LevelOne WAB-1000 User Manual

LevelOne WAB-1000

Outdoor Access Point/Bridge

User Guide

Copyright © 2004 All rights reserved. No part of this documentation may be reproduced in any form or by any
means or to make any derivative work (such as translation, transformation, or adaptation) without written permission
from the manufacturer.

The manufacturer reserves the right to revise this documentation and to make changes in content from time to
time without obligation on the part of the manufacturer to provide notification of such revision or change.

The manufacturer provides this documentation without warranty, term or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms, or conditions of merchantability, satisfactory
quality, and fitness for a particular purpose. The manufacturer may make improvements or changes in the product(s)
and/or the program(s) described in this documentation at any time.

If there is any software or removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the printed documentation, or on the removable media
in a readable file such as license.txt or the like. If you are unable to locate a copy of the license, contact the
manufacturer and a copy will be provided to you.

___________________________________

Windows is a registered trademark of Microsoft Corporation. Any other company and product name mentioned
herein is a trademark of the respective company with which they are associated.

Table of Contents

Chapter 1: Introduction............................................................................................................ 1

Basic Features...................................................................................................................... 1

Wireless Basics.................................................................................................................... 2

802.11b............................................................................................................................ 3

802.11g............................................................................................................................ 3

Network Configuration.................................................................................................... 3

Access point configurations............................................................................................. 3

Possible AP Topologies............................................................................................... 4

Bridging........................................................................................................................... 5

Data Encryption and Security.......................................................................................... 5

SSID ................................................................................................................................ 6

WEP................................................................................................................................. 6

WPA with TKIP/ AES-CCMP........................................................................................6

AES-ECB and 3DES for Bridging .................................................................................. 6

MAC Address Authentication......................................................................................... 7

DHCP Server................................................................................................................... 7

Operator Authentication and Management...................................................................... 7

Management.................................................................................................................... 8

Chapter 2: Hardware installation............................................................................................. 9

Preparation for use............................................................................................................... 9

Installation Instructions.....................................................................................................10

Minimum system and component requirements................................................................ 10

Ensure the cabling is correctly installed............................................................................ 10

Sealing Antenna Connections........................................................................................ 12

The Indicator Lights......................................................................................................12

Chapter 3: Configure the WAB-1000 for use as an access point.......................................... 13

Introduction ....................................................................................................................... 13

Preliminary configuration steps......................................................................................... 13

Initial setup using the “Local” port.................................................................................... 14

System Configuration........................................................................................................ 15

General .......................................................................................................................... 15

WAN.................................................................................................................................. 16

LAN............................................................................................................................... 17

Wireless Setup................................................................................................................... 18

General .......................................................................................................................... 18

Encryption .....................................................................................................................21

WEP Encryption........................................................................................................21

WPA Encryption......................................................................... ............................... 22

MAC Address Filtering................................................................................................. 24

Bridging and Bridging Encryption................................................................................25

Rogue AP Detection.................................................................... .................................. 26

Advanced....................................................................................................................... 27

Services Settings................................................................................................................ 28

DHCP Server................................................................................................................. 28

SNMP Agent.................................................................................................................. 29

User Management.............................................................................................................. 30

List All Users................................................................................................................. 30

Add New User............................................................................................................... 31

Monitoring/Reports ........................................................................................................... 31

System Status................................................................................................................. 32

Bridging Status.............................................................................................................. 32

Wireless Clients............................................................................................................. 33

Adjacent AP List ........................................................................................................... 34

DHCP Client List........................................................................................................... 34

System Log.................................................................................................................... 35

Web Access Log............................................................................................................ 35

Network Activity........................................................................................................... 36

System Administration...................................................................................................... 37

Firmware Upgrade......................................................................................................... 37

Factory Default.............................................................................................................. 37

Remote Logging............................................................................................................ 38

Reboot............................................................................................................................ 38

Utilities.......................................................................................................................... 39

Chapter 4: Configure the WAB-1000 as a bridge ................................................................. 40

Introduction ....................................................................................................................... 40

General bridge setup.......................................................................................................... 40

Set up bridging type........................................................................................................... 43

Point-to-point bridge configuration........................................................................... 43

Point-to-multipoint bridge configuration.......................................................................47

Repeater bridge configuration.......................................................................................49

Chapter 5: Technical Support................................................................................................ 51

Manufacturer’s Statement.................................................................................................. 51

Radio Frequency Interference Requirements.................................................................... 51

