Strix Systems OWS2430-90 802.11 a/b/g 4.9 GHz Wireless, Mesh Access Point User Manual accessone userguide

Strix Systems, Inc. 802.11 a/b/g 4.9 GHz Wireless, Mesh Access Point accessone userguide

UserManual.wiki >

Strix Systems >

OWS2430-90 User Manual >

User Manual Part 3 of 5 HTML Version

User Manual Part 3 of 5

Access / One® Network

Managing the Network 73

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Network Management

General

This command allows you to define the level of security for the various management

interface options used to manage your Access/One Network, and provides options

for enabling or disabling SNMP Management and FTP server functionality.

Figure 56. General Management Interface Security

The following options are available with this command:

◗Shell

Choose Clear & Secure to allow network management via an unsecured

Telnet connection and a Secure SHell (SSH) connection, or choose Secure

Only to restrict management to an SSH connection only. Alternatively, you

can choose None to prevent access from either option.

Access / One® Network

74 Managing the Network

If you are allowing access via Telnet or SSH, enter a value—in seconds—in

the Shell Timeout field to define how long the connection will remain open

during idle periods. Setting the shell timeout value to 0 (zero) will disable the

timer and keep the session open, even when idle.

◗Web

Choose Clear & Secure to allow network management from your Web

browser via HTTP (clear) and HTTPS (secure), or choose Secure Only to

restrict management via a secure HTTPS connection only. Alternatively, you

can choose None to prevent all Web management access.

◗CIMS (Cloud Infrastructure Management System)

Choose Clear & Secure to allow network management via CIMS, where

security levels are controlled automatically. Alternatively, you can define the

security level manually by choosing Secure Only or Clear Only.

◗SNMP Management

Check this box to enable network management via an SNMP (Simple

Network Management Protocol) management console. Your Access/One

Network supports the 802.11 MIB (Management Information Base), as well as

Strix proprietary MIBs. Any MIB I or MIB II compliant SNMP management

console (such as CiscoWorks or HP OpenView) can be used to manage your

network remotely.

◗FTP Server

Check this box to enable FTP server functionality (this box must be checked if

you want to update your firmware or transfer system configuration files).

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

Managing the Network 75

SNMP

This command allows you to define the SNMP Communities, the SNMP System, and

any specific SNMP Trap Managers. With SNMP enabled and the settings on this

page defined, your Access/One Network will support most common SNMP

management consoles.

The system also supports Syslog (System Logging) via an SNMP manager (in parallel

with basic Syslog services) where Syslog text information is encoded in an SNMP

trap message and presented to the operator.

SNMP (Simple Network Management Protocol is a standard protocol that regulates

network management over the Internet. SNMP uses TCP/IP to communicate with a

management platform, and offers a standard set of commands that make multi-

vendor operability possible. SNMP uses a standard set of definitions, known as a

MIB (Management Information Base), which can be supplemented with Enterprise-

specific extensions. Strix provides its own proprietary MIBs. For more information

about Strix MIBs, contact Strix technical support.

Figure 57. Configuring Access/One Network for SNMP

Access / One® Network

76 Managing the Network

The following options are available with this command:

◗SNMP Communities

Enter your GET Community (read), SET Community (write) and TRAP

Community in the corresponding fields. The defaults for these fields are:

•GET Community: public

•SET Community: netman

•TRAP Community: public

◗SNMP System

Enter the Contact and Location information for the person managing your

Access/One Network.

◗SNMP Trap Managers

Enter a valid IP address for any SNMP Trap Manager you intend to use. The

SNMP Trap Manager you choose must be enabled, so ensure that the

appropriate box is checked. If you have multiple SNMP Trap Managers

assigned, you can delete a manager by clicking on the X icon associated with

each manager.

◗Traps

Choose Open to expand the primary

elements of the SNMP Trap Manager tree.

From here you can make management

selections by checking (or unchecking)

the appropriate check boxes. When

finished making your selections, choose

Close to collapse the tree.

After inputting data (or making selections), click

on the Update button to update this page, then

click on the Apply Configuration tab to

propagate your changes across the network. If

necessary, you can click on the factory default

(FD) button in the toolbar to reset all data on this

page to its factory default state.

Figure 58. Managing Traps

Access / One® Network

Managing the Network 77

Trusted IP Addresses

This command allows you to enable or disable the Trusted Mode and assign specific

trusted IP addresses. When this mode is enabled, only addresses assigned here will

be trusted by the network for management at any network module.

Figure 59. Assigning Trusted IP Addresses

The following options are available with this command:

◗Trusted Mode

You can only enable this option if you have added at least one trusted IP

address. Once a trusted IP has been added, check this box to enable the

trusted mode (or uncheck the box if you want to disable this feature).

◗IP Address

You must add at least one IP address if you want to enable the trusted mode

feature. To add an address, simply enter a valid IP address in this field then

click on the Add button (the new address is listed below this field). You can

add as many trusted IP addresses as you want. To delete an address, click on

the X icon alongside the address, then confirm your request at the pop-up

dialog. However, if you have only one trusted IP address listed, you cannot

delete the address if the trusted mode is enabled—you must disable the

trusted mode before attempting to delete a sole trusted IP address.

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

78 Managing the Network

TCP/IP Settings

This command allows you to specify whether Access/One will obtain the Default

Gateway and DNS IP addresses automatically, or use pre-configured static IP

addresses.

Figure 60. TCP/IP Settings

The following options are available with this command:

◗Default Gateway

The system is set up to use DHCP (Dynamic Host Configuration Protocol) to

obtain the default gateway IP address automatically (default).

When using wireless uplinks between nodes, Access/One

Network’s self-tuning feature requires that a default gateway and/

or DNS is specified to determine delays to the host Ethernet.

When DHCP is used across the network (default), specifying

both of these will satisfy this requirement.

