all | frequencies |
|
exhibits | applications |
---|---|---|---|---|
manual |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 2 |
|
User Manual | Users Manual | 2.29 MiB | December 10 2011 | |||
1 2 | Attestation Statements | December 10 2011 | ||||||
1 2 | Cover Letter(s) | December 10 2011 | ||||||
1 2 | Cover Letter(s) | December 10 2011 | ||||||
1 2 | External Photos | December 10 2011 | ||||||
1 2 | Internal Photos | December 10 2011 | ||||||
1 2 | ID Label/Location Info | December 10 2011 | ||||||
1 2 | ID Label/Location Info | December 10 2011 | ||||||
1 2 | Operational Description | December 10 2011 | ||||||
1 2 | RF Exposure Info | December 10 2011 | ||||||
1 2 | Test Report | December 10 2011 | ||||||
1 2 | Test Report | December 10 2011 | ||||||
1 2 | Test Setup Photos | December 10 2011 |
1 2 | User Manual | Users Manual | 2.29 MiB | December 10 2011 |
BelAir20E BelAir20E User Guide Release:
12.0 Document Date:
Document Number:
Document Status:
Security Status:
Customer Support:
October 11, 2011 BDTM02201-A01 Standard Confidential 613-254-7070 1-877-BelAir1 (235-2471) techsupport@belairnetworks.com Copyright 2011 by BelAir Networks. The information contained in this document is confidential and proprietary to BelAir Networks. Errors and Omissions Excepted. Specification may be subject to change. All trademarks are the property of their respective owners. Protected by U.S. Patents: 7,171,223, 7,164,667, 7,154,356, 7,030,712 and D501,195. Patents pending in the U.S. and other countries. BelAir Networks, the BelAir Logo, BelAir200, BelAir200D, BelAir100, BelAir100S, BelAir100C, BelAir100T, BelAir20, BelAir20M, BelAir20E, BelAir20EO, BelAir100M, BelAir100i, BelAir100SN, BelAir100SNE, BelAir100N, BelAir100P, BelView and BelView NMS are trademarks of BelAir Networks Inc. Page 1 of 267 BelAir20E User Guide Contents Contents About This Document . 3 System Overview . 4 BelAir20E Configuration Interfaces . 6 Command Line Interface Basics . 12 BelAir20E Access Methods. 27 User and Session Administration . 35 IP Settings . 44 System Settings . 49 BelAir20E Auto-configuration . 58 Ethernet or LAN Interface Settings . 64 Card Settings. 67 Wi-Fi Radio Configuration Overview . 71 Configuring Wi-Fi Radio Parameters . 72 Configuring Wi-Fi Access Point Parameters . 80 Wi-Fi AP Security . 100 Wi-Fi Backhaul Link Configuration . 115 Mobile Backhaul Mesh . 123 Mobile Backhaul Point-to-point Links . 127 Operating in High Capacity and Interference Environments. 138 DHCP Relay Settings . 145 Network Address Translation . 149 Universal Access Method . 154 Using Layer 2 Tunnels . 163 Quality of Service Settings . 177 Layer 2 Network Configuration. 183 Performing a Software Upgrade. 197 For More Information. 205 Technical Support. 207 Definitions and Acronyms . 208 Conformity and Regulatory Statements. 210 Appendix A: Node Configuration Sheets . 221 Appendix B: Mesh Auto-connection Example . 224 Appendix C: Scripting Guidelines . 234 Appendix D: BelAir20E Factory Defaults . 251 Detailed Table of Contents . 253 October 11, 2011 Confidential Page 2 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide About This Document About This Document This document provides the information you need to install and configure the BelAir20E, and the procedures for using the BelAir20E Command Line Interface (CLI). This document may contain alternate references to the product. Table 1 shows possible synonyms to the product name. Table 1: Product Name Synonyms Product Name Synonym BelAir20, BelAir20E, BelAir20EO BA20 This document uses the following typographical conventions:
Text in < > indicates a parameter required as input for a CLI command;
for example, < IP address >
Text in [ ] indicates optional parameters for a CLI command. Text in { } refers to a list of possible entries with | as the separator. Parameters in ( ) indicate that at least one of the parameters must entered. Typographical Conventions Related Documentation The following titles are BelAir reference documents:
BelAir20E Quick Install Guide BelAir20E Troubleshooting Guide October 11, 2011 Confidential Page 3 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Overview System Overview The BelAir20E Access Point (AP) is an evolution of BelAir Networks indoor solution and part of BelAir Networks industry leading product portfolio. The BelAir20E adds standards-based beamforming, five Gigabit Ethernet ports
(one WAN port with PoE and four LAN ports), integrated antennas, and full 802.11n compliance (802.11n-2009) to BelAir Networks leading low cost, high capacity indoor access. The next generation BelAir20E continues to lead with the industrys highest performance and most flexible indoor access node. Offering all the same features and management as the other BelAir products, the BelAir20E has been optimized for managed hot spot applications, with Edge Policy Enforcement using centralized control and a true Plug-and-Play architecture. And, with the latest fully compliant 802.11n, it is ideal for even the most demanding applications, including voice and video. The BelAir20E also provides connectivity between indoor and outdoor networks, enabling true standards-based seamless mobility as users move from outside to inside. The operating temperature of the BelAir20E is -20 C to +50 C. The BelAir20E is available in following variants:
The BelAir20E-11 is available for the USA only. Operators of the BelAir20E-11 can set the country of operation only to US. Similarly, the operating channels, antenna gain, and the transmit power levels can be set only to values that are valid for the USA. The BelAir20E-11R is available for countries other than the USA. Operators of the BelAir20E-11R can set the country of operation to any BelAir approved country. Similarly, the operating channels, antenna gain, and the transmit power levels can be set to values that are valid for the specified country of operation. Hardware Description Figure 1 on page 5 shows the relationship between the main BelAir20E hardware modules. October 11, 2011 Confidential Page 4 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Overview Figure 1: BelAir20E Hardware Module Block Diagram Antenna 0 Antenna 1 Antenna 2 Antenna 3 5.8 GHz Radio 2.4 GHz Radio Reset LAN LAN LAN LAN WAN PoE HTME 48 V DC AC Power Adapter 100-240 V AC The BelAir20E consists of the following modules:
one High Throughput Module Evolved (HTME) providing:
a wireline 10/100/1000 Base-TX WAN Ethernet interface to the Internet four wireline 10/100/1000 Base-TX LAN Ethernet interfaces a 2.4 GHz Wi-Fi radio and a 5.8 GHz Wi-Fi radio using fully compliant 802.11n links. E Each radio can act as an Access Point (AP) or provide backhaul links. An AP provides user traffic wireless access to the BelAir20E. Backhaul links connect to other BelAir radios to create a radio mesh. four integrated dual-band antennas an external connector field October 11, 2011 Confidential Page 5 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Configuration Interfaces BelAir20E Configuration Interfaces The BelAir20E can be accessed and configured using the following configuration interfaces:
the command line interface (CLI) the SNMP interface the Web interface (using either HTTPS or HTTP) All three interfaces (CLI, SNMP and Web) have the same public IP address. All three also access the same BelAir20E node database. That means that changes made with one interface are seen immediately through the other interfaces. The CLI allows you to configure and display all the parameters of a BelAir20E unit, including:
system parameters system configuration and status radio module configuration and status user accounts BelAir20E traffic statistics layer 2 functionality, such as those related to bridging and VLANs Quality of Service parameters alarm system configuration and alarms history Each unit can have up to nine simultaneous CLI sessions (Telnet or SSH). For a description of basic CLI commands and tasks see Command Line Interface Basics on page 12. The Simple Network Management Protocol (SNMP) provides a means of communication between SNMP managers and SNMP agents. The SNMP manager is typically a part of a network management system (NMS) such as HP OpenView, while the BelAir20E provides the services of an SNMP agent. Configuring the BelAir20E SNMP agent means configuring the SNMP parameters to establish a relationship between the manager and the agent. Command Line Interface SNMP Interface October 11, 2011 Confidential Page 6 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Configuration Interfaces The BelAir20E SNMP agent contains Management Information Base (MIB) variables. A manager can query an agent for the value of MIB variables, or request the agent to change the value of a MIB variable. Refer to the following sections:
SNMP Configuration Guidelines on page 27 SNMP Command Reference on page 28 In addition to providing support for the SNMP MIBs described in Table 2, BelAir Networks provides a number of enterprise MIB definitions that you can integrate with your Network Management System (NMS). Table 3 on page 8 describes the BelAir20E SNMP MIBs. A copy of the BelAir20E SNMP MIBs is available from the BelAir Networks online support center at:
www.belairnetworks.com/support/index.cfm. Integrating the BelAir20E with a Pre-deployed NMS Table 2: Standard SNMP MIBs File Name BRIDGE-MIB.mib IANAifType-MIB.mib Description implements RFC1493 defines standard interface types assigned by the Internet Assigned Numbers Authority (IANA) IEEE802dot11-MIB.mib IEEE MIB to manage 802.11 devices IF-MIB.mib IP-MIB.mib PerfHist-TC-MIB.mib implements RFC2863 defines IP and ICMO data types defines data types to support 15-minute performance history counts RADIUS-ACC-CLIENT-MIB.mib implements RFC2620 RADIUS-AUTH-CLIENT-MIB.mib implements RFC2618 RSTP-MIB.mib implements 802.1w RSTP SNMP-COMMUNITY-MIB.mib defines data types to support co-existence between SNMP versions SNMP-FRAMEWORK-MIB.mib implements RFC3411 SNMP-MPD-MIB.mib implements RFC3412 October 11, 2011 Confidential Page 7 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Configuration Interfaces Table 2: Standard SNMP MIBs (Continued) File Name Description SNMP-NOTIFICATION-MIB.mib implements RFC3413 SNMP-TARGET-MIB.mib implements RFC3413 SNMP-USER-BASED-SM-MIB.mib implements RFC3414 SNMPv2-CONF.mib SNMPv2-MIB.mib SNMPv2-SMI.mib SNMPv2-TC.mib implements RFC1450 implements RFC1907 implements RFC1450 implements RFC1450 SNMP-VIEW-BASED-ACM-MIB.mib implements RFC3415 Table 3: BelAir Enterprise MIBs File Name Description BELAIR-IEEE802DOT11-CLIENT.mib BELAIR-IEEE802DOT11.mib defines features that are not supported by the standard IEEE802.11 MIB BELAIR-IP.mib BELAIR-MESH.mib BELAIR-MOBILITY.mib defines BelAir IP data types defines BelAir multipoint-to-multipoint data types defines data types to support mobile backhaul mesh and point-to-point links BELAIR-PHYIF-MAPPING.mib defines data types to support universal slots BELAIR-PRODUCTS.mib defines product object IDs BELAIR-RSTP.mib BELAIR-SMI.mib BELAIR-SYSTEM.mib BELAIR-TC.mib BELAIR-TUNNEL.mib defines RSTP data types defines BelAir top level OID tree defines basic OAM features such as software download, temperature and BelAir alarms defines BelAir data types defines L2TP data types October 11, 2011 Confidential Page 8 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Configuration Interfaces Table 3: BelAir Enterprise MIBs (Continued) File Name BELAIR-WRM.mib Description defines BelAir WiMAX data types The procedure for importing the SNMP MIB definition files depends on the deployed NMS platform. Refer to your NMS platform documentation for details. Web Interface BelAir Networks has verified that the BelAir20E Web interface operates correctly with the following web browsers:
Accessing the Web Interface Microsoft Internet Explorer version 6.0, service pack 2 Mozilla Firefox version 1.5, or later You can access the Web interface using either secure HTTP (HTTPS) or HTTP. Both HTTP and HTTPS are enabled when each BelAir20E node is shipped. Each unit can have up to five simultaneous CLI sessions (HTTP or HTTPS). By default, the BelAir20E Web interface has an associated time-out value. If the interface is inactive for 9 minutes, then you are disconnected from the interface. To reconnect to the interface, you need to log in again. Accessing the System Page with Secure HTTP or with HTTP To log in to the BelAir20E Web interface and access the main page using HTTPS or HTTP, do the following steps:
1 Open your Web browser and specify the IP address of the BelAir20E node you want to access. The default IP address of each BelAir20E node is: 10.1.1.10. Figure 2 shows the resulting Login page. October 11, 2011 Confidential Page 9 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Configuration Interfaces Figure 2: Typical Login Page 2 Enter a valid user name, such as root, and a valid password. Note:The specified password is case sensitive. Figure 3 on page 10 shows a typical resulting main page for the Web interface. Figure 3: Typical Web Interface Main Page October 11, 2011 Confidential Page 10 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Stopping a Session To stop a Web interface session, click on the Logout button located in the top right corner each page. See Figure 3. BelAir20E Configuration Interfaces Additional Troubleshooting Tools The Web interface provides the following tools to display radio performance metrics:
a throughput meter histogram display of various performance metrics These tools are only available with the Web interface. For full details, see the BelAir20E Troubleshooting Guide. October 11, 2011 Confidential Page 11 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Command Line Interface Basics Connecting to the BelAir20E CAUTION!
Use this chapter to familiarize yourself with basic CLI tasks, including:
Connecting to the BelAir20E on page 12 Starting a CLI Session on page 12 Command Modes on page 14 Abbreviating Commands on page 18 Command History on page 18 Special CLI Keys on page 19 Help Command on page 19 Common CLI Commands on page 23 through the BelAir20E radio interface You can connect to the BelAir20E default address using one of the following methods:
by connecting directly to the Ethernet port on the BelAir20E Do not connect the BelAir20E to an operational data network before you configure its desired IP network parameters. This may cause traffic disruptions due to potentially duplicated IP addresses. The BelAir20E unit must connect to an isolated LAN, or to a desktop or laptop PC configured to communicate on the same IP sub-network as the BelAir20E. Using the Radio Interface Use a desktop or laptop PC equipped with a wireless 802.11a, 802.11b, 802.11g or 802.11n compliant interface as required, configured with a static IP address on the same subnet as the default OAM IP address (for example, 10.1.1.1/24). For the required configuration procedure, refer to your PC and wireless interface configuration manuals or contact your network administrator. The PC will connect to the BelAir20E through the radio interface. Connecting to the Ethernet Port Use a cross-connect RJ45 cable to connect the Ethernet port of the unit. For a detailed procedure, refer to the BelAir20E Installation Guide. Starting a CLI Session Start a Telnet or secure shell (SSH) client and connect to the BelAir20E IP address. If you are configuring the BelAir20E for the first time, you must use the October 11, 2011 Confidential Page 12 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics BelAir20E default IP address (10.1.1.10). The BelAir20E prompts you for your user name and password. The default super-user account is root. The default password is admin123. If the login is successful, the BelAir20E prompt is displayed. The default prompt is #, if you login as root. Otherwise, the default prompt string is >. Note 1: The terminal session locks after four unsuccessful login attempts. To unlock the terminal session, you must enter the super-user password. Note 2: BelAir20E CLI commands are not case sensitive (uppercase and lowercase characters are equivalent). However, some command parameters are case sensitive. For example, passwords and any Service Set Identifier (SSID) supplied with the radio commands are case sensitive. Also, all parameters of the syscmd commands are case sensitive. Note 3: Later, you will see that you can configure the BelAir20E to have more than one interface with an IP address. For example, you can configure Virtual LANs and management interfaces each with their own IP address. If you do this, make sure your Telnet or secure shell (SSH) connections are to a management interface. This ensures maximum responsiveness for your session by keeping higher priority management IP traffic separate from other IP traffic. October 11, 2011 Confidential Page 13 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics SSH Session Example of Initial Login With secure shell, the system prompts you twice for your password. ssh -l root 10.1.1.10 root@10.1.1.10's password:
BelAir Backhaul and Access Wireless Router BelAir User: root Password:
Telnet Session Example of Initial Login With Telnet, the system prompts you only once for your password. telnet 10.1.1.10 BelAir Backhaul and Access Wireless Router BelAir User: root Password:
Command Modes The BelAir20E CLI has different configuration modes. Different commands are available to you, depending on the selected mode. Each card in the BelAir20E has at least one associated physical interface. Some examples of physical interfaces are a Wi-Fi radio or an Ethernet interface. Use the mode command to display the modes that are available. Because each physical interface and each card in the BelAir20E has its own mode, displaying the modes also displays a profile summary of the BelAir20E. See Figure 4. October 11, 2011 Confidential Page 14 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Figure 4: Sample Output of mode Command
/# mode
/card
/htme-1
/interface
/wifi-1-1 (HTMEv1 5GHz 802.11n)
/wifi-1-2 (HTMEv1 2.4GHz 802.11n)
/eth-1-1 (1000BASE-T)
/lan-1 (1000BASE-T)
/lan-2 (1000BASE-T)
/lan-3 (1000BASE-T)
/lan-4 (1000BASE-T)
/mgmt
/protocol
/ip
/nat
/radius
/rstp
/snmp
/sntp
/te-syst (tunnel)
/qos
/services
/auto-conn
/mobility
/ssh
/ssl
/syslog
/system
/diagnostics The node has one card. The HTME card is in slot 1. The node has the following physical interfaces:
Interface wifi-1-1 is associated with the HTME 5.8 GHz radio. Interface wifi-1-2 is associated with the HTME 2.4 GHz radio. Interface eth-1-1 is associated with the HTME cards Ethernet interface. Interfaces lan-1 to lan-4 are associated with the HTME cards LAN interfaces. The mgmt mode allows you to control user accounts, which authentication to use, and whether you can access the node with Telnet. You can control the IP, RADIUS, RSTP, SNMP, SNTP, L2TP and NAT protocols through the protocol mode and its submodes. You can control auto-connect and backhaul mobility through the services mode and its submodes. These modes allow you to control SSH, SSL, Syslog and system settings. You can also run diagnostics. October 11, 2011 Confidential Page 15 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Table 4 describes the modes that are supported. Table 4: Command Line Interface Modes Mode Description root mode (/) The top or root level of the CLI commands. Card Management: /card/<card_type>-<n>
one of:
htme-<n>
Configure hardware:
htme is High Throughput Module, evolved
<n> is slot number Physical Interfaces: /interface/<iface>-<n>-<m>
one of:
wifi-<n>-<m>
eth-<n>-<m>
lan-<n>
Configure the BelAir20E physical interfaces:
<iface> is the type of physical interface. One of:
wifi: 802.11a/b/g/n, HTME radios eth: 1000Base-TX, HTME Ethernet lan: 1000Base-TX, HTME LAN
<n> is the slot number where the interface is located in the BelAir platform
<m> is port number. <m> is 1 for most interfaces. The HTME card can have multiple ports representing multiple Wi-Fi radios operating different frequencies. Some configurations may have multiple Ethernet or LAN ports. Node Management mgmt Configure user accounts, user authentication and Telnet access Protocol Management: /protocol/<protocol>
October 11, 2011 Confidential Page 16 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Table 4: Command Line Interface Modes (Continued) Mode Description one of:
ip nat radius rstp snmp sntp te-<eng>
IP parameters for node and VLANs Configure the following protocols:
NAT RADIUS for user sessions RSTP SNMP SNTP L2TP tunnel engine (te). BelAir platforms can have one tunnel engine per system (syst). Services: /services/<service>
one of:
mobility auto-conn Configure the following services:
Auto-configuration Backhaul mobility Administration qos ssh ssl Configure Quality of Service (QoS) parameters Configure Secure Shell (SSH) parameters Configure Secure Socket Layer (SSL) parameters syslog Configure the destination of SYSLOG messages See the BelAir20E Troubleshooting Guide for details. system System and node configuration and administration diagnostics Run link diagnostics. You can move between modes with the cd command. For instance, you can move from root mode to system mode using the command:
/# cd /system
/system#
October 11, 2011 Confidential Page 17 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Note 1: The prompt changes to match the current mode. You can further customize the prompt to show the switch name or a 20-character string that you define. Note 2: Access to a mode is only allowed if the user has sufficient privileges to execute commands in that mode. When you access a given mode, only the commands pertaining to that mode are available. For example, accessing snmp mode provides access to SNMP commands. For a physical interface, this means that only the commands that apply to that specific type and version of interface are available when you access a particular physical interface. For example, if you access an HTMEv1 interface, only the commands that apply to an HTMEv1 Wi-Fi radio are available. Entering ? displays the commands that apply to the currently accessed mode. Entering ?? or help displays the commands that apply to the currently accessed mode plus common commands that are available in all modes. Users may execute commands from other modes than the current one, by prefixing the desired command with the slash character / followed by the modes name. For instance, entering:
/system# /protocol/snmp/show community executes a command from snmp mode while in system mode. You must enter only enough characters for the CLI to recognize the command as unique. The following example shows how to enter the mgmt mode command show telnet status:
/mgmt# sh t s You can use the history command to display a list of the last commands that you have typed. Example
/# history 8 h 9 hi 10 ?
11 show user 12 cd /system 13 show loads 14 show sessions 15 cd /
Abbreviating Commands Command History October 11, 2011 Confidential Page 18 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Special CLI Keys 16 cd interface/wifi-1-1/
17 ?
18 show 19 show ssid table 20 show statistics 21 history Command Completion You can ask the CLI to complete a partially typed command or mode name by pressing the tab key. If the command or mode name cannot be completed unambiguously, the CLI presents you with a list of possible completions. For instance, entering:
/system# show co{tab}
produces the following output:
Available commands :
show communications show config-download status show coordinates show country [detail]
Execution of the Last Typed Command You may repeat the last command, by entering the ! key twice, followed by carriage return. Executing the Previous Commands You may browse through the command history by using the up and down arrow keys of a VT100 or compatible terminal. You can also execute a certain command from the command history by entering the ! key, followed by the command number (as displayed in the history command output) and carriage return. Help Command
?? [<command>]
help [<command>]
a list of commands available in the current mode These commands display:
help on a particular command available in the current mode help on commands starting with the given keyword in the current mode Entering "??" is equivalent to entering "help". October 11, 2011 Confidential Page 19 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Available Commands Entering ? displays the commands that apply to the currently accessed mode. For example:
/mgmt# ?
Available commands :
adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
set authentication-login {local | radius <list>}
set telnet {enabled|disabled}
show authentication-login show telnet status show user Entering ?? or help displays the commands that apply to the currently accessed mode plus common commands that are available in all modes. For example:
/mgmt# ??
Available commands :
adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
set authentication-login {local | radius <list>}
set telnet {enabled|disabled}
show authentication-login show telnet status show user alias [<replacement string> <token to be replaced>]
cd <path>
clear-screen console lock exit help [ command ]
history mode [<mode_name>]
passwd ping <ip addr> [-l <size>]
run script <script file> [<output file>]
version whoami config-save [{active|backup} remoteip <server> remotefile <filename>
[{tftp | ftp [user <username> password <password>]}]]
config-restore remoteip <ipaddress> remotefile <filename> [{tftp | ftp
[user <username> password <password>]}] [force]
show date su <username>
Keyword Help Entering ?? or help followed by a keyword displays all possible commands starting with that keyword. For example:
/mgmt# ?? show Available commands :
October 11, 2011 Confidential Page 20 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics show authentication-login Description : show authentication login status and RADIUS servers configuration show telnet status Description : shows the status of the telnet. show user Description : List all valid users, along with their permissible mode. show date Description : show current system date and time Help for a Specific Command When help is needed for a specific command, enter ?? or help followed by the command within quotes. For example:
/mgmt# help "adduser"
Available commands :
adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
Description : Create a user. Help with Abbreviations When an abbreviation is used in the help string, all matching commands are listed with the description. For example:
/mgmt# ?? s Available commands :
set authentication-login {local | radius <list>}
Description : defines how login session will be authenticated. set telnet {enabled|disabled}
Description : enable or disable CLI access via the telnet protocol. show authentication-login Description : show authentication login status and RADIUS servers configuration show telnet status Description : shows the status of the telnet. show user Description : List all valid users, along with their permissible mode. show date Description : show current system date and time su <username>
Description : Substitute present user with the given user. Saving your Changes Saving the Configuration Database If you change any settings from the system defaults, you must save those changes to the configuration database to make sure they are applied the next time the BelAir20E reboots. Similarly, you can restore the entire configuration database from a previously saved backup copy. config-save [{active|backup} remoteip <ipaddress>
remotefile <filename>
[{tftp|ftp [user <usrname> password <pword>]}]]
This command allows you to save the current configuration of the entire BelAir20E node. This includes all system, layer 2 and radio settings. October 11, 2011 Confidential Page 21 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Restoring the Configuration Database When used without its optional parameters, the config-save command saves the configuration database for the active software load to persistent storage. The stored configuration is automatically applied at the next reboot. When used with its optional parameters, the config-save command also transfers the configuration database to a remote server. If active is specified, the config-save command saves the configuration database for the active software load to persistent storage and then transfers it to a remote server. If backup is specified, the configuration database for the active software load is not saved. Instead, the configuration database for the active software load that was saved previously to persistent storage, is transferred to a remote server. You can use either TFTP or FTP to communicate with the remote server. By default, the config-save command uses TFTP. If you specify FTP, you can also specify the username and password. The default FTP username is anonymous and the default FTP password is root@<nodeip>, where <nodeip> is the IP address of node making the request. If you do not use the default FTP username, the FTP server must be configured to accept your username and password. config-restore remoteip <ipaddress> remotefile <filename>
[{tftp|ftp [user <usrname> password <pword>]}]]
[force]
This command transfers the configuration database from a remote server to the active software load in persistent storage. This allows you to restore the entire configuration database from a previously saved backup copy. Use the reboot command for the new configuration to take effect. You can use either TFTP or FTP to communicate with the remote server. By default, the config-restore command uses TFTP. If you specify FTP, you can also specify the user name and password. The default FTP user name is anonymous and the default FTP password is root@<nodeip>, where <nodeip> is the IP address of node making the request. If you do not use the default FTP username, the FTP server must be configured to accept your username and password. The optional force parameter suppresses version checking on the configuration file that is being downloaded. You can use a backup copy that was created with a different version of software than the current software installed on the unit. If you do, BelAir Networks strongly recommends that you fully and thoroughly verify the configuration and operation of the unit after you reboot the system and before you save the restored configuration. October 11, 2011 Confidential Page 22 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Common CLI Commands Terminating your CLI Session Changing Your Password Example
/# cd system
/system# config-restore remoteip 122.45.6.123 remotefile unitA.conf In addition to any previously described commands, the following commands are always available, regardless of your current mode. exit Use this command to terminate your own CLI session at any time. passwd This command lets you change your current password. First, you are asked to enter your old password. Then you must enter your new password twice, to verify that you have typed it correctly. Note: The specified password is case sensitive, must consist of alphanumeric characters, must be at least six characters long, and cannot exceed 20 characters. CAUTION!
If you forget the super-user account password, you may be unable to use all the units management functions and you may need to reset the units configuration to factory defaults. Clearing the Console Display Locking the Console Display Displaying the Current Software Version Example passwd Old Password:
Enter New Password:
Reenter the Password:
Password updated Successfully clear-screen This command clears your console display window. console lock This command lock your console display window. You must enter your password to unlock it. version This command displays the version of the currently running BelAir software load. Example
/# version October 11, 2011 Confidential Page 23 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Displaying the Current Date and Time Version is BA20E 12.0.0.D.2011.01.19.14.32 (r36096) show date This command displays the current date and time. Example 1 The following example displays the current date and time when it is set manually.
/# show date Current date: 2007-05-10 06:52:20 Example 2 The following example displays the current date and time when using a Simple Network Time Protocol (SNTP) server and a time offset of -4 hours and 30 minutes. See Configuring the System Date and Time on page 51 for details.
/# show date Current date: 2006-07-21 13:15:16 (UTC) Current date: 2006-07-21 08:45:16 Displaying Current User whoami This command displays current user. Switching User Accounts Replacing a Token by a String Example
/# whoami
/# Current User is root su <username>
This command changes the user account you are currently using. To return to the original user account, use the exit command. Example
/# whoami Current User is root
/# su guest
/> whoami Current User is guest
/> exit
/# whoami Current User is root alias [<replacement string> <token to be replaced>]
This command replaces the specified token by the given string. It is provided for customers writing scripts. See Scripting Guidelines on page 234. October 11, 2011 Confidential Page 24 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Pinging a Host or Switch Starting a Telnet Session Radio Configuration Summary Example
/# alias gu guest ping <host> [-1 <size>]
This command pings a host machine or switch using the host name or IP address. The following options are supported:
-l size specifies the size of the ping request packets to be sent. Examples The following example shows typical ping output:
/# ping 10.1.1.100 -l 128 PING 10.1.1.100 (10.1.1.100): 128 data bytes 136 bytes from 10.1.1.100: icmp_seq=0 ttl=128 time=2.0 ms 136 bytes from 10.1.1.100: icmp_seq=1 ttl=128 time=1.2 ms 136 bytes from 10.1.1.100: icmp_seq=2 ttl=128 time=1.0 ms
--- 10.1.1.100 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 1.0/1.4/2.0 ms telnet <ip address> [<port_number>]
This command lets you start a Telnet session to another machine, such as another BelAir node, by specifying the IP address. By default t, Telnet uses port 23. You can also specify an alternate port number. show interface summary This command displays a summary of the configuration of all radio interfaces. Example The following example shows a typical output for a BelAir20.
/# show interface summary wifi-1-1 Radio description:............ HTMv1 5GHz 802.11n Admin state: ................. Enabled Channel: ..................... 149 Access:
AP admin state: ............ Enabled Backhaul:
link admin state: .......... Enabled link id: ................... BelAirNetworks topology: .................. mesh wifi-1-2 Radio description:............ HTMv1 2.4GHz 802.11n Admin state: ................. Enabled Channel: ..................... 6 October 11, 2011 Confidential Page 25 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Command Line Interface Basics Access:
AP admin state: ............ Enabled Backhaul:
link admin state: .......... Disabled link id: ................... BelAirNetworks topology: .................. mesh October 11, 2011 Confidential Page 26 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Access Methods BelAir20E Access Methods SNMP Configuration Guidelines SNMPv1/v2 Servers SNMPv3 Servers When a BelAir20E is shipped from the factory, all access methods (CLI, SNMP, Telnet, HTTP, HTTPS, SSH) are enabled. You can use these interfaces to configure the systems IP networking parameters. This chapter describes the CLI commands you can use to configure these access methods. Note: Some access methods, such as HTTP and HTTPS, are configured while in SSL mode. This section describes how to configure the BelAir20E to communicate to either an SNMPv1/v2 server or an SNMPv3 server. To configure an SNMP community, use the set community command described in Communities on page 29. For sending traps, use the set trap command described in Traps on page 29 to configure the node with the parameters of the destination SNMP manager. Refer to SNMP Command Reference on page 28 for detailed descriptions of all SNMP commands. To configure an SNMP user, use the set user command described in Users on page 30. For sending notifications, use the set notify command described in Notifications on page 30 to configure the node with the parameters of the destination SNMP manager. Refer to SNMP Command Reference on page 28 for detailed descriptions of all SNMP commands, including entities that need to be predefined. SNMP Naming Restrictions SNMP community names, user names, and notification names must not contain the following characters:
bar (|) semicolon (;) percent (%) double quotation mark () October 11, 2011 Confidential Page 27 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide SNMP Command Reference SNMP Agent SNMP Configuration The following sections show you how to configure SNMP functions. BelAir20E Access Methods
/protocol/snmp/set snmp-agent {enabled | disabled}
/protocol/snmp/show snmp-agent The set snmp-agent command enables or disables SNMP access.
/protocol/snmp/show config [{v2 | v3 | all}]
Use the show config command to display the current SNMP configuration. Passwords are only displayed to users with root privileges. See User Privilege Levels on page 35 for details. Example 1
/protocol/snmp# show config v2 EngineId: 80003d9805000d67091448 Community configuration:
Index Name IP Address Privilege
1 public 0.0.0.0 ReadOnly 2 private 10.1.1.70 ReadWrite Trap configuration:
Index IP address Community Version
1 10.1.1.70 public v1v2 Example 2
/protocol/snmp# show config v3 EngineId: 80003d9805000d67006902 User configuration:
User Name IP address Auth Password Privacy Password Privilege
Test 0.0.0.0 MD5 md5md5md5 DES_CBC TEST ReadWrite Notification configuration:
Name Type IP address Timeout Retry Auth Password Privacy Password
TRAP trap 10.1.1.70 1250 2 MD5 md5md5md5 DES_CBC TRAP October 11, 2011 Confidential Page 28 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Communities BelAir20E Access Methods
/protocol/snmp/set community <CommunityIndex>
community-name <name> ipaddr <ip_addr>
privilege {readonly|readwrite}
/protocol/snmp/delete community <CommunityIndex>
/protocol/snmp/show community The set community command configures the SNMP community security. You can configure up to 10 communities. The community is assigned with privileges. The delete community command deletes the specific community information. The show command displays the SNMP community configuration. Assigning an IP address of 0.0.0.0 to an SNMP community of a node allows node access by all managers configured for that community. See Example 1 on page 29. To limit access to a single manager, enter the managers IP address. See Example 2 on page 29. Example 1
/protocol/snmp# set community 1 community-name belair ipaddr 0.0.0.0 privilege readonly In this example, all managers configured with the SNMP community of belair can access the node for read only functions.
/protocol/snmp# set community 1 community-name belair200 ipaddr 10.10.10.11 privilege readonly
/protocol/snmp# set community 2 community-name belair100 ipaddr 20.20.20.20 privilege readwrite
/protocol/snmp# set community 3 community-name belcom ipaddr 30.30.30.30 privilege readonly Example 2 Traps In the previous example, the manager at IP address 20.20.20.20 configured with the SNMP community of belair100 has read-write access to the node. Example 3
/protocol/snmp# show community Index Name IP Address Privilege
1 public 0.0.0.0 ReadOnly 2 private 10.1.1.70 ReadWrite
/protocol/snmp/set trap <index> mgr-addr <ip_addr>
community <name> version {v1|v2|both}
/protocol/snmp/delete trap <index>
/protocol/snmp/show trap The set trap command configures the parameters of the SNMPv2 trap manager. You can configure up to 10 traps. The delete trap command deletes the specified trap manager information. October 11, 2011 Confidential Page 29 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Access Methods The show trap command displays the SNMPv2 trap manager configuration information.
