advertisement
Configuration
Tsunami MP.11 5012-SUR Installation and Management
6
This section describes configuring the 5012-SUR’s settings using the unit’s Web Interface.
Click the Configure button to access configuration settings.
The following topics are discussed in this section:
•
•
•
•
•
•
•
•
RIP Parameters (Routing Mode Only)
•
Help and Exit buttons also appear on each page of the Web interface; click the Help button to access online help; click the Exit button to exit the application.
For an introduction to the basics of management, see
.
System Parameters
The System configuration page lets you change the unit’s System Name, Location, Mode of Operation, and so on.
These details help you to distinguish the unit from other routers and let you know whom to contact in case you experience problems.
Click Configure> System; the following window is displayed.
You can enter the following details:
56
Configuration
System Parameters
Tsunami MP.11 5012-SUR Installation and Management
• System Name: This is the system name for easy identification of the BSU or SU. The System Name field is limited to a length of 32 bytes. Use the system name of a BSU to configure the Base Station System Name parameter on an SU if you want the SU to register only with this BSU. If the Base Station System Name is left blank on the SU, it can register with any Base Station that has a matching Network Name and Network Secret.
• Country: Upon choosing a country/band, the Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) features are enabled automatically if the selected country/band has a regulatory domain that requires it. The Country selection pre-selects and displays only the allowed frequencies for the selected country/band.
Click Configure > Interfaces > Wireless to see the channel/frequency list for the selected Country.
NOTE: If All Channels 5 GHz is selected from the Country drop-down menu, any channel in the 5 GHz range are displayed for manual selection.
NOTE: Units sold only in the United States are pre-configured to scan and display only the outdoor frequencies permitted by the FCC. No other Country selections, channels, or frequencies can be configured. Units sold outside of the United States support the selection of a Country by the professional installer. If you change the
Country, a reboot of the unit is necessary for the upgrade to take place.
For a non US-only device, the default country selected is United Kingdom (GB).
Note the following:
– The channel center frequencies are not regulated; only the band edge frequencies are regulated.
– If, before upgrade, US was selected as a country for a non US-Only device (which is an incorrect configuration), the country is changed automatically to United Kingdom upon upgrade.
See Country Codes and Channels
for a list of country codes.
• Location: This field can be used to describe the location of the unit, for example “Main Lobby.”
• Contact Name, Contact Email, and Contact Phone: In these fields, you can enter the details of the person to contact.
• ObjectID: This read-only field shows the OID of the product name in the MIB.
• Ethernet MAC Address: This read-only field shows the MAC address of the Ethernet interface of the device.
• Descriptor: This read-only field shows the product name and firmware build version.
• Up Time: This read-only field shows the length of time the device has been up and running since the last reboot.
• Mode of Operation: This drop-down menu is used to set the unit as a bridge (layer 2) or as a router (layer 3). See
for more information.
Bridge and Routing Modes
Bridge Mode
A bridge is a product that connects a local area network (LAN) to another LAN that uses the same protocol (for example,
Ethernet). You can envision a bridge as being a device that decides whether a message from you to someone else is going to the local area network in your building or to someone on the local area network in the building across the street.
A bridge examines each message on a LAN, passing those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (or LANs).
In bridging networks, computer or node addresses have no specific relationship to location. For this reason, messages are sent out to every address on the network and are accepted only by the intended destination node. Bridges learn which addresses are on which network and develop a learning table so that subsequent messages can be forwarded to the correct network.
Bridging networks are generally always interconnected LANs since broadcasting every message to all possible destination would flood a larger network with unnecessary traffic. For this reason, router networks such as the Internet use a scheme that assigns addresses to nodes so that a message or packet can be forwarded only in one general direction rather than forwarded in all directions.
57
Configuration
System Parameters
Tsunami MP.11 5012-SUR Installation and Management
A bridge works at the data-link (physical) layer of a network, copying a data packet from one network to the next network along the communications path.
The default Bridging Mode is Transparent Bridging.
This mode works if you do not use source routing in your network. If your network is configured to use source routing, then you should use either Multi-Ring SRTB or Single-Ring SRTB mode.
In Multi-Ring SRTB mode, each unit must be configured with the Bridge number, Radio Ring number, and Token Ring number. The Radio Ring number is unique for each Token Ring Access Point and the Bridge number is unique for each
Token Ring Access Point on the same Token Ring segment.
Alternatively, you may use the Single-Ring SRTB mode. In this mode, only the Token Ring number is required for configuration.
Routing Mode
Routing mode can be used by customers seeking to segment their outdoor wireless network using routers instead of keeping a transparent or bridged network.
By default the unit is configured as a bridge device, which means traffic between different outdoor locations can be seen from any point on the network. By switching to routing mode, your network now is segmented by a layer 3 (IP) device. By using Routing mode, each network behind the BSU and SUs can be considered a separate network with access to each controlled through routing tables. The use of a router on your network also blocks the retransmission of broadcast and multicast packets on your networks, which can help to improve the performance on your outdoor network in larger installations.
The use of Routing mode requires more attention to the configuration of the unit and thorough planning of the network topology of your outdoor network. The unit can use Routing mode in any combination of BSU and SUs. For example, you may have the BSU in Routing mode and the SU in Bridge mode, or vice versa.
When using Routing mode, pay close attention to the configuration of the default gateway both on your unit and on your
PCs and servers. The default gateway controls where packets with unknown destinations (Internet) should be sent. Be sure that each device is configured with the correct default gateway for the next hop router. Usually this is the next router on the way to your connection to the Internet. You can configure routes to other networks on your Intranet through the addition of static routes in your router’s routing table.
Key Reasons to Use Routing Mode
One key reason why customers would use Routing mode is to implement virtual private networks (VPNs) or to let nodes behind two different SUs communicate with each other. Many customers do this same thing in Bridging mode by using secondary interfaces on the router at the BSU or virtual interfaces at the BSU in VLAN mode to avoid some of the drawbacks of IP Routing mode.
Routing mode prevents the transport of non-IP protocols, which may be desirable for Service Providers.
Routing mode is usually more efficient because Ethernet headers are not transported and non-IP traffic is blocked.
Benefits of using Routing Mode
• Enabling RIP makes the 5012-SUR easier to manage for a Service Provider that uses RIP to dynamically manage routes. RIP is no longer very common for Service Providers or Enterprise customers and an implementation of a more popular routing protocol like OSPF would be desirable.
• Routing mode saves bandwidth by not transporting non-IP protocols users might have enabled, like NetBEUI or IPX/
SPX, which eliminates the transmission of broadcasts and multicasts.
– The MAC header is:
• Destination MAC 6 bytes
• Source MAC 6 bytes
• Ethernet Type 2 bytes
58
Configuration
System Parameters
Tsunami MP.11 5012-SUR Installation and Management
If the average packet size is 1000 bytes, the overhead saved is 1.5%; With a frame size of 64 bytes, the overhead saved is 20%; and for frame sizes of 128 bytes, the saving is 10%. Network researches claim that most network traffic consists of frames smaller than 100 bytes.
In order to support routers behind the SUs with multiple subnets and prevent routing loops, you want individual routes
(and more then one) per SU.
Routing Mode Examples
In the first example, both the BSU and the SUs are configured for Routing mode. This example is appropriate for businesses connecting remote offices that have different networks.
In example 2, the BSU is in Routing mode and the SUs are in Bridge mode. Notice the PCs behind the SUs must configure their default gateways to point to the BSU, not the SU.
