Strix Systems ACCESS-ONE-21 802.11 a/g Wireless, Mesh Type Networking Device User Manual accessone userguide

Strix Systems, Inc. 802.11 a/g Wireless, Mesh Type Networking Device accessone userguide

Users Manual Part III

Access / One® NetworkManaging the Network 675Action Status ResultsThe following table defines the messages you will see in the Status column.Status DefinitionRunning There are no pending commands for this module and it is communicating with the network server.Link Lost Manager/One has lost contact with this module for more than one minute.Command Started Manager/One is attempting to execute the command.Command Sent SuccessfullyThe command was received by the module. Command Received The module acknowledged that the command was received.Command Executed SuccessfullyThe command was executed on the module.Command Not Sent Manager/One failed to send the command to the module.Command Sent Manager/One sent the command but the module did not respond.Command Failed The module received the command but failed to execute the command.
Access / One® Network68 Managing the Network5CommandsClicking on Commands in Manager/One’s toolbar generates a pull-down menucontaining all the commands that are available within the Manage function. Load Firmware on NetworkThis command allows you to load a new firmware image to each of the modulescontained in all network nodes within your Access/One Network. However, beforeyou can load a new image, your FTP server parameters must be established correctlyto let Manager/One know where to locate the new image (BIN) file.To establish the correct FTP parameters and load new firmware at the network level,go to “Updating the Firmware” on page 35.Reboot NetworkThis command reboots each module in all of the nodes within your Access/OneNetwork. Rebooting is required when network-level configuration changes aremade or a new firmware image is loaded.To monitor the progress of the reboot operation, the network server generates therequest in stages. When each module reports receiving the reboot command andsuccessfully reboots, the network server performs a final self-reboot. You canmonitor reboot progress reports with the View Action Status command.Whenever you initiate the Reboot Network command, the system warns you thatthis action will affect multiple devices on the network and asks you to confirm therequest. If you want to proceed, click on the OK button to initiate the rebootprocess, otherwise click on the Cancel button to abort the command.See also, “Important Note About Rebooting” on page 4.Update Node NamesThis command must be executed at the node level. Go to “Update Node Names” onpage 128.
Access / One® NetworkManaging the Network 695Update Network MembershipThis command must be executed at the subnet level. Go to “Update NetworkMembership” on page 69.Transfer System FilesThis command allows you to transfer network (cloud) or device (module)configuration files between the network and your assigned FTP server. This is auseful tool if you want to backup or restore configuration files. However, beforeexecuting this command your FTP server parameters must be set up correctly usingthe Firmware Updates command.When you choose the Transfer System Files command, Manager/One presents youwith options to upload configuration files from their source on the network (eithercloud or device) to your FTP server, or download configuration files from your FTPserver to their source.Figure 52. Transferring System FilesSelect either Device Configuration File or Cloud Configuration File from the pull-down list then click on the Download/Upload button to define the action you wantto initiate.If you need to reset your FTP parameters, click on the FTP Server: button, otherwiseclick on the Execute button. When asked to confirm the action, click on the OKbutton to begin transferring files, or click on the Cancel button to abort thecommand.
Access / One® Network70 Managing the Network5Remote Network ServerThis command allows to you include or exclude remote network servers.IncludeChoose this command to include a remote network server within your Access/OneNetwork—a static network server must be specified in Network Topology beforeexecuting this command. When prompted, enter the IP address of the server youwant to include then click on the OK button.Figure 53. Including Remote ServersExcludeChoose this command to exclude a remote network server from your Access/OneNetwork—you can only exclude a server that is already included in your network.When prompted, enter the IP address of the server you want to exclude then clickon the OK button.Figure 54. Excluding Remote Servers
Access / One® NetworkManaging the Network 715The Configure FunctionThis function provides you with the tools you need to configure your Access/OneNetwork at the network level and includes the following commands:◗System•User Login•Network Management–General–SNMP–Trusted IP Addresses•TCP/IP Settings•Network Topology•Priority/One - Class of Service•Radius Accounting•Syslog•Date and Time•Operating Environment•Firmware Updates◗Wi-Fi•Radio Parameters•Client Connect•Network Connect•Rogue ScanSystemThis area of Manager/One contains the primary configuration commands for yourAccess/One Network in the system environment. Any commands executed here areautomatically propagated across the network, so make sure the changes you initiateare changes that you want to apply to the entire network, otherwise go to “ManagingSubnets and Nodes” on page 125 or “Managing Modules” on page 131.
Access / One® Network72 Managing the Network5User LoginThis command displays the User Management window, allowing you to change thelogin password for users and enable/disable password encryption.Figure 55. Managing User LoginsThe following options are available with this command:◗User NameChoose a user name from the pull-down list. A valid user name is required toaccess the Web server interface within the network server module.◗PasswordEnter a meaningful password (between 5 and 32 characters) that you arelikely to remember. The password is case-sensitive.◗Confirm PasswordConfirm your password here otherwise the system will reject it.◗Password EncryptionCheck this box if you want Access/One Network to encrypt your password foradditional security.The default for the user name and the password is Admin (with acapitalized A) for both. We strongly recommend that you changethe default password immediately after your initial login.
Access / One® NetworkManaging the Network 735After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network ManagementGeneralThis command allows you to define the level of security for the various managementinterface options used to manage your Access/One Network, and provides optionsfor enabling or disabling SNMP Management and FTP server functionality.Figure 56. General Management Interface SecurityThe following options are available with this command:◗ShellChoose Clear & Secure to allow network management via an unsecuredTelnet connection and a Secure SHell (SSH) connection, or choose SecureOnly to restrict management to an SSH connection only. Alternatively, youcan choose None to prevent access from either option.
