Strix Systems OWS2430-90 802.11 a/g Wireless Mesh Type Networking Device User Manual accessone userguide

Strix Systems, Inc. 802.11 a/g Wireless Mesh Type Networking Device accessone userguide

UserManual.wiki >

Strix Systems >

OWS2430-90 User Manual >

Contents

Users Manual 5

Access / One® Network173BSyslog MessagesFormatThe following format is used for all Access/One Network syslog messages:<recv-time> <code> <ip> <seqNumber:time-stamp, CloudName, subcloudName, StackId, Module, sysName, subSystem> <source> <sw-version> <syslog message>SubsystemsSyslog messages are assigned to the following subsystems:◗Wireless◗Security◗Management◗OthersElement Definitionrecv-time Time when the syslog message is received.code As defined by RFC for syslog daemons.ip Sender's IP address.seqNumber Internal sequence number (generated for all syslog messages).time-stamp Time when the message is generated.Module Module type.source Internal source information, containing event-module & event-type.sw-version Software build version numberSyslog message Format is a string of ASCII text delimited by separators.

Access / One® Network174BSeverity LevelsThe following severity levels are assigned to syslog messages (shown here indescending order from the most severe):◗EMERGENCY◗ALERT◗CRITICAL◗ERROR◗WARNING◗NOTICE◗INFORM◗DEBUGAssigning a severity level informs the system to automatically log all messages inthat level, and all messages above that level (messages below the assigned level arenot logged).Message ListingThe following tables list syslog messages by subsystem.Security SubsystemSeverity Syslog MessageALERT Telnet local authentication failed.WARNING Super user login failed, invalid character.WARNING Super user login failed, invalid password.WARNING Telnet login failed, invalid password.WARNING CLI login failed, invalid password.WARNING Telnet login failed, invalid password.

Access / One® Network175BWireless SubsystemWARNING CLI login failed, invalid password.WARNING Too many invalid login attempts.NOTICE Telnet user logged in, user:XXXXX.NOTICE CLI user logged in, user:XXXXX.NOTICE Telnet user logged out, user:XXXXX.NOTICE CLI user logged out, user:XXXXX.NOTICE Super user logged in.Severity Syslog MessageEMERGENCY Failed to start the radio.EMERGENCY AP/STA features not enabled.EMERGENCY Error while starting the module. Wireless services disabled.EMERGENCY Radio interference detected on selected channel.WARNING Backhaul key mismatch. Putting it in RESTRICTED mode,mac:xx.xx.xx.xx.xx.xx.ALERT Radius authentication failed, mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, can't find station in table, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.x.ERROR Reassociation fails, can't find station in table, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.x.ERROR Association fails, not authenticated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.Severity Syslog Message

Access / One® Network176BERROR Reassociation fails, not authenticated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, already associated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Reassociation fails, already associated, ssid:XXXXX,vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, can't authenticate during scan, ssid:ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Reassociation fails, can't authenticate during scan, ssid:ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.ERROR Association fails, reason:xxxx, wlanmode:xxxx, ssid:XXXXXX, vlan:[Id=x Tag=x],mac:xx:xx:xx:xx:xx:xx.ERROR Reassociation fails, reason:xxxx, wlanmode:xxxx, ssid:XXXXXX, vlan:[Id=x Tag=x],mac:xx:xx:xx:xx:xx:xx.ERROR Bad authentication transaction sequence, number:XX, type=XXXXX, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[1] fails, can't find station in table, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[1] fails, can't authenticate in scan mode, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[3] fails, can't find station in table, mac:xx.xx.xx.xx.xx.xx.ERROR Authentication[3] done, error in Tx, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.ERROR Deauthentication requested, can't find station in table, mac:xx.xx.xx.xx.xx.xx.Severity Syslog Message

Access / One® Network177BERROR Association fails, module is not ready, mac:xx:xx:xx:xx:xx:xx.ERROR Reassociation fails, module is not ready, mac:xx:xx:xx:xx:xx:xx.WARNING Authentication[3] fails, auth:shared, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Unsupported 802.11 authentication request, auth:LEAP, wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Unsupported 802.11 authentication request, auth:x(hex), wlanmode:X, mac:xx.xx.xx.xx.xx.xx.WARNING Deauthentication fails, incorrect source, mac:xx.xx.xx.xx.xx.xx.WARNING Deauthentication fails, unknown source, mac:xx.xx.xx.xx.xx.xx.WARNING Association fails, wrong ssid, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.WARNING Reassociation fails, wrong ssid, ssid:XXXXX, vlan:[id=x tag=x], mac:xx.xx.xx.xx.xx.xx.WARNING NC-sel approves RESTRICTED Mode.WARNING Backhaul [mac:xx:xx:xx:xx:xx:xx] at if=XXXX is put to RESTRICTED mode.WARNING Loop is detected at if=XX. Mac:xx:xx:xx:xx:xx:xx.NOTICE NC-sel approves OPEN Mode.NOTICE Backhaul is using default cloud name. Putting it in RESTRICTED mode,mac:xx.xx.xx.xx.xx.xx.NOTICE AP has put backhaul in RESTRICTED mode.Severity Syslog Message

