Lancom OAP-54-1, OAC-54-1 User Manual

...connecting your business

LANCOM OAP-54-1 Wireless
LANCOM OAC-54-1 Wireless
LANCOM OAP-54-1 Wireless Bridge Kit

쮿

Handbuch

쮿

Manual

LANCOM OAP-54-1 Wireless
LANCOM OAC-54-1 Wireless

LANCOM OAP-54-1 Wireless Bridge Kit

© 2008 LANCOM Systems GmbH, Wuerselen (Germany). All rights reserved.

While the information in this manual has been compiled with great care, it may not be deemed an assurance of product
characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.

The reproduction and distribution of the documentation and software included with this product is subject to written per­mission by LANCOM Systems. We reserve the right to make any alterations that arise as the result of technical develop­ment.

All explanations and documents for registration of the products you find in the appendix of this documentation, if they
were present at the time of printing.

Trad ema rks

®

Windows

, Windows Vista™, Windows XP® and Microsoft® are registered trademarks of Microsoft, Corp.

The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other
names mentioned may be trademarks or registered trademarks of their respective owners.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http://www.openssl.org/

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com

).

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes the LZMA SDK written by Igor Pavlov.

Subject to change without notice. No liability for technical errors or omissions.

LANCOM Systems GmbH

Adenauerstr. 20/B2

52146 Wuerselen

Germany

www.lancom.eu

Wuerselen, Juli 2008

.

110610/0708

Preface

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Preface

Thank you for placing your trust in this

The LANCOM OAP/OAC-54-1 Wireless are designed to offer high-performance
wireless LAN in tough environments.

The housing that conforms with IP67 and the facilities for sturdy mounting on
walls or poles all make the LANCOM OAP-54-1 Wireless ideally suited for loca­tions where the demands on stability and robustness are at their highest–in
temperatures from - 30° up to +70°C.

With the integrated 54/108 Mbps WLAN module according to IEEE 802.11a/
h or IEEE 802.11b/g the LANCOM OAP-54-1 Wireless work in the 2,4 or 5 GHz
frequency range.

The modells of the LANCOM OAP/OAC-54-1 Wireless series can be configured
in standalone, managed and client mode (LANCOM OAC-54-1 Wireless client
mode only). In managed mode, the access point can be securely managed by
the LANCOM WLAN Controller.

Model variants

This documentation is intended for LANCOM OAP/OAC-54-1 Wireless users.
The following models are available:

 The LANCOM OAP-54-1 Wireless with one integrated WLAN module and

one integrated antenna for access point operation or as hot spot with
addionional software option.

 The LANCOM OAC-54-1 Wireless with one integrated WLAN module and

one integrated antenna for client mode operation only.

 The LANCOM OAP-54-1 Wireless Bridge Kit comes as bundle with two

LANCOM OAP-54-1 Wireless for the quick set up of point to point connec­tions (WLAN bridge).

LANCOM Systems

product.

EN

Model
restrictions

In the following parts of this documentation the LANCOM OAP-54-1



Wireless Bridge Kit is referenced only, when special features of the
bundle are described. In all other cases the descriptions for the
LANCOM OAP-54-1 Wireless are valid for the LANCOM OAP-54-1
Wireless Bridge Kit too.

Passages applying only to certain models are identified either in the text itself
or by a comment in the margin.

3

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Preface

Otherwise the documentation refers to all models collectively as the LANCOM
OAP/OAC-54-1 Wireless series.

Security settings

To maximize the security available from your product, we recommend that you
undertake all of the security settings (e.g. firewall, encryption, access protec­tion) that were not already activated when you purchased the product. The

EN

LANconfig Wizard 'Security Settings' will help you with this task. Further infor­mation is also available in the chapter 'Security settings'.

We would additionally like to ask you to refer to our Internet site www.lan-

com.eu for the latest information about your product and technical develop-

ments, and also to download our latest software versions.

User manual and reference manual

The documentation of your device consists of the following parts:

 Installation guide
 User manual
 Reference manual

You are now reading the user manual. It contains all information you need to
put your device into operation. It also contains all of the important technical
specifications.

The reference manual can be found on the LANCOM product CD as an Acrobat
(PDF) document. It is designed as a supplement to the user manual and goes
into detail on topics that apply to a variety of models. These include, for
example:

 The system design of the operating system LCOS
 Configuration
 Management
 Diagnosis
 Security
 Routing and WAN functions
 Firewall
 Quality of Service (QoS)
 Virtual Private Networks (VPN)
 Virtual Local Networks (VLAN)
 Wireless networks (WLAN)

4

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Preface

 Backup solutions
 Further server services (DHCP, DNS, charge management)

This documentation was created by …

... several members of our staff from a variety of departments in order to
ensure you the best possible support when using your

In case you encounter any errors, or just want to issue critics enhancements,
please do not hesitate to send an email directly to:

info@lancom.eu

Our online services www.lancom.eu are available to you around the



clock should you have any queries regarding the topics discussed in
this manual or require any further support. The area 'Support' will
help you with many answers to frequently asked questions (FAQs).
Furthermore, the knowledgebase offers you a large reserve of infor­mation. The latest drivers, firmware, utilities and documentation are
constantly available for download.
In addition, LANCOM support is available. For telephone numbers and
contact addresses of LANCOM support, please see the enclosed leaf­let or the LANCOM Systems website.

LANCOM

product.

EN

Information symbols

Very important instructions. Failure to observe this may result in damage.



Important instruction that should be observed.



Additional information that may be helpful but which is not required.



5

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Content

Content

1 Introduction 9

1.1 What is a wireless LAN? 9

1.1.1 Modes of operation of wireless LANs and access points 9

1.2 Just what can your LANCOM OAP/OAC-54-1 Wireless do? 10

EN

2 Installation 14

2.1 Package contents 14

2.2 System requirements 15

2.2.1 Configuring the LANCOM devices 15

2.2.2 Operating access points in managed mode 15

2.3 Status displays and interfaces 15

2.3.1 LEDs of LANCOM OAP-54-1 Wireless and
LANCOM OAC-54-1 Wireless 16

2.3.2 Connectors of LANCOM OAP-54-1 Wireless and
LANCOM OAC-54-1 Wireless 17

2.3.3 Mounting and connectiong the LANCOM OAP-54-1
Wireless and LANCOM OAC-54-1 Wireless 19

2.4 Software installation 25

2.4.1 Starting the software setup 25

2.4.2 Which software should I install? 26

3 Basic configuration 27

3.1 What details are necessary? 27

3.1.1 TCP/IP settings 27

3.1.2 Configuration protection 29

3.2 Instructions for LANconfig 29

3.3 Instructions for WEBconfig 31

3.4 TCP/IP settings to workstation PCs 36

6

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Content

4 Security settings 37

4.1 Security for the Wireless LAN 37

4.1.1 Closed network 37

4.1.2 Access control via MAC address 38

4.1.3 LANCOM Enhanced Passphrase Security 38

4.1.4 Encryption of the data transfer 39

4.1.5 802.1x / EAP 39

4.1.6 IPSec over WLAN 40

4.2 Tips for handling keys 40

4.3 The security settings wizard 40

4.3.1 Wizard for LANconfig 41

4.3.2 Wizard for WEBconfig 42

4.4 The security checklist 42

5 Advanced wireless LAN configuration 45

5.1 WLAN configuration with the wizards in LANconfig 45

5.2 Point-to-point connections 47

5.2.1 Geometric dimensioning of outdoor wireless
network links 48

5.2.2 Antenna alignment for P2P operations 52

5.3 Configuration of P2P connections 54

5.3.1 Security for point-to- point connections 56

5.4 Client mode 58

5.4.1 Client settings 59

5.4.2 Set the SSID of the available networks 60

5.4.3 Encryption settings 61

EN

6 Setting up Internet access 63

6.1 The Internet Connection Wizard 64

6.1.1 Instructions for LANconfig 64

6.1.2 Instructions for WEBconfig 65

6.2 The Firewall Wizard 65

6.2.1 LANconfig Wizard 65

6.2.2 Configuration under WEBconfig 66

7

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Content

7 Options and accessories 67

7.1 Optional LANCOM WLAN antennas 67

7.1.1 Antenna Diversity 68

7.1.2 Installation of AirLancer Extender antennas 68

7.2 LANCOM Public Spot Option 69

8 Troubleshooting 71

EN

8.1 No DSL connection is established 71

8.2 DSL data transfer is slow 71

8.3 Unwanted connections under Windows XP 72

9 Appendix 73

9.1 Performance data and specifications 73

9.2 Contact assignment 74

9.2.1 LAN/WAN interface 10/100Base-TX, DSL interface 74

9.2.2 Configuration interface (Outband) 74

9.3 Declaration of conformity 75

10 Index 76

8

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 1: Introduction

1Introduction

1.1 What is a wireless LAN?

The following sections describe the functionality of wireless networks



in general. You can see from the table 'What your LANCOM can do'
further below which functions your device supports. Please refer to
the reference manual for further information on this topic.

A wireless LAN connects individual end-user devices (PCs and mobile compu­ters) to form a local network (also called – Local Area Network). In contrast
to a traditional LAN, communication takes place over a wireless connection
and not over network cables. For this reason it is called a Wireless Local Area
Network (WLAN).

A wireless LAN provides the same functionality as a cable-based network:
Access to files, servers, printers etc. as well as the integration of individual
work stations into a corporate mail system or access to the Internet.

There are obvious advantages to wireless LANs: Notebooks and PCs can be
installed where they are needed—problems with missing connections or
structural changes are a thing of the past with wireless networks.

Apart from that, wireless LANs can also be used for connections over longer
distances. Expensive leased lines and the associated construction measures
can be saved.

EN

LANCOM Wireless Routers and LANCOM Access Points can be opera-



ted either as self-sufficient Access Points with their own configuration
(WLAN modules in "Access Point mode“) or as components in a WLAN
infrastructure, which is controlled from a central WLAN- Controller
("managed mode"). Please observe the corresponding notices to this
in this documentation.

1.1.1 Modes of operation of wireless LANs and access points

Wireless LAN technology and access points in wireless LANs are used in the
following modes of operation:

 Simple, direct connection between terminal devices with an access point

(ad-hoc mode)

 Extensive wireless LANs, possibly connected to a LAN, with one or more

access points (infrastructure network)

9

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 1: Introduction

 Transmission of VPN-encrypted connections with VPN pass through
 Establishing access to the Internet
 Connecting two LANs over a wireless link (point-to-point mode)
 Connecting devices with an Ethernet interface via an access point (client

mode)

 Extending an existing Ethernet network with a wireless LAN (bridge mode)
 Relay function for connecting networks via multiple access points

EN

 Central administration using a LANCOM WLAN Controller

1.2 Just what can your LANCOM OAP/OAC-54-1 Wireless do?

The following table provides a comparison of the properties and functions of
your device.