Access / One® Network74 Managing the Network5If you are allowing access via Telnet or SSH, enter a value—in seconds—inthe Shell Timeout field to define how long the connection will remain openduring idle periods. Setting the shell timeout value to 0 (zero) will disable thetimer and keep the session open, even when idle.◗WebChoose Clear & Secure to allow network management from your Webbrowser via HTTP (clear) and HTTPS (secure), or choose Secure Only torestrict management via a secure HTTPS connection only. Alternatively, youcan choose None to prevent all Web management access.◗CIMS (Cloud Infrastructure Management System)Choose Clear & Secure to allow network management via CIMS, wheresecurity levels are controlled automatically. Alternatively, you can define thesecurity level manually by choosing Secure Only or Clear Only.◗SNMP ManagementCheck this box to enable network management via an SNMP (SimpleNetwork Management Protocol) management console. Your Access/OneNetwork supports the 802.11 MIB (Management Information Base), as well asStrix proprietary MIBs. Any MIB I or MIB II compliant SNMP managementconsole (such as CiscoWorks or HP OpenView) can be used to manage yournetwork remotely.◗FTP ServerCheck this box to enable FTP server functionality (this box must be checked ifyou want to update your firmware or transfer system configuration files).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® NetworkManaging the Network 755SNMPThis command allows you to define the SNMP Communities, the SNMP System, andany specific SNMP Trap Managers. With SNMP enabled and the settings on thispage defined, your Access/One Network will support most common SNMPmanagement consoles.The system also supports Syslog (System Logging) via an SNMP manager (in parallelwith basic Syslog services) where Syslog text information is encoded in an SNMPtrap message and presented to the operator.SNMP (Simple Network Management Protocol is a standard protocol that regulatesnetwork management over the Internet. SNMP uses TCP/IP to communicate with amanagement platform, and offers a standard set of commands that make multi-vendor operability possible. SNMP uses a standard set of definitions, known as aMIB (Management Information Base), which can be supplemented with Enterprise-specific extensions. Strix provides its own proprietary MIBs. For more informationabout Strix MIBs, contact Strix technical support.Figure 57. Configuring Access/One Network for SNMP
Access / One® Network76 Managing the Network5The following options are available with this command:◗SNMP CommunitiesEnter your GET Community (read), SET Community (write) and TRAPCommunity in the corresponding fields. The defaults for these fields are:•GET Community: public•SET Community: netman•TRAP Community: public◗SNMP SystemEnter the Contact and Location information for the person managing yourAccess/One Network.◗SNMP Trap ManagersEnter a valid IP address for any SNMP Trap Manager you intend to use. TheSNMP Trap Manager you choose must be enabled, so ensure that theappropriate box is checked. If you have multiple SNMP Trap Managersassigned, you can delete a manager by clicking on the X icon associated witheach manager.◗TrapsChoose Open to expand the primaryelements of the SNMP Trap Manager tree.From here you can make managementselections by checking (or unchecking)the appropriate check boxes. Whenfinished making your selections, chooseClose to collapse the tree.After inputting data (or making selections), clickon the Update button to update this page, thenclick on the Apply Configuration tab topropagate your changes across the network. Ifnecessary, you can click on the factory default(FD) button in the toolbar to reset all data on thispage to its factory default state.Figure 58. Managing Traps
Access / One® NetworkManaging the Network 775Trusted IP AddressesThis command allows you to enable or disable the Trusted Mode and assign specifictrusted IP addresses. When this mode is enabled, only addresses assigned here willbe trusted by the network for management at any network module.Figure 59. Assigning Trusted IP AddressesThe following options are available with this command:◗Trusted ModeYou can only enable this option if you have added at least one trusted IPaddress. Once a trusted IP has been added, check this box to enable thetrusted mode (or uncheck the box if you want to disable this feature).◗IP AddressYou must add at least one IP address if you want to enable the trusted modefeature. To add an address, simply enter a valid IP address in this field thenclick on the Add button (the new address is listed below this field). You canadd as many trusted IP addresses as you want. To delete an address, click onthe X icon alongside the address, then confirm your request at the pop-updialog. However, if you have only one trusted IP address listed, you cannotdelete the address if the trusted mode is enabled—you must disable thetrusted mode before attempting to delete a sole trusted IP address.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® Network78 Managing the Network5TCP/IP SettingsThis command allows you to specify whether Access/One will obtain the DefaultGateway and DNS IP addresses automatically, or use pre-configured static IPaddresses.Figure 60. TCP/IP SettingsThe following options are available with this command:◗Default GatewayThe system is set up to use DHCP (Dynamic Host Configuration Protocol) toobtain the default gateway IP address automatically (default).When using wireless uplinks between nodes, Access/OneNetwork’s self-tuning feature requires that a default gateway and/or DNS is specified to determine delays to the host Ethernet.When DHCP is used across the network (default), specifyingboth of these will satisfy this requirement.