Notes:
• One of the most important details to pay attention to in Routing mode are the unit’s and the PC’s default gateways. It is a common mistake to set up the PC’s gateway to point to the SU when the SU is in Bridge mode and the BSU is in
Routing mode. Always check to make sure the PCs on your network are configured to send their IP traffic to the correct default gateway.
• Be sure to reboot the unit to permanently save static routes. New routes take effect immediately without a reboot, but are not permanently saved with your configuration until you do reboot the device. An unexpected power outage could cause static routes you entered to “disappear” when the unit reboots if they have not been saved. You also should save a copy of your unit’s configuration file in case the unit must be reloaded. This saves you from being required to re-enter numerous static routes in a large network.
• The routing table supports up to 500 static routes.
59
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
Network Parameters
The Network tab contains the following sub-tabs. Note that some configuration options are available only in Routing mode.
•
•
•
•
Spanning Tree (Bridge Mode Only)
•
•
DHCP Relay Agent (Routing Mode only)
IP Parameters
Click Configure > Network > IP Configuration to view and configure local IP address information. Configurable settings differ between Bridge mode and Routing mode.
Bridge Mode
If the device is configured in Bridge mode, the following screen is displayed:
Configure or view the following parameters:
• IP Address Assignment Type:
– Select Static if you want to assign a static IP address to the unit. Use this setting if you do not have a DHCP server or if you want to manually configure the IP settings
– Select Dynamic to have the device run in DHCP client mode, which gets an IP address automatically from a
DHCP server over the network.
When the unit is in Bridge mode, only one IP address is required. This IP address also can be changed with ScanTool
(see
Setting the IP Address with ScanTool ).
• IP Address: The unit’s static IP address (default IP address is 10.0.0.1). This parameter is configurable only if the IP
Address Assignment Type is set to Static.
• Subnet Mask: The mask of the subnet to which the unit is connected (the default subnet mask is 255.255.255.0).
This parameter is configurable only if the IP Address Assignment Type is set to Static.
• Default Router IP Address: The IP address of the default gateway. This parameter is configurable only if the IP
Address Assignment Type is set to Static.
• Default TTL: The default time-to-live value.
60
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
Routing Mode
If the device is configured in Routing mode, both Ethernet and Wireless interfaces require an IP address. The following screen is displayed:
Configure or view the following parameters:
• IP Address Ethernet Port: The unit’s Ethernet IP address. The default is 10.0.0.1.
• Subnet Mask Ethernet Port: The unit’s Ethernet IP address subnet mask.The default is 255.255.255.0.
• IP Address Wireless Slot A: The unit’s wireless IP address. The default is 10.0.0.1.
• Subnet Mask Wireless Slot A: The unit’s wireless IP address subnet mask.
• Default Router IP Address: The router’s IP address.
• Default TTL: The default time-to-live value.
• Management Interface: The interface used to manage the device. Select Ethernet, Wireless, or Auto.
Roaming
Roaming Overview
Roaming is a feature by which an SU terminates the session with the current BSU and starts the registration procedure
with another BSU when it finds the quality of the other BSU to be better. Roaming provides MAC level connectivity to the
SU that roams from one BSU to another. Roaming takes place across the range of frequencies and channel bandwidths
(5, 10, or 20 MHz, as available) that are available per configuration. The current release offers handoff times of up to a maximum of 80 ms. This is fast enough to allow the SU to seamlessly roam from one BSU to the other therefore supporting session persistence for delay-sensitive applications. The feature also functions as BSU backup in case the current BSU fails or becomes unavailable.
The Roaming feature lets the SU monitor local SNR and data rate for all frames received from the current BSU. As long as the average local SNR for the current BSU is greater than the slow scanning threshold, and the number of retransmitted frames is greater than the slow scanning threshold given in percentage, the SU does not scan other channels for a better BSU.
• The normal scanning procedure starts when the average local SNR for the current BSU is less than or equal to the slow scanning threshold and the number of retransmitted frames is greater than the slow scanning threshold given in percentage. During the normal scanning procedure the SU scans the whole list of active channels while maintaining the current session uninterrupted.
61
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
• Fast scanning is the scanning procedure performed when the average local SNR for the current BSU is very low
(below the fast scanning threshold) and the number of retransmitted frames is greater than the fast scanning retransmission threshold given in%, so that the current session should terminate as soon as possible. During this procedure, the SU scans other active channels as fast as possible.
Roaming can only occur if the normal scanning or fast scanning procedure is started under the following conditions:
1. If the roaming is started from the normal scanning procedure (after the SU scans all the active channels), the SU selects the BSU with the best SNR value on all available channels. The SU roams to the best BSU only if the SNR value for the current BSU is still below the slow scanning SNR threshold, and best BSU offers a better SNR value for at least roaming threshold than the current BSU. The SU starts a new registration procedure with the best BSU without ending the current session.
2. If the roaming is started from the fast scanning procedure, the SU selects the first BSU that offers better SNR than the current BSU, and starts a new registration procedure with the better BSU without ending the current session.
Roaming with Dynamic Data Rate Selection (DDRS) Enabled
When an SU roams from BSU-1 to BSU-2 and DDRS is enabled, the data rate at which the SU connects to BSU-2 is the default DDRS data rate. If this remains at the factory default of 6 Mbps, there can be issues with the application if it requires more then 6 Mbps (for example multiple video streams).
Applications requiring a higher data rate could experience a slight data loss during the roaming process while DDRS selects a higher rate (based upon link conditions).
When the applications re-transmit at a possibly slower rate, the WORP protocol initially services the data at 6 Mbps and increases the data rate up to the "Maximum DDRS Data Rate" (ddrsmaxdatarate) one step at a time. Because the applications are not being serviced at the best possible rate, they further slow down the rate of data send.
The DDRS algorithm requires data traffic (a minimum of 128 frames) to raise the rate to a higher value. Although roaming occurs successfully, the previous scenario causes applications to drop their sessions; hence session persistence is not maintained.
For a more information on DDRS, see Dynamic Data Rate Selection (DDRS)
.
NOTE: You must know the data rate required for the applications running and you must ensure (during network deployment) that the ranges and RF links can support the necessary data rate. You also must set the default
DDRS data rate at the capacity necessary for the application so that it connects to the next Base Station at the required capacity if roaming occurs. Set the “Default DDRS Data Rate” (ddrsdefdatarate) to a greater value (24,
36, 48 or 54 Mbps, for example) for applications requiring session persistence when roaming occurs.
Roaming Configuration
Click Configure > Network > Roaming to configure Roaming.
Enable or disable the Roaming feature in the Roaming Status drop-down box. The default value is disabled.
62
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
NOTE: To enable roaming, you must enable Roaming Status on both the BSU and the SU.
An SU scans all available channels for a given bandwidth during roaming. In order to reduce the number of channels an
SU has to scan and thus decrease the roaming time, a channel priority list that tells the SU what channels to scan is implemented. Each channel in the channel priority list is specified with its corresponding bandwidth and the priority with which it should be scanned, either “Active” (standard priority), “Active High” (high priority), or “Inactive”.
An SU will scan all channels indicated as “Active” during roaming. However, it will scan active channels indicated as
“High Priority” before scanning active channels indicated as standard priority. Channels that are not going to be used in the wireless network should be configured as “Inactive” so that the SU can skip over those channels during scanning saving this way time.
A BSU broadcasts the channel priority list to all valid authenticated SUs in its sector. It re-broadcasts the channel priority list to all SUs every time the list is updated on the BSU. For information for configuring the channel priority list on the BSU see the Tsunami MP.11-R Installation and Management Guide.
Note that an SU may roam from one BSU with a bandwidth setting to another BSU with a different bandwidth setting.
