ADC LAB2442A Users Manual
December 20, 2004 SCP-LPS20x-011-012-01H
In North America, you would create the following installation (Figure 18).
cell 1
channel = 1
Figure 18. North America Installation
Transmission delays are reduced by using different operating frequencies.
cell 2
channel = 6
cell 3
channel = 11
06-LPS20xR1
ADC Telecommunications, Inc. 75
SCP-LPS20x-011-012-01H December 20, 2004
However, it is possible to stagger your cells to reduce overlap and increase channel separation (Figure 19).
cell 1
channel = 1
100m
300 feet
cell 2
channel = 6
100m
300 feet
channel = 11
cell 3
100m
300 feet
cell 4
channel = 1
07-LPS20xR1
Figure 19. Stagger Cells
Figure 19 uses only three frequencies across multiple cells (North America).
76 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
This stategy can be expanded to cover an even larger area using three channels (Figure 20).
cell 1
channel = 1
cell 2
channel = 6
cell 3
channel = 11
cell 4
channel = 1
cell 5
channel = 11
Figure 20. Expanded Coverage using Three Channels
The areas in gray indicate where two cells overlap that are using the same frequency.
cell 6
channel = 1
cell 7
channel = 6
cell 8
channel = 11
08-LPS20xR1
ADC Telecommunications, Inc. 77
SCP-LPS20x-011-012-01H December 20, 2004
DISTANCE BETWEEN ACCESS POINTS
In environments where the number of wireless frequencies are limited, it can be beneficial to adjust the receiver
sensitivity of the LPS-20x. To make the adjustment, open the Wi-Fi page on the Wireless menu.
For most installations, the Large setting should be used. However, if you are installing multiple LPS-20xs and the
channels available to you do not provide enough separation, then reducing the receiver sensitivity can help you
reduce the amount of crosstalk between the LPS-20xs.
Another benefit to using reduced settings is that it will improve roaming performance. Client stations will switch
between LPS-20xs more frequently.
The Distance Between Access Points option provides the best performance
benefit when client stations are equipped with wireless adapters that are
configured with the same setting. However, not all manufacturers support this
setting.
78 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
CONFIGURING THE CONNECTION TO THE ACCESS CONTROLLER
The LPS-20x uses the services of an access controller to manage access to the public access network.
Unlike a traditional bridge which automatically forwards all traffic between ports, the LPS-20x features an intelligent
bridge which can apply filters to maintain the security of the network. When the security filters are active, the
LPS-20x only allows traffic to flow between itself and the access controller. This prevents wireless customers from
accessing resources on the backbone LAN that interconnects the LPS-20x and the access controller.
SECURITY FILTERS
To configure the connection to the access controller and enable the intelligent bridge, do the following:
1. On the main menu, click Security and then click Access controller. The Access controller configuration
page opens.
2. By default, the LPS-20x uses the default gateway as the access controller.
• If you are using static IP addressing, make sure that you set the default gateway on the LPS-20x to be the
access controller.
• If you are using a DHCP server on your network, make sure that it is configured to return the IP address of
the access controller as the default gateway. (The access controller is configured to do this by default.)
Alternately, you can specify the MAC address of the access controller.
3. Clear the security filters check box if you are connecting to a wired LAN (refer to
Connecting to a wired LAN on page 92).
4. Click Save.
ACCESS CONTROLLER SHARED SECRET
To maintain the security of network logins, the ADC access controller will only accept location-aware information
from a LPS-20x that has a matching shared secret to its own.
ADC Telecommunications, Inc. 79
SCP-LPS20x-011-012-01H December 20, 2004
INTELLIGENT BRIDGE
The intelligent bridge uses filters to only allow traffic to flow between itself and an access controller. Traffic is filtered
as it is received by the upstream, downstream, or wireless ports. Each port has its own specific set of filters. Filters
apply only to data being received by the port (incoming traffic).
Upstream Port Filter (incoming traffic)
Accepted
• Any traffic from the access controller.
