JACE-8000 WiFi Guide

Technical Document
JACE-8000 WiFi Guide
December 2, 2015
JACE-8000 WiFi Guide
Tridium, Inc.
3951 Westerre Parkway, Suite 350
Richmond, Virginia 23233
U.S.A.
Confidentiality
The information contained in this document is confidential information of Tridium, Inc., a Delaware corporation (“Tridium”). Such information and the software described herein, is furnished under a license agreement
and may be used only in accordance with that agreement.
The information contained in this document is provided solely for use by Tridium employees, licensees, and
system owners; and, except as permitted under the below copyright notice, is not to be released to, or reproduced for, anyone else.
While every effort has been made to assure the accuracy of this document, Tridium is not responsible for
damages of any kind, including without limitation consequential damages, arising from the application of the
information contained herein. Information and specifications published here are current as of the date of this
publication and are subject to change without notice. The latest product specifications can be found by contacting our corporate headquarters, Richmond, Virginia.
Trademark notice
BACnet and ASHRAE are registered trademarks of American Society of Heating, Refrigerating and Air-Conditioning Engineers. Microsoft, Excel, Internet Explorer, Windows, Windows Vista, Windows Server, and SQL
Server are registered trademarks of Microsoft Corporation. Oracle and Java are registered trademarks of
Oracle and/or its affiliates. Mozilla and Firefox are trademarks of the Mozilla Foundation. Echelon, LON, LonMark, LonTalk, and LonWorks are registered trademarks of Echelon Corporation. Tridium, JACE, Niagara
Framework, NiagaraAX Framework, and Sedona Framework are registered trademarks, and Workbench,
WorkPlaceAX, and AXSupervisor, are trademarks of Tridium Inc. All other product names and services mentioned in this publication that is known to be trademarks, registered trademarks, or service marks are the
property of their respective owners.
Copyright and patent notice
This document may be copied by parties who are authorized to distribute Tridium products in connection
with distribution of those products, subject to the contracts that authorize such distribution. It may not otherwise, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine-readable form without prior written consent from Tridium, Inc.
Copyright © 2015 Tridium, Inc. All rights reserved.
The product(s) described herein may be covered by one or more U.S. or foreign patents of Tridium.
Contents
About this guide .................................................................................................5
Document change log ................................................................................5
Related documentation ..............................................................................5
Chapter 1 Overview .........................................................................................7
WiFi Specifications .....................................................................................7
Chapter 2 Common Tasks .................................................................................9
Configuring WiFi Access Point mode...........................................................9
Configuring WiFi Client mode...................................................................11
Switching WiFi modes ..............................................................................11
Adding a new wireless network.................................................................12
Editing a wireless network ........................................................................12
Restarting the WiFi adapter after Inactivity Timeout shutdown...................12
Chapter 3 Reference.......................................................................................15
Secure storage and the SD card ................................................................15
WiFi Switch details ...................................................................................15
WiFi Configuration view ...........................................................................16
Client Mode tab .............................................................................20
Access Point Mode tab ...................................................................22
Supported WiFi configurations .................................................................24
WiFi Access Point for local tool connections ....................................24
WiFi Access Point for field bus device integration ............................25
WiFi Client .....................................................................................26
Glossary ............................................................................................................29
Index.................................................................................................................31
December 2, 2015
3
Contents
4
JACE-8000 WiFi Guide
December 2, 2015
About this guide
This document provides basic information about the Niagara JACE-8000 WiFi option. Included are descriptions of the WiFi overview, requirements for WiFi support, operation notes for the JACE WiFi and configuration instructions.
This guide is intended for developers, systems engineers, and facility managers.
Document change log
•
Updated: December 2, 2015
In the Specifications topic added a list of supported channels and unsupported DFS channels. Also in
Specifications, added a note on unsupported security protocols: WPA2–enterprise, WEP, or no
authentication.
In the Configuring WiFi Client mode topic, added a paragraph prior to step 1, explaining the DFS
restriction.
In the supported WiFi configurations section on WiFi Client, added a note on the DFS restriction.
•
Updated: November 12, 2015
Added a new task to the guide: “Restarting the WiFi adapter after Inactivity Timeout shutdown”. Also
edited wording in the 1st note in the “WiFi Switch details” topic to include Inactivity Timeout shutdown.
•
Updated: November 5, 2015
Added prerequisite that the JACE be licensed and commissioned to each of the Configuring WiFi tasks.
•
Initial draft document: October 23, 2015.
Related documentation
•
JACE-8000 Install and Startup Guide
•
JACE-8000 Backup and Restore Guide
•
Niagara 4 Platform Guide
December 2, 2015
5
JACE-8000 WiFi Guide
6
December 2, 2015
Chapter 1
Overview
Topics covered in this chapter
♦ WiFi Specifications
The JACE-8000 platform features an integrated IEEE 802.11 module for enabling wireless Ethernet communications to or from the platform. Both Client mode and Access Point mode are supported. However, the
unit cannot perform in both modes simultaneously.
Disabled by default from the factory, you can also disable the WiFi feature either via the WiFi Selector Switch
on the enclosure or remotely via platform WiFi configuration view. The initial WiFi setup requires Workbench
or serial connectivity. The process of enabling WiFi varies slightly depending on the country the unit is
shipped to. When enabled, you can configure the unit as a client to an already established IEEE 802.11 access point and network, or as an access point to establish a new network.
The WiFi feature adds a new platform view, the W i F i C o n f i g u r a t i o n view for a JACE-8000 platform (the only
current Niagara 4 platform supporting WiFi). In addition, the JACE-8000 command line system console has
a C o n f i g u r e W i F i option which you can use to initially configure WiFi, although this provides only a subset
of the configuration parameters that are available via the platform view.