Access / One® Network178BNOTICE Stack ID is available, stackId:XXXXXX.NOTICE The unit/Radio x will operate as - Network Connect.NOTICE The unit/Radio x will operate as - Client Connect.NOTICE The unit/Radio x will switch to - Client Connect.NOTICE Added station, mac:xx.xx.xx.xx.xx.xx.NOTICE Deauthentication completed, mac:xx.xx.xx.xx.xx.xx.NOTICE Association with AP done, response NOT sent, wlanmode:X, ssid:XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Reassociation with AP done, response NOT sent, wlanmode:X, ssid:XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Loop is cleared at if=XX. mac:xx:xx:xx:xx:xx:xx.NOTICE WLNC link [if=XX] state is up. SSID=XX, BSSID=xx:xx:xx:xx:xx:xx:xx, Channel=XX, Wireless Mode=XXXX.NOTICE WLNC link [if=XX] state is down.NOTICE Access Point state is up.NOTICE Access Point state is downNOTICE Association done, ssid:XXXX, vlan:[Id=x Tag=x], mac:xx:xx:xx:xx:xx:xx:xx.NOTICE Reassociation done, ssid:XXXX, vlan:[Id=x Tag=x], mac:xx:xx:xx:xx:xx:xx:xx.NOTICE Disassociation done, mac:xx:xx:xx:xx:xx:xx.NOTICE Backhaul [mac:xx:xx:xx:xx:xx:xx] at if=XXXX is approved with OPEN mode.Severity Syslog Message

Access / One® Network179BManagement SubsystemNOTICE Authentication failed, type=XXX, reason=XXXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Authentication done, type=XXX, mac:xx:xx:xx:xx:xx:xx.NOTICE Device will switch to Access Point.Severity Syslog MessageWARNING Fan failed.WARNING Temperature alarm on.WARNING DHCP Bind failed.WARNING Image load failed.NOTICE xx.xx.xx.xx detected rogue device [xx:xx:xx:xx:xx:xx] with RSSI [xxxx] channel [xxxx] SSID [XXXXX].NOTICE Rogue device [xx:xx:xx:xx:xx:xx] detected by xx.xx.xx.xx aged out.NOTICE Detected Rogue Device [xx:xx:xx:xx:xx:xx].NOTICE Cloud is renamed to XXXXX.NOTICE Configuration update completed.NOTICE Configuration update started.NOTICE Selected AP at if=XX, mac:xx:xx:xx:xx:xx:xx.NOTICE I am the Master NC.NOTICE Temperature alarm off.NOTICE Fan is working.Severity Syslog Message

Access / One® Network180BNOTICE Include list updated.INFORM Load image file XXXXX from XXXXXX.INFORM Image load is done.INFORM Received DHCP, IP - xx.xx.xx.xx, Gateway - xx.xx.xx.xx.Severity Syslog Message

Access / One® Network181BSupported MIBsMIBs that are supported with Access/One Network include the following:Strix Private MIBsSTRIX-PRODUCTS.mibDefine the object identifiers assigned to various Strix hardware platforms.STRIX-CONFIG-SYSTEM.mibConfiguration MIB for system wide parameters, including Usernames andPasswords, DHCP, DNS, SNTP, FTP, CoS, Trusted IPs, Syslog, and RADIUSaccounting.STRIX-CONFIG-WIFI.mibConfiguration MIB for 802.11 radio parameters, per-SSID configuration ofauthentication, keys and VLANs, Inventory list, Network Client and ClientConnect configurations.STRIX-MANAGEMENT.mibManagement MIB for taking actions, such as loading configurations, upgradingimage, rebooting the entire network, and collecting network wide report fromall devices.STRIX-INVENTORY.mibMIB to present and modify the inventory list of all modules in the network.STRIX-SYSLOG-MIB.mibMIB to present the buffered history of syslog messages generated by a module.STRIX-MONITOR.mibMIB to monitor radio status and statistics on a Wi-Fi module, and to reportVLANs, device information, and a scanned list of access points.STRIX-ROGUES.mibMIB to present a list of rogue Access Points detected by Strix modules, andreport the closest access points.