Access / One® Network

Managing the Network 79

◗DNS Server

Choose whether you want the system to use DHCP to obtain the DNS IP

address automatically (default), or use a pre-configured static IP address. If

you choose the latter option, enter IP addresses for the primary and

secondary (if any) DNS server. DNS is used by your Access/One Network

modules to lookup the names of various servers (for example, the RADIUS

and FTP servers). You must specify a Domain Name when static IP addresses

are used. This has the effect of appending the Domain Name to non-fully

qualified address requests (for example, the FTP server host name configured

as FTP123 will become FTP123.yourdomain.com).

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Network Topology

This command allows you to define whether your Access/One Network will obtain

its Master Network Server IP address automatically or use a pre-configured static IP

address. It also provides you with the option of defining any static network servers.

Figure 61. Network Topology

Access / One® Network

80 Managing the Network

The following options are available with this command:

◗Master Network Server Configuration

Establishing a master/slave relationship between network servers facilitates

efficient Wide Area Network management by reducing the amount of traffic

between two subnets on the same network, as well as providing a single

network server responsible for all Strix devices within its subnet. This feature

enables a Master Network Server to be statically or dynamically assigned for

every subnet (even within the same network), which Manager/One users are

redirected to if they try to log into a non-Master Network Server.

The Master Network Server supports SNTP (Simple Network Time Protocol)

and is responsible for sending out the correct clock for the subnet as part of

the CIMS protocol. In this way, only the Master Network Server need derive

the clock from an independent stratum 1 or 2 clock source. If the Master

Network Server fails, your Access/One Network quickly detects the failure, at

which point the network server with the next lowest IP address assumes the

role of master. In this case, when the failed Master Network Server comes

back online, it immediately re-establishes its role as master.

Choose whether you want the system to obtain the Master Network Server IP

address automatically (default), or use a pre-configured static IP address. If

you choose the latter option, enter a valid IP address in the appropriate field.

◗Static Network Servers

Static network servers are added to bond subnets together, allowing you to

configure and manage multiple subnets. You do this by starting with one

subnet and adding the Master Network Server IP addresses of other subnets to

tie them together.

Enter the IP address of a network server module on another subnet (the

default subnet mask is 255.255.255.255), then click on the Update button. to

add the server to a list. If you enter multiple static network servers, you must

click on the Update button after each entry for your changes to take effect.

To delete a static network server’s IP address, simply click on the X icon

alongside the address.

Access / One® Network

Managing the Network 81

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Priority/One - Class of Service

This command allows you enable and define Class of Service (CoS) filters to

prioritize traffic throughout your Access/One Network. Supported filters include:

◗VLAN

◗IP TOS (Type of Service)

◗IP Protocol

CoS filters establish separate queues for different priority streams based on the filters

you define here. Data streams are then serviced according to their priority. In

addition, this command allows you to enable or disable the SpectraLink® Voice

Support feature.

Figure 62. Priority/One

The following options are available with this command:

◗COS Global

Check the COS Prioritization box to enable COS filtering across the network,

or uncheck the box to disable the COS filtering functionality.

Access / One® Network

82 Managing the Network

◗Spectralink Voice Support

Check the SpectraLink Radio Protocol box to enable the SpectraLink Voice

Support feature across the network. This feature gives a controlled preference

to voice packets over data packets, ensuring that all voice packets are

transmitted efficiently. Access/One Network prioritizes SpectraLink voice

traffic over user data traffic.

◗Configured COS Priority Filter List

If you want to add a specific COS filter, click on the Add COS Filter button to

display the COS Filter Management window. From here, you can add Class of

Service filters and establish priorities for each class.

Figure 63. Adding COS Filters

For each COS filter you add, you must click on the Update button to apply

the change—you can only add one filter at a time. Each time you add a COS

filter, Manager/One returns you to the main Priority/One page where you will

see the new filter appended to a list. The list appears immediately under the

Add COS Filter button.

Access / One® Network

Managing the Network 83

To edit or delete an assigned filter that appears in the list, click on the filter to

generate the COS Filter Priority Settings window. From here you can edit or

delete filters. To delete a filter, click on the X icon next to the filter in this

window.

Figure 64. Editing or Deleting COS Filters

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Click here to delete

Access / One® Network

84 Managing the Network

Radius Accounting

Through a wireless interface, your Access/One Network supports RFC 2866

standard RADIUS (Remote Authentication Dial-In User Service) accounting,

allowing customers with existing RAS Radius-parsing scripts/tools to leverage their

investment as well as customize their tools to extract all available statistical

information. This command allows you to configure up to two RADIUS accounting

servers, set up an authorization port, and establish a secret key.

Figure 65. Setting Up RADIUS Accounting Servers

The following options are available with this command:

◗Server 1 (IP Address or Name)

Enter a valid IP address or name for Server 1.

◗Server 2 (IP Address or Name)

If you require a second (backup) server, enter a valid IP address or name for

Server 2. Server 2 is only used if Server 1 becomes unavailable.

◗Port

Enter the authorization port for the primary RADIUS server (Server 1) in this

field. This is the port the system uses when authorizing users.

Access / One® Network

Managing the Network 85

◗Secret

Enter a secret key in this field for the primary RADIUS server. During the

authentication process, the server and client exchange secret keys. The secret

keys must match for communication between the server and the client to

continue. The secret key is a valuable and necessary security measure.

◗Secret Confirm

Confirm your secret key in this field.

◗Checkpoint Interval

Check this box to enable a checkpoint interval, or uncheck this box to disable

this feature.

◗Send Every

Once an interval time (in minutes) is established in this field, the reporting

module will send interim reports for each wireless device associated to it at

this interval period.

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Syslog

Access/One Network offers comprehensive Syslog (system logging) functionality,

including the ability to monitor Syslog events. Logged events can be sent to multiple

Syslog servers, though using more than one server can impact the system’s

performance. This command allows you to:

◗Define your Syslog configuration parameters.

◗Assign the Syslog (system logging) server IP address.

◗Define the event logging destination (Command Line Interface, SNMP Syslog

MIB, or a defined Syslog server IP address).

◗Establish the reporting level for each Access/One Network function (security,

wireless, management, and other).