N O T E : For beta release, if the country code is not already set in the unit a configuration step is required to
set it. For US models, the country code is pre-configured at the factory. Additional changes to the implementation are expected in order to allow for multiple SKUs (stock keeping units) needed to accommodate differing WiFi regulations in various world regions and regulatory domains. Those SKUs will be determined for the
release version of the JACE-8000.
WiFi Specifications
The WiFi option can be enabled and configured to attach as a Client (CLT) to an already established IEEE
802.11 access point and network, or configured as an Access Point (ACC) to establish a new network.
•
Supports IEEE 802.11a/b/g/n networks
•
Configurable radio (OFF, ACC, CLT)
•
Supports WPA-PSK, WPA2-PSK security protocols
N O T E : The JACE-8000 does not support enterprise-level authentication (such as WPA2-enterprise),
WEP authentication, or using no authentication at all.
•
Supports 2.4 or 5.8 GHz frequencies
– 2.4 GHz channels: 1–11
– 5.8 GHz channels: 36, 40, 44, 48,149, 153, 157, 161, and 165.
N O T E : The following Dynamic Frequency Selection (DFS) channels in the 5 GHz range are not supported: 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140.
•
Single dual band 2.4/5.8 GHz antenna. The antenna may be remotely located using an extension cable.
December 2, 2015
7
Chapter 1 Overview
8
JACE-8000 WiFi Guide
December 2, 2015
Chapter 2
Common Tasks
Topics covered in this chapter
♦ Configuring WiFi Access Point mode
♦ Configuring WiFi Client mode
♦ Switching WiFi modes
♦ Adding a new wireless network
♦ Editing a wireless network
♦ Restarting the WiFi adapter after Inactivity Timeout shutdown
The following procedures describe how to configure the JACE-8000 WiFi adapter for Access Point mode or
for Client mode.
You can configure WiFi communications using the platform W i F i C o n f i g u r a t i o n view.
Configuring WiFi Access Point mode
This procedure describes the steps to configure the JACE-8000 WiFi subsystem to run in Access Point mode.
This configuration can be used either as a network for WiFi enabled field bus devices, or to provide browser
or Workbench access to local tools.
P re re q u i s i t e s :
•
JACE is licensed and commissioned
•
Platform connection to the JACE
•
WiFi Selector Switch in the Off (center) position
N O T E : The WiFi subsystem must be "stopped" before any WiFi process can be started.
Step 1
Click the A c c e s s P o i n t M o d e tab and if desired, modify the Adapter IPv4 Address and/or
Adapter IPv4 Netmask values.
This sets the address that a client uses to make an IP connection to this unit over WiFi while the unit
is functioning as an access point.
N O T E : The IP address and subnet must not conflict with IP addresses used for wired Ethernet
connections.
Step 2
In the A c c e s s P o i n t C o n f i g area, in the SSID field enter a name for this access point. Best practice
is to replace the default name with a unique, meaningful network name.
a. Click the Broadcast SSID checkbox o n l y if configuring the Access Point for field bus devices
so that the devices can detect the access point signal and connect as needed. Otherwise, for security purposes do not click the checkbox.
Step 3
Enter a Passkey for the unit.
This sets a password that a client must enter to connect to this network.
Step 4
Click the Wpa Mode dropdown list and select the preferred mode. WPA WPA2 (default) will accommodate most devices.
Step 5
Click the Key Management Algorithms dropdown list and select an encryption algorithm appropriate for the devices connecting to this network.
Step 6
Click the Pairwise Cipher Suites dropdown list and select an encryption suite appropriate for
the devices connecting to this network.
Step 7
In the Inactivity Timeout field, enter the desired value (minutes).
December 2, 2015
9
Chapter 2 Common Tasks
JACE-8000 WiFi Guide
This sets a limit on the amount of time a client connection can be inactive. On reaching the timeout
limit, the WiFi adapter is shutdown completely. To restart it you must move the WiFi Selector
Switch on the unit to “OFF”. Once the WiFi Current State shows “Stopped”, move the WiFi Selector Switch back to “ACC”.
N O T E : If the intended WiFi usage is for tool connectivity, then set this value to some small number
of minutes. If the intended WiFi usage is for field bus integration, then set this value to “0” to disable the Timeout functionality.
C A U T I O N : An Access Point represents a potential target for cyber attack. Leaving the Access
Point disabled by default is a recommended security best practice.
Step 8
To configure a Whitelist, click the E n a b l e W h i t e l i s t checkbox and then click the W h i t e l i s t button to enter MAC addresses that will be permitted to join the network (up to 16 addresses ).
A “whitelist” is an inventory of known MAC addresses that are permitted (or denied) access to the
WiFi access point, functioning as an added layer of protection for the WiFi network. The format is
six HEX addresses separated by a colon, for example: 08:00:69:E2:01:FE
Step 9
To configure Mode and Channel properties, click the C o n f i g C h a n n e l button and select from the
following:
N O T E : If not pre-configured, then you must set the Country Code. For US models, the country
code is pre-configured at the factory.
a. Click the C o u n t y C o d e dropdown list and select the appropriate two-digit country code.
C A U T I O N : Configuring a County Code is a permanent change to the unit that cannot be
altered.
b. Click the R a d i o M o d e dropdown list and select an appropriate 802.11 type for the devices connecting to the network.
c. Click the B a n d w i d t h dropdown list and select the preferred frequency band. The HT20 HT40
(default) option accommodates most devices.
d. Click the C h a n n e l dropdown list and select the least congested channel number for your
network.
Step 10 In the DHCP Server Settings pane, in the Client Range Low field, enter the lowest IP address
for the range.
