].NOTICE Cloud is renamed to XXXXX.NOTICE Configuration update completed.NOTICE Configuration update started.NOTICE Selected AP at if=XX, mac:xx:xx:xx:xx:xx:xx.NOTICE I am the Master NC.NOTICE Temperature alarm off.NOTICE Fan is working.Severity Syslog Message

Access / One® Network178BNOTICE Include list updated.INFORM Load image file XXXXX from XXXXXX.INFORM Image load is done.INFORM Received DHCP, IP - xx.xx.xx.xx, Gateway - xx.xx.xx.xx.Severity Syslog Message

Access / One® Network179BSupported MIBsMIBs that are supported with Access/One Network include the following:Strix Private MIBsSTRIX-PRODUCTS.mibDefine the object identifiers assigned to various Strix hardware platforms.STRIX-CONFIG-SYSTEM.mibConfiguration MIB for system wide parameters, including Usernames andPasswords, DHCP, DNS, SNTP, FTP, CoS, Trusted IPs, Syslog, and RADIUSaccounting.STRIX-CONFIG-WIFI.mibConfiguration MIB for 802.11 radio parameters, per-SSID configuration ofauthentication, keys and VLANs, Inventory list, Network Client and ClientConnect configurations.STRIX-MANAGEMENT.mibManagement MIB for taking actions, such as loading configurations, upgradingimage, rebooting the entire network, and collecting network wide report fromall devices.STRIX-INVENTORY.mibMIB to present and modify the inventory list of all modules in the network.STRIX-SYSLOG-MIB.mibMIB to present the buffered history of syslog messages generated by a module.STRIX-MONITOR.mibMIB to monitor radio status and statistics on a Wi-Fi module, and to reportVLANs, device information, and a scanned list of access points.STRIX-ROGUES.mibMIB to present a list of rogue Access Points detected by Strix modules, andreport the closest access points.

Access / One® Network180BSTRIX-ENT-TRAPS.mibList of traps that Strix devices can generate.STRIX-CONFIG-TRAPS.mibConfiguration MIB for enabling and disabling specific traps per trap manager.STRIX-ACCESSONE-CAPABILITY.mibIndicates the level of support implemented by an SNMP agent on the Access/One Network with respect to standard MIBs. Standard MIBsRFC1213-MIBIF-MIB (RFC 2233)IP-MIB (RFC 2011)TCP-MIB (RFC 2012)UDP-MIB (RFC 2013)SNMPv2-MIB (RFC 1907)IEEE802DOT11-MIBContact InformationStrix Systems is located in Calabasas, California, just 45 minutes northwest ofdowntown Los Angeles and 45 minutes southeast of Santa Barbara.Strix Systems, Inc.26610 Agoura RoadCalabasas, CA 91302Tel: 818.251.1000Fax: 818.251.1099Visit us at: http://www.strixsystems.com

Access / One® NetworkGlossary of Terms 181GLGlossary of Terms802.11aA supplement to the IEEE 802.11 wireless LAN (WLAN) specification thatdescribes transmission through the physical layer (PHY) based on orthogonalfrequency division multiplexing (OFDM), at a frequency of 5 GHz and datarates of up to 54 Mbps. See also, OFDM.802.1DThe IEEE LAN specification for remote media access control (MAC) bridging.802.11gA supplement to the IEEE 802.11 wireless LAN (WLAN) specification thatdescribes transmission through the physical layer (PHY) based on orthogonalfrequency division multiplexing (OFDM), at a frequency of 2.4 GHz and datarates of up to 54 Mbps. See also, OFDM.802.11iA supplement to the IEEE 802.11 wireless LAN (WLAN) specification forenhanced security. It describes encryption protocols such as the Temporal KeyIntegrity Protocol (TKIP) and AES Counter-Mode Cipher Block ChainingMessage Authentication Code Protocol (AES-CCMP). These protocols providereplay protection, cryptographically keyed integrity checks, and key derivationbased on the IEEE 802.1X port authentication standard. See also, TKIP.802.1QThe IEEE LAN specification for bridged virtual LANs (VLANs). See also, VLAN.802.1XThe IEEE specification for port-based network access control. The 802.1Xstandard based on the Extensible Authentication Protocol (EAP) provides anauthentication framework that supports a variety of methods for authenticatingand authorizing network access for wired or wireless users. See also, EAP.