Access / One® Network182BSTRIX-ENT-TRAPS.mibList of traps that Strix devices can generate.STRIX-CONFIG-TRAPS.mibConfiguration MIB for enabling and disabling specific traps per trap manager.STRIX-ACCESSONE-CAPABILITY.mibIndicates the level of support implemented by an SNMP agent on the Access/One Network with respect to standard MIBs. Standard MIBsRFC1213-MIBIF-MIB (RFC 2233)IP-MIB (RFC 2011)TCP-MIB (RFC 2012)UDP-MIB (RFC 2013)SNMPv2-MIB (RFC 1907)IEEE802DOT11-MIBContact InformationStrix Systems is located in Calabasas, California, just 45 minutes northwest ofdowntown Los Angeles and 45 minutes southeast of Santa Barbara.Strix Systems, Inc.26610 Agoura RoadCalabasas, CA 91302Tel: 818.251.1000Fax: 818.251.1099Visit us at: http://www.strixsystems.com

Access / One® NetworkGlossary of Terms 183GLGlossary of Terms802.11aA supplement to the IEEE 802.11 wireless LAN (WLAN) specification thatdescribes transmission through the physical layer (PHY) based on orthogonalfrequency division multiplexing (OFDM), at a frequency of 5 GHz and datarates of up to 54 Mbps. See also, OFDM.802.1DThe IEEE LAN specification for remote media access control (MAC) bridging.802.11gA supplement to the IEEE 802.11 wireless LAN (WLAN) specification thatdescribes transmission through the physical layer (PHY) based on orthogonalfrequency division multiplexing (OFDM), at a frequency of 2.4 GHz and datarates of up to 54 Mbps. See also, OFDM.802.11iA supplement to the IEEE 802.11 wireless LAN (WLAN) specification forenhanced security. It describes encryption protocols such as the Temporal KeyIntegrity Protocol (TKIP) and AES Counter-Mode Cipher Block ChainingMessage Authentication Code Protocol (AES-CCMP). These protocols providereplay protection, cryptographically keyed integrity checks, and key derivationbased on the IEEE 802.1X port authentication standard. See also, TKIP.802.1QThe IEEE LAN specification for bridged virtual LANs (VLANs). See also, VLAN.802.1XThe IEEE specification for port-based network access control. The 802.1Xstandard based on the Extensible Authentication Protocol (EAP) provides anauthentication framework that supports a variety of methods for authenticatingand authorizing network access for wired or wireless users. See also, EAP.

Access / One® Network184 Glossary of TermsGL802.11xAn IEEE specification that defines wireless LAN (WLAN) data link and physicallayers. The specification includes data link layer media access control (MAC)sub-layer, and two sub-layers of the physical (PHY) layer-a frequency-hoppingspread-spectrum (FHSS). See also, FHSS.802.2IEEE specification that describes the logical link control (LLC) encapsulationcommon to all 802 series LANs.802.3An IEEE LAN specification for a Carrier Sense Multiple Access with CollisionDetection (CSMA-CD) Ethernet network. The standard describes physicalmedia. An 802.3 frame uses source and destination media access control (MAC)addresses to identify its originator and receiver(s).authenticationThe process that a station, device, or user employs to announce its identify tothe network which validates it. IEEE 802.11 specifies two forms ofauthentication: open system and shared key. See also, 802.11x andauthentication.authorizationThe process of deciding if device 'X' may use network service 'Y'. Trusteddevices (the devices that are both authenticated and authorized) are allowedaccess to network services. Unknown (not trusted) devices may require furtheruser authorization to access network services. This does not principally excludethat the authorization might be given by an application automatically.Authorization always includes authentication. See also, authentication.bandwidthSpecifies the amount of the frequency spectrum that is usable for data transfer.In other words, it identifies the maximum data rate a signal can attain on themedium without encountering significant attenuation (loss of power). See also,bit rate.

Access / One® NetworkGlossary of Terms 185GLbaud rateThe number of pulses of a signal that occur in one second. Thus, baud rate is thespeed at which digital signal pulses travel.BeaconA uniframe system packet broadcast by the AP to keep the networksynchronized. A beacon Includes the Net_ID (ESSID), the AP address, thebroadcast destination addresses, a time stamp, a DTIM (Delivery TrafficIndicator Maps) and the TIM (Traffic Indicator Message).bit rateThe transmission rate of binary symbols ('0' and '1'). Bit rate is equal to the totalnumber of bits transmitted in one second.bridgeA network component that provides inter-networking functionality at the datalink or medium access layer (Layer 2). Bridges provide segmentation and re-assembly of data frames.Cat 5(Category 5) A category of performance for inside Ethernet wiring that defines acable with eight insulated copper wires. Each pair is twisted around each otherto reduce cross talk and electromagnetic induction. Each connection on atwisted pair requires both wires. Cat5 cables are suitable for 10/100BaseTcommunication.connectivityA path for communications signals to flow through. Connectivity exists betweena pair of Nodes if the destination Node can correctly receive data from thesource Node at a specified minimum data rate.

