BreezeMAX Wi² and BreezeACCESS
Wi²
System Manual
Y
AR
LIMIN
PRE
TE1143
February 2007
P/N
Document History
Docume nt History
Topic Description Date Issued
This is the document’s first Release December 2006
ii BreezeMAX Wi² and BreezeACCESS Wi² System Manual
Legal Rights
© Copyright 2006 Alvarion Ltd. All rights reserved.
The material contained herein is proprietary, privileged, and confidential and
owned by Alvarion or its third party licensors. No disclosure thereof shall be made
to third parties without the express written permission of Alvarion Ltd.
Alvarion Ltd. reserves the right to alter the equipment specifications and
descriptions in this publication without prior notice. No part of this publication
shall be deemed to be part of any contract or warranty unless specifically
incorporated by reference into such contract or warranty.
Trade Names
Alvarion®, BreezeCOM®, WALKair®, WALKnet®, BreezeNET®, BreezeACCESS®,
BreezeMANAGE
BreezeLITE
WAVEView
and/or services referenced here in are either registered trademarks, trademarks
or service marks of Alvarion Ltd.
Legal Rights
™
, BreezeLINK®, BreezeConfig™, BreezeMAX™, AlvariSTAR™,
™
, MGW™, eMGW™, WAVEXpress™, MicroXpress™, WAVEXchange™,
™
, GSM Network in a Box and TurboWAVE™ and/or other products
All other names are or may be the trademarks of their respective owners.
Statement of Con ditions
The information contained in this manual is subject to change without notice.
Alvarion Ltd. shall not be liable for errors contained herein or for incidental or
consequential damages in connection with the furnishing, performance, or use of
this manual or equipment supplied with it.
Warranties and Disclaimers
All Alvarion Ltd. ("Alvarion") products purchased from Alvarion or through any of
Alvarion's authorized resellers are subject to the following warranty and product
liability terms and conditions.
Exclusive Warranty
(a) Alvarion warrants that the Product hardware it supplies and the tangible
media on which any software is installed, under normal use and conditions, will
be free from significant defects in materials and workmanship for a period of
fourteen (14) months from the date of shipment of a given Product to Purchaser
(the "Warranty Period"). Alvarion will, at its sole option and as Purchaser's sole
remedy, repair or replace any defective Product in accordance with Alvarion'
standard R&R procedure.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual iii
Legal Rights
(b) With respect to the Firmware, Alvarion warrants the correct functionality
according to the attached documentation, for a period of fourteen (14) month from
invoice date (the "Warranty Period")". During the Warranty Period, Alvarion may
release to its Customers firmware updates, which include additional performance
improvements and/or bug fixes, upon availability (the "Warranty"). Bug fixes,
temporary patches and/or workarounds may be supplied as Firmware updates.
Additional hardware, if required, to install or use Firmware updates must be
purchased by the Customer. Alvarion will be obligated to support solely the two (2)
most recent Software major releases.
ALVARION SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING
AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE PRODUCT
DOES NOT EXIST OR WAS CAUSED BY PURCHASER'S OR ANY THIRD
PERSON'S MISUSE, NEGLIGENCE, IMPROPER INSTALLATION OR IMPROPER
TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE
BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE,
LIGHTNING OR OTHER HAZARD.
Disclaimer
(a) THE SUPPLIED UNITS SUPPORT 802.11 b/g ONLY.
(b) The Software is sold on an "AS IS" basis. Alvarion, its affiliates or its licensors
MAKE NO WARRANTIES, WHATSOEVER, WHETHER EXPRESS OR IMPLIED,
WITH RESPECT TO THE SOFTWARE AND THE ACCOMPANYING
DOCUMENTATION. ALVARION SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE.
UNITS OF PRODUCT (INCLUDING ALL THE SOFTWARE) DELIVERED TO
PURCHASER HEREUNDER ARE NOT FAULT-TOLERANT AND ARE NOT
DESIGNED, MANUFACTURED OR INTENDED FOR USE OR RESALE IN
APPLICATIONS WHERE THE FAILURE, MALFUNCTION OR INACCURACY OF
PRODUCTS CARRIES A RISK OF DEATH OR BODILY INJURY OR SEVERE
PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). HIGH
RISK ACTIVITIES MAY INCLUDE, BUT ARE NOT LIMITED TO, USE AS PART OF
ON-LINE CONTROL SYSTEMS IN HAZARDOUS ENVIRONMENTS REQUIRING
FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR
FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR
TRAFFIC CONTROL, LIFE SUPPORT MACHINES, WEAPONS SYSTEMS OR
OTHER APPLICATIONS REPRESENTING A SIMILAR DEGREE OF POTENTIAL
HAZARD. ALVARION SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED
WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES.
iv BreezeMAX Wi² and BreezeACCESS Wi² System Manual
(c) PURCHASER'S SOLE REMEDY FOR BREACH OF THE EXPRESS
WARRANTIES ABOVE SHALL BE REPLACEMENT OR REFUND OF THE
PURCHASE PRICE AS SPECIFIED ABOVE, AT ALVARION'S OPTION. TO THE
FULLEST EXTENT ALLOWED BY LAW, THE WARRANTIES AND REMEDIES SET
FORTH IN THIS AGREEMENT ARE EXCLUSIVE AND IN LIEU OF ALL OTHER
WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY
OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING BUT NOT
LIMITED TO WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY,
CORRESPONDENCE WITH DESCRIPTION, NON-INFRINGEMENT, AND
ACCURACY OF INFORMATION GENERATED. ALL OF WHICH ARE EXPRESSLY
DISCLAIMED. ALVARION' WARRANTIES HEREIN RUN ONLY TO PURCHASER,
AND ARE NOT EXTENDED TO ANY THIRD PARTIES. ALVARION NEITHER
ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY
OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
MAINTENANCE OR USE OF ITS PRODUCTS.
Limitation of Liab ility
Legal Rights
(a) ALVARION SHALL NOT BE LIABLE TO THE PURCHASER OR TO ANY THIRD
PARTY, FOR ANY LOSS OF PROFITS, LOSS OF USE, INTERRUPTION OF
BUSINESS OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR
CONSEQUENTIAL DAMAGES OF ANY KIND, WHETHER ARISING UNDER
BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY
OR OTHERWISE AND WHETHER BASED ON THIS AGREEMENT OR
OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(b) TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL
THE LIABILITY FOR DAMAGES HEREUNDER OF ALVARION OR ITS EMPLOYEES
OR AGENTS EXCEED THE PURCHASE PRICE PAID FOR THE PRODUCT BY
PURCHASER, NOR SHALL THE AGGREGATE LIABILITY FOR DAMAGES TO ALL
PARTIES REGARDING ANY PRODUCT EXCEED THE PURCHASE PRICE PAID
FOR THAT PRODUCT BY THAT PARTY (EXCEPT IN THE CASE OF A BREACH OF
A PARTY'S CONFIDENTIALITY OBLIGATIONS).
BreezeMAX Wi² and BreezeACCESS Wi² System Manual v
Legal Rights
Outdoor Unit and Antenna Installation and Grounding
Ensure that outdoor units, antennas and supporting structures are properly
installed to eliminate any physical hazard to either people or property. Make sure
that the installation of the outdoor unit, antenna and cables is performed in
accordance with all relevant national and local building and safety codes. Even
where grounding is not mandatory according to applicable regulation and national
codes, it is highly recommended to ensure that the outdoor unit and the antenna
mast are grounded and suitable lightning protection devices are used so as to
provide protection against voltage surges and static charges. In any event,
Alvarion is not liable for any injury, damage or regulation violations associated
with or caused by installation, grounding or lightning protection.
Disposal of Electronic and Electrical Waste
Disposal of Electronic and Electrical Waste
Pursuant to the WEEE EU Directive electronic and electrical waste must not be disposed of with
unsorted waste. Please contact your local recycling authority for disposal of this product.
vi BreezeMAX Wi² and BreezeACCESS Wi² System Manual
Important Notice
This user manual is delivered subject to the following conditions and restrictions:
This manual contains proprietary information belonging to Alvarion Ltd. Such
information is supplied solely for the purpose of assisting properly authorized
users of the respective Alvarion products.
No part of its contents may be used for any other purpose, disclosed to any
person or firm or reproduced by any means, electronic and mechanical,
without the express prior written permission of Alvarion Ltd.
The text and graphics are for the purpose of illustration and reference only.
The specifications on which they are based are subject to change without
notice.
The software described in this document is furnished under a license. The
software may be used or copied only in accordance with the terms of that
license.
Legal Rights
Information in this document is subject to change without notice.
Corporate and individual names and data used in examples herein are
fictitious unless otherwise noted.
Alvarion Ltd. reserves the right to alter the equipment specifications and
descriptions in this publication without prior notice. No part of this
publication shall be deemed to be part of any contract or warranty unless
specifically incorporated by reference into such contract or warranty.
The information contained herein is merely descriptive in nature, and does not
constitute an offer for the sale of the product described herein.
Any changes or modifications of equipment, including opening of the
equipment not expressly approved by Alvarion Ltd. will void equipment
warranty and any repair thereafter shall be charged for. It could also void the
user's authority to operate the equipment.
Some of the equipment provided by Alvarion and specified in this manual, is
manufactured and warranted by third parties. All such equipment must be
installed and handled in full compliance with the instructions provided by such
manufacturers as attached to this manual or provided thereafter by Alvarion or
BreezeMAX Wi² and BreezeACCESS Wi² System Manual vii
Legal Rights
the manufacturers. Non-compliance with such instructions may result in serious
damage and/or bodily harm and/or void the user's authority to operate the
equipment and/or revoke the warranty provided by such manufacturer.
viii BreezeMAX Wi² and BreezeACCESS Wi² System Manual
Compliances
Federal Communication Commission Interference St atement
This equipment has been tested and found to comply with the limits for a Class B
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may
cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this
equipment does cause harmful interference to radio or television reception, which
can be determined by turning the equipment off and on, the user is encouraged to
try to correct the interference by one of the following measures:
Compliances
Reorient or relocate the receiving antenna
Increase the separation between the equipment and receiver
Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected
Consult the dealer or an experienced radio/TV technician for help
FCC Caution: Any changes or modifications not expressly approved by the party
responsible for compliance could void the user’s authority to operate this
equipment. This device complies with Part 15 of the FCC Rules. Operation is
subject to the following two conditions: (1) This device may not cause harmful
interference, and (2) this device must accept any interference received, including
interference that may cause undesired operation.
IMPORTANT NOT E: FCC Radiation Exposure State ment
This equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated with
a minimum distance of 20 centimeters (8 inches) between the radiator and your
body. This transmitter must not be co-located or operating in conjunction with
any other antenna or transmitter.
EC Conformance Declaration
Hereby, Alvarion, declares that this device is in compliance with the essential requirements and other
relevant provisions of the R&TTE Directive of the European Union (1999/5/EC).This device will be sold
in the following EEA countries:Austria, Italy, Belgium, Liechtenstein, Denmark, Luxembourg, Finland,
Netherlands, France, Norway, Germany, Portugal, Greece, Spain, Iceland, Sweden, Ireland, United Kingdom,
Cyprus, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Slovakia, Poland, Slovenia.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual ix
Compliances
For product available in the USA market, only channel 1~11 can be operated.
Selection of other channels is not possible.
EC Conformance Declaration
Marking by the above symbol indicates compliance with the Essential
Requirements of the R&TTE Directive of the European Union (1999/5/EC). This
equipment meets the following conformance standards:
EN 60950 (IEC 60950) - Product Safety
EN 300 328 - Technical requirements for 2.4 GHz radio equipment
EN 301 489-1 / EN 301 489-17 - EMC requirements for radio equipment
Countries of Op eration & Conditions of U s e in the European Community
This device is intended to be operated in all countries of the European
Community. Requirements for outdoor operation, license requirements and
allowed channels of operation apply in some countries as described below:
NOTE
The user must use the configuration utility provided with this product to ensure the channels of
operation are in confo rma nce wi th th e sp ec trum usa ge rules for Eu rope an C om m uni ty c oun trie s as
described below.
This device requires that the user or installer properly enter the current
country of operation in the command line interface as described in the user
guide, before operating this device.
This device will automatically limit the allowable channels determined by the
current country of operation. Incorrectly entering the country of operation may
result in illegal operation and may cause harmful interference to other system.
The user is obligated to ensure the device is operating according to the
channel limitations, outdoor restrictions and license requirements for each
European Community country as described in this document.
This device may be operated indoors or outdoors in all countries of the
European Community using the 2.4 GHz band: Channels 1 - 13, except where
noted below.
In Italy the end-user must apply for a license from the national spectrum
authority to operate this device outdoors.
In Belgium outdoor operation is only permitted using the 2.46 - 2.4835
GHz band: Channel 13.
In France outdoor operation is only permitted using the 2.4 - 2.454 GHz
band: Channels 1 - 7.
x BreezeMAX Wi² and BreezeACCESS Wi² System Manual
Safety Compliance
Power Cord Safety
Please read the following safety information carefully before installing the device:
WARNING
Installation and removal of the unit must be carried out by qualified personnel only.
The unit must be connected to an earthed (grounded) outlet to comply with
international safety standards.
Do not connect the unit to an A.C. outlet (power supply) without an earth
(ground) connection.
The appliance coupler (the connector to the unit and not the wall plug) must
have a configuration for mating with an EN 60320/IEC 320 appliance inlet.
Compliances
The socket outlet must be near to the unit and easily accessible. You can only
remove power from the unit by disconnecting the power cord from the outlet.