Access / One® NetworkManaging the Network 795◗DNS ServerChoose whether you want the system to use DHCP to obtain the DNS IPaddress automatically (default), or use a pre-configured static IP address. Ifyou choose the latter option, enter IP addresses for the primary andsecondary (if any) DNS server. DNS is used by your Access/One Networkmodules to lookup the names of various servers (for example, the RADIUSand FTP servers). You must specify a Domain Name when static IP addressesare used. This has the effect of appending the Domain Name to non-fullyqualified address requests (for example, the FTP server host name configuredas FTP123 will become FTP123.yourdomain.com).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network TopologyThis command allows you to define whether your Access/One Network will obtainits Master Network Server IP address automatically or use a pre-configured static IPaddress. It also provides you with the option of defining any static network servers.Figure 61. Network Topology
Access / One® Network80 Managing the Network5The following options are available with this command:◗Master Network Server ConfigurationEstablishing a master/slave relationship between network servers facilitatesefficient Wide Area Network management by reducing the amount of trafficbetween two subnets on the same network, as well as providing a singlenetwork server responsible for all Strix devices within its subnet. This featureenables a Master Network Server to be statically or dynamically assigned forevery subnet (even within the same network), which Manager/One users areredirected to if they try to log into a non-Master Network Server.The Master Network Server supports SNTP (Simple Network Time Protocol)and is responsible for sending out the correct clock for the subnet as part ofthe CIMS protocol. In this way, only the Master Network Server need derivethe clock from an independent stratum 1 or 2 clock source. If the MasterNetwork Server fails, your Access/One Network quickly detects the failure, atwhich point the network server with the next lowest IP address assumes therole of master. In this case, when the failed Master Network Server comesback online, it immediately re-establishes its role as master.Choose whether you want the system to obtain the Master Network Server IPaddress automatically (default), or use a pre-configured static IP address. Ifyou choose the latter option, enter a valid IP address in the appropriate field.◗Static Network ServersStatic network servers are added to bond subnets together, allowing you toconfigure and manage multiple subnets. You do this by starting with onesubnet and adding the Master Network Server IP addresses of other subnets totie them together. Enter the IP address of a network server module on another subnet (thedefault subnet mask is 255.255.255.255), then click on the Update button. toadd the server to a list. If you enter multiple static network servers, you mustclick on the Update button after each entry for your changes to take effect.To delete a static network server’s IP address, simply click on the X iconalongside the address.
Access / One® NetworkManaging the Network 815After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Priority/One - Class of ServiceThis command allows you enable and define Class of Service (CoS) filters toprioritize traffic throughout your Access/One Network. Supported filters include:◗VLAN◗IP TOS (Type of Service)◗IP ProtocolCoS filters establish separate queues for different priority streams based on the filtersyou define here. Data streams are then serviced according to their priority. Inaddition, this command allows you to enable or disable the SpectraLink® VoiceSupport feature.Figure 62. Priority/OneThe following options are available with this command:◗COS GlobalCheck the COS Prioritization box to enable COS filtering across the network,or uncheck the box to disable the COS filtering functionality.
Access / One® Network82 Managing the Network5◗Spectralink Voice SupportCheck the SpectraLink Radio Protocol box to enable the SpectraLink VoiceSupport feature across the network. This feature gives a controlled preferenceto voice packets over data packets, ensuring that all voice packets aretransmitted efficiently. Access/One Network prioritizes SpectraLink voicetraffic over user data traffic.◗Configured COS Priority Filter ListIf you want to add a specific COS filter, click on the Add COS Filter button todisplay the COS Filter Management window. From here, you can add Class ofService filters and establish priorities for each class.Figure 63. Adding COS FiltersFor each COS filter you add, you must click on the Update button to applythe change—you can only add one filter at a time. Each time you add a COSfilter, Manager/One returns you to the main Priority/One page where you willsee the new filter appended to a list. The list appears immediately under theAdd COS Filter button.
Access / One® NetworkManaging the Network 835To edit or delete an assigned filter that appears in the list, click on the filter togenerate the COS Filter Priority Settings window. From here you can edit ordelete filters. To delete a filter, click on the X icon next to the filter in thiswindow.Figure 64. Editing or Deleting COS FiltersAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Click here to delete
Access / One® Network84 Managing the Network5Radius AccountingThrough a wireless interface, your Access/One Network supports RFC 2866standard RADIUS (Remote Authentication Dial-In User Service) accounting,allowing customers with existing RAS Radius-parsing scripts/tools to leverage theirinvestment as well as customize their tools to extract all available statisticalinformation. This command allows you to configure up to two RADIUS accountingservers, set up an authorization port, and establish a secret key.Figure 65. Setting Up RADIUS Accounting ServersThe following options are available with this command:◗Server 1 (IP Address or Name)Enter a valid IP address or name for Server 1.◗Server 2 (IP Address or Name)If you require a second (backup) server, enter a valid IP address or name forServer 2. Server 2 is only used if Server 1 becomes unavailable.◗PortEnter the authorization port for the primary RADIUS server (Server 1) in thisfield. This is the port the system uses when authorizing users.
Access / One® NetworkManaging the Network 855◗SecretEnter a secret key in this field for the primary RADIUS server. During theauthentication process, the server and client exchange secret keys. The secretkeys must match for communication between the server and the client tocontinue. The secret key is a valuable and necessary security measure.◗Secret ConfirmConfirm your secret key in this field.◗Checkpoint IntervalCheck this box to enable a checkpoint interval, or uncheck this box to disablethis feature.◗Send EveryOnce an interval time (in minutes) is established in this field, the reportingmodule will send interim reports for each wireless device associated to it atthis interval period.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.SyslogAccess/One Network offers comprehensive Syslog (system logging) functionality,including the ability to monitor Syslog events. Logged events can be sent to multipleSyslog servers, though using more than one server can impact the system’sperformance. This command allows you to:◗Define your Syslog configuration parameters.◗Assign the Syslog (system logging) server IP address.◗Define the event logging destination (Command Line Interface, SNMP SyslogMIB, or a defined Syslog server IP address).◗Establish the reporting level for each Access/One Network function (security,wireless, management, and other).
