WBSn System Manual.book

Transcription

WBSn-2400 and WBSn-2450
System Manual
Software Version 1.5
July 2014
P/N 216058
Front Matter
Front Matter
© Copyright 2014 Alvarion Ltd (Alvarion). All rights reserved.
The material contained herein is proprietary, privileged, and confidential and owned by Alvarion or its
third party licensors. No disclosure thereof shall be made to third parties without the express written
permission of Alvarion Ltd.
Alvarion Ltd. reserves the right to alter the equipment specifications and descriptions in this publication
without prior notice. No part of this publication shall be deemed to be part of any contract or warranty
unless specifically incorporated by reference into such contract or warranty.
Trade Names
Alvarion®, BreezeCOM®, WALKair®, WALKnet®, BreezeNET®, BreezeACCESS®, BreezeMAX®,
BreezeLITE®, 4Motion®, and/or other products and/or services referenced here in are either registered
trademarks, trademarks or service marks of Alvarion Ltd.
All other names are or may be the trademarks of their respective owners.
Statement of Conditions
The information contained in this manual is subject to change without notice. Alvarion Ltd. shall not be
liable for errors contained herein or for incidental or consequential damages in connection with the
furnishing, performance, or use of this manual or equipment supplied with it.
Warranties and Disclaimers
All Alvarion Ltd. (“Alvarion“) products purchased from Alvarion or through any of Alvarion's authorized
resellers are subject to the following warranty and product liability terms and conditions.
Exclusive Warranty
(a) Alvarion warrants that the Product hardware it supplies and the tangible media on which any
software is installed, under normal use and conditions, will be free from significant defects in materials
and workmanship for a period of fourteen (14) months from the date of shipment of a given Product to
Purchaser (the "Warranty Period"). Alvarion will, at its sole option and as Purchaser's sole remedy, repair
or replace any defective Product in accordance with Alvarion' standard R&R procedure.
(b) With respect to the Firmware, Alvarion warrants the correct functionality according to the attached
documentation, for a period of fourteen (14) month from invoice date (the "Warranty Period")". During
the Warranty Period, Alvarion may release to its Customers firmware updates, which include additional
performance improvements and/or bug fixes, upon availability (the "Warranty"). Bug fixes, temporary
patches and/or workarounds may be supplied as Firmware updates.
Additional hardware, if required, to install or use Firmware updates must be purchased by the Customer.
Alvarion will be obligated to support solely the two (2) most recent Software major releases.
ALVARION SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE
THAT THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY PURCHASER'S OR
ANY THIRD PERSON'S MISUSE, NEGLIGENCE, IMPROPER INSTALLATION OR IMPROPER TESTING,
UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED
USE, OR BY ACCIDENT, FIRE, LIGHTNING OR OTHER HAZARD.
Disclaimer
(a) The Software is sold on an "AS IS" basis. Alvarion, its affiliates or its licensors MAKE NO
WARRANTIES, WHATSOEVER, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO THE SOFTWARE AND
THE ACCOMPANYING DOCUMENTATION. ALVARION SPECIFICALLY DISCLAIMS ALL IMPLIED
WBSn-2400 and WBSn-2450 System Manual
ii
Front Matter
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND
NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE. UNITS OF PRODUCT (INCLUDING ALL THE
SOFTWARE) DELIVERED TO PURCHASER HEREUNDER ARE NOT FAULT-TOLERANT AND ARE NOT
DESIGNED, MANUFACTURED OR INTENDED FOR USE OR RESALE IN APPLICATIONS WHERE THE
FAILURE, MALFUNCTION OR INACCURACY OF PRODUCTS CARRIES A RISK OF DEATH OR BODILY
INJURY OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). HIGH RISK
ACTIVITIES MAY INCLUDE, BUT ARE NOT LIMITED TO, USE AS PART OF ON-LINE CONTROL SYSTEMS IN
HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF
NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL,
LIFE SUPPORT MACHINES, WEAPONS SYSTEMS OR OTHER APPLICATIONS REPRESENTING A SIMILAR
DEGREE OF POTENTIAL HAZARD. ALVARION SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED
WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES.
(b) PURCHASER'S SOLE REMEDY FOR BREACH OF THE EXPRESS WARRANTIES ABOVE SHALL BE
REPLACEMENT OR REFUND OF THE PURCHASE PRICE AS SPECIFIED ABOVE, AT ALVARION'S OPTION.
TO THE FULLEST EXTENT ALLOWED BY LAW, THE WARRANTIES AND REMEDIES SET FORTH IN THIS
AGREEMENT ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR
IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING BUT
NOT LIMITED TO WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, SATISFACTORY QUALITY, CORRESPONDENCE WITH DESCRIPTION,
NON-INFRINGEMENT, AND ACCURACY OF INFORMATION GENERATED. ALL OF WHICH ARE EXPRESSLY
DISCLAIMED. ALVARION' WARRANTIES HEREIN RUN ONLY TO PURCHASER, AND ARE NOT EXTENDED
TO ANY THIRD PARTIES. ALVARION NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO
ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE
OR USE OF ITS PRODUCTS.
Limitation of Liability
(a) ALVARION SHALL NOT BE LIABLE TO THE PURCHASER OR TO ANY THIRD PARTY, FOR ANY LOSS OF
PROFITS, LOSS OF USE, INTERRUPTION OF BUSINESS OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL,
PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND, WHETHER ARISING UNDER BREACH OF
CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WHETHER BASED
ON THIS AGREEMENT OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(b) TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE LIABILITY FOR DAMAGES
HEREUNDER OF ALVARION OR ITS EMPLOYEES OR AGENTS EXCEED THE PURCHASE PRICE PAID FOR
THE PRODUCT BY PURCHASER, NOR SHALL THE AGGREGATE LIABILITY FOR DAMAGES TO ALL PARTIES
REGARDING ANY PRODUCT EXCEED THE PURCHASE PRICE PAID FOR THAT PRODUCT BY THAT PARTY
(EXCEPT IN THE CASE OF A BREACH OF A PARTY'S CONFIDENTIALITY OBLIGATIONS).
FCC Compliance Statement
The Base Station complies with Part 15 of the Federal Communications Commission (FCC) Rules.
Operation is subject to the following two conditions:
1. This device may not cause harmful interference.
2. This device must accept any interference received, including interference that may cause undesired
operation.
CAUTION:
Changes or modifications to this unit not expressly approved by the party responsible for compliance
could void the user’s authority to operate this equipment.
This equipment has been tested and found to comply with the limits for a Class B digital device,
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against
iii
Front Matter
harmful interference in a residential installation. This equipment generates, uses and can radiate radio
frequency energy and, if not installed and used in accordance with the manufacturer’s instructions, may
cause interference harmful to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If this
equipment does cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by one or
more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment to an outlet on a circuit different from that to which the receiver is
connected.
Consult the dealer or an experienced radio or TV technician for help.
FCC and Industry Canada Radiation Hazard Warning
To comply with Industry Canada exposure requirements, and FCC RF exposure requirements in Section
1.1307 and 2.1091 of FCC Rules, the antenna used for this transmitter must be fixed-mounted on
outdoor permanent structures with a separation distance of at least 50 cm from all persons.
R&TTE Compliance Statement
This equipment complies with the appropriate essential requirements of Article 3 of the R&TTE Directive
1999/5/EC.
Grounding
BS Units are required to be bonded to protective grounding using the bonding stud or screw provided
with each unit.
Lithium Battery
The battery is not intended for replacement.
Caution
To avoid electrical shock, do not perform any servicing unless you are qualified to do so.
Line Voltage
Before connecting this instrument to the power line, make sure that the voltage of the power source
matches the requirements of the instrument.
Radio
The instrument transmits radio energy during normal operation. To avoid possible harmful exposure to
this energy, do not stand or work for extended periods of time in front of its antenna. The long-term
characteristics or the possible physiological effects of radio frequency electromagnetic fields have not
been yet fully investigated.
iv
Front Matter
Outdoor Units Installation and Grounding
Ensure that outdoor units and supporting structures are properly installed to eliminate any physical
hazard to either people or property. Make sure that the installation of the outdoor units and cables is
performed in accordance with all relevant national and local building and safety codes. Even where
grounding is not mandatory according to applicable regulation and national codes, it is highly
recommended to ensure that the outdoor units are grounded and suitable lightning protection devices
are used so as to provide protection against voltage surges and static charges. In any event, Alvarion is
not liable for any injury, damage or regulation violations associated with or caused by installation,
grounding or lightning protection.
Disposal of Electronic and Electrical Waste
Disposal of Electronic and Electrical Waste
Pursuant to the WEEE EU Directive electronic and electrical waste must not be disposed of with unsorted waste.
Please contact your local recycling authority for disposal of this product.
v
Important Notice
Important Notice
This manual is delivered subject to the following conditions and restrictions:
This manual contains proprietary information belonging to Alvarion Ltd. Such information is supplied
solely for the purpose of assisting properly authorized users of the respective Alvarion products.
No part of its contents may be used for any other purpose, disclosed to any person or firm or
reproduced by any means, electronic and mechanical, without the express prior written permission of
Alvarion Ltd.
The text and graphics are for the purpose of illustration and reference only. The specifications on
which they are based are subject to change without notice.
The software described in this document is furnished under a license. The software may be used or
copied only in accordance with the terms of that license.
Information in this document is subject to change without notice. Corporate and individual names
and data used in examples herein are fictitious unless otherwise noted.
Alvarion Ltd. reserves the right to alter the equipment specifications and descriptions in this
publication without prior notice. No part of this publication shall be deemed to be part of any
contract or warranty unless specifically incorporated by reference into such contract or warranty.
The information contained herein is merely descriptive in nature, and does not constitute an offer for
the sale of the product described herein.
Any changes or modifications of equipment, including opening of the equipment not expressly
approved by Alvarion Ltd. will void equipment warranty and any repair thereafter shall be charged for.
It could also void the user's authority to operate the equipment.
Some of the equipment provided by Alvarion and specified in this manual, is manufactured and
warranted by third parties. All such equipment must be installed and handled in full compliance with
the instructions provided by such manufacturers as attached to this manual or provided thereafter by
Alvarion or the manufacturers. Non-compliance with such instructions may result in serious damage
and/or bodily harm and/or void the user's authority to operate the equipment and/or revoke the
warranty provided by such manufacturer.
vi
About This Manual
About This Manual
This manual describes the WBSn-2400 and WBSn-2450 solution, and details how to install, operate and
manage the system components.
This manual is intended for technicians responsible for installing, setting and operating the WBSn-2400
and WBSn-2450 BS equipment, and for system administrators responsible for managing the system.
This manual contains the following chapters and appendices:
Chapter 1 - “Introduction”: Describes the WBSn-2400 and WBSn-2450 system and its components
and provides a general description of the deployment process.
Chapter 2 - “Base Station Installation”: Describes how to install the base station equipment,
complete its’ initial configuration and validate proper operational status.
Chapter 3 - “Base Station Management”: Describes how to manage the base station equipment
using the web-based management utility.
Appendix A - “Troubleshooting”: Describes the functionality of LEDs and Reset button in the base
station.
Appendix B - “Preparing the Ethernet Cables”: Describes how to prepare the Ethernet cable for the
base station.
Appendix C - “Web Redirection Forms”: Describes the Web Redirection process and how to prepare
relevant forms.
vii
Contents
Contents
Chapter 1 - Introduction ........................................................................................ 1
1.1 WBSn System Description.....................................................................................2
1.2 Specifications ......................................................................................................3
1.2.1 Modem & Radio .................................................................................................... 3
1.2.2 Mechanical and Electrical ...................................................................................... 4
1.2.3 Management ......................................................................................................... 4
1.2.4 Standards Compliance .......................................................................................... 5
1.2.5 Environmental....................................................................................................... 5
Chapter 2 - Base Station Installation ..................................................................... 6
2.1 Installation Requirements ....................................................................................7
2.1.1 Packing List ........................................................................................................... 7
2.1.2 Additional Installation Requirements.................................................................... 7
2.1.3 Optional Accessories ............................................................................................ 8
2.2 Location Selection Guidelines ...............................................................................8
2.3 Safety Instructions and Information .....................................................................9
2.4 The Installation Process .......................................................................................9
2.5 Base Station Connectors and LEDs......................................................................10
2.6 Preparing and Connecting the Outdoors Ethernet Cable ......................................11
2.7 Preparing and Connecting the Grounding Cable ...................................................11
2.8 Attaching an Extender to the Post Clamp (optional)............................................12
2.9 Mounting the Base Station .................................................................................13
2.9.1 Using the Post-Clamp.......................................................................................... 13
2.9.2 Wall Mount Installation ....................................................................................... 14
viii
Contents
2.9.3 Pole Mount Installation....................................................................................... 14
2.10 Connecting and Sealing Omni Antennas (if applicable).......................................15
2.11 Completing the Outdoor Installation .................................................................16
2.12 Connecting the Indoor Equipment .....................................................................16
2.13 Completing the Installation ...............................................................................17
2.13.1 Configuration Options ........................................................................................ 17
2.13.2 Using the Setup Wizard ...................................................................................... 17
2.14 Verification.......................................................................................................22
Chapter 3 - Base Station Management ................................................................. 23
3.1 Accessing the Web-Based Management Utility ....................................................24
3.2 Using the Web-Based Management Utility...........................................................25
3.2.1 General Information Bar ..................................................................................... 25
3.2.2 Management Function Selection Panel ............................................................... 26
3.2.3 Parameters Page................................................................................................. 27
3.2.4 General Control Buttons ..................................................................................... 28
3.3 Status................................................................................................................30
3.3.1 Status Page......................................................................................................... 30
3.3.2 System Page ....................................................................................................... 34
3.3.3 VAP Page............................................................................................................. 37
3.3.4 Associations Page ............................................................................................... 38
3.3.5 Radio Page .......................................................................................................... 41
3.3.6 Networking Page................................................................................................. 45
3.3.7 Event Log Page ................................................................................................... 45
3.3.8 Alarms Page ........................................................................................................ 46
3.4 Configuration .....................................................................................................48
3.4.1 System Page ....................................................................................................... 48
3.4.2 Wireless Page...................................................................................................... 54
3.4.3 VAP Page............................................................................................................. 54
3.4.4 Radio Page .......................................................................................................... 65
3.4.5 Network Page ..................................................................................................... 70
3.4.6 IP Configuration Page ......................................................................................... 74
3.4.7 Bridge Page ......................................................................................................... 78
3.4.8 DHCP Relay Page................................................................................................. 81
3.4.9 LAN Page............................................................................................................. 84
ix
Contents
3.4.10 WAN Configuration Page..................................................................................... 95
3.4.11 Web Authentication Page ................................................................................. 103
3.4.12 Bandwidth Management Page .......................................................................... 112
3.5 Administration .................................................................................................119
3.5.1 Local Management Page ................................................................................... 119
3.5.2 Users Page ........................................................................................................ 122
3.5.3 Firmware Page .................................................................................................. 125
3.5.4 Configuration Files Page ................................................................................... 127
3.5.5 Log Page ........................................................................................................... 130
3.5.6 Diagnostics Page............................................................................................... 134
3.6 Preparing Base Station Configuration Files .......................................................138
3.6.1 Introduction ...................................................................................................... 138
3.6.2 Preparing the First (Base) Configuration File.................................................... 138
3.6.3 Saving a Base Station Configuration File .......................................................... 138
3.6.4 Preparing Additional Base Station Configuration Files ..................................... 138
Appendix A - Troubleshooting ............................................................................139
A.1 Base Station Troubleshooting...........................................................................140
A.1.1 Base Station LEDs Description.......................................................................... 140
A.1.2 Using the Reset Button of the Base Station..................................................... 140
Appendix B - Preparing the
Ethernet Cables .................................................................................................144
B.1 Preparing the Base Station’s Ethernet Cable .....................................................145
Appendix C - Web Redirection Forms .................................................................147
C.1 The Web Redirection Process and Forms...........................................................148
x
Chapter 1 - Introduction
In This Chapter:
“WBSn System Description” on page 2
“Specifications” on page 3
Chapter 1 - IntroductionWBSn System Description
1.1
WBSn System Description
WBSn System Description
Alvarion’s Wi-Fi Base Stations with 802.11n support (WBSn) is a family of advanced Gigabit outdoor
Wi-Fi base stations operating in the 2.4 and 5 GHz unlicensed bands. The system combines true
two-way Beamforming 802.11n and interference mitigation technologies together with 3x3:2 MIMO,
delivering best capacity and coverage. The interference immunity suite combines the inherent
Beamforming ability to suppress interference, the Dynamic Interference Handling (DIH) algorithm that
continuously optimizes receiver’s parameters according to noise level, the Automatic Channel Selection
(ACS) algorithm for selection of best operating channel, the Wireless Alvarion Rate Adaptation (WARA)
mechanism for optimal rate selection in environments with high interference, and the capabilities of the
sector antennas and Down Tilted omni Antennas to reject noise out of their field-of-view.
The carrier grade WBSn base stations are designed for high reliability and manageability, including a
robust IP-68 certified enclosure for harsh environments, security and QoS features, FCAPS management
suite, and simple and easy installation.
WBSn base stations include rich embedded networking capabilities, including Bridging, Routing and a
fully integrated Access Controller, for flexible service planning and reduced costs. WBSn is
complemented by WavioNet service provisioning management tools, and a span of WCPEs, enabling
numerous urban and rural applications at the lowest cost per bit. Alvarion offers also the Wi-Fi Cloud
Controller WCC-1000 that acts as a mediation device between the operator's control core and the Wi-Fi
infrastructure, hiding the Wi-Fi access-specific complexities from operator's core network. WCC-1000
performs mission critical functions that include RADIUS mediation - maintaining a single RADIUS peer to
the operator's AAA, Rogue AP prevention, zero touch provisioning (aka SON - Self-Organized-Network),
mobility management and PasspointTM (aka Hotspot 2.0) gateway support.
WBSn base stations are currently available in the following configurations:
Single band base stations operating in the 2.4 GHz band:
»
WBSn-2400-O: A base station with 3 omni antennas.
»
WBSn-2400-S: A base station with an integral high gain sector antenna.
Dual band base stations operating in both the 2.4 GHz and 5 GHz bands:
»
WBSn-2450-O: A base station with 3 omni antennas serving both bands.
»
WBSn-2450-S: A base station with an integral high gain sector antenna serving both bands.
»
WBSn-2450-OS: A base station with 3 omni antennas serving the 2.4 GHz band and an integral
high gain sector antenna serving the 5 GHz band.
»
WBSn-2450-SO: A base station with an integral high gain sector antenna serving the 2.4 GHz
band and 3 omni antennas serving the 5 GHz band.
2
Chapter 1 - IntroductionSpecifications
1.2
Specifications
1.2.1
Modem & Radio
Specifications
Table 1-1: General Modem & Radio Specifications
Item
Description
2.4 GHz Band
5 GHz Band
Frequency Range*
2.400 - 2.483 GHz, 13 channels
4.900 - 5.900 GHz
Radio Type
IEEE 802.11 b/g/n
IEEE 802.11 a/n
Modulation
802.11n: 3x3 MIMO with 3
spatial data streams
802.11n: 3x3 MIMO with 3
spatial data streams
802.11g: OFDM
802.11a: OFDM
802.11b: DSSS
Data Rates
802.11n: MCS0 - MCS23
802.11n: MCS0 - MCS23
802.11g: 54, 48, 36, 24, 18, 12,
9, 6 Mbps
802.11a: 54, 48, 36, 24, 18, 12,
9, 6 Mbps
802.11b: 11, 5.5, 2, 1 Mbps
Channel Bandwidth
20 / 40 MHz
5 / 10 / 20 / 40 MHz
Central Frequency Resolution
5 MHz
5 MHz
Transmit Power*
(at antenna port)
3-26 dBm, 1 dB steps
3-25 dBm, 1 dB steps
Sector Antenna (internal)
HGDP 12 dBi, 120°H x 16°V,
vertical polarization
HGDP 14 dBi, 120°H x 8°V,
vertical polarization
Omni Antennas
3 x 7.5 dBi, 360°H 20°V
3 x 8.5 dBi, 360°H 10°V
* In the 5 GHz band actual operating frequency range and maximum transmit power depend on
relevant local regulations. For more details refer to “Wireless Page” on page 54.
3
1.2.2
Specifications
Mechanical and Electrical
Table 1-2: Base Station Mechanical & Electrical Specifications
Item
Description
Dimensions
WBSn-2400-O, WBSn-2450-O: 38 x 14 x 9.5 cm (excluding antennas)
WBSn-2400-S, WBSn-2450-S: 38 x 14 x 39.5 cm
WBSn-2450-OS, WBSn-2450-SO: 38 x 14 x 43.5 cm (excluding omni antennas)
Weight
WBSn-2400-O, WBSn-2450-O: 1.4 kg (excluding antennas)
WBSn-2400-S, WBSn-2450-S: 2.4 kg
WBSn-2450-OS, WBSn-2450-SO: 3.75 kg (excluding omni antennas)
Input Power
55 VDC Power over Gigabit Ethernet (use only PoE injector supplied by
Alvarion).
Power Consumption
Single band: 19 W nominal, 23 W maximum
Dual band: 22 W nominal, 30 W maximum
*Power consumption will be lower if actual Tx Power is lower than the
maximum supported by the unit
1.2.3
Management
Table 1-3: Management Specifications
Item
Description
Management
Type: Web-based management utility
Local management: Via Ethernet (LAN) port
Remote management: Via Ethernet (LAN) or wireless link
Software Upgrade
Via the web-based management utility, FTP
Configuration upload/download
Via the web-based management utility, FTP)
Management Access Security
Access Protection: user Name and Password. Access via
wireless link can be blocked.