This unit operates under SELV (Safety Extra Low Voltage) conditions
according to IEC 60950. The conditions are only maintained if the equipment
to which it is connected also operates under SELV conditions.
France and Peru only
This unit cannot be powered from IT
supplies. If your supplies are of IT type, this
unit must be powered by 230 V (2P+T) via an isolation transformer ratio 1:1, with
the secondary connection point labelled Neutral, connected directly to earth
(ground).
IMPORTANT
Before making connections, make sure you have the correct cord set. Check it (read the label on
the cable) against the following:
BreezeMAX Wi² and BreezeACCESS Wi² System Manual xi
Compliances
Power Cord Set
U.S.A. and Canada The cord set must be UL-approved and CSA certified.
The minimum specifications for the flexible cord are:
- No. 18 AWG - not longer than 2 meters, or 16 AWG.
- Type SV or SJ
- 3-conductor
The cord set must have a rated current capacity of at least 10 A
The attachment plug must be an earth-grounding type with NEMA 5-15P
(15 A, 125 V) or NEMA 6-15P (15 A, 250 V) configuration.
Denmark The supply plug mus t comply wit h Section 107-2-D1, S tand ard DK2-1a or
DK2-5a.
Switzerland The supply plug must comply with SEV/ASE 1011.
U.K. The supply plug mus t co mp ly w ith BS136 3 (3 -pin 13 A) and be fitted with
a 5 A fuse which complies with BS1362.
The mains cord must be <HAR> or <BASEC> marked and be of type
HO3VVF3GO.75 (minimum).
Europe The supply plug must comply with CEE7/7 (“SCHUKO”).
The mains cord must be <HAR> or <BASEC> marked and be of type
HO3VVF3GO.75 (minimum).
IEC-320 receptacle.
xii BreezeMAX Wi² and BreezeACCESS Wi² System Manual
About This Manual
About This Manual
This manual describes the BreezeMAX Wi2 and BreezeACCESS Wi2 unit and
details how to install, operate and manage the access point.
This manual is intended for technicians responsible for installing, setting and
operating the BreezeMAX Wi
administrators responsible for managing the system.
This manual contains the following chapters and appendices:
2
and BreezeACCESS Wi2, and for system
Chapter 1 - Product Description - Describes the Wi
functionality.
Chapter 2 - Installation - Describes how to install the Wi
connect to subscriber’s equipment.
Chapter 3 - Initial Configuration - Describes how to initially configure the
access point in order to test basic link operation .
Chapter 4 - System Configuration- Describes advanced configuration of the
the access point.
Chapter 5 - Command Line Interface - Describes the command line interface
commands for configuring the access point.
Appendix A - Troubleshooting
2
unit and its
2
and how to
BreezeMAX Wi² and BreezeACCESS Wi² System Manual xiii
Table of Contents
Chapter 1 - Product Descr iption
1.1 Introduction................................................................................................................2
1.2 Specifications.............................................................................................................4
1.2.1 Radio.............................................................................................................4
1.2.2 Sensitivity ......................................................................................................5
1.2.3 8 dBi Omni Antenna...................................................................................... 5
1.2.4 Configuration and Management....................................................................6
1.2.5 Mechanical ....................................................................................................7
1.2.6 Electrical........................................................................................................7
1.2.7 Connectors and LEDs ...................................................................................7
1.2.8 Environmental ..............................................................................................9
1.2.9 Standards Compli ance...................... .............................. ............................. .9
Chapter 2 - Hardware Installat io n
2.1 Hardware Description......................................................................................... .....12
2.1.1 Bottom Panel.............................. ......................................................... .. ......13
2.1.2 Top Panel ....................................................................................................14
2.1.3 LED Indicators.............................................................................................14
2.2 Installation Requirements .......................................................................................16
2.2.1 Packing List......... .. .. ................ ............... ............... ................ ............... .......16
2.2.2 Additional/Optional Installation Requirements.............................................16
2.2.3 Guidelines for P o s itioning Wi² . ............... ............... ................ ............... .......17
2.3 Installation ................................................................................................................19
2.3.1 Attaching the SU-ODU to the Mounting Plate.............................................19
Table of Contents
2.3.2 Attaching the Mounting Plate to the Wi² unit ...............................................21
2.3.3 Connecting th e Wi² unit to the SU-OD U................................ ............... .......22
2.3.4 Preparing the Power Cable.........................................................................25
2.3.5 Pre-Configuration and Testing ................................................. ...................27
2.3.6 Mounting the Wi² Uni t........................ .. ........................................................28
2.3.7 Connecting the Grounding Cables..............................................................31
2.3.8 Connecting to Power Source.......................................................................31
2.4 Post Installation Configuration of the AP/SU-ODU...............................................32
Chapter 3 - Initial Configuration
3.1 Introduction..............................................................................................................34
3.2 Initial Setup through the CLI................................................................ .. .................35
3.2.1 Configuratio n vi a Te lne t ............ ............... ................ .. ............... ................ ..35
3.2.2 Configuratio n vi a Con s o le ......... .. .. ................ ............... ................ ...............35
3.2.3 Initial Configu r a tio n Ste p s ........... .. .. ................ ............... ................ .............36
3.3 Logging In.................................................................................................................38
Chapter 4 - System Configuration
4.1 Introduction..............................................................................................................42
4.2 Advanced Configuration .........................................................................................43
4.2.1 System Identification ...................................................................................44
4.2.2 TCP / IP Settings.........................................................................................45
4.2.3 RADIUS.......................................................................................................48
4.2.4 SSH Settings...............................................................................................51
4.2.5 Authentication..............................................................................................53
4.2.6 Filter Control................................................................................................57
4.2.7 VLAN...........................................................................................................60
4.2.8 WDS Settings....................... ................ ............... ................ ............... .........62
xvi BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual
Table of Contents
4.2.9 AP Management....................... .. .. .. .. ...........................................................62
4.2.10 Administration..............................................................................................64
4.2.11 System Log .................................................................................................70
4.2.12 RSSI............................................................................................................74
4.3 SNMP.........................................................................................................................75
4.4 Radio Interface .........................................................................................................81
4.4.1 Radio Settings G (802.11g).................................................... .....................81
4.4.2 Security .......................................................................................................98
4.5 Status In f or ma tion ........ ................ ............... ................ ............... ... ............... .........116
4.5.1 Access Point Status ..................................................................................116
4.5.2 Station Status............................................................................................118
4.5.3 Event Logs..................................... ...................... ...................... ...............120
Chapter 5 - Command Line Interface
5.1 Using the Command Line Interface......................................................................125
5.1.1 Accessing the CLI .....................................................................................125
5.1.2 Console Connection..................................................................................125
5.1.3 Telnet Co nnection.......................................... ...................... .....................125
5.2 Entering Commands..............................................................................................127
5.2.1 Keywords and Arguments..... ....................................................................127
5.2.2 Minimum Abbreviation...............................................................................127
5.2.3 Command Completion........................................ ............................. ..........127
5.2.4 Getting Help on Commands......................................................................127
5.2.5 Partial Keyword Lookup ............................................................................128
5.2.6 Negati ng the Effect of Commands ............................................................128
5.2.7 Using Command History ...........................................................................129
5.2.8 Understanding Command Modes..................................... .........................129
BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual xvii
Table of Contents
5.2.9 Exec Commands.......................................................................................129
5.2.10 Configuration Commands..........................................................................130
5.2.11 Command Line Processi ng..................................... .............................. ....130
5.3 Command Groups............... ...................... ...................... ...................... .................132
5.4 Genera l C o mmands .... .. ... ............... ................ ............... ................ ............... .........134
5.4.1 configure....................................................................................................135
5.4.2 end ............................................................................................................135
5.4.3 exit.............................................................................................................135
5.4.4 ping............................................................................................................136
5.4.5 reset ..........................................................................................................136
5.4.6 show history . ................ ............... ............... ................ ............... ................137
5.4.7 show line ................... ................ ............... ................ ............... ................ ..137
5.5 System Management Commands.........................................................................139
5.5.1 country.......................................................................................................140
5.5.2 prompt .......................................................................................................141
5.5.3 system name.............................................................................................142
5.5.4 username ..................................................................................................142
5.5.5 password...................................................................................................143
5.5.6 ip ssh-ser ver enable............ ............................. .........................................143
5.5.7 ip ssh-server port.......................................................................................144
5.5.8 ip telnet-server enable.................................. ...................... ...................... .144
5.5.9 ip http port .................................................................................................144
5.5.10 ip http server..............................................................................................145
5.5.11 ip http session-timeout ............................ ...................... ...................... ......145
5.5.12 ip https port................................................................................................146
5.5.13 ip https server............................................................................................146
xviii BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual
Table of Contents
5.5.14 APmgmtIP .................................................................................................147
5.5.15 APmgmtUI.................................................................................................148
5.5.16 show apmanagement................................................................................148
5.5.17 show system....................... ................ ............... ................ ............... .........149
5.5.18 show version ............. ... ............... ............... ................ ............... ................150
5.5.19 show config .. ................ ............... ............... ................ ............... ................151
5.5.20 show hardware..................... ................ ............... ................ ............... .......156
5.6 System Logging Commands............................. ....................................................157
5.6.1 logging on....................................... ...................... ...................... ...............157
5.6.2 logging host............................................... .. ..............................................157
5.6.3 logging console.........................................................................................158
5.6.4 logging level ....................................................... .......................................158
5.6.5 logging facility-type..................... ......................................................... .. ....159
5.6.6 logging clear.................................................................. .. ..........................160
5.6.7 show logging .............................................................................................160
5.6.8 show event-log ........ .. ................ ............... ................ .. ............... ................161
5.7 System Clock Commands.....................................................................................162
5.7.1 sntp-server ip...................... ................ ............... ................ ............... .........162
5.7.2 sntp-server enable..................................................................................... 163
5.7.3 sntp-server d a te-time ......... .. ................ ............... ................ ............... .......163
5.7.4 sntp-server d a y lig ht-saving .................... ............... ................ ............... .....164
5.7.5 sntp-server ti m e z o ne................. .. .. ................ ............... ................ .............164
5.7.6 show sntp . .. .. ................ ............... ............... ................ ............... ................165
5.8 DHCP Relay Commands........................................................................................166
5.8.1 dhcp-r e lay enable................... ...................... ...................... ...................... .166
5.8.2 dhcp-relay..................................................................................................166
BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual xix
Table of Contents
5.8.3 show dhcp-rela y ........................ ............... .. ................ ............... ................167
5.9 SNMP Commands ..................................................................................................168
5.9.1 snmp-serve r c om m u n it y....... ................ ............... ................ ............... .......168
5.9.2 snmp-serve r c ontact.................... ............... ................ .. ................ .............169
5.9.3 snmp-serve r lo c a tio n..................... ................ ............... ................ .............169
5.9.4 snmp-serve r e n abl e se rv e r........ .. ............... ................ ............... ................170
5.9.5 snmp-serve r h o st ........... .. .. ................ ............... ................ ............... .........170
5.9.6 snmp-serve r tr a p ......................... ............... ................ ............... ................171
5.9.7 snmp-serve r e n gi ne -id...... .. ................ ............... ................ ............... .. .......172
5.9.8 snmp-serve r u ser ........... ............... ................ .. ............... ................ ...........173
5.9.9 snmp-serve r ta r gets ......... .. .. ................ ............... ................ ............... .......174
5.9.10 snmp-serve r fi lte r....... ... ............... ............... ................ ............... ................174
5.9.11 snmp-serve r fi lte r -a s s i gn m e n ts ....................... ............... ................ ...........175
5.9.12 show snmp groups....................................................................................176
5.9.13 show snmp users ........... .. ............... ................ ............... ................ ...........176
5.9.14 show snmp group-assignments.................................................................177
5.9.15 show snmp targ e t......... .. ............... ................ ............... ................ .. ...........177
5.9.16 show snmp filte r ............. .. ............... ................ ............... ................ ...........178
5.9.17 show snmp filte r-a s s ig n m e n t s....... .. ................ ............... ................ ...........178
5.9.18 show snmp .............. .. ................ ............... ................ ............... ................ ..179
5.10 Flash/File Commands............................................................................................181
5.10.1 bootfile.......................................................................................................181