Since in this case more channels need to be scanned than with only one channel bandwidth setting, it is important that the channel priority list is properly used to limit scanning time.
When Scanning Across Bandwidth on the SU is enabled (see Interface Parameters
), the SU supports bandwidth selection of the communications channel of either 20 MHz, 10 MHz, or 5 MHz, as available. This allows the BSUs in the network to be set to different bandwidths while an SU can still roam from one BSU to the next, because it will not only scan other frequencies (when the signal level or quality are lower than the threshold) but it will also switch to other bandwidths to find a BSU that may be on another bandwidth than its current one.
During roaming, the SU will start scanning first the channels on its current bandwidth from the “Active” channel list provided by the BSU in order to find a BSU to register, since that is the most likely setting for other BSUs in the network.
If the SU cannot find an acceptable roaming candidate, it will switch bandwidth and start scanning channels on that corresponding bandwidth from the “Active” channel list provided by the BSU. The process is repeated until the SU finds an appropriate BSU to register.
In the example above, an SU whose current bandwidth is 20 MHz will start scanning all active channels within the bandwidth of 20 MHz. If it cannot find a suitable BSU, it will switch to a 10 MHz bandwidth and start scanning all active channels within that bandwidth, in this case channel 56 first since it is configured as high priority and channel 60 next. No channels will be scanned on the 5 MHz bandwidth since all those channels are configured as inactive.
DHCP Server
When enabled, the DHCP server allows allocation of IP addresses to hosts on the Ethernet side of the SU or BSU.
Specifically, the DHCP Server feature lets the SU or BSU respond to DHCP requests from Ethernet hosts with the following information:
• Host IP address
• Gateway IP address
• Subnet Mask
• DNS Primary Server IP address
• DNS Secondary Server IP
Click Configure > Network > DHCP Server to enable the unit on a DHCP Server.
63
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
The following parameters are configurable:
• DHCP Server Status: Verify that DHCP Relay Agent is disabled. After you have made at least one entry in the DHCP server IP Pool Table, enable DHCP Server by selecting Enable from the DHCP Server Status pull-down menu.
NOTE: There must be at least one entry in the DHCP server IP Pool Table to enable DHCP server. Also, DHCP server cannot be enabled if DHCP Relay Agent is enabled.
• Subnet Mask: The unit supplies this subnet mask in its DHCP response to a DHCP request from an Ethernet host.
Indicates the IP subnet mask assigned to hosts on the Ethernet side using DHCP.
• Gateway IP Address: The unit supplies this gateway IP address in the DHCP response. It indicates the IP address of a router assigned as the default gateway for hosts on the Ethernet side. This parameter must be set.
• Primary DNS IP Address: The unit supplies this primary DNS IP address in the DHCP response. It indicates the IP address of the primary DNS server that hosts on the Ethernet side uses to resolve Internet host names to IP addresses. This parameter must be set.
• Secondary DNS IP Address: The unit supplies this secondary DNS IP address in the DHCP response.
• Number of IP Pool Table Entries: The number of IP pool table entries is a read-only field that indicates the total
Add Entries to the DHCP Server IP Pool Table
You can add up to 20 entries in the IP Pool Table. An IP address can be added if the entry’s network ID is the same as the network ID of the device.
NOTE: After adding entries, you must reboot the unit before the values take effect.
1. To add an entry click Add Table Entries.
64
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
2. Enter the following parameters and click Add:
•
Start IP Address: Indicates the starting IP address that is used for assigning address to hosts on the Ethernet
side in the configured subnet.
•
End IP Address: Indicates the ending IP address that is used for assigning address to hosts on the Ethernet side
in the configured subnet.
•
Default Lease Time: Specifies the default lease time for IP addresses in the address pool. The value is 3600-
86400 seconds.
•
Max Lease Time: The maximum lease time for IP addresses in the address pool. The value is 3600-86400
seconds.
•
Comment: The comment field is a descriptive field of up to 255 characters.
Edit/Delete Entries in the DHCP Server IP Pool Table Entries
1. Click Edit/Delete Table Entries to make changes
2. Enter your changes and click OK.
Spanning Tree (Bridge Mode Only)
NOTE: The unit must be in Bridge mode to configure Spanning Tree.
This protocol is executed between the bridges to detect and logically remove redundant paths from the network.
Spanning Tree can be used to prevent link-layer loops (broadcast is forwarded to all port where another device may forward it and, finally, it gets back to this unit; therefore, it is looping). Spanning Tree can also be used to create redundant links and operates by disabling links: hot standby customer is creating a redundant link without routing function.
65
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
If your network does not support Spanning Tree, be careful to avoid creating network loops between radios. For example, creating a WDS link between two units connected to the same Ethernet network creates a network loop (if spanning tree is disabled).
The Spanning Tree configuration options are advanced settings. Proxim recommends that you leave these parameters at their default values unless you are familiar with the Spanning Tree protocol.
Click the Spanning Tree tab to change Spanning Tree values.
Edit/Disable Entries in the Priority and Path Cost Table
1. Click Edit Table Entries to make changes
2. Enter your changes and click OK.
IP Routes (Routing Mode only)
NOTE: The unit must be in Routing mode to configure IP Routes.
Click Configure > Network > IP Routes to configure.
66
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
Add IP Routes
1. Click the Add button; the following screen is displayed.
2. Enter the route information.
3. Click Add. The IP Address and Subnet Mask combination is validated for a proper combination.
NOTE: When adding a new entry, the IP address of the Route Destination must be in either the Ethernet subnet or in the wireless subnet of the unit.
Edit/Delete IP Routes
1. Click the Edit/Delete Table Entries button.
2. Edit the route information.
3. Click OK. The IP address and subnet mask combination is validated for a proper combination.
67
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
DHCP Relay Agent (Routing Mode only)
NOTE: The unit must be in Routing mode to configure DHCP Relay Agent.
Click Configure > Network > DHCP RA to enable the DHCP Relay Agent. When enabled, the DHCP relay agent forwards DHCP requests to the set DHCP server. There must be at least one entry in the corresponding Server IP
Address table in order to enable the DHCP Relay Agent.
Note that DHCP Relay Agent parameters are configurable only in Routing mode. It cannot be enabled when NAT or
DHCP Server is enabled.
Add Entries to the DHCP Relay Agent Table
1. Click Add Table Entries; the following window is displayed:
2. Enter the Server IP Address and any optional comments, and click Add.
Edit/Delete Entries in the DHCP Relay Agent Table
1. Click Edit/Delete Table Entries. The following window is displayed:
68
Configuration
Network Parameters
Tsunami MP.11 5012-SUR Installation and Management
2. Enter your changes, and click OK.
69
Configuration
Interface Parameters
Interface Parameters
•
•
Tsunami MP.11 5012-SUR Installation and Management
Wireless
To configure the wireless interface, click Configure > Interfaces > Wireless.
SUs can be placed only in WORP Satellite mode. The Wireless Outdoor Router Protocol (WORP) is a polling algorithm designed for wireless outdoor networks. WORP takes care of the performance degradation incurred by the so-called
“hidden-node” problem, which can occur when wireless LAN technology is used for outdoor building-to-building connectivity. In this situation, when multiple radios send an RTS, if another radio is transmitting, it corrupts all data being sent, degrading overall performance. The WORP polling algorithm ensures that these collisions cannot occur, which increases the performance of the overall network significantly.
WORP dynamically adapts to the number of SUs that are active on the network and the amount of data they have queued to send.