Access / One® Network

86 Managing the Network

To access the Syslog window, choose Syslog from the System pull-down menu in the

Configure function.

Figure 66. Configuring Access/One Network for Syslog

The following options are available with this command:

◗Syslog Configuration

This category allows you to define the Maximum Message Length, where the

character length of Syslog messages will be restricted to the number you

define here. In addition, you can enable/disable the Detailed Format feature

which determines the level of detail reported in each message, and also

enable a feature that forces the system to Replace Spaces with Underscores in

messages.

Server IP Address added here

Reporting Levels

Access / One® Network

Managing the Network 87

◗Syslog Management

Enter a valid IP address for the Syslog server, then click on the Add button to

add this server to the list of available Syslog destinations. You can add

additional servers, but assigning multiple servers may degrade the system’s

performance. Once you’ve assigned the server(s), choose the destination for

your event logging (CLI, SNMP Syslog MIB, and/or the Syslog server you

assigned). The destination(s) you choose must be enabled, so ensure that the

appropriate box is checked. If you have multiple IP addresses assigned, you

can delete an IP address by clicking on the X icon next to the IP address.

◗Syslog CLI Subsystem

Select the reporting level for each function (security, wireless, management,

and other) from the corresponding pull-down list. Your available choices are:

•none

•emergency

•alert

•critical

•error

•warning

•notice

•inform

•all

If you select all from the pull-down list, this will include the debug level. The

debug level will significantly increase (almost double) the number of Syslog

messages that are returned and significantly degrade performance. The debug

level should not be used for routine Syslog monitoring. For more information

about Syslog messages, see “Syslog Messages” on page 177.

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

88 Managing the Network

Date and Time

This command allows you to set the time zone, define daylight saving parameters,

and choose between automatic time and manual time.

Figure 67. Establishing the Correct Date and Time for Your Environment

The following options are available with this command:

◗Time Zone

Select the time zone from the pull-down list that applies to the geographic

location where your Access/One Network is operating. The default time zone

is Greenwich Mean Time (GMT).

Figure 68. Time Zones

Access / One® Network

Managing the Network 89

◗Daylight Saving Time

This option allows you to configure the Daylight Saving Time for your chosen

time zone. Click on the Set Daylight Saving Time button to reveal the

configuration window.

Figure 69. Configuring Daylight Saving Time

Choose the month, week, day and year from the available pull-down menus

for both the Starting Time and Ending Time to establish your daylight saving

time. To apply your selections, click on the Update button in the Set Daylight

Saving Time window (not the Update button on the main page). To remove all

daylight saving time settings, simply click on the Remove button. You can

also close this window without making changes (or even after making

changes) by clicking on the Cancel button.

◗Date and Time

This option allows you to choose between Automatic Time and Manual time

settings:

•Automatic Time (SNTP)

SNTP (Simple Network Time Protocol) is an adaptation of the Network

Time Protocol (NTP), used to synchronize computer clocks within the

Internet. SNTP can operate in both unicast modes (point-to-point) and

broadcast modes (point-to-multipoint). It can also operate in IP multicast

mode where this service is available. If you selected Automatic Time

(SNTP), you must choose whether you want the system to use DHCP to

obtain the SNTP Server IP address automatically, or use a pre-configured

static IP address. If you select the latter option, you must enter a valid IP

address in the SNTP Server IP Address field.

Access / One® Network

90 Managing the Network

With the Automatic Time (SNTP) option selected, the master network

server transmits time/date synchronization packets periodically to Strix

devices using the Strix Time Distribution (STD) protocol. Stack controllers

use STD to adjust their own time and date. Time and date information is

distributed in Greenwich Mean Time (GMT), allowing each device to

adjust for its own time zone. This allows Access/One Network to span

large geographic areas while maintaining time coherence.

If SNTP is configured at the network level, the master network server will

proxy the SNTP time requests on behalf of your entire Access/One

Network. The master network server effectively queries the SNTP server

periodically and adjusts its own time/date accordingly. STD time/date

information is then sent to all Strix devices on the network. If the master

network server fails (for any reason), all Strix devices will then query the

SNTP server individually.

•Manual Time

Choose this option if you want to set the date and time manually. To do

this, simply make your selections from the pull-down menus provided for

hour, minute, AM/PM, month and year, then click on the day of the

month on the calendar provided.

Figure 70. Setting Manual Time

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

Managing the Network 91

Operating Environment

This command is applicable to the IWS only. It displays the Fan Setting window and

allows you to choose between a Low, Normal (Indoor) and Outdoor speed setting

for the node’s cooling fan. Choose Normal if the affected node is to be installed in

an environment with a regulated temperature, otherwise choose High if the

operating environment is uncontrolled and prone to fluctuating temperatures and/or

humidity. Generally, the Normal setting is used for indoor applications while the

High setting is used for outdoor applications. Only use the Low setting for nodes

with single radio configurations.

Figure 71. Setting the Cooling Fan Speed

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Firmware Updates

This command allows you to set FTP parameters at the network level so that your

Access/One Network knows where to find the new firmware (BIN) files. Procedural

information for updating your Access/One Network’s firmware has already been

covered in “Updating Firmware Across the Network” on page 37.

If you are uncertain about your FTP server’s configuration parameters, consult with

your network administrator.

Access / One® Network

92 Managing the Network

Wi-Fi

This area of Manager/One contains the primary configuration commands for your

Access/One Network in the Wi-Fi environment. Any commands executed here are

applied to all wireless modules, so make sure the changes you initiate are changes

that you want to apply to the entire network, otherwise go to “Managing Subnets

and Nodes” on page 127 or “Managing Modules” on page 133.

General

This command allows you to define your Access/One Network’s general radio

parameters for 4.9 GHz Public safety, 802.11a and 802.11g radios. These radio

parameters are applied across the entire network. If you want to set up the radio

parameters for a specific wireless module, go to “Radio Parameters” on page 147.

