7 System Management
Teldat GmbH
The System Management->Global Settings->Passwords menu consists of the following
fields:
Fields in the System Password menu.
Field
Value
System Admin Password
Enter the password for the user name *.
This password is also used with SNMPv3 for authentication
(MD5) and encryption (DES).
Confirm Admin Password
Confirm the password by entering it again.
Fields in the SNMP Communities menu.
Field
Value
SNMP Read Community
Enter the password for the user name .
SNMP Write Community
Enter the password for the user name 2 .
Fields in the Global Password Options menu
Field
Value
Show passwords and
keys in clear text
Define whether the passwords are to be displayed in clear text
(plain text).
The function is enabled with The function is disabled by default.
If you activate the function, all passwords and keys in all menus
are displayed and can be edited in plain text.
One exception is IPSec keys. They can only be entered in plain
text. If you press OK or call the menu again, they are displayed
as asterisks.
7.2.3 Date and Time
You need the system time for tasks such as correct timestamps for system messages, accounting or IPSec certificates.
bintec WLAN and Industrial WLAN
87
7 System Management
Teldat GmbH
Fig. 42: System Management ->Global Settings ->Date and Time
You have the following options for determining the system time (local time):
ISDN/Manual
The system time is updated via ISDN, i.e. the date and time are taken from the ISDN when
the first outgoing call is made, or is set manually on the device.
If the correct location of the device (country/city) is set for the Time Zone, switching from
summer time to winter time (and back) is automatic. This is independent of the exchange
time or the ntp server time. Summer time starts on the last Sunday in March by switching
from 2 a.m. to 3 a.m. The calendar-related or schedule-related switches that are scheduled
for the missing hour are then carried out. Winter time starts on the last Sunday in October
by switching from 3 a.m. to 2 a.m. The calendar-related or schedule-related switches that
are scheduled for the additional hour are then carried out.
If a value other than Universal Time Coordinated (UTC), option +/)9#:, has been chosen
for the Time Zone, the switch from summer to winter time must be carried out manually
when required.
Time server
You can obtain the system time automatically, e.g. using various time servers. To ensure
88
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
that the device uses the desired current time, you should configure one or more time servers. Switching from summer time to winter time (and back) must be carried out manually if
the time is derived using this method by changing the value in the Time Zone field with an
option UTC+ or UTC-.
Note
If a method for automatically deriving the time is defined on the device, the values obtained in this way automatically have higher priority. A manually entered system time is
therefore overwritten.
The menu System Management->Global Settings->Date and Time consists of the following fields:
Fields in the Basic Settings menu.
Field
Description
Time Zone
Select the time zone in which your device is installed.
You can select Universal Time Coordinated (UTC) plus or
minus the deviation in hours or a predefined location, e.g.
%
4*
.
Current Local Time
The current date and current system time are shown here. The
entry cannot be changed.
Fields in the Manual Time Settings menu.
Field
Description
Set Date
Enter a new date.
Format:
• Day: dd
• Month: mm
• Year: yyyy
Set Time
Enter a new time.
Format:
• Hour: hh
• Minute: mm
bintec WLAN and Industrial WLAN
89
7 System Management
Teldat GmbH
Fields in the Automatic Time Settings (Time Protocol) menu.
Field
Description
ISDN Timeserver
Only for devices with ISDN interface.
Determine whether the system time is to be updated via ISDN.
If a time server is configured, the time is only determined over
ISDN until a successful update is received from this time server.
Updating over ISDN is deactivated for the period in which the
time is determined by means of a time server.
The function is activated with .
The function is disabled by default.
First Timeserver
Enter the primary time server, by using either a domain name or
an IP address.
In addition, select the protocol for the time server request.
Possible values:
• 2/! (default value): This server uses the simple network
time protocol via UDP port 123.
• /
0
4 +7!: This server uses the Time service
with UDP port 37.
• /
0
4 /)!: This server uses the Time service
with TCP port 37.
• 2
: This time server is not currently used for the time request.
Second Timeserver
Enter the secondary time server, by using either a domain name
or an IP address.
In addition, select the protocol for the time server request.
Possible values:
• 2/! (default value): This server uses the simple network
time protocol via UDP port 123.
• /
0
4 +7!: This server uses the Time service
with UDP port 37.
• /
0
4 /)!: This server uses the Time service
with TCP port 37.
90
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
• 2
: This time server is not currently used for the time request.
Third Timeserver
Enter the third time server, by using either a domain name or an
IP address.
In addition, select the protocol for the time server request.
Possible values:
• 2/! (default value): This server uses the simple network
time protocol via UDP port 123.
• /
0
4 +7!: This server uses the Time service
with UDP port 37.
• /
0
4 /)!: This server uses the Time service
with TCP port 37.
• 2
: This time server is not currently used for the time request.
Time Update Interval
Enter the time interval in minutes at which the time is automatically updated.
The default value is ''.
Time Update Policy
Enter the time period after which the system attempts to contact
the time server again following a failed time update.
Possible values:
• 2 (default value): The system attempts to contact the
time server after 1, 2, 4, 8, and 16 minutes.
• "
0
: For ten minutes, the system attempts to contact the time server after 1, 2, 4, 8 seconds and then every 10
seconds.
• : For an unlimited period, the system attempts to
contact the time server after 1, 2, 4, 8 seconds and then every
10 seconds.
If certificates are used to encrypt data traffic in a VPN, it is extremely important that the correct time is set on the device. To
ensure this is the case, for Time Update Policy, select the
value .
bintec WLAN and Industrial WLAN
91
7 System Management
Teldat GmbH
Field
Description
Internal Time Server
Select whether the internal timeserver is to be used.
The function is activated by selecting . Time requests
from a client will be answered with the current system time. This
is given as GMT, without offset.
The function is disabled by default. Time requests from a client
are not answered.
7.2.4 System Licences
This chapter describes how to activate the functions of the software licences you have purchased.
The following licence types exist:
• Licences already available in the device's ex works state
• Free extra licences
• Extra licences at additional cost
The data sheet for your device tells you which licences are available in the device's ex
works state and which can also be obtained free of charge or at additional cost. You can
access this data sheet at www.teldat.de .
Entering licence data
You can obtain the licence data for extra licences via the online licensing pages in the support section at www.teldat.de . Please follow the online licensing instructions. (Please also
note the information on the licence card for licences at additional cost.) You will then receive an e-mail containing the following data:
• Licence Key and
• Licence Serial Number.
You enter this data in the System Management->Global Settings->System
Licences->New menu.
In the System Management->Global Settings->System Licences->New menu, a list of
all registered licences is displayed (Description, Licence Type, Licence Serial Number,
Status).
Possible values for Status
92
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Licence
Meaning
OK
Subsystem is activated.
Not OK
Subsystem is not activated.
Not supported
You have entered a licence for a subsystem your device does
not support.
In addition, above the list is shown the System Licence ID required for online licensing.
Note
To restore the standard licences for a device, click the Default Licences button
(standard licences).
7.2.4.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to enter more licences.
Fig. 43: System Management ->Global Settings ->System Licences ->New
Activating extra licences
You activate extra licences by adding the received licence information in the System Management->Global Settings->System Licences->New menu.
The menu System Management->Global Settings->System Licences->New consists of
the following fields:
Fields in the Basic Settings menu.
Field
Value
Licence Serial Number Enter the licence serial number you received when you bought
the licence.
Licence Key
bintec WLAN and Industrial WLAN
Enter the licence key you received by e-mail.
93
7 System Management
Teldat GmbH
Note
If 2 8$ is displayed as the status:
• Enter the licence data again.
• Check your hardware serial number.
If 2 %%
is displayed as the status, you have entered a license for a subsystem that your device does not support. This means you cannot use the functions of
this licence.
Deactivating a licence
Proceed as follows to deactivate a licence:
(1)
Go to System Management->Global Settings->System Licences->New.
(2)
Press the
(3)
Confirm with OK.
icon in the line containing the licence you want to delete.
The licence is deactivated. You can reactivate your additional licence at any time by entering the valid licence key and licence serial number.
7.3 Interface Mode / Bridge Groups
In this menu, you define the operation mode for your device's interfaces.
Routing versus bridging
Bridging connects networks of the same type. In contrast to routing, bridges operate at layer 2 of the OSI model (data link layer), are independent of higher-level protocols and transmit data packets using MAC addresses. Data transmission is transparent, which means the
information contained in the data packets is not interpreted.
With routing, different networks are connected at layer 3 (network layer) of the OSI model
and information is routed from one network to the other.
Conventions for port/interface names
If your device has a radio port, it receives the interface name WLAN. If there are several radio modules, the names of wireless ports in the user interface of your device are made up
of the following parts:
94
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
(a) WLAN
(b) Number of the physical port (1 or 2)
Example: ."2 The name of the Ethernet port is made up of the following parts:
(a) ETH
(b) Number of the port
Example: /;
The name of the interface connected to an Ethernet port is made up of the following parts:
(a) Abbreviation for interface type, whereby stands for internet.
(b) Number of the Ethernet port
(c) Number of the interface
Example: # (first interface on the first Ethernet port)
The name of the bridge group is made up of the following parts:
(a) Abbreviation for interface type, whereby stands for bridge group.
(b) Number of the bridge group
Example: (first bridge group)
The name of the wireless network (VSS) is made up of the following parts:
Abbreviation for interface type, whereby 0 stands for wireless network.
(a) Number of the wireless module
(b) Number of the interface
Example: 0# (first wireless network on the first wireless module)
The name of the WDS link or bridge link is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the wireless module on which the WDS link or bridge link is configured
(c) Number of the WDS link or bridge link
Example: -# (first WDS link or bridge link on the first wireless module)
The name of the client link is made up of the following parts:
(a) Abbreviation for interface type
(b) Number of the wireless module on which the client link is configured
(c) Number of the client link
bintec WLAN and Industrial WLAN
95
7 System Management
Teldat GmbH
Example: # (first client link on the first wireless module)
The name of the virtual interface connected to an Ethernet port is made up of the following
parts:
(a) Abbreviation for interface type
(b) Number of the Ethernet port
(c) Number of the interface connected to the Ethernet port
(d) Number of the virtual interface
Example: ## (first virtual interface based on the first interface on the first Ethernet
port)
7.3.1 Interfaces
You define separately whether each interface is to operate in routing or bridging mode.
If you want to set bridging mode, you can either use existing bridge groups or create a new
bridge group.
The default setting for all existing interfaces is routing mode. When selecting the option
2
- *
1% for Mode / Bridge Group, a bridge group, i.e. , etc. is automatically created and the interface is run in bridging mode.
Fig. 44: System Management ->Interface Mode / Bridge Groups ->Interfaces
The System Management->Interface Mode / Bridge Groups->Interfacesmenu consists
of the following fields:
Fields in the Interfaces menu.
96
Field
Description
Interface Description
Displays the name of the interface.
Mode / Bridge Group
Select whether you want to run the interface in <
=
or whether you want to assign the interface to an existing
( , etc.) or new bridge group ( 2
- *
1%).
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
When selecting 2
- *
1%, a new bridge group is
automatically created after you click the OK button.
Configuration Interface Select the interface via which the configuration is to be carried
out.
Possible values:
• (default value): Ex works setting The right configuration interface must be selected from the other options.
• 6
: No interface is defined as configuration interface.
• >6
?: Select the interface to be used for configuration. If this interface is in a bridge group, it is assigned
the group's IP address when it is taken out of the group.
7.3.1.1 Add
Add
Choose the New button to edit the mode of PPP interfaces.
Fig. 45: System Management ->Interface Mode / Bridge Groups ->Interfaces->Add
The System Management->Interface Mode / Bridge Groups->Interfaces->Addmenu
consists of the following fields:
Fields in the Interfaces menu.
Field
Description
Interface
Select the interface whose status should be changed.
Edit for devices the WIxxxxn and RS series
For WLAN clients in bridge mode (so-called MAC Bridge) you can also edit additional settings via the
icon.
bintec WLAN and Industrial WLAN
97
7 System Management
Teldat GmbH
Fig. 46: System Management ->Interface Mode / Bridge Groups ->Interfaces->Add
You can realise bridging for devices behind access clients with the MAC Bridge function. In
wildcard mode you cannot define how Unicast non-IP frames or non-ARP frames are processed. To use the MAC bridge function, you must carry out configuration steps in several
menus.
(1)
Select GUI menu Wireless LAN->WLAN->Radio Settings and click the icon to modify an entry.
(2)
Select Operation Mode = "
)
and save the settings with OK.
(3)
Select the System Management->Interface Mode / Bridge Groups->Interfaces
menu. The additional interface sta1-0 is displayed.
(4)
For interface sta1-0 select Mode / Bridge Group = @>6!"
?A and Configuration Interface= # and save the settings with OK.
(5)
Click the Save configuration button to save all of the configuration settings. You can
use the MAC Bridge.
The System Management->Interface Mode / Bridge Groups->Interfaces->
menu
consists of the following fields:
Fields in the Layer-2.5 Options menu.