N O T E : The adapter IP should be in the same subnet, but not in the range of addresses defined
here.
Step 11 In the Max Number of Clients Allowed field, enter the maximum number of WiFi clients that
can attach at a given time (maximum limit is 16).
N O T E : The WiFi adapter supports a maximum of 3 user interface devices such as, a laptop, PC, or
WiFi phone, at a given time. However, this limit is not enforced.
Step 12 Click S a v e .
N O T E : The saved configuration changes take effect the next time WiFi is started.
Step 13 In the platform W i F i C o n f i g u r a t i o n view, click on the W i F i E n a b l e d dropdown list and select
True.
Step 14 Move the WiFi Selector Switch on the controller to the A C C (left) position to start the WiFi
adapter.
The WiFi subsystem is enabled in Access Point mode. In the W i F i C o n f i g u r a t i o n view, the Current WiFi
State field should reflect only the states that are valid for access point mode, such as SAP starting, SAP
running.
10
December 2, 2015
JACE-8000 WiFi Guide
Chapter 2 Common Tasks
N O T E : For beta release, if the country code is not already set for the unit a configuration step is required to
set it. For US models, the country code is pre-configured at the factory. Additional changes to the implementation are expected in order to allow for multiple SKUs (stock keeping units) needed to accommodate differing WiFi regulations in various world regions and regulatory domains. Those SKUs will be determined for the
release version of the JACE-8000.
Configuring WiFi Client mode
This procedure describes the steps to configure the JACE-8000 WiFi subsystem to run in Client Mode.
P re re q u i s i t e s :
•
JACE is licensed and commissioned
•
Platform connection to the JACE
•
WiFi Selector Switch on the unit is in the Off (center) position
•
TCP/IP Configuration does not have DHCP Enabled (checked) on any adapter
N O T E : The WiFi subsystem must be "stopped" before any WiFi process can be started.
For JACE-8000 units deployed in the U.S. (and in countries that accept U.S. certification) an important consideration is determining whether or not the access point that the JACE will connect to is using Dynamic Frequency Selection (DFS). The JACE cannot connect to an access point that uses DFS channels in the 5 GHz
range. The unsupported channels are listed here: 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140.
Step 1
In the platform W i F i C o n f i g u r a t i o n view, click the W i F i E n a b l e d dropdown list and select True.
The Wireless State pane displays read only values for the WiFi attach state, client adapter name, client MAC address and DHCP address as well as last access point.
C A U T I O N : If the Default Gateway Switching property is enabled (checked) when connecting to a
third party access point (such as Cisco), the gateway changes to whatever is provided by the access
point’s configuration and this will conflict with your wired LAN settings. Note, this situation does
not occur when connecting to a JACE-8000 access point.
Step 2
In the Discovered Networks pane, click D i s c o v e r to identify available networks.
Step 3
Select the SSID for the network that you want to connect to and click the A d d button (or right-click
the SSID and click A d d ).
Step 4
In the A d d a W i r e l e s s N e t w o r k dialog, enter values for the following parameters:
• Priority (0–9) to indicate which access point to try first. If all added networks have the same
priority the client chooses the strongest signal.
• Network Key (Passkey) needed to connect to the access point.
Step 5
In the Network Database pane, select the added network and click C o n n e c t .
Step 6
Move the WiFi Selector Switch on the unit to the C LT (right) position.
In the platform W i F i C o n f i g u r a t i o n view, the value for the WiFi Switch Position changes to
Client.
WiFi subsystem is now running in Client mode and connected to the selected network. The Current WiFi
State field should reflect only the states that are valid for client mode. For example, ”Scanning”, “Supplicant Running”.
Switching WiFi modes
Switching from one WiFi mode to another is done only with the WiFi configuration switch on the JACE
enclosure.
When switching modes, always move the switch to “Off” (center), then wait for the WiFi subsystem to shutdown (less than one minute). Once WiFi is stopped, the JACE can be switched to another mode.
December 2, 2015
11
Chapter 2 Common Tasks
JACE-8000 WiFi Guide
N O T E : You can switch modes without first opening the platform configuration view, provided you have already configured WiFi for the JACE. For example, if you want to turn the WiFi Access Point on or off, you
might walk up to the unit and change the switch position without opening the platform configuration view.
Step 1
On the JACE enclosure, move the WiFi switch to the Off (center) position.
If you have the platform W i F i C o n f i g u r a t i o n view open, the WiFi Current State value changes
to Stopping.
Step 2
Wait while the WiFi subsystem shuts down.
In the platform W i F i C o n f i g u r a t i o n view, the WiFi Current State value changes to Stopped.
Also, the WiFi LED on top of the enclosure is off.
Step 3
On the enclosure, move the WiFi switch to:
•
ACC (left) position for Access Point mode
•
CLT (right) position for Client mode
Ad d ing a n ew w irel es s net w o rk
When the access point for a preferred network is not configured to broadcast its SSID, you can still add the
network to the WiFi Client configuration provided you know the necessary credentials to connect.
Prerequis ites :
• The SSID and Network Key (passkey) of the desired access point.
Step 1
In the Network Database pane of the Client Mode tab, click N e w.
Step 2
In the C r e a t e a N e w W i re l e s s N e t w o r k dialog, configure the following properties for the access
point and then click O K .
•
Enter the SSID for the access point
•
Enter a Priority for connecting to the access
•
Modify the default security options as needed
•
Enter the Network Key (passkey) for the access point
The new wireless network is added to the Network Database table.
Ed i ti ng a w ire les s ne tw o rk
In the Client mode configuration, you can edit connection properties for a previously accessed wireless network listed in the Network Database table.