Access / One® Network186 Glossary of TermsGLDHCP(Dynamic Host Configuration Protocol) A method for dynamically assigning IPaddresses to devices on a network. Issues IP addresses automatically within aspecified range to devices such as PCs when they are first powered up. Thedevice retains the use of the IP address for a specific license period defined bythe system administrator.EAP(Extensible Authentication Protocol) A general point-to-point protocol thatsupports multiple authentication mechanisms. Defined in RFC 2284, EAP hasbeen adopted by IEEE 802.1X as an encapsulation protocol for carryingauthentication messages in a standard message exchange between a user (clientor supplicant) and an authenticator. See also, 802.1X.EAPoL(EAP over LAN) An encapsulated form of the Extensible Authentication Protocol(EAP), defined in the IEEE 802.1X standard, that allows EAP messages to becarried directly by a LAN media access control (MAC) service between a user(client or supplicant) and an authenticator. See also, 802.1X.EAP-TLS(Extensible Authentication Protocol with Transport Layer Security) Used for802.1X authentication. EAP-TLS supports mutual authentication and uses digitalcertificates to address the mutual challenge. The authentication server respondsto a user authentication request with a server certificate. The user then replieswith its own certificate and validates the server certificate. EAP-TLS algorithmderives session encryption keys from the certificate values. The authenticationserver in turn sends the session encryption keys for a particular session to theuser after validating the user certificate. See also, authentication and EAP.encryptionAny procedure used in cryptography to translate data into a form that can bedecrypted and read only by its intended receiver.

Access / One® NetworkGlossary of Terms 187GLFHSS(Frequency-Hopping Spread-Spectrum) One of two types of spread-spectrumradio technology used in wireless LAN (WLAN) transmissions. The FHSStechnique modulates the data signal with a narrowband carrier signal that“hops” in a predictable sequence from frequency to frequency as a function oftime over a wide band of frequencies. Interference is reduced, because anarrowband interferer affects the spread-spectrum signal only if both aretransmitting at the same frequency at the same time. The transmissionfrequencies are determined by a spreading (hopping) code. The receiver mustbe set to the same hopping code and must listen to the incoming signal at theproper time and frequency to receive the signal.FTP(File Transfer Protocol) A TCP/IP based protocol for file transfer. FTP is definedby RFC 959.GMK(Group Master Key) A cryptographic key used to derive a group transient key(GTK) for the Temporal Key Integrity Protocol (TKIP) and Advanced EncryptionStandard (AES). See also, GTK and TKIP.GTK(Group Transient Key) A cryptographic key used to encrypt broadcast andmulticast packets for transmissions using the Temporal Key Integrity Protocol(TKIP) and Advanced Encryption Standard (AES). See also, TKIP.HiperLAN(High Performance Radio Local Area Network) A set of wireless LAN (WLAN)communication standards used primarily in European countries and adopted bythe European Telecommunications Standards Institute (ETSI). homologationThe process of certifying a product or specification to verify that it meetsregulatory standards.

Access / One® Network188 Glossary of TermsGLIAPP(InterAP Protocol) A protocol being developed as the 802.11f version of the IEEE802.11 wireless LAN (WLAN) specification to support interoperability, mobility,handover, and coordination among Access Points (APs). Implemented on top ofIP, IAPP uses UDP/IP and Sub-network Access Protocol (SNAP) as transferprotocols. See also, 802.11x.IAS(Internet Authentication Service) Microsoft's RADIUS server. See also, RADIUS.IGMP(Internet Group Management Protocol) An Internet protocol defined in RFC2236 used to report its multicast group membership to neighboring multicastrouters.IPsecA Layer 3 authentication and encryption protocol. Used to secure VPNs. Seealso, encryption and VPN.MAC address(Media Access Control Address) A 6-byte hexadecimal address assigned by amanufacturer to a device.master secretA code derived from the pre-master secret. A master secret is used to encryptTransport Layer Security (TLS) authentication exchanges and to derive a pair-wise master key (PMK). See also, PMK and TLS.Mbps(Megabits per second) A standard measure for data transmission speeds (forexample, the rate at which information travels over the Internet). 1 Mbpsdenotes one million bits per second.

Access / One® NetworkGlossary of Terms 189GLMD5(Message Direct algorithm 5) A one-way hashing algorithm used in manyauthentication algorithms to derive cryptographic keys. MD5 takes a message ofan arbitrary length and creates a 128-bit message digest. See also,authentication.MIB(Management Information Base) A set of parameters an SNMP managementstation can query or establish in the SNMP agent of a network device (forexample, a router). Standard minimal MIBs have been defined, and vendorsoften have their own private enterprise MIBs. In theory, any SNMP manager cantalk to any SNMP agent with a properly defined MIB. See also, SNMP andstation.MS-CHAP(Microsoft Challenge Handshake Authentication Protocol) Microsoft's extensionto CHAP. MS-CHAP is a mutual authentication protocol that also permits asingle login in a Microsoft network environment. See also, connectivity.NAT(Network Address Translation) RFC 3022 defines a way to translate globalroutable IP addresses into local and private non-routable ones.NTP(Network Time Protocol) An Internet standard protocol (built on top of TCP/IP)that ensures the accurate synchronization (to the millisecond) of computer clocktimes in a network of computers. NTP synchronizes client workstation clocks tothe U.S. Naval Observatory master clocks in Washington, D.C. and ColoradoSprings, CO. Running as a continuous background client program on acomputer, NTP sends periodic time requests to servers, obtaining server timestamps and using them to adjust the client's clock. See also, SNTP.OdysseyAn 802.1X security and access control application for wireless LANs (WLANs),developed by Funk Software, Inc. See also, 802.1X.

