Fujitsu siemens Wireless LAN User Guide

answers 2

User Guide

Wireless LAN

English

Dieses Handbuch wurde auf Recycling-Papier gedruckt.
This manual has been printed on recycled paper.
Ce manuel est imprimé sur du papier recyclé.
Este manual ha sido impreso sobre papel reciclado.
Questo manuale è stato stampato su carta da riciclaggio.
Denna handbok är tryckt på recyclingpapper.
Dit handboek werd op recycling-papier gedrukt.

Herausgegeben von/Published by
Fujitsu Siemens Computers GmbH

Bestell-Nr./Order No.: A26391-K133-Z131-1-7619
Ausgabe/Edition 3
Printed in the Federal Republic of Germany
AG 0704 07/04

Wireless LAN (general)

Wireless LAN

User Guide

Installation of Odyssey

Using Odyssey Client

Index

July 2004 edition

Microsoft, MS, MS-DOS, W indows, and Windows NT are registered trademarks of Microsoft
Corporation.

Odyssey is a registered trademark of Funk Software.

All other trademarks referenced are trademarks or registered trademarks of their respective
owners, whose protected rights are acknowledged.

Copyright  Fujitsu Siemens Computers GmbH 2004

All rights, including rights of translation, reproduction by printing, copying or similar methods,
in part or in whole, are reserved.

Offenders will be liable for damages.

All rights, including rights created by patent grant or registration of a utility model or design,
are reserved.

Delivery subject to availability. Right of technical modification reserved.

This manual was produced by
cognitas. Gesellschaft für Technik-Dokumentation mbH
www.cognitas.de

Contents

Wireless LAN (general)....................................................................................................................1

Wireless network as per IEEE 802.11 standard.................................................................................1

Ad hoc mode .............................................................................................................................2

Infrastructure mode....................................................................................................................2

Operating system requirements ................................................................................................. 2

Wireless network names (SSID)................................................................................................3

802.11 network security.............................................................................................................3

Wired-Equivalent Privacy (WEP) with preconfigured keys .........................................................4

Wi-Fi Protected Access (WPA) and TKIP encryption.................................................................4

802.1X standard ................................................................................................................................5

Extensible Authentication Protocol (EAP) ..................................................................................5

Important notes .................................................................................................................................6

Safety notes...............................................................................................................................6

CE marking................................................................................................................................6

Radio frequencies and security standards .................................................................................7

Installation of Odyssey....................................................................................................................9

Installing Odyssey Client ...................................................................................................................9

Configure and Enable Wizard ....................................................................................................9

Using Odyssey Client ....................................................................................................................11

Odyssey Client Manager Overview.................................................................................................. 11

Odyssey Client Manager display..............................................................................................12

Controlling network connections - "Connection" window..................................................................12

Selecting an adapter................................................................................................................13

Connecting to a network ..........................................................................................................13

Scanning for wireless networks................................................................................................13

Reconnecting to a network ......................................................................................................15

Reauthenticating in a network..................................................................................................15

Disconnecting from a network connection................................................................................ 15

Viewing connection information ...............................................................................................15

Defining profiles - "Profiles" window.................................................................................................16

Adding or changing profile - "Profile Properties" window.......................................................... 17

"Authentication" tab .................................................................................................................20

Configuring wireless networks - "Networks" window ........................................................................27

Adding or changing networks – "Network Properties" window..................................................28

Specifying trusted servers - "Trusted Servers" window ............................................................34

Simple method for configuring trusted servers .........................................................................35

Advanced method for configuring trusted servers ....................................................................37

Untrusted servers ....................................................................................................................42

Configuring network adapters - "Adapters" window..........................................................................43

Adding a wireless adapter........................................................................................................45

Removing an adapter from the list of adapters.........................................................................45

Odyssey Client Manager - "Settings" menu .....................................................................................46

"Preferences" menu item .........................................................................................................46

"Security settings" menu item ..................................................................................................47

"Enable/Disable Odyssey" menu item......................................................................................49

"Close" menu item ...................................................................................................................49

Odyssey Client Manager - "Commands" menu ................................................................................ 49

"Forget Password" menu item .................................................................................................50

