Buffalo WLM-L11G User Manual
PART I
1.0 Introduction I
The WLM-L11G protects customers’
investments over the long term. Buffalo’s new
WLAN product, WLM-L11G, is the
IEEE802.11b-based access point (AP) with
room to grow to IEEE802.11a or
IEEE802.11g, depending on the user’s needs.
The Buffalo solution offers simultaneous
communication on both 5GHz and 2.4GHz
bands without annoying bottlenecks. High
reliability, manageability and standard Buffalo
features are integrated in the product and will
assure easy management and high quality
signal communication. The WLM-L11G’s
versatility will allow indoor as well as outdoor
(station-to-station) applications.
1.1 Summary of Features
• Expandable from 802.11b to higher data
rates such as 802.11a or 802.11g
• Updated and extensive security (128-WEP,
802.1x/EAP, TKIP, RADIUS)
• Network integrity (fault tolerance, link
integrity, spanning tree)
• Network load distribution (load balancing,
repeater, WDS)
•Interoperable with IEEE802.11b Wi-Fi™‚
compliant equipment
• Roaming, best access point selection and
traffic filtering (IP and MAC address)
• ESS-ID "any" rejection option
• Configurable through web browser
• Command line setup by Telnet and/or a
serial console
•Downloadable firmware update
• Long range (diversity antenna) and even
longer range (with additional outdoor
antenna)
•Bridge to multiple networks, or AP-to-AP
communication
• Outdoor point-to-multipoint broadcasting
• Repeating function support
•Power over Ethernet, PoE, for convenient
power supply
• Auto MDI/X port for any CAT5 type
cables
•Other network administrative functions
2.0 Package Contents
The AirStation™ WLM-L11G package
consists of the following items. If any item is
missing, please contact the seller.
1. WLM-L11G Access Point
2. AC adapter
3. Power cable
4. Mini-DIN 8 pin-Dsub 9 pin cross serial
cable
5. WLM-L11G Manual
6. Ai rStation Driver CD
7. Warranty and Registration card
3.0 System Requirements
The system requires IP routing externally. The
TCP/IP protocol must be loaded on each PC
used in the system. Other requirements:
• One broadband Internet connection via an
existing LAN system.
•A router, a hub or a switching hub
• UTP network cable with RJ-45 connector
•Internet Explorer 4.0 or higher, or
Netscape Navigator 4.0 or higher
4.0 Product Views
TOP VIEW
BACK VIEW
SIDE VIEW
1
Fiture 5.1
Security
features.
5.0 Features
The Buffalo AirStation Intelligent access point
provides the features necessary in today’s
business environment, with a high level of
reliability and security. Use of these features
along with VPN will allow the user to have
the highest security a WLAN can offer. For
minimum security measures Buffalo
recommends the use of 128bit WEP and
registering client MAC addresses in the
AirStation. Some of the noteworthy features
are shown below. Other features are listed
in Section 9.
5.1 Security Features
The WLM-L11G model provides three levels
of security: authentication, privacy and access
authorization. The first level consists of
checking and issuing the user’s authentication
by EAP and 802.1x, similar to the Windows
XP authentication process.
The second is encrypting user’s data with
WEP, TKIP or MIC encr yption algorithms.
Finally, granting the data access privilege only
after the user’s authentication is offered by
exchanging a specific key under the 802.1x
method.
5.1.1 Authentication
The IEEE802.1x security method imposes
access port control at the access point level
for each user communication signal. The EAP
function in a client PC performs an authentication login to the authorization server, such
as RADIUS, through the WLM-L11G access
point when the link is established and before
data transmission takes place.
EAP – Extensible Authentication Protocol is
a function in a client PC, which initiates the
authentication login to a network through an
AP such as the WLM-L11G. When the client
is approved and authenticated for a communication session, the client receives a unique
WEP key from a network security server such
as RADIUS.
802.1x – Known as .1x, this is the key
exchange standard used between a client and
an AP for the user’s authentication process.
Configuration for a large network is much
easier since individual WEP settings are no
longer required for each client. In addition,
access management is performed easily in the
RADIUS server environment, making this
feature valuable for network administration.