/protocol/snmp# set trap 1 mgr-addr 40.40.40.40 community bel1 version v1
/protocol/snmp# set trap 2 mgr-addr 41.41.41.41 community bel2 version v2 Example 1 Users Example 2
/protocol/snmp# show trap Index IP address Community Version
1 10.1.1.70 public v1v2
/protocol/snmp/set user <UserName> ipaddr <IP_addr>
access {readonly | readwrite}
[auth {md5 | sha} <password> [priv-DES <passwd>]]
/protocol/snmp/delete user <UserName>
/protocol/snmp/show user The set user command defines an SNMPv3 user. You can define up to 10 users, each with different authentication and privacy settings. The ipaddr parameter specifies the IP address associated with this user. The access parameter specifies the level of access granted to this user. The <password> parameter is the password required by the user to access SNMP data. A user must supply this password if using a MIB browser. The BelAir20E uses DES encryption to encrypt SNMP packets. The priv-DES parameter specifies the encryption key required to encrypt or decrypt the packet. The delete user command deletes the definition of the specified SNMP user. The show command displays the configured users. Passwords are only displayed to users with root privileges. See User Privilege Levels on page 35 for details.
/protocol/snmp# set user v3md5 ipaddr 0.0.0.0 access readwrite auth md5 md5md5md5 Example 1 Example 2
/protocol/snmp# show user User Name IP address Auth Password Privacy Password Privilege
v3md5 0.0.0.0 MD5 md5md5md5 None none ReadWrite Notifications
/protocol/snmp/set notify <NotifyName> type {Trap | Inform}
ipaddr <IP_addr> [timeout <1-1500>]
October 11, 2011 Confidential Page 30 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Access Methods
[retries <1-3>] [auth {md5 | sha}
<password> [priv-DES <passwd>]]
/protocol/snmp/delete notify <NotifyName>
/protocol/snmp/show notify The set notify command enables notifications to be sent to an SNMPv3 manager for the specified notification name. You can configure up to 10 notification names. The ipaddr parameter specifies the IP address associated with this notification. The timeout parameter specifies how many seconds to wait for an acknowledgement before resending the SNMP packet. The retries parameter specifies the number of times to resend the SNMP before declaring a failure. The <password> parameter is the password associated with this notification. The BelAir20E uses DES encryption to encrypt SNMP packets. The priv-DES parameter specifies the encryption key required to encrypt or decrypt the packet. The delete notify command disables notifications from being sent for the specified notification name. The show notify command displays the current SNMP notify configuration. Passwords are only displayed to users with root privileges. See User Privilege Levels on page 35 for details. Example 1
/protocol/snmp# set notify trap1 type trap ipaddr 10.1.1.70 Example 2
/protocol/snmp# show notify Name Type IP address Timeout Retry Auth Password Privacy Password
trap1 trap 10.1.1.70 1500 3 None none None none trap2 trap 10.1.1.70 1250 3 None none None none trap3 trap 10.1.1.70 1250 2 None none None none trap4 trap 10.1.1.69 1500 3 SHA shasha None none trap5 trap 10.1.1.69 1500 3 MD5 md5md5 None none trap6 trap 10.1.1.11 1500 3 None none None none trap7 trap 10.1.1.12 1250 3 None none None none trap8 trap 10.1.1.12 1250 3 MD5 md5md5 DES_CBC JEKTEST trap9 trap 10.1.1.9 1250 3 MD5 md5md5 DES_CBC bob trap10 trap 10.1.1.8 50 1 MD5 md5md5 DES_CBC bob Authentication Traps
/protocol/snmp/set authentication-trap {enable|disable}
/protocol/snmp/show authentication-trap status These commands enable or disable the ability to send authentication traps. October 11, 2011 Confidential Page 31 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Access Methods Engine Identifier
/protocol/snmp/show engineid Telnet This command displays the current engine identifier.
/mgmt/telnet {enable|disable}
/mgmt/show telnet status The telnet command enables or disables Telnet access to the unit. The show command displays the status of the Telnet interface. Example 1
/#cd /mgmt/
/mgmt# telnet enable Example 2 cd /mgmt/
/mgmt# show telnet status Telnet: Enabled HTTP Secure HTTP SSH SSH Access SSL Displaying Server Certificate
/ssl/set http {enable|disable}
/ssl/show http status These commands enable or display the HTTP interface. The show command displays the current status.
/ssl/set secure-http {enable|disable}
/ssl/show secure-http status These commands enable or display the secure HTTP interface. The show command displays the current status. The following sections show you how to configure the Secure Shell (SSH) functions.
/ssh/show ssh status This command displays the status of the SSH interface. The following sections show you how to configure the Secure Socket Layer
(SSL) functions.
/show ssl server-cert This command displays the server-certificate for SSL. October 11, 2011 Confidential Page 32 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring the Server Certificate Creating RSA Key Pair Creating Certificate Request Configuring the Server Certificate BelAir20E Access Methods To configure the server certificate:
1 Create the RSA key pair. See Creating RSA Key Pair on page 33. 2 Create a certificate request. See Creating Certificate Request on page 33. The certificate request is displayed on the screen. 3 Copy the certificate request to a file and send it to the Certificate Authority
(CA) that will generate the certificate. 4 When the CA responds with the certificate, configure the BelAir20E SSL configuration to use it. See Configuring the Server Certificate on page 33. 5 Save the SSL configuration. See Saving an SSL Configuration on page 33.
/ssl/ssl gen key {rsa} <no. of bits>
This command creates a new RSA key pair. The input value of no of bits can be 512 or 1024. Example
/#cd ssl
/ssl# ssl gen key rsa 1024
/ssl/ssl gen cert-req algo rsa sn <SubjectName>
This command creates a certificate request using the RSA key pair and SubjectName. The subject name is the identification of the switch or the switchs IP address. Example
/#cd ssl
/ssl# ssl gen cert-req algo rsa sn 10.1.1.10
/ssl/ssl server-cert This command imports a server certificate provided by a CA. When you use this command, you are prompted to enter the certificate. To do so, open the certificate and copy its contents to the CLI. Note: The application that you use to open the certificate may insert additional line breaks and spaces at the end of each line of the certificate. Make sure to remove these extra line breaks and spaces when you copy the certificate to the CLI. Saving an SSL Configuration
/ssl/ssl save This command saves the SSL configuration. October 11, 2011 Confidential Page 33 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Access Methods Example
/#cd ssl
/ssl# ssl save October 11, 2011 Confidential Page 34 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration User and Session Administration This chapter describes user administration functions with the following topics:
User Privilege Levels on page 35 User Accounts on page 38 Configuring Authentication for User Accounts on page 39 CLI and Web Sessions on page 41 User Privilege Levels User accounts on the BelAir20E can be assigned the following three privilege levels:
An observer user can execute only the following commands:
most show commands the help and ? commands the passwd command the clear-screen and exit commands the cd and mode commands the history command the whoami command the ping command A normal user can execute any CLI command, except those reserved for the super-user. The super-user can execute any CLI command. Table 5 on page 35 lists the CLI commands that are reserved for the super-user. Each unit can have any number of observer users and normal users, but only one super-user account, called root. Table 5: Super-user commands Common Commands config-restore remoteip <ipaddress> remotefile <filename>
[{tftp|ftp [user <usrname> password <pword>]}]]
[force]
October 11, 2011 Confidential Page 35 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration Table 5: Super-user commands (Continued) Mgmt Commands adduser <user-name> -p <passwd> [-d <mode>] [-g <group>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <mode>] [-g <group>]
show user set telnet {enabled|disabled}
set authentication-login {local | radius <list>}
show authentication-login System Commands set country <country_name>
set global-session-timeout <period>
terminate session <session_index>
upgrade load remoteip <serverIPaddress>
remotepath <serverSubDir>
[{tftp|ftp [user <usrname> password <pword>]}]]
cancel upgrade reboot [{force}]
commit load set next-load {A|B|current|inactive}
syscmd restoreDefaultConfig
/Card/<card_type>-n Commands reboot [{force}]
/Protocol/IP Commands set interface {system | vlan <1-2814>}
static <ip addr> <mask>
[delay-activation]
set interface {system | vlan <1-2814>} dynamic fallback-ip <address> <mask>
accept-dhcp-params {enabled|disabled}
[delay-activation]
October 11, 2011 Confidential Page 36 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration Table 5: Super-user commands (Continued) renew ip {system | vlan <1-2814>}
SSL Mode Commands set http {enable|disable}
set secure-http {enable|disable}
show http status show secure-http status show server-cert ssl gen cert-req algo rsa sn <SubjectName>
ssl gen key {rsa} <no. of bits>
ssl save ssl server-cert Syslog Mode Commands logserver {enable [<ip address>] | disable}
monitor logging {enable | disable}
loglevel {debug|info|notice|warn|error|critical|alert|emerg}
/Protocol/SNMP Mode Commands set snmp-agent {enabled | disabled}
set community <CommunityIndex>
community-name <name> ipaddr <ip_addr>
privilege {readonly|readwrite}
delete community <CommunityIndex>
set trap <index> mgr-addr <ip_addr>
community <name> version {v1|v2|both}
delete trap <index>
set user <UserName> ipaddr <IP_addr>
access {readonly | readwrite}
[auth {md5 | sha} <password> [priv-DES <passwd>]]
delete user <UserName>
October 11, 2011 Confidential Page 37 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration User Accounts Table 5: Super-user commands (Continued) set notify <NotifyName> type {Trap | Inform}
ipaddr <IP_addr> [timeout <1-1500>]
[retries <1-3>] [auth {md5 | sha}
<password> [priv-DES <passwd>]]
delete notify <NotifyName>
set authentication-trap {enable | disable}
/mgmt/adduser <user-name> -p <passwd> [-d <mode>] [-g <group>]
/mgmt/deluser <user-name>
/mgmt/moduser <user-name> [-p <passwd>] [-d <mode>] [-g <group>]
/mgmt/show user The adduser command creates a new user account. The deluser command deletes a user account. The default login, root, cannot be deleted. The moduser command modifies the parameters of a user account. For this command, the group parameter does not apply to changes to the root account. The show user command lists all valid user accounts, the mode in which they start their session and their maximum privilege level. For example, under Groups, normal users display NORMAL OBSERVER while the root account displays root NORMAL OBSERVER. The mode parameter sets the command mode that a user accesses when they log in. If unspecified, it defaults to a slash (/) so the user begins their session in root mode. Users with observer privileges must start their sessions in root mode. The group parameter specifies the user accounts privilege level. It can be OBSERVER or NORMAL. If unspecified, the user account has observer privileges. To use this command, you must be in mgmt mode. Note 1: The specified password is case sensitive, must consist of alphanumeric characters, must be at least six characters long, and cannot exceed 20 characters. Changes the super-user account require that you provide the super-user password. Note 2: The specified group is case sensitive. If you use a RADIUS server to authenticate users as they login, you must specify the users privilege level in the RADIUS Reply-Message field. Specifically, October 11, 2011 Confidential Page 38 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration the Reply-Message field must contain in plain text one of the following: root, NORMAL or OBSERVER. These entries in RADIUS are case sensitive, so make sure the user privilege levels are entered exactly as specified. If the privilege levels are unspecified in RADIUS, then the BelAir20E provides the user with observer privileges. Example 1
/mgmt# adduser testuser -p userpwd - d system Example 2
/mgmt# deluser xyz Example 3 In the following example, the user guest begins their session in interface mode and their password is changed to guest123.
/mgmt# moduser guest p guest123 d interface Example 4
/mgmt# show user USER MODE GROUPS root / root NORMAL OBSERVER user1 / OBSERVER user2 / OBSERVER user3 interface NORMAL OBSERVER You can use a RADIUS server to authenticate users as they login to their accounts. This applies to all user accounts including root.
/mgmt/set authentication-login {local|radius <list>}
/mgmt/show authentication-login These commands determine how the BelAir20E authenticates users. The local setting means that the BelAir20E uses the locally stored password and user account information to authenticate the user. This is the default setting. The radius setting means that the BelAir20E uses a RADIUS server to authenticate the user. The list parameter specifies the index used in the RADIUS server list. Refer to RADIUS Servers on page 40. Configuring Authentication for User Accounts Authentication Mode October 11, 2011 Confidential Page 39 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration RADIUS Servers Example 1
/mgmt# set authentication-login radius 1,2 Example 2 mgmt# show authentication-login Authentication Login is radius Radius Authentication server table
Index : 1 Radius Server Address : 10.1.3.254 UDP port number : 1812 Radius Client Address : 10.1.3.48 Timeout : 3
Index : 2 Radius Server Address : 10.1.3.253 UDP port number : 1812 Radius Client Address : 10.1.3.48 Timeout : 3
/protocol/radius/set server <server-idx> <IP_addr>
<shared-secret>
[authport <server-port>]
[acctport <acct-port>]
[interface {system | vlan <1-2814>}]
[timeout <seconds>]
[reauthtime <seconds>]
/protocol/radius/set server-state <server-idx> {enabled|disabled}
/protocol/radius/del server <server-idx>
/protocol/radius/show servers These commands allow you to specify a list of RADIUS servers that you can use to authenticate users. The list can contain up to 10 servers. The IP_addr parameter specifies the IP address of the RADIUS server. The shared-secret parameter specifies the password for access to the RADIUS server. The authport parameter ranges from 0 to 65535. It specifies the UDP port number of the RADIUS server (typically 1812). The acctport parameter ranges from 0 to 65535. It specifies the UDP port number for RADIUS accounting data (typically 1813). The interface parameter specifies the interface to associate the BelAir20E RADIUS client to. This can be the units system interface or any VLAN interface. The default value is system. October 11, 2011 Confidential Page 40 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration The timeout parameter ranges from 2 to 300. It specifies the interval (in seconds) after which the RADIUS client considers that the remote server has timed out if a reply is not received. The default value is 10 seconds. The reauthtime parameter ranges from 0 to 50000000. It specifies the RADIUS re-authentication time (in seconds). This forces the BelAir20E to check all connected clients with the RADIUS server (that is, make sure they are still allowed to access the network) at the specified interval. You only need to configure this parameter if it is not specified on the RADIUS server. Setting the interval to zero disables this feature. The maximum interval time is 2147483647. If you enter a higher number, the value is set to its maximum. Note: Make sure the users privilege level are correctly specified in the RADIUS Reply-Message field. Refer to User Accounts on page 38.
/protocol/radius# set server 3 172.16.1.20 my-secret12345 authport 1812 acctport 1813 interface system timeout 15 reauthtime 1 Example 1 CLI and Web Sessions Session Management Example 2
/protocol/radius# set server-state 3 enabled The BelAir20E allows you to manage CLI and Web session, such as listing and terminating sessions as well as configuring the idle timeout period.
/system/show sessions
/system/terminate session <session_index>
The show sessions command lists all active CLI and Web interface sessions. The current session is flagged with an asterisk besides its session index number. The terminate session command allows you to terminate any CLI or Web session. Example
/system# show sessions index user type IP address since last-cmd timeout tssh logging
1 root telnet 10.9.9.14 0:27:57 0:01:43 0:30:00 inactive active 9 root telnet 10.9.9.14 0:22:09 0:00:00 0:30:00 inactive active 11[*] root web 10.9.9.14 0:13:51 0:13:51 1:00:00 In this example, the current session is session 11 with an idle period set at 1 hour. October 11, 2011 Confidential Page 41 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring the Session Timeout Interval User and Session Administration
/system/set global-session-timeout <period>
/system/set session-timeout <period>
/system/show global-session-timeout By default, a CLI session is automatically disconnected if it is idle for longer than 30 minutes. These commands allows you to change the idle period, preventing unwanted disconnections. The idle period is specified in minutes. Setting a period of 0 prevents any automatic disconnection. The set global-session-timeout command changes the idle period of all CLI sessions. Its <period> parameter ranges from 1 to 1440; that is up to 24 hours. You cannot specify 0 as the global session idle period. You must be logged in as root to use this command. The set session-timeout command changes the idle period of only the current CLI sessions. Its <period> parameter ranges from 0 to 1440; that is up to 24 hours. The session timeout period overrides the global timeout period. The new idle period takes effect immediately and to all current and future sessions; until changed with these commands again. The show command displays the settings for the global timeout period. To see the setting for the session, use the /system/show sessions command. CLI Prompt Customization Example
/system# set idle-timeout 60
/system/set prompt selection [default|string|switch-name}
/system/set prompt string <20-char_string>
/system/show prompt The set prompt selection command customizes the prompt for CLI sessions. The choices are as follows:
default, where the CLI prompt includes the current command mode only switch-name, where the CLI prompt includes the current command mode and the first eight characters of the switch name described in System Identification Parameters on page 50 string, where the CLI prompt includes the current command mode and the 20-character string as defined by the set prompt string command. The string can consist of any 20 ASCII characters, except for the semicolon (;). The show prompt command displays the current prompt settings. October 11, 2011 Confidential Page 42 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide User and Session Administration Examples
/system#set prompt string BelAir-128-50-46-189
/system#set prompt selection string
[BelAir-128-50-46-189]/system#system switch BA20E-A
[BelAir-128-50-46-189]/system#set prompt selection switch-name
[BA20E-A]/system#set prompt selection switch-name
[BA20E-A]/system#set prompt selection default
/system# show prompt User-defined string: BelAir-128-50-46-189 prompt selection: default October 11, 2011 Confidential Page 43 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide IP Settings IP Settings This chapter contains procedures for managing BelAir20E IP parameters as follows:
Displaying IP Parameters on page 44 Configuring IP Parameters on page 45 Configuring Dynamic IP Addressing on page 45 Renewing the IP Address on page 46 Auto-IP on page 46 Setting a Static IP Address and Subnet Mask on page 47 Static IP Routes on page 47 Configuring the Domain Name System Lookup Service on page 48 Configuring IP Address Notification on page 48 CAUTION!
The BelAir20E uses internal IP addresses in the range of 192.168.1.x, 192.168.2.x and 192.168.3.x. As a result, do not configure the BelAir20E to use any IP addresses within these ranges. Displaying IP Parameters
/protocol/ip/show config The /protocol/ip/show config command displays a detailed view of the systems IP configuration. Example
/protocol/ip# show config Interfaces:
Address Configured/ Configured/ Accept Current Current Alloc Fallback Fallback DHCP Interface Address Netmask Type D Address Netmask Parameters
System 10.9.9.20 255.255.255.0 Static 10.9.9.20 255.255.255.0 Disabled AutoIP: Enabled Routes:
Destination Netmask Gateway Interface Active
No static routes currently configured DNS:
October 11, 2011 Confidential Page 44 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Domain name lookup: disabled Configured domain name:
Configured primary DNS server: 0.0.0.0 Configured secondary DNS server: 0.0.0.0 IP Settings Configuring IP Parameters Configuring Dynamic IP Addressing a static IP address and subnet mask, as well as static IP routes. You can configure:
dynamic IP addressing
/protocol/ip/set interface {system | vlan <1-2814>} dynamic fallback-ip <address> <mask>
accept-dhcp-params {enabled|disabled}
[delay-activation]
/protocol/ip/del ip vlan <1-2814>
The set interface command specifies that a Dynamic Host Configuration Protocol (DHCP) server provides IP addresses for the node. This includes IP addresses for the nodes management interface as well as any VLANs it may have. If you specify a new VLAN, then that VLAN is created. The del ip vlan command deletes VLAN IP parameters previously created with the set interface command. If the IP address is dynamically set, BelAir Networks recommends that you also configure the switch name, location and contact parameters. These parameters then allow you to identify the node if you later need to do a remote CLI session. Refer to System Identification Parameters on page 50. In addition to providing the IP address, the DHCP server can be used to supply additional parameters including:
DNS server IP address and a domain name a TFTP server and a script file name a SNTP server list and time offset The accept-dhcp-params parameter controls whether the node accepts additional parameters from the DHCP server or not. Refer to DHCP Options on page 58 for details. The delay-activation parameter specifies that the new IP parameters do not take effect until after you execute a config-save command. BelAir Networks recommends that you always specify delay-activation if you change the system IP parameters. Otherwise you will need to start a new CLI session using the new IP address to execute the config-save command to save your changes. October 11, 2011 Confidential Page 45 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide IP Settings Note 1: DHCP servers usually have the ability to assign a default route to DHCP clients. Make sure that the DHCP server assigns only one default route, even you are using many different IP interfaces on the same BelAir platform (for example, a management IP interface and a VLAN IP interface). Note 2: You must configure the DHCP server lease time to be one minute or longer. Note 3: If the network contains nodes with static IP addressing and nodes with dynamic IP addressing, make sure the DHCP server does not issue addresses that been previously issued statically. Example
/protocol/ip# set interface system dynamic fallback-ip 92.121.68.34 255.255.255.255 accept-dhcp-params disabled delay-activation The previous command changes the system interface to:
accept a dynamic IP address, and no other parameters, from a DHCP server if the DHCP server cannot be reached, use an IP address of 92.121.68.34 and an IP mask of 255.255.255.255 The changes do not take effect until you use the config-save command to save your changes.
/protocol/ip/renew ip {system | vlan <1-2814>}
This command is used when the node is configured to dynamically receive IP addresses. See Configuring Dynamic IP Addressing on page 45. Issuing this command causes the DHCP server to renew the IP address of the nodes management interface or of the VLAN. Using this command may cause the DHCP server to change the IP address of the nodes management interface. If this happens you may need to reconnect to the node using the new IP address.
/protocol/ip/set auto-IP {enabled | disabled}
This command lets you configure the auto-IP feature which complements the fallback IP when you configure dynamic IP addressing. Auto-IP is useful when multiple nodes have been configured with the same fallback IP. Renewing the IP Address CAUTION!
Auto-IP October 11, 2011 Confidential Page 46 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide IP Settings The auto-IP feature automatically configures the node to have a specific default IP address based on the nodes MAC address if it cannot get an IP address from the DHCP server or when it is in factory default mode. When auto-IP is enabled, the default IP address is 169.254.1.x with a mask of 255.255.0.0; where x is the last byte of the nodes MAC address. When you can connect a laptop directly to the unit, the laptop also auto-configures itself with an IP address 169.254.x.x and a mask of 255.255.0.0 if it is in DHCP mode. You can then use the laptop to start a CLI session into the unit with its 169.254.1.x address. The default setting is enabled.
/protocol/ip/set interface {system | vlan <1-2814>}
static <ip addr> <mask>
[delay-activation]
/protocol/ip/del ip vlan <1-2814>
The set interface command specifies that the node uses static IP addressing for the nodes management interface as well as any VLANs it may have. If you specify a new VLAN, then that VLAN is created. The del ip vlan command deletes VLAN IP parameters previously created with the set interface command. The delay-activation parameter specifies that the new IP parameters do not take effect until after you execute do a config-save command. BelAir Networks recommends that you always specify delay-activation if you change the system IP parameters. Otherwise you will need to start a new CLI session using the new IP address to execute the config-save command to save your changes. Example
/protocol/ip# set interface system static 92.121.68.34 255.255.255.255 delay-activation The previous command changes the system interface to have a static IP address of 92.121.68.34 and an IP mask of 255.255.255.255. The changes do not take effect until you use the config-save command to save your changes.
/protocol/ip/add route <dest ip addr> <dest mask> gw <gateway>
/protocol/ip/del route <dest ip addr> <dest mask> gw <gateway>
The ip route add command adds extra static IP routes. If your units needs to communicate with an IP interface from another sub-network, you must add the appropriate routes to the remote IP interface. Contact your administrator to obtain the IP address and mask of the remote IP interface. Setting a Static IP Address and Subnet Mask Static IP Routes October 11, 2011 Confidential Page 47 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide IP Settings Configuring the Domain Name System Lookup Service The ip route del command deletes a static route. Use the gateway parameter to specify the IP address of the network gateway.
/protocol/ip/set dns server {primary | secondary} <ip_address>
/protocol/ip/del dns server {primary | secondary}
/protocol/ip/set dns domain name <customer.com>
/protocol/ip/del dns domain name The BelAir20E provides a Domain Name System (DNS) lookup service by providing a DNS client that resolves computer names to IP addresses. If the local DNS server fails, a query to the public network is made. The set dns server command specifies the IP address of a primary and secondary DNS server. The del dns server command erases the current IP address. The set dns domain name command specifies the default domain name required to perform Fully Qualified Domain Name requests. The del dns domain name command erases the current domain name. The IP addresses of the DNS servers and the default domain name can also be specified automatically through DHCP. See DHCP Options on page 58. Configuring IP Address Notification
/protocol/ip/set ip-addr-notification {enabled | disabled}
When this setting is enabled, the node sends out its IP addresses as traps to the configured trap destinations every 60 minutes. The notification interval is not currently configurable. By default, this setting is disabled. October 11, 2011 Confidential Page 48 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings System Settings This chapter contains procedures for managing BelAir20E parameters as follows:
Country of Operation on page 49 System Identification Parameters on page 50 Custom Fields on page 50 Configuring the System Date and Time on page 51 GPS Coordinates on page 53 LED Control on page 53 Setting the Network Egress Point on page 54 Limiting Broadcast Packets on page 54 Displaying Unit Inventory Information on page 55 Defining a Maintenance Window on page 55 Displaying System Up Time on page 55 Displaying the Running Configuration on page 56 Restarting the Node on page 56 Creating and Using Script Files on page 56 Enabling or Disabling Session Logging on page 56 Country of Operation
/system/show country [detail]
/system/set country <country_code>
Note: These commands apply only to BelAir units purchased outside of the United States of America and its territories. For units purchased in the United States of America and its territories, the units country code is US and cannot be changed. These commands allow you to adjust the radios in your unit to conform to the regulatory requirements for your country. This includes valid radio channel ranges as well as transmit power levels and the use of Dynamic Frequency Selection (DFS), a regulatory requirement in some jurisdictions. October 11, 2011 Confidential Page 49 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings The show country command displays the current country of operation. Specifying the detail parameter also displays both the name and the ISO 3066 identity code for all supported countries. The set country sets the country of operation for your unit. The
<country_code> parameter is the ISO 3066 identifier for the country as listed by the show country detail. The default value is US. CAUTION!
Improper setting of a units country setting may exceed regulatory requirements and void the operators right to operate the radio equipment. Contact BelAir Networks for details regarding country specific approvals. Additional country settings are also available by contacting BelAir Networks. System Identification Parameters Custom Fields
/system/set system-id ([switch <name>] [contact <firm>]
[location <place>])
/system/show system-id These commands let you manage system identification parameters such as switch name, switch contact information and physical switch location. The
<name> parameter is limited to 32 characters. Example The following example sets the switch name to BA20E-A, the contact information to BelAirNetworks and its location to PoleNumber1.
/system# system-id switch BA20E-A contact BelAirNetworks location PoleNumber1
/system/set custom ([field1 <random_str>][field2 <random_str>]
[field3 <random_str>][field4 <random_str>]
[field5 <random_str>])
/system/show custom fields These commands let you manage the contents of up to five data fields that you can use to store any information of your choosing. Each field can store up to 50 characters except for custom field 1 which is limited to 32 characters. Custom field data is saved with the nodes configuration data. Example
/system# show custom fields Custom Field 1: Mesh main node Custom Field 2: Used for experiments Custom Field 3: Zone 3 master Custom Field 4: Services customer xyz Custom Field 5: First in service October 11, 2011 Confidential Page 50 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring the System Date and Time Manual Date and Time Configuration System Settings The system date and time can be configured:
manually using a Simple Network Time Protocol (SNTP) server In both cases, you can use an offset to convert the displayed Coordinated Universal Time (UTC) to local time. The IP addresses of the SNTP servers and the time offset can also be specified automatically through DHCP. See DHCP Options on page 58.
/system/set date <YYYY-MM-DD> [time <hh:mm:ss>]
/system/set time <hh:mm:ss>
/system/set time offset <hour_offset:minute_offset>
/system/show date
/system/show timeoffset The set date and set time commands set the current date and time. The value must be formatted as follows:
YYYY is the year MM is the month DD is the date hh specifies the hour mm specifies the minutes You must enter the exact date and time format as specified; that is, four digits for the year and two digits for the month, day, hour, minutes and seconds. ss specifies the seconds The set time offset command configures an offset that is used to convert the displayed UTC time to local time. The hour_offset portion of the parameter ranges from -12 to +13. The minute_offset portion of the parameter ranges from 0 to 59. Example 1
/system# set date 2004-02-10 time 06:50:00 Example 2
/system# set time 08:45:00 Example 3
/system# set time offset -4 30 October 11, 2011 Confidential Page 51 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings Managing an SNTP Server Example 4
/system# show date Current date: 2011-08-11 23:04:46 (UTC) Current date: 2011-08-11 17:04:46
/protocol/sntp/set ip-address {primary|secondary}
{<host> | disabled}
/protocol/sntp/set timeoffset <hour_offset:minute_offset>
/protocol/sntp/set status {enabled | disabled}
/protocol/sntp/show {config | status}
The BelAir20E supports the Simple Network Time Protocol (SNTP) by providing an SNTP client that can synchronize the unit date and time with any SNTP compatible external time server. The set ip-address command lets you identify a primary and secondary SNTP server by specifying its host name or IP address, or disable this functionality. If the SNTP client cannot synchronize the unit date and time with the primary SNTP server, it attempts to synchronize with the secondary unit. The set timeoffset command configures an offset that is used to convert the displayed UTC time to local time. The hour_offset portion of the parameter ranges from -12 to +13. The minute_offset portion of the parameter ranges from 0 to 59. The set status {enable|disable} command enables or disables the SNTP client. To use this service, you must configure the IP address of at least one SNTP server either manually or through DHCP. When the SNTP client is enabled, the BelAir20Es clock is reset to use UTC. The show status and the show config commands display whether the SNTP process is running or not and the effective (actual) information used by the SNTP client as well as the information stored by the BelAir20E. Differences may be caused by the setting of the accept-dhcp-params parameter. See DHCP Options on page 58. Example 1
/protocol/sntp# set ip-address primary 10.1.1.2 Example 2
/protocol/sntp# set timeoffset -4 30 Example 3
/protocol/sntp# show status SNTP process is running October 11, 2011 Confidential Page 52 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings Effective SNTP Timeoffset:
SNTP Timeoffset origin: SNTP schema SNTP Time Offset: 6:00 Effective SNTP server:
SNTP Servers origin: SNTP schema Active Server: Primary - 0.pool.ntp.org SNTP server Primary : 0.pool.ntp.org SNTP server Secondary : 1.pool.ntp.org DHCP timeserver Primary : 0.0.0.0 DHCP timeserver Secondary: 0.0.0.0 GPS Coordinates
/system/set coordinates [latitude <-90,+90> ] [longitude <-180,+180>]
/system/show coordinates These commands allow you to specify the exact geographic location of a BelAir unit. You can then use the Global Positioning System (GPS) coordinates to locate a unit in the field. The show coordinates command displays the units coordinates. Example
/system# set coordinates latitude 76 longitude -120
/system# show coordinates latitude: ............... 76.000000 longitude: .............. -120.000000 LED Control You can use the following commands to control the LED behavior of the BelAir20E:
Find Me Function on page 53 LED Enable or Disable on page 53
/system/find-me {start|stop}
Find Me Function LED Enable or Disable This command helps you determine the physical location of a unit. When you start the find me function, the units power LED starts a green and red flashing cycle.
/system/show visual-indicators-status
/system/set visual-indicators {off | enable}
This command lets you turn enable or disable the LEDs of a unit. October 11, 2011 Confidential Page 53 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Setting the Network Egress Point System Settings
/system/show system-egress-point
/system/set system-egress-point {yes {direct|indirect gateway-ip <ip_addr>}|no}
In a BelAir network, a node can act as an egress point to an outside network, usually the Internet, for the backhaul traffic of many other nodes. The other nodes may be connected to the egress node through point-to-point, point-to-multipoint or multipoint-to-multipoint links. This command lets you specify whether or not the current unit has such an egress point, and the type of connection. Use direct when the node is connected directly to the outside network through its Ethernet port or a DSL modem. Use indirect when the node is connected to the outside network through a Wi-Fi link, WiMAX link, or third-party device. In such cases, you must supply the IP address of the device that is connected to the outside network. The default setting is yes direct. Limiting Broadcast Packets
/system/show broadcast-filter config
/system/set broadcast-filter rate <filter_rate>
/system/set broadcast-filter status {enable|disable}
In a BelAir network, each node limits the rate at which broadcast packets are sent. The show broadcast-filter command displays the current broadcast rate. The set broadcast-filter rate command lets you set the maximum rate at which broadcast packets are sent in packets/second. The <filter_rate> parameter ranges from 100 to 1000. The default setting is 200. Use the set broadcast-filter status command to disable broadcast packet filtering. See also:
Filtering Broadcast and Multicast Packets on page 96 Broadcast to Unicast Packet Conversion on page 96 Example
/system# show broadcast-filter config Broadcast Filter Configuration
Broadcast Filter Rate :200 October 11, 2011 Confidential Page 54 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying Unit Inventory Information
/system/show phyinv This command displays the manufacturing parameters (name, serial number and part version numbers) of the equipment parts contained in a unit. System Settings Example - BelAir20E
/system# show phyinv System Name: BA20E-11 Type Class Serial number Assembly code BA order code BelAir20 indoor K000000001 BA20E Physical Inventory Table Slot Card type Version Serial number Assembly code 1 HTME 1.1.1 K000000001 B2XH131AA-A A01 Physical Interface Table Name Type Slot Card type Description wifi-1-1 Wifi 802.11 1 HTME HTMEv1 5GHz 802.11n wifi-1-2 Wifi 802.11 1 HTME HTMEv1 2.4GHz 802.11n eth-1-1 Ethernet 1 HTME 1000BASE-T lan-1 Ethernet 1 HTME 1000BASE-T lan-2 Ethernet 1 HTME 1000BASE-T lan-3 Ethernet 1 HTME 1000BASE-T lan-4 Ethernet 1 HTME 1000BASE-T Defining a Maintenance Window
/system/set maintenance-window {{enabled {hh:mm hh:mm} | disabled }}
/system/show maintenance-window Use these commands to define and enable a maintenance window where generated alarms do not count against the alarm threshold. For details, see Setting the Tunnel Down Alarm Threshold on page 175. By default, the maintenance window is enabled and runs from midnight (00:00) to 7 am (07:00). Specified window start and end times are rounded down to the nearest 15-minute increment. Example
/system# set maintenance-window enabled 00:14 03:20 The previous command sets the maintenance window to run from midnight
(00:00) to 3:15 am. Displaying System Up Time
/system/show sysuptime This command displays the time the system has been operating. October 11, 2011 Confidential Page 55 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings Displaying the Running Configuration Restarting the Node Example
/system# show sysuptime System Up Time: 234 days, 16:45:32.34
/system/show running-configuration This command displays the configuration that the node is currently operating with. It executes a series of show commands with results displayed on the CLI screen. Use the scroll bar of the Telnet or SSH window to see any particular section of the output.