Access / One® Network190 Glossary of TermsGLOFDM(Orthogonal Frequency Division Multiplexing) A technique that splits a widefrequency band into a number of narrow frequency bands and sends data acrossthe sub-channels. The 802.11a and 802.11g standards are based on OFDM. Seealso, 802.11a and 802.11g.open system authenticationThe IEEE 802.11 default authentication method. The device sends anauthentication management frame containing the sender's identify in the clearto the authenticating device which sends back a clear frame alerting whether itrecognizes the identity of the requesting device. See also, 802.11x.PAN(Personal Area Network) A personal area network is used to interconnectdevices used by an individual or in their immediate proximity, including devicesthey are carrying with them and devices that are simply nearby. According tothe IEEE, PANs must be capable of supporting segments at least 10 meters inlength.PAP(Password Authentication Protocol) One of two authentication methods that ispart of PPP (CHAP is the other). PAP is a method for a device to authenticateitself with a two-way handshake. Note that PAP sends its authenticationinformation in the clear; that is, not encrypted. PAP is defined in RFC 1334.PCI devicesDevices that adhere to the Peripheral Component Interconnect/Interface.PEAP(Protected Extensible Authentication Protocol) An extension to the ExtensibleAuthentication Protocol with Transport Layer Security (EAP-TLS), developed byMicrosoft Corporation. TLS is used in PEAP Part 1 to authenticate the serveronly, and thus avoids having to distribute user certificates to every client. PEAPPart 2 performs mutual authentication between the EAP client and the server.See also, EAP-TLS and TLS.

Access / One® NetworkGlossary of Terms 191GLPKCS(Public-Key Cryptography Standards) A group of specifications produced by RSAand secure systems developers, and first published in 1991. Among many otherfeatures and functions, the standards define syntax for digital certificates,certificate signing requests and key exchanges.PKI(Public-Key Infrastructure) Software that enables users of an insecure publicnetwork such as the Internet to exchange information securely and privately. PKIuses public-key cryptography to authenticate the message sender and encryptthe message by means of a pair of cryptographic keys, one public and oneprivate. A trusted certificate authority (CA) creates both keys simultaneouslywith the same algorithm. A registration authority (RA) must verify the certificateauthority before a digital certificate is issued to a requestor. PKI uses the digitalcertificate to identify an individual or an organization. The private key is givenonly to the requesting party and is never shared, and the public key is madepublicly available (as part of the digital certificate) in a directory that all partiescan access.plenum-rated cableA type of cable approved by an independent test laboratory for installation inducts, plenums, and other air-handling spaces.PMK(Paise-wise Master Key) A code derived from a master secret and used as anencryption key for IEEE 802.11 encryption algorithms. A PMK is also used toderive a pair-wise transient key (PTK) for IEEE 802.11i robust security. See also,802.11x,802.11i and PTK.PoE(Power over Ethernet) A technology, defined in the IEEE 802.3af standard, todeliver power over the twisted-pair Ethernet data cables rather than powercords.

Access / One® Network192 Glossary of TermsGLPPTP(Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used tocreate a virtual private network (VPN) over the Internet. It uses Microsoft's Point-to-Point Encryption (MPPE), which is based on RSA's RC4. It only uses statickeys and should not be used to secure WLANs. See also, VPN.pre-master secretA key generated during the handshake process in Transport Layer Security (TLS)protocol negotiations and used to derive a master secret. See also, TLS.private keyIn cryptography, one of a pair of keys, one public and one private, that arecreated with the same algorithm for encrypting and decrypting messages anddigital signatures. The private key is provided to only the requestor and nevershared. The requestor uses the private key to decrypt text that has beenencrypted with the public key by someone else. See also, public key.PSK(Pre-Shared Key) The IEEE 802.11 term for a shared secret, also known as ashared key. See also, 802.11x and shared secret.PTK(Pair-wise Transient Key) A value derived from a pair-wise master key (PMK) andsplit into multiple encryption keys and message integrity code (MIC) keys foruse by a client and server as temporal session keys for IEEE 802.11i robustsecurity. See also, 802.11i and PMK.public keyIn cryptography, one of a pair of keys, one public and one private, that arecreated with the same algorithm for encrypting and decrypting messages anddigital signatures. The public key is made publicly available for encryption anddecryption. See also, encryption and private key.