Figure 72. Setting Up General Radio Parameters

Access / One® Network

Managing the Network 93

◗Allow Association Over Long Distances (25 miles/40 km)

This option allows you to set a distance (up to 25 miles or 40 kilometers) for

wireless associations over long distances (the default is 3 miles). Be aware

that changing the distance here will affect all wireless modules. We

recommend setting this value at the module level. For example, if you have a

single 10 mile link and many shorter links setting this value to 10 miles will

affect all links and slow down the network.

◗Frequency/Rate/Power

•Transmit Power

This option allows you to select the level of transmit power from the

choices available in the pull-down list (either Full, Half, Quarter, One

Eighth, or Minimum). You can decrease the transmit power to decrease

the range of the wireless modules in your Access/One Network. The

default value for this parameter is Full (maximum power).

Depending on the selected antenna(s) for your application—especially

relevant to the OWS—it may be necessary to configure the transmit

power. It is the installer's responsibility to ensure that the transmit power

is set correctly for the chosen antenna(s). Operation in a manner other

than is represented in this document is a violation of FCC rules.

For a complete listing of the maximum power settings allowed for

antennas, go to “Power Settings for Antennas” on page 167.

◗Advanced Settings

These advanced settings are preconfigured with the optimum settings for your

Access/One Network. Changing any of these settings may negatively affect

the network’s performance. For best results, leave these settings at their

default values.

•Beacon Interval

The beacon is a uniframe system packet broadcast by the AP to keep the

network synchronized. Enter a value in this field between 20 and 1000

(milliseconds) that specifies the beacon interval. The default value is 100.

Access / One® Network

94 Managing the Network

•Delivery Traffic Indication Message (DTIM Period)

Enter a value between 1 and 255 that specifies the Delivery Traffic

Indication Message (DTIM). Increasing this interval allows the station to

sleep for longer periods of time resulting in power savings (in exchange

for some degradation in performance). The default value is 1.

•Fragment Length

Enter a value between 256 and 2346. This setting determines the size of

the wireless frame. Wireless frames are reassembled by your Access/One

Network wireless modules before being forwarded to the Ethernet port,

but only if the frame is smaller than the Ethernet MTU (1536 bytes). The

default value is 2346.

•RTS/CTS Threshold

This is a value that determines at what frame length the RTS-CTS function

is triggered. By default, the threshold is set at its highest value. A lower

value means that the RTS-CTS function is triggered for smaller frame

lengths. A lower threshold value may be necessary in environments with

excessive signal noise or hidden nodes, but may result in some

performance degradation. Enter a value between 256 and 2346 to specify

the RTS/CTS threshold. The default value is 2346.

Access / One® Network

Managing the Network 95

Radio Parameters

This command allows you to define your Access/One Network’s radio parameters

for all 4.9 GHz Public Safety, 802.11a and 802.11g radios. If you want to set up the

radio parameters for a specific wireless module, go to “Radio Parameters” on

page 147.

Figure 73 shows an example of the Radio Parameters configuration page for 802.11a

radios operating in the 5.250 GHz to 5.350 GHz, 5.470 GHz to 5.725 GHz, and

5.745 GHz to 5.825 GHz wireless bands.

Figure 73. 802.11a Radio Parameters

Access / One® Network

96 Managing the Network

Figure 74 shows an example of the Radio Parameters configuration page for 802.11g

radios operating in the 2.400 GHz to 2.4835 GHz wireless band.

Figure 74. 802.11g Radio Parameters (2.400 GHz to 2.4835 GHz)

Access / One® Network

Managing the Network 97

Figure 75 shows an example of the Radio Parameters configuration page for radios

operating in the 4.940 GHz to 4.990 GHz wireless band.

Figure 75. Public Safety Radio Parameters (4.940 GHz to 4.990 GHz)

802.11a Radio Parameters at the Network Level

The following options are available with the Radio Parameters command for all

802.11a radios at the network level:

◗802.11a Radios Wireless Mode

This option is not configurable at the network level. If you want to set up the

wireless mode for a specific 802.11a wireless module, go to “Radio

Parameters” on page 147.

◗Maximum 802.11a Clients

This option allows you to restrict the number of 802.11a clients that can

associate with each 802.11a access point. The default is 128. Setting this field

to 0 (zero) prevents all 802.11a client access.

◗802.11a Channel Selector

These options extend the range of 802.11a wireless capability by allowing

you to select 802.11a wireless channels. Check the corresponding box to

enable an 802.11a channel of your choice.

Access / One® Network

98 Managing the Network

802.11g Radio Parameters at the Network Level

The following options are available with the Radio Parameters command for all

802.11g radios at the network level:

◗802.11g Radios Wireless Mode

This option allows you to select the 802.11g wireless mode from the options

available in the corresponding pull-down list, including:

•802.11g: This is the default standard 802.11g wireless mode.

•802.11g Only (No 802.11b): This mode restricts the radio to the 802.11g

wireless mode only and does not allow 802.11b compatibility.

•802.11b Only (No 802.11g): This mode restricts the radio to the 802.11b

wireless mode only and does not allow 802.11g compatibility.

◗Maximum 802.11g Clients

This option allows you to restrict the number of 802.11g clients that can

associate with each 802.11g access point. The default is 128. Setting this field

to 0 (zero) prevents all 802.11g client access.

◗802.11g Channel Selector

These options extend the range of 802.11g wireless capability by allowing

you to select 802.11g wireless channels. Check the corresponding box to

enable an 802.11g channel of your choice.

◗802.11g (only)

These options allow you to set up how your 802.11g wireless modules

perform on the network (not applicable to 802.11a radios). Options that are

specific to 802.11g radios include:

Access / One® Network

Managing the Network 99

•Protection Mode

This is a mechanism to let 802.11g devices know when they should use

modulation techniques to communicate with another 802.11b device,

especially in wireless networks where there is a mixed environment that

has 802.11g and 802.11b clients (and the clients are hidden from each

other. The protection mode options include the following:

–None

This assumes there are no wireless stations using 802.11b (11 Mbps)

technology. If operating in a mixed 802.11b/g network with minimal

802.11b traffic, choose this option to ensure the best performance for

your 802.11g stations.

