Global Sun GL241101 User Manual

Page 1
11Mbps Wireless Network
PC Card User Manual
version 1.0
Page 2
Manufacturer's Disclaimer Statement
The information in this document is subject to change without notice and does not
either expressed or implied, is made with respect to the quality, accuracy or fitness for
any particular purpose of this document. The manufacturer reserves the right to
make changes to the content of this document and/or the products associated with it at
any time without obligation to notify any person or organization of such changes. In
no event will the manufacturer be liable for direct, indirect, special, incidental or
consequential damages arising out of the use or inability to use this product or
documentation, even if advised of the possibility of such damages. This document
contains materials protected by copyright. All rights are reserved. No part of this
manual may be reproduced or transmitted in any form, by any means or for any
purpose without expressed written consent of its authors. Product names appearing
in this document are mentioned for identification purchases only. All trademarks,
product names or brand names appearing in this document are registered property of
their respective owners.
FCC STATEMENT
This product has been tested and complies with the specifications for a Class B digital device, pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against
harmful interference in a residential installation. This equipment generates, uses, and can radiate
radio frequency energy and, if not installed and used according to the instructions, may cause harmful
interference to radio communications. However, there is no guarantee that interference will not occur
in a particular installation. If this equipment does cause harmful interference to radio or television
reception, which is found by turning the equipment off and on, the user is encouraged to try to correct
the interference by one or more of the following measures:
Reorient or relocate the receiving antenna
Increase the separation between the equipment or devices
Connect the equipment to an outlet other than the receiver’s
Consult a dealer or an experienced radio/TV technician for assistance
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with minimum distance 20cm between the radiator
and your body.
2
Page 3
Table of Contents:
TABLE OF CONTENTS: ......................................................................................................................3
INTRODUCTION ..................................................................................................................................4
PRODUCT FEATURES .............................................................................................................................4
SYSTEM REQUIREMENTS ......................................................................................................................4
  ONE CD-ROM DRIVEGETTING STARTED...................................................................... 4
  GETTING STARTED ..............................................................................................................5
GETTING TO KNOW THE 11MBPS WIRELESS NETWORK PC CARD.......................................................5
WIRELESS NETWORK PC Card’S LEDs ......................................................................................5
SETTING UP THE WIRELESS NETWORK ................................................................................................5
INSTALLING YOUR 11MBPS WIRELESS NETWORK PC CARD................................................................ 7
CONFIGURING YOUR WIRELESS NETWORK PC CARD........................................................12
Link Info. Page..............................................................................................................................12
Configuration Page.......................................................................................................................13
Security Page ................................................................................................................................15
SiteSurvey Page ............................................................................................................................16
About Page....................................................................................................................................18
APPENDIX A: TROUBLESHOOTING ............................................................................................19
APPENDIX B: NETWORKING BASIS ............................................................................................24
APPENDIX C: 802.1X AUTHENTICATION SETUP...................................................................... 37
802.1X AUTHENTICATION INFRASTRUCTURE...................................................................................... 38
SUPPLICANT: WIRELESS NETWORK PC CARD ....................................................................................39
AUTHENTICATOR: WIRELESS NETWORK ACCESS POINT.....................................................................58
RADIUS SERVER: WINDOW2000 SERVER............................................................................................60
APPENDIX D: GLOSSARY ...............................................................................................................82
APPENDIX E: TECHNICAL SPECIFICATION .............................................................................87
3
Page 4
INTRODUCTION
The 11Mbps Wireless Network
Adapter delivers reliable and high-speed
wireless performance of 11Mbps
Product Features
- Full 2.4GHz IEEE 802.11b standard and Wi-Fi compliant
- High-Speed data transfer rate of up to 11Mbps with automatic fallback under
noisy environment or longer distance.
- Excellent distance coverage with reliable performance.
- Plug-and-Play setup and operation.
- Supports strong security of 802.1x, which is available in Windows XP, and WEP
128 bit security.
- Supports software upgrade for Wi-Fi Access Protected (WPA) security available
in Q3 ‘03.
- Supports Ad-Hoc, Infrastructure and wireless roaming.
- Easy-to-use software client management utility for configuration.
System Requirements
Windows 98, 98SE, Millennium Edition (ME), 2000 and XP computers
PC with Pentium III 600MHz system or above is recommended
Equipped with at least one PC Cardbus socket or PC Cardbus adapter.
One CD-ROM drive
4
Page 5
GETTING STARTED
Getting To Know The 11Mbps Wireless Network PC Card
WIRELESS NETWORK PC Card’S LEDs
Power LED
ON when the unit is powered up
WLAN LED
ON indicates WLAN connection; blink indicates wireless activity
Setting Up The Wireless Network
There two wireless network topologies that you can setup your wireless card with.
One is called “Ad-Hoc”, and the other is “Infrastructure”. On an Ad-Hoc network,
two or more computers each has at least one wireless network client device such as
wireless PC Card installed, establish point-to-point data communication with each
other. While on an Infrastructure network, every wireless station communicates
through Access Points.
Setting Up Ad-Hoc Network
The idea of Ad-Hoc Network is rather sim on are set to use
the same BSS ID and channel to establish communication linkage with each other to
form a point-to-point network for data transmission and reception.
ple. All the wireless stati
5
Page 6
Setting Up Infrastructure Network
order to setup an Infrastructure of a wireless network such as the example shown
bove, you will need the following:
. A broadband Internet connection.
. ADSL or Cable modem provided by your ISP as part of the broadband connection
installation.
. A Router that connects to the ADSL/Cable modem for internet connection sharing.
. An Access Point to connect with the Router to form a wireless infrastructure
network.
. Wireless clients equipped with wireless networking devices such as wireless PC
Card for wireless connection.
this case, all the wireless clients and Access Point operate under the same channel
ith the same ESSID. The wireless clients are all connected to the Access Point for
ata transmission.
In
a
1
2
3
4
5
In
w
d
6
Page 7
Installing Your 11Mbps Wireless Network PC Card
Installing Utility Program
11
N
etwork PC Card is NOT
Turn on the computer.
