Strix Systems OWS2430-90 802.11 a/g Wireless Mesh Type Networking Device User Manual accessone userguide

Strix Systems, Inc. 802.11 a/g Wireless Mesh Type Networking Device accessone userguide

UserManual.wiki >

Strix Systems >

OWS2430-90 User Manual >

Contents

Users Manual 3

Access / One® NetworkManaging the Network 735After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network ManagementGeneralThis command allows you to define the level of security for the various managementinterface options used to manage your Access/One Network, and provides optionsfor enabling or disabling SNMP Management and FTP server functionality.Figure 56. General Management Interface SecurityThe following options are available with this command:◗ShellChoose Clear & Secure to allow network management via an unsecuredTelnet connection and a Secure SHell (SSH) connection, or choose SecureOnly to restrict management to an SSH connection only. Alternatively, youcan choose None to prevent access from either option.

Access / One® Network74 Managing the Network5If you are allowing access via Telnet or SSH, enter a value—in seconds—inthe Shell Timeout field to define how long the connection will remain openduring idle periods. Setting the shell timeout value to 0 (zero) will disable thetimer and keep the session open, even when idle.◗WebChoose Clear & Secure to allow network management from your Webbrowser via HTTP (clear) and HTTPS (secure), or choose Secure Only torestrict management via a secure HTTPS connection only. Alternatively, youcan choose None to prevent all Web management access.◗CIMS (Cloud Infrastructure Management System)Choose Clear & Secure to allow network management via CIMS, wheresecurity levels are controlled automatically. Alternatively, you can define thesecurity level manually by choosing Secure Only or Clear Only.◗SNMP ManagementCheck this box to enable network management via an SNMP (SimpleNetwork Management Protocol) management console. Your Access/OneNetwork supports the 802.11 MIB (Management Information Base), as well asStrix proprietary MIBs. Any MIB I or MIB II compliant SNMP managementconsole (such as CiscoWorks or HP OpenView) can be used to manage yournetwork remotely.◗FTP ServerCheck this box to enable FTP server functionality (this box must be checked ifyou want to update your firmware or transfer system configuration files).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® NetworkManaging the Network 755SNMPThis command allows you to define the SNMP Communities, the SNMP System, andany specific SNMP Trap Managers. With SNMP enabled and the settings on thispage defined, your Access/One Network will support most common SNMPmanagement consoles.The system also supports Syslog (System Logging) via an SNMP manager (in parallelwith basic Syslog services) where Syslog text information is encoded in an SNMPtrap message and presented to the operator.SNMP (Simple Network Management Protocol is a standard protocol that regulatesnetwork management over the Internet. SNMP uses TCP/IP to communicate with amanagement platform, and offers a standard set of commands that make multi-vendor operability possible. SNMP uses a standard set of definitions, known as aMIB (Management Information Base), which can be supplemented with Enterprise-specific extensions. Strix provides its own proprietary MIBs. For more informationabout Strix MIBs, contact Strix technical support.Figure 57. Configuring Access/One Network for SNMP

Access / One® Network76 Managing the Network5The following options are available with this command:◗SNMP CommunitiesEnter your GET Community (read), SET Community (write) and TRAPCommunity in the corresponding fields. The defaults for these fields are:•GET Community: public•SET Community: netman•TRAP Community: public◗SNMP SystemEnter the Contact and Location information for the person managing yourAccess/One Network.◗SNMP Trap ManagersEnter a valid IP address for any SNMP Trap Manager you intend to use. TheSNMP Trap Manager you choose must be enabled, so ensure that theappropriate box is checked. If you have multiple SNMP Trap Managersassigned, you can delete a manager by clicking on the X icon associated witheach manager.◗TrapsChoose Open to expand the primaryelements of the SNMP Trap Manager tree.From here you can make managementselections by checking (or unchecking)the appropriate check boxes. Whenfinished making your selections, chooseClose to collapse the tree.After inputting data (or making selections), clickon the Update button to update this page, thenclick on the Apply Configuration tab topropagate your changes across the network. Ifnecessary, you can click on the factory default(FD) button in the toolbar to reset all data on thispage to its factory default state.Figure 58. Managing Traps

Access / One® NetworkManaging the Network 775Trusted IP AddressesThis command allows you to enable or disable the Trusted Mode and assign specifictrusted IP addresses. When this mode is enabled, only addresses assigned here willbe trusted by the network for management at any network module.Figure 59. Assigning Trusted IP AddressesThe following options are available with this command:◗Trusted ModeYou can only enable this option if you have added at least one trusted IPaddress. Once a trusted IP has been added, check this box to enable thetrusted mode (or uncheck the box if you want to disable this feature).◗IP AddressYou must add at least one IP address if you want to enable the trusted modefeature. To add an address, simply enter a valid IP address in this field thenclick on the Add button (the new address is listed below this field). You canadd as many trusted IP addresses as you want. To delete an address, click onthe X icon alongside the address, then confirm your request at the pop-updialog. However, if you have only one trusted IP address listed, you cannotdelete the address if the trusted mode is enabled—you must disable thetrusted mode before attempting to delete a sole trusted IP address.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® Network78 Managing the Network5TCP/IP SettingsThis command allows you to specify whether Access/One will obtain the DefaultGateway and DNS IP addresses automatically, or use pre-configured static IPaddresses.Figure 60. TCP/IP SettingsThe following options are available with this command:◗Default GatewayThe system is set up to use DHCP (Dynamic Host Configuration Protocol) toobtain the default gateway IP address automatically (default).When using wireless uplinks between nodes, Access/OneNetwork’s self-tuning feature requires that a default gateway and/or DNS is specified to determine delays to the host Ethernet.When DHCP is used across the network (default), specifyingboth of these will satisfy this requirement.