Prerequis ites :
• WiFi Selector Switch in CLT position
• Previously configured WiFi network
Step 1
In the WiFi Configuration view, on the Client Mode tab, select a network listed in the Network Database pane and click E d i t .
Step 2
In the E d i t a W i re l e s s N e t w o r k dialog, modify values as needed.
N O T E : In this dialog the S h o w P a s s w o r d checkbox is activated once you edit the current Network Key value.
Restarting the WiFi adapter after Inactivity Timeout shutdown
To restart the WiFi adapter after an Inactivity Timeout shutdown, you must physically move the WiFi Selector
Switch. You cannot restart the adapter from the W i F i C o n f i g u r a t i o n View.
12
December 2, 2015
JACE-8000 WiFi Guide
Chapter 2 Common Tasks
P re re q u i s i t e s :
•
WiFi adapter is shutdown due to exceeding the amount of time configured for the Inactivity Timeout property.
N O T E : The WiFi Enabled setting in the W i F i C o n f i g u r a t i o n view cannot be used to re-enable WiFi on a
unit which has experienced an Inactivity Timeout. You must move the WiFi Selector Switch on the unit
to the “Off” position (as shown here) in order to reset the timeout.
Step 1
Move the WiFi Selector Switch on the enclosure from "ACC" to the “OFF" (center) position.
In the W i F i C o n f i g u r a t i o n view, the Current WiFi State transitions to "Stopped".
Step 2
Once “Stopped”, move the WiFi Selector Switch on the enclosure back to the "ACC" (left)
position.
Step 3
If disabled in the W i F i C o n f i g u r a t i o n view, click WiFi Enabled dropdown and select “true”.
The WiFi adapter is re-enabled in Access Point mode. In the W i F i C o n f i g u r a t i o n view, the Current WiFi
State field should show either “SAP starting” or “SAP running”.
December 2, 2015
13
Chapter 2 Common Tasks
14
JACE-8000 WiFi Guide
December 2, 2015
Chapter 3
Re feren ce
Topics covered in this chapter
♦ Secure storage and the SD card
♦ WiFi Switch details
♦ WiFi Configuration view
♦ Supported WiFi configurations
Sec ure s t or a g e a n d th e S D c a rd
On a JACE-8000, the SD card is the primary storage media for all data and configuration related to the Niagara installation. Since the SD card can be easily removed and the data duplicated, the sensitive data is encrypted when stored on the card. Files are stored in encrypted format, but decoded on the fly as they are
accessed.
Sensitive data includes the following:
•
Credentials for accessing a WiFi network
•
Niagara key material
•
Private key files
•
OS account credentials
The system is designed in a way that protects this data, while at the same time allowing you to move an SD
card from a unit that suffered a hardware failure to a new unit with minimal effort.
In this scenario, the SD card inserted into the replacement unit contains the system passphrase for the original unit, which does not match the one in the replacement unit. This results in the boot sequence failing due
to the passphrase mismatch (indicated by Stat LED flashing with a 50% duty cycle with a 1 second period).
You are then prompted to enter the system passphrase (for the original unit which is stored on the SD card)
via serial connection. You must first authenticate with platform credentials, before you can update the system password.
N O T E : Pre-configuring (via serial connection) the replacement JACE-8000 unit with a system passphrase
matching the one stored on the SD card (swapped out of the other unit) facilitates commissioning the replacement unit. In this situation, the commissioning process does not prompt for a passphrase since it detects a passphrase match.
WiFi Switch details
TheJACE-8000 enclosure has a 3-position slide switch, the WiFi Selector Switch, as shown here.
F ig ure 1
Antenna and switch location on enclosure
December 2, 2015
15
Chapter 3 Reference
JACE-8000 WiFi Guide
Use the WiFi Selector Switch on the enclosure to turn the WiFi subsystem on or completely off. Once you
set the switch to either Access Point or Client mode, the WiFi Enabled property in the platform W i F i C o n f i g u r a t i o n view allows you to enable or disable WiFi functionality.
N O T E : By design, the WiFi Enabled setting (in the platform W i F i C o n f i g u r a t i o n view) has no effect whenever the WiFi Selector Switch on the enclosure is in the O F F (center) position, or when the unit has experienced an Inactivity Timeout shutdown.
Switching from one WiFi mode to another is done only with the WiFi Selector Switch on the enclosure.
WiFi Selector Switch positions
• A C C (left position)
Starts the WiFi subsystem in Access Point mode if all of the following conditions are satisfied:
–
The switch is in the ACC position.
–
WiFi is enabled (via the platform W i F i C o n f i g u r a t i o n view in Workbench, or the system shell in
a JACE console window).
–
A country code is configured. For US models, the country code is pre-configured at the factory. For
other models, the county code must be set.
–
A valid configuration for the adapter IP, access point, and Dhcp server have been specified and saved
(either through Workbench via the platform W i F i C o n f i g u r a t i o n view or system shell menu).
N O T E : If not configured correctly, the access point mode attempts to start but fails to complete
successfully.
• O F F (center position)
The Off setting disables the WiFi subsystem, keeping it from starting. If already running, the Off setting
shuts down the WiFi subsystem. While the switch is in this position, neither client mode nor access point
mode can be started, even if enabled from within the Niagara platform W i F i C o n f i g u r a t i o n view.
• C LT (right position)
Starts the WiFi subsystem in Client mode if all of the following conditions are satisfied:
–
Switch is in the CLT position.
–
WiFi is enabled (from the platform W i F i C o n f i g u r a t i o n view in Workbench, or from the system shell
in a JACE console window).
–
The country code is configured. For US models, the country code is pre-configured at the factory. For
other models, the county code must be set.
–
If an available access point is specified and configured correctly in the Workbench view (or via system
shell menu), then the Client mode starts and attempts to connect to an access point.