• Certain address management protocols (ARP, DHCP) regardless of their source address.
• HTTPS traffic regardless of its source address. (This permits local or remote management stations to
access the LPS-20x management tool.)
• Any traffic addressed to the LPS-20x.
• All broadcast traffic.
Blocked
• All other traffic is blocked. This includes NetBIOS traffic regardless of its source/destination address.
Downstream Port Filter (incoming traffic)
Accepted
• Any traffic addressed to the access controller. If you are using multiple daisy-chained LPS-20xs, all
should forward traffic to the same access controller.
• HTTPS traffic regardless of its source address. (This permits local or remote management stations to
access to the LPS-20x management tool.)
• Any traffic addressed to the LPS-20x.
• Certain address management protocols (ARP, DHCP) regardless of their source address.
• All broadcast traffic.
Blocked
• All other traffic is blocked. This includes NetBIOS traffic regardless of its source/destination address.
Wireless Port Filter (incoming traffic)
Accepted
• Any traffic addressed to the access controller.
• Any traffic addressed to the LPS-20x. Note that to access the management tool wirelessly, the appropri-
ate security setting must be enabled on the Management tool page. Wireless client stations should have
the
LPS-20x configured as their default gateway. This ensures that outgoing traffic will be sent to the LPS-20x
which will then forward it to the access controller.
• Certain address management protocols (ARP, DHCP) regardless of their source address.
• All broadcast traffic.
Blocked
• All other traffic is blocked. This includes NetBIOS traffic regardless of its source/destination address.
HTTPS traffic not addressed to the LPS-20x is also blocked which means wireless client stations cannot
access the management tool on other LPS-20xs.
80 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
NETWORK PORT CONFIGURATION
The LPS-20x has three communication ports: upstream, downstream and wireless:
• Upstream - Used to connect the LPS-20x to the downstream port on another LPS-20x, to an access con-
troller, or to a wired LAN.
• Downstream - Used to connect the LPS-20x to the upstream port on another LPS-20x or to a wired net-
work.
• Wireless - Used to connect with wireless client stations.
All three ports are bridged and share the same IP address. By default, they are statically assigned to 192.168.1.1.
SETTING UP DHCP CLIENT SERVICES
To set up for DHCP services, do the following:
1. On the main menu, click Network.
2. Click Ports.The Network configuration page opens.
ADC Telecommunications, Inc. 81
SCP-LPS20x-011-012-01H December 20, 2004
3. Select DHCP Client and click the Configure button.
4. Set optional AP ID.
5. Click Save when you are done.
ASSIGN IP ADDRESS VIA PARAMETERS
DHCP client
Dynamic host configuration protocol. Your ISP’s DHCP server will automatically assign an address to the LPS-20x
which functions as a DHCP client.
Static
This option enables you to manually assign an IP address to the LPS-20x.
VLAN
Defines the default VLAN. All outgoing traffic that does not have a VLAN already assigned to it is sent on this
VLAN.
Restrict VLAN to management traffic only
The default VLAN can be restricted to carry management traffic only. Management traffic includes:
• all traffic that is exchanged by the LPS-20x and the access controller (login authentication requests/
replies)
• all communications with RADIUS servers
• HTTPS sessions to the management tool
•SNMP traffic
82 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
DOWNSTREAM PORT LINK SETTINGS
Duplex
• Auto: Allows the LPS-20x to automatically set duplex mode based on the type of equipment it is con-
nected to
• Full: Forces the port to operate in full duplex mode
• Half: Forces the port to operate in half duplex mode
SETTING PARAMETER
DHCP Client ID
Specify an ID to identify the LPS-20x to the DHCP server. This parameter is not required by all ISPs.
ASSIGNED BY DHCP SERVER PARAMETERS
These settings are assigned to the LPS-20x by your ISP’s DHCP server. The Internet connection is not active until
this occurs.
IP address
Identifies the IP address assigned to the LPS-20x by the ISP.
Mask
Identifies the subnet mask that corresponds to the assigned IP address.