Operating modes

Point-to-point mode (six P2P paths can be defined per
WLAN interface)

Access point mode

Client mode

Managed mode for central configuration of WLAN mod­ules by a WLAN Controller

IP router

Applications

Outdoor operation in tough environments with extreme
temperature ranges(-30 °C up to +70 °C)

Internet Access

Stateful Inspection Firewall

DHCP and DNS server (for LAN)

DHCP and DNS client (for WAN)

N:N mapping for routing networks with the same IP­address ranges

LANCOM

OAP-54-1

Wireless

LANCOM

OAC-54-1

Wireless

✔

✔

✔✔

✔

✔✔

✔✔

✔

✔

✔✔

✔

✔✔

10

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 1: Introduction

Policy-based routing

VRRP

PPPoE Server

WAN RIP

Spanning Tree protocol

Layer 2 QoS tagging

WLAN

Wireless transmission by IEEE 802.11g and IEEE 802.11b

Wireless transmission by IEEE 802.11a and IEEE 802.11h

Integrated antenna with antenna gain 13.5 dBi at 2.4
GHz and 15.5 dBi at 5 GHz

Turbo Modus: Bandbreitenverdopplung im 2,4 GHz- und
5 GHz-Bereich

Super AG inkl. Hardware-Compression und Bursting

Multi SSID

Roaming function

802.11i / WPA with hardware AES encryption

WEP encryption (up to 128 Bit key length, WEP152)

IEEE 802.1x/EAP Authenticator and supplicant in client
mode

IEEE 802.1x/EAP supplicant only in client mode

MAC address filter (ACL)

Individual passphrases per MAC address (LEPS)

Closed network function

Integrated RADIUS server

VLAN

LANCOM

OAP-54-1

Wireless

LANCOM

OAC-54-1

Wireless

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔

✔

Client only

✔✔

✔✔

✔

✔

✔

✔

✔

✔

✔✔

EN

11

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 1: Introduction

EN

Intra-Cell Blocking

WLAN QoS (IEEE 802.11e, WME)

LAN connection

Fast Ethernet LAN port (10/100Base-TX)

Power-over-Ethernet (PoE)

DHCP and DNS server

WAN connection

Connection for DSL modem (DSLoL)

Internet connection (IP-Router)

Stateful Inspection Firewall

Firewall filters (IP addresses, ports)

IP-Masquerading (NAT, PAT)

Quality of Service (QoS)

Power supply

Power-over-Ethernet (PoE) according to IEEE 802.3af

Configuration and firmware

Configuration with LANconfig or with web browser,
additionally terminal mode for Telnet or other terminal
programs, SNMP interface and TFTP server function.,
SSH connection.

Setup wizards

FirmSafe with firmware versions for absolutely secure
software upgrades

Monitoring and management of the WLAN with Rogue
AP Detection

Optional software extensions

LANCOM Public Spot Option

LANCOM

OAP-54-1

Wireless

LANCOM

OAC-54-1

Wireless

✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔✔

✔

✔

12

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 1: Introduction

Optional hardware extensions

AirLancer Extender antennas for increased range

Housing

IP66-rated housing for deployment in extreme environ­ments

LANCOM

OAP-54-1

Wireless

LANCOM

OAC-54-1

Wireless

✔✔

✔✔

EN

13

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

2 Installation

This chapter will assist you to quickly install hardware and software. First,
check the package contents and system requirements. The device can be
installed and configured quickly and easily if all prerequisites are fulfilled.

2.1 Package contents

EN

Please check the package contents for completeness before starting the
installation. In addition to the base station itself, the package should contain
the following accessories:

LANCOM

OAP-54-1

Wireless

LANCOM OAP-54-1 Wireless 1 2

LANCOM OAC-54-1 Wireless 5

LAN cable for connecting to PoE Injector with waterproof
screw connections, 15 m

External 360° dualband antennas with N-plug 2

Mast and wall mount accessories

PoE Port Injektor 1 5 2

Power cable for PoE Power Injector 1 5 2

Grounding cable with srews 1 5 2

Terminator for a free antanna connector 1 5 2

Serial configuration cable 1 1 1

Plug for resetting the device via serial interface 1 1 1

Surge protector AirLancer Extender SA-LAN 2

LANCOM CD

Printed documentation

152

✔✔✔

✔✔✔

✔✔✔

LANCOM

OAC-54-1

Wireless

LANCOM
OAP-54-1

Wireless

Bridge Kit

14

If anything is missing, please contact your retailer or the address stated on the
delivery slip of the unit.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

2.2 System requirements

2.2.1 Configuring the LANCOM devices

Computers that connect to a LANCOM must meet the following minimum
requirements:

 Operating system that supports TCP/IP, e.g. Windows Vista™,

Windows XP, Windows Millennium Edition (Me), Windows 2000, Win­dows 98, Linux, BSD Unix, Apple Mac OS, OS/2.

 Access to the LAN via the TCP/IP protocol.
 Wireless LAN adapter or LAN access (if the access point is to be connected

to the LAN).

The LANtools also require a Windows operating system. A web brow-



ser under any operating system provides access to WEBconfig.

2.2.2 Operating access points in managed mode

LANCOM Wireless Routers and LANCOM Access Points can be operated either
as self-sufficient Access Points with their own configuration ("Access Point
mode“) or as components in a WLAN infrastructure, which is controlled from
a central WLAN-Controller ("managed mode").

 Chapter 2: Installation

EN

2.3 Status displays and interfaces

Meanings of the LEDs

In the following sections we will use different terms to describe the behaviour
of the LEDs:

 Blinking means, that the LED is switched on or off at regular intervals in

the respective indicated colour.

 Flashing means, that the LED lights up very briefly in the respective

colour and stay then clearly longer (approximately 10x longer) switched
off.

 Inverse flashing means the opposite. The LED lights permanently in the

respective colour and is only briefly interrupted.

 Flickering means, that the LED is switched on and off in irregular inter-

vals.

15

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

2.3.1 LEDs of LANCOM OAP-54-1 Wireless and LANCOM OAC-54-1 Wireless

The front panel of the unit feature a series of light emitting diodes (LEDs) that
provide information on the status of the device.

EN



Power

This LED provides information on the device's operating state. After being
switched on, it blinks green during the self-test. The LED then shines con­stantly to indicate operational readiness, unless an error is detected as indi­cated by a code blinked in red.

Off Device switched off

Green On (perma-

Red Blinking The device is locked because location verification was

nently)

쐃쐇 쐋

Device operational

not successful



16

WLAN Link

The power LED blinks alternately in green until a configuration pass-



word has been set. Without a configuration password, the configura­tion data in the LANCOM are unprotected. Normally you would set a
configuration password during the basic configuration (instructions in
the following chapter). Information about setting a configuration
password at a later time is available in the section 'The Security
Wizard'.

Provides information about the WLAN connections via the internal WLAN
module.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

The following can be displayed for WLAN link:

 Chapter 2: Installation



ETH

Off No WLAN network defined or WLAN module deactiva-

Green At least one WLAN network is defined and WLAN

Green Inverse flashing Number of flashes = number of connected WLAN stati-

Green Blinking DFS scanning or other scan procedure.

LAN connector status:

Off No networking device attached

Green On (perma-

Green Flickering Data traffic

nently)

ted. The WLAN module is not transmitting beacons.

module activated. The WLAN module is transmitting
beacons.

ons and P2P wireless connections, followed by a pause
(default).
Alternatively, the frequency of the flashed can indicate
the input sensitivity.

Connection to network device operational, not data traffic

2.3.2 Connectors of LANCOM OAP-54-1 Wireless and LANCOM OAC­54-1 Wireless

The connections and switches of the LANCOM OAP-54-1 Wireless and
LANCOM OAC-54-1 Wireless are located on the bottom side.

EN

쐋쐃쐇

쐏

쐄

쐂

쐃 Earth cable connector.

쐇 Connector for serial configuration cable and reset plug (see 'The reset

function').

쐋 Aux connector for external antennas. Diversity antennas are connected to

the Aux connector.

17

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

쐏 Goretex membrane for compensation of fluctuations in pressure and

humidity.

쐄 Main connector for external antennas. Additional AirLancer antennas are

connected to the Main connectors if necessary. The integrated RF switch
automatically changes to the usage of an external antenna.

쐂 10/100Base-Tx for connection to the LAN. Both 10 Mbit or 100 Mbit con-

EN

nections are supported. The available transfer rate is detected automati­cally (autosensing). The LAN connection features an automatic MDI/MDIX
detector enabling the use of cross-over cables.
The LAN connector on the LANCOM OAP/OAC-54-1 Wireless supports
Power over Ethernet (PoE).

The reset function

Via the serial interface the device can either be bootet (restarted) or reset (to
the factory settings).

Unsrew the fitting of the “COM/Reset” interface at the bottom of the device.
Insert the reset plug to the serial interface. Via this plug, two connectors of
the interface are bridged, which starts the reset process.

Press the reset plug briefly to re-start the device. Pressing the button for 5
seconds or longer restarts the device and resets the configuration to its factory
settings. All LEDs on the device light up continuously. Once the switch is
released the device will restart with the restored factory settings.

18

After resetting, the device starts completely unconfigured and all



settings are lost. If possible be sure to backup the current device
configuration before resetting.

After resetting, the LANCOM Access Point returns to managed mode,



in which case the configuration cannot be directly accessed via the
WLAN interface!



Material

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

2.3.3 Mounting and connectiong the LANCOM OAP-54-1 Wireless and LANCOM OAC-54-1 Wireless

Before mounting external antennas, please observe the information on lightning pro­tection in the LANCOM Outdoor Wireless Guide. Mounting antennas without adequate
lightning protection could lead to serious damage to the access point and the network
infrastructure connected to it.

The material from the LANCOM OAP/OAC-54-1 Wireless includes beside the
screws, nuts and locking rings the following components:

쐃쐇

쐋

EN

쐃 Mounting arm

쐇 Connector flange for the Access Point

쐋 clamp profile

햲 Screw the Connector flange for the Access Point with the four M5 x 12-

screws as well as with the appropriate washers to the rear of the chassis.

19

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

Preparationg

EN

햳 Prepare for the mounting bores at the wall. Use for this the mounting arm

as a stencil. Screw the mounting arm 쐃 with the enclosed screws and
dowels at the wall.

Wall mounting

Wall mounting

20

햴 Attach the Access Point with the connector flange at the mounting arm.

Use for this the M8 x 110-screw with the locking washer, washer and nut.

햵 Place for the pole mounting the clamp profile around the pole. Screw the

clamp profile with the M8 x 110-screws at the mounting arm.

Pole mounting

Adjusting of the
Access Point

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

EN

햶 To change the main beam direction of the integrated antennas, you can

bend the Access Point up or down with the connector flange opposite the
mounting arm.

Installation of the LANCOM OAP/OAC-54-1 Wireless

For the installation of the LANCOM OAP/OAC-54-1 Wireless proceed as fol­lows:

햲 Earth connection - attach the earth cable to the earth screw of the

LANCOM OAP/OAC-54-1 Wireless and to a suitable earthed conductor.

When mounting the LANCOM OAP/OAC-54-1 Wireless on poles or



walls it may be necessary to earth the housing to avoid dangerous dif­ferences in potential. For grounding the LANCOM OAP/OAC-54-1

21

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

Wireless please observe the information on lightning protection in the
attached LANCOM Outdoor Wireless Guide.

햳 Optional: Antenna terminal LANCOM OAP-54-1 Wireless – screw the sup-

plied diversity antennas onto the two N connectors on the bottom side of
the LANCOM OAP/OAC-54-1 Wireless.