Access / One® Network182 Glossary of TermsGL802.11xAn IEEE specification that defines wireless LAN (WLAN) data link and physicallayers. The specification includes data link layer media access control (MAC)sub-layer, and two sub-layers of the physical (PHY) layer-a frequency-hoppingspread-spectrum (FHSS). See also, FHSS.802.2IEEE specification that describes the logical link control (LLC) encapsulationcommon to all 802 series LANs.802.3An IEEE LAN specification for a Carrier Sense Multiple Access with CollisionDetection (CSMA-CD) Ethernet network. The standard describes physicalmedia. An 802.3 frame uses source and destination media access control (MAC)addresses to identify its originator and receiver(s).authenticationThe process that a station, device, or user employs to announce its identify tothe network which validates it. IEEE 802.11 specifies two forms ofauthentication: open system and shared key. See also, 802.11x andauthentication.authorizationThe process of deciding if device 'X' may use network service 'Y'. Trusteddevices (the devices that are both authenticated and authorized) are allowedaccess to network services. Unknown (not trusted) devices may require furtheruser authorization to access network services. This does not principally excludethat the authorization might be given by an application automatically.Authorization always includes authentication. See also, authentication.bandwidthSpecifies the amount of the frequency spectrum that is usable for data transfer.In other words, it identifies the maximum data rate a signal can attain on themedium without encountering significant attenuation (loss of power). See also,bit rate.

Access / One® NetworkGlossary of Terms 183GLbaud rateThe number of pulses of a signal that occur in one second. Thus, baud rate is thespeed at which digital signal pulses travel.BeaconA uniframe system packet broadcast by the AP to keep the networksynchronized. A beacon Includes the Net_ID (ESSID), the AP address, thebroadcast destination addresses, a time stamp, a DTIM (Delivery TrafficIndicator Maps) and the TIM (Traffic Indicator Message).bit rateThe transmission rate of binary symbols ('0' and '1'). Bit rate is equal to the totalnumber of bits transmitted in one second.bridgeA network component that provides inter-networking functionality at the datalink or medium access layer (Layer 2). Bridges provide segmentation and re-assembly of data frames.Cat 5(Category 5) A category of performance for inside Ethernet wiring that defines acable with eight insulated copper wires. Each pair is twisted around each otherto reduce cross talk and electromagnetic induction. Each connection on atwisted pair requires both wires. Cat5 cables are suitable for 10/100BaseTcommunication.connectivityA path for communications signals to flow through. Connectivity exists betweena pair of Nodes if the destination Node can correctly receive data from thesource Node at a specified minimum data rate.

Access / One® Network184 Glossary of TermsGLDHCP(Dynamic Host Configuration Protocol) A method for dynamically assigning IPaddresses to devices on a network. Issues IP addresses automatically within aspecified range to devices such as PCs when they are first powered up. Thedevice retains the use of the IP address for a specific license period defined bythe system administrator.EAP(Extensible Authentication Protocol) A general point-to-point protocol thatsupports multiple authentication mechanisms. Defined in RFC 2284, EAP hasbeen adopted by IEEE 802.1X as an encapsulation protocol for carryingauthentication messages in a standard message exchange between a user (clientor supplicant) and an authenticator. See also, 802.1X.EAPoL(EAP over LAN) An encapsulated form of the Extensible Authentication Protocol(EAP), defined in the IEEE 802.1X standard, that allows EAP messages to becarried directly by a LAN media access control (MAC) service between a user(client or supplicant) and an authenticator. See also, 802.1X.EAP-TLS(Extensible Authentication Protocol with Transport Layer Security) Used for802.1X authentication. EAP-TLS supports mutual authentication and uses digitalcertificates to address the mutual challenge. The authentication server respondsto a user authentication request with a server certificate. The user then replieswith its own certificate and validates the server certificate. EAP-TLS algorithmderives session encryption keys from the certificate values. The authenticationserver in turn sends the session encryption keys for a particular session to theuser after validating the user certificate. See also, authentication and EAP.encryptionAny procedure used in cryptography to translate data into a form that can bedecrypted and read only by its intended receiver.