5.10.2 copy ......... ................. .................. ............... .................. .................. ...........181
5.10.3 delete.........................................................................................................182
5.10.4 dir ..............................................................................................................183
xx BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual
Table of Contents
5.10.5 show bootfile ............. ... ............... ............... ................ ............... ................184
5.11 RADIU S C li e n t ............. .. ................ ............... ................ .. ................ ............... .........185
5.11.1 radi us-server address........................ .............................. ..........................185
5.11.2 radius-server port ......................................................................................186
5.11.3 radius-server key.......................................................................................186
5.11.4 radius-server retransmit ............................................................................186
5.11.5 radius-server timeout..................................................... ............................187
5.11.6 radius-server port-accounting....................................................................187
5.11.7 radius-server timeout-interim.......... ...................... ...................... ...............188
5.11.8 radius-server radius-mac-format ...............................................................188
5.11.9 radius-server vlan-format ..........................................................................189
5.11.10 show radius ............. ................ ............... ............... ................ ............... .....189
5.12 802.1X Authentication.................. ..........................................................................191
5.12.1 802.1x........................................................................................................191
5.12.2 802.1x-supplicant enable ..........................................................................192
5.12.3 802.1x-su p pl icant user . .. ............... ................ ............... ................ .............192
5.12.4 show authentication...................................................................................193
5.13 MAC Address Authentication ......................... ...................... ...................... ..........194
5.13.1 address filter default............. ... ............... .. ................ ............... ................ ..194
5.13.2 address filter entry..... ... ............... ............... ................ ............... ................195
5.13.3 address filter delete.............. ... ............... .. ................ ............... ................ ..195
5.13.4 mac-authentication server.........................................................................196
5.13.5 mac-authentication session-timeout..........................................................196
5.14 Filtering Commands ..............................................................................................198
5.14.1 filter ap-manage ....................... .............................. ............................. ......198
5.14.2 filter uplink enable .....................................................................................198
BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual xxi
Table of Contents
5.14.3 filter uplink .................................................................................................199
5.14.4 filter ethernet-type enable..........................................................................199
5.14.5 filter ethernet-type protocol........................................................................200
5.14.6 show filters . .. ................ ............... ............... ... ............... ................ .............201
5.15 WDS Bridge Commands........................................................................................202
5.16 Spanning Tree Commands....................................................................................203
5.17 Ethernet Interface Commands..............................................................................204
5.17.1 interface ethernet ......................................................................................204
5.17.2 dns server......... ................ ............... ................ ............... ................ ...........204
5.17.3 ip addr ess............................ ........................................................ ..............205
5.17.4 ip dhcp.......................................................................................................206
5.17.5 speed-duplex.............................................................................................206
5.17.6 shutdown...................................................................................................207
5.17.7 show interface et h er n e t........ ... ............... ............... ................ ............... .....207
5.18 Wireless Interface Commands........................ ...................... ...................... ..........209
5.18.1 interface wireless.......................................................................................210
5.18.2 vap.............................................................................................................210
5.18.3 speed.........................................................................................................211
5.18.4 multicast-data-rate.....................................................................................211
5.18.5 channel......................................................................................................213
5.18.6 transmit-power...........................................................................................213
5.18.7 radio-mode ................................................................................................214
5.18.8 preamble ...................................................................................................214
5.18.9 antenna control..........................................................................................215
5.18.10 antenna id..................................................................................................215
5.18.11 antenna location........................................................................................216
xxii BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual
Table of Contents
5.18.12 beacon-interval..........................................................................................216
5.18.13 dtim-period ................................................................................................216
5.18.14 fragmentation-length .................................................................................217
5.18.15 rts-threshold ..............................................................................................218
5.18.16 super-g......................................................................................................218
5.18.17 description.................................................................................................219
5.18.18 ssid............................................................................................................219
5.18.19 closed-system ...........................................................................................220
5.18.20 max-association ........................................................................................220
5.18.21 assoc-timeout-interval...............................................................................221
5.18.22 auth-timeout-value.....................................................................................221
5.18.23 shutdown...................................................................................................221
5.18.24 show interface wi re le s s ........ ... .. ............... ................ ............... ................ ..222
5.18.25 show station .............. ... ............... ............... ................ ............... ................224
5.19 Rogue AP Detection Commands..........................................................................226
5.19.1 rogue-ap enable......................... .. .............................................................226
5.19.2 rogue- ap authenticate ...................... ........................................................ .227
5.19.3 rogue-ap duration......................................................................................227
5.19.4 rogue-ap interval .......................................................................................228
5.19.5 rogue- ap scan................... ......................................................... ...............228
5.19.6 show rogue-ap...........................................................................................229
5.20 Wireless Security Commands....................... .............................. ..........................230
5.20.1 auth ...........................................................................................................230
5.20.2 encryption..................................................................................................232
5.20.3 key.............................................................................................................232
5.20.4 transmit-key...............................................................................................233
BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual xxiii
Table of Contents
5.20.5 cipher-suite................................................................................................234
5.20.6 mic_mode..................................................................................................235
5.20.7 wpa-pre-shared-key ..................................................................................235
5.20.8 pmksa-lifetime...........................................................................................236
5.20.9 pre-authentication......................................................................................236
5.21 Link Integrity Commands......................................................................................238
5.21.1 link-integrity ping-detect ............................................................................238
5.21.2 link-integrity ping-host ...............................................................................239
5.21.3 link-integrity ping-interval...........................................................................239
5.21.4 link-integrity ping-fail-retry .........................................................................239
5.21.5 link-integrity ethernet-detect......................................................................240
5.21.6 show link-integ rity...................... ............... ................ ............... ................ ..240
5.22 IAPP C o mma n d s .............. ............... ................ ............... ................ ............... .........241
5.22.1 iapp............................................................................................................241
5.23 VLAN Commands...................................................................................................242
5.23.1 vlan............................................................................................................242
5.23.2 management-vlanid ...................................................................................243
5.23.3 vlan-id........................................................................................................243
5.24 WMM C o mm a nd s ........................ ............... ................ ............... ................ .. ...........245
5.24.1 wmm..........................................................................................................245
5.24.2 wmm-acknowledge-policy.........................................................................245
5.24.3 wmmparam................................................................................................246
Appendix A - Troubleshooting
Glossary................................................................................................253
Index.....................................................................................................259
xxiv BreezeMAX Wi2 and BreezeACCESS VL Wi2 System Manual
Chapter 1 - Product Description
In This Chapter:
“Introduction” on page 2
“Specifications” on page 4
1
Chapter 1 - Product Description
1.1 Introduction
Alvarion's Wi² suite of converged solutions, including BreezeMAX Wi²and
BreezeACCESS Wi²("Wi²"), unites the advantages of the popular WiFi access with
the powerful capabilities of BreezeMAX or BreezeACCESS VL/4900
(“BreezeACCESS”) systems to provide cost-effective solutions for personal
broadband services.
The Wi² system comprises a self-contained combination of an advanced WiFi
access point and a BreezeMAX or BreezeACCESSSU-ODU that provides backhaul
connectivity. With its advanced roaming software, the Wi² can be deployed almost
anywhere to provide broadband mobility to standard WiFi (IEEE 802.11 b/g) end
user devices. Used in conjunction with Alvarion's market-leading BreezeMAX or
BreezeACCESS base stations, the Wi² can be used to expand the existing
capabilities of Alvarion's WiMAX and pre-WiMAX networks. Using the Wi², a
BreezeMAX or BreezeACCESS network can be used to provide personal
broadband services to high-end business as well as residential users equipped
with WiFi enabled devices such as laptops, PDAs, smart-phones, and portable
gaming devices. As a converged system, the Wi² also gives operators the ability to
seamlessly transition to a fully mobile WiMAX network with managed services for
personal broadband users.
Operating in both licensed and licensed-exempt frequencies, the Wi² system
leverages the easy availability of WiFi technology - along with the power and
robustness of BreezeMAX or BreezeACCESS broadband wireless access system -
to answer critical public and private sector needs such as traffic management,
video surveillance, public Internet access, homeland security, and various
nomadic applications.
The Wi² is a self-contained, robust all-outdoor system that comprises three
elements:
A feature-rich WiFi (IEEE 802.11 b/g) Access Point (AP)
A BreezeMAX/BreezeACCESS VL/BreezeACCESS 4900 SU-ODU (supplied
separately).
A power supply module that provides power to both the WiFi AP and the
SU-ODU.
The Wi² system requires only a single connection to either AC or DC power. With
its easy installation and operation, high performance, and rich security and QoS
2 System Descript io n
Introduction
feature sets, the Wi² is an ideal solution for operators, municipalities and
communities looking to build metropolitan broadband networks or to integrate
WiFi hot zone capabilities into their existing broadband wireless access networks.
The result is personal broadband services ranging from public Internet access to
public safety and Intranet applications.
NOTE
This document describes how to install and manage the Wi² system, including the installation and
connections of a BreezeMAX or BreezeACCESS SU-ODU when installed on the mounting plate of
2
the Wi
system. For details on other instal lation op tions for the SU-ODU and how to manage it, r efer
to the relevant BreezeMAX or BreezeACCESS VL/4900 documents.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 3
Chapter 1 - Product Description
1.2 Specifications
1.2.1 Radio
Table 1-1: Radio Specifications
Item Description
Radio Type
Radio Mode
Frequency Band
Operating Channels
Channel Bandwidth
Data Rates
Turbo Mode (802.11g Super G)
802.11b Radio Technology
802.11b Modulation Technique
802.11b Radio Technology
IEEE 802.11b/g
802.11b+g, 802.11b only , 802.11g only
2400-2497 MHz
ETSI (EUR): 2412 ~ 2472 MHz(CH1-CH13)
MKK (Japan) 11b: 2412 ~ 2484 MHz (CH1-CH14)
MKK (Japan) 11g: 2412 ~ 2472 MHz(CH1-CH13)
France: 2457 ~ 2472 MHz(CH10-CH13)
US & Canada: 2400 ~ 2483.5 MHz(CH1~CH11)
20 MHz
802.11b: 1, 2, 5.5, 11 Mbps
802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps
Turbo Mode: 12, 18, 24, 36, 48, 54, 96, 108 Mbps per channel
Direct Sequence-Spread Spectrum (DSSS)
Differential Binary Phase Shift Keying (DBPSK) @ 1 Mbps
Differential Quadrature Phase Shift Keying (DQPSK) @ 2 Mbps
Complementary Code Keying (CCK) @ 5.5 and 11 Mbps
Orthogonal Frequency Divisional Multiplexing (OFDM)
802.11b Modulation Technique
FEC Coding Rates
Max Tx Power
TPC (Transmit Power Control)
Antenna Ports
Antenna Diversity
4 System Descript io n
Binary Phase Shift Keying (BPSK) @ 6 and 9 Mbps
Quadrature Phase Shift Keying (QPSK) @ 12 and 18 Mbps
16-Quadrature Amplitude Modulation (QAM) @ 24 & 36 Mbps
64-QAM @ 48 & 54 Mbps
1/2 2/3, 3/4
1 1b: 20. 36d Bm
1 1g: 24. 96d Bm
11g turbo: 24.53dB m
100%, 50%, 25%, 12.5%, Min.
2 x N-Type, 50 ohm
Rx antenna switching by energy sensing
1.2.2 Sensitivity
Table 1-2: Sensitivity
Data Rate Sensitivity (dBm)
802.11b, 1 Mbps -96
802.11b, 2 Mbps -93
802.11b, 5.5 Mbps -93
802.11b, 11 Mbps -90
802.11g, 6 Mbps -91
802.11g, 9 Mbps -90
802.11g, 12 Mbps -89
802.11g, 18 Mbps -88
802.11g, 24 Mbps -84
802.11g, 36 Mbps -80
Specifications
802.11g, 48 Mbps -75
802.11g, 54 Mbps -73
1.2.3 8 dBi Omni Antenna
Table 1-3: 8 dBi Omni Antenna
Item Description
Antenna gain
VSWR
Antenna Polarization
Horizontal Plane
Vertical Plane
Dimensions
Weight
8 dBi
2:1 max
Linear Vertical
360°
15°
52 cm x 1.9 cm diameter
340 g
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 5
Chapter 1 - Product Description
1.2.4 Configuration and Management
Table 1-4: Configuration and Management
Item Description
Management options
Web-based (HTTP/HTTPS)
Telnet
SSH
SNMP
SNMP agent
V1 / V2c, supports 802.11 MIB, RFC-1213 MIB II and private MIB.
Management access Local via Co nsole port
From the backhaul network
From WiFi clients
Management access protection Access Password
Enable/Disable access from wireless clients
Enable/Disable access using web/Telnet/SNMP
Restrict access to authorized stations (by IP)
WiFi Clients Authentication Local/RADIUS MAC List
IEEE 802.1x
Encryption WEP
WPA/TKIP over 802.1x or PSK (Pre-shared Key)
802.11i / WPA2 (AES-CCMP) over 802.1x or PSK
Mixed WPA and WEP clients support
Allocation of IP parameters
WiFi Multi-Media Support
Software upgrade
Configuration Upload/Download
Configurable or automatic (DHCP client)
Four QoS levels using the WMM standard according to IEEE 802.11e
HTTP/FTP/TFTP
FTP/TFTP
6 System Descript io n
1.2.5 Mechanical
T a ble 1-5: Mechanical Specifications
Item Description
Specifications
Dimensions
Weight
AC Power Supply
Mounting Plate Tilt
Mounting Plate Rotation
278mm (W) X 279mm (H) X 240mm (D)
5.8Kg (excluding antennas and backhauling CPE)
85-260VAC, 47-63Hz, maximum power consumption 2.5A
0
+/- 15
0
+/- 45
1.2.6 Electrical
Table 1-6: Electrical Specifications
Type Details
AC Power Supply
DC Power supply
AC/DC Power Switching
85-260VAC, 47-63Hz, maximum power consumpt ion 2.5A
42 VDC to 60 V DC, maximum power consumption 3.5A
When both AC and DC power sources are connected, AC power input will be
used as long as i nternal power supplies are w ork ing p roperly. Th e u nit w il l switch
to DC power source if AC power input fails, or the internal power supplies fail,
and the DC power input is in the proper range.
1.2.7 Connectors and LEDs
Table 1-7: Connectors and LEDs
Type Description
AC IN
SU
AP
DC IN
PoE
Console
Connection to AC mains. 3-pin power plug, Bulgin PX0732/S/07
Ethernet and power connection to backhauling CPE.
RJ-45, in a weather protected service box
Ethernet and power connection to AP (PoE).
