Hirschmann BAT54, BAT54M Installation Manual

Download

Installation Guide

Dual-Band Outdoor Access Point / Bridge BAT54, BAT54M

User Guide

BAT54, BAT54M

Release 1.0 02/06

Technische Unterstützung

HAC-Support@hirschmann.de

The naming of copyrighted trademarks in this manual, even when not specially indicated, should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone.

Manuals and software are protected by copyright. All rights reserved. The copying, reproduction, translation, conversion into any electronic medium or machine scannable form is not permitted, either in whole or in part. An exception is the preparation of a backup copy of the software for your own use.

The performance features described here are binding only if they have been expressly guaranteed in the contract. This publication has been created by Hirschmann Automation and Control GmbH according to the best of our knowledge. Hirschmann reserves the right to change the contents of this manual without prior notice. Hirschmann can give no guarantee in respect of the correctness or accuracy of the details in this publication.

Hirschmann can accept no responsibility for damages, resulting from the use of the network components or the associated operating software. In addition, we refer to the conditions of use specified in the license contract.

Printed in Germany (2/23/06)

Hirschmann Automation and Control GmbH Stuttgarter Straße 45-51 72654 Neckartenzlingen Telefon +49 1805 141538 -0206

User Guide

Dual-Band Outdoor Access Point/Bridge

IEEE 802.11a/b/g Access Point / Bridge Master Unit with External Antenna Options (BAT54M) Slave Unit with Integrated High-Gain Antenna (BAT54)

Compliances

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:

• Reorient or relocate the receiving antenna

• Increase the separation between the equipment and receiver

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected

• Consult the dealer or an experienced radio/TV technician for help

Warnings: 1.Wear an anti-static wrist strap or take other suitable measures to prevent

electrostatic discharge when handling this equipment.

2.When connecting this device to a power outlet, connect the field ground

lead on the tri-pole power plug to a valid earth ground line to prevent electrical hazards.

IMPORTANT NOTE: FCC Radiation Exposure Statement

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters (8 inches) between the radiator and your body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.

Wireless 5 GHz Band Statement:

As the access point can operate in the 5150-5250 MHz frequency band it is limited by the FCC, Industry Canada and some other countries to indoor use only so as to reduce the potential for harmful interference to co-channel Mobile Satellite systems.

High power radars are allocated as primary users (meaning they have priority) of the 5250-5350 MHz and 5650-5850 MHz bands. These radars could cause interference and/ or damage to the access point.

EC Conformance Declaration

Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards:

• EN 60950 (IEC 60950) - Product Safety

• EN 301 893 - Technical requirements for 5 GHz radio equipment

• EN 300 328 - Technical requirements for 2.4 GHz radio equipment

• EN 301 489-1 / EN 301 489-17 - EMC requirements for radio equipment

0560

Countries of Operation & Conditions of Use in the European Community

This device is intended to be operated in all countries of the European Community. Requirements for indoor vs. outdoor operation, license requirements and allowed channels of operation apply in some countries as described below:

Note: The user must use the configuration utility provided with this product to ensure the

channels of operation are in conformance with the spectrum usage rules for European Community countries as described below.

• This device requires that the user or installer properly enter the current country of operation in the command line interface as described in the user guide, before operating this device.

• This device will automatically limit the allowable channels determined by the current country of operation. Incorrectly entering the country of operation may result in illegal operation and may cause harmful interference to other system. The user is obligated to ensure the device is operating according to the channel limitations, indoor/outdoor restrictions and license requirements for each European Community country as described in this document.

• This device employs a radar detection feature required for European Community operation in the 5 GHz band. This feature is automatically enabled when the country of operation is correctly configured for any European Community country. The presence of nearby radar operation may result in temporary interruption of operation of this device. The radar detection feature will automatically restart operation on a channel free of radar.

• The 5 GHz Turbo Mode feature is not allowed for operation in any European Community country. The current setting for this feature is found in the 5 GHz 802.11a Radio Settings Window as described in the user guide.

• The 5 GHz radio's Auto Channel Select setting described in the user guide must always remain enabled to ensure that automatic 5 GHz channel selection complies with European requirements. The current setting for this feature is found in the 5 GHz

802.11a Radio Settings Window as described in the user guide.

• This device may be operated indoors or outdoors in all countries of the European

Community using the 2.4 GHz band: Channels 1 - 13, except where noted below.

- In Italy the end-user must apply for a license from the national spectrum authority to operate this device outdoors.

- In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz band: Channel 13.

- In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band: Channels 1 - 7

Operation Using 5 GHz Channels in the European Community

The user/installer must use the provided configuration utility to check the current channel of operation and make necessary configuration changes to ensure operation occurs in conformance with European National spectrum usage laws as described below and elsewhere in this document.

Allowed 5GHz Channels in Each European Community Country

Allowed Frequency Bands Allowed Channel Numbers Countries

5.15 - 5.25 GHz* 36, 40, 44, 48 Austria, Belgium

5.15 - 5.35 GHz* 36, 40, 44, 48, 52, 56, 60, 64 France, Switzerland, Liechtenstein

5.15 - 5.35* & 5.470 - 5.725

GHz

36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140

Denmark, Finland, Germany, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, U.K.

5 GHz Operation Not Allowed None Greece

* Outdoor operation is not allowed using 5.15-5.35 GHz bands (Channels 36 - 64).

Channels 36 - 64 are currently not available for use.

iii

Safety Compliance

Power Cord Safety

Please read the following safety information carefully before installing the device:

Warning: Installation and removal of the unit must be carried out by qualified personnel

only.

• The unit must be connected to an earthed (grounded) outlet to comply with international safety standards.

• Do not connect the unit to an A.C. outlet (power supply) without an earth (ground) connection.

• The appliance coupler (the connector to the unit and not the wall plug) must have a configuration for mating with an EN 60320/IEC 320 appliance inlet.

• The socket outlet must be near to the unit and easily accessible. You can only remove power from the unit by disconnecting the power cord from the outlet.

• This unit operates under SELV (Safety Extra Low Voltage) conditions according to IEC

60950. The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions.

France and Peru only

†

This unit cannot be powered from IT

supplies. If your supplies are of IT type, this unit must be powered by 230 V (2P+T) via an isolation transformer ratio 1:1, with the secondary connection point labelled Neutral, connected directly to earth (ground).

†

Impédance à la terre

Important! Before making connections, make sure you have the correct cord set. Check it (read the label on the cable) against the following:

Power Cord Set

U.S.A. and

The cord set must be UL-approved and CSA certified.

Canada

The minimum specifications for the flexible cord are:

- No. 18 AWG - not longer than 2 meters, or 16 AWG.

- Type SV or SJ

- 3-conductor

The cord set must have a rated current capacity of at least 10 A

The attachment plug must be an earth-grounding type with NEMA 5-15P (15 A, 125 V) or NEMA 6-15P (15 A, 250 V) configuration.

Denmark The supply plug must comply with Section 107-2-D1, Standard

DK2-1a or DK2-5a.

Switzerland The supply plug must comply with SEV/ASE 1011.

U.K. The supply plug must comply with BS1363 (3-pin 13 A) and be

fitted with a 5 A fuse which complies with BS1362.

The mains cord must be <HAR> or <BASEC> marked and be of type HO3VVF3GO.75 (minimum).

Power Cord Set

Europe The supply plug must comply with CEE7/7 (“SCHUKO”).

The mains cord must be <HAR> or <BASEC> marked and be of type HO3VVF3GO.75 (minimum).

IEC-320 receptacle.

Veuillez lire à fond l'information de la sécurité suivante avant d'installer l’appareil:

AVERTISSEMENT: L’installation et la dépose de ce groupe doivent être confiés à un

personnel qualifié.

• Ne branchez pas votre appareil sur une prise secteur (alimentation électrique) lorsqu'il n'y a pas de connexion de mise à la terre (mise à la masse).

• Vous devez raccorder ce groupe à une sortie mise à la terre (mise à la masse) afin de respecter les normes internationales de sécurité.

• Le coupleur d’appareil (le connecteur du groupe et non pas la prise murale) doit respecter une configuration qui permet un branchement sur une entrée d’appareil EN 60320/IEC 320.

• La prise secteur doit se trouver à proximité de l’appareil et son accès doit être facile. Vous ne pouvez mettre l’appareil hors circuit qu’en débranchant son cordon électrique au niveau de cette prise.

• L’appareil fonctionne à une tension extrêmement basse de sécurité qui est conforme à la norme IEC 60950. Ces conditions ne sont maintenues que si l’équipement auquel il est raccordé fonctionne dans les mêmes conditions.

France et Pérou uniquement:

Ce groupe ne peut pas être alimenté par un dispositif à impédance à la terre. Si vos alimentations sont du type impédance à la terre, ce groupe doit être alimenté par une tension de 230 V (2 P+T) par le biais d’un transformateur d’isolement à rapport 1:1, avec un point secondaire de connexion portant l’appellation Neutre et avec raccordement direct à la terre (masse).

Cordon électrique - Il doit être agréé dans le pays d’utilisation

Etats-Unis et Canada:

Le cordon doit avoir reçu l’homologation des UL et un certificat de la CSA.

Les spe'cifications minimales pour un cable flexible sont AWG No. 18, ouAWG No. 16 pour un cable de longueur infe'rieure a` 2 me'tres.

- type SV ou SJ

- 3 conducteurs

Le cordon doit être en mesure d’acheminer un courant nominal d’au moins 10 A.

La prise femelle de branchement doit être du type à mise à la terre (mise à la masse) et respecter la configuration NEMA 5-15P (15 A, 125 V) ou NEMA 6-15P (15 A, 250 V).

Danemark: La prise mâle d’alimentation doit respecter la section 107-2 D1

de la norme DK2 1a ou DK2 5a.

Cordon électrique - Il doit être agréé dans le pays d’utilisation

Suisse: La prise mâle d’alimentation doit respecter la norme SEV/ASE

1011.

Europe La prise secteur doit être conforme aux normes CEE 7/7

(“SCHUKO”)

LE cordon secteur doit porter la mention <HAR> ou <BASEC> et doit être de type HO3VVF3GO.75 (minimum).

Bitte unbedingt vor dem Einbauen des Geräts die folgenden Sicherheitsanweisungen durchlesen

WARNUNG: Die Installation und der Ausbau des Geräts darf nur durch Fachpersonal

erfolgen.

• Das Gerät sollte nicht an eine ungeerdete Wechselstromsteckdose angeschlossen werden.

• Das Gerät muß an eine geerdete Steckdose angeschlossen werden, welche die internationalen Sicherheitsnormen erfüllt.

• Der Gerätestecker (der Anschluß an das Gerät, nicht der Wandsteckdosenstecker) muß einen gemäß EN 60320/IEC 320 konfigurierten Geräteeingang haben.

• Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein. Die Stromversorgung des Geräts kann nur durch Herausziehen des Gerätenetzkabels aus der Netzsteckdose unterbrochen werden.

• Der Betrieb dieses Geräts erfolgt unter den SELV-Bedingungen (Sicherheitskleinstspannung) gemäß IEC 60950. Diese Bedingungen sind nur gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter SELV-Bedingungen betrieben werden.

(Germany):

Stromkabel. Dies muss von dem Land, in dem es benutzt wird geprüft werden:

U.S.A und Canada Der Cord muß das UL gepruft und war das CSA beglaubigt.

Das Minimum spezifikation fur der Cord sind:

- Nu. 18 AWG - nicht mehr als 2 meter, oder 16 AWG.

- Der typ SV oder SJ

- 3-Leiter

Der Cord muß haben eine strombelastbarkeit aus wenigstens 10 A

Dieser Stromstecker muß hat einer erdschluss mit der typ NEMA 5-15P (15A, 125V) oder NEMA 6-15P (15A, 250V) konfiguration.

Danemark Dieser Stromstecker muß die ebene 107-2-D1, der standard

DK2-1a oder DK2-5a Bestimmungen einhalten.

Schweiz Dieser Stromstecker muß die SEV/ASE 1011Bestimmungen

einhalten.

Europe Das Netzkabel muß vom Typ HO3VVF3GO.75

(Mindestanforderung) sein und die Aufschrift <HAR> oder <BASEC> tragen.

Der Netzstecker muß die Norm CEE 7/7 erfüllen (”SCHUKO”).

vii

viii

Contents

Chapter 1: Introduction 1-1

Package Checklist 1-2 Hardware Description 1-2

Integrated High-Gain Antenna 1-3 External Antenna Options 1-3 Ethernet Port 1-4 Power Injector Module 1-4 Receive Signal Strength Indicator (RSSI) BNC Connector 1-5 Grounding Point 1-5

Wall- and Pole-Mounting Bracket Kits 1-5 System Configuration 1-5 Features and Benefits 1-6 System Defaults 1-6

Chapter 2: Network Configuration 2-1

Access Point Topologies 2-1

Ad Hoc Wireless LAN (no Access Point or Bridge) 2-1

Infrastructure Wireless LAN 2-2

Infrastructure Wireless LAN for Roaming Wireless PCs 2-3 Bridge Link Topologies 2-4

Point-to-Point Configuration 2-4

Point-to-Multipoint Configuration 2-4

Chapter 3: Bridge Link Planning 3-1

Data Rates 3-1 Radio Path Planning 3-2

Antenna Height 3-4

Antenna Position and Orientation 3-5

Radio Interference 3-6

Weather Conditions 3-6 Ethernet Cabling 3-7 Grounding 3-7

Chapter 4: Hardware Installation 4-1

Testing Basic Link Operation 4-1 Mount the Unit 4-1

Using the Pole-Mounting Bracket 4-1

Using the Wall-Mounting Bracket 4-3 Connect External Antennas 4-4 Connect Cables to the Unit 4-5 Connect the Power Injector 4-5

Contents

Align Antennas 4-6

Chapter 5: Initial Configuration 5-1

Initial Setup through the CLI 5-1

Initial Configuration Steps 5-2

Using the Web-based Management Setup Wizard 5-3

Chapter 6: System Configuration 6-1

Advanced Configuration 6-2

System Identification 6-3 TCP / IP Settings 6-5 Radius 6-7 PPPoE Settings 6-9 Authentication 6-11 Filter Control 6-18 SNMP 6-20 Administration 6-23 System Log 6-27 Wireless Distribution System (WDS) 6-31 Bridge 6-33 Spanning Tree Protocol (STP) 6-36 RSSI 6-40