NOTE:
If not configured correctly, or if out of range of the access point, then connection to that access point
fails.
WiFi Configuration view
The W i F i C o n f i g u r a t i o n view is the main view for configuring WiFi communications for a JACE-8000 platform (the only current Niagara 4 platform supporting WiFi). The view includes tabs for configuring the JACE
16
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
to run in both Client mode and Access Point mode. However, the unit cannot perform in both modes at the
same time.
S t a t e P ro p e r t i e s
WiFi State properties appear in the upper portion of the view.
Property
Value
Description
WiFi Enabled
true, false (default)
Selecting True, enables WiFi functionality.
N O T E : The WiFi Enabled setting in the W i F i C o n f i g u r a t i o n
view is ignored whenever the unit’s WiFi Selector Switch is in
the O F F (center) position.
WiFi Switch
Position
Access Point, Off,
Station
Read only value. Indicates the current position of the WiFi Selector Switch on the unit: Access Point = ACC (left position).
OFF (center position) turns the WiFi subsystem completely off.
Station = CLT (right position).
C u r re n t W i F i S t a t e s
General Current WiFi State values listed in the following table may occur when using either Client mode
or Access Point mode.
Current WiFi State
Value
Condition
Additional Notes
Stopping
WiFi processes are
stopping
This is the result of moving the 3-position switch from A C C or
C LT to O F F, or of toggling the "W
Wi f i E n a b l e d " control from
"true" to "false" in the platform WiFi Configuration view, or an
Access Point Inactivity Timeout. In the case of inactivity timeout, the next state will be "Inactivity Timeout" after WiFi is
stopped.
In all other cases, the next state will be "Stopped".
Stopped
WiFi drivers are
not loaded, and no
Client or Access
Point mode processes are running.
WiFi LED on top of unit should be off in this state.
The state must be "Stopped" before any WiFi process can be
started. This state can be entered from a "failed" state or
"stopping" state.
As a special case for Access Point mode, if "Inactivity Timeout"
is used AND inactivity timer is expired AND user moves the 3position switch from ACC position, then Stopped state can be
entered.
Failed
WiFi process (either Client or Access Point) was not
able to successfully
complete.
Usually indicates an invalid configuration. A "failed" state will
kick off an attempted shutdown of the WiFi processes and
drivers, after which the state should transition to "Stopped".
Client Mode WiFi states
The following current WiFi states are specific to Client mode.
December 2, 2015
17
Chapter 3 Reference
JACE-8000 WiFi Guide
Current WiFi State
Value
Condition
Additional Notes
Supplicant Running
The supplicant is
running, and loading the "Client
Mode" network
database to search
for an Access Point
to connect to.
After verification to ensure that no other adapter is using the
Dhcp.client service, the “tiw_sta0” adapter is started, an IP address is assigned, and the “wpa_supplicant” process is started;
the state will transition to the “Supplicant Running” state.
Sta Scanning
The Client mode
WiFi adapter is
looking for an Access Point to connect to by scanning
available
frequencies
This can happen if the WiFi network (ssid/password, etc) is not
configured correctly or is unavailable because the Access Point
is off or out of range.
Sta Trying to
Associate
A configured Access Point has
been located, and
the supplicant is
trying to associate
with the access
point.
If a whitelist is configured in the access point, the MAC address of this client adapter must pass the whitelist filters.
Sta Negotiating
The Client mode
supplicant is negotiating capabilities
and credentials
with the access
point
If successful, the next transition will be "Sta Running"
Sta Association
Success
The Client has successfully associated with an
Access Point
The Client and Access Point will begin a 4-way handshake
process to validate credentials and establish common security
protocol suites (see "Sta Negotiating")
Sta Disconnected
Normal state transition on Client
mode startup. It is
normal to see this
during Client mode
startup, but should
transition to other
states.
If no configured access points are available, will not progress
past this point. Every 15 seconds, the network database is reloaded, so configuration changes made during this state will
be picked up.
Sta Error:
Dhcp enabled on
another adapter
The Client Mode
could not be
started.
Client mode WiFi could not be started because another adapter is using Dhcp to get it's IP address.
Only one adapter is allowed to have a Dhcp assigned address,
and WiFi Client mode always uses Dhcp to get an address for
the client-mode adapter.
Access Point WiFi states
The following current WiFi states are specific to Access Point mode.
18
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
Current WiFi State
Value
Condition
Additional Notes
SAP Starting
Access Point processes are starting.
Access point mode
is enabed in the
WiFi Configurat i o n view, and the
3-position switch
on the unit is in the
"ACC" (left)
position.
Start WiFi driver which adds a “tiw_sap0” adapter, bring the
adapter up and assign an IP address to it, start Hostapd, and
start Dhcp server on the adapter. This state can only be entered from the "Stopped" state.
SAP Running
Adapter is up, IP
assigned, Hostapd
started, and Dhcp
server started on
the adapter.
Inactivity Timeout
In Access Point
mode, a non-zero
"Inactivity Timeout" has been configured, and for
the specified
amount of time the
adapter neither
sends nor receives
non-broadcast
packets to/from attached clients. The
adapter is shut
down in this state.
December 2, 2015
Inactivity timeout is only used in Access Point mode.
To restart the WiFi adapter after an Inactivity Timeout shutdown, you must physically move the WiFi selector switch from
"ACC" to "OFF" in order for the state to transition to
"Stopped". Once stopped, move the selector switch back to
"ACC".
19
Chapter 3 Reference
JACE-8000 WiFi Guide
Client Mode tab
Fi gu re 2
WiFi Configuration view, Client Mode tab
W i re l e s s S t a t e c o n f i g u r a t i o n p ro p e r t i e s
Properties listed in the following table appear in the Wireless State pane of the C l i e n t M o d e tab in the W i F i
C o n f i g u r a t i o n view.