Primary DNS address
Identifies the IP address of the main DNS server the LPS-20x will use to resolve DNS requests.
Secondary DNS address
Identifies the IP address of the backup DNS server the LPS-20x will use to resolve DNS requests.
Default gateway
Identifies the IP address of the gateway the LPS-20x will forward all outbound traffic to.
Expiration time
Indicates how long the address is valid.
Release
Click to release the LPS-20x’s IP address.
Renew
Click to renew the LPS-20x’s IP address.
ADC Telecommunications, Inc. 83
SCP-LPS20x-011-012-01H December 20, 2004
SETTING A STATIC IP ADDRESS
To set a static IP address, do the following:
1. On the main menu, click Network.
2. Click Ports.The Network configuration page opens.
3. Select Static and click the Configure button.
84 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
4. Set the IP address, mask and default gateway.
IMPORTANT
!
5. Click Save when you are done.
The default gateway must be set to the IP address of the access controller.
SETTINGS PARAMETERS
IP Address
Specify the static IP address you want to assign to the port.
Address Mask
Select the appropriate mask for the IP address you specified.
Default Gateway
Identifies the IP address of the gateway the LPS-20x will forward all outbound traffic to.
ADC Telecommunications, Inc. 85
SCP-LPS20x-011-012-01H December 20, 2004
CONFIGURE ATM SETTINGS
This option allows you to specify the VPI, VCI and encapsulation methods to use for the User and Management
PVCs.
The LPS-202 screens are shown for setting the ATM settings; however, the LPS-200 screens work the
same way.
1. On the main menu, click Network.
2. Click Ports.The Network configuration page opens.
3. Click the ATM settings Configure button.
86 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
4. Configure the ATM settings.
5. Click Save when you are done.
USER PVC PARAMETERS
The User PVC is the ATM PVC to use for all user (non-management) traffic.
VPI
The ATM VP Index to use as configured upstream or on the network.
VCI
The ATM VC Index to use as configured upstream.
Encapulation
The ATM Encapulation to use as configured upstream.
INBAND MANAGEMENT PVC PARAMETERS
The Inband Management PVC is the ATM PVC to use specifically for Inband Management traffic.
VPI
The ATM VP Index to use as configured upstream or on the network.
VCI
The ATM VC Index to use as configured upstream.
Encapulation
The ATM Encapulation to use as configured upstream.
ADC Telecommunications, Inc. 87
SCP-LPS20x-011-012-01H December 20, 2004
CONFIGURE G.SH D S L S ETTINGS (LPS-200 ONLY)
1. On the main menu, click Network.
2. Click Ports.The Network configuration page opens.
3. Click the G.SHDSL settings Configure button.
4. Configure the G.SHDSL settings.
5. Click Save when you are done.
88 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
G.SHDSL SETTING PARAMETERS
Standard Annex
You may provision which Annex mode the access point will operate in. By default, the access point is configured to
support both A and B Annex standards and will automatically detect which standard is in use. Annex type must
match the setting at the STU-C.
Startup SNR Margin
Specifies the downstream target SNP margin for a SHDSL line. The SNR Margin is the difference between the
desired SNR and the actual SNR. Startup SNR Margin is the desired SNR margin for a unit.
ADC Telecommunications, Inc. 89
SCP-LPS20x-011-012-01H December 20, 2004
CONFIGURE ADSL SETTINGS (LPS-202 ONLY)
1. On the main menu, click Network.
2. Click Ports.The Network configuration page opens.
3. Click the ADSL settings Configure button.
4. Configure the ADSL settings.
5. Click Save when you are done.
90 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
ADSL SETTINGS (CODING TYPE) PARAMETER
The Coding Type determines the ADSL modulation the LPS-20x will use on the ADSL line. Selections other than
“Auto” require the Coding Type to match the Coding Type configured at the ATU-C. Selecting “Auto” allows the
LPS-20x to negotiate the Coding Type with the “ATU-C”.