Radio Interface 6-41

Radio Settings A (802.11a) 6-42 Radio Settings G (802.11g) 6-46 Security (Bridge Mode) 6-48 Security (Access Point Mode) 6-53

Status Information 6-63

AP Status 6-63 Station Status 6-65 Event Logs 6-67

Chapter 7: Command Line Interface 7-1

Using the Command Line Interface 7-1

Accessing the CLI 7-1 Telnet Connection 7-1

Entering Commands 7-2

Keywords and Arguments 7-2 Minimum Abbreviation 7-2 Command Completion 7-2 Getting Help on Commands 7-2 Partial Keyword Lookup 7-3 Negating the Effect of Commands 7-3 Using Command History 7-3

Contents

Understanding Command Modes 7-4

Exec Commands 7-4

Configuration Commands 7-4

Command Line Processing 7-5 Command Groups 7-6 General Commands 7-6

configure 7-7

end 7-7

exit 7-7

ping 7-8

reset 7-9

show history 7-9

show line 7-10 System Management Commands 7-10

country 7-11

prompt 7-12

system name 7-12

username 7-13

password 7-13

ip http port 7-14

ip http server 7-14

show system 7-15

show version 7-15 System Logging Commands 7-16

logging on 7-16

logging host 7-17

logging console 7-17

logging level 7-18

logging facility-type 7-18

show logging 7-19 System Clock Commands 7-20

sntp-server ip 7-20

sntp-server enable 7-21

sntp-server date-time 7-21

sntp-server daylight-saving 7-22

sntp-server timezone 7-22

show sntp 7-23 SNMP Commands 7-24

snmp-server community 7-24

snmp-server contact 7-25

snmp-server enable server 7-25

snmp-server host 7-26

snmp-server location 7-27

show snmp 7-27 Flash/File Commands 7-28

Contents

bootfile 7-28 copy 7-29 delete 7-30 dir 7-30

RADIUS Client 7-31

radius-server address 7-32 radius-server port 7-32 radius-server key 7-33 radius-server retransmit 7-33 radius-server timeout 7-34 show radius 7-34

Authentication 7-35

802.1x 7-35

802.1x broadcast-key-refresh-rate 7-36

802.1x session-key-refresh-rate 7-37

802.1x session-timeout 7-38

802.1x supplicant 7-38 address filter default 7-39 address filter entry 7-40 address filter delete 7-40 mac-authentication server 7-41 mac-authentication session-timeout 7-41 show authentication 7-42

WDS Commands 7-42

wds channel 7-43 wds mac-address 7-43 wds enable 7-44 show wds 7-44

Bridge Commands 7-46

bridge timeout 7-46 bridge stp-bridge spanning-tree 7-47 bridge stp-bridge forward-time 7-47 bridge stp-bridge hello-time 7-48 bridge stp-bridge max-age 7-48 bridge stp-bridge priority 7-49 bridge stp-port path-cost 7-50 bridge stp-port priority 7-50 bridge stp-port portfast 7-51 bridge stp-port spanning-disabled 7-52 show bridge 7-52

Filtering Commands 7-53

filter local-bridge 7-53 filter ap-manage 7-54 filter ethernet-type enable 7-54 filter ethernet-type protocol 7-55

xii

Contents

show filters 7-56 PPPoE Commands 7-56

ip pppoe 7-57

pppoe ip allocation mode 7-57

pppoe ipcp dns 7-58

pppoe lcp echo-interval 7-58

pppoe lcp echo-failure 7-59

pppoe local ip 7-60

pppoe remote ip 7-60

pppoe username 7-61

pppoe password 7-61

pppoe service-name 7-62

pppoe restart 7-62

show pppoe 7-63 Ethernet Interface Commands 7-63

interface ethernet 7-64

dns server 7-64

ip address 7-65

ip dhcp 7-66

shutdown 7-66

show interface ethernet 7-67 Wireless Interface Commands 7-68

interface wireless 7-69

description 7-69

ssid 7-70

closed-system 7-70

speed 7-71

channel 7-71

turbo 7-72

beacon-interval 7-72

dtim-period 7-73

fragmentation-length 7-74

rts-threshold 7-74

transmit-power 7-75

max-association 7-76

authentication 7-76

encryption 7-77

key 7-78

transmit-key 7-79

multicast-cipher 7-80

wpa-clients 7-81

wpa-mode 7-82

wpa-preshared-key 7-82

wpa-psk-type 7-83

shutdown 7-84

xiii

Contents

show interface wireless 7-84 show station 7-85

IAPP Commands 7-86

iapp 7-86

VLAN Commands 7-86

vlan 7-87 native-vlanid 7-87

Appendix A: Troubleshooting A-1

Appendix B: Specifications B-1

General Specifications B-1 Antenna Specifications B-3

17 dBi Integrated Panel B-3

Appendix C: Cables and Pinouts C-1

Twisted-Pair Cable Assignments C-1

10/100BASE-TX Pin Assignments C-2 Straight-Through Wiring C-2 Crossover Wiring C-3

8-Pin DIN Connector Pinout C-3

8-Pin DIN to RJ-45 Cable Wiring C-4

Glossary

Index

xiv

Chapter 1: Introduction

The Dual-band Outdoor Access Point / Bridge system consists of two models that provide point-to-point or point-to-multipoint bridge links between remote Ethernet LANs, and wireless access point services for clients in the local LAN area:

• BAT54 – Includes an integrated high-gain antenna for the 802.11a radio and is

designed to operate as a “Slave” bridge in point-to-multipoint configurations, or

provide a high-speed point-to-point wireless link between two sites that can be up

to 15.4 km (9.6 miles) apart. The 802.11b/g radio requires an external antenna

option.

• BAT54M – Provides only external antenna options and is designed to operate as

the “Master” bridge in point-to-multipoint configurations, supporting wireless bridge

connections to as many as 16 BAT54 Slave units.

Each model is housed in a weatherproof enclosure for mounting outdoors and includes its own brackets for attaching to a wall, pole, radio mast, or tower structure. The unit is powered through its Ethernet cable connection from a power injector module that is installed indoors.

The wireless bridge system offers a fast, reliable, and cost-effective solution for connectivity between remote Ethernet wired LANs or to provide Internet access to an isolated site. The system is also easy to install and operate, ideal for situations where a wired link may be difficult or expensive to deploy. The wireless bridge connection provides data rates of up to 108 Mbps.

In addition, both wireless bridge models offer full network management capabilities through an easy-to-use web interface, a command-line interface, and support for Simple Network Management Protocol (SNMP) tools.

Radio Characteristics – The IEEE 802.11a and 802.11g standards use a radio modulation technique known as Orthogonal Frequency Division Multiplexing (OFDM), and a shared collision domain (CSMA/CA). The 802.11a standard operates in the 5 GHz Unlicensed National Information Infrastructure (UNII) band, and the

802.11g standard in the 2.4 GHz band.

IEEE 802.11g includes backward compatibility with the IEEE 802.11b standard. IEEE 802.11b also operates at 2.4 GHz, but uses Direct Sequence Spread Spectrum (DSSS) and Complementary Code Keying (CCK) modulation technology to achieve a communication rate of up to 11 Mbps.

The wireless bridge provides a 54 Mbps half-duplex connection for each active channel (up to 108 Mbps in turbo mode on the 802.11a interface).

1-1

Introduction

Package Checklist

The Dual-band Outdoor Access Point / Bridge package includes:

• One Dual-band Outdoor Access Point / Bridge (BAT54 or BAT54M)

• One Category 5 network cable, length 164 ft (50 m)

• One power injector module and power cord

• Outdoor pole-mounting bracket kit

• This User Guide

• Optional: One N-type RF coaxial cable (two for BAT54M)

• Optional: Outdoor wall-mounting bracket kit

Inform your dealer if there are any incorrect, missing or damaged parts. If possible, retain the carton, including the original packing materials. Use them again to repack the product in case there is a need to return it.

Hardware Description

Bottom View

Ethernet Port

Top View (BAT54)

RSSI Connector with

Protective Cap

Grounding Point

Screw

Integrated Antenna

N-Type External

Antenna Connector

(2.4 GHz)

1-2

N-Type External

Antenna Connector

(2.4 GHz)

Top View (BAT54M)

Hardware Description

N-Type External

Antenna Connector

(2.4 GHz)

N-Type External

Antenna Connector

(5 GHz)

Integrated High-Gain Antenna

The BAT54 wireless bridge includes an integrated high-gain (17 dBi) flat-panel antenna for 5 GHz operation. The antenna can provide a direct line-of-sight link up to 15.4 km (9.6 miles) with a 6 Mbps data rate.

External Antenna Options

The BAT54M Master bridge unit does not include an integrated antenna, but provides various external antenna options for both 5 GHz and 2.4 GHz operation. In a point-to-multipoint configuration, an external high-gain omnidirectional, sector, or high-gain panel antenna can be attached to communicate with bridges spread over a wide area. The BAT54 and BAT54M units both require the 2.4 GHz 8 dBi omnidirectional external antenna for 2.4 GHz operation. The following table summarizes the external antenna options:

Antenna Type Gain (dBi) HPBW*

5 GHz Omnidirectional 8 360 12 Linear, vertical 3.3 km at 6 Mbps

5 GHz 120-Degree Sector 14 120 6 Linear, vertical 10.3 km at 6 Mbps

5 GHz 60-Degree Sector 17 60 6 Linear, vertical 14 km at 6 Mbps

5 GHz High-Gain Panel 23 9 9 Linear 24.4 km at 6 Mbps

2.4 GHz Omnidirectional 8 360 15 Linear, vertical 7.6 km at 6 Mbps

* Half-power beam width in degrees

External antennas connect to the N-type RF connectors on the wireless bridge using the provided coaxial cables.

Horizontal

HPBW* Vertical

Polarization Max Range/Speed

1-3

Introduction

Ethernet Port

The wireless bridge has one 10BASE-T/100BASE-TX 8-pin DIN port that connects to the power injector module using the included Ethernet cable. The Ethernet port connection provides power to the wireless bridge as well as a data link to the local network.

The wireless bridge appears as an Ethernet node and performs a bridging function by moving packets from the wired LAN to the remote end of the wireless bridge link.

Note: The power injector module does not support Power over Ethernet (PoE) based on

the IEEE 802.3af standard. The wireless bridge unit must always be powered on by being connected to the power injector module.

Power Injector Module

The wireless bridge receives power through its network cable connection using power-over-Ethernet technology. A power injector module is included in the wireless bridge package and provides two RJ-45 Ethernet ports, one for connecting to the wireless bridge (Output), and the other for connecting to a local LAN switch (Input).

The Input port uses an MDI (i.e., internal straight-through) pin configuration. You can therefore use straight-through twisted-pair cable to connect this port to most network interconnection devices such as a switch or router that provide MDI-X ports. However, when connecting the access point to a workstation or other device that does not have MDI-X ports, you must use crossover twisted-pair cable.

Ethernet from

Local Network

LED Indicator

Input Output

Ethernet and Power to

Wireless Bridge

AC Power Socket

(Hidden)

The wireless bridge does not have a power switch. It is powered on when its Ethernet port is connected to the power injector module, and the power injector module is connected to an AC power source. The power injector includes one LED indicator that turns on when AC power is applied.

1-4

System Configuration

The power injector module automatically adjusts to any AC voltage between 100-240 volts at 50 or 60 Hz. No voltage range settings are required.

Warning: The power injector module is designed for indoor use only. Never mount the

power injector outside with the wireless bridge unit.

Receive Signal Strength Indicator (RSSI) BNC Connector

The RSSI connector provides an output voltage that is proportional to the received radio signal strength. A DC voltmeter can be connected the this port to assist in aligning the antennas at both ends of a wireless bridge link.

Grounding Point

Even though the wireless bridge includes its own built-in lightning protection, it is important that the unit is properly connected to ground. A grounding screw is provided for attaching a ground wire to the unit.

Wall- and Pole-Mounting Bracket Kits

The wireless bridge includes bracket kits that can be used to mount the bridge to a wall, pole, radio mast, or part of a tower structure.

System Configuration

At each location where a unit is installed, it must be connected to the local network using the power injector module. The following figure illustrates the system component connections.

External Antenna

Indoor Outdoor

LAN Switch

Ethernet Cable Ethernet Cable

Power Injector

RF Coaxial Cable

Wireless Bridge Unit

AC Power

Ground Wire

1-5

Introduction

Features and Benefits

• BAT54 Slave units support a 5 GHz point-to-point wireless link up 15.4 km (at 6 Mbps data rate) using integrated high-gain 17 dBi antennas

• BAT54M Master units support 5 GHz point-to-multipoint links using various external antenna options

• Both BAT54 and BAT54M units also support access point services for the 5 GHz and 2.4 GHz radios using various external antenna options

• Maximum data rate up to 108 Mbps on the 802.11a (5 GHz) radio

• Outdoor weatherproof design

• IEEE 802.11a and 802.11b/g compliant

• Local network connection via 10/100 Mbps Ethernet port

• Powered through its Ethernet cable connection to the power injector module

• Includes wall- and pole-mount brackets

• Security through 64/128/152-bit Wired Equivalent Protection (WEP) or 128-bit Advanced Encryption Standard (AES) encryption

• Scans all available channels and selects the best channel and data rate based on the signal-to-noise ratio

• Manageable through an easy-to-use web-browser interface, command line (via Telnet), or SNMP network management tools

System Defaults

The following table lists some of the wireless bridge’s basic system defaults. To reset the bridge defaults, use the CLI command “reset configuration” from the Exec level prompt.