Insert the software CD
into the CD-ROM Drive.
Make sure that the
Mbps Wireless
inserted into the Cardbus
slot.
Please note that the installation screens in this quick guide are captured from WindowsXP. The
other Windows systems will have similar screen for the installation procedure.
1
Click on “Install” button
to start Utility
installation.
7
Page 8
InstallShield Wizard
starts. Click “Next” to
continue.
8
Installation of driver files,
click “Continue
Anyway” to continue.
the Click “Next” to install
p
rogram files in the
default folder.
Page 9
n,
Finish” to
complete the installation.
Select the second optio
and click “
9
The Utility Icon appears in your desktop.
Turn off your computer
Insert the 11Mbps Wireless Network PC Card into the CardBus slot in your
notebook
Turn on your computer
Continue with Driver Installation.
tarts Up PC Card for the First Time
-
-
-
-
S
2
Select the second option
and click “Next” to
continue.
Page 10
c
A
lick “Continue
nyway” to proceed.
C
co
in
lick “Finish” to
mplete new hardware
stallation.
10
Page 11
Simply, double-click the icon to launch the utility.
ouble-click on the utility
on in t
gain to launch the 11Mbps
C Card Utility.
C
W
u
u
lick off the “Use
indows to …” option to
se the 11Mbps PC Card
tility.
D
ic he system tray
a
P
11
Page 12
CONFIGURING YOUR WIRELESS NETWORK PC Card
ink Info. Page
his is the default page when the utility starts up.
tatus: Shows the BSSID associated, which can be used to identify the wireless
etwork.
SID: Shows current SSID, which must be the same for the wireless client and AP in
rder for communication to be established.
xRate: Shows the current data rate used for transmitting.
hannel: Shows the current channel for communication.
adio Off button: When clicked, you disable the radio signal, and cut-off the wireless
onnection.
ink Quality: Shows the link quality of the 11Mbps wireless PC Card with the
ccess Point when operating under Infrastructure mode.
ignal Strength: Shows the wireless signal strength of the connection between the
1mpbs wireless PC Card with the Access Point.
ata Rate: Shows the statistics of data transfer, and the calculation is based on the
umber of packets transmitted and received.
L
T
S
n
S
o
T
C
R
c
L
A
S
1
D
n
12
Page 13
Configuration Page
This is the page where you can change the basic settings of the Access Point with the
minimum amount of effort to adjust a secure wireless network.
me shared among all clients and
in
SS T
hann
nge o
om
x Ra
reamble:
ansm odulation
nd sy bles and headers
re def
ith the 1 Mbit/s and 2 Mbit/s DSSS specification (as described in IEEE Std 802.11),
nd an optional Short Preamble and header (as described in IEEE Std 802.11b). At the
SSID: Service Set Identifier, which is a unique na
nodes in a wireless network. The SSID must be identical for each clients and nodes
the wireless network.
B ype: There are two types available for selection
Infrastructure – to establish wireless communication with LAN and other
wireless clients through the use the Access Points.
Ad-Hoc – to establish point-to-point wireless communication directly with
other wireless client devices such as wireless network PC Card.
el: The value of channel that AP will operate in. You can select the channel
f 1 to 11 for North America (FCC) domain, 1 to 13 for European (ETSI)
ain and 1 to 14 for Japanese domain.
te: Select the data rate for data transmission.
Select Long or Short Preamble type. Preamble is a sequence of bits
itted at 1Mbps that allows the PHY circuitry to reach steady-state dem
nchronization of bit clock and frame start. Two different pream
ined: the mandatory supported Long Preamble and header, which interoperates
C
ra
d
T
P
tr
a
a
w
a
13
Page 14
receiver, the Preamble and header are processed to aid in demodulation and delivery
mble and header may be used to minimize overhead and,
thus, maximize the network data throughput. However, the Short Preamble is
not communicate
ith stations implementing the original version of the protocol.
ower Mode: There are 3 modes to choose from
Continuous Access Mode (default) – the PC Card is constantly operating
with full power and it consumes the most power
Maximum Power Save – the PC Card consumes the least power and only
operates when there is wireless network activity.
Power Save – the PC Card consumes the moderate level of power.
or the changes made to any of the items above to be effective, click “Apply”. The
reen will be changed back to Link Info. Page
of the PSDU. The Short Prea
supported only from the IEEE 802.11b (High-Rate) standard and not from the original
IEEE 802.11. That means that stations using Short-Preamble can
w
P
F
sc
14
Page 15
Security Page
This is the page where you configure Security settings of your 11Mbps wireless PC
Card.
ata Encryption: Click the box to enable Data Encryption feature.
ut. Mode: There are three modes available to choose from.
Open Authentication – the sender and receiver do not share secret Key for
communication. Instead, each party generates its own key-pairs and ask the
other party to accept it. The key is regenerated when the connection is
established every time.
Shared Authentication – the sender and receiver shares the common key
for data communication, and the key is used for extended length of time.
Auto – depend on the communication to establish, and automatically use
the proper authentication mode.
The following will only be activated to allow for configuration when Data
Encryption is enabled.
Default Key: select one of the 4 keys to use.
Network Key: enter values to these fields, either in HEX or ASCII formats. You only
have to enter the key that you will use
Key Length: select 64 or 128 bits as the length of the keys
Key Format: ASCII or HEX (Please refer to Appendix G: Glossary for details about
these two formats).
D
A
15
Page 16
SiteSurvey Page
k (wireless clients and Access Points) and select one to establish wireless
ommunication.
eless clients and Access
comm
Con
Click rt scanning for available network again.
Prof
By double-clicking on one of the created profile, the setting will adapt to the
configuration such as SSID, channel, and WEP settings saved by that particular
ne of the profiles, and you can
the profile, or
ofile.
This page allows to utilize the SiteSurvey function to scan for the available wireless
networ
c
1
2
Available Network – displays the wireless networks (wir
1
Points) that are in your signal range. Select any one of them and establish
unication by simply mouse double-click or a single click on the
nect” button.