ADC Telecommunications, Inc. 91
SCP-LPS20x-011-012-01H December 20, 2004
1
CONNECTING TO A WIRED LAN
By attaching the LPS-20x to an Ethernet hub, you can connect wired computers to the public access network
(Figure 21). These computers will need to login, just as computers on the WLAN do.
Standard
Ethernet
cable
Ethernet Hub
27-LPS20xR
Figure 21. Connecting to a Wired LAN
BRIDGE
The LPS-20x acts as a bridge between the wireless LAN and the wired LAN. By default, for security reasons, all
traffic forwarding between the two LANs is blocked. This means that although the wired LAN and the WLAN are on
the same segment, client stations cannot communicate with each other. You can enable communications by
disabling the intelligent bridge security filters. See Configuring the Connection to the Access Controller on page 79
and Disabling the Security Filters on page 93 for more details.
IP ADDRESSING
The LPS-20x makes the connection to the wired LAN via its downstream (LAN/Craft) port. The downstream port
shares the same IP address as the wireless port. This means that the wireless LAN and the wired LAN must always
be on the same subnet.
92 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
DISABLING THE SECURITY FILTERS
The intelligent bridge is enabled by default. To disable it, do the following:
1. On the main menu, click Security and then click Access controller. The Access controller configuration
page opens.
2. Clear the Security filters check box.
3. Click Save.
ADC Telecommunications, Inc. 93
SCP-LPS20x-011-012-01H December 20, 2004
SERVICE SENSOR
The service sensor enables the LPS-20x to determine if access to the network or a particular server is available. If
not, the LPS-20x automatically shuts off its radio transmitter taking down the wireless cell.
This feature can be used to create backup operation of the network in case of equipment failure. For example, you
could install two LPS-20xs, each operating on a different channel within close proximity of one another. Each
LPS-20x would communicate with a different access controller. If one of the controllers goes down, the service
sensor will detect it and shut down the radio on the affected LPS-20x. Client stations connected to this LPS-20x will
automatically be transferred to the other LPS-20x with no interruption in service. This only works if both LPS-20xs
have the same SSID or are both configured to accept any network name (default setting).
The service sensor polls the target device approximately every half second.
CONFIGURATION PROCEDURE
1. On the main menu, click Security and then click Access controller. The Access controller configuration
page opens.
2. Configure the parameters as described in the section that follows.
3. Click Save when you are done.
94 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
SERVICE SENSOR PARAMETERS
Default Gateway
Select this option to poll the default gateway. If the gateway does not respond to the poll within 1 second, the radio is
turned off. This setting is not configurable. If Security filters are enabled, the default gateway must be the address
of the access controller.
Custom
Select this option to manually specify the IP address or domain name of the device to poll, the retry limit and timeout.
If you are using an ADC access controller, you can use the MAC authentication option to allow the LPS-20x to log
into the RADIUS server. This enables you to define an access list specifically for the LPS-20x that allows for access
to the required device.
Retry
Specify how many retries the LPS-20x will attempt when polling. When the retry limit is reached, the radio on the
LPS-20x is turned off. For example, if you set retry to 4, then the LPS-20x will make 5 attempts to poll the device at
the specified address. After the fifth failed poll, the radio will be turned off.
Timeout
Specify how long the LPS-20x will wait for a response to the poll before timing out.
ADC Telecommunications, Inc. 95
SCP-LPS20x-011-012-01H December 20, 2004
MAC-LEVEL FILTERING
MAC-level filtering enables you to control access to the LPS-20x based on the MAC addresses of client stations.
You can either block access or allow access depending on your requirements.
CONFIGURATION PROCEDURE
1. On the main menu, click Wireless and then click MAC filtering. The MAC filtering configuration page
opens.
2. Configure the parameters as described in the section that follows.
3. Click Save when you are done.
MAC FILTERING PARAMETERS
When enabled, this option enables you to control access to the LPS-20x based on the MAC address of client
stations. You can either block access or allow access depending on your requirements.