Access / One® NetworkGlossary of Terms 193GLRADIUS(Remote Authentication Dial-In User Service) A client-server security protocoldescribed in RFC 2865 and RFC 2866. Developed to authenticate, authorize,and account for dial-up users, RADIUS has been widely extended to broadbandand enterprise networking. The RADIUS server stores user profiles, whichinclude passwords and authorization attributes. See also, authentication andauthorization.RC4(River Cipher 4) A common encryption algorithm, designed by RSA., used bythe Wired-Equivalent Privacy (WEP) protocol and Temporal Key IntegrityProtocol (TKIP). See also, TKIP and WEP.RA(Registration Authority) Network software that verifies a user (client) request fora digital certificate and instructs the certificate authority (CA) to issue thecertificate. Registration authorities are part of a public-key infrastructure (PKI),which enables secure exchanges of information over a network. The digitalcertificate contains a public key for encrypting and decrypting messages anddigital signatures. See also, PKI.roamingThe ability of a user (client) to maintain network access when moving betweenaccess points (APs).rogue APAn Access Point (AP) that is not authorized to operate within a wireless network.Rogue APs subvert security of an enterprise network by allowing potentiallyunchallenged access to the network resources by any wireless user in thephysical vicinity.rogue clientA user who is not recognized within a network, but who gains access to it byintercepting and modifying transmissions to circumvent the normalauthorization and authentication processes.

Access / One® Network194 Glossary of TermsGLRSN(Robust Security Network) A secure wireless LAN (WLAN) based on thedeveloping IEEE 802.11i standard. See also, 802.11i.shared secretA static key distributed by an out-of-band mechanism to both the sender andreceiver. Also known as a shared key or pre-shared key (PSK), a shared secret isused as input to a one-way hash algorithm. When a shared secret is used forauthentication and the hash output of both the sender and the receiver match,they share the same secret and are authenticated. A shared secret can also beused to generate encryption key. See also, PSK.SNMP(Simple Network Management Protocol) A standard protocol that regulatesnetwork management over the Internet. SNMP uses TCP/IP to communicatewith a management platform, and offers a standard set of commands that makemulti-vendor operability possible. SNMP uses a standard set of definitions,known as a MIB (Management Information Base), which can be supplementedwith enterprise-specific extensions. See also, MIB.SNTP(Simple Network Time Protocol) A a simplified version of NTP. SNTP can beused when the ultimate performance of the full NTP implementation describedin RFC 1305 is not needed or justified. See also, NTP.spread spectrumA modulation technique that spreads a signal's power over a wide band offrequencies. The main reason for the technique is that the signal is much lesssusceptible to electrical noise and interferences then other techniques.SSH(Secure SHell) A Telnet-like protocol that establishes an encrypted session.

Access / One® NetworkGlossary of Terms 195GLSSID(Service Set Identifier) The unique name shared among all devices in a wirelessLAN (WLAN).stationIn IEEE 802.11 networks, any device that contains an IEEE 802.11-compliantmedia access control and physical layers. See also, 802.11x.TKIP(Temporal Key Integrity Protocol) A wireless encryption protocol that fixes theknown problems in the Wired-Equivalent Privacy (WEP) protocol for existing802.11 products. Like WEP, TKIP uses RC4 ciphering, but adds functions suchas a 128-bit encryption key, a 48-bit initialization vector, a new messageintegrity code (MIC), and initialization vector (IV) sequencing rules to providebetter protection. See also, 802.11x and WEP.TLS(Transport Layer Security Protocol) An authentication and encryption protocolthat is the successor to the Secure Sockets Layer (SSL) protocol for privatetransmission over the Internet. Defined in RFC 2246, TLS provides mutualauthentication with non-repudiation, encryption, algorithm negotiation, securekey derivation, and message integrity checking. TLS has been adapted for use inwireless LANs (WLANs) and is used widely in IEEE 802.1X authentication. Seealso, 802.1X.TTLS(Tunneled Transport Layer Security) An Extensible Authentication Protocol (EAP)sub-protocol developed by Funk Software, Inc. for 802.1X authentication. TTLSuses a combination of certificate and password challenge and response forauthentication. The entire EAP sub-protocol exchange of attribute-value pairstakes place inside an encrypted transport layer security (TLS) tunnel. TTLSsupports authentication methods defined by EAP, as well as the older ChallengeHandshake Authentication Protocol (CHAP), Password Authentication Protocol(PAP), Microsoft CHAP (MS-CHAP), and MS-CHAPV2. Compare EAP-TLS;PEAP. See also, 802.1X,connectivity,MS-CHAP,PAP and PEAP.