Field
Value
Interface
Shows the interface that is being edited.
Wildcard Mode
Select the Wildcard mode you want to use on the interface.
Possible values:
• (default value): Wildcard mode is not used.
• : With this setting, you must enter the MAC address of
a device that is connected over IP under Wildcard MAC Address. Each packet without IP and without ARP is forwarded
to this device. This occurs even when the device is no longer
connected.
• : If you choose this setting, the MAC address of the first
non-IP unicast frame or non-ARP unicast frame, which occurs
98
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Value
on any of the Ethernet interfaces, is used as the wildcard
MAC address. This wildcard MAC address can only be reset
by rebooting the device or by selecting another wildcard
mode.
• : If you choose this setting, the internal WLAN MAC address is used to establish a connection to the access point. As
soon as a non-IP unicast frame or non-ARP unicast frame appears, it is forwarded to the MAC address from which the last
non-IP unicast frame or non-ARP unicast frame was received
on the Ethernet interface of the device. This wildcard MAC address is renewed with each non-IP unicast frame or non-ARP
unicast frame.
Wildcard MAC Address Only for Wildcard Mode = Enter the MAC address of a device that is connected over IP.
Transparent MAC Address
Only for Wildcard Mode = , Choose whether or not the Wildcard MAC Address are used in
addition as WLAN MAC address to establish the connection to
the access point.
The function is enabled with .
The function is disabled by default.
7.4 Administrative Access
In this menu, you can configure the administrative access to the device.
7.4.1 Access
In the System Management->Administrative Access->Access menu, a list of all IPcapable interfaces is displayed.
bintec WLAN and Industrial WLAN
99
7 System Management
Teldat GmbH
Fig. 47: System Management ->Administrative Access ->Access
For an Ethernet interface you can select the access parameters /
, ;, ;//!, ;/#
/!, !, 2=! and for the ISDN interfaces 672 ..
Only for hybird devices: You can also authorise your device for maintenance work from
Teldat's Customer Service department. You do this you enable either Service Login (ISDN
Web-Access) or Service Call Ticket (SSH Web Access), depending on the service you
require, and select the OK button. Follow the instructions given by Telekom's Customer
Service!
The menu Advanced Settings consists of the following fields:
Fields in the menu Advanced Settings
Field
Description
Restore Default Settings
Only when you make changes to the administrative access configuration are relevant access rules set up and activated. You
can restore the default settings with the
icon.
7.4.1.1 Add
Select the Add button to configure administrative access for additional interfaces.
Fig. 48: System Management ->Administrative Access ->Access->Add
100
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
The System Management->Administrative Access->Access->Add menu consists of the
following fields:
Fields in the menu Access
Field
Description
Interface
Select the interface for which administrative access is to be configured.
7.4.2 SSH
Your devices offers encrypted access to the shell. You can enable or disable this access in
the System Management->Administrative Access->SSH Enabled menu (standard
value). You can also access the options for configuring the SSH login.
Fig. 49: System Management ->Administrative Access ->SSH
You need an SSH client application, e.g. PuTTY, to be able to reach the SSH Daemon.
If you wish to use SSH Login together with the PuTTY client, you may need to comply with
some special configuration requirements, for which we have prepared FAQs. You will find
these in the Service/Support section at www.teldat.de .
bintec WLAN and Industrial WLAN
101
7 System Management
Teldat GmbH
To be able to reach the shell of your device via an SSH client, make sure the settings for
the SSH Daemon and SSH client are the same.
Note
If configuration of an SSH connection is not possible, restart the device to initialise the
SSH Daemon correctly.
The System Management->Administrative Access->SSHmenu consists of the following
fields:
Fields in the menu SSH (Secure Shell) Parameters
Field
Value
SSH service active
Select whether the SSH Daemon is to be enabled for the interface.
The function is activated by selecting .
The function is enabled by default.
SSH Port
Here you can enter the port via which the SSH connection is to
be established.
The default value is .
Maximum number of
concurrent connections
Enter the maximum number of simultaneously active SSH connections.
The default value is .
Fields in the menu Authentication and Encryption Parameters
Field
Value
Encryption Algorithms Select the algorithms that are to be used to encrypt the SSH
connection.
Possible options:
• (7
• *-
• "#
• "#
102
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Value
By default (7, *- and "# are enabled.
Hashing Algorithms
Select the algorithms that are to be available for message authentication of the SSH connection.
Possible options:
• =7
• ;"#
• <%
=7 By default =7, ;"# and <%
=7 are enabled.
Fields in the menu Key Status
Field
Value
RSA Key Status
Shows the status of the RSA key.
If an RSA key has not been generated yet, 2 is
displayed in red and a link, 1
, is provided. If you select
the link, the generation process is triggered and the view is updated. The 1
status is displayed in green. When
generation has been completed successfully, the status
changes from 1
to 1
. If an error occurs
during the generation, 2 and the 1
link
are displayed again. You can then repeat generation.
If the +5- status is displayed, generation of a key is not
possible, for example because there is not enough space in the
FlashROM.
DSA Key Status
Shows the status of the DSA key.
If no DSA key has yet been generated, 2 is displayed in red and a link, 1
, is provided. If you select
the link, the generation process is triggered and the view is updated. The 1
status is displayed in green. When
generation has been completed successfully, the status
changes from 1
to 1
. If an error occurs
during the generation, 2 and the 1
link
are displayed again. You can then repeat generation.
If the +5- status is displayed, generation of a key is not
bintec WLAN and Industrial WLAN
103
7 System Management
Teldat GmbH
Field
Value
possible, for example because there is not enough space in the
FlashROM.
The menu Advanced Settings consists of the following fields:
Fields in the menu Advanced Settings
Field
Value
Login Grace Time
Enter the time (in seconds) that is available for establishing the
connection. If a client cannot be successfully authenticated during this time, the connection is terminated.
The default value is seconds.
Compression
Select whether data compression should be used.
The function is activated by selecting .
The function is disabled by default.
TCP Keepalives
Select whether the device is to send keepalive packets.
The function is activated by selecting .
The function is enabled by default.
Logging Level
Select the syslog level for the syslog messages generated by
the SSH Daemon.
Possible settings:
• 6 (default value): Fatal and simple errors of the
SSH Daemon and information messages are recorded.
• : Only fatal errors of the SSH Daemon are recorded.
• : Fatal and simple errors of the SSH Daemon are recorded.
• 7
: All messages are recorded.
104
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
7.4.3 SNMP
SNMP (Simple Network Management Protocol) is a network protocol used to monitor and
control network elements (e.g. routers, servers, switches, printers, computers etc.) from a
central station. SNMP controls communication between the monitored devices and monitoring station. The protocol describes the structure of the data packets that can be transmitted, as well as the communication process.
The data objects queried via SNMP are structured in tables and variables and defined in
the MIB (Management Information Base). This contains all the configuration and status
variables of the device.
SNMP can be used to perform the following network management tasks:
• Surveillance of network components
• Remote controlling and configuration of network components
• Error detection and notification
You use this menu to configure the use of SNMP.
Fig. 50: System Management ->Administrative Access ->SNMP
The menu System Management->Administrative Access->SNMP consists of the following fields:
Fields in the Basic Settings menu.
Field
Value
SNMP Version
Select the SNMP version your device is to use to listen for external SNMP access.
Possible values:
• 0: SNMP Version 1
• 0: Community-Based SNMP Version 2
• 0(: SNMP Version 3
bintec WLAN and Industrial WLAN
105
7 System Management
Teldat GmbH
Field
Value
By default, 0, 0 and 0( are enabled.
If no option is selected, the function is deactivated.
SNMP Listen UDP Port Shows the UDP port ( ) at which the device receives SNMP
requests.
The value cannot be changed.
Tip
If your SNMP Manager supports SNMPv3, you should, if possible, use this version as
older versions transfer all data unencrypted.
7.5 Remote Authentication
This menu contains the settings for user authentication.
7.5.1 RADIUS
RADIUS (Remote Authentication Dial In User Service) is a service that enables authentication and configuration information to be exchanged between your device and a RADIUS
server. The RADIUS server administrates a database with information about user authentication and configuration and for statistical recording of connection data.
RADIUS can be used for:
• Authentication
• Accounting
• Exchange of configuration data
For an incoming connection, your device sends a request with user name and password to
the RADIUS server, which then searches its database. If the user is found and can be authenticated, the RADIUS server sends corresponding confirmation to your device. This confirmation also contains parameters (called RADIUS attributes), which your device uses as
WAN connection parameters.
If the RADIUS server is used for accounting, your device sends an accounting message at
the start of the connection and a message at the end of the connection. These start and
end messages also contain statistical information about the connection (IP address, user
name, throughput, costs).
106
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
RADIUS packets
The following types of packets are sent between the RADIUS server and your device
(client):
Packet types
Field
Value
ACCESS_REQUEST
Client -> Server
If an access request is received by your device, a request is
sent to the RADIUS server if no corresponding connection partner has been found on your device.
ACCESS_ACCEPT
Server -> Client
If the RADIUS server has authenticated the information contained in the ACCESS_REQUEST, it sends an ACCESS_ACCEPT to your device together with the parameters
used for setting up the connection.
ACCESS_REJECT
Server -> Client
If the information contained in the ACCESS_REQUEST does
not correspond to the information in the user database of the
RADIUS server, it sends an ACCESS_REJECT to reject the
connection.
ACCOUNTING_START
Client -> Server
If a RADIUS server is used for accounting, your device sends
an accounting message to the RADIUS server at the start of
each connection.
ACCOUNTING_STOP
Client -> Server
If a RADIUS server is used for accounting, your device sends
an accounting message to the RADIUS server at the end of
each connection.
A list of all entered RADIUS servers is displayed in the System Management->Remote
Authentication->RADIUS menu.
bintec WLAN and Industrial WLAN
107
7 System Management
Teldat GmbH
7.5.1.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to add RADIUS serv-
ers.
Fig. 51: System Management ->Remote Authentication ->RADIUS->New
The System Management->Remote Authentication->RADIUS->Newmenu consists of
the following fields:
Fields in the Basic Parameters menu.
Field
Value
Authentication Type
Select what the RADIUS server is to be used for.
Possible values:
• !!! "
(default value only for PPP connections): The RADIUS server is used for controlling access to a
network.
108
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Value
• " (for PPP connections only): The RADIUS server
is used for recording statistical call data.
• . "
: The RADIUS server is used for
controlling access to the SNMP shell of your device.
• 6!
"
: The RADIUS server is used for
sending configuration data for IPSec peers to your device.
•
."2 @:A: The RADIUS server is used for controlling
access to a wireless network.
• B"+/;: The RADIUS server is used for authenticating IPSec
peers via XAuth.
Vendor Mode
Only for Authentication Type = "
In hotspot applications, select the mode define by the provider.
In standard applications, leave the value set to 7
.
Possible values for hotspot applications:
• /
: For France Telecom hotspot applications.
• ;% 0
: For Teldat hotspot applications.
Server IP Address
Enter the IP address of the RADIUS server.
RADIUS Secret
Enter the shared password used for communication between
the RADIUS server and your device.
Default User Password Some Radius servers require a user password for each RADIUS request. Enter the password that your device sends as the
default user password in the prompt for the dialout routes on the
RADIUS server.
Priority
If a number of RADIUS server entries were created, the server
with the highest priority is used first. If this server does not answer, the server with the next-highest priority is used.
Possible values from (highest priority) to C (lowest priority).
The default value is .
See also Policy in the Advanced Settings.
Entry active
bintec WLAN and Industrial WLAN
Select whether the RADIUS server configured in this entry is to
109
7 System Management
Teldat GmbH
Field
Value
be used.
The function is activated by selecting .
The function is enabled by default.
Group Description
Define a new RADIUS group description or assign the new RADIUS entry to a predefined group. The configured RADIUS
servers for a group are queried according to Priority and the
Policy .
Possible values:
• 2
- (default value): Enter a new group description in the text
field.
• 7
1% : Select this entry for special applications,
such as Hotspot Server configuration.
• >1% 2
?: Select a predefined group from the list.
The Advanced Settings menu consists of the following fields:
Fields in the Advanced Settings menu.
Field
Value
Policy
Select how your device is to react if a negative response to a request is received.
Possible values:
• "0
(default value): A negative response to a
request is accepted.
• 2#0
: A negative response to a request is
not accepted. A request is sent to the next RADIUS server until your device receives a response from a server configured
as authoritative.
UDP Port
Enter the UDP port to be used for RADIUS data.
RFC 2138 defines the default ports 1812 for authentication
(1645 in older RFCs) and 1813 for accounting (1646 in older
RFCs). You can obtain the port to be used from the documentation for your RADIUS server.
The default value is .
110
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Value
Server Timeout
Enter the maximum wait time between ACCESS_REQUEST
and response in milliseconds.
After timeout, the request is repeated according to Retries or
the next configured RADIUS server is requested.
Possible values are whole numbers between and .
The default value is (1 second).