4
1.2.4
Specifications
Standards Compliance
Table 1-4: Base Station Standards Compliance
Type
Standard
EMC
FCC 47 CFR Part 15B Class B
EN 301 489
ETSI EN 301 489-1/17
UL 60950-1:2003
Safety
CAN/CSA-C22.2 No. 60950-1-03
EN 60950-1
IEC 60950-1
IEC 60950-22
ETSI EN 300 019-2-2
Environmental
ETSI EN 300 019-2-4 V2.1.2
IEC 60068-2-64, 29
IP68 - IEC 60529
FCC 47 CFR part 15C
Radio
EN 302 502
EN 301 893
EN 300 328
Restriction of Hazardous
Substances
RoHS Directive
General
802.11n
802.1x
SNMPv2
WMM
1.2.5
Environmental
Table 1-5: Environmental Specifications
Type
Details
Operating Temperature
-40°C to 55°C
Operating Humidity
5%-95% non condensing, weather protected
Ingress Protection Rating
IP-68
Wind Survivability
220 km/h
5
Chapter 2 - Base Station
Installation
In This Chapter:
“Installation Requirements” on page 7
“Location Selection Guidelines” on page 8
“Safety Instructions and Information” on page 9
“The Installation Process” on page 9
“Base Station Connectors and LEDs” on page 10
“Preparing and Connecting the Outdoors Ethernet Cable” on page 11
“Preparing and Connecting the Grounding Cable” on page 11
“Attaching an Extender to the Post Clamp (optional)” on page 12
“Mounting the Base Station” on page 13
“Completing the Outdoor Installation” on page 16
“Connecting the Indoor Equipment” on page 16
“Completing the Installation” on page 17
“Verification” on page 22
CAUTION
ONLY experienced installation professionals who are familiar with local building and safety codes and,
wherever applicable, are licensed by the appropriate government regulatory authorities, should install
outdoor equipment.
Failure to do so may void the product warranty and may expose the user to legal and financial liabilities.
Alvarion and its resellers or distributors are not liable for injury, damage or regulation violations associated
with the installation of outdoor equipment.
Chapter 2 - Base Station InstallationInstallation Requirements
Chapter 2 - Base Station Installation
2.1
Installation Requirements
2.1.1
Packing List
Installation Requirements
Check contents of the package:
Base Station:
»
BS Unit
»
Post clamp
»
Two steel bands
»
2 screws, each with attached spring and flat washers
»
Extraction Key
»
Security cable
»
For WBSn-2400-O and WBSn-2450-OS: Three 2.4 GHz Omni Antennas
»
For WBSn-2450-O and WBSn-2450-SO: Three 5 GHz Omni Antennas (used also for the 2.4 GHz
band in WBSn-2450-O)
»
For a unit with Omni antennas (WBSn-2400-O, WBSn-2450-O, WBSn-2450-OS and
WBSn-2450-SO: IP68 waterproof sealing tape)
1 Gigabit Ethernet PoE Injector and a power cable (for details on available PoE Injectors refer to ....)
2.1.2
Additional Installation Requirements
The following items are also required to install the BS:
Data and Power Ethernet cable: Outdoor Category 5e 4-pair shielded data cable, two shielded RJ45
connectors, and tools required for on-site preparation of the cable if required.
NOTE!
The combined length of the outdoor Ethernet cable (from the PoE Injector to the BS) and the Ethernet
cable connecting to the data networking equipment should not exceed 100 meters.
Grounding cable (10 AWG or thicker) with an M6 terminal ring for connecting to the BS grounding
terminal and an appropriate termination for connecting to protective grounding.
For the WPI-3X48DC-1G Triple Passive DC PoE Injector: A grounding cable (10 AWG or thicker) with
an M6 terminal ring for connecting to the PoE Injector grounding terminal and an appropriate
termination for connecting to protective grounding.
For pole installation: 1"-6" diameter pole (or a suitable tower structure) should be available.
For wall installation: Depending on type of surface - 4 screws or 4 sets of screws and anchors.
7
Chapter 2 - Base Station InstallationLocation Selection Guidelines
Location Selection Guidelines
Portable PC and a straight Ethernet cable (for configuration purposes).
Ethernet cable for connecting to the data networking equipment.
Installation tools and materials.
INFORMATION
Even where grounding and lightning protection is not mandatory according to applicable regulation
and national codes, it is highly recommended to ensure that the outdoor units are grounded and
suitable lightning protection devices are used so as to provide protection against voltage surges and
static charges.
It is recommended to install a well grounded lightning rod above the BS and a suitable lightning
protection device at the point of entry to the indoor structure. In a lightning prone area it is
recommended to install another lightning protection device close to the Ethernet port of the base
station. Only Gigabit PoE lightning protection devices should be used with this equipment. A kit of two
suitable lightning protection devices (WA-LP-2PAK, catalog number 27005013) is optionally available
from Alvarion.
For more information on lightning protection techniques you may consult with Alvarion’s technical
experts.
The following sections describe an installation without any lightning protection devices. For
installations with lightning protection device(s), additional cable segments prepared following relevant
instructions will be required.
2.1.3
Optional Accessories
Extender kit (for details see “Attaching an Extender to the Post Clamp (optional)” on page 12).
2.2
Location Selection Guidelines
Prior to installation of the Base Station equipment, select a suitable installation site. Choose a site that
supports the physical characteristics of the unit and is in accordance with the unit's environmental and
power requirements.
Consider the following when planning the installation:
The location of the indoor PoE Injector should take into account its connection to the power source
and to the data networking equipment.
When selecting the location intended for the outdoor BS equipment make sure to allow easy access
for installation, replacement or maintenance purposes.
Consider the maximum cable length specified for the units. Make sure that the length of the cables is
sufficient to reach their destination connection.
The base stations are pole or wall mounted. For pole mounted units, ascertain the existence of
potential posts or poles to which the base station could be attached. Consider the axis of the post, its
placement, and whether extenders are required.
The front panel of a base station with sector antenna(s) (WBSn-2400-S, WBSn-2450-S,
WBSn-2450-ODS and WBSn-2450-SO) should be directed towards the area intended to be covered,
with maximum possible lines of sight for client locations.
8
Chapter 2 - Base Station InstallationSafety Instructions and Information
Safety Instructions and Information

A unit with Omni antennas should be installed at the highest of point the pole. This is to ensure that
there is no interference caused by the close proximity of the antenna to other metal objects. Where
this is not possible, the unit should be installed at a distance of at least 1 meter from the pole, using a
horizontal bar.
Generally, the higher the placement of the base station, the better the link quality achievable.
However, the higher the installation the greater the interference from other sources of radiation that
the base station is exposed to. Consider best installation spot that maximizes coverage and minimizes
interference. Typically, the ideal height at which a base station should be installed is at least 3 meters
above the rooftops of the buildings within the coverage zone. Keep the maximum distance possible
from other RF radiating sources, power lines and metal objects.
The minimum vertical separation distance between two base stations is 2 meters. The minimum
horizontal separation distance between two base stations (back-to-back) with sector antennas is 2
meters. For units with Omni antennas he minimum horizontal separation distance between two base
stations (back-to-back) is 10 meters.
2.3
Safety Instructions and Information
Please ensure that you read and understand the following safety information. Ensure that you carefully
read and follow all instructions in this manual, and heed all warnings.
Do not modify the construction of this product.
There is a risk of personal injury or death if the unit is close to electric power lines.
By nature of the outdoor installation, you may be exposed to hazardous environments and high
voltage. Use extreme caution when installing the system.
Servicing may be required when the equipment has been damaged in any way. All servicing should be
referred to qualified service personnel only.
The base station must be properly grounded.
Do not open the unit - risk of electric shock.
Any change or modification not expressly described in this manual or approved by the manufacturer
could void your authority to operate this equipment.
It is recommended to install a suitable surge suppressor device to protect against overvoltage on
mains input to the equipment.
2.4
The Installation Process
The typical installation process comprises the following steps:
1 Choose the locations for the outdoor and indoor equipment (refer to “Location Selection Guidelines”
on page 8).
9
Chapter 2 - Base Station InstallationBase Station Connectors and LEDs
Base Station Connectors and LEDs
2 Verify the existence of a good protective grounding (earth) connection near the location intended for
the base station.
3 Prepare the outdoor Ethernet cable and connect it to the base station (refer to “Preparing and
Connecting the Outdoors Ethernet Cable” on page 11).
4 Prepare the grounding cable and connect it to the base station (refer to “Preparing and Connecting
the Grounding Cable” on page 11).
5 If an extender is required, attach it to the post clamp (refer to “Attaching an Extender to the Post
Clamp (optional)” on page 12).
6 Attach the post clamp (with the extender if applicable) to the pole/wall and attach to it the base
station. Verify that it is properly directed towards the required coverage area (refer to “Mounting the
Base Station” on page 13).
7 For units with Omni antennas: Connect and seal the three antennas (refer to “Connecting and
Sealing Omni Antennas (if applicable)” on page 15).
8 Complete the outdoor installation (refer to “Completing the Outdoor Installation” on page 16).
9 Install and connect the indoor equipment (refer to “Connecting the Indoor Equipment” on page 16).
10 Configure necessary parameters (if required) and verify the operational status of the base station
(refer to “Completing the Installation” on page 17).
2.5
Base Station Connectors and LEDs
Figure 2-1: Base Station Connectors and LEDs (a unit with both omni and sector antennas)
10
Chapter 2 - Base Station InstallationPreparing and Connecting the Outdoors Ethernet Cable
Preparing and Connecting the Outdoors Ethernet Cable
IMPORTANT
NOTE!
The USB connector does not function as a standard USB port and is intended for special engineering
purposes only. Ensure that the USB connector and RST button are properly sealed with the plastic cap.
For details on using the RST (Reset) button refer to “Using the Reset Button of the Base Station” on
page 140.
For details on the functionality of the Status LEDs refer to “Base Station LEDs Description” on page 140.
2.6
Preparing and Connecting the Outdoors Ethernet
Cable
It is recommended to attach the Ethernet connector to the cable and connect it to the base station prior
to mounting the outdoor unit. Typically the connector on the other side will be attached only after
completing the outdoor installation and routing the open-ended cable to the location intended for the
PoE Injector.
For detailed instructions on how to prepare the Ethernet cable refer to “Preparing the Base Station’s
Ethernet Cable” on page 145.
NOTE!
Make sure that the length of the Ethernet cable is sufficient for reaching from the intended location of
the base station to the intended location of the indoor equipment.
The combined length of the outdoor Ethernet cable (from the base station to the PoE Injector) and the
Ethernet cable connecting the PoE Injector to the data networking equipment should not exceed 100
meters.
2.7
Preparing and Connecting the Grounding Cable
To prepare and connect the grounding cable:
1 Prepare a 10 AWG (or thicker) grounding cable with an M6 terminal ring on one end (for connecting
to the base station) and a suitable termination on the other end according to the intended protective
ground connection. The length of the cable should be sufficient for conveniently reaching from the
base station’s grounding screw to the protective ground connection.
2 Remove the nut and one of the star washers from the grounding screw.
3 Attach the M6 terminal ring to the grounding screw.
4 Attach the second star washer and firmly tighten the nut.
11
Chapter 2 - Base Station InstallationAttaching an Extender to the Post Clamp (optional)
Attaching an Extender to the Post Clamp (optional)
2.8
Attaching an Extender to the Post Clamp
(optional)
An extender (ordered separately) may be needed in the following cases:
A wall or horizontal pole installation where adjustment of the direction in the horizontal plan is
required for directing the base station towards the required coverage area. The extender may also be
used in vertical pole installations for simpler adjustment of the direction in the horizontal plan.
Installation on a post that deviates from the vertical or horizontal plane by up to +/- 15 degrees.
The extender comprises two parts:
1 A part that enables adjustment of the direction in the horizontal plane (left/right) when attached to
the post clamp
2 A part with a circular slot that enables adjustment of the direction in the vertical plane (up/down)
when attached to the first part.
Horizontal Plane Adjustment
Vertical Plane Adjustment
Figure 2-2: Extender Parts
The extender kit includes also 4 screws with attached spring and flat washers.
To attach the extender to the post-clamp:
1 Attach the horizontal adjustment part of the extender to the post clamp with 2 screws and washers
using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm).
2 Attach the vertical adjustment part to the horizontal adjustment part with 2 screws and washers
using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm).
12
Chapter 2 - Base Station InstallationMounting the Base Station
Mounting the Base Station
Figure 2-3: Extender and Post-Clamp Attached
2.9
2.9.1
Using the Post-Clamp
Figure 2-4: Post-Clamp
The base station should always be installed vertically, with the bottom side (with connectors and LEDs)
pointing downward. To support this requirement, in regular installations (without an extender), the post
clamp should be installed vertically (with the two protrusions pointing up and down). In installations
with an extender, the post clamp should be installed horizontally ((with the two protrusions pointing
sideways).
13
Chapter 2 - Base Station InstallationMounting the Base Station
The slots support installation on poles with different diameters (1”-6”) on either vertical or horizontal
poles. The holes enable wall mount installation.
2.9.2
Wall Mount Installation
To mount the unit on a wall:
1 Place the post clamp on the wall and mark the exact location of the holes to drill. The location of the
screws should be planned with maximum precision.
2 Drill the holes and use four suitable metal anchors and screws to secure the post clamp (with an
extender if applicable) to the wall.
3 Attach the base station unit to the post clamp (or to the extender), with the 2 screws and washers.
Tighten the screws using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm). As you tighten the
screws, verify that the tilt of the base station unit is correct for the coverage area required.
NOTE!
In an urban setting, with a high-placed installation, a slight downwards tilt (approximately 8 - 10
degrees) will help reduce noise and interference.
4 If you use an extender, verify that the directions in the horizontal and vertical planes are correct. If
needed, release slightly the applicable screws and re-adjust the direction of the base station. Tighten
the screws using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm).
2.9.3
Pole Mount Installation
CAUTION
When climbing on a pole/tower and during installation/removal of the unit, use the security cable with
the carabiner to safely attach the equipment to a suitable object.
The post clamp supports installation on polls with a diameter of 1” to 6” by using the appropriate pairs
of slots.
To mount the unit on a pole:
1 Thread the two steel band through the two appropriate slot pairs. For a thinner post, the steel bands
should be threaded through the inner slots, and for a wider post, through the outer slots.
2 Secure the post clamp to the pole by closing and tightening the steel bands with a torque of 3.8 lb-ft
(5.1 Nm). As you tighten the screws, verify that the direction is correct for the coverage area required.
14
Chapter 2 - Base Station InstallationConnecting and Sealing Omni Antennas (if applicable)
Connecting and Sealing Omni Antennas (if applicable)
3 Attach the base station unit to the post clamp (or to the extender), with the 2 screws and washers.
Tighten the screws using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm). As you tighten the
screws, verify that the tilt of the base station unit is correct for the coverage area required.
NOTE!
In an urban setting, with a high-placed installation, a slight downwards tilt (approximately 8 - 10
degrees) will help reduce noise and interference.
4 If you use an extender, verify that the directions in the horizontal and vertical planes are correct. If
needed, release slightly the applicable screws and re-adjust the direction of the base station. Tighten
the screws using a 13 mm ratchet key with a torque of 18.4 lb-ft (25 Nm).
Without Extender (vertical pole)
With Extender (horizontal pole)
Figure 2-5: Pole Mounting, with/without an Extender
2.10
NOTE!
Connecting and Sealing Omni Antennas (if
applicable)
Only the antennas supplied in the original package should be used.
The antennas should only be connected after completing the installation procedure and prior to
powering the unit.
All three antennas must be connected.
1 Screw the three antennas into the three N-type connectors on the bottom of the WBSn base station
unit. Do not use excessive force.
2 After the antennas are connected, use the supplied isolation tape to cover the N-Type connectors and
the lower part of the antennas to ensure IP-68 compliant protection against dust and water:
15
Chapter 2 - Base Station InstallationCompleting the Outdoor Installation
Completing the Outdoor Installation
a Cut 18 cm of the attached splicing tape.
b Stretch and wrap the tape in an even, half overlapping manner
around the antenna and N-Type connector. Cover this with a layer of
vinyl plastic tape.
2.11
Completing the Outdoor Installation
To complete the outdoor installation:
1 Firmly connect the grounding cable to a protective ground (earth) connection.
2 Route the Ethernet cable to the intended location of the PoE Injector. Use proper means to secure the
cable to the pole/tower, walls, and other objects as required.
2.12
Connecting the Indoor Equipment
Figure 2-6: PoE Injector
After mounting the unit with the Ethernet cable connected and verifying proper grounding, proceed to
complete the indoor installation.
To connect the indoor equipment:
16
Chapter 2 - Base Station InstallationCompleting the Installation
Completing the Installation
1 Insert and crimp a shielded RJ-45 connector to the Ethernet cable. For detailed instructions on how to
prepare the Ethernet cable refer to “Preparing the Base Station’s Ethernet Cable” on page 145.
2 Connect the Ethernet cable to the OUT connector of the PoE Injector.
3 Use the power cable to connect the PoE Injector to a mains outlet.
4 Use a standard Gigabit Ethernet cable to connect the IN connector of the PoE Injector to the
networking equipment.
2.13
2.13.1
Configuration Options
There are several different alternative for configuring necessary parameters of the base station:
Completing the entire configuration of the base station before sending it to the site.
NOTE!
In some cases you may need to also activate the Automatic Channel Selection feature (see “Offline
ACS” on page 68) and verify that the quality of the pre-configured channel (see “ACS Results” on
page 44) is sufficient for achieving required performance. This applies also to the case where a
pre-prepared configuration file (see below) is used.
Loading a pre-prepared configuration file. See “Import and Export Group” on page 128 for details on
importing a configuration file. See “Preparing Base Station Configuration Files” on page 138 for
details on pre-preparation of configuration file. Note that if time settings (“Time” on page 51) was
not configured for synchronization with an NTP server the time should be set manually.
Completing the entire configuration of the base station on site according to pre-prepared
instructions.
Configure on site only the basic set of parameters required for ensuring connectivity to the control
center and operation on a correct radio channel. Other parameters can be remotely configured by the
system administration.
Regardless of the configuration method, the ability to manage the unit from the remote control center
must be verified before leaving the site.
The following section describes how to use the Setup Wizard for configure the minimal set of basic
parameters required for proper operation.
2.13.2
Using the Setup Wizard
The Setup Wizard enables configuring the basic parameters required for ensuring connectivity to the
control center and (optionally) operation on the best available radio channel, assuming that
configuration of additional parameters will be executed remotely by the system administration.
17
NOTE!
The following sections describe configuration of mandatory basic parameters only. Unless instructed
otherwise by the system administrator, all other parameters should not be changed from their default
values.
For details on how to access the EMS utility refer to “Accessing the Web-Based Management Utility” on
page 24. For details on how to use the EMS utility refer to “Using the Web-Based Management Utility”
on page 25.
To open the Setup Wizards:
1 For initial on-site configuration of a new unit (with a factory default configuration), connect a PC
directly to the IN port of the PoE Injector. The base station’s default management IP address is
192.168.1.1 with a subnet mask of 255.255.255.0. You must set the IP address of your PC to be on
the same subnet (that is, an IP addresses in the range from 192.168.1.2 to 192.168.1.254).
2 In the Management Function Selection panel select the Setup Wizard option to open the first screen
of the wizard:
Figure 2-7: Setup Wizard-Install (first) Screen
To configure basic parameters:
1 Click on the right-pointing orange arrow in the bottom right corner of the screen to proceed to the
next step (Network) of the wizard:
18
Figure 2-8: Setup Wizard-Network (second) Screen
2 Configure the Network parameters as required:
Table 2-1: Setup Wizard Network Parameters
Parameter
Description
IP Address
The IP address of to be used for management. Not applicable if
IP Method (see below) is set to DHCP.
Mask
The network mask of the management interface. Not
applicable if IP Method (see below) is set to DHCP. The default
is 255.255.255.0.
Gateway
The IP address of the default gateway of the management
subnet. Must be configured to required value regardless of the
option selected for the IP Method parameter.
IP Method
The method of acquiring IP parameters for the interface:
Manual or DHCP. The default is Manual.
VAP Name
The name of the default VAP. This is the VAP that will be used
also for over the air management of the unit. The VAP Name is
used as the SSID (Service Set IDentifier) of the VAP. The default
is VAP_1.
19
Table 2-1: Setup Wizard Network Parameters
Parameter
Description
Security Mode
The mode of providing authentication and data security on the
VAP’s wireless link. The default is Open (no authentication, no
encryption of data). Typically Open mode should be used for
the default VAP to enable over the air management. If another
mode is selected, a Security Parameters section will become
available, enabling configuration of relevant parameters. For
more details on security modes and relevant parameters see
“The VAP Editor” on page 57.
3 Click on the right-pointing orange arrow in the bottom right corner of the page to apply and save the
new configuration. You will be disconnected from the EMS utility. However, if your PC is configured
to support communication with the new subnet, it will automatically reconnect to the EMS utility.
To activate Automatic Channel Selection (ACS):
1 After reconnecting to the EMS utility, you may select again the Setup Wizard option and use the right
pointing arrows to open the last step (ACS) of the wizard.
Figure 2-9: Setup Wizard-ACS (third) Screen
20
The Automatic Channel Selection mechanism utilizes a special algorithm to scan for the best channel
with which your base station can work, ensuring minimal interference, optimal capacity, and
maximum performance.
NOTE!
Note that scanning takes about 30 seconds per each channel.
2 Select the Band(s) to be scanned: 2.4 GHz + 5.0 GHz (both), 2.4 GHz, 5.0 GHz (available bands
depend on unit type). Note that the default VAP of units supporting both bands is associated by
default with both bands.
3 Click on the Scan button to open the scan control window:
Figure 2-10: Scan Control
4 Select the required option for the Auto Switch and Save Configuration parameter. The Auto Switch
and Save Configuration parameter defines the action to take place after completion of the ACS scan.
Select the False (the default) option to resume normal operation using the default channel(s). Select
True to automatically switch to the channel with the highest quality mark and save the new
configuration before resuming normal operation.
5 Click on the Scan button in the Scan Control window to initiate the ACS scan. The ACS Status
Indication (below the Scan button) will change to Started and an ACS scan in progress ... bar in
the middle of the top information bar will be displayed, indicating the progress of the scan process. To
stop the scan process before completion you can click on the Stop Scan button.
6 After completion of the scan process you may logout from the EMS utility.
21
Chapter 2 - Base Station InstallationVerification
2.14
Verification
Verification
Before leaving the site, verify that the unit can be reached and managed from the control center.
