Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of patents
or other rights of third parties which may result from its use. No license is granted by
implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to
change specifications at any time without notice.
SMC is a registered trademark; and EliteConnect is a trademark of SMC Networks, Inc. Other
product and company names are trademarks or registered trademarks of their respective
holders.
Page 3
LIMITED WARRANTY
Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products
to be free from defects in workmanship and materials, under normal use and
service, for the applicable warranty term. All SMC products carry a standard
90-day limited warranty from the date of purchase from SMC or its Authorized
Reseller. SMC may, at its own discretion, repair or replace any product not
operating as warranted with a similar or functionally equivalent product, during the
applicable warranty term. SMC will endeavor to repair or replace any product
returned under warranty within 30 days of receipt of the product.
The standard limited warranty can be upgraded to a Limited Lifetime* warranty by
registering new products within 30 days of purchase from SMC or its Authorized
Reseller. Registration can be accomplished via the enclosed product registration
card or online via the SMC Web site. Failure to register will not affect the standard
limited warranty. The Limited Lifetime warranty covers a product during the Life of
that Product, which is defined as the period of time during which the product is an
“Active” SMC product. A product is considered to be “Active” while it is listed on
the current SMC price list. As new technologies emerge, older technologies
become obsolete and SMC will, at its discretion, replace an older product in its
product line with one that incorporates these newer technologies. At that point, the
obsolete product is discontinued and is no longer an “Active” SMC product. A list
of discontinued products with their respective dates of discontinuance can be
found at:
http://www.smc.com/index.cfm?action=customer_service_warranty.
All products that are replaced become the property of SMC. Replacement
products may be either new or reconditioned. Any replaced or repaired product
carries either a 30-day limited warranty or the remainder of the initial warranty,
whichever is longer. SMC is not responsible for any custom software or firmware,
configuration information, or memory data of Customer contained in, stored on, or
integrated with any products returned to SMC pursuant to any warranty. Products
returned to SMC should have any customer-installed accessory or add-on
components, such as expansion modules, removed prior to returning the product
for replacement. SMC is not responsible for these items if they are returned with
the product.
Customers must contact SMC for a Return Material Authorization number prior to
returning any product to SMC. Proof of purchase may be required. Any product
returned to SMC without a valid Return Material Authorization (RMA) number
clearly marked on the outside of the package will be returned to customer at
customer’s expense. For warranty claims within North America, please call our
toll-free customer support number at (800) 762-4968.
i
Page 4
LIMITED WARRANTY
Customers are responsible for all shipping charges from their facility to SMC. SMC
is responsible for return shipping charges from SMC to customer.
WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS
WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR
REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE
FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR
IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR
OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC
NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME
FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE,
INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL
NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND
EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES
NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S
MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING,
UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND
THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING,
OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT
OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE
DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS,
OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH
THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE,
OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED
RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES
OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR
CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS
MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS
WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.
* SMC will provide warranty service for one year following discontinuance from
the active SMC price list. Under the limited lifetime warranty, internal and
external power supplies, fans, and cables are covered by a standard one-year
warranty from date of purchase.
SMC Networks, Inc.
38 Tesla
Irvine, CA 92618
ii
Page 5
COMPLIANCES
Federal Communication Commission Interference
Statement
This equipment has been tested and found to comply with the limits for a Class B
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may
cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this
equipment does cause harmful interference to radio or television reception, which
can be determined by turning the equipment off and on, the user is encouraged to
try to correct the interference by one of the following measures:
• Reorient or relocate the receiving antenna
• Increase the separation between the equipment and receiver
• Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected
• Consult the dealer or an experienced radio/TV technician for help
Warnings: 1.Wear an anti-static wrist strap or take other suitable measures to
2.When connecting this device to a power outlet, connect the field
FCC Caution: Any changes or modifications not expressly approved by the party
responsible for compliance could void the user's authority to operate this
equipment. This device complies with Part 15 of the FCC Rules. Operation is
subject to the following two conditions: (1) This device may not cause harmful
interference, and (2) this device must accept any interference received, including
interference that may cause undesired operation.
prevent electrostatic discharge when handling this equipment.
ground lead on the tri-pole power plug to a valid earth ground line to
prevent electrical hazards.
IMPORTANT NOTE:
FCC Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an
uncontrolled environment. This equipment should be installed and operated with a
minimum distance of 20 centimeters (8 inches) between the radiator and your
body. This transmitter must not be co-located or operating in conjunction with any
other antenna or transmitter.
iii
Page 6
COMPLIANCES
Wireless 5 GHz Band Statements:
As the SMC2888W access point/bridge can operate in the 5150-5250 MHz
frequency band it is limited by the FCC, Industry Canada and some other
countries to indoor use only so as to reduce the potential for harmful interference
to co-channel Mobile Satellite systems.
High power radars are allocated as primary users (meaning they have priority) of
the 5250-5350 MHz and 5650-5850 MHz bands. These radars could cause
interference and/or damage to the access point.
EC Conformance Declaration
SMC contact for these products in Europe is:
SMC Networks Europe,
Edificio Conata II,
Calle Fructuós Gelabert 6-8, 2
08970 - Sant Joan Despí,
Barcelona, Spain.
Marking by the above symbol indicates compliance with the Essential
Requirements of the R&TTE Directive of the European Union (1999/5/EC). This
equipment meets the following conformance standards:
• EN 60950 (IEC 60950) - Product Safety
• EN 301 893 - Technical requirements for 5 GHz radio equipment
• EN 300 328 - Technical requirements for 2.4 GHz radio equipment
• EN 301 489-1 / EN 301 489-17 - EMC requirements for radio equipment
o
, 4a,
0560
Countries of Operation & Conditions of Use in the European
Community
This device is intended to be operated in all countries of the European
Community. Requirements for indoor vs. outdoor operation, license requirements
and allowed channels of operation apply in some countries as described below:
Note: The user must use the configuration utility provided with this product to
ensure the channels of operation are in conformance with the spectrum
usage rules for European Community countries as described below.
• This device requires that the user or installer properly enter the current country
of operation in the command line interface as described in the user guide, before
operating this device.
• This device will automatically limit the allowable channels determined by the
current country of operation. Incorrectly entering the country of operation may
result in illegal operation and may cause harmful interference to other system.
The user is obligated to ensure the device is operating according to the channel
limitations, indoor/outdoor restrictions and license requirements for each
European Community country as described in this document.
iv
Page 7
C
OMPLIANCES
• This device employs a radar detection feature required for European Community
operation in the 5 GHz band. This feature is automatically enabled when the
country of operation is correctly configured for any European Community
country. The presence of nearby radar operation may result in temporary
interruption of operation of this device. The radar detection feature will
automatically restart operation on a channel free of radar.
• The 5 GHz Turbo Mode feature is not allowed for operation in any European
Community country. The current setting for this feature is found in the 5 GHz
802.11a Radio Settings Window as described in the user guide.
• The 5 GHz radio's Auto Channel Select setting described in the user guide must
always remain enabled to ensure that automatic 5 GHz channel selection
complies with European requirements. The current setting for this feature is
found in the 5 GHz 802.11a Radio Settings Window as described in the user
guide.
• This device is restricted to indoor use when operated in the European
Community using the 5.15 - 5.35 GHz band: Channels 36, 40, 44, 48, 52, 56, 60,
64. See table below for allowed 5 GHz channels by country.
• This device may be operated indoors or outdoors in all countries of the European
Community using the 2.4 GHz band: Channels 1 - 13, except where noted
below.
- In Italy the end-user must apply for a license from the national spectrum
authority to operate this device outdoors.
- In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz
band: Channel 13.
- In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band:
Channels 1 - 7
v
Page 8
COMPLIANCES
Operation Using 5 GHz Channels in the European
Community
The user/installer must use the provided configuration utility to check the current
channel of operation and make necessary configuration changes to ensure
operation occurs in conformance with European National spectrum usage laws as
described below and elsewhere in this document.
Allowed 5GHz Channels in Each European Community Country
Allowed Frequency Bands Allowed Channel Numbers Countries
* Outdoor operation is not allowed using 5.15-5.35 GHz bands (Channels 36 - 64).
* Currently channels 36-64 are unavailable for use either indoors or outdoors.
Declaration of Conformity in Languages of the European
Community
EnglishHereby, SMC Networks, declares that this Radio LAN device is in
FinnishValmistaja SMC Networks vakuuttaa täten että Radio LAN device
DutchHierbij verklaart SMC Networks dat het toestel Radio LAN device
FrenchPar la présente SMC Networks déclare que l'appareil Radio LAN
SwedishHärmed intygar SMC Networks att denna Radio LAN device står
DanishUndertegnede SMC Networks erklærer herved, at følgende udstyr
GermanHiermit erklärt SMC Networks, dass sich dieser/diese/dieses
GreekΜε την παρουσα SMC Networks δηλωνει οτι radio LAN device
compliance with the essential requirements and other relevant
provisions of Directive 1999/5/EC.
tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja
sitä koskevien direktiivin muiden ehtojen mukainen.
in overeenstemming is met de essentiële eisen en de andere
relevante bepalingen van richtlijn 1999/5/EG
Bij deze SMC Networks dat deze Radio LAN device voldoet aan
de essentiële eisen en aan de overige relevante bepalingen van
Richtlijn 1999/5/EC.
device est conforme aux exigences essentielles et aux autres
dispositions pertinentes de la directive 1999/5/CE
I överensstämmelse med de väsentliga egenskapskrav och
övriga relevanta bestämmelser som framgår av direktiv 1999/5/
EG.
Radio LAN device overholder de væsentlige krav og øvrige
relevante krav i direktiv 1999/5/EF
Radio LAN device in Übereinstimmung mit den grundlegenden
Anforderungen und den anderen relevanten Vorschriften der
Richtlinie 1999/5/EG befindet". (BMWi)
Hiermit erklärt SMC Networks die Übereinstimmung des Gerätes
Radio LAN device mit den grundlegenden Anforderungen und
den anderen relevanten Festlegungen der Richtlinie 1999/5/EG.