Property
Value
Description
WiFi Attach State
Disconnected,
Connected
Read only value.
Client Adapter
tiw_sta[n]
Read only value. Client Adapter name appended with number
0 through the maximum number of clients configured for the
Access Point. For example: tiw_sta0, tiw_sta1, tiw_sta2,
etc.
20
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
Property
Value
Description
Client address
00:00:00:00:00:0
MAC address of the client device. Format is six HEX addresses
separated by a colon, for example: 08:00:69:E2:01:FE
Client address via
DHCP
unknown
Read only value.
Access Point
unknown, last access point
Read only value. “Unknown” indicates the unit has never connected to an access point. Otherwise, display the name of the
last access point the unit connected to.
Default Gateway
Switching
enabled, disabled
When enabled (checked), uses the gateway provided by the
Access Point.
C A U T I O N : When connecting to a third party access point
(such as Cisco), the gateway changes to whatever is provided
by the access point’s configuration and this will conflict with
your wired LAN settings. Note, this situation does not occur
when connecting to a JACE-8000 access point.
When disabled (not checked), keep the gateway as assigned in
T C P / I P C o n f i g u r a t i o n view.
Disco vered Network s ta bl e
Once the WiFi Selector Switch on the unit is in the CLT position, setting the WiFi Enabled property to “true”
activates the D i s c o v e r button.
Control buttons
Value
Description
Discover
Scans for WiFi signals, displays a list of discovered networks in
the table.
Add
Invokes the A d d a W i r e l e s s N e t w o r k dialog which allows you
to configure connection properties for the selected network.
Network Database table
List added WiFi networks.
Control buttons
Value
Description
Connect
Inactive (dimmed) until you select a network in the table to
connect to.
Disconnect
Inactive (dimmed) until the unit is currently connected to an access point.
Edit
Inactive (dimmed) until you select a network. Invokes the E d i t
a W i re l e s s N e t w o r k dialog which allows you to change configured connection priority and/or access point passkey.
New
Invokes the C r e a t e a N e w W i r e l e s s N e t w o r k dialog which allows you to configure access point properties and add the new
network to the Network Database table.
Remove
Inactive (dimmed) until you select a network to delete. Clicking
Remove invokes a confirmation dialog.
December 2, 2015
21
Chapter 3 Reference
JACE-8000 WiFi Guide
Access Point Mode tab
Fi gu re 3
WiFi Configuration view, Access Point Mode tab
General pane
Property
Value
Description
Adapter name
tiw_sap0 (default)
Read only value.
Adapter IPv4
Address
This sets the IP address of the WiFi adapter. A client uses this
to make an IP connection over WiFi while the unit is functioning as an Access Point.
Adapter IPv4
Netmask
This sets the netmask of the WiFi adapter.
22
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
Access Point Config pane
Type
Value
Description
Ssid
titan (default)
Service Set Identifier is a unique alphanumeric identifier. Sets
the name for this access point. Replace default name with a
unique, meaningful network name.
N O T E : It is important to change the default value to a unique
name to avoid having multiple units with the same SSID in a
particular area.
Broadcast SSID
enabled (default),
disabled
If enabled, periodically broadcasts WiFi signal so that devices
can detect and connect.
If disabled, the SSID is "hidden" and not discoverable, and a
client must be manually configured with the correct SSID which
matches the JACE's Ssid field above.
Passkey
Sets a password that a client must enter to connect to this network. Strong password required
Wpa Mode
WPA
WPA2
WPA WPA2
(default)
WiFi security protocols and security certification programs.
WPA WPA2 will accommodate most devices. Devices with older network cards may only work with WPA security.
Key Management
Algorithms
WPA-PSK (default)
WPA-EAP
WPA-PSK WPAEAP
Methods of authentication key distribution and the encryption
protocols that protect passwords via encryption using either a
pre-shared key and/or an authentication server.
Pairwise Cipher
Suites
TKIP
CCMP
TKIP CCMP
(default)
Encryption protocol options. TKIP CCMP will accommodate
most devices.
Inactivity Timeout
(minutes)
10 (default)
Sets a limit on the amount of time a client connection can be
inactive. On reaching the Timeout limit, the WiFi adapter is
shutdown completely. To restart it you must move the WiFi Selector Switch on the unit to “OFF”. Once the WiFi Current
State shows “Stopped”, move the WiFi Selector Switch back
to “ACC”.
NOTE: If the intended WiFi usage is for tool connectivity, then
set this value to some small number of minutes. If the intended
WiFi usage is for field bus integration, then set this value to
“0” to disable the Timeout functionality.
C A U T I O N : An Access Point represents a potential target for
cyber attack. Leaving the Access Point disabled by default is a
security best practice.
Enable Whitelist
December 2, 2015
disable (default),
enable
If enabled, only an address in the configured whitelist can connect. If disabled, connection to the access point is not limited
to a specific range of devices.
23
Chapter 3 Reference
Type
JACE-8000 WiFi Guide
Value
Whitelist
Mode and Channel
Description
Allows you to configure the access point with a range of device
MAC addresses that can connect.
Country code: two
digit code
Radio mode:
802.11a/b/g/n
Bandwidth: HT20,
HT40, HT20 HT40
Channel number:
(number of channel
options depends
on selected radio
mode)
Once it is configured, County Code is a read only value.
The C o n f i g C h a n n e l button invokes the C o n f i g u re M o d e
a n d C h a n n e l dialog, which you can use to modify radio mode,
bandwidth, and channel selections.