Feature Parameter Default

Identification System Name Dual Band Outdoor AP

Administration User Name admin

Password private

General HTTP Server Enabled

HTTP Server Port 80

TCP/IP IP Address 192.168.1.1

Subnet Mask 255.255.255.0

Default Gateway 0.0.0.0

Primary DNS IP 0.0.0.0

Secondary DNS IP 0.0.0.0

1-6

Feature Parameter Default

VLANs Status Disabled

Native VLAN ID 1

Filter Control Ethernet Type Disabled

SNMP Status Enabled

Location null

Contact Contact

Community (Read Only) Public

Community (Read/Write) Private

Traps Enabled

Trap Destination IPAddress null

Trap Destination Community Name Public

System Defaults

System Logging Syslog Disabled

Logging Host Disabled

Logging Console Disabled

IP Address / Host Name 0.0.0.0

Logging Level Informational

Logging Facility Type 16

Spanning Tree Status Enabled

Ethernet Interface Speed and Duplex Auto

WDS Bridging Outdoor Bridge Band A (802.11a)

Wireless Interface

802.11a

Status Enabled

SSID DualBandOutdoor

Turbo Mode Disabled

Radio Channel Default to first channel

Auto Channel Select Enabled

Transmit Power Full

Maximum Data Rate 54 Mbps

Beacon Interval 100 TUs

Data Beacon Rate (DTIM Interval) 2 beacons

RTS Threshold 2347 bytes

1-7

Introduction

Feature Parameter Default

Wireless Security

802.11a

Wireless Interface

802.11b/g

Authentication Type Open System

AES Encryption Disabled

WEP Encryption Disabled

WEP Key Length 128 bits

WEP Key Type Hexadecimal

WEP Transmit Key Number 1

Status Enabled

SSID DualBandOutdoor

Radio Channel Default to first channel

Auto Channel Select Enabled

Transmit Power Full

Maximum Data Rate 54 Mbps

Beacon Interval 100 TUs

Data Beacon Rate (DTIM Interval) 2 beacons

RTS Threshold 2347 bytes

Wireless Security

802.11b/g

Authentication Type Open System

AES Encryption Disabled

WEP Encryption Disabled

WEP Key Length 128 bits

WEP Key Type Hexadecimal

WEP Transmit Key Number 1

WEP Keys null

1-8

Chapter 2: Network Configuration

The Dual-band Outdoor Access Point / Bridge system provides access point or bridging services through either the 5 GHz or 2.4 GHz radio interfaces.

The wireless bridge units can be used just as normal 802.11a/b/g access points connected to a local wired LAN, providing connectivity and roaming services for wireless clients in an outdoor area. Units can also be used purely as bridges connecting remote LANs. Alternatively, you can employ both access point and bridging functions together, offering a flexible and convenient wireless solution for many applications.

This chapter describes the role of wireless bridge in various wireless network configurations.

Access Point Topologies

Wireless networks support a stand-alone wireless configuration as well as an integrated configuration with 10/100 Mbps Ethernet LANs.

Wireless network cards, adapters, and access points can be configured as:

• Ad hoc for departmental, SOHO, or enterprise LANs

• Infrastructure for wireless LANs

• Infrastructure wireless LAN for roaming wireless PCs

The 802.11b and 802.11g frequency band, which operates at 2.4 GHz, can easily encounter interference from other 2.4 GHz devices, such as other 802.11b or g wireless devices, cordless phones and microwave ovens. If you experience poor wireless LAN performance, try the following measures:

• Limit any possible sources of radio interference within the service area

• Increase the distance between neighboring access points

• Increase the channel separation of neighboring access points (e.g., up to 3

channels of separation for 802.11b or up to 5 channels for 802.11g)

Ad Hoc Wireless LAN (no Access Point or Bridge)

An ad hoc wireless LAN consists of a group of computers, each equipped with a wireless adapter, connected through radio signals as an independent wireless LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel.

2-1

Network Configuration

Ad Hoc Wireless LAN

Notebook with Wireless USB Adapter

Notebook with Wireless PC Card

PC with Wireless PCI Adapter

Infrastructure Wireless LAN

The access point function of the wireless bridge provides access to a wired LAN for

802.11a/b/g wireless workstations. An integrated wired/wireless LAN is called an

Infrastructure configuration. A Basic Service Set (BSS) consists of a group of wireless PC users and an access point that is directly connected to the wired LAN. Each wireless PC in a BSS can connect to any computer in its wireless group or access other computers or network resources in the wired LAN infrastructure through the access point.

The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN, but also increases the effective wireless transmission range for wireless PCs by passing their signals through one or more access points.

A wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure.

Wired LAN Extension to Wireless Clients

Server

Desktop PC

Notebook with Wireless

Switch

PC with Wireless PCI Adapter

PC Card Adapter

Access Point

2-2

Access Point Topologies

Infrastructure Wireless LAN for Roaming Wireless PCs

The Basic Service Set (BSS) defines the communications domain for each access point and its associated wireless clients. The BSS ID is a 48-bit binary number based on the access point’s wireless MAC address, and is set automatically and transparently as clients associate with the access point. The BSS ID is used in frames sent between the access point and its clients to identify traffic in the service area.

The BSS ID is only set by the access point, never by its clients. The clients only need to set the Service Set Identifier (SSID) that identifies the service set provided by one or more access points. The SSID can be manually configured by the clients, can be detected in an access point’s beacon, or can be obtained by querying for the identity of the nearest access point. For clients that do not need to roam, set the SSID for the wireless card to that used by the access point to which you want to connect.

A wireless infrastructure can also support roaming for mobile workers. More than one access point can be configured to create an Extended Service Set (ESS). By placing the access points so that a continuous coverage area is created, wireless users within this ESS can roam freely. All wireless network card adapters and wireless access points within a specific ESS must be configured with the same SSID.

Desktop PC

PC with Wireless PCI Adapter

Switch

Access Point

Seamless Roaming for Wireless Clients

Server

Switch

Notebook with Wireless PC Card Adapter

<BSS1>

Notebook with Wireless PC Card Adapter

Access Point

<BSS2>

<ESS>

2-3

Network Configuration

Bridge Link Topologies

The IEEE 802.11 standard defines a WIreless Distribution System (WDS) for bridge connections between BSS areas (access points). The outdoor wireless bridge uses WDS to forward traffic on links between units. Up to 16 WDS links can be specified for a BAT54M unit, which acts as the “Master” in the wireless bridge network. BAT54 units support only one WDS link, which must be to the network’s master unit.

The BAT54M and BAT54 support WDS bridge links on either the 5 GHz (802.11a) or

2.4 GHz (802.11b/g) bands and can be used with various external antennas to offer

flexible deployment options.

Note: The external antennas offer longer range options using the 5 GHz radio, which

makes this interface more suitable for bridge links. The 2.4 GHz radio has only the 8 dBi omnidirectional antenna option, which is better suited for local access point services.

When using WDS on a radio band, only wireless bridge units can associate to each other. Wireless clients can only associate with the wireless bridge using a radio band set to access point mode.

Point-to-Point Configuration

Two BAT54 bridges can form a wireless point-to-point link using their 5 GHz (802.11a) integrated antennas. A point-to-point configuration can provide a limited data rate (6 Mbps) link over a long range (up to 15.4 km), or a high data rate (108 Mbps) over a short range (1.3 km).

MRW55

LAN

up to 15.4 km at 6 Mbps

MRW55

LAN

Point-to-Multipoint Configuration

A BAT54M wireless bridge can use an omnidirectional or sector antenna to connect to as many as 16 bridges in a point-to-multipoint configuration. There can only be one BAT54M “Master” unit in the wireless bridge network, all other bridges must be BAT54 “Slave” units.

Using the 5 GHz 8 dBi omnidirectional external antenna, the Master unit can connect to Slave units up to 3.3 km (2 miles) away. Using the 13.5 dBi 120-degree sector antenna, the Master can connect to Slave units up to 10.3 km (6.4 miles) away.

2-4

Bridge Link Topologies

BAT54

Sl a v e

BAT54

Sl a v e

BAT54

Sl a v e

BAT54M

Master with

Omnidirect ional

Antenna

BAT54

Sl a v e

BAT54

Sl a v e

BAT54

Sl a v e

BAT54

Sl a v e

BAT54M

Master with

Sector Antenna

BAT54

Sl a v e

BAT54

2-5

Network Configuration

2-6

Chapter 3: Bridge Link Planning

The Dual-band Outdoor Access Point / Bridge supports fixed point-to-point or point-to-multipoint wireless links. A single link between two points can be used to connect a remote site to larger core network. Multiple bridge links can provide a way to connect widespread Ethernet LANs.

For each link in a wireless bridge network to be reliable and provide optimum performance, some careful site planning is required. This chapter provides guidance and information for planning your wireless bridge links.

Note: The planning and installation of the wireless bridge requires professional

personnel that are trained in the installation of radio transmitting equipment. The user is responsible for compliance with local regulations concerning items such as antenna power, use of lightning arrestors, grounding, and radio mast or tower construction. Therefore, it is recommended to consult a professional contractor knowledgeable in local radio regulations prior to equipment installation.

Data Rates

Using its 5 GHz integrated antenna, the BAT54 Slave bridge can operate over a range of up to 15.4 km (9.6 miles) or provide a high-speed connection of 54 Mbps (108 Mbps in turbo mode). However, the maximum data rate for a link decreases as the operating range increases. A 15.4 km link can only operate up to 6 Mbps, whereas a 108 Mbps connection is limited to a range of 1.3 km.

When you are planning each wireless bridge link, take into account the maximum distance and data rates for the various antenna options. A summary for 5 GHz (802.11a) antennas is provided in the following table. For full specifications for each antenna, see “Antenna Specifications” on page B-3.

Distances Achieved Using Normal Mode

Data Rate 17 dBi

Integrated

6 Mbps 15.4 km 3.3 km 10.3 km 14 km 24.4 km

9 Mbps 14.7 km 2.9 km 9.2 km 13.4 km 23.3 km

12 Mbps 14 km 2.6 km 8.2 km 12.8 km 22.2 km

18 Mbps 12.8 km 2.1 km 6.5 km 11.7 km 20.3 km

24 Mbps 11.1 km 1.5 km 4.6 km 9.2 km 17.7 km

36 Mbps 6.5 km 0.8 km 2.6 km 5.2 km 14 km

8 dBi Omni 13.5 dBi

120-Degree Sector

16.5 dBi 60-Degree Sector

23 dBi Panel

3-1

Bridge Link Planning

Distances Achieved Using Normal Mode

Data Rate 17 dBi

Integrated

48 Mbps 2.9 km 0.4 km 1.2 km 2.3 km 9.2 km

54 Mbps 1.8 km 0.2 km 0.7 km 1.5 km 5.8 km

Distances provided in this table are an estimate for a typical deployment and may be reduced by local regulatory limits. For accurate distances, you need to calculate the power link budget for your specific environment.

Data Rate 17 dBi

Integrated

12 Mbps 13.4 km 2.3 km 7.3 km 12.2 km 21.2 km

18 Mbps 12.8 km 2.1 km 6.5 km 11.7 km 20.3 km

24 Mbps 12.2 km 1.8 km 5.8 km 11.1 km 19.4 km

36 Mbps 11.1 km 1.5 km 4.6 km 9.2 km 17.7 km

8 dBi Omni 13.5 dBi

120-Degree Sector

Distances Achieved Using Turbo Mode

8 dBi Omni 13.5 dBi

120-Degree Sector

16.5 dBi 60-Degree Sector

23 dBi Panel

48 Mbps 8.2 km 1 km 3.3 km 6.5 km 15.4 km

72 Mbps 4.6 km 0.6 km 1.8 km 3.7 km 12.2 km

96 Mbps 2.1 km 0.3 km 0.8 km 1.6 km 6.5 km

108 Mbps 1.3 km 0.2 km 0.5 km 1 km 4.1 km

Radio Path Planning

Although the wireless bridge uses IEEE 802.11a radio technology, which is capable of reducing the effect of multipath signals due to obstructions, the wireless bridge link requires a “radio line-of-sight” between the two antennas for optimum performance.

The concept of radio line-of-sight involves the area along a radio link path through which the bulk of the radio signal power travels. This area is known as the first Fresnel Zone of the radio link. For a radio link not to be affected by obstacles along its path, no object, including the ground, must intrude within 60% of the first Fresnel Zone.

3-2

Radio Path Planning

The following figure illustrates the concept of a good radio line-of-sight.

Visual Line of Sight

If there are obstacles in the radio path, there may still be a radio link but the quality and strength of the signal will be affected. Calculating the maximum clearance from objects on a path is important as it directly affects the decision on antenna placement and height. It is especially critical for long-distance links, where the radio signal could easily be lost.

Radio Line of Sight

Note: For wireless links less than 500 m, the IEEE 802.11a radio signal will tolerate

some obstacles in the path and may not even require a visual line of sight between the antennas.

When planning the radio path for a wireless bridge link, consider these factors:

• Avoid any partial line-of-sight between the antennas.

• Be cautious of trees or other foliage that may be near the path, or may grow and

obstruct the path.

• Be sure there is enough clearance from buildings and that no building construction

may eventually block the path.

• Check the topology of the land between the antennas using topographical maps,

aerial photos, or even satellite image data (software packages are available that may include this information for your area)

• Avoid a path that may incur temporary blockage due to the movement of cars,

trains, or aircraft.

3-3

Bridge Link Planning

Antenna Height

A reliable wireless link is usually best achieved by mounting the antennas at each end high enough for a clear radio line of sight between them. The minimum height required depends on the distance of the link, obstacles that may be in the path, topology of the terrain, and the curvature of the earth (for links over 3 miles).

For long-distance links, a mast or pole may need to be contsructed to attain the minimum required height. Use the following table to estimate the required minimum clearance above the ground or path obstruction (for 5 GHz bridge links).

Total Link Distance Max Clearance for

60% of First Fresnel Zone at 5.8 GHz

0.25 mile (402 m) 4.5 ft (1.4 m) 0 4.5 ft (1.4 m)

0.5 mile (805 m) 6.4 ft (1.95 m) 0 6.4 ft (1.95 m)

1 mile (1.6 km) 9 ft (2.7 m) 0 9 ft (2.7 m)

2 miles (3.2 km) 12.7 ft (3.9 m) 0 12.7 ft (3.9 m)

3 miles (4.8 km) 15.6 ft (4.8 m) 1.8 ft (0.5 m) 17.4 ft (5.3 m)

4 miles (6.4 km) 18 ft (5.5 m) 3.2 ft (1.0 m) 21.2 ft (6.5 m)

5 miles (8 km) 20 ft (6.1 m) 5 ft (1.5 m) 25 ft (7.6 m)

7 miles (11.3 km) 24 ft (7.3 m) 9.8 ft (3.0 m) 33.8 ft (10.3 m)

9 miles (14.5 km) 27 ft (8.2 m) 16 ft (4.9 m) 43 ft (13.1 m)

12 miles (19.3 km) 31 ft (9.5 m) 29 ft (8.8 m) 60 ft (18.3 m)

15 miles (24.1 km) 35 ft (10.7 m) 45 ft (13.7 m) 80 ft (24.4 m)

17 miles (27.4 km) 37 ft (11.3 m) 58 ft (17.7 m) 95 ft (29 m)

Approximate Clearance for Earth Curvature

Total Clearance Required at Mid-point of Link

Note that to avoid any obstruction along the path, the height of the object must be added to the minimum clearance required for a clear radio line-of-sight. Consider the following simple example, illustrated in the figure below.