The mandatory parameters to configure for registration of the SU on a Base Station are:
• Network Name
• Base Station System Name (when used)
• Channel Frequency
• Encryption (when used)
• Network Secret
These and other parameters found on the SU’s Interfaces > Wireless page are described below.
• Interface Type: The interface type can only be WORP Satellite.
• MAC Address: The factory-assigned MAC address of the unit. This is a read-only field.
70
Configuration
Interface Parameters
Tsunami MP.11 5012-SUR Installation and Management
• Base Station System Name: The name found on the system page of the BSU to which this SU is connecting. This parameter can be used as an added security measure, and when there are multiple BSUs in the network and you want an SU to register with only one when it may actually have adequate signal strength for either. The System Name field is limited to a length of 32 bytes.
If the Base Station System Name is left blank on the SU, it can register with any BSU with a matching Network Name and Network Secret.
• Operational Mode: This field indicates the operational mode of the unit, depending upon the specific Tsunami MP.11.
This operational mode cannot be changed as it is based upon a license file.
• Network Name: A Network Name is a name given to a network so that multiple networks can reuse the same frequency without problems. An SU can only register to its base if it has the same Network Name. The Network Name is one of the parameters that allow a Subscriber Unit to register on a Base Station. The Base Station System Name and Frequency Channel also are parameters to guide the SU to the proper BSU on the network, but they provide no security. Basic security is provided through encryption, as it causes none of the messages to be sent in the clear.
Further security is provided by mutual authentication of the BSU and SU using the Network Secret. The Network
Name can be 2 to 32 characters in length.
• Dynamic Data Rate Selection (DDRS) Status: For the WORP Satellite Mode, DDRS Status is read-only parameter and its value is based upon the WORP Base to which this SU is associated.
When you enable or disable DDRS on the BSU, the BSU sends an announcement to the SUs and the SUs enable or disable DDRS automatically.
• Transmit Power Control (TPC): By default, the unit lets you transmit at the maximum output power for the country or regulatory domain and frequency selected. However, with Transmit Power Control (TPC), you can adjust the output power of the unit to a lower level in order to reduce interference to neighboring devices or to use a higher gain antenna without violating the maximum radiated output power allowed for your country/band. Also, some countries/ bands that require DFS also require the transmit power to be set to a 6 dB lower value than the maximum allowed
EIRP when link quality permits. You can see your unit’s current output power for the selected frequency in the event log.
The event log shows the selected power for all data rates, so you must look up the proper data rate to determine the actual power level.
NOTE: This feature only lets you decrease your output power; it does not let you increase your output power beyond the maximum allowed defaults for your frequency and country.
Select one of the following options and click OK at the bottom of the window. Your original output power is adjusted relative to the value selected. The new setting takes effect immediately without rebooting:
TPC Selection (dB)
0 (default)
-3
-6
-9
-12
-15
-18 (minimum TPC level)
4
1
16
13
10
7
0
Maximum TX Power (dBm)
NOTE: 24 Mbps and lower modulation have maximum +16 dBm TX power, 36 Mbps has maximum +13 dBm TX power, 48 Mbps has maximum +12 dBm TX power, and 54 Mbps has maximum +11 dBm TX power. Because higher modulation has a lower maximum TX power, the total TPC range is smaller at a higher data rate.
Because the minimum TX power is equal for all data rates, each TPC selection has constant TX power for all data rates except where the maximum TX power is limited.
• Actual Transmit Power Control: The configured Transmit Power Control setting.
71
Configuration
Interface Parameters
Tsunami MP.11 5012-SUR Installation and Management
• Enable Turbo Mode (Non-DFS US Only): Check this box to enable Turbo Mode. Turbo Mode is supported only in
the United States. Enabling turbo mode, in its current implementation, allows the unit to use two adjacent frequency
channels to transmit and receive a signal. By enabling turbo mode, the receive sensitivity improves by 4 dB for the 36
Mbps data rate and by 2 dB for the 24 Mbps data rate.
NOTE: The additional sensitivity is provided with the impact of using twice as much spectrum and thus increasing the opportunity of interference and decreased ability for system collocation. Generally, Turbo mode is not recommended except when the extra sensitivity is absolutely required.
• Frequency Channel: The frequency channel indicates the band center frequency the unit uses for communicating
Channel list displays only the channels and frequencies allowed for the selected country.
For countries in which DFS is required, Frequency Channel is not configurable. Instead the channel is auto-selected by the DFS process.
If All Channels 5 GHz is selected in the Country drop-down menu on the Configure > System page, any channel in the 5 GHz range is manually selectable.
• Scanning Across Bandwidth: Enable this field if you want the SU to scan across the whole range of channel bandwidths (5, 10, or 20 MHz, as available) with or without roaming enabled. Disable this field if you wish the SU to scan only across its configured channel bandwidth.
• Multicast Rate: The rate at which data is to be transferred. All RF traffic between 5012-SUR units is multicast. This drop down box is unavailable when DDRS is enabled.
The default data rate for the 5012-SUR is 36 Mbps. The SU must never be set to a lower data rate than the BSU, because timeouts will occur at the BSU and communication will fail.
Selections for multicast rate are shown in the following table:
1.5
2.25
3
4.5
6
9
12
13.5
5 MHz
12
18
24
27
6
9
3
4.5
10 MHz
24
36
48
54
6
9
12
18
20 MHz
24
36
48
72
12
18
40 MHz
(Turbo Mode; Non-DFS US Only)
96
108
• Channel Bandwidth: This field is used to change the bandwidth. Values are 5 MHz, 10 MHz, or 20 MHz, as well as
40 MHz when Turbo mode is enabled.
NOTE: The 5 MHz channel bandwidth is not available when the selected country is UNITED STATES DFS.
• Satellite Density: The Satellite Density setting is a valuable feature for achieving maximum bandwidth in a wireless network. It influences the receive sensitivity of the radio interface and improves operation in environments with a high noise level. Reducing the sensitivity of the unit enables unwanted “noise” to be filtered out (it disappears under the threshold).
You can configure the Satellite Density to be Large, Medium, Small, Mini, or Micro. The default value for this setting is Large. The smaller settings are appropriate for high noise environments; a setting of Large would be for a low noise environment.
A long distance link may have difficulty maintaining a connection with a small density setting because the wanted signal can disappear under the threshold. Consider both noise level and distance between the peers in a link when configuring this setting. The threshold should be chosen higher than the noise level, but sufficiently below the signal level. A safe value is 10 dB below the present signal strength.
72
Configuration
Interface Parameters
Tsunami MP.11 5012-SUR Installation and Management
If the Signal-to-Noise Ratio (SNR) is not sufficient, you may need to set a lower data rate or use antennas with higher gain to increase the margin between wanted and unwanted signals. In a point-to-multipoint configuration, the BSU should have a density setting suitable for all of its registered SUs, especially the ones with the lowest signal levels
(longest links).
Take care when configuring a remote interface; check the available signal level first, using Remote Link Test.
WARNING: When the remote interface accidentally is set at too small a value and communication is lost, it cannot be reconfigured remotely and a local action is required to bring the communication back.
Therefore, the best place to experiment with the level is at the unit that can be managed without going through the link; if the link is lost, the setting can be adjusted to the correct level to bring the link back.
Make your density selection from the drop-down menu. This setting requires a reboot of the unit. Sensitivity threshold settings related to the density settings for the 5012-SUR are:
Large
Medium
Small
Mini
Micro
Satellite Density
-95 dBm
Receive Sensitivity Threshold
-86 dBm
-78 dBm
-70 dBm
-62 dBm
Defer Threshold
-62 dBm
-62 dBm
-52 dBm
-42 dBm
-36 dBm
• Registration Timeout: This is the registration process time-out of an SU on a BSU. Default is 5 seconds.