Alive Check
Here you can activate a check of the accessibility of a RADIUS
server in Status 7- .
An Alive Check is carried out regularly (every 20 seconds) by
sending an ACCESS_REQUEST to the IP address of the RADIUS server. If the server is reachable, Status is set to
0
again. If the RADIUS server is only reachable over a
switched line (dialup connection), this can cause additional
costs if the server is - for a long time.
The function is activated by selecting .
The function is enabled by default.
Retries
Enter the number of retries for cases when there is no response
to a request. If an response has still not been received after
these attempts, the Status is set to -. In Alive Check =
your device attempts to reach the server every 20
seconds. If the server responds, Status is set back to 0
.
Possible values are whole numbers between and .
The default value is . To prevent Status being set to -, set
this value to .
RADIUS Dialout
Only for Authentication Type = !!! "
and
6!
"
.
Select whether your device receives requests from RADIUS
server dialout routes. This enables temporary interfaces to be
configured automatically and your device can initiate outgoing
connections that are not configured permanently.
The function is activated by selecting .
bintec WLAN and Industrial WLAN
111
7 System Management
Teldat GmbH
Field
Value
The function is disabled by default.
If the function is active, you can enter the following options:
• <
6
0: Enter the time period in seconds
between update intervals.
The default entry here is i.e. an automatic reload is not carried out.
7.5.2 TACACS+
TACACS+ permits access control for your device, network access servers (NAS) and other
network components via one or more central servers.
Like RADIUS, TACACS+ is an AAA protocol and offers authentication, authorisation and
accounting services (TACACS+ Accounting is currently not supported by Teldat devices).
The following TACACS+ functions are available on your device:
• Authentication for login shell
• Command authorisation on the shell (e.g. telnet, show)
TACACS+ uses TCP port 49 and establishes a secure and encrypted connection.
A list of all entered TACACS+ servers is displayed in the System Management->Remote
Authentication->TACACS+ menu.
7.5.2.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to add TACACS+ serv-
ers.
112
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Fig. 52: System Management ->Remote Authentication ->TACACS+ ->New
The System Management->Remote Authentication->TACACS+ ->Newmenu consists of
the following fields:
Fields in the Basic Parameters menu.
Field
Description
Authentication Type
Displays which TACACS+ function is to be used. The value
cannot be changed.
Possible values:
• . "
: Here, you can define whether the
current TACACS+ server is to be used for login authentication
to your device.
Server IP Address
Enter the IP address of the TACACS+ server that is to be requested for login authentication.
TACACS+ Secret
Enter the password to be used to authenticate and, if applicable, encrypt data exchange between the TACACS+ server and
the network access server (your device). The maximum length
of the entry is 32 characters.
Priority
Assign a priority to the current TACACS+ server. The server
with the lowest value is the one used first for TACACS+ login
bintec WLAN and Industrial WLAN
113
7 System Management
Teldat GmbH
Field
Description
authentication. If no response is given or access is denied (only
if Policy = 2#0
), the entry with the nexthighest priority is used.
The available values are to , the default value is .
Entry active
Select whether this server is to be used for login authentication.
The function is activated by selecting .
The function is enabled by default.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu.
Field
Description
Policy
Select the interpretation of the TACACS+ response.
Possible values:
• 2#0
(default value): The TACACS+ servers are queried in order of their priority (see Priority) until a
positive response is received or a negative response has
been received from an authoritative server.
• "0
: A negative response to a request is accepted, i.e. a request is not sent to another TACACS+ server.
The device's internal user administration is not turned off by
TACACS+. It is checked after all TACACS+ servers have been
queried.
TCP Port
Shows the default TCP port ( ') used for the TACACS+ protocol. The value cannot be changed.
Timeout
Enter time in seconds for which the NAS is to wait for a response from TACACS+.
If a response is not received during the wait time, the next configured TACACS+ server is queried (only if Policy = 2#
0
) and the status of the current server is set to
*5
.
The possible values are to , the default value is (.
114
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
Block Time
Enter the time in seconds for which the status of the current
server shall remain blocked.
When the block has ended, the server is set to the status specified in the Entry active field.
The possible values are to (, the default value is . The
value means that the server is never set to *5
status
and thus no other servers are queried.
Encryption
Select whether data exchange between the TACACS+ server
and the NAS is to be encrypted with MD5.
The function is activated by selecting .
The function is enabled by default.
If the function is not enabled, the packets and all related information are transferred unencrypted. Unencrypted transfer is not
recommended as a default setting and should only be used for
debugging.
7.5.3 Options
This setting possible here causes your device to carry out authentication negotiation for incoming calls, if it cannot identify the calling party number (e.g. because the remote terminal
does not signal the calling party number). If the data (password, partner PPP ID) obtained
by executing the authentication protocol is the same as the data of a listed remote terminal
or RADIUS user, your device accepts the incoming call.
Fig. 53: System Management ->Remote Authentication ->Options
The menu System Management->Remote Authentication->Options consists of the following fields:
bintec WLAN and Industrial WLAN
115
7 System Management
Teldat GmbH
Fields in the Global RADIUS Options menu.
Field
Description
Authentication for PPP By default, the following authentication sequence is used for inDialin
coming calls with RADIUS: First CLID, then PPP and then PPP
with RADIUS.
Options:
• 6: Only inband RADIUS requests (PAP,CHAP, MSCHAP V1 & V2) (i.e. PPP requests without CLID) are sent to
the RADIUS server defined in Server IP Address.
• 8 @).67A : Only outband RADIUS requests (i.e. requests for calling line identification = CLID) are sent to the
RADIUS server.
6 is enabled by default.
7.6 Certificates
An asymmetric cryptosystem is used to encrypt data to be transported in a network, to generate or check digital signatures and the authenticate users. A key pair consisting of a public key and a private key is used to encrypt and decrypt the data.
For encryption the sender requires the public key of the recipient. The recipient decrypts
the data using his private key. To ensure that the public key is the real key of the recipient
and is not a forgery, a so-called digital certificate is required.
This confirms the authenticity and the owner of a public key. It is similar to an official passport in that it confirms that the holder of the passport has certain characteristics, such as
gender and age, and that the signature on the passport is authentic. As there is more than
one certificate issuer, e.g. the passport office for a passport, and as such certificates can
be issued by several different issuers and in varying qualities, the trustworthiness of the issuer is extremely important. The quality of a certificate is regulated by the German Signature Act or respective EU Directives.
Certification authorities that issue so-called qualified certificates are organised in a hierarchy with the Federal Network Agency as the higher certifying authority. The structure and
content of a certificate are stipulated by the standard used. X.509 is the most important and
the most commonly use standard for digital certificates. Qualified certificates are personal
and extremely trustworthy.
Digital certificates are part of a so-called Public Key Infrastructure (PKI). PKI refers to a
system that can issue, distribute and check digital certificates.
116
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Certificates are issued for a specific period, usually one year, i.e. they have a limited validity period.
Your device is designed to use certificates for VPN connections and for voice connections
over Voice over IP.
7.6.1 Certificate List
A list of all existing certificates is displayed in the System
Management->Certificates->Certificate List menu.
7.6.1.1 Edit
Click the
bintec WLAN and Industrial WLAN
icon to display the content of the selected object (key, certificate, or request).
117
7 System Management
Teldat GmbH
Fig. 54: System Management ->Certificates->Certificate List->
The certificates and keys themselves cannot be changed, but a few external attributes can
be changed, depending on the type of the selected entry.
The System Management->Certificates->Certificate List->
menu consists of the fol-
lowing fields:
Fields in the Edit parameters menu.
118
Field
Description
Description
Shows the name of the certificate, key, or request.
Certificate is CA Certificate
Mark the certificate as a certificate from a trustworthy certification authority (CA).
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
Certificates issued by this CA are accepted during authentication.
The function is enabled with /
.
The function is disabled by default.
Certificate Revocation
List (CRL) Checking
Only for Certificate is CA Certificate = /
Define the extent to which certificate revocation lists (CRLs) are
to be included in the validation of certificates issued by the owner of this certificate.
Possible settings:
• 7
: No CRLs check.
• "-,: CRLs are always checked.
• 8, )<. 7 ! %
(default value): A check is only carried out if a CRL
Distribution Point entry is included in the certificate. This can
be determined under "View Details" in the certificate content.
• +
%
: The settings of the higher level certificate are used, if one exists. It is
does not, the same procedure is used as that described under
"Only if a CRL Distribution Point is present".
Force certificate to be
trusted
Define that this certificate is to be accepted as the user certificate without further checks during authentication.
The function is enabled with /
.
The function is disabled by default.
Caution
It is extremely important for VPN security that the integrity of all certificates manually
marked as trustworthy (certification authority and user certificates) is ensured. The displayed "fingerprints" can be used to check this integrity: Compare the displayed values
with the fingerprints specified by the issuer of the certificate (e.g. on the Internet). It is
sufficient to check one of the two values.
bintec WLAN and Industrial WLAN
119
7 System Management
Teldat GmbH
7.6.1.2 Certificate Request
Registration authority certificates in SCEP
If SCEP (Simple Certificate Enrollment Protocol) is used, your device also supports separate registration authority certificates.
Registration authority certificates are used by some Certificate Authorities (CAs) to handle
certain tasks (signature and encryption) during SCEP communication with separate keys,
and to delegate the operation to separate registration authorities, if applicable.
When a certificate is downloaded automatically, i.e. if CA Certificate = ## 7-
## is selected, all the certificates needed for the operation are loaded automatically.
If all the necessary certificates are already available in the system, these can also be selected manually.
Select the Certificate Request button to request or import more certificates.
120
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Fig. 55: System Management ->Certificates->Certificate List->Certificate Request
The menu System Management->Certificates->Certificate List->Certificate Request
consists of the following fields:
Fields in the Certificate Request menu.
Field
Description
Certificate Request De- Enter a unique description for the certificate.
scription
Mode
Select the way in which you want to request the certificate.
Possible settings:
• = (default value): Your device generates a PKCS#10
for the key. This file can then be uploaded directly in the
browser or copied in the
menu using the View details
bintec WLAN and Industrial WLAN
121
7 System Management
Teldat GmbH
Field
Description
field. This file must be provided to the CA and the received
certificate must then be imported manually to your device.
• )! : The key is requested from a CA using the Simple Certificate Enrolment Protocol.
Generate Private Key
Only for Mode = =
Select an algorithm for key creation.
<" (default value) and 7" are available.
Also select the length of the key to be created.
Possible values: , C, ', (, ', '.
Please note that a key with a length of 512 bits could be rated
as unsecure, whereas a key of 4096 bits not only needs a lot of
time to create, but also occupies a major share of the resources
during IPSec processing. A value of 768 or more is, however,
recommended and the default value is 1024 bits.
SCEP URL
Only for Mode = )!
Enter the URL of the SCEP server, e.g. http://scep.teldat.de:8080/scep/scep.dll
Your CA administrator can provide you with the necessary data.
CA Certificate
Only for Mode = )!
Select the CA certificate.
• In ## 7- ##: In CA Name, enter the name of the CA
certificate of the certification authority (CA) from which you
wish to request your certificate, e.g. --. Your CA administrator can provide you with the necessary data.
If no CA certificates are available, the device will first download the CA certificate of the relevant CA. It then continues
with the enrolment process, provided no more important parameters are missing. In this case, it returns to the Generate
Certificate Request menu.
If the CA certificate does not contain a CRL distribution point
(Certificate Revocation List, CRL), and a certificate server is
122
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
not configured on the device, the validity of certificates from
this CA is not checked.
• <name of an existing certificate>: If all the necessary certificates are already available in the system, you select these
manually.
RA Sign Certificate
Only for Mode = )!
Only for CA Certificate not = ## 7- ##
Select a certificate for signing SCEP communication.
The default value is ## +
)" )
##, i.e. the
CA certificate is used.
RA Encrypt Certificate
Only for Mode = )!
Only if RA Sign Certificate not = ## +
)" )
##
If you use one of your own certificates to sign communication
with the RA, you can select another one here to encrypt communication.
The default value is ## +
<" )
##, i.e.
the same certificate is used as for signing.
Password
Only for Mode = )!
You may need a password from the certification authority to obtain certificates for your keys. Enter the password you received
from the certification authority here.
Fields in the Subject Name menu.
Field
Description
Custom
Select whether you want to enter the name components of the
subject name individually as specified by the CA or want to
enter a special subject name.
If is selected, a subject name can be given in Summary with attributes not offered in the list. Example:
"CN=VPNServer, DC=mydomain, DC=com, c=DE".
bintec WLAN and Industrial WLAN
123
7 System Management
Teldat GmbH
Field
Description
If the field is not selected, enter the name components in Common Name, E-mail, Organizational Unit, Organization, Locality, State/Province and Country.
The function is disabled by default.
Summary
Only for Custom = enabled.
Enter a subject name with attributes not offered in the list.
Example: "CN=VPNServer, DC=mydomain, DC=com, c=DE".
Common Name
Only for Custom = disabled.