5.1.2 Privacy
Several encryption algorithms can be used to
mix with the data for protecting privacy. WEP
is the encryption method adopted in the
current WLAN industry. Because WEP was
found to be vulnerable, WEP will be replaced
with a more powerful Advanced Encryption
System (AES) in the future so that even
higher levels of security will be available.
Meanwhile, use of TKIP and MIC can be an
alternative to AES.
WEP – Wired Equivalent Privacy is a security
method for wireless networking using the
RC4 encryption algorithm. WEP consists of
two elements: an Initialization Vector (IV) of
24 bits that describes the packet header
information, and current data of 40 or 104
bits. For example, a 128bit WEP key means a
24bit IV plus a 104bit data encryption and
they are encrypted separately.
TKIP – Temporal Key Integrity Protocol is an
advanced encryption method using the RC4
algorithm. Instead of using the sequential IV, a
random IV will be used, and the IV key
definition will be updated regularly at a preset
time interval.
MIC – Message Integrity Check is an
encryption method used to prevent a hacker
from changing the data content. An encryp-
2
tion algorithm and bit checksum at both the
sender and receiver ends are used to check
for alteration of the packet content.
5.1.3 Access Authorization
When the client is approved and authenticated for a communication session, the client
receives a unique WEP key from the security
server, such as a RADIUS ser ver, under the
802.1x/EAP authorization specification. A
new WEP key is issued for each connection,
thus improving security, and the WEP key is
updated regularly at a preset time interval.
Another method to screen out unauthorized
users is MAC address filtering.
ESS-ID – Extended Service Set Identification
is a type of unique identifier applied to both
the AP and the wireless client, as well as each
information packet. It allows APs to
recognize each wireless client and its traffic.
This option, however, does not provide
sufficient security for today’s wireless
networking environment. If the ESS-ID is set
to "any" or "null", anybody can connect to the
AP. Also, Windows XP automatically displays
the ESS-ID of the AP when a client receives a
"beacon." This is because APs transmit their
ESS-ID periodically and these transmissions
can be easily intercepted.
MAC Address – Media Access Control
address is a hardware address that uniquely
identifies network hardware such as a
wireless NIC or an AP. It is easy to access a
network with a stolen wireless NIC.
Although it is used as the top level filtering, it
is not secure enough, because MAC
addresses can be duplicated by nonregistered users.
5.1.4 IBSS Security
IBSS – Independent Basic Service Set
security is used for ad hoc communications
like the point-to-point protocol (PPP)
method. WEP and MAC address filtering can
be used at this point.
Fiture 5.2.1
Improved
Fault
To lerance
5.2 Integrity Features
5.2.1 Improved Fault Tolerance
A company’s Intranet is an important
corporate communication backbone, so the
WLM-L11G AP offers features for network
stability, which is achieved through the
system’s redundant switching function,
activated automatically in the event of faults.
The auto system redundancy provides the
network reliability necessary for mission
critical applications.
5.2.2 Link Integrity
When multiple access points use the same
frequency for roaming, they tend to interfere
with each other. The WLM-L11G AP
automatically switches all PCs under the same
wireless ESS-ID to another available access
point if the current access point becomes
disconnected form the network, thus
preserving the connection and throughput.
5.2.3 Spanning Tree (IEEE802.1d)
Network looping often results in repeated
packet transmission, which causes overloads
and interruption of communications. The
3
Figure 5.2.2
Link
integrity
where signal does not reach. Combination of
this function and add-on antennas can offer
extended range.
5.3.3 WDS – Wireless Distribution System
WDS is used to create access-point to
access-point communications when a CAT5
cable cannot be used or is unavailable. Similar
to repeating, it is primarily used to extend the
reach of the WLAN. Displaying the name of
the available AirStation while roaming is also
possible.
Figure 5.3.1
Load
Balancing
Spanning Tree in a network loop disconnects
one of the links, rerouting the traffic in the
event of failure, avoiding packet sending
repetition and increasing network stability.
5.3 Network Load Distribution
Features
5.3.1 Load Balancing
This feature enables automatic selection of
an available access point with the least load
among multiple APs. It allows easy roaming,
and the network stability can be increased
significantly through even distribution of the
traffic load.
5.3.2 Repeater
The WLM-L11G AP can act as a repeater to
other APs. This feature provides a solution
for clients operating in the "dead zone,"
5.4 Network Administration Features
5.4.1 SNMP – Simple Network Management
Protocol
The WLM-L11G AP supports SNMP. Each
unit acts as an SNMP agent so that the
network connection status and configuration
information may be accessed remotely
through the SNMP manager, which enables
centralized traffic and fault monitoring.