Access / One® NetworkManaging the Network 795◗DNS ServerChoose whether you want the system to use DHCP to obtain the DNS IPaddress automatically (default), or use a pre-configured static IP address. Ifyou choose the latter option, enter IP addresses for the primary andsecondary (if any) DNS server. DNS is used by your Access/One Networkmodules to lookup the names of various servers (for example, the RADIUSand FTP servers). You must specify a Domain Name when static IP addressesare used. This has the effect of appending the Domain Name to non-fullyqualified address requests (for example, the FTP server host name configuredas FTP123 will become FTP123.yourdomain.com).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network TopologyThis command allows you to define whether your Access/One Network will obtainits Master Network Server IP address automatically or use a pre-configured static IPaddress. It also provides you with the option of defining any static network servers.Figure 61. Network Topology

Access / One® Network80 Managing the Network5The following options are available with this command:◗Master Network Server ConfigurationEstablishing a master/slave relationship between network servers facilitatesefficient Wide Area Network management by reducing the amount of trafficbetween two subnets on the same network, as well as providing a singlenetwork server responsible for all Strix devices within its subnet. This featureenables a Master Network Server to be statically or dynamically assigned forevery subnet (even within the same network), which Manager/One users areredirected to if they try to log into a non-Master Network Server.The Master Network Server supports SNTP (Simple Network Time Protocol)and is responsible for sending out the correct clock for the subnet as part ofthe CIMS protocol. In this way, only the Master Network Server need derivethe clock from an independent stratum 1 or 2 clock source. If the MasterNetwork Server fails, your Access/One Network quickly detects the failure, atwhich point the network server with the next lowest IP address assumes therole of master. In this case, when the failed Master Network Server comesback online, it immediately re-establishes its role as master.Choose whether you want the system to obtain the Master Network Server IPaddress automatically (default), or use a pre-configured static IP address. Ifyou choose the latter option, enter a valid IP address in the appropriate field.◗Static Network ServersStatic network servers are added to bond subnets together, allowing you toconfigure and manage multiple subnets. You do this by starting with onesubnet and adding the Master Network Server IP addresses of other subnets totie them together. Enter the IP address of a network server module on another subnet (thedefault subnet mask is 255.255.255.255), then click on the Update button. toadd the server to a list. If you enter multiple static network servers, you mustclick on the Update button after each entry for your changes to take effect.To delete a static network server’s IP address, simply click on the X iconalongside the address.

Access / One® NetworkManaging the Network 815After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Priority/One - Class of ServiceThis command allows you enable and define Class of Service (CoS) filters toprioritize traffic throughout your Access/One Network. Supported filters include:◗VLAN◗IP TOS (Type of Service)◗IP ProtocolCoS filters establish separate queues for different priority streams based on the filtersyou define here. Data streams are then serviced according to their priority. Inaddition, this command allows you to enable or disable the SpectraLink® VoiceSupport feature.Figure 62. Priority/OneThe following options are available with this command:◗COS GlobalCheck the COS Prioritization box to enable COS filtering across the network,or uncheck the box to disable the COS filtering functionality.

Access / One® Network82 Managing the Network5◗Spectralink Voice SupportCheck the SpectraLink Radio Protocol box to enable the SpectraLink VoiceSupport feature across the network. This feature gives a controlled preferenceto voice packets over data packets, ensuring that all voice packets aretransmitted efficiently. Access/One Network prioritizes SpectraLink voicetraffic over user data traffic.◗Configured COS Priority Filter ListIf you want to add a specific COS filter, click on the Add COS Filter button todisplay the COS Filter Management window. From here, you can add Class ofService filters and establish priorities for each class.Figure 63. Adding COS FiltersFor each COS filter you add, you must click on the Update button to applythe change—you can only add one filter at a time. Each time you add a COSfilter, Manager/One returns you to the main Priority/One page where you willsee the new filter appended to a list. The list appears immediately under theAdd COS Filter button.

Access / One® NetworkManaging the Network 835To edit or delete an assigned filter that appears in the list, click on the filter togenerate the COS Filter Priority Settings window. From here you can edit ordelete filters. To delete a filter, click on the X icon next to the filter in thiswindow.Figure 64. Editing or Deleting COS FiltersAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Click here to delete

Access / One® Network84 Managing the Network5Radius AccountingThrough a wireless interface, your Access/One Network supports RFC 2866standard RADIUS (Remote Authentication Dial-In User Service) accounting,allowing customers with existing RAS Radius-parsing scripts/tools to leverage theirinvestment as well as customize their tools to extract all available statisticalinformation. This command allows you to configure up to two RADIUS accountingservers, set up an authorization port, and establish a secret key.Figure 65. Setting Up RADIUS Accounting ServersThe following options are available with this command:◗Server 1 (IP Address or Name)Enter a valid IP address or name for Server 1.◗Server 2 (IP Address or Name)If you require a second (backup) server, enter a valid IP address or name forServer 2. Server 2 is only used if Server 1 becomes unavailable.◗PortEnter the authorization port for the primary RADIUS server (Server 1) in thisfield. This is the port the system uses when authorizing users.

Access / One® NetworkManaging the Network 855◗SecretEnter a secret key in this field for the primary RADIUS server. During theauthentication process, the server and client exchange secret keys. The secretkeys must match for communication between the server and the client tocontinue. The secret key is a valuable and necessary security measure.◗Secret ConfirmConfirm your secret key in this field.◗Checkpoint IntervalCheck this box to enable a checkpoint interval, or uncheck this box to disablethis feature.◗Send EveryOnce an interval time (in minutes) is established in this field, the reportingmodule will send interim reports for each wireless device associated to it atthis interval period.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.SyslogAccess/One Network offers comprehensive Syslog (system logging) functionality,including the ability to monitor Syslog events. Logged events can be sent to multipleSyslog servers, though using more than one server can impact the system’sperformance. This command allows you to:◗Define your Syslog configuration parameters.◗Assign the Syslog (system logging) server IP address.◗Define the event logging destination (Command Line Interface, SNMP SyslogMIB, or a defined Syslog server IP address).◗Establish the reporting level for each Access/One Network function (security,wireless, management, and other).