RJ-45, in a weather protected service box
Connection to DC power source. 2-pin power plug, Bulgin
Ethernet and power connection, 8-pins DIN jack
10/100Base-T, half/full duplex with auto-negotiation
RS232 DTE, 3-pins DIN jack
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 7
Chapter 1 - Product Description
Table 1-7: Connectors and LEDs
Type Description
LEDs Power
Link (Ethernet link integrity/activity)
11b/g: 3 LEDs indicating wireless link activity
8 System Descript io n
1.2.8 Environmental
Table 1-8: Environmental Specifications
Item Details
Specifications
Operating Temperature
Storage Temperature
Humidity
Water Pr oof
Solar Radiation protection
Salt
Transportation
Storage shock
Storage drop
Wind operation
Wind survival
-400C to 600C non condensing 5º~55ºC
-550C to 800C non condensing 5º~70ºC
Maximum 95%.
IP-67
IEC 60068-2-5
IEC 60068 part 2-52
ETS 300 019-2-2 Class 2.3 Pubic Transportation
IEC 68-2-29
IEC 68-2-32
160 Km/hour
220 Km/hour
1.2.9 Standards Compliance
Table 1-9: Standards Compliance
Type Standard
EMC
EN55022 CE Class B
FCC Class B Part 15
VCCI Class B
Safety UL / CUL (CSA60950-1, UL60950-1)
CE / CB (EN60950/IEC 60950-1)
Lightning
The unit withstand at +4KV of Input surge, 1.2usec rise/fall time, 50µsec duration,
every 10 seconds, for all interfaces.
Radio ETSI 300 328 (11b/g)
ETSI 301 489 (DC power)
FCC Part 15C 15.247/15.207 (11b/g)
TELEC
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 9
Chapter 2 - Hardware Installation
In This Chapter:
“Hardware Description” on page 12
“Installation Requirements” on page 16
“Installation” on page 19
“Attaching the SU-ODU to the Mounting Plate” on page 19
2
“Attaching the Mounting Plate to the Wi² unit” on page 21
“Connecting the Wi² unit to the SU-ODU” on page 22
“Preparing the Power Cable” on page 25
“Pre-Configuration and Testing” on page 27
“Mounting the Wi² Unit” on page 28
“Connecting the Antenna(s)” on page 31
“Connecting the Grounding Cables” on page 31
“Connecting to Power Source” on page 31
Chapter 2 - Hardware Installation
2.1 Hardware Description
The Wi² consists of a WiFi access point with an integrated power supply and
interface module that connects to either a BreezeMAX or BreezeACCESS outdoor
unit (SU-ODU) for backhaul and network management software. Each unit is
housed in a weatherproof enclosure for mounting outdoors.
Antenna Connectors
(Top Panel)
s
SU-ODU
Mounting
Plate
Pole Mounting
Bracket
LEDs
Grounding
Stud
Connections
(Bottom Panel)
Figure 2-1: Wi² Unit (with SU-ODU attached)
NOTE
The diagram in Figure 2-1 includes a moun tin g pla te a nd an SU-ODU. The SU-ODU can also b e
installed separately, in which case there is no need to attach the mounting plate to the Wi² unit.
12 Installation
2.1.1 Bottom Panel
Figure 2-2 shows the bottom panel of the Wi² unit and Table 2-10 lists the
components.
Hardware Description
WiFi Access Point
(AP)
Power Supply
and
Interface Module
Figure 2-2: Bottom Panel (without the SU-ODU)
Table 2-10: Bottom Panel Components
Element Item Description
Power Supply and Interface
Module
Console Port Cover Holder Holder for waterproof protection cover
for console port when port is not in use.
Console Port Connection to console port for system
management.
PoE Port An Ethernet cable connect s the PoE port
to the AP port in the WiFi access point.
Impermeability Test Screw Do not remove or loosen this screw.
Doing so may impair the sealing of the
unit against moisture and humidity.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 13
Chapter 2 - Hardware Installation
Table 2-10: Bottom Panel Components
Element Item Description
WiFI Access Point (AP) AC Power Plug 3-pin power plug for connection to AC
power source.
AP Port An Ethernet cable connects the AP port
to the PoE port i n the power supply and
interface module.
SU Port Connection to BreezeMAX or
BreezeACCESS outdoor unit
DC Power Plug) 2-pin power plug for connection to DC
power source.
2.1.2 Top Panel
Figure 2-3: Top Panel (without the SU-ODU)
Figure 2-3 shows the top panel of the Wi² unit with two N-type RF connectors for
external antennas.
2.1.3 LED Indicators
The Wi² includes eight status LED indicators. Figure 2-4 shows the LEDs and
Table 2-11 describes the system status.
14 Installation
Figure 2-4: LED Indicators
Table 2-11: LED Indicators
LED Status Description
Power On Green Indicates that the system is working
normally.
On Amber Indicates a power shutdown due to a low
temperature condition.
Link On Green Indicates a valid 10/100 Mbps Ethernet
cable link.
Hardware Description
11b/g
(three
LEDs)
Flashing
Green
Off No signal detected or th e 802.1 1b/ g radio is
Slow Flashing
Green
Fast Flashing
Green
On Green Indicates a high level of network activity.
Indicates that the Wi² is transmitting or
receiving data on a 10/100 Mbps Ethernet
LAN. Flashing rate is proportional to
network activity.
disabled.
The 802.11b/g radio is enabled with a low
level of network activity.
Indicates a medium level o f network
activity.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 15
Chapter 2 - Hardware Installation
2.2 Installation Requirements
This section describes all the supplies required to install the Wi² and the items
included in each installation package.
2.2.1 Packing List
The BreezeMAX Wi² and BreezeACCESS Wi² installation kit includes the following
components:
Wi² unit
SU-ODU mounting plate
4 x M8 x 16 hex head screws + flat washers + spring washers
4 x 1/4” x 1/2” hex head screws + flat washers + spring washers
4 x M6 x 12 hex head screws with integral washers
55 cm category 5E Ethernet cable with two RJ-45 connectors, one shielded
with a metal service box.
AC power connector
2 x 9/16" (530 mm) metal bands
3 m Ethernet data cable for connecting the PoE port to the AP port (2 pairs
straight)
2.2.2 Additional/Optional Installation Requirements
Category 5E cable* for connecting to an SU-ODU if installed separately
(maximum length 100m.)
Rubber sealing cap (supplied with SU-ODU)
Crimping tool for RJ-45 connectors
RS232 console cable*
16 Installation
Installation Requirements
One or two 8 dBi Omni directional Antenna(s)*
UL/CSA listed smooth circular power cable, 1.5mm to 2.5mm each. Outer
diameter 7mm to 9mm, UV resistant, temperatures range -40
0
C to +650C min.
Other specifications (such as oil resistance, no of wires) according to specific
installation requirements.
A mains plug (if connecting to AC mains)
Grounding cable with an appropriate termination.
Installation tools and materials, including appropriate means for installing the
Wi² and antenna .
A PC with an Ethernet NIC for configuring basic parameters of the WiFi AP and
the SU-ODU.
Wall - Tilt Pole Mounting kit* (page 28 )
DC power connector* (pack of 5)
Waterproof covers for AC/DC socket* (pack of 5)
Spirit level
NOTE
Before starting to install the Wi² unit, check that you have all the necessary parts and accessories.
Optional accessories marked with an * can be ordered from your supplier.
2.2.3 Guidelines for P ositioning Wi²
CAUTION
ONLY experienced installation professionals who are familiar with local building and safety codes
and, wherever applic able, a re lice nsed by the app ropriate govern ment re gulato ry au thoriti es should
install outdoor units and antennas.
Failure to do so may void the prod uct warrant y an d may ex pose th e end use r or Servic e Provide r to
legal and fina ncial liab ilitie s. Alvari on and it s r esell ers or dist ributors are not l iable for i njury, damage
or regulation violations associated with the installation of Outdoor Units or antennas.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 17
Chapter 2 - Hardware Installation
The Wi² should be mounted vertically on a 1"-4" pole. Its location should enable
easy access to the unit and its connectors for installation and maintenance and
should have a clear or near line of sight to the area to be covered.
The SU-ODU attached to the unit should have a clear or near line of sight to the
base stations. For further information about the optimal installation location of
the SU-ODU refer to the relevant manual.
18 Installation
Installation
2.3 Installation
The following sections describe how to install a Wi² unit, including attaching the
SU-ODU to the mounting plate, attaching the mounting plate to the Wi² unit,
connecting to the SU-ODU, pole mounting, connecting a grounding cable, and
connecting the antenna(s).
2.3.1 Attaching the SU-ODU to the Mounting Plate
IMPORTANT
The angle at which the SU-ODU is mounted on the Wi² can be adapted depending on the location
of the Wi² unit in relation to the base station. Once attached, the mounting plate can be tilted either
up or down. Before attaching the SU-ODU to the mounting plate, determine the direction of the tilt
.
T o attach a BreezeMAX PRO-S ODU or BreezeACCESSSU-ODU with HW Revision E
to the mounting plate:
NOTE
BreezeACCESS SU-ODU with HW Revision E is the ne w , smalle r size ODU availa ble in the 5.4 and
5.8 GHz bands.
1 Determine the tilt direction of the SU-ODU.
2 Using the M8 x 16 hex head screws and the flat washers and spring washers
supplied, attach the SU-ODU to the mounting plate as shown in Figure 2-5 in
the direction marked.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 19
Chapter 2 - Hardware Installation
Figure 2-5: Attaching BreezeMAX PRO-S ODU or BreezeACCESSSU-ODU with HW Revision E to
Mounting Plate
NOTE
For information about polarization refer to the relevant manual.
To attach a BreezeACCESS SU-ODU with HW Revision D or lower to the mounting
plate:
1 Determine the tilt direction of the SU-ODU.
2 Using the 1/4” x 1/2” hex head screws and the flat washers and spring
washers supplied, attach the SU-ODU to the mounting plate as shown in
Figure 2-6 in the direction marked.
20 Installation
Installation
Figure 2-6: Attaching BreezeACCESS SU-ODU with HW Revision D or lower to Mounting Plate
NOTE
Sometimes, physical circumstance require that the SU-ODU be located at a distance from the Wi²
unit and not attached to the mounting plate. For further information see the section on SU-ODU
mounting in the relevant manual.
2.3.2 Attaching the Mounting Plate to the Wi² unit
1 Hold the mounting plate with SU-ODU attached so the tilt label faces in the
tilt direction that you have decided upon (see Section 2.3.1).
2 Using the M6 x 12 hex head screws with integral washers, attach the
mounting plate to the Wi² unit as shown in Figure 2-7.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 21
Chapter 2 - Hardware Installation
Figure 2-7: Attaching the Mounting Plate to the Wi² Unit
3 Adjust the tilt angle according the scale marked on the mounting plate and
tighten the screws.
2.3.3 Connecting the Wi² unit to the SU-ODU
NOTE
The Wi² installation kit includes a Category 5E Ethernet cable, suitable for connecting to
BreezeMAX PRO-S and BreezeACCESSHW revision E SU-ODU units. For instructions on how to
adapt the Ethernet cable f or c onn ec tin g to a BreezeACCESS SU-ODU with HW revision D or lower
refer to Section 2.3.3.1, “Adapting the Ethernet Cable for Connecting to BreezeACCESS SU-ODU
with HW Revision D or lower” on page 2-24
T o connect the Wi² to BreezeMAX PRO-S and BreezeACCESS HW revision E
SU-ODU units:
1 The rubber sealing cap (supplied with the SU-ODU) has a special groove
allowing to insert an ethernet cable with an already assembled RJ-45
connector through the cap. To expose the groove, lightly squeeze the cap (see
Figure 2-8). Carefully insert the unshielded end of category 5E Ethernet cable
supplied through the groove.
22 Installation
Installation
groove
Figure 2-8: Sealing Cap
2 Expose the RJ-45 connector under the sealing cap on the Ethernet cable and
connect to the SU-ODU RJ-45 connector (Figure 2-9).
Figure 2-9: Connecting the SU-ODU connector and inserting the Sealing Cap
3 Put the sealing cap back in its place. Make sure that the small protrusion on
the side of the cap fits inside the hole on the connector's protective body.
4 Connect the other end of the Ethernet cable to the SU port on the Wi² unit.
5 Verify that the O-ring supplied with the service box kit is in place, attach the
service box to the unit and tighten the top nut.
6 Use appropriate sealing material to protect the connection to the SU-ODU
against moisture and humidity. Use removable sealing material to enable
future access to the connector.
NOTE
Use high quality s ealin g mate rial such as Sco tch® 130C Linerl ess Rub ber S p licin g Tape from 3M to
ensure IP-67 compliant protection against dust and water.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 23
Chapter 2 - Hardware Installation
2.3.3.1 Adapting the Ethernet Cable for Connecting to BreezeACCESS SU-ODU with HW Revision D or lower
The rubber sealing cap on the Category 5E Ethernet cable supplied does not suit
all SU-ODU units and sometimes has to be changed.
T o adapt the Ethernet cable for connecting to a BreezeACCESS SU-ODU with HW
Revision D or lower:
1 Lightly squeeze the groove on the sealing cap on the Ethernet cable and
remove the sealing cap (see Figure 2-8).
2 Cut the cable and remove the RJ-45 connector.
3 Route the cable through the service box supplied with the SU-ODU.
4 Use a crimp tool to prepare the wires, insert them into the appropriate pins as
outlined on the service box and use the crimp tool to crimp the connector.
Make sure to do the following:
Remove as small a length as possible of the external jacket of the wires.
Verify that the external jacket is well inside the service box to ensure good
sealing.
Pull back the shield drain wire before inserting the cable into the RJ-45
connector, to ensure a good connection with the connector's shield after
crimping.
5 Connect the Ethernet cable to the SU-ODU RJ-45 connector.
6 Make sure that the external jacket of the cable is well inside the service box to
guarantee a good seal.