When assembling separately purchased mobile radio antennas please



EN

note that the maximum allowed transmission power of the wireless
LAN according to EIRP in the country in question may not be
exceeded. The system operator is responsible for adhering to the
threshold values.

The employment of the AirLancer Extender SA-5L for internal light-



ning protection is essential under all circumstances—the
AirLancer Extender SA-5L is always mounted between the Access
Point and the antenna, preferably as near as possible to the antenna.

Antennas are only to be attached or changed when the device is



switched off. Mounting or demounting antennas while the device
switched on may cause the destruction of the WLAN module!

22

햴 LAN—The LAN connector is also used to supply power to the LANCOM

OAP/OAC-54-1 Wireless. Plug in the water-proof power cable to the LAN
port on the underside of the device and carefully tighten the threaded
connector. Connect the other end of the power cable to the 'Power Out'
connector on the supplied PoE Injector.

햵 DSLoL – If you want to use your access point in DSLoL mode, you can

either connect the device directly to the DSL modem (exclusive mode) or
to a hub resp. switch of the cable-bound LAN (automatic mode).

 For the exclusive mode insert the included network cable (green

plugs) into the LAN connector of the device and the other end into the
corresponding interface of the DSL modem.

 For the automatic mode for simultaneous operating with LAN and

DSLoL insert the included network cable (green plugs) into the LAN
connector of the device and the other end into a free network con­necting socket of your local network (resp. into a free socket of a hub/
switch).

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

More information about using a LAN interface for DSLoL can be found in
the following information box → ’LAN interface: exclusive or in parallel
for DSLoL.

LAN interface: exclusive or in parallel for DSLoL

There are two principle DSLoL operation modes available. Either use the exclusive mode when
connecting your LANCOM Access Point directly to a DSL modem, or use the automatic mode
when connecting the Access Point to a hub or switch of a cable-bound LAN, and connect this
hub/switch again to the DSL modem. If
the Access Point is broadcasted as gate­way via DHCP, computers in LAN and
WLAN can use the internet connection
simultaneously via one physical inter­face. Set the desired mode in LANconfig
in the Interface settings of the DSLoL
interface.

DSLoL supports all PPPoE-based Internet access lines, as well as those that are sup-



plied with a access router with multiple fixed IP addresses (such as many SDSL busi­ness lines).

EN

햶 PoE—the 'LAN In' connector of the supplied PoE Injector should be con-

nected via a normal Ethernet cable to an available network connection
socket in your local network (e.g. an available socket on a hub or switch)
and the PoE Injector connected with the electricity supply.

Information about the installation of PoE can be found in the information
box 'Power over Ethernet—elegant power supply over LAN cabling'
above.

Please observe the information in the documentation supplied with the
PoE Injector.

Use only the supplied PoE Injector for the power supply of the



LANCOM OAP/OAC-54-1 Wireless. Pay particular care not to connect
the PoE Injector to normal Ethernet devices!

햷 Ready for operation? —the Power LED permanently lights up in green as

soon as the device receives power. The LEDs subsequently display the
operational status.

23

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

Power over Ethernet – the elegant power supply via LAN cabling

LANCOM Access Points are prepared for the PoE power supply (Power-over-Ethernet), corre­sponding to the 802.3af standard. PoE-enabled network devices can be comfortably supplied
with power feeding through the LAN wiring. A separate external power supply for each base
station is unnecessary, which reduces the installation complexity considerably.

The power feeding into the LAN happens at a central position, either via a PoE power injector,

EN

or via a so-called powerhub/powerswitch. For the LAN wiring is to note that all 8 wires must
be available by the cabling. PoE feeds the power over those four wires, which are normally not
used for data transfer.

Installation of single devices

Installation of several devices

Switch

230 V

PoE - 48 V

Power Injector

ACCESS POINT

230 V

PoE Switch 48 V

Power switch

ACCESS POINTACCESS POINT

The PoE supply works only in such network segments, in which exclusively PoE-capable devices
are operating. The protection of network devices without PoE support is guaranteed by an intel­ligent mechanism, that tests the network segment for devices without PoE support before start­ing the PoE power feeding. The power is only switched onto the segment, if only devices with
PoE support were detected.

In a PoE installation use exclusively devices which correspond to the 802.3af standard!



For damages caused by inadmissible devices no warranty may be claimed.

24

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

2.4 Software installation

The following section describes the installation of the Windows-compatible
system software LANtools, as supplied.

You may skip this section if you use your LANCOM OAP/OAC-54-1



Wireless exclusively with computers running operating systems other
than Windows.

2.4.1 Starting the software setup

Place the product CD into your drive. The setup program will start automati­cally.

If the setup does not start automatically, run AUTORUN.EXE in the



root directory of the LANCOM CD.

In Setup, select Install software. The following selection menus will appear
on screen:

 Chapter 2: Installation

EN

25

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 2: Installation

2.4.2 Which software should I install?

 LANconfig is the Windows configuration program for all LANCOM rou-

ters and LANCOM access points. WEBconfig can be used alternatively
or in addition via a web browser.

 With LANmonitor you can use a Windows computer to monitor all of

your LANCOM routers and LANCOM access points.

EN

 WLANmonitor enables the observation and surveillance of wireless

LAN networks. Clients connected to the access points are shown, and
even non-authenticated access points and clients can be displayed as
well (rogue AP detection and rogue client detection).

 With Documentation you copy the documentation files onto your PC.

Select the appropriate software options and confirm your choice with Next.
The software is installed automatically.

26

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

3 Basic configuration

The basic configuration is conducted with a convenient Setup Wizard that
provides step-by-step guidance through the configuration and that requests
any necessary information.

First of all this chapter presents the information that has to be entered for the
basic configuration. This first section will help you to gather up all of the
necessary data before you start the Wizard.

You subsequently enter this information into the Setup Wizard. Starting the
program and the following procedure are described step by step. LANconfig
and WEBconfig each have their own description. With all of the necessary
information collected in advance, this basic configuration can now take place
quickly and in ease.

At the end of this chapter we show you the necessary settings for the work­place computers in the LAN so that they can access the device without pro­blem.

3.1 What details are necessary?

The Basic Settings Wizard is used to set the LANCOM OAP/OAC-54-1 Wirelesss
basic TCP/IP parameters and to protect the device with a configuration pass­word. The following description of the information required by the wizard is
divided into the following configuration sections:

 TCP/IP settings
 Protecting the configuration
 Security settings

EN

3.1.1 TCP/IP settings

TCP/IP configuration can be performed in two different ways: Either fully auto­matically or manually. No user input is required if TCP/IP configuration is per­formed automatically. All parameters are set by the Setup Wizard on its own.
When manual TCP/IP configuration is performed the wizard prompts for the
usual TCP/IP parameters: IP address, network mask etc. (more on this later)

The fully automatic TCP/IP configuration is only possible in certain network
environments. For this reason the Setup Wwizard analyses the connected LAN
to see whether fully automatic configuration is possible or not.

27

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

New LAN – fully automatic configuration possible

The setup wizard offers to configure TCP/IP fully automatically if no network
devices connected have yet been configured. This usually happens in the fol­lowing situations:

 Only a single PC is going to be attached to the LANCOM OAP/OAC-54-1

Wireless

 Setting up a new network

EN

Fully automatic TCP/IP configuration will not be offered if you are integrating
the LANCOM OAP/OAC-54-1 Wireless into an existing TCP/IP LAN. In this case
please continue with the section 'Required information for manual TCP/IP
configuration'.

The result of fully automatic TCP/IP configuration is as follows: The LANCOM
OAP/OAC-54-1 Wireless is assigned the IP address '172.23.56.254' (network
mask '255.255.255.0'). The integrated DHCP server is also activated so that
the LANCOM OAP/OAC-54-1 Wireless can assign the devices in the LAN IP
addresses automatically.

Should you still configure manually?

Fully automatic TCP/IP configuration is optional. Instead of this you can select
manual configuration. Make this selection after considering the following:

 Select automatic configuration if you are not familiar with networks and

IP addresses.

 Select manual TCP/IP configuration if you are familiar with networks and

IP addresses and one of the following statements is true:

 You have not yet used any IP addresses in your network but would like

to now; You would like to specify the IP address for the router yourself
and would like to assign it a user-defined address from one of the
address ranges reserved for private use, for example '10.0.0.1' with
a network mask of '255.255.255.0'. If you do this you simultaneously
specify the address range that the DHCP server will subsequently use
for the other devices in the network (provided the DHCP server is acti­vated).

 You have so far also used IP addresses on the computers in the LAN.

28

Required information for manual TCP/IP configuration

When performing manual TCP/IP configuration the Setup Wwizard prompts
you for the following information:

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

 DHCP mode of operation

 Off: The IP addresses required must be entered manually.
 Server: The LANCOM OAP/OAC-54-1 Wireless operates as DHCP server

in the network; as a minimum its own IP address and the network
mask must be assigned.

 Client: The LANCOM OAP/OAC-54-1 Wireless obtains its address infor-

mation from another DHCP server; no address information is required.

 IP address and network mask for the LANCOM OAP/OAC-54-1

Wireless
Assign the LANCOM OAP/OAC-54-1 Wireless a free IP address from your
LAN's address range and enter the network mask.

 Gateway address

Enter the gateway's IP address if you have selected 'Off' as the DHCP
mode of operation or if another network device is assuming the role of
gateway in the 'Server' mode of operation.

 DNS server

Enter the IP address of a DNS server to resolve domain names if you have
selected 'Off' as the DHCP mode of operation or if another network device
is assuming the role of DNS server in the 'Server' mode of operation.

EN

3.1.2 Configuration protection

Using a password secures access to the LANCOM OAP/OAC-54-1 Wireless's
configuration and thus prevents unauthorized modification. The device's con­figuration contains a great deal of sensitive data such as data for Internet
access and should be protected by a password in all cases.

Multiple administrators can be set up in the configuration of the



LANCOM, each with differing access rights. Up to 16 different admi­nistrators can be set up for a LANCOM OAP/OAC-54-1 Wireless.
Further information can be found in the LCOS reference manual under
“Managing rights for different administrators”.

3.2 Instructions for LANconfig

햲 Start up LANconfig by clicking Start  Programs  LANCOM 

LANconfig. LANconfig automatically detects the new LANCOM devices in

the TCP/IP network.

29

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

햳 If an unconfigured device is being found during searching, the setup

wizard starts that will help you make the basic settings of the device or
will even do all the work for you (provided a suitable network environment
exists).

EN

If the setup wizard does not start automatically, start a manual search



for new devices in the network (Device  Find).

If you cannot access an unconfigured LANCOM, the problem may be



due to the netmask of the LAN: with less than 254 possible hosts (net­mask > '255.255.255.0'), please ensure that the IP address
'x.x.x.254' is located in your own subnet.

If you have chosen automatic TCP/IP configuration, please continue with
Step 햶.

30

햴 If you would like to configure the TCP/IP settings manually, assign an avai-

lable address from a suitable address range to the LANCOM. Confirm your
choice with Next.

햵 Specify whether or not the router should act as a DHCP server. Make your

selection and confirm with Next.

햶 In the following window, specify the password for configuration access.

Note that the password is case-sensitive and ensure that it is sufficiently
long (at least 6 characters).

In addition, you may specify whether the device may only be configured
from the local network or whether remote configuration via the WAN (i.e.
a remote network) is also permissible.