Access / One® Network86 Managing the Network5To access the Syslog window, choose Syslog from the System pull-down menu in theConfigure function.Figure 66. Configuring Access/One Network for SyslogThe following options are available with this command:◗Syslog ConfigurationThis category allows you to define the Maximum Message Length, where thecharacter length of Syslog messages will be restricted to the number youdefine here. In addition, you can enable/disable the Detailed Format featurewhich determines the level of detail reported in each message, and alsoenable a feature that forces the system to Replace Spaces with Underscores inmessages.Server IP Address added hereReporting Levels
Access / One® NetworkManaging the Network 875◗Syslog ManagementEnter a valid IP address for the Syslog server, then click on the Add button toadd this server to the list of available Syslog destinations. You can addadditional servers, but assigning multiple servers may degrade the system’sperformance. Once you’ve assigned the server(s), choose the destination foryour event logging (CLI, SNMP Syslog MIB, and/or the Syslog server youassigned). The destination(s) you choose must be enabled, so ensure that theappropriate box is checked. If you have multiple IP addresses assigned, youcan delete an IP address by clicking on the X icon next to the IP address.◗Syslog CLI SubsystemSelect the reporting level for each function (security, wireless, management,and other) from the corresponding pull-down list. Your available choices are:•none•emergency•alert•critical•error•warning•notice•inform•allIf you select all from the pull-down list, this will include the debug level. Thedebug level will significantly increase (almost double) the number of Syslogmessages that are returned and significantly degrade performance. The debuglevel should not be used for routine Syslog monitoring. For more informationabout Syslog messages, see “Syslog Messages” on page 171.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® Network88 Managing the Network5Date and TimeThis command allows you to set the time zone, define daylight saving parameters,and choose between automatic time and manual time.Figure 67. Establishing the Correct Date and Time for Your EnvironmentThe following options are available with this command:◗Time ZoneSelect the time zone from the pull-down list that applies to the geographiclocation where your Access/One Network is operating. The default time zoneis Greenwich Mean Time (GMT).Figure 68. Time Zones
Access / One® NetworkManaging the Network 895◗Daylight Saving TimeThis option allows you to configure the Daylight Saving Time for your chosentime zone. Click on the Set Daylight Saving Time button to reveal theconfiguration window.Figure 69. Configuring Daylight Saving TimeChoose the month, week, day and year from the available pull-down menusfor both the Starting Time and Ending Time to establish your daylight savingtime. To apply your selections, click on the Update button in the Set DaylightSaving Time window (not the Update button on the main page). To remove alldaylight saving time settings, simply click on the Remove button. You canalso close this window without making changes (or even after makingchanges) by clicking on the Cancel button.◗Date and TimeThis option allows you to choose between Automatic Time and Manual timesettings:•Automatic Time (SNTP)SNTP (Simple Network Time Protocol) is an adaptation of the NetworkTime Protocol (NTP), used to synchronize computer clocks within theInternet. SNTP can operate in both unicast modes (point-to-point) andbroadcast modes (point-to-multipoint). It can also operate in IP multicastmode where this service is available. If you selected Automatic Time(SNTP), you must choose whether you want the system to use DHCP toobtain the SNTP Server IP address automatically, or use a pre-configuredstatic IP address. If you select the latter option, you must enter a valid IPaddress in the SNTP Server IP Address field.
Access / One® Network90 Managing the Network5With the Automatic Time (SNTP) option selected, the master networkserver transmits time/date synchronization packets periodically to Strixdevices using the Strix Time Distribution (STD) protocol. Stack controllersuse STD to adjust their own time and date. Time and date information isdistributed in Greenwich Mean Time (GMT), allowing each device toadjust for its own time zone. This allows Access/One Network to spanlarge geographic areas while maintaining time coherence.If SNTP is configured at the network level, the master network server willproxy the SNTP time requests on behalf of your entire Access/OneNetwork. The master network server effectively queries the SNTP serverperiodically and adjusts its own time/date accordingly. STD time/dateinformation is then sent to all Strix devices on the network. If the masternetwork server fails (for any reason), all Strix devices will then query theSNTP server individually.•Manual TimeChoose this option if you want to set the date and time manually. To dothis, simply make your selections from the pull-down menus provided forhour, minute, AM/PM, month and year, then click on the day of themonth on the calendar provided.Figure 70. Setting Manual TimeAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® NetworkManaging the Network 915Operating EnvironmentThis command is applicable to the IWS only. It displays the Fan Setting window andallows you to choose between a Low, Normal (Indoor) and Outdoor speed settingfor the node’s cooling fan. Choose Normal if the affected node is to be installed inan environment with a regulated temperature, otherwise choose High if theoperating environment is uncontrolled and prone to fluctuating temperatures and/orhumidity. Generally, the Normal setting is used for indoor applications while theHigh setting is used for outdoor applications. Only use the Low setting for nodeswith single radio configurations.Figure 71. Setting the Cooling Fan SpeedAfter inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Firmware UpdatesThis command allows you to set FTP parameters at the network level so that yourAccess/One Network knows where to find the new firmware (BIN) files. Proceduralinformation for updating your Access/One Network’s firmware has already beencovered in “Updating Firmware Across the Network” on page 37.If you are uncertain about your FTP server’s configuration parameters, consult withyour network administrator.