Access / One® Network196 Glossary of TermsGLTunnelingA technology that enables one network to send its data via another network'sconnections. Tunneling works by encapsulating a network protocol withinpackets carried by the second network. For example, Microsoft's PPTPtechnology enables organizations to use the Internet to transmit data across aVirtual Private Network (VPN). It does this by embedding its own networkprotocol within the TCP/IP packets carried by the Internet. See also, PPTP andVPN.twisted-pair wireType of medium using metallic type conductors twisted together to provide apath for current flow. The wire in this medium is twisted in pairs to minimize theelectromagnetic interference between one pair and another.UDP(User Data Protocol) A connectionless protocol that works at the OSI transportlayer. UDP provides datagram transport but does not acknowledge their receipt.URL(Uniform Resource Locator) The standard method used for identifying thelocation of information available to the Internet.VLAN(Virtual LAN) A group of devices that communicate as a single network, eventhough they are physically located on different LAN segments. Because VLANsare based on logical rather than physical connections, they are extremelyflexible. A device that is moved to another location can remain on the sameVLAN without any hardware reconfiguration.VoIP(Voice over IP) The ability of an IP network to carry telephone voice signals as IPpackets in compliance with International Telecommunications UnionTelecommunication Standardization Sector (ITU-T) specification H.323. VoIPenables a router to transmit telephone calls and faxes over the Internet with noloss in functionality, reliability, or voice quality.

Access / One® NetworkGlossary of Terms 197GLVPN(Virtual Private Network) A virtual private network (VPN) is a way to use apublic telecommunication infrastructure, such as the Internet, to provide remoteoffices or individual users with secure access to their organization's network. AVPN works by using the shared public infrastructure while maintaining privacythrough security procedures and tunneling protocols such as the Layer TwoTunneling Protocol (L2TP). In effect, the protocols, by encrypting data at thesending end and decrypting it at the receiving end, send the data through a“tunnel” that cannot be “entered” by data that is not properly encrypted.WAN(Wide Area Network) A computer network that is geographically dispersed.Commonly, a WAN comprises two or more inter-connected LANs. The Internetis the world's largest WAN. According to the IEEE, WANs interconnect facilitiesin different parts of a country or of the world.WECAWireless Ethernet Compatibility Alliance) See also, Wi-Fi Alliance.WEP(Wired Equivalent Privacy) An optional IEEE 802.11 function that offers frametransmission privacy similar to a wired network. The Wired Equivalent Privacygenerates secret shared encryption keys that both source and destinationstations can use to alter frame bits to avoid disclosure to eavesdroppers. Seealso, 802.11x and encryption.Wi-Fi AllianceA nonprofit international association formed in 1999 to certify interoperabilityof wireless Local Area Network products based on IEEE 802.11 specification.The goal of the Wi-Fi Alliance's members is to enhance the user experiencethrough product interoperability. See also, 802.11x.WPA(W-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of theIEEE 802.11i standard, using TKIP as an encryption method and 802.1X forauthentication. See also, 802.11x,802.1X and TKIP.

Access / One® Network198 Glossary of TermsGLXML(eXtensible Markup Language) A simpler and easier-to-use subset of theStandard Generalized Markup Language (SGML), with unlimited, self-definingmarkup symbols (tags). Developed by the World Wide Web Consortium (W3C),the XML specification provides a flexible way to create common informationformats and share both the format and the data on the Internet, Intranets, andelsewhere.

Access / One® NetworkIndex 199IXNumerics802.11a 97802.11g 98Aabout this user’s guide 1access control list 106accessone.bin 36accessone_m.bin 36action status results 67action type 136actionsfactory defaults 135load firmware 136page device 137reboot 137active scanning 13advanced security 14advanced settings 93,154AES 17antenna power settings 167apply configuration 124authentication 104automatic time 89auto-sensing power supply 7Bbackground scanning 13,112beacon interval 154BIN files 36browser 26BSSID information 166Ccautions 3channel coordination 22channel list 22channel selector 152class of service 81,144Client Connect 16,101,155privacy 108privacy tags 141client limits 150client query 22commandsFirmware Updates 37,41Load Firmware on Network 38Load Firmware/Configuration 42Reboot 4Subnet 4Reboot Network 4,39View Action Status 39common terms 3Configure function 71,138contact information 182contacting Strix 167,171copyright notice 3Cos 20CSV 118Index

Access / One® Network200 IndexIXDdata input 64data rate 151data trust level 113date and time 88,145daylight saving time 89default gateway 78deployment 8details pane 38device information 164DHCP server 23options 24DNS server 79DTIM 154dual radio 18dynamic operation 14Eelevation 140encryption 14,17,104Ethernet segments 20explosive device proximity 7exporting CSV 118Ff42factory defaults 19,135file name 146file type 136file version 136firmwaredownloading 36updating 35firmware updates 91,145fragment length 154frequency 151FTP aggressiveness 37FTP server 23,25,35,37,41,69Ggeneral 73,141getting started 23glossary of terms 183GPS positioning 19Hhardware specifications 22host network requirements 23DHCP server 23FTP server 23,25Internet browser 26Iimage files 36Indoor Wireless System 6inputting data 64integration 172intelligent network 11Internet browser 26introduction 1intuitive mouse-over 18,64inventory 12,40inventory control 19Inventory function 116IP settings 143IWS 6,18Llatitude 139launching Manager/One 29