/system/reboot [{force}]
/system/show restart-reason The reboot command restarts the entire node. You must confirm your intent before the node is rebooted. Under some circumstances, a reboot may be prevented because of processing from other user sessions. Use the force parameter to override these restrictions and restart the node regardless. The show restart-reason command displays the reason for the last restart. See also Restarting a Card on page 70. Example
/system# show restart-reason Previous reboot was a cold restart initiated by user. Creating and Using Script Files You can use script files to:
make repetitive tasks quicker and easier to do automate the configuration of a node when it starts up. See BelAir20E Auto-configuration on page 58. To help create your scripts, follow the guidelines in Scripting Guidelines on page 234. Enabling or Disabling Session Logging
/system/set session-logging {enable | disable}
When session logging is enabled, all commands entered during a CLI session are recorded in a command log file. However, if you run repetitive scripts, you may want to disable logging to avoid filling the file with the same sets of commands. October 11, 2011 Confidential Page 56 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide System Settings This command allow you to enable or disable session logging. The default setting is enable. Use the /system/show sessions command to see the current setting. Use the /syslog/export logs command to access the command log file. Refer to the BelAir20E Troubleshooting Guide for a detailed description. October 11, 2011 Confidential Page 57 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration BelAir20E Auto-configuration DHCP Options With auto-configuration, the BelAir20E can automatically obtain a script file after it powers up. The unit then configures itself based on the content of the file. Auto-configuration minimizes the amount of manual intervention required to pre-configure the unit before you install it. To create a valid script file, refer to the guidelines listed in Creating and Using Script Files on page 56. The following sections describe the different ways you can automatically supply a script file to the BelAir20E:
DHCP Options on page 58 DNS on page 61 Configuration Download Profile on page 62 All methods are independent, but can be used in conjunction with each other. For example, you can use DHCP options to download a script file that configures the configuration download profile. You then use the configuration download profile to download a second script file for the rest of the BelAir20E. With this method, the BelAir20E uses the exchange of DHCP packets with a DHCP server as a means of exchanging information during startup. The BelAir20E uses DHCP Options 12, 60, 55 and 43 to retrieve extra information during startup and to supply the DHCP server with information about itself. The BelAir20E provides the system identifier host name through DHCP Option 12 and the vendor class identifier BelAir Networks through DHCP Option 60. Through DHCP Option 55, the DHCP server provides the BelAir20E with the following parameters in addition to basic IP parameters (address, subnet mask and default route) described in Configuring Dynamic IP Addressing on page 45:
TFTP server IP address and script file name. These parameters cause a TFTP session to be created and the script file to be downloaded and executed during startup. DNS domain name. Only one domain name is valid at any one time per BelAir20E and not per interface. See Configuring the Domain Name System Lookup Service on page 48. October 11, 2011 Confidential Page 58 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration DNS server IP addresses. Up to two DNS servers are supported. See Configuring the Domain Name System Lookup Service on page 48. IP address for a time server. Two time servers are supported for use by the SNTP service. See Managing an SNTP Server on page 52. time offset value used by the SNTP service. See Managing an SNTP Server on page 52. Through DHCP Option 43, the BelAir20E provides the DHCP server with the following parameters about the itself:
assembly code, as shown with the /system/show phyinv command serial number, as shown with the /system/show phyinv command MAC address version of the active software load, as shown with the /system/show loads command GPS coordinates, as shown with the /system/show coordinates command switch name, as shown with the /system/show system-id command custom field 1, as shown with the /system/show custom fields command You can use the information from DHCP Option 55 to configure the BelAir20E management interface or one of its VLAN interfaces. After the BelAir20E receives these parameters, it configures the interface in question. At startup, it downloads the script file from the TFTP server and executes it. DHCP options can only be enabled for one interface. For example, if you enable DHCP options for the management interface, you are prevented from enabling them for a VLAN interface until you first disable them for the management interface. By default, the BelAir20E accepts all parameters provided by the DHCP server. However, you can configure the BelAir20E to accept or reject any individual parameter. By accepting only specific parameters, you can control how much of the BelAir20E is auto-configured. For example, if you do not want to use a script file from the TFTP server, you can set the accept-tftp-download parameter to disabled. See Accepting Specific DHCP Parameters on page 60. October 11, 2011 Confidential Page 59 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration Pre-requisites Configuring and Using DHCP Options Accepting Specific DHCP Parameters Data provided by the DHCP server overrides any data configured locally. During operation, if the DHCP server provides updated data, the BelAir20E continues operation with the updated data. To use DHCP options, your DCHP server must be configured to supply the information requested by the BelAir platform. In particular, make sure of the following:
Your DHCP server supplies a list of SNTP servers instead of NTP servers and that they are listed in order of preference. Your DHCP server assigns only one default route, even you are using many different IP interfaces on the same BelAir platform (for example, a management IP interface and a VLAN IP interface). To use DHCP options, you must:
1 Set the default IP address assignment of an interface to dynamic and set the accept-dhcp-params parameter to enabled. See Configuring Dynamic IP Addressing on page 45. 2 Specify which specific parameters to accept from DHCP server. See Accepting Specific DHCP Parameters on page 60. The BelAir20E then contacts the DHCP server to request the parameters.
/protocol/ip/set dhcp-accept ([dns-domain {enabled|disabled}]
[dns-server {enabled|disabled}]
[tftp-download {enabled|disabled}]
[time-server {enabled|disabled}]
[time-offset {enabled|disabled}]) These commands control whether the individual parameters supplied by the DHCP server are accepted or not by the BelAir20E. To use this command you must first set the default IP address assignment for the interface to dynamic and set the accept-dhcp-params parameter to enabled. See Configuring Dynamic IP Addressing on page 45. By default, the node accepts all parameters from the DHCP server; that is, each of these parameters is set to enabled. The dns-domain parameter controls the domain name option used to perform DNS requests. Only one domain name is valid at any one time per BelAir20E. See Configuring the Domain Name System Lookup Service on page 48. October 11, 2011 Confidential Page 60 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration The dns-server parameter controls DNS server IP addresses. Up to two DNS servers are supported. See Configuring the Domain Name System Lookup Service on page 48. The tftp-download parameter controls two DHCP options: TFTP server IP address and script file. Enabling this option causes a TFTP session to be created and the script file to be downloaded and executed during startup. The time-server parameter controls the IP address for a time server. Two time servers are supported. This information is used by the SNTP service. See Managing an SNTP Server on page 52. The time-offset parameter controls the time offset value that is used by the SNTP service. See Managing an SNTP Server on page 52. The TFTP server IP address and the script file are downloaded and executed only during a startup. If the script on the server changes, it is not sent to the node until the next time the node reboots or starts up. If DNS and SNTP data on the DHCP server changes, then it is sent to the node whenever the node renews DHCP information. The new DNS and SNTP data then takes effect immediately. In all cases, DNS and SNTP data provided by the DHCP server overrides any data configured locally. With this method, the BelAir20E uses DNS to connect to an FTP server containing a script file to be executed during startup. When the BelAir20E starts up with factory default settings, it looks for a DHCP server to assign its IP address. If the DHCP server provides a TFTP server IP address and script file name, then the BelAir20E performs auto-configuration based on these values. See DHCP Options on page 58. If DHCP server does not provide a TFTP server IP address and script file name, then the BelAir20E obtains the script file based on DNS information from the DHCP server as follows:
1 The BelAir20E uses DHCP to obtain the DNS server IP address and domain name from the DHCP server. 2 The BelAir20E attempts to open a session to an FTP host called bnconfigserv using local DNS settings. The host name bnconfigserv is hard-coded in the BelAir20E and cannot be changed. If unsuccessful, it opens DNS October 11, 2011 Confidential Page 61 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration an FTP session to bnconfigserv.<domain_name> (for example, bnconfigserv.belairnetworks.com). In either case:
The FTP username used by the BelAir20E is bn_%02x_%02x_%02x_%02x_%02x_%02x. For example, if the MAC address of the BelAir20E is 00:0d:67:0c:21:76, then the username on the FTP server is bn_00_0d_67_0c_21_76. The username must be in lower case and must exist in the FTP server. The FTP password used is the md5sum of the username. To obtain this, do echo <username> | md5sum. Omit the spaces and dash at the end of the md5sum output. 3 In the FTP home directory for the user, the BelAir20E looks for a script file named bn_config.cfg. Configuration Download Profile With the configuration download profile you specify:
the filename of the script file the server from which to get the script file a user-name and password Pre-requisites Using a Configuration Download Profile You can specify the server by either its IP address or its name. If both are specified, the IP address has precedence. The default name is belairconfig.com. The script file is downloaded and executed only during a startup. If the script on the server changes, it is not sent to the node until the next time the node reboots or starts up. To use a configuration download profile, your server must be configured with the appropriate user accounts and passwords. The account must contain a valid script file. Also, if you identify the server with a name, you need a DNS server to resolve names to IP addresses.
/system/set config-download [server <name_or_ip_addr>]
[auto-conf-protocol {ftps|ftp|tftp]
[filename <filename>]
[user <user_name>]
[password <pword>]
{enabled|disabled}
/system/show config-download status These commands provision the configuration download profile. October 11, 2011 Confidential Page 62 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Auto-configuration The server may be identified by supplying either its IP address or providing its name. The default server name is belairconfig.com. The default protocol is FTPS. The default user name and password is anonymous. The default filename is auto-config.txt. By default, the configuration download file is disabled. Example
/system#show config-download status config-download adminStatus: enabled config-download server: 0.0.0.0 config-download servername: belairconfig.com config-download user-name: auto-config.txt config-download password: anonymous config-download filename: auto-config.txt config-download protocol: ftp October 11, 2011 Confidential Page 63 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Ethernet or LAN Interface Settings Ethernet or LAN Interface Settings This chapter describes how to configure the Ethernet or LAN interfaces provided by your units HTME card. The following topics are covered:
Managing the Ethernet or LAN Interface Settings on page 64 Managing Egress Node Traffic on page 64 To display statistics, see the BelAir20E Troubleshooting Guide. Managing the Ethernet or LAN Interface Settings
/interface/eth-<n>-<m>/set ethernet {auto|{speed {10|100}
{mode {full-duplex|half-duplex}}}}
/interface/eth-<n>-<m>/show status
/interface/lan-<n>/set ethernet {auto|{speed {10|100}
{mode {full-duplex|half-duplex}}}}
/interface/lan-<n>/show status The set ethernet command controls the operational settings of the Ethernet interface. The auto setting causes the interface to automatically discover the correct settings to communicate with the other Ethernet device. If you do not use the auto setting, you can manually set the interface speed to either 10 or 100 Mbps and the mode to either full or half-duplex. The show status command displays the current operational Ethernet interface settings. The current operational settings are a result of the negotiation that occurs with another Ethernet device and may be different than that configured locally. Example
/interface/eth-1-1# show status Type : 1x1000baseTx [Electrical: Single]
Admin Status : Enabled Link State : Up Speed : 100 Mbps Mode : Full Duplex Auto-Negotiation : Enabled Mac Address : 00:0D:67:0C:23:38 Managing Egress Node Traffic In a BelAir network, the Ethernet or LAN port of a node can act as an egress point for the backhaul traffic of many other nodes. The other nodes may be connected to the egress node through point-to-point, point-to-multipoint or multipoint-to-multipoint links. October 11, 2011 Confidential Page 64 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide VLAN Conversion VLAN Filtering Ethernet or LAN Interface Settings
/interface/eth-<n>-<m>/show pvid
/interface/eth-<n>-<m>/set pvid {<vlan_id>|untagged}
/interface/eth-<n>-<m>/set reverse-pvid {<vlan_id>|untagged}
/interface/lan-<n>/show pvid
/interface/lan-<n>/set pvid {<vlan_id>|untagged}
/interface/lan-<n>/set reverse-pvid {<vlan_id>|untagged}
These commands let you convert the VLAN tagging of traffic entering or leaving the Ethernet or LAN port of an egress node:
The set pvid command applies when traffic between BelAir nodes uses VLAN IDs and these VLAN IDs must be removed before the traffic leaves the node through the Ethernet or LAN port to the external network. If you use the set pvid command and specify a VLAN ID, untagged VLAN packets coming from external network through the Ethernet or LAN port are converted to tagged packets with the specified VLAN ID before they are sent to the BelAir nodes. Similarly, packets that are tagged with the specified VLAN ID are sent to the external network through Ethernet or LAN port as untagged VLAN packets. The set reverse-pvid command applies when traffic between BelAir nodes is untagged and must be tagged with a VLAN ID before it leaves the node through the Ethernet or LAN port to the external network. If you use the set reverse-pvid command and specify a VLAN ID, untagged VLAN packets coming from BelAir Nodes are converted to tagged packets with the specified VLAN ID before they are sent through the Ethernet or LAN port to the external network. Similarly, packets that are tagged with the specified VLAN ID arriving from the external network through the Ethernet or LAN port are converted to untagged packets before being sent to the BelAir nodes. If you specify the keyword untagged instead of VLAN ID, then packets are not converted as they enter or leave the Ethernet or LAN port of the egress node. The default setting is untagged.
/interface/eth-<n>-<m>/show vlans
/interface/eth-<n>-<m>/add vlan {<vlan_id>|untagged}
/interface/eth-<n>-<m>/delete vlan {<vlan_id>|untagged}
/interface/lan-<n>/show vlans
/interface/lan-<n>/add vlan {<vlan_id>|untagged}
/interface/lan-<n>/delete vlan {<vlan_id>|untagged}
You can create a list containing up to four VLAN IDs to control which traffic enters or leaves the Ethernet or LAN port of an egress node. Only packets that are tagged with a VLAN ID in the list are allowed to enter or leave the Ethernet or LAN port of the egress node. October 11, 2011 Confidential Page 65 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Ethernet or LAN Interface Settings These commands let you manage list of VLAN IDs. By default, the list is empty meaning that all traffic is allowed to enter or leave the Ethernet or LAN port of the egress node. If you add a VLAN ID to the list, then only traffic belonging to that VLAN can enter or leave the Ethernet or LAN port of the egress node. If you add the keyword untagged to the list, then only untagged traffic can enter or leave the Ethernet or LAN port of the egress node. October 11, 2011 Confidential Page 66 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Card Settings Card Settings This chapter contains the following topics that describe card operations:
Determining which Cards are in a Node on page 67 Displaying Card Information on page 68 Card Administrative State on page 70 Restarting a Card on page 70 Table 6 lists the location of documentation for physical interface parameters. Table 6: Physical Interface Parameter Settings Physical Interface Type Refer to... Wi-Fi Radio Configuration Overview on page 71 Configuring Wi-Fi Radio Parameters on page 72 Configuring Wi-Fi Access Point Parameters on page 80 Wi-Fi AP Security on page 100 Wi-Fi Backhaul Link Configuration on page 115 Mobile Backhaul Mesh on page 123 Mobile Backhaul Point-to-point Links on page 127 Ethernet or LAN Interface Settings on page 64 Wi-Fi Ethernet
(1000Base-TX)
/mode
/card/mode Use the mode command to determine <card_type> and <n>. Determining which Cards are in a Node October 11, 2011 Confidential Page 67 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Card Settings Example 1
/# mode
/card
/htme-1
/interface
/wifi-1-1 (HTMEv1 5GHz 802.11n)
/wifi-1-2 (HTMEv1 2.4GHz 802.11n)
/eth-1-1 (1000BASE-T)
/lan-1 (1000BASE-T)
/lan-2 (1000BASE-T)
/lan-3 (1000BASE-T)
/lan-4 (1000BASE-T)
/mgmt
/protocol
/ip
/radius
/rstp
/snmp
/sntp
/te-syst (tunnel)
/qos
/services
/auto-conn
/mobility
/ssh
/ssl
/syslog
/system
/diagnostics Example 2
/card# mode
/htme-1 The following sections describe commands that display card parameters.
/card/<card_type>-<n>/show info This command displays various physical aspects of the card. Example
/card/htme-1# show info Slot Type Version Serial Number Assembly Code
1 htme 1 844000010 B2CH103AA-A A01
/card/<card_type>-<n>/show interfaces This command displays the physical interfaces that the card provides. Displaying Card Information Displaying the Card Physical Data Displaying the Card Physical Interfaces October 11, 2011 Confidential Page 68 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Card Settings Displaying the Card CPU and Memory Usage Example
/card/htme-1# show interfaces htme: has the following interfaces:
wifi-1-1 wifi-1-2 eth-1-1 lan-1 lan-2 lan-3 lan-4
/card/<card_type>-<n>/show cpuocc
/card/<card_type>-<n>/show meminfo The show cpuocc command displays the cards CPU idle rate. The show meminfo displays card memory usage data. Examples
/card/htme-1# show cpuocc CPU-idle: 97.0 In the previous example, the card CPU is 97% idle and 3% occupied
/card/htme-1# show meminfo MemTotal: 125068 kB MemFree: 54996 kB Buffers: 0 kB Cached: 31424 kB SwapCached: 0 kB Active: 19808 kB Inactive: 20784 kB Active(anon): 11856 kB Inactive(anon): 0 kB Active(file): 7952 kB Inactive(file): 20784 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 125068 kB LowFree: 54996 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 0 kB Writeback: 0 kB AnonPages: 9196 kB Mapped: 9876 kB Shmem: 2688 kB Note: The type and amount of card memory usage data may vary depending on the cards software version. October 11, 2011 Confidential Page 69 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Card Administrative State Restarting a Card
/card/<card_type>-<n>/show state
/card/<card_type>-<n>/set state {enabled | disabled}
These commands manage the cards administrative state. Example
/card/htme-1# show state Admin:Up Status:running
/card/<card_type>-<n>/reboot [{force}]
Card Settings This command restarts a specific card. You must confirm your intent before the card is rebooted. Under some circumstances, a reboot may be prevented because of processing from other user sessions. Use the force parameter to override these restrictions and restart the card regardless. October 11, 2011 Confidential Page 70 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Radio Configuration Overview Wi-Fi Radio Configuration Overview Available Wi-Fi Radios Table 7 on page 71 lists the available BelAir Wi-Fi radios. Table 7: BelAir Wi-Fi Radio Summary Configuration Process Radio Module Operating Frequency Platform Can Operate as Access Point?
HTMEv1 2.4/5.8 GHz BelAir20E Yes Supported Backhaul Topologies mp-to-mp p-to-mp p-to-p Use the following process to configure a Wi-Fi radio:
1 Configure basic radio parameters. See Configuring Wi-Fi Radio Parameters on page 72. 2 Configure AP parameters, if required. See Configuring Wi-Fi Access Point Parameters on page 80 and Wi-Fi AP Security on page 100. 3 Configure backhaul parameters. See Wi-Fi Backhaul Link Configuration on page 115. 4 Configure mobile backhaul mesh parameters. See Mobile Backhaul Mesh on page 123 October 11, 2011 Confidential Page 71 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Radio Parameters Configuring Wi-Fi Radio Parameters This chapter describes how to display and configure Wi-Fi radio parameters, including:
Displaying Wi-Fi Radio Configuration on page 73 Displaying Configuration Options on page 74 Operating Channel on page 74 Antenna Gain on page 76 Transmit Power Level on page 76 Link Distance on page 77 Dynamic Frequency Selection on page 77 Collision Aware Rate Adaptation on page 78 Rate Aware Fairness on page 78 802.11n Aggregation on page 78 Minimum Receive Threshold on page 78 Changing Wi-Fi Interface Admin State on page 79 To configure parameters that are specific to Wi-Fi Access Points (APs), see Configuring Wi-Fi Access Point Parameters on page 80. To configure parameters that are specific to backhaul radios, including the different types of backhaul links, see Wi-Fi Backhaul Link Configuration on page 115. See also:
Configuring Wi-Fi Access Point Parameters on page 80 Wi-Fi AP Security on page 100 Wi-Fi Backhaul Link Configuration on page 115 Mobile Backhaul Mesh on page 123 October 11, 2011 Confidential Page 72 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying Wi-Fi Radio Configuration Configuring Wi-Fi Radio Parameters
/interface/wifi-<n>-<m>/show config
[{all|access|backhaul|qos|mobile}]
This command displays various aspects of the radios configuration. Example - Typical BelAir20E
/interface/wifi-1-1# show config all Slot: 1, Card Type: htme, revision: 1, Port: 1, Radio: HTMEv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 149 mode: ...................... ht40plus mimo: ...................... 3x3 tx power: .................. 18.0 (dBm per-chain), 23.0 (dBm total) antenna location: ............ External Port antenna index: ............... 1 antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:0c:21:90 Access:
AP admin state: ............ Enabled secure addresses (vlan): ... none client blacklist: .......... none dhcp unicast: .............. Disabled deauth dos defense: ........ Disabled client auth trap: .......... Disabled Misc:
rts-cts threshold: ......... 100 broadcast filter status: ... Disabled broadcast filter rate: ..... 200 QOS:
wmm: ....................... Enabled uapsd: ..................... Enabled mapping: ................... UP/DSCP voice acm: ................. Disabled video acm: ................. Disabled Common Backhaul:
privacy: ................... AES key: ....................... mesh-min-rssi............... -100 (dbm) Stationary Backhaul:
link admin state: .......... Disabled link id: ................... BelAirNetworks topology: .................. mesh Mobile Backhaul:
mobile admin state: ........ Disabled mobile link id: ............ mobile link role: .......... ss Blacklist:
No blacklist entries Link Failure Detection: ...... Disabled Backhaul T1 Bandwidth limit:.. Disabled October 11, 2011 Confidential Page 73 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying Configuration Options Configuring Wi-Fi Radio Parameters
/interface/wifi-<n>-<m>/show available-config-options This command displays valid channel, antenna gains and transmit power values for your unit. The displayed values vary depending on the country of operation. Example - Typical BelAir20E
/interface/wifi-1-1# show available-config-options Channels:
[Mode=ht20]
36 37 38 39 40 41 42 43 44 45 46 47 48
[Mode=ht40+]
36 37 38 39 40 41 42 43 44
[Mode=ht40-]
40 41 42 43 44 45 46 47 48
[Mode=ht20]
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
[Mode=ht40+]
149 150 151 152 153 154 155 156 157
[Mode=ht40-]
153 154 155 156 157 158 159 160 161 External antenna gain list:
0.00 5.00 9.00 Tx power values for channel [149] and antenna gain [5]:
18 17 16 15 14 13 12 11 10 9
/interface/wifi-<n>-<m>/set channel {<channel-number>
[secondary <channel-number>]
[channel-bandwidth {5000|2500]
[channel-mode ht20|ht40plus|ht40minus|20] |
auto [background-scan {enabled | disabled}]}
/interface/wifi-<n>-<m>/re-scan-channel Note: The specific syntax and options for the set channel command varies depending on the type of radio being configured. Use the /interface/
wifi-<n>-<m>/? command to display the options and syntax that apply to you. The set channel command lets you specify the channel settings for a Wi-Fi radio. Use the show available-config-options command to display valid channel numbers. The displayed values vary depending on the country of operation. Refer to your RF plan and site survey to determine which value you should use. Improper setting of channel, antenna gain and transmit power may exceed regulatory requirements and void the operators right to operate the radio equipment. Refer to the BelAir Radio Transmit Power Tables to determine valid combinations of channel, antenna gain and transmit power for your country. Operating Channel CAUTION!
October 11, 2011 Confidential Page 74 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Radio Parameters If the unit is a member of a multipoint-to-multipoint mesh cluster, the channel must be set to match the one used by the multipoint-to-multipoint mesh cluster. If a unit is equipped with many radios for backhaul, their channels must be separated by at least 35 MHz (that is, seven channel numbers) to avoid radio interference resulting in poor data communication quality. For example, channel numbers 53 and 61 can be used together, but not 53 and 59. The secondary parameter applies to any radio supplying Dynamic Frequency Selection (DFS), a regulatory requirement in some jurisdictions. The secondary parameter sets an optional secondary channel for use with DFS. The default value is 0, instructing DFS to operate as if the secondary channel is the same as the primary channel. If you change the channel number from the default value and if you do not specify a secondary channel, then your secondary channel is set to be the same as your primary channel. DFS behaves the same way regardless of whether your secondary channel is the same as the primary channel or whether your secondary channel is 0. Refer to your RF plan and site survey to determine if you need to set a secondary channel other than 0 or your primary channel. The channel-bandwidth parameter applies to the WCSv1 only. It sets the bandwidth of the channel you want to use. The specified bandwidth is in kHz. The channel-mode parameter applies to all 2.4 and 5.8 GHz radios. It sets the 802.11n channel mode. The auto and background-scan parameters apply to 2.4 GHz radios only.The auto parameter causes the radio to search for surrounding APs. At startup, the system scans all channels in a given channel mode to collect several parameters. The channel providing the best quality is selected. The background-scan parameter assists the auto feature in determining the channel settings to use. By default background scan is disabled. If background scan is enabled, the system periodically does an off-channel scan of a foreign channel where it collects more channel quality data. After a sufficient number of background scans have occurred, the system re-calculates the best channel to use based on:
the most recent data for the home channel and all foreign channels the historic data of all foreign channels October 11, 2011 Confidential Page 75 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Radio Parameters Antenna Gain CAUTION!
If a foreign channel is at least 20% better the home channel, then the system switches to the new channel. The re-scan-channel command causes the radio to perform another search. See also:
Country of Operation on page 49 the BelAir Radio Transmit Power Tables
/interface/wifi-<n>-<m>/set antenna-gain <gain>
This command lets you specify the gain of the antenna installed with your unit. Use the show available-config-options command to display valid gain values (in dBi). The displayed values vary depending on the country of operation and the channel in use. You must set the <gain> parameter to match the gain of the antenna installed in your unit. For all countries except Korea, the default access antenna gain is 8 dBi. For Korea, the default access antenna gain is 6 dBi. Improper setting of channel, antenna gain and transmit power may exceed regulatory requirements and void the operators right to operate the radio equipment. Refer to the BelAir Radio Transmit Power Tables to determine valid combinations of channel, antenna gain and transmit power for your country. See also:
Country of Operation on page 49 Operating Channel on page 74 the BelAir Radio Transmit Power Tables Transmit Power Level
/interface/wifi-<n>-<m>/set tx-power <tx-power-value>
[secondary <tx-power-value>]
This command sets the transmit power for a Wi-FI radio. The range of
<tx-power-value> is limited to be valid for your country of operation, physical channel in use, and type of antenna that is installed. Use the show available-config-options command to display valid transmit power values
(in dBm). The displayed values vary depending on the country of operation and channel in use. The default setting is to have the radio transmit at maximum power. October 11, 2011 Confidential Page 76 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Radio Parameters CAUTION!
The secondary parameter applies only to 5.8 GHz radios. It sets the transmit power for an optional secondary channel for use with Dynamic Frequency Selection (DFS), a regulatory requirement in some jurisdictions. The default is to have the same transmit power level for both the primary and secondary channel. Refer to your RF plan and site survey to determine if you need to set a different power level for the DFS secondary channel. Improper setting of the transmit power may exceed regulatory requirements and void the operators right to operate the radio equipment. See also:
Country of Operation on page 49 Operating Channel on page 74 Antenna Gain on page 76 Link Distance
/interface/wifi-<n>-<m>/set link-distance <distance>
Dynamic Frequency Selection This command adjusts the units MAC timers to compensate for the additional time to receive acknowledgements because the other unit is farther. The distance parameter has a range of 0 to 40 and is specified in kilometers. The default value is 1 km.
/interface/wifi-<n>-<m>/show dfs This command displays current Dynamic Frequency Selection (DFS) settings, a regulatory requirement in some jurisdictions. DFS is automatically implemented depending on the country of operation. See also:
Country of Operation on page 49 Operating Channel on page 74 Transmit Power Level on page 76 Example
/interface/wifi-1-1# show dfs DFS admin state : enabled current channel : 53 channel DFS radar holdoff-time
# required detected remaining
primary: 53 no no 0 (sec) secondary: 53 no no 0 (sec) October 11, 2011 Confidential Page 77 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Collision Aware Rate Adaptation Rate Aware Fairness 802.11n Aggregation Minimum Receive Threshold Configuring Wi-Fi Radio Parameters
/interface/wifi-<n>-<m>/set advanced-collision-ctrl
{enable|disable}
Collision Aware Rate Adaptation (CARA) is an advanced algorithm that turns RTS on and off when it detects a collision. This allows frames that failed due to the collision to get through without compromising the transmission rate (that is, the RTS is sent at 1mpbs and clears the channel of collisions for the high rate data packet). By default, CARA is enabled.
/interface/wifi-<n>-<m>/set rate-aware-fairness {enable|disable}
Rate aware fairness is a transmission algorithm that chooses dynamic retreat and progress thresholds based on the transmission rate of the station being transmitted to, and the size of the packet. Normally, when the AP has a client with a slower connection, all other clients are throttled down to that same rate. Rate Aware Fairness overcomes this issue by trying to give clients equal amounts of air-time instead of equal numbers of packets. By default, rate aware fairness is disabled.
/interface/wifi-<n>-<m>/set tx-aggr {enable|disable}
This command applies to the HTM and DRU only. This command enables or disables transmit aggregation for the radio. Transmit aggregation is an 802.11n feature where multiple MSDUs or MPDUs are packed together to reduce the overhead and average them over multiple frames, thus increasing the user level data rate. The default setting is enable.