Access / One® Network92 Managing the Network5Wi-FiThis area of Manager/One contains the primary configuration commands for yourAccess/One Network in the Wi-Fi environment. Any commands executed here areapplied to all wireless modules, so make sure the changes you initiate are changesthat you want to apply to the entire network, otherwise go to “Managing Subnetsand Nodes” on page 125 or “Managing Modules” on page 131.Radio ParametersThis command allows you to define your Access/One Network’s general radioparameters. The following graphic shows an example of the factory defaultedversion of this page.Figure 72. Setting Up Radio Parameters
Access / One® NetworkManaging the Network 935The following options are available with this command:◗802.11g Radio Wireless ModeThis option allows you to select the 802.11g wireless mode from the optionsavailable in the corresponding pull-down list, including:•802.11g: This is the default standard 802.11g wireless mode.•802.11g Only (No 802.11b): This mode restricts the radio to the 802.11gwireless mode only and does not allow 802.11b compatibility.•802.11g Super: This mode provides support for the Atheros Super GFastFrames throughput enhancement technology, with data rates up to108Mbps and compatible with the 802.11g (54 Mbps) wirelesstechnology. This translates to nearly double the throughput, but there aresome limitations, including:–Only one operating channel is supported.–All user devices must also be capable of running 802.11g Super Gand be configured for it. Super G is not an industry standard and sonot all 802.11g user devices support this feature.•802.11b Only (No 802.11g): This mode restricts the radio to the 802.11bwireless mode only and does not allow 802.11g compatibility.◗802.11a Radio Wireless ModeThis option allows you to select the 802.11a wireless mode from the optionsavailable in the corresponding pull-down list, including:•802.11a: This is the default standard 802.11a wireless mode.•802.11a Turbo: This configures all 802.11a wireless modules in yourAccess/One Network to operate in Turbo mode, allowing them to operatewith data rates at speeds up to 108 Mbps. This translates to nearly doublethe throughput, but all user devices must be capable of running the802.11a Turbo mode and be configured for it. Turbo mode is not anindustry standard and so not all 802.11a user devices support thisfeature.
Access / One® Network94 Managing the Network5◗Allow Association Over Long DistancesThis option allows you to set a distance (up to 25 miles) for wirelessassociations over long distances (the default is 3 miles). Be aware thatchanging the distance here will affect all wireless modules. We recommendsetting this value at the module level. For example, if you have a single 10mile link and many shorter links setting this value to 10 miles will affect alllinks and slow down the network.◗Maximum 802.11a ClientsThis option allows you to restrict the number of 802.11a clients that canassociate with each 802.11a access point. The default is 128. Setting this fieldto 0 (zero) prevents all 802.11a client access.◗Maximum 802.11g ClientsThis option allows you to restrict the number of 802.11g clients that canassociate with each 802.11g access point. The default is 128. Setting this fieldto 0 (zero) prevents all 802.11g client access.◗Transmit PowerThis option allows you to select the level of transmit power from the choicesavailable in the pull-down list (either Full, Half, Quarter, One Eighth, orMinimum). You can decrease the transmit power to decrease the range of thewireless modules in your Access/One Network. The default value for thisparameter is Full (maximum power).Depending on the selected antenna(s) for your application—especiallyrelevant to the OWS—it may be necessary to configure the transmit power. Itis the installer's responsibility to ensure that the transmit power is setcorrectly for the chosen antenna(s). Operation in a manner other than isrepresented in this document is a violation of FCC rules.For a complete listing of the maximum power settings allowed for antennas,go to “Power Settings for Antennas” on page 165.
Access / One® NetworkManaging the Network 955◗802.11a Channel SelectorThese options extend the range of 802.11a wireless capability by allowingyou to select 802.11a wireless channels. Check the corresponding box toenable an 802.11a channel of your choice.◗802.11g Channel SelectorThese options extend the range of 802.11g wireless capability by allowingyou to select 802.11g wireless channels. Check the corresponding box toenable an 802.11g channel of your choice.◗802.11g (only)These options allow you to set up how your 802.11g wireless modulesperform on the network (not applicable to 802.11a radios). Options that arespecific to 802.11g radios include:•Protection ModeThis is a mechanism to let 802.11g devices know when they should usemodulation techniques to communicate with another 802.11b device,especially in wireless networks where there is a mixed environment thathas 802.11g and 802.11b clients (and the clients are hidden from eachother. The protection mode options are:–NoneThis assumes there are no wireless stations using 802.11b (11 Mbps)technology. If operating in a mixed 802.11b/g network with minimal802.11b traffic, choose this option to ensure the best performance foryour 802.11g stations.–AlwaysProtects 802.11b traffic from colliding with 802.11g traffic. Thismode is not recommended, especially if only a few wireless stationsare operating with 802.11b. Only use this mode in environmentswith heavy 802.11b traffic or where there is interference.
Access / One® Network96 Managing the Network5–AutoThis is the default mode and will enable protection for 802.11gstations if your Access/One Network finds an 802.11b client. In thismode, if the 802.11b client leaves the network the protection modewill revert to None automatically.•Protection RateSets the data rate at which the RTS-CTS (Request-to-Send and Clear-to-Send) packets are sent (either 1 Mbps, 2 Mbps, 5.5 Mbps, or 11 Mbps).The 11 Mbps data rate is the default.•Protection TypeThis option is only relevant when the Protection Mode is on. The optionshere are CTS-only or RTS-CTS. With CTS-only, the client is not requiredto send an RTS (Request-to-Send) to the AP. As long as the client receivesa CTS (Clear-to-Send) frame from the AP then the client is free to senddata. With the RTS-CTS option enabled, the client is required to send anRTS to the AP and wait for a CTS from the AP before it can send data (thisoption creates additional overhead and can cause performancedegradation). The default is CTS-only.•Short Slot Time802.11g defines the long slot time as 20 microseconds and a short slottime as 9 microseconds. 802.11b only supports the long slot time of 20microseconds. In an environment with 802.11g devices only, this option(Short Slot Time) must be enabled for better performance—givingprecedence to 802.11g traffic. Only disable this option in mixed(802.11b and 802.11g) environments. The default is enabled.•Short Slot PreambleShort slot preamble improves network efficiency by reducing thepreamble from 128 bits to 56 bits. 802.11g is required to support bothshort and long preambles (802.11b support for a short preamble isoptional). If this option is enabled, any 802.11b clients associated withthe network must support a short preamble. The default for this option isenabled.