Access / One® Network86 Managing the Network5To access the Syslog window, choose Syslog from the System pull-down menu in theConfigure function.Figure 66. Configuring Access/One Network for SyslogThe following options are available with this command:◗Syslog ConfigurationThis category allows you to define the Maximum Message Length, where thecharacter length of Syslog messages will be restricted to the number youdefine here. In addition, you can enable/disable the Detailed Format featurewhich determines the level of detail reported in each message, and alsoenable a feature that forces the system to Replace Spaces with Underscores inmessages.Server IP Address added hereReporting Levels

Access / One® NetworkManaging the Network 875◗Syslog ManagementEnter a valid IP address for the Syslog server, then click on the Add button toadd this server to the list of available Syslog destinations. You can addadditional servers, but assigning multiple servers may degrade the system’sperformance. Once you’ve assigned the server(s), choose the destination foryour event logging (CLI, SNMP Syslog MIB, and/or the Syslog server youassigned). The destination(s) you choose must be enabled, so ensure that theappropriate box is checked. If you have multiple IP addresses assigned, youcan delete an IP address by clicking on the X icon next to the IP address.◗Syslog CLI SubsystemSelect the reporting level for each function (security, wireless, management,and other) from the corresponding pull-down list. Your available choices are:•none•emergency•alert•critical•error•warning•notice•inform•allIf you select all from the pull-down list, this will include the debug level. Thedebug level will significantly increase (almost double) the number of Syslogmessages that are returned and significantly degrade performance. The debuglevel should not be used for routine Syslog monitoring. For more informationabout Syslog messages, see “Syslog Messages” on page 173.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® Network88 Managing the Network5Date and TimeThis command allows you to set the time zone, define daylight saving parameters,and choose between automatic time and manual time.Figure 67. Establishing the Correct Date and Time for Your EnvironmentThe following options are available with this command:◗Time ZoneSelect the time zone from the pull-down list that applies to the geographiclocation where your Access/One Network is operating. The default time zoneis Greenwich Mean Time (GMT).Figure 68. Time Zones

Access / One® NetworkManaging the Network 895◗Daylight Saving TimeThis option allows you to configure the Daylight Saving Time for your chosentime zone. Click on the Set Daylight Saving Time button to reveal theconfiguration window.Figure 69. Configuring Daylight Saving TimeChoose the month, week, day and year from the available pull-down menusfor both the Starting Time and Ending Time to establish your daylight savingtime. To apply your selections, click on the Update button in the Set DaylightSaving Time window (not the Update button on the main page). To remove alldaylight saving time settings, simply click on the Remove button. You canalso close this window without making changes (or even after makingchanges) by clicking on the Cancel button.◗Date and TimeThis option allows you to choose between Automatic Time and Manual timesettings:•Automatic Time (SNTP)SNTP (Simple Network Time Protocol) is an adaptation of the NetworkTime Protocol (NTP), used to synchronize computer clocks within theInternet. SNTP can operate in both unicast modes (point-to-point) andbroadcast modes (point-to-multipoint). It can also operate in IP multicastmode where this service is available. If you selected Automatic Time(SNTP), you must choose whether you want the system to use DHCP toobtain the SNTP Server IP address automatically, or use a pre-configuredstatic IP address. If you select the latter option, you must enter a valid IPaddress in the SNTP Server IP Address field.

Access / One® Network90 Managing the Network5With the Automatic Time (SNTP) option selected, the master networkserver transmits time/date synchronization packets periodically to Strixdevices using the Strix Time Distribution (STD) protocol. Stack controllersuse STD to adjust their own time and date. Time and date information isdistributed in Greenwich Mean Time (GMT), allowing each device toadjust for its own time zone. This allows Access/One Network to spanlarge geographic areas while maintaining time coherence.If SNTP is configured at the network level, the master network server willproxy the SNTP time requests on behalf of your entire Access/OneNetwork. The master network server effectively queries the SNTP serverperiodically and adjusts its own time/date accordingly. STD time/dateinformation is then sent to all Strix devices on the network. If the masternetwork server fails (for any reason), all Strix devices will then query theSNTP server individually.•Manual TimeChoose this option if you want to set the date and time manually. To dothis, simply make your selections from the pull-down menus provided forhour, minute, AM/PM, month and year, then click on the day of themonth on the calendar provided.Figure 70. Setting Manual TimeAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® NetworkManaging the Network 915Operating EnvironmentThis command is applicable to the IWS only. It displays the Fan Setting window andallows you to choose between a Low, Normal (Indoor) and Outdoor speed settingfor the node’s cooling fan. Choose Normal if the affected node is to be installed inan environment with a regulated temperature, otherwise choose High if theoperating environment is uncontrolled and prone to fluctuating temperatures and/orhumidity. Generally, the Normal setting is used for indoor applications while theHigh setting is used for outdoor applications. Only use the Low setting for nodeswith single radio configurations.Figure 71. Setting the Cooling Fan SpeedAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Firmware UpdatesThis command allows you to set FTP parameters at the network level so that yourAccess/One Network knows where to find the new firmware (BIN) files. Proceduralinformation for updating your Access/One Network’s firmware has already beencovered in “Updating Firmware Across the Network” on page 37.If you are uncertain about your FTP server’s configuration parameters, consult withyour network administrator.