7 Verify that the O-ring of the service box kit is in place , attach the service box
to the unit and tighten the top nut.
24 Installation
2.3.4 Preparing the Power Cable
CAUTION
Electric Shock Hazard. Only a licensed electrician should connect the power plug.
All mains used outdoors, in damp or wet conditions, should be supplied from a correctly fused
source and protected according to applicable local regulations.
T o prepare the power cable:
1 Use a UL/CSA listed smooth circular power cable, 1.5mm to 2.5mm each.
Outer diameter 7mm to 9mm, UV resistant, temperature range -40°C to +
65°C (-40°F to +149°F) minimum. Other specifications (such as oil resistance,
no of wires) according to specific installation requirements.
Installation
2 Use a cap assembly tool to unscrew the locking nut.
3 Thread the cable through component parts as shown in Figure 2-10.
NOTE
Figure 2-10
shows an AC power jack. The DC power jack is similar, but only has two sockets.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 25
Chapter 2 - Hardware Installation
Figure 2-10: Preparing the Power Cable
4 Strip insulation from wires as shown in Figure 2-10.
5 Insert bare wire ends into the terminals and fully tighten the screws. The wires
should be connected as shown below:
AC DC
Brown Phase ~ Red +
Blue Neutral 0 Black -
Yellow/green Grounding
6 Draw cable back until socket insert is correctly seated in D-shaped location in
the main body. Tighten the Gland nut. Screw back the locking ring using the
cap assembly tool.
7 For an AC cable, connect a mains plug to the other end of the cable. For a DC
cable, connect the appropriate termination.
26 Installation
2.3.5 Pre-Configuration and Testing
It is highly recommended that you configure the parameters of the Access Point
(AP) unit and the SU-ODU and verify proper operation of the system in the
laboratory before installing the Wi² unit.
To configure the AP unit:
1 Set up the unit a short distance (4.5m to 7.5m) from an approved test unit,
either outdoors or indoors.
2 Connect the power cable to the power socket on the unit. Connect the other
end to the mains supply.
3 Check that the LED on the Wi² is green indicating that the system is working
normally.
Installation
4 Using Telnet, login as outlined in Chapter 3 - "Initial Configuration" and
complete the initial configuration.
5 Complete the configuration of the AP, using either Telnet or the web-based
interface as outlined in Chapter 4 - "System Configuration".
6 Disconnect the cable connecting the SU-ODU to the SU port of the Wi²unit.
7 Connect an SU-IDU to the SU-ODU.
8 Connect a PC to the Ethernet port of the IDU and configure its parameters. For
configuration details refer to the relevant manual.
9 After configuring the parameters of the AP and SU-ODU and verifying proper
operation of the system, disconnect the unit from the power source and
proceed to mount the unit as outlined in Section 2.3.6.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 27
Chapter 2 - Hardware Installation
2.3.6 Mounting the Wi² Unit
To pole mount the Wi² unit:
1 With the bottom panel of the unit facing downwards, thread the two 9/16"
wide metal bands supplied through the brackets on the sides of the unit.
2 Rotate the mounting bracket, so that the Wi² faces the Base Station.
NOTE
The mounting bracket can be rotated up to 45o in any direction.
3 Secure the Wi² unit to a pole as shown in Figure 2-11.
Figure 2-11: Pole Mounting the Wi²
2.3.6.1 Mounting the Wi² using the Tilt Accessory
The Wi² can also be installed on a wall or on a non-vertical pole using an optional
tilt accessory kit. The tilt accessory kit ( Figure 2-12) includes:
A mounting bracket
3 metal bands for attaching the bracket to a pole
28 Installation
Screws for attaching the bracket to a wall
A 50 cm pole (diameter 6.03 cm)
Screws for attaching the pole to mounting bracket
Installation
Figure 2-12: Tilt Accessory Kit
T o mount the tilt accessory on a wall:
1 Place the bracket on the wall and use as a template to mark the position of the
holes to be drilled for the screws .
2 Remove the bracket from the wall and drill a hole in each of the locations
marked.
3 Insert anchors into the holes.
4 Hold the bracket over the holes and insert a screw into each of the holes in the
bracket, and screw into the anchors in the wall. Secure the bracket to the wall,
making sure that the screw heads are as level with the bracket as possible.
To mount the tilt accessory on a non-vertical pole:
Thread the metal bands provides with the tilt accessory through the slits in
the bracket and attach to the pole as shown in Figure 2-13.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 29
Chapter 2 - Hardware Installation
Figure 2-13: Mounting Tilt Accessory on Non-Vertical Pole
T o mount the Wi² using the tilt accessory:
1 Mount the tilt accessory bracket on the wall or pole as described above.
2 Using the screws provided attach the pole to the tilt accessory bracket.
3 Using a spirit level, adjust the angle of the pole until it is vertical and tighten
the screws to hold in place.
4 Secure the Wi² to the pole as described in “Mounting the Wi² Unit” on page 28.
Figure 2-14: Wi² Mounting Using the Tilt Accessory
30 Installation
2.3.7 Connecting the Grounding Cables
To connect the grounding cables:
1 Connect a grounding cable to the grounding stud on theWi² unit and tighten
the grounding screw firmly.
2 Connect a grounding cable to the grounding stud on the SU-ODU and tighten
the grounding screw firmly.
3 Connect the other ends of the grounding cables to a good ground (earth)
connection.
CAUTION
Be sure that grounding is available and that it meets local and national electrical codes. For
additional lightning protection, use lightning rods, lightning arrestors, or surge suppressors.
Installation
2.3.8 Connecting to Po wer Source
1 Connect the power cable (see Section 2.3.4) to the power socket on the unit
and to the mains supply.
CAUTION
The Wi² can be connected to ei ther an AC or DC power s ource , or to bo th. By de fault th e DC p lug is
covered with a waterproof sealing cap which must be removed before connecting to the power
cable. Any socket th at i s N OT i n us e m us t a lway s b e p rotected from moisture and must b e c ov ered
with a waterproof sealing cap.
2 Check that the LED on the Wi² is green indicating that the system is working
normally.
BreezeMAX Wi² and BreezeACCESS Wi² System Manu al 31
Chapter 2 - Hardware Installation
2.4 Post Installation Configuration of the AP/SU-ODU
As mentioned before, it is highly recommended to complete configuration of the AP
and SU-ODU in the lab prior to installation. After initial configuration proceed to
advanced configuration via the web-based interface, Telnet, SSH, SNM web/SSH
or backhaul wireless link. See Chapter 4 - "System Configuration" for further
details.
32 Installation
Chapter 3 - Initial Configuration
In This Chapter:
“Introduction” on page 34
“Initial Setup through the CLI” on page 35
“Configuration via Telnet” on page 35
“Configuration via Console” on page 35
“Initial Configuration Steps” on page 36
3
“Logging In” on page 38
Chapter 3 - Initial Configuration
3.1 Introduction
The Access Point (AP) unit offers a variety of management options, including a
web-based interface, Telnet, SSH, SNMP and a direct connection to the console
port.
The initial configuration steps can be made through the web browser interface or
CLI.
34 Commissioning
3.2 Initial Setup through the CLI
For a description of how to use the CLI, see “Using the Command Line Interface”
on page 125. For a list of all the CLI commands and detailed information on using
the CLI, refer to “Command Groups” on page 132.
3.2.1 Configuration via Telnet
By default, use the Telnet option to configure the unit. The AP uses the default
address 192.168.1.1. This address may not be compatible with your network. You
will therefore have to use the command line interface (CLI) to assign an IP address
that is compatible with your network as described on page 36.
Use the category 5 Ethernet data cable (2 pairs crosswire) provided to connect the
SU port on the Wi² unit to your PC and Telnet the unit to start the initial setup.
3.2.2 Configuration via Console
Initial Setup through the CLI
The Wi² has a console port that enables a connection to a PC or terminal for
monitoring and configuration. Attach a VT100-compatible terminal, or a PC
running a terminal emulation program to the Wi² using an RS232 console cable.
To connect to the console port:
1 Connect the console cable to the serial port on a terminal, or a PC running
terminal emulation software.
2 Connect the other end of the cable to the console port on the Wi² unit.
3 Make sure the terminal emulation software is set as follows:-:
Select the appropriate serial port (COM port 1 or 2).
Set the data rate to 9600 baud.
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set flow control to none.
Set the emulation mode to VT100.
When using HyperTerminal, select Terminal keys, not Windows keys.
4 Once you have set up the terminal correctly, press the [Enter] key to initiate
the console connection. The console login screen is displayed.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 35
Chapter 3 - Initial Configuration
3.2.3 Initial Configuration Steps
Logging In – Enter admin for the user name. The default password is null, so just
press [Enter] at the password prompt. The CLI prompt appears displaying
Enterprise AP#.
Username: admin
Password:
Enterprise AP#
Setting the Country Code – You must use the CLI to set the country code.
Setting the country code restricts operation of the AP to the radio channels and
transmit power levels permitted for wireless networks in the specified country.
NOTE
For American and Canad ian custo mers only channels 1~11 are permitted. Setting of other channels
is not possible.
Type exit to leave configuration mode. Then type country ? to display the list of
countries. Select the code for your country, and enter the country command
again, following by your country code (e.g., tw for Taiwan).
Enterprise AP#country tw
Enterprise AP#
Setting the IP Address – By default, the AP is configured to obtain IP address
settings from a DHCP server. If a DHCP server is not available, the IP address
defaults to 192.168.1.1, which may not be compatible with your network. You will
therefore have to use the command line interface (CLI) to assign an IP address
that is compatible with your network.
Type configure to enter configuration mode, then type interface ethernet to
access the Ethernet interface-configuration mode.
Enterprise AP#configure
Enterprise AP(config)#interface ethernet
Enterprise AP(config-if)#
First type no ip dhcp to disable DHCP client mode. Then type ip address and the
ip-address netmask gateway, where ip-address is the AP’s IP address, netmask is
the network mask for the network, and gateway is the default gateway router.
Check with your system administrator to obtain an IP address that is compatible
with your network.
Enterprise AP(if-ethernet)#no ip dhcp
Enterprise AP(if-ethernet)#ip address 192.168.2.2 255.255.255.0 192.168.2.254
Enterprise AP(if-ethernet)#
36 Commissioning
Initial Setup through the CLI
After configuring the AP’s IP parameters, you can access the management
interface from anywhere within the attached network. The command line interface
can also be accessed using Telnet from any computer attached to the network.
NOTE
Command examples shown later in this manual use the console prompt to Enterprise AP.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 37
Chapter 3 - Initial Configuration
3.3 Logging In
There are a few basic steps you need to complete to connect the AP to your
corporate network, and provide network access to wireless clients.
The AP can be managed by any computer using a web browser (Internet Explorer
5.0 or above, or Netscape 6.2 or above).
To Login:
1 Enter the default IP address http://192.168.1.1. Figure 3-1 is displayed.
Figure 3-1: Login
2 Enter the username admin.
3 The password is null, so leave blank and click LOGIN.
4 The home page (Figure 3-2) is displayed.
38 Commissioning
NOTE
Logging In
Figure 3-2: Home Page
For information on configuri ng a user name and p as s wo rd, see page 64.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 39
Chapter 4 - System Configuration
In This Chapter:
“Introduction” on page 42
“Advanced Configuration” on page 43
“SNMP” on page 75
“Radio Interface” on page 81
4
“Status Information” on page 116
Chapter 4 - System Configuration
4.1 Introduction
Before continuing with advanced configuration, first complete the initial
configuration steps described in Chapter 3 to set up an IP address for the Access
Point (AP) unit.
The AP unit can be managed by any computer using a web browser (Internet
Explorer 5.0 or above, or Netscape 6.2 or above). Enter the configured IP address
of the AP unit, or use the default address: http://192.168.1.1.
Enter the default user name admin in the Log In Dialog Box (Figure 3-1) and click
LOGIN. Select Advanced Setup from the menu on the home page. Figure 4-1 is
displayed
.
Figure 4-1: Advanced Setup
The information in this chapter is organized to reflect the structure of the web
screens for easy reference. However, it is recommended that you configure a user
name and password as the first step under Administration to control management
access to this device (Section 4.2.10).
42 Operation
Advanced Configuration
4.2 Advanced Configuration
The Advanced Configuration pages include the following options.
Table 4-1: Menu
Menu Description Page
System Configures basic administrative and client access 44
Identification Specifies the host name 44
TCP / IP Settings Configures the IP address, subnet mask, gateway, and domain name servers 45
RADIUS Configures the RADIUS server for wireless client authentication and accounting 48
SSH Settings Configures Secure Shell management access 51
Authentication Configures 802.1X client authentication, with an option for MAC address
authentication
Filter Control Filters communications between wireless clients, access to the management
interface from wireless clients, and traffic matching specific Ethernet protocol
types
VLAN Enables VLAN support and sets the management VLAN ID 60
WDS Settings Not applicable for current release 62
AP Management Configures access to management interfaces 62
Administration Configures user name and pass word for mana gemen t
from local file , FT P or TFTP server;
defaults; and resets the AP
System Log Controls logging of error messages; sets the system clock via SNTP server or
manual configuration
RSSI Not applicable for current release 74
SNMP Configures SNMP settings 75
Radio Interface G Configures the IEEE 802.11g interface 81
Radio Settings Configures common radio signal parameters and other settings for each VAP
interface
resets configuration settings to factory
access; upgrades software
53
57
64
70
81
Security Enables each VAP interface, sets the SSID, and configures wireless security 98
Status Displays information about the access point and wireless clients 116
AP Status Displays configuration settings for the basic system and the wireless interface 116
Station Status Shows the wireless clients currently associated with the access point 118
Event Logs Shows log messages stored in memory 120
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 43
Chapter 4 - System Configuration
NOTE
This chapter may inclu de references to features that are not appli ca ble to the curr ent re lea se suc h as
Radio A, WDS Settings and RSSI.