5.4.2 Syslog
This feature allows sending a copy of the
system log to the Syslog server automatically.
The log contains information on the operating
status of each device, which enables real-time
monitoring of operational data, fault data, user
login data and other such information.
Although the WLM-L11G model supports
the Syslog server as a part of its administrative utilities, it is possible to use additional offthe-shelf Syslog server software.
5.5 Easy Support Features
Buffalo periodically releases new firmware
updates for AirStation products. The firmware
is easily uploaded to the AirStation from a PC.
Look for new firmware releases on the
www.buffalotech.com website.
4
6.0 Support Functions
6.1 PoE - Power over Ethernet
PoE based on the IEEE802.3af specification,
draft 2.0, provides power in a CAT5 cable,
thus eliminating the need to use a separate
power supply cable. It must be used with
Buffalo’s supply adapter WLE-PoE-S (sold
separately) as shown below. With PoE, the
user can locate a WLM-L11G anywhere
without the need for a power outlet nearby.
PART I I
7.0 Client Configuration
7.1 Introduction II
This chapter provides general information
about:
• Basic Setup
•Time Setup
• Administrative Managing
•Bridging Setup
• Routing Setup
•Packet filtering Setup
•Limiting wireless client number
•WDS (AP-to-AP) Setup
•Wireless Setup
Explanations for each parameter and details
of how to use the parameter are described in
the next chapter. Connecting and setting up
the access point for accessing the Internet
quickly are the objective of this chapter.
6.2 Environmental Resistance
The WLM-L11G AP’s high durability design
allows resistance to environmental conditions
like temperature changes. Since it is less
susceptible to environmental change, it is
suitable for warehouses, public areas and
other locations where temperature control is
not available. Optional dust-proof and
waterproof casings are available.
6.3 Upgradeable Firmware
With Buffalo’s firmware upgrade utility tool,
updating the firmware will be simple.
6.4 Diagnostic Support
The WLM-L11G provides tools to monitor
and methods to correct its wireless operations. Some of these tools are device status,
packet status, wireless PC information, ping
test, log information and re-initialization of
parameters.
7.2 Setup Preparation
The following parameters must be known
before setting up the WLM-L11G Intelligent
Access Point. If you do not have these, you
should consult with your IT personnel.
•WLM-L11G’s ESS-ID
•WLM-L11G’s system name or location
name
•WLM-L11G’s IP address. If you plan to use
DHCP, this is not necessary.
•WLM-L11G’s wired side MAC address.
Check the label on the back of the WLML11G.
7.3 Setup Overview
A general setup process is shown below.
Special setups for security, filtering and others
will be explained in later sections.
1. Connect the cables to WLM-L11G based
on the wiring instructions. It is possible to
use a straight cable to connect the
AirStation directly to your PC. In this case
you need some type of Terminal Software
to set up the WLM-L11G.
5
2. The PC must have a valid TCP/IP setting.
For the TCP/IP setup or to check it, please
refer to the instructions for your OS (the
default IP and subnet address of the WLML11G is 1.1.1.1 and 255.255.0).
7.4 Installation of the Client Manager
1. Insert the AirStation Driver CD into the
CD-ROM drive.
2. Start the Install wizard. If the wizard does
not start, double click the Ezsetup.exe file in
the AirStation Driver CD. Install the Client
Manager.
3. Click Start and select Programs / AirStation
Utility / Client Manager to open the Client
Manager. The setup PC must have a valid
IP address of its own.
4. Select Edit / Search AirStation to look for
the nearest AirStation. Highlight the WLML11G.
5. After finding an AirStation, select Admin /
Set IP address.
6. Either enter the IP and Subnet Mask
address in the boxes or select DHCP.
7. Leave the Password box empty. Click OK.
8. IP address setup is complete.
7.5 Setup Screen
1. Highlight the WLM-L11G, click the
"Admin" button, then the "Configure
AirStation" tab to open the setup screen.
2. Select the language you want to use.
English and Japanese are available.