Access / One® Network92 Managing the Network5Wi-FiThis area of Manager/One contains the primary configuration commands for yourAccess/One Network in the Wi-Fi environment. Any commands executed here areapplied to all wireless modules, so make sure the changes you initiate are changesthat you want to apply to the entire network, otherwise go to “Managing Subnetsand Nodes” on page 127 or “Managing Modules” on page 133.GeneralThis command allows you to define your Access/One Network’s general radioparameters for 4.9 GHz Public safety, 802.11a and 802.11g radios. These radioparameters are applied across the entire network. If you want to set up the radioparameters for a specific wireless module, go to “Radio Parameters” on page 147.Figure 72. Setting Up General Radio Parameters

Access / One® NetworkManaging the Network 935◗Allow Association Over Long Distances (25 miles/40 km)This option allows you to set a distance (up to 25 miles or 40 kilometers) forwireless associations over long distances (the default is 3 miles). Be awarethat changing the distance here will affect all wireless modules. Werecommend setting this value at the module level. For example, if you have asingle 10 mile link and many shorter links setting this value to 10 miles willaffect all links and slow down the network.◗Frequency/Rate/Power•Transmit PowerThis option allows you to select the level of transmit power from thechoices available in the pull-down list (either Full, Half, Quarter, OneEighth, or Minimum). You can decrease the transmit power to decreasethe range of the wireless modules in your Access/One Network. Thedefault value for this parameter is Full (maximum power).Depending on the selected antenna(s) for your application—especiallyrelevant to the OWS—it may be necessary to configure the transmitpower. It is the installer's responsibility to ensure that the transmit poweris set correctly for the chosen antenna(s). Operation in a manner otherthan is represented in this document is a violation of FCC rules.For a complete listing of the maximum power settings allowed forantennas, go to “Power Settings for Antennas” on page 167.◗Advanced SettingsThese advanced settings are preconfigured with the optimum settings for yourAccess/One Network. Changing any of these settings may negatively affectthe network’s performance. For best results, leave these settings at theirdefault values.•Beacon IntervalThe beacon is a uniframe system packet broadcast by the AP to keep thenetwork synchronized. Enter a value in this field between 20 and 1000(milliseconds) that specifies the beacon interval. The default value is 100.

Access / One® Network94 Managing the Network5•Delivery Traffic Indication Message (DTIM Period)Enter a value between 1 and 255 that specifies the Delivery TrafficIndication Message (DTIM). Increasing this interval allows the station tosleep for longer periods of time resulting in power savings (in exchangefor some degradation in performance). The default value is 1.•Fragment LengthEnter a value between 256 and 2346. This setting determines the size ofthe wireless frame. Wireless frames are reassembled by your Access/OneNetwork wireless modules before being forwarded to the Ethernet port,but only if the frame is smaller than the Ethernet MTU (1536 bytes). Thedefault value is 2346.•RTS/CTS ThresholdThis is a value that determines at what frame length the RTS-CTS functionis triggered. By default, the threshold is set at its highest value. A lowervalue means that the RTS-CTS function is triggered for smaller framelengths. A lower threshold value may be necessary in environments withexcessive signal noise or hidden nodes, but may result in someperformance degradation. Enter a value between 256 and 2346 to specifythe RTS/CTS threshold. The default value is 2346.

Access / One® NetworkManaging the Network 955Radio ParametersThis command allows you to define your Access/One Network’s radio parametersfor all 4.9 GHz Public Safety, 802.11a and 802.11g radios. If you want to set up theradio parameters for a specific wireless module, go to “Radio Parameters” onpage 147.Figure 73 shows an example of the Radio Parameters configuration page for 802.11aradios operating in the 5.745 GHz to 5.825 GHz wireless band.Figure 73. 802.11a Radio Parameters (5.745 GHz to 5.825 GHz)

Access / One® Network96 Managing the Network5Figure 74 shows an example of the Radio Parameters configuration page for 802.11gradios operating in the 2.400 GHz to 2.4835 GHz wireless band.Figure 74. 802.11g Radio Parameters (2.400 GHz to 2.4835 GHz)

Access / One® NetworkManaging the Network 975Figure 75 shows an example of the Radio Parameters configuration page for radiosoperating in the 4.940 GHz to 4.990 GHz wireless band.Figure 75. Public Safety Radio Parameters (4.940 GHz to 4.990 GHz)802.11a Radio Parameters at the Network LevelThe following options are available with the Radio Parameters command for all802.11a radios at the network level:◗802.11a Radios Wireless ModeThis option is not configurable at the network level. If you want to set up thewireless mode for a specific 802.11a wireless module, go to “RadioParameters” on page 147.◗Maximum 802.11a ClientsThis option allows you to restrict the number of 802.11a clients that canassociate with each 802.11a access point. The default is 128. Setting this fieldto 0 (zero) prevents all 802.11a client access.◗802.11a Channel SelectorThese options extend the range of 802.11a wireless capability by allowingyou to select 802.11a wireless channels. Check the corresponding box toenable an 802.11a channel of your choice.

Access / One® Network98 Managing the Network5802.11g Radio Parameters at the Network LevelThe following options are available with the Radio Parameters command for all802.11g radios at the network level:◗802.11g Radios Wireless ModeThis option allows you to select the 802.11g wireless mode from the optionsavailable in the corresponding pull-down list, including:•802.11g: This is the default standard 802.11g wireless mode.•802.11g Only (No 802.11b): This mode restricts the radio to the 802.11gwireless mode only and does not allow 802.11b compatibility.•802.11b Only (No 802.11g): This mode restricts the radio to the 802.11bwireless mode only and does not allow 802.11g compatibility.◗Maximum 802.11g ClientsThis option allows you to restrict the number of 802.11g clients that canassociate with each 802.11g access point. The default is 128. Setting this fieldto 0 (zero) prevents all 802.11g client access.◗802.11g Channel SelectorThese options extend the range of 802.11g wireless capability by allowingyou to select 802.11g wireless channels. Check the corresponding box toenable an 802.11g channel of your choice.◗802.11g (only)These options allow you to set up how your 802.11g wireless modulesperform on the network (not applicable to 802.11a radios). Options that arespecific to 802.11g radios include:

Access / One® NetworkManaging the Network 995•Protection ModeThis is a mechanism to let 802.11g devices know when they should usemodulation techniques to communicate with another 802.11b device,especially in wireless networks where there is a mixed environment thathas 802.11g and 802.11b clients (and the clients are hidden from eachother. The protection mode options include the following:–NoneThis assumes there are no wireless stations using 802.11b (11 Mbps)technology. If operating in a mixed 802.11b/g network with minimal802.11b traffic, choose this option to ensure the best performance foryour 802.11g stations.–AlwaysProtects 802.11b traffic from colliding with 802.11g traffic. Thismode is not recommended, especially if only a few wireless stationsare operating with 802.11b. Only use this mode in environmentswith heavy 802.11b traffic or where there is interference.–AutoThis is the default mode and will enable protection for 802.11gstations if your Access/One Network finds an 802.11b client. In thismode, if the 802.11b client leaves the network the protection modewill revert to None automatically.•Protection RateSets the data rate at which the RTS-CTS (Request-to-Send and Clear-to-Send) packets are sent (either 1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps).The 11 Mbps data rate is the default.

Access / One® Network100 Managing the Network5•Protection TypeThis option is only relevant when the Protection Mode is on. The optionshere are CTS-only or RTS-CTS. With CTS-only, the client is not requiredto send an RTS (Request-to-Send) to the AP. As long as the client receivesa CTS (Clear-to-Send) frame from the AP then the client is free to senddata. With the RTS-CTS option enabled, the client is required to send anRTS to the AP and wait for a CTS from the AP before it can send data (thisoption creates additional overhead and can cause performancedegradation). The default is CTS-only.•Short Slot Time802.11g defines the long slot time as 20 microseconds and a short slottime as 9 microseconds. 802.11b only supports the long slot time of 20microseconds. In an environment with 802.11g devices only, this option(Short Slot Time) must be enabled for better performance—givingprecedence to 802.11g traffic. Only disable this option in mixed(802.11b and 802.11g) environments. The default is enabled.•Short PreambleShort slot preamble improves network efficiency by reducing thepreamble from 128 bits to 56 bits. 802.11g is required to support bothshort and long preambles (802.11b support for a short preamble isoptional). If this option is enabled, any 802.11b clients associated withthe network must support a short preamble. The default for this option isenabled.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® NetworkManaging the Network 1015Client ConnectClient Connect (Virtual/Strix) is the system topology that enables your Access/OneNetwork to support and provide access to client devices using most wirelesstechnologies, including 802.11a or 802.11g. With Client Connect you cancustomize each network node to support the wireless technologies you need in thelocations you need them. Any mix of these technologies can be supported within asingle node or across the entire Access/One Network.This command allows you to define your Client Connect parameters. The followinggraphic shows the Client Connect window set to its default values.Figure 76. Client Connect (Virtual/Strix)

Access / One® Network102 Managing the Network5The following options are available with this command:◗SSIDAn SSID (Service Set Identifier) is a unique name shared among all devices ina wireless network. Choose the network (SSID) or choose Add /Remove SSIDsfrom the pull-down list. If you add an SSID, the new SSID can be up to 32alphanumeric characters and the characters are case-sensitive. In addition toadding and/or deleting SSIDs, this option allows you to edit an existing SSIDname.•Choosing an Existing SSIDTo choose an existing SSID, simply select it from the pull-down list.•Editing the Name of an Existing SSIDTo edit the name of an existing SSID, choose an SSID from the pull-downlist then click on the Edit SSID Name button. The SSID name is noweditable and you can change it by over-typing on the existing name. Ifyou do this, you must click on the Update button to apply your change.•Creating a New SSIDTo create a new SSID, choose Add/Remove SSIDs from the pull-down listto reveal the Add/Remove SSID window.Figure 77. Adding an SSIDEnter a name for the new SSID in the SSID field. Check the Suppress SSIDbox if you want to prevent the broadcast of this SSID in beacons from allwireless modules in your Access/One Network (recommended).

Access / One® NetworkManaging the Network 1035Choose whether the new SSID should be tagged or untagged. However,there can be only one untagged SSID in the SSID table (the default SSIDis always untagged). From this window you also have the option ofassigning VLAN Security to the new SSID. When you have completed alldata input for the creation of your new SSID, click on the Add SSIDbutton. The new SSID is added to the list and will appear in the pull-down list in the main Client Connect window.•Deleting an SSIDTo delete an existing SSID, simply click on the X icon next to the SSIDyou want to delete.Figure 78. Deleting an SSID◗SSID Client LimitsEnter a value (up to 128) in the Maximum Clients per SSID field. The defaultis 128. If you enter a value of 0 (zero) you will effectively prevent all useraccess, with the exception of any Strix Network Connect devices.◗VLAN SecurityYou can now associate a tagged or untagged VLAN with the selected SSID. Ifyou define a tagged VLAN, you must assign a priority to it. The acceptablerange for priorities is between 0 and 7, and the priority is chosen from thepull-down list. The lower the priority level you assign, the higher the prioritywill be given by a VLAN-aware Ethernet switch. Access/One Network doesnot support these priority levels as a queuing mechanism and ignores themwhile the frame is in transit through the network. The VLAN mechanismapplies strictly to wireless stations. All devices on your Access/One Networkgenerate only untagged traffic.Click here to delete this SSID

Access / One® Network104 Managing the Network5◗Client Connect Security ModeThis option allows you to establish the authentication and encryption securitymodes for Client Connects. These include:•Authentication–Open: Used for local authentication.–Shared Key: This option is not currently supported.–Dynamic Key (802.1X): With this option, the RADIUS server gives akey to each user for unicast traffic. Multicast traffic uses the defaultkey.–WPA-PSK: With this option, the WPA (Wi-Fi Protected Access)standard uses a Pre-Shared Key (PSK) mode that does not require theRADIUS infrastructure.–WPA: This option provides WPA, a subset of the 802.11i standardthat boosts the original static WEP security by mandating 802.1xremote authentication.•Encryption–Clear: Available for Open or Dynamic authentication. Messages willbe sent unencrypted between user devices and your Access/OneNetwork nodes.–WEP: Wired Equivalency Privacy (WEP) is a security protocol forWLAN. It encrypts data using an RC4 stream cipher of 64, 128 or152 bits.–AES: Advanced Encryption Standard (AES) encrypts data using asymmetric 152 bit data block, and is generally considered the mostsecure option available.–TKIP: The Temporal Key Integrity Protocol (TKIP) is part of the IEEE802.11i encryption standard for wireless LANs, providing per-packetkey mixing, a message integrity check and a re-keying mechanism.–Auto Negotiate: With this option, the encryption mode will benegotiated in real time between the participating devices, allowingthe simultaneous use of AES and TKIP.