4.2.1 System Identification
The system name can be left with the default setting. However, modifying this
parameter enables you to easily identify different devices in your network.
Figure 4-2: Identification
System Name – An alias for the AP, enabling the device to be uniquely identified
on the network. (Default: BlueSecure BSAP-1600; Range: 1-32 characters)
44 Operation
Advanced Configuration
4.2.1.0.1 CLI Commands for System Identification
Enter the global configuration mode, and use the system name command to
specify a new system name. Return to the Exec mode, and use the show system
command to display the changes to the system identification settings.
Enterprise AP#config 135
Enter configuration commands, one per line.
Enterprise AP(config)#system name R&D
Enterprise AP(config)#end 135
Enterprise AP#show system 149
System Information
==============================================================
Serial Number : 0000000000
System Up time : 2 days, 4 hours, 33 minutes, 38 seconds
System Name : R&D
System Location :
System Contact : Contact
System Country Code
System Country Code
Radio G MAC Address : 00-12-CF-12-34-95
IP Address : 192.168.1.2
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.1.254
VLAN State : DISABLED
Management VLAN ID(AP): 1
IAPP State : ENABLED
DHCP Client : DISABLED
HTTP Server : ENABLED
HTTP Server Port : 80
HTTP Session Timeout : 300 sec(s)
HTTPS Server : ENABLED
HTTPS Server Port : 443
Slot Status : 802.11g only
Boot Rom Version : v2.1.6
Software Version : v4.3.3.8b02
SSH Server : ENABLED
SSH Server Port : 22
Telnet Server : ENABLED
DHCP Relay : DISABLED
==============================================================
142
Enterprise AP#
4.2.2 TCP / IP Settings
Configuring the AP with an IP address expands your ability to manage the AP. A
number of features depend on IP addressing to operate.
NOTE
You can use the web browser interface to access IP addressing only if the AP already has an IP
address that is accessible through your network.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 45
Chapter 4 - System Configuration
By default, the AP is automatically configured with IP settings from a Dynamic
Host Configuration Protocol (DHCP) server. However, if you are not using a DHCP
server to configure IP addressing, use the CLI to manually configure the initial IP
values (see page 36). Once you have network access to the AP, you can use the
web browser interface to modify the initial IP configuration, if necessary.
NOTE
If there is no DHCP server on your network, or DHCP fails, the AP will automatically start up with a
default IP address of 192.168.1.1.
Figure 4-3: TCP/IP Settings
DHCP Client (Enable) – Select this option to obtain the IP settings for the AP from a
DHCP (Dynamic Host Configuration Protocol) server. The IP address, subnet
mask, default gateway, and Domain Name Server (DNS) address are dynamically
assigned to the AP by the network DHCP server. (Default: Enabled)
DHCP Client (Disable) – Select this option to manually configure a static address
for the AP.
IP Address: The IP address of the AP. Valid IP addresses consist of four
decimal numbers, 0 to 255, separated by periods.
Subnet Mask: The mask that identifies the host address bits used for routing
to specific subnets.
46 Operation
Advanced Configuration
Default Gateway: The default gateway is the IP address of the router for the
AP, which is used if the requested destination address is not on the local
subnet.
If you have management stations, DNS, RADIUS, or other network servers
located on another subnet, type the IP address of the default gateway router in
the text field provided. Otherwise, leave the address as all zeros (0.0.0.0).
Primary and Secondary DNS Address: The IP address of Domain Name Servers
on the network. A DNS maps numerical IP addresses to domain names and
can be used to identify network hosts by familiar names instead of the IP
addresses.
If you have one or more DNS servers located on the local network, type the IP
addresses in the text fields provided. Otherwise, leave the addresses as all
zeros (0.0.0.0).
4.2.2.0.1 CLI Commands for TCP/IP Settings
From the global configuration mode, enter the interface configuration mode with
the interface ethernet command. Use the ip dhcp command to enable the DHCP
client, or no ip dhcp to disable it. To manually configure an address, specify the
new IP address, subnet mask, and default gateway using the ip address
command. To specify DNS server addresses use the dns server command and use
the show interface ethernet command from the Exec mode to display the
current IP settings.
Enterprise AP(config)#interface ethernet 204
Enter Ethernet configuration commands, one per line.
Enterprise AP(if-ethernet)#no ip dhcp
Enterprise AP(if-ethernet)#ip address 192.168.1.2
255.255.255.0 192.168.1.253
Enterprise AP(if-ethernet)#dns primary-server 192.168.1.55 204
Enterprise AP(if-ethernet)#dns secondary-server 10.1.0.55 204
Enterprise AP(config)#end 135
Enterprise AP#show interface ethernet 207
Ethernet Interface Information
========================================
IP Address : 192.168.1.2
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.1.253
Primary DNS : 192.168.1.55
Secondary DNS : 10.1.0.55
Admin status : Up
Operational status : Up
========================================
Enterprise AP#
206
205
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 47
Chapter 4 - System Configuration
4.2.3 RADIUS
Remote Authentication Dial-in User Service (RADIUS) is an authentication
protocol that uses software running on a central server to control access to
RADIUS-aware devices on the network. An authentication server contains a
database of user credentials for each user that requires access to the network.
A primary RADIUS server must be specified for the AP to implement IEEE 802.1X
network access control and WiFi Protected Access (WPA) wireless security. A
secondary RADIUS server may also be specified as a backup should the primary
server fail or become inaccessible.
In addition, the configured RADIUS server can also act as a RADIUS Accounting
server and receive user-session accounting information from the AP. RADIUS
Accounting can be used to provide valuable information on user activity in the
network.
NOTE
This manual assumes that you have already configured RADIUS server(s) to support the AP.
Configuration of RADIUS server software is beyond the scope of this manul, refer to the
documentation provided with the RADIUS server software.
48 Operation
Advanced Configuration
Figure 4-4: RADIUS
MAC Address Format – MAC addresses can be specified in one of four formats,
using no delimiter, with a single dash delimiter, with multiple dash delimiters,
and with multiple colon delimiters.
VLAN ID Format – A VLAN ID (a number between 1 and 4094) can be assigned to
each client after successful authentication using IEEE 802.1X and a central
RADIUS server. The user VLAN IDs must be configured on the RADIUS server for
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 49
Chapter 4 - System Configuration
each user authorized to access the network. VLAN IDs can be entered as
hexadecimal numbers or as ASCII strings.
Primary Radius Server Setup – Configure the following settings to use RADIUS
authentication on the AP.
Radius Status: Enabling Radius Status allows the settings of RADIUS
authentication. (Default: Enable)
IP Address: Specifies the IP address or host name of the RADIUS server.
Port: The UDP port number used by the RADIUS server for authentication
messages. (Range: 1024-65535; Default: 1812)
Key: A shared text string used to encrypt messages between the AP and the
RADIUS server. Be sure that the same text string is specified on the RADIUS
server. Do not use blank spaces in the string. (Maximum length: 255
characters)
Timeout: Number of seconds the AP waits for a reply from the RADIUS server
before resending a request. (Range: 1-60 seconds; Default: 5)
Retransmit attempts: The number of times the AP tries to resend a request to
the RADIUS server before authentication fails. (Range: 1-30; Default: 3)
Accounting Port: The RADIUS Accounting server UDP port used for accounting
messages. (Range: 0 or 1024-65535; Default: 0, disabled)
Interim Update Timeout: The interval between transmitting accounting updates
to the RADIUS server. (Range: 60-86400; Default: 3600 seconds)
NOTE
For the Timeout and Retransmit attempts fields, accept the default values unless you experience
problems connecting to the RADIUS server over the network.
Secondary Radius Server Setup – Configure a secondary RADIUS server to provide
a backup in case the primary server fails. The AP uses the secondary server if the
primary server fails or becomes inaccessible. Once the AP switches over to the
secondary server, it periodically attempts to establish communication again with
primary server. If communication with the primary server is re-established, the
secondary server reverts to a backup role.
50 Operation
Advanced Configuration
4.2.3.0.1 CLI Commands for RADIUS
From the global configuration mode, use the radius-server address command to
specify the address of the primary or secondary RADIUS servers. (The following
example configures the settings for the primary RADIUS server.) Configure the
other parameters for the RADIUS server. Then use the show radius command
from the Exec mode to display the current settings for the primary and secondary
RADIUS servers.
Enterprise AP(config)#radius-server address 192.168.1.25 185
Enterprise AP(config)#radius-server port 181 186
Enterprise AP(config)#radius-server key green 186
Enterprise AP(config)#radius-server timeout 10 187
Enterprise AP(config)#radius-server retransmit 5 186
Enterprise AP(config)#radius-server port-accounting 1813 187
Enterprise AP(config)#radius-server timeout-interim 500 188
Enterprise AP(config)#exit
Enterprise AP#show radius
Radius Server Information
========================================
IP : 192.168.1.25
Port : 181
Key : *****
Retransmit : 5
Timeout : 10
Radius MAC format : no-delimiter
Radius VLAN format : HEX
========================================
189
Radius Secondary Server Information
========================================
IP : 0.0.0.0
Port : 1812
Key : *****
Retransmit : 3
Timeout : 5
Radius MAC format : no-delimiter
Radius VLAN format : HEX
========================================
Enterprise AP#
4.2.4 SSH Settings
Telnet is a remote management tool that can be used to configure the AP from
anywhere in the network. However, Telnet is not secure from hostile attacks. The
Secure Shell (SSH) can act as a secure replacement for Telnet. The SSH protocol
uses generated public keys to encrypt all data transfers passing between the AP
and SSH-enabled management station clients and ensures that data traveling
over the network arrives unaltered. Clients can then securely use the local user
name and password for access authentication.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 51
Chapter 4 - System Configuration
SSH client software needs to be installed on the management station to access the
AP for management via the SSH protocol.
NOTE
The AP supports only SSH version 2.0.
After boot up, the SSH server needs about two minutes to generate host encryption keys. The
SSH server is disabled while the keys are being generated.
Figure 4-5: SSH Settings
4.2.4.1 SSH Settings
Telnet Server Status – Enables or disables the Telnet server. (Default: Enabled)
SSH Server Status – Enables or disables the SSH server. (Default: Enabled)
SSH Server Port – Sets the UDP port for the SSH server. (Range: 1-65535;
Default: 22)
4.2.4.1.1 CLI Commands for SSH
To enable the SSH server, use the ip ssh-server enable command from the CLI
Ethernet interface configuration mode. To set the SSH server UDP port, use the ip
ssh-server port command. To view the current settings, use the show system
command from the CLI Exec mode (not shown in the following example).
Enterprise AP(if-ethernet)#no ip telnet-server 144
Enterprise AP(if-ethernet)#ip ssh-server enable 143
Enterprise AP(if-ethernet)#ip ssh-server port 1124 144
Enterprise AP(if-ethernet)#exit
Enterprise AP(config)#
52 Operation
4.2.5 Authentication
Wireless clients can be authenticated for network access by checking their MAC
address against the local database configured on the AP, or by using a database
configured on a central RADIUS server. Alternatively, authentication can be
implemented using the IEEE 802.1X network access control protocol.
A client’s MAC address provides relatively weak user authentication, since MAC
addresses can be easily captured and used by another station to break into the
network. Using 802.1X provides more robust user authentication using user
names and passwords or digital certificates. You can configure the access point to
use both MAC address and 802.1X authentication, with client station MAC
authentication occurring prior to IEEE 802.1X authentication. However, it is
better to choose one or the other, as appropriate.
Take note of the following points before configuring MAC address or 802.1X
authentication:
Advanced Configuration
Use MAC address authentication for a small network with a limited number of
users. MAC addresses can be manually configured on the AP itself without the
need to set up a RADIUS server, but managing a large number of MAC
addresses across many APs is very cumbersome. A RADIUS server can be used
to centrally manage a larger database of user MAC addresses.
Use IEEE 802.1X authentication for networks with a larger number of users
and where security is the most important issue. When using 802.1X
authentication, a RADIUS server is required in the wired network to centrally
manage the credentials of the wireless clients. It also provides a mechanism
for enhanced network security using dynamic encryption key rotation or WiFi
Protected Access (WPA).
NOTE
If you configure RADIUS MAC authentication together with 802.1X, RADIUS MAC address
authentication is performed prior to 802.1X authentication. If RADIUS MAC authentication
succeeds, then 802.1X authentication is performed. If RADIUS MAC authentication fails, 802.1X
authentication is not performed.
The AP can also operate in a 802.1X supplicant mode. This enables the AP
itself to be authenticated with a RADIUS server using a configured MD5 user
name and password. This prevents rogue APs from gaining access to the
network.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 53
Chapter 4 - System Configuration
Figure 4-6: Authentication
MAC Authentication – You can configure a list of the MAC addresses for wireless
clients that are authorized to access the network. This provides a basic level of
authentication for wireless clients attempting to gain access to the network. A
database of authorized MAC addresses can be stored locally on the AP or remotely
on a central RADIUS server. (Default: Disabled)
Disabled: No checks are performed on an associating station’s MAC address.
Local MAC: The MAC address of the associating station is compared against
the local database stored on the AP. Use the Local MAC Authentication section
of this web page to set up the local database, and configure all APs in the
wireless network service area with the same MAC address database.