Access / One® NetworkIndex 201IXlightning protection 18load firmware 136load firmware on network 68logical mesh view 19long distances 150longitude 140MManage function 65,134Management Information Base 20Manager/One 18accessing for the first time 31an overview 43auto-discovered 63choice of layouts 45commands 60details pane 56exporting inventory 63factory default 62general layout 44icon view 49installing 27intuitive mouse-over 18inventory 63launching 29legends 61list view 49logical mesh view 19logical view 47legend 52node registers 54panning 53zooming 53management tools 55mesh view 47monitors 19multi-view 19node status 57plug-in 27refresh 62segment view 19,48switching between layouts 46tabbed pages 58toolbar 58tools 18,50utility pane 29managing a subnet 127managing modules 133managing nodes 127managing the network 65manual organization 1manual time 90master 15Master Network Server 15,40master network server 80mesh 9structured 9topology 9mesh view 19metro scenario 5MIB 20mobility 15module name 139modulesmanaging 133Monitor function 119,158monitors 19AP 119Network Connect 121Rogue 123

Access / One® Network202 IndexIXWireless Client Query 122mouse-over 18,64multi-version environment 35NNetwork Connect 17,109,156network management 15,65,73,141general 141SNMP 142network name 139network scenariosmetro 5transportation 10Network Server 14network topology 79node commandsupdate network membership 131update node names 130notes 3notices 6European Community 6Industry Canada 6non-modification 6RF exposure 6VCCI 6NTPsetting up 33Windows 2000 33Ooperating environment 91,145operating mode 149organization 1Outdoor Wireless System 7output power 151overviewsadvanced security 14background scanning 13benefits 18client connect 16dynamic operation 14features 18Indoor Wireless System 6master network server 15mesh topology 9network connect 17network intelligence 11network management 15network servers 14Outdoor Wireless System 7remote subnets 16rogue devices 13self-discovery 12self-healing 12self-tuning 12technology 18traffic prioritization 15wireless workgroups 17OWS 7,18Ppage 30page device 137partner login 36partnerstools 172training 172password 140encryption 140peer selection 110

Access / One® NetworkIndex 203IXping 30PoE 20power 151power settings 167power supply 7Power-over-Eternet 20printing an inventory 117prioritising traffic 15priority assignment 171Priority/One 20,81,144product images 4protection mode 99,152protection rate 153protection type 153public safety 18,22,97,149,152,170Rradio parameters 95,147radio statistics 160RADIUS accounting 21,84,144reboot 137reboot network 68rebooting 4registry editor 33remote management 20remote network server 70exclude 70include 70remote subnets 125communicating between 16reports 159radio statistics 160SSID list 163VLAN list 163wireless client monitor 162wireless neighbors 161roaming 15rogue devices 13,14triangulation 13Rogue Devices function 165scan 165rogue scan 114,157round trip delay 156RTD 156RTS/CTS threshold 154Ssafety warnings 7sample network 4scan 165security 14security key 105,112security mode 104segment view 19self-discovery 12self-healing 12self-tuning 12,111short slot 100,153short slot preamble 153short slot time 153slave 15SmartSelect 151SNMP 75,142SNTP 89specifications 22SSID 21,102SSID list 163static network server 80structured mesh 9subnet commands 129

Access / One® Network204 IndexIXload firmware 129reboot 129subnet management 127Super G 22support 167,171symbols used in this guide 3Syslog 85syslog 21,144system 71,138network management 141TCP/IP settings 143user login 139system and security 19Ethernet segments 20factory defaults 19GPS positioning 19inventory control 19network server 20PoE 20Power-over-Ethernet 20Priority/One 20RADIUS accounting 21remote management 20syslog 21system logging 21system and securityzero configuration21system logging 21Ttarget MAC address 156TCP/IP 78TCP/IP settings 143technical support 167,171Telnet 30time zone 88TKIP 21topology 79traffic prioritization 15transfer system files 69transmit power 151,167transportation scenario 10traps 76trusted IP addresses 77,143trusted mode 77UUltrawideband 6update network membership 69,131update node names 68,130updating firmware 35module 41network 37user login 72,139user mobility 15user name 140utility pane 29options 30Vview action status 39,66results 67Virtual Private Network 14Virtual/Strix 101VirtualStrix 21VLAN 21VLAN list 163VLAN security 103VPN 14

Access / One® NetworkIndex 205IXWwarnings 7,3antenna placement 8battery 8electrical power 7general safety 7grounding the unit 8lightning activity 7warranty 171welcome 5WEP 21why choose Access/One Network 8Wi-Fi 146radio parameters 147Windows 2000 33wireless 22channel coordination 22channel list 22client query 22Super G 22WLAN associations 22wireless client monitor 162wireless mode 150wireless neighbors 161Wireless Workgroups 17WLAN associations 22WPA 21Zzero configuration 21

Access / One® Network206 IndexIX