Access / One® NetworkManaging the Network 1055Select the desired Authentication and Encryption modes from the availableoptions. If you choose Dynamic (802.1x) or WPA authentication, you mustconfigure the RADIUS server(s) on this page (these fields only appear whenDynamic or WPA is selected as the authentication type). See also, “RadiusAccounting” on page 84.Figure 79. Configuring RADIUS ServersIf you choose WPA-PSK authentication, you must provide a WPA Pass Phraseand confirm the pass phrase (these fields only appear when WPA-PSK isselected as the authentication type.Figure 80. WPA Pass Phrase◗Client Connect Security KeysThis option allows you to define up to 4 security encryption keys for yourClient Connects. To define a security key, click on the Enter Key 1 (through 4)button to reveal the security key window, then select either hexadecimal orASCII format. Once you have selected the preferred format, choose 64 bit,128 bit, or 152 bit encryption from the pull-down list and enter your securitykey. After entering the key, click on the Update button to add the new key tothe list, or click on the Cancel button to abort the process.Figure 81. Assigning Client Connect Security Keys

Access / One® Network106 Managing the Network5When you add a new Client Connect security key, the system encrypts thekey and the encrypted key appears in the list. You can add up to 4 ClientConnect security keys. After adding security keys, select one of the keys to actas the default shared key.Figure 82. Encrypted Security KeyTo delete a Client Connect security key, click on the Enter Key 1 (through 4)button that applies to the key you want to delete. When the pop-up windowappears, choose None from the pull-down list. The selected security key isremoved from the list automatically.◗Access Control ListThis option allows you to configure an Access Control List (ACL) to determinewhich user devices (stations) are allowed to connect to your Access/OneNetwork. To do this, simply click on the Manage ACL button to reveal theManage ACL window.Figure 83. Configuring an Access Control ListEncrypted KeyDefault Shared Key

Access / One® NetworkManaging the Network 1075Choose the preferred access level from the pull-down list. Your optionsinclude:•Disable: All stations/clients can request association with an SSID in yourAccess/One Network. This means that the ACL will not be checked whena new station attempts to authenticate.•Enable: All stations/clients are assigned a permission status based on theirMAC address. If the MAC address of the station attempting to gain accessis set to Deny, it will not be allowed to associate with the network. If theMAC address is set to Allow, or not configured in the ACL, the station willbe allowed network access.•Strict: Only stations assigned with Allow permissions in the ACL aregranted access to the network, regardless of encryption settings. Inaddition, if the entry is configured for an encryption key, the station isalso required to match that key before gaining access. If no ACL entryexists for a MAC address, it will not be allowed to associate with thenetwork. The ACL accepts multiple levels of authentication concurrentlyso that stations with or without encryption (or shared key authentication)can be admitted.To add a new station, click on the Add New Station button to reveal the AddNew Station window.Figure 84. Adding a New StationChanging the ACL mode for wireless stations requires a reboot.A reboot is also required when adding or deleting ACL entriesat the network level (though not at the module level).

Access / One® Network108 Managing the Network5Enter the MAC address of the new station/client, then choose the ACL typefrom the pull-down list. These options include:•Allow•Deny•Default Shared Key•64 bit (enter 10 digits)•128 bit (enter 26 digits)•152 bit (enter 32 digits)If you choose any of the encryption types, enter the key in the Unique Keyfield. Alternatively, you can choose the Default Shared Key and the systemwill use the key you assigned as the default in Client Connect Security Keys.This key will be used for all unicast messagesIf you want to assign a VLAN, go to VLAN Security to understand what youneed to do with these fields. If CoS is disabled, your Access/One Networkdoes not support VLAN priority levels as a queuing mechanism and ignoresthem while the frame is in transit through the network. The VLAN mechanismapplies strictly to wireless stations. All Access/One Network devices generateonly untagged traffic.When you have completed your Access Control List (ACL) configuration,click on the Update button to apply your changes and return to the ManageACL window. You must now click on the Update button in this window, thenclick on the Apply Configuration tab to apply all of your ACL changes acrossthe network. You can now return to the main Client Connect window.◗Client Connect PrivacyWhen enabled, this option offers Client Connect privacy by preventing Wi-Fiusers from communicating with each other on the same module. Data fromeach Wi-Fi device is sent only to the Ethernet or backhaul ports, requiring arouter or other access device for authentication before allowing the devicesto exchange data. This is important in hotel applications where wireless userscommunicate with each other via Guestek or Wayport servers. The default isdisabled.