Access / One® NetworkGlossary of Terms 185GLFHSS(Frequency-Hopping Spread-Spectrum) One of two types of spread-spectrumradio technology used in wireless LAN (WLAN) transmissions. The FHSStechnique modulates the data signal with a narrowband carrier signal that“hops” in a predictable sequence from frequency to frequency as a function oftime over a wide band of frequencies. Interference is reduced, because anarrowband interferer affects the spread-spectrum signal only if both aretransmitting at the same frequency at the same time. The transmissionfrequencies are determined by a spreading (hopping) code. The receiver mustbe set to the same hopping code and must listen to the incoming signal at theproper time and frequency to receive the signal.FTP(File Transfer Protocol) A TCP/IP based protocol for file transfer. FTP is definedby RFC 959.GMK(Group Master Key) A cryptographic key used to derive a group transient key(GTK) for the Temporal Key Integrity Protocol (TKIP) and Advanced EncryptionStandard (AES). See also, GTK and TKIP.GTK(Group Transient Key) A cryptographic key used to encrypt broadcast andmulticast packets for transmissions using the Temporal Key Integrity Protocol(TKIP) and Advanced Encryption Standard (AES). See also, TKIP.HiperLAN(High Performance Radio Local Area Network) A set of wireless LAN (WLAN)communication standards used primarily in European countries and adopted bythe European Telecommunications Standards Institute (ETSI). homologationThe process of certifying a product or specification to verify that it meetsregulatory standards.

Access / One® Network186 Glossary of TermsGLIAPP(InterAP Protocol) A protocol being developed as the 802.11f version of the IEEE802.11 wireless LAN (WLAN) specification to support interoperability, mobility,handover, and coordination among Access Points (APs). Implemented on top ofIP, IAPP uses UDP/IP and Sub-network Access Protocol (SNAP) as transferprotocols. See also, 802.11x.IAS(Internet Authentication Service) Microsoft's RADIUS server. See also, RADIUS.IGMP(Internet Group Management Protocol) An Internet protocol defined in RFC2236 used to report its multicast group membership to neighboring multicastrouters.IPsecA Layer 3 authentication and encryption protocol. Used to secure VPNs. Seealso, encryption and VPN.MAC address(Media Access Control Address) A 6-byte hexadecimal address assigned by amanufacturer to a device.master secretA code derived from the pre-master secret. A master secret is used to encryptTransport Layer Security (TLS) authentication exchanges and to derive a pair-wise master key (PMK). See also, PMK and TLS.Mbps(Megabits per second) A standard measure for data transmission speeds (forexample, the rate at which information travels over the Internet). 1 Mbpsdenotes one million bits per second.

Access / One® NetworkGlossary of Terms 187GLMD5(Message Direct algorithm 5) A one-way hashing algorithm used in manyauthentication algorithms to derive cryptographic keys. MD5 takes a message ofan arbitrary length and creates a 128-bit message digest. See also,authentication.MIB(Management Information Base) A set of parameters an SNMP managementstation can query or establish in the SNMP agent of a network device (forexample, a router). Standard minimal MIBs have been defined, and vendorsoften have their own private enterprise MIBs. In theory, any SNMP manager cantalk to any SNMP agent with a properly defined MIB. See also, SNMP andstation.MS-CHAP(Microsoft Challenge Handshake Authentication Protocol) Microsoft's extensionto CHAP. MS-CHAP is a mutual authentication protocol that also permits asingle login in a Microsoft network environment. See also, connectivity.NAT(Network Address Translation) RFC 3022 defines a way to translate globalroutable IP addresses into local and private non-routable ones.NTP(Network Time Protocol) An Internet standard protocol (built on top of TCP/IP)that ensures the accurate synchronization (to the millisecond) of computer clocktimes in a network of computers. NTP synchronizes client workstation clocks tothe U.S. Naval Observatory master clocks in Washington, D.C. and ColoradoSprings, CO. Running as a continuous background client program on acomputer, NTP sends periodic time requests to servers, obtaining server timestamps and using them to adjust the client's clock. See also, SNTP.OdysseyAn 802.1X security and access control application for wireless LANs (WLANs),developed by Funk Software, Inc. See also, 802.1X.