Enter the name according to CA.
E-mail
Only for Custom = disabled.
Enter the e-mail address according to CA.
Organizational Unit
Only for Custom = disabled.
Enter the organisational unit according to CA.
Organization
Only for Custom = disabled.
Enter the organisation according to CA.
Locality
Only for Custom = disabled.
Enter the location according to CA.
State/Province
Only for Custom = disabled.
Enter the state/province according to CA.
Country
Only for Custom = disabled.
Enter the country according to CA.
The menu Advanced Settings consists of the following fields:
Fields in the Subject Alternative Names menu.
124
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
Field
Description
#1, #2, #3
For each entry, define the type of name and enter additional
subject names.
Possible values:
• 2
(default value): No additional name is entered.
• 6!: An IP address is entered.
• 72: A DNS name is entered.
• #: An e-mail address is entered.
• +<6: A uniform resource identifier is entered.
• 72: A distinguished name (DN) name is entered.
• <67: A registered identity (RID) is entered.
Fields in the Options menu
Field
Description
Autosave Mode
Select whether your device automatically stores the various
steps of the enrolment internally. This is an advantage if enrolment cannot be concluded immediately. If the status has not
been saved, the incomplete registration cannot be completed.
As soon as the enrolment is completed and the certificate has
been downloaded from the CA server, it is automatically saved
in the device configuration.
The function is enabled with .
The function is enabled by default.
7.6.1.3 Import
Choose the Import button to import certificates.
bintec WLAN and Industrial WLAN
125
7 System Management
Teldat GmbH
Fig. 56: System Management ->Certificates->Certificate List->Import
The menu System Management->Certificates->Certificate List->Import consists of the
following fields:
Fields in the Import menu.
Field
Description
External Filename
Enter the file path and name of the certificate to be imported, or
use Browse... to select it from the file browser.
Local Certificate Description
Enter a unique description for the certificate.
File Encoding
Select the type of coding so that your device can decode the
certificate.
Possible values:
• " (default value): Activates automatic code recognition. If
downloading the certificate in auto mode fails, try with a certain type of encoding.
• *
'
• *,
Password
You may need a password to obtain certificates for your keys.
Enter the password here.
7.6.2 CRLs
In the System Management->Certificates->CRLs menu, a list of all CRLs (Certification
Revocation List) is displayed.
126
bintec WLAN and Industrial WLAN
7 System Management
Teldat GmbH
If a key is no longer to be used, e.g. because it has fallen into the wrong hands or has been
lost, the corresponding certificate is declared invalid. The certification authority revokes the
certificate and publishes it on a certificate blacklist, so-called CRL. Certificate users should
always check against these lists to ensure that the certificate used is currently valid. This
check can be automated via a browser.
The Simple Certificate Enrollment Protocol (SCEP) supports the issue and revocation of
certificates in networks.
7.6.2.1 Import
Choose the Import button to import CRLs.
Fig. 57: System Management ->Certificates->CRLs->Import
The System Management->Certificates->CRLs->Importmenu consists of the following
fields:
Fields in the CRL Import menu.
Field
Description
External Filename
Enter the file path and name of the CRL to be imported, or use
Browse... to select it from the file browser.
Enter a unique description for the CRL.
Local Certificate Description
File Encoding
Select the type of encoding, so that your device can decode the
CRL.
Possible values:
• " (default value): Activates automatic code recognition. If
downloading the CRL in auto mode fails, try with a certain
bintec WLAN and Industrial WLAN
127
7 System Management
Teldat GmbH
Field
Description
type of encoding.
• *
'
• *,
Password
Enter the password required for the import.
7.6.3 Certificate Servers
A list of certificate servers is displayed in the System Management->Certificates->Certificate Servers menu.
A certification authority (certification service provider, Certificate Authority, CA) issues your
certificates to clients applying for a certificate via a certificate server. The certificate server
also issues the private key <<<und hält Zertifikatsperrlisten (CRL) bereit, die zur Prüfung
von Zertifikaten entweder per LDAP oder HTTP vom Gerät abgefragt werden.>>>
7.6.3.1 New
Choose the New button to set up a certificate server.
Fig. 58: System Management ->Certificates->Certificate Servers ->New
The System Management->Certificates->Certificate Servers->Newmenu consists of the
following fields:
Fields in the Basic Parameters menu.
128
Field
Description
Description
Enter a unique description for the certificate server.
LDAP URL Path
Enter the LDAP URL or the HTTP URL of the server.
bintec WLAN and Industrial WLAN
8 Physical Interfaces
Teldat GmbH
Chapter 8 Physical Interfaces
In this menu, you configure the physical interfaces that you have used when connecting
your gateway. The configuration interface only shows the interfaces that are available on
your device. In the System Management->Status menu, you can see a list of all physical
interfaces and information on whether the interfaces are connected or active and whether
they have already been configured.
8.1 Ethernet Ports
An Ethernet interface is a physical interface for connection to the local network or external
networks.
Note
In the ex works state, the Ethernet ports ETH1 and ETH2 are assigned to the standard
bridge group , which is preconfigured as DHCP client and with the fallback IP Address and Netmask .
8.1.1 Port Configuration
Your device allows you to configure the two Ethernet interfaces separately.
Fig. 59: Physical Interfaces ->Ethernet Ports ->Port Configuration
The menu Physical Interfaces->Ethernet Ports->Port Configuration consists of the following fields:
bintec WLAN and Industrial WLAN
129
8 Physical Interfaces
Teldat GmbH
Fields in the Port Configuration menu.
Field
Description
Switch Port
Shows the respective port. The numbering corresponds to the
numbering of the Ethernet ports on the back of the device.
Interface
Displays the interface assigned to the Ethernet port here.
Configured Speed /
Mode
Select the mode in which the interface is to run.
Possible values:
• "
(default value)
• " % ,
• " % ,
• " % 4 7%
:
• " % 4 ; 7%
:
• " % 4 7%
:
• " % 4 ; 7%
:
• :
% 4 7%
:
• :
% 4 7%
:
• :
% 4 ; 7%
:
• :
% 4 7%
:
• :
% 4 ; 7%
:
• 2
: The interface is created but remains inactive.
Current Speed / Mode
Shows the actual mode and actual speed of the interface.
Possible values:
• % 4 7%
:
• % 4 ; 7%
:
• % 4 7%
:
• % 4 ; 7%
:
• 7-
130
bintec WLAN and Industrial WLAN
8 Physical Interfaces
Teldat GmbH
8.2 Serial Port
The serial interface can be operated as a console or as a data interface. In data interface
mode, the data for the serial interface can be transmitted over an IP infrastructure (Serial
over IP).
8.2.1 Serial Port
In the Physical Interfaces->Serial Port->Serial Port menu, you can perform settings for
the serial interface.
Fig. 60: Physical Interfaces ->Serial Port ->Serial Port
The Physical Interfaces->Serial Port->Serial Portmenu consists of the following fields:
Fields in the Controller Configuration menu.
Field
Description
Port Mode
Select in which mode the serial interface is to be used.
Possible values:
• ) (default value): The serial interface is used
as a console.
• 7 !: The serial interface is operated as a data interface, Serial over IP is used.
If the 7 ! option is selected for Port Mode, an extra configuration section opens.
bintec WLAN and Industrial WLAN
131
8 Physical Interfaces
Teldat GmbH
Fig. 61: Physical Interfaces ->Serial Port ->Serial Port with Port Mode = 7 !
Fields in the Serial Settings menu.
Field
Description
Baudrate
Select which baud rate should be used. Make sure that the remote terminal is suitable for the selected baud rate. If this is not
the case, you will not be able to establish a serial connection to
the device.
Possible values:
• (
• • • '
• '
132
bintec WLAN and Industrial WLAN
8 Physical Interfaces
Teldat GmbH
Field
Description
• (default value)
• • C
• Data Bits
Select how many data bits should be sent in sequence for traffic
data.
Possible values:
• (default value): Eight Data Bits are sent in sequence.
• C: Seven Data Bits are sent in sequence.
Parity
Select whether or not a parity bit should be used to identify
transmission errors.
Possible values:
• 2
(default value): No parity bit is used.
• 0
: An even number of "1" bits is used to identify transmission errors.
• 8: An uneven number of "1" bits is used to identify transmission errors.
Stop Bits
Stop bits terminate the data transmission of a transmission unit.
Choose whether a stop bit should be used or whether two stop
bits should be used.
Possible values:
• (default value)
• Handshake
Choose how the recipient can continue the data transmission so
that no data is lost, if no other data can be processed.
Possible values:
• 2
(default value): The recipient is unable to continue the
data transmission.
• </4)/: The hardware handshake used controls the data
flow over the RTS and CTS lines.
bintec WLAN and Industrial WLAN
133
8 Physical Interfaces
Teldat GmbH
Field
Description
• B824B8: If the software handshake is used, the recipient
sends special signs to the sender to control the data flow.
Fields in the IP menu.
Field
Description
Mode
Select the Mode in which the gateway should process IP data
packets.
Possible values:
• 0
(default value): The gateway waits for incoming TCP
connections.
• )
: The gateway actively sets up a TCP connection.
• +7!: The gateway sends and receives UDP packets.
Local IP Address
Enter the IP address of the client logging in. IF Local IP Address = , any client can log in.
Local Port
Enter the port for Local IP Address.
Remote IP
Enter the IP address of the server at which your gateway should
log in.
Port Number
Enter the port for Remote IP.
Fields in the Trigger menu.
Field
Description
Byte Count
Enter the received characters in bytes, which are used as a trigger for data transmission.
The function is enabled with .
The function is enabled by default.
Possible values: .. '. Default value: .
Timeout
Enter the time in ms since receiving the last character, which is
used as a trigger for data transmission.
The function is enabled with .
The function is enabled by default.
134
bintec WLAN and Industrial WLAN
8 Physical Interfaces
Teldat GmbH
Field
Description
Possible values: .. (. Default value: .
Inter-Byte Gap
Enter the time in ms since receiving the first character, which is
used as a trigger for data transmission.
The function is enabled with .
The function is disabled by default.
Possible values: .. (. Default value: .
Fields in the Buffer menu.
Field
Description
Clear Serial RX-Buffer
Click the Clear button to clear the receive buffer.
Clear Serial TX-Buffer
Click the Clear button to clear the send buffer.
8.3 Relay
Devices of the WI series are fitted with a relay. The relay is open when at rest (i.e. unexcited/fault). You can choose whether the relay is manually controlled or used as an alarm
relay, coupled with the red error LED. When manually controlled, the state of the relay is
set during booting when the configuration is loaded.
8.3.1 Relay Configuration
In this menu, you can configure the Port Mode mode.
Fig. 62: Physical Interfaces ->Relay->Relay Configuration
The Physical Interfaces->Relay->Relay Configurationmenu consists of the following
fields:
Fields in the Basic Parameters menu.
bintec WLAN and Industrial WLAN
135
8 Physical Interfaces
Teldat GmbH
Field
Description
Port Mode
Possible values:
• 60
(default value): The relay is manually set to always open.
• "0
: The relay is manually set to always closed.
• " <
,: The relay is automatically coupled with the
red error LED.
136
bintec WLAN and Industrial WLAN
9 LAN
Teldat GmbH
Chapter 9 LAN
In this menu, you configure the addresses in your LAN and can structure your local network
using VLANs.
9.1 IP Configuration
In this menu, you can edit the IP configuration of the LAN and Ethernet interfaces of your
device.
9.1.1 Interfaces
The existing IP interfaces are listed in the LAN->IP Configuration->Interfaces menu. You
can edit the IP configuration of the interfaces or create virtual interfaces for special applications. Here is a list of all of the interfaces (logical Ethernet interfaces and others created in
the subsystems) configured in the System Management->Interface Mode / Bridge
Groups->Interfaces menu.
Use the
to edit the settings of an existing interface (bridge groups, Ethernet interfaces in
routing mode).
You can use the New button to create virtual interfaces. However, this is only needed in
special applications (e.g. BRRP).
Depending on the option selected, different fields and options are available. All the configuration options are listed below.
Note
Please note:
If your device has obtained an IP address dynamically from a DHCP server operated
in your network for the basic configuration, the fallback IP address is deleted automatically and your device will no longer function over this address.
However, if you have set up a connection to the device over the fallback IP address or
have assigned an IP address with the Dime Manager in the basic configuration, you
will only be able to access your device over this IP address. The device will no longer
obtain an IP configuration dynamically over DHCP.
bintec WLAN and Industrial WLAN
137
9 LAN
Teldat GmbH
Example of subnets
If your device is connected to a LAN that consists of two subnets, you should enter a
second IP Address / Netmask.
The first subnet has two hosts with the IP addresses 192.168.42.1 and 192.168.42.2, for
example, and the second subnet has two hosts with the IP addresses 192.168.46.1 and
192.168.46.2. To be able to exchange data packets with the first subnet, your device uses
the IP address 192.168.42.3, for example, and 192.168.46.3 for the second subnet. The
netmasks for both subnets must also be indicated.