Filter Behavior
Allow MAC Address List
• Only client stations whose MAC addresses appear in the MAC address list can connect to the wireless
network.
Block MAC Address List
• All client stations whose MAC addresses appear in the MAC address list are blocked from accessing the
wireless network.
MAC ADDRESS LIST
Use this box to manage the addresses in the list. To add an address, enter it and click Add. To remove an address,
select it in the list and click Remove.
96 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
LOCATION-AWARE AUTHENTICATION
This feature enables you to control logins to the public access network based on the wireless access point a
customer is connected to.
IMPORTANT
!
This feature can only be used when the LPS-20x is installed in conjunction with an access
controller.
This feature does not support 802.1x customers and devices using MAC-based authentication.
HOW IT WORKS
When a customer attempts to login to the public access network, the access controller sets the Called-Station-ID in
the RADIUS access request to the MAC address of the LPS-20x wireless port the customer is associated with. For
more information, see the Administrator’s Guide for the access controller.
CONFIGURATION PROCEDURE
1. On the main menu, click Security and then click Access controller. The Access controller configuration
page opens.
2. Enable the Location-aware authentication option.
3. Specify the Group Name for the Access Point.
4. Specify the same shared secret configured on the access controller.
5. Click Save.
ADC Telecommunications, Inc. 97
SCP-LPS20x-011-012-01H December 20, 2004
LOCATION-AWARE AUTHENTICATION PARAMETERS
This feature enables you to control logins to the public access network based on the wireless access point a
customer is connected to. When enabled, the LPS-20x will return the value you specify in the Called-Station-ID
when it generates a RADIUS access request for a customer login.
Group Name
Specify a group name for the access point. This name is used to identify customer logins via the Called-Station-ID.
You can assign the same group name to more than one access point.
Shared Secret
To maintain the security of the network logins, the LPS-21x will only accept location-aware information from an
LPS-20x that has a matching shared secret to its own.
98 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
WIRELESS BRIDGING
OVERVIEW
The wireless bridging feature enables you to use the wireless radio to create point-to-point wireless links to other
access points (Figure 22). Each LPS-20x can support up to six wireless bridges, which can operate at the same time
as the network serving wireless customers. Wireless bridging provides an effective solution for extending wireless
coverage in situations where it may be impractical or expensive to install cabling to a wireless access point.
Access
Controller
Internet
LPS-20x
Wireless bridge
LPS-20x
LAN
24-LPS20xR1
Figure 22. Wireless Bridging
In this scenario, the two LPS-20xs are used to expand the coverage of the wireless network controlled by the access
controller. The first LPS-20x is connected to the access controller via the backbone LAN. The other LPS-20x uses
the wireless bridging function to link to the first LPS-20x.
ADC Telecommunications, Inc. 99
SCP-LPS20x-011-012-01H December 20, 2004
SETTING UP A WIRELESS LINK
This screen shows the status of the wireless links to remote LPS-20xs.
IMPORTANT
!
1. On the Wireless menu, click Wireless links. The Wireless links page opens.
Both ends of the wireless link will need to be provisioned for this function to work properly.
2. Click the wireless link you want to configure. The configuration page for the link opens.
3. In the Settings box, select Enabled.
4. In the Security box, select Security. Specify the encryption key (128 bits long - specified as 26 hexadecimal digits).
5. In the Addressing box, specify the MAC address of the other access point.
6. Click Save.
100 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
WIRELESS LINK CONFIGURATION PARAMETERS
Status
Indicates if the link is enabled or disabled.
Name
Name of the link. Click to configure it.
Remote MAC Address
MAC address of the remote LPS-20x.
SETTING PARAMETERS
When the link is enabled, it is ready to establish a connection with the remote LPS-20x.
Link Name
Identifies the link.
Speed
Sets the speed the link will operate at. Choose auto to always use the fastest speed. For load balancing, you may
want to limit the speed of a link when connecting to multiple destinations.
SECURITY PARAMETERS
When the link is enabled, it is ready to set WEP security.