Access / One® Network188 Glossary of TermsGLOFDM(Orthogonal Frequency Division Multiplexing) A technique that splits a widefrequency band into a number of narrow frequency bands and sends data acrossthe sub-channels. The 802.11a and 802.11g standards are based on OFDM. Seealso, 802.11a and 802.11g.open system authenticationThe IEEE 802.11 default authentication method. The device sends anauthentication management frame containing the sender's identify in the clearto the authenticating device which sends back a clear frame alerting whether itrecognizes the identity of the requesting device. See also, 802.11x.PAN(Personal Area Network) A personal area network is used to interconnectdevices used by an individual or in their immediate proximity, including devicesthey are carrying with them and devices that are simply nearby. According tothe IEEE, PANs must be capable of supporting segments at least 10 meters inlength.PAP(Password Authentication Protocol) One of two authentication methods that ispart of PPP (CHAP is the other). PAP is a method for a device to authenticateitself with a two-way handshake. Note that PAP sends its authenticationinformation in the clear; that is, not encrypted. PAP is defined in RFC 1334.PCI devicesDevices that adhere to the Peripheral Component Interconnect/Interface.PEAP(Protected Extensible Authentication Protocol) An extension to the ExtensibleAuthentication Protocol with Transport Layer Security (EAP-TLS), developed byMicrosoft Corporation. TLS is used in PEAP Part 1 to authenticate the serveronly, and thus avoids having to distribute user certificates to every client. PEAPPart 2 performs mutual authentication between the EAP client and the server.See also, EAP-TLS and TLS.

Access / One® NetworkGlossary of Terms 189GLPKCS(Public-Key Cryptography Standards) A group of specifications produced by RSAand secure systems developers, and first published in 1991. Among many otherfeatures and functions, the standards define syntax for digital certificates,certificate signing requests and key exchanges.PKI(Public-Key Infrastructure) Software that enables users of an insecure publicnetwork such as the Internet to exchange information securely and privately. PKIuses public-key cryptography to authenticate the message sender and encryptthe message by means of a pair of cryptographic keys, one public and oneprivate. A trusted certificate authority (CA) creates both keys simultaneouslywith the same algorithm. A registration authority (RA) must verify the certificateauthority before a digital certificate is issued to a requestor. PKI uses the digitalcertificate to identify an individual or an organization. The private key is givenonly to the requesting party and is never shared, and the public key is madepublicly available (as part of the digital certificate) in a directory that all partiescan access.plenum-rated cableA type of cable approved by an independent test laboratory for installation inducts, plenums, and other air-handling spaces.PMK(Paise-wise Master Key) A code derived from a master secret and used as anencryption key for IEEE 802.11 encryption algorithms. A PMK is also used toderive a pair-wise transient key (PTK) for IEEE 802.11i robust security. See also,802.11x,802.11i and PTK.PoE(Power over Ethernet) A technology, defined in the IEEE 802.3af standard, todeliver power over the twisted-pair Ethernet data cables rather than powercords.