• Rx Activity Timeout: This is the activity time-out of an SU on a BSU. Default is 0 seconds.
• Network Secret: A network secret is a secret password given to all nodes of a network. An SU can only register to a
BSU if it has the same Network Secret. The Network Secret is sent encrypted and can be used as a security option.
• Input / Output Bandwidth Limit: These parameters limit the data traffic received on the wireless interface and transmitted to the wireless interface, respectively. Selections are in steps of 64 Kbps from 64 Kbps to 12 Mbps.
NOTE: The aggregate maximum bandwidth shared between input and output is 12 Mbps. If you attempt to set the input/output bandwidth values so that the total exceeds 12 Mbps, the management interface will automatically adjust the values to the available aggregate bandwidth of 12 Mbps. For example, the system default is 6 Mbps for both input and output bandwidths. If you change the input to 8 Mbps, the management interface will automatically adjust the output to 4 Mbps, for an aggregate bandwidth of 12 Mbps. The values will not adjust automatically if the total is less than 12 Mbps.
Ethernet
To set the Ethernet speed, duplex mode, and input and output bandwidth limits, click Configure > Interfaces > Ethernet.
You can set the desired speed and transmission mode by clicking on Configuration. Select from these settings for the type of Ethernet transmission:
73
Configuration
Interface Parameters
Tsunami MP.11 5012-SUR Installation and Management
• Half-duplex means that only one side can transmit at a time.
• Full-duplex lets both sides transmit.
• Auto-duplex selects the best transmission mode available when both sides are set to auto-select.
The recommended setting is auto-speed-auto-duplex.
74
Configuration
SNMP Parameters
Tsunami MP.11 5012-SUR Installation and Management
SNMP Parameters
Click Configure > SNMP to enable or disable trap groups, and to configure the SNMP management stations to which the
5012-SUR sends system traps. See “Trap Groups” in the Tsunami MP.11/QB.11 Reference Manual for a list of the system traps.
• Trap Groups: You can enable or disable different types of traps in the system. By default, all traps are enabled.
• Trap Host Table: This table shows the SNMP management stations to which the 5012-SUR sends system traps.
Trap Host Table
Add Entries to the Trap Host Table
Click the Add Table Entries button to add entries to the Trap Host Table.
Edit/Delete Entries in the Trap Host Table
Click the Edit/Delete Table Entries button to make changes to or delete existing entries.
75
Configuration
SNMP Parameters
Tsunami MP.11 5012-SUR Installation and Management
76
Configuration
Management Parameters
Tsunami MP.11 5012-SUR Installation and Management
Management Parameters
Use the Management tab to configure passwords and other service parameters.
Passwords
The Password tab lets you configure the SNMP, Telnet, and HTTP (Web Interface) passwords.
For all password fields, the passwords must be between 6 and 32 characters. Changes take effect immediately after you click OK.
• SNMP Read Community Password: The password for read access to the 5012-SUR using SNMP. Enter a password in both the Password field and the Confirm field. The default password is public.
• SNMP Read/Write Community Password: The password for read and write access to the 5012-SUR using SNMP.
Enter a password in both the Password field and the Confirm field. The default password is public.
• Telnet (CLI) Password: The password for the CLI interface. Enter a password in both the Password field and the
Confirm field. The default password is public.
• HTTP (Web) Password: The password for the Web browser HTTP interface. Enter a password in both the Password field and the Confirm field. The default password is public.
Services
The Services tab lets you configure the SNMP, Telnet, and HTTP (Web Interface) parameters. Changes to these parameters require a reboot to take effect.
77
Configuration
Management Parameters
Tsunami MP.11 5012-SUR Installation and Management
SNMP Configuration Settings
• SNMP Interface Bitmask: Configure the interface or interfaces (All Interfaces, Only Ethernet, Only Slot A) from which you will manage the 5012-SUR using SNMP. You also can select None to prevent a user from accessing the unit through SNMP.
HTTP Configuration Settings
• HTTP Interface Bitmask: Configure the interface or interfaces (All Interfaces, Only Ethernet, Only Slot A) from which you will manage the 5012-SUR through the Web interface. For example, to allow Web configuration through the
Ethernet network only, set HTTP Interface Bitmask to Ethernet. You can also select None to prevent a user from accessing the 5012-SUR from the Web interface.
• HTTP Port: Configure the HTTP port from which you will manage the 5012-SUR through the Web interface. By default, the HTTP port is 80.
• HTTP Connections: The number of allowed HTTP connections (the maximum is 8).
Telnet Configuration Settings
NOTE: To use HyperTerminal for CLI access, make sure to check “Send line ends with line feeds” in the ASCII Setup window (in the HyperTerminal window, click Properties; then select Setup > ASCII Setup. See “HyperTerminal
Connection Properties” in the Tsunami MP.11/QB.11 Reference Manual for more information).
• Telnet Interface Bitmask: Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the unit through telnet. This parameter can also be used to disable telnet management.
• Telnet Port Number: The default port number for Telnet applications is 23. However, you can use this field if you want to change the Telnet port for security reasons (but your Telnet application also must support the new port number you select).
• Telnet Login Timeout (seconds): Enter the number of seconds the system is to wait for a login attempt. The unit terminates the session when it times out. The range is 1 to 300 seconds; the default is 30 seconds.
• Telnet Session Timeout (seconds): Enter the number of seconds the system is to wait during a session while there is no activity. The unit ends the session upon timeout. The range is 1 to 36000 seconds; the default is 900 seconds.
• Telnet Connections: The number of allowed Telnet connections (the maximum is 8).
78
Configuration
Management Parameters
Tsunami MP.11 5012-SUR Installation and Management
Serial Configuration Settings
The serial port interface on the unit is enabled at all times. See “Serial Port” in the Tsunami MP.11/QB.11 Reference
Manual for information about how to access the CLI interface through the serial port. You can configure and view following parameters:
• Serial Baud Rate: Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or 57600; the default Baud Rate is 9600.
• Serial Flow Control: Select either None (default) or Xon/Xoff (software controlled) data flow control. To avoid potential problems when communicating with the unit through the serial port, Proxim recommends that you leave the
Flow Control setting at None (the default value).
• Serial Data Bits: This is a read-only field and displays the number of data bits used in serial communication (8 data bits by default).
• Serial Parity: This is a read-only field and displays the number of parity bits used in serial communication (no parity bits by default).
• Serial Stop Bits: This is a read-only field that displays the number of stop bits used in serial communication (1 stop bit by default).
The serial port bit configuration is commonly referred to as 8N1.
79
Configuration
Security Parameters
Security Parameters
MAC Authentication (BSU Only)
MAC authentication is available only for BSUs.
Tsunami MP.11 5012-SUR Installation and Management
Encryption
NOTE: Be sure to set the encryption parameters and change the default passwords.
You can protect the wireless data link by using encryption. In addition to Wi-Fi Protected Access (WPA) and Wired
Equivalent Privacy (WEP), the unit supports Advanced Encryption Standard (AES) 128-bit encryption. To provide even stronger encryption, the AES CCM Protocol is also supported.
Encryption keys can be 5 (64-bit), 13 (WEP 128-bit), or 16 (AES 128-bit) characters in length. Both ends of the wireless data link must use the same parameter values.
Click Configure > Security > Encryption sub-tab to set encryption keys for the data transmitted and received by the unit. Note that all devices in one network must use the same encryption parameters to communicate to each other.