Refresh” button to sta
2
ile – You can create and manage the created profiles for Home, offices or
public areas.
profile.
Click to select any o
Click on “Remove” button to remove
Click on “Properties” button to view and change its settings. The Properties is
very similar to that of adding pr
Click “Add” to add a profile, and the following screen would appear.
16
Page 17
All t about each settings and configuration item are described in
prev o sessions
r more information.
When you finish enter the setting for this profile, click “OK” to add a new profile.
he detail information
ious Configuration and Security Page sessions. Please refer to those tw
fo
17
Page 18
About Page
his page displays some information about the 11mpbs PC Card utility, which
cludes the version numbers for Driver, Firmware and Utility.
hen there is new version of software available for upgrade, you will be able to
entify by version numbers.
T
in
W
id
18
Page 19
APPENDIX A: TROUBLESHOOTING
ems that can occur
uring the installation and operation of the 11Mbps Wireless Network PC Card.
. The wireless clients cannot access the network in the infrastructure mode.
Check that the wireless network device is being installed and working
properly.
This chapter provides solutions to frequently encountered probl
d
Please read through the following to solve your problems.
1
Go to “Start” >
Right mouse click
on “My Computer”
> “Properties”
19
Page 20
o to Hardware
G
20
Go to “Device
Manager”
Page 21
Right mouse click
on the wireless
network adapter.
Go to “Properties”
Check and make
sure that the
network adapter is
working properly
21
Page 22
2. What is the difference between 11Mbps and 11Mbps wireless products?
What’s the benefit of 11Mbps Wireless Access Point?
The 11Mbps is made possible by the new modulation method called PBCC
I, which is different from the current CCK modulation method
The 11Mbps Wireless Access Point offers double data rate than that
of 11Mbps with 20% more distance coverage. The 11Mbps wireless products
also operate in the 2.4GHz ISM band and they are backward compatible with
irel s products.
3. What is Roaming?
Roaming is the ability of portable computers, e.g., Packet PC and notebook, to
have consistent and continuous data transmission/reception throughout an area
covered by mo Wireless Access Point. In order to achieve seamless
connectivity, all the wireless clients and Access Points must be set to use the
same SSID. hen a user walked out of the coverage area of one AP into
another, the wireless client network device will automatically reestablish
connection with the new AP.
. What is a MAC Address?
ia Access Control (MAC) address is a unique number assigned by the
r to any Ethernet networking devices, e.g. a network adapter, that
network to identify it at the hardware level. Unlike IP addresses,
which can be changed or dynamically assigned by the network, the MAC
address of a networking device is permanent.
5. What is WEP?
Wired Equivalent Privacy (WEP) is a type of data encryption mechanism
described in the IEEE 802.11 standard. The 11Mbps Wireless Access Point
supports 64/128/256 bit shared key for WEP.
6. Would the information be transmitted securely in the air?
WLAN offers two layers of protection for security. First layer is on the hardware
level. As with Direct Sequence Spread Spectrum (DSSS) technology, it has the
inherent security feature of scrambling. Second of all, on the software level, the
security control is made possible by Wired Equivalent Privacy (WEP) for access
control.
7. What is ISM band?
developed by
for 11Mbps.
11Mbps wTes
re than one
W
4
The Med
manufacture
allows the
22
Page 23
The FCC and their counterparts outside of the U.S. have set aside bandwidth
unlicensed use in the ISM (Industrial, Scientific and Med
for
ical) band. The 2.4GHz
8.
C speed to reach data throughput to over 12Mbps.
Since it is not IEEE 802.11b standard wireless data mode, in order to allow 4X
ving and transmitting parties must be using TI solution.
unlicensed ISM band is available worldwide, which presents the opportunity for
the global market of 802.11b high speed wireless products.
What is 4X mode?
This is a proprietary wireless data transmission mode provided by TI, which
enhances TI’s 11Mbps PBC
mode, both the recei
23
Page 24
APPENDIX B: NETWORKING BASIS
This chapter will help you learn the basics of home networking.
Usin
g the Windows XP Network Setup Wizard
menu >
nel >
Go to Start
Control Pa
Network Connections
In the menu on the left
side of the window,
select “Set up a home
or small office
network
Click “Next” to
p
rocced
Click “Next” to
continue
24
Page 25
Select the option
th
how you connect
yo
Internet.
In the case of using
se the
at best describes
ur computer to the
router in the
network, choo
second option.
Click “Next” to
continue.
computer.
2. Enter a
3. Click “Next t
continue.
1. Enter a short
description for your
name for
your computer to be
recognized among
the network.
o
25
Page 26
Enter “Workgroup
name” for your
home network.
Click “Next” to
continue”
d
e settings.
Click “Next” an
wait for the wizard
to apply th
26
Page 27
ou m
Y a
trouble of having to
configure every PCs
in your network.
Select the first
choice, and insert a
floppy disk into
your disk drive
Click “Next” to
continue.
y create a
network setup disk
which saves you the
27
Page 28
Click “Format
Disk” if you wish to
format the disk.
Click “Next” to
copy the necessary
files to the disk.
li
ck “Next” to
e
C
continue with th
N
etwork Setup
Wizard
28
Page 29
!Note: Now yo
etwork that you w
rive of a PC,
o handle the rest.
u may use the Network Setup Disk you just created in any PCs in your
ish to setup. Simply insert the Network Setup Disk into the disk
and open to browse the content of the disk with “My Computer” or
Windows File Manager”. Double-click and run the file “netsetup” for the program
n
d
t
et
izard.
Click “Finish” to
complete the
N
work Setup
W
fe
ill now
have to restart in
order for the new
settings to be
ef ctive.