/interface/wifi-<n>-<m>/set rcv-rssi-threshold <dBM_threshold>
{disabled | enabled}
This command sets a minimum signal strength threshold to prevent associations with weak radio signals. Associations are only created between radios with a signal strength greater than the specified threshold. The default setting is disabled. October 11, 2011 Confidential Page 78 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Changing Wi-Fi Interface Admin State Configuring Wi-Fi Radio Parameters
/interface/wifi-<n>-<m>/set admin-state {enable|disable}
This command controls the state of the Wi-Fi interface including all links. When set to enable, the Wi-Fi interface is in the operational state. When set to disable, the Wi-Fi interface and all associated functions are disabled. The default is disabled. Use the /interface/wifi-<n>-<m>/show config command to view the current admin state of the Wi-Fi interface. October 11, 2011 Confidential Page 79 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Configuring Wi-Fi Access Point Parameters This chapter describes how to display and configure Wi-Fi Access Point (AP) parameters, including:
Displaying AP Configuration on page 81 AP Custom Rates on page 81 Displaying Associated Wireless Clients on page 83 Displaying Wireless Client Details on page 85 Disconnecting a Wireless Client on page 85 Wireless Client Load Balancing on page 85 Configuring RTS-CTS Handshaking on page 86 Specifying the Beacon Period on page 86 Displaying Client Association Records on page 87 Changing AP Admin State on page 88 AP Service Set Identifiers on page 88 Displaying the SSID Table on page 89 Displaying SSID Details on page 90 Default Management SSID on page 90 Configuring SSIDs on page 91 Upstream User Priority Marking on page 92 Setting Traffic Limits on page 93 Providing Vendor Specific Information on page 93 Changing SSID Admin State on page 94 Out-of-service Advertising on page 95 Filtering Broadcast and Multicast Packets on page 96 Broadcast to Unicast Packet Conversion on page 96 Limiting Upload and Download Rates on page 97 ARP Filtering on page 97 October 11, 2011 Confidential Page 80 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters ARP to Unicast Conversion on page 98 802.11b Protection on page 98 See also:
Configuring Wi-Fi Radio Parameters on page 72 Wi-Fi AP Security on page 100 Wi-Fi Backhaul Link Configuration on page 115 Mobile Backhaul Mesh on page 123 Displaying AP Configuration Use the show config access command to display the current AP configuration. See Displaying Wi-Fi Radio Configuration on page 73 for details. Example - Typical BelAir20E
/interface/wifi-1-1# show config access Slot: 1, Card Type: htme, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 149 mode: ...................... ht40plus mimo: ...................... 3x3 tx power: .................. 18.0 (dBm per-chain), 23.0 (dBm total) antenna location: ............ External Port antenna index: ............... 1 antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:0c:21:90 Access:
AP admin state: ............ Enabled secure addresses (vlan): ... none client blacklist: .......... none dhcp unicast: .............. Disabled deauth dos defense: ........ Disabled client auth trap: .......... Disabled Misc:
rts-cts threshold: ......... 100 broadcast filter status: ... Disabled broadcast filter rate: ..... 200
/interface/wifi-<n>-<m>/show custom-rates
/interface/wifi-<n>-<m>/set custom-rates {disabled |
enabled [{add|del} [b <rate_string>]
[g <rate_string>]
[ht <rate_string>]}
These commands let you customize the modulation rates used by your 802.11n radio by building a list of rates to include. Putting a rate on the list allows the radio to use that rate. AP Custom Rates October 11, 2011 Confidential Page 81 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters The show command displays modulation rates that are currently on the list;
that is, the rates that the radio uses. Rates that have short preamble are indicated with sp. Use the set command to enable or disable the custom rates feature. By default, the custom rates feature is disabled. Once you enabled custom rates, use the add and del parameters to create the specific list of rates that you need. The <rate_string> parameter is one of rates output by the show custom-rates command. If you use the set command without specifying a custom rate, a list of valid custom rates is displayed. Note: Adding a rate does not mean that the radio automatically begins to use that rate. The modulation rate selected by a radio depends on several factors. The custom rates list is just one of those factors. Example 1 - Using Custom Rates
/interface/wifi-1-2# set custom-rates enabled Valid custom b rates are:
11,5.5,2,1,11(sp),5.5(sp),2(sp) Valid custom g rates are:
48,24,12,6,54,36,18,9 Valid custom n rates are:
mcs0,mcs1,mcs2,mcs3,mcs4,mcs5,mcs6,mcs7
/interface/wifi-1-2# show custom-rates Custom-rate is enabled and the list includes:
A/G : 48 24 12 6 54 36 18 9 B : 11 5.5 2 1 11(sp) 5.5(sp) 2(sp) HTSS : mcs0 mcs1 mcs2 mcs3 mcs4 mcs5 mcs6 mcs7 HTDS : mcs8 mcs9 mcs10 mcs11 mcs12 mcs13 mcs14 mcs15 Example 2 - Using Custom Rates
/interface/wifi-1-2# show custom-rates Custom-rate is enabled and the list includes:
A/G : 48 24 12 6 54 36 18 9
/interface/wifi-1-2# set custom-rates enabled del g 18
/interface/wifi-1-2# show custom-rates Custom-rate is enabled and the list includes:
A/G : 48 24 12 6 54 36 9 October 11, 2011 Confidential Page 82 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying Associated Wireless Clients Configuring Wi-Fi Access Point Parameters
/interface/wifi-<n>-<m>/show clients [ssid <ssid_index>]
This command displays the list of associated wireless clients for a given SSID. If no SSID is specified, the displayed list shows all associated clients and their SSID. The ssid_index parameter must be a valid SSID index. In the resulting output:
The time field displays how long the client has been associated to the BelAir radio. The IP field lists the client's IP address. (s) indicates static IP addressing. The identity field lists the 802.1X client identity. It is present for dot1x or WPA SSIDs. The auth field lists the authentication state of the client. See Table 8. The dhcp field lists the client DHCP state (applicable only if client uses dynamic IP addressing). See Table 9 on page 83. Table 8: Auth Field Value Descriptions Value Description unauth default or initial state auth client is authorized for Open or WEP privacy eapAuth client is authorized for dot1x, WPA1 or WPA2 privacy pskErr radto cltto Possible wrong WPAPSK key configured on client For dot1x, WPA1 or WPA2. Problems connecting to radius server, possibly because of a network problem. For dot1x, WPA1 or WPA2. Problems sending EAP packets to client. Table 9: DHCP Field Value Descriptions Value Description init Client has just connected and has not yet started a DHCP sequence October 11, 2011 Confidential Page 83 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Table 9: DHCP Field Value Descriptions (Continued) Value Description disc offer req decl ack Client has sent a DHCP Discover message and is waiting for a DHCP Offer message to get its IP address.
(Applicable only if client does not already have a valid IP address. Otherwise client sends DHCP Request message.) Server has responded to the DHCP Discover message with a DHCP Offer message. This packet tells the client its IP address. The client should then send a DHCP Request message to verify the IP address. Client has sent the DHCP Request message to the server and is waiting for a DHCP Ack message to confirm the assigned IP address. Server has declined the clients DHCP request. Verify the server settings. Client has sent a DHCP Request message and the server has confirmed the assigned IP address.
(a * appended to the value indicates a completed DHCP process.) nack Server has responded to the clients DHCP request with a DHCP Nack message. Verify the server settings. relse Client has sent a DHCP Release message. inform Client has sent a DHCP Inform message. Depending on the server, the server may respond with a DHCP Ack message.
(a * appended to the value indicates a completed DHCP process.) arpRes Client has gone through one of the DHCP state transitions and replied to an ARP request for its IP address.
(a * appended to the value indicates a completed DHCP process.) Depending on the server configuration, if a client moves to a different subnet, it may need to timeout the current IP address (approx. 30 seconds) and then restart the DHCP sequence. During this process the client may use the standard default IP address for Microsoft Windows (169.254.X.X). Example
/interface/wifi-2-1# show clients October 11, 2011 Confidential Page 84 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters SS-ID vlan mac addr time IP identity rssi auth dhcp
2-4 0 00:11:24:26:24:AA 4m 10.9.9.20(s) -82 eapAuth static Displaying Wireless Client Details Disconnecting a Wireless Client
/interface/wifi-<n>-<m>/show client <1|2|...|2007>
[throughput] [stats]
This command displays the details of a wireless client that is associated or was recently associated with the AP. You determine the client number
<1|2|...|2007> with the show clients command. See Displaying Associated Wireless Clients on page 83. The throughput parameter displays additional information on traffic throughput. The stats parameter allows displays additional information on packet statistics. In the resulting output, the age parameter shows the time since the radio last received a data frame from the client and the state parameter shows authenticated (2) if the client is no longer associated. Example
/interface/wifi-1-1# show client 35 Ssid: ........... 1 Vlan: ........... 0 Mac Address: .... 00:18:DE:98:28:E8 Connected Time: . 0 yrs 0 days 00:00:42 Aging Time: ..... 0 seconds Ip Address: ..... 10.1.1.60 Identity: ....... Rssi: ........... -48 (dBm) Auth State: ..... Authenticated(open/wep) Dhcp State: ..... Client sent ARP response (complete)
/interface/wifi-<n>-<m>/disconnect client <mac_address>
This command lets you disconnect the specified client from the AP. You determine the client MAC address with the show clients command. See Displaying Associated Wireless Clients on page 83. Wireless Client Load Balancing
/interface/wifi-<n>-<m>/set max-num-clients <max_num> [strict]
This command lets you set the maximum number of clients that can associate with the AP. Once the maximum is reached, new client associations are not immediately accepted. October 11, 2011 Confidential Page 85 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Configuring RTS-CTS Handshaking Specifying the Beacon Period While using this command, keep in mind the following:
If you do not use the strict parameter, and a new client continues to try to associate after the client maximum is reached, the AP does accept it after three retries. (All association retries in a one minute interval is considered a single retry.) If you use the strict parameter, the AP does not accept a new client when the client maximum is reached, even if the new client to tries to associate repeatedly. Changing the client maximum does not take effect until two minutes later. Changing the client maximum does not disconnect any existing client. The <max_num> parameter ranges from 0 to 256. The default is 256.
/interface/wifi-<n>-<m>/set rts-cts {disabled|enabled <threshold>}
This command lets you enable or disable Request-to-Send (RTS) and Clear-to-Send (CTS) handshaking. When enabled, handshaking occurs for packets larger than the threshold. The
<threshold> parameter can range from 1 to 65536. The default value is 100. By default, dynamic rate handshaking is disabled.
/interface/wifi-<n>-<m>/set beacon-period
{auto | <bp_value> [dtim <dt_value>]}
This command lets you specify the behavior of your beacon period for broadcast Service Set Identifiers (SSIDs). See also AP Service Set Identifiers on page 88. If specified, the <bp_value> parameter specifies a fixed beacon period in milliseconds. It ranges from 100 to 400. The optional <dt_value> parameter specifies the DTIM value. It ranges from 1 to 3. If you select auto, the BelAir unit automatically adjusts the beacon period and DTIM value dynamically according to the number of MBSSIDs. The default setting is to have a fixed beacon period of 100 ms with a DTIM value of 3. October 11, 2011 Confidential Page 86 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying Client Association Records Configuring Wi-Fi Access Point Parameters
/interface/show client-record <num_entries> [radio <radioIf_name>]
[vlan {<vlan_id>| none}] [mac-addr <mac_address>]
[aggregation | start <start_idx>]
/interface/show client-record detail <num_entries>
Every 15 minutes, the BelAir node generates wireless client association records. A client record includes the following information:
The IP address, MAC address, VLAN, RSSI, DHCP state, and authentication state of the client. The radio interface and SSID index for the radio the Wi-Fi client is associated to. The start and end connection time, as well as the times a client has a throughput greater than 2 kBps or transmits more than 2 kB of traffic. If a client connection crosses more than one 15-minute interval, another client record is generated for that client. A continue flag indicates that the client has another record in the next 15-minute interval. The num_entries parameter specifies the number of entries to display. You can filter the output based on the following optional parameters:
Use radio <radioIf_name> to filter for records of clients connected to a particular Wi-FI interface, such as wifi-2-1. Use vlan <vlan_id> to filter for records of clients using a particular VLAN, or no VLAN. Use mac-addr <mac_address> to filter for records with a clients MAC address. Use aggregation to show combined client records when a client connection crosses multiple 15-min boundary. Use start <start_idx> to show client records starting from a particular record index number. The starting index number is always unique. Use the show client-record detail command to display details of a particular client record. Example - Non Aggregated Records
/interface# show client-record 4 SSID Start Time Connect IP MAC RSSI Vlan RX TX Continue ID Radio INX dd hh:mm:ss mm:ss address address max avg min Id KB KB flag 11 wifi-2-1 1 11 06:42:57 15:02 10:1:1:7 00:18:de:c2:30:46 -25 -44 -64 0 90 109 Yes 10 wifi-2-1 1 11 06:27:55 15:02 10:1:1:7 00:18:de:c2:30:46 -25 -44 -64 0 60 72 Yes 9 wifi-2-1 1 11 06:12:53 15:02 10:1:1:7 00:18:de:c2:30:46 -25 -44 -64 0 268 323 Yes 8 wifi-2-1 1 11 05:57:51 15:02 10:1:1:7 00:18:de:c2:30:46 -25 -44 -64 0 219 250 Yes October 11, 2011 Confidential Page 87 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Example - Aggregated Records
/interface# show client-record 20 aggregation SSID Start Time End Time IP MAC RSSI Vlan RX TX Cross Byte Cross Rate ID Radio INX dd hh:mm:ss dd hh:mm:ss address address avg Id KB KB dd hh:mm:ss dd hh:mm:ss 1 wifi-2-1 1 11 04:57:41 11 04:59:40 10:1:1:7 00:18:de:c2:30:46 -42 0 5 4 11 04:58:42 not exceed 3 wifi-2-1 1 11 05:00:11 11 05:01:25 10:1:1:7 00:18:de:c2:30:46 -45 0 11 8 11 05:00:52 not exceed 4 wifi-2-1 1 11 05:08:02 11 06:57:59 10:1:1:7 00:18:de:c2:30:46 -44 0 1074 1255 11 05:08:21 not exceed Example - Client Record Detail Figure 5: Client Record Detail Example
/interface# show client-record detail 4 Client Record INX[4]:
Radio Interface: wifi-2-1 SSID Idx: 1 Start Time (mon-dd hh:mm:ss): 07-11 05:08:02 End Time (mon-dd hh:mm:ss): 07-11 05:12:45 Vlan ID: 0 IP Address: 10:1:1:7 MAC Address: 00:18:de:c2:30:46 RSSI(dbm): max -25, min -64, avg -43 Exceed Throughput(2KB) Time: 07-11 05:08:21 Throughput: Rx 35KB, Tx 33KB Authenticate State: Authenticated(open/wep) DHCP State: Client sent ARP response Is Continued: Yes When the client logged in When the record ends Client RSSI information Time when client crossed the 2 kbyte threshold. Same as show client detail command. If Yes, record continues into next 15-minute window. Changing AP Admin State AP Service Set Identifiers
/interface/wifi-<n>-<m>/set ap admin-state {enable|disable}
This command controls the state of the AP. When set to enable, the AP is in the operational state. When set to disable, the AP and all associated functions are disabled. The default is enabled. Use the commands in this section to:
configure AP Service Set Identifiers (SSIDs) map an SSID to a VLAN provide vendor specific information Each AP supports up to 8 SSIDs. If associated clients use different SSIDs, then the BelAir20E can use the SSID to direct traffic to different VLANs. October 11, 2011 Confidential Page 88 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying the SSID Table Configuring Wi-Fi Access Point Parameters
/interface/wifi-<n>-<m>/show ssid table This command summarizes in table format the parameters of all configured SSIDs. In the resulting output:
The broadcast setting is the default for SSID 1. A broadcast setting means that the access radio responds to a broadcast probe request and that SSID information element is present in the beacon dataframe. A broadcast SSID has a Basic Service Set (BSS), a unique identifier having the same format as a MAC address. A suppressed setting means that the access radio responds only to a unicast probe request and that SSID information element is present in the beacon dataframe, but has a length of 0 and a null value. A suppressed SSID has a Basic Service Set (BSS), a unique identifier having the same format as a MAC address. Example - Typical Output
/interface/wifi-1-1# show ssid table SSID Information
id enabled vlan type privacy wb sp acl bss ssid
1 yes -- Broadcast none -- -- -- 00:0D:67:0C:21:98 RickBA20E-15-2 2 no -- Suppressed none -- -- -- 00:0D:67:0C:21:99 DefaultSsid2-2 3 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9A DefaultSsid2-3 4 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9B DefaultSsid2-4 5 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9C DefaultSsid2-5 6 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9D DefaultSsid2-6 7 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9E DefaultSsid2-7 8 no -- Suppressed none -- -- -- 00:0D:67:0C:21:9F DefaultSsid2-8
In the previous example:
wb is for wireless bridge; see Disabling or Enabling AP Wireless Bridging on page 111 sp is for secure port; see AP Secure Port Mode on page 112 acl is for access control list; see Wireless Client Access Control List on page 109 bss is for basic service set; see Configuring SSIDs on page 91 a star ( * ) means that the feature is enabled for that particular SSID a double dash ( -- ) means that the feature is not enabled for that particular SSID October 11, 2011 Confidential Page 89 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Displaying SSID Details
/interface/wifi-<n>-<m>/show ssid <ssid_index> config This command displays details of a particular SSID. Use the show ssid table command to determine <ssid_index>. Example
/interface/wifi-1-1# show ssid 3 config Configuration for ssid 3 admin state: ..................... Enabled SSID: ............................ DefaultSsid2-1 AP oos identifier: ............... outOfService.. mbssid state: .................... Enabled type: ............................ Broadcast privacy mode: .................... none rekey: ........................... Disabled key strict: ...................... no traffic mapped to vlan: .......... none passthrough vlan(s): ............. disabled wireless bridge state: ........... Disabled group address filter: ............ none upstream UP marking: ............. Disabled (0) acl state: ....................... Disabled secure port state: ............... Disabled arp unicast conversion state: .... Disabled radius NAS identifier: ........... belair radius accounting: ............... Disabled radius station id unformatting: .. Disabled radius account session id: ....... Disabled secure addresses (vlan):
No secure addresses configured client blacklist:
No blacklist entries auto secure gateway: ............. enabled Address Vlan 00:0a:5e:49:1c:33 (500) 00:0a:5e:49:1c:8b (600) radius servers:
No radius servers configured for this ssid DHCP relay servers:
Server[1] Addr: 10.1.100.88 sub-option: 150/151 inserted sub-option151: vpn-selector Option82 Insert Enabled. By default, SSID 8 of each radio is a suppressed SSID preconfigured for a management session. The default management SSID is BelAir-<MAC_info>, where <MAC_info> is the last six digits of the nodes MAC address. For example, if a node has a MAC address of 00:0D:67:08:48:98, the default management SSID is BelAir-084896. Default Management SSID October 11, 2011 Confidential Page 90 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Configuring SSIDs By default, SSID 8:
uses WPA encryption with the following pre-shared key: DefaultKey123. Users may wish to change the security settings to suit their needs. is not mapped to a VLAN. Users may wish to map SSID 8 to a separate VLAN reserved for management sessions. Refer to the following topics for details on changing the default settings for SSID 8:
To change the SSID and map it to a VLAN, see Configuring SSIDs on page 91. To change the security settings, see Wi-Fi AP Security on page 100.
/interface/wifi-<n>-<m>/set ssid <ssid_index>
service-set-identifier <ssid_string>
{broadcast | suppressed}
vlan {<vlanID-list>|none}
[passthrough-vlan {<passvlanID-list>|none}]
This command allows you to configure AP SSIDs. The ssid_string parameter is the SSID setting. SSIDs are case sensitive and can contain up to 32 alphanumeric characters. To specify a blank string, input two double quotes (). The ssid_index parameter is an integer from 1 to 8. Use the show ssid table command to determine <ssid_index>. For a description of the broadcast and suppressed parameters, see Displaying the SSID Table on page 89. The vlanID-list parameter, if present, specifies a comma separated list of VLAN IDs. Each VLAN ID must be an integer from 1 to 2814. The list can contain up to eight VLAN IDs. The vlanID-list parameter activates functionality to balance traffic among up to eight VLANs, based on the last three bits of the MAC address of the wireless client generating the traffic. The last three bits of the MAC address can range in value from 0 to 7. For example:
Traffic from clients where the last three bits have a value of 0 is directed to the first VLAN on the list. Traffic from clients where the last three bits have a value of 1 is directed to the second VLAN on the list. October 11, 2011 Confidential Page 91 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Traffic from clients where the last three bits have a value of 6 is directed to the seventh VLAN on the list. If the last three bits of the MAC address does not reference a VLAN on the list, then the client's traffic is directed to the first VLAN on the list. If the vlan parameter is none and the wireless client is sending untagged traffic, then the traffic corresponding to the specified SSID is passed through the access radio without change. If the wireless client is sending tagged traffic, then you can use the passvlanID-list parameter. The passvlanID-list parameter, if present, also specifies a comma separated list of VLAN IDs. As with the vlanID-list parameter, each VLAN ID must be an integer from 1 to 2814, and the list can contain up to eight VLAN IDs. The passvlanID-list parameter applies to pre-tagged traffic; for example, generated from Linux wireless clients. If the traffics VLAN tag matches a VLAN on the list, then that traffic is allowed to go through unchanged. Otherwise, the tagged traffic from the client is dropped. If passvlanID-list is populated, then vlanID-list can specify only one VLAN ID. In such cases, untagged traffic from the client is tagged with the VLAN from vlanID-list. If the VLAN ID list is set to none, then untagged traffic from the client remains untagged. If the passthrough VLAN list is none, tagged packets from a wireless client are dropped. Untagged packets from the client are tagged with the VLAN ID from vlanID-list according to the last three bits of the clients MAC address.
/interface/wifi-<n>-<m>/set ssid <ssid_index>
upstream-up-marking {enabled|disabled}
[ up-value <val> ]
This command enables or disables the ability to set the User Priority (UP) value of any packet received by the AP for a particular SSID. The UP values are then used throughout the network to separate and prioritize traffic through Quality of Service (QoS) settings. See Quality of Service Settings on page 177 for details. By default, upstream UP marking is disabled. The ssid_index parameter must be a valid SSID index. See AP Service Set Identifiers on page 88 Upstream User Priority Marking October 11, 2011 Confidential Page 92 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Setting Traffic Limits Providing Vendor Specific Information Configuring Wi-Fi Access Point Parameters
/interface/wifi-<n>-<m>/set ssid <ssid_index> traffic-limit
([upstream <bits-per-second>]
[downstream <bits-per-second>]) This command allows you to control the amount of traffic the AP sends for a particular SSID:
Use the upstream parameter to specify the amount sent to the network. Use the downstream parameter to specify the amount sent to wireless clients. Specify 0 to remove previously set limits. Use the show ssid table command to determine <ssid_index>. Use the show ssid <ssid_index> config command to see the currently configured values.
/interface/wifi-<n>-<m>/set ssid <ssid-number>
option82 insertion {enabled|disabled}
/interface/wifi-<n>-<m>/set ssid <ssid-number>
option82 use {subopt9 | subopt150-151}
/interface/wifi-<n>-<m>/set ssid <ssid-number>
option82-suboption151 <random_str>
You can enable DHCP relay functionality for the SSID with the set ssid
<ssid_index> dhcp-relay command. For details see Assigning SSID Traffic to Use DHCP Relay on page 147. Once DHCP relay functionality is enabled for the SSID, your BelAir20E automatically adds DHCP Option 82 information (that is, relay agent information) to the DHCP packets for that SSID sent to the wireless client and DHCP server. By default, if Option 82 insertion is enabled, the relay agent information is packaged as part of Suboption 9. However, you can choose to instead use Suboption 150 (VLAN info) and 151 (VPN selection ID). If you choose Suboption 9, the relay agent information is packaged as follows:
agent circuit ID Subsuboption 1, the MAC address of your BelAir20E Subsuboption 2, VLAN identifier Subsuboption 3, Radio MAC address Subsuboption 4, SSID: the SSID that is using the DHCP relay functionality Subsuboption 5, GPS coordinates October 11, 2011 Confidential Page 93 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters If you choose Suboption 150 and 151, the relay agent information is packaged as follows:
Suboption 150. The VLAN info is packaged as follows:
0x96, 0x04,0xn, 0xn, 0xn, 0xn Where:
The first field is always 0x96, identifying Suboption 150. The second field is always, 0x04, specifying the length of the VLAN info. The last four fields are 0xn, where each value of n is a digit specifying the VLAN number. For example, 0x96, 0x04, 0x1, 0x2, 0x0, 0x0 specifies VLAN 1200. VLAN 100 would be specified as 0x96, 0x04, 0x0, 0x1, 0x0, 0x0. Suboption 151. The VPN selection ID is packaged as follows:
0x97, 0x0a, 0x00, 0xnn, 0xnn, 0xnn, 0xnn, 0xnn, 0xnn, 0xnn, 0xnn, 0xnn Where:
The first field is always 0x97, identifying Suboption 151. The second field specifies the length of the VPN selection ID. The remaining fields specify an ASCII string of the VPN selection ID. Use the set ssid option82 insertion command to control whether DHCP Option 82 (DHCP relay agent information) is inserted into packets or not. If Option 82 insertion is enabled, use the set ssid option82 use command to control whether Suboption 9 or Suboptions 150 and 151 are used. If Suboption 150 and 151 are selected, use the set ssid option82-subopton151 command to specify the VPN selection ID. You can specify an ASCII string of up to 32 alphanumeric characters. To specify a blank string, input two double quotes (). If Suboption 150 and 151 are selected and a Suboption 151 string is undefined, the SSID string is used instead.
/interface/wifi-<n>-<m>/set ssid <ssid_index> admin-state
{enable|disable}
This command enables or disables a particular SSID. Use the show ssid table command to determine <ssid_index>. Changing SSID Admin State October 11, 2011 Confidential Page 94 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Out-of-service Advertising The default is enabled for SSID 1 and disabled for all others.
/interface/wifi-<n>-<m>/set ssid <ssid-number> ap-oos-identifier
<oos_string>
/system/set ap-oos-broadcast-delay <oos_delay>
/interface/wifi-<n>-<m>/set ap-oos-broadcast {enabled|disabled}
[option {replace|prepend}]
/system/show ap-oos-broadcast-delay These commands let you modify the SSIDs of a radio with an out-of-service string when a node loses its egress connection for longer than the period specified by <oos_delay>. The out-of-service string can be prepended to the existing SSID or it can replace the existing SSID. The out-of-service string can contain up to 14 characters. The default string is outOfService.. and by default it replaces the SSID. The out-of-service delay (<oos_delay>) ranges from 30 to 300 seconds. The default is 300 seconds. The out-of-service delay is set for the entire BelAir20E. Use the /system/show ap-oos-broadcast-delay command to display the current delay. When a nodes egress connection is declared out-of-service, the node also applies WPA AES encryption with a 16-character pre-shared key to all SSIDs except for the default management SSID. This is to to prevent a user from accidently connecting to an open SSID which is in out-of-service. The 16-character pre-shared key consists of the first 10 characters of the out-of-service identifier followed by the last six digits of the nodes MAC address. If the out-of-service identifier is less than 10 characters, then period characters (.) are used to complete the first 10 characters of the pre-shared key. The status of a node's egress connection is determined as follows:
1 If a tunnel is enabled, the egress status is the tunnel's status. 2 If a tunnel is not enabled and there is a cable modem in the system, the egress status is the modem's status. 3 If a tunnel is not enabled and there is no cable modem in the system, the egress status is the Ethernet link's status. See also:
Default Management SSID on page 90 Security Options for Wireless Clients on page 100 October 11, 2011 Confidential Page 95 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Filtering Broadcast and Multicast Packets Broadcast to Unicast Packet Conversion Configuring Wi-Fi Access Point Parameters
/interface/wifi-<n>-<m>/set ssid <ssid_index>
group-address-filter {none | ipv4}
This command filters all broadcast and multicast packets to and from a wireless client except for ARP and DHCP packets, allowing you to reduce the amount of broadcast and multicast traffic in the network. The ssid_index parameter must be a valid SSID index. See AP Service Set Identifiers on page 88 Use the none setting to disable this function. Use ipv4 to enable this function. If wireless bridging is enabled, the default is none. If wireless bridging is disabled, the default is ipv4. See also:
Limiting Broadcast Packets on page 54 Broadcast to Unicast Packet Conversion on page 96
/interface/wifi-<n>-<m>/set ssid <ssid_index>
dhcp-advanced {upstream-unicast | none}
This command lets you convert broadcast packets to unicast packets. Reducing the number of broadcast packets sent over wireless connections provides the following benefits:
Broadcast packet are not retried in wireless transmissions, so in high interference environments wireless clients can miss their DHCP exchange. It reduces the bandwidth required for exchanges of DHCP messages. The ssid_index parameter be a valid SSID index. See AP Service Set Identifiers on page 88. The set ssid <ssid_index> dhcp-advanced command is set to none by default, meaning that it is disabled. In this case:
All BOOTP packets, including DHCP packets, coming from the client are examined to determine if they are broadcast or unicast. This information is stored for use when the response arrives. All BOOTP packets, including DHCP packets, arriving from the network are examined. If needed, they are converted to match the format (broadcast or unicast) sent by the wireless client. When the set ssid <ssid_index> dhcp-advanced command is set to upstream-unicast, it unsets the Request Broadcast bit for BOOTP packets, October 11, 2011 Confidential Page 96 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters Limiting Upload and Download Rates including DHCP packets, originating from clients before sending those packets to the network. This means that the network should respond with unicast packets instead of broadcast packets. The set ssid <ssid_index> dhcp-advanced command does not affect BOOTP packets arriving from the network. All BOOTP packets, including DHCP packets, arriving from the network are examined. If needed, they are converted to match the format (broadcast or unicast) sent by the wireless client. See also:
Limiting Broadcast Packets on page 54 Filtering Broadcast and Multicast Packets on page 96
/interface/wifi-<n>-<m>/set ssid <ssid_index>
max-download-rate {<bps_rate>|unlimited}
/interface/wifi-<n>-<m>/set ssid <ssid_index>
max-upload-rate {<bps_rate>|unlimited}
These commands let you specify the maximum rate (in bits per second) at which a client can upload or download data from the AP for a particular SSID. The ssid_index parameter must be a valid SSID index. See AP Service Set Identifiers on page 88 Use the unlimited setting to disable this function. If wireless bridging is enabled, the default is none. If wireless bridging is disabled, the default is ipv4. See also:
Limiting Broadcast Packets on page 54 Broadcast to Unicast Packet Conversion on page 96 ARP Filtering
/interface/wifi-<n>-<m>/set arp-filtering {disabled|enabled}
This command enables or disables ARP filtering on radio traffic from the AP to the wireless client. When enabled, the radio only forwards ARP request packets to a currently connected client. Otherwise, the downstream ARP requests are dropped. The default setting is disabled. October 11, 2011 Confidential Page 97 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide ARP to Unicast Conversion Configuring Wi-Fi Access Point Parameters
/interface/wifi-<n>-<m>/show arp-unicast-table [vlan <vlan_id> ]
/interface/wifi-<n>-<m>/set ssid <ssid_index>
arp-unicast-conversion {enabled|disabled}
These commands control the conversion of upstream ARP packets to unicast packets. When enabled, this feature intercepts ARP requests from wireless clients and sends them only to known gateway MAC addresses. ARP responses from the gateway are sent to the wireless client without interception and manipulation. When the AP starts, the ARP unicast conversion table is empty. So the first ARP packet from the client is sent out as is; no conversion happens. When the ARP response arrives, the AP records its information, including the unicast MAC address, in the conversion table. For the following ARP packets, the AP replaces the broadcast MAC address in the ARP packet with the unicast MAC address from the conversion table. When a conversion table entry is used, a 4-second response timer is started. If the ARP response arrives within 4 seconds, then the entry remains valid. Otherwise the entry is deemed invalid and removed from the table. Each entry is removed after 4 hours of inactivity. The table holds up to 128 entries. The default setting is disabled. Example
/interface/wifi-1-2# show arp-unicast-table vlaid ip mac expire
5 10.1.5.53 00:10:18:27:bc:07 03:57:18 0 10.1.1.53 00:10:18:27:bc:07 03:59:32 90 10.1.90.53 00:10:18:27:bc:07 03:59:55
/interface/wifi-<n>-<m>/set b-protection {disabled|enabled}
This command enables or disables 802.11b protection for the radio. Normally, an 802.11g AP uses CTS-to-self to interact with 802.11b APs. The transmitted packet is small, but in High Capacity and Interference environments the accumulated effect is a substantial performance penalty. This feature disables 802.11b protection for the radio, meaning that CTS-to-self are not sent and maximizing the throughput for wireless clients that operate in the 2.4 GHz range. 802.11b Protection October 11, 2011 Confidential Page 98 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Wi-Fi Access Point Parameters This feature improves performance if there are only a few 802.11b clients present and they are not generating large amounts of traffic. If not, the 802.11b clients may generate substantial numbers of collisions and actually impair traffic. The default setting is enabled. October 11, 2011 Confidential Page 99 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security Wi-Fi AP Security This chapter describes how you can set up security to encrypt your Wi-Fi transmissions so that your data cannot be deciphered if it is intercepted, and to prevent access to the network by unauthorized clients. The following topics are covered:
Security Options for Wireless Clients on page 100 RADIUS Servers for Wireless Clients on page 101 Managing RADIUS Servers on page 104 Changing RADIUS Server Admin State on page 105 Assigning SSIDs to RADIUS Servers on page 105 RADIUS Pre-authentication on page 105 RADIUS Assigned VLAN on page 106 RADIUS Accounting on page 106 Client Authentication and De-authentication Trap on page 107 AP Privacy on page 107 Wireless Client Blacklist on page 109 Wireless Client Access Control List on page 109 Controlling Inter-client Communication on page 110 Protecting against Denial of Service Attacks on page 113 See also:
Configuring Wi-Fi Radio Parameters on page 72 Configuring Wi-Fi Access Point Parameters on page 80 Wi-Fi Backhaul Link Configuration on page 115 Mobile Backhaul Mesh on page 123 Security Options for Wireless Clients The BelAir20E has several options for wireless authentication and data encryption. The method that you use depends on your security needs and your network configuration. October 11, 2011 Confidential Page 100 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security If multiple SSIDs are configured, each SSID can be configured with its own security options. The authentication options are:
instruct the AP to connect to a Remote Authentication Dial In User Service
(RADIUS) server in your network that keeps a list of accepted clients. RADIUS is a standard for user authentication. For this option, you need a RADIUS server. Multiple BelAir20E units can share the information from the same RADIUS server. use a pre-shared key. This is a simpler authentication option, but more difficult to maintain because pre-shared keys must be distributed to all users. You can also create a list of accepted clients; that is, an Access Control List
(ACL). This option is best suited for small networks. The encryption options are:
Wired Equivalent Privacy (WEP). This is a basic encryption scheme. Temporal Key Integrity Protocol (TKIP). This is an more advanced encryption scheme. Advance Encryption Standard (AES). This is the strongest encryption scheme. BelAir Wi-Fi radios offer WEP, WPA, WPA2 and WPA2mixed privacy settings. With WPA2mixed, the wireless client can use WPA or WPA2, and the AP accepts them both. WPA, WPA2 and WPA2mixed privacy uses TKIP or AES encryption. Because of this, WPA, WPA2 and WPA2mixed provide much stronger security than WEP. For small networks, you can use WEP or WPA with pre-shared keys. For large networks, you can use WPA, WPA2 or WPA2mixed in combination with dot1x (a RADIUS server) authentication. CAUTION!