Access / One® NetworkManaging the Network 975◗Advanced SettingsThese advanced settings are preconfigured with the optimum settings for yourAccess/One Network. Changing any of these settings may negatively affectthe network’s performance. For best results, leave these settings at theirdefault values.•Beacon IntervalThe beacon is a uniframe system packet broadcast by the AP to keep thenetwork synchronized. Enter a value in this field between 20 and 1000(milliseconds) that specifies the beacon interval. The default value is 100.•Delivery Traffic Indication Message (DTIM Period)Enter a value between 1 and 255 that specifies the Delivery TrafficIndication Message (DTIM). Increasing this interval allows the station tosleep for longer periods of time resulting in power savings (in exchangefor some degradation in performance). The default value is 1.•Fragment LengthEnter a value between 256 and 2346. This setting determines the size ofthe wireless frame. Wireless frames are reassembled by your Access/OneNetwork wireless modules before being forwarded to the Ethernet port,but only if the frame is smaller than the Ethernet MTU (1536 bytes). Thedefault value is 2346.•RTS/CTS ThresholdThis is a value that determines at what frame length the RTS-CTS functionis triggered. By default, the threshold is set at its highest value. A lowervalue means that the RTS-CTS function is triggered for smaller framelengths. A lower threshold value may be necessary in environments withexcessive signal noise or hidden nodes, but may result in someperformance degradation. Enter a value between 256 and 2346 to specifythe RTS/CTS threshold. The default value is 2346.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® Network98 Managing the Network5Client ConnectClient Connect (Virtual/Strix) is the system topology that enables your Access/OneNetwork to support and provide access to client devices using most wirelesstechnologies, including 802.11a or 802.11g. With Client Connect you cancustomize each network node to support the wireless technologies you need in thelocations you need them. Any mix of these technologies can be supported within asingle node or across the entire Access/One Network.This command allows you to define your Client Connect parameters. The followinggraphic shows the Client Connect window set to its default values.Figure 73. Client Connect (Virtual/Strix)
Access / One® NetworkManaging the Network 995The following options are available with this command:◗SSIDAn SSID (Service Set Identifier) is a unique name shared among all devices ina wireless network. Choose the network (SSID) or choose Add /Remove SSIDsfrom the pull-down list. If you add an SSID, the new SSID can be up to 32alphanumeric characters and the characters are case-sensitive. In addition toadding and/or deleting SSIDs, this option allows you to edit an existing SSIDname.•Choosing an Existing SSIDTo choose an existing SSID, simply select it from the pull-down list.•Editing the Name of an Existing SSIDTo edit the name of an existing SSID, choose an SSID from the pull-downlist then click on the Edit SSID Name button. The SSID name is noweditable and you can change it by over-typing on the existing name. Ifyou do this, you must click on the Update button to apply your change.•Creating a New SSIDTo create a new SSID, choose Add/Remove SSIDs from the pull-down listto reveal the Add/Remove SSID window.Figure 74. Adding an SSIDEnter a name for the new SSID in the SSID field. Check the Suppress SSIDbox if you want to prevent the broadcast of this SSID in beacons from allwireless modules in your Access/One Network (recommended).
Access / One® Network100 Managing the Network5Choose whether the new SSID should be tagged or untagged. However,there can be only one untagged SSID in the SSID table (the default SSIDis always untagged). From this window you also have the option ofassigning VLAN Security to the new SSID. When you have completed alldata input for the creation of your new SSID, click on the Add SSIDbutton. The new SSID is added to the list and will appear in the pull-down list in the main Client Connect window.•Deleting an SSIDTo delete an existing SSID, simply click on the X icon next to the SSIDyou want to delete.Figure 75. Deleting an SSID◗SSID Client LimitsEnter a value (up to 128) in the Maximum Clients per SSID field. The defaultis 128. If you enter a value of 0 (zero) you will effectively prevent all useraccess, with the exception of any Strix Network Connect devices.◗VLAN SecurityYou can now associate a tagged or untagged VLAN with the selected SSID. Ifyou define a tagged VLAN, you must assign a priority to it. The acceptablerange for priorities is between 0 and 7, and the priority is chosen from thepull-down list. The lower the priority level you assign, the higher the prioritywill be given by a VLAN-aware Ethernet switch. Access/One Network doesnot support these priority levels as a queuing mechanism and ignores themwhile the frame is in transit through the network. The VLAN mechanismapplies strictly to wireless stations. All devices on your Access/One Networkgenerate only untagged traffic.Click here to delete this SSID
Access / One® NetworkManaging the Network 1015◗Client Connect Security ModeThis option allows you to establish the authentication and encryption securitymodes for Client Connects. These include:•Authentication–Open: Used for local authentication.–Shared Key: This option is not currently supported.–Dynamic Key (802.1X): With this option, the RADIUS server gives akey to each user for unicast traffic. Multicast traffic uses the defaultkey.–WPA-PSK: With this option, the WPA (Wi-Fi Protected Access)standard uses a Pre-Shared Key (PSK) mode that does not require theRADIUS infrastructure.–WPA: This option provides WPA, a subset of the 802.11i standardthat boosts the original static WEP security by mandating 802.1xremote authentication.•Encryption–Clear: Available for Open or Dynamic authentication. Messages willbe sent unencrypted between user devices and your Access/OneNetwork nodes.–WEP: Wired Equivalency Privacy (WEP) is a security protocol forWLAN. It encrypts data using an RC4 stream cipher of 64, 128 or152 bits.–AES: Advanced Encryption Standard (AES) encrypts data using asymmetric 152 bit data block, and is generally considered the mostsecure option available.–TKIP: The Temporal Key Integrity Protocol (TKIP) is part of the IEEE802.11i encryption standard for wireless LANs, providing per-packetkey mixing, a message integrity check and a re-keying mechanism.–Auto Negotiate: With this option, the encryption mode will benegotiated in real time between the participating devices, allowingthe simultaneous use of AES and TKIP.