Radius MAC: The MAC address of the associating station is sent to a
configured RADIUS server for authentication. When using a RADIUS
authentication server for MAC address authentication, the server must first be
configured in the Radius window (see “RADIUS” on page 48). The database of
MAC addresses and filtering policy must be defined in the RADIUS server.
54 Operation
Advanced Configuration
NOTE
MAC addresses on the RADIUS server can be entered in four different formats (see “RADIUS”
on page 48
).
802.1X Supplicant – The AP can also operate in a 802.1X supplicant mode. This
enables the access point itself to be authenticated with a RADIUS server using a
configured MD5 user name and password. This prevents rogue APs from gaining
access to the network.
Local MAC Authentication – Configures the local MAC authentication database.
The MAC database provides a mechanism to take certain actions based on a
wireless client’s MAC address. The MAC list can be configured to allow or deny
network access to specific clients.
System Default: Specifies a default action for all unknown MAC addresses
(that is, those not listed in the local MAC database).
Deny: Blocks access for all MAC addresses except those listed in the local
database as “Allow.”
Allow: Permits access for all MAC addresses except those listed in the local
database as “Deny.”
MAC Authentication Settings: Enters specified MAC addresses and permissions
into the local MAC database.
MAC Address: Physical address of a client. Enter six pairs of hexadecimal
digits separated by hyphens; for example, 00-90-D1-12-AB-89.
Permission: Select Allow to permit access or Deny to block access. If Delete
is selected, the specified MAC address entry is removed from the database.
Update: Enters the specified MAC address and permission setting into the
local database.
MAC Authentication Table: Displays current entries in the local MAC database.
4.2.5.0.1 CLI Commands for Local MAC Authentication
Use the mac-authentication server command from the global configuration
mode to enable local MAC authentication. Use the mac-authentication
session-timeout command to set the authentication interval to enable web-based
authentication for service billing. Set the default action for MAC addresses not in
the local table using the address filter default command, then enter MAC
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 55
Chapter 4 - System Configuration
addresses in the local table using the address filter entry command. To remove
an entry from the table, use the address filter delete command. To display the
current settings, use the show authentication command from the Exec mode.
Enterprise AP(config)#mac-authentication server local 196
Enterprise AP(config)#mac-authentication session-timeout 5 196
Enterprise AP(config)#address filter default denied 194
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1a denied
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1b allowed
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1c allowed
Enterprise AP(config)#address filter delete
00-70-50-cc-99-1c
Enterprise AP(config)#exit
Enterprise AP#show authentication
Authentication Information
===========================================================
MAC Authentication Server : LOCAL
MAC Auth Session Timeout Value : 0 min
802.1x supplicant : DISABLED
802.1x supplicant user : EMPTY
802.1x supplicant password : EMPTY
Address Filtering : DENIED
195
195
193
System Default : ALLOW addresses not found in filter table.
Filter Table
MAC Address Status
----------------- ---------00-70-50-cc-99-1a DENIED
00-70-50-cc-99-1b ALLOWED
=========================================================
Enterprise AP#
4.2.5.0.2 CLI Commands for RADIUS MAC Authentication
Use the mac-authentication server command from the global configuration
mode to enable remote MAC authentication. Set the timeout value for
re-authentication using the mac- authentication session-timeout command. Be
sure to also configure connection settings for the RADIUS server (not shown in the
56 Operation
Advanced Configuration
following example). To display the current settings, use the show authentication
command from the Exec mode.
Enterprise AP(config)#mac-authentication server remote 196
Enterprise AP(config)#mac-authentication
session-timeout 300
Enterprise AP(config)#exit
Enterprise AP#show authentication
Authentication Information
===========================================================
MAC Authentication Server : REMOTE
MAC Auth Session Timeout Value : 300 min
802.1x supplicant : DISABLED
802.1x supplicant user : EMPTY
802.1x supplicant password : EMPTY
Address Filtering : DENIED
System Default : DENY addresses not found in filter table.
Filter Table
MAC Address Status
----------------- ---------00-70-50-cc-99-1a DENIED
00-70-50-cc-99-1b ALLOWED
=========================================================
Enterprise AP#
196
193
4.2.5.0.3 CLI Command for 802.1x Supplic ant
To configure the AP to operate as a 802.1X supplicant, first use the 802.1X
supplicant user command to set a user name and password for the AP, then use
the 802.1X supplicant command to enable the feature. To display the current
settings, use the show authentication command from the Exec mode (not shown
in the following example)
Enterprise AP(config)#802.1X supplicant user secureAP dot1xpass 192
Enterprise AP(config)#802.1X supplicant 192
Enterprise AP(config)#
4.2.6 Filter Control
The AP can employ network traffic frame filtering to control access to network
resources and increase security. You can prevent communications between
wireless clients and prevent AP management from wireless clients. You can also
block specific Ethernet traffic from being forwarded by the AP.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 57
Chapter 4 - System Configuration
Figure 4-7: Filter Control
Inter Client STAs Communication Filter – Sets the global mode for
wireless-to-wireless communications between clients associated to Virtual AP
(VAP) interfaces on the AP. (Default: Disabled)
Disabled: All clients can communicate with each other through the access
point.
Prevent Intra VAP client communication: When enabled, clients associated with
a specific VAP interface cannot establish wireless communications with each
other. Clients can communicate with clients associated to other VAP
interfaces.
Prevent Inter and Intra VAP client communication: When enabled, clients cannot
establish wireless communications with any other client, either those
associated to the same VAP interface or any other VAP interface.
AP Management Filter – Controls management access to the AP from wireless
clients. Management interfaces include the web, Telnet, or SNMP.
(Default: Enabled)
58 Operation
Advanced Configuration
Disabled: Allows management access from wireless clients.
Enabled: Blocks management access from wireless clients.
Uplink Port MAC Address Filtering Status – Prevents traffic with specified source
MAC addresses from being forwarded to wireless clients through the AP. You can
add a maximum of four MAC addresses to the filter table. (Default: Disabled)
MAC Address: Specifies a MAC address to filter, in the form xx-xx-xx-xx-xx-xx.
Permission: Adds or deletes a MAC address from the filtering table.
Ethernet Type Filter – Controls checks on the Ethernet type of all incoming and
outgoing Ethernet packets against the protocol filtering table. (Default: Disabled)
Disabled: AP does not filter Ethernet protocol types.
Enabled: AP filters Ethernet protocol types based on the configuration of
protocol types in the filter table. If the status of a protocol is set to ON, the
protocol is filtered from the AP.
NOTE
Ethernet protocol types not listed in the filtering table are always forwarded by the AP.
Ethernet Type Filter – Enables or disables Ethernet filtering on the port. (Default:
Disabled)
4.2.6.0.1 CLI Commands for Filtering
Use the filter ap-manage command to restrict management access from wireless
clients. To configure Ethernet protocol filtering, use the filter ethernet-type
enable command to enable filtering and the filter ethernet-type protocol
command to define the protocols that you want to filter. To remove an entry from
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 59
Chapter 4 - System Configuration
the table, use the address filter delete command. To display the current settings,
use the show filters command from the Exec mode.
Enterprise AP(config)#filter ap-manage 198
Enterprise AP(config)#filter uplink enable 198
Enterprise AP(config)#filter uplink add 00-12-34-56-78-9a 199
Enterprise AP(config)#filter ethernet-type enable 199
Enterprise AP(config)#filter ethernet-type protocol ARP 200
Enterprise AP(config)#exit
Enterprise AP#show filters
Protocol Filter Information
=========================================================
Local AP :ENABLED
AP Management :ENABLED
Ethernet Type Filter :ENABLED
Enabled Protocol Filters
--------------------------------------------------------Protocol: ARP ISO: 0x0806
=========================================================
Enterprise AP#
201
4.2.7 VLAN
The AP can employ VLAN tagging support to control access to network resources
and increase security. VLANs separate traffic passing between the AP, associated
clients, and the wired network. There can be a VLAN assigned to each associated
client, a default VLAN for each VAP (Virtual Access Point) interface, and a
management VLAN for the AP.
Note the following points about the AP’s VLAN support:
The management VLAN is for managing the AP through remote management
tools, such as the web interface, SSH, SNMP, or Telnet. The AP only accepts
management traffic that is tagged with the specified management VLAN ID.
All wireless clients associated to the AP are assigned to a VLAN. If IEEE
802.1X is being used to authenticate wireless clients, specific VLAN IDs can be
configured on the RADIUS server to be assigned to each client. If a client is not
assigned to a specific VLAN or if 802.1X is not used, the client is assigned to
the default VLAN for the VAP interface with which it is associated. The AP only
allows traffic tagged with assigned VLAN IDs or default VLAN IDs to access
clients associated on each VAP interface.
When VLAN support is enabled on the AP, traffic passed to the wired network
is tagged with the appropriate VLAN ID, either an assigned client VLAN ID,
default VLAN ID, or the management VLAN ID. Traffic received from the wired
60 Operation
Advanced Configuration
network must also be tagged with one of these known VLAN IDs. Received
traffic that has an unknown VLAN ID or no VLAN tag is dropped.
When VLAN support is disabled, the AP does not tag traffic passed to the wired
network and ignores the VLAN tags on any received frames.
NOTE
Before enabling VLAN tagging on the AP, be sure to configure the backhaul system to support
tagged VLAN frames from the AP’s management VLAN ID, default VLAN IDs, and other client
VLAN IDs. Otherwise, connectivity to the AP will be lost when you enable the VLAN feature.
Using IEEE 802.1X and a central RADIUS server, up to 64 VLAN IDs can be
mapped to specific wireless clients, allowing users to remain within the same
VLAN as they move around a campus site. This feature can also be used to control
access to network resources from clients, thereby improving security.
A VLAN ID (1-4094) can be assigned to a client after successful IEEE 802.1X
authentication. The client VLAN IDs must be configured on the RADIUS server for
each user authorized to access the network. If a client does not have a configured
VLAN ID on the RADIUS server, the AP assigns the client to the configured default
VLAN ID for the VAP interface.
NOTE
When using IEEE 802.1X t o dynamica lly assign VLAN IDs, the AP must have 802.1X au thentication
enabled and a RADIUS server configured. Wireless clients must also support 802.1X client
software.
When setting up VLAN IDs for each user on the RADIUS server, be sure to use the
RADIUS attributes and values as indicated Table 4-2.
Table 4-2: RADIUS Attributes
Number RADIUS Attribute Value
64 Tunnel-Type VLAN (13)
65 Tunnel-Medium-Type 802
81 Tunnel-Private-Group-ID VLANID
(1 to 4094 as hexadecimal or string)
VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string
(see “radius-server vlan-format” on page 189).
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 61
Chapter 4 - System Configuration
NOTE
The specific configuration of RADIUS server software is beyond the scope of this manual. Refer to
the documentation provided with the RADIUS server software.
Figure 4-8: VLAN Configuration
VLAN Classification – Enables or disables VLAN tagging support on the AP.
Native VLAN ID – The VLAN ID that traffic must have to be able to manage the AP.
(Range 1-4094; Default: 1)
4.2.8 WDS Settings
WDS Settings is not applicable for the current release.
4.2.9 AP Management
The Web, Telnet, and SNMP management interfaces are enabled and open to all IP
addresses by default. To provide more security for management access to the AP,
specific interfaces can be disabled and management restricted to a single IP
address or a limited range of IP addresses.
Once you specify an IP address or range of addresses, access to management
interfaces is restricted to the specified addresses. If anyone tries to access a
management interface from an unauthorized address, the AP will reject the
connection.
62 Operation
Advanced Configuration
Figure 4-9: AP Management
UI Management – Enables or disables management access through Telnet, the
Web (HTTP), or SNMP interfaces. (Default: Enabled)
NOTE
Secure Web (HTTPS) connections are not affected by the UI Management or IP Management
settings.
IP Management – Restricts management access to Telnet, Web, and SNMP
interfaces to specified IP addresses. (Default: Any IP)
Any IP: Indicates that any IP address is allowed management access.
Single IP: Specifies a single IP address that is allowed management access.
Multiple IP: Specifies an address range as defined by the entered IP address
and subnet mask. For example, IP address 192.168.1.6 and subnet mask
255.255.255.0, defines all IP addresses from 192.168.1.6 to 192.168.1.254.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 63
Chapter 4 - System Configuration
4.2.9.0.1 CLI Commands for AP Management features.
Enterprise AP(config)#apmgmtip multiple 192.168.1.6 255.255.255.0 147
Enterprise AP(config)#apmgmtui SNMP enable 148
4.2.10 Administration
4.2.10.1 Changing the Password
Management access to the web and CLI interface on the AP is controlled through a
single user name and password. You can also gain additional access security by
using control filters (see “Filter Control” on page 57).
To protect access to the management interface, you need to change the default
user name and password as soon as possible. If the user name and password are
not changed, anyone having access to the AP can compromise AP and network
security. Once a new administrator has been configured, you can delete the
default admin user name from the system.
Figure 4-10: Administration
Username – The name of the user. The default name is admin. (Length: 3-16
characters, case sensitive)
New Password – The password for management access. (Length: 3-16 characters,
case sensitive)
Confirm New Password – Enter the password again for verification.
4.2.10.1.1 CLI Commands for Changing User Name and Password
Use the username and password commands from the CLI configuration mode.
Enterprise AP(config)#username bob 142
Enterprise AP(config)#password admin 143
Enterprise AP#
4.2.10.2 Setting the Timeout Interval
You can set the timeout interval for web access to the unit, after which the user
will have to re-enter the username and password.