"Forget Temporary Trust" menu item .......................................................................................50

A26391-K133-Z131-1-7619, edition 3

Contents

Odyssey Client Manager - "Help" menu .......................................................................................... 50

"Help topics" menu.................................................................................................................. 50

"License keys" menu item ....................................................................................................... 51

"Odyssey" context menu ................................................................................................................. 51

"Odyssey for Fujitsu Siemens Computers" menu item ............................................................ 51

"Enable Odyssey/Disable Odyssey" menu item ...................................................................... 51

"Help" menu item .................................................................................................................... 52

"Exit" menu item...................................................................................................................... 52

Features......................................................................................................................................... 53

Overview......................................................................................................................................... 53

Technical details ............................................................................................................................. 54

Declaration of Conformity ............................................................................................................ 57

Index .............................................................................................................................................. 59

A26391-K133-Z131-1-7619, edition 3

Wireless LAN (general)

A wireless network card is integrated in your device. This User Guide describes how to make the
settings for your wireless LAN.

Notational conventions

The meanings of the symbols and fonts used in this manual are as follows:

Pay particular attention to texts marked with this symbol. Failure to observe this warning
endangers your life, destroys the system, or may lead to loss of data. Failure to follow the

!

instructions may lead to loss of data, invalidate your warranty, destroy the device, or
endanger your life.

Indicates important information which is required to use the system properly.

i

► Text which follows this symbol describes activities that must be performed in the order shown.

Text in this typeface indicates screen outputs.

Text in italics indicates programme names, commands or menu items.

"Quotation marks" indicate names of chapters, disks and other media and terms that are being
emphasised.

Wireless network as per IEEE 802.11 standard

The integrated network card operates in accordance with the IEEE 802.11 standard. Frequencies
from the ISM frequency bands are used as a communication medium (ISM, Industrial, Scientific,
Medical). The wireless network card may be operated without registration and free of charge. The
IEEE 802.11 standard provides several options for using the ISM frequency bands:

IEEE 802.11a 5.0 GHz band 54 Mbit/s

IEEE 802.11b 2.4 GHz band 11 Mbit/s

IEEE 802.11g 2.4 GHz band 54 Mbit/s

The wireless networks operating in accordance with 802.11 can easily be connected to existing
Ethernet networks. With the exception of a few additional parameters, wireless network cards that
operate in accordance with 802.11 are one system with a normal Ethernet card. This means that
you can use all protocols via a 802.11 wireless network just as with a cable-connected Ethernet (IP,
IPX, NetBIOS,...). The only difference is that you need not lay cables between the computers. The
number of all wireless LAN stations that can reach each other directly is generally referred to as a
cell. The IEEE standard offers two operating modes - the ad hoc mode (peer-to-peer) and the
infrastructure mode.

In addition to describing modulation and data framing, this standard includes an authentication and
encryption method called Wired Equivalent Privacy (WEP). Many corporations are deploying
wireless 802.11 networks. 802.11 networks are beginning to appear in hotels, airports, and other
"hotspots" as a means of internet access.

A26391-K133-Z131-1-7619, edition 3 1

Wireless LAN (general)

Ad hoc mode

A wireless LAN in the ad hoc mode, also called peer-to-peer mode, consists of a single closed cell.
Ad hoc wireless networks result when a workgroup comes together with its systems and would like
to interconnect these for data exchange. Any number of systems can be added to this type of
network and can leave it again.

So that several ad hoc wireless networks do not interfere with each other in radio traffic, there is a
unique network name, the SSID (Service Set Identifier). The SSID is used for addressing so that a
data packet can always be assigned to a certain cell.

If you want to join an existing cell, you require the network name (SSID), which you enter in the
settings for the network card. The network card then searches for a wireless network with this SSID
during start-up. When the network card has found a wireless network, it connects to it and you can
communicate with the systems in this wireless network. If two cells are very close together, the radio
channels of these networks should be 4 to 5 channels apart. This applies to 802.11b and 802.11g.

Infrastructure mode

In the infrastructure mode, a base station, referred to as an access point, exists in addition to the
mobile stations. In the infrastructure mode the access point assumes the function of a "guard". In
contrast to the adhoc mode, each system must log on to the AccessPoint before it is allowed to
exchange data in the cell.