Access / One® Network190 Glossary of TermsGLPPTP(Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used tocreate a virtual private network (VPN) over the Internet. It uses Microsoft's Point-to-Point Encryption (MPPE), which is based on RSA's RC4. It only uses statickeys and should not be used to secure WLANs. See also, VPN.pre-master secretA key generated during the handshake process in Transport Layer Security (TLS)protocol negotiations and used to derive a master secret. See also, TLS.private keyIn cryptography, one of a pair of keys, one public and one private, that arecreated with the same algorithm for encrypting and decrypting messages anddigital signatures. The private key is provided to only the requestor and nevershared. The requestor uses the private key to decrypt text that has beenencrypted with the public key by someone else. See also, public key.PSK(Pre-Shared Key) The IEEE 802.11 term for a shared secret, also known as ashared key. See also, 802.11x and shared secret.PTK(Pair-wise Transient Key) A value derived from a pair-wise master key (PMK) andsplit into multiple encryption keys and message integrity code (MIC) keys foruse by a client and server as temporal session keys for IEEE 802.11i robustsecurity. See also, 802.11i and PMK.public keyIn cryptography, one of a pair of keys, one public and one private, that arecreated with the same algorithm for encrypting and decrypting messages anddigital signatures. The public key is made publicly available for encryption anddecryption. See also, encryption and private key.

Access / One® NetworkGlossary of Terms 191GLRADIUS(Remote Authentication Dial-In User Service) A client-server security protocoldescribed in RFC 2865 and RFC 2866. Developed to authenticate, authorize,and account for dial-up users, RADIUS has been widely extended to broadbandand enterprise networking. The RADIUS server stores user profiles, whichinclude passwords and authorization attributes. See also, authentication andauthorization.RC4(River Cipher 4) A common encryption algorithm, designed by RSA., used bythe Wired-Equivalent Privacy (WEP) protocol and Temporal Key IntegrityProtocol (TKIP). See also, TKIP and WEP.RA(Registration Authority) Network software that verifies a user (client) request fora digital certificate and instructs the certificate authority (CA) to issue thecertificate. Registration authorities are part of a public-key infrastructure (PKI),which enables secure exchanges of information over a network. The digitalcertificate contains a public key for encrypting and decrypting messages anddigital signatures. See also, PKI.roamingThe ability of a user (client) to maintain network access when moving betweenaccess points (APs).rogue APAn Access Point (AP) that is not authorized to operate within a wireless network.Rogue APs subvert security of an enterprise network by allowing potentiallyunchallenged access to the network resources by any wireless user in thephysical vicinity.rogue clientA user who is not recognized within a network, but who gains access to it byintercepting and modifying transmissions to circumvent the normalauthorization and authentication processes.

Access / One® Network192 Glossary of TermsGLRSN(Robust Security Network) A secure wireless LAN (WLAN) based on thedeveloping IEEE 802.11i standard. See also, 802.11i.shared secretA static key distributed by an out-of-band mechanism to both the sender andreceiver. Also known as a shared key or pre-shared key (PSK), a shared secret isused as input to a one-way hash algorithm. When a shared secret is used forauthentication and the hash output of both the sender and the receiver match,they share the same secret and are authenticated. A shared secret can also beused to generate encryption key. See also, PSK.SNMP(Simple Network Management Protocol) A standard protocol that regulatesnetwork management over the Internet. SNMP uses TCP/IP to communicatewith a management platform, and offers a standard set of commands that makemulti-vendor operability possible. SNMP uses a standard set of definitions,known as a MIB (Management Information Base), which can be supplementedwith enterprise-specific extensions. See also, MIB.SNTP(Simple Network Time Protocol) A a simplified version of NTP. SNTP can beused when the ultimate performance of the full NTP implementation describedin RFC 1305 is not needed or justified. See also, NTP.spread spectrumA modulation technique that spreads a signal's power over a wide band offrequencies. The main reason for the technique is that the signal is much lesssusceptible to electrical noise and interferences then other techniques.SSH(Secure SHell) A Telnet-like protocol that establishes an encrypted session.