(Wien)
ItalianCon la presente SMC Networks dichiara che questo Radio LAN
SpanishPor medio de la presente SMC Networks declara que el Radio
PortugueseSMC Networks declara que este Radio LAN device está conforme
device è conforme ai requisiti essenziali ed alle altre disposizioni
pertinenti stabilite dalla direttiva 1999/5/CE.
LAN device cumple con los requisitos esenciales y cualesquiera
otras disposiciones aplicables o exigibles de la Directiva 1999/5/
CE
com os requisitos essenciais e outras disposições da Directiva
1999/5/CE.
Safety Compliance
Power Cord Safety
Please read the following safety information carefully before installing the wireless
access point:
WARNING: Installation and removal of the unit must be carried out by qualified
personnel only.
• The unit must be connected to an earthed (grounded) outlet to comply with
international safety standards.
• Do not connect the unit to an A.C. outlet (power supply) without an earth
(ground) connection.
• The appliance coupler (the connector to the unit and not the wall plug) must have
a configuration for mating with an EN 60320/IEC 320 appliance inlet.
• The socket outlet must be near to the unit and easily accessible. You can only
remove power from the unit by disconnecting the power cord from the outlet.
• This unit operates under SELV (Safety Extra Low Voltage) conditions according
to IEC 60950. The conditions are only maintained if the equipment to which it is
connected also operates under SELV conditions.
France and Peru only
This unit cannot be powered from IT
unit must be powered by 230 V (2P+T) via an isolation transformer ratio 1:1, with
the secondary connection point labelled Neutral, connected directly to earth
(ground).
†
Impédance à la terre
†
supplies. If your supplies are of IT type, this
viii
Page 11
C
OMPLIANCES
Important! Before making connections, make sure you have the correct cord set.
Check it (read the label on the cable) against the following:
Power Cord Set
U.S.A. and
Canada
DenmarkThe supply plug must comply with Section 107-2-D1,
SwitzerlandThe supply plug must comply with SEV/ASE 1011.
U.K.The supply plug must comply with BS1363 (3-pin 13 A) and
EuropeThe supply plug must comply with CEE7/7 (“SCHUKO”).
The cord set must be UL-approved and CSA certified.
The minimum specifications for the flexible cord are:
- No. 18 AWG - not longer than 2 meters, or 16 AWG.
- Type SV or SJ
- 3-conductor
The cord set must have a rated current capacity of at least
10 A
The attachment plug must be an earth-grounding type with
NEMA 5-15P (15 A, 125 V) or NEMA 6-15P (15 A, 250 V)
configuration.
Standard DK2-1a or DK2-5a.
be fitted with a 5 A fuse which complies with BS1362.
The mains cord must be <HAR> or <BASEC> marked and
be of type HO3VVF3GO.75 (minimum).
The mains cord must be <HAR> or <BASEC> marked and
be of type HO3VVF3GO.75 (minimum).
IEC-320 receptacle.
ix
Page 12
COMPLIANCES
Veuillez lire à fond l'information de la sécurité suivante avant
d'installer le wireless access point:
AVERTISSEMENT: L’installation et la dépose de ce groupe doivent être confiés à un
personnel qualifié.
• Ne branchez pas votre appareil sur une prise secteur (alimentation électrique)
lorsqu'il n'y a pas de connexion de mise à la terre (mise à la masse).
• Vous devez raccorder ce groupe à une sortie mise à la terre (mise à la masse) afin
de respecter les normes internationales de sécurité.
• Le coupleur d’appareil (le connecteur du groupe et non pas la prise murale) doit
respecter une configuration qui permet un branchement sur une entrée d’appareil
EN 60320/IEC 320.
• La prise secteur doit se trouver à proximité de l’appareil et son accès doit être
facile. Vous ne pouvez mettre l’appareil hors circuit qu’en débranchant son cordon
électrique au niveau de cette prise.
• L’appareil fonctionne à une tension extrêmement basse de sécurité qui est
conforme à la norme IEC 60950. Ces conditions ne sont maintenues que si
l’équipement auquel il est raccordé fonctionne dans les mêmes conditions.
France et Pérou uniquement:
Ce groupe ne peut pas être alimenté par un dispositif à impédance à la terre. Si vos
alimentations sont du type impédance à la terre, ce groupe doit être alimenté par
une tension de 230 V (2 P+T) par le biais d’un transformateur d’isolement à rapport
1:1, avec un point secondaire de connexion portant l’appellation Neutre et avec
raccordement direct à la terre (masse).
Cordon électrique - Il doit être agréé dans le pays d’utilisation
Etats-Unis et
Canada:
Danemark:La prise mâle d’alimentation doit respecter la section 107-2 D1 de la
Le cordon doit avoir reçu l’homologation des UL et un certificat de la CSA.
Les spe'cifications minimales pour un cable flexible sont AWG No. 18,
ouAWG No. 16 pour un cable de longueur infe'rieure a` 2 me'tres.
- type SV ou SJ
- 3 conducteurs
Le cordon doit être en mesure d’acheminer un courant no minal d’au moins
10 A.
La prise femelle de branchement doit être du type à mise à la terre (mise
à la masse) et respecter la configuration NEMA 5-15P (15 A, 125 V) ou
NEMA 6-15P (15 A, 250 V).
norme DK2 1a ou DK2 5a.
x
Page 13
C
OMPLIANCES
Cordon électrique - Il doit être agréé dans le pays d’utilisation
Suisse:La prise mâle d’alimentation doit respecter la norme SEV/ASE 1011.
EuropeLa prise secteur doit être conforme aux normes CEE 7/7 (“SCHUKO”)
LE cordon secteur doit porter la mention <HAR> ou <BASEC> et doit être
de type HO3VVF3GO.75 (minimum).
Bitte unbedingt vor dem Einbauen des Access Point die folgenden
Sicherheitsanweisungen durchlesen
WARNUNG: Die Installation und der Ausbau des Geräts darf nur durch
Fachpersonal erfolgen.
• Das Gerät sollte nicht an eine ungeerdete Wechselstromsteckdose
angeschlossen werden.
• Das Gerät muß an eine geerdete Steckdose angeschlossen werden, welche die
internationalen Sicherheitsnormen erfüllt.
• Der Gerätestecker (der Anschluß an das Gerät, nicht der
Wandsteckdosenstecker) muß einen gemäß EN 60320/IEC 320 konfigurierten
Geräteeingang haben.
• Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein. Die
Stromversorgung des Geräts kann nur durch Herausziehen des
Gerätenetzkabels aus der Netzsteckdose unterbrochen werden.
• Der Betrieb dieses Geräts erfolgt unter den SELV-Bedingungen
(Sicherheitskleinstspannung) gemäß IEC 60950. Diese Bedingungen sind nur
(Germany):
xi
Page 14
COMPLIANCES
gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter
•
SELV-Bedingungen betrieben werden.
Stromkabel. Dies muss von dem Land, in dem es benutzt wird geprüft werden:
U.S.A und
Kanada
DanemarkDieser Stromstecker muß die ebene 107-2-D1, der
SchweizDieser Stromstecker muß die SEV/ASE
EuropeDas Netzkabel muß vom Typ HO3VVF3GO.75
Der Cord muß das UL gepruft und war das CSA
beglaubigt.
Das Minimum spezifikation fur der Cord sind:
- Nu. 18 AWG - nicht mehr als 2 meter, oder 16 AWG.
- Der typ SV oder SJ
- 3-Leiter
Der Cord muß haben eine strombelastbarkeit aus
wenigstens 10 A
Dieser Stromstecker muß hat einer erdschluss mit der typ
NEMA 5-15P (15A, 125V) oder NEMA 6-15P (15A, 250V)
konfiguration.
standard DK2-1a oder DK2-5a Bestimmungen einhalten.
1011Bestimmungen einhalten.
(Mindestanforderung) sein und die Aufschrift <HAR> oder
<BASEC> tragen.
Der Netzstecker muß die Norm CEE 7/7 erfüllen
(”SCHUKO”).
The SMC EliteConnect Universal 2.4GHz/5GHz Wireless
Dual-Band Outdoor Access Point/Bridge system consists of two
models that provide point-to-point or point-to-multipoint bridge
links between remote Ethernet LANs, and wireless access point
services for clients in the local LAN area:
•SMC2888W-S – Includes an integrated high-gain antenna for
the 802.11a radio and is designed to operate as a “Slave”
bridge in point-to-multipoint configurations, or provide a
high-speed point-to-point wireless link between two sites. The
802.11b/g radio requires an external antenna option.
•SMC2888W-M – Provides only external antenna options and
is designed to operate as the “Master” bridge in
point-to-multipoint configurations, supporting wireless bridge
connections to as many as 16 SMC2888W-S Slave units.
Each model is housed in a weatherproof enclosure for mounting
outdoors and includes its own brackets for attaching to a wall,
pole, radio mast, or tower structure. The unit is powered through
its Ethernet cable connection from a power injector module that is
installed indoors.
The wireless bridge system offers a fast, reliable, and
cost-effective solution for connectivity between remote Ethernet
wired LANs or to provide Internet access to an isolated site. The
system is also easy to install and operate, ideal for situations
where a wired link may be difficult or expensive to deploy. The
wireless bridge connection provides data rates of up to 108
Mbps.
1-1
Page 24
Introduction
In addition, both wireless bridge models offer full network
management capabilities through an easy-to-use web interface, a
command-line interface, and support for Simple Network
Management Protocol (SNMP) tools.
Radio Characteristics – The IEEE 802.11a and 802.11g
standards use a radio modulation technique known as
Orthogonal Frequency Division Multiplexing (OFDM), and a
shared collision domain (CSMA/CA). The 802.11a standard
operates in the 5 GHz Unlicensed National Information
Infrastructure (UNII) band, and the 802.11g standard in the 2.4
GHz band.
IEEE 802.11g includes backward compatibility with the IEEE
802.11b standard. IEEE 802.11b also operates at 2.4 GHz, but
uses Direct Sequence Spread Spectrum (DSSS) and
Complementary Code Keying (CCK) modulation technology to
achieve a communication rate of up to 11 Mbps.