7.6 Input Parameters Through the
Client Manager
1. Click the "Advanced Settings" box to open the
next page. Once WEP in the AirStation is
configured, the wireless Client PC requires
WEP for communication. Research for the
AirStation in Client Manager. When the WEP
screen appears, enter the WEP code exactly
as entered in the AirStation, click OK to
reestablish communication with the AirStation.
2. In the password page, enter the following
information:
User Name: root
Password: [leave blank]
Click OK.
3. Click the "time" menu on the left (menu
section) to set the current time. Click Set.
4. Click the "Wireless" menu on the left; then click
the "802.11b" menu.
5. Enter appropriate ESS-ID and channel number.
Click Set.
■ Note: ESS-IDs are case sensitive, up to 32
alphanumeric characters in length.
6. Click the "Security " menu then click the
"802.11b" menu on the left.
7. Select WEP Enable box. Enter appropriate
WEP key on line 1. Click Set. Click Set again.
Once WEP in the AirStation is configured, the
wireless Client PC requires WEP for
communication. Research for the AirStation in
Client Manager. When the WEP screen
appears, enter the WEP code exactly as
entered in the AirStation, click OK to
reestablish communication with the AirStation.
8. Click the "Management" menu on the left.
6
9. If you want to use the SNMP function,
check "Use" and input the WLM-L11G’s
location, administrator information and
community names. Click Set.
10. If the WLM-L11G is operated in a large
network environment, using a predetermined name identification system
may be recommended, to help identify the
WLM-L11G easily. In order to set the
name, click the "Basic" menu to open the
basic setup page. Type an
appropriate name in the "AirStation Name"
box. Click Set.
11. On the same page, you may opt to obtain
the IP address from the DHCP server or
enter a static IP address manually for the
access point. If you are given a default
gateway IP from your ISP, input that
address. If it is not given to you, leave the
box empty. Click Set.
7.7 Input Parameters Through a
Wired PC, Terminal Software
1. Use the serial cable provided to connect
the WLM-L11G to the PC’s COM port.
2. Start the Hyper Terminal software included
in the Windows OS. Hyper Terminal is a
standard software in Windows but it is
possible to use any other off-the-shelf
software.
■ Note: If the AirStation is already
connected by Telnet or Client Manager, you
cannot log in from the terminal software.
3. Setup the terminal as follows:
Baud rate: 57600
Data bit: 8
Parity: None
Stop bit: 1
Flow Control: None
4. When the "Apxxxxxxxxxxxxx login"
prompt appears, login the WLM-L11G by
"root".
5. Set the WLM-L11G’s time by using “date”
command: Setup date year/month/date
(use two digit number for the month and
the date, Example: "set date 2002/03/27")
Figure 7.5
Setup
Screen
6. Set the WLM-L11G’s ESS-ID by using
"essid" command. Airset essid xxxxxxx
(ESS-ID is defined by up to 32 alphanumeric characters. The default value is 12
digits. You can reset the ESS-ID to the
default value by using "airset essid_default"
command.)
7. Set the WLM-L11G’s wireless channel.
Use “airset channel xx” command. Select
one number from 1~11. The default
number is 11.
Figure 7.6.6
Security
Settings
7
Figure 7.6.9
SNMP
Function
Figure 7.6.11
DHCP and
manual IP
configuration
8. Set the WLM-L11G’s WEP. Use “airset
wep xxxx yyyy zzzz” command. Xxxx is
the key type (40 or 128bit) and yyyy is the
key index number and zzzz is the actual
key as shown below.
Keytype: Key – 40bit WEP
Key128 – 128bit WEP
Key index: The index number of the
WEP to be used, select one from 1~4.
The default is 1.
Key: “text” + 5 blank spaces + 5 letters or
10 digits hexadecimal (for 40bit WEP) or
13 characters or 26 digits hexadecimal (for
128bit WEP)
■ Note: the text must be used with “ ”
mark.s. Examples:
Airset wep key text “skey5”
Airset wep key a3d58bb632
Airset wep key index 1 text
“skey5”
If you want to clear the WEP key use:
Airset wep keytype clear (the keytype is
explained above).
9. Set the WLM-L11G’s system ID name. Use
the “set apname xxx” command. Xxx is a
numeral of up to 32 characters. An
example is: Set apname AirStation01. If you
need to re-set the device to default name
use the following example. Set apname
_default.