80
Configuration
Filtering
Filtering
Tsunami MP.11 5012-SUR Installation and Management
Overview
Click Configure > Filtering to configure packet filtering. Packet filtering can be used to control and optimize network performance.
The Filtering feature can selectively filter specific packets based upon their Ethernet protocol type. Protocol filtering is done at the Bridge layer.
Protocol filters are useful for preventing bridging of selected protocol traffic from one segment of a network to other segments (or subnets). You can use this feature both to increase the amount of bandwidth available on your network and to increase network security.
Increasing Available Bandwidth
It may be unnecessary to bridge traffic from a subnet using IPX/SPX or AppleTalk to a segment of the network with UNIX workstations. By denying the IPX/SPX AppleTalk traffic from being bridged to the UNIX subnet, the UNIX subnet is free of this unnecessary traffic.
Increasing Network Security
By bridging IP and IP/ARP traffic and blocking LAN protocols used by Windows, Novell, and Macintosh servers, you can protect servers and client systems on the private local LAN from outside attacks that use those LAN protocols. This type of filtering also prevents private LAN data from being bridged to an untrusted remote network or the Internet.
To prevent blocking your own access (administrator) to the unit, Proxim recommends that IP (0x800) and ARP (0x806) protocols are always passed through.
Sample Use and Validation
Configure the protocol filter to let only IP and ARP traffic pass through the 5012-SUR (bridge) from one network segment to another. Then, attempt to use Windows file sharing across the bridge. The file should not allow sharing; the packets are discarded by the bridge.
Setting the ARP Filter
There may be times when you need to set the ARP or Multicast. Usually, this is required when there are many nodes on the wired network that are sending ARP broadcast messages or multicast packets that unnecessarily consume the wireless bandwidth. The goal of these filters is to allow only necessary ARP and multicast traffic through the 1.6 Mbps wireless pipe.
The TCP/IP Internet Protocol Suite uses a method known as ARP (Address Resolution Protocol) to match a device's
MAC (Media Access Control) address with its assigned IP address. The MAC address is a unique 48-bit identifier assigned to each hardware device at the factory by the manufacturer. The MAC address is commonly represented as 6 pairs of hexadecimal digits separated by colons. For example, a RangeLAN2 device may have the MAC address of
00:20:A6:33:ED:45.
When devices send data over the network (Ethernet, Token Ring, or wireless), they use the MAC address to identify a packet's source and destination. Therefore, an IP address must be mapped to a MAC address in order for a device to send a packet to particular IP address. In order to resolve a remote node's IP address with its MAC address, a device sends out a broadcast packet to all nodes on the network. This packet is known as an ARP request or ARP broadcast and requests that the device assigned a particular IP address respond to the sender with its MAC address.
Because ARP requests are broadcast packets, these packets are forwarded to wireless nodes by default, even if the packet is not meant for a wireless node. As the number of nodes on a network backbone increases, so does the number of ARP broadcasts that are forwarded to the wireless nodes. Many of these ARP broadcasts are unnecessary and can
81
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
consume valuable wireless bandwidth. On some networks, there are so many ARP broadcasts that the performance of the wireless network will degrade due to the amount of bandwidth being consumed by these messages.
To reduce the number of ARP broadcasts that are forwarded to the wireless nodes, you can enable ARP filtering. When enabled, the ARP Filter allows the unit to forward only those ARP broadcasts destined for an IP address that falls within the range specified by the ARP Filter Network Address and the ARP Filter Subnet Mask. The ARP Filter performs a logical AND function (essentially keeping what is the same and discarding what is different) on the IP address of the ARP request and the ARP Filter Subnet Mask. It then compares the result of the logical AND to the ARP Filter Network
Address. If the two values match, the ARP broadcast is forwarded to the wireless network by the unit.
Ethernet Protocol
The Ethernet Protocol filter blocks or forwards packets based upon the Ethernet protocols they support. Click Configure
> Filtering > Ethernet Protocol to enable or disable certain protocols in the table. Entries can be selected from a dropdown box.
Follow these steps to configure the Ethernet Protocol Filter:
1. Select the interfaces that will implement the filter from the Ethernet Protocol Filtering drop-down menu.
• Ethernet: Packets are examined at the Ethernet interface
• Wireless-Slot A or Wireless-Slot B: Packets are examined at the Wireless A or B interfaces
• All Interfaces: Packets are examined at both interfaces
• Disabled: The filter is not used
2. Select the Filter Operation Type.
• If set to Block, the bridge blocks enabled Ethernet Protocols listed in the Filter Table.
• If set to Passthru, only the enabled Ethernet Protocols listed in the Filter Table pass through the bridge.
3. Configure the Filter Table. See below.
NOTE: Entries must be enabled in order to be subject to the filter.
Add Entries to the Filter Table
1. Click Add Table Entries. You may add one of the supplied Ethernet Protocol Filters, or you may enter additional filters by specifying the appropriate parameters:
• To add one of the supplied Ethernet Protocol Filters to the filter table:
– Select the appropriate filter from the Specify Common Protocol drop-down menu. Protocol Name and
Protocol Number fields will be filled in automatically.
– Click Add
• To add a new filter to the filter table:
82
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
– Enter the Protocol Number. See http://www.iana.org/assignments/ethernet-numbers for a list of protocol numbers.
– Enter the Protocol Name.
– Click Add.
Edit/Delete Entries in the Filter Table
1. Click Edit and change the information, or select Enable, Disable, or Delete from the Status drop-down menu.
Static MAC Address Filtering
Overview
The Static MAC Address filter optimizes the performance of a wireless (and wired) network. When this feature is configured properly, the unit can block traffic between wired devices on the wired (Ethernet) interface and devices on the wireless interface based upon MAC address.
NOTE: The device on the wireless interface can be any device connected through the link, it can be directly connected to the Ethernet interface of the peer unit, or it can be attached through multiple hops. The only thing important is the
MAC address in the packets arriving at the wireless interface.
The filter is an advanced feature that lets you limit the data traffic between two specific devices (or between groups of devices based upon MAC addresses and masks through the wireless interface of the 5012-SUR. For example, if you have a server on your network with which you do not want wireless clients to communicate, you can set up a static MAC filter to block traffic between these devices. The Static MAC Filter Table performs bi-directional filtering. However, note that this is an advanced filter and it may be easier to control wireless traffic through other filter options, such as Protocol
Filtering.
Each MAC address or mask is comprised of 12 hexadecimal digits (0-9 and A-F) that correspond to a 48-bit identifier.
(Each hexadecimal digit represents 4 bits (0 or 1).
Taken together, a MAC address/mask pair specifies an address or a range of MAC addresses that the unit looks for when examining packets. The unit uses Boolean logic to perform an “and” operation between the MAC address and the mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter using only the hexadecimal digits 0 and F in the mask (where 0 is any value and F is the value specified in the MAC address). A mask of 00:00:00:00:00:00 corresponds to all MAC addresses, and a mask of FF:FF:FF:FF:FF:FF:FF:FF applies only to the specified MAC address.
For example, if the MAC address is 00:20:A6:12:54:C3 and the mask is FF;FF;FF;00:00:00, the unit examines the source and destination addresses of each packet looking for any MAC address starting with 00:20:A6. If the mask is
FF;FF;FF;FF;FF;FF, the unit looks only for the specific MAC address (in this case, 00:20:A6:12:54:C3).
When creating a filter, you can configure the Wired parameters only, the Wireless parameters only, or both sets of parameters. Which parameters to configure depends upon the traffic that you want to block.
• To prevent all traffic from a specific wired MAC address from being forwarded to the wireless network, configure only the Wired MAC address and Wired mask (leave the Wireless MAC and Wireless mask set to all zeros).