3-4

Radio Path Planning

Radio Line of Sight

1.4 m

12 m

2.4 m

20 m

Visual Line of Sight

3 miles (4.8 km)

5.4 m

17 m

A wireless bridge link is deployed to connect building A to a building B, which is located three miles (4.8 km) away. Mid-way between the two buidings is a small tree-covered hill. From the above table it can be seen that for a three-mile link, the object clearance required at the mid-point is 5.3 m (17.4 ft). The tree-tops on the hill are at an elevation of 17 m (56 ft), so the antennas at each end of the link need to be at least 22.3 m (73 ft) high. Building A is six stories high, or 20 m (66 ft), so a 2.3 m (7.5 ft) mast or pole must be contructed on its roof to achieve the required antenna height. Building B is only three stories high, or 9 m (30 ft), but is located at an elevation that is 12 m (39 ft) higher than bulding A. To mount an anntena at the required height on building B, a mast or pole of only 1.3 m (4.3 ft) is needed.

Warning: Never construct a radio mast, pole, or tower near overhead power lines.

Note: Local regulations may limit or prevent construction of a high radio mast or tower. If

your wireless bridge link requires a high radio mast or tower, consult a professional contractor for advice.

Antenna Position and Orientation

Once the required antenna height has been determined, other factors affecting the precise position of the wireless bridge must be considered:

• Be sure there are no other radio antennas within 2 m (6 ft) of the wireless bridge

• Place the wireless bridge away from power and telephone lines

• Avoid placing the wireless bridge too close to any metallic reflective surfaces, such

as roof-installed air-conditioning equipment, tinted windows, wire fences, or water pipes

• The wireless bridge antennas at both ends of the link must be positioned with the

same polarization direction, either horizontal or vertical

Antenna Polarization — The wireless bridge’s integrated antenna sends a radio signal that is polarized in a particular direction. The antenna’s receive sensitivity is also higher for radio signals that have the same polarization. To maximize the performance of the wireless link, both antennas must be set to the same polarization

3-5

Bridge Link Planning

direction. The antenna polarization is marked on the wireless bridge, as indicated in the following figure.

Radio Interference

The avoidance of radio interference is an important part of wireless link planning. Interference is caused by other radio transmissions using the same or an adjacent channel frequency. You should first scan your proposed site using a spectrum analyzer to determine if there are any strong radio signals using the 802.11a channel frequencies. Always use a channel frequency that is furthest away from another signal.

If radio interference is still a problem with your wireless bridge link, changing the antenna polarization direction may improve the situation.

Weather Conditions

When planning wireless bridge links, you must take into account any extreme weather conditions that are known to affect your location. Consider these factors:

• Temperature — The wireless bridge is tested for normal operation in temperatures from -33°C to 55°C. Operating in temperatures outside of this range may cause the unit to fail.

• Wind Velocity — The wireless bridge can operate in winds up to 90 MPH and survive higher wind speeds up to 125 MPH. You must consider the known maximum wind velocity and direction at the site and be sure that any supporting structure, such as a pole, mast, or tower, is built to withstand this force.

• Lightning — The wireless bridge includes its own built-in lightning protection. However, you should make sure that the unit, any supporting structure, and cables are all properly grounded. Additional protection using lightning rods, lightning arrestors, or surge suppressors may also be employed.

• Rain — The wireless bridge is weatherproofed against rain. Also, prolonged heavy rain has no significant effect on the radio signal. However, it is recommended to apply weatherproof sealing tape around the Ethernet port and antenna connectors for extra protection. If moisture enters a connector, it may cause a degradation in performance or even a complete failure of the link.

3-6

Ethernet Cabling

• Snow and Ice — Falling snow, like rain, has no significant effect on the radio

signal. However, a build up of snow or ice on antennas may cause the link to fail. In this case, the snow or ice has to be cleared from the antennas to restore operation of the link.

Ethernet Cabling

When a suitable antenna location has been determined, you must plan a cable route form the wireless bridge outdoors to the power injector module indoors. Consider these points:

• The Ethernet cable length should never be longer than 100 m (328 ft)

• Determine a building entry point for the cable

• Determine if conduits, bracing, or other structures are required for safety or

protection of the cable

• For lightning protection at the power injector end of the cable, consider using a

lightning arrestor immediately before the cable enters the building

Grounding

It is important that the wireless bridge, cables, and any supporting structures are properly grounded. The wireless bridge unit includes a grounding screw for attaching a ground wire. Be sure that grounding is available and that it meets local and national electrical codes.

3-7

Bridge Link Planning

3-8

Chapter 4: Hardware Installation

Before mounting antennas to set up your wireless bridge links, be sure you have selected appropriate locations for each antenna. Follow the guidance and information in Chapter 2, “Wireless Link Planning.”

Also, before mounting units in their intended locations, you should first perform initial configuration and test the basic operation of the wireless bridge links in a controlled environment over a very short range. (See the section “Testing Basic Link Operation” in this chapter.)

The wireless bridge includes its own bracket kit for mounting the unit to a 1.5 to 2 inch diameter steel pole or tube. The pole-mounting bracket allows the unit to be mounted to part of a radio mast or tower structure. The unit also has a wall-mounting bracket kit that enables it to be fixed to a building wall or roof when using external antennas.

Hardware installation of the wireless bridge involves these steps:

1. Mount the unit on a wall, pole, mast, or tower using the mounting bracket.

2. Mount external antennas on the same supporting structure as the bridge and

connect them to the bridge unit.

3. Connect the Ethernet cable and a grounding wire to the unit.

4. Connect the power injector to the Ethernet cable, a local LAN switch, and an

AC power source.

5. Align antennas at both ends of the link.

Testing Basic Link Operation

Set up the units over a very short range (15 to 25 feet), either outdoors or indoors. Connect the units as indicated in this chapter and be sure to perform all the basic configuration tasks outlined in Chapter 4, “Initial Configuration.” When you are satisfied that the links are operating correctly, proceed to mount the units in their intended locations.

Mount the Unit

Using the Pole-Mounting Bracket

Perform the following steps to mount the unit to a 1.5 to 2 inch diameter steel pole or tube using the mounting bracket:

1. Always attach the bracket to a pole with the open end of the mounting grooves

facing up.

4-1

Hardware Installation

2. Place the U-shaped part of the bracket around the pole and tighten the securing

nut just enough to hold the bracket to the pole. (The bracket may need to be rotated around the pole during the alignment process.)

Attach bracket to pole with mounting grooves facing up

3. Use the included nuts to tightly secure the wireless bridge to the bracket. Be

sure to take account of the antenna polarization direction; both antennas in a link must be mounted with the same polarization.

Antenna Polarization Direction

4-2

Mount the Unit

Mounting on Larger Diameter Poles

In addition, there is a method for attaching the pole-mounting bracket to a pole that is 2 to 5 inches in diameter using an adjustable steel band clamp (not included in the kit). A steel band clamp up to 0.5 inch (1.27 cm) wide can be threaded through the main part of the bracket to secure it to a larger diameter pole without using the U-shaped part of the bracket. This method is illustrated in the following figure.

Steel Band Clamp

Using the Wall-Mounting Bracket

Perform the following steps to mount the unit to a wall using the wall-mounting bracket:

Note: The wall-mounting bracket does not allow the wireless bridge’s intrgrated antenna

to be aligned. It is intended for use with the unit using an external antenna.

1. Always attach the bracket to a wall with the open end of the mounting grooves

facing up (see following figure).

Mounting Grooves

4-3

Hardware Installation

2. Position the bracket in the intended location and mark the position of the three

mounting screw holes.

3. Drill three holes in the wall that match the screws and wall plugs included in the

bracket kit, then secure the bracket to the wall.

4. Use the included nuts to tightly secure the wireless bridge to the bracket.

Connect External Antennas

When deploying a BAT54M Master bridge unit for a bridge link or access point operation, you need to mount external antennas and connect them to the bridge. Typically, a bridge link requires a 5 GHz antenna, and access point operation a

2.4 GHz antenna. BAT54 Slave units also require an external antenna for 2.4 GHz

operation.

Perform these steps:

1. Mount the external antenna to the same supporting structure as the bridge,

within 3 m (10 ft) distance, using the bracket supplied in the antenna package.

2. Connect the antenna to the bridge’s N-type connector using the RF coaxial

cable provided in the antenna package.

3. Apply weatherproofing tape to the antenna connectors to help prevent water

entering the connectors.

5 GHz External High-gain Panel Antenna

2.4 GHz External Omnidirectional Antenna

BAT54M

2.4 GHz N-type Connector

5 GHz N-type Connector

4-4

RF Coaxial Cable

Connect Cables to the Unit

1. Attach the Ethernet cable to the Ethernet port on the wireless bridge.

Note: The Ethernet cable included with the package is 30 m (100 ft) long. To wire a

longer cable (maximum 100 m, 325 ft), use the connector pinout information in Appendix B.

2. For extra protection against rain or moisture, apply weatherproofing tape (not

included) around the Ethernet connector.

3. Be sure to ground the unit with an appropriate grounding wire (not included) by

attaching it to the grounding screw on the unit.

Caution: Be sure that grounding is available and that it meets local and national

electrical codes. For additional lightning protection, use lightning rods, lightning arrestors, or surge suppressors.

Ethernet Cable

Ground Wire

Connect the Power Injector

To connect the wireless bridge to a power source:

Caution: Do not install the power injector outdoors. The unit is for indoor installation only.

Note: The wireless bridge’s Ethernet port does not support Power over Ethernet (PoE)

based on the IEEE 802.3af standard. Do not try to power the unit by connecting it directly to a network switch that provides IEEE 802.3af PoE. Always connect the unit to the included power injector module.

1. Connect the Ethernet cable from the wireless bridge to the RJ-45 port labeled

“Output” on the power injector.

2. Connect a straight-through unshielded twisted-pair (UTP) cable from a local

LAN switch to the RJ-45 port labeled “Input” on the power injector. Use Category 5 or better UTP cable for 10/100BASE-TX connections.

Note: The RJ-45 port on the power injector is an MDI port. If connecting directly to a

computer for testing the link, use a crossover cable.

4-5

Hardware Installation

Ethernet cable from LAN switch

AC power

Input

utput

Power LED indicator

Ethernet cable to wireless bridge

3. Insert the power cable plug directly into the standard AC receptacle on the

power injector.

4. Plug the other end of the power cable into a grounded, 3-pin socket, AC power

source.

Note: For International use, you may need to change the AC line cord. You must use a

line cord set that has been approved for the receptacle type in your country.

5. Check the LED on top of the power injector to be sure that power is being

supplied to the wireless bridge through the Ethernet connection.

Align Antennas

After wireless bridge units have been mounted, connected, and their radios are operating, the antennas must be accurately aligned to ensure optimum performance on the bridge links. This alignment process is particularly important for long-range point-to-point links. In a point-to-multipoint configuration the Master bridge uses an omnidirectional or sector antenna, which does not require alignment, but Slave bridges still need to be correctly aligned with the Master bridge antennna.

• Point-to-Point Configurations – In a point-to-point configuration, the alignment process requires two people at each end of the link. The use of cell phones or two-way radio communication may help with coordination. To start, you can just point the antennas at each other, using binoculars or a compass to set the general direction. For accurate alignment, you must connect a DC voltmeter to the RSSI connector on the wireless bridge and monitor the voltage as the antenna moves horizontally and vertically.

• Point-to-Multipoint Configurations – In a point-to-multipoint configuration all Slave bridges must be aligned with the Master bridge antenna. The alignment process is the same as in point-to-point links, but only the Slave end of the link requires the alignment.

4-6

Align Antennas

The RSSI connector provides an output voltage between 0 and 3.28 VDC that is proportional to the received radio signal strength. The higher the voltage reading, the stronger the signal. The radio signal from the remote antenna can be seen to have a strong central main lobe and smaller side lobes. The object of the alignment process is to set the antenna so that it is receiving the strongest signal from the central main lobe.

Vertical Scan

Remote Antenna

Horizontal Scan

RSSI Voltage

Main Lobe Maximum

Maximum Signal Strength Position

for Horizontal Alignment

RSSI Voltage

Side Lobe Maximum

Maximum Signal

Strength Position for

Vertical Alignment

To align the antennas in the link using the RSSI output voltage, start with one antenna fixed and then perform the following procedure on the other antenna:

Note: The RSSI output can be configured through management interfaces to output a

value for specific WDS ports. See page 6-40 for more information.

1. Remove the RSSI connector cover and connect a voltmeter using a cable with

a male BNC connector (not included).

4-7

Hardware Installation

RSSI BNC Connection

Voltmeter

2. Pan the antenna horizontally back and forth while checking the RSSI voltage. If

using the pole-mounting bracket with the unit, you must rotate the mounting bracket around the pole. Other external antenna brackets may require a different horizontal adjustment.

3. Find the point where the signal is strongest (highest voltage) and secure the

horizontal adjustment in that position.

Note: Sometimes there may not be a central lobe peak in the voltage because vertical

alignment is too far off; only two similar peaks for the side lobes are detected. In this case, fix the antenna so that it is halfway between the two peaks.

4. Loosen the vertical adjustment on the mounting bracket and tilt the antenna

slowly up and down while checking the RSSI voltage.

5. Find the point where the signal is strongest and secure the vertical adjustment

in that position.

6. Remove the voltmeter cable and replace the RSSI connector cover.

4-8

Chapter 5: Initial Configuration

The wireless bridge offers a variety of management options, including a web-based interface, a command line interface (CLI), or using SNMP management software.

Most initial configuration steps can be made through the web browser interface using the Setup Wizard (page 5-3). However, for units that do not have a preset country code, you must first set the country code using the CLI.

Note: Units sold in some countries are not configured with a specific country code. You

must use the CLI to set the country code and enable wireless operation (page 5-2).

The wireless bridge requests an IP address via DHCP by default. If no response is received from a DHCP server, then the wireless bridge uses the default address

192.168.1.1. If this address is not compatible with your network, you can first perform initial configuration using a PC that has IP settings compatible with this subnet (for example, 192.168.1.2) and connecting it directly to the wireless bridge. When the basic configuration is completed, you can set new IP settings for the wireless bridge before connecting it to your network.