Channel Separation and WLAN Cards.............................................................................. 51

Glossary................................................................................................................................. 52

Chapter 1: Introduction

This manual covers the installation and operation of Level One’s WAB-1000 Outdoor
Access Point. The WAB-1000 is a ruggedized access point/ bridge, which is intended for use in
industrial and external environments. It accommodates both 802.11b WLAN and 802.11g
WLAN access and uses Power over Ethernet (PoE) access to the Ethernet WAN to eliminate the
need for internal access point power supply units (AC-DC converters) and 11 0-220V cabling
installations. The wireless LANs can include mobile devices such as handheld Personal Data
Assistants (PDAs), mobile web pads, and wireless laptops. The WAB-1000 employs state-of-the­art AES or 3DES encryption for bridging. If encryption is desired in the access point mode,
either static WEP or WPA (using TKIP or AES-CCMP) can be employed. This allows you to
employ legacy client WEP cards and still secure the wireless band.

The WAB-1000 incorporates IEEE 802.3af (Power over Ethernet) and the capability for the
highest security functionality (AES) as well as long-range RF capability.

The WAB-1000 includes the following cryptographic modules: static WEP, or WPA using
TKIP or AES-CCMP in AP mode, and AES-ECB or 3DES for wireless encryption for the
bridging mode; and HTTPS/TLS, for secure web communication. The WAB-1000 contains three
cryptographic modules and ports: Ethernet WAN interface for communication to the wired LAN
backbone; Ethernet LAN local port for purposes of initial setup and configuration; two wireless
LAN antennas for communicating on the 802.11b/g frequency; and capability for use of an
external (remote) antenna (supplied separately) also for use on the 802.11b/g frequency. The

802.11b or 802.11g frequency is suitable for use when configuring the unit to be used as a bridge.

The WAB-1000 is wall-mountable.

Notice: In this manual, “WAB-1000” refers to both WAB-1000A and WAB-1000H.

The only difference between WAB-1000A and WAB-1000H is that WAB-1000H
equipped with an extra temperature controller. The operable temperature
range of WAB-1000H will be -30℃~+70℃.

Basic Features

The WAB-1000 is housed in a sturdy case, which is not meant to be opened except by an
authorized technician for maintenance or repair. The unit should work without fail. If you wish

1

to reset to factory settings, use the reset function available through the web-screen managemen t
module, or keep pressing the reset button located at the bottom of the device for 5 seconds.

It has the following features:

• Ethernet uplink WAN port

• Local Ethernet LAN port (for configuration only)

• Wireless (802.11b/g) interface

• Power over Ethernet (PoE)

• Above average operating temperature range for extreme environments

• TKIP, AES-CCMP or WEP encryption (for AP mode); AES-ECB or 3DES (for bridging)

• HTTPS/TLS secure Web

• DHCP client

• Access Point/Bridging/Repeater Mode

• Adjustable Radio Power

• MAC address filtering

• Load Balancing

• Rogue AP Detection

The following cryptographic modules have been implemented in the WAB-1000.

• TKIP/AES-CCMP

• AES-ECB for wireless (128/192/256 bit)

• 3DES for wireless (192 bit)

• WEP

• MAC-based authentication

• Rogue AP detection

Wireless Basics

Wireless networking uses electromagnetic radio frequency waves to transmit and receive
data. Communication occurs by establishing radio links between the wireless access point and
devices configured to be part of the WLAN.

The WAB-1000 incorporates the 802.11b/g standard and the most state of the art encryption
for a very powerful and secure wireless environment.

2

802.11b

The IEEE 802.11b standard, developed by the Wireless Ethernet Compatibility Alliance
WECA) and ratified by IEEE, establishes a stable standard for compatibility. A user with an

802.11b product can use any brand of access point with any other brand of client hardware that is
built to the 802.11b standard for basic interconnection. 802.11b devices provide 11 Mbps
transmission in the 2.4 GHz band.

For wireless devices to communicate with the WAB-1000, they must meet the following
conditions:

• The wireless device and wireless access point must have been configured to recognize
each other using the SSID (a unique ID assigned in setup so that the wireless device is
seen to be part of the network by the WAB-1000);

• Encryption, authentication capabilities and types enabled must conform.

• If MAC filtering is used; the WAB-1000 must be configured to allow the wireless
device’s MAC address to associate (communicate) with the WAB-1000 wireless
interface.