Please note that enabling this will also permit remote configuration



via the Internet. You should always make sure that the configuration
access is protected with a password.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

햷 Enter the wireless parameters. Select a network name (SSID) and a radio

channel. Turn on if necessary the function for ’closed network’. Confirm
your choice with Next.

햸 In the next window, select your DSL provider from the list that is displayed.

If you select 'My provider is not listed here,' you must enter the transfer
protocol used by your DSL provider manually. Confirm your choice with
Next.

햹 Connect charge protection can limit the cost of DSL connections to a pre-

determined amount if desired. Confirm your choice with Next.

햺 Complete the configuration with Finish.

Section 'TCP/IP settings to workstation PCs' will describe the settings



required for the individual workstations in the LAN.

3.3 Instructions for WEBconfig

To configure the device with WEBconfig you must know how to address it in
the LAN. The reaction of the devices, as well as their accessibility for configu­ration via web browser is dependent on whether a DHCP server and a DNS
server are already active in the LAN, and whether these two server processes
exchange the assignment of IP addresses to symbolic names within the LAN
between each other.

After powered on, unconfigured LANCOM devices check first, whether a DHCP
server is already active in the LAN. Dependent on the situation, the device is
able to switch on its own DHCP server or, alternatively, to activate its DHCP
client mode. In this second operating mode, the device itself can obtain an IP
address from a DHCP server already existing in the LAN.

EN

Not for centrally
managed LANCOM
Wireless Router or
LANCOM Access
Points

If a LANCOM Wireless Router or LANCOM Access Point is centrally



managed from a LANCOM WLAN Controller, the DHCP mode is swit­ched from auto-mode to client mode.

Network without DHCP server

In a network without DHCP server, unconfigured LANCOM devices activate
their own DHCP server service after starting, and assign appropriate IP
addresses and gateway information to the other workstations within the LAN,
provided that the workstations are set to obtain their IP address automatically
(auto-DHCP). In this constellation, the device can be accessed with any web

31

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

browser from each PC with activated auto-DHCP function through the name
LANCOM or by its IP address 172.23.56.254.

http://LANCOM

EN

If the configuration PC does not obtain its IP address from the LANCOM DHCP
server, figure out the current IP address of this PC (with Start  Execute 
cmd and command ipconfig at the prompt under Windows 2000 or Windows
XP, with Start  Execute  cmd and the command winipcfg at the prompt
under Windows Me and Windows 9x, or with the command ifconfig on the
console under Linux). In this case, the LANCOM is reachable under the IP
address x.x.x.254 ( “x” stands for the first three blocks in the IP address of
the configuration PC).

Network with DHCP server

If a DHCP server is active in the LAN to assign IP addresses, an unconfigured
LANCOM device will turn off its own DHCP server. It will change into DHCP
client mode and will obtain an IP address from the DHCP server of the LAN.
This IP address is not known at first. The accessibility of the device depends
on the name resolution:

 If there is a DNS server for name resolution in the LAN, which interchan-

ges the assignment of IP addresses to names with the DHCP server, then
the device can be accessed by the name “LANCOM <MAC address>” (e.g.
“LANCOM-00a057xxxxxx”).

http://172.23.56.254

32

http://LANCOM-00a05700094A

The MAC address can be found on a label at the bottom of the device.



 If there is no DNS server in the LAN, or it is not linked to the DHCP server,

then the device can not be reached by the name. The following options
remain in this case:

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

 Figure out the DHCP-assigned IP address of the LANCOM by suitable

tools and contact the device directly with this IP address.

 Use LANconfig.

Starting the wizards in WEBconfig

햲 Start your web browser (e.g. Internet Explorer, Firefox, Opera) and call the

LANCOM there:

http://<IP address of the LANCOM>

(or with a name as discribed above)

If you cannot access an unconfigured device, the problem may be due



to the netmask of the LAN: with less than 254 possible hosts (netmask
> '255.255.255.0'), please ensure that the IP address 'x.x.x.254' is
located in your own subnet.

The WEBconfig main menu will be displayed:

EN

33

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

EN

34

The setup wizards are tailored precisely to the functionality of the spe-



cific LANCOM model. As a result, your device may offer different
wizards than those shown here.

If you have chosen automatic TCP/IP configuration, please continue with
Step 햴.

햳 If you would like to configure the TCP/IP settings manually, assign an avai-

lable address from a suitable address range to the LANCOM. Also set
whether or not it is to operate as a DHCP server. Confirm your entry with
Apply.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

햴 Enter the wireless parameters. Select a network name (SSID) and a radio

channel. Turn on if necessary the function for ’closed network’. Confirm
your choice with Next.

햵 In the following 'Security settings' window, specify a password for confi-

guration access. Note that the password is case-sensitive and ensure that
it is sufficiently long (at least 6 characters).

You may specify whether the device may only be configured from the local
network or whether remote configuration via the WAN (i.e. a remote net­work) is also permissible.

Please note that enabling this will also permit remote configuration



via the Internet. You should always make sure that the configuration
access is suitably protected, e.g. with a password.

Entering the password in the web browser

When you are prompted for a user name and
password by your web browser when accessing
the device in the future, enter your personal
values to the corresponding fields. Please note
that the password is case-sensitive.

If you are using the common configuration
account, enter the corresponding password only.
Leave the user name field blank.

햶 In the next window, select your DSL provider from the list that is displayed.

Confirm your choice with Apply.

If you select 'My provider is not listed here,' you must enter the transfer
protocol used by your DSL provider manually in the next window. Confirm
your choice with Apply.

EN

Entering the configuration password

햷 Connect charge protection can limit the cost of DSL connections to a pre-

determined amount if desired. Confirm your choice with Apply.

햸 The basic setup wizard reports that all the necessary information has been

provided. You can end the wizard with Go on.

35

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 3: Basic configuration

3.4 TCP/IP settings to workstation PCs

The correct addressing of all devices within a LAN is extremely important for
TCP/IP networks. In addition, all computers must know the IP addresses of two
central points in the LAN:

 Default gateway – receives all packets that are not addressed to compu-

ters within the local network.

EN

 DNS server – translates network names (www.lancom.de) or names of

computers (www.lancom.de) to actual IP addresses.

The LANCOM can perform the functions of both a default gateway and a DNS
server. In addition, as a DHCP server it can also automatically assign valid IP
addresses to all of the computers in the LAN.

The correct TCP/IP configuration of the PCs in the LAN depends on the method
used to assign IP addresses within the LAN:

 IP address assignment via the LANCOM (default)

In this operating mode the LANCOM not only assigns IP addresses to the
PCs in the LAN, it also uses DHCP to specify its own IP address as that of
the default gateway and DNS server. The PCs must therefore be configu­red so that they automatically obtain their own IP address and the IP
addresses of the standard gateway and DNS server (via DHCP).

 IP address assignment via a separate DHCP server

The workstation PCs must be configured so that they automatically obtain
their own IP address and the IP addresses of the standard gateway and
DNS server (via DHCP). The IP address of the LANCOM must be stored on
the DHCP server so that the DHCP server transmits it to the PCs in the LAN
as the standard gateway. In addition, the DHCP server should also specify
the LANCOM as a DNS server.

 Manual IP address assignment

If the IP addresses in the network are assigned static ally, then for each PC
the IP address of the LANCOM must be set in the TCP/IP configuration as
the standard gateway and as a DNS server.

36

For further information and help on the TCP/IP settings of your



LANCOM, please see the reference manual. For more information on
the network configuration of the workstation computers, please refer
to the documentation of your operating system.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

4 Security settings

Your LANCOM device has numerous security functions. You find in this chapter
all information needed for an optimal protection of the base station.

You can carry out the configuration of security settings very quickly



and conveniently with the Security Wizards in LANconfig and
WEBconfig.

4.1 Security for the Wireless LAN

Reflecting on Wireless LANs often entails substantial doubts concerning secu­rity. Many people suppose that abuse of data transmitted via radio links is
relatively simple.

Wireless LAN devices by LANCOM Systems permit the employment of modern
security technologies:

 Closed network
 Access Control (via MAC addresses)
 LANCOM Enhanced Passphrase Security
 Encryption of data transfer (802.11i/WPA or WEP)
 802.1x / EAP
 optional IPSec over WLAN (VPN), in combination with external VPN gate-

way

EN

4.1.1 Closed network

Each Wireless LAN according to IEEE 802.11 has its own network name (SSID).
This network name serves as identification and enables administration of
Wireless LANs.

A Wireless LAN can be established in such a way that any user gets access to
this network. Such networks are called open networks. Any user can access
an open network also without knowledge of the WLAN network name reser­ved specifically for this network. Only requirement is the input of the network
name 'ANY'.

In a closed network the access via 'ANY' is not possible. User have to specify
the correct network name. Unknown networks stay hidden to them.

Ad-hoc-networks are automatically installed as closed networks and cannot
be opened. Infrastructure networks can be run either in open or closed con­dition. You make the settings for this at the respective base station.

37

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

4.1.2 Access control via MAC address

Each network device has an special identification number. This identification
number is the so-called MAC address (Media Access Control), which is world-
wide unique per device.

The MAC address is programmed into the hardware and cannot be changed.
Wireless LAN devices by LANCOM Systems have got a MAC address label on
the casing.

EN

The access to an infrastructure network can be restricted to known MAC
addresses for certain Wireless LAN devices solely. To do so, Access Control lists
are available within the LANCOM base stations, in which the granted MAC
addresses can be deposited.

4.1.3 LANCOM Enhanced Passphrase Security

With LEPS (LANCOM Enhanced Passphrase Security) LANCOM Systems has
developed an efficient method which uses the simple configuration of IEEE

802.11i with passphrase and yet which avoids the potential error sources of
passphrase sharing. LEPS uses an additional column in the ACL to assign an
individual passphrase consisting of any 4 to 64 ASCII characters to each MAC
address. The connection to the access point and the subsequent encryption
with IEEE 802.11i or WPA is only possible with the right combination of pass­phrase and MAC address.

LEPS can be used locally in the device and can also be centrally managed with
the help of a RADIUS server, and it works with all WLAN client adapters cur­rently available on the market without modification. Full compatibility to
third-party products is assured as LEPS only involves configuration in the
access point.

An additional security aspect: LEPS can also be used to secure single point­to-point connections (P2P) with an individual passphrase. Even if an access
point in a P2P installation is stolen and the passphrase and MAC address
become known, all other WLAN connections secured by LEPS remain protec­ted, particularly when the ACL is stored on a RADIUS server.

38

Guest access with LEPS: LEPS can also be set up to allow access to



guests. To this end, all users of the internal WLAN network are given
individual passphrases. Guests can make use of their own dedicated
SSID and a global passphrase. To avoid abuse, this global passphrase
can be changed on a regular basis—every few days, for example.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

4.1.4 Encryption of the data transfer

A special role comes up to the encryption of data transfer for Wireless LANs.
For IEEE 802.11 radio transfer the supplementing encryption standards are

802.11i/WPA and WEP. The function of the encryption is to ensure the security
level of cable-bound LANs also in Wireless LANs.

 Use encryption on the data transferred in the WLAN. Activate the stron-

gest possible encryption available to you ((802.11i with AES, WPA or WEP)
and enter the appropriate keys or passphrases into the access point and
the WLAN clients.