Click “Ye s ” to
restart the computer
System w
29
Page 30
Checking IP Address of Your Computer in Windows XP
Sometimes you will need to know the IP address of the computer that you are using
For example, when you want to make sure that your computer is in the same network
domain as that of y
.
our Access Point for you can configure and access the AP.
hen the command prompt window appears, type command “ipconfig /all” and press
nter. This command will display the IP addresses of all the network adapters in
our computer.
this case, the IP address of your network adapter is 192.168.1.2, which means your
ccess Point must have an IP address of 192.168.1.xxx in order for you to be able to
ccess it.
the IP address is assigned by DHCP server on the network, there are chances you
ight have to release the IP and acquire it from DHCP server again. Here is how
ou do it.
>
Click “OK”
Go to Start menu
Run > type
command
W
E
y
In
A
a
If
m
y
30
Page 31
un > type
ommand
Type comm
Go to Start menu >
R
c
Click “OK”
and, “ipconfig /renew” in the command prompt window and press Enter.
his command releases the current IP address and acquire it from the network, i.e.
HCP server, once more.
this case, the IP address that we acquired is 192.168.1.3. However, it’s often that
e acquired IP address of the network adapter might would not be the same.
To renew IP under Windows 98 and Windows ME, you will have to go to the
tart menu > Run > type winipcfg and click “OK”. The Windows IP Configuration
enu window would appear, where you first click “release” button to release the
urrent IP address, followed by clicking of “Renew” to acquire a new IP address from
etwork.
. If you still have problems getting an IP address after computer restarts,
ou will have to consult with your MIS in your office or call computer and network
command releases the current IP address and acquire it from the network, i.e.
HCP server, once more.
this case, the IP address that we acquired is 192.168.1.3. However, it’s often that
e acquired IP address of the network adapter might would not be the same.
To renew IP under Windows 98 and Windows ME, you will have to go to the
tart menu > Run > type winipcfg and click “OK”. The Windows IP Configuration
enu window would appear, where you first click “release” button to release the
urrent IP address, followed by clicking of “Renew” to acquire a new IP address from
etwork.
. If you still have problems getting an IP address after computer restarts,
ou will have to consult with your MIS in your office or call computer and network
T
DD
InIn
thth
!Note: !Note:
SS
MM
cc
nn
If the above methods for IP renew fail, you will have to try and restart the computer,
which will reinitializes the network adapter settings during startup including renewing
IP address
If the above methods for IP renew fail, you will have to try and restart the computer,
which will reinitializes the network adapter settings during startup including renewing
IP address
yy
technicians. technicians.
31
Page 32
Dynamic IP Ad
By definiti
assigned to
Static IP ad
dress V.S. Static IP Address
on Dynamic IP addresses are the IP addresses that are being automatically
a network device on the network. These Dynamically assigned IP
ddresses will expire and may be changed over time.
dresses are the IP addresses that users manually enter for each of the
etwork adapters.
a
n
G
P
Connections > Right-click on
the active Local Area
connection > Select
Pr
o to Start menu > Control
anel > Network
operties
!Note: There might be two or more Local Area Connection to choose from. You must
select the one that you will use to connect to the network.
32
Page 33
Adapter
The Local Area Connection
Properties would appear.
Select “Internet Protocol
(TCP/IP)” and Cli
IEEE 802.11b 11Mbps WLAN Network
ck
operties” to continue. Pr
33
Page 34
Dynamically Assigned IP Address
T
appears.
Select “Obtain an IP addr
Static IP Address
he TCP/IP Properties window
ess
automatically” if you are on a
DHCP enabled network.
Click “OK” to close the window
with the changes made
S
a
E
m
E
in
E
in
C
elect “Use the following IP
ddress
nter the IP address and subnet
ask fields.
nter the IP address of the Router
the Default gateway field.
nter the IP address of the Router
the DNS server field
lick “Ok” to close the window
34
Page 35
!Note: The IP address must be within the same range as the wireless route or Access
ireless Network in Windows 2000
Point.
W
menu > Settings >
etwork and Dial-up
elect “Internet Protocol
IEEE 802.11b 11Mbps WLAN Network Adapter
Go to Start
N
Connections > Double-click on
the Local Area Connection
S
(TCP/IP)” and click
Properties
p
roperties window
pears.
utomatically” if you are on a
lick “OK” to close the window
The TCP/IP P
a
Select “Obtain an IP address
a
DHCP enabled network.
C
with the changes made
35
Page 36
Select “Use the following IP
a
n
C
ddress
t
uter
the Default gateway field.
f the Router
ver field
lick “Ok” to close the window
Enter the IP address and subne
mask fields.
Enter the IP address of the Ro
i
Enter the IP address o
in the DNS ser
Wireless Network In Windows 98 and Windows ME
36
menu > Settings >
ontrol Panel > Double-click on
ork
evice
ontinue
Go to Start
C
Network
Select TCP/IP of the netw
d
Click “Properties” to c
IEEE 802.11b 11Mbps WLAN Network Adapter
Page 37
T
ap
S
a
D
C
w
he TCP/IP Properties window
pears.
tain an IP address
d network.
elect “Ob
utomatically” if you are on a
HCP enable
lick “OK” to close the window
ith the changes made
S
E
mask fields.
h
elect “Specify an IP address”
nter the IP address and subnet
nter the IP address of
e Router in the Default
r the IP address of the
outer in the DNS server field
In the DNS Configuration Tab
Page, (1) e
t
gateway field.
(2) Ente
R
37
Page 38
APPENDIX C: 802.1x Authentication Setup
nents to the 802.1x infrastructure: (1) Supplicant, (2)
The 802.1x security supports both MD5 and TLS
Protocol (EAP). The 802.1x Authentication is a
plement to the current WEP encryption used in wireless network. The current
tion is that there is no key management and no
on of key lifetime. 802.1x Authentication offers key
management, which includes key per user and key per session, and limits the lifetime
of the keys to certain duration. Thus, key decryption by unauthorized attacker
becomes extremely difficult, and the wireless network is safely secured. We will
introduce the 802.1x Authentication infrastructure as a whole and going into details of
the setup for each essential component in 802.1x authentication.