• To prevent all traffic from a specific wireless MAC address from being forwarded to the wired network, configure only the Wireless MAC and Wireless mask (leave the Wired MAC address and Wired mask set to all zeros).
• To block traffic between a specific wired MAC address and a specific wireless MAC address, configure all four parameters.
See Static MAC Filter Examples for more detailed examples.
Static MAC Filter Examples
Consider a network that contains a wired server and three wireless clients. The MAC address for each unit is as follows:
83
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
• Wired Server: 00:40:F4:1C:DB:6A
• Wireless Client 1: 00:02:2D:51:94:E4
• Wireless Client 2: 00:02:2D:51:32:12
• Wireless Client 3: 00:20:A6:12:4E:38
Prevent Two Specific Devices from Communicating
Configure the following settings to prevent the Wired Server and Wireless Client 1 from communicating:
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:02:2D:51:94:E4
• Wireless Mask: FF:FF:FF:FF:FF:FF
Result: Traffic between the Wired Server and Wireless Client 1 is blocked. Wireless Clients 2 and 3 still can
communicate with the Wired Server.
Prevent Multiple Wireless Devices From Communicating With a Single Wired Device
Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Server:
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:02:2D:51:94:E4
• Wireless Mask: FF:FF:FF:00:00:00
Result: When a logical “AND” is performed on the Wireless MAC Address and Wireless Mask, the result corresponds to
any MAC address beginning with the 00:20:2D prefix. Since Wireless Client 1 and Wireless Client 2 share the same prefix (00:02:2D), traffic between the Wired Server and Wireless Clients 1 and 2 is blocked. Wireless Client 3 can still communicate with the Wired Server since it has a different prefix (00:20:A6).
Prevent All Wireless Devices From Communicating With a Single Wired Device
Configure the following settings to prevent all three Wireless Clients from communicating with Wired Server:
• Wired MAC Address: 00:40:F4:1C:DB:6A
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:00:00:00:00:00
• Wireless Mask: 00:00:00:00:00:00
Result: The unit blocks all traffic between the Wired Server and all wireless clients.
Prevent A Wireless Device From Communicating With the Wired Network
Configure the following settings to prevent Wireless Client 3 from communicating with any device on the Ethernet:
• Wired MAC Address: 00:00:00:00:00:00
• Wired Mask: 00:00:00:00:00:00
• Wireless MAC Address: 00:20:A6:12:4E:38
• Wireless Mask: FF:FF:FF:FF:FF:FF
Result: The unit blocks all traffic between Wireless Client 3 and the Ethernet network.
Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN
If devices on your Ethernet network use multicast packets to communicate and these packets are not required by your wireless clients, you can set up a Static MAC filter to preserve wireless bandwidth. For example, if routers on your
84
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
network use a specific multicast address (such as 01:00:5E:00:32:4B) to exchange information, you can set up a filter to prevent these multicast packets from being forwarded to the wireless network:
• Wired MAC Address: 01:00:5E:00:32:4B
• Wired Mask: FF:FF:FF:FF:FF:FF
• Wireless MAC Address: 00:00:00:00:00:00
• Wireless Mask: 00:00:00:00:00:00
Result: The unit does not forward any packets that have a destination address of 01:00:5E:00:32:4B to the wireless
network.
Static MAC Filter Configuration
Click Configure > Filtering > Static MAC to access the Static MAC Address filter.
Add Entries to the Static MAC Filter Table
To add the entries to Filter table, click the Add Table Entries button.
The following fields are may be configured or viewed:
• Wired MAC Address: Enter the MAC address of the device on the Ethernet network that you want to prevent from communicating with a device on the wireless network.
• Wired Mask: Enter the appropriate bit mask to specify the range of MAC addresses to which this filter is to apply. To specify only the single MAC address you entered in the Wired MAC Address field, enter 00:00:00:00:00:00 (all zeroes).
• Wireless MAC Address: Enter the MAC address of the wireless device on the wireless interface that you want to prevent from communicating with a device on the wired network.
85
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
• Wireless Mask: Enter the appropriate bit mask to specify the range of MAC addresses to which this filter is to apply.
To specify only the single MAC address you entered in the Wireless MAC Address field, enter 00:00:00:00:00:00 (all zeroes).
• Comment: Enter related information.
• Status: The Status field can show Enable, Disable, or Delete.
After entering the data, click the Add button. The entry is enabled automatically when saved.
Edit/Delete Entries to the Static MAC Filter Table
To edit an entry, click Edit. To disable or remove an entry, click Edit and change the Status field from Enable to Disable or Delete.
Storm Threshold
Click Configure > Filtering > Storm Threshold to use threshold limits to prevent broadcast/multicast overload.
Storm Threshold is an advanced Bridge setup option that you can use to protect the network against data overload by specifying:
• A maximum number of frames per second as received from a single network device (identified by its MAC address).
• An absolute maximum number of messages per port.
The Storm Threshold parameters let you specify a set of thresholds for each port of the 5012-SUR, identifying separate values for the number of broadcast messages per second and multicast messages per second.
When the number of frames for a port or identified station exceeds the maximum value per second, the 5012-SUR ignores all subsequent messages issued by the particular network device, or ignores all messages of that type.
The following parameters are configurable:
• Per Address Threshold: Enter the maximum allowed number of packets per second.
• Ethernet Threshold: Enter the maximum allowed number of packets per second.
• Wireless Slot A Threshold: Enter the maximum allowed number of packets per second.
Broadcast Protocol Filtering
Click Configure> Filtering > Broadcast Protocol to deny specific IP broadcast, IPX broadcast, and multicast traffic.
86
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
Click the Edit Table Entries button to display an editable window such as the following. You can configure whether this traffic must be blocked for Ethernet to wireless, wireless to Ethernet, or both.
IP Access Table Filtering
Click Configure > Filtering > IP Access Table to limit in-band management access to the IP addresses or range of IP addresses specified in the table.
For example, 172.17.23.0/255.255.255.0 allows access from all wireless stations with an IP address in the 172.17.23.xxx range.
This feature applies to all management services (SNMP, HTTP, and CLI), except for CLI management over the serial port.
To add an entry, click the Add Table Entries button, specify the IP address and mask of the wireless stations to which you want to grant access, and click Add.
87
Configuration
Filtering
Tsunami MP.11 5012-SUR Installation and Management
Add Entries to the IP Access Table
To add an entry, click the Add Table Entries button, specify the IP address and mask of the wireless stations to which you want to grant access, and click Add.
CAUTION: Ensure that the IP address of the management PC you use to manage the unit is within the first entry in the table, as this filter takes effect immediately. Otherwise, you will have locked yourself out.
If you do lock yourself out, you may try to give the PC the correct IP address for management; otherwise you must reset the unit via the CLI over the serial port.
Edit/Delete Entries in the IP Access Table
To edit or delete table entries, click the Edit/Delete Table Entries button, make your changes, and click OK.
88
Configuration
RIP Parameters (Routing Mode Only)
Tsunami MP.11 5012-SUR Installation and Management
RIP Parameters (Routing Mode Only)
Routing Internet Protocol (RIP) is a dynamic routing protocol you can use to help automatically propagate routing table information between routers. The unit can be configured as RIPv1, RIPv2, RIPv1 compatible, or a combination of all three versions while operating in Routing mode. In general, the unit’s RIP module is based upon RFC 1389.
NOTE: The RIP tab is available for SUs in Routing mode only. RIP is configurable only when the unit is in Routing
Mode and Network Address Translation (NAT) is disabled.
Note the following:
• RIPv2 is enabled by default when routing mode is selected.