9.1.1.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to create virtual inter-
faces.
Fig. 63: LAN->IP Configuration ->Interfaces->
The LAN->IP Configuration->Interfaces->
/New
/New menu consists of the following fields:
Fields in the Basic Parameters menu.
138
Field
Description
Based on Ethernet Interface
This field is only displayed if you are editing a virtual routing interface.
bintec WLAN and Industrial WLAN
9 LAN
Teldat GmbH
Field
Description
Select the Ethernet interface for which the virtual interface is to
be configured.
Address Mode
Select how an IP address is assigned to the interface.
Possible values:
• (default value): The interface is assigned a static IP
address in IP Address / Netmask.
• 7;)!: An IP address is assigned to the interface dynamically
via DHCP.
IP Address / Netmask
Only for Address Mode = With Add, add a new address entry, enter the IP Address and
the corresponding Netmask of the virtual interface.
Interface Mode
Only for physical interfaces in routing mode.
Select the configuration mode of the interface.
Possible values:
• +
(default value): The interface is not assigned for a
specific purpose.
• /
@3."2A: This option only applies for routing interfaces.
You use this option to assign the interface to a VLAN. This is
done using the VLAN ID, which is displayed in this mode and
can be configured. The definition of a MAC address in MAC
Address is optional in this module.
MAC Address
Only with virtual interfaces and only for Interface Mode = +#
Enter the MAC address associated with the interface. For virtual
interfaces, you can use the MAC address of the physical interface under which the virtual interface was created, but this is not
necessary. You can also allocate a virtual MAC address. The
first 6 characters of the MAC are preset (but can be changed).
VLAN ID
bintec WLAN and Industrial WLAN
Only for Interface Mode = /
@3."2A
139
9 LAN
Teldat GmbH
Field
Description
This option only applies for routing interfaces. Assign the interface to a VLAN by entering the VLAN ID of the relevant VLAN.
Possible values are (default value) to ''.
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu.
Field
Description
DHCP MAC Address
Only for Address Mode = 7;)!
If Use built-in is activated (default setting), the hardware MAC
address of the Ethernet interface is used. In the case of physical
interfaces, the current MAC address is entered by default.
If you disable Use built-in, you enter an MAC address for the
virtual interface, e.g. &
&&&&(.
Some providers use hardware-independent MAC addresses to
allocate their clients IP addresses dynamically. If your provider
has assigned you a MAC address, enter this here.
DHCP Hostname
Only for Address Mode = 7;)!
Enter the host name requested by the provider. The maximum
length of the entry is 45 characters.
DHCP Broadcast Flag
Only for Address Mode = 7;)!
Choose whether or not the BROADCAST bit is set in the DHCP
requests for your device. Some DHCP servers that assign IP
addresses by UNICAST do not respond to DHCP requests with
the set BROADCAST bit. In this case, it is necessary to send
DHCP requests in which this bit is not set. In this case, disable
this option.
The function is activated by selecting .
The function is enabled by default.
Proxy ARP
Select whether your device is to respond to ARP requests from
its own LAN on behalf of defined remote terminals.
The function is activated by selecting .
140
bintec WLAN and Industrial WLAN
9 LAN
Teldat GmbH
Field
Description
The function is disabled by default.
TCP-MSS Clamping
Select whether your device is to apply MSS Clamping. To prevent IP packets fragmenting, the MSS (Maximum Segment
Size) is automatically decreased by the device to the value set
here.
The function is activated by selecting .
The function is disabled by default. Once enabled, the default
value ( is entered in the input field.
9.2 VLAN
By implementing VLAN segmentation in accordance with 802.1Q, you can configure
VLANs on your device. The wireless ports of an access point, in particular, are able to remove the VLAN tag of a frame sent to the clients and to tag received frames with a predefined VLAN ID. This functionality makes an access point nothing less than a VLANcompliant switch with the enhancement of grouping clients into VLAN groups. In general,
VLAN segmenting can be configured with all interfaces.
bintec WLAN and Industrial WLAN
141
9 LAN
Teldat GmbH
Fig. 64: VLAN segmenting
VLAN for Bridging and VLAN for Routing
In the LAN->VLAN menu, VLANs (virtual LANs) are configured with interfaces that operate
in Bridging mode. Using the VLAN menu, you can make all the settings needed for this and
query their status.
Caution
For interfaces that operate in Routing mode, you only assign a VLAN ID to the interface. You define this via the parameters Interface Mode = /
@3."2A and field
VLAN ID in menu LAN->IP Configuration->Interfaces->New.
142
bintec WLAN and Industrial WLAN
9 LAN
Teldat GmbH
9.2.1 VLANs
In this menu, you can display all the VLANs already configured, edit your settings and create new VLANs. By default, the =
VLAN is available, to which all interfaces are
assigned.
9.2.1.1 Edit or New
Choose the
icon to edit existing entries. Select the New button in order to create new
VLANs.
Fig. 65: LAN->VLAN->VLANs->New
The LAN->VLAN->VLANs->New menu consists of the following fields:
Fields in the Configure VLAN menu.
Field
Description
VLAN Identifier
Enter the number that identifies the VLAN. In the
menu, you
can no longer change this value.
Possible values are to ''.
VLAN Name
Enter a unique name for the VLAN. A character string of up to
32 characters is possible.
VLAN Members
Select the ports that are to belong to this VLAN. You can use
the Add button to add members.
For each entry, also select whether the frames to be transmitted
from this port are to be transmitted /
(i.e. with VLAN information) or +
(i.e. without VLAN information).
bintec WLAN and Industrial WLAN
143
9 LAN
Teldat GmbH
9.2.2 Port Configuration
In this menu, you can define and view the rules for receiving frames at the VLAN ports.
Fig. 66: LAN->VLANs->Port Configuration
The LAN->VLANs->Port Configurationmenu consists of the following fields:
Fields in the Port Configuration menu.
Field
Description
Interface
Shows the port for which you define the PVID and processing
rules.
PVID
Assign the selected port the required PVID (Port VLAN Identifier).
If a packet without a VLAN tag reaches this port, it is assigned
this PVID.
Drop untagged frames If this option is enabled, untagged frames are discarded. If the
option is disabled, untagged frames are tagged with the PVID
defined in this menu.
Drop non-members
If this option is enabled, all tagged frames that are tagged with a
VLAN ID to which the selected port does not belong are discarded.
9.2.3 Administration
In this menu, you make general settings for a VLAN. The options must be configured separately for each bridge group.
144
bintec WLAN and Industrial WLAN
9 LAN
Teldat GmbH
Fig. 67: LAN->VLANs->Administration
The LAN->VLANs->Administrationmenu consists of the following fields:
Fields in the Bridge Group br<ID> VLAN Options menu
Field
Description
Enable VLAN
Enable or disable the specified bridge group for VLAN.
The function is enabled with .
The function is not activated by default.
Management VID
bintec WLAN and Industrial WLAN
Select the VLAN ID of the VLAN in which your device is to operate.
145
10 Wireless LAN
Teldat GmbH
Chapter 10 Wireless LAN
In the case of wireless LAN or Wireless LAN (WLAN = Wireless Local Area Network), this
relates to the creation of a network using wireless technology.
Network functions
Like a wired network, a WLAN offers all the main network functions. Access to servers,
files, printers, and the e-mail system is just as reliable as company-wide Internet access.
Because the devices do not require any cables, the great advantage of WLAN is that there
are no building-related restrictions (i.e. the device location does not depend on the position
and number of connections).
Currently applicable standard: IEEE 802.11
In the case of 802.11-WLANs, all the functions of a wired network are possible. WLAN
transmits inside and outside buildings with a maximum of 100 mW.
IEEE 802.11g is currently the most widespread standard for wireless LANs and offers a
maximum data transmission rate of 54 mbps. This procedure operates in the radio frequency range of 2.4 GHz, which ensures that parts of the building are penetrated as effectively as possible with a low transmission power that poses no health risks.
A 802.11g-compatible standard is 802.11b, which operates in the 2.4 GHz range (2400
MHz - 2485 MHz) and offers a maximum data transmission rate of 11 mbps. 802.11b and
802.11g WLAN systems involve no charge or login.
With 802.11a, bandwidths of up to 54 mbps can be used in the 5150 GHz to 5725 MHz
range. With the higher frequency range, 19 non-overlapping frequencies are available (in
Germany). This frequency range can also be used without a licence in Germany. In
Europe, transmission power of not just 30 mW but 1000 mW can be used with 802.11h, but
only if TPC (TX Power Control, method for controlling transmission power in wireless systems to reduce interferences) and DFS (Dynamic Frequency Selection) are used. The purpose of TPC and DFS is to ensure that satellite connections and radar devices are not interfered with.
The standard 802.11n (Draft 2.0) uses MIMO technology (Multiple Input Multiple Output) for
data transmission that allows data transfer via WLAN over longer distances or with higher
data rates. With a bandwidth of 20 or 40 MHz, a gross data rate of 150 Mbps or 300 Mbps
is achieved.
146
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
An amendment to the Telecommunications Act (TKG) allowed the 5.8 GHz band (5755
MHz - 5875 MHz) to be used for so-called BFWA applications (Broadband Fixed Wireless
Access). This simply requires registration with the Federal Network Agency. However, the
use of TPC and DFS is mandatory in this case.
10.1 WLAN
In the Wireless LAN->WLAN menu, you can configure all WLAN modules of your device.
Depending on the model, one or two WLAN modules, WLAN 1 and, where applicable,
WLAN 2, are available.
10.1.1 Radio Settings
In the Wireless LAN->WLAN->Radio Settings menu, an overview of all the configuration
options for the WLAN module is displayed.
Fig. 68: Wireless LAN ->WLAN->Radio Settings
10.1.1.1 Radio Settings->
In this menu, you change the settings for the wireless module.
Select the
bintec WLAN and Industrial WLAN
icon to edit the configuration.
147
10 Wireless LAN
Teldat GmbH
Fig. 69: Wireless LAN ->WLAN->Radio Settings ->
148
for Operation Mode "
!
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 70: Wireless LAN WLAN Radio Settings
The Wireless LAN->WLAN->Radio Settings->
for Operation Mode "
)
menu consists of the following fields:
Fields in the menu Wireless Settings
Field
Description
Operation Mode
Define the mode in which the wireless module of your device is
to operate.
Possible values:
• 8 (default value): The wireless module is not active.
• "
!: Your device is used as an access point in
your network.
• "
)
: Your device serves as an Access Client in
your network. Not available for bintec W1003n, bintec
W2003n, bintec W2003n-ext and bintec W2004n.
• *
: Your device is used as a wireless bridge in your network. Not available for bintec W1003n, bintec W2003n,
bintec W2003n-ext, bintec W2004n and devices in the RS
series.
bintec WLAN and Industrial WLAN
149
10 Wireless LAN
Teldat GmbH
Field
Client Mode
Description
Only for Operation Mode = "
)
Select the client connection mode to the access point.
Possible values:
• 6
(default value): In a network in infrastructure mode, all clients communicate with each other via access
points only. There is no direct communication between the individual clients.
• " ;: In ad-hoc mode, an access client can be used as
central interface between a number of terminals. In this way,
devices such as computers and printers can be wirelessly interconnected.
Select the Channelto be used.
Operation Band
Select the operation band and, where applicable, the usage
area of the wireless module.
For Operation Mode = "
!, *
or Operation
Mode = "
)
and Client Mode = " ;
Possible values:
• ' 1;D 648 (default value): Your device is operated at 2.4 GHz (mode 802.11b and mode 802.11g), inside or
outside buildings.
• 1;D 6: Your device runs in 5 GHz (Mode 802.11a/h)
inside buildings.
• 1;D 8: Your device runs in 5 GHz (Mode
802.11a/h) outside buildings.
• 1;D 648: Your device is run with 5 GHz (Mode
802.11a/h) inside or outside buildings.
• 1;D 8: Only for so-called Broadband Fixed
Wireless Access (BFWA) applications. The frequencies in the
frequency range from 5,755 MHz to 5,875 MHz may only be
used in conjunction with commercial offers for public network
accesses and requires registration with the Federal Network
Agency.
For Operation Mode = "
)
and Client Mode =
6
150
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
Possible values:
• ' 1;D: Your device runs in 2.4 (Mode 802.11b
and Mode 802.11g) or 5 GHz (Mode 802.11a/h).
• 1;D (default value): Your device runs in 5 GHz (Mode
802.11a/h).
• ' 1;D: Your device runs in 2.4 GHz (Mode 802.11b and
Mode 802.11g).
Usage Area
Only for Operation Mode = "
)
, Client Mode =
6
and Operation Band = ' 1;D or
1;D
Possible values:
• 6#8 (default value)
• 6
• 8
IEEE 802.11d Compliance
Only for Operation Mode = "
)
Select how the country information is determined.
Possible values:
• :
(default value): The system attempts to determine
the country information of the access point, otherwise the system's own country information is used.
• 2
: The system's own country information is used.
• : The country information of the access point is used.