802.1x Authentication Infrastructure
he Infrastructure diagram showing above illustrates that a group of 802.11 wireless
clients is trying to form a 802.11 wireless network with the Access Point in order to
have access to the Internet/Intranet. In 802.1x authentication infrastructure, each of
these wireless clients would have to be authenticated by the Radius server, which
would grant the authorized client and notified the Access Point to open up a
There are three essential compo
Authenticator and (3) Server.
Extensive Authentication
com
security weakness of WEP encryp
limitation for the durati
T
38
Page 39
communication port to be used for the granted client. There are 2 Extensive
TLS.
MD5 authentication is simply a validation of existing user account and password that
is stored in the server with what are keyed in by the user. Therefore, wireless client
user will be prompted for account/password validation every time when he/she is
trying to get connected. TLS authentication is a more complicated authentication,
which involves using certificate that is issued by the Radius server, for authentication.
TLS authentication is a more secure authentication, since not only the Radius server
authenticates the wireless client, but also the client can validate the Radius server by
the certificate that it issues. The authentication request from wireless clients and reply
by the Radius Server and Access Point process can be briefed as follows:
1. The client sends an EAP start message to the Access Point
2. The Access Point replies with an EAP Request ID message
3. The client sends its Network Access Identifier (NAI) – its user name – to the
Access Point in an EAP Respond message.
4. The Access Point forwards the NAI to the RADIUS server with a RADIUS
with its digital certificate.
6. The client validates the digital certificate, and replies its own digital
certificate to the RADIUS server.
7. The RADIUS server validates client’s digital certificate.
8. The client and RADIUS server derive encryption keys.
9. The RADIUS server sends the access point a RADIUS ACCEPT message,
including the client’s WEP key.
10. The Access Point sends the client an EAP Success message along with the
broadcast key and key length, all encrypted with the client’s WEP key.
Supplicant: Wireless Network PC Card
ere is the setup for the Wireless Network PC Card under Windows XP, which is the
nly Operating System that our driver supports for 802.1x. Microsoft is planning on
Authentication Protocol (EAP) methods supported: (1) MD5 and (2)
Access Request message.
5. The RADIUS server responds to the client
H
o
supporting 802.1x security in all common Windows Operating System including
Win98SE/ME/2000 by releasing Service Pack in 2003.
Please note that the setup illustration is based on our 11Mbps wireless PC Card.
39
Page 40
1. Go to Start > Control Panel
2. double-click on “Network Connections
3. right-click on the Wireless Network Connection that you use with our 11Mbps
wireless PC Card.
4. Click Properties” to open up the Properties setting window.
40
Page 41
5. Click on the “Wireless Network” tab.
11M WLAN Adapter
41
Page 42
6. Click Properties” of the available wireless network, which you wish to
erent 802.1x authentication
ust remove the current
To configure for using TLS authentication method, please follow steps 7 ~ 25.
Please follow steps 26 ~ for using MD5 authentication method.
connect or configure.
Please note that if you are going to change to a diff
EAP method, i.e. switch from using MD5 to TLS, , you m
existing wireless network from your Preferred networks first, and add it in
again.
42
Page 43
TLS Authentication
7.
. Click OK” to close the Wireless Network Properties window.
Select The key is provided for me automatically” option
8
43
Page 44
9. Click Authentication
10. Select “Enable netwo 802.1x” option to enable
1. Select “Smart Card or other Certificate” from the drop-down list box for
EAP type.
2. Click “OK” to close the Wireless Network Connection Properties window,
thus make the changes effective.
The wireless client configuration in the zero-configuration utility provided in
W ndows XP is now completed for TLS configuration. Before you can enable IEEE
802.1x authentication and have wireless client authenticated by the Radius server, you
have to download the certificate to your local computer first.
” tab
rk access control using IEEE
802.1x authentication.
1
1
i
44
Page 45
TLS Authentication – Download Digital Certificate from Server
In quires internal IT or MIS staff’s help to have the
t
each corporation uses its own server systems, and you will need the assistance
from your IT or MIS for account/password, CA server location and etc. The
following illustration is based on obtaining a certificate from Windows 2000
Server which can act as a CA server, assuming you have a valid account/password
to access the server.
13. Connect to the server and ask for access, and the server will prompt you to
enter your user name and password.
14. Enter your user name and password, then click “OK” to continue.
P for connection with the server for our
illustration, and the IP of the server is 192.168.1.10.
lowing
This is how we connect to the Certificate Service installed in Windows 2000
server.
most corporations, it re
certificated downloaded to your local computer. One of the main reasons is tha
lease note that we use IP addresses
15. After successful login, open up your Internet Browser, and type the fol
in the address field.
http://192.168.1.10/certsrv
45
Page 46
1
certificate”, and click “Next” to continue.
6. Now we are connected to the Certificate Service. Select “Request a
46
Page 47
17. Select “User Certificate request”, and click “Next” to continue.
47
Page 48
18. Click “Submit >” to continue.
48
Page 49
49
rocessing the certificate request. 19. The Certificate Service is now p
49
Page 50
50
” to
21. Click “Ye s ” to store the certificate to your local computer.
20. The certificate is issued by the server, click “Install this certificate
download and store the certificate to your local computer.
50
Page 51
22. Certificate is now installed.
All the configuration and certificate download are now complete. Let’s try to
connect to the Access Point using 802.1x TLS Authentication.
51
Page 52
23. Windows XP will prompt you to select a certificate for wireless network
connection. Click on the network connection icon in the system tray to
continue.
52
Page 53
24. Select the certificate that was issued by the server (WirelessCA), and clic
OK” to continue.
k
5. Check the server to make sure that it’s the server that issues certificate, and
click “OK” to complete the authentication process.
2
53
Page 54
MD5 Authentication
26. Select “Data encryption (WEP enabled)” option, but leave other option
unselected.
27. Select the key format that you want to use to key in your Network key.
ASCII characters: 0~9, a~z and A~Z
HEX characters: 0~9, a~f
28. Select the key length that you wish to use
40 bits (5 characters for ASCII, 10 characters for HEX)
104 bits (13 characters for ASCII, 26 characters for HEX)
29. After deciding the key format and key length that you wish to use for network
key. Enter the network key in “Network key” text box.