Another task of the access point is the connection of the cells with a cable-connected Ethernet. As
due to the logon requirement, the access point knows at all times exactly which stations are on the
radio side, it can decide exactly which data must be sent to it and which don't. This process is also
referred to as bridging.

To increase the range of a wireless network, several access points with the same SSID can be
used.

When a system enters the wireless net, it searches among the reachable access points for the one
with the strongest signal and logs on there. Two systems logged on to different access points
communicate with each other in this way, even when they are not within direct radio reach. If a
system also continuously monitors the radio situation after the logon, it can detect how the signals
from an access point become weaker and those of another become stronger, and can then log on to
the stronger one without the user noticing. This procedure is referred to as roaming.

Operating system requirements

Windows 2000 and Windows XP

2 A26391-K133-Z131-1-7619, edition 3

Wireless LAN (general)

Wireless network names (SSID)

Each wireless network has a name. You can select the wireless network you want to connect to, by
specifying its name. Network names allow different wireless networks in the same vicinity to coexist
without intruding on each other. For example, the company next door to yours may also use wireless
networking, and you want to make sure that your PC connects to your company’s network, and not
the other’s, even though your PC is within range of their access points. (How to prevent intruders
from connecting to your company’s network is the subject of the security discussion, below.) A
network name is simply a text sequence up to 32 characters long, such as "Bayonne Office", or
"Acme-Marketronics", or "BE45789", for example. A network name is case-sensitive, so you have to
be careful if you type it in. You always have the option to scan for available networks. This allows
you select the network from a list, preventing any network naming errors. The 802.11 standard
refers to network names as "Service Set Identifier", or SSID for short.

802.11 network security

With the advent of wireless networking, security becomes a critical concern to a far greater extent
than it had been previously, for the simple reason that it is easy for an attacker to eavesdrop on
such connections. With wired networking, most organisations can rely on physical security to protect
their networks. An attacker would have to get inside a company’s offices to be able to plug in to the
LAN and observe network traffic.

All it takes to observe wireless network traffic is a PC with a wireless card and a comfortable spot in
the parking lot outside or in the office next door. The following are some of the things that are
required to make a wireless network safe:

● A user must be authenticated by the network before he or she is allowed access, to make the

network safe from intruders.

● The network must be authenticated by the user before the user allows his or her PC to connect

to the network. This is to prevent a wireless device posing as a legitimate network from gaining
access to the user’s PC.

● The mutual authentication between user and network must be cryptographically protected.

This insures that you are connecting to the network you want, and not some phony one.

● The wireless connection between a PC and access point must be encrypted, so

eavesdroppers cannot access data that is supposed to be private.

There are two basic mechanisms for providing this type of secure encryption over a wireless
network:

● Preconfigured secrets, called WEP keys. These keep unauthorised users off the wireless

network and encrypt the data of legitimate users.

● Authentication using a protocol called 802.1X. This uses a variety of underlying authentication

protocols to control network access. The strongest of these protocols can provide mutual
authentication of user and network, and can dynamically create keys to encrypt wireless data.

A26391-K133-Z131-1-7619, edition 3 3

Wireless LAN (general)

Wired-Equivalent Privacy (WEP) with preconfigured keys

With preconfigured WEP (Wired-Equivalent Privacy), both the client PC and access point are
assigned the same secret key. This key is used to encrypt all the data between the PC and access
point. In addition, the W EP key can be used to authenticate the client PC to the access point.
Unless the PC can prove it knows the WEP key, it is not allowed onto the network.

● If the access point requires a WEP key for authentication, you must carry out the assignment
to the access point in the Shared mode. The association mode is set in the network properties.

● If the access point does not require a WEP key for authentication, this is referred to as the
"open" mode. The association mode is set in the network properties.

● If the access point requires a WEP encryption for WPA instead of TKIP for the authentication,
all required WEP keys are generated from an ASCII passphrase, which you configure for your
access point and for Odyssey Client.