Access / One® NetworkGlossary of Terms 193GLSSID(Service Set Identifier) The unique name shared among all devices in a wirelessLAN (WLAN).stationIn IEEE 802.11 networks, any device that contains an IEEE 802.11-compliantmedia access control and physical layers. See also, 802.11x.TKIP(Temporal Key Integrity Protocol) A wireless encryption protocol that fixes theknown problems in the Wired-Equivalent Privacy (WEP) protocol for existing802.11 products. Like WEP, TKIP uses RC4 ciphering, but adds functions suchas a 128-bit encryption key, a 48-bit initialization vector, a new messageintegrity code (MIC), and initialization vector (IV) sequencing rules to providebetter protection. See also, 802.11x and WEP.TLS(Transport Layer Security Protocol) An authentication and encryption protocolthat is the successor to the Secure Sockets Layer (SSL) protocol for privatetransmission over the Internet. Defined in RFC 2246, TLS provides mutualauthentication with non-repudiation, encryption, algorithm negotiation, securekey derivation, and message integrity checking. TLS has been adapted for use inwireless LANs (WLANs) and is used widely in IEEE 802.1X authentication. Seealso, 802.1X.TTLS(Tunneled Transport Layer Security) An Extensible Authentication Protocol (EAP)sub-protocol developed by Funk Software, Inc. for 802.1X authentication. TTLSuses a combination of certificate and password challenge and response forauthentication. The entire EAP sub-protocol exchange of attribute-value pairstakes place inside an encrypted transport layer security (TLS) tunnel. TTLSsupports authentication methods defined by EAP, as well as the older ChallengeHandshake Authentication Protocol (CHAP), Password Authentication Protocol(PAP), Microsoft CHAP (MS-CHAP), and MS-CHAPV2. Compare EAP-TLS;PEAP. See also, 802.1X,connectivity,MS-CHAP,PAP and PEAP.

Access / One® Network194 Glossary of TermsGLTunnelingA technology that enables one network to send its data via another network'sconnections. Tunneling works by encapsulating a network protocol withinpackets carried by the second network. For example, Microsoft's PPTPtechnology enables organizations to use the Internet to transmit data across aVirtual Private Network (VPN). It does this by embedding its own networkprotocol within the TCP/IP packets carried by the Internet. See also, PPTP andVPN.twisted-pair wireType of medium using metallic type conductors twisted together to provide apath for current flow. The wire in this medium is twisted in pairs to minimize theelectromagnetic interference between one pair and another.UDP(User Data Protocol) A connectionless protocol that works at the OSI transportlayer. UDP provides datagram transport but does not acknowledge their receipt.URL(Uniform Resource Locator) The standard method used for identifying thelocation of information available to the Internet.VLAN(Virtual LAN) A group of devices that communicate as a single network, eventhough they are physically located on different LAN segments. Because VLANsare based on logical rather than physical connections, they are extremelyflexible. A device that is moved to another location can remain on the sameVLAN without any hardware reconfiguration.VoIP(Voice over IP) The ability of an IP network to carry telephone voice signals as IPpackets in compliance with International Telecommunications UnionTelecommunication Standardization Sector (ITU-T) specification H.323. VoIPenables a router to transmit telephone calls and faxes over the Internet with noloss in functionality, reliability, or voice quality.

Access / One® NetworkGlossary of Terms 195GLVPN(Virtual Private Network) A virtual private network (VPN) is a way to use apublic telecommunication infrastructure, such as the Internet, to provide remoteoffices or individual users with secure access to their organization's network. AVPN works by using the shared public infrastructure while maintaining privacythrough security procedures and tunneling protocols such as the Layer TwoTunneling Protocol (L2TP). In effect, the protocols, by encrypting data at thesending end and decrypting it at the receiving end, send the data through a“tunnel” that cannot be “entered” by data that is not properly encrypted.WAN(Wide Area Network) A computer network that is geographically dispersed.Commonly, a WAN comprises two or more inter-connected LANs. The Internetis the world's largest WAN. According to the IEEE, WANs interconnect facilitiesin different parts of a country or of the world.WECAWireless Ethernet Compatibility Alliance) See also, Wi-Fi Alliance.WEP(Wired Equivalent Privacy) An optional IEEE 802.11 function that offers frametransmission privacy similar to a wired network. The Wired Equivalent Privacygenerates secret shared encryption keys that both source and destinationstations can use to alter frame bits to avoid disclosure to eavesdroppers. Seealso, 802.11x and encryption.Wi-Fi AllianceA nonprofit international association formed in 1999 to certify interoperabilityof wireless Local Area Network products based on IEEE 802.11 specification.The goal of the Wi-Fi Alliance's members is to enhance the user experiencethrough product interoperability. See also, 802.11x.WPA(W-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of theIEEE 802.11i standard, using TKIP as an encryption method and 802.1X forauthentication. See also, 802.11x,802.1X and TKIP.