Initial Setup through the CLI

The wireless bridge provides access to the CLI through a Telnet connection. You can open a Telnet session by performing these steps:

1. From the host computer, enter the Telnet command and the IP address of the

wireless bridge unit (default 192.168.1.1 if not set via DHCP).

2. At the prompt, enter “admin” for the user name.

3. The default password is “private”. Enter the password at the password prompt

and press [Enter].

The CLI will display the “Dual Outdoor#” prompt to show that you are using executive access mode (i.e., Exec).

Username: admin Password: private Dual Outdoor#

For a full description of how to use the CLI, see “Using the Command Line Interface” on page 7-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 7-6.

5-1

Initial Configuration

Initial Configuration Steps

Setting the Country Code – Regulations for wireless products differ from country to country. Setting the country code restricts the wireless bridge to use only the radio channels and power settings permitted in the specified country of operation. If the wireless bridge unit is shipped with a preset country code, you are not permitted to change it, as required by country regulations. If the unit is set to the default “99,” you must set the country code to the country of operation.

At the Exec prompt, type “country ?” to display the list of country codes. Check the code for your country, then enter the country command again followed by your country code (e.g., IE for Ireland).

Dual Outdoor#country ie Dual Outdoor#

Setting the IP Address – By default, the wireless bridge is configured to obtain IP address settings from a DHCP server. You may also use the CLI to assign an IP address that is compatible with your network.

Type “configure” to enter configuration mode, then type “interface ethernet” to access the Ethernet interface-configuration mode.

Dual Outdoor#configure Dual Outdoor(config)#interface ethernet Dual Outdoor(config-if)#

First type “no dhcp” to disable DHCP client mode. Then type “ip address ip-address netmask gateway,” where “ip-address” is the wireless bridge’s IP address, “netmask”

is the network mask for the network, and “gateway” is the default gateway router. Check with your system administrator to obtain an IP address that is compatible with your network.

Dual Outdoor(if-ethernet)#no ip dhcp Dual Outdoor(if-ethernet)#ip address 192.168.2.2 255.255.255.0

192.168.2.254 Dual Outdoor(if-ethernet)#

After configuring the wireless bridge’s IP parameters, you can access the management interface from anywhere within the attached network. The command line interface can also be accessed using Telnet from any computer attached to the network.

5-2

Using the Web-based Management Setup Wizard

There are only a few basic steps you need to complete to set up the wireless bridge for your network. The Setup Wizard takes you through configuration procedures for the radio channel selection, IP configuration, and basic WEP encryption for wireless security.

The wireless bridge can be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the IP configured for the unit or the default IP address: http://192.168.1.1

Logging In – Enter the default username “admin” and password ”private“, click LOGIN. For information on configuring a user name and password, refer to page 6-23.

The home page displays the Main Menu.

5-3

Initial Configuration

Launching the Setup Wizard – To perform initial configuration, click Setup Wizard on the home page, then click on the [Next] button to start the process.

5-4

Using the Web-based Management Setup Wizard

1. Service Set ID – Enter the service set identifier in the SSID box which all

wireless 802.11g clients must use to associate with the access point. The SSID is case sensitive and can consist of up to 32 alphanumeric characters (Defaults: DualBandOurdoor).

2. Radio Channel – You must enable radio communications for the 802.11a and

802.11g radios and set the operating channel.

5-5

Initial Configuration

• 802.11a

Turbo Mode – If you select Enable, the wireless bridge will operate in turbo mode with a data rate of up to 108 Mbps. Normal mode supports 13 channels, Turbo mode supports only 5 channels. (Default: Disable)

802.11a Radio Channel – Set the operating radio channel number. (Default: 56ch, 5.280 GHz)

Auto Channel Select – Select Enable to automatically select an unoccupied radio channel. (Default: Enable)

• 802.11b/g

802.11g Radio Channel: Set the operating radio channel number. (Range 1-11; Default: 1)

Note: Available channel settings are limited by local regulations which determine which

channels are available.

3. IP Configuration – Either enable or disable (Dynamic Host Configuration

Protocol (DHCP) for automatic IP configuration. If you disable DHCP, then manually enter the IP address and subnet mask. If a management station exists on another network segment, then you must enter the IP address for a gateway that can route traffic between these segments. Then enter the IP address for the primary and secondary Domain Name Servers (DNS) servers to be used for host-name to IP address resolution.

DHCP Client – With DHCP Client enabled, the IP address, subnet mask and default gateway can be dynamically assigned to the access point by the network DHCP server. (Default: Enable)

5-6

Using the Web-based Management Setup Wizard

Note: If there is no DHCP server on your network, then the access point will

automatically start up with its default IP address, 192.168.1.1.

4. Security (802.11g) – Set the Authentication Type to “Open System” to allow

open access without authentication, or “Shared Key” to require authentication based on a shared key. Enable Wired Equivalent Privacy (WEP) to encrypt data transmissions. To configure other security features use the Advanced Setup menu as described in Chapter 5.

Authentication Type – Use “Open System” to allow open access to all wireless clients without performing authentication, or “Shared Key” to perform authentication based on a shared key that has been distributed to all stations. (Default: Open System)

WEP – Wired Equivalent Privacy is used to encrypt transmissions passing between wireless clients and the access point. (Default: Disabled)

Shared Key Setup – If you select “Shared Key” authentication type or enable WEP, then you also need to configure the shared key by selecting 64-bit or 128-bit key type, and entering a hexadecimal or ASCII string of the appropriate length. The key can be entered as alphanumeric characters or hexadecimal (0~9, A~F, e.g., D7 0A 9C 7F E5). (Default: 128 bit, hexadecimal key type)

64-Bit Manual Entry: The key can contain 10 hexadecimal digits, or 5 alphanumeric characters.

5-7

Initial Configuration

128-Bit Manual Entry: The key can contain 26 hexadecimal digits or 13 alphanumeric characters.

Note: All wireless devices must be configured with the same Key ID values to

communicate with the access point.

5. Click Finish.

6. Click the OK button to restart the access point.

5-8

Chapter 6: System Configuration

Before continuing with advanced configuration, first complete the initial configuration steps described in Chapter 4 to set up an IP address for the wireless bridge.

The wireless bridge can be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above). Enter the default IP address: http://192.168.1.1

To log into the wireless bridge, enter the default user name “admin” and click LOGIN (there is no default password). When the home page displays, click on Advanced Setup. The following page will display.

The information in this chapter is organized to reflect the structure of the web screens for easy reference. However, it is recommended that you configure a user name and password as the first step under advanced configuration to control management access to the wireless bridge (page 6-23).

6-1

System Configuration

Advanced Configuration

The Advanced Configuration pages include the following options.

Menu Description Page

System Configures basic administrative and client access 6-3

Identification Specifies the system name, location and contact information 6-3

TCP / IP Settings Configures the IP address, subnet mask, gateway, and domain name

servers

Radius Configures the RADIUS server for wireless client authentication 6-7

PPPoE Settings Configures PPPoE on the Ethernet interface for a connection to an ISP 6-9

Authentication Configures 802.1X client authentication and MAC address

authentication

Filter Control Enables VLAN support and filters traffic matching specific Ethernet

protocol types

SNMP Controls access to this wireless bridge from management stations

using SNMP, as well as the hosts that will receive trap messages

Administration Configures user name and password for management

upgrades software from local file, FTP or TFTP server; configuration settings to factory defaults; and resets the wireless bridge

System Log Controls logging of error messages; sets the system clock via SNTP

server or manual configuration

WDS Sets the MAC addresses of other units in the wireless bridge network 6-31

Bridge Sets the time for aging out entries in the bridge MAC address table 6-33

STP Configures Spanning Tree Protocol parameters 6-36

access;

resets

6-5

6-11

6-18

6-20

6-23

6-27

RSSI Controls the maximum RSSI voltage output for specific WDS ports 6-40

Radio Interface A Configures the IEEE 802.11a interface 6-41

Radio Settings Configures radio signal parameters, such as radio channel,

transmission rate, and beacon settings

Security Configures data encryption using Wired Equivalent Protection (WEP)

or Wi-Fi Protected Access (WPA)

Radio Interface G Configures the IEEE 802.11b/g interface 6-46

Radio Settings Configures radio signal parameters, such as radio channel,

transmission rate, and beacon settings

Security Configures data encryption using Wired Equivalent Protection (WEP)

or Wi-Fi Protected Access (WPA)

6-42

6-48

6-46

6-48

6-2

Advanced Configuration

System Identification

The system information parameters for the wireless bridge can be left at their default settings. However, modifying these parameters can help you to more easily distinguish different devices in your network.

The wireless bridge allows the selection of the band to be used for bridge links. The bridge band can support no wireless clients. Alternatively, bridging can be disabled and both bands can support access point functions.

System Name – An alias for the wireless bridge, enabling the device to be uniquely identified on the network. (Default: Dual Band Outdoor AP; Range: 1-22 characters)

Outdoor Bridge Band – Selects the radio band used for bridge links.

• A – Bridging is supported on the 802.11a 5 GHz band.

• G – Bridging is supported on the 802.11b/g 2.4 GHz band.

• None – Bridging is not supported on either radio band. Allows both bands to

support access point operations for wireless clients.

Location – A text string that describes the system location. (Maximum length: 20 characters)

Contact – A text string that describes the system contact. (Maximum length: 255 characters)

6-3

System Configuration

CLI Commands for System Identification – Enter the global configuration mode and use the

system name command to specify a new system name. Use the

snmp-server location and snmp-server contact commands to indicate the physical

location of the wireless bridge and define a system contact. Then return to the Exec mode, and use the

show system command to display the changes to the system

identification settings.

DUAL OUTDOOR#configure 7-7 DUAL OUTDOOR(config)#system name R&D 7-12 DUAL OUTDOOR(config)#snmp-server location building-1 7-27 DUAL OUTDOOR(config)#snmp-server contact Paul 7-25 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show system 7-15

System Information =================================================== Serial Number : 0000000005 System Up time : 0 days, 0 hours, 35 minutes, 56 seconds System Name : R&D System Location : building-1 System Contact : Paul System Country Code : US - UNITED STATES MAC Address : 00-30-F1-BE-F4-96 IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 0.0.0.0 VLAN State : DISABLED Native VLAN ID : 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 Slot Status : Dual band(a/g) Software Version : v1.1.0.3 ===================================================

DUAL OUTDOOR#

CLI Commands for Bridge Band Selection – Enter the global configuration mode and use the

DUAL OUTDOOR#configure 7-7 DUAL OUTDOOR(config)#wds channel a 7-43 DUAL OUTDOOR(config)#

wds channel command to specify the bridge band.

6-4

Advanced Configuration

TCP / IP Settings

Configuring the wireless bridge with an IP address expands your ability to manage the wireless bridge. A number of wireless bridge features depend on IP addressing to operate.

Note: You can use the web browser interface to access IP addressing only if the

wireless bridge already has an IP address that is reachable through your network.

By default, the wireless bridge will be automatically configured with IP settings from a Dynamic Host Configuration Protocol (DHCP) server. However, if you are not using a DHCP server to configure IP addressing, use the CLI to manually configure the initial IP values (page 5-2). After you have network access to the wireless bridge, you can use the web browser interface to modify the initial IP configuration, if needed.

Note: If there is no DHCP server on your network, or DHCP fails, the wireless

bridge will automatically start up with a default IP address of 192.168.1.1.

DHCP Client (Enable) – Select this option to obtain the IP settings for the wireless bridge from a DHCP (Dynamic Host Configuration Protocol) server. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to the wireless bridge by the network DHCP server. (Default: Enabled)

6-5

System Configuration

DHCP Client (Disable) – Select this option to manually configure a static address for the wireless bridge.

• IP Address: The IP address of the wireless bridge. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.

• Subnet Mask: The mask that identifies the host address bits used for routing to specific subnets.

• Default Gateway: The default gateway is the IP address of the router for the wireless bridge, which is used if the requested destination address is not on the local subnet.

If you have management stations, DNS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. Otherwise, leave the address as all zeros (0.0.0.0).

• Primary and Secondary DNS Address: The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.

If you have one or more DNS servers located on the local network, type the IP addresses in the text fields provided. Otherwise, leave the addresses as all zeros (0.0.0.0).

CLI Commands for TCP/IP Settings – From the global configuration mode, enter the interface configuration mode with the interface ethernet command. Use the command to enable the DHCP client, or

no ip dhcp to disable it. To manually

ip dhcp

configure an address, specify the new IP address, subnet mask, and default gateway using the

dns server command. Then use the show interface ethernet command from the

ip address command. To specify DNS server addresses use the

Exec mode to display the current IP settings.

DUAL OUTDOOR(config)#interface ethernet 7-64 Enter Ethernet configuration commands, one per line. DUAL OUTDOOR(if-ethernet)#no ip dhcp 7-66 DUAL OUTDOOR(if-ethernet)#ip address 192.168.1.2

255.255.255.0 192.168.1.253 7-65 DUAL OUTDOOR(if-ethernet)#dns primary-server 192.168.1.55 7-64 DUAL OUTDOOR(if-ethernet)#dns secondary-server 10.1.0.55 7-64 DUAL OUTDOOR(config)#end 7-7 DUAL OUTDOOR#show interface ethernet 7-67 Ethernet Interface Information ======================================== IP Address : 192.168.1.2 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.55 Admin status : Up Operational status : Up ======================================== DUAL OUTDOOR#

6-6

Advanced Configuration

Radius

Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS-aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network.

A primary RADIUS server must be specified for the access point to implement IEEE

802.1X network access control and Wi-Fi Protected Access (WPA) wireless security. A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible.

Note: This guide assumes that you have already configured RADIUS server(s) to

support the access point. Configuration of RADIUS server software is beyond the scope of this guide, refer to the documentation provided with the RADIUS server software.

Primary Radius Server Setup – Configure the following settings to use RADIUS authentication on the access point.

• IP Address: Specifies the IP address or host name of the RADIUS server.