802.11g

Because 802.11g is backwards-compatible with 802.11b, it is a popular component in LAN
construction. 802.11g broadens 802.11b’s data rates to 54 Mbps within the 2.4 GHz band using
OFDM (orthogonal frequency division multiplexing) technology.

Network Configuration

The WAB-1000 is an access point with bridging setup capability:

• Access point

• Wireless bridging with choice of:

• Point-to-point setup

• Point-to-multipoint setup

• Repeater setup

Bridging actually has more choices, but the above choices are popular and are discussed
later in this user guide (Chapter 4).

Access point configurations

IP addresses for wireless devices are typically assigned by the wired network’s DHCP
server. The wired LAN’s DHCP server assigns addresses dynamically, and the AP virtually
connects wireless users to the host wired network. All wireless devices connected to the AP are

3

configured on the same subnetwork as the wired network interface and can be accessed by
devices on the wired network.

Possible AP Topologies

1. An access point can be used as a single AP without any connection to a wired network. In
this configuration, it simply provides a stand-alone wireless network for a group of
wireless devices.

2. The WAB-1000 can be used as one of a number of APs connected to an existing Ethernet
network to bridge between the wired and wireless environments. Each AP can operate
independently of the other APs on the LAN. Multiple APs can coexist as separate
individual networks at the same site without interference if each AP is set with a different
network ID (SSID).

3. The last and most prevalent use is multiple APs connected to a wired network and
operating off that network’s DHCP server which can provide a wider coverage area for
wireless devices, enabling the devices to “roam” freely about the entire site. This is the
topology of choice today.

4

Bridging

A wireless bridge is an access point configured to allow wireless communication from
access point to access point. The wireless bridging function in the WAB-1000 allows use as a
wireless bridge, in a number of alternate configurations, including the following popular
configurations:

Point-to-point bridging of 2 Ethernet Links;

•

Point-to-multipoint bridging of several Ethernet links;

•

Repeater mode (wireless client to wireless bridge.)

•

Because the WAB-1000 is equipped with two separate internal access point boards, it can
operate as both a bridge and an access point with no loss of efficiency.

Data Encryption and Security

The WAB-1000 Wireless Access Point includes advanced wireless security features. Over
the AP band, you have a choice of no security, Static WEP, or WPA. Some level of security is
suggested. Static WEP gives you a choice of 64-bit, 128-bit or 152-bit encryption. WPA includes
the option of using a WPA pre-shared key or, for the enterprise that has a Radius Server installed,
configuration to use the Radius Server for key management with either TKIP or AES-CCMP.
Bridging encryption is established between WAB-1000’s and includes use of AES-ECB or 3DES
encryption (approved by the National Institute of Standards and Technology (NIST) for U.S.
Government and DoD agencies). (As a side note, NIST is currently reviewing the AES-CCMP
adopted by the WiFi Alliance and is expected to eventually ratify that standard for U.S.
Government use.)

A more detailed discussion of the WAB-1000 security features is covered in the following
paragraphs.

5

SSID

The Service Set ID (SSID) is a string used to define a common roaming domain among
multiple wireless access points. Different SSIDs on access points can enable overlapping
wireless networks. The SSID can act as a basic password without which the client cannot
connect to the network. However, this is easily overridden by allowing the wireless AP to
broadcast the SSID, which means any client can associate with the AP. SSID broadcasting can
be disabled in the WAB-1000 setup menus if you are configuring to use WEP encryption.

WEP

WEP is an older encryption standard but is preferable to no encryption. The WAB-1000 is
capable of configuring for WEP 64-bit encryption, 128-bit encryption, or 152-bit encryption.
Authentication type can be set for Open System, Shared Key, or a combination Open/Shared. If
the WAB-1000 is configured with WEP encryption, it is compatible with any 802.11b/g PC card
configured for WEP.

WPA with TKIP/ AES-CCMP

WPA, an interim standard developed by the WiFi Alliance, combines several technologies
that address known 802.11x security vulnerabilities. It provides an affordable, scalable solution
for protecting existing corporate WLANs without the additional expense of VPN/firewall
technology. It includes the use of the 802.1x standard and the Extensible Authentication Protocol
(EAP). In addition, it uses, for encryption, the Temporal Key Integrity Protocol (TKIP) and WEP
128-bit encryption keys. Finally, a message integrity check (MIC) is used to prevent an attacker
from capturing and altering or forging data packets. In addition, it can employ a form of AES
called AES-CCMP. The WAB-1000 allows the user to configure encryption type to allow either
TKIP clients, AES-CCMP clients, or a mix of both.