–Always

Protects 802.11b traffic from colliding with 802.11g traffic. This

mode is not recommended, especially if only a few wireless stations

are operating with 802.11b. Only use this mode in environments

with heavy 802.11b traffic or where there is interference.

–Auto

This is the default mode and will enable protection for 802.11g

stations if your Access/One Network finds an 802.11b client. In this

mode, if the 802.11b client leaves the network the protection mode

will revert to None automatically.

•Protection Rate

Sets the data rate at which the RTS-CTS (Request-to-Send and Clear-to-

Send) packets are sent (either 1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps).

The 11 Mbps data rate is the default.

Access / One® Network

100 Managing the Network

•Protection Type

This option is only relevant when the Protection Mode is on. The options

here are CTS-only or RTS-CTS. With CTS-only, the client is not required

to send an RTS (Request-to-Send) to the AP. As long as the client receives

a CTS (Clear-to-Send) frame from the AP then the client is free to send

data. With the RTS-CTS option enabled, the client is required to send an

RTS to the AP and wait for a CTS from the AP before it can send data (this

option creates additional overhead and can cause performance

degradation). The default is CTS-only.

•Short Slot Time

802.11g defines the long slot time as 20 microseconds and a short slot

time as 9 microseconds. 802.11b only supports the long slot time of 20

microseconds. In an environment with 802.11g devices only, this option

(Short Slot Time) must be enabled for better performance—giving

precedence to 802.11g traffic. Only disable this option in mixed

(802.11b and 802.11g) environments. The default is enabled.

•Short Preamble

Short slot preamble improves network efficiency by reducing the

preamble from 128 bits to 56 bits. 802.11g is required to support both

short and long preambles (802.11b support for a short preamble is

optional). If this option is enabled, any 802.11b clients associated with

the network must support a short preamble. The default for this option is

enabled.

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

Managing the Network 101

Client Connect

Client Connect (Virtual/Strix) is the system topology that enables your Access/One

Network to support and provide access to client devices using most wireless

technologies, including 802.11a or 802.11g. With Client Connect you can

customize each network node to support the wireless technologies you need in the

locations you need them. Any mix of these technologies can be supported within a

single node or across the entire Access/One Network.

This command allows you to define your Client Connect parameters. The following

graphic shows the Client Connect window set to its default values.

Figure 76. Client Connect (Virtual/Strix)

Access / One® Network

102 Managing the Network

The following options are available with this command:

◗SSID

An SSID (Service Set Identifier) is a unique name shared among all devices in

a wireless network. Choose the network (SSID) or choose Add /Remove SSIDs

from the pull-down list. If you add an SSID, the new SSID can be up to 32

alphanumeric characters and the characters are case-sensitive. In addition to

adding and/or deleting SSIDs, this option allows you to edit an existing SSID

name.

•Choosing an Existing SSID

To choose an existing SSID, simply select it from the pull-down list.

•Editing the Name of an Existing SSID

To edit the name of an existing SSID, choose an SSID from the pull-down

list then click on the Edit SSID Name button. The SSID name is now

editable and you can change it by over-typing on the existing name. If

you do this, you must click on the Update button to apply your change.

•Creating a New SSID

To create a new SSID, choose Add/Remove SSIDs from the pull-down list

to reveal the Add/Remove SSID window.

Figure 77. Adding an SSID

Enter a name for the new SSID in the SSID field. Check the Suppress SSID

box if you want to prevent the broadcast of this SSID in beacons from all

wireless modules in your Access/One Network (recommended).

Access / One® Network

Managing the Network 103

Choose whether the new SSID should be tagged or untagged. However,

there can be only one untagged SSID in the SSID table (the default SSID

is always untagged). From this window you also have the option of

assigning VLAN Security to the new SSID. When you have completed all

data input for the creation of your new SSID, click on the Add SSID

button. The new SSID is added to the list and will appear in the pull-

down list in the main Client Connect window.

•Deleting an SSID

To delete an existing SSID, simply click on the X icon next to the SSID

you want to delete.

Figure 78. Deleting an SSID

◗SSID Client Limits

Enter a value (up to 128) in the Maximum Clients per SSID field. The default

is 128. If you enter a value of 0 (zero) you will effectively prevent all user

access, with the exception of any Strix Network Connect devices.

◗VLAN Security

You can now associate a tagged or untagged VLAN with the selected SSID. If

you define a tagged VLAN, you must assign a priority to it. The acceptable

range for priorities is between 0 and 7, and the priority is chosen from the

pull-down list. The lower the priority level you assign, the higher the priority

will be given by a VLAN-aware Ethernet switch. Access/One Network does

not support these priority levels as a queuing mechanism and ignores them

while the frame is in transit through the network. The VLAN mechanism

applies strictly to wireless stations. All devices on your Access/One Network

generate only untagged traffic.

Click here to delete this SSID

Access / One® Network

104 Managing the Network

◗Client Connect Security Mode

This option allows you to establish the authentication and encryption security

modes for Client Connects. These include:

•Authentication

–Open: Used for local authentication.

–Shared Key: This option is not currently supported.

–Dynamic Key (802.1X): With this option, the RADIUS server gives a

key to each user for unicast traffic. Multicast traffic uses the default

key.

–WPA-PSK: With this option, the WPA (Wi-Fi Protected Access)

standard uses a Pre-Shared Key (PSK) mode that does not require the

RADIUS infrastructure.

–WPA: This option provides WPA, a subset of the 802.11i standard

that boosts the original static WEP security by mandating 802.1x

remote authentication.

•Encryption

–Clear: Available for Open or Dynamic authentication. Messages will

be sent unencrypted between user devices and your Access/One

Network nodes.

–WEP: Wired Equivalency Privacy (WEP) is a security protocol for

WLAN. It encrypts data using an RC4 stream cipher of 64, 128 or

152 bits.