See the following topics:

● "Specifying association mode", for directions for selecting an association mode in Odyssey
Client

● "Specifying an appropriate encryption method for your association mode", for directions for
selecting WEP encryption when using shared mode

● "Preconfigured keys (WEP)", to use static WEP keys with Odyssey Client

● "Pre-shared keys (WPA)", to configure W EP encryption in W PA mode

Wi-Fi Protected Access (WPA) and TKIP encryption

As an enhancement to the 802.11 wireless standard, Wi-Fi Protected Access (WPA) encompasses
a number of security enhancements over Wired-Equivalent Privacy. These enhancements include
the following:

● Improved data encryption via TKIP (temporal key integrity protocol). TKIP provides stronger
encryption than WEP, by dynamically updating the encryption keys every 10,000 packets.

● 802.1X authentication with EAP. If the hardware of the access points in your network requires
that you carry out the authentication via the extended WPA mode, you can configure Odyssey
Client so that the authentication is carried out in the W PA mode. If the hardware is configured
for TKIP encryption, you can configure Odyssey Client for this enhanced data encryption
method as well. In addition to conforming to 802.1X specifications for dynamic key generation
(available with the strongest authentication methods), W PA allows for pre-shared keys to be
generated for TKIP (or WEP) encryption from a passphrase. If you configure a passphrase for
key generation in your access points, you must configure the same passphrase in Odyssey
Client.

4 A26391-K133-Z131-1-7619, edition 3

Wireless LAN (general)

See the following topics:

● "Specifying association mode", to use W PA mode with Odyssey Client

● "Specifying an appropriate encryption method for your association mode", to use TKIP

encryption in WPA mode

● "Pre-shared keys (WPA)" to configure a static passphrase

802.1X standard

The IEEE 802.1X protocol provides authenticated access to a LAN. This standard applies to
wireless as well as wired networks. In a wireless network, the 802.1X authentication occurs after the

802.11 association is implemented. Wired networks use the 802.1X standard without any 802.11
association.

The WEP protocol using preconfigured keys has various shortcomings, both in terms of ease of
administration, as well as security. To alleviate these problems, the IEEE introduced another
standard, 802.1X. 802.1X provides better security than preconfigured WEP keys, and is easier to
deploy, particularly on large networks.

Using preconfigured WEP keys, it is the wireless client PC that is authenticated to the network. W ith

802.1X, it is the user that is authenticated to the network with the user credentials, which may be a
password, a certificate, or a token card. The authentication is not performed by the access point, but
rather by a central server. If this server uses the RADIUS protocol, it is called a RADIUS server.

With 802.1X, a user can log in to the network from any PC, and many access points can share a
single RADIUS server to perform the authentication. This makes it much easier for the network
administrator to control access to the network.

See the following topics for details:

● Extensible Authentication Protocol (EAP)

● Session resumption

● Reauthentication

Extensible Authentication Protocol (EAP)

802.1X uses the protocol called EAP (Extensible Authentication Protocol), to perform authentication.
EAP is not an authentication mechanism per se, but is a common framework for transporting actual
authentication protocols. The advantage of EAP is that the basic EAP mechanism does not have to
be altered as new authentication protocols are developed.

A26391-K133-Z131-1-7619, edition 3 5

Wireless LAN (general)

Important notes

Safety notes

Most of the safety information is contained in the "Getting Started" manual of your device. Some of
the most important information is outlined below.

● Switch off the radio components (Bluetooth or wireless LAN) on the device when you are in a
hospital, an operating room or near a medical electronics system. The transmitted radio waves
can impair the operation of the medical devices.

● The "EasyGuide" manual provided with your device describes how to deactivate the radio
component.

● Keep the device at least 20 cm from a pacemaker, as otherwise the proper operation of the
pacemaker may be impaired by radio waves.

● The transmitted radio waves can cause an unpleasant humming in hearing aids.

● Switch off the device when you are in an aircraft or driving in a car.

● Do not let the device near flammable gases or into hazardous environments (e.g. paintshops)

with radio components switched on, as the transmitted radio waves can cause an explosion or
a fire.