RADIUS authentication, WPA or WPA2 can only be used with wireless clients that support these standards (both the operating system and the network card). For clients that only support WEP, select a combination with WEP. Note: A network is as secure as its weakest link. If WEP is enabled, the overall level of network security will be that of WEP. RADIUS Servers for Wireless Clients To use RADIUS authentication, you need to configure at least one RADIUS server. October 11, 2011 Confidential Page 101 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security Table 10 shows the attributes that are included in the access-request messages sent to the RADIUS server when using RADIUS (EAP) authentication. Table 10: RADIUS Attributes Name RA_USERNAME ID Description 1 Client identity RA_NAS_IP_ADDRESS 4 Node IP address configured with the /protocol/radius/set RA_NAS_PORT RA_SERVICE_TYPE RA_FRAMED_MTU RA_STATE RA_CLASS RA_VENDOR_SPECIFIC RA_SESSION_TIMEOUT server command. See Managing RADIUS Servers on page 104. 5 For accounting packets, contains the client association ID that ranges from 1 to 256. For RADIUS packets, contains the SSID index values (from 0 to 15) + 100 6 Always 2 12 Always 1400 24 Client state from the RADIUS server 25 Always 0 26 Not used 27 RADIUS reauth time configured with the /protocol/radius/
set server command. See Managing RADIUS Servers on page 104. RA_IDLE_TIMEOUT 28 Client timeout value, always 5 minutes RA_TERMINATION_ACTION 29 Incoming only (0 for terminate or 1 for reauth) RA_CALLED_STATION_ID 30 AP MAC address RA_CALLING_STATION_ID 31 Client MAC address If station-id-unformatting is set to enable, colons are removed. If station-id-unformatting is set to enable, colons are removed. October 11, 2011 Confidential Page 102 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Table 10: RADIUS Attributes (Continued) Name ID Description Wi-Fi AP Security RA_NAS_IDENTIFIER 32 Name configured with the /interface/wifi-<n>-<m>/set ssid <ssid_index> radius command. See RADIUS Accounting on page 106. RA_ACCT_STATUS_TYPE 40 Always 1,2 or 3 RA_ACCT_INPUT_OCTET RA_ACCT_OUTPUT_OCTET 42 43 Integer counter Integer counter RA_ACCT_SESSION_ID 44 Unique number generated by system. RA_ACCT_AUTH 45 1 for RADIUS or 2 for local RA_ACCT_SESSION_TIME 46 RADIUS reauth time configured with the /protocol/radius/
set server command. See Managing RADIUS Servers on page 104. RA_ACCT_INPUT_PACKET RA_ACCT_OUTPUT_PACKET 47 48 Integer counter Integer counter RA_TERMINATE_CAUSE 49 One of:
1 for session terminated by user request 2 for session terminated due to lost carrier 4 for session terminated due to idle timeout 5 for session timeout 9 for session terminated due to NAS error 20 for session terminated due to reauth failure RA_ACCT_INPUT_GIGAWORDS 52 Not used RA_ACCT_OUTPUT_GIGAWORDS 53 Not used RA_EVENT_TIMESTAMP 55 System time when the RADIUS packet is sent RA_NAS_PORT_TYPE RA_TUNNEL_TYPE 61 Always 9 for port type of wireless 64 Refer to RADIUS Assigned VLAN on page 106. RA_TUNNEL_MEDIUM_TYPE 65 Refer to RADIUS Assigned VLAN on page 106. RA_TUNNEL_PRIVATE_GROUP_ID 81 Refer to RADIUS Assigned VLAN on page 106. October 11, 2011 Confidential Page 103 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Table 10: RADIUS Attributes (Continued) Wi-Fi AP Security Name RA_CONNECT_INFO RA_EAP_MESSAGE ID Description 77 Always CONNECT 11Mbps 802.11b 79 EAP packet RA_MESSAGE_AUTHENTICATOR 80 Authentication string from RADIUS server RA_INTERIM_INTERVAL 85 Not used Managing RADIUS Servers
/protocol/radius/show servers
/protocol/radius/set server <server_idx> <server_ip_address>
<shared secret> [authport <server_port>]
[acctport <radius_acc_port>]
[interface <NAS IP address>] [timeout <seconds>]
[reauthtime <seconds>]
/protocol/radius/del server <server_idx>
These commands let you manage the RADIUS server list used for authenticating wireless clients. The list can contain up to 16 RADIUS servers. After the list is configured, you can then assign which AP SSID uses which server on the list. See Assigning SSIDs to RADIUS Servers on page 105. By default, if a RADIUS server is unavailable, then the SSID uses the next RADIUS server in the list. You cannot delete a server if it is being used by an SSID. The server_ip address parameter specifies the IP address of the RADIUS server. The shared secret parameter specifies the password for access to the RADIUS server. The server_port parameter ranges from 0 to 65535. It specifies the UDP port number of the RADIUS server. The default is 1812. The radius_acc_port parameter ranges from 0 to 65535. It specifies the UDP port number for RADIUS accounting data. The default value is 1813. The NAS IP address parameter specifies the Network Access Server (NAS) IP address for the BelAir20E RADIUS client. It is used when the unit is configured with multiple IP interfaces and matches the interface used to communicate with the given RADIUS server. The default value is the IP address of the units management interface, which is usually the systems default IP address. Note: The NAS IP address parameter is entered statically with this command. If the VLAN IP addresses are determined dynamically with a DHCP October 11, 2011 Confidential Page 104 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security server, then an updated VLAN IP address is not automatically reflected into the NAS IP address parameter. The timeout parameter ranges from 2 to 300. It specifies the interval (in seconds) after which the RADIUS client considers that the remote server has timed out if a reply is not received. The default value is 10 seconds. The reauthtime parameter ranges from 0 to 50000000. It specifies the RADIUS re-authentication time (in seconds). This forces the BelAir20E to check all connected clients with the RADIUS server (that is, make sure they are still allowed to access the network) at the specified interval. You only need to configure this parameter if it is not specified on the RADIUS server. Setting the interval to zero disables this feature. The maximum interval time is 2147483647. If you enter a higher number, the value is set to its maximum.
/protocol/radius# set server 3 172.16.1.20 my-secret12345 authport 1812 acctport 1813 interface 172.16.1.254 timeout 15 reauthtime 1 Example Changing RADIUS Server Admin State Assigning SSIDs to RADIUS Servers RADIUS Pre-authentication
/protocol/radius/set server-state <server_idx> {enable|disable}
This command enables or disables a particular RADIUS server on the server list. Use the show servers command to determine <server_idx>.
/interface/wifi-<n>-<m>/add ssid <ssid_index>
radius-server <server_idx>
/interface/wifi-<n>-<m>/del ssid <ssid_index>
radius-server <server_idx>
The add command specifies which RADIUS server to use to authenticate the specified SSID. The del command means that the specified RADIUS server stops authenticating the specified SSID. Use the /wifi-<n>-<m>/show ssid table command to determine <ssid_index>. Use the /radius/show servers command to determine <server_idx>.
/interface/wifi-<n>-<m>/set ssid <ssid_index>
radius-pre-auth {enabled|disabled}
[delimiter {none|colon|dash}]
This feature allows you to set up a centralized access control list at the RADIUS server instead of each AP. With this feature enabled, when an AP receives a clients association request, it composes an access-request message and sends it to a RADIUS server. If an access-accept message is received from the RADIUS server, the AP continues with the clients association procedure and grants access based on other criteria such as encryption type and key matching. October 11, 2011 Confidential Page 105 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security To use this feature, you must configure your RADIUS server to have a list of all allowed clients. Each entry in this list includes a user name and a password. The user name and the password must be set to the clients MAC address. The delimiter parameter specifies whether the RADIUS packets use a colon (:), a dash (-) or nothing as a delimiter when specifying a MAC address. To reduce the message exchanges between the AP and RADIUS server, an AP maintains two cache tables: one for all allowed clients and another for all disallowed clients. When the AP receives a clients association request, it first searches both tables. If the clients information is in the allowed table, the AP bypasses RADIUS pre- authentication. If the client is in the disallowed table, it is rejected immediately. Cache entries in either table expire in two minutes. The feature can be enabled or disabled on each SSID. Use the /wifi-<n>-<m>/
show ssid table command to determine <ssid_index>. The default setting is disabled. The BelAir20E can create VLANs as instructed by the RADIUS server. When this feature is activated, the RADIUS server instructs the BelAir20E to tag the authenticated packets to use the specified VLAN. This feature has no BelAir CLI commands. To activate this feature, you must provision the following attributes on your RADIUS server:
RA_TUNNEL_TYPE, set to 13 RA_TUNNEL_MEDIUM_TYPE, set to 6 RA_TUNNEL_PRIVATE_GROUP_ID, configure to contain the VLAN to be created. Refer to Table 10 on page 102.
/interface/wifi-<n>-<m>/set ssid <ssid_index> radius
([accounting {enable|disable}]
[nas-id <name>]
[delimiter {none|colon|dash}]
[append {none|ssid}]
These commands let you manage RADIUS accounting for wireless clients. By default RADIUS accounting is disabled. The nas-id <name> parameters specify the RADIUS Network Access Server
(NAS) identifier. The default value for <name> is belair. RADIUS Assigned VLAN RADIUS Accounting October 11, 2011 Confidential Page 106 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security Client Authentication and De-authentication Trap AP Privacy The delimiter parameter specifies whether the RADIUS packets use a colon (:), a dash (-) or nothing as a delimiter when specifying a MAC address. The append parameter specifies RADIUS station ID formatting. The default setting is ssid, meaning that the called-station-ID and the calling-station-ID fields are formatted to include SSID information to the provided MAC address.
/interface/wifi-<n>-<m>/set client-trap {enabled|disabled}
[trap-delay {enabled|disabled}]
This command controls whether a trap is sent for this particular radio whenever a wireless client authenticates or de-authenticates; that is, disconnects from the radio. The trap can be used by any Network Management System to monitor client activities. When the client trap is enabled and the trap delay is enabled, the trap is not sent out until 10 seconds after either of the following events:
the client connects and stays connected the client is disconnected and stays disconnected If the trap delay is disabled, then the trap is sent out immediately after either of the previous events. When the client trap is disabled, the trap is not sent out. The default is to have both the client trap and trap delay enabled.
/interface/wifi-<n>-<m>/set ssid <ssid_index> privacy
{none|dot1x-open|wep40|wep104|
{wpa {tkip|aes}}|wpa2 {tkip|aes}|wpa2mixed}
[{psk <key-str>}|dot1x]
[rekey {no|kpackets <count>|seconds <seconds>}]
[strict {yes|no}]
This command configures wireless privacy for a particular SSID. Use the show ssid table command to determine <ssid_index>. Use the show ssid
<ssid_index> config command to show the current privacy settings. The dot1x-open parameter specifies an open privacy setting, but uses a RADIUS server for SSID authentication. The RADIUS server authenticates a wireless client by its username and password. After accepting the client, the RADIUS server does not provide encryption keys. The data transmission is open. October 11, 2011 Confidential Page 107 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security WPA, WPA2 and WPA2mixed privacy uses TKIP or AES encryption. With WPA2mixed, the wireless client can use WPA or WPA2, and the AP accepts them both. The psk parameter specifies using a pre-shared key for authentication. When specifying the pre-shared key, note the following:
For wep40, the pre-shared key must be exactly 5 bytes. For wep104 with psk, the pre-shared key must be exactly 13 bytes. For wpa, wpa2 and wpa2mixed, the pre-shared key must be between 8 and 63 bytes long. The longer the key, the more secure the connection. The pre-shared key can be specified as a hexadecimal number or ASCII string. Hexadecimal numbers must be preceded by 0X or 0x. ASCII strings must not contain the following characters:
bar (|) semicolon (;) question mark (?) double quotation mark () The dot1x parameter specifies using RADIUS (EAP) authentication. You must pre-configure a list of RADIUS servers. See RADIUS Servers for Wireless Clients on page 101. The rekey parameter allows you to specify Group Key Rekey options to improve security. These options allow you to specify that a new group key (the key that is used for communication between the access radio and a group of clients) must be generated at regular intervals. The default rekey setting is no meaning that the group key is not changed. If rekey is set to n seconds, the group key is changed after that time period. If rekey is set to n kpackets, the group key is changed after that many thousand packets. If strict is set to yes, the group key changes immediately when one client leaves the network. The default is no. The strict setting applies to wpa and wpa2 encryption only. October 11, 2011 Confidential Page 108 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security Wireless Client Blacklist Wireless Client Access Control List Additional Considerations Make sure to set the AP SSID to something other than the default before enabling wpa, wpa2 or wpa2mixed. The BelAir20E unit combines the password phrase with your SSID to create the key. Note: Some configuration commands take longer than others to be applied to a radio module. For example, it can take up to 40 seconds per SSID for a WPA PSK configuration to be applied to radio. The delay varies depending on the amount of computing resources required to implement the configuration.
/interface/wifi-<n>-<m>/add client blacklist <mac-addr>
/interface/wifi-<n>-<m>/del client blacklist <mac-addr>
These commands let you add and remove a MAC address from a client blacklist. If a wireless clients MAC address matches an entry on the blacklist, the client cannot associate with the AP. The client blacklist can contain up to 16 entries. Each physical interface can have its own client blacklist. Use the show config access command to display the current client blacklist entries.
/interface/wifi-<n>-<m>/show ssid <ssid_index> acl
[page <page-number> <page-size>]
/interface/wifi-<n>-<m>/add ssid <ssid_index> acl-mac-address
<mac-address>
/interface/wifi-<n>-<m>/del ssid <ssid_index> acl-mac-address
<mac-address>
/interface/wifi-<n>-<m>/set ssid <ssid_index> acl
{enabled|disabled}
You can create a local list of clients (an ACL) that controls access to the network. The list can contain up to 16 clients per SSID. Clients are identified by the MAC address of their network card. If you have multiple BelAir20E units in your network, you need to create this list for every AP. You should only use an ACL as an extra security measure if:
you cannot or prefer not to set up a RADIUS server your network provides access to network clients which do not support RADIUS authentication In both cases, it is recommended that you enable pre-shared key encryption
(WEP, WPA, WPA2 or WPA2mixed). October 11, 2011 Confidential Page 109 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security The enabled setting for the set acl command means that only the wireless clients on the ACL can access the network. All other clients are denied access. The disabled setting means that all wireless clients can access the network. See also AP Secure Port Mode on page 112. Typically, you enable ACL mode only after you have added all the desired MAC addresses to the control list. CAUTION! When used with multiple SSIDs, this method affects wireless clients attempting to associate with any of the SSIDs. Use the show ssid table command to determine <ssid_index>. Controlling Inter-client Communication CAUTION!
If wireless bridging is enabled for an SSID, then by default wireless clients associated to an AP and using that SSID can communicate to one another
(assuming they are able to determine the IP addresses of their peer wireless clients). For security reasons in a public network environment, it may be desirable to block inter-client communications. Provisioning inter-client communication can affect the wireless clients associated with all the SSIDs of that BelAir20E unit. The goal is to prevent communications between associated wireless clients and still allow them to connect to the Internet. To do this, use one of the following methods. Manual Provisioning of Gateway MAC Addresses The following method offers the precise control of SSID communications:
1 Determine the MAC address of the Internet gateway(s) or router(s) in your network. 2 Disable wireless bridging for each AP in your network. 3 Disable inter-AP wireless client communications:
a Add the previously determined gateway MAC address or addresses to the secure MAC white list. This allows wireless clients to communicate with the Internet. The secure MAC white list typically contains the MAC address of the gateway interfaces. b If the DHCP server for your network is on a different machine than the gateway, add the MAC address of the DHCP server machine to the secure MAC white list. c Enable secure port mode for each of the APs in your network. October 11, 2011 Confidential Page 110 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security Automatic Discovery of Gateway MAC Addresses The following method automates MAC address provisioning:
1 Disable wireless bridging for each AP in your network. 2 Disable inter-AP wireless client communications:
a Enable the auto-secure gateway feature for each of the APs in your network. b Enable secure port mode for each of the APs in your network. This step is only required if you want to manually provision the MAC addresses of the Internet gateway(s) or router(s) in your network. Determining the MAC address of your Internet gateway(s) depends on the type of equipment you are using. Refer to your equipments User Manual for the specific details. You will need the MAC address of your gateways later to provision the secure MAC white list of the APs configured in secure port mode.
/interface/wifi-<n>-<m>/set ssid <ssid_index> wireless-bridge
{enabled|disabled}
Use the show ssid table command to determine <ssid_index>. Disabling wireless bridging for an AP prevents wireless clients associated to that particular AP from communicating with one another. It does not prevent a wireless client associated with one AP (AP A) from communicating with a wireless client associated with another AP (AP B). The secure port mode prevents this. See AP Secure Port Mode on page 112. By default, wireless bridging is enabled. Disabling inter-AP wireless client communications involves setting up a secure MAC white list and enabling secure port mode for each AP.
/interface/wifi-<n>-<m>/add secure-mac-address <mac-address-string>
[secure-mac-mask <mac-mask-string>]
[all | untagged | <vlan-id>]
/interface/wifi-<n>-<m>/del secure-mac-address <mac-address-string>
[all | untagged | <vlan-id>]
Use these commands only if you want to manually provision the MAC addresses of the Internet gateway(s) or router(s) in your network. Determining the MAC Address of the Internet gateway Disabling or Enabling AP Wireless Bridging Disabling Inter-AP Wireless Client Communication Secure MAC White List October 11, 2011 Confidential Page 111 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security These commands add and remove a MAC address from the secure MAC white list. The MAC address can optionally be qualified with a mask and a traffic descriptor as follows:
The mask is specified with the secure-mac-mask option. Use ff to indicate bits to accept. Use 00 to indicate bits to ignore. For example, a MAC address of 00:0d:67:0c:21:90 with a mask of ff:ff:ff:00:00:00 specifies all MAC addresses beginning with 00:0d:67. You can also customize the mask to exactly suit your needs by using values other than ff or 00. The traffic descriptor can be one of all, untagged or a VLAN ID. Use a VLAN ID to specify the traffic of a particular VLAN. Use untagged to specify only untagged traffic. Use all to specify all traffic. When configured in secure port mode, the AP forwards to the associated wireless clients only those Layer 2 (Ethernet) frames for which the source MAC address and VLAN matches an entry its white list. The white list can contain up to 32 entries. If a VLAN is not specified, it is assumed to have a value of zero. In effect, while in this mode the AP acts as a firewall for all Layer 2 frames arriving from inside the network for the wireless clients. The secure MAC white list should only contain the MAC addresses of the gateway interfaces. Thus, wireless clients associated to other APs in the network are prevented from communicating with locally associated clients. Note 1: The secure MAC white list is different from the list described in Wireless Client Access Control List on page 109. In a client ACL, only the listed MAC addresses are allowed to associate with an AP. The secure MAC white list controls data forwarding to the wireless clients from remote entities in the network. Note 2: If the gateway and DHCP servers on your networks are on different machines, you must put the MAC addresses of both machines on the secure MAC white list. The content of the secure MAC white list takes effect only when the AP secure port mode is enabled.
/interface/wifi-<n>-<m>/set ssid <ssid_index> secure-port
{enabled|disabled}
Use the show ssid table command to determine <ssid_index>. To prevent wireless clients associated with different APs from communicating with each other, you must enable the secure port mode on each of the APs in your network. AP Secure Port Mode October 11, 2011 Confidential Page 112 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security By default, the secure port mode is disabled. Note: Typically, you provision the secure MAC white list before enabling the secure port mode. This ensures that wireless clients that are already associated do not lose their connection to the Internet. Auto-secure Gateway
/interface/wifi-<n>-<m>/set ssid <ssid_index>
auto-secure-gateway {enabled|disabled}
Use this command only if you want to automatically discover the MAC addresses of the Internet gateway(s) or router(s) in your network. To use this command, you must set the ROUTER_IP option (DHCP option 3) on the DHCP server in your network. Use the show ssid table command to determine <ssid_index>. This command starts the process of detecting the MAC addresses of the gateway for each VLAN in the system. Once it determines the MAC address, it adds it to the secure MAC white list. This feature also continuously monitors for changes in the gateway's MAC address updates the secure MAC white list accordingly. By default, the auto-secure gateway functionality mode is disabled. Note:
If you are automatically discovering the MAC addresses of your network gateways, then you typically enable auto-secure gateway before enabling the secure port mode. This ensures that wireless clients that are already associated do not lose their connection to the Internet. Protecting against Denial of Service Attacks The BelAir20E provides protection against the following types of Denial of Service (DoS) attacks:
deauthentication DoS, where deauthentication packets are maliciously sent to the BelAir platform causing it to terminate wireless sessions The BelAir20E also automatically generates alarms when it detects the following conditions:
If the BelAir20E detects more than 600 DHCP requests within 30 seconds, it raises a DHCP_STARVATION alarm. If the BelAir20E detects a client with a MAC address that matches any of the addresses in the secure MAC white list, it raises a SECURE_MAC_SPOOF alarm. October 11, 2011 Confidential Page 113 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi AP Security You can clear these alarms with the following command:
/interface/wifi-<n>-<m>/clear alarm {secure-mac-spoof |
dhcp-starvation |
deauth-dos}
Deauthentication DoS
/interface/wifi-<n>-<m>/set deauth dos defense {enabled|disabled}
When a deauthentication packet arrives and this feature is enabled, the BelAir platform waits 5 to 10 seconds before it terminates the wireless session. If the wireless client sends another data packet during that interval, then the previous deauthentication packet is deemed false and ignored. If the BelAir platform does not receive any data packets during the interval, then the session is terminated. Use the /interface/wifi-<n>-<m>/show statistics command to display the number of potential attacks it has detected since you enabled the feature. October 11, 2011 Confidential Page 114 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Link Configuration Wi-Fi Backhaul Link Configuration This chapter describes how to display and configure Wi-Fi backhaul parameters, including:
Displaying Backhaul Link Configuration on page 115 Configuring Backhaul Link Identifier, Topology and Privacy on page 116 Managing MP-to-MP Meshes on page 118 Displaying the Mesh Topology on page 118 Setting a Link RSSI Threshold on page 119 Managing the Mesh Blacklist on page 120 Mesh Auto-connections on page 120 Managing Mesh Auto-connections on page 121 Egress Protection on page 122 Changing Backhaul Link Admin State on page 122 See also:
Displaying Backhaul Link Configuration Configuring Wi-Fi Radio Parameters on page 72 Configuring Wi-Fi Access Point Parameters on page 80 Wi-Fi AP Security on page 100 Mobile Backhaul Mesh on page 123 Use the show config backhaul command to display the current backhaul configuration. See Displaying Wi-Fi Radio Configuration on page 73 for details. Example - Typical BelAir20E
/interface/wifi-1-1# show config backhaul Slot: 1, Card Type: htme, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 149 mode: ...................... ht40plus mimo: ...................... 3x3 tx power: .................. 18.0 (dBm per-chain), 23.0 (dBm total) antenna location: ............ External Port antenna index: ............... 1 antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:0c:21:90 October 11, 2011 Confidential Page 115 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Link Configuration Configuring Backhaul Link Identifier, Topology and Privacy Common Backhaul:
privacy: ................... AES key: ....................... mesh-min-rssi............... -100 (dbm) Stationary Backhaul:
link admin state: .......... Disabled link id: ................... BelAirNetworks topology: .................. mesh Mobile Backhaul:
mobile admin state: ........ Disabled mobile link id: ............ mobile link role: .......... ss Blacklist:
No blacklist entries Link Failure Detection: ...... Disabled Backhaul T1 Bandwidth limit:.. Disabled
/interface/wifi-<n>-<m>/set backhaul link ([identifier <link-id>]
[topology {p2p|mesh|{star role {bs|ss} index <lnk_idx>}}]
[privacy {{enabled key <pre_shared_key>}|disabled}]) This command configures the backhaul link identifier, the backhaul topology and backhaul privacy. The backhaul link identifier identifies all members of a particular topology. The
<link_id> parameter is case sensitive and can be up to 32 alphanumeric characters:
For Point-to-Point (P-to-P) links, BelAir Networks recommends that the link identifier describes the link; that is, the nodes it connects. For Point-to-Multipoint (P-to-MP) or Multipoint-to-Multipoint (MP-to-MP) links, the link identifier is also known as a mesh identifier. It is the same for all members of a particular mesh. A suitable link identifier is short phrase unique to the MP-to-MP mesh, for instance Company x Mesh A or Mesh Number 23. When configuring a particular topology, you must configure all members to have:
the same channel. Refer to Operating Channel on page 74 for the appropriate command the same link identifier the same privacy settings October 11, 2011 Confidential Page 116 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Link Configuration As well, you must meet the requirements listed in Table 11 on page 117. Table 11: Wi-Fi Backhaul Configuration Requirements Topology P-to-P P-to-MP
(Star topology with one base station in the middle connecting up to eight subscriber stations) Requirements 1 Set the topology parameter to p2p. 1 Set the topology parameter to star. 2 Set the nodes role. The node can be a base station (bs) or a subscriber station (ss). A base station is located at the center of the star and can support up to eight subscriber stations. 3 Set the <lnk_idx> parameter. The link index identifies individual links in the star topology. It ranges from 1 to 8. For a subscriber station, you specify a single link index. For a base station, you specify all the link indexes that are used to connect to subscriber stations. Use a comma to separate multiple link indexes. To configure P-to-MP links configure the subscriber stations first followed by the base station. MP-to-MP 1 Set the topology parameter to mesh.
(Full mesh topology with each BelAir radio having up to eight links) The privacy setting determines whether AES privacy is used or not. The pre-shared key must be exactly 32 bytes long (16 characters). The pre-shared key can be specified as a hexadecimal or ASCII string and must not contain the following characters:
bar (|) question mark (?) double quotation mark () semicolon (;) October 11, 2011 Confidential Page 117 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Managing MP-to-MP Meshes Displaying the Mesh Topology This section describe additional commands to help you configure and manage an MP-to-MP mesh clusters, including:
Wi-Fi Backhaul Link Configuration Displaying the Mesh Topology on page 118 Setting a Link RSSI Threshold on page 119 Managing the Mesh Blacklist on page 120 Mesh Auto-connections on page 120 Managing Mesh Auto-connections on page 121
/interface/wifi-<n>-<m>/show backhaul status This command displays the operating parameters of the MP-to-MP links you are connected to. Example 1 and Example 2 that follow illustrate the output describing a mesh between three radios: RadioA, RadioB and RadioC. Example 1: RadioA
/interface/wifi-4-1# show backhaul status Backhaul Links:
Link Radio MAC State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0b:55:17 fwd fwd -49 wifi-3-1 180.1.5.120
[S] 2 00:0d:67:0b:51:ed fwd fwd -54 wifi-3-1 180.1.4.150 In the previous output, link 1 goes to RadioC and link 2 goes to RadioB. RadioA is measuring a signal strength of -49 dBm from RadioC. RadioC has a MAC address of 00:0d:67:0b:55:17 and is physical interface wifi-3-1 on a node with IP address 180.1.5.120. RadioA is measuring a signal strength of -54 dBm from RadioB. RadioB has a MAC address of 00:0d:67:0b:51:ed and is physical interface wifi-3-1 on a node with IP address 180.1.5.150. Example 2: RadioB
/interface/wifi-3-1# show backhaul status Backhaul Links:
Link Radio MAC State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0b:55:17 fwd fwd -68 wifi-3-1 180.1.5.120
[S] 2 00:0d:67:08:63:31 fwd fwd -54 wifi-4-1 180.1.5.180 October 11, 2011 Confidential Page 118 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Link Configuration In the previous output, link 1 goes to RadioC and link 2 goes to RadioA. RadioB is measuring a signal strength of -68 dBm from RadioC. As in example 1, RadioC has a MAC address of 00:0d:67:0b:55:17 and is physical interface wifi-3-1 on a node with IP address 180.1.5.120. As in example 1, RadioB is measuring a signal strength of -54 dBm from RadioA. RadioA has a MAC address of 00:0d:67:08:63:31 and is physical interface wifi-4-1 on a node with IP address 180.1.5.180. Example 3: Mobile Backhaul Mesh
/interface/wifi-1-1# show backhaul status Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[M] 1 00:0d:67:09:23:6a fwd fwd -68 wifi-3-1 10.1.1.123 NYC_WALLST
[M] 1 00:0d:67:00:08:06 fwd UP -71 wifi-3-1 10.1.1.122 NYC_BROADWAY Setting a Link RSSI Threshold In the previous output, there are two mobile backhaul mesh links. One is forwarding while the other is listening.
/interface/wifi-<n>-<m>/set backhaul mesh-min-rssi <rssi_value>
This command lets you set a signal strength threshold for creating mesh links. If a radio signal from another node is weaker than the specified threshold, then no link is created to that other node, except if there is no other link to either node at each end of the link. In that case, the link is still created even if the radio signal is weaker than the specified threshold. This command applies only when a node is forming MP-to-MP links with other nodes. Existing links are not affected by this command. The rssi_value parameter is specified in as a negative number in dBm. The default value is -100 dBm. Use the show config backhaul command to display the current value. Example
/interface/wifi-1-1# set backhaul mesh-min-rssi -70 The previous command sets the link RSSI threshold to -70 dBm. If the signal from another radio is stronger than -70 dBm, then a backhaul link to that radio is created. If it is weaker than -70 dBm, then a link is not created. October 11, 2011 Confidential Page 119 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Managing the Mesh Blacklist Mesh Auto-connections Wi-Fi Backhaul Link Configuration
/interface/wifi-<n>-<m>/add backhaul blacklist <mesh_pt_MAC_addr>
/interface/wifi-<n>-<m>/del backhaul blacklist <mesh_pt_MAC_addr>
These commands allow you to control whether or not a link is used between two mesh points in an MP-to-MP mesh. To blacklist a link, you need to log in to both ends of the link and put the radio of other node on the local blacklist. For example, to prevent the use of a link between node A and B, you need to:
1 Log in to node A and add to its blacklist the MAC address of node B radio. 2 Log in to node B and add to its blacklist the MAC address of node A radio. The MAC addresses of the node radios can be determined with the show backhaul status command. Typically, these commands are used to disable an unstable link. This behavior may occur when either radio at each end of the link is operating at the limit of its sensitivity. As well, these commands can be used to disable a particular link if the RF plan predicts low RSSI values for it. BelAir MP-to-MP meshes have the ability to detect when their egress node loses the ability to route traffic out of the mesh. When such a situation exists, each radio that is part of the affected mesh begins trying to find an alternate way of routing its traffic out of the mesh. If the affected radio is part of a multi-radio platform, such as the BelAir100N, and the other radios are also part of a mesh, then it attempts to route its traffic through the other radios of its own platform. If it cannot do so, then it begins scanning other channels to see if it can establish a link to another radio that is part of a neighboring mesh with an active egress node. The affected radios stagger their attempts to hunt for a neighboring mesh to avoid overloading the neighboring radios and to allow time for their own egress node to re-establishing itself. A link to a neighboring mesh only occurs when:
The neighboring mesh has an active egress node. The first six bytes of the neighboring mesh identifier matches the local mesh identifier. If there are several candidate meshes to connect to, then the link is made to the mesh that:
October 11, 2011 Confidential Page 120 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Link Configuration Managing Mesh Auto-connections matches the longest possible mesh identifier string has the better signal level has the minimum hop count to the egress node Once a new link is established, the radio does not automatically revert back to the old mesh, even if the old meshs egress node regains its ability to route traffic outside of the mesh. To do so, you must manually use one of the provided CLI commands. Mesh auto-connect uses RSTP to establish the new mesh topology. Disabling RSTP disables this functionality. See also:
Managing Mesh Auto-connections on page 121 Setting the Network Egress Point on page 54 Mesh Auto-connection Example on page 224
/services/auto-conn/set admin-state {enabled|disabled}
/services/auto-conn/revert alternate-mesh
/services/auto-conn/show alternate-mesh
/services/auto-conn/show egress-node-list
/services/auto-conn/show config
/services/auto-conn/show status These commands allow you to control mesh auto-connection capabilities. Use the set admin-state command to enable or disable this capability. By default mesh auto-connections are enabled. Use the revert alternate-mesh command to manually force a link to a neighboring mesh back to the original mesh. Use the show alternate-mesh command to display the node's links to a neighboring mesh when the node's egress is lost. Use the show egress-node-list command to display the list of egress nodes for the current mesh. Use the show config command to display the current auto-connection configuration. Use the show status command to display whether the auto-connection capability is enabled or disabled. Refer to Mesh Auto-connection Example on page 224. October 11, 2011 Confidential Page 121 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Egress Protection Wi-Fi Backhaul Link Configuration
/interface/wifi-<n>-<m>/set backhaul protection-admin-state {enable|disable}
This command controls egress protection. The default setting is disable. Egress protection provides extra redundancy for the BelAir20Es egress point. The egress point is the point where the BelAir20Es access traffic leaves the BelAir wireless network. This may be through an Ethernet connection, L2TP tunnel end-point, or a cable modem. If the egress point fails and egress protection is enabled, the BelAir20E uses a Wi-Fi backhaul link to connect to another BelAir node so that traffic can leave the BelAir wireless network through that nodes egress point. The BelAir20E selects the best node to use based on several factors including signal strength and the number of hops to the egress point. Egress protection is revertive. If the original egress point becomes operational again, the access data is redirected back to original egress point. To use egress protection, make sure of the following:
The BelAir20E and it surrounding nodes are equipped with appropriate hardware to provide the Wi-Fi backhaul link. The channel number, privacy settings and link identifier are the same for all surrounding nodes. The backhaul protection-admin-state option for the radios has been enabled. The tunnel engine for the BelAir20E is enabled, if the egress point is an L2TP tunnel end point. See Setting Tunnel Engine Parameters on page 167. Changing Backhaul Link Admin State
/interface/wifi-<n>-<m>/set backhaul admin-state {enable|disable}
This command lets you enable or disable backhaul functionality regardless of the topology (MP-to-MP, P-to-MP or P-to-P). The default setting is disable. October 11, 2011 Confidential Page 122 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Mesh Mobile Backhaul Mesh This feature extends the BelAir Networks fixed wireless infrastructure onto high-speed vehicles such as trains, buses, police and fire vehicles, and ambulances. Refer to Figure 6. Figure 6: Mobile Backhaul Links Connecting Vehicle Cameras to Roadside Network Roadside Network Mobile Backhaul Mesh Link A BelAir20E with mobile backhaul mesh links can support uninterrupted high-performance broadband connectivity for critical applications, including voice and video, as the vehicle moves throughout the wireless mesh at speeds up to 150 mph (240 kph). In such a deployment, the mobile node, mounted on a vehicle, acts as a subscriber station to a stationary base station node. All mobile subscriber stations and their stationary base stations use the same wireless channel, mobile link identifier and privacy settings. Each mobile subscriber station can have up to three mobile links with three different stationary base station nodes. Mobile links can be either listening or forwarding. Only one of the three mobile links from the subscriber station can be forwarding at a particular moment to a particular stationary base station node. Traffic from the forwarding link is propagated to the rest of the network. The mobile subscriber station constantly determines the relative link quality of all its links based on several factors, including signal strength, aging and failure rates. October 11, 2011 Confidential Page 123 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Mesh When the mobile subscriber station determines that a listening link has a better link quality than the current forwarding link, it changes the link state so that the listening link with the higher quality becomes forwarding. These look ahead and make before break handover schemes allow the BelAir20E with mobile backhaul mesh links to provide uninterrupted support for a wide variety of applications, including voice and video. Each base station node can support up to eight links. These can be mobile links or links to other stationary base stations. Mobile links can be either forwarding or listening. If a mobile subscriber station arrives within range of the base station, its forwarding link has precedence over the listening links of the other mobile subscriber stations. The following tasks can be done:
Displaying Mobility Configuration and Status on page 124 Configuring MIMO Operation for Mobile Applications on page 125 Configuring and Enabling Mobile Backhaul Mesh Links on page 125
/interface/wifi-<n>-<m>/show backhaul mobility-path-select-history This command displays the history of a radios mobile path switches for debugging purposes. The displayed information includes an event ID, local RSSI, peer RSSI, failure rate, age time, mobile credit score, peer MAC, peer IP address, and the peer system name. Each radio stores up to 500 entries. The data is not persistent. Configuring Mobile Backhaul Mesh Links Displaying Mobility Configuration and Status Example
/# interface/wifi-1-1/show backhaul mobility-path-select-history 1 1970-01-01 10:46:30 new [-64 -58 0 0 -64 00:0d:67:09:7d:fa 10.1.1.110 BA100T_110]
2 1970-01-01 11:54:44 chg [-57 -63 0 0 -63 00:0d:67:0c:6e:f4 10.1.1.120 BA100tt_120]
3 1970-01-01 12:01:14 chg [-54 -57 0 0 -57 00:0d:67:09:7d:fa 10.1.1.110 BA100T_110]
4 1970-01-01 12:22:30 chg [-55 -63 0 0 -63 00:0d:67:0c:6e:f4 10.1.1.120 BA100tt_120]
5 1970-01-01 12:33:13 chg [-53 -53 0 0 -53 00:0d:67:09:7d:fa 10.1.1.110 BA100T_110]
Additional Configuration Display Commands Refer to the following sections and command descriptions:
Displaying Backhaul Link Configuration on page115 Displaying the Mesh Topology on page118 show rf-survey backhaul, described in the BelAir20E Troubleshooting Guide October 11, 2011 Confidential Page 124 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring MIMO Operation for Mobile Applications Configuring and Enabling Mobile Backhaul Mesh Links Mobile Backhaul Mesh
/interface/wifi-<n>-<m>/set mimo-mode {1x1|1x2|2x2|2x3|3x3}
This command configures the Multiple-Input and Multiple-Output (MIMO) antenna settings for mobility applications using 802.11n radios, such as those for the BelAir20M. In such applications. the 5.8 GHz radio must operate with a MIMO setting of 1x1 while the 2.4 GHz access radio must operate with a MIMO setting of 2x2. Use this command to adjust the MIMO setting of each radio interface as required. The supported modes vary depending on the type of radios in your unit, as follows:
HTM and DRUE radios support only 1x1, 2x2 and 3x3 modes HTME radios support only 1x1 and 2x2 modes DRU radios support only 1x1, 1x2, 2x2 and 2x3 modes Example
/interface/wifi-1-1# set mimo-mode 1x1
/interface/wifi-1-2# set mimo-mode 2x2 The previous commands apply to a BelAir20M where interface wifi-1-1 is for a 5.8 GHz radio while interface wifi-1-2 is for a 2.4 GHz access radio.