Disconnect the PC from the IN port of the PoE Injector and connect the IN port to the networking
equipment (that should be configured to provide connectivity from the control center to the base
station). Connect the PC via the networking equipment (set the IP address of your PC as required).
For initial testing you may use the Ping utility in the Administration>Diagnostics page of the
management utility (refer to “Ping” on page 136.). Note that this is possible only when the networking
equipment is connected and properly configured.
22
Chapter 3 - Base Station
Management
In This Chapter:
“Accessing the Web-Based Management Utility” on page 24
“Using the Web-Based Management Utility” on page 25
“Status” on page 30
“Configuration” on page 48
“Administration” on page 119
“Preparing Base Station Configuration Files” on page 138
Chapter 3 - Base Station ManagementAccessing the Web-Based Management Utility
Chapter 3 - Base Station Management
Accessing the Web-Based Management Utility
3.1
Accessing the Web-Based Management Utility
You should have on your PC one of the following browsers:
Microsoft Internet Explorer (IE) release 8 and higher
Mozila Firefox release 12.0 and higher
Google Chrome release 19.0 and higher.
You also need to have the Java Runtime Environment version 1.6 or higher installed on your PC.
NOTE!
NOTE: If when trying to connect to the EMS you are requested to upgrade Java, you must either update
or delay the update to a later time.
Users of iPads, iPhones, or other devices incompatible with Java applications who wish to manage the
Base Station need to remotely connect to a host PC using a Remote Desktop Connection application.
From the remote host they can log-in and manage the base station.
If you connect directly to the unit (via the IN port of the PoE Injector), set the IP address of your PC to be
on the same subnet as the unit. For a new unit (with a factory default configuration), the default
management IP address is 192.168.1.1 with a subnet mask of 255.255.255.0.
To access the web-based management utility, follow these steps:
1 Open a web browser and connect to the following URL: http://<base_station_IP_address> (the
default management IP address is 192.168.1.1).
2 The log in window is displayed:
Figure 3-1: Login Window
3 Enter the User Name and Password (the default User Name/Password for a user with Administrator
privileges are admin/admin).
4 Click on the Connect button. The management utility window is displayed.
24
Chapter 3 - Base Station ManagementUsing the Web-Based Management Utility
Using the Web-Based Management Utility
3.2
Figure 3-2: EMS Window
The management window comprises the following components:
General Information Bar
Management Function Selection Panel
Parameters Page
General Control Buttons
3.2.1
General Information Bar
The general information bar at the top of the window includes:
Product Type (on the left side): The type of the managed product.
On the right side the following are available:
»
Management Privileges (Permission): The management privileges of the currently logged-in user.
Administrator (full configure/view privileges) or Viewer (view only privileges). For more details
refer to “Users Page” on page 122.
»
Logout: Click on the Logout link to log out. You will be prompted to confirm the requested
action.
»
Device Name: The current Device Name. For more details refer to “System Page” on page 48.
25
After initiating a process that requires some time for completion such as ACS Scan, Upgrade, Default
Configuration, etc., a suitable progress bar will be displayed in the middle of the information bar,
indicating the status of the process. Wait until the process is fully completed before attempting to
perform any action in the management utility.
3.2.2
Management Function Selection Panel
Figure 3-3: Management Function Selection Panel
The management function selection panel (on the left side of the screen enables selecting one of the
following options:
Status: Enables checking current configuration of various parameters and viewing certain status and
performance indicators. See “Status” on page 30.
Configuration: Enables configuring the unit's different operational parameters. This include wireless,
network and general system parameters. See “Configuration” on page 48.
Setup Wizard: Typically used only during initial setup of the unit, enabling configuration of some
parameters required to support remote management of the unit and to provide basic wireless
connectivity. For more details see “Using the Setup Wizard” on page 17.
26
Administration: Enables configuring various parameters related to management and maintenance
of the unit. See “Administration” on page 119.
Use the expand/contract control (+/- sign) to show or hide parameters groups/sub-groups. Select a
group/sub-group to display relevant parameters page.
3.2.3
Parameters Page
The parameters page displays the relevant parameters according to the selection in the management
function panel, allowing a user to view current status/configuration of relevant parameters. Users with
Administrator privileges can modify the configuration of relevant parameters (if applicable for the
selected page).
For each parameters group, the page includes one or more sections. The parameters belonging to each
section may be either visible or hidden. Click on the section’s title ribbon to view hidden parameter. Click
again to hide them. The view/hide status is indicated by the direction of the double arrow on the right
side of the section’s title ribbon.
The following methods for selecting the required value for configurable parameters are common to
most configuration pages:
Drop-down List: Parameters with several value options are configured using drop-down list that
include the available options. To configure these parameters, click on the drop-down arrow on the
right side of the configuration field and select the required option from the drop-down list.
Text Field: Parameters that are defined using a string of characters are configured using a text field. To
change the setting, mark the current settings and enter the new string. Note that most parameters
require a certain format (such as IP address) or are subject to certain limitations such as maximum
string length.
Checkbox: Used for either selecting/deselecting an instance (such as channels to be scanned) or for
enabling/disabling a feature/option.
Grayed-out fields are read-only. This may be due to the particular parameter being either a read-only
parameter or because another parameter must be changed to enable read-write access for the required
parameter.
Modified parameters are colored red. To temporarily apply the new configuration, click on the Apply
button at the bottom right side of the window. To permanently save the changes, click on the Save
button. If the parameters are not saved, than after reboot the device will return to the previous
configuration.
Certain parameters are applied in runtime, meaning that a change becomes effective immediately after
applying it (clicking on the Apply button). Changes in certain parameters require rebooting the device:
the change is stored in the device, but the new settings will take effect only after the device is rebooted
(see “Reboot” on page 120). This is indicated by a suitable pop-up message displayed after applying the
change, indicating that after completing all configuration changes the device should be rebooted for the
new settings to take effect.
27
In some pages, tables are used for displaying information and (if applicable) for managing multiple
entities of the same type.
To re-size table’s columns:
Typically the width of all columns is adjusted automatically to display all relevant information. To resize a
column, position the cursor on the border line between two columns headings. The cursor changes into
a double-headed arrow. Click and drag the cursor to the left or to the right to increase or decrease the
size of the column.
To sort a table by the values of a selected column:
By default, table are sorted based on the value in the first column or according to the order of being
added to the database of the management utility.
Click on any of the column headings to sort the table by the values in the selected column. Click again
on a column heading to toggle between ascending and descending sorting order. The sorting order is
indicated by an up/down arrow on the right side of the column heading.
To modify the contents of a table:
Below most configuration tables the following buttons are available:
Add: Click on the Add button to open the relevant configuration editor enabling definition of a new
instance. When finished, click on the Apply button at the bottom of the editor to add the new
instance to the table. The button is not available (grayed-out) if the table includes the maximum
number of allowed instances.
Edit: Select an entry and click on the Edit button to open the relevant configuration editor enabling
to modify the configuration of the selected instance. When finished, click on the Apply button at the
bottom of the editor to apply the changes.
Remove: Select an entry and click on the Remove button to remove the selected instance from the
database. The button may be unavailable (grayed-out) for certain instances that cannot be deleted.
NOTE!
3.2.4
After applying changes or deleting an instance, click on the Save button to permanently save them
(otherwise after next reboot the device will return to the previous configuration).
General Control Buttons
The following control buttons are available in the left bottom corner of the window:
28
Refresh: Click to refresh the displayed information. Applicable mainly for certain performance and
other time-dependent parameters such as some of the parameters in Association Table (see
“Associations Page” on page 38). The displayed information is refreshed automatically whenever a
new page is selected.
Apply: Click to temporarily apply the changes.
Save: After applying changes, click to save them permanently (otherwise after next reboot the device
will return to the previous configuration).
NOTE!
The options/value range available for certain parameters depend on the current option/value set for
other values. For example, the available options for the Channels parameter depend on the currently
applied option for the Regulatory Domain. In certain cases you may have to apply a change and refresh
the displayed information for viewing current options/range of other parameters. For example, after
changing the Channel parameter you should apply the change and refresh the display to view the
correct range for the Tx Power parameter.
29
Chapter 3 - Base Station ManagementStatus
3.3
Status
Status
The Status option provides access to the following pages:
Status Page
System Page
Wireless pages:
»
VAP Page
»
Associations Page
»
Radio Page
Networking Page
Event Log Page
Alarms Page
All Status parameters are read-only, providing information on current configuration of relevant
parameters, general status information and values of certain performance counters and some
time-dependent parameters.
3.3.1
Status Page
To access the Status page click on Status in the management function selection panel.
Figure 3-4: Status Page
The Status page comprises the following sections:
30
Status
Device
CAPWAP
Network
Wireless Parameters
Interfaces
3.3.1.1
Device
Figure 3-5: Status Page, Device Section
The Device section includes the following parameters:
Table 3-1: Status Page, Device Parameters
3.3.1.2
Parameter
Description
Uptime
The time elapsed since last power-up of the device.
Date
Current date and time used by the device, in the format
yyyy/MM/dd HH:mm:ss. For details on setting the real-time
clock of the device (or using NTP) refer to “Time” on page 51.
Time Zone
The configured time zone. For details refer to“Time” on
page 51.
CAPWAP
Figure 3-6: Status Page, CAPWAP Section
CAPWAP (Control And Provisioning of Wireless Access Points) is a generic protocol that enables a
controller to manage a collection of Access Points. In the current release only the FATAP (Fat AP)
architecture in which each AP is managed separately is supported. In a future release the FITAP (Fit AP)
option will be offered, supporting a full hierarchical architecture that involves an Access Controller (AC)
31
Status
that is responsible for configuration, control, and management of several APs. For more details refer to
“CAPWAP” on page 53.
3.3.1.3
Network
Figure 3-7: Status Page, Network Section
The Network section includes the Mode parameter, indicating the networking mode used by the device:
Bridge or Router. For more details refer to “System Mode” on page 71.
3.3.1.4
Wireless Parameters
Figure 3-8: Status Page, Wireless Parameters Section
The Wireless Parameters section includes a table with the following parameters for each defined VAP:
Table 3-2: Status Page, Wireless Parameters
Parameter
Description
VAP Name
The name of the VAP.
Security Mode
The Security Mode used by the VAP
Hidden SSID
Indicates whether the SSID (VAP Name) is hidden (Enabled) or
not (Disabled).
Band
The operating radio band(s).
32
Status
Table 3-2: Status Page, Wireless Parameters
Parameter
Description
Number of Associations (11n)
The current number of associated stations. The number in
parenthesis is the number of associated stations using the
802.11n protocol.
In addition, the Total Associations parameter below the table displays the total number of stations
associated to all defined VAPs.
For more details on these wireless parameters refer to “Virtual Access Points” on page 55.
3.3.1.5
Interfaces
The Interface section includes the following tables:
Wireless Table
Ethernet Table
3.3.1.5.1
Wireless Table
Figure 3-9: Status Page, Interfaces Section, Interfaces Wireless Table
The device includes one or two radio interfaces: Wi-Fi driver 1 for the 2.4 GHz band, and (in WBSn-2450
units) Wi-Fi driver 2 for the 5 GHz band.
The Wireless Table includes the following parameters for each wireless interface available in the device:
Table 3-3: Status Page, Interfaces - Wireless Table Parameters
Parameter
Description
Name
The name of the wireless interface (Wi-Fi driver 1/Wi-Fi driver
2).
MAC Address
The MAC Address of the interface.
33
Status
Table 3-3: Status Page, Interfaces - Wireless Table Parameters
Parameter
Description
Radio Status
The status of the radio (Up or Down).
Channel
The number of the current channel used by the radio.
Channel Width
The width in MHz of the channel being used: 20 or 20/40.
For more details on these radio parameters refer to “Basic Configuration” on page 66.
3.3.1.5.2
Ethernet Table
Figure 3-10: Status Page, Interfaces Section, Interfaces Ethernet Table
The Ethernet Table includes the following parameters for the Ethernet interface of the device:
Table 3-4: Status Page, Interfaces - Ethernet Table Parameters
Parameter
Description
Name
The name of the interface (Ethernet).
MAC Address
The MAC Address of the interface.
Status
The status of the interface (Up or Down): When operating
properly, should be Up.
Speed
The current speed of the interface in Mbps:
10M/100M/1000M.
Duplex
The current duplex mode of the interface (Full or Half)).
Negotiation
Auto or Manual. Indicates whether speed and duplex mode of
the interface are set manually or using auto negotiation.
For more details on these Ethernet parameters refer to “ETH Configuration” on page 74.
3.3.2
System Page
To access the System page click on Status>System in the management function selection panel.
34
Status
Figure 3-11: Status-System Page
The System page comprises the following sections:
Time
Software Versions
Resources Utilization
Regulatory Domain
Hardware Information
3.3.2.1
Time
Figure 3-12: Status-System Page, Time Section
The Time section includes the Current Time parameter, displaying the current date and time of the
internal clock, in the format yyyy/MM/dd HH:mm:ss. For details on setting the real-time clock of the
device (or using NTP) refer to “Time” on page 51.
35
3.3.2.2
Status
Software Versions
Figure 3-13: Status-System Page, Software Versions Section
The device can hold two software versions: Main Firmware and Shadow Firmware. Typically the Main
Firmware is the running version and the Shadow Firmware is the backup version. When a new upgrade
firmware file is loaded into the device, it is stored as the Shadow Firmware. During an upgrade process,
or due to other reasons, the Shadow version may be used as the running version. For details on loading
an managing firmware version refer to “Firmware Page” on page 125.
The Software Versions section provides the version numbers for the Main Firmware and Shadow
Firmware files. An asterisk sign (*) indicates the firmware file currently used as the running version.
NOTE!
In a new unit a Shadow Version may not be available.
3.3.2.3
Resources Utilization
Figure 3-14: Status-System Page, Resources Utilization Section
The Resources Utilization section provides usage (in % of total available resource) of the CPU and
Memory resources.
36
3.3.2.4
Status
Regulatory Domain
Figure 3-15: Status-System Page, Regulatory Domain Section
The Regulatory Domain section includes the Regulatory Domain parameter, displaying the regulatory
domain currently used by the device. For more details refer to “Wireless Page” on page 54.
3.3.2.5
Hardware Information
Figure 3-16: Status-System Page, Hardware Information Section
The Hardware Information section provides Part Name and Serial Number (if applicable) for each of the
following:
Table 3-5: Status-System Page, Hardware Information Parameters
3.3.3
Parameter
Description
Device UID
The Unique IDentifier of the device’s hardware
Main Board
The main board of the device
Product Part Number
The entire device
VAP Page
To access the VAP page click on Status>Wireless>VAP in the management function selection panel.
37
Status
Figure 3-17: Status-Wireless-VAP Page
The VAP page includes the VAP Table with the following parameters for each defined VAP:
Table 3-6: Status-Wireless-VAP Page, VAP Table Parameters
Parameter
Description
ID
The VAP ID
VAP Name
The name of the VAP.
Band
The radio band(s) used by the VAP.
BSSID
The BSSID (Basic Service Set IDentifier) of the VAP (for a VAP
using both radio bands the first one is the BSSID associated
with the 2.4 GHz radio, the second is the BSSID associated with
the 5.0 GHz radio).
Number of Associations (11n)
The current number of associated stations. The number in
parenthesis is the number of stations using the 802.11n
protocol.
For more details on these parameters refer to “Virtual Access Points” on page 55.
3.3.4
Associations Page
To access the Associations page click on Status>Wireless>Associations in the management function
selection panel:
38
Status
Figure 3-18: Status-Wireless-Associations Page
Use the horizontal scroll bar (at the bottom of the page) to view additional parameters:
Figure 3-19: Status-Wireless-Associations Page (continued)
The Associations page includes the Association Table with the following parameters for each associated
station:
Table 3-7: Status-Wireless-Associations Page, Associations Table Parameters
Parameter
Description
IP Address
The IP address of the associated station
MAC
The MAC address of the associated station
Radius User ID
The User Name attribute to be used as a part of user
credentials in communication with Radius server(s)
SSID
The SSID (VAP Name) to which the station is associated
39
Status
Parameter
Description
RSSI dBm
The current RSSI (Received Signal Strength Indicator) in dBm at
which transmissions from the associated station are received by
the base station.
TX Rate [Mbps]
The current rate in Mbps at which the base station transmits to
the associated station
RX Rate [Mbps]
The current rate in Mbps at which the associated station
transmits to the base station.
State
Indicates the current association status of the station's
connection. Valid values are:
Disconnected
Association_Processing
Associated
Disconnecting
The normal status is Associated. All other states are temporary
states.
Est. Range
Estimated distance of the associated station from the base
station, in km (or N/A if the distance cannot be estimated).
WMM
A value of On in this field indicates that the associated station
supports the WMM (Wireless Multi-Media) protocol. A value of
Off indicates that WMM is not supported.
WDS
Indicates if the connection is in WDS (Wireless Distribution
System) mode (On) or not (Off). When a client station
functioning as a wireless AP connects in WDS mode, it
transmits the MAC addresses of hosts that reside behind it
across the system, transparently. This mode enables a flat
layer-2 network in which a central Access Controller may
identify each end user according to its MAC address.
Further to this, in WDS mode the base station may be
configured with sets of VLANs to be transferred transparently
to client stations connected to it in WDS mode. In this case, the
client stations transfer the traffic with the VLAN tags to their
attached hosts.
Radio
Indicates the radio band used for the connection.
PS
The Power Save status of the associated station (On or Off).
11N
Indicates whether the associated station operates using the
802.11n protocol (On), rather than in another 802.11wireless
protocol.
40
Status
Parameter
Description
TX [Bytes]
Amount of bytes transmitted towards the associated station
since association.
RX [Bytes]
Amount of bytes received from the associated station since
association.
Time since assoc.
Time elapsed in seconds since association.
Time since last activity
Time in seconds since last transmission from the associated
station.
TX Packets
Amount of packets transmitted to the associated station since
association.
RX Packets
Amount of packets received from the associated station since
association.
TX PER [%]
Packet Error Rate (in percents) on the Tx transmission path. The
number of transmitted packets that were not acknowledged
divided by the total number of transmitted packets during the
last 100 milliseconds interval.
Number of streams supported
The maximum number of spatial data streams supported by
the associated station.
TX BF support indication
Indicates whether the associated station supports
Beamforming from the base station.
SNR Indication (dB)
The Signal to Noise Ratio (in dB) of the signal received from the
associated station.
Band Width
The bandwidth used for the connection: 20 MHz or 40 MHz
(40 MHz ia applicable only for stations using the 802.11n
protocol).
To disassociate specific stations, use the checkbox on the left side of each entry to select the relevant
stations and click on the Disassociate button located below the table on the left side. To simplify
selection you can use the Select All / Unselect All checkboxes above the button.
3.3.5
Radio Page
To access the Radio page click on Status>Wireless>Radio in the management function selection panel.
41
Status
Figure 3-20: Status-Wireless-Radio Page
In WBSn-2450 units there are two tabs at the top of the Radio parameters page, allowing selection
between the 2.4 GHz and 5.0 GHz radios.
The Radio page includes the following sections:
Channel Parameters
ACS Information
ACS Results
3.3.5.1
Channel Parameters
Figure 3-21: Status-Wireless-Radio Page, Channel Parameters Section
The Channel Parameters section provide the following information for the current operating channel:
42
Status
Table 3-8: Status-Wireless-Radio Page, Channel Parameters
Parameter
Description
Noise Level (Average/Current)
The current and average (over the last 10 seconds) level of
noise (in dBm) measured by the base station.
An Average Noise Level in the range from -85 dBm to -75 dBm
indicates moderate interference. An Average Noise Level higher
than -75 dBm indicates a high level of interference. This
indication may trigger a decision to try searching for a channel
with a better quality.
3.3.5.2
Idle Time
Percentage of time that the base station has been idle during
the last 10 seconds.
Tx Activity
Percentage of time that the base station has spent transmitting
during the last 10 seconds.
Valid Rx Activity
Percentage of time that the base station has been occupied
receiving valid data (Wi-Fi transmissions) during the last 10
seconds.
Interference (Invalid Rx Activity)
Percentage of time that the base station has been occupied
receiving non-valid data (i.e. interfering traffic) during the last
10 seconds.
ACS Information
Figure 3-22: Status-Wireless-Radio Page, ACS Information Section
The ACS Information section includes the Offline Scan Time parameter, displaying the date and time at
which the last offline scan has been completed, in the format yyyy/MM/dd HH:mm:ss.
43
3.3.5.3
Status
ACS Results
Figure 3-23: Status-Wireless-Radio Page, ACS Results Section
The ACS Results section includes the following components:
Offline Scan Recommended Channels (3 Best): Channel Number and Frequency of the 3 best
channels (highest quality) according to the last offline scan results.
Offline Scan Results Table, providing the following details for each channel that participated in the
last offline scan:
Table 3-9: Status-Wireless-Radio Page, ACS Results Table
Parameter
Description
Channel
The channel number
Frequency [GHz]
The channel’s frequency, in GHz.
Quality
A graphical indicator of the channel’s quality based on the
measurements of Noise Level, Activity and Interference (see
below).
Noise Level [dBm]
The measured noise level in dBm.
Activity [%]
Percentage of time that there has been activity in the channel
during the measurement period.
Interference [%]
Percentage of time that there has been interference (non-valid
traffic) in the channel during the measurement period.
By default the results are listed in descending order of Quality.
For details on activating offline scan refer to “Offline ACS” on page 68.
44
3.3.6
Status
Networking Page
To access the Networking page click on Status>Network in the management function selection panel.
Figure 3-24: Status-Network (Networking) Page
The Networking page includes the Mode parameter, indicating the networking mode used by the
device: Bridge or Router. For more details refer to “System Mode” on page 71.
3.3.7
Event Log Page
To access the Event Log page click on Status>Event Log in the management function selection panel.
