Symbol Spectrum24 AP-4100 Series Product Reference Manual

Spectrum24

AP-4100 Series Access Point

Product Reference Guide

72E-51751-01

Revision B
May 2002

www.symbol.com

Copyright

Copyright © 2002 by Symbol Technologies, Inc. All rights reserved.
No part of this publication may be modified or adapted in any way , for any purposes without permission in writing from Symbol. The material in this manual

is subject to change without notice.
Symbol reserves the right to make changes to any product to improve reliability, function, or design.
No license is granted, either expressly or by implication, estoppel, or otherwise under any Symbol Technologies, Inc., intellectual property rights. An implied

license only exists for equipment, circuits, and subsystems contained in Symbol products.
Symbol, the Symbol logo and Spectrum24 are registered trademarks of Symbol Technologies, Inc.
Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are hereby acknowledged.
IBM is a registered trademark of International Business Machine Corporation.
Microsoft, Windows, and Win dows NT are regi stered trademarks of Microsoft Corporation .
Novell and LA N Workplace are registered trademarks of Novell Inc.
Toshiba is a trademark of Toshiba Corporation.

Patents

This product is covered by one or more of the following U.S. and foreign Patents:
4,496,831; 4,593,186; 4,603,262; 4,607,156; 4,652,750; 4,673,805; 4,736,095; 4,758,717; 4,760,248; 4,806,742; 4,816,660; 4,845,350;

4,896,026; 4,897,532; 4,923,281; 4,933,538; 4,992,717; 5,015,833; 5,017,765; 5,021,641; 5,029,183; 5,047,617; 5,103,461; 5,113,445;
5,130,520; 5,140,144; 5,142,550; 5,149,950; 5,157,687; 5,168,148; 5,168,149; 5,180,904; 5,216,232; 5,229,591; 5,230,088; 5,235,167;
5,243,655; 5,247,162; 5,250,791; 5,250,792; 5,260,553; 5,262,627; 5,262,628; 5,266,787; 5,278,398; 5,280,162; 5,280,163; 5,280,164;
5,280,498; 5,304,786; 5,304,788; 5,306,900; 5,321,246; 5,324,924; 5,337,361; 5,367,151; 5,373,148; 5,378,882; 5,396,053; 5,396,055;
5,399,846; 5,408,081; 5,410,139; 5,410,140; 5,412,198; 5,418,812; 5,420,411; 5,436,440; 5,444,231; 5,449,891; 5,449,893; 5,468,949;
5,471,042; 5,478,998; 5,479,000; 5,479,002; 5,479,441; 5,504,322; 5,519,577; 5,528,621; 5,532,469; 5,543,610; 5,545,889; 5,552,592;
5,557,093; 5,578,810; 5,581,070; 5,589,679; 5,589,680; 5,608,202; 5,612,531; 5,619,028; 5,627,359; 5,637,852; 5,664,229; 5,668,803;
5,675,139; 5,693,929; 5,698,835; 5,705,800; 5,714,746; 5,723,851; 5,734,152; 5,734,153; 5,742,043; 5,745,794; 5,754,587; 5,762,516;
5,763,863; 5,767,500; 5,789,728; 5,789,731; 5,808,287; 5,811,785; 5,811,787; 5,815,811; 5,821,519; 5,821,520; 5,823,812; 5,828,050;
5,850,078; 5,861,615; 5,874,720; 5,875,415; 5,900,617; 5,902,989; 5,907,146; 5,912,450; 5,914,478; 5,917,173; 5,920,059; 5,923,025;
5,929,420; 5,945,658; 5,945,659; 5,946,194; 5,959,285; 6,002,918; 6,021,947; 6,036,098; 6,047,892; 6,050,491; 6,053,413; 6,056,200;
6,065,678; 6,067,297; 6,068,190; 6,082,621; 6,084,528; 6,088,482; 6,092,725; 6,101,483; 6,102,293; 6,104,620; 6,114,712; 6,115,678;
6,119,944; 6,123,265; 6,131,814; 6,138,180; 6,142,379; 6,172,478; 6,176,428; 6,178,426; 6,186,400; 6,188,681; 6,209,788; 6,216,951;
6,220,514; 6,243,447; 6,244,513; 6,247,647; 6,250,551; D305,885; D341,584; D344,501; D359,483; D362,453; D363,700 ; D363,918;
D370,478; D383,124; D391,250; D405,077; D406,581; D414,171; D414,172; D418,500 ; D419,548; D423,468; D424,035; D430,158;
D430,159; D431,562; D436,104.

Invention No. 55,358; 62,5 39; 69,060; 69,1 87 (Taiwan); No . 1,601,796; 1, 907,875; 1,955,269 (Japan); European Patent 367,299; 414,281;
367,300; 367,298; UK 2,072 ,832; France 81/0 3938; Italy 1,138,713

Telephone:(800)SCAN234, (631)738-2400, TLX:6711519

ii AP-4100 Series Access Point Product Reference Guide

Symbol Technologies, Inc.

One Symbol Plaza

Holtsville, N.Y. 11742-130 0

www.symbol.com

About This Document

Reference Do cuments

This reference guide refers to the following documents:

Part Nu mber Document Title

72E-51753-01 Wireless LAN Adapter 4100 Series PC Card & PCI Adapter Product

Reference Guide

Conventions

Keystrokes are indicated as follows:
ENTER identifies a key.

FUNC, CTRL, C identifies a key sequence. Press and release each key in turn.
Press A+B press the indicated keys s imultaneously.
Hold A+B press and h old the in dicate d key s whi le per form ing or wait ing fo r an othe r

function. Used in combination with another keystroke.

Typeface conv en tions used include.
<angles> indicates mandatory parameters in syntax.

[brackets] for command line, indicates available param e t er s; in configuration files,

brackets act as separator s f or options.

GUI Screen text indicates the name of a co nt rol in a GUI-based applica tio n.

Italics indicates the fi rst use of a term, book title, va r ia bl e or menu title.

Screen

Terminal

URL

This document uses th e following for certain conditions or information:

indicates moni to r screen dialog. Also indicates user input. A screen is
the hardware dev i ce on which data appears. A displ a y is da ta arranged
on a screen.

indicates text shown on a radio terminal screen.
indicates Uniform Resource Locator.

AP-4100 Series Access Point Product Reference Guide iii

Indicates tips or special requirements.

Indicates conditions that can cause equipment damage or data loss.

Indicates a potentially dangerous condition or procedure that only Symbol­trained personnel should attempt to correct or perform.

iv AP-4100 Series Access Point P roduct Reference Guide

Contents

Chapter 1 Introduction.......................................................................................1

1.1 Access Point (AP)...........................................................................1

1.1.1 New Features.....................................................................3

1.2 Radio Basics.................................................................................3

1.2.1 S24 Network Topology........................................................4

1.2.2 Cellular Coverage ..............................................................9

1.2.3 Site Topography ...............................................................12

1.3 Access Point Functional Theory.....................................................13

1.3.1 MAC Layer Bridging..........................................................14

1.3.2 Auto Fallback to Wireless Mode .........................................15

1.3.3 DHCP Support..................................................................16

1.3.4 Media Types.....................................................................17

1.3.5 Direct-Sequence Spread Spectrum......................................19

1.3.6 MU Association Process.....................................................20

1.3.7 Mobile IP .........................................................................22

1.3.8 Supporting CAM and PSP Stations......................................25

1.3.9 Data Encryption................................................................26

1.3.10 Kerberos Authentication...................................................27

1.3.11 KSS Open Enrollment......................................................32

1.3.12 KSS Databases ...............................................................33

1.3.13 Roaming an d Aut he ntication............................................33

1.3.14 Web Management Support..............................................34

1.3.15 Management Options.....................................................35

Chapter 2 Configuring the AP.........................................................................39

2.1 Gaining Access to the UI .............................................................39

2.1.1 Using Telnet.....................................................................39

2.1.2 Using a Direct Serial Connection........................................41

2.1.3 Using a Dial-Up Connection..............................................42

AP-4100 Series Access Point Product Reference Guide v

2.1.4 Using a Web Browser........................................................43

2.2 Navigating the UI .......................................................................50

2.2.1 Entering Admin Mode .......................................................52

2.2.2 Changing the Access to the UI ...........................................53

2.2.3 Configuring for Dial-Up to the UI.......................................55

2.2.4 Navigating the UI Using a Web Browser .............................56

2.3 Access Point Installation...............................................................56

2.4 Configuring System Param ete rs....................................................61

2.4.1 Encryption Administration..................................................67

2.4.2 System Password Administration.........................................73

2.5 Configuring Radio Parameters .....................................................75

2.5.1 Wireless Operation Parameters..........................................84

2.5.2 Encryption Key Maintenance ..............................................89

2.6 Configuring the SNMP Agent .......................................................94

2.7 ACL and Address Filtering ...........................................................99

2.7.1 Configuring the ACL .......................................................101

2.7.2 Range of MUs ................................................................101

2.7.3 Adding Allowed MUs ......................................................103

2.7.4 Removing Allowed MUs...................................................103

2.7.5 ACL Options ..................................................................104

2.7.6 Removing All Allowed MUs..............................................104

2.7.7 Load ACL from MU List ...................................................104

2.7.8 Load ACL from File.........................................................105

2.8 Configuring Address Filtering.....................................................106

2.8.1 Adding Disallowed MUs..................................................107

2.8.2 Removing Disallowed MUs ..............................................107

2.9 Configuring Type Filt er ing .........................................................108

2.9.1 Adding Filter Types .........................................................108

2.9.2 Removing Filter Types......................................................108

2.9.3 Controlling Type Filters....................................................108

2.10 Clearing MUs from the AP.......................................................109

vi AP-4100 Series Access Point Product Reference Guide

2.11 Manually Updating AP Configuration........................................109

2.11.1 Updating Using TFTP ....................................................113

2.11.2 Updating Using Xmodem ..............................................117

2.12 Setting Logging Opt ions..........................................................121

2.13 Updating AP Firmware ............................................................123

2.13.1 Update Using TFTP .......................................................123

2.13.2 Updating Using Xmodem ..............................................128

2.14 Auto Upgrade all APs Through Messaging ................................132

2.15 Performing Pings ....................................................................137

2.16 Mobile IP Using MD5 Authentication .........................................140

2.17 Saving the Configuration.........................................................141

2.18 Resetting the AP......................................................................142

2.19 Restoring the Fac to ry Configuration..........................................142

Chapter 3 Monitoring Statistics.....................................................................143

3.1 System Summary ......................................................................143

3.2 Interface Statistics......................................................................147

3.3 Forwarding Counts ...................................................................148

3.4 Mobile Units.............................................................................149

3.5 Mobile IP..................................................................................153

3.6 Known APs...............................................................................154

3.7 Ethernet Statistics ......................................................................157

3.8 Radio Statistics..........................................................................159

3.9 Miscellaneous Statistics..............................................................165

3.9.1 Analyzing Channel Use...................................................167

3.9.2 Analyzing Retries ............................................................168

3.10 Event History ..........................................................................169

3.11 Clearing Statistics....................................................................170

Chapter 4 Hardware Installation..................................................................171

4.1 Precautions ..............................................................................171

4.2 Package Contents.....................................................................171

4.3 Requirements ...........................................................................172

AP-4100 Series Access Point Product Reference Guide vii

4.3.1 Network Connection .......................................................172

4.3.2 10/100Base-T UTP .........................................................172

4.4 Placing the AP ..........................................................................173

4.5 Power Options..........................................................................174

4.6 Mounting the AP.......................................................................175

4.7 Connecting th e Power Adapter...................................................175

4.8 BIAS-T Low Power Distribution System.........................................176

4.9 LED Indicators ..........................................................................180

4.9.1 WLAP mode LED display..................................................181

4.10 Troubleshootin g......................................................................183

4.11 Setting Up MUs.......................................................................184

Appendix A Specifications..............................................................................A-1

A.1 Physical Characteristics .............................................................A-1

A.2 Radio Characteristics................................................................. A-2

A.3 Network Characteristics.............................................................A-3

Appendix B Supported Modems.................................................................... B-1

Appendix C Customer Support .....................................................................C-1

Appendix D Country Identification Codes...................................................D-1

Appendix E Installing and Configuring Kerberos Setup Service............. E-1

E.1 Creating a Windows 2000 Environment for the KSS ..................... E-1

E.2 Installing the KSS in a Windows 2000 Environment ...................... E-2

E.3 Preparing the KSS for Acc ess Po int Valid at ion .............................. E-5

E.4 Manually Creating an Access Point Setup Account...................... E-12

E.5 Implementin g Kerberos Without the KSS.................................... E-14

E.6 Kerberos Error Codes.............................................................. E-16

E.6.1 KDC Error Code s ........................................................... E-16

E.6.2 Addi tional Kerberos Error Codes .................................... E-18

Index............................................................................................................. Index-1

viii AP-4100 Series Access Point Product Reference Guide

Chapter 1 Introduction

Spectrum24 is a spread spectrum cellular network that operates between

2.4 and 2.5 GHz (gigahertz). This technology pr ovides a high-cap acity
network using mult iple access points within any e nvironment.

The Symbol AP-4100 Series Acc ess Point (AP) is a Spectrum24 direct­sequence (DS) product. Spectrum24 DS products use direct-sequence
technolo gy to provide a high-capacity, high-data-rate wi reless networ k.

Spectrum24 DS infr astructure product s in cl ude:

• bridging architecture to provide communication between radio and
wired multiple network segments

• a design based on the IEEE 802.11 standard

• an 11 Mbps data rate f or f as t operation

• seamless roaming for mobile users with devices such as laptops, wireless
PCs, scanning terminals and other computers with PCMCIA slots.

1.1 Access P oint (AP)

The Access Point (AP) provides a bridge between Ethernet wired LANs and
wireless networks. It provides connectivity between Ethernet wired networks
and radio-equipped mobile units (MUs). MUs include the full line of Symbo l
Spectrum24 terminals, PC Cards, bar- code scanners and other devices.

This guide provides configuration and setup information for both the
AP-4111 and AP-4121 model access points. Refer to the rear of the access
point for produc t model information.

The AP provides an 11 Mbps data transfer rate on the radio network.
It monitors Ethernet traffic and forwar d s ap p ropriate Ethernet mes s ag es to
MUs over the S pe ctrum24 netw ork . It also monitors M U radio traffic and
forwards MU packets to the Ethernet LAN.

AP-4100 Series Access Point Product Reference Guide 1

Introduction

The AP meets the following:

• the regulatory requirements for Europe and many other areas of
the world

• FCC part 15, class A with no external shielding

• FCC part 15 class B, ETS 300-339 compliance, including CE mark.

The AP has the following features:

• built-in diagnostics including a power-up self-check

• built-in dual antenna assembly with optional diversity

• wireless MAC interface

• field upgradable Firmware

• 10/100Base-T Ethernet port interface with full-speed filtering

• power supply IEC connector and a country-specific AC power cable

• PC /AT Serial Port Interface

• support for up to 127 MUs

• data encryption

• supports multiple MIBs

• SNMP support

• support for roaming across routers

•DHCP support

•BOOTP

•DNS support

• Web browser user interface support

•short RF preamble

• wireless AP mode.

When properly con figured, an MU communi cating with an AP appears on
the network as a peer to other network devic es. The AP receives data from its
wired interfaces and forwards the data to the proper interface.

2 AP-4100 Series Access Point Product Reference Guide

The AP has connections for the wired network and powe r supp ly. The AP
attaches to a wall or ceiling depending on installation-site requirements.

1.1.1 New Features

• 10/100Base-T Ethernet

• Tx Po we r Control

• Kerberos Security

• Auto Channel Select

• Antenna diversity

1.2 Radio Basics

Spectrum24 devices use electromagnetic waves to transmit and receive
electric sig nals without wire s . U s ers communic at e with the network by
establishing radio links between MUs and APs.

Introduction

Spectrum24 produc ts use DSSS (direct sequence spread spectrum) to transmit
digital data from one device to another . Using FM, a radio signal begins with
a carrier signal that provides the base or center frequency. The digital data
signal is encoded onto the carriers using a DSSS “chipping algorithm”. The
radio sign al propagates in to the air as electromagnetic waves. A receivin g
antenna in the path of the waves absorbs the waves as electrical signals. The
receiving devi ce demodulates the signal by rea pplying the direct sequence
chipping code. This demodulation results in the original digital data.

Spectrum24 uses the environment (the air and certain objects) as the
transmission medium. Spectrum24 radio dev ice s transmit in the

2.4 to 2.5-GHz frequency range, a license-free range throughout most of
the world. The actual range is country-dependent.

AP-4100 Series Access Point Product Reference Guide 3

Introduction

Spectrum 24 devices, lik e other Ethern et devices, hav e unique, hardwar e­encoded Media Access Control (MAC) or IEEE addresses . MAC addresses
determine the device sendin g or receiving data. A MAC address is a 48-bit
number written as six hexadecimal bytes separated by colons.
For example:

00:A0:F8:24:9A:C8

1.2.1 S24 Network Topology

The variations possible in Spectrum24 network topologies depend on the
following factors:

• the AP function in the ne twork

• the data transfer ra te

• the wireless AP (WLAP) interface.

A WLAP communicates only with its root AP through the wireless inte rfa ce .

4 AP-4100 Series Access Point Product Reference Guide

Introduction

Select from the following topologies:

• A single AP used without the wired network provides a single-cell wireless
network for peer-to-peer MUs.

• A single AP can bridge the Ethe rne t and radio networks.

AP-4100 Series Access Point Product Reference Guide 5

Introduction

• Multi ple APs can co exist as separa te, indiv idual networ ks at the same site
without inte rf e r e nce using differe nt Net_IDs. The Net_ID (ESS) can be
thought of as a Wireless LAN Network Identifier . These separate Wireless
LANs may be config ured to use different channel assignments to avo i d
RF interference.

• Multi ple AP s wi red toge th er provid e a netwo rk wit h better co ver age area
and performance wh en usi n g the same Net_IDs.

6 AP-4100 Series Access Point Product Reference Guide

In WLAP mode, a w ire le s s AP-to-AP connection functions:

• as a bridge to connect two Et he rnet networks

Introduction

AP-4100 Series Access Point Product Reference Guide 7

Introduction

In WLAP mode, APs and MUs are required to have the same Preamble
settings to interoper a te.

• as a repeater to extend coverage area wi thout additional
network cabling.

When using a wirel e ss AP-to-AP connect io n, use the optimal antenn a
configuration for the site. For example, use a directional antenna when
establishing a dedicated wireless bridge or repeater.

• Each wireless AP can have connections with up to four other wireless APs.

8 AP-4100 Series Access Point Product Reference Guide

Using more than two WLA Ps to establish a connection slows network
performance for all topologies. To increase WLAP performance, disable

WNMP Functions and AP-AP State Xchg parameters under the Set System
Configuration screen.

To set up an AP for wireless operation automatically, select the Enabled
option for the WLAP Mode parameter. To set these values, see section 2.5:
”Configuring Radio Parameters” on page 75.

The WLAP initialization process length depends on the time specified in
the WLAP Forward Delay field. See section 2.5: ”Configuring Radio
Parameters” on page 75.

1.2.2 Cellular Coverage

Introduction

The AP establishes an average communication range with MUs called a
Basic Service Set (BSS) or cell. When in a particular cell the MU associates
and communicates with the AP of that cell. Each cell has a Basic Service Set
Identifier (BSS_ID). In IEEE 802.11, the AP MAC (Media Access Control)
address represents the BSS_ID. The MU recognizes the AP it associates with
using the BSS_ID.

Spectrum24 devices, like other network devices, have unique, hardware­encoded MAC or IEEE addresses. MAC addresses determine the device
sending or receiving the data. A MAC address is a 48-bit number written as
six hexadecimal bytes separated by colons. For example:

00:A0:F8:24:9A:C8

An MU recognizes the access point it associates with using the BSS_ID.
Adding access points to a single LAN e s tablishes more cells to extend the
range of the network. Configuring the same ESS_ID (Extended Service Set
Identifier) on all access points make them part of the same Wireless LAN.

AP-4100 Series Access Point Product Reference Guide 9

Introduction

APs with the same Net_ ID (ESS) define a coverage area. The MU searches for
APs with a matc hi n g Net_ID (ESS) and synchroni z es wi th an AP to establish
communicatio ns. T his allows MUs within the cove rage area to move
about or roam. As the MU roams from cell to cell, it switches APs. The switch
occurs when the MU analyzes the reception quality at a location and decides
which AP to communicate with based on the best signal strength and lowest
MU load distributio n.

If the MU does no t f ind an AP with a work ab le signal, it perfor ms a s can to
find any AP. As MUs switch APs, the AP updates the association table.

The user can conf igure the Net_ID (E SS ) . A valid Net_ID (ESS) is an
alphanumer ic, c ase-sensitive ident ifier up to 32 ch ara cter s. Ensu re all node s
within one LAN use the same Net_ID (ESS) to communicate on the same
LAN. Multiple wireless LANs can coexist in a single environment by assigning
different Net_IDs (ESS) for APs.

10 AP-4100 Series Access Point Product Reference Guide

Introduction

The Root AP and Associat ion Process

By default, APs with WLAP Mode enabled and with in range of each other
automatically associate and configure wireless operation parameters at
power up. This association process determines the wireless connection
viability and establishes the Root AP and subsequently designated WLAPs.

APs communicating wirelessly with one another require the same: Ne t_ID
(ESS), Encryption mode, Data Rate and Short RF Preamble settings.

The root AP maintains the wireless connection among WLAPs by sending out
beacons, sending and receiving configuration BPDU (Bridge Protocol Data

Unit) packets between each designated WLAP. The WLAP with the lowest
WLAP ID becomes the Root AP. A con catenation of the WLAP Priority value

and the MAC address becomes the WLAP ID. All WLAPs associated with the
Root AP use the Root AP channel, DTIM (Delivery Traffic Indication Message)
and TIM (Traffic Indication Map) interval.

a

In this configuration, the WLAP Priority value is the default 8000 Hex. On
concatenating this value to the MAC add resses of the AP s, AP A on Ethernet I
has the lowest WLAP ID wit h
AP C uses the AP A channel, DTIM and TIM interval.

AP-4100 Series Access Point Product Reference Guide 11

800000A0F800181A, making it the Ro ot AP.

Introduction

If AP D on Ethernet II has data for a device on Ethernet I, it requires a bridge
or a repeater. In this configuration, AP C functions as a repeater. To ensure
transmission to devices on Ethernet I, AP D has to use the AP A channel,
DTIM and TIM interval.

The AP with lowest WLAP priority value is the Root AP. To manually designate
AP B as the Root AP, assign it a WLAP Prior i ty value less than

8000 Hex. See

section 2.5: ”Configuring Radio Parameters” on page 75.

IEEE 802.1d Spanning Tree Support

This protoc ol cr eates a loop-free topography with exactly ONE path between
every device and LAN. This is the shortest path from the Root AP to each
WLAP and LAN. If the co n nec tion between a WLAP and LAN fails, a new
route is calculated and added to the tree. All packet forwarding follows the
spanning tree path determined. APs in a network have to choose one AP as
the Root AP.

1.2.3 Site Topography

For optimal performance, locate MUs and APs away from transformers,
heavy-duty motors, fluorescent lights, microwave ovens, refrigerators and
other industrial eq uipment.

Signal loss can occur when metal, concrete, walls or floors block
transmission. Locate APs in open areas or add APs as needed to
improve coverag e .

Site Surveys

A site survey analyzes the in stallation environmen t and provides users with
recommendations for eq uipment and its placement. Th e optimum pla cement
of 11 Mbps access points differs for 1 or 2 Mbps access points, because the
locations and number of access points required are different.

12 AP-4100 Series Access Point Product Reference Guide

Symbol recomm e nd s conducting a new si te survey and develo ping a new
coverage area floo r plan when switching from 1 or 2 Mbps frequency­hopping access points to 11 Mbps direct-sequence access points.

1.3 Access P oint Functional Theory

To improve AP management and performance, users need to understand
basic AP functionality and configuration options. The AP includes features
for different interface connections and netw ork management.

The AP provides MAC layer bridging between its interfaces. The AP moni to rs
traffic from its interfaces and, based on frame address, forwards the frames
to the proper de s tination. The AP tracks the frames source s and destinations
to provide intelligent bridging as MUs roam or network topologies change.
The AP also handles broadcast and multicast messages and responds to MU
association requests.

Introduction

AP-4100 Series Access Point Product Reference Guide 13

Introduction

1.3.1 MAC Layer Bridging

The AP listens to all pack ets on all interfaces a nd builds an a ddress da tabase
using the unique IEEE 48-bit address (MAC address). An address in the
database includes th e interfa ce medi a that th e devic e uses to assoc iates
the AP. The AP uses the database to forward packets from one interface to
another. The bridge forwards packets addressed to unknown systems to the
Default Interface (Ethernet).

with

The AP internal stack interface handles all messages directed to the AP.

Each AP stores inf ormation on destinations and thei r int erfaces to facili tate
forwarding. When a user sends a n ARP (Address Resolution Protocol) request
packet, the AP forwards it over all enabled inter f a ces (Ethernet, radio and
WLAP) except over the interface the ARP request packet was received.
On receiving the ARP response packet, the AP database keeps a record
of the destination address along with the receiving interface. With this
information, the AP forwards any directed packet to the correct dest ination.
The AP forwards packets for unknown destinations to the Ethernet interface.

14 AP-4100 Series Access Point Product Reference Guide

Introduction

Transmitted ARP request packets echo back to other MUs.

The AP removes from its database the destination or interface information
that is not use d for a specified tim e . The AP refreshes its database when it
transmits or receives dat a fro m these destinations and inte rfaces.

Filtering and Access Control

The AP provides facilities to limit the MUs that associate with it and the data
packets that can f or wa r d thr ough it. Filters pr ovide network security and
improve performance by eliminating broadcast/multicast packets from the
radio network.

The ACL (Access Control List) contai ns MAC addr e sses for M U s
allowed to asso ciate with the AP. This provides security by prev enting
unauthorized access.

The AP uses a disallowed address list of destination s . This feature prevents
the AP from communicating with specified destinations. This can include
network devi ces th at do not require commun i ca tion with the AP or its MUs.

Depending on the setting, the AP can kee p a l is t of f rame types that it
forwards or discards. The Ty pe Filtering option prevents specifi c frames
(indicated by the 16-bit DIX Ethernet Type field) from being processed by
the AP. These include certain broadcast frames from devices that co nsume
bandwidth but are unnecessary to the wireless LAN. Filtering out
frames can also improve per formance.

1.3.2 Auto Fallback to Wireless Mode

The AP supports an Auto Fallback to wireless mode when the hardware
Ethernet connection fails or becomes broken. The Aut o Fallbac k func tion
operates only with an AP in WLAP mode and connected to the Ethernet
network. The AP resets itself an d d uring initialization attempts to associate
with any other WLAP in the network.

AP-4100 Series Access Point Product Reference Guide 15

Introduction

See section 2.4 “Configuring System Parameters” on page 61 and section

2.5.1: ”Wireless Operation Parameters” on page 84.

To enable this feature, set the WLAP Mode to Link Required.

1.3.3 DHCP Support

The AP can use Dynamic Host Configuration Protocol (DHCP) to obtain a
leased IP address and configuration information from a remote server . DHCP
is based on BOOTP protocol and can coexist or interoperate with BOOTP.
Configure the AP to send out a DHCP request searching for a DHCP/BOOTP
server to acquire Kerberos security information, HTML, firmware or netwo rk
configuration files wh e n a boo t (an AP boo t) ta ke s plac e. B ecause BOOTP
and DHCP interope rat e , whichever respond s first be comes the server that
allocates information. When BOOTP is enabled, the access point ACL and
configuration file (cfg.txt) are up loaded.

The AP can be set to only accept replies from DHCP or BOOTP servers or
both (this is the default setting). Setting DHCP to

disabled disabl es BOOTP

and DHCP (co nfi gu re ne two rk settin g s manu al ly) . If run nin g both D HCP an d
BOOTP, do not select BOOTP Only. BOO TP should only be used when the
server is running BOOTP exclusively. See section 2.3 “Access Point
Installation” on page 56.

The DHCP client automatically sends a DHCP request at an interval specified
by the DHCP server to renew the IP address lease as long as the AP is
running (This paramete r is programmed at the DHCP server). For example:
Windows NT servers typically are set for 3 days.

16 AP-4100 Series Access Point Product Reference Guide

Introduction

Program the DHCP or BOOTP server to transfer these files (Kerberos security
information, HTML, firmware or network configuration files) with these
DHCP options for the specific file or information to download:

Description of DHCP Options Option Number

Firmware and HTML file 67 (filenames are separated by a space)
ESSID 128
Configuration filen ame 129
ACL filename 130
Kerberos enable/disa ble flag 131(set to 0 for disable or 1 for enable on

the DHCP server)

KDC name 132
KSS name 133
KSS port number 134

When the AP receiv es a netw ork con figura tion cha nge or i s not abl e to renew
the IP address lease the AP sends out an SNMP trap if SNMP is configured.

1.3.4 Media Types

The AP supports bridging between Ethernet and radio media.
The Ethernet interface fully complies with Ethernet Rev. 2 and IEEE 802.3

specifications. The AP supports 10/100Base-T wired connections. The data
transfer rate ove r radio waves is 11 Mbps.

The radio interface conforms to IEEE 802.11 specifications. The interface
operates at 11 Mbps using direct-sequence radio technology. The AP
supports multiple-cell operations with fast roaming between cells. With the
direct-sequenc e system, each cel l oper ates in depe ndentl y. Each cell provides
an 11 Mbps bandwid t h. Adding cells to the net work provides incr eased
coverage area and total system ca p acity. The AP supports MUs operating in
Power Save Polling (PSP) mode or Continuously Aware Mode (CAM) without
user intervention.

AP-4100 Series Access Point Product Reference Guide 17

Introduction

The DB-9, 9-pin, RS-232 serial port provides a UI (User Interface)
connection. The UI provides basic management tools for the AP. The serial
link supports short haul (direct serial) or long haul (telephone-line)
connections. The AP is a DTE (Data Terminal Equipment) device with male
pin connecto rs for the RS-232 port. Connectin g the AP to a PC requires a
null modem cabl e .

18 AP-4100 Series Access Point Product Reference Guide

1.3.5 Direct-Sequence Spread Spectrum

Spread spectrum (broadband) uses a narrow b and signal to spread the
transmission over a segmen t of the radio frequency b and or spe ctrum.
Direct-sequ ence is a spread s pectrum techn ique wher e the tra nsmitted s ignal
is spread over a particular frequency range. The Spectrum24 AP -4100 series
uses Direct -Sequence Spr ea d Spec trum (DSSS) for radio communication.

Direct -s equence systems communic ate by continuously transmitting a
redundant pattern of bits called a chipping sequence. Each bit of transmitte d
data is mapped into chips by the access poi nt and rearranged into a
pseudorandom spreading code to form the ch ipping sequence. The c hippi ng
sequence is combin ed with a transmitted dat a stre a m to produce the AP
output signal.

Introduction

AP-4100 Series Access Point Product Reference Guide 19

Introduction

Mobile Units receiving a direct-sequence transmission use the spreading
code to map the chip s within th e chipping seq uence back into bits to recr eate
the original data transmitted by the access point. Intercepting and decoding
a direct-sequence transmission requires a predefined algorithm to associate
the spreading code used by the transmi tting access poin t to the receivin g MU .
This algorithm is established by IEEE 802.11b specificat ion s . The bit
redundancy within the chipping sequence enables the receiving MU to
recreate the original data pa tt ern, even if bits in t he ch ip ping sequence ar e
corrupted by interference.

The ratio of chips per bit is called the spreading ratio. A high spreading ratio
increases the resistance of the signal to interference. A low spreading ratio
increases the bandwidth available to the user. The access point uses a
constant chip rate of 11Mchips/s for all data rates, but uses different
modulation schemes to encode more bits per chip at the higher data rates.
The access point is capable of an 11 Mbps data transmission rate, but the
coverage area is les s than a 1 or 2 Mbps access po int since coverage are a
decreases as bandwidth increases.

1.3.6 MU Association Process

APs recognize MUs as they assoc iate with the AP. The AP keeps a list of the
MUs it services. MUs associate with an AP based on the following conditions:

• the signal strength between the AP and MU

• MUs currently associated with the AP

• the MUs encryption and authentication capabilities and the type enabled

• the MUs supported data rates (1 Mbps, 2 Mbps, 5.5 Mbps or 11 Mbps).

MUs perform preemptive roaming by intermittently scanning for APs and
associating with the be st av ailable AP. Befor e ro am ing and associating with
APs, MUs perform full or partial scans to coll ec t AP sta tist ics and determine
the direct-sequen ce c hann el used by the AP.

20 AP-4100 Series Access Point Product Reference Guide

Introduction

Scanning is a periodic process where the MU sends out probe messages on
all channels defined by the country cod e. The statistic s en able an MU to
reassociate by synchronizing its channel to the AP. The MU continues
communicatin g w i th that AP until it needs to switch ce lls or roam.

MUs perform f ull scans at start-up. In a fu ll s can, an MU uses a se q uential
set of channel s as t he sc an range. For each channel in ra nge, the MU tests
for CCA (Clear Channel Assessment). When a tr ansm ission-free channel
becomes av ailable, the MU br oadcasts a probe with the Net_ID (ESS) and
the broadcast BSS_ID. An AP-directed probe response generates an
MU ACK (Mobile Unit Acknowledgment) and the addition of the AP to the AP
table with a proximity classification. An unsuccessful AP packet transmission
generates another MU probe on the same channel. If the MU fails to receive
a response within th e ti me li mit, it repeats the probe on th e next channel in
the sequence. This process continues through all ch annels in the range.

MUs perform partia l scan s at pro grammed inte rvals , when mi ssin g expect ed
beacons or after excessive transmission retries. In a partial scan, the MU
scans APs classified as proximate on the AP ta ble. For each channel,
the MU tests for CCA. The MU broadcasts a probe with the Net_ID (ESS)
and broadcast BSS_ID when the channel is transmission-free. It sends an
ACK to a directed probe response from the AP and updates the AP table.
An unsuccessful AP packet transmission causes the MU to broadcast another
probe on the same channel. The MU classifies an AP as out-of-range in the
AP table if it fails to receive a p rob e response within the time lim it s. This
process continues through all APs classified as proximate on the AP table.

AP-4100 Series Access Point Product Reference Guide 21

Introduction

An MU can roam within a co ve rage area by switching APs. Roaming
occurs when:

• an unassociated MU attempts to associate or reassociate with an
available AP

• the supported rate changes or the MU f i nds a better trans mit rate with
another AP

•the RSSI (received signal strength indicator) of a potential AP exceeds the
current AP

• the ratio of good-transmitted packets to attempted-transmitted packets
falls belo w a th reshold.

An MU selects the best available AP and adjusts itself to the AP direct­sequence channel to begin association. Once associated, the AP begins
forwarding any frames it receives addressed to the MU. Each frame contains
fields for the current direct-sequence channel. The MU uses these fields to
resynchronize to the AP.

The scanning and association process continues for active MUs. This process
allows the MUs to find new APs and discard out-of-range or deactivated APs.
By testing the airwav es, the MUs can choose the best network co nn ection
available.

1.3.7 Mobile IP

The Internet Protocol identifies the MU point of attachment to a network
through its IP address. The AP routes packets according to the location
information contained in the IP header. If the MU roams across routers to
another subnet, th e fol l ow ing situations occur:

• The MU changes its point of attachment without changing its IP address,
causing forthcom ing packets to become unde liv e r ab le .

• The MU changes its IP address when it moves to a new n etwork, causin g
it to lose connecti o n.

Mobile IP enables an MU to communicate with other hosts using
only its home IP ad dr ess af ter changing its point-of-attachmen t to the
internet/intranet.

22 AP-4100 Series Access Point Product Reference Guide

Introduction

Mobile IP is like giving an individual a local post office forwarding address
when leaving home for an extended period. When mail arrives for the
individual home address, it is forwarded by the local post office to the
current care-of-address. Using this method, only the local post office
requires notification of the individual current address. While this example
represents the g en e ral concept of Mobile IP operation and function alit y,
it does not represent the implementation of Mobile IP used.

A tunnel is the path taken by the original pac ket encapsulated within the
payload portion of a second packet to some de stination on the netwo rk.

A Home Agent is an AP acting as a router on the MU ho me network.
The home agent intercepts packets sent to the MU home address and
tunnels the message to the MU at its current location. This happens as
long as the MU keeps its home agent informed of its current location on
some foreign link.

A Foreign Agent is an AP acting as a router at the MU location on a foreign
link. The foreign agent serv es as th e d ef au lt router for packets sent out
by the MU connected on the same foreign link.

A care-of-address is the IP address used by the MU visiting a forei gn link.
This address changes each time the MU moves to another foreign link.
It can also be viewed as an exit point of a tunnel between the MU home
agent and the MU itself.

The S24 Mobile IP (roaming across routers) feature enables an MU
on the Internet to move from one subnet to another while keeping its
IP address uncha ng e d.

To configure this feature, see secti on 2.4: ”Configuring System Parameters”
on page 61.

AP-4100 Series Access Point Product Reference Guide 23

Introduction

The scanning and association process continues for active MUs.
This allows the MUs to find new APs and discard out-of-range or
deactivated APs. By testing the airwaves, the MUs can choose the best
network co nnection avail able.

The following diagra m illu strates Mobile IP (roaming acro ss routers):

Set the MU for Mobile IP as specified in the MU use r documentation .

Security has be c o m e a concern to mobile us e r s . En abling the Mobile-Home

MD5 key option in the System Configuration menu generates a 16-byte
checksum authenticator using an MD5 algorithm. The MU and AP share the
checksum, called a key, to authenticate transmit ted m essages b etw een the m.

The AP and MU share the key while the MU is visiting a foreign subnet.
The MU and AP have to use the same key. If not, the AP refuses to become
the Home Agent for the MU. The maximum key length is 13 characters.
The AP allows all printable characters.

24 AP-4100 Series Access Point Product Reference Guide

1.3.8 Supporting CAM and PSP Stations

CAM (Continuously Aware Mode) stations leave their radio s on con tin uously
to hear every beacon and message transmitted. These systems operate
without any adjustments by the AP. A beacon is a uniframe system packet
broadcast by the AP to keep the network synchronized. A beacon includes
the Net_ID (ESS), the AP ad dress, the Broadcast destination add r e s ses,
a time stamp, a DTIM (Delivery Traffic Indication Message) and the TIM

(Traffic Indication Map).
PSP (Power Save Polling) stations power off their radios for short periods.

When a Spectrum24 MU in P SP mod e associ ates wi th an AP, it notifies the AP
of its activity s tatus. The Spec trum24 AP-4121 HR acc e s s point responds by
buffering packets received for the MU. The Spectrum24 adapters use a PSP
performance index from 1 to 5, wher e 1 provides t he quic kest respon se time
and 5 provides the most efficient power consumption.

Introduction

The performance inde x de t er mines how long the adapt er stays in CAM af te r
transmit or receive activity. Regardless of the performance index used,
adapters switch to CA M for data reception/tr ansmission. The awake inte rval
in PSP performance ind e x 1 is long enou gh to allow for round-trip pack e t
response times. The packet response time in PSP performance index 5 is only
25 msec, the adapter goes back to sleep and requires another wake up
period to receive data.

When the MU wakes up and sees its bit set in the TIM, it issues a short frame
to the AP for the packets stored. The AP sends them to the MU and the MU
issues another shor t f ra me wh en the data has been received and is rea dy to
go back to PSP. A DTIM field, also cal l e d a co untdown field, info r ms MUs of
the next wind ow for listen ing to broa dcast and multicast m essages. When th e
AP has buffered broadcast or multicast messages for associated MUs, it
sends the next DTIM with a DTIM Interval value. To prevent a PSP-mode MU
from sleeping throu gh a DT IM noti ficati on, sel ect a P SP mode value l ess th an
or equal to the DTIM v alue. PSP-mode MUs hear the beacons and awaken to
receive the broadcast and multicast messages.

AP-4100 Series Access Point Product Reference Guide 25

Introduction

A TIM is a compr e s s e d virtual bitmap identifying the AP associated MUs in
PSP mode that have buf f er e d di r e cted messages. MUs issue a poll request
when APs issue a TIM. A beacon with the broadcast-indicator bit set causes
the MU to note DTIM Count field value. The value informs the MU of the
beacons remaining before next DTIM. This ensures the MU turns on the
receiver for th e DT IM an d the following BC/MC packet transmissions.

1.3.9 Data Encryption

Any wireless LAN device (includ ing Spectrum24 de vic es ope rat ing on a
wireless network) faces possible information theft. Theft occurs when an
unauthorized user eavesdrops to obtain information illegally . The absence of
a physical connection makes wireless links particularly vulnerable to this form
of theft.

Encryption becomes the most efficient method in preventing information
theft and improving data security. Encryption entails scrambling and coding
information, typically with mathematical formulas called algorithms, before
the information is transmitted. An algorithm is a set of instructions or formula
for scrambling th e da ta. A key is the specific code used by the algorithm to
encrypt or decrypt the data. Decryption is the decoding and unscrambling of
received encrypted data.

The same device, host computer or front -end pr oc essor, usually performs
both encryption and decryption. The data transmit or receive direction
determines whether the en cr yption or decryption functi on is per f o r med.
The device takes plain text, encrypts or scrambles the text typically by
mathematically combining the key with the plain text as instructed by the
algorithm, then transmits the data over the network. At the receiving end
another device takes the encrypted text and decrypts, or unscrambles, the
text revealing the original message . An unauthorized user can know the
algorithm, but cannot interpret the encrypted data without the appropriate
key. Only the sender and receiver of the transmitted data know the key.

Symbol uses the Wired Equivalent Privacy (WEP) algorithm, specified in
IEEE 802.11 section 8, for encryption an d decry ption. WEP uses the same
key for both encrypting and decrypting text. Typically an external key service
distribute s the k e y. Users should change the key often for add ed security.

26 AP-4100 Series Access Point Product Reference Guide

Introduction

IEEE 802.11 defines tw o type s of authentication, Open System and Shared
Key. Ope n s ystem authentication is a null authentication algori thm. Shared
key authentication is an algorithm where both the AP and the MU share an
authentication key to perf orm a checksum on the original me ss age. Both
40-bit and 128- bit shared key encrypti on al gorithms are supporte d in the
Symbol Spectrum24 Access Point. Devices are required to us e the same
encryption algorithm to interoperate. APs and MUs cannot transmit and
receive if the AP is using 128-bit encryption and the MU is using a 40-bit
encryption algorithm.

By default, IEEE 802 .11 devices operate in an open system network where
any wireless device can associate with an AP without authorization.
A wireless device with a valid shared key is allowed to associate with the AP.
Authentication management messages (packe ts ) are unicast, meaning
authentication messages transmit from one AP to one MU only, not
broadcast or multicast.

1.3.10 Kerberos Authentication

Kerberos can be installed on devices supporting Windows 2000, NT 4.0 and
95/98. The Spectrum24 Plus P a ck is required on all devices supporting
Kerberos.

Authentication is critical for the security of any wireless LAN device, including
a Spectrum24 device operating on a wireless network. Traditional
authentication metho ds are not sui tabl e for use i n wir el ess net wo rks wher e
an unauthorized user can monitor network traffic and intercept passwords.
The use of strong authentication methods that do not disclose passwords is
necessary. Symbol uses the Kerberos au thentication service protoc o l
(specified in RFC 1510), to authenticate users/clients in a wireless network
environment and to securely distribute the encryption keys used for both
encrypting and decrypting plain text.

AP-4100 Series Access Point Product Reference Guide 27

Introduction

For a detailed description of the Kerberos aut he ntication service protocol
refer to RFC 1510: Kerberos Network Authentication Service (V5).

A basic understanding of RFC 1510 Kerberos Network Authentication Service
(V5) is helpful in understanding how Kerberos functions. Kerberos optionally
uses the KSS on a Windows 2000 server. By default, Spectrum24 devices
operate in an open system network where any wireless device can associate
with an AP without authorization. Ke rberos requires S pectrum24 devi ce
authentication before access to the wired network is permitted. Kerberos
cannot operate when the AP is in wireless (WLAP) mo de.

If DHCP is disabled or a DHCP server is not available, use the Kerberos
Authentication screen to manually configure Kerberos. See section ”Manual
Kerberos Authentication Configuration” page 70.

Kerberos can be enabled automatically in an AP physically attached to an
Ethernet network from a DHCP server on the sa me ne t work. Program the
DHCP server with the Kerberos and KSS options found in section 1.3.3:
”DHCP Support” on page 16. When the AP boots up, it au to matically
requests the KSS for Kerberos parameters. If a DHCP server is not present
manually enable Kerberos in the AP see section ”Manual Kerberos
Authentication Configuration” page 70. A Key Distribution Center (KDC)
contains a database of authorized users and passwords within its realm (a
realm is the Kerberos equiv alent of a Windows domain). The KDC is
responsible for user authentication, the distribution of session/service keys
(tickets).

The KSS requires restarting whenever the KDC is rebooted.

28 AP-4100 Series Access Point Product Reference Guide

Introduction

The KDC contains two com ponents:

• Authenticatio n Serv ice (AS)
– Provides the authentication ti cket containing information about the

client and the session key used with the KDC.

• Ticket Granting Ticket Service (TGS)
– Permits devices to communicate with a service (this could be any

application or servic e such as th e AP RF service s).

The default expiration time of a ticket is 12 hours (for the AP) and is not user
configurable. If the lifetime of a ticket in the KDC's security policy is different
than what is requested, the KDC selects the shortest expiration time between
the two. Each time a ticket is generated a new session and WEP encryption
key is generated.

The KDC resides on the Kerberos server (the Kerberos server can also be t h e
DNS server). In addition to the KDC, a Kerberos Setup Service (KSS) can be
optionally installed on the K er beros server. The KSS runs as a client on the
KDC server when initially launched. The KSS can be used to administer
Spectrum24 devic e s authorized on the network. For example, an AP on the
Access Control List (ACL) is lost or stolen. The KSS marks the AP (using the
MAC address of the AP) as not authorized and not ifies the administrator if
the missing AP appears elsewhere on the network attempting authentication.
All clients (MUs), KDC and services (APs) particip ating in the Kerberos
authentication system must have their internal clocks synchronized within a
specified maximum amount of tim e (known as clock skew). The KSS uses
Network Time Protocol (NTP) or the system clock on the Kerberos server to
provide clock synchronization (timestamp) between the KDC and APs as part
of the authentication process. Clock synchronization is essential since the
expiration time is associated with each ticket. If the clock skew is exceeded
between any of the participating hosts, requests are rejected.

Additionally, the KSS provides a list of authorized APs and other security setup
information that the KDC uses to authenticate clients. When setting up KSS,
assign APs an ES SID as the User ID to authenticate with the K DC.

AP-4100 Series Access Point Product Reference Guide 29

Introduction

When the AP boots up it contacts the KSS to obtain KDC informat ion. The AP
sends an Authentication Service Request (AS_REQ) to the KDC. The KDC
looks up the username (ESSID in the case of APs), the associated password,
and other authentication information including the current time stamp. If the
AP has provided the correct information the KDC responds with an
Authentication Serv ice Response (AS_REP). These initial Kerberos messages
are used to obtain the clien t c re den ti a ls and sessi on key known as th e Tic ket
Granting Ticke t. The AP ver ifies the i nformat ion and is au thenti cated wi th the
KDC. After the AP validates the message, it turns on its RF services but does
not bridge data packets until the MU has been authenticated.

An MU is required to authentic at e wi th the KDC bef ore the AP allows any RF
bridging. The MU appears to associate but because it has not been
authenticated, the AP do e s no t br id ge any non-Kerberos authenticati on type
packets to the network. The AP acts as a conduit (the AP will proxy the MU
requests/replies to and from the KDC) passing AS_REQ, AS_REP, Ticket
Granting Service Request (TGS_REQ) and Ticket Granting Service Reply
(TGS_REP) between the c lient s an d th e KDC un til auth entic ation is succe ssful.

Once a ticket is issued and the authentication process is completed, the AP
continues to bridge data with the MU even if the KDC/KSS are unavailable.
Once the ticket expires, the AP/MU stop passing Kerberos data if the
KDC/KSS are still unavailable to issue ti cke ts.

The authentication process for an MU is similar to an AP authentication. The
difference be ing that the MU/c lie nt sends all requests through the AP with
one additional step. The additi o na l step is sendin g th e KDC a TGS_REQ for
RF services. The TG S_REQ message is encrypt ed with the encryption key th at
the MU received during the first part of the authentic ati on process . The ticket
the MU received in the AS_REP includ es: th e ESSI D of the AP whose RF
services it wis hes to access. The AP proxies (forwards) the MU re quest to the
KDC. The KDC verifies the request and responds with a TGS_REP sent to the
MU through the AP wh ich p roxies t he re ply t o the MU. The AP proxy does not
read the MU TGS_REQ but replaces the header information wit h an IP
header (the AP IP address). Conversely, the AP replaces the TGS_REP header

30 AP-4100 Series Access Point Product Reference Guide

Introduction

with a WNMP header and forwards the response to the MU. Once the MU
has verified the message it prepares an Applicat ion Request (AP_REQ) for t he
AP. This AP_REQ contains the ticket the KDC has sent to the MU. The AP
decrypts the ticket. If the ticket is valid the AP responds with an AP_REP (the
AP generates and includes128 bit WEP encryption key in the reply) and
permits the MU to bridge data.

The KDC cannot authenticate an MU with administrator as the username.

AP-4100 Series Access Point Product Reference Guide 31

Introduction

Configure the AP through a direc t ser i al co nn ection if needed. Configure
SNMP to be "Read Only" or "Read/W r i te" from the KSS. Disabling Kerberos
returns (Kerberos disabled is th e default setting) Telnet, S NM P and Web
services to their previous setting. If an AP c annot be accessed through a serial
connection and SNMP is not configured for read/write, use of DHCP option
131 is another way to disable Kerberos.

The optional KSS in a Spectrum24 environment runs only on a Windows
2000 server with Active Directory enabled. Future supported platforms
include Linux, Solaris, SCO Unixware and HP-UX.

1.3.11 KSS Open Enrollment

When the KSS startup and KDC authenticatio n completes succes s f u lly, the
KSS opens a listening TCP/IP connection port and waits for any AP (several
APs can connect to t he KSS concurre ntly) that requests KSS AP setup servic es.
Each AP requires an AP Setup Account entr y. Open Enrollment mode allows
the system administrator to enter information for APs with the same ESSID
therefore the same Kerberos Principal. The system administr at or cr ea tes an
AP Setup Account ent ry (e nter all th e Open Enro llmen t prope rties i ncl uding a
Kerber os Principal) in Open Enrollment mode. Complete the Kerberos
account with this Principal in the Kerberos Account database. When the KSS
Listening mode and Open Enrollment is enabled (by selecting a check box in
the Kerberos Setup Service Pr operty page), KSS provides the default AP
Setup Account and th e co r responding Kerberos Account to the AP. A new AP
Setup Account rec ord is created fo r the AP using the defa ult Open Enroll ment
properties. The KSS continues to do this until Open Enrollment is disabled.
Access points wi th a "D i s ab le d" status or expired ran ge ent r ie s i n the KSS are
not allowed to accept Open Enrollment information. This provides a tool to
block APs that are known to have been stolen or missing.

32 AP-4100 Series Access Point Product Reference Guide

1.3.12 KSS Databases

The optional KSS has two databases. One database stores valid access
points (AP setup account). The other database stores Kerberos account
information (Kerberos entry account). The AP setup account data base stores
validation informat ion for an AP. This data base uses the AP MAC address as
a Primary Key. The entry includes the range of time the AP is allowed access
and status information. A Foreign Key entry for a record in the AP setup
account is the Kerberos Principal for this AP. This Foreign Key is used as an
index to the Kerberos Entry account database to retrieve other Kerberos
information for the AP. The Kerberos Entry account database stores specific
Kerberos information fo r APs. It uses t he Kerberos P rincipal (AP’s ESSID) as its
Primary Key, and it inc ludes other Kerberos network infor ma tion that an AP
needs to aut he nticate with the KDC.

When an AP requests informati on from the KSS , th e KSS queries the AP Se tup
database to validate the AP. If the AP is valid t he K SS will query its Kerberos
Entry account database for the AP’s Kerberos inf ormation. Th e KSS packages
the information and sends it t o the AP.

Introduction

APs with the same ESSID will share common Kerberos Entry account
information since the ESSID is used as an AP Kerberos Principal.

1.3.13 Roaming and Authentication

When an MU auth enticates through the KDC it spec ifie s that it wants acces s
to the AP that it has as s o ciated with. W he n the MU completes the full AS­REQ/AS-REP, TGT-REQ/TGT-REP, and AP-REQ/AP-REP hand-shake sequence,
it possesses a ticket and a session key (WEP encryption key) for use in
communic ati ng with that A P. However, since the pass wor d an d th e use rn ame
are the same for all APs, that tic ket de crypts and validat es with any AP.

When a MU roams, after it has associated with the new AP it sends to that AP
the same AP-REQ that it sent to the AP t hat it first au thenti cated w ith. Th e new
AP decrypts the ticket a nd validates the authen ticator in the AP-REQ message.
It then sends back an AP-REP with a new session key to the MU and normal
communicatio n through the new AP can co ntinue.

AP-4100 Series Access Point Product Reference Guide 33

Introduction

1.3.14 Mixed Mode Security

Mixed mode security allows a single access point to transmit and receive with
mobile units operating with different encryption algorithms. Using mixed
mode, additional access points are not needed to support mobile units
simply because they are using different encryption schemes.

1.3.15 Web Management Support

A Symbol Spectrum24 Access Point includes an HTTP W eb ser ver to allo w the
user to access and manage the AP with a standard Java-compatible browser .
This capability provides the user with a Web-b ase d inte rface for
configuration an d firmware download.

Using either NetSca pe Navigator 4.5 or greater or Mic r osoft Internet
Explorer 4.0 or greater, point the browser at either the IP address of the AP
or, if the AP is defined in DNS, at the DNS name of the AP. A window opens
that allows the use r to access configuration, setup and pe rformance
information for the AP as well as ad ditional diagnostic information.

Disable Kerberos En c ry pt io n to use a Web server to configure access
point settings.

34 AP-4100 Series Access Point Product Reference Guide

1.3.16 Management Options

Managing Spectrum24 includes viewing network statistics and setting
configuration opt ions. Statistics track the network activity of associated
MUs and data transfers on the AP interfaces.

The AP requires one of the following to perform a custom installation or
maintain the Spectrum 24 net wo r k:

• SNMP (Simple Network Manage me nt Protocol)

• wired LAN workstation with a Telnet client

• terminal or PC with RS-232 connection and ANSI emulation

Make configuration changes to APs individually. Each AP requires an
individual IP address.

Programmable SNMP Trap Support

Introduction

The SNMP protoco l de fines the method for obta inin g information about
networks operating characteristics and changing router and gateway
parameters. The SNMP protocol consists of three elements:

• management stations

• management information (MIB)

• a management protocol (SNM P).

Nodes can perform as hosts, routers, bridges or other devices that can
communicate status information. An SNMP Manager is a node that runs the
SNMP management process to systematically monitor and manage the
network. The management station performs network management by
running applica ti on management softw are .

An SNMP trap is an alert to all configured management stations of some
significant event t hat occurred on the network. The managem en t sta tion
queries all stations for details of each specific event, inclu din g w hat , when
and where the event took pla ce and th e current status of the node or
network. The format or structure is defined in the SNMP protocol. The MIB
defines what and who monitors the variables.

AP-4100 Series Access Point Product Reference Guide 35

Introduction

Using SNMP

The AP includes SNMP agent versions accessible through an SNMP manager
application such as, HP Open View or Cabletron Spectrum MIB browser.
The SNMP agent supports SNMP versions 1 and a subset of version 2, MIB II,
the 802.11 MIB and on e Sym bol proprietary MIB (Management Information
Base). The SNMP agent supports re ad-write, read-only or disabled mod e s.
The AP supports traps that retur n to the SNMP manager when certai n events
occur. The Symbol MIB is available on the Spectrum24 High Rate 11 Mbps
Wireless LAN Software CDROM or from http://www.symbol.com/services/
downloads/download_spec24.html.

Disable Kerberos Encryption to use SNMP to configure access point settings.

Increased MIB Support

The MIB (Management Information Base) has te n categories defining
what the management station needs to understand and which objects the
station manage s .

36 AP-4100 Series Access Point Product Reference Guide

Introduction

Using the UI

The UI (User Interface) is a maintenance tool integrated into the AP.
It provides statistic al d isplays, AP configuration op tions and firmware
upgrades. Access to the UI requires one of the following:

Telnet Client Access to the AP built-in Te lne t serv er from an y interface

including remote Ethernet connectio ns.
See section 2.1.1: ”Using Telnet” on page 39.

Direct Serial
Connection

The AP acts as a DTE device to connect directly to
another DTE devic e wi th a null-modem serial cable.
The direct serial access method requires a
communication program with ANSI emulation.
See section 2.1.2: ”Using a Direct Serial Connection” on

page 41.

Dial Up Access The dial-up access method requires a communication

program with ANSI em ulation on the remote te rminal
or PC. The terminal or PC dials to an AP with a modem
connection. The AP supports connection to a
Hayes-compati ble 28,800-baud or faster modem.
See section 2.1.3: ”Using a Dial-Up Connection” on page

42.

SNMP Using a
MIB Browser

Access to the AP SNMP function using a MIB Browser.
Typically a Network Manager uses this feature, however,
Symbol does not r ecomm end access i ng th e AP usin g thi s
interface method.

Web Browser Access to the AP built-in Web server from any AP

interface including Ethernet connections.
See section 2.1.4: ”Using a Web Browser” on page 43.

AP-4100 Series Access Point Product Reference Guide 37

Introduction

38 AP-4100 Series Access Point Product Reference Guide

Chapter 2 Configuring the AP

AP configuration requires setting up a connection to the AP and gaining
access to the UI (User Interface). The methods of accessing the UI are Serial,
Telnet, Web, and SNMP. DHCP is enabled on the AP by default. Initial
network configuration can be obtained from a DHCP server. All except Serial
require the configuration of an IP address.

To access the AP through the serial port and terminal emulation program,
connect to the DB9 serial port usi n g a nu l l modem cable. Set the terminal
emulation program for 19,200 bps, 8 bits, No parity, 1 St op Bit and No flow
control. Select the AP Installation screen and enter the appropriate IP
configuration parameters for the network.

The dot in front of certain parameters, functions or options (.Antenna

Selection Primary Only

same Net_ ID (ESS) when choosing the
perform this option only among the same hardware platforms and same
firmware versions.

) indicates these items update to all APs with the

Save ALL APs-[F2] option. Users can

2.1 Gaining Access to the UI

The method for establishing access to the UI depends on the connection
used. Select the setup that best fits the network environment.

2.1.1 Using Telnet

Using a Telnet session to gain access to the UI requires that a remote station
have a TCP/IP stack. The remote station can be on the wired or wireless LAN.

To access the AP from the workstat ion :

1. From the DOS prompt, Telnet to the AP using its IP address:

Telnet xxx.xxx.xxx.xxx

AP-4100 Series Access Point Product Reference Guide 39

Configuring the AP

2. At the prompt type the password:

Symbol

The password is case-sensitive.

3. Press the ESC key. The AP displays the Main Menu:

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

– If the session is idle (e.g. no input) for the configured time, the

session terminates.

– Press CTRL+D to manually terminate the session.

4. Proceed to section 2.13.1: ”Update Using TFTP” on page 123 to update
the AP firmware or HTML file or to section 2.2: ”Navigating the UI” on
page 50.

40 AP-4100 Series Access Point Product Reference Guide

2.1.2 Using a Direct Serial Connection

The factory-configured AP accepts a dial-up connection between the AP and
a modem. A UI connection requires a straight-through cable between the
modem and the AP. See section 2.2.3: ” Configuring for Dial-Up to the UI” on
page 55. The AP serial port is a DB-9, 9-pin male connector. The serial port
allows a UI connection to a configuration PC. Connecting the AP directly to a
PC with a 9-pin serial port requires a null modem cable with the following
configuration:

Assuming the UI and serial port are en ab le d on the AP:

1. Apply Power to the AP.

2. Attach a null modem ser i al cable from the AP to the terminal or PC
serial port.

3. From the terminal, start the communication program, such as
HyperTerminal for window s.

Configuring the AP

4. Select the correct COM port along with the following parameters.

emulation ANSI
baud rate 19200 bps
data bits 8
stop bits 1
parity none
flow control none

There is no password requirement.

AP-4100 Series Access Point Product Reference Guide 41

Configuring the AP

5. Press ESC to refresh the display. The AP displays the Main Menu.

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

6. Refer to section 2.11.2: ”Updating Using Xmodem” on page 117 to
update the AP firmware or HTML file or to section 2.2: ”Navigating the
UI” on page 50.

7. Exit the communication program to terminate the session.

2.1.3 Using a Dial-Up Connection

A dial-up connection requires a straight-through cable between the modem
and the AP. The remote PC requires a modem and a communicat i on
program (Microsoft Win do ws Terminal program).

See Appendix B for information on the modems supported by the AP.

1. Set Modem Connected to Yes in the System Configuration screen.

2. Attach a straight-through serial cable from the AP to the modem.

3. Verify the modem connects to the telephone line and has power.
Refer to the modem documentat ion for information on verifying

device powe r.

4. From the remote terminal, start the communication program.

42 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

5. Select the corr ec t se rial port along with the follo wing parameters.

emulation ANSI
baud rate 19200 bps
data bits 8
stop bits 1
parity none
flow control none

6. Dial out to the AP with the correct telephone number.
No password is required.

7. Press ESC to refresh the display. The AP displays the Main Menu.

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

2.1.4 Using a Web Browser

A Web browser is a program used to view Web documents or pages. The
browser retriev es the requested page, interprets its tex t and displays the page
on a computer screen.

Using a Web browser to gain access to the UI requires the workstation to
have a TCP/IP stack and a Web browser. The remote s tation can be on the
wired or wireless LAN.

AP-4100 Series Access Point Product Reference Guide 43

Configuring the AP

The Web browser (Internet Explorer 4.0 or greater or Netscape) requires
JavaScript to gain access to the UI.

Setup Network Web Server Help File Access

A network Web server is required to access the Help file from the Access
Point Configuration Management System Web pages. Th is proce dure appl ies

to the Microsoft Internet Information Server. The network Web server can be
different , if so, some of the pro c e dures diffe r.

Only Network or System Ad min i st rat ion personnel should configu re the
network Web server.

To create th e Help file on a network Web server:

1. Create a directory on the network Web server for the AP Web Site Help
Files to reside.

Often this subd ire ctory is C:\InetPub\wwwR o ot.

2. Copy the *.gif and *.htm files to this directory/folder.
The files are found in the x:\firmware\ A P\ AP Web Site\Help File

directory.
Where x is the letter assigned to the computer CDROM drive.

This installation example is for Windows NT 4.0.

3. From the windows Task Bar select Start.

4. From the drop down menu select Programs.

5. From this menu select Microsoft Internet Server(common).

44 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

6. From this menu select Internet Service Manager to launch the
Internet Information Server Service Manager.

7. Click on the Web service.

Ensure the server WWW service is running.

8. Select Properties.

9. Select Service Properties to display the WWW service properties
for the server.

The WWW Service Properties window opens.

10. Select Directories.

11. Select Add button to open the Director ies window.

12. Type the Directory/Folder path of the directory created in step one.

13. Select Virtual Directory.

14. Type a folder alias such as WebHelp an d se le ct OK.

15. Check Enable Default Document option.

16. Type S24apHelp.htm as the default document and select Apply.

17. Select OK to exit the window.

18. Test the accessibility to the Help file using a Web browser with a
URL similar to: http://

xxx.xxx.xxx.xxx/WebHelp

Where xxx.xxx.xxx.xxx is IP address of the server.

Accessing Web Browser UI

Using a Web browser to gain access to the UI requires the workstation to
have a TCP/IP stack and access to a Web browser. The remote station can
be on the wired or wireless LAN.

AP-4100 Series Access Point Product Reference Guide 45

Configuring the AP

To ensure the Web Server option is enabled for the AP:

1. Access the UI using a Serial or Telnet connection.

2. From the Main Menu select System Configuration.

3. Verify the Web Server option on the System Configuration screen
is enabled.

4. Select Save-[F1] to save the configuration.

To reset the AP for changes to take effect.

1. Select the Special Functions screen.

2. Select Reset AP.

3. Select Yes at the confirma ti on prompt.

To enable Help file access, change the Help URL parameter:

1. Select the Special Functions screen

2. Press F3 to view the Firmware Functions Update Menu.

3. Use the TAB or UP/DOWN ARROW key to select the Alter Filename(s)/HELP

URL/TFTP Server

.

4. Press ENTER.

5. Use the TAB or DOWN ARROW key to select the .HELP URL field.

6. Type the IP address/URL (Universal Request Locator) of the Web server
and the directory/folder of the Web server for the Help file location.

http://

xxx.xxx.xxx.xxx/WebHelp

Where xxx.xxx.xxx.xxx is the IP address of the server.

7. Save the new setting by selecting Save-[F1] option.

8. Select Yes at the confirma ti on prompt.

46 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

To access the AP UI using a Web browser from a workstation:

1. From the NCPA properties window set the IP address of the workstation
and the subn et mask. The syst e m te lls the user to reboot for property
changes to take effect.

The workstation, in th is case , is th e w orkst ation or laptop comput e r run ning
the Web browser.

2. To verify the connec ti on, ping the AP. At the default DOS prompt, type :

Ping -t xxx.xxx.xxx.xxx

– If the ping receives no response, verify that the hardware

connections, IP address, gateway address and subnet mask are
correct. If cor rect, contact the site System Administrator for
network assistance.

3. Start a Web browser such as Internet Explorer 4.0 or greater, or
Netscape 3.0 or greater.

Type the IP Address for the associated AP to access the AP using a
Web browser:

http://xxx.xxx.xxx.xxx

AP-4100 Series Access Point Product Reference Guide 47

Configuring the AP

4. The Spectrum24 Access Point Configuration Management System main
page displays:

The Web pages look different than the Telnet, Direct Serial or Dial-Up
Connections, bu t the conten ts are the same. Access the di fferen t pages usin g
the links located in the left frame . Refer to the online help file for Web page
navigation, page contents and parameter use .

• To view configuration, function or option changes on the Web page(s)
turn off the caching function for the brow ser being used.

– For Netscape, from the menu bar select Edit, Properties, Advanced

and Cache.

– Select Document in cache is compared to document on network:

Every time.

48 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

– F o r In ter net Explorer, from the menu bar selec t V iew, Internet

Options, Temporary Internet files and Settings.

– Select Check for newer versions of stored pages: Every visit to

the page.

If this property/option is not turned off, the browser returns the previous view
of the page without the change s . To ensure the latest version of a Web page
is viewed, set this option in th e b r owser.

• To access help fr om any Spectrum24 Acce ss Point Configuration
Management System web page, select the Help button lo cated in the top
right-hand corner of each page.

• F or access to the Easy Setup and Configuration pages this pop-up
dialogue box appears:

1. Type the AP name.

Symbol Access Point

2. Type the password:

Symbol

The password is case-sensitive.

• Exit the browser to manually terminate the session.

AP-4100 Series Access Point Product Reference Guide 49

Configuring the AP

2.2 Navigating the UI

The AP displays a Main Menu when gaining access to the UI:

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

The top line displays the System Name for the AP (default is Symbol Access
Point) and the name of the configuration screen.

The UI uses the following keystrokes to navigate through the menus
and screens depending on the terminal emulation. For terminal
emulation programs that do not support ar row or function keys, use the
control-character equivalents:

UP ARROW CTRL + O
DOWN ARROW CTRL + I
LEFT ARROW CTRL + U
RIGHT ARROW CTRL + P
F1 CTRL + Q
F2 CTRL + W
F3 CTRL + E
F4 CTRL + R

50 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

The following conventions also apply when navigating screens
and menus:

• To select menu items, press the key corresponding to the bold letter for
the item (case-sensitive hot key). Press ENTER to select the item.

• Press TAB to scroll through menu items.

• To change menu items, note the bottom line on the screen for
configuration options. For multiple choice options, press the bold letter to
select. To change values, type in the val ue a nd pr ess ENTER. If the value
is invalid, the AP beeps and re stores the original value. Press TAB to
scroll to next menu item.

• The bottom line on the menu enables menu/screen changes to take
effect. Press TAB to scroll to the item and press ENTER to select.

• When changing values s uch as System Name or System Passwords,
accept value s by sc rolling to the next f ield or pressing E NTER.

• Some screens use function keys to initiate commands. For example,
statistic screens include

refresh-[F1] and Timed-[F2] commands to

update the display.

• Some options listed at the bottom of screens indica te possible
commands for a selected item. For example, in the Known APs screen,
highlighti ng an AP on the list and pressing the [F1] ke y bri n gs up the
Ping function to Ping that AP.

• Press ESC to exit from submenus.

AP-4100 Series Access Point Product Reference Guide 51

Configuring the AP

Administration screens include options for saving or clearing data that
appear on the bottom line of the screen. Con f irmation prompts in clude
the following:

OK Registers settings but does not save them in NVM

(nonvolatile memory). A reset command returns to

previously saved settings.

Save Saves all settings (including ones not on that screen) to

NVM. This is the same as Save Configuration in the Special

Functions screen.

Save ALL APs Saves the AP installation configuration information to all APs

with the same Net_ID (ESS)

. This option saves the

configuration ch anges for the current AP on the Known APs
table to update their configuration and reset after the
configuration ha s be e n modified. Users can perform this
option only among the same hardware platforms and same
firmware versions.

Cancel Does not register settings changed in a screen.

2.2.1 Entering Admi n Mo de

The UI defaults to User when in Serial mode allowing read-only access to the
APs functions (e.g., view statistics). Enteri ng Admin mode provi des access to
configuration menus and allows the user to configure the AP.

Entering Admin mode requires the administration password.

1. Select Enter Admin Mode from the Main Menu. The AP prompts for the
administration password:

Enter System Password:

2. Type the default password:

Symbol

The password is case-sensitive.

52 AP-4100 Series Access Point Product Reference Guide

– If the password is correct, the AP displays the Main Menu with the

Enter Admin Mode menu item changed to Exit Admin Mode.

– If the password is inc or r e c t, the AP continues to display th e Main

Menu with the Enter Admin Mode menu item.

Set the System passwords in the Set System Configuration screen.

2.2.2 Changing the Access to the UI

To prevent unauthorized Telnet access, change the configuration access to
the UI. This includes en ab ling or disabling the Telnet Logins or changing the
System Passwords.

To change Telnet access to the AP:

Configuring the AP

1. Select Set System Configuration from the Main Menu.

2. Select Telnet Logins.

3. Press the SPACE BAR or LEFT/RIGHT-ARROW keys to toggle between

Enabled and Disabled.

4. Use the T AB key to highlight the SAVE function and press ENTER or press
to save.

[F1]

5. The system prompts “Are you sure (Y/N)?” Type Y.

To change the system passwords:

1. Select Set System Configuration from the Main Menu.

2. Press TAB to select System Password Admin or press [F4].

AP-4100 Series Access Point Product Reference Guide 53

Configuring the AP

3. The Change System Passwords screen displays:

Symbol Access Point

Change System Passwords

User Password *******

Admin Password *******

Save-[F1] Cancel-[ESC]

Password for user access(Monitor only)

4. Change the passwords using the following parameters:

User
Password

Allows the user to only monitor or view the screens.
Select any alphanumeric, case-sensitive entry up to
13 characters, the characters sele cted are displayed
as asterisks. The default password is Symbol.

Admin
Password

Allows the user to view and change the parameters
on each screen. Select any alphanumeric, case­sensitive entry up to 13 characters , the characters
selected are displayed as asterisks. The default
password i s Sy mbol.

5. Select OK or Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

6. The system prompts “Are you sure (Y/N)?” Type Y.

7. Select Cancel or press [ESC] to disregard any changes made to this
screen and return to the previous menu.

54 AP-4100 Series Access Point Product Reference Guide

2.2.3 Configuring for Dial-Up to the UI

A dial-up connection requires a straight-through cable between the modem
and the AP. The remote PC requires a modem and a communicat i on
program (e.g. Microsoft Windows Terminal program ) .

Refer to Appendix B for information on the modems supported by the AP.

1. Set Modem Connected to Yes in the System Configuration screen.

2. Attach a straight-through serial cable from the AP to the modem.

3. Verify the modem connects to the telephone line and has power.
Refer to the modem documentat ion for information on verifying

device powe r.

Configuring the AP

4. From the remote terminal, start the communication program.

5. Select the corr ec t se rial port along with the follo wing parameters.

emulation ANSI
baud rate 19200 bps
data bits 8
stop bits 1
parity none
flow control none

6. Dial out to the AP with the correct telephone number.
No password is required.

AP-4100 Series Access Point Product Reference Guide 55

Configuring the AP

7. Press ESC to refresh the display. The AP displays the Main Menu.

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

2.2.4 Navigating the UI Using a Web Browser

Refer to the online help file for information on Web Browser navigation and
basic functionality. For file download instru ctions and the associated file(s)
refer to the Web page:
(http://www.symbol.com/services/downloads/download_spec24.html
select Spectrum24® – 11 Mbps DS Firmware, Software, Drivers, Tools

and....

) and

2.3 Access P oint Installation

The AP UI includes an AP Installation screen to set basic parameters for a
Spectrum24 networ k. These pa rameters include designating a ga teway
address that provides the ability to forward messages across routers on the
wired Ethernet .

To install an AP:

1. From the Main Menu select Enter Admin Mode. The system displays

Enter System Password:

2. Enter the default password (unless the password has been changed):

Symbol

56 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

3. Select AP Installation from the Main Menu:

Symbol Access Point

MAIN MENU

Show System Summary AP Installation

Show Interface Statistics Special Functions

Show Forwarding Counts Set System Configuration

Show Mobile Units Set RF Configuration

Show Known APs Set Access Control List

Show Ethernet Statistics Set Address Filtering

Show RF Statistics Set Type Filtering

Show Misc. Statistics Set SNMP Configuration

Show Event History Set Event Logging Configuration

Enter Admin Mode

4. Verify the AP parameters reflect the netwo rk environment. Chan ge them
as needed.

5. Press TAB to scroll to the item and press ENTER to select.

Symbol Access Point

Access Point Installation

.Country Config-[CR] United States

Unit Name Symbol Access Point

.Additional Gateways

IP Address 157.235.95.174

0.0.0.0

.Gateway IP Address 0.0.0.0 0.0.0.0

0.0.0.0

.Subnet Mask 255.255.0.0 0.0.0.0

0.0.0.0

.DNS IP Address 0.0.0.0 0.0.0.0

0.0.0.0

.Net_ID (ESS) 101

.Additional DNS

.Antenna Selection Full Diversity

0.0.0.0

.DHCP/BOOTP Enabled 0.0.0.0

OK-[CR] Save-[F1] Save All APs-[F2] Cancel-[ESC]

(Most parameters take effect only after being saved and AP is reset)

AP-4100 Series Access Point Product Reference Guide 57

Configuring the AP

If this is the first time the AP has been installed or has been moved to a new
country, verify that the proper cou ntry specific code is entered for the AP.
Refer to Append ix D fo r a lis t of s up ported country cod es.

Verify that the proper country specific code is entered for the AP to conform to
the set of rules defined in national or international regulations.

Where:
Country Config Configure the AP for the user’s country. This

item displays a list of coun try nam e s. Use the
TAB key to highlight the appropriate country
and press

ENTER. The AP di s p l ays Are You

Sure? Enter Y for yes. The display refreshes and

displays the new country. Prior to setting the
Country Config code, certain AP features are
not available. See Appendix D for AP country
code informati on.

Unit Name The AP name.
IP Address The network-assigned Intern et P rot oc o l add re ss

of the AP.

Gateway IP Address IP address of a rout er the AP uses on the

Ethernet as its default gateway.

Additional
Gateways

58 AP-4100 Series Access Point Product Reference Guide

The IP address of the a dditional gateways use d.
Access up to seven gateways.

Configuring the AP

Subnet Mask The first two sets of numbers sp ecify the network

domain, the next set specifies the subset of
hosts within a larger network and the final set
specifies an individual computer. These values
help divide a network into subnetworks and
simplify routing and data transmission. The
subnet mask defines the size of the subnet.

DNS IP Address Primary Domain Name Server IP address.
Additional DNS Th e IP address of th e additi onal DNS ser vers

available. A maxim um of two additiona l DNS
servers are available.

Net_ID (ESS) The unique 32-character, alphan umeric, case-

sensitive wireless network identifier of the AP.

Antenna Selection Enables selection of antenna diversity. Options

are:

• Full Diversity
– the radio receives on the primary or

secondary antenna (which ever has the
best signal strength) and transmits on
the last antenna it re ce ived on.

• Primary only
– the radio transmits and receives on the

primary ante nna only.

• Secondary only
–the radio transmits and receives on the

secondar y antenna only

• Rx Diversity
– the radio receives on the primary or

secondar y antenna (which e ver has the
best signal strength) and transmits on
the primary only.

AP-4100 Series Access Point Product Reference Guide 59

Configuring the AP

Additional
Gateways

The IP address of the a dditional gateways use d.
Access up to seven gateways.

DHCP/BOOTP Enables or Disables selection of DHCP/BOOTP.

The options are:

• Enabled
– DHCP and BOOTP interoperate,

whichever response the AP selects first
becomes the serve r all ocating the
information.

• DHCP Only
– Only DHCP responses will be accepted

by the AP.

• BOOTP Only
– Only BOO TP responses will be accepted

by the AP. If both DHCP an d BOOTP
services are required, do no t selec ted

BOOTP Only.When BOO TP is enab le d, the

access point ACL and configuration file
(cfg.txt) are uploaded.

• Disabled
– Disables BOOTP and DHCP; networ k

configuration is manu ally entered.

5. In the Antenna Selection field, use the SPACE BAR or LEFT/RIGHT­ARROW keys to toggle between

, or Rx Diversity....

Only

Full Diversity,

, Primary Only,,,, Secondary

,,

6. Select OK or Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

7. Select Save ALL APs or press [F2] to save the AP installation
configuration information to all APs with the same Net_ID (ESS).
This option saves the configuration changes for the current AP on the
Known APs tabl e to update their configuration and reset after the

60 AP-4100 Series Access Point Product Reference Guide

configuration ha s be e n modified. Users can pe rform this option only
among the same hardware platforms and firmware version.

8. The system prompts Warning Update, save, and reset all APs in the Known AP Menu?

yes no

Type Y.

9. Select Cancel-[ESC] t o di sr egard any changes made to this screen and
return to the p r e vious menu.

2.4 Configuring System Parameters

The AP provides configuration options for ho w t he unit op er ates,
including security access and interface control. Some parameters do not
require modi fi cation.

1. Select Set System Configuration from the Main Menu to display:

Symbol Access Point

System Configuration

Channel 9 .Access Control Disabled

Auto Channel Select Disabled .Type Filtering Disabled

.Ethernet Timeout 0

WNMP Functions Enabled

.Telnet Logins Enabled .AP-AP State Xchg Enabled

Configuring the AP

.Encryption Admin Any Ethernet Interface On

RF Interface On

.Agent Ad Interval 0

.S24 Mobile IP Disabled Default Interface Ethernet

.Mobile-Home MD5 key *******

.MU-MU Disallowed Off

.Web Server Enabled

Modem Connected No

Configure Kerberos-[F3] Inactivity Timeout 5

System Password Admin-[F4]

OK-[CR] Save-[F1] Save All APs-[F2] Cancel-[ESC]

Save, then reset AP for new value to take effect.

AP-4100 Series Access Point Product Reference Guide 61

Configuring the AP

Once the country has been configured (Country Config) on the AP
Installation screen the channel can be set manually or automatically.

2. Configure the AP system settings as required:

Auto Channel
Select

Normally run once during initial install ation.

1. Power up the AP and select Auto Channel

(ACS). Press <spacebar> or

Select

<-/-> to enable or disable. To save

configuration, sel ect

F1.

2. On the next power up, the AP s cans all
channels and selects a non-overlapping

channel with the fewest APs. The AP saves
the channel in FLASH (the power LED
flashes during this process) and turns off

ACS. The AP flashes its LEDs as if powering
up and returns to a STATUS-flashing state
when complete .

Non-overlapping channel s have 25Mhz
separation beginning at the first allowed channel
for the countr y ( f or the US and most of Europe,
channels 1, 6 & 11 are used). The channel
selection process groups all APs heard over RF
into non-overlapping bands. Then compares the
quantities of A Ps with received signal strengths
above the average signal strength. Ties are
broken based on the AP's MAC address.

62 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

Ethernet
Timeout

Disables radio inte rf ace if no activity is de te ct e d
on the Ethernet line after the seconds indicated

30-255). The AP disassociates MUs and prevents

(
further associations until it detects Ethernet activity.
The default value

0 disables this feature . The 1

value detects if the 10/100Base-T line goes down.
If the value is set to 2 and the WLAP has

connected to th e Roo t AP, the WLAP sends a WLAP

Alive BPDU on the Ethernet line every WLAP Hello
Time seconds to allow WLAPs on the Ethernet line

to detect its e x is te nce.
If the value is set to 3, the WLAP tracks the WLAP

Alive BPDU. If the BP DU is missi ng for WLAP Hello
Time seconds, the WLAP state changes to WLAP
Lost on Ethernet. Once the WLAP Alive BPDU is

detected, the WLAP resets an d sta rts over.
When the Ethernet connection is broken the AP

clears the MU table and disabl es th e RF interface
until the Ethernet connection comes up.

Telnet Logins Specifies if the AP accepts or rejects Telnet Logins.

The default value is

AP-4100 Series Access Point Product Reference Guide 63

Enabled.

Configuring the AP

Encryption
Admin

Indicates which inter f ace can change the
encryption keys and the encryption key index.
Without admin privileges users cannot access the
encryption maintenance page to change the
encryption keys.

Any allows user s with admin privileges to change

encryption keys through any interface.

Serial allows users with admin privileges to

change this par ameter and encrypti o n k e ys on ly
through the Serial port.

See section 2.4.1 “Encryption Administration ” on
page 67 for all AP encryption administration
parameters for all interfaces (Serial, Te lne t , HTM L
Web browser and SNMP).

Agent Ad
Interval

Specifies the interval in seconds between the
mobility agent advertisement transmission.

S24 Mobile IP If enabled, this feature allows MUs to roam

across routers.

Mobile-Home
MD5 key

MU-MU
Disallowed

Inactivity
Timeout

Modem
Connected

Secret key used for Mobile-Home registration
and authent ication.

If enabled, mobile units associated with the same
AP are not allowed to co mmunicate with eac h
other.

The inactivity time on the UI that causes the AP to
terminate the connection while using a m od em .
The default is

5 minutes from a 0 to 100-minute

range.
The

0 value indicates no time-out.

The default setting is No. Set to Yes when using a
dial-up conf i guration.

64 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

Web Server Enables the use of a W eb based browser to access

the UI.
An AP Reset is requ ire d for this feature to take
effect.

Configure
Kerberos

System
Password
Admin

Access
Control

Allows the user to enable and con f igu re Kerberos
authentication.

Allows the user to change the passwords for the
AP. This screen can be accessed on l y when the AP
is in Telnet mode.
Serial mode provides read-only pr ivileges and
does not allow the user to view this screen.

Allows the user to set one of three Access Control
modes: Disabled, Allowed, or Disallowed.

• When Disabled (default) is selected, no filtering
is performed.

• When Allowed is selected, only MAC addresses
specified in the Access Control List are allowed
to associate with the AP.

• When Disallowed is selected, on ly MAC
addresses not specified in the Disallowed
Addresses List (Address Filtering) are allowed
to associate with the AP.

Type Filtering Specifies filter type for packets received either

WNMP
Functions

AP-AP State
Xchg

AP-4100 Series Access Point Product Reference Guide 65

Forward/Discard or Disabled.
The default value is

Disabled.

Specifies if the AP can perform WNMP functions.
The default value is

Enabled.

Specifies AP-to-AP comm u nication exchanged.

Configuring the AP

3. To enable or disable interfaces on the AP, modify the following
parameters:

Ethernet
Interface

Enables or disables wir ed Et her net.

The default value is On.
RF Interface Enables or disables radio. The default value i s On.
Default Interf ace Specifies the default inter fac e (Ethernet, WLAP or

Reserved) that the AP forwa rds a frame to if the AP

cannot find th e a dd ress in its forwardin g database.

The default interface is Ethernet. The AP defaults to

Ethernet when Reserved is selected.

4. Verify the values set reflect the network environment.
Change as needed.

5. Select OK or Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

6. Select Save ALL APs or press [F2] to save the System Configuration
information to all A Ps wit h the same Net_ID (ESS).
This option saves the configuration changes for the current AP, sends two
WNMP messages to all ot her AP s on the Known AP s table to up date the ir
configuration an d re se ts aft e r the configuration has been modified.
Users can perform this option only among the same hardware platforms
and firmware version.

7. The system prompts Warning Update, save, and reset all APs in the Known AP Menu?

yes no

Type Y.

8. Select Cancel-[ESC] t o di sr egard any changes made to this screen and
return to the p r e vious menu.

66 AP-4100 Series Access Point Product Reference Guide

2.4.1 Encryption Administration

The ability to change , vie w or re st ric t ac ce ss to e ncryption administra tion
settings depends on the
options for this param e te r are
configurable via the Serial UI located in the System Configuration screen.
The Encryption Admin parameter effects all interfaces supported by the AP
(Serial, Telnet, HTM L Web browser and SNMP). The ta b l es in this secti on are
useful for determi ning the access level (to encryption parameters) avai lable
to the user through each type of interface. For example, if the

configuration parameter is selected (in the Syste m Configuration

Admin

screen) the user (with admin privileges) sets the option to
can View/Modify (through the Serial UI) and can View Only through the
Telnet UI.

Encryption Admin configuration parameter. T he

Configuring the AP

Serial and Any. These options are

Encryption

Serial. The user

A Telnet client can change the setting from Any to Serial. Once set to Serial,
Telnet has no access to this parameter. When the
configuration parameter is set to

Any, WEP Encryption configuration is

Encryption Admin

allowed on all interfa ce s .

AP-4100 Series Access Point Product Reference Guide 67

Configuring the AP

Encryption Parameters for Telnet and Serial Interfaces

Parameter Access Method Interface Serial

Encryption Admin System Configuration

Screen

WEP (Privacy) RF Configuration

Screen

WEP Algorithm RF Configuration

Screen

Encryption Key ID RF Configuration

Screen

Encryption Key

Maintenance

RF Configuration

Screen

Telnet/Serial

View/Modify
Telnet/Serial

View/Modify
Telnet/Serial

View/Modify
Telnet/Serial

View/Modify
Telnet/Serial

Modify

Serial UI - View/Modify

Telnet UI - View Only

Serial UI - View/Modify

Telnet UI - View Only

Serial UI - View/Modify

Telnet UI - View Only

Serial UI - View/Modify

Telnet UI - View Only

Serial UI - Modify

Telnet UI - No Access

Encryption Parameters for Web Interface

Parameter Access Method Interface Serial

WEP Algorithm Configuration - Security Setup View/Modify View Only
Encryption Key Configuration - Security Setup View/Modify View Only

Encryption

Key Setup

Configuration - Security Setup Modify Only No Access

Encryption

Administration

WEP (Privacy) Configuration - Security Setup View/Modify View Only

68 AP-4100 Series Access Point Product Reference Guide

Configuration - Security Setup View Only View Only

Configuring the AP

Encryption Parameter Ac cess for SNMP Interface

Parameter Access Method Interface Serial

apEncryptAdmin s24dsap.mib -

apConfigMgmt -

apSystemConfig group

apWEPAlgorithm s24dsap.mib -

apConfigMgmt -

apRFConfig group

ap128WEPKeyValue

(1..4)

dot11PrivacyInvoked 802dot11.mib -

dot11Authentication

Algorithm

dot11Authentication

AlgorithmEnable

s24dsap.mib -

apConfigMgmt -

ap128WEPKeyTable

dot11smt -

dot11PrivacyTable

802dot11.mib -

dot11smt -

dot11Authen..Algorit..

Table

802dot11.mib -

dot11smt -

dot11Authen..Algorit..

Table

View Only View Only

View/Modify View Only

Modify On l y No Access

View/Modify View Only

View Only View Only

View Only View Only

dot11WEPDefaultKey

Value

AP-4100 Series Access Point Product Reference Guide 69

802dot11.mib -

dot11smt -

dot11WEPDefualtKey

Table

Modify On l y No Access

Configuring the AP

Manual Kerberos Authentication Configuration

The Configure Kerberos Authentication screen allows the network
administrator to change or verify the AP parameters for Kerberos
authentication. If a DHCP server is not available use the Configure Kerberos
Authentication screen to manually configure and enabl e Kerberos, save and
reset the AP. If an optional KSS has be en installed on the Kerberos server,
resetting the AP allows th e K S S to com ple t e the Kerberos configuration and
start the Kerberos authentication services. If a DHCP server is available
enable Kerberos using DHCP server options found in section 1.3 .3: ”DHCP
Support” on page 16. These options can enable Kerberos on the AP, and
setup the KDC name, KSS name and port number.

Configure the AP through a direct serial connection. Disabling Kerberos
returns (Kerberos
services to their previous setting. If an AP c annot be accessed through a serial
connection and SNMP is not configured fo r rea d/ w rit e , us e DHCP
option 131.

Disabled is the default setting) Telnet, SNMP, and Web

1. To access and enable the Kerberos configuration, select Configure

Kerberos-[F3]

from the System Configuration Menu. The Configure

Kerberos Authentication screen displays:

Symbol Access Point

Configure Kerberos Authentication

Kerberos Enabled

KDC Server Name/IP Address krbtgt

Backup KDC Name/IP Address kdc2

Realm Name APFW.SYMBOL.COM

User ID ap

Password *******

KDC Timeout 2

OK-[CR] Save-[F1] KSS Setup (Optional)-[F3] Cancel-[ESC]

Enable Kerberos

70 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

2. Verify the KDC name.
The MU does not display the Kerb er os log i n password screen if the

wrong KDC name is entered in the AP Authentication screen.

3. Verify the User ID matches the ESSID.

4. Verify the Password matches the password in the KDC and AP.

Kerberos Allows the use r to enable Kerberos au thentication.

Default setting is

Disabled.

KDC Server

Name of the Kerberos Setup Service for the AP.

Name
Backup KDC

Name of the backup Kerberos Setup Service for the AP.

Server Name
Realm Name The Kerberos Realm Na me

(simila r to a DH CP domain name).

User ID The KDC user ID the AP uses to authenticate (ESSID of the

AP and the Kerber os Principal).

Password The KDC password the AP uses to authentic ate
KDC Timeout The maximum wait time (in seconds) for a response from

the KDC.

5. Select OK or Save to re gis ter s ett ings by writi ng c hange s t o NVM. Se lect ing

Save displays a confirmation prompt.

6. Select KSS Setup Optional-[F3] if using KSS to implement Kerberos.

AP-4100 Series Access Point Product Reference Guide 71

Configuring the AP

Symbol Access Point

Configure Kerberos Setup Server

***If using a KSS, please configure the following items

KSS Port 34567

KSS Secret *******

KSS Name/IP Address ksssrv

OK-[CR] Save-[F1] Cancel-[ESC]

KSS Port The TCP number the AP uses to transmit and

communicate with the KSS.

KSS Secret Shared se cret key us ed with KSS to generat e an Encrypt ion

key. Allows the us e r to change the default Encryption key.

KSS Name/IP
Address

Name/IP Address of the Kerberos Setup Service for the
access point.

7. Select Cancel-[ESC] to disregard any changes made and return to the
previous menu.

72 AP-4100 Series Access Point Product Reference Guide

2.4.2 System Password Administration

This screen allows the network administrator to configure the passwords for
the AP. The user password allows the user to Telnet into the AP or use the
serial port and have read-only privileges. Accessing the UI in an Admin
mode session through th e s e rial port the session does not time-out.

Entering the Admin mode with Telnet and Serial Port interfaces enabled
allows the Admin mode on both interfaces. This can cause a security breach
if a user, without admin privileges, Telnets into the AP while the admin
security level is enabl ed.

1. To access and change the System Pa sswords, selec t System Password

Admin-[F4]

Passwords screen displays:

from the System Configuration Menu. The Change System

Configuring the AP

Symbol Access Point

Change System Passwords

User Password *******

Admin Password *******

Save-[F1] Cancel-[ESC]

Password for user access(Monitor only)

AP-4100 Series Access Point Product Reference Guide 73

Configuring the AP

2. Change the passwords using the following parameters:
User Password Allows the user to monitor or view the screens. Select

any alphanumeric, case-sensitive entry up to 13
characters, th e characters selected are displ ayed as
asterisks. The default password is

Symbol.

Admin
Password

Allows the user to view and change the parameters
on each screen. Select any alphanumeric, case­sensitive entry up to 13 characters , the characters
selected are displayed as asterisks. The default
password is

Symbol.

3. Select Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

4. Select Cancel-[ESC] to disr egard any changes made to th is screen and
return to the p r e vious menu.

74 AP-4100 Series Access Point Product Reference Guide

2.5 Configuring Radio Parameters

The AP automatically configures most radio paramet e rs . Only advanced
users, Symbol trained users or Symbol representatives should adjust the
radio parameters for the AP, the options in the RF Configuration screen or
fine-tune the radio and WLAP functions.

1. Select Set RF Configuration from the Main Menu to display:

Symbol Access Point

RF Configuration

.DTIM Interval 10 WLAP Mode Disabled

.BC/MC Q Max 10

.Max Retries (d) 15 WLAP Priority 8000 hex

.Max Retries (v) 5 WLAP Manual BSS ID 00:00:00:00:00:00

.Multicast Mask (d) 09000E00 hex

.Multicast Mask (v) 01005E00 hex WLAP Hello Time 20

.Beacon Interval 100 K-us WLAP Max Age 100

.Accept Broadcast ESSID Enabled WLAP Forward Delay 5

.MU Inactivity Timeout 60 min. WLAP MU Table Aging Time 240 min.

.Rate Control

11 Mb/s Optional .Shared Key Enabled

5.5 Mb/s Optional .Key Width 128 bit

2 Mb/s Optional .Encryption Key ID 1

1 Mb/s Required .Encryption Key Maintenance

.RTS Threshold 2347 bytes .BlueTooth Coexistence 0 ms

.Extended Range 0 mi.

.Short RF Preamble Disabled

.Tx Power Control Full

Configuring the AP

OK-[CR] Save-[F1] Save All APs-[F2] Cancel-[ESC]

The frequency of DTIM packets as a multiple of TIM packets. Range(1..255)

CCA Mode and CCA Energy Threshold are not user configurable parameters. The

AP -4121 model access point RF Configuration screen is slightly different from
the AP-4111 model access point RF Configuration screen.

AP-4100 Series Access Point Product Reference Guide 75

Configuring the AP

The dot in front of c ertai n para meter s, fu nctio ns or opti ons (f or e xampl e .Rate

Control

) indicates these items up date to all APs with the sa me Net_ID (ESS)
when choosing the Save ALL APs-[F2] option. Users can perform this option
only among the same hardware platforms and same firmware versions.

2. Configure the settings as required:

DTIM Interval Configure DTIM packet frequency as a multiple of

beacon packets. The DTIM Interval indicates how
many beacons equal one cycle. Users should not
modify this setting or risk damaging the
configuration.

BC/MC Q Max Determines the memory allocated for the queue

used in the AP to temporarily hold broadcast/
multicast messages. Unit measure is in packets and
corresponds to maximum-sized Ethernet packe ts .
The default is

10.

Reassembly
timeout

Sets the time in 0.5 ms u nits befor e a time-out occur s
during a packet reassembly. P a c k et reasse mbly
occurs when a large RF packet is fragmented into
smaller wireless network packets. The default is

Max Retries (d) The maximum allowed retries before aborting a

single data packet transmiss i on. The default is

15.

Users should not modify this setting or risk
damaging th e co nfiguration.

Max Retries (v) The maximum allowed retries before aborting a

single voice packet transmission. The default is
Users should not modify this setting or risk
damaging th e co nfiguration.

9000.

5.

76 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

Multicast Mask
(d)

Supports broadcast download protocols for any MU,
typically Point-of-Sale terminals, requiring
the expedited dow nload of a new operatin g
image over the network instead of usin g a loc al
nonvolatile drive.

All multicast downstream data packets th at match
the top 32 bits o f the multicast ma s k a re fo rwarded
immediately instead of being queued for
transmission at the next DTIM interval.

Multicast Mask
(v)

Supports broadcast, or party-line, voice
communications. All multicast do wnstream data
packets that match the to p 32 bi ts of the multicast
mask are forwarded immedia te l y ins tead of being
queued for transmission at the next DTIM interval.

Beacon Interval The time between beacons in Kilo-microseconds.

The default is

100. Avoid ch an gin g t his pa r ame ter a s

it can adversely affect performance.

Accept
Broadcast ESSID

MU inactivity
Timeout

Allows the AP to respond to any stati on sending
probe packets with the industry-standard broadcast
ESS. If Enabled, this feature allows industry-standard
devices interoperability. The AP probe response
includes the ESS and info rmati on about the n etwork.
By default, this feature is Enab le d and the AP
responds on ly to stations that know the ESSID. This
helps preserve network security. MUs require using
Broadcast ESS to use this function.

Allows industry-standard device interoperability by
specifying the time the AP allows for MU inactivity.
A Spectrum24 AP recognizes MU activity through
data packet transmission and reception, and
through sca nning. Spectrum24 MUs co nduct active
scanning. Other ind ustry-standard MU s might
conduct passive scans and a Spectrum24 AP can
classify them as inactive.

AP-4100 Series Access Point Product Reference Guide 77

Configuring the AP

Rate Control De fi n e s th e dat a tr ansmission rate,

the defaults are:

• 11 Mbps - Optional

• 5.5 Mbps - Optional

• 2 Mbps - Required

• 1 Mbps - Required.
The defaults allow the AP to automatically select the

the best transmit rate allowed by the conditions.
These settings allow a mixture of
1 Mbps, 2 Mbps, 5.5 Mbps and 11 Mbps radios in
the same network.
Any combination of the data rates can be
selected as Optional, Required or Not Used,
but it is essential to set the lowest selected rate
to Required.
All IEEE 802.11 broadcast and management frames
are sent out on the lowest required data rate.

RTS Threshold Request to send threshold (256 – 2347). Allows the

AP to use RTS (Request To Send) on frames longer
than the specified leng t h.
The default is

2347 Bytes.

Extended Range Enables APs to bridge over long distances using high

gain antennas. The Extended Range setting adds 11
microseconds per mile to the ACK timeout value.
Should be used for cover age ar eas gr eater t han on e
mile. RF propagation through the air is abou t 5. 5
microseconds per mile (one way). Use 11
microseconds as a ro und -trip value per mile.

WEP (Privacy) Defines the WEP algorithm. Admin privileges are

required to make changes to this parameter.
The default is

Disabled.

78 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

WLAP Mode

Specifies the APs wireless-AP operat ion status.

Enabled

• t he AP sets up automatically for wireless
operation. The AP can operate in any of these
configuratio ns : W ire le s s , Rep e at e r or Ethernet
Bridge.

Disabled

• no wireless operation possible. Default setting.

Link Required. At power up:

• If the WLAP is the Root AP, an Ethernet connection
is required.

• If the WLAP is a designa ted WLAP, association to
the Root AP is required.

During normal operation:

• If the Ethernet conn ection is lost, the Root
AP resets.

• I f the WLAP association is lost, the designated
WLAP resets.

WLAP Priority Al lo ws a user to determine the Root and the

designate d WLAP i n wireles s operat ion. Conc atenat e
the priority va l ue as the most significant portion of
the MAC address. An AP with a lower numerical
value for priority is more likely to become the root AP.
The default is

8000 hex from the 0 - 0xFFFF range.

AP-4100 Series Access Point Product Reference Guide 79

Configuring the AP

WLAP Manual
BSS ID

WLAP Hello Time

Specifies the BSS_I D of a pa rticular WLAP
and forces the current AP to a s sociate only with that
WLAP.

If setting the WLAP Manual BSS_ID to the current
BSS_ID, the current AP jumps into Functional State
immediately an d waits for an Association Requ est
from the other WLAP. See section 3.8: ”Radio
Statistics” on page 161. This feature speeds up the
association p rocess and minimize s co nfu s ion when
more than two WLAPs try to ass o ciate with each
other.

Sets the time lapse, in seconds, between Config
BPDU packets sen t to the Root AP by a des ignated
WLAP. The default is

20 seconds.

If the Root AP fails to hear from the designated WLAP
within the WLAP Max Age time, it removes the
designated WLAP from its interface table.

WLAP Forward
Delay

The WLAP Hello Time of the Root AP overwrites the
WLAP Hello Time of designated WLAPs. The WLAP
Hello Time does not refer to the time lapse between

beacons sent by the Root AP. If a designated WLAP
fails to rec eive a beacon, it knows that its Root AP
has lost the Root status.

Specifies the time, in sec onds, t o preven t an AP fro m
forwarding da ta packets to and from an interface
during initialization. The WLAPs involved and the
wireless operation state, see section 3.8: ”Radio

Statistics” on page 161, aff ect the WLAP Forward
Delay time. This delay ensures that all WLAP nodes

are heard. The default is

5 seconds per wireless

operation state.
The WLAP Forward Delay of the Root AP overwrites

the WLAP Forward Delay of designated WLAPs.

80 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

WLAP Max Age

Defines the time interval, in seconds, before
discarding aged configuration messages. This
causes a disconnection between the two WLAPs. The
recommended valu e is a mult iple of the WLAP Hello
Time. The default is

100 seconds.

The WLAP Max Age of the Root AP overwrites the
WLAP Max Age of designated WLAPs.

WLAP MU Ta ble
Aging Time

Allowable WLAP Mobile Unit aging timeout in
minutes. The time out limit is from 1 to 86400
minutes. Defaul t is

240 minutes.

Shared Key Enabled or Disabled indicates whether or not the

secret key used by the KSS a nd access p oint (defi ned
in the Configure Kerberos Authentication window) is
currentl y being used.

Key Width Displays the encryption algorithm key width 40-bit

or 128-bit currently being used by the access point.

Encryption Key
ID

Allows the user to change the Active Key number.
Admin privileges are required to make changes to
this parameter. The default key ID is

1.

Reset the AP for the new key value to become the
active key.

Encryption Key
Maintenance

Allows the us er to create or change the values f or
each encryption key. Admin privileges are required
to make changes to this parameter.

BlueTooth
Coexistence

Allows users the ability to reserve a portion of the
access points transmission bandwidth exclusively for
BlueTooth terminal (low bandwidth) traffic. Default is
0 ms. If a value is en tered, the firmware generates
an event to interrupt the AP allowing BlueTooth
transmissions exclusively for the duration of the
interval.

AP-4100 Series Access Point Product Reference Guide 81

Configuring the AP

Short RF
Preamble

Determines whether the AP uses a short or long
preamble. The pre ambl e is appro xim atel y 8 by tes of
the packet h eader generate d by t he AP a nd at tached
to the packet prior to transmission.
The preamble leng th is transmission data ra te
dependan t . The s hort preamble is 50% shorter than
the long preamble.

This feature is only available on high rate DSSS
hardware. Non- high rate DSSS hard ware (e.g. the
BAY Stack 660) can not enable the short preamble
function and can not see, receive or acknowl ed ge
messages from short preamble enabled versi on 2.0
hardware. Disable this feature in a mixed hardware
network and use the long preamble. MUs and APs
are required to have the same Short RF Preamble
settings for intero pe rability.
The default is

Disabled.

Tx Power Control Allows the system admini strator to reduce the

coverage area to facilitate greater AP densit y
resulting in greater wireless network capacity.
Available setting s are :

Full (default), 30mW, 15mW, 5mW

and 1mW. These values are approximate.

3. Verify the values set to reflect the network environment.
Change them as needed.

4. Select OK or Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

5. Select Save ALL APs or press [F2] to save the RF Configuration
information to all A Ps wit h the same Net_ID (ESS).
This option saves the configuration changes for the current AP, sends two
WNMP messages to all ot her AP s on the Known AP s table to up date the ir
configuration an d re se ts aft e r the configuration has been modified.
Users can perform this option only among the same hardware platforms
and firmware version.

82 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

6. The system prompts Warning Update, save, and reset all APs in the Known AP Menu?

yes no

Type Y.

7. Select Cancel-[ESC] t o di sr egard any changes made to this screen and
return to the p r e vious menu.

AP-4100 Series Access Point Product Reference Guide 83

Configuring the AP

2.5.1 Wireless Operation Parameters

The AP supports up to four WLAP interfaces. Symbol recommends using one
WLAP as an interface on high traffic networks and no more th an two WLAPs
for low traffic networks. Excessiv e cha nnel contention causes the WLAP to
miss beacons from the Root APs shown in the example.

The Kerberos Encryption algorithm is not available when the acce ss point is
operating in WLAP mo de .

See section 4.9: ”LED Indicators” on page 182 for indication of AP status. If
more than two WLAPs operate in a repeater configuration, Symbol
recommends the WLAPs with the lowest WLAP IDs be placed on the wired
network.

To avoid forming a loop, per the IEEE 802.1d Sp anning Tree Protocol, the
Wireless WLAP associates with only one wired WLAP.

1. Set the default interface for AP A to Ethernet.

2. Set the d efault interfac e fo r AP B to Ethernet.

84 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

3. Set the default interface for AP C to WLAP.
This allows the MUs to roam and transmit data between AP B and C.

If an AP f unction s as a b ridge b etween wi red LAN s, Symb ol reco mmends on e
LAN contain all the lower WLAP ID s.

In WLAP mode, APs and MUs are required to have the same Preamble
settings for interoperability .

AP-4100 Series Access Point Product Reference Guide 85

Configuring the AP

To configure the AP for wireless operation:

1. Select Set RF Configuration from the Main Menu.

2. Configure the settings as required:
WLAP Mode Specifies the APs wireless-AP operation status.

Enabled

• the AP sets up automatically for wirele s s
operation. The AP can op e rate in any of
these configurations: Wireless, Repeat er or
Ethernet Bridge.

Disabled

• no wireless operation possible. Def ault
setting.

Link Required

At power up:

• If the WLAP is the Root AP, an Ethernet
connection is require d.

• If the WLAP is a designated WLAP,
association to the Root AP is required.

During normal operation:

• If the Ethernet connection is lost, the Root
AP resets.

• If the WLAP association is lost, the
designated WLAP resets.

WLAP Priority Allows a user to determine the Root and the

designated WLAP in wireless operation.
Concatenate the priority value as the most
significant porti on of t he MAC addr ess. An AP
with a lower numerical value for priority is more
likely to become the roo t AP. The default is
hex from the

0 - 0xFFFF range.

8000

86 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

WLAP Manual
BSS_ID

Specifies the BSS_ID of a particul ar WLAP and
forces the curren t AP to asso ci ate only with
that WLAP.

If setting the WLAP Manual BSS_ID to the
current BSS_ ID, the curren t A P jumps into
Functional State immediately and waits for an
Association Request from the other WLAP. See
section 3.8: ”Radio Statistics” on page 161.
This feature speeds up the association process
and minimizes con f usion when more than two
WLAPs try to associate wi th each other.

WLAP Hello Time Sets the time lapse, in seconds, between

Config BPDU packets sent to the Root AP by a

designated WLAP. The default is

20 seconds.

If the Root AP fails to hear from the designated
WLAP with in the WLAP Max Age time, it
removes the designated WLAP from its
interface table.

The WLAP Hello Time of the Root AP overwrites
the WLAP Hello Time of designated WLAPs. The
WLAP Hello Time does not refer to the time
lapse between beacons sent by the Root AP. If a
designat e d W L A P f ails to receive a beacon, it
knows that its Root AP has lost the Root status.

WLAP Max Age Defines time, in seconds, before discarding

aged configuration messages. This causes a
disconnection between the two WLAPs. The
recommended value is a multiple of the WLAP
Hello Time. The defau lt is

100 seconds.

The WLAP Max Age of the Root AP overwrites
the WLAP Max Age of designated WLAPs .

AP-4100 Series Access Point Product Reference Guide 87

Configuring the AP

WLAP Forward
Delay

Specifies the time, in seconds, to prevent an AP
from forwarding data packets to and from an
interface during initialization. The WLAPs
involved and the wirele ss operation state affect
the WLAP Forward Delay time (see section 3.8:
”Radio Statistics” on page 161). This delay
ensures all WLAP nodes are heard. The default
is

5 seconds per wireless operation state.

The WLAP Forward Delay of the Root AP
overwr i te s the WLAP Forward Delay of
designated WLAPs.

88 AP-4100 Series Access Point Product Reference Guide

2.5.2 Encryption Key Maintenance

The Encryption Key Main tenance screens allow the user to configure the
encryption keys used for the site ne two r k. The WEP Algor i th m used
determines which encryption K ey screen displays. To enable the Open Sy stem
option, select

This table shows the AP association capability with the selected
WEP Algorithm.

Disabled for WEP (privacy) on the RF Configuration screen.

Configuring the AP

AP Selected WEP
Algorithm

MU Selected WEP
Algorithm

Association Status

Open (disable) Open Associated
Open (disable) 40 No Association
Open (disable) 128 No Association
40 Open No Association
40 40 Associated
40 128 Associated, but ca nnot

transmit data
128 Open No Association
128 40 Associated, but ca nnot

transmit data
128 128 Associated

Each 40-bit encryption ke y is a subset of the re s pe ctive 128-bit e n cryption
key. The first 40 bits of each encryption key is the same for the respectiv e
40-bit and 128-bit encryption keys. When a 40-bit encrypti o n k ey is
changed the fi rs t 40 bits of the respective 128-bit key is also changed.
Consequently, when a 128-bit encryption key is changed the first 40 bits of
the 40-bit encryption key is changed. Moreover, configuring the encryption
Keys using the SNMP Trap Manager overrides the Key value(s) for the AP(s)
accessed by the SNMP Trap Manager.

Symbol provides a total of four Encryption Keys. Each key enables
encryption between the AP and an associated MU with the same encryption
Key and Key value.

AP-4100 Series Access Point Product Reference Guide 89

Configuring the AP

Two screens are availa ble , one for 40- bit encryption and on e for 128-b it
encryption.

Considerable care is requ ire d w he n assigning keys. Keys have to be in the
same order with the same value per key for the AP and MU to authenticate
data transmission using encryp ti on.

Example: An AP uses Key 1 with a value of 1011121314. The associated MU
requires the same

Key 1 to have the value of 1011121314.

To access the Encryption Key Maintenance screen determined by the
WEP algorith m ch osen, select

Encryption Key Maintenance from the RF

Configuration Menu.

Key values are displayed in plain text while being ent er ed. After saving the
keys are displayed as all zeros (default display is all zeros). Keys are saved
only if they are not all zeros.

40-Bit Encryption

If 40-bit encryption is the selected WEP Algorithm, this screen is displayed.

Symbol Access Point

Encryption Key Maintenance

.Key 1 * 00000 00000

.Key 2 00000 00000

.Key 3 00000 00000

.Key 4 00000 00000

NOTE: Keys have WRITE-ONLY access

* = Active Key

OK-[CR] Save-[F1] Save All APs-[F2] Cancel-[ESC]

90 AP-4100 Series Access Point Product Reference Guide

Configuring the AP

Each key has 40 bits availa b le to the user for configuratio n and are
displayed in two 20 -bit segments. The remaini n g 24 IV (initialization vector)
bits are factory set and not user configur ab le .

1. Select the desired key and enter the new value to change the Key value.

2. Verify and change the values set as needed to reflect the network

environment.

3. Select OK or Save to register settings by writing changes to NVM.

Selecting

Save displays a confirmation prompt.

4. Select Save ALL APs or press [F2] to save the Encryption Key

Maintenance information to all APs with the s ame Net_ID (E SS ) .

This option saves the configuration changes for the current AP, sends two
WNMP messages to all other AP s on th e Known AP s tabl e to update t heir
configuration an d re se ts aft e r the configuration has been modified.
Users can perform this option only among the same hardware platforms
and firmware version.

5. The system prompts Warning Update, save, and reset all APs in the Known AP Menu?

yes no

Type Y.

6. Select Cancel-[ESC] t o di sr egard any changes made to this screen and

return to the p r e vious menu.

AP-4100 Series Access Point Product Reference Guide 91

Configuring the AP

Key values are displayed in p lain text while being enter ed . Once saved, the
keys are displayed as all zeros (default display is all zeros).

128-Bit Encryption

If 128-bit encryption is the selected WEP Algorithm, this screen is displayed.

Symbol Access Point

Encryption Key Maintenance

.Key 1 * 00000 00000 0000 0000 0000 0000

.Key 2 00000 00000 0000 0000 0000 0000

.Key 3 00000 00000 0000 0000 0000 0000

.Key 4 00000 00000 0000 0000 0000 0000

NOTE: Keys have WRITE-ONLY access

* = Active Key

OK-[CR] Save-[F1] Save All APs-[F2] Cancel-[ESC]

Each key has 104 bits available to the user for configuration and are
displayed in two 20 bit segments and four 16 bit seg ments. The remaining
24 IV (initialization vector) bits are factor y set an d not user configurable.

1. Select the desired key and enter the new value to change the Key val ue.

2. Verify and change the values as needed to reflect the network
environment.

3. Select OK or Save to register settings by writing changes to NVM.
Selecting

Save displays a confirmation prompt.

4. Select Save ALL APs or press [F2] to save the Encryption Key
Maintenance information to all APs with the s ame Net_ID (E SS ) .

This option saves the configuration changes for the current AP, sends two

92 AP-4100 Series Access Point Product Reference Guide