–AES: Advanced Encryption Standard (AES) encrypts data using a

symmetric 152 bit data block, and is generally considered the most

secure option available.

–TKIP: The Temporal Key Integrity Protocol (TKIP) is part of the IEEE

802.11i encryption standard for wireless LANs, providing per-packet

key mixing, a message integrity check and a re-keying mechanism.

–Auto Negotiate: With this option, the encryption mode will be

negotiated in real time between the participating devices, allowing

the simultaneous use of AES and TKIP.

Access / One® Network

Managing the Network 105

Select the desired Authentication and Encryption modes from the available

options. If you choose Dynamic (802.1x) or WPA authentication, you must

configure the RADIUS server(s) on this page (these fields only appear when

Dynamic or WPA is selected as the authentication type). See also, “Radius

Accounting” on page 84.

Figure 79. Configuring RADIUS Servers

If you choose WPA-PSK authentication, you must provide a WPA Pass Phrase

and confirm the pass phrase (these fields only appear when WPA-PSK is

selected as the authentication type.

Figure 80. WPA Pass Phrase

◗Client Connect Security Keys

This option allows you to define up to 4 security encryption keys for your

Client Connects. To define a security key, click on the Enter Key 1 (through 4)

button to reveal the security key window, then select either hexadecimal or

ASCII format. Once you have selected the preferred format, choose 64 bit,

128 bit, or 152 bit encryption from the pull-down list and enter your security

key. After entering the key, click on the Update button to add the new key to

the list, or click on the Cancel button to abort the process.

Figure 81. Assigning Client Connect Security Keys

Access / One® Network

106 Managing the Network

When you add a new Client Connect security key, the system encrypts the

key and the encrypted key appears in the list. You can add up to 4 Client

Connect security keys. After adding security keys, select one of the keys to act

as the default shared key.

Figure 82. Encrypted Security Key

To delete a Client Connect security key, click on the Enter Key 1 (through 4)

button that applies to the key you want to delete. When the pop-up window

appears, choose None from the pull-down list. The selected security key is

removed from the list automatically.

◗Access Control List

This option allows you to configure an Access Control List (ACL) to determine

which user devices (stations) are allowed to connect to your Access/One

Network. To do this, simply click on the Manage ACL button to reveal the

Manage ACL window.

Figure 83. Configuring an Access Control List

Encrypted Key

Default Shared Key

Access / One® Network

Managing the Network 107

Choose the preferred access level from the pull-down list. Your options

include:

•Disable: All stations/clients can request association with an SSID in your

Access/One Network. This means that the ACL will not be checked when

a new station attempts to authenticate.

•Enable: All stations/clients are assigned a permission status based on their

MAC address. If the MAC address of the station attempting to gain access

is set to Deny, it will not be allowed to associate with the network. If the

MAC address is set to Allow, or not configured in the ACL, the station will

be allowed network access.

•Strict: Only stations assigned with Allow permissions in the ACL are

granted access to the network, regardless of encryption settings. In

addition, if the entry is configured for an encryption key, the station is

also required to match that key before gaining access. If no ACL entry

exists for a MAC address, it will not be allowed to associate with the

network. The ACL accepts multiple levels of authentication concurrently

so that stations with or without encryption (or shared key authentication)

can be admitted.

To add a new station, click on the Add New Station button to reveal the Add

New Station window.

Figure 84. Adding a New Station

Changing the ACL mode for wireless stations requires a reboot.

A reboot is also required when adding or deleting ACL entries

at the network level (though not at the module level).

Access / One® Network

108 Managing the Network

Enter the MAC address of the new station/client, then choose the ACL type

from the pull-down list. These options include:

•Allow

•Deny

•Default Shared Key

•64 bit (enter 10 digits)

•128 bit (enter 26 digits)

•152 bit (enter 32 digits)

If you choose any of the encryption types, enter the key in the Unique Key

field. Alternatively, you can choose the Default Shared Key and the system

will use the key you assigned as the default in Client Connect Security Keys.

This key will be used for all unicast messages

If you want to assign a VLAN, go to VLAN Security to understand what you

need to do with these fields. If CoS is disabled, your Access/One Network

does not support VLAN priority levels as a queuing mechanism and ignores

them while the frame is in transit through the network. The VLAN mechanism

applies strictly to wireless stations. All Access/One Network devices generate

only untagged traffic.

When you have completed your Access Control List (ACL) configuration,

click on the Update button to apply your changes and return to the Manage

ACL window. You must now click on the Update button in this window, then

click on the Apply Configuration tab to apply all of your ACL changes across

the network. You can now return to the main Client Connect window.

◗Client Connect Privacy

When enabled, this option offers Client Connect privacy by preventing Wi-Fi

users from communicating with each other on the same module. Data from

each Wi-Fi device is sent only to the Ethernet or backhaul ports, requiring a

router or other access device for authentication before allowing the devices

to exchange data. This is important in hotel applications where wireless users

communicate with each other via Guestek or Wayport servers. The default is

disabled.

Access / One® Network

Managing the Network 109

◗SSID Shutdown

When enabled, this option shuts down all SSID functionality when network

connectivity is lost. With this feature enabled, if connectivity to the gateway is

lost, the access point will disassociate all attached wireless clients—the client

will know there is a problem and will need to find another access point to re-

establish connectivity with the network. The default is disabled.

◗Discovery Protocols

This option enables the Strix Discovery Protocol (browser plug-in). The

default is enabled. If this option is disabled, the left pane in Manager/One

will not be available and the auto-discovery feature will not function.

◗Client Connect Privacy Tags

This option is used if you want to prevent users from seeing each other on

different modules. For total hotspot privacy, we recommend leaving the

privacy WLAN tags at their default values.

If you want to enable VLAN tag marking for Client Connect privacy (required

for mesh privacy), check this box. If enabled, you must assign the tags (the

defaults are 925 and 926).

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Network Connect

Network Connect is the infrastructure used by your Access/One Network for a

wireless connection to an existing wired network (small or large). Each node within

the network can utilize a wired Ethernet or wireless module (802.11a or 802.11g)

for node inter-connectivity or connection to a wired legacy network.