The wireless bridge provides a 54 Mbps half-duplex connection
for each active channel (up to 108 Mbps in turbo mode on the
802.11a interface).
Package Checklist
The Dual-band Outdoor Access Point / Bridge package includes:
•One Category 5 network cable, length 164 ft (50 m)
•One power injector module and power cord
1-2
Page 25
Package Checklist
•Outdoor pole-mounting bracket kit
• Outdoor wall-mounting bracket kit
• This User Guide
Inform your dealer if there are any incorrect, missing or damaged
parts. If possible, retain the carton, including the original packing
materials. Use them again to repack the product in case there is a
need to return it.
1-3
Page 26
Introduction
Hardware Description
Bottom View
Ethernet Port
Top View (SMC2888W-S)
N-Type External
Antenna Connector
(2.4 GHz)
Top View (SMC2888W-M)
N-Type External
Antenna Connector
(2.4 GHz)
RSSI Connector with
Protective Cap
Grounding Point
Screw
N-Type External
Antenna Connector
(2.4 GHz)
N-Type External
Antenna Connector
(5 GHz)
Integrated Antenna
1-4
Page 27
Hardware Description
Integrated High-Gain Antenna
The SMC2888W-S wireless bridge includes an integrated
high-gain (17 dBi) flat-panel antenna for 5 GHz operation.
External Antenna Options
The SMC2888W-M Master bridge unit does not include an
integrated antenna, but provides various external antenna options
for both 5 GHz and 2.4 GHz operation. In a point-to-multipoint
configuration, an external high-gain omnidirectional, sector, or
high-gain panel antenna can be attached to communicate with
bridges spread over a wide area.
External antennas connect to the N-type RF connectors on the
wireless bridge using the provided coaxial cables.
Ethernet Port
The wireless bridge has one 10BASE-T/100BASE-TX 8-pin DIN
port that connects to the power injector module using the
included Ethernet cable. The Ethernet port connection provides
power to the wireless bridge as well as a data link to the local
network.
The wireless bridge appears as an Ethernet node and performs a
bridging function by moving packets from the wired LAN to the
remote end of the wireless bridge link.
Note: The power injector module does not support Power over Ethernet
(PoE) based on the IEEE 802.3af standard. The wireless bridge
unit must always be powered on by being connected to the power
injector module.
1-5
Page 28
Introduction
Power Injector Module
The wireless bridge receives power through its network cable
connection using power-over-Ethernet technology. A power
injector module is included in the wireless bridge package and
provides two RJ-45 Ethernet ports, one for connecting to the
wireless bridge (Output), and the other for connecting to a local
LAN switch (Input).
The Input port uses an MDI (i.e., internal straight-through) pin
configuration. You can therefore use straight-through twisted-pair
cable to connect this port to most network interconnection
devices such as a switch or router that provide MDI-X ports.
However, when connecting the access point to a workstation or
other device that does not have MDI-X ports, you must use
crossover twisted-pair cable.
Ethernet from
Local Network
LED Indicator
InputOutput
Ethernet and Power to
Wireless Bridge
AC Power Socket
(Hidden)
The wireless bridge does not have a power switch. It is powered
on when its Ethernet port is connected to the power injector
module, and the power injector module is connected to an AC
power source. The power injector includes one LED indicator that
turns on when AC power is applied.
1-6
Page 29
Hardware Description
The power injector module automatically adjusts to any AC
voltage between 100-240 volts at 50 or 60 Hz. No voltage range
settings are required.
Warning: The power injector module is designed for indoor use only.
Never mount the power injector outside with the wireless
bridge unit.
Receive Signal Strength Indicator (RSSI) BNC
Connector
The RSSI connector provides an output voltage that is
proportional to the received radio signal strength. A DC voltmeter
can be connected this port to assist in aligning the antennas at
both ends of a wireless bridge link.
Grounding Point
Even though the wireless bridge includes its own built-in lightning
protection, it is important that the unit is properly connected to
ground. A grounding screw is provided for attaching a ground wire
to the unit.
Wall- and Pole-Mounting Bracket Kits
The wireless bridge includes bracket kits that can be used to
mount the bridge to a wall, pole, radio mast, or part of a tower
structure.
1-7
Page 30
Introduction
System Configuration
At each location where a unit is installed, it must be connected to
the local network using the power injector module. The following
figure illustrates the system component connections.
External Antenna
LAN Switch
IndoorOutdoor
Ethernet CableEthernet Cable
Power
Injector
AC Power
RF Coaxial Cable
Wireless Bridge Unit
Ground Wire
1-8
Page 31
Features and Benefits
Features and Benefits
•SMC2888W-S Slave units support a 5 GHz high-gain 17 dBi
antenna
•SMC2888W-M Master units support 5 GHz point-to-multipoint
links using various external antenna options
•Both SMC2888W-S and SMC2888W-M units also support
access point services for the 5 GHz and 2.4 GHz radios using
various external antenna options
•Maximum data rate up to 108 Mbps on the 802.11a (5 GHz)
radio
•Outdoor weatherproof design
•IEEE 802.11a and 802.11b/g compliant
•Local network connection via 10/100 Mbps Ethernet port
•Powered through its Ethernet cable connection to the power
injector module
•Includes wall- and pole-mount brackets
•Security through 64/128/152-bit Wired Equivalent Protection
(WEP) or 128-bit Advanced Encryption Standard (AES)
encryption, and WiFi Protected Areas (WPA)
•Scans all available channels and selects the best channel and
data rate based on the signal-to-noise ratio
•Manageable through an easy-to-use web-browser interface,
command line (via Telnet), or SNMP network management
tools
1-9
Page 32
Introduction
System Defaults
The following table lists some of the wireless bridge’s basic
system defaults. To reset the bridge defaults, use the CLI
command “reset configuration” from the Exec level prompt.
FeatureParameterDefault
IdentificationSystem NameDual Band Outdoor
AdministrationUser Nameadmin
Passwordsmcadmin
GeneralHTTP ServerEnabled
HTTP Server Port80
TCP/IPIP AddressDHCP
Subnet Mask255.255.255.0
Default Gateway0.0.0.0
Primary DNS IP0.0.0.0
Secondary DNS IP0.0.0.0
VLANsStatusDisabled
Native VLAN ID1
Filter ControlEthernet TypeDisabled
AP
1-10
Page 33
System Defaults
FeatureParameterDefault
SNMPStatusEnabled
Locationnull
ContactContact
Community (Read Only)Public
Community (Read/Write)Private
TrapsEnabled
Trap Destination IP Address null
Trap Destination Community
The Dual-band Outdoor Access Point / Bridge system provides
access point or bridging services through either the 5 GHz or 2.4
GHz radio interfaces.
The wireless bridge units can be used just as normal 802.11a/b/g
access points connected to a local wired LAN, providing
connectivity and roaming services for wireless clients in an
outdoor area. Units can also be used purely as bridges
connecting remote LANs. Alternatively, you can employ both
access point and bridging functions together, offering a flexible
and convenient wireless solution for many applications.
This chapter describes the role of wireless bridge in various
wireless network configurations.
Access Point Topologies
Wireless networks support a stand-alone wireless configuration
as well as an integrated configuration with 10/100 Mbps Ethernet
LANs.
Wireless network cards, adapters, and access points can be
configured as:
•Ad hoc for departmental, SOHO, or enterprise LANs
•Infrastructure for wireless LANs
•Infrastructure wireless LAN for roaming wireless PCs
2-1
Page 38
Network Configuration
The 802.11b and 802.11g frequency band, which operates at
2.4 GHz, can easily encounter interference from other 2.4 GHz
devices, such as other 802.11b or g wireless devices, cordless
phones and microwave ovens. If you experience poor wireless
LAN performance, try the following measures:
•Limit any possible sources of radio interference within the
service area
•Increase the distance between neighboring access points
•Increase the channel separation of neighboring access points
(e.g., up to 3 channels of separation for 802.11b or up to 5
channels for 802.11g)
Ad Hoc Wireless LAN (no Access Point or Bridge)
An ad hoc wireless LAN consists of a group of computers, each
equipped with a wireless adapter, connected through radio
signals as an independent wireless LAN. Computers in a specific
ad hoc wireless LAN must therefore be configured to the same
radio channel.
2-2
Notebook with
Wireless USB Adapter
PC with Wireless
PCI Adapter
Ad Hoc Wireless LAN
Notebook with
Wireless PC Card
Page 39
Access Point Topologies
Infrastructure Wireless LAN
The access point function of the wireless bridge provides access
to a wired LAN for 802.11a/b/g wireless workstations. An
integrated wired/wireless LAN is called an Infrastructure
configuration. A Basic Service Set (BSS) consists of a group of
wireless PC users and an access point that is directly connected
to the wired LAN. Each wireless PC in a BSS can connect to any
computer in its wireless group or access other computers or
network resources in the wired LAN infrastructure through the
access point.
The infrastructure configuration not only extends the accessibility
of wireless PCs to the wired LAN, but also increases the effective
wireless transmission range for wireless PCs by passing their
signals through one or more access points.
A wireless infrastructure can be used for access to a central
database, or for connection between mobile workers, as shown in
the following figure.
Desktop PC
Wired LAN Extension
to Wireless Clients
Server
Switch
PC with Wireless
PCI Adapter
Notebook with Wireless
PC Card Adapter
Access Point
2-3
Page 40
Network Configuration
Infrastructure Wireless LAN for Roaming Wireless PCs
The Basic Service Set (BSS) defines the communications domain
for each access point and its associated wireless clients. The
BSS ID is a 48-bit binary number based on the access point’s
wireless MAC address, and is set automatically and transparently
as clients associate with the access point. The BSS ID is used in
frames sent between the access point and its clients to identify
traffic in the service area.
The BSS ID is only set by the access point, never by its clients.
The clients only need to set the Service Set Identifier (SSID) that
identifies the service set provided by one or more access points.
The SSID can be manually configured by the clients, can be
detected in an access point’s beacon, or can be obtained by
querying for the identity of the nearest access point. For clients
that do not need to roam, set the SSID for the wireless card to
that used by the access point to which you want to connect.