64 Operation
Advanced Configuration
Figure 4-11: Session Timeout for WEB
Session Timeout for WEB: Sets the time limit for an idle web interface session.
(Range: 0-1800 seconds; Default: 300 seconds; 0 is disabled)
4.2.10.2.1 CLI Command for the Web Session Timeout
Use the ip http session-timeout command from the CLI configuration mode.
Enterprise AP(config)#ip http session-timeout 0 145
Enterprise AP(config)#
4.2.10.3 Upgrading Firmware
You can upgrade new AP software from a local file on the management
workstation, or from an FTP or TFTP server. New software may be provided
periodically from your distributor.
After upgrading new software, you must reboot the AP to implement the new code.
Until a reboot occurs, the AP will continue to run the software it was using before
the upgrade started. Also note that new software that is incompatible with the
current configuration automatically restores the AP to the factory default settings
when first activated after a reboot.
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 65
Chapter 4 - System Configuration
Figure 4-12: Firmware Upgrade
Before upgrading new software, verify that the AP is connected to the network and
has been configured with a compatible IP address and subnet mask.
If you need to download from an FTP or TFTP server, take the following additional
steps:
Obtain the IP address of the FTP or TFTP server where the AP software is
stored.
If upgrading from an FTP server, be sure that you have an account configured
on the server with a user name and password.
If VLANs are configured on the AP, determine the VLAN ID with which the FTP
or TFTP server is associated, and then configure the management station, or
the network port to which it is attached, with the same VLAN ID. If you are
66 Operation
Advanced Configuration
managing the AP from a wireless client, the VLAN ID for the wireless client
must be configured on a RADIUS server.
Current version – Version number of runtime code.
Firmware Upgrade Local – Downloads an operation code image file from the web
management station to the AP using HTTP. Use the Browse button to locate the
image file locally on the management station and click Start Upgrade to proceed.
New firmware file: Specifies the name of the code file on the server. The new
firmware file name should not contain slashes (\ or /), the leading letter of the
file name should not be a period (.), and the maximum length for file names is
32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”,
“-”, “_”)
Firmware Upgrade Remote – Downloads an operation code image file from a
specified remote FTP or TFTP server. After filling in the following fields, click Start
Upgrade to proceed.
New firmware file: Specifies the name of the code file on the server.
firmware file name should not contain slashes (\ or /),
the leading letter of the
The new
file name should not be a period (.), and the maximum length for file names on
the FTP/TFTP server is 255 characters or 32 characters for files on the access
point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
IP Address: IP address or host name of FTP or TFTP server.
Username: The user ID used for login on an FTP server.
Password: The password used for login on an FTP server.
Configuration File Backup/Restore – Uploads the current AP configuration file to a
specified remote FTP or TFTP server. A configuration file can also be downloaded
to the AP to restore a specific configuration.
Export/Import: Select Export to upload a file to an FTP/TFTP server. Select
Import to download a file from an FTP/TFTP server.
Config file: Specifies the name of the configuration file, which must always be
"syscfg." A path on the server can be specified using “/” in the name, providing
the path already exists; for example, “myfolder/syscfg.” Other than to indicate
a path, the file name must not contain any slashes (\ or /), the leading letter
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 67
Chapter 4 - System Configuration
cannot be a period (.), and the maximum length for file names on the
FTP/TFTP server is 255 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
IP Address: IP address or host name of FTP or TFTP server.
Username: The user ID used for login on an FTP server.
Password: The password used for login on an FTP server.
Restore Factory Settings – Click the Restore button to reset the configuration
settings for the AP to the factory defaults and reboot the system. Note that all user
configured information will be lost. You will have to re-enter the default user name
(admin) to re-gain management access to this device.
Reboot Access Point – Click the Reset button to reboot the system.
NOTE
If you have upgraded system software, then you must reboot the AP to implement the new
operation code. New software that is incompatible with the current configuration automatically
restores the AP to default values when first activated after a reboot.
Upon uploading a new configuration file you will be prompted to either restore
factory settings, or reboot the unit.
Figure 4-13: New Configuration Warning
4.2.10.3.1 CLI Commands for Downloading Software from a TFTP Server
Use the copy tftp file command from the Exec mode and then specify the file
type, name, and IP address of the TFTP server. When the download is complete,
68 Operation
Advanced Configuration
the dir command can be used to check that the new file is present in the AP file
system. To run the new software, use the reset board command to reboot the AP.
Enterprise AP#copy tftp file 181
1. Application image
2. Config file
3. Boot block image
Select the type of download<1,2,3>: [1]:1
TFTP Source file name:img.bin
TFTP Server IP:192.168.1.19
Enterprise AP#dir
File Name Type File Size
-------------------------- ---- ----------dflt-img.bin 2 1319939
img.bin 2 1629577
syscfg 5 17776
syscfg_bak 5 17776
262144 byte(s) available
Enterprise AP#reset board 136
Reboot system now? <y/n>: y
183
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 69
Chapter 4 - System Configuration
4.2.11 System Log
The AP can be configured to send event and error messages to a System Log
Server. The system clock can also be synchronized with a time server, so that all
the messages sent to the Syslog server are stamped with the correct time and
date.
Figure 4-14: System Log
4.2.11.1 Enabling System Logging
The AP supports a logging process that can control error messages saved to
memory or sent to a Syslog server. The logged messages serve as a valuable tool
for isolating AP and network problems.
System Log Setup – Enables the logging of error messages. (Default: Disable)
Server (1-4) – Enables the sending of log messages to a Syslog server host. Up to
four Syslog servers are supported on the AP. (Default: Disable)
Server Name/IP – The IP address or name of a Syslog server. (Default: 0.0.0.0)
UDP Port – The UDP port used by a Syslog server. (Range: 514 or 11024-65535;
Default: 514)
Logging Console – Enables the logging of error messages to the console.
(Default: Disable)
70 Operation
Advanced Configuration
Logging Level – Sets the minimum severity level for event logging.
(Default: Informational)
The system allows you to limit the messages that are logged by specifying a
minimum severity level. Table 4-3 lists the error message levels from the most
severe (Emergency) to least severe (Debug). The message levels that are logged
include the specified minimum level up to the Emergency level.
T able 4-3: Error Message Levels
Error Level Description
Emergency System unusable
Alerts Immedi ate ac tion needed
Critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted)
Error Error conditions (e.g., invalid input, default used)
Warning Warning conditions (e.g., return false, unexpected return)
Notice Normal but significant condition, such as cold start
Informational Informational messages only
Debug Debugging messages
NOTE
The AP error log can be viewed using the Event Logs window in the Status section ( page 120).
The Event Logs window displays the last 128 messages logged in chronological order, from the
newest to the oldest. Log messages saved in the AP’s memory are erased when the device is
rebooted.
Logging Facility Type – Sets the facility type for remote logging of syslog messages.
The command specifies the facility type tag sent in syslog messages. (See RFC
3164.) This type has no effect on the kind of messages reported by the switch.
However, it may be used by the syslog server to sort messages or to store
messages in the corresponding database. (Range: 16-23; Default: 16)
4.2.11.1.1 CLI Commands for System Logging
To enable logging on the AP, use the logging on command from the global
configuration mode. The logging level command sets the minimum level of
message to log. Use the logging console command to enable logging to the
console. Use the logging host command to specify up to four Syslog servers. The
CLI also allows the logging facility-type command to set the facility-type number
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 71
Chapter 4 - System Configuration
to use on the Syslog server. To view the current logging settings, use the show
logging command.
Enterprise AP(config)#logging on 157
Enterprise AP(config)#logging level alert 158
Enterprise AP(config)#logging console 158
Enterprise AP(config)#logging host 1 IP 10.1.0.3 514 157
Enterprise AP(config)#logging host 1 Port 514 157
Enterprise AP(config)#logging facility-type 19 159
Enterprise AP(config)#exit
Enterprise AP#show logging
Logging Information
============================================
Syslog State : Enabled
Logging Console State : Enabled
Logging Level : Alert
Logging Facility Type : 19
Servers
1: 10.1.0.3, UDP Port: 514, State: Enabled
2: 0.0.0.0, UDP Port: 514, State: Disabled
3: 0.0.0.0, UDP Port: 514, State: Disabled
4: 0.0.0.0, UDP Port: 514, State: Disabled
=============================================
160
Enterprise AP#
4.2.11.2 Configuring SNTP
Simple Network Time Protocol (SNTP) allows the AP to set its internal clock based
on periodic updates from a time server (SNTP or NTP). Maintaining an accurate
time on the AP enables the system log to record meaningful dates and times for
event entries. If the clock is not set, the AP will only record the time from the
factory default set at the last bootup.
The AP acts as an SNTP client, periodically sending time synchronization requests
to specific time servers. You can configure up to two time server IP addresses. The
AP will attempt to poll each server in the configured sequence.
SNTP Server – Configures the AP to operate as an SNTP client. When enabled, at
least one time server IP address must be specified.
Primary Server: The IP address of an SNTP or NTP time server that the AP
attempts to poll for a time update.
Secondary Server: The IP address of a secondary SNTP or NTP time server. The
AP first attempts to update the time from the primary server; if this fails it
attempts an update from the secondary server.
72 Operation
Advanced Configuration
NOTE
The AP also allows you to disable SNTP and set the system clock manually.
Set Time Zone – SNTP uses Coordinated Universal Time (or UTC, formerly
Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian,
zero degrees longitude. To display a time corresponding to your local time, you
must indicate the number of hours your time zone is located before (east) or after
(west) UTC.
Enable Daylight Saving – The AP provides a way to automatically adjust the
system clock for Daylight Savings Time changes. To use this feature you must
define the month and date to begin and to end the change from standard time.
During this period the system clock is set back by one hour.
4.2.11.2.1 CLI Commands for SNTP
To enable SNTP support on the AP, from the global configuration mode specify
SNTP server IP addresses using the sntp-server ip command, then use the
sntp-server enable command to enable the service. Use the sntp-server
timezone command to set the time zone for your location, and the sntp-server
daylight-saving command to set daylight savings. To view the current SNTP
settings, use the show sntp command.
Enterprise AP(config)#sntp-server ip 1 10.1.0.19 162
Enterprise AP(config)#sntp-server enable 163
Enterprise AP(config)#sntp-server timezone +8 164
Enterprise AP(config)#sntp-server daylight-saving 164
Enter Daylight saving from which month<1-12>: 3
and which day<1-31>: 31
Enter Daylight saving end to which month<1-12>: 10
and which day<1-31>: 31
Enterprise AP(config)#exit
Enterprise AP#show sntp
165
SNTP Information
=========================================================
Service State : Enabled
SNTP (server 1) IP : 10.1.0.19
SNTP (server 2) IP : 192.43.244.18
Current Time : 19 : 35, Oct 10th, 2003
Time Zone : +8 (TAIPEI, BEIJING)
Daylight Saving : Enabled, from Mar, 31st to Oct, 31st
=========================================================
Enterprise AP#
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 73
Chapter 4 - System Configuration
4.2.11.2.2 CLI Commands for the System Clock
The following example shows how to manually set the system time when SNTP
server support is disabled on the AP.
Enterprise AP(config)#no sntp-server enable 163
Enterprise AP(config)#sntp-server date-time 163
Enter Year<1970-2100>: 2003
Enter Month<1-12>: 10
Enter Day<1-31>: 10
Enter Hour<0-23>: 18
Enter Min<0-59>: 35
Enterprise AP(config)#
4.2.12 RSSI
RSSI is not applicable for the current release.
74 Operation
4.3 SNMP
You can use a network management application such as HP’s OpenView to
manage the AP via the Simple Network Management Protocol (SNMP) from a
network management station. To implement SNMP management, the AP must
have an IP address and subnet mask, configured either manually or dynamically.
Once an IP address has been configured, appropriate SNMP communities and
trap receivers should be configured.
Community names are used to control management access to SNMP stations, as
well as to authorize SNMP stations to receive trap messages from the AP. To
communicate with the AP, a management station must first submit a valid
community name for authentication. You therefore need to assign community
names to specified users or user groups and set the access level.
SNMP
Figure 4-15: SNMP
SNMP – Enables or disables SNMP management access and also enables the AP to
send SNMP traps (notifications). (Default: Disable)
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 75
Chapter 4 - System Configuration
Location – A text string that describes the system location. (Maximum length: 255
characters)
Contact – A text string that describes the system contact. (Maximum length: 255
characters)
Community Name (Read Only) – Defines the SNMP community access string that
has read-only access. Authorized management stations are only able to retrieve
MIB objects. (Maximum length: 23 characters, case sensitive; Default: public)
Community Name (Read/Write) – Defines the SNMP community access string that
has read/write access. Authorized management stations are able to both retrieve
and modify MIB objects. (Maximum length: 23 characters, case sensitive;
Default: private)
Trap Destination (1 to 4) – Enables recipients (up to four) of SNMP notifications.
Trap Destination IP Address – Specifies the recipient of SNMP notifications.
Enter the IP address or the host name. (Host Name: 1 to 63 characters, case
sensitive)
Trap Destination Community Name – The community string sent with the
notification operation. (Maximum length: 23 characters, case sensitive;
Default: public)
Engine ID – Sets the engine identifier for the SNMPv3 agent that resides on the AP.
This engine protects against message replay, delay, and redirection. The engine ID
is also used in combination with user passwords to generate the security keys for
authenticating and encrypting SNMPv3 packets. A default engine ID is
automatically generated that is unique to the AP. (Range: 10 to 64 hexadecimal
characters)
NOTE
If the local engine ID is deleted or changed, all SNMP users will be cleared. All existing users will
need to be re-configured.
76 Operation
Loading...