10. Set the WLM-L11G’s IP address. Use “ip
address lan0 assigned_ip” command.
Assigned_ip: The IP address assigned by
your ISP.
Examples:
Ip address lan0 192.168.100.60/
255.255.255.0 – manually input the
IP address and Netmask.
Ip address lan0 dhcp – use the
DHCP server
Ip address lan0 clear – clears the IP
address
11. Set the WLM-L11G’s default gateway. Use
“ip defaultgw gw_ip” command. Gw_ip is
the assigned gateway IP. Example: gw_ip
192.168.0.10
7.8 Input Parameters Through a
Wired PC, Telnet Software
The WLM-L11G setup can be performed by
using Telnet software similar to the Terminal
software above.
In order to bring up the setup page:
1. Connect the supplied serial cable to the
AirStation and the PC’s COM port.
8
2. Select Start / Run.
3. Input “Telnet <WLM-L11G’s IP address>”
in the file name and press “Enter”. The IP
address can be identified through the
Client Manager or Terminal Software setup
screen.
4. When login prompt appears, enter “root”
as a default login name.
5. Input "?"/press "Enter" to view list of
commands.
If the port on the LAN hub is set to Full
Duplex, set the WLM-L11G to Auto.
8.2.3 IP Address
If you do not use a DHCP server on your
network, you have to assign an IP address
manually. A specific IP address should be
obtained for this. You can use DHCP by
selecting "auto IP assignment from DHCP
Server."
PA RT III
8.0 Detailed Configurations
8.1 Introduction III
Although your AirStation will work fine in
most network environments, you may wish to
explore the advanced options. This chapter
explains each parameter in the setup screen.
8.2 Basic Settings
Basic Settings includes the following parameters:
AirStation Name
Connection type
IP address
Default Gateway
DNS Server
8.2.1 AirStation Name
A unique name can be set for your AirStation
in order for clients to recognize it. It identifies
each access point when multiple access
points are present. Although it is not
necessary to set this parameter, it can be
useful. Once it is set, the name will be shown
at the top of the initial setup screen.
8.2.4 Default Gateway
A default gateway IP should be assigned to
the AirStation. If the gateway IP is unknown,
leave the box blank. If "Auto IP assignment
from DHCP Server" is selected, the gateway
IP will be assigned automatically.
8.2.5 DNS Server
Input the IP address of the server to be used
by the WLM-L11G for DNS resolution. If
DNS is not used, leave blank.
8.3 Time Settings
Input the correct time manually or input the
NTP server on your network. Using NTP
Server : Check the "Use" box. Specify the
NTP server name, check interval, and time
zone.
Figure 8.3
Time settings
8.2.2 Connection type
The following options are possible for the
wired LAN port setting:
10 Mbps Half Duplex
100 Mbps Half Duplex
Auto
9
Figure 8.41
Passwords
Figure 8.4.3
Logging
Settings
8.4 Management
Management Settings includes the following
parameters:
Password
Setting Interface
Logging Settings
SNMP Agent Settings
8.4.1 Password
The user ID is "root". The default password is
blank -- no password.
To input a new password:
• Enter the password in the "New Password"
field
• Re-enter the password in the "Confirm
Password" field
If you are changing an old password, you must
enter the old password in the "Current
Password" field also.
8.4.2 Setting Interface
Configuration of the WLM-L11G via a web
browser (including Client Manager) or a
Te lnet session may be enabled or disabled
here. A wired session via the serial port and
terminal software may be used to configure
the WLM-L11G if WEB and Telnet are
disabled.
8.4.3 Logging Settings
This enables reporting to the syslog server.
Check the "use" box if you want the system
logs to be sent to the log server. The setup
for the log server should be found in the
syslog’s manual. The following parameters can
be configured: Log type, Log level, Notice,
Information content, Setup record (AirStation
setup record), Login recognition (includes
Radius) and System.
8.4.4 SNMP Agent Settings
Enabling the SNMP agent function allows the
following:
Access from the SNMP manager. Access the
WLM-L11G local MIB information (through a
web browser) such as the WLM-L11G’s
location, the WLM-L11G’s administrator, and
the SNMP community where the WLM-L11G
belongs.
When MIB file is accessed, the following
object ID (the ID which indicates information
to be included in general network devices) or
the number will be used.
10
Loading...