Please note that that value of Network key entered, and key format/length used,
m st be the same as that used in the Access Point. Although there are 4 set of keys
can be set in the Access Point WEP configuration, it’s the first set of key that must
be the same as that we used by the supplicant wireless client.
30. Click “OK” to close the Wireless Network Properties window, thus make the
changes effective.
u
54
Page 55
31. Select “Authenticatio
32. Select “Enable network access control using IEEE 802.1X” to enable
33. D-5 Challenge” from the drop-down list box for EAP type.
4. Click “OK” to close Wireless Network Connection Properties window, thus
make all the changes effective.
n” tab.
802.1x authentication.
Select “M
3
55
Page 56
Unlike TLS, which uses digital certificate for validation, the MD-5 Authentication is
used
by the server for validation.
35. WindowsXP will prompt you to enter your user name and password. Click on
the network connection icon in the system tray to continue.
based on the user account/password. Therefore, you must have a valid account
56
Page 57
36. Enter the user name, password and the logon domain that your account
belongs if you have one or more network domain exist in your network.
37. Click “OK” to complete the validation process.
57
Page 58
Authenticator: Wireless Network Access Point
This is the web page configuration in the Access Point that we use.
1. Enable 802.1x security by selecting “Enable”.
2. If MD5 EAP methods is used then you can skip step 3 and go to step 4.
3. Select the Encryption Key Length Size ranging from 64 to 256 Bits that you
would like to use.
Select the Lifetime of the Encryption Key from 5 Minutes to 1 Day. As soon
as the lifetime of the Encryption Key is over, the Encryption Key will be renewed
by the Radius server.
4. Enter the IP address of and the Port used by the Primary Radius Server
Enter the Shared Secret, which is used by the Radius Server.
5. Enter the IP address of, Port and Shared Secret used by the Secondary Radius
Server.
6. Click “Apply” button for the 802.1x settings to take effect after Access Point
reboots itself.
58
Page 59
Note!: As soon as 802.1x security is enabled, all the wireless client stations that are
connected to the Access Point currently will be disconnected. The wireless clients
dius server to be
connected.
must be configured manually to authenticate themselves with the Ra
re
59
Page 60
Radius Server: Window2000 Server
S Authentication, and enable EAP-methods.
1. Login into your Windows 2000 Server as Administrator, or account that has
Administrator authority.
2. Go to Start > Control Panel, and double-click “Add or Remove Programs”
3. Click on “Add/Remove Windows components
4. Check Certificate Services”, and click “Next” to continue.
This section to help those who has Windows 2000 Server installed and wants to setup
Windows2000 Server for 802.1x authentication, which includes setting up Certificate
Service for TL
60
Page 61
5. Select E nterprise root CA”, and click “Next” to continue.
6. Enter the information that you want for your Certificate Service, and click
Next” to continue.
61
Page 62
7. Go to Start > Program > Administrative Tools > Certificate Authority
9. Select Certificate to Issue
10. Select “Authenticated Session” and “Smartcard Logon” by holding down
to the Ctrl key, and click “OK” to continue.
8. Right-click on the “Policy Setting”, select “new”
62
Page 63
11. Go to Start > Program > Administrative Tools > Active Directory Users and
lect ”Properties” to continue.
13. Select “Group Policy” tab and click “Properties” to continue.
Computers.
12. Right-click on domain, and se
63
Page 64
14. Go to “Computer Configuration” > “Security Settings” > “Public Key
Policies
15. Right-click “Automatic Certificate Request Setting”, and select “New”
6. Click “Automatic Certificate Request ...1
64
Page 65
17. The Automatic Certificate Request Setup Wizard will guide you through
Automatic C
the
ertificate Request setup, simply click “Next” through to the last
20. Type “secedit/refreshpolicy machine_policy” to refresh policy.
step.
18. Click “Finish” to complete the Automatic Certificate Request Setup
19. Go to Start > Run, and type “command” and click “Enter” to open
Command Prompt.
65
Page 66
Adding Internet Authentication Service
Go to S
21. tart > Control Panel > Add or Remove Programs
22. Select “Add/Remove Windows Components” from the panel on the left.
23. Select “Internet Authentication Service”, and click “OK” to install.
66
Page 67
Set
uthentication
ting Internet Authentication Service
24. Go to Start > Program > Administrative Tools > Internet A
Service
25. Right-click “Client”, and select “New Client
67
Page 68
26. Enter the IP address of the Access Point in the Client address text field, a
memorable name for the Access Point in the Client-Vendor text field, the
he password in the Confirmed shared secret text field.
Point.
access password used by the Access Point in the Shared secret text field.
Re-type t
27. Click “Finish” to complete adding of the Access
68
Page 69
In the Internet Authentication Service, right-click “Remote Access Policies
Select “New Remote Access Policy”.
28.
29.
0. Select “Day-And-Time-Restriction”, and click “Add” to continue.
3
69
Page 70
31. Unless you want to specify the active duration for 802.1x authentication,
click “OK” to accept to have 802.1x authentication enabled at all times.
32. Select “Grant remote access permission”, and click “Next” to continue.
70
Page 71
33. Click “Edit Profile” to open up
71
Page 72
For TLS Authentication Setup (Steps 34 ~ 38)
4. Select “Authentication” Tab
5. Enable “Extensible Authentication Protocol”, and select “Smart Card or
other Certificate” for TLS authentication
3
3
72
Page 73
36. Go to Start > Program > Administrative Tools > Active Directory Users and
Computers
ck on the user that can be newly created or
Please note that in this case, we have a user called, test, whose account/password are
used to obtain the digital certificate from server.
37. Select “Users”, and double-cli
currently existing, who will be configured to have the right to obtain digital
certificate remotely.
73
Page 74
38. Go to the “Dial-in” tab, and check “Allow access” option for Remote Access
Permission and “No Callback” for Callback Options.