 Regularly change the WEP keys in your access points. The passphrases for

802.11i or WPA do not have to be changed regularly as new keys are
generated for each connection anyway. This is not the o nly re ason that the
encryption with 802.11i/AES or WPA/TKIP is so much more secure than
the now aged WEP method.

 If the data is of a high security nature, you can further improve the encryp-

tion by additionally authenticating the client with the 802.1x method or
activate an additional encryption of the WLAN connection as used for VPN
tunnels ('IPSec over WLAN'). In special cases, a combination of these two
mechanisms is possible.

 Chapter 4: Security settings

EN

Further details to WLAN security and the used encoding methods can



be found in the LCOS reference manual.

4.1.5 802.1x / EAP

The international industry standard IEEE 802.1x and the Extensible Authenti-
cation Protocol (EAP) enables the realization of reliable and secure access
controls for base stations. The access data is centrally administered on a
RADIUS server then, and can be retrieved by the base station if required.

Moreover, this technology makes enables a secured dispatch and a regular
automatic change of WEP keys. In this way IEEE 802.1x improves the protec­tion efforts of WEP.

In Windows XP the IEEE-802.1x technology is already integrated by default.
For other operating systems 802.1x client software is available.

The drivers for the LANCOM AirLancer wireless cards already feature an inte­grated 802.1x client.

39

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

4.1.6 IPSec over WLAN

By means of IPSec over WLAN a radio network can be optimally secured in
addition to the already introduced securing mechanisms. In order to run IPSec
over WLAN you have to upgrade the base stations of the with the LANCOM
VPN option and the LANCOM Advanced VPN Client, which runs under the
operating systems Windows Vista
other operating systems client software from other manufacturers is available.

EN

The drivers for the LANCOM AirLancer wireless adapter are already equipped
with a 802.1x client.

4.2 Tips for handling keys

The security of encryption procedures can be substantially increased the by
paying attention to some important rules for handling keys.

 Keep keys as secret as possible.

Never note a key. Popular, but completely unsuitable are for example:
notebooks, wallets and text files in PCs. Do not share a key unnecessarily.

 Select a random key.

Use randomized keys of character and number sequences. Keys from the
general linguistic usage are insecure.

 Change a key immediately in case of suspicion.

It is time to change the key of the Wireless LAN if an employee with access
to a key leaves your company. The key should also be renewed in case of
smallest suspicion of a leak.

 LEPS prevents the global spread of passphrases.

Activate LEPS to enable the use of individual passphrases.

TM

, Windows 2000 and Windows XP. For

40

4.3 The security settings wizard

Access to the configuration of a device permits not only to read out critical
information (e.g. WEP key, Internet password). Rather, also the entire settings
of the security functions (e.g. firewall) can be altered then. So an unauthorized
configuration access endangers not only a single device, but the entire net­work.

Your LANCOM has a password protection for the configuration access. This
protection is already activated during the basic configuration by entering a
password.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

The device locks access to its configuration for a specified period of time after
a certain number of failed log-in attempts. Both the number of failed attempts
and the duration of the lock can be set as needed. By default, access is locked
for a period of five minutes after the fifth failed log-in attempt.

Besides these general settings you can also check the security settings of the
wireless network with the security wizard as far as your device has a WLAN
interface.

4.3.1 Wizard for LANconfig

햲 Mark your LANCOM in the selection window. Select from the command

bar Extras  Setup Wizard.

햳 Select in the selection menu the setup wizard Control Security Settings

and confirm your choice with Next.

햴 Enter your password in the following windows and select the allowed pro-

tocols for the configuration access from local and remote networks.

햵 In a next step parameters of the configuration lock like number of failed

log-in attempts and the duration of the lock can be adjusted.

햶 Now you can set the security settings for the WLAN. These include the

name of the wireless network, the closed network function and the WEP
encryption. You can type in the parameters for both wireless networks
separately on devices with the option of a second WLAN interface.

EN

햷 Now you specify filter lists for stations (ACL) accessing the WLAN and pro-

tocols. Thereby, you restrict data exchange between the wireless network
and the local network.

햸 Now activate Stateful Inspection, ping-blocking and Stealth mode in the

the firewall configuration.

41

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

햹 The wizard will inform you when entries are complete. Complete the con-

figuration with Finish.

4.3.2 Wizard for WEBconfig

Under WEBconfig you have the possibility to run the wizard Security settings
to control and change the settings. The following values are handled:

 password for the device

EN

 allowed protocols for the configuration access of local and remote net-

works

 parameters of configuration lock (number of failed log- in attempts and

duration of the lock)

 security parameters as WLAN name, closed network function, WEP key,

ACL list and protocol filters

4.4 The security checklist

The following checklists provide an overview of all security settings that are
important to professionals. Most of the points in this checklist are uncritical
for simple configurations. In these cases, the security settings in the basic
configuration or that were set with the Security Wizard are sufficient.

42

Detailed information about the security settings mentioned here are



to be found in the reference manual.

 Have you protected the configuration with a password?

The simplest way of protecting the configuration is to agree upon a pass­word. If no password has been agreed for the device, the configuration is
open to be changed by anybody. The field for entering the password is to
be found in LANconfig in the 'Management' configuration area on the
'Security' tab. It is absolutely imperative to assign a password to the con­figuration if you want to enable remote configuration!

 Have you permitted remote configuration?

If you do not require remote configuration, please ensure to switch it off.
If you need to make use of remote configuration, ensure that you do not
fail to password-protect the configuration (see the section above). The
field for disenabling remote configuration is to be found in LANconfig in
the 'Management' configuration area on the 'Security' tab. Under ‘Access
rights – From remote networks’ select the option ‘denied’ for all methods
of configuration.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

 Have your password-protected the SNMP configuration?

Protect the SNMP configuration with a password too. The field for pass­word-protecting the SNMP configuration is also to be found in LANconfig
in the 'Management' configuration area on the 'Security' tab.

 Have you activated the firewall?

The stateful inspection firewall of LANCOM devices ensures that you local
network cannot be attacked from the outside. Activate the firewall in
LANconfig under 'Firewall/QoS' on the 'General' tab.

 Are you using a 'deny all' firewall strategy?

Maximum security and control is initially achieved by denying all data
traffic from passing the firewall. The only connections to be accepted by
the firewall are those that are to be explicitly permitted. This ensures that
Trojan horses and certain types of e- mail virus are denied communication
to the outside. Activate the firewall rules in LANconfig under 'Firewall/
QoS' on the 'Rules' tab. Instructions on this are to be found in the refe­rence manual.

 Have you activated IP masquerading?

IP masquerading refers to the concealment of local computers while they
access the Internet. All that is revealed to the Internet is the IP number of
the router module of the device. The IP address can be fixed or dynami­cally assigned by the provider. The computers in the LAN then use the rou­ter as a gateway and are not visible themselves. The router separates the
Internet from the intranet like a wall. The application of IP masquerading
is set in the routing table for every route individually. The routing table can
be found in the LANconfig in the configuration area 'IP router' on the
'Routing' tab.

 Have you used filters to close critical ports?

The firewall filters in LANCOM devices offer filter functions for individual
computers or entire networks. It is possible to set up source and destina­tion filters for individual ports or port ranges. Furthermore, filters can be
set for individual protocols or any combination of protocols (TCP/UDP/
ICMP). It is especially convenient to set up the filters with the aid of
LANconfig. Under 'Firewall/QoS', the 'Rules' tab contains the functions for
defining and editing filter rules.

 Have you excluded certain stations from accessing the device?

A special filter list can be used to limit access to the device's internal func­tions via TCP/IP. The phrase "internal functions" refers to configuration

EN

43

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 4: Security settings

sessions via LANconfig, WEBconfig, Telnet or TFTP. As standard this table
contains no entries, meaning that computers with any IP address can use
TCP/IP and Telnet or TFTP to commence accessing the device. The first time
an IP address is entered with its associated netmask, the filter is activated
and only the IP addresses contained in this entry are entitled to make use
of internal functions. Further entries can be used to extend the circle of
authorized parties. The filter entries can describe individual computers or
even entire networks. The access list can be found in the LANconfig in the

EN

configuration area 'TCP/IP' on the 'General' tab.

 Do you store your saved LANCOM configuration to a safe location?

Protect your saved configurations in a location that is safe from unautho­rized access. Otherwise, by way of example, an unauthorized person may
load your stored configuration file into another device and they can access
the Internet at your expense.

44

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

5 Advanced wireless LAN configuration

5.1 WLAN configuration with the wizards in LANconfig

Highly convenient installation wizards are available to help you with the con­figuration of LANCOM Access Points for your wireless LAN.

The settings include the general shared parameters and also the individual
settings for one or more logical wireless LAN networks (WLAN radio cells or
SSIDs).

햲 Mark your LANCOM Access Point in the selection window in LANconfig.

From the command line, select Extras  Setup Wizard.

EN

햳 In the selection menu, select the Setup Wizard, Configure WLAN inter-

face and confirm the selection with Continue.

햴 Make the settings as requested by the wizard and as described as follows.

Country settings

Regulations for the operation of WLAN cards differ from country to country.
The use of some radio channels is prohibited in certain countries. To operate
the LANCOM Access Points while observing the regulations in various coun­tries, all physical WLAN interfaces can be set up for the country where they
are operated.

WLAN module operation

The WLAN modules can be operated in various operating modes:

 As a base station (Access Point mode), the device makes the link between

WLAN clients and the cabled LAN. Parallel to this, point-to-point connec­tions are possible as well.

 In Managed Mode the Access Points also accept WLAN clients into the

network, although the clients then join a WLAN infrastructure that is con-

45

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

figured by a central WLAN-Controller. In this operating mode, no further
WLAN configuration is necessary as all WLAN parameters are provided by
the WLAN-Controller.

 In client mode, the device itself locates the connection to another Access

Point and attempts to register with a wireless network. In this case the
device serves, for example, to link a cabled network device to an Access
Point over a wireless connection. In this operating mode, parallel point-

EN

to-point connections are not possible.
For further information please refer to section → Client Mode.

Physical WLAN settings

Along with the radio channels, the physical WLAN settings can also be used
to activate options such as the bundeling of WLAN packets (TX Burst), hard­ware compression, or the use of QoS compliant with 802.11e. You also control
the settings for the diversity behavior here.

Logical WLAN networks

Each WLAN module can support up to eight logical WLAN networks for
mobile WLAN clients to register with. The following parameters have to be set
when configuring a logical WLAN network:

 The network name (SSID)
 Open or closed radio LAN
 Encryption settings
 MAC filter
 Client-bridge operation
 Filter settings

46

Point-to- point settings

The configuration of P2P connections involves setting not only the operating
mode but also the station name that the Access Point can connect to. Also,
the role as "Master" or "Slave" is set here.

Along with the settings for the Access Point itself, also to be defined is the
remote site that the Access Point can contact via the P2P connection.

For further information please refer to section → Point-to- point connections.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

5.2 Point-to- point connections

LANCOM Access Points can serve not only as central stations in a wireless net­work, they can also operate in point-to-point mode to bridge longer dis­tances. For example, they can provide a secure connection between two
networks that are several kilometers apart — without direct cabling or expen­sive leased lines.