Unlike traditional wired Ethernet LAN/WAN connections used by access points and

WLAN switches, Access/One Network’s wireless Network Connect option provides

an advanced level of security between the network node and the LAN/WAN. By

default, the wireless Network Connect link utilizes AES encryption with a secret key

and cannot be compromised.

Access / One® Network

110 Managing the Network

When nodes in your Access/One Network are configured for wireless Network

Connect, the system provides several distinct advantages over a typical wireless

network that uses wired connections. These advantages include:

◗Secure networking

◗Self tuning, rapid self-healing, and rogue device detection

◗Scalability

◗Simple installation

◗Lowest cost of deployment

This command allows you to define your Network Connect parameters. The

following graphic shows the Network Connect window set to its default values.

Figure 85. Network Connect

The following options are available with this command:

◗Peer Selection

This option allows you to define peer selection criteria. These include either

Automatic Peer Selection (where your Access/One Network chooses peers

automatically, or selection by Target SSID (you must enter a valid SSID).

Access / One® Network

Managing the Network 111

◗Auto-Mode Radio Priority (Dual Wi-Fi Radio Only)

This option allows you to establish a priority for which radio on the dual band

wireless module will operate as a Network Connect in the Auto mode. The

available choices are:

•802.11a Only

•802.11a Priority, 802.11g Backup

•802.11g Priority, 802.11a Backup

•802.11g Only

◗Self-Tuning

This feature allows you to enable or disable Background Scanning and

configure the Self-Tuning Policy. When a Network Connect module first

connects to the network, it performs an initial scan of all available Wi-Fi

channels and generates a list of potential alternate Client Connects that are

reachable. Following the initial scan, the Network Connect continually scans

in the background to maintain the list and enable the system to make the

following intelligent decisions:

•When to drop the current path and select a better path, then connect to

the appropriate node (self-tuning).

•When to select the best path (or detect the loss of a path) and select the

next best path, then connect to the appropriate node (self-healing).

•Which APs are rogue devices.

To fully optimize your network’s ability to self-tune, self-heal and detect

rogue devices, we recommend that the Background Scanning feature is

always enabled (default).

Disabling Background Scanning will prevent Network Connects

from reporting rogue AP devices.

Access / One® Network

112 Managing the Network

◗Self-Tuning Policy

You can instruct the system to Never Switch during its self-tuning process, or

establish a Switching Frequency (with 5 possible frequency states between

stable and aggressive). When background scanning is completed, the self-

tuning system determines the best potential client, based on RTD/RSSI scores

and threshold values obtained during the scanning process. Threshold values

become more critical when two Client Connects are very close with their

scores. Normally, this can cause bouncing between the two Client Connects,

but Access/One Network eliminates the bouncing effect by allowing you to

move the threshold switching frequency from aggressive to stable.

◗Background Scan Interval

Enter a value in this field (in milliseconds) to define the interval between

background scans. The default is 5000 milliseconds.

◗Network Connect Security Key

To protect wireless stations associated with each node, your Access/One

Network provides WEP and AES ciphers for encryption and 802.1x remote

authentication. The inter-node Network Connect wireless uplink is protected

with an AES static key to prevent eavesdropping. The factory configured

default key is hidden from view to retain secrecy for a basic network, but this

key can be changed and each network can have its own unique key.

The Network Connect solution for Access/One Network prevents

unauthorized wireless connections from being established to the network by

blocking user traffic in the following two scenarios:

•If the Network Connect is configured for the default network name

(AccessOne), Manager/One forces the administrator to approve/admit the

node to the network before user traffic is bridged to the network.

•If the two nodes that are wirelessly connected (via the uplink) have

different Network Connect security keys configured. However, if the

Allow Strix default key option is enabled then a Network Connect using

the default security key can still connect with a network using a non-

default security key.

Access / One® Network

Managing the Network 113

To assign a security key, click on the Enter Key button. In the pop-up window,

select the key entry method (hexadecimal or ASCII text), then enter the key

that will serve as the default key to encrypt packets to be transmitted on a

wireless uplink between nodes. The key length is fixed at 152 bits. After

entering the key, click on the Update button to assign the key and return to

the Network Connect window.

Figure 86. Network Connect Security Key

Enable the Allow Strix default key option if you want to allow Network

Connects with a default key to connect with a network using a non-default

security key. In this case, the network using a non-default security key can

still be managed remotely. The default is enabled.

◗Network Connect Data Trust Level

This feature determines whether the Client Connect will allow traffic from a

Network Connect only (for management purposes), or from devices beyond

the Network Connect module—like a Client Connect on top of it, or Ethernet

devices attached to it. This applies only when a Network Connect uses the

default (non-provisioned) key when associating with a Client Connect.

Choose the preferred trust level policy for the Network Connect from the

following options:

•Trust Strix Network behind Network Connect: Trust the Strix network

behind the Network Connect.

•Trust only Network Connect module: Trust only the Network Connect

module.

After inputting data (or making selections), click on the Update button to update this

page, then click on the Apply Configuration tab to propagate your changes across

the network. If necessary, you can click on the factory default (FD) button in the

toolbar to reset all data on this page to its factory default state.

Access / One® Network

114 Managing the Network

Rogue Scan

This option allows you to define which channels are scanned for rogue devices by

the defined country code. From the configuration window, you can enable or

disable channels.

Figure 87. Rogue AP Scanning

Access / One® Network

Managing the Network 115

In addition to defining channels, the Rogue Scan configuration window allows you

to define a refresh period—the elapsed time after which the network server refreshes

the rogue device list. The default is 1 day. Making this refresh period too frequent

will adversely impact the performance of the network.

Figure 88. Defining the Refresh Period for the Rogue List

If you make any changes to your channel selections in this window you must click

on the Update button for your changes to take effect, then click on the Apply

Configuration tab to propagate your changes across the network. If necessary, you

can click on the factory default (FD) button in the toolbar to reset all data on this

page to its factory default state.