• Port: The UDP port number used by the RADIUS server for authentication

messages. (Range: 1024-65535; Default: 1812)

• Key: A shared text string used to encrypt messages between the access point and

the RADIUS server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string. (Maximum length: 255 characters)

6-7

System Configuration

• Timeout: Number of seconds the access point waits for a reply from the RADIUS server before resending a request. (Range: 1-60 seconds; Default: 5)

• Retransmit attempts: The number of times the access point tries to resend a request to the RADIUS server before authentication fails. (Range: 1-30; Default: 3)

Note: For the Timeout and Retransmit attempts fields, accept the default values

unless you experience problems connecting to the RADIUS server over the network.

Secondary Radius Server Setup – Configure a secondary RADIUS server to provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the secondary server, it periodically attempts to establish communication again with primary server. If communication with the primary server is re-established, the secondary server reverts to a backup role.

CLI Commands for RADIUS – From the global configuration mode, use the radius-server address command to specify the address of the primary or secondary RADIUS servers. (The following example configures the settings for the primary RADIUS server.) Configure the other parameters for the RADIUS server. Then use the show show radius command from the Exec mode to display the current settings for the primary and secondary RADIUS servers.

DUAL OUTDOOR(config)#radius-server address 192.168.1.25 7-32 DUAL OUTDOOR(config)#radius-server port 181 7-32 DUAL OUTDOOR(config)#radius-server key green 7-33 DUAL OUTDOOR(config)#radius-server timeout 10 7-34 DUAL OUTDOOR(config)#radius-server retransmit 5 7-33 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show radius 7-34

Radius Server Information ======================================== IP : 192.168.1.25 Port : 181 Key : ***** Retransmit : 5 Timeout : 10 ========================================

Radius Secondary Server Information ======================================== IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 ======================================== DUAL OUTDOOR#

6-8

Advanced Configuration

PPPoE Settings

The wireless bridge uses a Point-to-Point Protocol over Ethernet (PPPoE) connection, or tunnel, only for management traffic between the wireless bridge and a remote PPPoE server (typically at an ISP). Examples of management traffic that may initiated by the wireless bridge and carried over a PPPoE tunnel are RADIUS, Syslog, or DHCP traffic.

PPP over Ethernet – Enable PPPoE on the RJ-45 Ethernet interface to pass management traffic between the unit and a remote PPPoE server. (Default: Disable)

PPPoE Username – The user name assigned for the PPPoE tunnel. (Range: 1-63 alphanumeric characters)

PPPoE Password – The password assigned for the PPPoE tunnel. (Range: 1-63 alphanumeric characters)

Confirm Password – Use this field to confirm the PPPoE password.

PPPoE Service Name – The service name assigned for the PPPoE tunnel. The

service name is normally optional, but may be required by some service providers. (Range: 1-63 alphanumeric characters)

IP Allocation Mode – This field specifies how IP adresses for the PPPoE tunnel are configured on the RJ-45 interface. The allocation mode depends on the type of service provided by the PPPoE server. If automatic mode is selected, DHCP is used

6-9

System Configuration

to allocate the IP addresses for the PPPoE connection. If static addresses have been assigned to you by the service provider, you must manually enter the assigned addresses. (Default: Automatic)

• Automatically allocated: IP addresses are dynamically assigned by the service provider during PPPoE session initialization.

• Static assigned: Fixed addresses are assigned by the service provider for both the local and remote IP addresses.

Local IP Address – IP address of the local end of the PPPoE tunnel. (Must be entered for static IP allocation mode.)

Remote IP Address – IP address of the remote end of the PPPoE tunnel. (Must be entered for static IP allocation mode.)

CLI Commands for PPPoE – From the CLI configuration mode, use the interface ethernet command to access interface configuration mode. Use the ip pppoe command to enable PPPoE on the Ethernet interface. Use the other PPPoE commands shown in the example below to set a user name and password, IP settings, and other PPPoE parameters as required by the service provider. The pppoe restart command can then be used to start a new connection using the modified settings. To display the current PPPoE settings, use the show pppoe command from the Exec mode.

DUAL OUTDOOR(config)#interface ethernet 7-64 Enter Ethernet configuration commands, one per line. DUAL OUTDOOR(if-ethernet)#ip pppoe 7-57 DUAL OUTDOOR(if-ethernet)#pppoe username mike 7-61 DUAL OUTDOOR(if-ethernet)#pppoe password 12345 7-61 DUAL OUTDOOR(if-ethernet)#pppoe service-name classA 7-62 DUAL OUTDOOR(if-ethernet)#pppoe ip allocation mode static 7-57 DUAL OUTDOOR(if-ethernet)#pppoe local ip 10.7.1.200 7-60 DUAL OUTDOOR(if-ethernet)#pppoe remote ip 192.168.1.20 7-60 DUAL OUTDOOR(if-ethernet)#pppoe ipcp dns 7-58 DUAL OUTDOOR(if-ethernet)#pppoe lcp echo-interval 30 7-58 DUAL OUTDOOR(if-ethernet)#pppoe lcp echo-failure 5 7-59 DUAL OUTDOOR(if-ethernet)#pppoe restart 7-62 DUAL OUTDOOR(if-ethernet)#end DUAL OUTDOOR#show pppoe 7-63

PPPoE Information ====================================================== State : Link up Username : mike Service Name : classA IP Allocation Mode : Static DNS Negotiation : Enabled Local IP : 10.7.1.200 Echo Interval : 30 Echo Failure : 5 ======================================================

DUAL OUTDOOR#

6-10

Advanced Configuration

Authentication

Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol.

The access point can also operate in a 802.1X supplicant mode. This enables the access point itself and any bridge-connected units to be authenticated with a RADIUS server using a configured MD5 user name and password. This mechanism can prevent rogue access points from gaining access to the network.

Ethernet Supplicant Setup – Allows the access point to act as an 802.1X supplicant so it can be authenticated through its Ethernet port with a RADIUS server on the local network. When enabled, a unique MD5 user name and password needs to be configured. (Default: Disabled)

• Enabled/Disabled – Enables/Disables the 802.1X supplicant function.

- Username – Specifies the MD5 user name. (Range: 1-22 characters)

- Password – Specifies the MD5 password. (Range: 1-22 characters)

WDS Supplicant Setup – Allows the access point to act as an 802.1X supplicant so it can be authenticated through a WDS (wireless) port with a RADIUS server on the remote network. When enabled, a unique MD5 user name and password needs to be configured for the WDS port. For a BAT54 Slave unit, there is only one WDS port. For a BAT54M Master unit, there are 16 WDS ports. (Default: Disabled)

6-11

System Configuration

. . .

MAC Authentication – You can configure a list of the MAC addresses for wireless clients that are authorized to access the network. This provides a basic level of authentication for wireless clients attempting to gain access to the network. A database of authorized MAC addresses can be stored locally on the access point or remotely on a central RADIUS server. (Default: Local MAC)

• Local MAC: The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up.

• Radius MAC: The MAC address of the associating station is sent to a configured RADIUS server for authentication. When using a RADIUS authentication server for MAC address authentication, the server must first be configured in the Radius window (page 6-7).

• Disable: No checks are performed on an associating station’s MAC address.

Note: Client station MAC authentication occurs prior to the IEEE 802.1X

authentication procedure configured for the access point. However, a client’s MAC address provides relatively weak user authentication, since MAC addresses can be easily captured and used by another station to break into the network. Using 802.1X provides more robust user authentication using user names and passwords or digital certificates. So, although you can configure the access point to use MAC address and 802.1X authentication together, it is better to choose one or the other, as appropriate.

802.1X Setup – IEEE 802.1X is a standard framework for network access control

that uses a central RADIUS server for user authentication. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. The 802.1X standard uses the Extensible Authentication Protocol (EAP) to pass user credentials (either digital certificates, user names and passwords, or other) from the client to the RADIUS

6-12

Advanced Configuration

server. Client authentication is then verified on the RADIUS server before the access point grants client access to the network.

The 802.1X EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval.

You can enable 802.1X as optionally supported or as required to enhance the security of the wireless network.

• Disable: The access point does not support 802.1X authentication for any wireless

client. After successful wireless association with the access point, each client is allowed to access the network.

• Supported: The access point supports 802.1X authentication only for clients

initiating the 802.1X authentication process (i.e., the access point does not initiate

802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network. For those clients not initiating

802.1X, access to the network is allowed after successful wireless association with the access point.

• Required: The access point enforces 802.1X authentication for all associated

wireless clients. If 802.1X authentication is not initiated by a client, the access point will initiate authentication. Only those clients successfully authenticated with

802.1X are allowed to access the network.

When 802.1X is enabled, the broadcast and session key rotation intervals can also be configured.

• Broadcast Key Refresh Rate: Sets the interval at which the broadcast keys are

refreshed for stations using 802.1X dynamic keying. (Range: 0-1440 minutes; Default: 0 means disabled)

• Session Key Refresh Rate: The interval at which the access point refreshes

unicast session keys for associated clients. (Range: 0-1440 minutes; Default: 0 means disabled)

• 802.1X Re-authentication Refresh Rate: The time period after which a connected

client must be re-authenticated. During the re-authentication process of verifying the client’s credentials on the RADIUS server, the client remains connected the network. Only if re-authentication fails is network access blocked. (Range: 0-65535 seconds; Default: 0 means disabled)

6-13

System Configuration

. . .

Local MAC Authentication – Configures the local MAC authentication database. The MAC database provides a mechanism to take certain actions based on a wireless client’s MAC address. The MAC list can be configured to allow or deny network access to specific clients.

• System Default: Specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database).

- Deny: Blocks access for all MAC addresses except those listed in the local

database as “Allow.”

- Allow: Permits access for all MAC addresses except those listed in the local

database as “Deny.”

• MAC Authentication Settings: Enters specified MAC addresses and permissions into the local MAC database.

- MAC Address: Physical address of a client. Enter six pairs of hexadecimal digits

separated by hyphens; for example, 00-90-D1-12-AB-89.

- Permission: Select Allow to permit access or Deny to block access. If Delete is

selected, the specified MAC address entry is removed from the database.

- Update: Enters the specified MAC address and permission setting into the local

database.

• MAC Authentication Table: Displays current entries in the local MAC database.

CLI Commands for 802.1X Suppicant Configuration – Use the 802.1X supplicant commands to set the Ethernet and WDS user names and passwords, and to enable the feature.

DUAL OUTDOOR(config)#802.1X supplicant eth_user David 7-38 DUAL OUTDOOR(config)#802.1X supplicant eth_password DEF 7-38 DUAL OUTDOOR(config)#802.1X supplicant eth 7-38 DUAL OUTDOOR(config)#

6-14

Advanced Configuration

DUAL OUTDOOR(config)#802.1X supplicant wds_user 1 David 7-38 DUAL OUTDOOR(config)#802.1X supplicant wds_password 1 ABC 7-38 DUAL OUTDOOR(config)#802.1X supplicant wds 1 7-38 DUAL OUTDOOR(config)#

CLI Commands for Local MAC Authentication – Use the mac-authentication server command from the global configuration mode to enable local MAC

authentication. Set the default for MAC addresses not in the local table using the address filter default command, then enter MAC addresses in the local table using the address filter entry command. To remove an entry from the table, use the

address filter delete command. To display the current settings, use the show authentication command from the Exec mode.

DUAL OUTDOOR(config)#mac-authentication server local 7-41 DUAL OUTDOOR(config)#address filter default denied 7-39 DUAL OUTDOOR(config)#address filter entry 00-70-50-cc-99-1a denied 7-40 DUAL OUTDOOR(config)#address filter entry 00-70-50-cc-99-1b allowed DUAL OUTDOOR(config)#address filter entry 00-70-50-cc-99-1c allowed DUAL OUTDOOR(config)#address filter delete 00-70-50-cc-99-1c 7-40 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show authentication 7-42

Authentication Information ========================================================= MAC Authentication Server : LOCAL MAC Auth Session Timeout Value : 300 secs

802.1X : DISABLED Broadcast Key Refresh Rate : 5 min Session Key Refresh Rate : 5 min

802.1X Session Timeout Value : 300 secs Address Filtering : DENIED

System Default : DENY addresses not found in filter table. Filter Table

MAC Address Status

----------------- ---------00-70-50-cc-99-1a DENIED 00-70-50-cc-99-1b ALLOWED ========================================================= DUAL OUTDOOR#

6-15

System Configuration

CLI Commands for RADIUS MAC Authentication – Use the mac-authentication server command from the global configuration mode to enable remote MAC

authentication. Set the timeout value for re-authentication using the mac-authentication session-timeout command. Be sure to also configure connection settings for the RADIUS server (not shown in the following example). To display the current settings, use the show authentication command from the Exec mode.

DUAL OUTDOOR(config)#mac-authentication server remote 7-41 DUAL OUTDOOR(config)#mac-authentication session-timeout 300 7-41 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show authentication 7-42

Authentication Information ========================================================= MAC Authentication Server : REMOTE MAC Auth Session Timeout Value : 300 secs

802.1X : DISABLED Broadcast Key Refresh Rate : 5 min Session Key Refresh Rate : 5 min

802.1X Session Timeout Value : 300 secs Address Filtering : DENIED

System Default : DENY addresses not found in filter table. Filter Table

MAC Address Status

----------------- ---------00-70-50-cc-99-1a DENIED 00-70-50-cc-99-1b ALLOWED ========================================================= DUAL OUTDOOR#

6-16

Advanced Configuration

CLI Commands for 802.1X Authentication – Use the 802.1X supported command from the global configuration mode to enable 802.1X authentication. Set the session and broadcast key refresh rate, and the re-authentication timeout. To display the current settings, use the show authentication command from the Exec mode.

DUAL OUTDOOR(config)#802.1X supported 7-35 DUAL OUTDOOR(config)#802.1X broadcast-key-refresh-rate 5 7-36 DUAL OUTDOOR(config)#802.1X session-key-refresh-rate 5 7-37 DUAL OUTDOOR(config)#802.1X session-timeout 300 7-38 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show authentication 7-42

Authentication Information ========================================================= MAC Authentication Server : REMOTE MAC Auth Session Timeout Value : 300 secs

802.1X : SUPPORTED Broadcast Key Refresh Rate : 5 min Session Key Refresh Rate : 5 min

802.1X Session Timeout Value : 300 secs Address Filtering : DENIED

System Default : DENY addresses not found in filter table. Filter Table

MAC Address Status

----------------- ---------00-70-50-cc-99-1a DENIED 00-70-50-cc-99-1b ALLOWED ========================================================= DUAL OUTDOOR#

6-17

System Configuration

Filter Control

The wireless bridge can employ VLAN tagging support and network traffic frame filtering to control access to network resources and increase security.