EN

BUILDING

BUILDING

WLAN Router ANTENNA

ANTENNA

ACCESS POINT

BUILDING

ACCESS POINTANTENNA

The behavior of an access point when exchanging data with other access
points is defined in the "Point-to-point operation mode".

 Off: The access point only communicates with mobile clients
 To: The access point can communicate with other access points and with

mobile clients

 Exclusive: The access point only communicates with other base stations

In the 5 -GHz band, the automatic search for vacant WLAN channels can lead
to several simultaneous test transmissions from multiple access points, with
the result that they do not find each other. This stalemate situation can be
avoided with the appropriate "Channel selection scheme":

 Master: This access point takes over the leadership when selecting a free

WLAN channel.

 Slave: All other access points will search for a channel until they have

found a transmitting Master.

47

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

EN

ANTENNE

MASTER ANTENNE

ANTENNE

Thus it is recommended for the 5 GHz band that one central access point
should be configured as 'Master' and all other point-to-point partners should
be configured as 'Slave'. In the 2.4 GHz band, too, this setting simplifies the
establishment of point-to-point connections if the automatic channel search
is activated.

It is imperative that the channel selection scheme is configured cor-



rectly if the point-to- point connections are to be encrypted with

802.11i/WPA.

5.2.1 Geometric dimensioning of outdoor wireless network links

The following basic questions must be answered when designing wireless
links:

 What antennas must be used for the desired application?
 How must the antennas be positioned to ensure a problem-free connec-

tion?

 What performance characteristics do the antennas need to ensure suffi-

cient data throughput within the legal limits?

SLAVE

SLAVE

48

Selection of antennas using the LANCOM Antenna Calculator

You can use the LANCOM Antenna Calculator to calculate the output power
of the access points as well as the achievable distances and data rates. The
program can be downloaded from our website at www.lancom.eu

.

After selecting your components (access points, antennas, lightning protec­tion and cable) the calculator works out the data rates, ranges, and the
antenna gain settings that have to be entered into the access point.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

Please note that when using 5 GHz antennas additional technologies



such as dynamic frequency selection (DFS) may be stipulated depen­ding on the country of use. The operator of the wireless LAN system is
responsible for ensuring that local regulations are met.

EN

Positioning the antennas

Antennas do not broadcast their signals linearly, but within an angle that
depends on the model in question. The spherical expansion of the signal
waves results in amplification of or interference to the effective power output

49

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

at certain intervals of the connection between the transmitter and receiver.
The areas where the waves amplify or cancel themselves out are known as
Fresnel zones.

EN

Fresnel zone 3

Fresnel zone 2

Fresnel zone 1

ADMINISTRATION

Distance d

ANTENNA

WLAN Router

Radius R

ANTENNA

ACCESS POINT

PRODUCTIONOBSTRUCTION

The Fresnel zone 1 must remain free from obstruction in order to ensure that
the maximum level of output from the transmitting antenna reaches the recei­ving antenna. Any obstructing element protruding into this zone will signifi­cantly impair the effective signal power. The object not only screens off a
portion of the Fresnel zone, but the resulting reflections also lead to a signifi­cant reduction in signal reception.

The radius (R) of Fresnel zone 1 is calculated with the following formula assu­ming that the signal wavelength (

λ) and the distance between transmitter

and receiver (d) are known.

R = 0.5 *

√ (λ * d)

The wavelength in the 2.4 GHz band is approx. 0.125 m, in the 5 GHz band
approx. 0.05 m.

Example: With a separating distance of 4 km between the two antennae, the
radius of Fresnel zone 1 in the 2.4-GHz band is 11 m, in the 5-GHz band 7 m.

To ensure that the Fresnel zone 1 remains unobstructed, the height of the
antennas must exceed that of the highest obstruction by this radius. The full
height of the antenna mast (M) should be as depicted:

50

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

Fresnel zone 1

Radius R

Safety: 1m

Earth's curvature E

OBSTRUCTION

ANTENNA

WLAN Router

PRODUCTION

ADMINISTRATION

ANTENNA

Obstruction height H

WLAN Router

M = R + 1m + H + E (earth's curvature)

The allowance for the curvature of the earth (E) can be calculated at a distance
(d) as E = d² * 0.0147 – i.e. at a distance of 8 km this is almost 1m

Example: With a distance of 8 km between the antennae, the result in the

2.4-GHz band is a mast height above the level of the highest obstruction of
approx. 13 m, in the 5-GHz band 9 m.

Antenna power

The power of the antennas must be high enough to ensure acceptable data
transfer rates. On the other hand, the country-specific legal regulations regar­ding maximum transmission power should not be exceeded.

The calculation of effective power considers everything from the radio module
in the transmitting access point to the radio module in the receiving access
point. In between there are attenuating elements such as the cable, plug con­nections or simply the air transmitting the signals and amplifying elements
such as the external antennas.

EN

51

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

EN

Amplification with

Free-space loss

antenna gain

ANTENNA

Loss through
cable, plugs and
lightning protec-

SA-5L SA-5L

tion

ADMINISTRATION

WLAN Router

Output power of the
radio module

Input signal at the

5.2.2 Antenna alignment for P2P operations

The precise alignment of the antennas is of considerable importance in esta­blishing P2P connections. The more central the receiving antenna is located
in the "ideal line" of the transmitting antenna, the better are the actual per­formance and the effective bandwidth 쐃. If the receiving antenna is outside
of this ideal area, however, significant losses in performance will be the result

쐇.

Loss through

cable, plugs and

lightning protec-

tion

radio module

Amplification with

antenna gain

ANTENNA

ACCESS POINT

PRODUCTION

52

쐃

VERWALTUNG

ANTENNE

WLAN Router

ANTENNE

쐇

ANTENNE

ACCESS POINT

PRODUKTION

You can find further information on the geometrical design of wireless



paths and the alignment of antennas with the help of LANCOM soft­ware in the LCOSreference manual.

The current signal quality over a P2P connection can be displayed on the
device's LEDs or in the LANmonitor in order to help find the best possible
alignment for the antennas.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

The display of signal quality on the LEDs must be activated for the wireless
LAN interface (LANconfig: Wireless LAN  General  Physical WLAN
settings  Operation). The faster the LED blinks the better the connection
(a blinking frequency of 1 Hz represents a signal quality of 10 dB, double the
frequency indicates that the signal strength is twice as high).

In LANmonitor the connection quality display is opened with the context
menu. Right-clicking with the mouse on 'Point-to-point' activates the option
'Adjusting Point-to-Point WLAN Antennas...'

EN

The 'Point-to- point' entry is only visible in the LANmonitor if the



monitored device has at least one base station defined as a remote
station for a P2P connection (LANconfig: Wireless LAN  General

 Physical WLAN settings  Point-to- Point).

In the dialog for setting up point-to-point connections, LANmonitor prompts
for the information required to establish the P2P connection:

 Is the P2P connection configured at both ends (remote base station defi-

ned with MAC address or station name)?

 Is the point-to-point mode of operation activated?
 Which access point is to be monitored? All of the base stations defined as

P2P remote stations in the device concerned can be selected here.

53

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

 Are both antennas approximately aligned? The basic P2P connection has

to be working before fine-tuning can be performed with the aid of
LANmonitor.

Once signal monitoring has commenced, the P2P dialog displays the absolute
values for the current signal strength and the maximum value since starting
the measurement. The development of the signal strength over time and the
maximum value are displayed in a diagram, too.

EN

5.3 Configuration of P2P connections

Configuration with
LANconfig

54

Initially only one of the two antennas should be adjusted until a maximum
value is achieved. This first antenna is then fixed and the second antenna is
then adjusted to attain the best signal quality.

In the configuration of point-to- point connections, entries have to be made
for the point-to-point operation mode, the channel selection scheme and the
MAC addresses of the remote sites.

For configuration with LANconfig you will find the settings for P2P connec­tions under the configuration area 'Interfaces' on the 'Wireless LAN' tab.

The configuration of the P2P connections can also be carried out with



the WLAN Wizards in LANconfig.

햲 Click on the button Physical WLAN settings to open the corresponding

WLAN interface and select the tab for 'Point-to- Point'.

햳 Activate the suitable point-to-point operation mode here and set the

channel selection scheme to either 'Master' or 'Slave'. If the peers of the

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

P2P connections are to be identified via their station names, then enter a
unique name for this WLAN station.

For models with multiple WLAN modules, the station name can be



entered separately for each physical WLAN interface.

EN

햴 Close the physical WLAN settings and open the list of Point- to- point

partners. For each of the maximum of six P2P connections, enter either

the MAC address of the WLAN card at the remote station or enter the
WLAN station's name (depending on the chosen method of identifica­tion).

Please observe that only the MAC addresses of the WLAN cards at the



other end of the connections are to be entered here! Not the access
point's own MAC address, and not the MAC addresses from any other
interfaces that may be present in the access points.

55

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

You will find the WLAN MAC address on a sticker located under each of the
antenna connectors. Only use the string that is marked as the "WLAN MAC"
or "MAC-ID". The other addresses that may be found are not the WLAN MAC
address but the LAN MAC address.

EN

Alternatively you will find the MAC addresses for the WLAN cards in the
devices under WEBconfig, Telnet or a terminal program under the following
paths:

Configuration tool Menu/Table

WEBconfig Expert configuration  Status  WLAN-statistics  Inter-

Ter min al/Tel net

face-statistics

Status/WLAN-statistics/Interface-statistics

Configuration with
WEBconfig or Telnet

5.3.1 Security for point-to- point connections

56

Under WEBconfig or Telnet you can set the settings for the point-to- point
connections under the following paths:

Configuration tool Menu/Table

WEBconfig Expert configuration  Setup  Interfaces  WLAN-Inter-

Ter min al/Tel net

faces Interpoint-Settings

cd /Setup/Interfaces/WLAN-Interfaces/
Interpoint-Settings

IEEE 802.11i can be used to attain a significant increase in the security of
WLAN point-to-point connections. All of the advantages of 802.11i such as
the simple configuration and the powerful encryption with AES are thus avai­lable for P2P mode, as are the improved security of the passphrase from the
LANCOM Enhance Passphrase Security (LEPS).

Encryption with 802.11i/WPA

To activate the 802.11i encryption for a correctly configured P2P connection,
adjust the settings for the first logical WLAN network in the appropriate
WLAN interface (i.e. WLAN-1 if you are using the first WLAN card for the P2P

Configuration with
LANconfig

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

connection, WLAN-2 if you are using the second card, e.g. as with an access
point with two WLAN modules).

 Activate the 802.11i encryption.
 Select the method '802.11i (WPA)-PSK'.
 Enter the passphrase to be used.

The passphrases should consist of a random string at least 22 charac-



ters long, corresponding to a cryptographic strength of 128 bits.

When set as P2P Master, the passphrase entered here will be used to check
the Slave's authorization to access. When set as P2P Slave, the access point
transfers this information to register with the remote site.

For configuration with LANconfig you will find the encryption settings under
the configuration area 'Wireless LAN' on the '802.11i/WEP' tab.

EN

Configuration with
WEBconfig or Telnet

The encryption settings for the individual logical WLAN networks can be
found under WEBconfig or Telnet under the following paths:

Configuration tool Menu/Table

WEBconfig Expert configuration  Setup  Interfaces  WLAN-Inter-

Ter min al/Tel net

faces Encryption-Settings

/Setup/Interfaces/WLAN-Interfaces/Encryption-Set­tings

57

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

LEPS for P2P connections

A further gain in security can be attained by additionally using LANCOM
Enhanced Passphrase Security (LEPS) which involves the matching of MAC
address and passphrase.