Channel
The number of channels you can select depends on the country
setting. Please consult the data sheet for your device.
Access Point Mode / Bridge Mode:
Configuring the network name (SSID) in Access Point mode
means that wireless networks can be logically separated from
each other, but they can still physically interfere with each other
if they are operating on the same or closely adjacent wireless
channels. So if you are operating two or more radio networks
close to each other, it is advisable to allocate the networks to
different channels. Each of these should be spaced at least four
bintec WLAN and Industrial WLAN
151
10 Wireless LAN
Teldat GmbH
Field
Description
channels apart, as a network also partially occupies the adjacent channels.
In the case of manual channel selection, please make sure first
that the clients actually support these channels.
Possible values:
• For Operation Band = ' 1;D 648
Possible values are to ( and " (default value). " is
not possible in bridge mode.
• For Operation Band = 1;D 6
Possible values are (, ', '', ' and " (standard
value)
• For Operation Band = 1;D 648 and 1;D
8 and 1;D 8
Only the " option is possible here.
Access Client mode:
In Access Client mode, you may only select the proper channel
in Client Mode = " ;.
Possible values:
• For Operation Band = ' 1;D 648
Possible values are to ( and " (default value).
• For Operation Band = 1;D 6
Possible values are (, ', '', ' and " (standard
value)
• For Operation Band = 1;D 648 and 1;D
8 and 1;D 8
Only the " option is possible here.
Selected Channel
Displays the channel used.
Used Secondary Chan- Not for Operation Mode = "
! and Operation
nel
Band = ' 1;D 648
152
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
Displays the second channel used.
Bandwidth
Only for Wireless Mode = 44, 4,
, 4
Select how many channels are to be used.
Possible values:
• =;D (default value): One channel with 20 MHz bandwidth
is used.
• ' =;D: Two channels each with 20 MHz bandwidth are
used. In the case one channel acts as a control channels and
the other as an expansion channel.
Number of Spatial
Streams
Only for Wireless Mode = 44, 4,
, 4
Select how many traffic flows are to be used in parallel.
Possible values:
• (: Three traffic flows are used.
• : Two traffic flows are used.
• : One traffic flow is used.
Max. Link Distance
Only for Operation Mode = *
Enter the maximum link range.
If the +
option is enabled, the automatically generated range is used.
If this option is not enabled, enter the desired maximum value in
the m field.
Option +
is active by default.
Transmit Power
Select the maximum value for the radiated antenna power. The
actually radiated antenna power may be lower than the maximum value set, depending on the data rate transmitted. The maximum value for Transmit Power is country-dependent.
Possible values:
bintec WLAN and Industrial WLAN
153
10 Wireless LAN
Teldat GmbH
Field
Description
• =: (default value): The maximum antenna power is used.
• *
• *
• *
• ' *
• *
Fields in the menu Performance Settings
Field
Description
Wireless Mode
Select the wireless technology that the access point is to use.
Only for Operation Band = ' 1;D 648
Possible values:
• : The device operates only in accordance with
802.11g. 802.11b clients have no access.
• : Your device operates only in accordance with
802.11b and forces all clients to adapt to it.
• :
@4A: Your device adapts to the client
technology and operates according to either 802.11b or
802.11g.
• :
@4A: Your device adapts to the client technology and operates according to either 802.11b or
802.11g. Only a data rate of 1 and 2 mbps needs to be supported by all clients (basic rates). This mode is also needed
for Centrino clients if connection problems occur.
• :
@4A: Your device adapts to the
client technology and operates according to either 802.11b or
802.11g. The following applies for mixed-short: The data rates
5.5 and 11 mbps must be supported by all clients (basic
rates).
• 44: Your device operates according to either
802.11b, 802.11g or 802.11n.
• 4: Your device operates according to either
802.11g or 802.11n.
• : Your device operates only according to 802.11n.
154
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
In Operation Mode "
)
with Client Mode "
; additional options are available for Operation Band = 1;D 6, 1;D 8, 1;D 648, 1;D
8
Possible values:
• : The device operates only in accordance with
802.11a.
• : Your device operates only according to 802.11n.
• 4: Your device operates according to either
802.11a or 802.11n.
• 444 (display only) Only in Operation Mode "#
)
with Client Mode 6
.
Max. Transmission
Rate
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Select the transmission speed.
Possible values:
• " (default value): The transmission speed is determined
automatically.
• >3
?: According to setting for Operation Band, Bandwidth, Number of Spatial Streams and Wireless Mode various fixed values in mbps are available.
Burst Mode
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Activate this function to increase the transmission speed for
802.11g through frame bursting. As a result, several packets
are sent one after the other without a waiting period. This is particularly effective in 11b/g mixed operation.
The function is enabled with .
The function is activated by default.
If problems occur with older WLAN hardware, this function
should be deactivated.
Airtime fairness
bintec WLAN and Industrial WLAN
This function is not available for all devices.
155
10 Wireless LAN
Teldat GmbH
Field
Description
The Airtime fairness function ensures that the access point's
send resources are distributed intelligently to the connected clients. This means that a powerful client (e. g. a 802.11n client)
cannot achieve only a poor flow level, because a less powerful
client (e. g. a 802.11a client) is treated in the same way when
apportioning.
The function is enabled with .
The function is disabled by default.
This fuction is only applied to unprioritized frames of the WMM
Classe "Background".
The menu Advanced Settings consists of the following fields:
Fields in the Advanced Settings menu for operating mode = Access Point
Field
Description
Channel Plan
Only for Operation Mode = "
! and Channel =
"
Select the desired channel plan.
The channel plan makes a preselection when a channel is selected. This ensures that no channels overlap, i.e. a distance of
four channels is maintained between the channels used. This is
useful if more access points are used with overlapping radio
cells.
Possible values:
• ": All channels can be dialled when a channel is selected.
• ": Depending on the region, operation band, wireless
mode and bandwidth, the channels that have a distance of 4
channels are provided.
• +
: Select the desired channels.
Selected Channels
Only for Channel Plan = +
The currently selected channels are displayed here.
With Add you can add channels. If all available channels are
displayed, you cannot add any more entries.
156
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
You can delete entries with the
Beacon Period
icon.
Only for Operation Mode = "
! or "
)#
with Client Mode " ;.
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Enter the time in milliseconds between the sending of two
beacons.
This value is transmitted in Beacon and Probe Response
Frames.
Possible values are to (.
The default value is ms.
DTIM Period
Only for Operation Mode = "
! or "
)#
with Client Mode " ;.
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Enter the interval for the Delivery Traffic Indication Message
(DTIM).
The DTIM field is a data field in transmitted beacons that informs clients about the window to the next broadcast or multicast transmission. If clients operate in power save mode, they
come alive at the right time and receive the data.
Possible values are to .
The default value is .
RTS Threshold
Here, you select how the RTS/CTS mechanism is to be
switched on/off.
If you choose +
#
, you can specify in the input field
the data packet length threshold in bytes (1 - 2346) as of which
the RTS/CTS mechanism is to be used. This makes sense if
several clients that are not in each other's wireless range are
run in one access point. The mechanism can also be switched
on/off independently of the data packet length by selecting the
bintec WLAN and Industrial WLAN
157
10 Wireless LAN
Teldat GmbH
Field
Description
value "-, or "-, (default value).
Short Guard Interval
Enable this function to reduce the guard interval (= time
between transmission of two data symbols) from 800 ns to 400
ns.
Short Retry Limit
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Enter the maximum number of attempts to send a frame. This
value must be less than or equal to the value specified in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is C.
Long Retry Limit
Not available for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n.
Enter the maximum number of attempts to send a data packet.
This value must be longer than the value specified in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is '.
Fragmentation
Threshold
Enter the maximum size as of which the data packets are to be
fragmented (i.e. split into smaller units). Low values are recommended for this field in areas with poor reception and in the
event of radio interference.
Possible values are to ('.
The default value is (' bytes.
If "
)
is selected for Operation Mode with Client Mode 6
,
the following parameters are additionally available under Advanced Settings:
158
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 71: Wireless LAN ->WLAN->Radio Settings ->
->Advanced Settings for Operation
Mode "
)
Fields in the menu Advanced Settings for Access Client Mode.
Field
Description
Scan channels
Choose the channels which the WLAN client automatically
scans for available wireless networks.
Possible values:
• " (default value): All channels are scanned.
• ": The channel is automatically selected.
• +
: The desired channels can therefore be
defined.
User Defined Channel
Plan
Only for Scan channels = +
Define the channels which the WLAN client automatically scans
for available wireless networks.
Roaming Profile
Select the roaming profile. The options available include typical
roaming functions.
Possible values:
• <: The WLAN client searches for available
bintec WLAN and Industrial WLAN
159
10 Wireless LAN
Teldat GmbH
Field
Description
wireless networks as soon as the radio signal of the existing
radio connection becomes unsuitable for higher data rates.
• 2 < (default value): Standard roaming.
• - <: The WLAN client searches for available
wireless networks as soon as the radio signal of the existing
radio connection becomes weaker.
• 2 <: The WLAN client searches for available wireless networks if it is no longer connected to a wireless network.
• ) <: Specify the individual roaming parameters.
Scan Threshold
Indicates the value in dBm above which the system scans for
available wireless networks in the background.
The value can only be modified for Roaming Profile = )
<. The default value is #C *.
Scan Interval
Indicates the interval in milliseconds after which the system
scans for available wireless networks.
The value can only be modified for Roaming Profile = )
<. The default value is .
Channel Sweep
Indicates how many frequencies are scanned in the background.
The value can only be modified for Roaming Profile = )
<. The default value is . The value disables the scan
in the background. The value # enables the scan of all available frequencies.
Min. Period Active
Scan
Displays the minimum active scanning time for a frequency in
milliseconds.
The value can only be modified for Roaming Profile = )
<. The default value is .
Max. Period Active
Scan
Displays the maximum active scanning time for a frequency in
milliseconds.
The value can only be modified for Roaming Profile = )
<. The default value is ' .
160
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Min. Period Passive
Scan
Description
Displays the minimum passive scanning time for a frequency in
milliseconds.
The value can only be modified for Roaming Profile = )
<. The default value is .
Max. Period Passive
Scan
Displays the maximum passive scanning time for a frequency in
milliseconds.
The value can only be modified for Roaming Profile = )
<. The default value is .
RTS Threshold
Select how the RTS/CTS mechanism is to be switched on/off.
If you choose +
#
, you can specify in the input field
the data packet length threshold in bytes (1 - 2346) as of which
the RTS/CTS mechanism is to be used. This makes sense if
several clients that are not in each other's wireless range are
run in one access point. The mechanism can also be switched
on/off independently of the data packet length by selecting the
value "-, or. "-, (default value).
Short Guard Interval
Enable this function to reduce the guard interval (= time
between transmission of two data symbols) from 800 ns to 400
ns.
Short Retry Limit
Enter the maximum number of attempts to send a frame. This
value must be less than or equal to the value specified in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is C.
Long Retry Limit
Enter the maximum number of attempts to send a data packet.
This value must be longer than the value specified in RTS
Threshold. After this many failed attempts, the packet is discarded.
Possible values are to .
The default value is '.
bintec WLAN and Industrial WLAN
161
10 Wireless LAN
Teldat GmbH
Field
Description
Fragmentation
Threshold
Enter the maximum size as of which the data packets are to be
fragmented (i.e. split into smaller units). Low values are recommended for this field in areas with poor reception and in the
event of radio interference.
Possible values are to ('.
The default value is (' bytes.
10.1.2 Wireless Networks (VSS)
If you are operating your device in Access Point Mode ( Wireless LAN->WLAN->Radio
Settings-> ->Operation Mode = "
!), in the menu Wireless LAN->WLAN>Wireless Networks (VSS)->
/ New you can edit the wireless networks required or set
new ones up.
Note
The preset wireless network default has the following security settings in the ex works
state:
• Security Mode = !"#!$
• WPA Mode = !" !" • WPA Cipher as well as WPA2 Cipher = " /$6!
• The Preshared Key is filled with an internal system value, which you must change
during configuration.
Setting network names
In contrast to a LAN set up over Ethernet, a wireless LAN does not have any cables for setting up a permanent connection between the server and clients. Access violations or faults
may therefore occur with directly adjacent radio networks. To prevent this, every radio network has a parameter that uniquely identifies the network and is comparable with a domain
name. Only clients with a network configuration that matches that of your device can communicate in this WLAN. The corresponding parameter is called the network name. In the
network environment, it is sometimes also referred to as the SSID.
Protection of wireless networks
As data can be transmitted over the air in the WLAN, this data can in theory be intercepted
162
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
and read by any attacker with the appropriate resources. Particular attention must therefore
be paid to protecting the wireless connection.
There are three security modes, WEP, WPA-PSK and WPA Enterprise. WPA Enterprise offers the highest level of security, but this security mode is only really suitable for companies, because it requires a central authentication server. Private users should choose WEP
or preferably WPA-PSK with higher security as their security mode.