A wireless infrastructure can also support roaming for mobile
workers. More than one access point can be configured to create
an Extended Service Set (ESS). By placing the access points so
that a continuous coverage area is created, wireless users within
this ESS can roam freely. All wireless network card adapters and
wireless access points within a specific ESS must be configured
with the same SSID.
2-4
Page 41
Desktop PC
Seamless Roaming
for Wireless Clients
Server
Switch
Bridge Link Topologies
Notebook with Wireless
PC Card Adapter
PC with Wireless
PCI Adapter
Switch
Access Point
Notebook with Wireless
PC Card Adapter
<BSS1>
Access Point
<BSS2>
<ESS>
Bridge Link Topologies
The IEEE 802.11 standard defines a WIreless Distribution
System (WDS) for bridge connections between BSS areas
(access points). The outdoor wireless bridge uses WDS to
forward traffic on links between units. Up to 16 WDS links can be
specified for a SMC2888W-M unit, which acts as the “Master” in
the wireless bridge network. SMC2888W-S Slave units support
only one WDS link, which must be to the network’s master unit.
The SMC2888W-M and SMC2888W-S support WDS bridge links
on either the 5 GHz (802.11a) or 2.4 GHz (802.11b/g) bands and
can be used with various external antennas to offer flexible
deployment options.
2-5
Page 42
Network Configuration
Note: The external antennas offer longer range options using the 5 GHz
radio, which makes this interface more suitable for bridge links.
When using WDS on a radio band, only wireless bridge units can
associate to each other. Wireless clients can only associate with
the wireless bridge using a radio band set to access point mode.
Point-to-Point Configuration
Two SMC2888W-S bridges can form a wireless point-to-point link
using their 5 GHz (802.11a) integrated antennas.
SMC2888W-S
LAN
SMC2888W-S
Point-to-Multipoint Configuration
A SMC2888W-M wireless bridge can use an omnidirectional or
sector antenna to connect to as many as 16 bridges in a
point-to-multipoint configuration. There can only be one
SMC2888W-M “Master” unit in the wireless bridge network, all
other bridges must be SMC2888W-S “Slave” units.
LAN
2-6
Page 43
Bridge Link Topologies
Slave
Slave
Slave
Master with
Sector Antenna
Master with
Omnidirectional
Antenna
Slave
Slave
Slave
Slave
Slave
Slave
2-7
Page 44
Network Configuration
2-8
Page 45
Chapter 3
Bridge Link Planning
The SMC Dual-band Outdoor Access Point / Bridge supports
fixed point-to-point or point-to-multipoint wireless links. A single
link between two points can be used to connect a remote site to
larger core network. Multiple bridge links can provide a way to
connect widespread Ethernet LANs.
For each link in a wireless bridge network to be reliable and
provide optimum performance, some careful site planning is
required. This chapter provides guidance and information for
planning your wireless bridge links.
Note: The planning and installation of the wireless bridge requires
professional personnel that are trained in the installation of radio
transmitting equipment. The user is responsible for compliance
with local regulations concerning items such as antenna power,
use of lightning arrestors, grounding, and radio mast or tower
construction. Therefore, it is recommended to consult a
professional contractor knowledgeable in local radio regulations
prior to equipment installation.
Radio Path Planning
Although the wireless bridge uses IEEE 802.11a radio
technology, which is capable of reducing the effect of multipath
signals due to obstructions, the wireless bridge link requires a
“radio line-of-sight” between the two antennas for optimum
performance.
The concept of radio line-of-sight involves the area along a radio
link path through which the bulk of the radio signal power travels.
3-1
Page 46
Bridge Link Planning
This area is known as the first Fresnel Zone of the radio link. For
a radio link not to be affected by obstacles along its path, no
object, including the ground, must intrude within 60% of the first
Fresnel Zone.
The following figure illustrates the concept of a good radio
line-of-sight.
Visual Line of Sight
Radio Line of Sight
If there are obstacles in the radio path, there may still be a radio
link but the quality and strength of the signal will be affected.
Calculating the maximum clearance from objects on a path is
important as it directly affects the decision on antenna placement
and height. It is especially critical for long-distance links, where
the radio signal could easily be lost.
When planning the radio path for a wireless bridge link, consider
these factors:
•Avoid any partial line-of-sight between the antennas.
•Be cautious of trees or other foliage that may be near the path,
or may grow and obstruct the path.
3-2
Page 47
Radio Path Planning
•Be sure there is enough clearance from buildings and that no
building construction may eventually block the path.
•Check the topology of the land between the antennas using
topographical maps, aerial photos, or even satellite image
data (software packages are available that may include this
information for your area).
•Avoid a path that may incur temporary blockage due to the
movement of cars, trains, or aircraft.
Antenna Height
A reliable wireless link is usually best achieved by mounting the
antennas at each end high enough for a clear radio line of sight
between them. The minimum height required depends on the
distance of the link, obstacles that may be in the path, topology of
the terrain, and the curvature of the earth (for links over 3 miles).
For long-distance links, a mast or pole may need to be
contsructed to attain the minimum required height. Use the
following table to estimate the required minimum clearance above
the ground or path obstruction (for 5 GHz bridge links).
3-3
Page 48
Bridge Link Planning
.
Total Link
Distance
0.25 mile (402 m) 4.5 ft (1.4 m)04.5 ft (1.4 m)
0.5 mile (805 m)6.4 ft (1.95 m)06.4 ft (1.95 m)
1 mile (1.6 km)9 ft (2.7 m)09 ft (2.7 m)
2 miles (3.2 km)12.7 ft (3.9 m)012.7 ft (3.9 m)
3 miles (4.8 km)15.6 ft (4.8 m)1.8 ft (0.5 m)17.4 ft (5.3 m)
4 miles (6.4 km)18 ft (5.5 m)3.2 ft (1.0 m)21.2 ft (6.5 m)
5 miles (8 km)20 ft (6.1 m)5 ft (1.5 m)25 ft (7.6 m)
7 miles (11.3 km) 24 ft (7.3 m)9.8 ft (3.0 m)33.8 ft (10.3 m)
9 miles (14.5 km) 27 ft (8.2 m)16 ft (4.9 m)43 ft (13.1 m)
12 miles (19.3 km) 31 ft (9.5 m)29 ft (8.8 m)60 ft (18.3 m)
15 miles (24.1 km) 35 ft (10.7 m)45 ft (13.7 m)80 ft (24.4 m)
17 miles (27.4 km) 37 ft (11.3 m)58 ft (17.7 m)95 ft (29 m)
Note that to avoid any obstruction along the path, the height of
the object must be added to the minimum clearance required for a
clear radio line-of-sight. Consider the following simple example,
illustrated in the figure below.
Max Clearance
for 60% of First
Fresnel Zone at
5.8 GHz
Approximate
Clearance for
Earth
Curvature
Total
Clearance
Required at
Mid-point of
Link
2.4 m
20 m
3-4
A
Visual Line of Sight
3miles(4.8km)
17 m
5.4 m
Radio Line of Sight
B
1.4 m
9m
12 m
Page 49
Radio Path Planning
A wireless bridge link is deployed to connect building A to a
building B, which is located three miles (4.8 km) away. Mid-way
between the two buidings is a small tree-covered hill. From the
above table it can be seen that for a three-mile link, the object
clearance required at the mid-point is 5.3 m (17.4 ft). The
tree-tops on the hill are at an elevation of 17 m (56 ft), so the
antennas at each end of the link need to be at least 22.3 m (73 ft)
high. Building A is six stories high, or 20 m (66 ft), so a 2.3 m
(7.5 ft) mast or pole must be contructed on its roof to achieve the
required antenna height. Building B is only three stories high, or 9
m (30 ft), but is located at an elevation that is 12 m (39 ft) higher
than bulding A. To mount an anntena at the required height on
building B, a mast or pole of only 1.3 m (4.3 ft) is needed.
Warning: Never construct a radio mast, pole, or tower near overhead
power lines.
Note: Local regulations may limit or prevent construction of a high radio
mast or tower. If your wireless bridge link requires a high radio
mast or tower, consult a professional contractor for advice.
Antenna Position and Orientation
Once the required antenna height has been determined, other
factors affecting the precise position of the wireless bridge must
be considered:
•Be sure there are no other radio antennas within 2 m (6 ft) of
the wireless bridge
•Place the wireless bridge away from power and telephone
lines
•Avoid placing the wireless bridge too close to any metallic
reflective surfaces, such as roof-installed air-conditioning
equipment, tinted windows, wire fences, or water pipes
3-5
Page 50
Bridge Link Planning
•The wireless bridge antennas at both ends of the link must be
positioned with the same polarization direction, either
horizontal or vertical
Antenna Polarization — The wireless bridge’s integrated
antenna sends a radio signal that is polarized in a particular
direction. The antenna’s receive sensitivity is also higher for radio
signals that have the same polarization. To maximize the
performance of the wireless link, both antennas must be set to
the same polarization direction. The antenna polarization is
marked on the wireless bridge, as indicated in the following
figure.
V
H
Radio Interference
The avoidance of radio interference is an important part of
wireless link planning. Interference is caused by other radio
transmissions using the same or an adjacent channel frequency.
You should first scan your proposed site using a spectrum
analyzer to determine if there are any strong radio signals using
the 802.11a channel frequencies. Always use a channel
frequency that is furthest away from another signal.
If radio interference is still a problem with your wireless bridge
link, changing the antenna polarization direction may improve the
situation.
3-6
Page 51
Radio Path Planning
Weather Conditions
When planning wireless bridge links, you must take into account
any extreme weather conditions that are known to affect your
location. Consider these factors:
•Temperature — The wireless bridge is tested for normal
operation in temperatures from -33°C to 55°C. Operating in
temperatures outside of this range may cause the unit to fail.
•Wind Velocity — The wireless bridge can operate in winds up
to 90 MPH and survive higher wind speeds up to 125 MPH.
You must consider the known maximum wind velocity and
direction at the site and be sure that any supporting structure,
such as a pole, mast, or tower, is built to withstand this force.