LEPS can be used to secure single point-to-point (P2P) connections with an
individual passphrase. Even if an access point in a P2P installation is stolen
and the passphrase and MAC address become known, all other WLAN con-

EN

nections secured by LEPS remain secure.

When using LANconfig for the configuration, you enter the passphrases of the
stations approved for the WLAN in the configuration area 'Wireless LAN' on
the 'Stations' tab under the button Stations.

Configuration with
WEBconfig or Telnet

5.4 Client mode

58

The access list for the matching of MAC addresses to the passphrases (LEPS)
can be found under WEBconfig or Telnet under the following paths:

Configuration tool Menu/Table

WEBconfig Expert configuration  Setup  WLAN- module  Access- list

Ter min al/Tel net

Setup/WLAN-module/Access-list

To connect individual devices with an Ethernet interface into a wireless LAN,
LANCOM devices with a WLAN module can be switched to "client mode",
whereupon they act as conventional wireless LAN adapters and not as access
points (AP). The use of client mode therefore allows devices fitted with only
an Ethernet interface, such as PCs and printers, to be integrated into a wire­less LAN.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

DRUCKER

WLAN device in
client mode

ACCESS POINT

WLAN device in
client mode

SERVER

ACCESS POINT

LAN

WLAN device in
AP mode

Multiple WLAN clients can register with a WLAN device in AP mode,



which is not the case for a WLAN device in client mode.

5.4.1 Client settings

For LANCOM Access Points and LANCOM Wireless Routers in client mode,
further settings/client behavior can be configured from the 'Client mode' tab
under the settings for the physical interfaces.

The configuration of the client settings can also be carried out with



the WLAN Wizards in LANconfig.

ACCESS POINT

LAPTOP/W-LAN

PC

EN

햲 To edit the settings for client mode in LANconfig, go to the 'Client mode'

tab under the physical WLAN settings for the desired WLAN interface.

59

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

햳 In 'Scan bands', define whether the client station scans just the 2.4 GHz,

just the 5 GHz, or all of the available bands to locate an access point.

Under WEBconfig or Telnet the settings for client mode can be found
under the following paths:

Configuration tool Menu/Table

EN

WEBconfig

Ter min al/Tel net

Expert configuration
modes

Setup/Interfaces/WLAN/
Client modes

5.4.2 Set the SSID of the available networks

In the WLAN clients, the SSIDs of the networks to which the client stations are
to connect must be entered.

햲 To enter the SSIDs, change to the 'General' tab under LANconfig in the

'Wireless LAN' configuration area. In the 'Interfaces' section, select the
first WLAN interface from the list of logical WLAN settings.

 Setup  Interfaces  WLAN  Client

60

햳 Enable the WLAN network and enter the SSID of the network the client

station should log onto.

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

Under WEBconfig or Telnet the network settings for the logical WLAN
interfaces can be found under the following paths:

Configuration tool Menu/Table

WEBconfig

Ter min al/Tel net

5.4.3 Encryption settings

For access to a WLAN, the appropriate encryption methods and key must be
set in the client station.

햲 To enter the key, change to the '802.11i/WEP' tab under LANconfig in the

'Wireless LAN' configuration area. From 'WPA / private WEP settings',
select the first WLAN interface from the list of logical WLAN settings.

 Chapter 5: Advanced wireless LAN configuration

Expert configuration
work

Setup/Interfaces/WLAN/
Network settings

 Setup  Interfaces  WLAN  Net-

EN

햳 Enable encryption and match the encryption method to the settings for

the access point.

햴 In WLAN client operating mode, the LANCOM Access Points and LANCOM

Wireless Routers can authenticate themselves to another access point
using EAP/802.1X. For this, select the desired client EAP method here.
Note that the selected client EAP method must match the settings of the
access point that the device is attempting to log onto.

Depending on the EAP method, the appropriate certificates must be



stored in the device.

61

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 5: Advanced wireless LAN configuration

 For TTLS and PEAP - the EAP/TLS root certificate only; the key is ente-

red as a combination username:password.

 For TLS in addition; the EAP/TLS device certificate including the private

key.

Under WEBconfig or Telnet the network settings for the logical WLAN
interfaces can be found under the following paths:

EN

Configuration tool Call

WEBconfig, Telnet Expert configuration > Setup > Interfaces > WLAN > Encryp-

tion > WLAN 1

62

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 6: Setting up Internet access

6 Setting up Internet access

The LANCOM provides a central point of Internet access for all of the compu­ters in the LAN. The connection to the Internet provider can be established via
the WAN connection which is connected to an ADSL or cable modem.

HEADQUARTER

INTERNET

EN

SERVER

LAN

GATEWAYROUTER

Does the Setup Wizard know your Internet provider?

The Wizard is preset with access data for the principal Internet providers in
your country and offers you a selection list. If you find your Internet provider
in this list, then you generally do not have to enter any additional parameters
to set up your Internet access. All that is required is the authentication data
as supplied to you by your Internet provider.

Internet provider unknown

If the list in the Setup Wizard does not contain your provider, you will be asked
st ep- by- step f or a ll o f th e nec ess ary dat a. T his acc ess d ata wil l ha ve b een sup­plied to you by your Internet provider.

Other connection options

In addition you can use the Wizard to activate or deactivate additional options
(if supported by your Internet provider):

 Billing by time or flatrate – select the method by which you are billed by

your Internet provider.

 In case of billing by time, you can set the LANCOM to cut connections

automatically if no data flows for a certain time (the hold time).
You can also set up line polling that detects inactive remote stations

very quickly and, in such cases, can close the connection before the
hold time expires.

63

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 6: Setting up Internet access

 In case of flatrate billing you can also set up line polling to monitor

the function of the remote station.
Apart from that you can opt to keep flatrate connections permanently

active ("keep-alive"). In case a connection should fail, it is re-estab­lished automatically.

6.1 The Internet Connection Wizard

EN

6.1.1 Instructions for LANconfig

햲 Mark your device in the selection window. From the command line, select

Extras  Setup Wizard.

햳 In the selection menu, select the Setup Wizard, Set up Internet connec-

tion and confirm the selection with Next.

햴 In the following windows you select your country, your Internet provider

if possible, and you enter your access data.

햵 Depending on availability the Wizard provides further options for your

Internet connection.

햶 The Wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

LANconfig: Fast activation of the Setup
Wizards

The fastest way of starting the Setup Wizards
under LANconfig is to use the command button
in the button bar.

64

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

6.1.2 Instructions for WEBconfig

햲 Select the entry Set up Internet connection from the main menu.

햳 In the following windows you select your country, your Internet provider

if possible, and you enter your access data.

햴 Depending on availability the Wizard provides further options for your

Internet connection.

햵 The wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

6.2 The Firewall Wizard

Your LANCOM features a stateful inspection firewall and firewall filter that
provides effective protection from the Internet for your LAN. The core concept
of the stateful inspection firewall is that the only data transfers that are con­sidered to be valid are those implemented by the protected device itself. All
access attepts that were not requested from within the local network are inva­lid.

The Firewall Wizard assists you to generate new rules for the firewall quickly
and conveniently.

More information on your LANCOM's firewall and its configuration are avai­lable in the reference manual.

 Chapter 6: Setting up Internet access

EN

6.2.1 LANconfig Wizard

햲 Mark your LANCOM in the selection window. From the command line,

select Extras  Setup Wizard.

햳 In the selection menu, select the Setup Wizard, Configure firewall and

confirm the selection with Continue.

65

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 6: Setting up Internet access

햴 In the windows that follow you select the services/protocols that the rule

is to relate to. In the next step you define the source and destination sta­tions that the rule applies to, and the actions that are to be carried out by
the rule on a data packet.

햵 Finally the new rule is given a name, it is activated, and you define whe-

ther further rules are to be considered when the rule acts on a data
packet.

EN

햶 The wizard will inform you as soon as the entries are complete. Close the

configuration with Finish.

6.2.2 Configuration under WEBconfig

WEBconfig provides the option of checking and altering the parameters for
Internet access under Configuration  Firewall / QoS  Rules  Rule
table.

66

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 7: Options and accessories

7 Options and accessories

Your LANCOM device has numerous extensibilities and the possibility to use a
broad choice of LANCOM accessories. You find in this chapter information
about the available accessories and how to use them with your base station.

 The range of the base station can be increased by optional antennas of

the AirLancer series and can be adapted to special conditions of environs.

 With the LANCOM Public Spot Option option it is possible to extend the

LANCOM for additional billing and accounting functions in order to
upgrade it to a Wireless Public Spot.

7.1 Optional LANCOM WLAN antennas

To increase the range of the LANCOM base station or to adapt the base station
to special conditions of environs, you can connect LANCOM WLAN antennas
at the base station. An overview of suitable antennas can be found on the
LANCOM web site under www.lancom.eu.

For help with calculating the correct antenna setup for external



LANCOM AirLancer Extender antennas or for antennas of other ven­dors, please refer to www.lancom.eu

EN

When installing external antennas, ensure that you observe the statu-



tory limitations of the country in which the WLAN device is being ope­rated. To help with this, you can enter the transmitting power minus
the cable loss into the LANCOM configuration. These data enable
LCOS to automatically calculate the correct transmitting power for the
selected country.

The employment of the AirLancer Extender SA-5L for internal light-



ning protection is essential under all circumstances—the
AirLancer Extender SA-5L is always mounted between the Access
Point and the antenna, preferably as near as possible to the antenna.

Antennas are only to be attached or changed when the device is



switched off. Mounting or demounting antennas while the device
switched on may cause the destruction of the WLAN module!

67

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 7: Options and accessories

7.1.1 Antenna Diversity

LANCOM OAP-54-1
Wireless only

EN

The transmission of radio signals can suffer from significant signal losses
because of reflection and scatter, among other reasons. In some areas, the
interaction with the reflected radio waves can cause a drop in signal strength,
or even cause it to be cancelled out completely.

Transmission quality can be improved with so-called "diversity" methods. The
principle of diversity methods relies on the fact that a transmitted signal is
often received multiple times (generally twice). With appropriate processing,
these signals can be re-combined into a single signal. The most common
methods are space diversity and polarization diversity.

LANCOM Systems supplies a variety of polarization- diversity antennas as
accessories for LANCOM Access Points and LANCOM Wireless Routers. These
models enable two orthogonally polarized signals to be received with a single
antenna. Further information about this technique is available in our "Polari­zation Diversity" techpaper.

7.1.2 Installation of AirLancer Extender antennas

Polarization diversity antennas from LANCOM Systems:

 AirLancer Extender O-D80g (2.4 GHz band ), item no. 61221
 AirLancer Extender O-D60a (5 GHz band ), item no. 61222
 AirLancer Extender O-D9a (5 GHz), item no. 61224

LANCOM OAP-54-1
Wireless

68

Before mounting external antennas, please observe the information



on lightning protection in the LANCOM Outdoor Wireless Guide (avai­lable as a download from www.lancom.eu
hout adequate lightning protection could lead to serious damage to
the access point and the network infrastructure connected to it.