The company Fujitsu Siemens Computers GmbH cannot be held responsible for radio or television
faults arising from unauthorised changes made to this device. Fujitsu Siemens is, furthermore, not
responsible for replacing and / or exchanging connector cables and devices which have not been
specified by Fujitsu Siemens Computers GmbH. The user is solely responsible for repairing faults
arising from such unauthorised changes made to a device and for replacing and/or exchanging
devices.

CE marking

This equipment complies with the requirements of Directive 1999/5/EC of the European Parliament
and Commission from 9 March, 1999 governing Radio and Telecommunications Equipment and
mutual recognition of conformity.

This device is approved for use in Belgium, Denmark, Germany, Finland, Greece, Great Britain,
Ireland, Italy, Luxembourg, the Netherlands, Austria, Portugal, Sweden, Switzerland, Spain, Iceland,
Liechtenstein and Norway. Contact the corresponding government office of the respective country
for current information on possible operating restrictions. If your country is not included in the list,
then please contact the corresponding supervisory authority as to whether the use of this product is
permitted in your country.

6 A26391-K133-Z131-1-7619, edition 3

Wireless LAN (general)

Restrictions

● France

– Limited frequency range: only the channels 10 to 13 (2457 MHz or 2472 MHz) may be

used in France. It is prohibited to use the device outdoors.

● Italy

– A ministerial permit is also required for use indoors. Please contact the seller concerning

the required procedure. It is prohibited to use the device outdoors.

● Netherlands

– A licence is required for use outdoors. Please contact the seller concerning the required

procedure.

Radio frequencies and security standards

The following information represents the status of January 2002. Current information is available
from the corresponding government office of your country (e.g. www.regtp.de).

IEEE standard 802.11a frequencies

Country Channel

36
5180
MHz

Austria X X X X

Belgium X X X X X X X X

Denmark X X X X

Finland X X X X X X X X

France X X X X

Germany X X X X

Greece

Italy

Ireland X X X X X X X X

Luxembourg

Netherlands X X X X

Norway X X X X

Portugal X X X X

Spain

Sweden X X X X

Switzerland X X X X

Great Britain X X X X X X X X

Channel
40
5200
MHz

Channel
44
5220
MHz

Channel
48
5240
MHz

Channel
52
5260
MHz

Channel
56
5280
MHz

Channel
60
5300
MHz

Channel
64
5320
MHz

A26391-K133-Z131-1-7619, edition 3 7

Wireless LAN (general)

IEEE standard 802.11b (11 Mbits/s) / 802.11g (54 Mbits/s) frequencies

Wireless network cards and adapters are intended for operation in the ISM (Industrial, Scientific,
Medical) frequency range between 2.4 and 2.4835 GHz in accordance with the IEEE 802.11b
standard. As each of the 13 usable radio channels requires a bandwidth of 22 MHz due to the DSSS
(Direct Sequence Spread Spectrum) process, a maximum of three mutually independent channels
(e.g. 1, 6 and 11) are available. In the following tables you will find the channels permitted in your
country:

Channel No. /
MHz

1 / 2412 X X X

2 / 2417 X X X

3 / 2422 X X X

4 / 2427 X X X

5 / 2432 X X X

6 / 2437 X X X

7 / 2442 X X X

8 / 2447 X X X

9 / 2452 X X X

10 / 2457 X X X X

11 / 2462 X X X X

12 / 2467 X X

13 / 2472 X X

Europe,
R&TTE

France,
R&TTE

US
FCC

CA
RSS-210

8 A26391-K133-Z131-1-7619, edition 3

Installation of Odyssey

The installation software for Odyssey Client is located in the directory C:\Add on\Software.

Before you install, please note the following:

● Your wireless network adapter card and associated driver software should have already been
installed.

● Under Windows 2000 and Windows XP you must have administrator rights.

Installing Odyssey Client

To install Odyssey Client:

► Double-click on the file FSC-OdysseyClient.msi in the directory C:\Add on\Software.

The installation wizard is run to guide you through the installation process.

► Click on Next to continue.

The licence conditions are shown.

► Click on the option I accept the terms in the license agreement to recognise the licence conditions

and click on Next to continue.

► Enter your user data and click on Next to continue.