•Lightning — The wireless bridge includes its own built-in
lightning protection. However, you should make sure that the
unit, any supporting structure, and cables are all properly
grounded. Additional protection using lightning rods, lightning
arrestors, or surge suppressors may also be employed.
•Rain — The wireless bridge is weatherproofed against rain.
Also, prolonged heavy rain has no significant effect on the
radio signal. However, it is recommended to apply
weatherproof sealing tape around the Ethernet port and
antenna connectors for extra protection. If moisture enters a
connector, it may cause a degradation in performance or even
a complete failure of the link.
•Snow and Ice — Falling snow, like rain, has no significant
effect on the radio signal. However, a build up of snow or ice
on antennas may cause the link to fail. In this case, the snow
or ice has to be cleared from the antennas to restore operation
of the link.
3-7
Page 52
Bridge Link Planning
Ethernet Cabling
When a suitable antenna location has been determined, you must
plan a cable route form the wireless bridge outdoors to the power
injector module indoors. Consider these points:
•The Ethernet cable length should never be longer than 100 m
(328 ft)
•Determine a building entry point for the cable
•Determine if conduits, bracing, or other structures are
required for safety or protection of the cable
•For lightning protection at the power injector end of the cable,
consider using a lightning arrestor immediately before the
cable enters the building
Grounding
It is important that the wireless bridge, cables, and any
supporting structures are properly grounded. The wireless bridge
unit includes a grounding screw for attaching a ground wire. Be
sure that grounding is available and that it meets local and
national electrical codes.
3-8
Page 53
Chapter 4
Hardware Installation
Before mounting antennas to set up your wireless bridge links, be
sure you have selected appropriate locations for each antenna.
Follow the guidance and information in Chapter 2, “Wireless Link
Planning.”
Also, before mounting units in their intended locations, you should
first perform initial configuration and test the basic operation of
the wireless bridge links in a controlled environment over a very
short range. (See the section “Testing Basic Link Operation” in
this chapter.)
The wireless bridge includes its own bracket kit for mounting the
unit to a 1.5 to 2 inch diameter steel pole or tube. The
pole-mounting bracket allows the unit to be mounted to part of a
radio mast or tower structure. The unit also has a wall-mounting
bracket kit that enables it to be fixed to a building wall or roof
when using external antennas.
Hardware installation of the wireless bridge involves these steps:
1. Mount the unit on a wall, pole, mast, or tower using the
mounting bracket.
2. Mount external antennas on the same supporting structure
as the bridge and connect them to the bridge unit.
3. Connect the Ethernet cable and a grounding wire to the unit.
4. Connect the power injector to the Ethernet cable, a local LAN
switch, and an AC power source.
4-1
Page 54
Hardware Installation
5. Align antennas at both ends of the link.
Testing Basic Link Operation
Set up the units over a very short range (15 to 25 feet), either
outdoors or indoors. Connect the units as indicated in this chapter
and be sure to perform all the basic configuration tasks outlined
above. When you are satisfied that the links are operating
correctly, proceed to mount the units in their intended locations.
Mount the Unit
Using the Pole-Mounting Bracket
Perform the following steps to mount the unit to a 1.5 to 2 inch
diameter steel pole or tube using the mounting bracket:
1. Always attach the bracket to a pole with the open end of the
mounting grooves facing up.
2. Place the U-shaped part of the bracket around the pole and
tighten the securing nut just enough to hold the bracket to the
pole. (The bracket may need to be rotated around the pole
during the alignment process.)
4-2
Page 55
Mount the Unit
Attach bracket to
pole with mounting
grooves facing up
3. Use the included nuts to tightly secure the wireless bridge to
the bracket. Be sure to take account of the antenna
polarization direction; both antennas in a link must be
mounted with the same polarization.
Antenna Polarization
Direction
4-3
Page 56
Hardware Installation
Mounting on Larger Diameter Poles
In addition, there is a method for attaching the pole-mounting
bracket to a pole that is 2 to 5 inches in diameter using an
adjustable steel band clamp (not included in the kit). A steel band
clamp up to 0.5 inch (1.27 cm) wide can be threaded through the
main part of the bracket to secure it to a larger diameter pole
without using the U-shaped part of the bracket. This method is
illustrated in the following figure.
Steel Band Clamp
Using the Wall-Mounting Bracket
Perform the following steps to mount the unit to a wall using the
wall-mounting bracket:
Note: The wall-mounting bracket does not allow the wireless bridge’s
intrgrated antenna to be aligned. It is intended for use with the
unit using an external antenna.
1. Always attach the bracket to a wall with the open end of the
mounting grooves facing up (see following figure).
4-4
Page 57
Connect External Antennas
Mounting Grooves
2. Position the bracket in the intended location and mark the
position of the three mounting screw holes.
3. Drill three holes in the wall that match the screws and wall
plugs included in the bracket kit, then secure the bracket to
the wall.
4. Use the included nuts to tightly secure the wireless bridge to
the bracket.
Connect External Antennas
When deploying a SMC2888W-M Master bridge unit for a bridge
link or access point operation, you need to mount external
antennas and connect them to the bridge. Typically, a bridge link
requires a 5 GHz antenna, and access point operation a 2.4 GHz
antenna. SMC2888W-S Slave units also require an external
antenna for 2.4 GHz operation.
Perform these steps:
1. Mount the external antenna to the same supporting structure
as the bridge, within 3 m (10 ft) distance, using the bracket
supplied in the antenna package.
4-5
Page 58
Hardware Installation
2. Connect the antenna to the bridge’s N-type connector.
3. Apply weatherproofing tape to the antenna connectors to
help prevent water entering the connectors.
SMC2888W-M
2.4 GHz
N-type Connector
5 GHz
N-type Connector
RF Coaxial Cable
5 GHz External
High-gain Panel
Antenna
2.4 GHz External
Omnidirectional
Antenna
4-6
Page 59
Connect Cables to the Unit
Connect Cables to the Unit
1. Attach the Ethernet cable to the Ethernet port on the wireless
bridge.
Note: The Ethernet cable included with the package is 30 m (100 ft)
long. To wire a longer cable (maximum 100 m, 325 ft), use the
connector pinout information in Appendix B.
2. For extra protection against rain or moisture, apply
weatherproofing tape (not included) around the Ethernet
connector.
3. Be sure to ground the unit with an appropriate grounding wire
(not included) by attaching it to the grounding screw on the
unit.
Caution: Be sure that grounding is available and that it meets local and
national electrical codes. For additional lightning protection,
use lightning rods, lightning arrestors, or surge suppressors.
Ethernet Cable
Ground Wire
Connect the Power Injector
To connect the wireless bridge to a power source:
Caution: Do not install the power injector outdoors. The unit is for
indoor installation only.
4-7
Page 60
Hardware Installation
Note: The wireless bridge’s Ethernet port does not support Power over
Ethernet (PoE) based on the IEEE 802.3af standard. Do not try to
power the unit by connecting it directly to a network switch that
provides IEEE 802.3af PoE. Always connect the unit to the
included power injector module.
1. Connect the Ethernet cable from the wireless bridge to the
RJ-45 port labeled “Output” on the power injector.
2. Connect a straight-through unshielded twisted-pair (UTP)
cable from a local LAN switch to the RJ-45 port labeled
“Input” on the power injector. Use Category 5 or better UTP
cable for 10/100BASE-TX connections.
Note: The RJ-45 port on the power injector is an MDI port. If connecting
directly to a computer for testing the link, use a crossover cable.
Ethernet cable
from LAN switch
Input
Output
Power LED indicator
AC power
Ethernet cable to
wireless bridge
3. Insert the power cable plug directly into the standard AC
receptacle on the power injector.
4. Plug the other end of the power cable into a grounded, 3-pin
socket, AC power source.
Note: For International use, you may need to change the AC line cord.
You must use a line cord set that has been approved for the
receptacle type in your country.
4-8
Page 61
Align Antennas
5. Check the LED on top of the power injector to be sure that
power is being supplied to the wireless bridge through the
Ethernet connection.
Align Antennas
After wireless bridge units have been mounted, connected, and
their radios are operating, the antennas must be accurately
aligned to ensure optimum performance on the bridge links. This
alignment process is particularly important for long-range
point-to-point links. In a point-to-multipoint configuration the
Master bridge uses an omnidirectional or sector antenna, which
does not require alignment, but Slave bridges still need to be
correctly aligned with the Master bridge antennna.
•Point-to-Point Configurations – In a point-to-point
configuration, the alignment process requires two people at
each end of the link. The use of cell phones or two-way radio
communication may help with coordination. To start, you can
just point the antennas at each other, using binoculars or a
compass to set the general direction. For accurate alignment,
you must connect a DC voltmeter to the RSSI connector on
the wireless bridge and monitor the voltage as the antenna
moves horizontally and vertically.
•Point-to-Multipoint Configurations – In a point-to-multipoint
configuration all Slave bridges must be aligned with the
Master bridge antenna. The alignment process is the same as
in point-to-point links, but only the Slave end of the link
requires the alignment.
The RSSI connector provides an output voltage between 0 and
3.28 VDC that is proportional to the received radio signal
strength. The higher the voltage reading, the stronger the signal.
The radio signal from the remote antenna can be seen to have a
4-9
Page 62
Hardware Installation
strong central main lobe and smaller side lobes. The object of the
alignment process is to set the antenna so that it is receiving the
strongest signal from the central main lobe.
Vertical Scan
Remote
Antenna
Horizontal Scan
RSSI
Voltage
Main Lobe
Maximum
Maximum Signal Strength Position
for Horizontal Alignment
RSSI Voltage
Side Lobe
Maximum
Maximum Signal
Strength Position for
Vertical Alignment
To align the antennas in the link using the RSSI output voltage,
start with one antenna fixed and then perform the following
procedure on the other antenna:
Note: The RSSI output can be configured through management
interfaces to output a value for specific WDS ports. See page
6-54 for more information.
1. Remove the RSSI connector cover and connect a voltmeter
using a cable with a male BNC connector (not included).