WPA is a subset of the draft 802.11i standard and is expected to maintain forward
compatibility.

AES-ECB and 3DES for Bridging

The Advanced Encryption Standard (AES) was selected by NIST in October 2000 as an
upgrade from the previous DES standard. The subset that has currently been approved is AES­ECB. The WAB-1000 uses AES-ECB (or 3DES) over the Bridging channel. AES uses a 128-bit
block cipher algorithm and encryption technique for protecting computerized information. It has
the ability to use even larger 192-b it and 256-bit keys, if desired.

6

3DES is modeled on the older DES standard but encrypts data three times over. 3DES uses
more CPU resources than AES because of the triple encryption.

MAC Address Authentication

The MAC address, short for Media Access Control address, is a hardware address that
uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC)
layer of the OSI Reference Model is divided into two sub-layers: the Logical Link Control (LLC)
layer and the Media Access Control (MAC) layer. The MAC layer interfaces directly with the
network media. Consequently, each type of network media requires a unique MAC address.

Authentication is the process of proving a client identity. The WAB-1000 access points, if
set up to use MAC address filtering, detect an attempt to connect by a client and compare the
client’s MAC address to those on a predefined MAC address filter list. Only client addresses
found on the list are allowed to associate. MAC addresses are assigned and registered to each of
the wireless cards used by the portable computing devices during initial setup and after physical
installation of the access points.

DHCP Server

The DHCP function is accessible only from the local LAN port to be used for initial
configuration only.

Operator Authentication and Management

Authentication mechanisms are used to authenticate an operator accessing the device and to
verify that the operator is authorized to assume the requested role and perform services within
that role.

Access to the management screens for the WAB-1000 requires knowledge of the assigned
operator ID and password. The Factory defaults (case-sensitive) are:

• ID: crypto

• Password: officer

The Security Officer initially installs and configures the WAB-1000 after which the

password should be changed from the default password. The ID and password are always case
sensitive.

7

Management

After initial setup, maintenance of the system and programming of security functions are

performed by personnel trained in the procedure using the embedded web-based management
screens.

The next chapter covers the basic procedure for setting up the hardware.

8

Chapter 2: Hardware installation

Preparation for use

The Level One WAB-1000 Outdoor Access Point requires physical mounting and

installation on the site, following a prescribed placement design to ensure optimum operation and
roaming. The determination and planning of the wireless network solution should have been
determined by a wireless LAN site survey team prior to purchase. This is not part of the scope of
this user’s guide.

The WAB-1000 operates with Power over Ethernet (PoE) which requires the installation of

a separate power injector which “injects” DC current into the Cat5 cable.

The WAB-1000 package includes the following items:

• The WAB-1000 Outdoor Access Point

• 2 attachable antennas for communicating on the 802.11b/g ports

• 1 15 Meter Ethernet cable

• 1 power injector

• 1 mounting kit for unit

• 1 Ground wire

• Documentation as PDF files (on CD-ROM)

• Registration card

• Warranty card

If you will be instal ling outdoors, you may need to purchase an outdoor antenna. The

802.11b/g antenna port (shown in picture of the plugs, page 11) is used when configuring the
unit to be used as a bridge. The port uses an external directional antenna or omni-directional
antenna (purchased separately).

The WAB-1000 can be mounted outdoors on a high post to achieve the best bridge result. It

has a lightning protection option (requires separate purchase) to prevent lightning damage.

Installation should be accomplished using the authorized cables and/or connectors provided
with the device or available from the manufacturer/distributor for use with this device. Changes
or modifications not expressly approved by the manufacturer or party responsible for this FCC
compliance could void the user’s authority to operate the equipment.

9

Installation Instructions

The WAB-1000 intended to be installed as part of a complete wireless design solution.

This manual deals only and specifically with the single WAB-1000 device as a unit. The
purpose of this chapter is the description of the device and its identifiable parts so that the user is
sufficiently familiar to interact wi th th e physical unit. Preliminary setup information provided
below is intended for information and instruction of the wireless LAN system administration
personnel.

It is intended, and is the philosophy of the manufacturer, that the user not be required to
open the individual unit. Any maintenance required is limited to the external enclosure surface,
cable connections and to the management software (as described in Chapter three and four) only.
A failed unit should be returned to the manufacturer for maintenance. Sites requiring emergency
backup should maintain extra units of the device to interchange in case of failure.