Define the Refresh Period

Access / One® Network

116 Managing the Network

The Inventory Function

This function provides you with an inventory view of your Access/One Network and

includes the following commands:

◗Print Friendly Format

◗Export to CSV

The inventory list is displayed in a tree structure that can be expanded (default) or

collapsed (show nodes only). The structure of the list consists of the Node ID, its

serial number and name, IP address and MAC address, the node type, the

technology it uses, and the current firmware version it is running. To compliment full

two-way authentication, the inventory list is synchronized and maintained between

all Strix devices. See also “Inventory or Auto Discovered” on page 63.

Figure 89. Inventory List

Manual additions (by node serial number)

Unreachable devices are listed here

Access / One® Network

Managing the Network 117

The inventory list allows you to manually add nodes, at your discretion. To add a

node to the inventory list, enter the node’s serial number in the Node ID field then

click on the Add button. Nodes that cannot be detected by the network will appear

in the Unreachable Devices frame.

You also have the option of manually deleting nodes from the inventory list. To

delete a node, simply click on the X icon next to the node you want to delete. The

system will then prompt you for a confirmation. Click on the OK button to delete the

selected node, or click on the Cancel button to cancel your request.

Figure 90. Deleting a Node from the Inventory List

Print Friendly Format

This option converts the inventory list into a printer friendly format that can be

printed on standard letter size paper. After converting the inventory list, the system

prompts you for your printer’s destination. To initiate the printing process, click on

the Print button.

Figure 91. Printing the Inventory List

The node’s alphanumeric serial number is case-sensitive, with all alpha

characters being upper case.

Access / One® Network

118 Managing the Network

Export to CSV

This option allows you to export the inventory file to a CSV (Comma Separated

Values) format that can be edited within a compatible spreadsheet application, such

as Microsoft Excel®.

Figure 92. CSV File

Importing the CSV File to an Excel Spreadsheet

When the CSV file is created, use the following procedure to import the file into an

Excel spreadsheet for editing.

1. Click in the header of the CSV file to make the CSV window active.

2. Press Ctrl+A to select all text in the CSV file.

3. Press Ctrl+C to copy the selected text to the clipboard.

4. Open a new Excel workbook, then press Ctrl+V to paste the CSV text into a

cell in the workbook.

5. Go to Data in the Excel menu bar and choose Text to Columns... from the

pull-down list.

6. On the first page of the wizard in Excel select the Delimited option, then

click on the Next button.

7. On the second page of the wizard check the Comma check box to enable

the conversion with comma delimiters.

8. On the third and last page of the wizard, click on the Finish button to

convert the raw text into editable columns.

Access / One® Network

Managing the Network 119

The Monitor Function

This function provides you with tools that allow you to view your network’s

operation and performance, and includes the following commands:

◗Tools

•AP Monitor

•Network Connect Monitor

•Wireless Client Query

•Rogue Monitor

–Scan

–Ignore All

–Include All

Tools

Clicking on Tools in Manager/One’s toolbar generates a pull-down menu containing

all the commands that are available within the Monitor function.

AP Monitor

The AP Monitor provides a snapshot in table form of all active Client Connect

devices on a selected subnet.

Figure 93. AP Monitor (Default View)

Access / One® Network

120 Managing the Network

The table displayed in the AP Monitor window can be customized to show a defined

number of entries in the table, and the table can be sorted in either ascending or

descending order based on any selected column. For example, if you want to sort

the table by channel, click in the column header for Channel—the table is then

sorted according to the channels used by the Client Connects.

The target subnet can also be changed by selecting another subnet (as long as the

subnet exists in the pull-down list). In addition, the table offers instant access to the

assigned BSSID information for each node and you can log in to any node by simply

clicking on its IP address (all links are underlined).

Figure 94. An Overview of Monitor Tables (AP Monitor)

To define how the table is sorted, simply click in a column header to toggle between

ascending or descending for the data in that column to become the primary sort

criteria. The data in the AP Monitor table can be refreshed at any time.

BSSID Information

Sorted by ChannelSubnet

Refresh

Total Entries

Access / One® Network

Managing the Network 121

Network Connect Monitor

The Network Connect Monitor provides a snapshot in table form of all active

Network Connect devices on a selected subnet.

Figure 95. Network Connect Monitor

Although the displayed data is different, the organization of tables in all monitors is

the same. For information about how to define the sort criteria within the Network

Connect Monitor table, see Figure 94.

The only difference in the navigational content between the Network Connect

Monitor and the AP Monitor is the Network Connect Monitor also includes an

information button (i) in the top right corner of the window. Clicking on this button

generates the RSSI Legend pop-up window that provides a reference for the icons

displayed in the RSSI (dBm) column.

Figure 96. RSSI Legend

Access / One® Network

122 Managing the Network

Wireless Client Query

The Wireless Client Query Monitor provides a search tool that allows you to run a

query through the network and locate Wi-Fi clients based on the following search

criteria:

◗Find a client based on a specific MAC address

◗Find clients with an RSSI value of less than -85 dBm

Figure 97. Wireless Client Query Monitor

If you choose to search for a client based on its MAC address, the system prompts

you for the address. After entering the MAC address, click on the OK button to start

the search.

Figure 98. MAC Address Prompt

Although the displayed data is different, the organization of tables in all monitors is

the same. For information about how to define the sort criteria within the Wireless

Client Query Monitor table, see Figure 94. And similar to the Network Connect

Monitor, the Wireless Client Query Monitor also includes the information button (i)

in the top right corner of the window. Clicking on this button generates the RSSI

Legend pop-up window (see Figure 96).

Strix Systems OWS2430-90 802.11 a/b/g 4.9 GHz Wireless, Mesh Access Point User Manual accessone userguide

Strix Systems, Inc. 802.11 a/b/g 4.9 GHz Wireless, Mesh Access Point accessone userguide

Contents

User Manual Part 3 of 5

Navigation menu

Namespaces

Views

Navigation