Access / One® NetworkManaging the Network 1095◗SSID ShutdownWhen enabled, this option shuts down all SSID functionality when networkconnectivity is lost. With this feature enabled, if connectivity to the gateway islost, the access point will disassociate all attached wireless clients—the clientwill know there is a problem and will need to find another access point to re-establish connectivity with the network. The default is disabled.◗Discovery ProtocolsThis option enables the Strix Discovery Protocol (browser plug-in). Thedefault is enabled. If this option is disabled, the left pane in Manager/Onewill not be available and the auto-discovery feature will not function.◗Client Connect Privacy TagsThis option is used if you want to prevent users from seeing each other ondifferent modules. For total hotspot privacy, we recommend leaving theprivacy WLAN tags at their default values.If you want to enable VLAN tag marking for Client Connect privacy (requiredfor mesh privacy), check this box. If enabled, you must assign the tags (thedefaults are 925 and 926).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network ConnectNetwork Connect is the infrastructure used by your Access/One Network for awireless connection to an existing wired network (small or large). Each node withinthe network can utilize a wired Ethernet or wireless module (802.11a or 802.11g)for node inter-connectivity or connection to a wired legacy network.Unlike traditional wired Ethernet LAN/WAN connections used by access points andWLAN switches, Access/One Network’s wireless Network Connect option providesan advanced level of security between the network node and the LAN/WAN. Bydefault, the wireless Network Connect link utilizes AES encryption with a secret keyand cannot be compromised.

Access / One® Network110 Managing the Network5When nodes in your Access/One Network are configured for wireless NetworkConnect, the system provides several distinct advantages over a typical wirelessnetwork that uses wired connections. These advantages include:◗Secure networking◗Self tuning, rapid self-healing, and rogue device detection◗Scalability◗Simple installation◗Lowest cost of deploymentThis command allows you to define your Network Connect parameters. Thefollowing graphic shows the Network Connect window set to its default values.Figure 85. Network ConnectThe following options are available with this command:◗Peer SelectionThis option allows you to define peer selection criteria. These include eitherAutomatic Peer Selection (where your Access/One Network chooses peersautomatically, or selection by Target SSID (you must enter a valid SSID).

Access / One® NetworkManaging the Network 1115◗Auto-Mode Radio Priority (Dual Wi-Fi Radio Only)This option allows you to establish a priority for which radio on the dual bandwireless module will operate as a Network Connect in the Auto mode. Theavailable choices are:•802.11a Only•802.11a Priority, 802.11g Backup•802.11g Priority, 802.11a Backup•802.11g Only◗Self-TuningThis feature allows you to enable or disable Background Scanning andconfigure the Self-Tuning Policy. When a Network Connect module firstconnects to the network, it performs an initial scan of all available Wi-Fichannels and generates a list of potential alternate Client Connects that arereachable. Following the initial scan, the Network Connect continually scansin the background to maintain the list and enable the system to make thefollowing intelligent decisions:•When to drop the current path and select a better path, then connect tothe appropriate node (self-tuning).•When to select the best path (or detect the loss of a path) and select thenext best path, then connect to the appropriate node (self-healing).•Which APs are rogue devices.To fully optimize your network’s ability to self-tune, self-heal and detectrogue devices, we recommend that the Background Scanning feature isalways enabled (default).Disabling Background Scanning will prevent Network Connectsfrom reporting rogue AP devices.

Access / One® Network112 Managing the Network5◗Self-Tuning PolicyYou can instruct the system to Never Switch during its self-tuning process, orestablish a Switching Frequency (with 5 possible frequency states betweenstable and aggressive). When background scanning is completed, the self-tuning system determines the best potential client, based on RTD/RSSI scoresand threshold values obtained during the scanning process. Threshold valuesbecome more critical when two Client Connects are very close with theirscores. Normally, this can cause bouncing between the two Client Connects,but Access/One Network eliminates the bouncing effect by allowing you tomove the threshold switching frequency from aggressive to stable.◗Background Scan IntervalEnter a value in this field (in milliseconds) to define the interval betweenbackground scans. The default is 5000 milliseconds.◗Network Connect Security KeyTo protect wireless stations associated with each node, your Access/OneNetwork provides WEP and AES ciphers for encryption and 802.1x remoteauthentication. The inter-node Network Connect wireless uplink is protectedwith an AES static key to prevent eavesdropping. The factory configureddefault key is hidden from view to retain secrecy for a basic network, but thiskey can be changed and each network can have its own unique key.The Network Connect solution for Access/One Network preventsunauthorized wireless connections from being established to the network byblocking user traffic in the following two scenarios:•If the Network Connect is configured for the default network name(AccessOne), Manager/One forces the administrator to approve/admit thenode to the network before user traffic is bridged to the network.•If the two nodes that are wirelessly connected (via the uplink) havedifferent Network Connect security keys configured. However, if theAllow Strix default key option is enabled then a Network Connect usingthe default security key can still connect with a network using a non-default security key.

Access / One® NetworkManaging the Network 1135To assign a security key, click on the Enter Key button. In the pop-up window,select the key entry method (hexadecimal or ASCII text), then enter the keythat will serve as the default key to encrypt packets to be transmitted on awireless uplink between nodes. The key length is fixed at 152 bits. Afterentering the key, click on the Update button to assign the key and return tothe Network Connect window.Figure 86. Network Connect Security KeyEnable the Allow Strix default key option if you want to allow NetworkConnects with a default key to connect with a network using a non-defaultsecurity key. In this case, the network using a non-default security key canstill be managed remotely. The default is enabled.◗Network Connect Data Trust LevelThis feature determines whether the Client Connect will allow traffic from aNetwork Connect only (for management purposes), or from devices beyondthe Network Connect module—like a Client Connect on top of it, or Ethernetdevices attached to it. This applies only when a Network Connect uses thedefault (non-provisioned) key when associating with a Client Connect.Choose the preferred trust level policy for the Network Connect from thefollowing options:•Trust Strix Network behind Network Connect: Trust the Strix networkbehind the Network Connect.•Trust only Network Connect module: Trust only the Network Connectmodule.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.