74
Page 75
For MD5 Authentication (Steps 39 ~ 54)
9. Go to Start > Program > Administrative Tools > Active Directory Users and
Computers.
0. Right click on the domain, and select “Properties”
3
4
75
Page 76
41. Select “Group Policy” tab, and click “Edit” to edit the Group Policy.
76
Page 77
42. Go to “Computer Configuration” > “Windows Settings” > “Security
Settings” > “Account Policies” > “Password Policies
43. Click “Define this policy setting”, select “Enabled”, and click “OK” to
continue.
77
Page 78
44. Go to Start > Program > Administrative Tools > Active Directory Us
Computers.
ers and
5. Go to Users. Right-click on the user that you are granting access, and select
Properties
4
78
Page 79
46. Go to “Account” tab, and enable “Store password using reversible
encryption
47. Click “OK” to continue.
79
Page 80
48. Go to Start > Program > Administrative Tools > Internet Authenticat
Service.
ion
icies
0. Make sure that MD5 is moved up to Order 1
1. Right-click “MD5”, and select “Properties”
49. Go to Remote Access Pol
5
5
80
Page 81
52. Go to “Authentication” tab
Enable “E53. xtensible Authentication Protocol
type.
54. Select “MD5-Challenge” for EAP
81
Page 82
APPENDIX D: GLOSSARY
Access Point An internetworking device that seamlessly connects wired and wireless networks.
Ad-Hoc An independent wireless LAN network formed by a group of computers, each with an network adapter.
AP – One of the additional AP operating modes offered by 11Mbps Access
Point, which allows the Access Point to act as an Ethernet-to-Wireless Bridge, thus a
LAN or a single computer station can join a wireless ESS network through it.
ASCII – American Standard Code for Information Interchange, ASCII, is one of the
two formats that you can use for entering the values for WEP key. It represents
English letters as numbers from 0 to 127.
Authentication Type Indication of an authentication algorithm which can be
supported by the Access Point:
1. Open System : Open System authentication is the simplest of the available
authentication algorithms. Essentially it is a null authentication algorithm.
Any station that requests authentication with this algorithm may become
authenticated if 802.11 Authentication Type at the recipient station is set to
Open System authentication.
2. Shared Key : Shared Key authentication supports authentication of stations
as either a member of those who knows a shared secret key or a member of
those who does not.
Backbone The core infrastructure of a network, which transports information from one central location to another where the information is unloaded into a local system.
Bandwidth ― The transmission capacity of a device, which is calculated by how
much data the device can transmit in a fixed amount of time expressed in bits per
second (bps).
Basic Rate the fixed transmitted and receiving data rate allowed by the AP with
the value 1,2,5.5, 11 and 11 Mbps for selection.
Client
82
Page 83
Beacon ― A beacon is a packet broadcast by the Access Point to keep the network synchronized. Included in a beacon are information such as wireless LAN service area, the AP address, the Broadcast destination addresses, time stamp, Delivery
icator Message (TIM).
Bit ― A binary digit, which is either -0 or -1 for value, is the smallest unit for data.
networking function that incorporates the lowest 2 layers of the
SI network protocol model.
gram that enables one to read the content and interact
the World Wide Web or Intranet.
SMA/CA ― In local area networking, this is the CSMA technique that combines
ision
having collisions occur a second time. This works best if f situatio
CSMA/C N access me , it checks random a g. If the network is quiet and two devices access t detected,
DHCP nfiguration Protocol, which is a protocol that lets
etwork administrators manage and allocate Internet Protocol (IP) addresses in a
must be entered in manually the IP address. DHCP enables the network
dministrators to assign the IP from a central location and each computer receives an
t Sequence Spread Spectrum. DSSS generates a redundant bit pattern
be transmitted. This bit pattern is called a chip (or chipping code). The
nger the chip, the greater the probability that the original data can be recovered.
al
he original data without the need for
Traffic Indicator Maps, and the Traffic Ind
Bridge An inter O
Browser ― An application pro in
BSS BSS stands for “Basic Service Set”. It is an Access Point and all the LAN PCs that associated with it.
Channel The bandwidth which wireless Radio operates is divided into several
segments, which we call them “Channels”. AP and the client stations that it
associated work in one of the channels.
C
slotted time-division multiplexing with carrier sense multiple access/coll detection (CSMA/CD) to avoid
the time allocated is short compared to packet length and if the number o
ns is small.
D ― Carrier Sense Multiple Access/Collision Detection, which is a LA thod used in Ethernet. When a device wants to gain access to the network
to see if the network is quiet (senses the carrier). If it is not, it waits a
mount of time before retryin
he line at exactly the same time, their signals collide. When the collision is
they both back off and wait a random amount of time before retrying.
Dynamic Host Co n network. Every computer has to have an IP address in order to communicate with each other in a TCP/IP based infrastructure network. Without DHCP, each computer
a IP address upon plugged with the Ethernet cable everywhere on the network.
DSSS Direc for each bit to lo Even if one or more bits in the chip are damaged during transmission, statistic techniques embedded in the radio can recover t
83
Page 84
retransmission. To an unintended receiver, DSSS appears as low power wideband
ta
ansmitted, thus prevent others from knowing the information transmitted.
ded Service Set”. More than one BSS is configured to ecome Extended Service Set. LAN mobile users can roam between different BSSs in n ESS.
identifies the ESS. In infrastructure
ssociation , the stations use the same ESSID as AP’s to get connected.
thernet A popular local area data communications network, originally developed
rnet
or
ragmentation ― When transmitting a packet over a network medium, sometimes
fragmentation boundary for directed messages. The purpose of
ragmentation Threshold" is to increase the transfer reliability thru cutting a MAC
atible
ommunication protocols.
become
ational and international standards.
noise and is rejected (ignored) by most narrowband receivers.
Dynamic IP Address ― An IP address that is assigned automatically to a client station in a TCP/IP network by a DHCP server.