Access / One® Network196 Glossary of TermsGLXML(eXtensible Markup Language) A simpler and easier-to-use subset of theStandard Generalized Markup Language (SGML), with unlimited, self-definingmarkup symbols (tags). Developed by the World Wide Web Consortium (W3C),the XML specification provides a flexible way to create common informationformats and share both the format and the data on the Internet, Intranets, andelsewhere.

Access / One® NetworkIndex 197IXNumerics802.11a 93802.11g 93Aabout this user’s guide 1access control list 103accessone.bin 36accessone_m.bin 36action status results 67action type 134actionsfactory defaults 133load firmware 134page device 135reboot 135active scanning 13advanced security 14advanced settings 97,151AES 17antenna power settings 165apply configuration 121authentication 101automatic time 89auto-sensing power supply 7Bbackground scanning 13,109beacon interval 151BIN files 36browser 26BSSID information 163Ccautions 3channel coordination 22channel list 22channel selector 149class of service 81,142Client Connect 16,98,152privacy 105privacy tags 139client limits 147client query 22commandsFirmware Updates 37,41Load Firmware on Network 38Load Firmware/Configuration 42Reboot 4Subnet 4Reboot Network 4,39View Action Status 39common terms 3Configure function 71,136contact information 180contacting Strix 165,169copyright notice 3Cos 20CSV 115Index

Access / One® Network198 IndexIXDdata input 64data rate 147,148data trust level 110date and time 88,143daylight saving time 89default gateway 78deployment 8details pane 38device information 161DHCP server 23options 24DNS server 79DTIM 151dual radio 18dynamic operation 14Eelevation 138encryption 14,17,101Ethernet segments 20explosive device proximity 7exporting CSV 115Ff42factory defaults 19,133file name 144file type 134file version 134firmwaredownloading 36updating 35firmware updates 91,143fragment length 151frequency 147FTP aggressiveness 37FTP server 23,25,35,37,41,69Ggeneral 73,139getting started 23glossary of terms 181GPS positioning 19Hhardware specifications 22host network requirements 23DHCP server 23FTP server 23,25Internet browser 26Iimage files 36Indoor Wireless System 6inputting data 64integration 170intelligent network 11Internet browser 26introduction 1intuitive mouse-over 18,64inventory 12,40inventory control 19Inventory function 113IP settings 141IWS 6,18Llatitude 137launching Manager/One 29

Access / One® NetworkIndex 199IXlightning protection 18load firmware 134load firmware on network 68logical mesh view 19long distances 147longitude 138MManage function 65,132Management Information Base 20Manager/One 18accessing for the first time 31an overview 43auto-discovered 63choice of layouts 45commands 60details pane 56exporting inventory 63factory default 62general layout 44icon view 49installing 27intuitive mouse-over 18inventory 63launching 29legends 61list view 49logical mesh view 19logical view 47legend 52node registers 54panning 53zooming 53management tools 55mesh view 47monitors 19multi-view 19node status 57plug-in 27refresh 62segment view 19,48switching between layouts 46tabbed pages 58toolbar 58tools 18,50utility pane 29managing a subnet 125managing modules 131managing nodes 125managing the network 65manual organization 1manual time 90master 15Master Network Server 15,40master network server 80mesh 9structured 9topology 9mesh view 19metro scenario 5MIB 20mobility 15module name 137modulesmanaging 131Monitor function 116,155monitors 19AP 116Network Connect 118Rogue 120