The integrated antennas of the LANCOM OAP-54-1 Wireless are best-suited
for establishing point-to-point connections. When using the device in access
point mode, for getting more antenna gain or to use the diversity function it
is recommended to apply external antennas.

To install the provided omni-directional antenna or optional AirLancer Exten­der antennas, switch the device off by disconnecting the PoE supply. Carefully
unscrew the terminators. Connect the antenna to the appropriate 'Antenna
Main' connector. When connecting the external antenna to the Main connec­tor, the internal antenna is automatically deactivated.

). Mounting antennas wit-

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 7: Options and accessories

With a LANCOM OAP-54-1 Wireless you can additionally use the „Tx diver­sity“ function via the Aux connector. Further information about diversity
can be found in the LCOS reference manual.

EN

'AUX' connector for
diversity antennas

'Antenna Main' connector
for AirLancer antennas

7.2 LANCOM Public Spot Option

Wireless public spots are publicly accessible points, at which users with their
own mobile computers can dial wirelessly into a network, usually into the
Internet.

Please note that the operation of a LANCOM OAP/OAC-54-1



Wireless with LANCOM Public Spot Option (sometimes referred as
HotSpot) is possibly subject to certain legal regulations. Please
inform yourself concerning relevant regulations before installing a
LANCOM OAP/OAC-54-1 Wireless. Further information to this topic
can be found in our whitepaper „Public Spots - Operators' rights
and obligations“, available as download from www.lancom.eu

The Wireless LAN technology is ideally suitable to offer wireless Internet ser­vices to the public at places such as airports, hotels, stations, restaurants or
cafés, so-called Public Hot Spots. The LANCOM Public Spot Option is intended
for operators of public wireless networks, and unveils additional functions for
authentication and billing of public Internet services for the LANCOM, thus
enabling a simple set-up and maintenance of public hot spots.

The LANCOM Public Spot Option is the optimal solution for public Wireless
LANs. Wireless LANs are very suitable for company networks and for wireless

.

69

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 7: Options and accessories

networking at home. But for public access services, there is a lack of mecha­nisms for authentication and billing of single users (AAA - Authentication /
Authorisation / Accounting). This lack remedies the LANCOM Systems Open
User Authentication (OUA), the main part of the LANCOM Public Spot Option.
The OUA procedure realizes the authentication of all wireless clients via user
name and password, and checks the authorization of single users via RADIUS.
Accounting data (online time and data volume) can be transferred per user
and per session to a central RADIUS server. Client PCs need only radio card

EN

(e.g. AirLancer), TCP/IP and an Internet browser. Additional software is not
needed. Therefore, the public spot option is ideally suitable to install wireless
Internet access services in hotels, restaurants, cafés, airports, stations, exhi­bition centres or universities.

Authentication

Mobile user

Authorisation,

Accounting

HTTP/
HTTPS

Router

Service-

Provider

RADIUS-

Server

RADIUS

Internet

With the LANCOM Public Spot Option you extend a base station additionally
with these functions and upgrade it to a Wireless Public Spot.

70

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 8: Troubleshooting

8Troubleshooting

In this chapter, you will find suggestions and assistance for a few common dif­ficulties.

8.1 No DSL connection is established

After start-up the router automatically attempts to connect to the DSL pro­vider. During this process, the LAN-link LED will blink green. If successful, the
LED will switch over to steady green. If, however, the connection can't be
established, the LAN-link LED will light up red. The reason for this is usually
one of the following:

Problems with the cabling?

Only the cable provided with your device should be used to connect to DSL.
This cable must be connected to the Ethernet port of your broadband access
device. The LAN link LED must light green indicating the physical connection.

Has the correct transfer protocol been selected?

The transfer protocol is set along with the basic settings. The basic setup wiz­ard will enter the correct settings for numerous DSL providers automatically.
Only if your DSL provider is not listed, you will have to enter manually the pro­tocol being used. In any case, the protocol that your DSL provider supplies you
with should definitely work.

You can monitor and correct the protocol settings under:

EN

Configuration tool Run command

LANconfig Management  Interfaces  Interface settings  WAN Inter-

WEBconfig Expert Configuration  Setup  Interfaces  WAN Interface

face

8.2 DSL data transfer is slow

The data transfer rate of an broadband (Internet) DSL connection is dependent
upon numerous factors, most of which are outside of one's own sphere of
influence. Important factors aside from the bandwidth of one's own Internet
connection are the Internet connection and current load of the desired target.
Numerous other factors involving the Internet itself can also influence the
transfer rate.

71

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 8: Troubleshooting

Increasing the TCP/IP window size under Windows

If the actual transfer rate of a DSL connection is significantly below the fastest
rate listed by the provider, there are only a few possible causes (apart from the
above-mentioned external factors) which may involve one's own equipment.

One common problem occurs when large amounts of data are sent and
received simultaneously with a Windows PC using an asynchronous connec­tion. This can cause a severe decrease in download speed. The cause of this

EN

problem is what is known as the TCP/IP receive window size of the Windows
operating system that is set to a value too small for asynchronous connec­tions.

Instructions on how to increase the Windows size can be found in the Knowl­edge Base of the support section of the LANCOM web site (www.lancom.eu

8.3 Unwanted connections under Windows XP

Windows XP computers attempt to compare their clocks with a timeserver on
the Internet at start-up. This is why when a Windows XP in the WLAN is
started, a connection to the Internet is established by the LANCOM.

To resolve this issue, you can turn off the automatic time synchronization on
the Windows XP computers under Right mouse click on the time of day 
Properties  Internet time.

).

72

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

9 Appendix

9.1 Performance data and specifications

LANCOM OAP-54-1 Wireless LANCOM OAC-54-1 Wireless

 Chapter 9: Appendix

Frequency band WLAN module with 2400 - 2483,5 MHz (ISM) or 5150 - 5725 MHz

Connections LAN 10/100Base-TX, Autosensing, Auto Node-Hub

WLAN 2x N socket with antenna diversity

Power supply Via Power over Ethernet only. One PoE Injector supplied.

Antennas Two dualband dipole antennas sup-

Housing 235 mm x 210 mm x 80 mm (W x H x D), 3.4kg, robust metal housing, IP66 water-

Approvals CE compliant according to ETSI EN 300 328, ETSI EN 301 893 Version 1.3.1 (incl.

Regulations Notified in Germany, Belgium, Netherlands, Luxemburg, Austria, Switzerland,

Environment/
Tem pe rat ure

Service Warranty: 3 years

Support Via hotline and Internet

plied.

Please respect the restrictions given in
your country when setting up an
antenna system. For information about
calculating the correct antenna setup,
please refer to www.lancom.eu

jet resistant, ready for wall and pole mounting, 3 LEDs for status display

DFS 2), ETSI EN 301 489-1, ETSI EN 301 489-17, EN 60950-1

United Kingdom, Italy, France, Czechia, Denmark
The courrent list of notifications can be found at www.lancom.eu

Temperature range –30 °C bis +70 °C at 95 % max. humidity (non condensing)

and 5725 - 5850 (UK only)

EN

73

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 9: Appendix

9.2 Contact assignment

9.2.1 LAN/WAN interface 10/100Base-TX, DSL interface

8-pin RJ45 socket, corresponding to ISO 8877, EN 60603-7

Connector Pin IAE

EN

9.2.2 Configuration interface (Outband)

8-pin mini-DIN socket

1T+

2T-

3R+

4PoE/G

5PoE/G

6R-

7 PoE/- 48 V

8 PoE/- 48 V

74

Connector Pin IAE

1DSR

2RI

3DCD

4DTR

5TXD

6RTS

7CTS

8RXD

9 RST (Reset)

10 GND

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Chapter 9: Appendix

9.3 Declaration of conformity

LANCOM Systems herewith declares that the devices of the type described in
this documentation are in agreement with the basic requirements and other
relevant regulations of the 1995/5/EC directive.

The CE declarations of conformity for your device are available in the appro­priate product area on the LANCOM Systems web site (www.lancom.eu

).

EN

75

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Index

Index

Numerics

100-Mbit network

11, 37, 38, 39

802.11i

11, 37, 39

802.1x

802.3af- standard

A

EN

Access point mode

38

ACL
Antenna

Outdoor
Antenna Calculator
Antenna power
Autosensing

C

Client mode
Closed network
Configuration access
Configuration file
Configuration password
Configuration protection
Connect charge protection
Contact assignment

Configutation interface

LAN interface

Outband

D

Default gateway

49

DFS

12, 36

DHCP

DHCP server

12

DNS

DNS server
Documentation
Download
DSL

provider

18

24

9, 15

67

48

51

18

58, 59

11

30, 35

44

42

29

74

74

74

36, 43

28, 30, 34, 36

10, 36

14

5

31, 35

31, 35

74

transfer protocol

DSL connection

problems establishing the connection

DSL transfer protocol

22

DSLoL
Dynamic Frequency Selection
Dynamic frequency selection

E

EAP

11, 37, 39

Encryption methods

F

Firewall

10, 12, 43

Block stations
Firewall filters
FirmSafe
Firmware
Flatrate
Fresnel zone

I

ICMP
Information symbols
Installation

Internet access

Internet access setup
Internet provider
Internet-Zugang
IP

IP address
IP masquerading

12

5

63

50

43

14

LANtools

Authentication data

63

Flatrate

Block ports

43

Filter

28, 29, 44

35

71

31

49

49

61

43

65

5

25

63

63

63
63
10

43

12, 43

76

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Index

L

LAN

Connector cable
LANCOM Enhanced Passphrase Security
LANconfig

LANmonitor
LANtools

LEDs

LEPS

M

MAC address filter
Managed mode
mount accessories
Multi SSID

N

NAT – see IP masquerading
Netmask
Network mask

O

Optional antennas
Options and accessories

P

P2P
Password
PAT – see IP masquerading
PoE Power Injector
Point-to-Point
Point-to-point
point-to-point
Power-over-Ethernet
Public Spot Option

Q

QoS
Quality of Service

26, 29

Starting the Wizards

26

System requirements

see status displays

11, 38

11

28, 44

38

29, 30

12

14

64

15

16

11

9, 15

14

29

67

67

14
38
47
10

24

69

12

37

R

RADIUS

11

Remote configuration
Routing table

S

Security

Wireless LAN
Security checklist
self-sufficient
SNMP

Configuration protection
Software installation

31, 35, 60

SSID
Stateful Inspection Firewall
Stateful-inspection firewall
Status display

17

ETH

WLAN link
Statusanzeigen

16

Power
Super AG
Support
System requirements

T

TCP
TCP/IP

TCP/IP configuration

TCP/IP filter
Technische Daten
Telnet
TFTP
Transfer protocol
Turbo Modus

11

5

43

15

27, 30, 34

Settings

Settings to PCs in the LAN

Windows size

Automatic

Fully automatic

27, 28

Manual

12, 43

44

44

11

30, 35

43

37

42

9, 15

43

25

10
65

17

15

36

72

34

27, 28

73

71

EN

77

LANCOM OAP-54-1 Wireless – LANCOM OAC-54-1 Wireless

 Index

U

43

UDP

W

WEBconfig

WEP

EN

31

password
System requirements

35

11

15

Wireless LANs

Operating modes
WLAN

Bands scanned

Client mode

11, 37, 38, 39

WPA

9

60

59

78