Encryption ― A security method that uses a specific algorithm to alter the da tr
ESS ESS stands for “Exten b a
ESSID The unique identifier that
a
E
by Xerox Corp., that accepts transmission from computers and terminals. Ethe operates on a 10/100 Mbps base transmission rate, using a shielded coaxial cable over shielded twisted pair telephone wire.
F
the packet is broken into several segments, if the size of packet exceeds that allowed by the network medium.
Fragmentation Threshold – The Fragmentation Threshold defines the number of bytes used for the "F Service Data Unit (MSDU) into several MAC Protocol Data Units (MPDU) in smaller size. The RF transmission can not allow to transmit too big frame size due to the heavy interference caused by the big size of transmission frame. But if the frame size is too small, it will create the overhead during the transmission.
Gateway
a device that interconnects networks with different, incomp
c
HEX – Hexadecimal, HEX, consists of numbers from 0 – 9 and letters from A – F.
IEEE The Institute of Electrical and Electronics Engineers, which is the largest
technical professional society that promotes the development and application of electrotechnology and allied sciences for the benefit of humanity, the advancement of the profession. The IEEE fosters the development of standards that often n
Infrastructure An infrastructure network is a wireless network or other small network in which the wireless network devices are made a part of the network through the Access Point which connects them to the rest of the network.
ISM Band ― The FCC and their counterparts outside of the U.S. have set aside
84
Page 85
bandwidth for unlicensed use in the ISM (Industrial, Scientific and Medical) band. Spectrum in the vicinity of 2.4GHz, in particular, is being mad e available worldwide.
g device, such as a network adapter,
at allows the network to identify it at the hardware level.
tion.
wo or more Ethernet networks or Ethernet enabled clients together. The
r workstation.
PDU PLCP protocol data unit
eate the PPDU. Two different preambles and headers are
ort-preamble capable
quipment is not consideration. That is, it is expected to be used only in networks of
it.
e Problem”. If the
TS/CTS mechanism
MAC Address ― Media Access Control Address is a unique hex number assigned by the manufacturer to any Ethernet networkin th
Multicasting Sending data to a group of nodes instead of a single destina
Multiple Bridge – One of the additional AP operating modes offered by 11Mbps
Access Point, which allows a group of APs that consists of two or more APs to
connect t
way that multiple bridge setup is based on the topology of Ad-Hoc mode.
Node A network junction or connection point, typically a computer o
Packet A unit of data routed between an origin and a destination in a network.
PLCP Physical layer convergence protocol
P
Preamble Type During transmission, the PSDU shall be appended to a PLCP
preamble and header to cr
defined as the mandatory supported long preamble and header which interoperates
with the current 1 and 2 Mbit/s DSSS specification as described in IEEE Std
802.11-1999, and an optional short preamble and header. At the receiver, the PLCP
preamble and header are processed to aid in demodulation and delivery of the PSDU.
The optional short preamble and header is intended for application where maximum
throughput is desired and interoperability with legacy and non-sh
e
like equipment that can all handle the optional mode. (IEEE 802.11b standard)
PSDU PLCP service data unit
Roaming A LAN mobile user moves around an ESS and enjoys a continuous
connection to an Infrastructure network.
RTS Request To Send. An RS-232 signal sent from the transmitting station to the receiving station requesting permission to transm
RTS Threshold Transmitters contending for the medium may not be aware of each other. RTS/CTS mechanism can solve this “Hidden Nod
acket size is smaller than the preset RTS Threshold size, the Rp
will NOT be enabled.
85
Page 86
SSID ― Service Set Identifier, which is a unique name shared among all clients and
odes in a wireless network. The SSID must be identical for each clients and nodes
etworks into a series of
b-groups, or subnets. The mask is a binary pattern that is matched up with the IP
asic
as a
of
ssages to or
et information from also has a copy of TCP/IP.
hroughput ― The amount of data transferred successfully from one point to
encryption scheme used to protect
ireless data communication. To enable the icon will prevent other stations without
h the AP.
n in the wireless network.
Subnet Mask ― The method used for splitting IP n su address to turn part of the host ID address field into a field for subnets.
TCP/IP ― Transmission Control Protocol/ Internet Protocol. The b communication language or protocol of the Internet. It can also be used communications protocol in a private network, i.e. intranet or internet. When you are set up with direct access to the Internet, your computer is provided with a copy the TCP/IP program just as every other computer that you may send me g
T
another in a given period of time.
WEP Wired Equivalent Privacy (WEP) is an
w
the same WEP key from linking wit
Wireless Bridge – One of the additional AP operating modes offered by 11mpbs
Access Point, which allows a pair of APs to act as the bridge that connects two
Ethernet networks or Ethernet enabled clients together.
86
Page 87
APPENDIX E: TECHNICAL SPECIFICATION
Standard 802.11b compliant (wireless)
Data Rate 1 / 2 / 5.5 / 11 Mbps
Emission Type Direct Sequence Spread Spectrum (DSSS)
(General Europe)
hannels (North America)
13 Channels (Europe)
QPSK -92 dBm
ize 1024 and @25ºC +
Data Modulation 1 Mbps – BPSK
2 Mbps QPSK
5.5 / 11 Mbps CCK
RF Frequency 2412 MHz – 2462 MHz (North America)
2412 MHz 2472 MHz
2412 MHz 2484 MHz (Japan)
Operating Channel 11 C
14 Channels (Japan)
RF Output Power 16 dBm (typical)
ensitivity 1, 2Mbps BPSK,S
5.5Mbps CCK -88 dBm
11Mbps CCK -84 dBm
(typically @PER < 8% packet s 5ºC)
ecurity Wired Equivalent Privacy (WEP) 64 / 128bit
Antenna Type Diversity Patch with 2.0 dBi max. Antenna Gain.
Interface PC CardBus, PC Card Standard v7.2
Dimension 114 x 54 x 5 mm
Memory 8Kbytes EEPROM
Power Voltage 3.3V +
S
5%
Power Consumption Operation max. 650 mA by TX
350 mA by RX
87
Loading...