► Select the Complete option in the Setup Type window to carry out the installation in the default

directory. Select the Custom option if you want to specify the installation directory yourself. This
option should only be used by experienced users. Click on Next to continue.

The installation wizard now has all information required to begin with the installation.

► Click on Back if you want to check or change your entries, and click on Install to start the

installation.

The installation is started. This can take a few minutes. When the installation is completed, the
InstallShield Wizard Completed window will appear. You can run the Odyssey Client immediately or
have the Readme file displayed first.

► Click on Finish to complete the installation.

On a computer with several user accounts, Odyssey Client is available following installation of all
users. However, the settings for control of the Odyssey Client operation are user-specific and must
be carried out for each user account individually.

Configure and Enable Wizard

When you install Odyssey Client for the first time, Configure and Enable Wizard automatically appears
following the installation to complete configuration of and activate Odyssey Client.

If you do not want to carry out the configuration at this time, you can do this later. Start the Odyssey
Client Manager under Start – Programs – Fujitsu Siemens Computers – Odyssey Client for Fujitsu Siemens

Computers – Odyssey Client Manager for Fujitsu Siemens Computers. Configure and Enable Odyssey
Wizard automatically starts up.

A26391-K133-Z131-1-7619, edition 3 9

Using Odyssey Client

Odyssey Client Manager Overview

Odyssey Client for Fujitsu Siemens Computers is the name of the Windows interface of the Odyssey
Client Manager with which you can control and configure your wireless LAN. This interface is
consistent for all Fujitsu Siemens Computers platforms on which you can run the product.

► Start the Odyssey Client Manager under Start – All Programs – Fujitsu Siemens Computers –

Odyssey Client for Fujitsu Siemens Computers – Odyssey Client Manager or double-click on the

Odyssey Client Manager icon in the task bar.

A26391-K133-Z131-1-7619, edition 3 11

Using Odyssey Client

Odyssey Client Manager display

For most network connections, Odyssey Client Manager consists of a number of windows that allow
you to control different aspects of its operation:

● In the Connection window you can control your network connection and view your current
connection status.

● Use the Profiles window to set information that is used when you authenticate, or log in, to the
network, such as your password or certificate.

● Use the Networks window to configure different wireless networks and how you want to connect
to them.

● Use the Trusted Servers window to set certificate and identity information about the servers that
may authenticate you when you connect, to ensure that you are logging in to the network that
you intend.

● The Adapters window lets you configure one or more network adapters (interface cards) for
wireless networks.

All of the windows are listed at the left of the Odyssey Client Manager display. Click the name of any
window to view or modify it.

Controlling network connections - "Connection" window

12 A26391-K133-Z131-1-7619, edition 3

Using Odyssey Client

Selecting an adapter

If you or your administrator has configured more than one adapter for use with Odyssey, then you
can use the Adapter drop-down list in the Connection window to associate any of those adapter cards
with a network connection.

Once you select an adapter, the Adapter type field in the Connection window is updated to reflect the
type of wireless adapter you select.

Connecting to a network

When you connect to a network using a wireless adapter, you specify all the information required for
the connection using an Odyssey Client network definition. In the process, you must also enter the
authentication information you have previously defined in an Odyssey Client profile (see "Adding or
changing profile - "Profile Properties" window" in the "Defining profiles - "Profiles" window" section).

The Connect to network checkbox lets you connect and disconnect from the wireless network. If you
want to be connected to a wireless network, make sure this box is marked.

The drop-down list to the right of Connect to network lets you select a wireless network to connect to.
All networks you have already configured using the Networks window appear in this list.

The network names are shown in square brackets after the network description.

The following symbol is located before the name:

for networks

To connect to a network that you have already configured:

► Select the network you wish to establish the connection to from the selection menu.

► Mark Connect to network, if it is not already marked.

To disconnect from a network, unmark Connect to network.

Scanning for wireless networks

If you travel frequently, you may want to want to authenticate through locally available wireless
networks that you have not already configured. To connect to a wireless network that is not yet
configured, follow these steps:

► Click on Scan in the Connection window.

Odyssey Client surveys the air waves and displays a list of all wireless networks that are currently
reachable.

A26391-K133-Z131-1-7619, edition 3 13