4-10
Page 63
Align Antennas
RSSI BNC
Connection
Voltmeter
2. Pan the antenna horizontally back and forth while checking
the RSSI voltage. If using the pole-mounting bracket with the
unit, you must rotate the mounting bracket around the pole.
Other external antenna brackets may require a different
horizontal adjustment.
3. Find the point where the signal is strongest (highest voltage)
and secure the horizontal adjustment in that position.
Note: Sometimes there may not be a central lobe peak in the voltage
because vertical alignment is too far off; only two similar peaks for
the side lobes are detected. In this case, fix the antenna so that it
is halfway between the two peaks.
4. Loosen the vertical adjustment on the mounting bracket and
tilt the antenna slowly up and down while checking the RSSI
voltage.
5. Find the point where the signal is strongest and secure the
vertical adjustment in that position.
6. Remove the voltmeter cable and replace the RSSI connector
cover.
4-11
Page 64
Hardware Installation
4-12
Page 65
Chapter 5
Initial Configuration
The wireless bridge offers a variety of management options,
including a web-based interface, a command line interface (CLI),
or using SNMP management software.
Most initial configuration steps can be made through the web
browser interface using the Setup Wizard (page 5-4). However,
for units that do not have a preset country code, you must first set
the country code using the CLI.
Note: Units sold in some countries are not configured with a specific
country code. You must use the CLI to set the country code and
enable wireless operation (page 5-2).
The wireless bridge requests an IP address via DHCP by default.
If no response is received from a DHCP server, then the wireless
bridge uses the default address 192.168.2.2. If this address is not
compatible with your network, you can first perform initial
configuration using a PC that has IP settings compatible with this
subnet (for example, 192.168.2.3) and connecting it directly to the
wireless bridge. When the basic configuration is completed, you
can set new IP settings for the wireless bridge before connecting
it to your network.
5-1
Page 66
Initial Configuration
Initial Setup through the CLI
The wireless bridge provides access to the CLI through a Telnet
connection. You can open a Telnet session by performing these
steps:
1. From the host computer, enter the Telnet command and the IP
address of the wireless bridge unit (default 192.168.2.2 if not
set via DHCP).
2. At the prompt, enter “admin” for the user name.
3. The default password is “smcadmin”.
The CLI will display the “Dual Outdoor#” prompt to show that you
are using executive access mode (i.e., Exec).
Username: admin
Password:
Dual Outdoor#
For a full description of how to use the CLI, see “Using the
Command Line Interface” on page 7-1. For a list of all the CLI
commands and detailed information on using the CLI, refer to
“Command Groups” on page 7-9.
Initial Configuration Steps
Setting the Country Code – Regulations for wireless products
differ from country to country. Setting the country code restricts
the wireless bridge to use only the radio channels and power
settings permitted in the specified country of operation. If the
wireless bridge unit is shipped with a preset country code, you
are not permitted to change it, as required by country regulations.
If the unit is set to the default “99,” you must set the country code
to the country of operation.
5-2
Page 67
Initial Setup through the CLI
At the Exec prompt, type “country ?” to display the list of country
codes. Check the code for your country, then enter the country
command again followed by your country code (e.g., IE for
Ireland).
Dual Outdoor#country ie
Dual Outdoor#
Setting the IP Address – By default, the wireless bridge is
configured to obtain IP address settings from a DHCP server. You
may also use the CLI to assign an IP address that is compatible
with your network.
Type “configure” to enter configuration mode, then type “interface
ethernet” to access the Ethernet interface-configuration mode.
First type “no ip dhcp” to disable DHCP client mode. Then type “ip
address ip-address netmask gateway,” where “ip-address” is the
wireless bridge’s IP address, “netmask” is the network mask for
the network, and “gateway” is the default gateway router. Check
with your system administrator to obtain an IP address that is
compatible with your network.
Dual Outdoor(if-ethernet)#no ip dhcp
Dual Outdoor(if-ethernet)#ip address 192.168.2.2 255.255.255.0
192.168.2.254
Dual Outdoor(if-ethernet)#
5-3
Page 68
Initial Configuration
After configuring the wireless bridge’s IP parameters, you can
access the management interface from anywhere within the
attached network. The command line interface can also be
accessed using Telnet from any computer attached to the
network.
Using the Web-based Management
Setup Wizard
There are only a few basic steps you need to complete to set up
the wireless bridge for your network. The Setup Wizard takes you
through configuration procedures for the radio channel selection,
IP configuration, and basic WEP encryption for wireless security.
The wireless bridge can be managed by any computer using a
web browser (Internet Explorer 5.0 or above, or Netscape
Navigator 6.2 or above). Enter the IP configured for the unit or the
default IP address: http://192.168.2.2
Logging In – Enter the default username “admin” and password
“smcadmin” click LOGIN. For information on configuring a user
name and password, refer to page 6-33.
5-4
Page 69
Using the Web-based Management Setup Wizard
The home page displays the Main Menu.
Launching the Setup Wizard – To perform initial configuration,
click Setup Wizard on the home page, then click on the [Next]
button to start the process.
1. Service Set ID – Enter the service set identifier in the SSID
box which all wireless 802.11g clients must use to associate
with the access point. The SSID is case sensitive and can
consist of up to 32 alphanumeric characters (Default: SMC).
5-5
Page 70
Initial Configuration
2. Radio Channel – You must enable radio communications for
the 802.11a and 802.11g radios and set the operating
channel.
5-6
•802.11a
Page 71
Using the Web-based Management Setup Wizard
Turbo Mode – If you select Enable, the wireless bridge
will operate in turbo mode with a data rate of up to 108
Mbps. Normal mode supports 13 channels, Turbo mode
supports only 5 channels. (Default: Disable)
802.11a Radio Channel – Set the operating radio
channel number. (Default: 56ch, 5.280 GHz)
Auto Channel Select – Select Enable to automatically
select an unoccupied radio channel. (Default: Enable)
•802.11b/g
802.11g Radio Channel: Set the operating radio channel
number. (Range 1-11; Default: 1)
5-7
Page 72
Initial Configuration
Note: Available channel settings are limited by local regulations which
determine which channels are available.
3. IP Configuration – Either enable or disable (Dynamic Host
Configuration Protocol (DHCP) for automatic IP configuration.
If you disable DHCP, then manually enter the IP address and
subnet mask. If a management station exists on another
network segment, then you must enter the IP address for a
gateway that can route traffic between these segments. Then
enter the IP address for the primary and secondary Domain
Name Servers (DNS) servers to be used for host-name to IP
address resolution.
•DHCP Client – With DHCP Client enabled, the IP
address, subnet mask and default gateway can be
dynamically assigned to the access point by the network
DHCP server. (Default: Enable)
Note: If there is no DHCP server on your network, then the access point
will automatically start up with its default IP address, 192.168.2.2.
5-8
Page 73
Using the Web-based Management Setup Wizard
4. WDS – To set up a wireless bridge link, you must configure
the WDS forwarding table by specifying the Ethernet MAC
address of the bridge to which you want to forward traffic. For
a Slave bridge unit, you need to specify the MAC address of
the wireless bridge unit at the opposite end of the link. For a
Master bridge unit, you need to specify the MAC addresses of
all the Slave bridge units in the network.
5-9
Page 74
Initial Configuration
5. Security (802.11g) – Set the Authentication Type to “Open
System” to allow open access without authentication, or
“Shared Key” to require authentication based on a shared key.
Enable Wired Equivalent Privacy (WEP) to encrypt data
transmissions. To configure other security features use the
Advanced Setup menu as described in Chapter 5.
Authentication Type – Use “Open System” to allow open access
to all wireless clients without performing authentication, or
“Shared Key” to perform authentication based on a shared key
that has been distributed to all stations. (Default: Open System)
WEP – Wired Equivalent Privacy is used to encrypt transmissions
passing between wireless clients and the access point. (Default:
Disabled)
Shared Key Setup – If you select “Shared Key” authentication
type or enable WEP, then you also need to configure the shared
key by selecting 64-bit or 128-bit key type, and entering a
5-10
Page 75
Using the Web-based Management Setup Wizard
hexadecimal or ASCII string of the appropriate length. The key
can be entered as alphanumeric characters or hexadecimal (0~9,
A~F, e.g., D7 0A 9C 7F E5). (Default: 128 bit, hexadecimal key
type)
64-Bit Manual Entry: The key can contain 10 hexadecimal digits,
or 5 alphanumeric characters.
128-Bit Manual Entry: The key can contain 26 hexadecimal digits
or 13 alphanumeric characters.
152-Bit Manual Entry: The key can contain 32 hexadecimal digits
or 16 alphanumeric characters.
Note: All wireless devices must be configured with the same Key ID
values to communicate with the access point.
6. Click Finish.
7. Click the OK button to restart the access point.
5-11
Page 76
Initial Configuration
5-12
Page 77
Chapter 6
System Configuration
Before continuing with advanced configuration, first complete the
initial configuration steps described in Chapter 5 to set up an IP
address for the wireless bridge.
The wireless bridge can be managed by any computer using a
web browser (Internet Explorer 5.0 or above, or Netscape
Navigator 6.2 or above). Enter the default IP address: http://
192.168.2.2
To log into the wireless bridge, enter the default user name
“admin” and password “smcadmin” then click LOGIN.
6-1
Page 78
System Configuration
When the home page displays, click on Advanced Setup. The
following page will display.
The information in this chapter is organized to reflect the structure
of the web screens for easy reference. However, it is
recommended that you configure a user name and password as
the first step under advanced configuration to control
management access to the wireless bridge (page 6-33).
6-2
Page 79
Advanced Configuration
Advanced Configuration
The Advanced Configuration pages include the following options.
MenuDescriptionPage
SystemConfigures basic administrative and client
IdentificationSpecifies the system name, location and
TCP / IP Settings Configures the IP address, subnet mask,
RadiusConfigures the RADIUS server for wireless
PPPoE SettingsConfigures PPPoE on the Ethernet interface
AuthenticationConfigures 802.1X client authentication and
Filter Control Enables VLAN support and filters traffic
SNMPControls access to this wireless bridge from
AdministrationConfigures user name and password for
System LogControls logging of error messages; sets the
WDSSets the MAC addresses of other units in the
BridgeSets the time for aging out entries in the
STPConfigures Spanning Tree Protocol
access
contact information
gateway, and domain name servers
client authentication
for a connection to an ISP
MAC address authentication
matching specific Ethernet protocol types
management stations using SNMP, as well
as the hosts that will receive trap messages
management
from local file, FTP or TFTP server;
configuration settings to factory defaults;
and resets the wireless bridge
system clock via SNTP server or manual
configuration
wireless bridge network
bridge MAC address table
parameters
access; upgrades software
resets
6-4
6-4
6-7
6-10
6-13
6-16
6-26
6-30
6-33
6-38
6-43
6-45
6-47
6-3
Page 80
System Configuration
MenuDescriptionPage
RSSIControls the maximum RSSI voltage output
for specific WDS ports
Radio Interface A Configures the IEEE 802.11a interface6-56
Radio SettingsConfigures radio signal parameters, such as
radio channel, transmission rate, and
beacon settings
SecurityConfigures data encryption using Wired
Equivalent Protection (WEP) or Wi-Fi
Protected Access (WPA)
Radio Interface G Configures the IEEE 802.11b/g interface6-63
Radio SettingsConfigures radio signal parameters, such as
radio channel, transmission rate, and
beacon settings
SecurityConfigures data encryption using Wired
Equivalent Protection (WEP) or Wi-Fi
Protected Access (WPA)
System Identification
The system information parameters for the wireless bridge can be
left at their default settings. However, modifying these parameters
can help you to more easily distinguish different devices in your
network.
6-54
6-57
6-66
6-63
6-66
The wireless bridge allows the selection of the band to be used
for bridge links. The bridge band can support no wireless clients.
Alternatively, bridging can be disabled and both bands can
support access point functions.
6-4
Page 81
Advanced Configuration
System Name – An alias for the wireless bridge, enabling the
device to be uniquely identified on the network. (Default: Dual
Band Outdoor AP; Range: 1-22 characters)
Outdoor Bridge Band – Selects the radio band used for bridge
links.
•A – Bridging is supported on the 802.11a 5 GHz band.
•G – Bridging is supported on the 802.11b/g 2.4 GHz band.
•None – Bridging is not supported on either radio band. Allows
both bands to support access point operations for wireless
clients.
Location – A text string that describes the system location.
(Maximum length: 20 characters)
Contact – A text string that describes the system contact.
(Maximum length: 255 characters)
6-5
Page 82
System Configuration
CLI Commands for System Identification – Enter the global
configuration mode and use the system name command to
specify a new system name. Use the snmp-server location and
snmp-server contact commands to indicate the physical
location of the wireless bridge and define a system contact. Then
return to the Exec mode, and use the show system command to
display the changes to the system identification settings.
System Information
===================================================
Serial Number : 0000000005
System Up time : 0 days, 0 hours, 35 minutes, 56 seconds
System Name : R&D
System Location : building-1
System Contact : Paul
System Country Code : US - UNITED STATES
MAC Address : 00-30-F1-BE-F4-96
IP Address : 192.168.2.2
Subnet Mask : 255.255.255.0
Default Gateway : 0.0.0.0
VLAN State : DISABLED
Native VLAN ID : 1
IAPP State : ENABLED
DHCP Client : ENABLED
HTTP Server : ENABLED
HTTP Server Port : 80
Slot Status : Dual band(a/g)
Software Version : v1.1.0.3
===================================================
AP#
CLI Commands for Bridge Band Selection – Enter the global
configuration mode and use the wds channel command to
specify the bridge band.
Configuring the wireless bridge with an IP address expands your
ability to manage the wireless bridge. A number of wireless
bridge features depend on IP addressing to operate.
Note: You can use the web browser interface to access IP addressing
only if the wireless bridge already has an IP address that is
reachable through your network.
By default, the wireless bridge will be automatically configured
with IP settings from a Dynamic Host Configuration Protocol
(DHCP) server. However, if you are not using a DHCP server to
configure IP addressing, use the CLI to manually configure the
initial IP values (page 5-2). After you have network access to the
wireless bridge, you can use the web browser interface to modify
the initial IP configuration, if needed.
Note: If there is no DHCP server on your network, or DHCP fails, the
wireless bridge will automatically start up with a default IP address
of 192.168.2.2.
6-7
Page 84
System Configuration
DHCP Client (Enable) – Select this option to obtain the IP
settings for the wireless bridge from a DHCP (Dynamic Host
Configuration Protocol) server. The IP address, subnet mask,
default gateway, and Domain Name Server (DNS) address are
dynamically assigned to the wireless bridge by the network
DHCP server.
(Default: Enabled)
DHCP Client (Disable) – Select this option to manually configure
a static address for the wireless bridge.
•IP Address: The IP address of the wireless bridge. Valid IP
addresses consist of four decimal numbers, 0 to 255,
separated by periods.
•Subnet Mask: The mask that identifies the host address bits
used for routing to specific subnets.
6-8
Page 85
Advanced Configuration
•Default Gateway: The default gateway is the IP address of the
router for the wireless bridge, which is used if the requested
destination address is not on the local subnet.
•If you have management stations, DNS, or other network
servers located on another subnet, type the IP address of the
default gateway router in the text field provided. Otherwise,
leave the address as all zeros (0.0.0.0).
•Primary and Secondary DNS Address: The IP address of
Domain Name Servers on the network. A DNS maps
numerical IP addresses to domain names and can be used to
identify network hosts by familiar names instead of the IP
addresses.
•If you have one or more DNS servers located on the local
network, type the IP addresses in the text fields provided.
Otherwise, leave the addresses as all zeros (0.0.0.0).
CLI Commands for TCP/IP Settings – From the global
configuration mode, enter the interface configuration mode with
the interface ethernet command. Use the ip dhcp command to
enable the DHCP client, or no ip dhcp to disable it. To manually
configure an address, specify the new IP address, subnet mask,
and default gateway using the ip address command. To specify
DNS server addresses use the dns server command. Then use
the show interface ethernet command from the Exec mode to
display the current IP settings.
6-9
Page 86
System Configuration
AP(config)#interface ethernet7-91
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)#no ip dhcp7-94
AP(if-ethernet)#ip address 192.168.1.2
255.255.255.0 192.168.1.2537-93
AP(if-ethernet)#dns primary-server 192.168.1.557-92
AP(if-ethernet)#dns secondary-server 10.1.0.557-92
AP(config)#end7-11
AP#show interface ethernet7-96
Ethernet Interface Information
========================================
IP Address : 192.168.1.2
Subnet Mask : 255.255.255.0
Default Gateway : 192.168.1.253
Primary DNS : 192.168.1.55
Secondary DNS : 10.1.0.55
Admin status : Up
Operational status : Up
========================================
AP#
Radius
Remote Authentication Dial-in User Service (RADIUS) is an
authentication protocol that uses software running on a central
server to control access to RADIUS-aware devices on the
network. An authentication server contains a database of user
credentials for each user that requires access to the network.
A primary RADIUS server must be specified for the access point
to implement IEEE 802.1X network access control and Wi-Fi
Protected Access (WPA) wireless security. A secondary RADIUS
server may also be specified as a backup should the primary
server fail or become inaccessible.
Note: This guide assumes that you have already configured RADIUS
server(s) to support the access point. Configuration of RADIUS
server software is beyond the scope of this guide, refer to the
documentation provided with the RADIUS server software.
6-10
Page 87
Advanced Configuration
Primary Radius Server Setup – Configure the following settings
to use RADIUS authentication on the access point.
•IP Address: Specifies the IP address or host name of the
RADIUS server.
•Port: The UDP port number used by the RADIUS server for
authentication messages. (Range: 1024-65535;
Default: 1812)
6-11
Page 88
System Configuration
•Key: A shared text string used to encrypt messages between
the access point and the RADIUS server. Be sure that the
same text string is specified on the RADIUS server. Do not
use blank spaces in the string. (Maximum length: 255
characters)
•Timeout: Number of seconds the access point waits for a reply
from the RADIUS server before resending a request.
(Range: 1-60 seconds; Default: 5)
•Retransmit attempts: The number of times the access point
tries to resend a request to the RADIUS server before
authentication fails. (Range: 1-30; Default: 3)
Note: For the Timeout and Retransmit attempts fields, accept the
default values unless you experience problems connecting to the
RADIUS server over the network.
Secondary Radius Server Setup – Configure a secondary
RADIUS server to provide a backup in case the primary server
fails. The access point uses the secondary server if the primary
server fails or becomes inaccessible. Once the access point
switches over to the secondary server, it periodically attempts to
establish communication again with primary server. If
communication with the primary server is re-established, the
secondary server reverts to a backup role.
CLI Commands for RADIUS – From the global configuration
mode, use the radius-server address command to specify the
address of the primary or secondary RADIUS servers. (The
following example configures the settings for the primary RADIUS
server.) Configure the other parameters for the RADIUS server.
Then use the show show radius command from the Exec mode
6-12
Page 89
Advanced Configuration
to display the current settings for the primary and secondary
RADIUS servers.
Radius Server Information
========================================
IP : 192.168.1.25
Port : 181
Key : *****
Retransmit : 5
Timeout : 10
========================================
Radius Secondary Server Information
========================================
IP : 0.0.0.0
Port : 1812
Key : *****
Retransmit : 3
Timeout : 5
========================================
AP#
PPPoE Settings
The wireless bridge uses a Point-to-Point Protocol over Ethernet
(PPPoE) connection, or tunnel, only for management traffic
between the wireless bridge and a remote PPPoE server
(typically at an ISP). Examples of management traffic that may
initiated by the wireless bridge and carried over a PPPoE tunnel
are RADIUS, Syslog, or DHCP traffic.
6-13
Page 90
System Configuration
PPP over Ethernet – Enable PPPoE on the RJ-45 Ethernet
interface to pass management traffic between the unit and a
remote PPPoE server. (Default: Disable)
PPPoE Username – The user name assigned for the PPPoE
tunnel. (Range: 1-63 alphanumeric characters)
PPPoE Password – The password assigned for the PPPoE
tunnel. (Range: 1-63 alphanumeric characters)
Confirm Password – Use this field to confirm the PPPoE
password.
PPPoE Service Name – The service name assigned for the
PPPoE tunnel. The service name is normally optional, but may be
required by some service providers. (Range: 1-63 alphanumeric
characters)
6-14
Page 91
Advanced Configuration
IP Allocation Mode – This field specifies how IP adresses for the
PPPoE tunnel are configured on the RJ-45 interface. The
allocation mode depends on the type of service provided by the
PPPoE server. If automatic mode is selected, DHCP is used to
allocate the IP addresses for the PPPoE connection. If static
addresses have been assigned to you by the service provider,
you must manually enter the assigned addresses. (Default:
Automatic)
•Automatically allocated: IP addresses are dynamically
assigned by the service provider during PPPoE session
initialization.
•Static assigned: Fixed addresses are assigned by the service
provider for both the local and remote IP addresses.
Local IP Address – IP address of the local end of the PPPoE
tunnel. (Must be entered for static IP allocation mode.)
Remote IP Address – IP address of the remote end of the PPPoE
tunnel. (Must be entered for static IP allocation mode.)
CLI Commands for PPPoE – From the CLI configuration mode,
use the interface ethernet command to access interface
configuration mode. Use the ip pppoe command to enable
PPPoE on the Ethernet interface. Use the other PPPoE
commands shown in the example below to set a user name and
password, IP settings, and other PPPoE parameters as required
by the service provider. The pppoe restart command can then
be used to start a new connection using the modified settings. To
display the current PPPoE settings, use the show pppoe
command from the Exec mode.
6-15
Page 92
System Configuration
AP(config)#interface ethernet7-91
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)#ip pppoe7-81
AP(if-ethernet)#pppoe username mike7-87
AP(if-ethernet)#pppoe password 123457-88
AP(if-ethernet)#pppoe service-name classA7-89
AP(if-ethernet)#pppoe ip allocation mode static7-82
AP(if-ethernet)#pppoe local ip 10.7.1.2007-86
AP(if-ethernet)#pppoe remote ip 192.168.1.207-86
AP(if-ethernet)#pppoe ipcp dns7-83
AP(if-ethernet)#pppoe lcp echo-interval 307-84
AP(if-ethernet)#pppoe lcp echo-failure 57-85
AP(if-ethernet)#pppoe restart7-89
AP(if-ethernet)#end
AP#show pppoe7-90
PPPoE Information
======================================================
State : Link up
Username : mike
Service Name : classA
IP Allocation Mode : Static
DNS Negotiation : Enabled
Local IP : 10.7.1.200
Echo Interval : 30
Echo Failure : 5
======================================================
AP#
Authentication
Wireless clients can be authenticated for network access by
checking their MAC address against the local database
configured on the access point, or by using a database
configured on a central RADIUS server. Alternatively,
authentication can be implemented using the IEEE 802.1X
network access control protocol.
The access point can also operate in a 802.1X supplicant mode.
This enables the access point itself and any bridge-connected
units to be authenticated with a RADIUS server using a
configured MD5 user name and password. This mechanism can
prevent rogue access points from gaining access to the network.
6-16
Page 93
Advanced Configuration
Ethernet Supplicant Setup – Allows the access point to act as an
802.1X supplicant so it can be authenticated through its Ethernet
port with a RADIUS server on the local network. When enabled, a
unique MD5 user name and password needs to be configured.
(Default: Disabled)
•Enabled/Disabled – Enables/Disables the 802.1X supplicant
function.
•Username – Specifies the MD5 user name. (Range: 1-22
characters)
•Password – Specifies the MD5 password. (Range: 1-22
characters)
WDS Supplicant Setup – Allows the access point to act as an
802.1X supplicant so it can be authenticated through a WDS
(wireless) port with a RADIUS server on the remote network.
When enabled, a unique MD5 user name and password needs to
be configured for the WDS port. For a SMC2888W-S Slave unit,
there is only one WDS port. For a SMC2888W-M Master unit,
there are 16 WDS ports. (Default: Disabled)
6-17
Page 94
System Configuration
.
.
.
MAC Authentication – You can configure a list of the MAC
addresses for wireless clients that are authorized to access the
network. This provides a basic level of authentication for wireless
clients attempting to gain access to the network. A database of
authorized MAC addresses can be stored locally on the access
point or remotely on a central RADIUS server. (Default: Local
MAC)
•Local MAC: The MAC address of the associating station is
compared against the local database stored on the access
point. The Local MAC Authentication section enables the local
database to be set up.
•Radius MAC: The MAC address of the associating station is
sent to a configured RADIUS server for authentication. When
using a RADIUS authentication server for MAC address
authentication, the server must first be configured in the
Radius window (page 6-10).
•Disable: No checks are performed on an associating station’s
MAC address.
6-18
Page 95
Advanced Configuration
Note: Client station MAC authentication occurs prior to the IEEE 802.1X
authentication procedure configured for the access point.
However, a client’s MAC address provides relatively weak user
authentication, since MAC addresses can be easily captured and
used by another station to break into the network. Using 802.1X
provides more robust user authentication using user names and
passwords or digital certificates. So, although you can configure
the access point to use MAC address and 802.1X authentication
together, it is better to choose one or the other, as appropriate.
802.1X Setup – IEEE 802.1X is a standard framework for network
access control that uses a central RADIUS server for user
authentication. This control feature prevents unauthorized access
to the network by requiring an 802.1X client application to submit
user credentials for authentication. The 802.1X standard uses the
Extensible Authentication Protocol (EAP) to pass user credentials
(either digital certificates, user names and passwords, or other)
from the client to the RADIUS server. Client authentication is then
verified on the RADIUS server before the access point grants
client access to the network.
The 802.1X EAP packets are also used to pass dynamic unicast
session keys and static broadcast keys to wireless clients.
Session keys are unique to each client and are used to encrypt
and correlate traffic passing between a specific client and the
access point. You can also enable broadcast key rotation, so the
access point provides a dynamic broadcast key and changes it at
a specified interval.
You can enable 802.1X as optionally supported or as required to
enhance the security of the wireless network.
•Disable: The access point does not support 802.1X
authentication for any wireless client. After successful
wireless association with the access point, each client is
allowed to access the network.
6-19
Page 96
System Configuration
•Supported: The access point supports 802.1X authentication
only for clients initiating the 802.1X authentication process
(i.e., the access point does not initiate 802.1X authentication).
For clients initiating 802.1X, only those successfully
authenticated are allowed to access the network. For those
clients not initiating 802.1X, access to the network is allowed
after successful wireless association with the access point.
•Required: The access point enforces 802.1X authentication
for all associated wireless clients. If 802.1X authentication is
not initiated by a client, the access point will initiate
authentication. Only those clients successfully authenticated
with 802.1X are allowed to access the network.
When 802.1X is enabled, the broadcast and session key rotation
intervals can also be configured.
•Broadcast Key Refresh Rate: Sets the interval at which the
broadcast keys are refreshed for stations using 802.1X
dynamic keying. (Range: 0-1440 minutes; Default: 0 means
disabled)
•Session Key Refresh Rate: The interval at which the access
point refreshes unicast session keys for associated clients.
(Range: 0-1440 minutes; Default: 0 means disabled)
•802.1X Re-authentication Refresh Rate: The time period after
which a connected client must be re-authenticated. During the
re-authentication process of verifying the client’s credentials
on the RADIUS server, the client remains connected the
network. Only if re-authentication fails is network access
blocked. (Range: 0-65535 seconds; Default: 0 means
disabled)
6-20
Page 97
Advanced Configuration
.
.
.
Local MAC Authentication – Configures the local MAC
authentication database. The MAC database provides a
mechanism to take certain actions based on a wireless client’s
MAC address. The MAC list can be configured to allow or deny
network access to specific clients.
•System Default: Specifies a default action for all unknown
MAC addresses (that is, those not listed in the local MAC
database).
•Deny: Blocks access for all MAC addresses except those
listed in the local database as “Allow.”
•Allow: Permits access for all MAC addresses except
those listed in the local database as “Deny.”
•MAC Authentication Settings: Enters specified MAC
addresses and permissions into the local MAC database.
•MAC Address: Physical address of a client. Enter six pairs
of hexadecimal digits separated by hyphens; for example,
00-90-D1-12-AB-89.
6-21
Page 98
System Configuration
•Permission: Select Allow to permit access or Deny to
block access. If Delete is selected, the specified MAC
address entry is removed from the database.
•Update: Enters the specified MAC address and
permission setting into the local database.
•MAC Authentication Table: Displays current entries in the local
MAC database.
CLI Commands for 802.1X Suppicant Configuration – Use the
802.1X supplicant commands to set the Ethernet and WDS user
CLI Commands for Local MAC Authentication – Use the
mac-authentication server command from the global
configuration mode to enable local MAC authentication. Set the
default for MAC addresses not in the local table using the
address filter default command, then enter MAC addresses in
the local table using the address filter entry command. To
remove an entry from the table, use the address filter delete
6-22
Page 99
Advanced Configuration
command. To display the current settings, use the show
authentication command from the Exec mode.
Authentication Information
=========================================================
MAC Authentication Server : LOCAL
MAC Auth Session Timeout Value : 300 secs
802.1X : DISABLED
Broadcast Key Refresh Rate : 5 min
Session Key Refresh Rate : 5 min
CLI Commands for RADIUS MAC Authentication – Use the
mac-authentication server command from the global
configuration mode to enable remote MAC authentication. Set the
timeout value for re-authentication using the mac-authentication session-timeout command. Be sure to also configure
connection settings for the RADIUS server (not shown in the
following example). To display the current settings, use the show authentication command from the Exec mode.
AP(config)#mac-authentication server remote7-59
AP(config)#mac-authentication session-timeout 3007-60
AP(config)#exit
AP#show authentication7-60
Authentication Information
=========================================================
MAC Authentication Server : REMOTE
MAC Auth Session Timeout Value : 300 secs
802.1X : DISABLED
Broadcast Key Refresh Rate : 5 min
Session Key Refresh Rate : 5 min