WEP
802.11 defines the security standard WEP (Wired Equivalent Privacy = encryption of data
with 40 bit (Security Mode = ! ') or 104 bit (Security Mode = ! '). However,
this widely used WEP has proven susceptible to failure. However, a higher degree of security can only be achieved through hardware-based encryption which required additional
configuration (for example 3DES or AES). This permits even sensitive data from being
transferred via a radio path without fear of it being stolen.
IEEE 802.11i
Standard IEEE 802.11i for wireless systems contains basic security specifications for wireless networks, in particular with regard to encryption. It replaces the insecure WEP (Wired
Equivalent Privacy) with WPA (Wi-Fi Protected Access). It also includes the use of the advanced encryption standard (AES) to encrypt data.
WPA
WPA (Wi-Fi Protected Access) offers additional privacy by means of dynamic keys based
on the Temporal Key Integrity Protocol (TKIP), and offers PSK (preshared keys) or Extensible Authentication Protocol (EAP) via 802.1x (e.g. RADIUS) for user authentication.
Authentication using EAP is usually used in large wireless LAN installations, as an authentication instance in the form of a server (e.g. a RADIUS server) is used in these cases. PSK
(preshared keys) are usually used in smaller networks, such as those seen in SoHo (Small
office, Home office). Therefore, all the wireless LAN subscribers must know the PSK, because it is used to generate the session key.
WPA 2
The enhancement of WPA is WPA 2. In WPA 2, the 802.11i standard is not only implemented for the first time in full, but another encryption algorithm AES (Advanced Encryption
Standard) is also used.
Access control
bintec WLAN and Industrial WLAN
163
10 Wireless LAN
Teldat GmbH
You can control which clients can access your wireless LAN via your device by creating an
Access Control List (Access Control oder MAC-Filter). In the Access Control List, you
enter the MAC addresses of the clients that may access your wireless LAN. All other clients
have no access.
Security measures
To protect the data transferred over the WLAN, the following configuration steps should be
carried out in the Wireless LAN->WLAN->Wireless Networks (VSS)->New menu, where
necessary:
• Change the access passwords for your device.
• Change the default SSID, Network Name (SSID) = , of your access point. Set
Visible = . This will exclude all WLAN clients that attempt to establish a connection with the general value for Network Name (SSID) ", and do not know the SSID settings.
• Use the available encryption methods. To do this, select Security Mode = ! ', !
', !"#!$ or !" %
and enter the relevant key in the access point under WEP Key 1 - 4 or Preshared Key and in the WLAN clients.
• The WEP key should be changed regularly. To do this, change the Transmit Key . Select
the longer 104 Bit WEP key.
• For transmission of information with very high security relevance, configure Security
Mode = !" %
with WPA Mode = !" . This method contains hardwarebased encryption and RADIUS authentication of the client. In special cases, combination
with IPSec is possible.
• Restrict WLAN access to permitted clients. Enter the MAC addresses of the wireless network cards for these clients in the Allowed Addresses list in the MAC-Filter menu (see
Fields in the menu MAC-Filter on page 170).
A list of all WLAN networks is displayed in the Wireless LAN->WLAN->Wireless Networks (VSS) menu.
10.1.2.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to configure additional
wireless networks.
164
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 72: Wireless LAN ->WLAN->Wireless Networks (VSS) ->
The Wireless LAN->WLAN->Wireless Networks (VSS)->
->New
->New menu consists of the
following fields:
Fields in the menu Service Set Parameters
Field
Description
Network Name (SSID)
Enter the name of the wireless network (SSID).
Enter an ASCII string with a maximum of 32 characters.
Also select whether the Network Name (SSID) is to be transmitted.
The network name is displayed by selecting 3
.
It is visible by default.
Intra-cell Repeating
Select whether communication between the WLAN clients is to
be permitted within a radio cell.
The function is activated by selecting .
bintec WLAN and Industrial WLAN
165
10 Wireless LAN
Teldat GmbH
Field
Description
The function is enabled by default.
ARP Processing
Select whether the ARP Processing function should be activated. The ARP data traffic is reduced in the network by the fact
that ARP broadcasts that have been converted to ARP unicasts
are forwarded to IP addresses that are known internally. Unicasts are quicker and clients with an enabled power save function are not addressed.
The function is activated by selecting .
The function is disabled by default.
Please note that ARP Processing cannot be applied in conjunction with the MAC bridge function.
WMM
Select whether voice or video prioritisation via WMM (Wireless
Multimedia) is to be activated for the wireless network so that
optimum transmission quality is always achieved for time-critical
applications. Data prioritisation is supported in accordance with
DSCP (Differentiated Services Code Point) or IEEE802.1d.
The function is activated by selecting .
The function is enabled by default.
U-APSD
Only for bintec W1003n, bintec W2003n, bintec W2003n-ext
and bintec W2004n
Select whether the Unscheduled Automatic Power Save Delivery (U-APSD) mode is to be enabled.
The function is activated by selecting .
The function is enabled by default.
Fields in the menu Security Settings
Field
Description
Security Mode
Select the Security Mode (encryption and authentication) for
the wireless network.
Possible values:
• 60
(default value): Neither encryption nor authentica-
166
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
tion
Transmit Key
•
! ': WEP 40 bits
•
! ': WEP 104 bits
•
!"#!$: WPA Preshared Key
•
!" %
: 802.11i/TKIP
Only for Security Mode = ! ' or ! '
Select one of the keys configured in WEP Key <1 - 4> as a default key.
The default value is $
, .
WEP Key 1-4
Only for Security Mode = ! ', ! '
Enter the WEP key.
Enter a character string with the right number of characters for
the selected WEP mode. For ! ' you need a character
string with 5 characters, for ! ' with 13 characters, e. g.
for ! ', #-
% for ! '.
WPA Mode
Only for Security Mode = !"#!$ and !" %
Select whether you want to use WPA (with TKIP encryption) or
WPA 2 (with AES encryption), or both.
Possible values:
•
WPA Cipher
!" applied.
!" (default value): WPA and WPA 2 can be
•
!": Only WPA is applied.
•
!" : Only WPA 2 is applied.
Only for Security Mode = !"#!$ and !"
%
and for WPA Mode = !" and !" !" Select the type of encryption with which to apply WPA .
Possible values:
• " (default value): AES is used.
• " /$6! : AES or TKIP is used.
bintec WLAN and Industrial WLAN
167
10 Wireless LAN
Teldat GmbH
Field
Description
WPA2 Cipher
Only for Security Mode = !"#!$ and !"
%
and for WPA Mode = !" and !" !"
Select the type of encryption with which to apply WPA 2.
Possible values:
• " (default value): AES is used.
• " /$6!: AES or TKIP is used.
Preshared Key
Only for Security Mode = !"#!$
Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
Note
Change the default Preshared Key! If the key has not been
changed, your device will not be protected against unauthorised access!
EAP Preauthentification
Only for Security Mode = !" %
Select whether the EAP preauthentification function is to be activated. This function tells your device that WLAN clients, which
are already connected to another access point, can first carry
out 802.1x authentication as soon as they are within range.
Such WLAN clients can then simply connect over the existing
network connection with your device.
The function is activated by selecting .
The function is enabled by default.
Fields in the menu Client load balancing for bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n
Field
Description
Max. number of clients
Enter the maximum number of clients that can be connected to
- hard limit
this wireless network (SSID)
168
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
The maximum number of clients that can register with a wireless module depends on the specifications of the respective
WLAN module. This maximum is distrubuted across all wireless
networks configured for this radio module. No more new wireless networks can be created and a warning message will appear if the maximum number of clients is reached.
Possible values are whole numbers between and '.
The default value is (.
Max. number of clients
Not all devices support this function.
- soft limit
To avoid a radio module being fully utilised, you can set a "soft"
restriction on the number of connected clients. If this number is
reached, new connection queries are initially rejected. If the client cannot find another wireless network and, therefore, repeats
its query, the connection is accepted. Queries are only definitively rejected when the Max. number of clients - hard limit is
reached.
The value of the Max. number of clients - soft limit must be
the same as or less than that of the Max. number of clients hard limit.
The default value is .
You can disable this function if you set Max. number of clients
- soft limit and Max. number of clients - hard limit to identical
values.
Client Band select
Not all devices support this function.
This function requires a dual radio setup where the same wireless networkis configured on both radio modules, but in different
frequency bands.
The Client Band select option enables clients to be moved
from the frequency band originally selected to a less busy one,
providing the client supports this. To achieve a changeover, the
connection attempt of a client is initially refused so that the client repeats the attempt in a different frequency band.
Possible values:
bintec WLAN and Industrial WLAN
169
10 Wireless LAN
Teldat GmbH
Field
Description
• 7
# %D
(default
value): The function is not used for this VSS. This is useful if
clients are to switch between different radio cells with as little
delay as possible, e. g. with Voice over WLAN.
• E' 1;D %
: Preference is given to accepting clients in the 2.4 GHz band.
• 1;D %
: Preference is given to accepting
clients in the 5 GHz band.
Fields in the menu MAC-Filter
Field
Description
Access Control
Select whether only certain clients are to be permitted for this
wireless network.
The function is activated by selecting .
The function is disabled by default.
Allowed Addresses
Use Add to make entries and enter the MAC addresses (MAC
Address) of the clients to be permitted.
Fields in the menu Advanced Settingsfor bintec W1003n, bintec W2003n, bintec
W2003n-ext and bintec W2004n
Field
Description
Beacon Period
Enter the time in milliseconds between the sending of two
beacons.
This value is transmitted in Beacon and Probe Response
Frames.
Possible values are to (.
The default value is ms.
DTIM Period
Enter the interval for the Delivery Traffic Indication Message
(DTIM).
The DTIM field is a data field in transmitted beacons that informs clients about the window to the next broadcast or multicast transmission. If clients operate in power save mode, they
come alive at the right time and receive the data.
170
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
Possible values are to .
The default value is .
10.1.3 WDS Links
Not available with W1003n, W2003n, W2003n-ext and W2004n.
If you're operating your device in Access Point mode, ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = "
!), you can edit the desired WDS Links or
set up new ones in the menu Wireless LAN->WLAN->WDS Links->
/ New.
Important
The WDS link can only be configured in the 2.4 GHz band and in the 5 GHz band indoors if the channel is NOT ".
The number of channels you can select depends on the country setting. Please consult the
data sheet for your device.
WDS links (WDS = Wireless Distribution System) are static links between access points
(AP), which are generally used to connect clients with networks that are not directly accessible to them e.g. because the distance is too great. The access point sends from one
client to another access point, which then forwards the data to another client.
Important
Note that the data is transferred between the access points in unencrypted form over
the WDS link in the default configuration. You are therefore urgently advised to apply
one of the available security methods (WEP 40 or WEP 104) to protect data on WDS
links.
WDS links are configured as interfaces with the prefix 7. They behave like VSS interface
and only differ from these with respect to the predefined routing. A WDS link is defined as a
transit network: this relates to a point-to-point connection or point-to-multipoint connection
between two access points that are included in different networks.
bintec WLAN and Industrial WLAN
171
10 Wireless LAN
Teldat GmbH
10.1.3.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to configure additional
WDS links.
Fig. 73: Wireless LAN ->WLAN->WDS Links->New
The Wireless LAN->WLAN->WDS Links->New menu consists of the following fields:
Fields in the Basic Parameters menu.
Field
Description
WDS Description
Enter a name for the WDS link.
If the +
option is activated, the automatically generated name of the interface is used.
If the option is not activated, you can enter a suitable name in
the input field.
Option +
is active by default.
Fields in the WDS Security Settings menu.
Field
Description
Privacy
Select whether an encryption method is to be used for this WDS
link and if so, which one.
Possible values:
• 2
(default value): Data traffic on this WDS link is not encrypted.
•
172
! ': Data traffic on this WDS link is encrypted with WEP
40. In WEP Key 1 to WEP Key 4 enter the keys for this WDS
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Field
Description
link, and in Transmit Key select the default key.
Transmit Key
•
! ': Data traffic on this WDS link is encrypted with
WEP140. In WEP Key 1 to WEP Key 4 enter the keys for this
WDS link, and in Transmit Key select the default key.
•
!": Data traffic on this WDS link is encrypted with WPA.
Enter the key for this WDS link in Preshared Key.
•
!" : Data traffic on this WDS link is encrypted with WPA.
Enter the key for this WDS link in Preshared Key.
Only for Privacy = ! '
, ! '
Select one of the keys configured in WEP Key 1 to WEP Key 4
as a standard key.
The default value is $
, .
WEP Key 1 to WEP Key Only for Privacy = ! ', ! '
4
Enter the WEP key. There are two ways of entering a WEP key:
• Direct entry in hexadecimal form
If the entry starts with :, the generator is deactivated. Enter
a hexadecimal string with exactly the right number of characters for the selected WEP mode. 10 characters ! ' or 26
characters for ! ' e.g. ! ': :"*(C'), !