C A U T I O N : Configuring a County Code is a permanent
change to the unit that cannot be altered.
Dhcp Server Settings pane
Type
Value
Description
Default Lease Time
21600 (default)
Fixed duration (in seconds) for a DHCP IP address lease, before it expires the lease must be renewed.
Max Lease Time
43200 (default)
Maximum duration (in seconds) for a DHCP IP address lease.
Subnet
The subnet of IP addresses assigned by the DHCP server.
Netmask
The Netmask of IP addresses assigned by the DHCP Server.
Client Range Low
Lowest IP address for the range. The order of assigning IPs
from the Access Point DHCP is indeterminate.
N O T E : The adapter IP should be in the same subnet, but not
in the range of addresses defined here.
Max Number of
Clients
11 (default)
Maximum number of WiFi clients that can attach at a given
time (maximum limit is 16)
Supported WiFi configurations
WiFi client and access point modes add support for a number of new network configurations. Supported
network configurations are described in the following examples.
N O T E : Although other network configurations may exist they are not necessarily supported.
The JACE-8000 controller does not support IP routing between any combination of Ethernet and WiFi ports.
The controller will not forward IP packets from LAN1 to LAN2, LAN1 to WiFi, WiFi to LAN2, etc. If an installation requires IP routing between WiFi and Ethernet ports, it may be configured using standard IT networking infrastructure components.
In the following figures, different networks are represented by thick gray lines. The JACE-8000 does not
route traffic between different networks. Data may be shared at the application level.
WiFi Access Point for local tool connections
In this configuration, the JACE-8000 Access Point feature is turned on temporarily to provide a browser or
Workbench with access to the platform and/or station running on the unit. The Access Point may support 3
or more simultaneous tool connections.
24
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
When configured for Access Point mode, tools such as laptops and mobile devices can connect to the WiFi
adapter and access all features available over a wired Ethernet connection. For example, a tablet device can
view web pages, or a laptop running Workbench can upgrade software.
C A U T I O N : An Access Point represents a potential target for cyber attack. Leaving the Access Point disabled by default is a recommended security best practice.
When used for connecting tools, the WiFi may be left in disabled mode, then switch on (via physical switch)
only when a user needs access to the unit. Additionally, a timeout period can be configured to disable the
AP mode after a certain period of inactivity. On reaching this timeout limit, the WiFi adapter is shutdown
completely. To restart it you must move the WiFi Selector Switch on the unit to “OFF”. Once the WiFi Current State shows “Stopped”, move the WiFi Selector Switch back to “ACC”.
F ig ure 4
JACE–8000 WiFi Access Point for local tools
1. Workbench B
2. Supervisor
3. Workbench A
4. Tablet A
5. JACE-8000 WiFi Access Point
In the above figure,
•
Workbench A and Tablet A can access both the station and the platform on the controller.
•
Workbench A and Tablet A cannot access the Supervisor since it is on a different network.
•
Workbench B and Supervisor can access the station and the platform on the controller via the wired
Ethernet connection.
WiFi Access Point for field bus device integration
In this configuration, the JACE-8000 Access Point feature is turned on permanently in order to provide a network for WiFi enabled field bus devices, such as actuators, sensors, thermostats, etc. This Access Point can
also be used by other JACE-8000 units that are configured for WiFi Client mode.
December 2, 2015
25
Chapter 3 Reference
JACE-8000 WiFi Guide
Both field bus devices and tools (laptop/mobile devices) can connect via the Access Point. Up to 16 devices
are supported. However, if the maximum limit of 16 devices are connected then no tool access would be
available.
In this configuration, the Access Point must always remain enabled so that tools and field bus devices can
connect.
Fi gu re 5
JACE–8000 WiFi Access Point for WiFi Field Bus
1. Workbench B
2. Supervisor
3. JACE-8000 WiFi Access Point
4. Workbench A
5. WiFi Field Bus Device A
6. WiFi Field Bus Device B
7. WiFi Field Bus Device C
In the above figure,
• Workbench A can access the controller. Also, the laptop can directly access WiFi field bus devices A, B
and C using appropriate software. If the field bus devices are other JACE-8000 Clients, then Workbench
A can also directly access.
• Workbench B and the Supervisor can access controller via the wired link, but do not have direct access to
WiFi field bus devices.
• Additionally, JACE-8000 applications can read/write data from both networks.
WiFi Client
In this configuration, the JACE-8000 functions as a WiFi Client using an existing IT WiFi access point to gain
access to a network. Also, one of the Ethernet ports on the JACE is used to connect some Ethernet-based
field bus devices.
26
December 2, 2015
JACE-8000 WiFi Guide
Chapter 3 Reference
N O T E : JACE-8000 units deployed in the U.S. (and in countries that accept U.S. certification) and configured
for Client mode cannot connect to an access point that uses Dynamic Frequency Selection (DFS) channels in
the 5 GHz range. Unsupported DFS channels are listed here: 52, 56, 60, 64, 100, 104, 108, 112, 116, 132,
136, 140.
F ig ure 6
JACE–8000 as a WiFi Client
1. Workbench B
2. Supervisor
3. Tablet A
4. Workbench A
5. JACE-8000 WiFi Client
6. Ethernet Field Bus Device A
7. Ethernet Field Bus Device B
In the above figure,
•
Workbench A, Tablet A, Workbench B and the Supervisor can all connect to the JACE using the IT networking infrastructure.
All traffic not on the local subnet will be routed through the default gateway on the JACE. This includes
any broadcast traffic (Discovery) from the JACE. This means that if gateway switching is "enabled" on
the JACE AND the Access Point provides a new default route in its configuration response to the JACE,
then all non-local network traffic and broadcasts will be routed to the Access Point and not to the field
bus Ethernet when the JACE is attached to the WiFi network. It also means that the supervisor should be
able to "discover and learn" the JACE.