Access / One® Network114 Managing the Network5Rogue ScanThis option allows you to define which channels are scanned for rogue devices bythe defined country code. From the configuration window, you can enable ordisable channels.Figure 87. Rogue AP Scanning

Access / One® NetworkManaging the Network 1155In addition to defining channels, the Rogue Scan configuration window allows youto define a refresh period—the elapsed time after which the network server refreshesthe rogue device list. The default is 1 day. Making this refresh period too frequentwill adversely impact the performance of the network.Figure 88. Defining the Refresh Period for the Rogue ListIf you make any changes to your channel selections in this window you must clickon the Update button for your changes to take effect, then click on the ApplyConfiguration tab to propagate your changes across the network. If necessary, youcan click on the factory default (FD) button in the toolbar to reset all data on thispage to its factory default state.Define the Refresh Period

Access / One® Network116 Managing the Network5The Inventory FunctionThis function provides you with an inventory view of your Access/One Network andincludes the following commands:◗Print Friendly Format◗Export to CSVThe inventory list is displayed in a tree structure that can be expanded (default) orcollapsed (show nodes only). The structure of the list consists of the Node ID, itsserial number and name, IP address and MAC address, the node type, thetechnology it uses, and the current firmware version it is running. To compliment fulltwo-way authentication, the inventory list is synchronized and maintained betweenall Strix devices. See also “Inventory or Auto Discovered” on page 63.Figure 89. Inventory ListManual additions (by node serial number)Unreachable devices are listed here

Access / One® NetworkManaging the Network 1175The inventory list allows you to manually add nodes, at your discretion. To add anode to the inventory list, enter the node’s serial number in the Node ID field thenclick on the Add button. Nodes that cannot be detected by the network will appearin the Unreachable Devices frame.You also have the option of manually deleting nodes from the inventory list. Todelete a node, simply click on the X icon next to the node you want to delete. Thesystem will then prompt you for a confirmation. Click on the OK button to delete theselected node, or click on the Cancel button to cancel your request.Figure 90. Deleting a Node from the Inventory ListPrint Friendly FormatThis option converts the inventory list into a printer friendly format that can beprinted on standard letter size paper. After converting the inventory list, the systemprompts you for your printer’s destination. To initiate the printing process, click onthe Print button.Figure 91. Printing the Inventory ListThe node’s alphanumeric serial number is case-sensitive, with all alphacharacters being upper case.

Access / One® Network118 Managing the Network5Export to CSVThis option allows you to export the inventory file to a CSV (Comma SeparatedValues) format that can be edited within a compatible spreadsheet application, suchas Microsoft Excel®.Figure 92. CSV FileImporting the CSV File to an Excel SpreadsheetWhen the CSV file is created, use the following procedure to import the file into anExcel spreadsheet for editing.1. Click in the header of the CSV file to make the CSV window active.2. Press Ctrl+A to select all text in the CSV file.3. Press Ctrl+C to copy the selected text to the clipboard.4. Open a new Excel workbook, then press Ctrl+V to paste the CSV text into acell in the workbook.5. Go to Data in the Excel menu bar and choose Text to Columns... from thepull-down list.6. On the first page of the wizard in Excel select the Delimited option, thenclick on the Next button.7. On the second page of the wizard check the Comma check box to enablethe conversion with comma delimiters.8. On the third and last page of the wizard, click on the Finish button toconvert the raw text into editable columns.

Access / One® NetworkManaging the Network 1195The Monitor FunctionThis function provides you with tools that allow you to view your network’soperation and performance, and includes the following commands:◗Tools•AP Monitor•Network Connect Monitor•Wireless Client Query•Rogue Monitor–Scan–Ignore All–Include AllToolsClicking on Tools in Manager/One’s toolbar generates a pull-down menu containingall the commands that are available within the Monitor function.AP MonitorThe AP Monitor provides a snapshot in table form of all active Client Connectdevices on a selected subnet.Figure 93. AP Monitor (Default View)

Access / One® Network120 Managing the Network5The table displayed in the AP Monitor window can be customized to show a definednumber of entries in the table, and the table can be sorted in either ascending ordescending order based on any selected column. For example, if you want to sortthe table by channel, click in the column header for Channel—the table is thensorted according to the channels used by the Client Connects.The target subnet can also be changed by selecting another subnet (as long as thesubnet exists in the pull-down list). In addition, the table offers instant access to theassigned BSSID information for each node and you can log in to any node by simplyclicking on its IP address (all links are underlined).Figure 94. An Overview of Monitor Tables (AP Monitor)To define how the table is sorted, simply click in a column header to toggle betweenascending or descending for the data in that column to become the primary sortcriteria. The data in the AP Monitor table can be refreshed at any time.BSSID InformationSorted by ChannelSubnetRefreshTotal Entries

Access / One® NetworkManaging the Network 1215Network Connect MonitorThe Network Connect Monitor provides a snapshot in table form of all activeNetwork Connect devices on a selected subnet.Figure 95. Network Connect MonitorAlthough the displayed data is different, the organization of tables in all monitors isthe same. For information about how to define the sort criteria within the NetworkConnect Monitor table, see Figure 94.The only difference in the navigational content between the Network ConnectMonitor and the AP Monitor is the Network Connect Monitor also includes aninformation button (i) in the top right corner of the window. Clicking on this buttongenerates the RSSI Legend pop-up window that provides a reference for the iconsdisplayed in the RSSI (dBm) column.Figure 96. RSSI Legend

Access / One® Network122 Managing the Network5Wireless Client QueryThe Wireless Client Query Monitor provides a search tool that allows you to run aquery through the network and locate Wi-Fi clients based on the following searchcriteria:◗Find a client based on a specific MAC address◗Find clients with an RSSI value of less than -85 dBmFigure 97. Wireless Client Query MonitorIf you choose to search for a client based on its MAC address, the system promptsyou for the address. After entering the MAC address, click on the OK button to startthe search.Figure 98. MAC Address PromptAlthough the displayed data is different, the organization of tables in all monitors isthe same. For information about how to define the sort criteria within the WirelessClient Query Monitor table, see Figure 94. And similar to the Network ConnectMonitor, the Wireless Client Query Monitor also includes the information button (i)in the top right corner of the window. Clicking on this button generates the RSSILegend pop-up window (see Figure 96).