': :7)*7*7'7)(7*7(
• Direct entry of ASCII characters
Enter a character string with the right number of characters for
the selected WEP mode. For ! ' you need a character
string with 5 characters, for ! ' with 13 characters, e.g.
for ! ', #-
% for ! '.
Preshared Key
Only for Privacy = !", !" Enter the WPA password.
Enter an ASCII string with 8 - 63 characters.
Fields in the Remote Partner menu.
bintec WLAN and Industrial WLAN
173
10 Wireless LAN
Teldat GmbH
Field
Description
Remote MAC Address
Enter the MAC address of the WDS partner.
10.1.4 Client Link
Not available with W1003n, W2003n, W2003n-ext and W2004n.
If you're operating your device in Access Point mode, ( Wireless LAN->WLAN->Radio Settings-> ->Operation Mode = "
)
), you can edit the existing client links in
the Wireless LAN->WLAN->Client Link->
menu.
The Client Mode can be operated in infrastructure mode or in ad-hoc mode.
In a network in infrastructure mode, all clients communicate with each other via access
points only. There is no direct communication between the individual clients.
In ad-hoc mode, an access client can be used as central interface between a number of
terminals. In this way, devices such as computers and printers can be wirelessly interconnected.
10.1.4.1 Edit
Choose the
icon to edit existing entries.
Fig. 74: Wireless LAN ->WLAN->Client Link->
The Wireless LAN->WLAN->Client Link->
menu consists of the following fields:
Fields in the Basic Parameters menu.
Field
Description
Network Name (SSID)
Enter the name of the wireless network (SSID).
Enter an ASCII string with a maximum of 32 characters.
174
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fields in the Security Settings menu.
Field
Description
Security Mode
Select the security mode (encryption and authentication) for the
wireless network.
Possible values:
• 60
(default value): Neither encryption nor authentication
•
! ': WEP 40 bits
•
! ': WEP 104 bits
•
!" 2
: Only for Client Mode = " ;. WPA None
• Only for: !"#!$ Client Mode = 6
WPA
Preshared Key
Transmit Key
Only for Security Mode = ! '
Select one of the keys configured in WEP Key <1 - 4> as a default key.
The default value is $
, .
WEP Key 1 - 4
Only for Security Mode = ! ', ! '
Enter the WEP key.
Enter a character string with the right number of characters for
the selected WEP mode. For ! ' you need a character
string with 5 characters, for ! ' with 13 characters, e.g.
for ! ', #-
% for ! '.
WPA Mode
Only for Security Mode = !"#!$
Select whether you want to use WPA or WPA 2.
Possible values:
Preshared Key
•
!" (default value): Only WPA is used.
•
!" : Only WPA2 is used.
Only for Security Mode = !"#!$
Enter the WPA password.
bintec WLAN and Industrial WLAN
175
10 Wireless LAN
Teldat GmbH
Field
Description
Enter an ASCII string with 8 - 63 characters.
WPA Cipher
Only for Security Mode = !"#!$ and WPA Mode = !"
Select which encryption method should be used.
Possible values:
• /$6! (default value): Temporal Key Integrity Protocol
• ": Advanced Encryption Standard.
Both encryption methods are rated as secure, with AES offering
better performance.
WPA2 Cipher
Only for Security Mode = !"#!$ and WPA Mode = !" Select which encryption method is to be used.
Possible values:
• " (default value): Advanced Encryption Standard.
• /$6! : Temporal Key Integrity Protocol
Both encryption methods are rated as secure, with AES offering
better performance.
10.1.4.2 Client Link Scan
After the desired Client Links have been configured, the
icon is shown in the list.
You use this icon to open the Scan menu.
Fig. 75: Wireless LAN ->WLAN->Client Link->Scan
176
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
After successful scanning, a selection of potential scan partners is displayed in the scan
list. In the Action column, click Select to connect the local clients with this client. If the
partners are connected with one another, the
icon appears in the Connected column.
The
icon appears in the Connected column if the connection is active.
The Wireless LAN->WLAN->Client Link->Scan menu consists of the following fields:
Fields in the Scan menu.
Field
Description
Client Link Description Displays the name of the client link you configured.
Action
Start the scan by clicking on Scan.
If the antennas are installed correctly on both sides and LOS is
free, the client finds available clients and displays them in the
following list.
If the partner client cannot be found, check the line of sight and
the antenna installation. Then carry out the Scan. The partner
should then be found.
AP MAC Address
Shows the MAC address of the remote client.
Network Name (SSID)
Displays the name of the remote client.
Channel
Shows the Channel used.
Mode
Shows the security mode (encryption and authentication) for the
wireless network.
Signal
Displays the signal strength of the detected client link in dBm.
Connected
Displays the status of the link on your client.
Action
You can change the status of the client link. The available actions are displayed in this field.
10.1.5 Bridge Links
Not available with W1003n, W2003n, W2003n-ext and W2004n.
If you're operating your device in Bridge mode (Wireless LAN->WLAN->Radio Settings->
->Operation Mode = *
), you can Edit or create the desired Bridge Links in the
menu Wireless LAN->WLAN->Bridge Links->
->New.
With the bridge function, you can make a Teldat wireless connection between one or more
other devices. The range of these wireless connections can be several kilometres, depend-
bintec WLAN and Industrial WLAN
177
10 Wireless LAN
Teldat GmbH
ing on the antennas used.
Note
Always use the antennas and antenna cables supplied with the equipment to prevent
unintentional violations of the applicable law. If you have special requirements, e.g. regarding cable lengths, please contact your dealer or Teldat GmbH.
Bridges are generally used to interconnect various LAN segments at Layer 2 of the OSI
7-layer model. The special feature of Teldat bridges is that the distances between these
segments can be several kilometres, without the necessity for a cable for these ranges.
If you operate a wireless port in Bridge mode, this can only be used for a bridge link. This
means:
• The port has no network name.
• Wireless clients cannot log in (associate) to this port.
• There is no node table for this port (as there are no clients).
• There is no Access Control List (ACL) for this port.
This port will only connect to the partner bridge port you have configured and also only accept connections from this port.
The Teldat bridges have transmission rates far above the possibilities of the ISDN S0,
ISDN S2M or ADSL. The high-speed bridge even surpasses standard Ethernet (10BaseT,
10Base2, 10Base5).
Caution
Never connect two bridges that have set up a connection to each other with radio to
the same LAN segment. This leads to unavoidable overloading of your network and
stops all network traffic.
Some of the possible network topologies are described here to give you an overview of the
options available when you use Teldat bridges.
178
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 76: Point-to-point topology
Fig. 77: Point-to-multipoint topology
bintec WLAN and Industrial WLAN
179
10 Wireless LAN
Teldat GmbH
Fig. 78: Wireless backbone
Fig. 79: Wireless bridge with connection of wireless clients
To be able to set up a wireless link to Teldat bridges, an uninterrupted view must exist
between the antennas at both ends. This is called a line of sight, abbreviated to LOS.
The term line of sight does not just mean a straight line of vision between the two antennas, but a kind of tunnel, which must not be disturbed by obstacles. This tunnel is called
the 1st Fresnel zone. The Fresnel zone has the shape of an ellipse rotated around its lon-
180
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
gitudinal axis. At least 60 % of the 1st Fresnel zone must remain free of obstacles. The radius (or the small semi-axis) depends on the frequency used and the distance between the
antennas.
Fig. 80: 1. Fresnel zone
Example: Radius of 1st Fresnel zone as a function of distance from transmit antenna for
antenna separation of 5 km at 2.45 GHz.
Example 1
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
0,250
5,4
4,2
0,500
7,4
5,7
0,750
8,8
6,8
1,000
9,9
7,7
1,250
10,7
8,3
1,500
11,3
8,8
1,750
11,8
9,1
2,000
12,1
9,4
2,250
12,3
9,5
2,500
12,4
9,6
2,750
12,3
9,5
3,000
12,1
9,4
3,250
11,8
9,1
3,500
11,3
8,8
3,750
10,7
8,3
4,000
9,9
7,7
4,250
8,8
6,8
bintec WLAN and Industrial WLAN
181
10 Wireless LAN
Teldat GmbH
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
4,500
7,4
5,7
4,750
5,4
4,2
Example: Radius of 1st Fresnel zone as a function of distance to the transmit antenna for a
distance of 700 m at 2.45 GHz.
Example 2
Distance from transmit an- Radius of 1st Fresnel zone Radius at 60 % of
tenna (km)
(m)
1st Fresnel zone (m)
100
1,6
1,25
200
2,1
1,6
300
2,3
1,75
400
2,3
1,75
500
2,
1,6
600
1,6
1,25
Note
When setting up a bridge link, make sure that no obstacles or trees protrude into the
Fresnel zone. If obstacles exist, the transmission rate will drop and the path may eventually fail.
It is not essential to consider the LOS for short distances inside buildings, as the radius
of the Fresnel zone will be very small here.
If you meet these requirements, the link can be set up and maintained without further
limitations. A special feature of links with Teldat bridges is that they are completely unaffected by weather conditions.
Note
For a bridge path, always use the marked antenna connection. This is the device's
primary connection.
182
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 81: Antenna connection
A label containing details of the two antennas is located on the back of the device. The
primary antenna is designated Ant 1.
10.1.5.1 Edit or New
Choose the
icon to edit existing entries. Choose the New button to configure additional
Bridge links.
Fig. 82: Wireless LAN ->WLAN->Bridge Links->
The Wireless LAN->WLAN->Bridge Links->
->New
->New menu consists of the following
fields:
Fields in the Basic Parameters menu.
Field
Description
Bridge Link Description
Enter a name for the bridge link.
If the +
option is activated, the automatically generated name of the interface is used.
If the option is not activated, you can enter a suitable name in
bintec WLAN and Industrial WLAN
183
10 Wireless LAN
Teldat GmbH
Field
Description
the input field.
Option +
is active by default.
Remote Configuration
Select whether setup of a bridge link from a remote bridge is to
be permitted.
Possible values:
• "-
(default value): It is possible to set up a bridge link
from a remote bridge.
• 7
: It is not possible to set up a bridge link from a remote bridge.
Fields in the Bridge Security Settings menu.
Field
Description
Privacy
Select whether an encryption method is to be used for this
bridge link and if so, which one.
Possible values:
• /$6! (default value): Temporal Key Integrity Protocol.
• ": Advanced Encryption Standard.
Both encryption methods are rated as secure, with AES offering
better performance.
Preshared Key
Enter the password for this bridge link. You can also obtain the
preshared key automatically.
Fields in the Remote Partner menu.
Field
Description
Remote MAC Address
Enter the MAC address of the bridge link partner.
10.1.5.2 Bridge Links Scan
After the desired Bridge Links have been configured, the
icon is shown in the list.
You use this icon to open the Automatic Bridge Link Configuration menu.
184
bintec WLAN and Industrial WLAN
10 Wireless LAN
Teldat GmbH
Fig. 83: Wireless LAN ->WLAN->Bridge Links->Automatic Bridge Link Configuration
After successful scanning, a selection of potential bridge partners is displayed in the scan
list. In the Action column, click Select to connect the local bridge with this bridge. If the
icon appears in the Connected column.
partners are connected with one another, the
The
icon appears in the Connected column if the connection is active.
The Wireless LAN->WLAN->Bridge Links->Automatic Bridge Link Configuration
menu consists of the following fields:
Fields in the Automatic Bridge Link Configuration menu.
Field
Description
Bridge Link Description
Displays the name of the bridge link you configured.
Max. Scan Duration
Enter the maximum time in seconds for the scan.
Possible values are to .
The default value is .
Action
Start the scan by clicking on Scan.
If the antennas are installed correctly on both sides and LOS is
free, the bridge finds available bridges and displays them in the
following list.
If the partner bridge cannot be found, check the line of sight and
the antenna installation. Then carry out the Scan. The partner
should then be found.
Remote Link Description
Displays the name of the bridge link configured on the remote
bridge.
Remote Device Name
Displays the name of the remote bridge.
Signal dBm
Displays the signal strength of the detected bridge link.
bintec WLAN and Industrial WLAN
185
10 Wireless LAN
Teldat GmbH
Field
Description
Remote MAC Address
Shows the MAC address of the remote bridge.
Remote link enabled
Displays the status of the link on the remote bridge.
Connected
Displays the status of the link on your bridge.
Action
You can change the status of the bridge link. The available actions are displayed in this field.
10.2 Administration
The Wireless LAN->Administration menu contains basic settings for operating your gateway as an access point (AP).
10.2.1 Basic Settings
Fig. 84: Wireless LAN ->Administration ->Basic Settings
The Wireless LAN->Administration->Basic Settingsmenu consists of the following
fields:
Fields in the WLAN Administration menu.
Field
Description
Region
Select the country in which the access point is to be run.
Possible values are all the countries configured on the device's
wireless module.
The range of channels available for selection (Channel in the
Wireless LAN->WLAN->Radio Settings menu) changes depending on the country setting.
The default value is 1
,.
186
bintec WLAN and Industrial WLAN
Download PDF
Similar pages