Access / One® Network102 Managing the Network5Select the desired Authentication and Encryption modes from the availableoptions. If you choose Dynamic (802.1x) or WPA authentication, you mustconfigure the RADIUS server(s) on this page (these fields only appear whenDynamic or WPA is selected as the authentication type). See also, “RadiusAccounting” on page 84.Figure 76. Configuring RADIUS ServersIf you choose WPA-PSK authentication, you must provide a WPA Pass Phraseand confirm the pass phrase (these fields only appear when WPA-PSK isselected as the authentication type.Figure 77. WPA Pass Phrase◗Client Connect Security KeysThis option allows you to define up to 4 security encryption keys for yourClient Connects. To define a security key, click on the Enter Key 1 (through 4)button to reveal the security key window, then select either hexadecimal orASCII format. Once you have selected the preferred format, choose 64 bit,128 bit, or 152 bit encryption from the pull-down list and enter your securitykey. After entering the key, click on the Update button to add the new key tothe list, or click on the Cancel button to abort the process.Figure 78. Assigning Client Connect Security Keys
Access / One® NetworkManaging the Network 1035When you add a new Client Connect security key, the system encrypts thekey and the encrypted key appears in the list. You can add up to 4 ClientConnect security keys. After adding security keys, select one of the keys to actas the default shared key.Figure 79. Encrypted Security KeyTo delete a Client Connect security key, click on the Enter Key 1 (through 4)button that applies to the key you want to delete. When the pop-up windowappears, choose None from the pull-down list. The selected security key isremoved from the list automatically.◗Access Control ListThis option allows you to configure an Access Control List (ACL) to determinewhich user devices (stations) are allowed to connect to your Access/OneNetwork. To do this, simply click on the Manage ACL button to reveal theManage ACL window.Figure 80. Configuring an Access Control ListEncrypted KeyDefault Shared Key
Access / One® Network104 Managing the Network5Choose the preferred access level from the pull-down list. Your optionsinclude:•Disable: All stations/clients can request association with an SSID in yourAccess/One Network. This means that the ACL will not be checked whena new station attempts to authenticate.•Enable: All stations/clients are assigned a permission status based on theirMAC address. If the MAC address of the station attempting to gain accessis set to Deny, it will not be allowed to associate with the network. If theMAC address is set to Allow, or not configured in the ACL, the station willbe allowed network access.•Strict: Only stations assigned with Allow permissions in the ACL aregranted access to the network, regardless of encryption settings. Inaddition, if the entry is configured for an encryption key, the station isalso required to match that key before gaining access. If no ACL entryexists for a MAC address, it will not be allowed to associate with thenetwork. The ACL accepts multiple levels of authentication concurrentlyso that stations with or without encryption (or shared key authentication)can be admitted.To add a new station, click on the Add New Station button to reveal the AddNew Station window.Figure 81. Adding a New StationChanging the ACL mode for wireless stations requires a reboot.A reboot is also required when adding or deleting ACL entriesat the network level (though not at the module level).
Access / One® NetworkManaging the Network 1055Enter the MAC address of the new station/client, then choose the ACL typefrom the pull-down list. These options include:•Allow•Deny•Default Shared Key•64 bit (enter 10 digits)•128 bit (enter 26 digits)•152 bit (enter 32 digits)If you choose any of the encryption types, enter the key in the Unique Keyfield. Alternatively, you can choose the Default Shared Key and the systemwill use the key you assigned as the default in Client Connect Security Keys.This key will be used for all unicast messagesIf you want to assign a VLAN, go to VLAN Security to understand what youneed to do with these fields. If CoS is disabled, your Access/One Networkdoes not support VLAN priority levels as a queuing mechanism and ignoresthem while the frame is in transit through the network. The VLAN mechanismapplies strictly to wireless stations. All Access/One Network devices generateonly untagged traffic.When you have completed your Access Control List (ACL) configuration,click on the Update button to apply your changes and return to the ManageACL window. You must now click on the Update button in this window, thenclick on the Apply Configuration tab to apply all of your ACL changes acrossthe network. You can now return to the main Client Connect window.◗Client Connect PrivacyWhen enabled, this option offers Client Connect privacy by preventing Wi-Fiusers from communicating with each other on the same module. Data fromeach Wi-Fi device is sent only to the Ethernet or backhaul ports, requiring arouter or other access device for authentication before allowing the devicesto exchange data. This is important in hotel applications where wireless userscommunicate with each other via Guestek or Wayport servers. The default isdisabled.
Access / One® Network106 Managing the Network5◗SSID ShutdownWhen enabled, this option shuts down all SSID functionality when networkconnectivity is lost. With this feature enabled, if connectivity to the gateway islost, the access point will disassociate all attached wireless clients—the clientwill know there is a problem and will need to find another access point to re-establish connectivity with the network. The default is disabled.◗Discovery ProtocolsThis option enables the Strix Discovery Protocol (browser plug-in). Thedefault is enabled. If this option is disabled, the left pane in Manager/Onewill not be available and the auto-discovery feature will not function.◗Client Connect Privacy TagsThis option is used if you want to prevent users from seeing each other ondifferent modules. For total hotspot privacy, we recommend leaving theprivacy WLAN tags at their default values.If you want to enable VLAN tag marking for Client Connect privacy (requiredfor mesh privacy), check this box. If enabled, you must assign the tags (thedefaults are 925 and 926).After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.Network ConnectNetwork Connect is the infrastructure used by your Access/One Network for awireless connection to an existing wired network (small or large). Each node withinthe network can utilize a wired Ethernet or wireless module (802.11a or 802.11g)for node inter-connectivity or connection to a wired legacy network.Unlike traditional wired Ethernet LAN/WAN connections used by access points andWLAN switches, Access/One Network’s wireless Network Connect option providesan advanced level of security between the network node and the LAN/WAN. Bydefault, the wireless Network Connect link utilizes AES encryption with a secret keyand cannot be compromised.