Conversely, if switching is disabled, the default gateway will stay pointing at the default gateway in the
TCP/IP configuration of the JACE, regardless of any default route provided by the Access Point. This
means that the supervisor/Workbench's need to be on the same subnet as the JACE, and any "discovery
or learning" (which requires broadcasts and/or responses to broadcasts by the JACE) will not be possible
because all the responses will be sent to the field bus network (which is still the default gateway).
N O T E : Although discovery (broadcast) will not work, you can still add devices manually.
•
The JACE can communicate with field bus devices.
December 2, 2015
27
Chapter 3 Reference
JACE-8000 WiFi Guide
• Other devices on the IT network cannot connect directly to the field bus devices, since they are on a separate network.
28
December 2, 2015
Glossary
access point
In a wireless local area network (WLAN), a wireless access point (WAP) is a
hardware device, such as the JACE-8000, that allows wireless devices to connect to a wired network using WiFi, or related standards. WAPs feature radio
transmitters and antennae, which facilitate connectivity between devices and
the Internet or a network.
client
A wireless client is a device that has the capability to use the 802.11 protocol.
For example, a client may be a hardware device such as a JACE-8000, a laptop,
a PC, or WiFi phone. A client may be fixed, mobile or portable. Generally in
wireless networking terminology, a station, wireless client and node are often
used interchangeably.
EAP
EAP (Extensible Authentication Protocol) is an enterprise level authentication
protocol that requires an authentication server. This is an additional security
layer providing protection against attacks on passwords.
IEEE 802.1x
An IEEE (Institute of Electrical and Electronics Engineers) standard for Portbased Network Access Control (PNAC) that is part of the IEEE 802.1 group of
networking protocols. It provides an authentication mechanism for devices
seeking to attach to a LAN or WLAN.
PSK
Referred to as WPA-PSK (WiFi protected access-pre-shared key) mode, is a
method of authentication key distribution.
SAP
In the context of the JACE-8000 access point mode of operation, the term SAP
is synonymous with "access point", "host mode", or “hostapd”. In this context,
the terms may be used interchangeably.
STA
In the context of the JACE-8000 client mode of operation, the term STA is synonymous with "client", "station", "station mode", or "wpa_supplicant". In this
context, these terms may be used interchangeably.
TKIP
TKIP (Temporal Key Integrity Protocol) is an encryption protocol.
The RC4 stream cipher is used with a 128-bit per-packet key, dynamically generates a new key for each packet. Used by WPA.
TLS
Transport Layer Security is a cryptographic protocol that provides communication security over the Internet.
SSID
SSID (Service Set Identifier), an alphanumeric string (up to 32 characters), is a
unique identifier for a specific WiFi access point. The SSID differentiates one
WLAN from another. If the access point is configured to periodically broadcast
its SSID, the wireless devices that are within range can detect the network and
connect to it. When broadcasting is disabled, a wireless client must be configured with the network's SSID in order to connect to it.
WiFi
Any “wireless local area network” (WLAN) product based on the Institute of
Electrical and Electronics Engineers' (IEEE) 802.11 standards. Many different
types of devices use WiFi to connect to a network resource, such as the Internet, via a wireless network access point (or hotspot) which covers a certain
range. WiFi can be less secure than wired connections since it does not require
a physical connection. Because of this WiFi has adopted various encryption technologies. The Titan platform on Niagara 4.1 (and later) supports WiFi.
JACE-8000 WiFi Guide
Whitelist
A layer of protection that can be added to a WiFi network. An IP address can
be re-assigned to any device but a MAC address is hard-coded to the device.
A MAC whitelist is an inventory of known MAC addresses that are permitted
access to the WiFi access point.
WPA WPA2
WPA (Wi-Fi Protected Access)/WPA2 (Wi-Fi Protected Access I) are two WiFi
security protocols and security certification programs. They provide both security (you can control who connects) and privacy (the transmissions cannot be
read by others) for communications as they travel across your network. WPA2
is newer, more secure and complex than WPA. Newer Wi-Fi devices (certified
since 2006) support both the WPA and WPA2 security protocols. Devices that
have older network cards may only work with WPA security.
Index
A
S
Access Point Config pane
on Access Point Mode tab ...............................23
Access Point mode
configuring .......................................................9
Access Point Mode tab
configuration properties ..................................22
adding new network ...........................................12
SD card
about the ........................................................15
secure storage....................................................15
specifications........................................................7
supported configurations....................................24
access point for local tool connection ...............24
access point for WiFi field bus..........................25
WiFi Client ......................................................26
Switch
details.............................................................15
settings...........................................................15
switching modes.................................................11
C
Client mode
configuring .....................................................11
Client Mode tab
configuration properties ..................................20
configuring WiFi
Access Point mode ............................................9
Client mode ....................................................11
D
Dhcp Server Settings pane
on Access Point Mode tab ...............................24
Discovered Networks table
on Client Mode tab .........................................21
G
W
WiFi Configuration view
about..............................................................17
properties .......................................................17
WiFi modes
switching ........................................................11
WiFi states
Access Point mode ..........................................17
Client mode ....................................................17
Current ...........................................................17
wireless network
adding ............................................................12
editing ............................................................12
editing a network ............................................12
General properties
Access Point Mode tab ....................................22
I
Inactivity Timeout shutdown
restarting after ................................................12
N
Network Database table
on Client Mode tab ................................... 20–21
O
Overview .............................................................7
R
restarting WiFi adapter
after Inactivity Timeout shutdown ....................12
December 2, 2015
31
Download PDF
Similar pages