/interface/wifi-<n>-<m>/set backhaul mobile
([identifier <link-id>] [role {bs|ss}]
[privacy {{enabled key <pre_shared_key>}|disabled}]
[admin-state {enable|disable}]) This command configures the mobile backhaul link identifier, the role of the node and backhaul privacy. It also lets you enable or disable mobile backhaul mesh functionality. The default setting is disable. The mobile backhaul link identifier identifies all members of a particular mobile backhaul mesh. The <link_id> parameter is case sensitive and can be up to 32 alphanumeric characters. A suitable link identifier is short phrase unique to the mobile backhaul mesh. When configuring a particular mobile backhaul mesh, you must configure all members to have:
the same channel. Refer to Operating Channel on page 74 for the appropriate command the same mobile link identifier the same privacy settings October 11, 2011 Confidential Page 125 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Mesh As well, you must meet the requirements for the P-to-MP topology listed in Table 11 on page 117. The privacy setting determines whether AES privacy is used or not. The pre-shared key must be exactly 32 bytes long (16 characters). The pre-shared key can be specified as a hexadecimal or ASCII string and must not contain the following characters:
bar (|) question mark (?) double quotation mark () semicolon (;) Example 1 - Mobile Node
/interface/wifi-1-1# set backhaul mobile identifier test100m role ss
/interface/wifi-1-1# set backhaul mobile admin-state enable Example 2 - Stationary Node
/interface/wifi-1-1# set backhaul mobile identifier test100m role bs
/interface/wifi-1-1# set backhaul mobile admin-state enable October 11, 2011 Confidential Page 126 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links Mobile Backhaul Point-to-point Links This feature extends the BelAir Networks fixed wireless infrastructure onto low-speed vehicles such as ships travelling near a sea port. A BelAir node with mobile backhaul point-to-point links provides redundant high-performance broadband connectivity. In such a deployment, the mobile node mounted on a ship acts as a subscriber station to a stationary base station node mounted on shore. A subscriber station searches for base station links on a pre-defined set of channels. It creates up to two links, a primary link and a secondary link, when it finds a base station advertising available links with an appropriate mobile link identifier and privacy settings. Once a primary link and a secondary link are created, one is used for active communications while the other acts as a standby. If the signal strength of the active link falls below a threshold, then the standby becomes the primary link and the subscriber station searches for a new secondary link. If performance degrades on the active and standby links, the subscriber station searches for new base station links with better signal strength. In addition to providing mobile links, a base station node can also provide links to other stationary base stations. Mobile link pairs can only be used by one subscriber station. The links of a base station are configured to operate on one channel only. The user defines a channel list that determines the channels that the subscriber station uses to scan for base station nodes. Subscriber stations support partial matches to the mobile link identifier. For example, a subscriber station scanning for a mobile identifier of mobilityTest accepts a base station link advertising a mobile link identifier of mobilityTestBsLink28. The set home-check CLI command forces a subscriber station to connect to specific base station links. When home check is enabled, the subscriber station accepts only base station links that advertise a mobile link identifier that is exactly the same as the subscriber stations home-check identifier. If the mobile backhaul units (subscriber stations and their stationary base stations) are part of a larger network of BelAir equipment, make sure the October 11, 2011 Confidential Page 127 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links Scanning Process mobile link identifiers and mobile channels are not used elsewhere in the network. If a neighboring stationary subscriber station uses a link identifier and channel similar to a mobile subscriber station, then it can interfere with the creation of links between the mobile backhaul units. With mobile backhaul point-to-point links, the base station is passive. The subscriber station determines whether or not to connect or disconnect from a base station. If a connection is lost, then the subscriber station starts its scanning process. If a subscriber station scans for available links when either member of its mobile link pair is disconnected from a base station. It scans all configured channels looking for available base station links. The subscriber station selects the link with a matching mobile link identifier and the best signal strength. If another link in the subscriber station is using a channel in the configured channel list, then this channel is skipped by the scanning process. Once connected, the subscriber station does not scan again until the connection is lost. Sample Subscriber Station Configuration 1 Configure the topology and privacy settings, and enable each Wi-Fi interface.
/interface/wifi-2-1# set backhaul link topology p2p privacy disabled
/interface/wifi-2-1# set backhaul admin-state enabled 2 Disable RSTP dynamic cost for each backhaul link. The mobility service manages link cost.
/protocol/rstp# set interface wifi-2-1 dynamic-cost disable 3 Configure the mobile backhaul point-to-point links. a Specify the mobile link identifier with the set network-identifier command.
/services/mobility# set network-identifier mobilityTest b Specify the topology and role.
/services/mobility# set topology p2p-mobile role SS c Define the channels expected from the shore links. Up to eight lists can be defined.
/services/mobility# add scan-list 2 148,61,151 October 11, 2011 Confidential Page 128 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links d Set release 7 compatibility to yes if this node is connecting to a shore unit running Release 7.1.0 software.
/services/mobility# set release-7-compatibility no e Optionally set the RSSI threshold. The minimum parameter specifies the minimum signal strength required to connect. The switch parameter defines the signal strength level at which a link switch occurs, provided the secondary link is better by at least the specified margin set and has an signal strength better than secondary. If the secondary link falls below the secondary threshold, the subscriber station begins scanning with its third or fourth radio if they exist.
/services/mobility# set RSSI minimum -85 margin 5 switch -70 secondary -75 f Enable scanning by connecting the Wi-Fi interfaces to the appropriate scan-list.
/services/mobility# connect scan-list 1 wifi-2-1 4 Display the configuration and correct any settings as required. Use following commands as required. a Display the mobility configuration.
/services/mobility# show config Topology : point-to-point Role : SS Rel 7 : False Network Id : mobilityTest Home Check : Disable Link Id: AutoconfSSID RSSI : minimum margin switch secondary
(dbm) : -85 5 -70 -75 b Display the scan lists.
/services/mobility# show scan-list 2 Scan list [2] channels:
61 148 151 Scan list [2] used by:
wifi-2-1 (5GHz 802.11a) wifi-3-1 (5GHz 802.11a) c Display the links detected by scanning.
/services/mobility# show available-infra October 11, 2011 Confidential Page 129 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links wifi-2-1 (MRMv1 4.4GHz 802.11n) scan list Mac Address CH ANT RSSI(dBm) AVL-BS ENBL-BS NET-ID-MATCH Age MESH ID
00:0d:67:09:c4:79 91 1 -58 Yes Yes Yes 0 mobilityTest current time: 01:06:30 last scan time: 21:01:38 wifi-3-1 (MRMv1 4.4GHz 802.11n) scan list Mac Address CH ANT RSSI(dBm) AVL-BS ENBL-BS NET-ID-MATCH Age MESH ID
00:0d:67:09:c6:b9 107 1 -67 Yes Yes Yes 0 mobilityTest current time: 01:06:30 last scan time: 20:59:03 The show available-infra command displays detected channel links and base station MAC addresses. Use AVL-BS (link not in use by another node), ENBL-BS (base station mode enabled) and NET-ID-MATCH
(match with shore unit) to determine why some links may not connect. d Perform a backhaul survey.
/interface/wifi-2-1# show rf-survey backhaul mac addr ch RSSI age priv topo role linkIdx identifier
(dbm) (s) 12345678
00:0D:67:00:B2:47 151 -42 0 none P-to-P -- -------- mobilityTest noise floor: ................. -91 (dbm) e Display the status of the primary and secondary links.
/services/mobility# show link-state LINK ROLE INTERFACE CH RSSI MESH ID NODE IP NODE NAME
Primary wifi-3-1 148 -44 mobilityTest 10.1.1.13 ba100tBSmode Secondary wifi-2-1 151 -40 mobilityTest 10.1.1.209 BA200CEM209 Sample Base Station Configuration 1 Configure the topology and privacy settings, and enable each Wi-Fi interface. Make sure to specify the mobile link identifier, specified with the set network-identifier command on the subscriber station.
/interface/wifi-3-1# set backhaul link identifier mobilityTest topology p2p privacy disabled
/interface/wifi-3-1# set backhaul admin-state enabled 2 Disable RSTP dynamic cost for each backhaul link. The mobility service manages link cost.
/protocol/rstp# set interface wifi-3-1 dynamic-cost disable 3 Configure the mobile backhaul point-to-point links. a Specify the topology and role.
/services/mobility# set topology p2p-mobile role bs October 11, 2011 Confidential Page 130 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links b Add links needed to support service
/services/mobility# add interface wifi-3-1 Note: The scan-list, release-7-compatibility and RSSI thresholds parameters and apply only to subscriber stations. The show available-infra command applies only to subscriber stations. 4 Display the configuration and correct any settings as required. Use following commands as required. a Display the mobility configuration.
/services/mobility# show config Topology : point-to-point Role : BS Rel 7 : False Network Id : ..... BS OOS broadcast : Enabled BS OOS timeout : 180 (s) Home Check : Disable Link Id: AutoconfSSID RSSI : minimum margin switch secondary
(dbm) : -85 5 -70 -75 b Display the interface list.
/services/mobility# show interface-list Mobility BS Interfaces:
wifi-2-1 wifi-3-1 c Display the backhaul status.
/interface/wifi-2-1# show backhaul status Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:09:c4:79 up fwd -59 wifi-2-1 10.1.1.208 ba200-ShoreA d Perform a backhaul survey.
/interface/wifi-2-1# show rf-survey backhaul mac addr ch RSSI age priv topo role linkIdx identifier
(dbm) (s) 12345678
00:0D:67:00:44:49 151 -27 0 none P-to-P -- -------- mobilityTest noise floor: ................. -96 (dbm) October 11, 2011 Confidential Page 131 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Commands Commands are available to do the following tasks:
Mobile Backhaul Point-to-point Links Displaying Mobile Backhaul Point-to-point Configuration on page 132 Displaying Link Status on page 132 Displaying Scan Results on page 133 Managing Interfaces on page 133 Managing the Scan List on page 134 Associating a Scan List to an Interface on page 134 Configuring RSSI Threshold on page 134 Primary Link Drop on page 135 Mobile Link Identifier on page 135 Home Check on page 135 Base Station Out-of-service Check on page 135 Release 7 Compatibility on page 136 Displaying Mobile Backhaul Point-to-point Configuration Single Channel Mesh on page 136
/services/mobility/show config This command displays the current mobile backhaul point-to-point configuration. Example
/services/mobility# show config Topology : point-to-point Role : SS Rel 7 : False Network Id : mobilityTest BS OOS broadcast : Enabled BS OOS timeout : 180 (s) Home Check : Disable Link Id: AutoconfSSID RSSI : minimum margin switch secondary
(dbm) : -85 5 -70 -75
/services/mobility/show link-state This command displays the status of the primary and secondary links. Displaying Link Status October 11, 2011 Confidential Page 132 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links Example
/services/mobility# show link-state LINK ROLE INTERFACE CH RSSI MESH ID NODE IP NODE NAME
Primary wifi-3-1 148 -44 mobilityTest 10.1.1.13 ba100tBSmode Secondary wifi-2-1 151 -40 mobilityTest 10.1.1.209 BA200CEM209 Displaying Scan Results
/services/mobility/show available-infra This command displays detected channel links and base station MAC addresses. Use AVL-BS (link not in use by another node), ENBL-BS (base station mode enabled) and NET-ID-MATCH (match with shore unit) to determine why some links may not connect. Example
/services/mobility# show available-infra wifi-2-1 (MRMv1 4.4GHz 802.11n) scan list Mac Address CH ANT RSSI(dBm) AVL-BS ENBL-BS NET-ID-MATCH Age MESH ID
00:0d:67:09:c4:79 91 1 -58 Yes Yes Yes 0 mobilityTest current time: 01:06:30 last scan time: 21:01:38 wifi-3-1 (MRMv1 4.4GHz 802.11n) scan list Mac Address CH ANT RSSI(dBm) AVL-BS ENBL-BS NET-ID-MATCH Age MESH ID
00:0d:67:09:c6:b9 107 1 -67 Yes Yes Yes 0 mobilityTest current time: 01:06:30 last scan time: 20:59:03 Managing Interfaces
/services/mobility/add interface <interface-name>
/services/mobility/del interface <interface-name>
/services/mobility/show interface-list These commands let you manage which interfaces are in the mobile backhaul point-to-point configuration. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. Example
/services/mobility# show interface-list Mobility BS Interfaces:
wifi-2-1 wifi-3-1 October 11, 2011 Confidential Page 133 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Managing the Scan List Associating a Scan List to an Interface Configuring RSSI Threshold Mobile Backhaul Point-to-point Links
/services/mobility/add scan-list <1-8> <chan_nums>
/services/mobility/add scan-list <1-8> <chan_nums>
/services/mobility/show scan-list {<1-8>|all}
These commands let you manage the contents of up to eight scan lists. Example
/services/mobility# show scan-list 2 Scan list [2] channels:
61 148 151 Scan list [2] used by:
wifi-2-1 (5GHz 802.11a) wifi-3-1 (5GHz 802.11a)
/services/mobility/connect scan-list <1-8> <interface-name>
/services/mobility/disconnect scan-list <1-8> <interface-name>
These commands let you manage which interface uses which scan list. The <interface-name> parameter specifies a particular interface, such as wifi-2-1.
/services/mobility/set rssi [minimum <-100 - 0>]
[margin <5 - 20>]
[switch <-100 - 0>]
[secondary <-100 - 0>]
This command lets you configure the RSSI parameters that the BelAir20E use to determine the viability of creating primary and secondary links. The minimum parameter specifies the minimum signal strength required to connect. The switch parameter defines the signal strength level at which a link switch occurs, provided the secondary link is better by at least the specified margin set and has an signal strength better than secondary. If the secondary link falls below the secondary threshold, the subscriber station begins scanning with its third or fourth radio if they exist. Example
/services/mobility# set RSSI minimum -85 margin 5 switch -70 secondary -75 October 11, 2011 Confidential Page 134 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Primary Link Drop Mobile Link Identifier Home Check Base Station Out-of-service Check Mobile Backhaul Point-to-point Links
/services/mobility/set p2p-mobile drop-primary-at-min-rssi
{true|false}
Once a link has been established based on the RSSI threshold parameters, the BelAir20E can maintain the link, even if the signal strength drops below the minimum threshold setting. This commands let you configure this feature. If set to false, the BelAir20E maintain the link even when the signal strength drops below the minimum threshold setting. If set to true, the BelAir20E drops the link.
/services/mobility/set network-identifier <net_id>
This command lets you configure a mobile link identifier, consisting of up to 20 characters. Example
/services/mobility# set network-identifier mobilityTest
/services/mobility/set home-check {enabled|disabled} <home_id>
This command lets you configure and activate the home check feature which forces a subscriber station to connect to specific base station links. When home check is enabled, the subscriber station accepts only base station links that advertise a mobile link identifier that is exactly the same as the subscriber stations home-check identifier. The specified home-check identifier can of up to 20 characters.
/services/mobility/set bs-oos-timeout <time-out>
/services/mobility/set bs-oos-broadcast {enabled | disabled}
These commands apply to base stations only. They let you configure and activate the behavior when the base station can no longer egress traffic to an outside network. The <time-out> parameter is a timer in seconds. Values range from 60 to 86400. The default value is 300 seconds. These commands work in conjunction with the set system-egress-point command described in Setting the Network Egress Point on page 54:
If the system egress point is set to direct, then the base station out-of-service timer starts when the Ethernet link becomes unavailable. If the timer expires and the Ethernet link is still unavailable, then the base station is taken out of service by prepending bsOutOfService to the mobile link identifier. October 11, 2011 Confidential Page 135 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links If the system egress point is set to indirect with a gateway IP address, then the base station pings the gateway IP address and starts the out-of-service timer if it does not receive a reply. If the timer expires and the gateway still does not reply, then the base station is taken out of service by prepending bsOutOfService to the mobile link identifier. Release 7 Compatibility
/services/mobility/set release-7-compatibility {true|false}
Single Channel Mesh This command lets you connect a subscriber station to a base station running Release 7.1.0 software.
/services/mobility/set single-channel-mesh ([channel <chan_no>]
[link-id <link_id>]
[privacy {{enabled key <random_str>}|disabled}]
[allow-multi-links {yes|no}]) Normally, BelAir units create a wireless mesh between themselves using multiple radio channels to avoid radio interference. However, in some mobile applications, in may be desirable to have all radios use a single channel. Such an application requires that all radios use directional antennas and are correctly positioned to avoid radio interference. This command allows you to configure such an application, where all radios use a single channel. This command must be invoked on each node in the mesh. The <chan_no> parameter allows you to specify which channel to use. The <link_id> parameter is case sensitive and can be up to 32 alphanumeric characters. BelAir Networks recommends that the link identifier describes the link; that is, the nodes it connects. The privacy setting determines whether AES privacy is used or not. The pre-shared key must be exactly 32 bytes long (16 characters). The pre-shared key can be specified as a hexadecimal or ASCII string and must not contain the following characters:
bar (|) semicolon (;) question mark (?) double quotation mark () The allow-multi-link setting determines whether both a primary and secondary links are created between each node in the mesh or just a primary. Multiple links increase redundancy, but in a single channel mesh application may limit the number of inter-connected nodes. The default is no. October 11, 2011 Confidential Page 136 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mobile Backhaul Point-to-point Links When a single channel mesh is created, the resulting links are simple point-to-point backhaul links, as described in Wi-Fi Backhaul Link Configuration on page 115. Typical mobile backhaul point-to-point notions, such as scan-lists, RSSI thresholds, and primary and secondary links, do not apply to them. October 11, 2011 Confidential Page 137 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Operating in High Capacity and Interference Environments High Capacity and Interference (HCI) environments usually have the following characteristics:
high number of wireless clients in a relatively small geographic area wireless traffic is restricted to relatively few wireless APs sudden surges of demand for connectivity building structure or geometry may restrict connectivity Stadiums and other sports venues are typical examples. In such locations when a sports event occurs, several thousand wireless clients can suddenly request connectivity to a network of Wi-Fi Access Points. The BelAir20E provides several features that you can adjust to optimize performance in such an environment. These include:
Modulation Rate Control, described on page 139 VLAN based QOS, described on page 139 Traffic Priority Based on Modulation Rate, described on page 140 No SSID on Egress Down, described on page 140 Ethernet Port Statistics, described on page 140 Access Receive and Transmit Error Statistics with SNMP Support, described on page 141 Noise Floor Support, described on page 141 Access Packet RSSI Filter, described on page 141 Effective Mesh Path Selection, described on page 141 Blacklist SNMP Support, described on page 141 Client Association Records, described on page 142 CTS-to-Self Control, described on page 142 DHCP to Attached Clients Only, described on page 142 ARP to Attached Clients Only, described on page 142 Upstream Broadcast Filter, described on page 142 October 11, 2011 Confidential Page 138 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Secure Port Mode, described on page 143 Wireless Bridging, described on page 143 Client Load Balancing, described on page 143 Client Authentication History, described on page 144 Automatic Mesh Connect, described on page 144 Traffic Test Tool, described on page 144 Modulation Rate Control This feature allows the operator to directly control the allowed modulation rates (and select the basic rates). This increases network efficiency in HCI environments through the following effects:
VLAN based QOS Collisions cause retransmissions that usually occur at a reduced modulation rate. Ongoing collisions reduce the starting modulation rate for packets. Use this feature to eliminate lower modulation rates and put a lower bound on this effect. Eliminating lower modulation rates also eliminates distant clients (low RSSI) and clients in high noise areas (low SNR). For details, see AP Custom Rates on page 81. This feature allows the operator to control the relative priority of traffic on a per-VLAN basis. By mapping certain VLANs onto higher priorities in HCI environments, the traffic on those VLANs can obtain preferential access to the airwaves at the expense of other traffic which is forced to wait. The usefulness of this feature is limited if the overlap of the BelAir APs is significant. It is most effective when overlap is small and the interference comes from third-party APs. The relevant commands are:
/interface/wifi-<n>-<m>/set ssid <ssid>
service-set-identifier <ssid-name> broadcast vlan <vlan-id>, described in detail in Configuring SSIDs on page 91.
/qos/set vlan-to-queue-mapping <vlan-id> <queue-id>, described in detail in Prioritizing Traffic using VLAN IDs on page 178. October 11, 2011 Confidential Page 139 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Traffic Priority Based on Modulation Rate No SSID on Egress Down Ethernet Port Statistics Operating in High Capacity and Interference Environments A Wi-Fi AP sorts traffic according to priority and transmits it by priority in order of arrival. Different QOS schedulers (EDCA, LSPQ, SPQ) result in different performance for the various priorities. This feature applies a priority based on modulation rate on top of the QOS priority. It tries to give clients equal amounts of air-time instead of equal numbers of packets. The result in HCI environments is that more packets are sent to clients who are using higher modulation rates, increasing the effective bandwidth. For details, see Rate Aware Fairness on page 78. When this feature is enabled, all SSIDs on a radio can be modified with a text string, such as outOfService, when a node loses its egress connection. In HCI environments, this feature prevents traffic from being uselessly directed to a node which can not successfully forward it. This feature can be enabled or disabled on per radio basis. The text string can be configured on a per-SSID basis. The relevant commands are:
/interface/wifi-<n>-<m>/set ap-oos-broadcast
{enabled|disabled} [option {replace|prepend}] and /interface/
wifi-<n>-<m>/set ssid <ssid-number> ap-oos-identifier
<oos_string> described in detail in Out-of-service Advertising on page 95.
/system/set system-egress-point {yes {direct|indirect gateway-ip <ip_addr>}|no} described in detail in Setting the Network Egress Point on page 54. Ethernet port statistics are available for the BelAir200, BelAir100, BelAir100C and BelAir100T. In HCI environments, these statistics measure the traffic passing through the node if its Ethernet port is connected to an external network. The relevant command is /interface/eth-1-1/show statistics, described in detail in the Troubleshooting Guide. The output includes:
received octets, unicast packets, multicast packets, broadcast packets and discarded packets transmitted octets, unicast packets, multicast packets and broadcast packets October 11, 2011 Confidential Page 140 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Access Receive and Transmit Error Statistics with SNMP Support BelAir radios provide extensive statistics for insight into network behavior and to guide network optimization. The relevant commands are:
/interface/wifi-<n>-<m>/show statistics
/interface/wifi-<n>-<m>/show pm
/interface/wifi-<n>-<m>/show client These commands are described in detail in the Troubleshooting Guide. Noise Floor Support In HCI environments, accurate noise floor data is critical for channel planning and to interpret performance statistics. Noise floor reporting is available through SNMP for all radios:
For newer radios, such as the ERMv5, instantaneous and average noise floors are reported. For older radios, such as the ARMv3, instantaneous and average noise floors are reported but the value is the same for both. SNMP reports the average noise floor value. You can also use the command /interface/wifi-<n>-<m>/show rf-survey, described in detail in the Troubleshooting Guide, to show the instantaneous noise floor. This feature blocks clients from associating if their RSSI is below a threshold value. This prevents clients that would be forced to use a low modulation rate from associating. In an HCI environment, contention is already high so it is preferable to exclude clients that make inefficient use of air-time. Higher modulation rates are strongly preferred in HCI environments. BelAir Networks mesh path selection software favors paths with good RSSI, and therefore higher modulation rates, even at the cost of a few more hops. Field testing has shown increasing the number of hops may increase airtime slightly, but using a path with poor RSSI can increase the airtime significantly as the modulation rate decreases with poor RSSI. Access Packet RSSI Filter Effective Mesh Path Selection Blacklist SNMP Support BelAir nodes support adding and deleting backhaul blacklist members through SNMP. This allows operators using BelView Network Management System October 11, 2011 Confidential Page 141 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Client Association Records CTS-to-Self Control
(NMS) Release 6 or later to override the mesh paths selected by particular BelAir nodes to optimize performance. In HCI environments, client associations are often of short duration and the connection data is discarded rapidly to support newer clients. This causes some associations to be missed by the polling cycle of the NMS. To increase the measurability of the network, BelAir nodes maintain a circular buffer containing information, such as client MAC and IP address, RSSI, and connection duration, about current and recently associated clients. These client records can be used to assist the NMS. Normally, an 802.11g AP uses CTS-to-self to interact with 802.11b APs. The transmitted packet is small, but in HCI environments the accumulated effect is a substantial performance penalty. This feature disables 802.11b protection for the radio, maximizing the throughput for wireless clients that operate in the 2.4 GHz range. This feature improves performance if there are only a few 802.11b clients present and they are not generating large amounts of traffic. If not, the 802.11b clients may generate substantial numbers of collisions and actually impair traffic. For details, see 802.11b Protection on page 98. DHCP to Attached Clients Only This feature prevents the radio from forwarding DHCP responses for MAC addresses that are not used by an associated client, thus reducing the number of transmitted packets and improving bandwidth use. This feature is always enabled. ARP to Attached Clients Only This feature prevents the radio from forwarding ARP requests for IP addresses that are not used by an associated client, thus reducing the number of transmitted packets and improving bandwidth use. For details, see ARP Filtering on page 97. Upstream Broadcast Filter When enabled, this feature limits the types of multicast and broadcast packets passed through the AP:
In the upstream direction (from the client), only ARP requests, DHCP requests and DHCP discover messages are allowed. October 11, 2011 Confidential Page 142 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Secure Port Mode In the downstream direction (to the client), only ARP response, DHCP offer, DHCP ACK, and DHCP NAK are allowed. In HCI environments, this feature reduces the overall traffic load by reducing broadcast flooding throughout the network. For details, see Filtering Broadcast and Multicast Packets on page 96. Secure port mode forces all client communications to be directed toward a specified MAC address or group of MAC addresses. It also prevents a client claiming to be one of these MAC addresses from associating. In HCI environments, this feature forces all traffic to flow to or from the network gateway. This can be used to allow traffic policy enforcement. It prevents direct inter-client communication that could load down the network. For details, see Controlling Inter-client Communication on page 110, Wireless Bridging The wireless bridging feature allows traffic to be forwarded directly from one client to another within the AP. In HCI environments, it should be disabled. As with secure port mode, this feature controls whether all traffic flows to the network gateway and can be used to allow traffic policy enforcement. It prevents client-to-client direct communication that could load down the network. For details, see Controlling Inter-client Communication on page 110, Client Load Balancing BelAir nodes allow you to configure the maximum number of associated clients per radio. If the number of associated clients exceeds the configured value, new clients are not allowed to connect. In HCI environments, limiting the number of associated clients:
reduces the number of collisions. (Each client attempts to transmit after a random back-off. With many clients the probability of collision is greatly increased.) limits the total traffic offered forces traffic to be distributed over different APs operating on different channels For details, see Wireless Client Load Balancing on page 85. October 11, 2011 Confidential Page 143 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in High Capacity and Interference Environments Client Authentication History Automatic Mesh Connect Traffic Test Tool This feature lets the operator display the details of the association and authentication process of the clients connected to the AP. In HCI environments, it can be used to troubleshoot client issues and determine how much success clients are having when attempting to access and use the network. The relevant command is /interface/wifi-<m>-<n>/show authentication history [mac <mac-address>], described in detail in the Troubleshooting Guide. This feature allows BelAir APs to automatically reconnect to a network if they lose their egress connection. A cluster of meshed nodes may lose their egress connection if the ethernet connection to the exterior network fails or if a node fails. In this case, a member of the cluster looks for an alternate mesh to join and reconnect the isolated cluster. In HCI environments, this feature can be used for rapid deployment of a network. The APs in a network can be grouped by shared backhaul link identifier into a cluster. Multiple clusters can be deployed to control traffic flows and optimize backhaul performance. As soon as one AP in each cluster has an egress path, the whole cluster has egress. In the event that an egress fails, a cluster can self-repair by reconnecting to one of the other mesh clusters. This tool provides an internal mechanism to measure the available traffic capacity of the network. The tool reports the throughput on a hop-by-hop basis from the node under test to the destination IP address (another node in the network). In HCI environments, this tool can be used to test the network deployment during the commissioning phase. It can be used to determine the theoretical capacity of the network and identify poorly performing links. The relevant command is:
/diagnostics/test link IP <end point IP address>
rate <traffic rate>
[update_interval <report interval>]
[duration <test duration>]
[dir {tx|rx|both}]
The command is described in detail in the Troubleshooting Guide. October 11, 2011 Confidential Page 144 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide DHCP Relay Settings DHCP Relay Settings This chapter describes how to configure your units DHCP Relay agent settings. You can configure up to five profiles for the DHCP Relay agent on your BelAir20E. Each profile specifies a subnet interface, which can be either the nodes system interface or a VLAN. The DHCP server assigns an IP address to the client according to the subnet of this interface. Each profile also contains the IP addresses for up to three DHCP servers. When a profile is activated, the DHCP agent forwards a DHCP request to all the listed servers. The DHCP client receives packets from the first server to respond to the request. Profiles offer an easy way of configuring different DHCP servers for each subnet interface. Your BelAir20E can also add BelAir Networks specific information to the DHCP packets sent to the wireless client. Finally, you can create a list of valid IP address subnets to filter out unwanted directed and broadcast DHCP packets from your wireless network. The following topics are covered in this chapter:
Displaying the DHCP Relay Configuration on page 145 Modifying DHCP Relay Parameters on page 146 Interface Administrative State on page 147 Assigning SSID Traffic to Use DHCP Relay on page 147 DHCP Address Filtering on page 147 See also Providing Vendor Specific Information on page 93. Displaying the DHCP Relay Configuration
/protocol/dhcp/show config [{relay {all|<relay-idx>}} |
{dhcp-allowed-subnet {all|<index 1-32>}}]
The show config command displays DHCP Relay configuration:
Use show config to display information for all DHCP Relay profiles and all configured DHCP allowed subnet entries. October 11, 2011 Confidential Page 145 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide DHCP Relay Settings Use show config relay all to display information for all DHCP Relay profiles only. Use show config relay <relay-idx> to display information on the specified DHCP Relay profile. Use show config dhcp-allowed-subnet all to display all configured DHCP allowed subnet entries. Use show config dhcp-allowed-subnet <index 1-32> to display information on the specified DHCP allowed subnet entry. Example
/protocol/dhcp# show config Idx En DHCP Relay Info
1 * Server[1] IP: 10.1.1.88 Interface: System 2 * Server[1] IP: 10.1.100.88 Interface: Vlan-100 3 * Server[1] IP: 10.1.200.88 Interface: Vlan-200 4 No server configured 5 No server configured Modifying DHCP Relay Parameters
/protocol/dhcp/set relay <relay-idx> server-addr-1 <ip-addr>
[server-addr-2 <ip-addr>]
[server-addr-3 <ip-addr>]
interface {system | vlan <vlan-id>}
/protocol/dhcp/del relay <relay-idx> server <server-idx>
The set relay command creates a DHCP Relay profile or modifies an existing one. It configures the IP addresses of the DHCP servers to which the Relay Agent needs to forward the packets from the client. You must specify at least one DHCP server IP address and the type of interface; either system or a VLAN. The VLAN must be a valid VLAN management interface. The vlan_id parameter specifies that traffic be directed to the specified Virtual LAN (VLAN). The VLAN ID is an integer from 1 to 2814. The del relay command removes only one IP address from each profile. To completely clear a profile, you must use the del relay command up to three times. Before clearing the profile, you must first make sure that no SSID is using that profile. October 11, 2011 Confidential Page 146 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Interface Administrative State Assigning SSID Traffic to Use DHCP Relay DHCP Address Filtering DHCP Relay Settings
/protocol/dhcp/set relay <relay-idx> admin-state {enabled|disabled}
This command allows you to activate individual DHCP relay profiles. When enabled, the Relay Agent forwards the packets from the client to the DHCP servers specified in the profile.