Native VLAN ID – The VLAN ID assigned to wireless clients that are not assigned to a specific VLAN by RADIUS server configuration. (Range: 1-64)

VLAN – Enables or disables VLAN tagging support on the wireless bridge (changing the VLAN status forces a system reboot). When VLAN support is enabled, the wireless bridge tags traffic passing to the wired network with the assigned VLAN ID associated with each client on the RADIUS server or the configured native VLAN ID. Traffic received from the wired network must also be tagged with a known VLAN ID. Received traffic that has an unknown VLAN ID or no VLAN tag is dropped. When VLAN support is disabled, the wireless bridge does not tag traffic passing to the wired network and ignores the VLAN tags on any received frames.

Note: Before enabling VLANs on the wireless bridge, you must configure the connected

LAN switch port to accept tagged VLAN packets with the VLAN ID. Otherwise, connectivity to the enable the VLAN feature.

Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. This feature can also be used to control access to network resources from wireless clients, thereby improving security.

wireless bridge will be lost when you

wireless bridge’s native

6-18

Advanced Configuration

A VLAN ID (1-4094) is assigned to a client after successful authentication using IEEE 802.1X and a central RADIUS server. The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network. If a user does not have a configured VLAN ID, the access point assigns the user to its own configured native VLAN ID.

When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS attributes and values as indicated in the following table.

Number RADIUS Attribute Value

64 Tunnel-Type VLAN (13)

65 Tunnel-Medium-Type 802

81 Tunnel-Private-Group VLANID

(1 to 4094 in hexadecimal)

Note: The specific configuration of RADIUS server software is beyond the scope of

this guide. Refer to the documentation provided with the RADIUS server software.

When VLAN filtering is enabled, the access point must also have 802.1X authentication enabled and a RADIUS server configured. Wireless clients must also support 802.1X client software to be assigned to a specific VLAN.

When VLAN filtering is disabled, the access point ignores the VLAN tags on any received frames.

Local Bridge Filter – Controls wireless-to-wireless communications between clients through the access point. However, it does not affect communications between wireless clients and the wired network.

• Disable: Allows wireless-to-wireless communications between clients through the

access point.

• Enable: Blocks wireless-to-wireless communications between clients through the

access point.

AP Management Filter – Controls management access to the access point from wireless clients. Management interfaces include the web, Telnet, or SNMP.

• Disable: Allows management access from wireless clients.

• Enable: Blocks management access from wireless clients.

Ethernet Type Filter – Controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table.

• Disable: Wireless bridge does not filter Ethernet protocol types.

• Enable: Wireless bridge filters Ethernet protocol types based on the configuration

of protocol types in the filter table. If a protocol has its status set to “ON,” the protocol is filtered from the wireless bridge.

6-19

System Configuration

CLI Commands for VLAN Support – From the global configuration mode use the native-vlanid command to set the default VLAN ID for the Ethernet interface, then enable VLANs using the vlan enable command. When you change the access point’s VLAN support setting, you must reboot the access point to implement the change. To view the current VLAN settings, use the show system command.

DUAL OUTDOOR(config)#native-vlanid 3 7-87 DUAL OUTDOOR(config)#vlan enable 7-87 Reboot system now? <y/n>: y

CLI Commands for Bridge Filtering – Use the

filter ap-manage command to restrict

management access from wireless clients. To configure Ethernet protocol filtering, use the

ethernet-type protocol

display the current settings, use the

DUAL OUTDOOR(config)#filter ap-manage 7-54 DUAL OUTDOOR(config)#filter ethernet-type enable 7-54 DUAL OUTDOOR(config)#filter ethernet-type protocol ARP 7-55 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show filters 7-56

Protocol Filter Information ========================================================= AP Management :ENABLED Ethernet Type Filter :ENABLED

Enabled Protocol Filters

--------------------------------------------------------Protocol: ARP ISO: 0x0806 ========================================================= DUAL OUTDOOR#

filter ethernet-type enable command to enable filtering and the filter

command to define the protocols that you want to filter. To

show filters command from the Exec mode.

SNMP

You can use a network management application to manage the wireless bridge via the Simple Network Management Protocol (SNMP) from a management station. To implement SNMP management, the wireless bridge must have an IP address and subnet mask, configured either manually or dynamically. Once an IP address has been configured, appropriate SNMP communities and trap receivers should be configured.

Community names are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the wireless bridge. To communicate with the wireless bridge, a management station must first submit a valid community name for authentication. You therefore need to assign community names to specified users or user groups and set the access level.

6-20

Advanced Configuration

SNMP – Enables or disables SNMP management access and also enables the wireless bridge to send SNMP traps (notifications). SNMP management is enabled by default.

Community Name (Read Only) – Defines the SNMP community access string that has read-only access. Authorized management stations are only able to retrieve MIB objects. (Maximum length: 23 characters, case sensitive; Default: public)

Community Name (Read/Write) – Defines the SNMP community access string that has read/write access. Authorized management stations are able to both retrieve and modify MIB objects. (Maximum length: 23 characters, case sensitive; Default: private)

Trap Destination IP Address – Specifies the recipient of SNMP notifications. Enter the IP address or the host name. (Host Name: 1 to 20 characters)

Trap Destination Community Name – The community string sent with the notification operation. (Maximum length: 23 characters; Default: public)

6-21

System Configuration

CLI Commands for SNMP – Use the snmp-server enable server command from the global configuration mode to enable SNMP. To set read/write and read-only community names, use the

command defines a trap receiver host. To view the current SNMP settings, use

host

the

show snmp command.

DUAL OUTDOOR(config)#snmp-server enable server 7-25 DUAL OUTDOOR(config)#snmp-server community alpha rw 7-24 DUAL OUTDOOR(config)#snmp-server community beta DUAL OUTDOOR(config)#snmp-server host 10.1.19.23 alpha 7-26 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show snmp 7-27

SNMP Information ============================================ Service State : Enable Community (ro) : **** Community (rw) : ***** Location : building-1 Contact : Paul Traps : Enabled Host Name/IP : 10.1.19.23 Trap Community : ***** =============================================

snmp-server community command. The snmp-server

DUAL OUTDOOR#

6-22

Advanced Configuration

Administration

Changing the Password

Management access to the web and CLI interface on the wireless bridge is controlled through a single user name and password. You can also gain additional access security by using control filters (see “Filter Control” on page 6-18).

To protect access to the management interface, you need to configure an Administrator’s user name and password as soon as possible. If the user name and password are not configured, then anyone having access to the wireless bridge may be able to compromise wireless bridge and network security.

Note: Pressing the Reset button on the back of the wireless bridge for more than

five seconds resets the user name and password to the factory defaults. For this reason, we recommend that you protect the wireless bridge from physical access by unauthorized persons.

Username – The name of the user. The default name is “admin.” (Length: 3-16 characters, case sensitive.)

New Password – The password for management access. (Length: 3-16 characters, case sensitive)

Confirm New Password – Enter the password again for verification.

CLI Commands for the User Name and Password – Use the username and password commands from the CLI configuration mode.

DUAL OUTDOOR(config)#username bob 7-13 DUAL OUTDOOR(config)#password spiderman 7-13 DUAL OUTDOOR#

6-23

System Configuration

Upgrading Firmware

You can upgrade new wireless bridge software from a local file on the management workstation, or from an FTP or TFTP server.

After upgrading new software, you must reboot the wireless bridge to implement the new code. Until a reboot occurs, the wireless bridge will continue to run the software it was using before the upgrade started. Also note that rebooting the wireless bridge with new software will reset the configuration to the factory default settings.

Note: Before upgrading your wireless bridge software, it is recommended to save a

copy of the current configuration file. See “copy” on page 7-29 for information on saving the configuration file to a TFTP or FTP server.

Before upgrading new software, verify that the wireless bridge is connected to the network and has been configured with a compatible IP address and subnet mask.

If you need to download from an FTP or TFTP server, take the following additional steps:

• Obtain the IP address of the FTP or TFTP server where the wireless bridge software is stored.

• If upgrading from an FTP server, be sure that you have an account configured on the server with a user name and password.

Current version – Version number of runtime code.

6-24

Advanced Configuration

Firmware Upgrade Local – Downloads an operation code image file from the web management station to the wireless bridge using HTTP. Use the Browse button to locate the image file locally on the management station and click Start Upgrade to proceed.

• New firmware file: Specifies the name of the code file on the server. The new

firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the wireless bridge. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Firmware Upgrade Remote – Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Upgrade to proceed.

• New firmware file: Specifies the name of the code file on the server.

firmware file name should not contain slashes (\ or /), name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the wireless bridge. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

• IP Address: IP address or host name of FTP or TFTP server.

• Username: The user ID used for login on an FTP server.

• Password: The password used for login on an FTP server.

Restore Factory Settings – Click the Restore button to reset the configuration settings for the wireless bridge to the factory defaults and reboot the system. Note that all user configured information will be lost. You will have to re-enter the default user name (admin) to re-gain management access to this device.

Reset wireless bridge – Click the Reset button to reboot the system.

Note: If you have upgraded system software, then you must reboot the wireless

bridge to implement the new operation code.

the leading letter of the file

The new

6-25

System Configuration

CLI Commands for Downloading Software from a TFTP Server – Use the copy tftp

command from the Exec mode and then specify the file type, name, and IP

file

address of the TFTP server. When the download is complete, the

dir command can

be used to check that the new file is present in the wireless bridge file system. To run the new software, use the

DUAL OUTDOOR#copy tftp file 7-29

1. Application image

2. Config file

3. Boot block image Select the type of download<1,2,3>: [1]:1 TFTP Source file name:bridge-img.bin TFTP Server IP:192.168.1.19

DUAL OUTDOOR#dir 7-30 File Name Type File Size

-------------------------- ---- ----------dflt-img.bin 2 1319939 bridge-img.bin 2 1629577 syscfg 5 17776 syscfg_bak 5 17776

reset board command to reboot the wireless bridge.

262144 byte(s) available

DUAL OUTDOOR#reset board 7-9 Reboot system now? <y/n>: y

6-26

Advanced Configuration

System Log

The wireless bridge can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date.

Enabling System Logging

The wireless bridge supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating wireless bridge and network problems.

System Log Setup – Enables the logging of error messages.

Logging Host – Enables the sending of log messages to a Syslog server host.

Server Name/IP – The IP address or name of a Syslog server.

Logging Console – Enables the logging of error messages to the console.

Logging Level – Sets the minimum severity level for event logging.

6-27

System Configuration

The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level.

Error Level Description

Emergency System unusable

Alert Immediate action needed

Critical Critical conditions (e.g., memory allocation, or free memory error - resource

exhausted)

Error Error conditions (e.g., invalid input, default used)

Warning Warning conditions (e.g., return false, unexpected return)

Notice Normal but significant condition, such as cold start

Informational Informational messages only

Debug Debugging messages

Note: The wireless bridge error log can be viewed using the Event Logs window in

the Status section (page 6-67).The Event Logs window displays the last 128 messages logged in chronological order, from the newest to the oldest. Log messages saved in the wireless bridge’s memory are erased when the device is rebooted.

6-28

Advanced Configuration

CLI Commands for System Logging – To enable logging on the wireless bridge, use the

logging on command from the global configuration mode. The logging level

command sets the minimum level of message to log. Use the command to enable logging to the console. Use the

logging host command to

specify up to four Syslog servers. The CLI also allows the

logging console

logging facility-type

command to set the facility-type number to use on the Syslog server. To view the current logging settings, use the

DUAL OUTDOOR(config)#logging on 7-16 DUAL OUTDOOR(config)#logging level alert 7-18 DUAL OUTDOOR(config)#logging console 7-17 DUAL OUTDOOR(config)#logging host 1 10.1.0.3 514 7-17 DUAL OUTDOOR(config)#logging facility-type 19 7-18 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show logging 7-19

Logging Information ============================================ Syslog State : Enabled Logging Host State : Enabled Logging Console State : Enabled Server Domain name/IP : 1 10.1.0.3 Logging Level : Error Logging Facility Type : 16 =============================================

show logging command.

DUAL OUTDOOR#

Configuring SNTP

Simple Network Time Protocol (SNTP) allows the wireless bridge to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the wireless bridge enables the system log to record meaningful dates and times for event entries. If the clock is not set, the wireless bridge will only record the time from the factory default set at the last bootup.

The wireless bridge acts as an SNTP client, periodically sending time synchronization requests to specific time servers. You can configure up to two time server IP addresses. The wireless bridge will attempt to poll each server in the configured sequence.

SNTP Server – Configures the wireless bridge to operate as an SNTP client. When enabled, at least one time server IP address must be specified.

• Primary Server: The IP address of an SNTP or NTP time server that the wireless

bridge attempts to poll for a time update.

• Secondary Server: The IP address of a secondary SNTP or NTP time server. The

wireless bridge first attempts to update the time from the primary server; if this fails it attempts an update from the secondary server.

Note: The wireless bridge also allows you to disable SNTP and set the system

clock manually using the CLI.

6-29

System Configuration

Set Time Zone – SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours your time zone is located before (east) or after (west) UTC.

Enable Daylight Saving – The wireless bridge provides a way to automatically adjust the system clock for Daylight Savings Time changes. To use this feature you must define the month and date to begin and to end the change from standard time. During this period the system clock is set back by one hour.

CLI Commands for SNTP – To enable SNTP support on the wireless bridge, from the global configuration mode specify SNTP server IP addresses using the

sntp-server ip command, then use the sntp-server enable command to enable the

service. Use the the

sntp-server daylight-saving command to set up a daylight saving. To view the

current SNTP settings, use the

sntp-server timezone command to set the location time zone and

show sntp command.

DUAL OUTDOOR(config)#sntp-server ip 10.1.0.19 7-20 DUAL OUTDOOR(config)#sntp-server enable 7-21 DUAL OUTDOOR(config)#sntp-server timezone +8 7-22 DUAL OUTDOOR(config)#sntp-server daylight-saving 7-22 Enter Daylight saving from which month<1-12>: 3 and which day<1-31>: 31 Enter Daylight saving end to which month<1-12>: 10 and which day<1-31>: 31 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show sntp 7-23

SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time : 19 : 35, Oct 10th, 2003 Time Zone : +8 (TAIPEI, BEIJING) Daylight Saving : Enabled, from Mar, 31th to Oct, 31th =========================================================

DUAL OUTDOOR#

6-30

Advanced Configuration

CLI Commands for the System Clock – The following example shows how to manually set the system time when SNTP server support is disabled on the wireless bridge.