Figure 3-25: Status-Event Log Page
The internal log buffer contains the last events recorded by the system (up to a maximum of 1024
events, using a wrap-around mechanism). The Event Log page includes the Events table with the
following details for each event recorded in the Internal buffer of the device:
45
Status
Table 3-10: Status-Event Log Page, Events Table
Parameter
Description
Time
Date and time at which the event has been recorded, in the
format YYYY-MM-DD HH:MM:SS.
Severity
The severity of the event.
Topic
The topic associated with the event.
Description
A short description of the event.
For more details refer to “Log Page” on page 130.
3.3.8
Alarms Page
To access the Event Log page click on Status>Alarms in the management function selection panel.
Figure 3-26: Status-Alarms Page
The Alarms page provides information on currently open alarms. For each open alarm the following
details are displayed:
Table 3-11: Status-Alarms Page, Alarms Table
Parameter
Description
Topic
The general topic of the alarm: Wireless, Administration or CPU
and Memory.
Description
A short description of the alarm.
46
Status
Table 3-11: Status-Alarms Page, Alarms Table
Parameter
Description
Interface Name
The interface associated with the alarm: Wi-Fi driver 1/2,
Ethernet or Dummy (administration or CPU and Memory alarm
not associated with a specific interface).
Start Date Time
The date and time at which the alarm condition has been
detected, in the format DD-MM-YYYY HH:MM:SS.
Up Time (sec)
The elapsed time since detection of the alarm in the format
HH:MM:SS.
Severity
The severity level of the alarm. Currently the severity of all
alarms is Critical.
The currently supported alarms are:
Table 3-12: Supported Alarms
Description
Topic
Interface
Configuration file is corrupt. Please contact tech support.
Administration
Dummy
Device startup from shadow (fallback) firmware bank
Administration
Dummy
CPU Utilization is above threshold testParam1
CPU and Memory
Dummy
Total memory usage is above threshold testParam1
CPU and Memory
Dummy
Total capacity is above threshold testParam1 Mbps
Wireless
Ethernet
Association Count for radio 0 is above threshold 100
Wireless
Wi-Fi driver 1
Association Count for radio testParam1 is above threshold
testParam2
Wireless
Wi-Fi driver 2
Radio testParam1 is off
Wireless
Wi-Fi driver 1/2
Current Noise Level in radio testParam 1 is too high
Wireless
Wi-Fi driver 1/2
Station testParam1 is connected in very low SNR that causes
waste of network resources
Wireless
Wi-Fi driver 1/2
DFS: Channel switch due to radar detection on Wi-Fi driver
testParam1
Wireless
Wi-Fi driver 1/2
47
Chapter 3 - Base Station ManagementConfiguration
3.4
Configuration
Configuration
The Configuration option provides access to the following pages:
System Page
Wireless Page
»
VAP Page
»
Radio Page
Network Page
NOTE!
3.4.1
»
IP Configuration Page (available only in Bridge mode)
»
Bridge Page (available only in Bridge mode)
»
DHCP Relay Page (available only in Bridge mode)
»
LAN Page (available only in Router mode)
»
WAN Configuration Page (available only in Router mode)
»
Web Authentication Page
»
Bandwidth Management Page
Note that available pages (and functionality of certain parameters in other pages) depend on the
networking mode (Bridge or Router) configured in the Network Page.
System Page
To access the System page click on Configuration>System in the management function selection
panel.
48
Configuration
Figure 3-27: Configuration-System Page
The System page comprises the following sections:
General
Management Interface
Time
Location
CAPWAP
3.4.1.1
General
Figure 3-28: Configuration-System Page, General Section
The General section includes the Device Name parameter, identifying the device by a configurable name.
A string of up to 60 characters. The default name is the device type, including the suffix indicating the
default regulatory domain.
3.4.1.2
CAUTION
Management Interface
The default management interface is VLAN 1 (Bridge mode) / WAN 1 (Router mode). To verify
uninterrupted management connectivity it is highly recommended not to change the VLAN/WAN used
for the management interface.
49
Configuration
Figure 3-29: Configuration-System Page, Management Interface Section
The Management Interface section includes the following parameters:
Table 3-13: Configuration-System Page, Management Interface Parameters
Parameter
Description
VLAN List
Enables selection of the VLAN/WAN interface to be used for
management. The list of available interfaces includes all
configured VLANs/WANs.
IP Address
Read-only. The base IP address configured for the selected
VLAN/WAN.
Network Mask
Read-only. The network mask configured for the selected
VLAN/WAN.
Gateway IP
Read-only. The IP address of the default gateway configured
for the selected VLAN/WAN.
DNS 1
Read-only. The IP address of the primary DNS (Domain Name
System) server (if required) configured for the selected
VLAN/WAN.
DNS 2
Read-only. The optional IP address of the secondary DNS
(Domain Name System) server configured for the selected
VLAN/WAN.
DHCP Client Fallback IP Address
Applicable only when the interface is configured for acquiring
IP parameters using DHCP. The IP address to be used if the
device failed to acquire IP parameters from a DHCP server.
50
Configuration
Table 3-13: Configuration-System Page, Management Interface Parameters
3.4.1.3
Parameter
Description
DHCP Client Fallback Network Mask
Applicable only when the interface is configured for acquiring
IP parameters using DHCP. The network mask to be used if the
device failed to acquire IP parameters from a DHCP server. The
default is 255.255.255.0.
Enable Management from Wireless
Access Interfaces
Select True (the default) to enable management from the
wireless interface(s) to which the selected VLAN is assigned.
Select False to disable management from the wireless
interfaces.
Time
Figure 3-30: Configuration-System Page, Time Section
The Time parameters enable viewing/updating the date and time settings used by the real-time clock of
the device. The time settings parameters includes the option to support automatic time settings using
NTP (Network Time Protocol) for acquiring the time from an NTP time server. If the use of an NTP server
is enabled and an NTP server is available, the date and time used by the device will be updated
periodically according to information acquired from the NTP server. Manual setting of date and time
parameters is applicable only if NTP is disabled.
NOTE!
Correct setting of time parameter assures correct time stamps for events recorded/sent by the unit.
The use of NTP provides clock synchronization between all devices in the network.
The Time section includes the following parameters:
51
Configuration
Table 3-14: Configuration-System Page, Time Parameters
Parameter
Description
NTP
Enables selection of whether to use an NTP time server for
setting the device’s time.
The available options are:
Disable (the default)
Static (use the NTP server whose address is manually
defined - see NTP Server below).
DHCP (use DHCP to search for an NTP server)
NTP Server
The IP address of the NTP time server to be used. Applicable
only if the NTP parameter is set to Static.
Manual Time Setting
Applicable only if NTP is disabled, allowing to manually set the
date time of the base station using the format yyyy/MM/dd
HH:mm:ss.
Time Zone Configuration
The Time Zone Configuration parameter enables specifying the
appropriate time zone for the geographical location of the
base station. See more details below.
The time provided by a time server is always UTC (Coordinated Universal Time). You should properly
configured the Time Zone Configuration parameter to adjust the real-time clock to local time.
Note that GMT (Greenwich Mean Time) is an absolute reference time and does not change with the
seasons. You can change the Time Zone Configuration for adjusting the real-time clock in accordance
with local daylight saving changes.
3.4.1.4
Location
Figure 3-31: Configuration-System Page, Location Section
The Location section includes the following parameters, enabling to define informational location
details:
52
Configuration
Table 3-15: Configuration-System Page, Location Parameters
3.4.1.5
Parameter
Description
Location
An informational free-text (up to 60 characters) description of
the location of the base station
Latitude
The latitude of the base station’s location. A decimal number in
the range from -90 to 90.
Longitude
The longitude of the base station’s location. A decimal number
in the range from -180 to 180.
Azimuth
The direction (angle to north) to which the base station is
directed. A decimal number in the range from 0 to 360.
CAPWAP
Figure 3-32: Configuration-System Page, CAPWAP Section
CAPWAP (Control And Provisioning of Wireless Access Points) is a generic protocol that enables a
controller to manage a collection of Access Points. The CAPWAP protocol is described in RFC 5415. The
binding specifications for the IEEE 802.11 wireless protocol are defined in RFC5416.
The options offered by the CAPWAP protocol are:
FATAP (FAT AP Architecture): In the traditional network architecture, the APs completely implement
and terminate the 802.11 function so that frames on the wired LAN are 802.3 frames. Each AP can
be independently managed as a separate network entity on the network. The access point in such a
network is often called a “Fat AP”.
FITAP (Fit AP Architecture): The thin AP architecture is a hierarchical architecture that involves a WLAN
controller that is responsible for configuration, control, and management of several APs. The WLAN
controller is also known as the Access Controller (AC). The 802.11 function is split between the AP
and the AC. Because the APs in this model have a reduced function as compared to the fatAP
architecture, they are called “Fit APs.” The advantages of the Fit AP architecture are:
»
Centralized management
»
Automatic software upgrade
»
High security and low interference
In the current release only the FATAP (Fat AP) option is supported.
53
3.4.2
Configuration
Wireless Page
To access the Wireless page click on Configuration>Wireless in the management function selection
panel.
Figure 3-33: Configuration-Wireless Page
The Wireless page enables viewing/updating the Regulatory Domain parameter. Typically, the unit is
supplied with a default regulatory domain set to the correct option according the applicable local
regulations.
The applied regulatory domain affects radio parameters such as the available channels and the
maximum Tx power.
The available options and default depend on the unit type (the type name string includes a suffix
indicating the default regulatory domain).
3.4.3
VAP Page
To access the VAP page click on Configuration>Wireless>VAP in the management function selection
panel.
54
Configuration
Figure 3-34: Configuration-Wireless-VAP Page
The VAP page includes 2 sections:
VAP (for details see Virtual Access Points below)
MAC Access List ((for details see “MAC Access List” on page 63)
3.4.3.1
Virtual Access Points
A VAP (Virtual Access Point) simulates a physical access point. The radio can have up to 12 VAPs. Virtual
Access Points allow the wireless LAN to be segmented into multiple broadcast domains that are the
wireless equivalent of Ethernet VLANs. VAPs allow different security mechanisms for different clients on
the same access point. Virtual access points also provide better control over broadcast and multicast
traffic, which can help avoid a negative performance impact on a wireless network.
Each VAP is identified by its name that is used as the Service Set IDentifier (SSID), and a unique Basic
Service Set IDentifier (BSSID). By default, one VAP named VAP_1 which is associated with the physical
radio interface (using the MAC address of the radio interface as the BSSID) and with default values for all
other parameters, is created automatically.
This section includes:
The VAP Table
The VAP Editor
WMM
Security Modes and Parameters
55
3.4.3.1.1
Configuration
The VAP Table
Figure 3-35: Configuration-Wireless-VAP Page, VAP Table Section
The VAP Table includes the following parameters for each of the defined VAPs:
Table 3-16: Configuration-Wireless-VAP Page, VAP Table
Parameter
Description
Name
The name of the VAP, used as the SSID.
Band
Security Mode
The mode of providing security on the VAP’s wireless link.
BSSID
The unique Basic Service Set IDentifier of the VAP’s wireless
link.
For the first (default) created VAP the BSSID is the MAC address
of the radio interface.
For any additional VAP, the BSSID is incremented by 1:
BSSID(VAP#n)=BSSID(VAP#n-1)+1.
Num. of Associations
The total number of currently associated stations using any
Wi-Fi protocol, followed (in parenthesis) by the number of
associated stations using the 802.11n protocol.
Hidden SSID
Indicates whether the Hidden SSID feature (inhibiting
broadcasting of the SSID) is disabled (the default) or enabled.
Max Associations per Band
Indicates the maximum number of stations per band that may
be served simultaneously by the VAP, or Unlimited (the default).
WMM Classification
The classification type to be used for prioritization of traffic
according to the WMM (Wi-Fi Multimedia) mechanism as
defined in the IEEE 802.11e standard. The available options are
DSCP (the default), Auto and W8021p.
56
Configuration
Table 3-16: Configuration-Wireless-VAP Page, VAP Table
NOTE!
Parameter
Description
ACL Group
The name of the ACL (Access Control List) used for controlling
access to the VAP (if any).
Radius Accounting
Indicates whether Radius accounting is supported for stations
associated to the VAP.
BH SSID
Applicable only for a configuration with backhauling over the
air. The SSID of the VAP used for backhauling.
Dynamic-VLAN
Indicates whether dynamic assignment of VLANs to associated
stations is supported.
QinQ
Applicable only if Dynamic-VLAN is enabled. Indicates whether
QinQ support according to the IEEE 802.1ad standard is
enabled.
When a new VAP is created, no VLANs/LANs are mapped to it. For details on mapping VLANs/LANs to
VAPs refer to “Bridge Page” on page 78 (Bridge Mode) or to “LAN” on page 86 (Router Mode).
You cannot remove all VAPs - one VAP must exist always.
3.4.3.1.2
The VAP Editor
Figure 3-36: VAP Editor (Add)
The VAP Editor, opened by clicking on the Add or Edit buttons below the VAP table, enables defining a
new VAP or modifying the parameters of an existing one. It includes the following parameters:
57
Configuration
Table 3-17: Configuration-Wireless-VAP Page, VAP Editor
Parameter
Description
Name
The name of the VAP, used as the SSID. A string of 1 to 30
characters. The default is null which is not a valid name.
Hidden
Indicates whether the Hidden SSID feature (inhibiting
broadcasting of the SSID) is disabled (the default) or enabled.
Hiding the SSID can decrease the amount of stations that may
try connecting to the VAP.
WMM
The classification type to be used for prioritization of traffic
according to the WMM (Wi-Fi Multimedia) mechanism as
defined in the IEEE 802.11e standard. The available options
are:
DSCP (the default)
W8021p (IEEE 802.1p)
Auto
For more details see “WMM” on page 61.
Dynamic-VLAN
Indicates whether dynamic assignment of VLANs to associated
stations is supported. Applicable only if a RADIUS
authentication server is used for authenticating stations at the
time of association to the VAP. When enabled, VLANs assigned
to each station are determined by the RADIUS authentication
server.
The default is Disabled.
QinQ
Applicable only if Dynamic-VLAN is enabled. QinQ support
according to the IEEE 802.1ad standard allows two VLAN tags,
external and internal, to be inserted into a single Ethernet
frame. The internal VLAN tag is determined by a RADIUS Server
at the time of station’s authentication, and the external VLAN
tag is determined according to the VAP to which the station is
connected.
The default is Disabled.
Band
The radio band(s) to be used. Available options are 2.4 GHz
(the default), 5.0 GHz and 2.4 GHz + 5.0 GHz.
ACL Group
The name of the ACL (Access Control List) to be used for
controlling access to the VAP (if any). For more details refer to
“MAC Access List” on page 63. The default is None.
58
Configuration
Parameter
Description
Max Associations per Band
To limit the number of stations that may be associated
simultaneously to the VAP select the checkbox (deselected by
default) and specify the limit.
Note that although the maximum supported number is 256,
the actual maximum number of associations per band when
using a WPA security mode is 55. When using a WPA2 security
mode the actual maximum number of associations per band is
110.
Inactivity Timeout
Defines the time after which an inactive client will be
disassociated, assuming that this client is no longer active. Use
the slider to set the Inactivity Timeout in the range from 5 to 30
minutes. The default is 15 minutes.
Security Mode
The mode of providing authentication and data security on the
VAP’s wireless link. For details see “Security Modes and
Parameters” on page 61.
Typically, Open mode should be selected only for the default
VAP to enable over the air management. It should also be used
for Captive Portal applications (see “Web Authentication
Page” on page 103). Otherwise, if supported by client stations,
it is recommended to use WPA2-RADIUS (AES) or (if a RADIUS
server is not available) WPA2-PSK (AES).
Security Parameters for Security
Modes requiring a RADIUS Server:
Open (802.1x Auth),
Open (802.1x + MAC Auth),
WPA-RADIUS (TKIP),
WPA2-RADIUS (AES)
Radius Server IP: The IP address of the RADIUS
authentication server.
Radius Secret: Shared Secret is the key used for encrypting
the user credentials transmitted to the RADIUS server(s). For
security reasons, the Shared Secret is displayed as a series of
asterisks. Valid Shared Secret: 1 to 64 printable characters,
case sensitive.
Retry Count: The maximum number of attempts to
retransmit the credentials required for authentication before
reaching a decision on authentication failure. The range is
1-20 (retries). The default is 3 (retries).
Retry Interval (Sec): The time in seconds to wait before
retransmitting a RADIUS message if no response is received.
The range is 1-20 (seconds). The default is 3 (seconds).
59
Configuration
Parameter
Description
Security Parameters for Shared (WEP
40) and Shared (WEP 104) Security
Modes
Up to 4 WEP Keys may be configured, enabling authentication
and data encryption for clients using any of the configured
keys.
In WEP 40 mode each key comprises exactly 10 hexadecimal
(0-9, A-F) characters.
In WEP 104 mode each key comprises exactly 26 hexadecimal
characters.
Security Parameters for WPA-PSK
(TKIP) and WPA2-PSK (AES)
Select the method for configuring the PSK (Pre-Shared Key): By
Pass Phrase (the default) or by Value. According to selected
method, enter the PSK string: 8 to 63 characters if the By Pass
Phrase option was selected, or exactly 64 hexadecimal
characters if the By Value Option was selected.
Note that the same PSK configuration option should be used at
both sides of the link. Some client devices may support only
one of these options.
Use Radius Accounting
Select to enable RADIUS based accounting for client stations.
Radius Accounting Parameters
Available only if Use Radius Accounting is enabled.
Server IP Address: The IP address of the RADIUS accounting
server.
Server Shared Secret: Shared Secret is the key used for
encrypting the user credentials transmitted to the RADIUS
server(s). For security reasons, the Shared Secret is displayed
as a series of asterisks. Valid Shared Secret: 1 to 64 printable
characters, case sensitive.
Interim Interval (Sec): If not selected (disabled), then only
Session Start and Session Stop messages are transmitted to
the accounting server. If selected (enabled), this parameter
defines how often accounting information is updated and
sent to the accounting server. The range is 60 to 9999
seconds. The default is 900 seconds (15 minutes).
Retry Count: The maximum number of retransmission
attempts before reaching a decision on a failure to connect
to the server. The range is 1-20 (retries). The default is 3
(retries).
Retry Interval (Sec): The time in seconds to wait before
retransmitting a RADIUS message if no response is received.
The range is 1-20 (seconds). The default is 3 (seconds).
60
3.4.3.1.3
Configuration
WMM
WMM (Wi-Fi Multi Media), as defined by the IEEE 802.11e standard, provides basic quality of service
(QoS) features to IEEE 802.11 wireless networks. WMM prioritizes traffic on the wireless interface using
four Access Categories (AC):
Voice (the highest priority)
Video
Best Effort (data from applications or devices that do not support QoS)
Background (the lowest priority, used for file downloads, print jobs and other traffic that does not
suffer from increased latency)
Traffic on the wireless link is prioritized according to these access categories, and the implementation is
defined by the WMM specifications.
NOTE!
In order to support end-to-end QoS, both ends of the network (the CPE on the wireless side and the
switch/router on the Ethernet side) should support the same QoS priority marking.
The base station supports DSCP, 802.1p and Auto classification options. When DSCP is selected, the
base station inspects the incoming IP packets and determines the WMM priority (access category)
according to the DSCP priority bits. When W8021p (IEEE 802.1p) is selected, the base station inspects
the incoming layer-2 packets and determines the WMM priority according to the VLAN-priority bits.
When Auto mode is selected, the base station checks whether a VLAN tag exists, and if it does, it
determines the priority according to the VLAN priority. Otherwise, the priority is determined by the DSCP
value.
3.4.3.1.4
Security Modes and Parameters
The selected Security Mode option and relevant parameters define the methods to be used for
authentication of client stations and for protecting the information transferred over the wireless link.
The available options are:
Open: No authentication, no encryption of over the air information. This is the default mode that
should typically be used for testing purposes or for enabling over the air management by a system
that does not have an IEEE 802.1x supplicant. This mode should also be used in Captive Portal
applications (see “Web Authentication Page” on page 103).
Open (802.1x Auth): Authentication using a RADIUS server, no encryption of over the air
information. The WBSn unit acts as an Authenticator enabling authentication by an Authentication
(RADIUS) Server of client stations with an IEEE 802.1x supplicant.
Open (802.1x + MAC Auth): Authentication using a RADIUS server, no encryption of over the air
information. The WBSn unit acts as an Authenticator enabling authentication by an Authentication
(RADIUS) Server of client stations based on the client’s MAC address. If the MAC address cannot be
authenticated, the client may be authenticated based on credentials supplied by an IEEE 802.1x
supplicant.
61
Configuration
Shared (WEP 40) and Shared (WEP 104): WEP (Wireless Equivalent Privacy) was introduced as part
of the original 802.11 standard ratified in 1999, with the intention of providing data confidentiality
comparable to that of a traditional wired network. However, WEP has been demonstrated to have
numerous flaws and in 2004 the IEEE declared that both WEP-40 and WEP-104 "have been
deprecated as they fail to meet their security goals”. The same shared WEP key must be configured in
both side of the wireless link, and is used for both authentication and encryption of over the air
traffic. These options are available only for the default (first) VAP to optionally provide some security
for older device that do not support WPA/WPA2.
WPA-PSK (TKIP) and WPA-RADIUS (TKIP): WPA (Wi-Fi Protected Access) became available in 2003
and was intended as an intermediate measure in anticipation of the availability of the more secure
and complex WPA2. WPA is a more powerful security technology for Wi-Fi networks than WEP. It
provides strong data protection by using encryption as well as better access control and user
authentication. TKIP (Temporal Key Integrity Protocol) is used for data encryption. TKIP is no longer
considered secure and was deprecated in the 2012 revision of the 802.11 standard.
WPA has been replaced by WPA2 using the much stronger AES-based security. The WPA options are
available for supporting some client devices that do not support WPA2 with AES encryption. These
options are no longer supported for client using the IEEE 802.11n standard.
Note that the maximum number of associations per band when using WPA-PSK (TKIP) or
WPA-RADIUS (TKIP) security mode is 55.
There are two basic forms of WPA:
»
WPA-RADIUS (also known as WPA Enterprise): Requires a RADIUS server for both authentication
and keys distribution.
»
WPA-PSK (Pre-Shared Key, also known as WPA Personal).
WPA-PSK is basically an authentication mechanism in which users provide some form of credentials to
verify that they should be allowed access to a network. This requires a single password entered into
both the base station and the client station. As long as the passwords at both sides of the link match,
a client station will be granted access to the VAP.
WPA2-PSK (AES) and WPA2-RADIUS (AES): WPA2, which replaces WPA, became available in 2004
and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard. General
functionality of WPA2 is the same as described above for WPA. In particular, WPA2 introduces a new
AES-based encryption mode (CCMP) with stronger security.
According to the 802.11n specification, AES encryption protocol must be used to achieve the fast
802.11n high bit rate schemes.
Note that the maximum number of associations per band when using WPA2-PSK (AES) or
WPA2-RADIUS (AES) security mode is 110.
62
3.4.3.2
Configuration
MAC Access List
A MAC access list is a group of client MAC addresses that can be either permitted or denied access to
the network. A MAC ACL (Access Control List) can be assigned to VAP(s) through the VAP editor
(see“The VAP Editor” on page 57.).
If an Accept mode ACL is assigned to a VAP, only stations with a MAC address included in the ACL
group are allowed to associate to the VAP, and an association attempt by any stations whose MAC
address is not included will be rejected.
If a Reject mode ACL is assigned to a VAP, an association attempt by any stations whose MAC address is
included in the ACL group will be rejected. All stations with a MAC address that is not included in the
ACL group are allowed to associate to the VAP.
A maximum of 100 ACL groups can be defined. Each ACL group may include up to 1024 entries. An
entry in an ACL group can be either a specific MAC address of a group of addresses defined by the OUI
(Organizationally Unique Identifier) prefix.
The MAC Access List table
The ACL Group Editor
The ACL Entry Editor
3.4.3.2.1
The MAC Access List table
Figure 3-37: Configuration-Wireless-VAP Page, MAC Access List Section
The MAC Access List table includes the following parameters for each defined ACL:
Table 3-18: Configuration-Wireless-VAP Page, MAC Access List Table
Parameter
Description
Group Name
The name of the ACL group
Mode
The access control mode: Accept or Reject.
Num. of Address
The number of entries in the ACL group.
63
3.4.3.2.2
Configuration
The ACL Group Editor
Figure 3-38: ACL Group Editor (Edit)
The ACL Group Editor enables defining a new ACL Group or modifying the parameters of an existing
ACL Group. It includes the following parameters:
Table 3-19: Configuration-Wireless-VAP Page, ACL Group Editor Parameters
Parameter
Description
Name
The name of the ACL group. A string of up to 64 characters.
Mode
The access control mode: Reject (the default) or Accept.
In addition, the ACL Group Editor includes the MACs Table, with the standard Add/Edit/Remove buttons
for managing specific entries using the ACL Entry Editor (see below). The table includes the following
parameters for each of the existing ACL entries:
Table 3-20: Configuration-Wireless-VAP Page, ACL Group Editor MACs Table
Parameter
Description
Type
The type of the entry: Static (a specific MAC address) or OUI
MAC Address
The MAC address. For an OUI entry the last 3 octets are
displayed as XX:XX:XX, which means any address with a
matching OUI (the first 3 octets).
Description
An optional description of the entry.
64
3.4.3.2.3
Configuration
The ACL Entry Editor
Figure 3-39: ACL Entry Editor (Edit)
The ACL Entry Editor enables defining a new ACL entry or modifying the parameters of an existing ACL
entry. It includes the following parameters:
Table 3-21: Configuration-Wireless-VAP Page, ACL Entry Editor
Parameter
Description
Type
The type of the entry: OUI (the default) or Static.
Address Prefix
For an OUI entry: The Organizationally Unique Identifier. 3
octets separated by columns (e.g. 01:23:45) identifying the
manufacturer of the device.
For a Static entry: 6 octets separated by columns (e.g.
01:23:45:67:89:ab) identifying the device.
Description
An optional free-text description of the entry.
Click on the Apply button at the bottom of the editor window to apply the changes.
3.4.4
Radio Page
To access the Radio page click on Configuration>Wireless>Radio in the management function
selection panel.
65
Configuration
Figure 3-40: Configuration-Wireless-Radio Page
In WBSn-2450 units there are two tabs at the top of the Radio parameters page, allowing selection
between the 2.4 GHz and 5.0 GHz radios.
The Radio page includes 2 sections:
Basic Configuration
Offline ACS
3.4.4.1
Basic Configuration
Figure 3-41: Configuration-Wireless-Radio Page, Basic Configuration Section
66
Configuration
The Basic Configuration section includes the following parameters:
Table 3-22: Configuration-Wireless-Radio Page, Basic Configuration
Parameter
Description
Radio
The operational status of the radio (On/Off). Should be On for
normal operation. The Off option should be used only for
certain testing or maintenance purposes.
Channel Width
The bandwidth of the channel, in MHz. The options are 20
MHz (the default) and 20/40 MHz. The 20/40 MHz option
allows operation using a 40 MHz bandwidth for IEEE 802.11n
clients, provided this bandwidth is supported also by the client.
Otherwise a 20 MHz bandwidth shall be used.
Channel
The operational channel. Available options depend on the
currently applied Regulatory Domain (see “Wireless Page” on
page 54) and applied Channel Width.
Basic Rates Mode
Applicable only for 2.4 GHz Radio in Coverage mode (see
Wireless System Mode below). Defines the set of supported
clients. The options are 11 g/n (the default) and 11 b/g/n.
Wireless System Mode
Defines the method of optimizing various wireless parameters.
Capacity mode (the default) provides maximum capacity to the
maximum number of users.
Coverage mode enables achieving maximum coverage (range)
with some degradation in the overall system capacity.
Coverage mode can be useful in cases of low noise level (below
-80dBm) and low total Rx activity (when valid Rx activity plus
interference is below 30%) as shown on the Radio Status page.
In a 2.4 GHz radio, IEEE 802.11b clients can be served only in
Coverage mode (see Basic Rates Mode above).
Video mode provides optimization for video surveillance
applications where almost all traffic is in the uplinks.
Tx Power
The Tx Power conducted to each antenna port. Available range
depend on currently applied settings for the Regulatory
Domain (see “Wireless Page” on page 54), Channel Width and
Channel parameters. Use the slider to change the maximum Tx
Power. The range is from 3 dbm to the maximum allowed by
the currently applied settings for relevant parameters.
67
Configuration
Table 3-22: Configuration-Wireless-Radio Page, Basic Configuration
Parameter
Description
Long Range
Use the slider to change the maximum range in km to be
supported (the highest distance from the base station at which
a client station may be located). The higher the range the
longer the base station waits for acknowledgement of
transmitted frames. Setting the range to a value significantly
higher than necessary may result in a significantly reduced
utilization of the available bandwidth. Setting the range to a
value that is too low will result in very poor performance.
CAUTION
In some cases, due to either restrictions imposed by local regulations or any other reason, you may not
be allowed to use some of the channels available for the applied regulatory domain. It is the
responsibility of the system administration to verify that only channels allowed under all relevant
restrictions are used.
NOTE!
In units operating in ETSI Regulatory Domain, DFS (Dynamic Frequency Selection) is applied on almost all
available frequencies (excluding frequencies below 5.250 GHz) according to the applicable standards. If
a radar is detected on the operational frequency the system will automatically switch to another,
radar-free frequency.
3.4.4.2
Offline ACS
Figure 3-42: Configuration-Wireless-Radio Page, Offline ACS Section
The ACS (Automatic Channel Selection) mechanism performs a passive scan (receive only) of the
designated available channels and performs various measurement at each of the scanned channels. It
uses a unique score function to assigns a quality mark for each channel, taking into account several
parameters such as noise level, amount of total traffic and amount of interference.
During the offline ACS scan the system is non-operational. An ACS scan in progress ... bar in the
middle of the top information bar indicates the status of the scan. After completion of the scan, the
system will resume normal operation. The last ACS scan results are available in the ACS Results section
of the Status-Wireless-Radio page (see “ACS Results” on page 44). Based on these results and radio
planning considerations you can choose to change the operating channel for achieving improved
performance. You may select to automatically switch to the channel with the highest quality mark after
completion of the scan.
The Offline ACS section includes the following components:
68
Configuration
ACS Status Indication: Stopped/Pending ACS scan.../Started/Stopping ACS scan...
Select Channel button: Click the button to select the channels to be scanned. A Select Channel to
Scan: window will open:
Figure 3-43: Select Channel to Scan
The list includes all channels available for the current regulatory domain. Use the checkboxes to
select/deselected the channels to be scanned. To simplify the selection process, you may use the
Select all/Unselect all buttons.
NOTE!
Note that scanning takes about 30 seconds per each selected channel.
Scan button: Click to start ACS scan of the selected channels. Not available if the Radio is Off. A scan
control window will open:
Figure 3-44: Scan Control
The scan control window includes the following parameters:
»
Auto Switch and Save Configuration: Defines the action to take place after completion of the
ACS scan. Select the False (the default) option to resume normal operation without changing the
69
Configuration
operating channel. Select True to automatically switch to the channel with the highest quality
mark and save the new configuration before resuming normal operation.
»
Estimate Scan Time: The estimated time required to complete the ACS scan.
Click on the Scan button to start the ACS scan.
Stop Scan button: Available only for a scan in progress (status of Started). Click to stop the task.
Partial results are not available (no results will be available for a task that was stopped before
completion).
3.4.5
Network Page
To access the Network page click on Configuration>Network in the management function selection
panel.
Figure 3-45: Configuration-Network Page
The Network page includes the following sections:
System Mode
Wireless Client Isolation
Broadcast/Multicast Policy
ETH Configuration
70
3.4.5.1
Configuration
System Mode
Figure 3-46: Configuration-Network Page, System Mode Section
In Bridge mode (the default), packets are forwarded according to their MAC addresses and VLANs and
providing bridging between wired and one or more wireless interfaces (VAPs). VLANs may also be used
to segregate traffic related to different wireless Virtual Access Points (VAPs) with VLAN per VAP option.
Router mode offers many capabilities, including Network Address Translation (NAT) and DHCP Server. In
Router mode, one or more LANs (groups of wireless clients) are mapped to a WAN (the interface
towards the backhaul or the Internet). Router mode passes the traffic that comes from a LAN directly to
the specified WAN, and vice versa, while keeping the NAT rules of translating the IP addresses.
3.4.5.2
Wireless Client Isolation
Figure 3-47: Configuration-Network Page, Wireless Client Isolation Section
Wireless client isolation enables blocking direct traffic between client stations. When Client Isolation is
set to Disabled (the default), relaying of traffic received from the wireless link back to the wireless link,
including broadcasts, is enabled. When set to Enabled, all traffic received from the wireless link is sent
only to the backhaul network. It may be sent back from the backhaul network to a wireless client, with
the advantage that this is fully controlled by the relevant equipment in the backhaul equipment.
To provide client isolation across base stations (block direct traffic between clients that are associated to
different base station on the same VLAN), the Proxy ARP feature (see “IP Configuration Page” on
page 74) must be enabled for all base stations in the network. When both Proxy ARP and Wireless Client
Isolation features are enabled, client isolation is maintained by dropping packets that were received via
the backhaul interface, and were not sent from the MAC address of the relevant default gateway (i.e.
the Proxy ARP MAC address).
71
Configuration
Table 3-23: Configuration-Network Page, Wireless Client Isolation Parameters
Parameter
Description
Isolation Mode
Defines whether to disable (the default) or enable the client
isolation feature. When set to Enabled client isolation is
enabled and functionality is according to the setting of the
below parameters and the Proxy ARP parameter (see “IP
Configuration Page” on page 74).
When set to Enabled, Client Isolation cannot be disabled if
Bandwidth Management is enabled (see “Bandwidth
Management Page” on page 112). To enable Bandwidth
Management, Isolation Mode must be enabled.
NOTE!
3.4.5.3
Backhaul Interface
Available only when Client Isolation is set to Enabled. Allows
selection of the backhaul interface to be used for traffic
directed to other clients. The list of available interfaces includes
Ethernet (the default) and all defined VAPs.
DHCP Server Traffic From Wireless
Available only when Client Isolation is set to Enabled. Indicates
whether to allow traffic from a DHCP server via a wireless link.
The options are Block and Allow (the default).
When enabling Isolation Mode, a warning message regarding a possible loss of management
connectivity may be displayed. This warning should be ignored (will be corrected in a future release).
Broadcast/Multicast Policy
INFORMATION
The Broadcast/Multicast limiting feature is applicable only in Bridge system mode.
The Broadcast/Multicast limiting option enable to limit the number of broadcast and multicast packets
that can be transmitted per second, in order to prevent the potential flooding of the wireless medium by
broadcasts/multicasts. When enabled, the user can configured the maximum number of packets per
second (pps) the can pass. The thresholds are defined separately for the uplink and downlink. In
addition, it is possible to exclude DHCP and ARP messages so that they will never be discarded by the
limiter mechanism.
72
Configuration
Figure 3-48: Configuration-Network Page, Broadcast/Multicast Policy Section
The Broadcast/Multicast Policy section includes the following parameters:
Table 3-24: Configuration-Network Page, Broadcast/Multicast Policy Parameters
Parameter
Description
Broadcast/Multicast limiting
When set to False (the default), transmissions of broadcasts
and multicasts are not limited. When set to True, handling of
broadcasts and multicasts will be according to the following
parameters.
Excluding ARP and DHCP
Applicable only when Broadcast/Multicast limiting is enabled.
When set to True (the default), ARP and DHCP broadcasts will
be excluded from the limiter mechanism. When set to False,
they will be handled like regular broadcasts.
Downlink limit (pps)
The maximum allowed rate (in packets per second) of
broadcasts and multicasts in the downlink. Excessive packets
will be discarded.
The range is from 10 to 9999 pps. The default is 100 pps.
Uplink limit (pps)
The maximum allowed rate (in packets per second) of
broadcasts and multicasts in the uplink. Excessive packets will
be discarded and will not be forwarded.
The range is from 10 to 9999 pps. The default is 100 pps.
73
3.4.5.4
Configuration
ETH Configuration
Figure 3-49: Configuration-Network Page, ETH Configuration Section
The ETH Configuration section includes the following Ethernet parameters:
Table 3-25: Configuration-Network Page, ETH Configuration Parameters
3.4.6
Parameter
Description
MTU
The MTU (Maximum Transmit Unit) parameter defines the
maximum packet size (in bytes) supported by the Ethernet
interface. The range is from 1200 to 1500 bytes. The default is
1500 bytes.
Link Speed/Duplex
The speed and duplex mode of the Ethernet interface. Typically
Auto mode (the default) should be selected, enabling auto
negotiation for the best speed and duplex mode. If the
networking equipment connected to the unit does not support
auto negotiation, set the link and duplex manually. Available
options for manual settings are 100M/Full, 100M/Half,
10M/Full/10M/Half (the base station supports 1000M/Full in
Auto mode, but this option cannot be set manually to prevent
potential loss of communication with the unit if this speed is
not supported by the networking equipment).
IP Configuration Page
NOTE!
The IP Configuration page is available only in Bridge mode.
To access the IP Configuration page click on Configuration>Network>IP Configuration in the
management function selection panel.
74
Configuration
Figure 3-50: Configuration-Network-IP configuration Page
The IP Configuration page enables associating VLANs with IP interfaces. The relevant networking
equipment must be configured accordingly. This provides the following benefits for VLANs associated
with an IP interface:
Executing a Ping test (see “Ping” on page 136) for verifying proper end-to-end configuration of the
relevant VLAN.
Enabling the Proxy ARP feature for this VLAN. When Proxy ARP is enabled, the base station finds the
MAC address of the default gateway configured for this VLAN. For incoming ARP Request packets it
responds with the discovered MAC address of the gateway. As a result of this, all incoming packets
are directed to the gateway, and from there the gateway routes them to their final destinations, thus
minimizing ARP broadcast traffic. Proxy ARP serves also an important role when Client Isolation is
enabled (see “Wireless Client Isolation” on page 71), maintaining clients isolation across base stations
by dropping packets that were received via the backhaul interface and were not sent from the MAC
address of the default gateway (i.e. the Proxy ARP MAC address).
NOTE!
When multiple different servers exist in the backhaul network serving the same access network, it is not
recommended to enable Proxy ARP as packets from servers other than the default gateway will be
dropped. The only exception is DHCP Server. If the DHCP Server is different than the default gateway,
DHCP packets are not dropped although they are sent from a MAC address other than the default
gateway's MAC address.
By default, upon power-up of a new unit the management interface IP parameters are assigned to
VLAN1 (the default name of the VLAN interface associated with VLAN ID 1).
The Interface IP Configuration Table
The Interface IP Configuration Editor
75
3.4.6.1
Configuration
The Interface IP Configuration Table
Figure 3-51: Configuration-Network-IP configuration Page, Interface IP Configuration Table
The Interface IP Configuration table includes the following details for each of the defined VLAN
interfaces:
Table 3-26: Configuration-Network-IP Configuration Page, Interface IP Configuration Table
Parameter
Description
Interface Name
The name of the VLAN interface (VLAN Name). For details on
defining VLANs refer to “Bridge Page” on page 78.
IP Method
Manual or DHCP.
IP Address
The IP address of the IP interface.
Mask
The network mask.
Gateway
The IP address of the default gateway.
DNS 1
The IP address of the primary DNS server be used by the WBSn
unit for URL resolving of a Captive Portal (if defined by name
rather than by IP address) when Web Authentication is
enabled.
DNS 2
The optional IP address of the secondary DNS (Domain Name
System) server to be used for URL resolving of a Captive Portal.
Proxy ARP Enabled
Indicates whether the Proxy ARP feature for this VLAN is
disabled or enabled.
To add IP parameters to a VLAN interface, click on the Add button to open the Interface IP
Configuration editor for a new Interface IP.
76
Configuration
NOTE!
IP parameters cannot be assigned to the Transparent VLAN.
To modify the parameters of an existing Interface IP Configuration instance, select it and click on the
Edit button to open the Interface IP Configuration editor for the selected instance.
To remove the IP configuration of a specific instance, select it and click on the Remove button. Click on
the Save button to remove it permanently. The IP parameters assigned to the management interface
cannot be removed.
3.4.6.2
The Interface IP Configuration Editor
Figure 3-52: IP configuration Editor
The Interface IP Configuration Editor enables defining IP parameters for a VLAN with no IP parameters or
modifying the IP parameters of an existing instance. It includes the following parameters:
Table 3-27: Configuration-Network-IP Configuration Page, Interface IP Configuration Editor
Parameter
Description
IP Method
Manual or DHCP.
IP Address
The IP address of the IP interface. Not configurable if selected
IP Method is DHCP. Each IP address must be on a separate
subnet.
Mask
The network mask. Not configurable if selected IP Method is
DHCP.
Gateway
The IP address of the default gateway. Not applicable if
selected IP Method is DHCP. Must be on the same subnet as
the IP address.
77
Configuration
Table 3-27: Configuration-Network-IP Configuration Page, Interface IP Configuration Editor
Parameter
Description
DNS 1
A proper IP address of a DNS (Domain Name System) server
(such as 8.8.8.8 for Google DNS Server) must be defined to
enable URL resolving of a Captive Portal (if defined by name
rather than by IP address) when Web Authentication is enabled
(see “Web Authentication Page” on page 103).
DNS 2
Can be the same as the primary DNS 1 server.
Proxy ARP Enabled
Indicates whether the Proxy ARP feature for this VLAN is
disabled (the default) or enabled.
NOTE!
3.4.7
After applying changes, click on the Save button to permanently save them (otherwise after next reboot
the device will return to the previous configuration).
Bridge Page
NOTE!
The Bridge page is available only in Bridge mode.
To access the Bridge page click on Configuration>Network>Bridge in the management function
selection panel.
78
Configuration
Figure 3-53: Configuration-Network-Bridge Page
The Bridge page enables defining VLANs and mapping them to the various interfaces (Ethernet interface
and defined VAPs).
Each VLAN is associated with a specific VLAN ID. The options for mapping a VLAN to the Ethernet
and/or wireless interfaces (VAPs) are:
None: The interface will neither accept nor send frames tagged with the specific VLAN ID.
Tagged: The interface will accept and send frames tagged with the specific VLAN ID.
Untagged: The interface will accept and send untagged frames (the specified VLAN ID is irrelevant
and is ignored).
In addition, a single Transparent VLAN many be defined, allowed to transparently forward all tagged and
untagged traffic. An interface can be configured as a member of the Transparent VLAN only if an
Untagged VLAN is also mapped to it.
Only a single Untagged VLAN may be mapped to each interface.
Any number of tagged VLANs may be mapped to each interface. A tagged VLAN may be mapped to any
number of interfaces.
A management VLAN with the default name VLAN1 is created automatically. This VLAN is associated
with VLAN ID 1 and is mapped as Untagged for the Ethernet and default VAP interface (VAP1).
The VLANs Table
The VLANs Editor
79
3.4.7.1
Configuration
The VLANs Table
Figure 3-54: Configuration-Network-Bridge Page, VLANs Table
The VLANs table includes the following details for each of the defined VLAN interfaces:
Table 3-28: Configuration-Network-Bridge Page, VLANs Table
Parameter
Description
ID
The VLAN ID associated with the VLAN interface.
VLAN Name
The name of the VLAN.
Ethernet
Indicates the mapping to the Ethernet interface
(Tagged/Untagged/None)
<VAP_Name> (for all defined VAPs)
Indicates the mapping to the VAP (Tagged/Untagged/None)
NOTE!
The management VLAN (see “Management Interface” on page 49) cannot be removed.
80
3.4.7.2
Configuration
The VLANs Editor
Figure 3-55: VLAN Editor
The Interface VLAN Editor enables defining a new VLAN or modifying the parameters of an existing
VLAN instance. It includes the following parameters:
Table 3-29: Configuration-Network-Bridge Page, VLANs Editor
Parameter
Description
ID
The VLAN ID associated with the VLAN interface. The ID of an
existing VLAN cannot be modified.
For a Transparent VLAN, select the Transparent checkbox. The
Transparent VLAN will be associated with VLAN ID 9999.
3.4.8
VLAN Name
The name of the VLAN. The default (if no name is defined) is
VLAN (<ID>). The default name for the Transparent VLAN is
Transparent, and it cannot be modified).
Ethernet and <VAP_Name> (for all
defined VAPs)
The mapping of the VLAN to the interface. The options for a
regular VLAN are None (the default), Tagged or Untagged. The
options for the Transparent VLAN are None (the default) or
Member.
DHCP Relay Page
NOTE!
The Bridge page is available only in Bridge mode.
To access the DHCP Relay page click on Configuration>Network>DHCP Relay in the management
function selection panel.
81
Configuration
Figure 3-56: Configuration-Network-DHCP Relay Page
The WBSn can be configured to function as a relay for DHCP messages between clients and a known
DHCP server. The implementation complies with RFC-2131 and RFC-3046. The client communicates
directly with a DHCP server with the exception that the WBSn unit inserts Option 82 (Relay Agent
Information) to DHCP messages forwarded to the backbone and removes them from received messages
before forwarding them to the client. Any DHCP discovery/request message coming from the client that
includes option 82 information will be dropped.
WBSn enables defining one or more DHCP Relay Profiles, with different DHCP servers and/or option 82
parameters for clients on different VLANs.
The DHCP page includes the following parameters:
Table 3-30: Configuration-Network-DHCP Relay Parameters
Parameter
Description
DHCP Relay Profile
Use the drop-down list to select one of the existing DHCP Relay
profiles (if defined).
Backhaul
The VLAN to be used on the backhaul interface for
communicating with the relevant DHCP server. The list of
VLANs in the drop-down list includes all VLANs that are not
defined yet as Relayed VLANs (see below).
DHCP server address
The IP address of the DHCP server to be used for clients on any
of the VLANs marked as Relayed VLANs (see below).
82
Configuration
Table 3-30: Configuration-Network-DHCP Relay Parameters
Parameter
Description
Customize Circuit ID
The Circuit ID sub-option. Available options are System defined
(the default), VLAN ID, SSID and BSSID.
Customize Remote ID
The Remote ID sub-option. Available options are Empty (the
default), SSID, BSSID, Client MAC, MAC SSID (MAC + SSID)
and Free text. If the Free text option is selected, the necessary
text string should be entered in the text box below.
Relayed VLANs
Select the VLANs to be relayed to the DHCP server via the
specified Backhaul VLAN. The specified Backhaul VLAN is
selected by default and cannot be deselected. The list of
available VLANs does not include VLANs already selected as
Relayed VLANs for other profiles.
To add a new profile:
1 Click on the Add button to open the Relay Name editor.
Figure 3-57: DHCP Relay Name Editor
2 Enter the name to be used for identifying the DHCP Relay and click on the Apply button. The new
profile will be added to the list of DHCP Relay Profiles.
3 Configure the relevant parameters for the profile (see details in the parameters table above).
To modify the name of an existing profile:
1 Select the profile to be renamed and click on the Rename button to open the Relay Name editor.
2 Enter the new name to be used for identifying the DHCP Relay and click on the Apply button.
To delete an existing profile from the database:
Select the profile to be deleted and click on the Delete button to remove the selected profile from the
database.
83
Configuration
To edit the parameters of an existing profile:
Select the profile to be edited and modify the relevant parameters for the selected profile (see details in
the parameters table above).
3.4.9
LAN Page
NOTE!
The LAN page is available only in Router mode.
The LAN page enables defining LAN(s) to be used in the wireless network and configuring various
routing and DHCP features for each LAN.
To access the LAN page click on Configuration>Network>LANn in the management function
selection panel.
Figure 3-58: Configuration-Network-LAN Page
The LAN page includes the following sections:
General
LAN
NAT
Port Forwarding
DMZ
84
Configuration
DHCP Configuration
3.4.9.1
General
Figure 3-59: Configuration-Network-LAN Page, General Section
The General section of the LAN page enables managing the general parameters of LAN subnets. It
includes the following parameters:
Table 3-31: Configuration-Network-LAN Page, General Parameters
Parameter
Description
LAN Subnet
The name of the selected LAN subnet. The drop-down list
includes all defined LANs.
IP Address
The base IP address of the selected LAN subnet
Mask
The mask used for defining the selected subnet (together with
the IP address).
Route to WAN
The name of the WAN to which traffic from the clients that are
members of the selected LAN subnet will be routed (backhaul
interface).
By default, one LAN with the following parameters is automatically created:
Table 3-32: Default LAN General Parameters
Parameter
Description
LAN Subnet
LAN 1
IP Address
192.168.2.1
Mask
255.255.255.0
Route to WAN
WAN 1
To add a new LAN Subnet:
85
Configuration
1 Click on the Add button to open the New LAN Subnet editor:
Figure 3-60: New LAN Subnet Editor
2 Enter the IP Address, Mask and Route to WAN parameters for the new LAN Subnet.
3 Click on the Apply button. The new LAN Subnet will be added to the list of LANs with the name LAN
# (# is the automatically generated sequential number of the LAN Subnet: 2, 3 and so on).
To remove a LAN Subnet from the database:
Select the LAN Subnet in the drop-down list and click on the Remove button.
To view/edit the parameters of a LAN subnet:
Select the LAN Subnet in the drop-down list and view/edit its’ parameters.
3.4.9.2
LAN
Figure 3-61: Configuration-Network-LAN Page, LAN Associations Table
The LAN section includes the LAN Associations table, enabling to manage the VAPs associated with the
LAN subnet. Only VAPs already associated with the currently selected LAN Subnet, or VAPs that are not
associated with any LAN Subnet, are shown (a VAP cannot be associated with more than one LAN
86
Configuration
Subnet). For each available VAP the VAP’s ID, Name and Band are shown. Use the checkboxes on the left
side to associate/disassociate VAP(s) with the currently selected LAN Subnet.
By default, upon switching to Router mode all previously defined VAPs are associated with the default
LAN subnet (LAN 1).
3.4.9.3
NAT
Figure 3-62: Configuration-Network-LAN Page, NAT Section
NAT (Network Address Translation) is used in conjunction with IP masquerading which is a technique
that hides an entire IP address space, usually consisting of private network IP addresses, behind a single
IP address in another, usually public address space. The routing device uses stateful translation tables to
map the "hidden" addresses into a single IP address and readdresses the outgoing packets on exit so
they appear to originate from the routing device. In the reverse communications path, responses are
mapped back to the originating IP addresses using the rules ("state") stored in the translation tables.
Note that the basic NAT mechanism enables communication through the router only when the
conversation originates in the masqueraded network, since this establishes the translation tables. For
example, a web browser in the masqueraded network can browse a web site outside, but a web
browser outside could not browse a web site hosted within the masqueraded network. However,
features such as Port Forwarding and DMZ allow the network administrator to configure translation
table entries for permanent use, allowing traffic originating in the "outside" network to reach
designated hosts in the masqueraded network.
The NAT section includes the following parameters:
Table 3-33: Configuration-Network-LAN Page, NAT Parameters
Parameter
Description
NAT Enabled
Check (the default) to enable NAT functionality for the LAN
subnet. Deselect to disable NAT functionality.
NAT Public IP
The public (external) IP address to be used for the NAT
functionality. The drop-down list includes all IP addresses (base
addresses and secondary addresses) configured for the
associated WAN (see “WAN Settings” on page 97).
87
3.4.9.4
Configuration
Port Forwarding
Network Address Translation (NAT) only allows requests coming from the internal network to the
external network, which means that it is impossible as such for an external machine to initiate
communication with a machine on the internal network. In other words, the internal network machines
cannot operate as a server with regards the external network.
For this reason, there is a NAT extension called "port forwarding" or port mapping consisting of
configuring the gateway to send all packets received on a particular port to a specific machine on the
internal network. When configuring port forwarding, the network administrator sets aside a port
number on the gateway for the exclusive use of communicating with a service in the private network,
located on a specific host. External hosts must know this port number and the address of the gateway to
communicate with the network-internal service. Often, the port numbers of well-known Internet
services, such as port number 80 for web services (HTTP), are used in port forwarding, so that common
Internet services may be implemented on hosts within private networks.
The Port Forwarding Table
The Port Forwarding Editor
Standard Supported Application Protocols
3.4.9.4.1
The Port Forwarding Table
Figure 3-63: Configuration-Network-LAN Page, Port Forwarding Section
The Port Forwarding table includes the following parameters for each configured entry:
88
Configuration
Table 3-34: Configuration-Network-LAN Page, Port Forwarding Table Parameters
3.4.9.4.2
Parameter
Description
Description
A description of the entry. For standard application layer
protocols the default is the name of the application protocol.
External IP
The external (public) IP address used by the port forwarding
rule.
External Port
The number of the external port used by the port forwarding
rule.
Internal IP
The internal (private) IP address used by the port forwarding
rule.
Internal Port
The number of the internal port used by the port forwarding
rule.
Protocol
The transportation layer protocol (TCP, UDP or Both).
The Port Forwarding Editor
Figure 3-64: The Port Forwarding Editor
The Port Forwarding editor includes the following parameters:
Table 3-35: Configuration-Network-LAN Page, Port Forwarding Editor
Parameter
Description
Profile Selection
Select one of the standard application layer protocol or none
(empty) for a protocol not included in the drop-down list. For
details on standard supported protocols refer to “Standard
Supported Application Protocols” on page 90.
89
Configuration
Table 3-35: Configuration-Network-LAN Page, Port Forwarding Editor
Parameter
Description
Description
A description of the entry. For standard application layer
protocols the default is the name of the application protocol.
WAN
The WAN to be used for the port forwarding rule. The
drop-down list includes all configured WANs.
External IP
The external (public) IP address to be used by the port
forwarding rule. The drop-down list includes all relevant IP
addresses (subnet base addresses, secondary IP addresses)
configured for the selected WAN (for details refer to “WAN
Settings” on page 97).
Do not use the management IP address as an external address
in port forwarding.
External Port
The number of the external port to be used by the port
forwarding rule. For standard application protocols the default
is the standard port number.
Internal IP
The internal (private) IP address to be used by the port
forwarding rule. Must belong to the configured LAN subnet.
Internal Port
The number of the internal port to be used by the port
forwarding rule. For standard application protocols the default
is the standard port number.
Protocol
The transportation layer protocol (TCP, UDP or Both). to be
used by the port forwarding rule. For standard application
protocols the default is the standard transportation layer
protocol.
CAUTION
Do not use the management IP address for port forwarding.
3.4.9.4.3
Standard Supported Application Protocols
The standard application protocols supported by the base station are:
Table 3-36: Standard Application Protocols
Application Layer Protocol
Default Port
Default Transportation Layer Protocol
SMTP
25
TCP
HTTP
80
TCP
HTTPS
443
TCP
90
Configuration
Table 3-36: Standard Application Protocols
NOTE!
3.4.9.5
Application Layer Protocol
Default Port
Default Transportation Layer Protocol
FTP
21*
TCP
Telnet
23
TCP
TFTP
69
UDP
NTP
123
UDP
SNMP
161
UDP
SNMP Trap
162
UDP
Port 21 is for FTP control (commands). If needed, support for Port 20 (FTP data transfer) should be added
manually.
DMZ
DMZ (De-Militarized Zone) allows unrestricted 2-way communication between a machine in the internal
LAN and other users or servers in the external (typically the Internet) network. This application is useful
for supporting special-purpose services that require proprietary client software and/or 2-way user
communication. DMZ is implemented by associating a specific IP address in the internal (private)
network with a specific public IP address. All traffic to the external public IP address is forwarded to the
internal address, and vice versa.
The DMZ Table
The DMZ Editor
91
3.4.9.5.1
Configuration
The DMZ Table
Figure 3-65: Configuration-Network-LAN Page, DMZ Section
The DMZ table includes the following parameters for each configured entry:
Table 3-37: Configuration-Network-LAN Page, DMZ Table Parameters
3.4.9.5.2
Parameter
Description
External IP
The external (public) IP address used by the DMZ rule.
Internal IP
The internal (private) IP address used by the DMZ rule.
The DMZ Editor
Figure 3-66: The DMZ Editor
The DMZ editor includes the following parameters:
Table 3-38: Configuration-Network-LAN Page, DMZ Editor
Parameter
Description
WAN
The WAN to be used for the port forwarding rule. The
drop-down list includes all configured WANs.
92
Configuration
Table 3-38: Configuration-Network-LAN Page, DMZ Editor
Parameter
Description
External IP
The external (public) IP address to be used by the DMZ rule. The
drop-down list includes all relevant IP addresses (subnet base
addresses, secondary IP addresses) configured for the selected
WAN (for details refer to “WAN Settings” on page 97).
Do not use the management IP address as an external address
in DMZ.
Internal IP
The internal (private) IP address to be used by the DMZ rule.
Must belong to the configured LAN subnet.
CAUTION
Do not use the management IP address for DMZ.
3.4.9.6
DHCP Configuration
The base station supports the following DHCP options:
No DHCP: The base station is not involved at all in the DHCP process.
DHCP Server: The base station functions as a DHCP server for clients on the selected LAN.
DHCP Relay: The base station functions as a relay for DHCP messages between clients on the selected
LAN and a known DHCP server (see also information note below).
The DHCP Configuration section enables selection of the DHCP mode and configuration of relevant
parameters for DHCP Server mode.
INFORMATION
For details on configuration of parameters for DHCP Relay mode (in Router system mode) refer to
“DHCP Relay” on page 102.
DHCP Configuration
The Reserved IP Editor
93
3.4.9.6.1
Configuration
DHCP Configuration
Figure 3-67: Configuration-Network-LAN Page, DHCP Configuration Section
The DHCP Configuration section includes the following parameters:
Table 3-39: Configuration-Network-LAN Page, DHCP Configuration Parameters
Parameter
Description
DHCP Mode
The DHCP mode for clients on the selected LAN: DHCP Server,
DHCP Relay, No DHCP.
The default for the default LAN (LAN 1) is DHCP Server. The
default for additional LANs is No DHCP.
The following parameters are applicable only for DHCP Server
mode.
Note: Before selecting DHCP Relay mode DHCP Relay should
be enabled for the relevant WAN (see “DHCP Relay” on
page 102).
Start Address
The first IP address in the addresses pool used for IP addresses
allocation. Must be in the LAN subnet.
End Address
The last IP address in the addresses pool used for IP addresses
allocation. Must be in the LAN subnet.
Lease Time (Min.)
The lease time in minutes of allocated IP addresses. 0 means
never expires.
94
Configuration
Table 3-39: Configuration-Network-LAN Page, DHCP Configuration Parameters
3.4.9.6.2
Parameter
Description
Reservation IP List
A table of IP Addresses reserved for specific clients (based on
the client’s MAC Address).
The Reserved IP Editor
Figure 3-68: The Reserved IP Editor
The Reserved IP editor includes the following parameters:
Table 3-40: Configuration-Network-LAN Page, Reserved IP Editor
3.4.10
Parameter
Description
IP Address
The IP address to be reserved for a specific client. Must be is the
IP pool (Start Address to End Address).
MAC Address
The MAC address of the client for which the IP address is
reserved. Should be in the format xx.xx.xx.xx.xx.xx.
WAN Configuration Page
NOTE!
The WAN Configuration page is available only in Router mode.
The WAN Configuration page enables defining WAN(s) to be used in the Ethernet backhaul network
and configuring optional DHCP Relay parameters for each WAN.
To access the WAN Configuration page click on Configuration>Network>WAN in the management
95
Configuration
Figure 3-69: Configuration-Network-WAN Configuration Page
The WAN Configuration page includes the following sections:
WAN Settings
DHCP Relay
96
Configuration
3.4.10.1 WAN Settings
Figure 3-70: Configuration-Network-WAN Configuration Page, WAN Settings Section
The WAN Settings section of the WAN Configuration page enables managing the parameters of WAN
subnets, including additional IP addresses that may be used to support the NAT, Port Forwarding and
DMZ features.
WAN Settings General Parameters
WAN IPs Table
The WAN IP Editor - Add Operation
The WAN IP Editor - Edit Operation
3.4.10.1.1 WAN Settings General Parameters
The general parameters in the WAN Setting section are:
97
Configuration
Table 3-41: Configuration-Network-WAN Configuration Page, WAN General Parameters
Parameter
Description
WAN List
The name of the selected WAN. The drop-down list includes all
defined WANs.
VLAN ID
The VLAN ID associated with the selected WAN subnet.
Gateway IP
The default gateway IP address of the selected WAN subnet.
DNS Server 1 IP
The IP address of the primary DNS server be used by the WBSn
unit for URL resolving of a Captive Portal (if defined by name
rather than by IP address) when Web Authentication is
enabled.
DNS Server 2 IP
Tagged
If the checkbox is marked as selected, the specified VLAN ID
will be used for tagging the WAN’s traffic.
By default, one WAN with the following parameters is automatically created:
Table 3-42: Default WAN Settings Parameters
Parameter
Description
WAN List
WAN 1
VLAN ID
1
Gateway IP
The IP address of the default gateway configured for the
management interface
DNS Server 1 IP
null
DNS Server 2 IP
null
Tagged
Not selected (untagged)
CAUTION
It is highly recommended to keep the configuration of the WAN used for the management interface as
untagged (No VLAN).
To add a new WAN:
1 Click on the Add button to open the New WAN editor:
98
Configuration
Figure 3-71: New WAN Editor
2 Enter the VLAN ID to be used for the new WAN. The configured VLAN ID number will be used also as
an identifier of the new WAN.
INFORMATION
Only a single WAN (usually the one used for the management interface) can be untagged. All other
WANs are marked as tagged by default.
3 Click on the Apply button.
4 The new WAN will be added to the list of WANs with the name WAN <VLAN ID>.
To remove a WAN from the database:
Select the WAN in the drop-down list and click on the Remove button.
To view/edit the parameters of a WAN:
Select the WAN in the drop-down list and view/edit its’ parameters.
3.4.10.1.2 WAN IPs Table
The WAN IPs table includes the following parameters for each entry:
Table 3-43: Configuration-Network-WAN Configuration Page, WAN IPs Table Parameters
Parameter
Description
IP Method
The method of acquiring IP parameters for the WAN subnet:
Manual or DHCP.
IP Address
The base IP address of the WAN subnet.
IP Mask
The network mask of the WAN subnet.
Secondary IP
Additional IP addresses in the WAN subnet that are specifically
defined to optionally support the NAT, Port Forwarding and
DMZ features.
99
Configuration
The default WAN (WAN 1) has the following default entry in the IPs table:
Table 3-44: Configuration-Network-WAN Configuration Page, WAN IPs Table Parameters
Parameter
Description
IP Method
As defined for the management interface.
IP Address
IP Mask
Secondary IP
None
3.4.10.1.3 The WAN IP Editor - Add Operation
Figure 3-72: The WAN IP Editor - Add Operation
To add a new IP subnet (hidden IP) to the WAN, configure the following parameters:
Table 3-45: The WAN IP Editor Add Operation Parameters
Parameter
Description
IP Address
The base IP address of the WAN subnet. Applicable only if IP
Method is set to Manual.
IP Method
The method of acquiring IP parameters for the WAN subnet:
Manual or DHCP. Configurable only for the first entry of the
table (in additional entries it is read-only, set to the value
selected for the first entry).
Mask
The network mask of the WAN subnet. Applicable only if IP
Method is set to Manual.
Gateway
The IP address of the default gateway. Configurable only for
the first entry of the table (in additional entries it is read-only,
set to the value selected for the first entry).
100
Configuration
3.4.10.1.4 The WAN IP Editor - Edit Operation
Figure 3-73: The WAN IP Editor - Edit Operation
The Edit mode of the WAN IP editor enables managing the Secondary IP List, in additional to optionally
editing general IP subnet parameters. Entries in the Secondary IP List must belong to the configured
WAN subnet.
CAUTION
It is highly recommended to avoid modifying the IP parameters (IP Address, IP Method, Mask and
Gateway) of the management interface. If necessary, carefully verify correct configuration to ensure that
management connectivity to the unit will be maintained.
101
Configuration
3.4.10.2 DHCP Relay
Figure 3-74: Configuration-Network-WAN Configuration Page, DHCP Relay Section
The WBSn can be configured to function as a relay for DHCP messages between clients and a known
DHCP server. The implementation complies with RFC-2131 and RFC-3046. The client communicates
directly with a DHCP server with the exception that the WBSn unit inserts Option 82 (Relay Agent
Information) to DHCP messages forwarded to the backbone and removes them from received messages
before forwarding them to the client. Any DHCP discovery/request message coming from the client that
includes option 82 information will be dropped.
WBSn enables defining DHCP Relay functionality for each WAN. This functionality will apply to clients on
all LANs routed through the relevant WAN that are configured for operation in DHCP Relay mode (see
“DHCP Configuration” on page 94).
The DHCP section includes the following parameters:
Table 3-46: Configuration-Network--WAN Configuration Page, DHCP Relay Parameters
Parameter
Description
Enable DHCP Relay
Select the checkbox to enable DHCP Relay functionality for the
WAN selected in the WAN Settings section.
DHCP server address
The IP address of the DHCP server to be used for clients on any
of the LANs marked as Relayed LANs (see below).
102
Configuration
Table 3-46: Configuration-Network--WAN Configuration Page, DHCP Relay Parameters
Parameter
Description
Customize Circuit ID
The Circuit ID sub-option. Available options are System defined
(the default), VLAN ID, SSID and BSSID.
Customize Remote ID
The Remote ID sub-option. Available options are Empty (the
default), SSID, BSSID, Client MAC, MAC SSID (MAC + SSID)
and Free text. If the Free text option is selected, the necessary
text string should be entered in the text box below.
Relayed LANs
A read-only list indicating the relayed LANs. For details see
description of the configuration process for DHCP Relay
functionality described below.
The process for defining DHCP Relay functionality is:
1 Enable DHCP Relay functionality for the selected WAN, configure the relevant parameters (DHCP
server address, Customize Circuit ID, Customize Remote ID) and click on the Apply button.
INFORMATION
At this stage, THe Relayed LANs list displays all configured LANs, but none of them is marked as relayed.
2 In the LAN page, select a LAN routed through the relevant WAN, select the DHCP Relay option for the
DHCP Mode parameter in the DHCP Configuration section (see “DHCP Configuration” on page 94)
and click on the Apply button.
3 If necessary, repeat step 2 above for additional LAN(s) routed through the same WAN.
INFORMATION
At this stage, all LANs routed through the relevant WAN that were configured to operate in DHCP Relay
mode are marked as relayed in the Relayed LANs list.
4 If necessary, repeat the procedure for additional WAN(s).
3.4.11
Web Authentication Page
Web Portal Redirection, also known as Captive Portal capability forces an HTTP client on a network to
see a special web page (usually for authentication purposes) before using the Internet normally. Captive
Portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that
offer Wi-Fi hot spots for Internet users. When an associated client tries to access the web, the browser is
redirected to the Captive Portal page which may require authentication and/or payment, or simply
display an acceptable use policy and require the user to agree.
103
Configuration
The Walled Garden feature is a "White List" of URLs which associated users can access with no need for
authentication. One of the URLs in this list can be a server through which users may purchase access to
the network, and obtain their username and password. For URLs that are not included in the White List,
the integral Access Controller presents a Captive Portal to the user.
NOTE!
For web authentication (and, if applicable, billing) connection to Radius server(s) is required.
To access the Web Authentication page click on Configuration>Network>Web Authentication in
the management function selection panel.
Figure 3-75: Configuration-Network-Web Authentication Page
The Web Authentication page enables definition of one or more profiles, each with its’ own set of
relevant policies and parameters. Each profile defines how to handle browsing traffic from/to relevant
clients.
The Web Authentication page comprises the following sections:
Web authentication profiles
General Configuration
VAP Binding
Servers White List
Radius Accounting
104
Configuration
3.4.11.1 Web authentication profiles
Figure 3-76: Configuration-Network-Web Authentication Page, Web authentication profiles
Section
The drop-down list in the Web authentication profile section enables selection of an existing profile for
viewing/editing its’ parameters. The Web authentication profiles section also enables adding and
deleting authentication profiles to/from the database. For each profile a set of policies and parameters
should be defined in the following sections. By default, no Web authentication profiles are defined.
To add a new Web authentication profile:
1 Click on the Add button to open the profile name editor for a new profile.
Figure 3-77: New Profile name Editor
2 Specify a unique name for the new profile (1 to 30 characters) and click on the Apply button.
3 After creating a new profile, you should define relevant policies and parameters for this profile in the
sections below.
To remove a Web authentication profile from the database:
Select the profile in the drop-down list and click on the Remove button.
To view/edit the parameters of an existing Web authentication profile:
Select the profile in the drop-down list. Use the sections below to view/edit relevant parameters.
105
Configuration
3.4.11.2 General Configuration
Figure 3-78: Configuration-Network-Web Authentication Page, General Configuration Section
The General Configuration section includes the following parameters:
106
Configuration
Table 3-47: Configuration-Network-Web Authentication Page, General Configuration
Parameters
Parameter
Description
Enable Profile
Each profile is associated with a single VLAN interface. This is
the VLAN to be used in the backhaul for relevant “signaling”
communication (e.g communication with the Captive Portal,
Radius Server etc.) prior to authentication. After authentication
the VLAN to be used for data communication will be according
to the VLAN configuration for the relevant VAP. To associate a
profile with a VLAN, select the Enable Profile checkbox and
select the required VLAN from the drop-down list (the list
includes all configured VLANs. The default is the default
management VLAN).
Note: More than one profile may be associated with the same
VLAN. The differentiation between profiles is based on the
VAPs specified for each profile (see “VAP Binding” on
page 109).
Deselect the checkbox to temporarily disable an existing profile
without removing it from the database.
Radius IP Address
The IP address of the Radius authentication server to be used
for authenticating clients redirected using the profile.
Radius shared key
The shared key to be used for communicating with the Radius
authentication server. A string of 1 to ..... characters, case
sensitive. For security reasons, the shared key is displayed as a
series of asterisks.
Portal URL
The URL to which users will be redirected when they try to
access any URL not on the "walled garden" white list (see
“Servers White List” on page 109). Either a host name or an IP
address can be used for defining the URL.
See also note below.
Login failure URL
The URL of the web page to which a user should be redirected
if the login fails, or if the credentials cannot be verified. Either a
host name or an IP address can be used for defining the URL.
Login success URL
The URL of the web page to which the user should be
redirected if the login is correctly authenticated. Either a host
name or an IP address can be used for defining the URL.
107
Configuration
Table 3-47: Configuration-Network-Web Authentication Page, General Configuration
Parameters
Parameter
Description
Enable HTTPS
Select to enable HTTP Secure communication for relevant
clients. The default is deselected (HTTPS disabled). To fully
enable HTTPS, proper certificate and key should be uploaded
from a trusted certificate authority (see relevant parameters
below). The following parameters are applicable only if HTTPS
is enabled.
Certificate status:
Displays the current status of the certificate. Applicable only
after loading a valid certificate.
Key status:
Displays the current status of the key. Applicable only after
loading a valid key.
Certificate host name
The host name used for validating certification. The same host
name should be common to all base stations in the network.
Can be either the host name string or the host’s IP address.
Note: This must be the same host name as specified in the
certificate.
Upload Protocol
The protocol to be used for uploading the certificate and key.
The options are HTTP (the default) and FTP.
FTP Server IP
The IP address of the FTP server to be used for acquiring the
certificate and key. Applicable only if selected Upload Protocol
is FTP. The default is 192.168.200.254
Certificate path (FTP)
The full path to the certificate file in the FTP server.
Certificate key path (FTP)
The full path to the key file in the FTP server.
Certificate path (HTTP)
The full path to the certificate file which must be available in
the management station or elsewhere in the reachable
network. Enter the full path or click on the Browse... button to
open the Open window. Browse to the required location and
click Open. The selected path will be copied to the Certificate
path (HTTP) field.
Certificate key path (HTPT)
The full path to the key file which must be available in the
management station or elsewhere in the reachable network.
Enter the full path or click on the Browse... button to open the
Open window. Browse to the required location and click
Open. The selected path will be copied to the Certificate key
path (HTTP) field.
108
NOTE!
Configuration
If a host name (rather than an IP address) is used for specifying the Portal URL/Login Failure URL/Login
Success URL, then DNS 1 (and optionally DNS 2) must be defined to support proper URL resolving by the
unit (see “The Interface IP Configuration Editor” on page 77 for Bridge mode or “WAN Settings” on
page 97 for Router mode).
To upload HTTPS certificate and key (if required):
After completing definition of all relevant HTTPS parameters, click on the Upload Cert. button to
upload the certificate. Click on the Upload Key button to upload the key.
3.4.11.3 VAP Binding
The Associated VAPs table displays general details (ID, Name and Band) for each VAP that is not already
associated with another existing profiles. Use the checkboxes on the left side to select/deselect the
VAP(s) to be associated with the profile. All clients connected via the selected VAP(s) will be handled
according to the rules defined by the relevant profile.
Figure 3-79: Configuration-Network-Web Authentication Page, VAP Binding Section
NOTE!
To properly support Captive Portal capability, for all VAPs associated with an active Web Authentication
profile the security mode must be set to Open.
3.4.11.4 Servers White List
The Servers White List, also known as Walled Garden, contains URL accessible to the user without the
need for authentication. It is used to either limit the set of sites that are accessible to certain users
(schools and colleges extensively use the walled garden method to prevent students from accessing
inappropriate content on the Web) or to specify certain sites that are accessible prior to complying with
109
Configuration
the required terms. Some Wi-Fi Hotspots allow you to search on Google and when you try to advance
on to a search result you are then redirected to the captive portal.
NOTE!
The Portal URL(s), Login Failure URL(s), Login Success URL(s) and relevant Radius Authentication Server(s)
must be included in the Servers White List.
Figure 3-80: Configuration-Network-Web Authentication Page, Servers White List Section
To add a new white listed server:
1 Click on the Add button to open the White List Server editor for a new server.
Figure 3-81: White List Server Editor
2 Specify the Host name. It can be either a host name (e.g. google.co.uk) or an IP address.
3 You can optionally enter a Description for the server.
4 Click on the Apply button. The server will be added to the list.
To remove a server from the list:
110
Configuration
Select the required entry in the list and click on the Remove button.
To edit the parameters of an existing white listed server:
1 Select the required entry in the list and click on the Edit button to open the White List Server editor.
2 Perform necessary changes and click on the Apply button.
3.4.11.5 Radius Accounting
Figure 3-82: Configuration-Network-Web Authentication Page, Radius Accounting Section
The Radius Accounting section enables defining the parameters required for supporting accounting by a
Radius server. It includes the following parameters:
Table 3-48: Configuration-Network-Web Authentication Page, Radius Accounting Parameter
Parameter
Description
Use Radius Accounting
Select to enable Radius Accounting
Server IP Address
The IP address of the Radius accounting server.
Server Shared Secret
Shared Secret is the key used for encrypting the user
credentials transmitted to the Radius server. For security
reasons, the Shared Secret is displayed as a series of asterisks.
Valid Shared Secret: 1 to 64 printable characters, case sensitive.
Interim Interval (Sec)
If not selected (disabled), then only Session Start and Session
Stop messages are transmitted to the accounting server. If
selected (the default), this parameter defines how often
accounting information is updated and sent to the accounting
server. The range is 60 to 9999 seconds. The default is 900
seconds (15 minutes).
111
Configuration
Table 3-48: Configuration-Network-Web Authentication Page, Radius Accounting Parameter
3.4.12
Parameter
Description
Retry Count
The maximum number of retransmission attempts before
reaching a decision on a failure to connect to the server. The
range is 1-20 (retries). The default is 3 (retries).
Retry Interval (Sec)
The time in seconds to wait before retransmitting a Radius
message if no response is received. The range is 1-20 (seconds).
The default is 3 (seconds).
Bandwidth Management Page
To access the Bandwidth Management page click on Configuration>Network>Bandwidth
Management in the management function selection panel.
Figure 3-83: Configuration-Network-Bandwidth Management Page
To improve efficiency of allocating bandwidth resources to different end users/applications according to
the system administrator's preferences, bandwidth management is available at multiple levels:
Entire AP
Per VAP
Per client on a specific VAP
In addition, per client limitations may be available from a Radius Authentication server.
The Bandwidth Management page includes the following sections:
General Configuration
VAP Bandwidth Limits
Clients Profile Bandwidth Limits
112
Configuration
3.4.12.1 General Configuration
Figure 3-84: Configuration-Network-Bandwidth Management Page, General Configuration
Section
The General Configuration section includes the following parameters:
Table 3-49: Configuration-Network-Bandwidth Management Page, General Configuration
Parameters
Parameter
Description
Enable Bandwidth Management
Select to enable the bandwidth management feature. By
default bandwidth management is disabled (deselected).
All other bandwidth management parameters are applicable
only if Bandwidth Management is enabled.
Note that Bandwidth Management cannot be enabled if
Wireless Client Isolation (see “Wireless Client Isolation” on
page 71 is disabled.
Max Downlink Bandwidth for Entire AP
The maximum bandwidth in Kbit/sec to be allocated to the
downlink for the entire AP (all VAPs). Select the No Limit
checkbox (deselected by default) for no limit on the total
downlink bandwidth, or configure the preferred limitation.
The range is from 100 to 1000000, the default is 300000.
Max Uplink Bandwidth for Entire AP
uplink for the entire AP (all VAPs). Select the No Limit
checkbox (deselected by default) for no limit on the total
uplink bandwidth, or configure the preferred limitation. The
range is from 100 to 1000000, the default is 100000.
3.4.12.2 VAP Bandwidth Limits
The VAP Bandwidth Limits section enables viewing and modifying the bandwidth limits per VAP,
including optional allocation of a default per-client limits and limitation of the total bandwidth that may
be used by unauthenticated clients.
VAP Bandwidth Limits Table
113
Configuration
VAP Bandwidth Limits Editor
3.4.12.2.1 VAP Bandwidth Limits Table
Figure 3-85: Configuration-Network-Bandwidth Management Page, VAP Bandwidth Limits Table
The VAP Bandwidth Limits table includes the following parameters for each of the defined VAPs:
Table 3-50: Configuration-Network-Bandwidth Management Page, VAP Bandwidth Limits Table
Parameters
Parameter
Description
ID
The VAP’s ID.
Name
The VAP’s name.
Band
Downlink bandwidth limit
The maximum bandwidth to be allocated to the downlink of
the VAP, or “Use Specified Limit (Entire Limit)”, meanings
that the limit will be the same as the one configured for the
Max Downlink Bandwidth for Entire AP parameter.
Uplink bandwidth limit
The maximum bandwidth to be allocated to the uplink of
the VAP, or “Use Specified Limit (Entire Limit)”, meanings
that the limit will be the same as the one configured for the
Max Uplink Bandwidth for Entire AP parameter.
Preference Level
Not applicable for current release.
Client Default Profile
The Client Default Profile (if other than None) defines the
bandwidth limitations for clients connected on the VAP. See
details in “Clients Profile Bandwidth Limits” on page 116.
Use the drop-down list to selected a previously defined
profile, or None (the default).
Note that bandwidth limitations for specific clients may be
received from an Authentication Radius server. Such
limitations will override the limitations specified by the
default profile.
114
Configuration
Table 3-50: Configuration-Network-Bandwidth Management Page, VAP Bandwidth Limits Table
Parameters
Parameter
Description
Aggregated limit for unauthenticated
clients
The wireless medium may be loaded by too much traffic
associated with unauthenticated clients. This parameter
defines the upper limit for the total traffic of such clients, in
% of total traffic on the VAP.
3.4.12.2.2 VAP Bandwidth Limits Editor
Figure 3-86: VAP Bandwidth Limits Editor
The VAP Bandwidth Limits editor includes the following parameters:
Table 3-51: Configuration-Network-Bandwidth Management Page, VAP Bandwidth Limits Editor
Parameters
Parameter
Description
downlink of the VAP, or “Use Specified Limit (Entire Limit)”,
meanings that the limit will be the same as the one
configured for the Max Downlink Bandwidth for Entire AP
parameter. To configure a limit other than the one specified
for the entire AP, deselect the Use Specified Limit (Entire
Limit) checkbox above (the default is Use Specified Limit
(Entire Limit) checkbox selected) and enter the required
limitation. The range is from 100 to 1000000, the default is
100.
115
Configuration
Table 3-51: Configuration-Network-Bandwidth Management Page, VAP Bandwidth Limits Editor
Parameters
Parameter
Description
uplink of the VAP, or “Use Specified Limit (Entire Limit)”,
meanings that the limit will be the same as the one
configured for the Max Uplink Bandwidth for Entire AP
parameter. To configure a limit other than the one specified
for the entire AP, deselect the Use Specified Limit (Entire
Limit) checkbox above (the default is Use Specified Limit
(Entire Limit) checkbox selected) and enter the required
limitation. The range is from 100 to 1000000, the default is
100.
Preference Level
Not applicable for current release.
Client Default Profile
The Client Default Profile (if other than None) defines the
bandwidth limitations for clients connected on the VAP. See
details in “Clients Profile Bandwidth Limits” on page 116.
Note that bandwidth limitations for specific clients may be
received from an Authentication Radius server. Such
limitations will override the limitations specified by the
default profile.
Aggregated limit for unauthenticated
clients
The wireless medium may be loaded by too much traffic
associated with unauthenticated clients. This parameter
defines the upper limit for the total traffic of such clients, in
% of total traffic on the VAP.
3.4.12.3 Clients Profile Bandwidth Limits
The Clients Profile Bandwidth Limits section enables managing profiles defining clients’ bandwidth
limitations. When a profile is selected as the Client Default Profile for a VAP (see “VAP Bandwidth
Limits” on page 113), it is used to define the bandwidth limitations for clients connected on the VAP.
Note that bandwidth limitations for specific clients may be received from an Authentication Radius
server. Such limitations will override the limitations specified by the default profile.
Clients Profile Bandwidth Limits Table
Clients Profile Bandwidth Limits Editor
116
Configuration
3.4.12.3.1 Clients Profile Bandwidth Limits Table
Figure 3-87: Configuration-Network-Bandwidth Management Page, Clients Profile Bandwidth
Limits Table
The Clients Profile Bandwidth Limits table includes the following parameters for each of the defined
profiles:
Table 3-52: Configuration-Network-Bandwidth Management Page, Clients Profile Bandwidth
Limits Table Parameters
Parameter
Description
Name
The profile’s name.
The maximum bandwidth to be allocated to the downlink of
each client.
The maximum bandwidth to be allocated to the uplink of
teach client.
Preference Level
3.4.12.3.2 Clients Profile Bandwidth Limits Editor
Figure 3-88: Clients Profile Bandwidth Limits Editor
The Clients Profile Bandwidth Limits editor includes the following parameters:
117
Configuration
Table 3-53: Configuration-Network-Bandwidth Management Page, Clients Profile Bandwidth
Limits Editor Parameters
Parameter
Description
Name
The profile’s name. Configurable only when creating a new
profile (Add).
downlink of each client. The range is from 100 to 1000000.
The default is 100.
uplink of teach client. The range is from 100 to 1000000.
The default is 100.
Preference Level
118
Chapter 3 - Base Station ManagementAdministration
3.5
Administration
Administration
The Administration option provides access to the following pages:
Local Management Page
Users Page
Firmware Page
Configuration Files Page
Log Page
Diagnostics Page
3.5.1
Local Management Page
To access the Local Management page click on Administration>Management in the management
Figure 3-89: Administration-Management (Local Management) Page
The Local Management page comprises the following sections:
Reboot
FTP
WEB
SNMP Community
Language Configuration
119
3.5.1.1
Administration
Reboot
Figure 3-90: Administration-Management (Local Management) Page, Reboot Section
To reboot the device click on the Reboot button. A Reboot in progress... bar in the middle of the top
information bar indicates the status of the reboot process. During the reboot process the management
utility is disabled.
NOTE!
3.5.1.2
Changes that were not saved will be ignored. After reboot the last saved configuration values will be
used.
FTP
Figure 3-91: Administration-Management (Local Management) Page, FTP Section
The FTP section includes the following parameters defining the FTP server to be used for loading new
firmware files and how to access it:
Table 3-54: Local Management Page, FTP Parameter
Parameter
Description
Server IP
The IP address of the FTP server. The default is 192.168.1.2
120
Administration
Table 3-54: Local Management Page, FTP Parameter
Parameter
Description
Anonymous Login
Defines how to access the FTP server:
On (the default) is for accessing the FTP anonymously (without
specifying User Name and Password). Can be used only if the
FTP server allows login without login credentials.
Off indicates that user credentials (User Name and Password)
should be provided for getting access to the FTP server.
NOTE!
3.5.1.3
FTP User
The FTP User name string must be defined if login credential
are required by the FTP server (Anonymous Login is set to Off).
FTP Password
The FTP Password string must be defined if login credential are
required by the FTP server (Anonymous Login is set to Off). For
security reasons the Password string is not visible.
Any change to the FTP Server IP parameter in the Firmware page (see “Firmware Page” on page 125) is
reflected automatically in the Server IP parameter in the Local Management page, and vice versa.
WEB
Figure 3-92: Administration-Management (Local Management) Page, WEB Section
The WEB section includes the following parameters, defining the method of accessing the web-based
EMS utility:
Table 3-55: Local Management Page, WEB Parameter
Parameter
Description
HTTPS
Enables (True)/Disables (False) HTTPS. The default is True
(enable HTTPS).
121
Administration
Table 3-55: Local Management Page, WEB Parameter
3.5.1.4
Parameter
Description
HTTPS Port
The port used for HTTPS traffic. The default is 443 (standard). If
for any reason the port number is changed, than the
non-standard port number must be specified:
https://<IP_Address>:<Port#>.
Force HTTPS
Defines whether to redirect HTTP requests to HTTPS. The
default is true (force HTTPS).
HTTP
Enables (True)/Disables (False) HTTP. The default is True (enable
HTTP).
HTTP Port
The port used for HTTP traffic. The default is 80 (standard). If
for any reason the port number is changed, than the
non-standard port number must be specified:
http://<IP_Address>:<Port#>.
SNMP Community
Figure 3-93: Administration-Management (Local Management) Page, SNMP Community Section
The SNMP Community section includes the following parameters defining the communities to be used
for SNMP (Simple Network Management Protocol) based management of the unit:
Table 3-56: Local Management Page, SNMP Community Parameter
3.5.1.5
Parameter
Description
SNMP Read
The SNMP Read community string. The default is public.
SNMP Write
The SNMP Write community string. The default is private.
Language Configuration
The default user interface of the management utility is in english. Currently english is the only supported
language and the Language Configuration section (designed to support loading of new language files
and selection of the language to be used for the user interface) is not usable.
3.5.2
Users Page
To access the Users page click on Administration>Users in the management function selection panel.
122
Administration
Figure 3-94: Administration-Users Page
The Users page enables managing the users that are authorized to manage the device.
There are two Permission types (privileges):
Users with Administrator permission are granted full management capabilities.
Users with Viewer permission are granted read-only privileges. They cannot change any of the
configurable parameters. They also cannot execute most of the actions (Ping and Tech. Support
features in the Diagnostics page are available to these users).
Two users are available by default:
A user with Administration permission:
»
User Name: admin
»
Password: admin
A user with Viewer permission:
»
User Name: viewer
»
Password:
NOTE!
For increased security it is recommended to modify the User Name/Password of the default users.
The Users table includes the User Name and Permission for each of the defined users. For increased
security, users with Administration permission are not visible for users with Viewer permission.
To add a User, click on the Add button to open the User editor for a new User instance.
123
Administration
To modify the parameters of an existing User, select it and click on the Edit button to open the User
editor for the selected User.
To remove a specific User, select it and click on the Delete button. Click on the Save button to remove
it permanently.
The default users may be modified but they cannot be removed.
Figure 3-95: Administration-User Editor (Edit)
The User editor includes the following parameters:
Table 3-57: Administration-Users Page, User Editor
Parameter
Description
User Name
The user name.
Permission
The privileges level: Viewer or Administrator.
Set Password
Available only when editing an existing user. Select to enable
modification of the Password.
Password
The password to be used with the defined User Name. A string
of at least 4 characters. For security reasons the Password
string is not visible. When editing an existing user, available
only if the Set Password option is selected.
Confirm Password
Re-enter the password to confirm that you entered the correct
password.
Click on the Apply button at the bottom of the editor window to apply the changes. If you changed
User Name and or Password of an existing user, the changes will take effect only after next reboot of the
device.
NOTE!
124
3.5.3
Administration
Firmware Page
To access the Firmware page click on Administration>Firmware in the management function selection
panel.
Figure 3-96: Administration-Firmware Page
The Firmware page enables managing the firmware versions of the device.
There are two options for loading a firmware file:
Using FTP for loading the file from an FTP server. The FTP server parameters (IP address and user
credentials if applicable) are defined in the Local Management page (see “FTP” on page 120).
However, in the Firmware page you may select a different IP address.
NOTE!
Any change to the FTP Server IP parameter in the Firmware page is reflected automatically in the Server
IP parameter in the Local Management page, and vice versa.
Using HTTP for loading a file that should be available on the PC used for managing the unit.
The device can hold two firmware versions: Main Firmware and Shadow Firmware. You can view the two
versions in the Status>System page (see “Software Versions” on page 36). Main Firmware indicates the
currently running version. Shadow Firmware indicates the current backup version.
NOTE!
In a new unit a Shadow Version may not be available.
The Firmware parameters are:
125
Administration
Table 3-58: Firmware Page Parameter
Parameter
Description
Upgrade Protocol
The protocol to be used for loading an upgrade firmware file:
FTP (the default) or HTTP.
FTP Server IP
Applicable only if Upgrade Protocol is set to FTP. The IP address
of the FTP server. The default is 192.168.1.2.
Upgrade File Path (FTP)
Applicable only if Upgrade Protocol is set to FTP. The path to
the firmware file in the FTP server.
Upgrade File (HTTP)
Applicable only if Upgrade Protocol is set to HTTP. Click on the
Browse button to open the Open dialog box, navigate to the
location where the file is stored and click Open to select the
required file. The full path to the file will be displayed in the
Upgrade File (HTTP) field.
NOTE!
Before performing an upgrade, read the applicable Release Note and Upgrade Procedure instructions.
To load the firmware as the new Shadow firmware using FTP:
1 Verify that the required file is available in the FTP server.
2 In the Upgrade Protocol field select FTP.
3 Configure the FTP Server IP address.
4 In the Upgrade File Path (FTP) specify the full path to the upgrade file.
5 Click on the Upgrade button to load the specified file as the new Shadow Firmware. You will be
requested to confirm the action. A progress bar in the middle of the top information bar indicates the
status of the process.
To load the firmware as the new Shadow firmware using HTTP:
1 Verify that the required file is available in your PC’s file system.
2 In the Upgrade Protocol field select HTTP.
3 Click on the Browse button to open the Open dialog box, navigate to the location where the file is
stored and click Open to select the file. The full path to the file will be displayed in the Upgrade File
(HTTP) field.
126
Administration
4 Click on the Upgrade button to load the specified file as the new Shadow Firmware. You will be
requested to confirm the action.
To complete the upgrade by switching to the new firmware:
Click on the Switch button. You will be requested to confirm the requested action. A Switch in
progress... bar in the middle of the top information bar indicates the status of the process. After reboot
the running version will be the version previously defined as Shadow Firmware that is now defined as
the Main Firmware. The firmware previously defined as Main Firmware is now defined as Shadow
Version.
NOTE!
After switching to a new firmware version, you will be logged out. To verify status or perform necessary
changes you have to login again.
After verifying that the device functions properly with the new version, it is recommended to reload it so
that it will be used for both Shadow and Main versions (unless you prefer keeping the previous version
as the Shadow version to allow future use of this version using the Switch functionality).
After switching to a new firmware version you may need to perform certain configuration changes. For
details see the applicable Release Note and Upgrade Procedure instructions.
Each firmware has its own configuration file. After a firmware upgrade procedure is performed, a new
configuration file is included in the upgrade. This configuration file will adopt the current configuration
settings once the newly upgraded firmware is run. The new configuration file may contain new features
that could modify current configurations. Also, even if no new features are included in the upgrade, but
new configurations were specified by the user, a newer version of the configuration file is created. If you
wish to revert back to the previous firmware and the previous configuration file, you need to perform a
rollback procedure by clicking on the Rollback button. After reboot the device will run using the
previous firmware and the previous configuration file.
3.5.4
Configuration Files Page
To access the Configuration Files page click on Administration>Configuration Files in the
management function selection panel.
127
Administration
Figure 3-97: Administration-Configuration Files Page
The Configuration Files page comprises the following sections:
Import and Export Group
Backup and Restore Group
Default Configuration
3.5.4.1
Import and Export Group
Figure 3-98: Administration-Configuration Files Page, Import and Export Group Section
The Import and Export Group section enables importing and exporting a complete configuration file:
To export a configuration file to the management PC’s file system:
1 Click on the Export button. A Save dialog box will open.
2 Navigate to the required location and, if needed, modify the file name (the default name is
saved_config.xml).
3 Click on the Save button to save an xml file with the current configuration in the specified location
and file name.
128
Administration
To import a configuration file from the management PC’s file system:
1 Click on the Browse button. An Open dialog box will open.
2
Navigate to the required location.
3 Click Open. The full path to the configuration file will be displayed in the Import File (HTTP) field.
4 Click on the Import button to import the file to the device.
5 A reboot notification is displayed. Click Yes to complete the import operation and reboot the device.
After reboot the imported configuration file will be used as the running configuration file.
3.5.4.2
Backup and Restore Group
Figure 3-99: Administration-Configuration Files Page, Backup and Restore Group Section
The Backup and Restore Group section enables creating and saving a backup file of current
configuration and reverting to a previously saved backup configuration.
The File Name and Date fields display the name (saved_config.xml.bak) of the last saved backup file, and
the date and time at which it was saved.
The result (success/failure) of the last Backup procedures is indicated above the Backup button.
To save a backup file:
Click on the Backup button. The device will save a backup file of the current configuration. The result of
the backup procedure will be indicated above the Backup button. For a Backup success result the File
Name and Date fields will be updated.
To restore the previously saved backup file:
1 Click on the Restore button. You will be requested to confirm the action.
129
Administration
2 Click Yes to confirm the restore action. The system will reboot. After reboot the backup file will be
used as the running configuration file,
3.5.4.3
Default Configuration
Figure 3-100: Administration-Configuration Files Page, Default Configuration Section
The Default Configuration section enables reverting to the factory default configuration.
To fully revert to the factory default configuration:
Click on the Default button. A confirmation request message will be displayed. After confirmation the
device will reboot and restart running with the default configuration.
CAUTION
After the device reverts to the factory default configuration (including management IP parameters and
other parameters related to management) you will most probably loose the ability to remotely manage
the device.
To revert to the factory default configuration without loosing remote management
connectivity:
Click on the Default keep current IP button. A confirmation request message will be displayed. After
confirmation the device will reboot and restart running with the default configuration, excluding
parameters required for maintaining remote management connectivity.
3.5.5
Log Page
To access the Log page click on Administration>Log in the management function selection panel.
130
Administration
Figure 3-101: Administration-Log Page
The Log page enables defining how to handle events. The Log page comprises the following sections:
SysLog
SNMP Traps
Event Severity
3.5.5.1
SysLog
Figure 3-102: Administration-Log Page, SysLog Section
The device can be configured to send all or certain events (see also Event Severity below) to an external
SysLog server. The SysLog section enables defining the parameters of the SysLog server:
Table 3-59: Log Page, SysLog Parameter
Parameter
Description
SysLog Enabled
Defines whether to enable sending events to a SysLog server.
The default is On.
SysLog Server
The IP address of the SysLog server. The default is 192.168.1.2.
131
Administration
Table 3-59: Log Page, SysLog Parameter
3.5.5.2
Parameter
Description
SysLog Server Port
The port used for communication with the SysLog server. The
default is 514. This is the system UDP port assigned by IETF
(Internet Engineering Task Force).
SNMP Traps
Figure 3-103: Administration-Log Page, SNMP Traps Section
The device can be configured to send all or certain events (see also Event Severity below) as SNMP traps.
The SNMP Traps section enables defining the parameters for sending traps:
Set SNMP Trap Enabled to On to enable sending of SNMP traps.
The Trap Destination Address table display IP addresses of trap destinations. By default it includes a
single address (192.168.1.2). Use the Add, Edit and Remove buttons located below the table to modify
the list of trap destination addresses.
132
3.5.5.3
Administration
Event Severity
Figure 3-104: Administration-Log Page, Event Severity Section
There are 3 different options for handling events:
Store in an internal buffer. These events can be viewed in the Status>Event Log page (See “Event Log
Page” on page 45).
Send to a SysLog server (see also SysLog above).
Send as SNMP traps (see also SNMP Traps above).
The Event Severity table enables defining for each event topic the severity levels to be applied for each of
these options. The Event Severity table includes the following parameter:
Table 3-60: Log Page, Event Severity Table Parameter
Parameter
Description
Topic
The event topic (group)
Buffer
Indicates the severity level of events belonging to the
applicable topic that will be stored in the internal buffer.
SysLog
applicable topic that will be sent to the SysLog server.
SNMP
applicable topic that will be sent as SNMP traps to the trap
destination(s).
133
Administration
By default, all events are stored in the internal buffer and sent to SysLog and SNMP trap destination(s).
To change the configuration for a specific topic, select the required instance and click on the Edit button
to open the Event Severity editor:
Figure 3-105: Event Severity Editor
For each option (Buffer, SysLog, SNMP) select one of the following options:
None (none of the events belonging to the selected topic will be stored/sent)
All Events (the default - all events belonging to the selected topic will be stored/sent)
Warning and Critical (for events belonging to the selected topic, only events with either Warning or
Critical severity will be stored/sent)
Critical (for events belonging to the selected topic, only events with Critical severity will be
stored/sent)
NOTE!
3.5.6
Diagnostics Page
To access the Diagnostics page click on Administration>Diagnostics in the management function
selection panel.
134
Administration
Figure 3-106: Administration-Log Page
The Diagnostics page enables initiating a ping test from the base station to test the reachability of a
remote host on and to measure the round-trip time for messages sent to the destination. It also enables
preparation of a Tech. Support file with full details of the current status of the base station.
The Diagnostics page comprises the following sections:
Tech Support
Ping
3.5.6.1
Tech Support
Figure 3-107: Administration-Diagnostics Page, Import and Export Group Section
The Tech Support option enables creating a zipped file with detailed information regarding current
configuration and possible problems. This file may be sent to the support team of the supplier for
diagnostics and advice on solving problems.
To generate a Tech Support file:
1 Click on the Tech. Support button. A Save dialog box will open:
135
Administration
Figure 3-108: Tech Support Save Window
2 Navigate to the required location and, if needed, modify the file name (the default name is
TechSupport_<IP_Address>_<Date & Time>.zip).
Click on the Save button to save a zipped file with the current diagnostics information in the
specified location and file name.
3.5.6.2
Ping
Figure 3-109: Administration-Diagnostics Page, Ping Section
The Ping section includes the following parameters required for initiating a Ping test from the base
station to a destination device:
136
Administration
Table 3-61: Diagnostics Page, Ping Parameter
Parameter
Description
Source IP
The source VLAN interface. The list of available options
includes all existing VLANs with defined IP parameters (see “IP
Configuration Page” on page 74).
Dest IP
The IP address of the destination device. The default is
192.168.1.2
Packet Size (Bytes)
The size of packets to be sent. The default is 100 bytes.
Count
The number of packets to be sent. The default is 10.
To initiate a Ping test:
1 Configure the test parameters according to your needs.
2 Click on the Start button to initiate the Ping test.
Ping test parameters and statistics are displayed below. You may click on the Stop button (available only
when the test is active) to terminate the test before its planned completion.
137
Chapter 3 - Base Station ManagementPreparing Base Station Configuration Files
Preparing Base Station Configuration Files
3.6
Preparing Base Station Configuration Files
3.6.1
Introduction
For preparation of configuration files to be loaded to base stations after installation use a laboratory
setup consisting of a base station connected with a short 8-wires Ethernet cable a PoE Injector, and
connect your PC to the IN port of the PoE adaptor.
3.6.2
Preparing the First (Base) Configuration File
1 To prepare the first configuration file, configure all parameters as required. Time setting should be
configured only if synchronization with an NTP server should be used.
2 After completion, set the IP address of the PC to an address in the configured management subnet
and reconnect to the management utility.
3.6.3
Saving a Base Station Configuration File
1 Click on Administration>Configuration Files in the management function selection panel.
2 In the Import and Export Group section, click on the Export button. A Save dialog box will open.
3 Navigate to the required location and specify an appropriate name for the file (a unique identifier of
the target base station).
4 Click on the Save button to save an xml file with the current configuration in the specified location
and file name.
3.6.4
Preparing Additional Base Station Configuration Files
1 Most parameters should be common for all base stations belonging to the same network. To create
an additional file for another base station, modify only the parameters that should be configured to
different values such as VAP name, relevant IP parameters, etc. After completing these changes click
on the Save button.
2 Save the configuration file using a unique file name for identification purposes (see Saving a Base
Station Configuration File above).
3 To prepare additional configuration files for more base stations repeat steps 1 to 2.
138
Appendix A - Troubleshooting
In this Appendix:
“Base Station Troubleshooting” on page 140
Appendix A - TroubleshootingBase Station Troubleshooting
A.1
Base Station Troubleshooting
A.1.1
Base Station LEDs Description
Table A-1: Base Station LEDs Description
LED
Description
Status
Off: No power or start of reboot.
Red: Reboot in process.
Orange: Rescue mode is running (see “Restarting the Unit in
Rescue Mode” on page 141).
Green: Normal operation.
Wireless
Applicable only during normal operation (Status LED is green).
Off: No radio is on.
Orange: Only one radio is on
Green: Both radios are on
In BreezeVIDEO the LED must be orange during normal
operation (off or Green indicate either a wrong configuration
or a malfunctioning unit).
Ethernet
Off: No Ethernet activity.
Blinking Green: Ethernet activity indication.
A.1.2
Using the Reset Button of the Base Station
The recessed Reset (RST) button is located below the USB button. To use it remove the plastic cap used
for sealing the USB connector and the RST button).
CAUTION
After using the Reset button, ensure the button and USB connector are properly sealed with the plastic
cap.
The Reset button enables the following actions:
A.1.2.1
Resetting the Base Station
To reset the unit during normal operation, use a sharp object to press the Reset button for a short time.
This will cause a hard-reset operation equivalent to disconnecting/reconnecting power to the unit
(Reboot actions executed from the management system cause soft-reset).
140
A.1.2.2
Returning the Base Station to Factory Default Configuration
To return to factory default configuration press the Reset button continuously for at least 20 seconds
(but less than 40 seconds). The unit will reset and restart using the factory default configuration
(including management IP parameters).
A.1.2.3
Restarting the Unit in Rescue Mode
Rescue Mode is a special operation mode allowing to access the unit when it does not operate properly
for one of the following reasons:
1 Frequent power interruptions - when the power disconnects/reconnects on several concurrent
occasions within a few minutes.
2 Inability to manage the unit due to a configuration problem.
3 The firmware files in both banks are corrupted.
Under the above conditions it is impossible the access the unit using the management applications or
perform a reset.
To restart the unit in rescue mode press the Reset button continuously for at least 40 seconds. The unit
will reset and restart in rescue mode, allowing access through a simplified web interface using the
default IP address (192.168.1.1), regardless of the regular operational IP address:
Figure A-1: Rescue Mode Entry Screen
141
NOTE!
If you do not login to the system through the simplified web interface within ten minutes of entering
Rescue Mode, the system will automatically reboot and try to load the regular operational version. If you
log in through this interface, the system will stay in rescue mode until rebooted manually.
If the reason you entered Rescue Mode is repeated power interruptions (reason 1 above), click on the
Reboot button. The unit should restart in normal operation.
If the reason you entered Rescue Mode is because the device does not operate properly and you are not
able to access the EMS utility even after reboot, try solving the problem by to uploading a correct
firmware file without changing the current configuration:
1 Click on the Choose File button and navigate to the location of the appropriate dlv file (should be a
firmware file known to be good) and select it. The name to the selected file will be displayed.
2 Select the firmware bank (0 or 1) to which the selected file will be loaded.
3 Click on the Upload button. The progress of the upload process is displayed. At the end of the
process the result is indicated.
Figure A-2: Rescue Mode - Upgrade Progress Screen
NOTE!
It is highly recommended to upload the firmware file to both banks before rebooting the unit, regardless
of the order in which they are loaded.
142
4 After successful completion of the upload process, click on the Reboot button. After reset the unit
should resume normal operation using the uploaded firmware.
If normal operation is not resumed after uploading a good firmware file, then most probably there is a
configuration problem. Click on the Default Configuration button. After a few minutes the unit
should restart using the factory default configuration.
INFORMATION
Click on the Flash State button if you wish to verify which software files are installed in the base
station.
143
Appendix B - Preparing the
Ethernet Cables
In this Appendix:
“Preparing the Base Station’s Ethernet Cable” on page 145
Appendix B - Preparing the Ethernet CablesPreparing the Base Station’s Ethernet Cable
Appendix B - Preparing the Ethernet Cables
Preparing the Base Station’s Ethernet Cable
B.1
NOTE!
Use only Category 5e (or higher) outdoors Ethernet cable.
Use only shielded RJ-45 8-pin modular plugs.
Make sure that the length of the Ethernet cable is sufficient for reaching from the intended location of
the base station to the intended location of the indoor equipment.
The combined length of the outdoor Ethernet cable (from the base station to the PoE Injector) and the
Ethernet cable connecting the PoE Injector to the data networking equipment should not exceed 100
meters.
1 The unit is supplied with the sealing gland attached to the Ethernet (ETH) connector.
Figure B-1: Ethernet Sealing Gland Components
CAUTION
Do not attempt to remove the sealing gland base from the unit.
The USB port is for engineering purposes only. Ensure that the USB port is always properly sealed with
the plastic cap.
2 Unscrew the nut (use the extraction key supplied with the unit or an equivalent tool) and remove it
from the base.
3 Remove the rubber bushing (inner sleeve) from the base of the gland.
4 Remove the plug from the nut and feed the Ethernet cable through the nut and rubber bushing.
145
Appendix B - Preparing the Ethernet CablesPreparing the Base Station’s Ethernet Cable
Appendix B - Preparing the Ethernet Cables
Figure B-2: Ethernet Cable Routed Through Nut and Bushing
5 Insert and crimp the shielded RJ-45 connector. Use a crimp tool for RJ-45 connectors to prepare the
wires. Insert them into the appropriate pins and use the tool to crimp the connector. All 8 pins must
be connected (see details in Table B-1 below). Make sure to do the following:
»
Remove as small a length as possible of the external jacket. Verify that the external jacket is well
inside the sealing gland when connected to the unit, to ensure good sealing.
»
Pull back the shield drain wire before inserting the cable into the RJ-45 connector, to provide a
good connection with the connector's shield after crimping. To ensure a good shielding
connection solder the shield wire to the connector’s shield after crimping.
6 Connect the cable to the Ethernet connector.
7 Firmly push the rubber bushing back into place inside the base of the gland.
8 Close the nut using the extraction key supplied with the unit or an equivalent tool and tighten it
firmly to ensure proper sealing.
The PoE Injector provides power over 1Gbps Ethernet, meaning that there are no spare wires. All wires
are used for power and data concurrently:
Table B-1: Base Station Ethernet Cable - RJ-45 PoE Pins
Pin
Signal
Wire Color
Description
1
BI_DA+
Orange-White
Bi-directional pair A +, PoE GND
2
BI_DA-
Orange
Bi-directional pair A -, PoE GND
3
BI_DB+
Green-White
Bi-directional pair B +, PoE +55V
4
BI_DC+
Blue
Bi-directional pair C +, PoE +55V
5
BI_DC-
Blue-White
Bi-directional pair C -, PoE +55V
6
BI_DB-
Green
Bi-directional pair B -, PoE +55V
7
BI_DD+
Brown-White
Bi-directional pair D +, PoE GND
8
BI_DD-
Brown
Bi-directional pair D -, PoE GND
146
Appendix C - Web Redirection
Forms
In this Appendix:
The Web Redirection Process and Forms
Appendix C - Web Redirection FormsThe Web Redirection Process and Forms
Appendix C - Web Redirection Forms
C.1
The Web redirection and authentication process is performed as follows:
1 The end user connects to the base station.
2 The user gets an IP by DHCP (DHCP & DNS services are allowed before user authentication with AAA).
3 The user tries accessing the internet by browsing a Web page.
4 The base station redirects the user to the portal URL.
5 In the portal the user is presented with a web page enabling the user to pay & get user/password for
access to the internet (or to agree to required terms of use).
A login page (or form) is provided by the portal Web to perform the login.
When working with HTTP, the login form should be:
<form name="login" action="http://1.1.1.1/login/" method="post"
<input name="username" type="text" value=""/>
<input name="password" type="password"/>
</form>
When working with HTTPS, the login form should be:
<form name="login" action="https://<certificate host name>/login/" method="post"
<input name="username" type="text" value=""/>
<input name="password" type="password"/>
</form>
Where <certificate host name> is the hostname identifying the certificate installed on the base
station.
6 The user login using his credentials.
7 Upon success the user is redirected to 'login success' page configured at the base station.
In the login success page, the service provider can provide a logout button, user status & credit details
and any additional information according to his preferences.
HTTP logout form definition:
<form name="logout" action="http://1.1.1.1/logout/" method="post"
</form>
HTTPS logout form definition:
<form name="logout" action="https://<certificate host name>/logout/" method="post"
148
Appendix C - Web Redirection FormsThe Web Redirection Process and Forms
Appendix C - Web Redirection Forms
</form>
8 Upon login failure the user is redirected to 'login failure' page configured at the base station.
149