/interface/wifi-<n>-<m>/set ssid <ssid_index> dhcp-relay
{disabled | enable <relay-idx>}
This command assigns which SSID traffic uses the nodes DHCP relay functionality. Perform this step after the DHCP Relay profile is added and enabled. Once DHCP relay functionality is enabled for the SSID, your BelAir20E automatically adds DHCP Option 82 information (that is, relay agent information) to the DHCP packets for that SSID sent to the wireless client and DHCP server. For details, see Providing Vendor Specific Information on page 93. The ssid_index parameter is an integer from 1 to 8. Use the show ssid table command to determine <ssid_index>.
/protocol/dhcp/set dhcp-allowed-subnet <index 1-32)>
ip_addr <ip_addr> netmask <random_str>
/interface/wifi-<n>-<m>/add ssid <ssid_index>
dhcp-allowed-subnet <index 1-32>
/interface/wifi-<n>-<m>/del ssid <ssid_index>
dhcp-allowed-subnet {<index 1-32> | all}
/interface/wifi-<n>-<m>/set ssid <ssid_index>
dhcp-addr-filter {enabled | disabled}
/interface/wifi-<n>-<m>/show dhcp-allowed-subnet {all | <index 1-32>}
This feature reduces unnecessary or unwanted directed and broadcast DHCP packets from your wireless network. First, use the /protocol/dhcp/set command to generate a list of valid IP subnets and masks for this node. Your list can contain up to 32 members. To remove an entry from the list, set the IP address and the mask to 0.0.0.0. Then, use the /interface/wifi-<n>-<m>/add command to assign a member of that list to an SSID. The ssid_index parameter must be a valid SSID index. Use the /interface/wifi-<n>-<m>/add command repeatedly to add more than one entry to an SSID. Each SSID can have up to 32 entries. Entries for different SSIDs can overlap. October 11, 2011 Confidential Page 147 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide DHCP Relay Settings When a Wi-Fi client sends DHCP Request packets and the requested IP addresses are not within the allowed subnet entries for the SSID, the BelAir AP intercepts the Request and sends a DHCP NAK response. Use the equivalent /interface/wifi-<n>-<m>/del command to remove a subnet entry from an SSID. The /interface/wifi-<n>-<m>/set command allows you to enable or disable DHCP address filtering on individual SSIDs. Use the /interface/wifi-<n>-<m>/show ssid (ssid_index> config command to display whether DHCP address filtering is enabled for the SSID and the allowed subnets for the SSID. October 11, 2011 Confidential Page 148 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Network Address Translation Network Address Translation Network Address Translation (NAT) allows the BelAir20E to modify network address information in packet headers to remap a given address space into another. This technique can hide several private network IP addresses behind a single IP address in another public address space. The BelAir20E implements NAT IP masquerading, where the BelAir20E acts as a DHCP server to assign IP addresses in the private network starting from a specified base IP address. NAT applies only to traffic entering and leaving the BelAir20E through its Ethernet interface. The BelAir20E lets you configure up to eight NAT address scopes. For each scope, you can associate different VLAN traffic, a different base IP address and different DHCP lease settings. You can use NAT with or without Universal Access Method (UAM) to provide user authentication, client authentication and accounting information. For details on configuring and enabling UAM, see Universal Access Method on page 154. If you use NAT with UAM, ensure that the same VLANs are configured in both NAT scopes and UAM scopes. The BelAir20E can provide both NAT and Layer 2 tunnels. User traffic separation is based on VLANs. If you use both NAT and Layer 2 tunnels, make sure that your VLANs are mapped to either an NAT scope or a Layer 2 tunnel, but not both. Refer to Using Layer 2 Tunnels on page 163 for a description of Layer 2 tunnels. The following tasks can be done:
Displaying the Operational Status on page 150 Displaying the Current DHCP Lease Status on page 150 Displaying the DHCP Lease History on page 150 Configuring Network Address Translation on page 151 Preventing Node Management from within the Scope on page 151 Enabling or Disabling Individual Scopes on page 152 Changing NAT Admin State on page 152 Managing Nodes in a NAT Cluster on page 152 October 11, 2011 Confidential Page 149 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying the Operational Status Displaying the Current DHCP Lease Status Displaying the DHCP Lease History Network Address Translation
/protocol/nat/show status This command displays NAT operational status and settings. Example
/protocol/nat# show status NAT admin state is DISABLED, oper state is NOT RUNNING Egress interface - eth-1-1 Dns1: undefined Dns2: undefined DHCP scopes:
Num Status VLAN IP subnet Lease(min) Mgmt
1 enabled untg 192.168.5.0 60 no 2 disabled 0 0.0.0.0 0 no 3 disabled 0 0.0.0.0 0 no 4 disabled 0 0.0.0.0 0 no 5 disabled 0 0.0.0.0 0 no 6 disabled 0 0.0.0.0 0 no 7 disabled 0 0.0.0.0 0 no 8 disabled 0 0.0.0.0 0 no
/protocol/nat/show dhcp-leases This command displays DHCP lease status and settings. Example
/protocol/nat# show dhcp-leases IP address MAC address State
Scope 1 192.168.5.254 00:0d:67:10:e8:1a Scope 2
--- no entries ---
/protocol/nat/show leases history This command displays DHCP lease history. October 11, 2011 Confidential Page 150 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Network Address Translation Example
/protocol/nat# show leases history IP address MAC address Lease & State
192.168.5.254 00:0d:67:10:e8:1a starts 2 2009/08/04 12:04:24 - State active 192.168.5.254 00:0d:67:10:e8:1a starts 2 2009/08/04 12:34:24 - State active Configuring Network Address Translation
/protocol/nat/set scope <index (1-8)>
dhcp-server {untagged | vlan <vlan_id>}
based-ip <IP_addr>
lease-time <minutes>
[num-entries <number>]
This command lets you configure the NAT settings for each address scope. The dhcp-server setting lets you specify which VLAN traffic to associate to the scope. The untagged setting specifies that the scope applies only to untagged traffic. The vlan <VLAN ID> settings specifies that the scope applies only to traffic with that VLAN ID. VLAN IDs cannot be shared across different scopes. The default setting is untagged. Refer to Layer 2 Network Configuration on page 183 for more information on VLAN configuration. The based-ip setting lets you specify the base IP address for the scope. Use xx.xx.xx.0 as the format. Once specified, the BelAir20E IP address becomes xx.xx.xx.1 and it begins to allocate addressed from xx.xx.xx.2 to xx.xx.xx.254. The lease-time setting lets you specify the maximum DHCP lease time in minutes for IP addresses supplied by NAT. The default is 60 minutes. Other DHCP server settings are based on those specified in Configuring Dynamic IP Addressing on page 45. The optional num-entries setting lets you specify the maximum number of IP addresses that can be allocated to clients in this scope. Values range from 1 to 253. The default value is 253. By default, scope 1 is preconfigured for untagged VLAN traffic with a base IP address of 192.168.5.0. Preventing Node Management from within the Scope
/protocol/nat/set scope <index (1-8)>
management {enabled | disabled}
This command lets you control whether clients within a particular scope can access the BelAir20Es management interface. The default setting is disabled, meaning that the nodes within that scope cannot access the management interface of the BelAir20E providing NAT. October 11, 2011 Confidential Page 151 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Enabling or Disabling Individual Scopes Changing NAT Admin State Managing Nodes in a NAT Cluster Mac Address to IP Address Mapping Port Forwarding Network Address Translation
/protocol/nat/set scope <index (1-8)>
status {enabled | disabled}
This command lets you enable or disable individual NAT scopes. The default setting is disabled.
/protocol/nat/set admin-state {enabled | disabled}
This command lets you enable or disable NAT functionality. The default setting is disabled. When you enable or disable NAT functionality, you must:
1 Issue the config-save command. See Saving your Changes on page 21 for details. 2 Reboot the node. See Activating a Software Load on page 201 for details. This section describes functions that you can use to manage nodes that are part of a NAT cluster. In a NAT cluster, one BelAir20E serves as an egress point to several other BelAir nodes. The egress BelAir20E uses NAT to provide IP addresses to the BelAir nodes that are cluster members. In such a configuration, the cluster members are normally hidden from network management behind the egress BelAir20E. To help manage the cluster members, you can use the egress BelAir20E functions described in the following sections:
Mac Address to IP Address Mapping on page 152 Port Forwarding on page 152
/protocol/nat/add scope <index (1-8)>
mac-static <MAC_addr> ip <IP_addr)
/protocol/nat/del scope <index (1-8)>
mac-static <MAC_addr> ip <IP_addr) These commands let you specify which IP address to provide to specific cluster members based on their MAC address.
/protocol/nat/add port-fwd protocol {tcp | udp} port <number>
dest-ip <IP_addr> dest-port <number>
/protocol/nat/del port-fwd protocol {tcp | udp} port <number>
dest-ip <IP_addr> dest-port <number>
These commands let you create a port forwarding table for TCP or UDP traffic. If a station managing nodes in a NAT cluster needs to send TCP or UDP traffic October 11, 2011 Confidential Page 152 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Network Address Translation addressed to a particular application (for example, Telnet, web, or SNMP) on particular node within the cluster, it can specify:
the IP address of the egress node as the destination address the port as defined for the application in question for the egress node as the destination port The egress node can then use the port forwarding table to translate the destination port to the correct port and IP address for the intended target node in the cluster. For example, if Node 2 in a cluster has an IP address 182.168.5.2, then to send Telnet (TCP port 23) traffic to Node 2, you must:
1 Define the following port forwarding entry on the egress node:
add port-fwd protocol tcp port XXXX dest-ip 192.168.5.2 dest-port 23 2 Execute the following command on your management station:
telnet Y.Y.Y.Y XXXX where Y.Y.Y.Y is the public IP address of egress node. The port forwarding table can contain up to 32 entries. October 11, 2011 Confidential Page 153 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Universal Access Method The Universal Access Method (UAM) is key element of BelAirs Policy Enforcement Point (PEP) module. UAM is a simple authentication method where a user needs only a Web browser. When a user requests a URL, the request is checked against a series of white lists containing hosts, MAC addresses and protocols. The users request is granted if any of the following conditions are met:
The requested URL or its equivalent IP address is on the host white list. The MAC address of the users client is on the MAC white list. The users request uses DHCP, DNS, ARP or any protocol you put on the protocol white list with the add scope <n> protocol-white-list command. Otherwise, the user is redirected to a Web server that displays a page requesting credentials. The supplied credentials are then sent to a RADIUS authentication server. Once authenticated, the user is redirected to the URL they originally requested. The user can terminate their authenticated session by using functions provided by the Web server (such as a logout button) or by entering the http://1.1.1.1 URL. Note: UAM requires the use of a DNS server to resolve supplied URLs to IP addresses. Finally, through correct provisioning of the RADIUS server, the BelAir20Es implementation of UAM also allows you to enforce client access policies:
It can perform client MAC address authentication when a client associates to the AP, even before the user supplies a URL. It can enforce policies based on the attributes listed in Table 12. Table 12: Attributes for UAM Client Access Policy Enforcement RADIUS Attribute Value used if unspecified by RADIUS Session idle timeout Client session timeout Total client traffic 5 minutes Unlimited Unlimited Maximum downstream client traffic Unlimited October 11, 2011 Confidential Page 154 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Table 12: Attributes for UAM Client Access Policy Enforcement (Continued) RADIUS Attribute Value used if unspecified by RADIUS Maximum upstream client traffic Termination time Unlimited Unlimited As well, UAM can also provide accounting information, again depending on correct provisioning of the RADIUS server. The BelAir20E lets you configure up to eight UAM scopes. For each scope, you can:
create different UAM white lists associate different VLAN traffic gather different session accounting records enforce different client access policies The following tasks can be done:
Displaying the Current Configuration on page 156 Displaying the Operational Status on page 156 Displaying the Client Session Information on page 157 Specifying the Web Server on page 158 Specifying Redirection Variable Pairs on page 159 Specifying the RADIUS Server on page 159 Managing White List Entries on page 159 Associating VLAN Traffic to a Scope on page 160 Performing MAC Address Authentication on page 160 Collecting Accounting Information on page 161 Operating in WAN Mode on page 162 Changing UAM Admin State on page 162 October 11, 2011 Confidential Page 155 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying the Current Configuration Universal Access Method
/services/uam/show config [scope <index (1-8)>]
This command displays the current UAM configuration. Specifying a scope displays just that scope. Note: This command displays only the host, mac and protocol white list entries that you control through the add and del commands. (See Managing White List Entries on page 159.) This commands does not display the white list entries that the BelAir20E automatically tracks internally. Example
/services/uam# show config scope 2 Scope 2 Configuration:
admin state: .................... Enabled mac authentication state:........ Enabled mac authentication password:..... mac authentication success redirect:Enabled mac authentication reject suspend: Enabled accounting state:................ Enabled authentication web server url:... http://
secure2.worldspot.net/wk/Uam authentication shared secret:.... Mm94XVjzug splash web server url:........... uam local interface:............. System wan-mode admin state: ........... Disabled wan-mode web server key:......... radius servers:.................. 2 radius nasid:.................... BelAirHotspot host-white-list:
www.paypal.com www.paypalobjects.com paypal.112.2o7.net www.belairnetworks.com mac-white-list:
protocol-white-list:
vlan-list:
10 added redirect variable pairs:
ssid mySsid locationId myLocation
/services/uam/show status [scope <index (1-8)>]
This command displays UAM operational status and settings. Example
/services/uam# show status scope 2 Displaying the Operational Status October 11, 2011 Confidential Page 156 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Scope 2 Status:
admin state: .................... Enabled mac authentication state:........ Enabled accounting state:................ Enabled authentication web server ip:.... secure2.worldspot.net resolved IP addresses:
69.64.50.37 authentication shared secret:.... Mm94XVjzug splash web server ip:............ resolved IP addresses:
radius servers:.................. 2 radius nasid:.................... BelAirHotspot host-white-list:
www.paypal.com:
resolved IP addresses:
66.211.169.2 66.211.169.65 64.4.241.33 64.4.241.49 www.paypalobjects.com:
resolved IP addresses:
184.29.112.146 paypal.112.2o7.net:
resolved IP addresses:
66.235.139.118 66.235.138.18 66.235.139.121 66.235.138.19 www.belairnetworks.com:
resolved IP addresses:
206.191.51.223 optimumwifi.optimum.net:
resolved IP addresses:
167.206.247.50 mac-white-list:
protocol-white-list:
vlan-list:
10 800 local info:
uamPort:..................... 3991 radius-server-index:......... 2 radius-local-ip:............. 10.100.1.9 uam-local-ip:................ 10.100.1.9 uam-logout-ip:............... 1.1.1.1 Displaying the Client Session Information
/services/uam/show client-session
[{ip <ip_str>|mac <mac_str>|scope <num_str>}]
This command displays UAM client session information. Example
/services/uam# show client-session October 11, 2011 Confidential Page 157 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Client-Session:
ip address: .................... 10.100.1.210 Mac address: ................... 00:1E:E5:DE:DD:C5 Scope: ......................... 1 Vlan: .......................... untag Authenticated: ................. yes User Name: ..................... BAunlim Redirect url: .................. User url: ...................... http://fxfeeds.mozilla.com/
en-US/firefox/headlines.xml Bandwidth MaxUp: ............... 0 Bandwidth MaxDown: ............. 0 Max Input Octets: .............. 0 Max Output Octets: ............. 0 Max Total Octets: .............. 0 Timeout: ....................... 14526 Idle Timeout: .................. 300 Accounting interim Interval: ... 600 Terminate Time: ................ 0 Start Time: .................... 1280150841 Last Active Time: .............. 1280150841 Last Accounting Update Time: ... 1280150841 Last Radius Request Time: ...... 1280150841 Input Packets: ................. 0 Output Packets: ................ 0 Input Octets: .................. 0 Output Octets: ................. 0 Input Gigawords: ............... 0 Output Gigawords: .............. 0 Internal Usage Info:
Radius Session Id: ............. 547999736 Radius Uam Port: ............... 41 Radius Act State: .............. 4 Uam Challenge Start Time: ...... 1280150841 Suspend Time: .................. 60 Suspend Start Time: ............ 0 Current Time: .................. 1280150905
/services/uam/set scope <index (1-8)> auth-url <url-string>
shared-secret <string>
[splash-url <url-string>]
[uam-interface {system | {vlan <vlan-str>}}]
This command lets you specify the URL of the Web server for individual UAM scopes. The splash URL specifies a special usage web page (for example, advertisement). If it is configured, the AP redirects the user to the splash page instead of authentication page. The splash page then redirects the user to authentication server. The AP does not control the behavior of the splash page. If the splash-url parameter is not specified, then the user is sent directly to the authentication server. Specifying the Web Server October 11, 2011 Confidential Page 158 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Specifying Redirection Variable Pairs Both the splash-url and the auth-url (if specified) are automatically tracked internally as UAM host white list entries. The uam-interface parameter is used for communications between the wireless client and BelAir20E. You can set the uam-interface to be the BelAir20Es system IP address, or a particular VLAN interface. The default is the system interface.
/services/uam/add scope <index (1-8)> redir-var name <variable-name> value <variable-value>
/services/uam/del scope <index (1-8)> redir-var name <variable-name>
This command lets you specify up to five pairs of redirection variables for individual UAM scopes. Each pair consists of a variable name and value. Variable names and values can contain up to 49 characters. Refer to Specifying the Web Server on page 158. The AP appends all of the redirection variable pairs to the splash-url string before sending it to the wireless client. The redirection variable pairs are appended in the order they appear in the show config command. Specifying the RADIUS Server
/services/uam/add scope <index (1-8)> radius-server <server_idx>
/services/uam/del scope <index (1-8)> radius-server <server_idx>
/services/uam/set scope <index (1-8)> uam-nasid <name>
The add and del commands let you associate different RADIUS servers with different UAM scopes. See Managing RADIUS Servers on page 104 for a description on how to set up RADIUS servers. Each UAM scope can have up to four RADIUS servers. The set command lets you specify the RADIUS Network Access Server (NAS) identifier. The default value for <name> is BelAirNetworks. Managing White List Entries
/services/uam/add scope <index (1-8)> host-white-list <host name>
/services/uam/del scope <index (1-8)> host-white-list <host name>
/services/uam/add scope <index (1-8)> mac-white-list <mac addr>
/services/uam/del scope <index (1-8)> mac-white-list <mac addr>
/services/uam/add scope <index (1-8)> protocol-white-list {icmp}
/services/uam/del scope <index (1-8)> protocol-white-list {icmp}
These commands let you add or remove entries from the host, MAC address and protocol white lists. October 11, 2011 Confidential Page 159 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method Host entries can contain URLs or IP addresses. The host white list and the MAC address white list can have up to 10 entries. The protocol white list can be empty or contain ICMP only. In addition to the entries you control with these add and del commands, the AP has an internal white list that contains the DHCP, DNS and ARP protocols, and the URLs for the authentication server and the splash page (if specified). Example
/services/uam# add scope 1 host-white-list www.mysite.com
/services/uam/add scope <index (1-8)> vlan {<vlan-list>|untag}
/services/uam/del scope <index (1-8)> vlan {<vlan-list>|untag}
These commands let you associate different VLAN traffic with different UAM scopes. If you specify untag, then untagged traffic is associated with the specified UAM scope. See Configuring IP Parameters on page 45 for a description on how to set up VLANs for dynamic and static IP addressing. Associating VLAN Traffic to a Scope Performing MAC Address Authentication
/services/uam/set scope <index (1-8)>
mac-auth-state {enabled|disabled}
[passwd <string>]
[success-redir {enabled|disabled}]
[reject-suspend {enabled|disabled}]
This command lets you control whether or not client MAC address authentication is performed when a client attempts to associate to the AP. When this feature is enabled, the AP determines the clients MAC address when the client attempts to associate with AP. The AP then sends the MAC address to the RADIUS server for authentication. If the server authenticates the MAC address, then the user has full access to the Internet when the association completes. If the RADIUS server does not authenticate the MAC address, then the user must provide credentials through the typical UAM mechanism (Web server, RADIUS server, white lists) before they can access the Internet. The default setting is enabled. The passwd parameter provides an alternate password to log into the RADIUS server. October 11, 2011 Confidential Page 160 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Universal Access Method The success-redir parameter allows you to control the behavior of the AP if the RADIUS server authenticates the user and responds with a Redirection-URL as part of the WISPr Vendor Specific Attribute:
If success-redir is enabled and the RADIUS server provides a Redirection-URL, the client is redirected to the URL the first time it associates to the AP. Afterwards, the user has full access to the Internet. If success-redir is disabled and the RADIUS server provides a Redirection-URL, then the AP ignores the provided URL. By default, the success-redir parameter is disabled. The reject-suspend parameter allows you to control the behavior of the AP if the RADIUS server does not authenticate the user. The RADIUS server response message can include a Redirect-Suspend-Time parameter as part of the WISPr Vendor Specific Attribute:
If reject-suspend is enabled and the RADIUS server does not authenticate the user, then the users session is suspended for the time period specified by the Redirect-Suspend-Time parameter from the RADIUS server. If reject-suspend is disabled and the RADIUS server provides a Redirect-Suspend-Time parameter, then the AP ignores the provided RADIUS parameter. By default, the reject-suspend parameter is enabled with a default suspend time of 1 minute.
/services/uam/set scope <index (1-8)>
accounting-state {enabled|disabled}
This command lets you enable or disable the collection of accounting information for individual UAM scopes. The default setting is enabled. The accounting request packet is sent to the RADIUS server using the Acct-Interim-Interval attribute obtained from the client authentication response. If the RADIUS server does not provide an accounting interval, the default value of 10 minutes is used. Collecting Accounting Information October 11, 2011 Confidential Page 161 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Operating in WAN Mode Universal Access Method
/services/uam/set scope <index (1-8)> wan-mode admin-state {enabled|disabled}
[web-server-key <key-str>]
UAM WAN mode is for special applications that use alternate communications between the BelAir20E, the Web server and the RADIUS authentication server. For additional details, contact your BelAir representative. Changing UAM Admin State
/services/uam/set scope <index (1-8)>
admin-state {enabled|disabled}
This command lets you enable or disable UAM functionality for individual UAM scopes. The default setting is disabled. October 11, 2011 Confidential Page 162 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels Using Layer 2 Tunnels Layer 2 tunnels use the Layer 2 Tunneling Protocol (L2TP), version 2, to provide the following benefits:
provide a bi-directional communication path between the BelAir20E and a central router. The path is unaffected by the size, topology and complexity of the Layer 2 and Layer 3 access network between them. ensure efficient handling of mobile client MAC addresses, especially for customers using DOCSIS technology in their access network Figure 7 shows how wireless mobility is implemented with L2TP. When a wireless client transmits an 802.11 frame, the BelAir AP converts it to an Ethernet frame with VLAN information, encapsulates it within an IP packet and then sends the packet to a Tunnel End Point (TEP). The TEP is usually part of a network central router. The BelAir implementation of Layer 2 tunnels currently operates with a Cisco 7200 router or equivalent, with a RedBack SmartEdge router or equivalent., with other routers that use Generic Router Encapsulation (GRE), or with Proxy Mobile IPv4 (PMIP) implementations. Figure 7: Wireless Mobility using L2TP Mobile wireless client device going from one AP to another BelAir Access Points (APs) BelAir Access Points (APs) October 11, 2011 Confidential Page 163 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels The TEP strips off the encapsulation data to reveal the original Ethernet frame exactly as sent by the AP. The TEP delivers the Ethernet frame to a VLAN-aware Ethernet switch. The switch applies normal Ethernet forwarding rules to send it to a gateway router with one router port per subnet. The gateway router switches the Ethernet frame to the appropriate outgoing router port. For packets moving in the other direction to the wireless client, the gateway router applies to IP traffic an Ethernet header with the clients MAC address as the destination. The VLAN switch forwards this packet to the interface on which it last saw the clients MAC address, which is the interface connected to the tunnel. The TEP receives the frame and encapsulates it in an IP packet. When the AP receives the packet, it strips off the encapsulation data, converts the resulting Ethernet frame to an 802.11frame, and then transmits it to the wireless client. When a mobile wireless client moves to a new AP, its traffic travels through a different Layer 2 tunnel. The traffic is encapsulated and sent to TEP as before. The VLAN-aware Ethernet switch then updates its MAC address table as required with the information for the wireless clients new AP. Any subsequent frames sent to the wireless client are then forwarded to the new AP. Tunneling is performed by a software module called a tunnel engine. BelAir platforms can have only one tunnel engine. Each tunnel engine can create up to five tunnels to one or more TEPs. The end points of a Layer 2 tunnel are identified by their IP addresses. The IP address of the BelAir tunnel end point can be the IP address of the units management interface, or any IP address associated with a VLAN. The BelAir IP addresses can be set manually or through the Dynamic Host Configuration Protocol (DHCP). Each tunnel can carry traffic belonging to any group of configured VLANs. By assigning a group name to tunnels, you can also use BelView NMS to do dynamic load balancing of APs between different LNSs. Configuring the BelAir Node for Layer 2 Tunneling The following tasks can be done:
Displaying Tunnel Configuration and Status on page 165 Starting and Stopping Layer 2 Tunneling on page 166 Configuring Layer 2 Tunnels on page 166 Setting Tunnel Engine Parameters on page 167 October 11, 2011 Confidential Page 164 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels Configuring Tunnel Advanced Parameters on page 168 Enabling Backhaul Protection for Tunnels on page 169 Bandwidth Limits on page 169 Configuring Tunnels for the RedBack SmartEdge Router on page 170 Configuring Tunnels for a Router using GRE on page 172 Configuring Tunnels for PMIP Implementations on page 173 Mapping User Traffic on page 174 Configuring Authentication on page 174 Configuring a Tunnel Group Name on page 175 Relaying Traffic QOS Settings on page 175 Setting the Tunnel Down Alarm Threshold on page 175 Displaying Tunnel Configuration and Status Layer 2 tunnel CLI commands are available in /protocol/te-syst mode.
/protocol/te-<eng>/show config
/protocol/te-<eng>/show status These commands display the current tunnel configuration and status. Example 1
/protocol/te-syst# show config Tunnel server is running, mode egress, IP address 192.168.219.25 (system), Protection-backhaul:
Disabled N Type Remote IP Name/Label QoS map State
1 L2TP 167.206.58.160 tsacm0c none UP Authentication disabled: Secret N/C, PPP name N/C, PPP pass N/C L2TP hello: interval 60 sec, retrans count 5, retrans interval 8 sec PPP echo: interval 10 sec, retrans count 10; DSCP value 0x0 VLAN map: 800 2 N/C 3 N/C 4 N/C 5 N/C October 11, 2011 Confidential Page 165 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels Example 2
/protocol/te-syst# show status Upstream Downstream Upstream Downstream N Active Uptime Packets Packets Bytes Bytes Fragmented Reassembled
1 Primary 0d 01:02:24 0 1023 0 229497 0 0 Brdcst 0 388 Mltcst 0 12 Up_Exc/Dn_Inv 0 10980 2 3 4 5 The output of the show status command shows:
which LNS is active at the moment primary or backup tunnel uptime number of transmitted and received packets and bytes:
first line shows total number of packets, second line shows the number of MAC broadcasts third line shows number of MAC multicasts number of packets fragmented/reassembled (due to MTU size)
/protocol/te-<eng>/set engine admin-state {enabled|disabled}
This command starts and stops tunneling operation. Use enabled to begin tunneling operation. Use disabled to stop all tunnel forwarding.
/protocol/te-<eng>/set tunnel <index> ip <peer_IP_addr>
name <stn_name>
[backup-ip <backup_IP_addr> [backup-name <backup_name>]]
[switch {non-revertive | revertive}]
/protocol/te-<eng>/delete tunnel {all|<index>}
The set tunnel command creates a new tunnel to be terminated at the specified peer IP address, which is usually the network central router. You can create up to five tunnels to the same peer or to different peers. Each tunnel carries just one L2TP session. Starting and Stopping Layer 2 Tunneling Configuring Layer 2 Tunnels October 11, 2011 Confidential Page 166 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels The <index> parameter is used for easy reference when using other commands. It can be displayed with the /protocol/te-<eng>/show config command. The <stn_name> parameter can be any series of 18 alphanumeric ASCII characters. L2TP protocol provides the <stn_name> parameter to the other end point so it can identify different tunnels coming from the same IP address or create logical group of nodes with the same name and different IP addresses. You can optionally specify the IP address and name of a backup server. If a tunnel cannot be created to the main router or if a tunnel fails, the backup parameters become active. The switch parameter controls whether the use of a backup router is revertive or not. Once the BelAir unit starts to use a tunnel to a backup router:
If switch is set to non-revertive, then the BelAir unit uses the tunnel to the backup router until it fails. Only then does the BelAir unit switches back to the tunnel using the main router. This is the default setting. If switch is set to revertive, then the BelAir unit uses the tunnel to the backup router only while the main tunnel is unavailable. The BelAir unit switches back to the tunnel using the main router as soon as it becomes available again. The delete tunnel command removes all tunnels or the specified tunnel. After using this command, user data mapped to this tunnel is dropped instead of forwarded.
/protocol/te-<eng>/set mode {local|egress}
[interface-vlan <VLAN_ID>]
The set mode command is used when the unit is connected to other units through backhaul links. In this case, you may want the unit to act as an egress point and put access traffic from itself and the other nodes into the tunnel. Use local mode when the BelAir unit puts only its own access traffic into the tunnel. Use egress mode when the BelAir unit puts its own access traffic and that of many other units into the tunnel. If the VLAN interface is not specified, the units management IP address is used to identify the local tunnel end point. IP addresses may be manually configured or obtained by DHCP. If a VLAN interface is specified, it must be previously configured. Refer to Layer 2 Network Configuration on page 183. Setting Tunnel Engine Parameters October 11, 2011 Confidential Page 167 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Tunnel Advanced Parameters Using Layer 2 Tunnels
/protocol/te-<eng>/set tunnel <index> advanced
[l2tp-hello-interval <seconds>]
[l2tp-hello-retrans <number>]
[l2tp-hello-timeout <seconds>]
[ppp-echo-interval <seconds>]
[ppp-echo-retrans <number>]
[dscp-control <hex value>]
The set tunnel advanced command lets you specify for particular tunnel timers and other parameters associated with the L2TP protocol. The <index> parameter is used for easy reference when using other commands. It can be displayed with the /protocol/te-<eng>/show config command. The following parameters can be set with this command:
L2TP Hello transmission interval. Values range from 10 to 300 seconds. The default setting is 60 seconds. L2TP Hello retransmission count. Values range from 1 to 10. The default setting is 5. L2TP Hello retransmission maximum interval. Values range from 1 second to 32 seconds. The default setting is 8 seconds. PPP echo transmission interval. Values range from 0 seconds to 300 seconds. 0 seconds means PPP echo is disabled. The default setting is 10 seconds. PPP echo retransmission count. Values range from 1 to 50. The default setting is 10. DSCP value for control (L2TP/PPP) packets. The default setting is 0. The AP uses the L2TP Hello parameters to determine if the tunnel is available. If the AP does not receive a Hello packet during the L2TP Hello transmission interval, it begins to send its own Hello packets at exponential intervals starting at 1 second (that is, at 1, 2, 4, 8, ... seconds) until the L2TP Hello retransmission count and L2TP Hello retransmission maximum interval are reached. If not of the retransmitted Hello packets are answered, then the tunnel is considered unavailable. For additional details, refer to the L2TP specification. The PPP echo parameters are also used to determine tunnel availability. PPP echo packets are sent periodically with the interval specified by the PPP echo transmission interval. The tunnel is considered unavailable if the AP does not receive consecutive responses for the number of packets specified by the PPP echo retransmission count. October 11, 2011 Confidential Page 168 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels If you specify a DSCP value, then it appears in the DSCP/TOS bits of any L2TP or PPP control packets. Enabling Backhaul Protection for Tunnels
/protocol/te-<eng>/set protection-backhaul {enabled|disabled}
[egress <interface>]
Bandwidth Limits Use this command to inform the tunnel engine that the node uses egress protection as described in Egress Protection on page 122. The egress parameter applies to BelAir100SN only. It species whether egress is through the cable modem (cm-9-1) or the Ethernet interface (eth-1-1). The default setting is disabled. Before using this command, make sure all requirements described in Egress Protection on page 122 are met. When you enable or disable backhaul protection for tunnels, you must:
1 Issue the config-save command. See Saving your Changes on page 21 for details. 2 Reboot the node. See Activating a Software Load on page 201 for details.