• You may turn RIP off by clearing the Enable RIP Interface check box for the Ethernet or the wireless interface. Any
RIP advertisements that are received on the designated interface are ignored. All other options on the page are dimmed.
• If the Enable RIP Interface check box is selected, the unit sends RIP requests and “listens” for RIP updates coming from RIP-enabled devices advertising on the network. You may configure the Receive field for RIPv1, RIPv2, or a combination of both. Although the unit receives and processes these updates, it does not further propagate these updates unless configured to advertise RIP. Again, you may configure the Advertize field for RIPv1, RIPv2, or a combination of both.
• The ability to enable or disable default route propagation is not user configurable. Once initialized, the unit uses its static default route and does not advertise this route in RIP updates. If another router on your network is configured to advertise its default route, this route overwrites the static default route configured on the unit. The unit then also propagates the new dynamic default route throughout the network.
Be aware that, once a dynamic default route is learned, it behaves just as any other dynamic route learned through RIP.
This means if the device sending the default route stops sending RIP updates, the default route times out and the unit has no default route to the network. Workarounds for this condition include rebooting or re-entering a static default route.
In general, the best approach is to disable the propagation of default routes on the other routers in your network unless you understand the risks.
The following table describes the properties and features of each version of RIP supported.
RIPv1
Broadcast
No Authentication
Class routing
Distance-vector protocol
Metric-Hops
RIPv2
Multicast
Authentication
Classless routing (VLSM)
Distance-vector protocol
Metric-Hops
Broadcast
RIPv1 Compatible
Authentication
Classless routing (VLSM)
Distance-vector protocol
Metric-Hops
89
Configuration
RIP Parameters (Routing Mode Only)
Tsunami MP.11 5012-SUR Installation and Management
RIPv1
Maximum Distance 15
IGP
RIPv2
Maximum Distance 15
IGP
RIPv1 Compatible
Maximum Distance 15
IGP
RIP Example
In the following example, assume that both the BSU and the SUs all are configured in Routing mode with RIP enabled to send and receive on both the Ethernet and Wireless interfaces. The network converges through updates until each unit has the following routing table:
RIP Notes
• Ensure that routers on the same physical network are configured to use the same version of RIP.
• Routing updates occur every 30 seconds. It may take up to 3 minutes for a route that has gone down to timeout in a routing table.
• RIP is limited to networks with 15 or fewer hops.
90
Configuration
NAT (Routing Mode Only)
Tsunami MP.11 5012-SUR Installation and Management
NAT (Routing Mode Only)
The NAT (Network Address Translation) feature lets hosts on the Ethernet side of the SU transparently access the public network through the BSU. All hosts in the private network can have simultaneous access to the public network.
NOTE: The NAT tab is available for SUs in Routing mode only. The SU supports NAPT (Network Address Port
Translation) where all private IP addresses are mapped to a single public IP address, and does not support Basic
NAT (where private IP addresses are mapped to a pool of public IP addresses).
Both dynamic mapping (allowing private hosts to access hosts in the public network) and static mapping (allowing public hosts to access hosts in the private network) are supported.
• In dynamic mapping, the SU maps the private IP addresses and its transport identifiers to transport identifiers of a single Public IP address as they originate sessions to the public network. This is used only for outbound access.
• Static mapping is used to provide inbound access. The SU maps a private IP address and its local port to a fixed public port of the global IP address. This is used to provide inbound access to a local server for hosts in the public network. Static port mapping allows only one server of a particular type. Up to 1000 ports (500 UDP and 500 TCP) are supported.
The following parameters are configurable:
NOTE: Changes to NAT parameters, including the NAT Static Port Mapping Table, require a reboot to take effect.
NOTE: When NAT is enabled, the DHCP Relay Agent feature is not supported (DHCP Relay Agent must be disabled before NAT is enabled) and RIP updates are not sent or received. You can configure a DHCP server to allocate
IP addresses to hosts on the Ethernet side of the SU/ BSU (see
• NAT Status: Enables or disables the NAT feature. NAT can be enabled only for SUs in Routing mode. The default is disabled.
• NAT Static Bind Status: Enables or disables the NAT Static Bind status (static mapping) allowing public hosts to access hosts in a private network. The default is disabled.
• Public IP Address: The NAT Public IP address is the wireless interface IP address.
NAT Static Port Mapping Table
Adding entries to the NAT Static Mapping Table lets configured hosts in a private address realm on the Ethernet side of the SU access hosts in the public network using Network Address Port Translation (NAPT). Up to 1000 entries can be configured (500 UDP ports and 500 TCP ports).
91
Configuration
NAT (Routing Mode Only)
Add Entries to the NAT Static Mapping Table
1. Click the Add Table Entries button.
Tsunami MP.11 5012-SUR Installation and Management
2. Enter the following information, and click Add:
• Enter the Local IP Address of the host on the Ethernet side of the SU.
• Select the Port Type: TCP, UDP, or Both.
• Enter the Start Port and End Port.
Edit/Delete Entries in the NAT Static Mapping Table
1. Click the Edit/Delete Table Entries button.
2. Enter your changes. To delete an entry, click the Status drop-down box and select Delete. Then Click OK.
Supported Session Protocols
The NAT feature supports the following session protocols for both inbound and outbound access with the required support, applications, and limitations given in the following table.
Certain Internet applications require an Application Level Gateway (ALG) to provide the required transparency for an application running on a host in a private network to connect to its counterpart running on a host in the public network. An
ALG may interact with NAT to set up state information, use NAT state information, modify application specific payload and perform the tasks necessary to get the application running across address realms.
No more than one server of a particular type is supported within the private network behind the SU.
These VPN protocols are supported with their corresponding ALGs: IPsec, PPTP, L2TP.
The following session protocols are supported:
Protocol
ICMP
FTP
ICMP ALG
FTP ALG
Support Applications
Ping
File transfer
Limitations
92
Configuration
NAT (Routing Mode Only)
Tsunami MP.11 5012-SUR Installation and Management
Protocol
H.323
HTTP
TFTP
Telnet
CUSeeMe
IMAP
PNM
POP3
H.323 ALG
Support
Port mapping for inbound connection.
Port mapping for inbound connection.
Port mapping for inbound connection.
Port mapping for inbound and outbound connection.
Port mapping for inbound connection.
Port mapping for inbound connection.
Port mapping for inbound connection.
Port mapping for inbound connection.
Applications
Multimedia conferencing
Web browser
File transfer
Remote login
Video conferencing
Streaming media with
Real Player
One user is allowed for video conferencing
Limitations
SMTP
RTSP Port mapping for inbound connection.
ICQ
IRC
Port mapping for inbound connection.
Port mapping for inbound connection.
MSN
Messenger
Net2Phone
Port mapping for inbound and outbound connection.
Port mapping for inbound and outbound connection.
Pass Through IP Multicast
Stream works Port mapping for inbound connection.
Quake Port mapping for inbound connection.
Multicasting
Streaming video
Games
Mails with IP addresses of MTAs or using IP addresses in place of FQDN are not supported (requires SMTP
ALG).
Streaming audio/video with Quick Time and Real
Player
Chat and file transfer
Chat and file transfer
Conference and Share files with Net meeting
Voice communication
Each host using ICQ needs to be mapped for different ports.
Each host using IRC needs to be mapped for different ports.
Only one user is allowed for net meeting.
When a Quake server is configured within the private network behind a
SU, the SU cannot provide information about that server on the public network.
Also, certain Quake servers do not let multiple users log in using the same IP address, in which case only one
Quake user is allowed.
93
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project