Access / One® NetworkManaging the Network 1075When nodes in your Access/One Network are configured for wireless NetworkConnect, the system provides several distinct advantages over a typical wirelessnetwork that uses wired connections. These advantages include:◗Secure networking◗Self tuning, rapid self-healing, and rogue device detection◗Scalability◗Simple installation◗Lowest cost of deploymentThis command allows you to define your Network Connect parameters. Thefollowing graphic shows the Network Connect window set to its default values.Figure 82. Network ConnectThe following options are available with this command:◗Peer SelectionThis option allows you to define peer selection criteria. These include eitherAutomatic Peer Selection (where your Access/One Network chooses peersautomatically, or selection by Target SSID (you must enter a valid SSID).
Access / One® Network108 Managing the Network5◗Auto-Mode Radio Priority (Dual Wi-Fi Radio Only)This option allows you to establish a priority for which radio on the dual bandwireless module will operate as a Network Connect in the Auto mode. Theavailable choices are:•802.11a Only•802.11a Priority, 802.11g Backup•802.11g Priority, 802.11a Backup•802.11g Only◗Self-TuningThis feature allows you to enable or disable Background Scanning andconfigure the Self-Tuning Policy. When a Network Connect module firstconnects to the network, it performs an initial scan of all available Wi-Fichannels and generates a list of potential alternate Client Connects that arereachable. Following the initial scan, the Network Connect continually scansin the background to maintain the list and enable the system to make thefollowing intelligent decisions:•When to drop the current path and select a better path, then connect tothe appropriate node (self-tuning).•When to select the best path (or detect the loss of a path) and select thenext best path, then connect to the appropriate node (self-healing).•Which APs are rogue devices.To fully optimize your network’s ability to self-tune, self-heal and detectrogue devices, we recommend that the Background Scanning feature isalways enabled (default).Disabling Background Scanning will prevent Network Connectsfrom reporting rogue AP devices.
Access / One® NetworkManaging the Network 1095◗Self-Tuning PolicyYou can instruct the system to Never Switch during its self-tuning process, orestablish a Switching Frequency (with 5 possible frequency states betweenstable and aggressive). When background scanning is completed, the self-tuning system determines the best potential client, based on RTD/RSSI scoresand threshold values obtained during the scanning process. Threshold valuesbecome more critical when two Client Connects are very close with theirscores. Normally, this can cause bouncing between the two Client Connects,but Access/One Network eliminates the bouncing effect by allowing you tomove the threshold switching frequency from aggressive to stable.◗Background Scan IntervalEnter a value in this field (in milliseconds) to define the interval betweenbackground scans. The default is 5000 milliseconds.◗Network Connect Security KeyTo protect wireless stations associated with each node, your Access/OneNetwork provides WEP and AES ciphers for encryption and 802.1x remoteauthentication. The inter-node Network Connect wireless uplink is protectedwith an AES static key to prevent eavesdropping. The factory configureddefault key is hidden from view to retain secrecy for a basic network, but thiskey can be changed and each network can have its own unique key.The Network Connect solution for Access/One Network preventsunauthorized wireless connections from being established to the network byblocking user traffic in the following two scenarios:•If the Network Connect is configured for the default network name(AccessOne), Manager/One forces the administrator to approve/admit thenode to the network before user traffic is bridged to the network.•If the two nodes that are wirelessly connected (via the uplink) havedifferent Network Connect security keys configured. However, if theAllow Strix default key option is enabled then a Network Connect usingthe default security key can still connect with a network using a non-default security key.
Access / One® Network110 Managing the Network5To assign a security key, click on the Enter Key button. In the pop-up window,select the key entry method (hexadecimal or ASCII text), then enter the keythat will serve as the default key to encrypt packets to be transmitted on awireless uplink between nodes. The key length is fixed at 152 bits. Afterentering the key, click on the Update button to assign the key and return tothe Network Connect window.Figure 83. Network Connect Security KeyEnable the Allow Strix default key option if you want to allow NetworkConnects with a default key to connect with a network using a non-defaultsecurity key. In this case, the network using a non-default security key canstill be managed remotely. The default is enabled.◗Network Connect Data Trust LevelThis feature determines whether the Client Connect will allow traffic from aNetwork Connect only (for management purposes), or from devices beyondthe Network Connect module—like a Client Connect on top of it, or Ethernetdevices attached to it. This applies only when a Network Connect uses thedefault (non-provisioned) key when associating with a Client Connect.Choose the preferred trust level policy for the Network Connect from thefollowing options:•Trust Strix Network behind Network Connect: Trust the Strix networkbehind the Network Connect.•Trust only Network Connect module: Trust only the Network Connectmodule.After inputting data (or making selections), click on the Update button to update thispage, then click on the Apply Configuration tab to propagate your changes acrossthe network. If necessary, you can click on the factory default (FD) button in thetoolbar to reset all data on this page to its factory default state.
Access / One® NetworkManaging the Network 1115Rogue ScanThis option allows you to define which channels are scanned for rogue devices bythe defined country code. From the configuration window, you can enable ordisable channels.Figure 84. Rogue AP Scanning
Access / One® Network112 Managing the Network5In addition to defining channels, the Rogue Scan configuration window allows youto define a refresh period—the elapsed time after which the network server refreshesthe rogue device list. The default is 1 day. Making this refresh period too frequentwill adversely impact the performance of the network.Figure 85. Defining the Refresh Period for the Rogue ListIf you make any changes to your channel selections in this window you must clickon the Update button for your changes to take effect, then click on the ApplyConfiguration tab to propagate your changes across the network. If necessary, youcan click on the factory default (FD) button in the toolbar to reset all data on thispage to its factory default state.Define the Refresh Period

Navigation menu