Access / One® Network200 IndexIXWireless Client Query 119mouse-over 18,64multi-version environment 35NNetwork Connect 17,106,153network management 15,65,73,139general 139SNMP 140network name 137network scenariosmetro 5transportation 10Network Server 14network topology 79node commandsupdate network membership 129update node names 128notes 3notices 6European Community 6Industry Canada 6non-modification 6RF exposure 6VCCI 6NTPsetting up 33Windows 2000 33Ooperating environment 91,143operating mode 146organization 1Outdoor Wireless System 7output power 147,148overviewsadvanced security 14background scanning 13benefits 18client connect 16dynamic operation 14features 18Indoor Wireless System 6master network server 15mesh topology 9network connect 17network intelligence 11network management 15network servers 14Outdoor Wireless System 7remote subnets 16rogue devices 13self-discovery 12self-healing 12self-tuning 12technology 18traffic prioritization 15wireless workgroups 17OWS 7,18Ppage 30page device 135partner login 36partnerstools 170training 170password 138encryption 138peer selection 107

Access / One® NetworkIndex 201IXping 30PoE 20power 147,148power settings 165power supply 7Power-over-Eternet 20printing an inventory 114prioritising traffic 15priority assignment 169Priority/One 20,81,142product images 4protection mode 95,149protection rate 150protection type 150Rradio parameters 92,145radio statistics 157RADIUS accounting 21,84,142reboot 135reboot network 68rebooting 4registry editor 33remote management 20remote network server 70exclude 70include 70remote subnets 122communicating between 16reports 156radio statistics 157SSID list 160VLAN list 160wireless client monitor 159wireless neighbors 158roaming 15rogue devices 13,14triangulation 13Rogue Devices function 162scan 162rogue scan 111,154round trip delay 153RTD 153RTS/CTS threshold 151Ssafety warnings 7sample network 4scan 162security 14security key 102,109security mode 101segment view 19self-discovery 12self-healing 12self-tuning 12,108short slot 96,150short slot preamble 150short slot time 150slave 15SmartSelect 147SNMP 75,140SNTP 89specifications 22SSID 21,99SSID list 160static network server 80structured mesh 9subnet commands 127load firmware 127

Access / One® Network202 IndexIXreboot 127subnet management 125Super G 22support 165,169symbols used in this guide 3Syslog 85syslog 21,142system 71,136network management 139TCP/IP settings 141user login 137system and security 19Ethernet segments 20factory defaults 19GPS positioning 19inventory control 19network server 20PoE 20Power-over-Ethernet 20Priority/One 20RADIUS accounting 21remote management 20syslog 21system logging 21system and securityzero configuration21system logging 21Ttarget MAC address 153TCP/IP 78TCP/IP settings 141technical support 165,169Telnet 30time zone 88TKIP 21topology 79traffic prioritization 15transfer system files 69transmit power 94,147,148,165transportation scenario 10traps 76trusted IP addresses 77,141trusted mode 77UUltrawideband 6update network membership 69,129update node names 68,128updating firmware 35module 41network 37user login 72,137user mobility 15user name 138utility pane 29options 30Vview action status 39,66results 67Virtual Private Network 14Virtual/Strix 98VirtualStrix 21VLAN 21VLAN list 160VLAN security 100VPN 14

Access / One® NetworkIndex 203IXWwarnings 7,3antenna placement 8battery 8electrical power 7general safety 7grounding the unit 8lightning activity 7warranty 169welcome 5WEP 21why choose Access/One Network 8Wi-Fi 144radio parameters 145Windows 2000 33wireless 22channel coordination 22channel list 22client query 22Super G 22WLAN associations 22wireless client monitor 159wireless mode 146wireless neighbors 158Wireless Workgroups 17WLAN associations 22WPA 21Zzero configuration 21

Access / One® Network204 IndexIX