Minimum system and component requirements

The WAB-1000 is designed to be attached to the wall at appropriate locations. To complete
the configuration, you should have at least the following components:

• PCs with one of the following operating systems installed: Windows NT 4.0, Windows
2000 or Windows XP;

• A compatible 802.11b/g PC Card or 802.11b/g device for each computer that you wish to
wirelessly connect to your wireless network;

• Access to at least one laptop or PC with an Ethernet card and cable that can be used to
complete the initial configuration of the unit;

• A Web browser program (such as Microsoft Internet Explorer 5.5 or later, or Netscape

6.2 or later) installed on the PC or laptop you will be using to configure the Access Point;
and

• TCP/IP Protocol (usually comes installed on any Windows PC.)

Ensure the cabling is correctly installed

The WAB-1000 is well protected in a metal enclosure which is generally bolted to a surface.

The device should not be opened.

The following illustration shows the external cable connectors on the WAB-1000.

10

The WAN port is used to connect the WAB-1000 to the organization’s LAN. The Ethernet
cable is run from the WAB-1000 WAN port to the power injector which is then connected to a
power source and the wired LAN. A second (LAN Port) Ethernet connector is designed for use
during initial configuration only. This uses an RJ45 cable to connect the WAB-1000 to a laptop.

The reset button is for set the WAB-1000 to the factory default. Pleasekeep pressing the button
and hold for 5seconds, after WAB-1000 restart successfully, the resetting is completed.

The following diagram demonstrates the setup.

11

Sealing Antenna Connections

Once all antennas have been installed, the connection should be sealed to protect them in an
exterior harsh environment using a self amalgamating polyisobutylene tape which, over a period
of hours, adheres to itself and forms a single amalgamated rubber molding conforming to the
shape of the item it is covering. Be sure that it is completely dry when applied. If you need to
uninstall it after it has sealed for 30 minutes or more, cut it away with a sharp knife. Once the
tape is in place for several hours, it forms a shaped rubber molding that is resistant to water and
most solvents. It remains stable over a wide temperature range and degrades very slowly (over
several years) in sunlight.

The Indicator Lights

The top panel of the WAB-1000 contains a set of indicator lights (Light Emitting Diodes or
LEDs) that help describe the state of various networking and connection operations.

Table: Description of LED activity

LED Description
Power

WAN

WLAN 1
Activity

WLAN 2
Activity

WLAN
Signal
Strength

The Power indicator LED informs you when the gateway is on or off. If this light is on, the gateway
is on; if it is not on, the gateway is off.

This light indicates the state of your connection to the organization's Ethernet LAN network. When
on, the WAN light indicates that the gateway is connected to the network. When the WAN light is
off, the gateway does not have an active connection to the network.

This light may be steady or blinking and indicates that information is passing through the connection
This LED related to Wireless AP function operating.
This light may be steady or blinking and indicates that information is passing through the connection.

This LED related to Wireless Bridge function operating.

The strength LED indicator shows the signal strength of detected remote AP on the bridge side:

1. LED off: means remote AP is not detected on the bridge side, or the signal is very weak.

2. LED blinks slowly (every 1 second): means the remote AP is detected, and the signal quality is
poor.

3. LED blinks fast: means the remote AP is detected, and the signal quality is good.

4. LED steady on: means the remote AP is detected, and the signal quality is excellent.

12

Chapter 3: Configure the WAB-1000 for use as an
access point

Introduction

The WAB-1000 Gateway comes with the capability to be configured as an access point. It
can be further configured for Bridging. This is discussed in Chapter 4.

Configured as an access point, it allows one LAN to freely exchange data with another LAN
without restriction. In the case of the WAB-1000, it allows the configuration of a WLAN and
wireless connection to the LAN. The existing wired LAN is extended by adding the WAB-1000
and thus allowing free roaming and data exchange between the existing LAN and the wireless
LAN.

Preliminary configuration steps

For preliminary installation, the WAB-1000 network administrator may need the following
information:

• IP address – a list of IP addresses available on the organization's LAN that are available
to be used for assignment to the AP(s)

• Subnet mask for the LAN

• Default IP address of the WAB-1000

• DNS IP address

• SSID – an ID number/letter string that you want to use in the configuration process to
identify all members of the wireless LAN

• The MAC addresses of all the wireless cards that will be used to access the WAB-1000
network of access points (if MAC address filtering is to be enabled)

• The appropriate encryption key

13