DUAL OUTDOOR(config)#no sntp-server enable 7-21 DUAL OUTDOOR(config)#sntp-server date-time 7-21 Enter Year<1970-2100>: 2003 Enter Month<1-12>: 10 Enter Day<1-31>: 10 Enter Hour<0-23>: 18 Enter Min<0-59>: 35 DUAL OUTDOOR(config)#

Wireless Distribution System (WDS)

The IEEE 802.11 standard defines a WIreless Distribution System (WDS) for connections between wireless bridges. The access point uses WDS to forward traffic on bridge links between units. When using WDS, only wireless bridge units can associate to each other using the bridge band. A wireless client cannot associate with the access point on the wireless bridge band.

To set up a wireless bridge link, you must configure the WDS forwarding table by specifying the wireless MAC address of the bridge to which you want to forward traffic. For a Slave bridge unit, you need to specify the MAC address of the wireless bridge unit at the opposite end of the link. For a Master bridge unit, you need to specify the MAC addresses of all the Slave bridge units in the network.

6-31

System Configuration

Mode – The wireless bridge is set to operate as a Slave or Master unit:

• Master Mode: In a point-to-multipoint network configuration, only one wireless bridge unit must be a Master unit (all others must be Slave units). A Master wireless bridge provides support for up to 16 MAC addresses in the WDS forwarding table. The MAC addresses of all other Slave bridge units in the network must be configured in the forwarding table.

• Slave Mode: A Slave wireless bridge provides support for only one MAC address in the WDS forwarding table. A Slave bridge communicates with only one other wireless bridge, either another Slave bridge in a point-to-point configuration, or to the Master bridge in a point-to-multipoint configuration.

6-32

Advanced Configuration

Port Number (Master bridge only) – The wireless port identifier.

MAC Address – The physical layer address of the wireless bridge unit at the other

end of the wireless link. (12 hexadecimal digits in the form “xx:xx:xx:xx:xx:xx”)

Port Status – Enables or disables the wireless bridge link.

Note: The wireless MAC address for each bridge unit is printed on the label on the

back of the unit.

CLI Commands for WDS – The following example shows how to configure the MAC address of the wireless bridge at the opposite end of a point-to-point link, and then enable forwarding on the link.

DUAL OUTDOOR(config)#wds mac-address 1 00-12-34-56-78-9a 7-43 DUAL OUTDOOR(config)#wds enable 7-44 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show wds 7-44

Outdoor_Mode : SLAVE ================================================== Port ID | Status | Mac-Address ================================================== 01 | ENABLE | 00-12-34-56-78-9A ================================================== DUAL OUTDOOR#

Bridge

The wireless bridge can store the MAC addresses for all known devices in the connected networks. All the addresses are learned by monitoring traffic received by the wireless bridge and are stored in a dynamic MAC address table. This information is then used to forward traffic directly between the Ethernet port and the corresponding wireless interface.

6-33

System Configuration

The Bridging page allows the MAC address aging time to be set for both the Ethernet port and the bridge radio interface. If the MAC address of an entry in the address table is not seen on the associated interface for longer than the aging time, the entry is discarded.

Bridge Aging Time – Changes the aging time for entries in the dynamic address table:

• Ethernet: The time after which a learned Ethernet port entry is discarded. (Range: 60-1800 seconds; Default: 100 seconds)

• Wireless 802.11a (g): The time after which a learned wireless entry is discarded. (Range: 60-1800 seconds; Default: 1800 seconds)

6-34

Advanced Configuration

CLI Commands for Bridging – The following example shows how to set the MAC address aging time for the wireless bridge.

DUAL OUTDOOR(config)#bridge timeout 0 300 7-46 DUAL OUTDOOR(config)#bridge timeout 2 1000 7-46 DUAL OUTDOOR(config)#exit DUAL OUTDOOR#show bridge 7-52

Bridge Information ================================================= Media Type | Age Time(sec)| ================================================= EtherNet | 300 | WLAN_A | 1000 | ==================================================

Bridge Id : 32768.037fbef192 Root Bridge Id : 32768.01f47483e2 Root Path Cost : 25 Root Port Id : 0 Bridge Status : Enabled Bridge Priority : 32768 Bridge Hello Time : 2 Seconds Bridge Maximum Age : 20 Seconds Bridge Forward Delay: 15 Seconds ============================= Port Summary ============================= Id| Priority | Path Cost | Fast Forward | Status | State | 0 128 25 Enable Enabled Forwarding

DUAL OUTDOOR#

6-35

System Configuration

Spanning Tree Protocol (STP)

The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the wireless bridge to interact with other bridging devices (that is, an STP-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.

STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device. Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device. All ports connected to designated bridging devices are assigned as designated ports. After determining the lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops.

Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the root bridge is down. This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology.

Enable – Enables/disables STP on the wireless bridge. (Default: Enabled)

6-36

Advanced Configuration

Forward Delay – The maximum time (in seconds) this device waits before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. (Range: 4-30 seconds)

• Default: 15

• Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]

• Maximum: 30

Hello Time – Interval (in seconds) at which the root device transmits a configuration message. (Range: 1-10 seconds)

• Default: 2

• Minimum: 1

• Maximum: The lower of 10 or [(Max. Message Age / 2) -1]

Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information (provided in the last configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network. (Range: 6-40 seconds)

• Default: 20

• Minimum: The higher of 6 or [2 x (Hello Time + 1)].

• Maximum: The lower of 40 or [2 x (Forward Delay - 1)]

Bridge Priority – Used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.)

• Range: 0-65535

• Default: 32768

Port Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.)

• Range: 1-65535

• Default: Ethernet interface: 19; Wireless interface: 40

6-37

System Configuration

Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.

• Default: 128

• Range: 0-240, in steps of 16

Port Fast (Fast Forwarding) – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end nodes cannot cause forwarding loops, they can pass directly through to the spanning tree forwarding state. Specifying fast forwarding provides quicker convergence for devices such as workstations or servers, retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events, does not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STP-related timeout problems. However, remember that fast forwarding should only be enabled for ports connected to an end-node device. (Default: Disabled)

Status – Enables/disables STP on this interface. (Default: Enabled)

6-38

Advanced Configuration

CLI Commands for STP – The following example configures spanning tree paramters for the bridge and wireless port 5.

DUAL OUTDOOR(config)#bridge stp-bridge priority 40000 7-49 DUAL OUTDOOR(config)#bridge stp-bridge hello-time 5 7-48 DUAL OUTDOOR(config)#bridge stp-bridge max-age 38 7-48 DUAL OUTDOOR(config)#bridge stp-bridge forward-time 20 7-47 DUAL OUTDOOR(config)#no bridge stp-port spanning-disabled 5 7-52 DUAL OUTDOOR(config)#bridge stp-port priority 5 0 7-50 DUAL OUTDOOR(config)#bridge stp-port path-cost 5 50 7-50 DUAL OUTDOOR(config)#no bridge stp-port portfast 5 7-51 DUAL OUTDOOR(config)#end DUAL OUTDOOR#show bridge 7-52

Bridge Id : 32768.037fbef192 Root Bridge Id : 32768.01f47483e2 Root Path Cost : 25 Root Port Id : 0 Bridge Status : Enabled Bridge Priority : 40000 Bridge Hello Time : 5 Seconds Bridge Maximum Age : 38 Seconds Bridge Forward Delay: 20 Seconds ============================= Port Summary ============================= Id| Priority | Path Cost | Fast Forward | Status | State | 0 128 25 Enable Enabled Forwarding

DUAL OUTDOOR#

6-39

System Configuration

RSSI

The RSSI value displayed on the RSSI page represents a signal to noise ratio. A value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold. This value can be used to align antennas (see page 4-6) and monitor the quality of the received signal for bridge links. An RSSI value of about 30 or more indicates a strong enough signal to support the maximum data rate of 54 Mbps. Below a value of 30, the supported data rate would drop to lower rates. A value of 15 or less indicates that the signal is weak and the antennas may require realignment.

The RSSI controls allow the external connector to be disabled and the receive signal for each WDS port displayed.

RSSI – The RSSI value for a selected port can be displayed and a representative voltage output can be enabled.

• Output Activate: Enables or disables the RSSI voltage output on the external RSSI connector. (Default: Enabled)

• Port Number: Selects a specific WDS port for which to set the maximum RSSI output voltage level. Ports 1-16 are available for a Master unit, only port 1 for a Slave unit. (Default: 1)

• Output Value: The maximum RSSI voltage level for the current selected WDS port. A value of zero indicates that there is no received signal or that the WDS port is disabled.

6-40

Radio Interface

Distance – This value is used to adjust timeout values to take into account transmit delays due to link distances in the wireless bridge network. For a point-to-point link, specify the approximate distance between the two bridges. For a point-to-multipoint network, specify the distance of the Slave bridge farthest from the Master bridge

• Mode: Indicates if the 802.11a radio is operating in normal or Turbo mode. (See

"Radio Settings A" on page 6-42.)

• Distance: The approximate distance between antennas in a bridge link.

Note: There are currently no equivalent CLI commands for the RSSI controls.

Radio Interface

The IEEE 802.11a and 802.11g interfaces include configuration options for radio signal characteristics and wireless security features. The configuration options are nearly identical, but depend on which interface is operating as the bridge band. Both interfaces and operating modes are covered in this section of the manual.

The access point can operate in the following modes:

• 802.11a in bridge mode and 802.11g in access point mode

• 802.11a in access point mode and 802.11g in bridge mode

• 802.11a and 802.11g both in access point mode (no bridging)

• 802.11a only in bridge or access point mode

• 802.11g only in bridge or access point mode

Note that 802.11g is backward compatible with 802.11b and can be configured to support both client types or restricted to 802.11g clients only. Both wireless interfaces are configured independently under the following web pages:

• Radio Interface A: 802.11a

• Radio Interface G: 802.11b/g

Note: The radio channel settings for the wireless bridge are limited by local

regulations, which determine the number of channels that are available.

6-41

System Configuration

Radio Settings A (802.11a)

The IEEE 802.11a interface operates within the 5 GHz band, at up to 54 Mbps in normal mode or up to 108 Mbps in Turbo mode.

Enable – Enables radio communications on the wireless interface. (Default: Enabled)

Description – Adds a comment or description to the wireless interface. (Range: 1-80 characters)

Network Name (SSID) – (Access point mode only) The name of the basic service set provided by the access point. Clients that want to connect to the network through the access point must set their SSID to the same as that of the access point. (Default: DualBandOutdoor; Range: 1-32 characters)

Note: The SSID is not configurable when the radio band is set to Bridge mode.

Secure Access – When enabled, the access point radio does not include its SSID in beacon messages. Nor does it respond to probe requests from clients that do not include a fixed SSID. (Default: Disable)

Turbo Mo de – The normal 802.11a wireless operation mode provides connections up to 54 Mbps. Turbo Mode is an enhanced mode (not regulated in IEEE 802.11a) that provides a higher data rate of up to 108 Mbps. Enabling Turbo Mode allows the wireless bridge to provide connections up to 108 Mbps. (Default: Disabled)

6-42

Radio Interface

Note: In normal mode, the wireless bridge provides a channel bandwidth of 20

MHz, and supports the maximum number of channels permitted by local regulations (e.g., 11 channels for the United States). In Turbo Mode, the channel bandwidth is increased to 40 MHz to support the increased data rate. However, this reduces the number of channels supported (e.g., 5 channels for the United States).

Radio Channel – The radio channel that the wireless bridge uses to communicate with wireless clients. When multiple wireless bridges are deployed in the same area, set the channel on neighboring wireless bridges at least four channels apart to avoid interference with each other. For example, in the United States you can deploy up to four wireless bridges in the same area (e.g., channels 36, 56, 149, 165). Also note that the channel for wireless clients is automatically set to the same as that used by the wireless bridge to which it is linked. (Default: Channel 60 for normal mode, and channel 42 for Turbo mode)

Auto Channel Select – Enables the wireless bridge to automatically select an unoccupied radio channel. (Default: Enabled)

Transmit Power – Adjusts the power of the radio signals transmitted from the wireless bridge. The higher the transmission power, the farther the transmission range. Power selection is not just a trade off between coverage area and maximum supported clients. You also have to ensure that high-power signals do not interfere with the operation of other radio devices in the service area. (Options: 100%, 50%, 25%, 12%, minimum; Default: 100%)

Normal Mode

Turbo Mode

Maximum Supported Rate – The maximum data rate at which the access point transmits unicast packets on the wireless interface. The maximum transmission distance is affected by the data rate. The lower the data rate, the longer the transmission distance. (Options: 54, 48, 36, 24, 18, 12, 9, 6 Mbps; Default: 54 Mbps)

Beacon Interval – The rate at which beacon signals are transmitted from the wireless bridge. The beacon signals allow wireless clients to maintain contact with the wireless bridge. They may also carry power-management information. (Range: 20-1000 TUs; Default: 100 TUs)

Data Beacon Rate – The rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions.

Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates how often the MAC layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using Power Save mode. The default value of 2 indicates that the wireless bridge will save all broadcast/multicast frames for the Basic Service Set

6-43

System Configuration

(BSS) and forward them after every second beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. (Range: 1-255 beacons; Default: 2 beacons)

Fragment Length – Configures the minimum packet size that can be fragmented when passing through the wireless bridge. Fragmentation of the PDUs (Package Data Unit) can increase the reliability of transmissions because it increases the probability of a successful transmission due to smaller frame size. If there is significant interference present, or collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. (Range: 256-2346 bytes; Default: 2346 bytes)

RTS Threshold – Sets the packet size threshold at which a Request to Send (RTS) signal must be sent to a receiving station prior to the sending station starting communications. The wireless bridge sends RTS frames to a receiving station to negotiate the sending of a data frame. After receiving an RTS frame, the station sends a CTS (clear to send) frame to notify the sending station that it can start sending data.

If the RTS threshold is set to 0, the wireless bridge always sends RTS signals. If set to 2347, the wireless bridge never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled.

The wireless bridges contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 0-2347 bytes: Default: 2347 bytes)

Maximum Associations – (Access point mode only) Sets the maximum number of clients that can be associated with the access point radio at the same time. (Range: 1-64 per radio: Default: 64)

6-44

Hirschmann BAT54, BAT54M Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual