Go Networks WLP-1100F-000 Outdoor Wireless LAN Access Point User Manual WHITE PAPER
Go Networks Inc. Outdoor Wireless LAN Access Point WHITE PAPER
UserManual.wiki
>
Go Networks
>
WLP 1100F 000 User Manual
users manual
Navigation menu
Upload a User Manual
Namespaces
Wiki Guide
HTML
PDF
Info
Views
User Manual
Discussion / Help
Navigation
![- Page 9 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. Table 2: Mounting Kit Part List First connect the ‘L’ adaptor [C] to the WLP unit. As seen in Figure 1, the ‘L’ adapter is connected using an M8 [E] bolt, a washer spring [H], and a flat washer [G]. You must connect the ‘L’ adaptor on its normal-hole side and not on it grooved side. Figure 1: Mount ‘L’ Assembly After preparing the unit with the ‘L’ adaptor, install the brackets. Assembly of the mounting brackets in a lamppost or a pole installation differs according to the width of the pole. Use two M8 bolts [D] with spring washers [H] to install the brackets onto narrow (1”–1.75”) and normal (1.75”–3”) poles, as illustrated in Figure 2. For poles larger than 3” in diameter, install the bracket using 13 mm width hose clamps (not supplied with the unit). Narrow pole1"-1.75" Normal pole1.75"-3" large poleGrater then 3"](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-11.png)
![- Page 10 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. Figure 2: Pole Bracket Assembly When mounting the WLP unit to a wall, use four 5 mm bolts to secure the bracket [A], using the holes seen in Figure 3. Wall-mounting bolts are not supplied with the unit. Wall mounting holes Figure 3: Bracket Wall Mounting After assembling the brackets, mount the WLP unit on to the bracket as seen in Figure 45. To accomplish this, use an M8 bolt [F] inserted to the grooved side of the ‘L’ adaptor, a flat washer [G], a spring washer [H] and a nut [I]. Figure 4: WLP Unit Mounting](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-12.png)
![- Page 18 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. By default, the channels are defined for use in a mixed mode. You can select a rate per channel for one of two states: g or mixed (a combination of g and b). The following CLI command syntax is used: configure interface dot11Radio 0 mode [g | mixed] Configuring Multiple SSIDs The SSID is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or sub-network can use the same SSID. Configuring the same SSID across multiple APs will enable the users to roam between them seamlessly. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. You can configure up to 16 SSIDs on your WLS. Each SSID has its unique privacy configuration and unique VLAN ID. VLAN-ID 0 represents no VLAN tag. Each SSID can be defined as either a Broadcast SSID (BSSID) or a hidden one. Passive scanning clients will not detect a hidden SSID, since it doesn’t transmit any beacon frames. Configuring multiple BSSIDs on the same interface is known as creating a Virtual Access Point. A Virtual Access Point is a logical entity that exists within a physical access point. When a single Physical AP supports multiple Virtual APs, each Virtual AP appears to stations to be an independent Physical AP, even though only a single Physical AP is present. Note: SSIDs, VLANs, and encryption schemes are mapped together on a one-to-one-to-one basis. One SSID can be mapped to one VLAN, and one VLAN can be mapped to one encryption scheme. Define the SSID parameters. This configuration stage is common to SSID to be used as primary (broadcast) or hidden. In the following example, three SSID’s are defined as GO-WLS1, GO-WLS2, and GO-HIDDEN, each with its own VLAN-ID, and no privacy. WLS> configure ssid 1 name GO-WLS1 vlan 0 privacy-method none type bssid WLS> configure ssid 2 name GO-WLS2 vlan 0 privacy-method none type bssid WLS> configure ssid 3 name GO-HIDDEN vlan 1 privacy-method none type hidden The next step is to apply the defined SSIDs for the interface: WLS> configure interface dot11Radio 0 ssid add 1 WLS> configure interface dot11Radio 0 ssid add 2 WLS> configure interface dot11Radio 0 ssid add 3](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-20.png)
![- Page 19 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. Enabling the Radio Interface By default, the WLP radio is disabled. You can, however, choose to enable it using the following CLI command syntax: configure interface Dot11Radio 0 [disable | enable ] Note: You can’t enable the wireless interface until at least one BSSID is attached to it. Configuring the WDS WDS protocol is used to support wireless backhauling and meshing of WLP and CPE units. WDS is supported over both the 2.4 GHz access radio and the 5 GHz backhaul radio. In the section below, the following terms will be used: i. Peer — A WDS unit. An AP, which support the WDS feature. j. Root — A peer that is connected to the Ethernet. k. Hop1 — A “non-root” peer that is connected to a root. l. Hop2/3 … — A “non-root” peer that is connected to a Hop1/2 … m. Parent-Child — Two peers which are defined by the WDS connection. The parent is the peer giving Ethernet access to the child peer. The WDS topology is based on a tree structure as illustrated in Figure 9, meaning, in a given time each peer has one Parent. Root has no Parent since it is the head of the tree. WMG and third party CPEs will normally connect at the bottom of the tree. Clients may connect to any AP in the tree.](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-21.png)
![- Page 21 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. WDS root configuration is controlled by: configure wds root [ true | false ] To display the current WDS configuration use: show wds params WDS is always used on the BH radio while the access radio can be configured to use as Access-only, pure backhauled, or mixed operation by the following command: configure interface dot11Radio 0 service [access | backhaul | both] To activate the automatic topology detection mode (meshing mode) the user has to enable this mode at both devices he wishes to connect and configure them to the same radio channel. Automatic WDS topology detection is currently supported on the BH radio or the access radio. Trying to configure both radios to automatic mode will result in an error message. To enable automatic mode use: configure interface [dot11radio | BHRadio ] 0 wds-auto-discovery enable Once automatic mode has been enabled, the route candidates can be viewed using: show WDS candidates The current parent, active children, and static-defined peers can be viewed using: show WDS nodes](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-23.png)
![- Page 22 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. To configure the WDS connection manually, use: configure wds add peer <MAC Address> Note: This command is used only for non-root WLP. Note: Manual configuration can result in network loops. The WDS connection can be protected by configuring the WDS privacy. The user must configure all the units he wishes to connect with identical privacy settings. WDS privacy is configured by: configure interface [BHRadio | Dot11radio] 0 wds-privacy { none | { wep key { 40 | 104 } < key hex(10|26) > } | { wpa passphrase < passphrase string(8-63) > } } For example, configuring WEP privacy for the BHRadio will use: configure interface BHRadio wds-privacy wep key 40 11:22:33:44:55 Configuring Authentication Types In the most common 802.1X WLAN environments, the WLP units defer to the Radius server to authenticate users and to support particular EAP authentication types. The Radius server handles these functions, and provides crucial authentication and data-protection capabilities according to the requirements of the EAP authentication type in use. The Radius client runs on the WLP device and sends authentication requests to a central Radius server, which contains all user authentication and network service access information. The Radius server is normally a multi-user system running Radius server software (such as developed by Microsoft or other software vendors). The wireless client device and Radius server on the wired LAN use 802.1x and EAP to perform mutual authentication through the WLP. 1. The Radius server sends an authentication challenge to the client. 2. The client uses a one-way encryption of the user-supplied password to generate a response to the challenge and sends that response to the Radius server. 3. Using information from its user database, the Radius server creates its own response and compares that to the response from the client. When the Radius server authenticates the client, the process repeats in reverse, and the client authenticates the Radius server. Configuring the Radius Client in the WLP](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-24.png)