None
No encryption.
WEP
Specify the encryption key the LPS-20x will use to encrypt/decrypt all data it sends and receives. The key is 128 bits
long and must be specified as 26 hexadecimal digits.
ADDRESSING PARAMETERS
Remote MAC Address
MAC address of the remote access point.
Local MAC Address
MAC address of the remote access point.
WIRELESS LINK STATUS
To view the status of the wireless links, open the Status > Wireless page.
ADC Telecommunications, Inc. 101
SCP-LPS20x-011-012-01H December 20, 2004
WIRELESS NEIGHBORHOOD
The wireless neighborhood feature enables you to view a list of all authorized and unauthorized access points that
are operating nearby. At a preset interval, the LPS-20x automatically scans all operating frequencies to identify
active access points. The result of this scan is presented in the All access points list.
To identify unauthorized access points, the LPS-20x compares the MAC address of each discovered access point
against the list of authorized access points (which you must define). If the discovered access point does not appear
in the list, it is displayed in the Unauthorized access points list.
1. On the Wireless menu, click Neighborhood. The Neighborhood page opens.
102 ADC Telecommunications, Inc.
December 20, 2004 SCP-LPS20x-011-012-01H
WIRELESS NEIGHBORHOOD PARAMETERS
List of authorized access points
Specify the URL of the file that contains a list of all authorized access points. The format of this file is XML. Each
entry in the file is composed of two items: MAC Addres and SSID. Each entry should appear on a new line.
The easiest way to create this file is to wait for a scan to complete, then open the list of access points in Brief format.
Edit this list so that it contains only authorized access points and save it. Then specify its address for the list of
authorized access point parameters.
Field Descriptions
• MAC Address: MAC Address of the access point
• SSID: SSID assigned to the access point
• Status: Indicates if the unit is functioning properly
• Channel: Channel the access point is operating on
• Signal: Signal Strength
• Noise: Amount of noise
• SNP: Signal to noise ratio
• Info: Additional information about the access point, such as:
– WEP: Some type of security (like WEP) is enabled on the acces point
– ESS: Operating in access point mode
– IBSS: Operating in Ad-Hoc mode
VLAN SUPPORT
The LPS-20x provides a robust and flexible VLAN implementation. VLANs can be assigned in one of three ways:
•Default VLAN
• Per-SSID VALN
• Per-User VLAN
DEFAULT VLAN
The LAN port can be configured with a default VLAN setting. Any outgoing traffic on the LAN port that is not tagged
with a VLAN ID will receive the default ID. The default VLAN can be restricted to carry managment traffic only. This
includes:
• all traffic that is exchanged with the access controller
• all traffic exchanged with external RADIUS servers
• HTTPS sessions established by administrators to the management tool
• incoming/outgoing SNMP traffic
• DNS requests/replies
ADC Telecommunications, Inc. 103
SCP-LPS20x-011-012-01H December 20, 2004
PER-SSID VLAN
Each wireless profile can be mapped to its own VLAN. Wireless clients that connect to a profile with VLAN support
are bridged to the appropriate VLAN via the LPS-20x’s LAN port. Address allocation and security measures are the
responsibility of the target network.
IMPORTANT
!
Per-SSID VLANs cannot have the same VLAN ID as the default VLAN ID assigned to the LAN port.
PER-USER VLAN
VLANs can also be assigned on a per-customer basis by setting a special ADC attribute in a customer’s RADIUS
account. The only restriction is that a customer cannot be assigned to a VLAN that is already mapped to the LAN
port.
To use this feature, the LPS-20x must be connected to a ADC access controller. Consult the administrator guide for
more information.
VLAN PRIORITY
The VLAN assigned by RADIUS on a per-user basis always overrides the VLAN assigned by an SSID and the
default VLAN. For example, a wireless station could be associated with an SSID that is configured for VLAN 30, but
after logging in, RADIUS could override this setting by assigning VLAN 40.
104 ADC Telecommunications, Inc.
Loading...