![- Page 23 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. Your WLP must be configured to support the Radius server communication. At a minimum, you must identify the Radius server software and define the method lists for Radius authentication. Alternatively, you can define method lists for Radius authorization and accounting. Identifying the Radius Server WLP-to-Radius server communication involves several components: a. IP address b. Authentication destination port c. Accounting destination port d. Key string You should identify the Radius security server’s IP address and specific UDP port numbers. The combination of the IP address and the UDP port number creates a unique identifier. A Radius server and the access point use a shared secret text (key) string to encrypt passwords and exchange responses. You can configure the Radius client in the WLP by using the following command: configure radius-server [primary | secondary] [authentication | accounting] <port 1 – 65535> host <IP address> key <secret 5 – 64 string> enable Configuring Privacy Methods The privacy (encryption) scheme is configured per ESSID. Using WPA Key Management WiFi Protected Access (WPA) is a standards-based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward-compatible with the upcoming IEEE 802.11i standard. It includes two new data-confidentiality protocols (TKIP and AES-CCMP). WPA leverages TKIP and AES-CCMP (Temporal Key Integrity Protocol and Cipher Block Chaining Message Authentication Code Protocol) for data protection and 802.1X for authenticated key management. WPA1 and WPA2 offer a high level of assurance for end users and network administrators that their data will remain private and that access to their networks will be restricted to authorized users. WPA key management supports two mutually exclusive management types:](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-25.png)
![- Page 24 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. e. WPA-Extensible-Authentication-Protocol (WPA-EAP): Using WPA-EAP key management, the client and the authentication server authenticate each other using an EAP authentication method, and the client and server generate a Pairwise Master Key (PMK). f. WPA-Pre-shared key (WPA-PSK): Using WPA, the server generates the PMK dynamically and passes it to the WLP. Using WPA-PSK, however, you configure a pre-shared key on both the client and the WLP, and that pre-shared key is used as the PMK. You can configure the WPA key management in the WLP using the following command. configure privacy wpa { { < ssid integer(1-16) > [ passphrase < passphrase string(8-63)> ] [ key-mngmnt { eap | psk } ] } | { [ gtk-interval < interval integer(30-42949672) > ] [ data-encryption { tkip | aes } ] [ protocol { wpa1 | wpa2 | wpa2only } ] [ preauthentication { enable | disable } ] } } Saving the Configuration Once you have modified the existing configuration file, you should save it for future use. To do this, issue the following CLI command: copy running-configure startup-configure WLP Configuration Example WLP > configure ip address 192.168.30.102 255.255.255.0 WLP > configure ip default-gateway 192.168.30.254 WLP > configure interface dot11Radio 0 channel 1 WLP > configure ssid 1 name GO-WLP vlan 0 privacy-method none type bssid WLP > configure interface dot11Radio 0 ssid 1 add WLP > configure interface dot11Radio 0 mode mixed WLP > configure interface dot11Radio 0 enable WLP > copy running-config startup-config](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-26.png)
![- Page 25 of 31- All contents are Copyright © 2006 GO Networks, Inc. All rights reserved. Upgrading the WLP Software Periodically, new software upgrades are released in order to provide feature enhancements and maintenance. Following is one method you can use to update the software: g. Initiate the network download using a TFTP download server. Note: The WLP unit has two banks in the Flash memory (sw0, sw1). By default, the WLP will startup the software image from the sw1 bank. Initially, when you download the new software image, the older version is automatically transferred to sw0 bank, and the new software image is transferred to sw1 bank. Upgrade Example WLP> WLP> import image from tftp [IP ADDRESS] [File Name] WLP> show messages software-download Software download started. Verifying server and path. TFTP path OK. Flash erase started. Flash erase finished. Download started from 192.168.30.103 gapsw-1.3.5.11995-Beta-28.02.2006@180244.img. Download finished. Verification started. Verification passed. Writing to environment. Software download finished. Note: It is important to reload the system after upgrading the WLP software for the changes to be applied and the new software to become operational. You may need to copy a new image to the Flash memory whenever a new image or maintenance release becomes available.](https://usermanual.wiki/Go-Networks/WLP-1100F-000/User-Guide-708630-Page-27.png)