/protocol/te-<eng>/show limits
/protocol/te-<eng>/set tunnel <index> bandwidth-limit upstream <bits-per-second>
downstream <bits-per-second>
The set tunnel bandwidth-limit command lets you specify for a particular tunnel the maximum upstream and downstream transmission rates. The <index> parameter is used for easy reference when using other commands. It can be displayed with the /protocol/te-<eng>/show config command. The show limit command displays the upstream and downstream settings for the current tunnel. Example
/protocol/te-syst# show limits N Us limit Ds limit
1 0 0 2 3 4 5 October 11, 2011 Confidential Page 169 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Tunnels for the RedBack SmartEdge Router Using Layer 2 Tunnels
/protocol/te-<eng>/set tunnel-l2vpn <index (1-5)>
oam {enabled | disabled}
{auto | ip <ip_addr> label <number>
[backup-ip <ip_addr>] [backup-label <number>]}
[switch {non-revertive | revertive}]
/protocol/te-<eng>/set l2vpn autoconfig
{ip <ip_addr> | hostname <host_name>}
username <string> password <string>
[retry-min <sec>] [retry-max <sec>]
[wait-time <min>]
/protocol/te-<eng>/l2vpn autoconfig renew
/protocol/te-<eng>/set tunnel-l2vpn <index (1-5)>
advanced inactivity-timer <seconds>
These commands are used to create a tunnel to the central router using Ethernet-over-MPLS-over-GRE encapsulation instead of L2TP. Use the set tunnel-l2vpn command to create L2VPN tunnels to the specific destination. L2VPN tunnels may co-exist with regular L2TP tunnels and GRE tunnels on the same BelAir unit. The oam parameter defines if the tunnel uses a failure detection mechanism based on 802.1ag CCM packets. If oam is disabled, the BelAir unit considers the tunnel to always be up. If oam is enabled, the BelAir unit relies on receiving 802.1ag CCM packets to detect tunnel state. These packets should be generated by outside equipment in the head end and should be forwarded to all BelAir units. Set oam to enabled if you are using backup. The auto parameter tells the BelAir unit that it should obtain L2VPN parameters (IP address and label) from the NetOp NSM server. This is a preferred setting for large deployments. The ip and backup-ip parameters specify IP addresses of the head end tunnel endpoint. It is usually the IP address of a SmartEdge device terminating L2VPN tunnels. Use these parameters to manually configure a test environment or small deployments. The label and backup-label parameters specify the MPLS labels of the head end tunnel endpoint virtual circuit. Use these parameters to manually configure a test environment or small deployments. The switch parameter controls whether the use of a backup router is revertive or not. Once the BelAir unit starts to use a tunnel to a backup router:
If switch is set to non-revertive, then the BelAir unit uses the tunnel to the backup router until it fails. Only then does the BelAir unit switches back to the tunnel using the main router. This is the default setting. October 11, 2011 Confidential Page 170 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels If switch is set to revertive, then the BelAir unit uses the tunnel to the backup router only while the main tunnel is unavailable. The BelAir unit switches back to the tunnel using the main router as soon as it becomes available again. Use the set l2vpn autoconfig command to define parameters to communicate to the NetOp NSM configuration server:
To specify the NetOp NSM server, supply either the ip parameter with an IP address or the hostname parameter with a valid DNS host name. The username parameter and the password parameter are used together to authenticate the BelAir node with NetOp NSM server. The optional wait-time parameter lets you specify in minutes how long to wait for a response from NetOp NSM configuration server before declaring a failure condition. The default setting is 15 minutes, with a valid range of 1 to 60 minutes. The optional retry-min and retry-max parameters let you specify in seconds a minimum and maximum value for the retry timer. The value of the retry timer is chosen randomly within the boundaries defined by the retry-min and retry-max parameters. The timer is triggered by any failure while trying to communicate with the NetOp NSM configuration server (for example, the server not responding in time or the server not recognizing the username parameter and the password parameters). When timer expires, the BelAir unit attempts to establish communications with the NetOp NSM configuration server again. The default settings are 60 seconds for retry-min and 180 seconds for retry-max, with a valid range of 10 to 1800 seconds. To disable l2vpn autoconfig, enter an IP address of 0.0.0.0. Use the l2vpn autoconfig renew command to trigger getting a new set of configuration parameters from the NetOp NSM configuration server. Use the set l2vpn advanced inactivity-timer command to specify how long to wait until declaring the L2VPN tunnel down. The <seconds> parameter ranges from 10 to 1000 seconds. The default value is 60 seconds. October 11, 2011 Confidential Page 171 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Tunnels for a Router using GRE Using Layer 2 Tunnels
/protocol/te-<eng>/set tunnel-gre <index (1-5)>
ip <ip_addr> [proxy-arp {all | list | dhcp}]
/protocol/te-<eng>/set tunnel-gre <index (1-5)>
arp-list <IP_addr> [<IP_addr>]
[<IP_addr>] [<IP_addr>]
[<IP_addr>]
/protocol/te-<eng>/set gre autoconfig ip <IP_addr>
interval <seconds> [port <TCP_port>]
These commands are used to create tunnel to the central router using IP-over-GRE encapsulation instead of L2TP. Use the set tunnel-gre ip command to create GRE tunnels to the specific destination. GRE tunnels may co-exist with regular L2TP tunnels and L2VPN tunnels on the same BelAir unit. The ip parameter specifies the IP address of the head end tunnel endpoint. It is usually the IP address of the router terminating GRE tunnels. This type of configuration uses proxy ARP because it cannot act as a router to terminate IP traffic. The proxy-arp parameter defines the scope of the proxy ARP functionality:
Use all if you want to answer ARP requests for any destination IP address. Use dhcp if you want to answer ARP requests for the default gateway IP address only. In this case, the gateway IP address is learned from the DHCP relay communication to the client. Use list to apply proxy ARP only to traffic destined to a particular set of IP address. Use the set tunnel-gre arp-list command to specify the set of IP addresses. The default value of the proxy-arp parameter is all. Use the set gre autoconfig command to define parameters to communicate to the third-party heartbeat server using a proprietary protocol. The ip parameter defines the IP address of heartbeat server. In this configuration, the BelAir20E sends a pseudo heartbeat packet at the interval specified by the interval parameter. The <seconds> parameter should be at least 60 seconds. The default value is 60 seconds. The heartbeat server uses the pseudo heartbeat packet to determine whether the tunnels operational state is up or down. The heartbeat server also uses the pseudo heartbeat packet to determine the BelAir20Es tunnel configuration and correct it if required. The optional port parameter specifies the TCP port to communicate with the heartbeat server. The default value is 4040. October 11, 2011 Confidential Page 172 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Configuring Tunnels for PMIP Implementations Using Layer 2 Tunnels
/protocol/te-<eng>/set tunnel-pmip <index (1-5)> ha-ip <ip_addr>
secret <string>
spi <number>
[lease-time <seconds> ]
/protocol/te-<eng>/set tunnel-pmip <index (1-5)>
advanced dns1 <ip_addr> [dns2 <ip_addr>]
These commands are used to create a Proxy Mobile IPv4 (PMIP) tunnel. A PMIP tunnel allows a mobile client to change its point-of-attachment to the Internet without changing its IP address. In this implementation, the network tracks the movements of the mobile client and initiates the required mobility signalling on its behalf. In PMIP mode, the BelAir AP acts as MIP Foreign Agent. Use the set tunnel-pmip ha-ip command to create a tunnel to a PMIP home agent. PMIP tunnels may co-exist with regular L2TP tunnels and L2VPN tunnels on the same BelAir unit. The ha-ip parameter specifies the IP address of PMIP Home Agent (HA). The secret parameter specifies the authentication password for access to the PMIP HA. The spi parameter specifies the index identifying a security context between the AP and home agent. It is an integer value that should be greater than 255. The spi parameter and the secret parameter are used together to authenticate the AP with the HA. The optional lease-time parameter specifies the maximum lease-time in seconds for the client session. If the client does not send packets for more than the specified lease-time, its session is dropped. The default value is 300 seconds. When client traffic is forwarded through the PMIP tunnel, the AP acts as a DHCP server and provides all corresponding parameters (such as client's IP address, subnet mask, gateway, and DNS addresses). The AP proxies all these parameters from the HA. If the HA is unable to provide some of these parameters (it must provide at least the client's IP address), the following logic is used by the AP:
The subnet mask is determined as corresponding to the IP class by IP address. For example, for IP address 67.100.125.10 subnet mask is 255.0.0.0. The gateway is taken as first address within a specified subnet. For the previous example, the gateway address is 67.0.0.1. This gateway address is provided by the AP itself and may not correspond to any real IP address in the network. October 11, 2011 Confidential Page 173 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels Mapping User Traffic Configuring Authentication The DNS IP address(es) are determined by the set tunnel-pmip advanced dns command. Use the set tunnel-pmip advanced dns1 command to define the DNS server IP addresses to be provided to the client by the AP through DHCP in case the AP can not obtain corresponding settings from the HA. The optional dns2 parameter specifies the backup DNS server in case the primary one is unreachable.
/protocol/te-<eng>/map vlan {untagged|<VLAN ID>} to <index>
[domain <string>]
/protocol/te-<eng>/unmap vlan {all|untagged|<VLAN ID>}
The map vlan command instructs the tunnel engine to forward traffic to the specified tunnel. You can specify either traffic associated with a specific VLAN or traffic that is not tagged for any VLAN. All packets that meet this criteria received by any of the nodes radios are forwarded through the tunnel. If the tunnel is not configured or not active, all corresponding packets are dropped. If you specify untagged traffic, then the tunnel interface itself must be associated with a VLAN. Refer to Setting Tunnel Engine Parameters on page 167. The optional domain parameter is for PMIP tunnels. Some PMIP implementations require an additional identification string to communicate with the PMIP Home Agent (HA). The domain parameter allows you to specify the required string. The unmap vlan command removes all tunnel mapping entries or a specified tunnel mapping entry. After this command, the specified packets are then forwarded as if the tunnel does not exist.
/protocol/te-<eng>/set tunnel <index (1-5)>
[secret <shared_secret>]
[ppp-name <id>] [ppp-password <pw>]
[backup-secret <backup_shared_secret>]
[backup-ppp-name <backup_id>] [backup-ppp-password <backup_pw>]
/protocol/te-<eng>/set tunnel <index (1-5)>
authentication {enabled|disabled}
The set secret command configures the parameters for L2TP authentication for a specified tunnel. The secret parameter sets the shared secret for tunnel authentication. The ppp-name and ppp-password parameters set the data for session authentication. The settings for each of these three parameters must match the equivalent settings on the main router. The backup-secret, backup-ppp-name and backup-ppp-password parameters are equivalent settings for a backup router. October 11, 2011 Confidential Page 174 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels Once the authentication parameters are configured, you use the set authentication command to enable authentication for a specified tunnel. Configuring a Tunnel Group Name
/protocol/te-<eng>/set tunnel <index (1-5)>
group-name <group_name>
Relaying Traffic QOS Settings Setting the Tunnel Down Alarm Threshold The <group_name> parameter indicates that an LNS belongs to a particular group. The BelView NMS tunnel manager looks at the tunnel usage of all LNSs within the same group and spread the tunnel traffic among the LNSs within the same group. BelView also configures tunnels for newly introduced nodes to the least used LNS within the same group. For details, refer to the BelView NMS User Guide.
/protocol/te-<eng>/set tunnel <index (1-5)>
qos-map {none|up-bits|dscp) Because the BelAir AP converts the client data packet into an Ethernet frame and then encapsulates it within an IP packet, any QOS information that was part of the original client data packet is not visible to upstream equipment. This command allows you to put the QOS information into the encapsulating IP packet header so that it becomes visible to the upstream equipment:
The dscp setting means that Differentiated Services Code Point (DSCP) information from the client data packet is included in the IP packet header. The up-bits settings means that the IP packet header contains QOS settings based on User Priority bits (0 to 7) from the client data packet. The none setting means that QOS information from the client data packet is not sent to upstream equipment. The default setting is none.
/protocol/te-<eng>/set alarm-threshold
{disabled | enabled <num_of_alarms>}
Typically, a Tunnel Down alarm is generated when a tunnel fails to respond. However, if there are intermittent issues with the tunnel, it may take time to identify and correct the root cause. During this period, multiple Tunnel Down alarms would be generated. Enabling the alarm threshold reduces the number of Tunnel Down alarms generated per calendar day. If the threshold is reached, the system generates October 11, 2011 Confidential Page 175 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Using Layer 2 Tunnels instead a single Excess Tunnel Down Events alarm and stops generating additional Tunnel Down alarms. The Tunnel Down events are still tracked through the tunnels performance monitoring statistics, allowing you to analyze the behavior. The <num_of_alarms> parameter ranges from 2 to 50. By default, the alarm threshold is enabled with a setting of 5, meaning that the Excess Tunnel Down Events alarm is generated once 5 Tunnel Down events occur in a day. Alarms generated during a maintenance window do not count against the alarm threshold. For details see, Defining a Maintenance Window on page 55. Configuring the Network Central Router for Layer 2 Tunneling The specific configuration tasks and commands for the network central router vary, depending on the type of router that is installed. Refer to the Tunnel Mobility Technical Bulletin, available at www.support.belairnetworks.com for guidance on configuring the router portion of the tunnels. October 11, 2011 Confidential Page 176 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings Quality of Service Settings System QoS Prioritization The BelAir20E includes Quality of Service (QoS) settings for the following functional areas:
traffic switching. See System QoS on page 177. client to access point radio communications. See Radio QoS on page 180. BelAir nodes work in conjunction with one another to allow you to separate and prioritize traffic. Each BelAir20E node can inspect incoming traffic and prioritize traffic into four priority queues. Each BelAir node supports four traffic priority queues, numbered 0 to 3. Queue 3 has the highest priority while queue 0 has the lowest priority. Table 13 describes each queue. Table 13: Traffic Priority Queues Queue Number Description 0 1 2 Background traffic Best effort traffic Use this queue for traffic that does not require QoS features, such as most data traffic Video traffic, T1 circuit emulation Use this queue for high priority traffic such as T1 circuit emulation, video or gold service customer traffic 3 Voice over IP (VoIP) traffic Use this queue for SVP or other VoIP applications All traffic that is not associated to a VLAN has priority 1. This means that until you create VLANs, all traffic has priority 1. Once VLANs have been created, you configure the node traffic to have different priorities based on User Priority bits (0 to 7) or VLAN IDs. October 11, 2011 Confidential Page 177 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings Prioritizing Traffic Based on User Priority Bits The prioritization commands (map and no map) described in this chapter apply strictly to the BelAir node that you are currently logged on to. You must repeat them on each related BelAir node. For example, when specifying that particular VLAN traffic has a particular priority, you must execute the associated commands on each possible BelAir node in the path of that VLAN.
/qos/set up-to-queue-mapping <priority> <queue_id>
This command instructs the BelAir20E to process packets with the specified User Priority value to the specified priority queue. The priority parameter ranges from 0 to 7. The queue_id parameter ranges from 0 to 3, as described in Table 13 on page 177. Note: Settings made with the set vlan-to-queue-mapping command have precedence over settings made with this command. Table 14 shows how User Priority values are processed to priority queues by default. Table 14: User Priority Value to Priority Queue Processing User Priority Value Priority Queue to which it is processed 0 1 2 3 4 5 6 7 1 0 0 1 2 2 3 3 Prioritizing Traffic using VLAN IDs To unmap a previously set priority, use the set up-to-queue-mapping command to map that priority back to the default priority queue as shown in Table 14.
/qos/set vlan-to-queue-mapping <vlan_id> {none|<queue_id>}
/qos/show vlan {all|id <2-2814>}
The set command instructs the BelAir20E to process packets from the specified VLAN to the specified priority queue. The vlan_id parameter ranges from 1 to October 11, 2011 Confidential Page 178 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings 2814. The queue_id parameter ranges from 0 to 3, as described in Table 13 on page 177. The none parameter removes the mapping of a VLAN ID to priority queue. Note: Settings made with this command have precedence over settings made with the set up-to-queue-mapping command. The show command displays a summary of the QoS settings that are based on VLAN IDs. Example
/qos# show vlan id 100 Qos Vlan Id Configuration
Vlan Id : 100
Vlan Qos Status : Enabled Queue Map : 3
/qos/set defaults This command returns the system QoS configuration to factory default settings. Note: This command does not affect radio QoS configuration.
/qos/show config This command displays a summary of all current QOS settings, including how User Priority bits are currently mapped to the priority queues. Resetting the QoS Configuration Displaying a Summary of System QoS Settings Example
/qos# show config Qos Global Configuration
Qos Status : Enabled Qos Global UP to Queue Mapping
UP Value : 0 -- Queue : 1 UP Value : 1 -- Queue : 0 UP Value : 2 -- Queue : 0 UP Value : 3 -- Queue : 1 UP Value : 4 -- Queue : 2 UP Value : 5 -- Queue : 2 UP Value : 6 -- Queue : 3 UP Value : 7 -- Queue : 3 October 11, 2011 Confidential Page 179 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings Displaying the Prioritization Settings No Vlan based Qos Configured!
/qos/show user-priority-map The show user-priority-map command displays how User Priority bits are currently mapped to the priority queues. Example
/qos# show user-priority-map Qos Global UP to Queue Mapping
UP Value : 0 -- Queue : 1 UP Value : 1 -- Queue : 0 UP Value : 2 -- Queue : 0 UP Value : 3 -- Queue : 1 UP Value : 4 -- Queue : 2 UP Value : 5 -- Queue : 2 UP Value : 6 -- Queue : 3 UP Value : 7 -- Queue : 3 Radio QoS BelAir radios offer Wireless Multi-Media (WMM) support for multiple priority packets and transmit opportunities. This allows over-the-air QoS for WMM client devices with faster burst transfer. (Use the /mode command to see the version number of your radio modules.) Some WMM features, such as selecting the priority scheme and the mapping scheme, are also available for BelAir backhaul radios to provide end-to-end QoS functionality. Displaying a Summary of Radio QoS Settings Use the /interface/wifi-<n>-<m>/show config qos command to display the current radio QoS settings. See Displaying Wi-Fi Radio Configuration on page 73 for details. Example - Typical BelAir20E
/interface/wifi-1-1# show config qos Slot: 1, Card Type: htme, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 149 mode: ...................... ht40plus mimo: ...................... 3x3 tx power: .................. 18.0 (dBm per-chain), 23.0 (dBm total) antenna location: ............ External Port antenna index: ............... 1 antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:0c:21:90 October 11, 2011 Confidential Page 180 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings Enabling or Disabling Wireless Multi-media QoS Mapping Scheme QOS:
wmm: ....................... Enabled uapsd: ..................... Enabled mapping: ................... UP/DSCP voice acm: ................. Disabled video acm: ................. Disabled
/interface/wifi-<n>-<m>/set qos wmm {enable|disable}
Wireless Multi-media is normally enabled. It allows the access point to communicate with a WMM enabled wireless client using WMM features. When disabled, the access point ignores requests for WMM communications from wireless clients and instead uses traditional non-WMM features to communicate with them. To disable WMM, you must first disable Unscheduled Automatic Power-save Delivery (UAPSD). See Unscheduled Automatic Power-save Delivery on page 182.
/interface/wifi-<n>-<m>/set qos mapping {up|dscp|both}
The set command lets you decide how traffic is processed to the four BelAir priority queues depending on the values of the User Priority (UP) field or the Differentiated Services Code Point (DSCP) subfield in the client traffic fields. Selecting up means that traffic is sent to the four BelAir priority queues based on the UP field value. Selecting dscp means that traffic is sent to the four BelAir priority queues based on the DSCP subfield value. Selecting both means that traffic is sent to the four BelAir priority queues based on the highest priority value of either the UP field or the DSCP subfield. By default, QoS mapping is set to both. Table 15 shows the mapping of the UP value and the DSCP value to the priority queue. Table 15: UP and DSCP Value to Priority Queue Processing UP Value DSCP Value Target Priority Queue 0 1 2 3 4 5 0 (0x0) 32 (0x20) 64 (0x40) 96 (0x60) 128 (0x80) 160 (0xA0) 1 0 0 1 2 2 October 11, 2011 Confidential Page 181 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Quality of Service Settings Table 15: UP and DSCP Value to Priority Queue Processing UP Value DSCP Value Target Priority Queue 6 7 192 (0xC0) 224 (0xE0) 3 3 Unscheduled Automatic Power-save Delivery
/interface/wifi-<n>-<m>/set qos uapsd {enable|disable}
Unscheduled Automatic Power-save Delivery (UAPSD) extends the battery life of wireless clients and reduces radio transmission traffic. To enable UAPSD, you must first enable Wireless Multi-media (WMM) for the radio. Refer to Enabling or Disabling Wireless Multi-media on page 181. This command lets you enable or disable UAPSD. By default, UAPSD is enabled. October 11, 2011 Confidential Page 182 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration Layer 2 Network Configuration The BelAir20E acts as a transparent bridge and layer 2 switch without the need to configure any software features. However, to control and manage the traffic inherent in a bridge (for example, broadcast and flooding) and to handle loop situations where multiple paths exist between nodes, you can invoke layer 2 features such as:
Virtual LANs (VLANs), that divide traffic among several sets of users and restrict broadcast to the respective VLANs. See Configuring IP Parameters on page 45. Spanning Tree Protocol (STP), where the optimum path is selected and ports of alternate paths are shutdown If there are no loops in the network, the BelAir20E can operate in bridge mode or with VLANs. If a loop exists, STP must be invoked to manage the different paths. This chapter contains the following sections:
Spanning Tree Protocol Overview on page 183 Configuring Spanning Tree Priority on page 184 Configuring Other Spanning Tree Parameters on page 185 RSTP Commands on page 186 See also Managing Egress Node Traffic on page 64. Spanning Tree Protocol Overview It is important to configure the Spanning Tree Protocol (STP) when multiple paths between nodes are created. As networks become more complex, multiple paths between nodes, either intentional or unintentional, become more likely. Although loops benefit the network by providing path redundancy, loops must be dynamically eliminated to prevent proliferation of broadcast traffic and confusion in the MAC learning tables of the bridge. This is accomplished by a spanning tree protocol, which generates a loop-free subset of the network's topology by placing those bridge or switch ports that, if active, would create loops into a standby (blocking) condition. Blocked bridge or switch ports can be activated in the event of primary link failure, providing a new path through the network. October 11, 2011 Confidential Page 183 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration Loops can also occur accidentally or maliciously. For example, a technician may connect their laptop to the Ethernet port of a BelAir20E and also have a wireless link to a BelAir20E in the same network. If the laptop is configured to act as a bridge then it creates a loop in the network, and broadcast traffic quickly proliferates until the slowest link in the loop is saturated. This broadcast storm renders partor allof the network unusable. Note: To prevent issues as described previously, clients that associate with the BelAir20E are not allowed to operate as a bridge. The BelAir20E will automatically disassociate without warning from any client that is detected as behaving as a bridge; that is, sending spanning-tree BPDUs. However, clients are allowed to operate as router to allow features such as sharing a wireless Internet connection. For this type of operation, BelAir Networks recommends that the computer with the wireless connection to the BelAir20E have its operating system configured to act as a router. For example, Microsoft Windows XP offers the Internet Sharing function. The original spanning tree protocol is STP. When STP detects a topology change in the network, STP blocks all user traffic, creates a new loop-free configuration, and then re-enables user traffic. STP reconfigurations create outages that are typically 30 to 60 seconds in length. A newer protocol, Rapid STP (RSTP), greatly reduces the length of outages caused by topology reconfigurations. RSTP is backwards compatible with STP so it can be used in networks where some equipment only supports STP. BelAir20E units are shipped from the factory with RSTP enabled and default settings that are a suitable starting point for most deployments. The default node priority is 36864 (or 0x9000). The default port settings vary depending on the hardware in use, the topology and whether dynamic path cost is used or not. You should adjust the STP node priority and path cost settings for each node to match the topology of your network. Refer to your network plan for details. If all BelAir20E units are enabled with default settings, the switch with the lowest MAC address in the network becomes the root switch. However, due to traffic patterns, number of forwarding ports, or line types, the BelAir20E with the lowest MAC address might not be the ideal root switch. By increasing the priority (lowering the numerical priority number) of the ideal switch so that it becomes the root switch, an STP recalculation will be done to form a new Configuring Spanning Tree Priority October 11, 2011 Confidential Page 184 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration topology. BelAir recommends that the root node is the Ethernet switch that is used to connect to the LIM(s). Refer to your network plan for details. Use the command described in RSTP Priority on page 192 and RSTP Version on page 192 to specify the STP priority and the version of STP used by the BelAir20E unit. Configuring Other Spanning Tree Parameters Table 16 describes spanning tree parameters that you can configure in addition to the STP node priority and path cost. Table 16: Configurable Spanning Tree Timers and Associated Parameters Description Possible Range Parameter Default Value Hello Timer 2 s Forward Delay Timer 15 s Maximum Age Timer 20 s Determines how often the bridge broadcasts hello messages to other bridges Determines how long each of the listening and learning states last before the interface begins forwarding Determines the amount of time the bridge stores protocol information received on an interface Transmit Hold Count 6 Path Cost Type 32 bit Transmit hold count
(packet queue length) Represents the media speed (or bit rate) 1 s to 10 s Must be less than or equal to:
(1/2Max_Age - 1) 4 s to 30 s Must not be less than:
(1/2Max_Age + 1) 6 s to 40 s Must not be less than:
2(Hello_timer + 1) Must not exceed:
2(Forward_Delay - 1) 1 to 10 16 bit or 32 bit October 11, 2011 Confidential Page 185 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration Table 16: Configurable Spanning Tree Timers and Associated Parameters Default Value 3 Parameter Link Detection Count Description Possible Range Represents the number Hello timer periods to wait before declaring the link is down 3 to the ratio of the Maximum Age timer to the Hello timer Note: BelAir Networks recommends that you do not change the RSTP parameter values in Table 16 from their default values. Experience has shown that these default values work well in a variety of networks. To change the spanning tree transmit hold count and the path cost, refer to Transmit Hold Count on page 192. To change the values of the spanning-tree timers, refer to Max Age, Hello Time and Forward Delay on page 193. Note: The STP or RSTP parameter values that are actually used are inherited from the root bridge. When you configure STP or RSTP parameters on a BelAir20E, you are setting the values that are used if that BelAir20E is the root bridge. RSTP Commands This section describes commands that you can execute while in rstp mode. Some RSTP commands apply to specific physical interfaces or to specific radio links. The Name column of the /protocol/rstp/show config port all command displays available interfaces and radio links. For example, if the Name column displays wifi-3-1-1, then wifi-3-1 identifies the interface and the -1 suffix identifies radio link 1 of that interface. The BelAir20E layer 2 switch forwards layer 2 frames to the output of one or more physical interfaces or radio links based on the information contained in the frame header (tags).
/protocol/rstp/show config [port {all|active|<interface-name>}]
This command displays the currently configured RSTP settings. To see the currently active RSTP parameters, as inherited from the root bridge, use the
/protocol/rstp/show config port active command. Displaying the RSTP Configuration Settings October 11, 2011 Confidential Page 186 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration Specifying the port keyword displays RSTP configuration settings for each physical interface and radio link. Use the <interface-name> parameter to specify a particular interface and radio link, as shown under the Name column of the /protocol/rstp/show config port all command. Example 1
/protocol/rstp# show config RSTP Configurations
Rstp Status : Enabled Stp priority : 36864 Stp Version : Rstp Mode Bridge Max Age : 20 seconds Bridge Hello Time : 2 seconds Bridge Forward Delay Time : 15 seconds Tx Hold Count : 3 Link Detection Count : 3 Bridge Address : 00:0d:67:00:69:d4 Bridge Aging Time : 300
Example 2
/protocol/rstp# show config port all RSTP Port Configurations
Port Name Prio Pathcost Migration Edge P2P Protocol Dynamic-Cost Interface-link Conf/Oper Conf/Oper Version Status Default
1 wifi-1-1-1 128 830768 False False/False True/True RSTP Enabled 830769 2 wifi-1-1-2 128 2000000 False False/False True/False RSTP Enabled 830769 3 wifi-1-1-3 128 2000000 False False/False True/False RSTP Enabled 830769 4 wifi-1-1-4 128 2000000 False False/False True/False RSTP Enabled 830769 5 wifi-1-1-5 128 2000000 False False/False True/False RSTP Enabled 830769 6 wifi-1-1-6 128 2000000 False False/False True/False RSTP Enabled 830769 7 wifi-1-1-7 128 2000000 False False/False True/False RSTP Enabled 830769 8 wifi-1-1-8 128 2000000 False False/False True/False RSTP Enabled 830769 9 wifi-2-1-1 128 2000000 False False/False True/False RSTP Enabled 3000000 10 wifi-2-1-2 128 2000000 False False/False True/False RSTP Enabled 3000000 11 wifi-2-1-3 128 2000000 False False/False True/False RSTP Enabled 3000000 12 wifi-2-1-4 128 2000000 False False/False True/False RSTP Enabled 3000000 13 wifi-2-1-5 128 2000000 False False/False True/False RSTP Enabled 3000000 14 wifi-2-1-6 128 2000000 False False/False True/False RSTP Enabled 3000000 15 wifi-2-1-7 128 2000000 False False/False True/False RSTP Enabled 3000000 16 wifi-2-1-8 128 2000000 False False/False True/False RSTP Enabled 3000000 17 wifi-3-1-1 128 3187500 False False/False True/True RSTP Enabled 3000000 18 wifi-3-1-2 128 2000000 False False/False True/False RSTP Enabled 3000000 19 wifi-3-1-3 128 2000000 False False/False True/False RSTP Enabled 3000000 20 wifi-3-1-4 128 2000000 False False/False True/False RSTP Enabled 3000000 21 wifi-3-1-5 128 2000000 False False/False True/False RSTP Enabled 3000000 October 11, 2011 Confidential Page 187 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration 22 wifi-3-1-6 128 2000000 False False/False True/False RSTP Enabled 3000000 23 wifi-3-1-7 128 2000000 False False/False True/False RSTP Enabled 3000000 24 wifi-3-1-8 128 2000000 False False/False True/False RSTP Enabled 3000000 25 wifi-4-1-1 128 2000000 False False/False True/True RSTP Enabled 2000000 26 wifi-4-1-2 128 2000000 False False/False True/False RSTP Enabled 2000000 27 wifi-4-1-3 128 2000000 False False/False True/False RSTP Enabled 2000000 28 wifi-4-1-4 128 2000000 False False/False True/False RSTP Enabled 2000000 29 wifi-4-1-5 128 2000000 False False/False True/False RSTP Enabled 2000000 30 wifi-4-1-6 128 2000000 False False/False True/False RSTP Enabled 2000000 31 wifi-4-1-7 128 2000000 False False/False True/False RSTP Enabled 2000000 32 wifi-4-1-8 128 2000000 False False/False True/False RSTP Enabled 2000000 33 eth-5-1 128 200000 False False/False True/True RSTP Disabled 200000 Example 3
/protocol/rstp# show config port wifi-2-1-1 RSTP Port Configurations
Port Name Prio Pathcost Migration Edge P2P Protocol Dynamic-Cost Interface-link Conf/Oper Conf/Oper Version Status Default
9 wifi-2-1-1 128 2000000 False False/False True/False RSTP Enabled 3000000 Example 4
/protocol/rstp# show config port active RSTP Port Configurations
Port Name Prio Pathcost Migration Edge P2P Protocol Dynamic-Cost Interface-link Conf/Oper Conf/Oper Version Status Default
1 wifi-1-1-1 128 830768 False False/False True/True RSTP Enabled 830769 17 wifi-3-1-1 128 3187500 False False/False True/True RSTP Enabled 3000000 25 wifi-4-1-1 128 2000000 False False/False True/True RSTP Enabled 2000000 33 eth-5-1 128 200000 False False/False True/True RSTP Disabled 200000
/protocol/rstp/show topology [port {all|active|<interface-name>}]
Displaying the RSTP Topology Information This command displays the currently active RSTP parameters as inherited from the root bridge, including the MAC address of the designated root bridge in a network, the cost of the path to the root, the port used to message to the root bridge, as well as the current values of the spanning tree timers. To see the currently configured RSTP parameters, use the /protocol/rstp/show config command. October 11, 2011 Confidential Page 188 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration In the resulting output when the port keyword is omitted, Root Cost reflects the node's cost to root that it would advertise in its BPDUs sent out to designated or alternate ports. Specifying the port keyword displays per port RSTP topology information for each physical interface and radio link. Use the <interface-name> parameter to specify a particular interface and radio link, as shown under the Name column of the /protocol/rstp/show config port all command. In the resulting output when the port keyword is used, Designated Cost is the minimum port cost seen in BPDUs on that link (either from the node itself or from another node on that same link). Example 1
/protocol/rstp# show topology RSTP Topology Information
Designated Root : 00:00:00:12:00:32:9d:80 Stp Root Cost : 4000000 Stp Root Port : 33 Stp Max Age : 31 seconds Stp Hello Time : 1 seconds Stp Forward Delay Time : 21 seconds
Example 2
/protocol/rstp# show topology port all RSTP Port Topology Information
Port Name Designated-root Designated Designated-bridge Designated Interface-link Cost Port
1 wifi-1-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:01 2 wifi-1-1-2 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 3 wifi-1-1-3 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 4 wifi-1-1-4 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 5 wifi-1-1-5 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 6 wifi-1-1-6 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 7 wifi-1-1-7 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 8 wifi-1-1-8 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 9 wifi-2-1-1 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 10 wifi-2-1-2 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 11 wifi-2-1-3 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 12 wifi-2-1-4 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 October 11, 2011 Confidential Page 189 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration 13 wifi-2-1-5 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 14 wifi-2-1-6 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 15 wifi-2-1-7 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 16 wifi-2-1-8 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 17 wifi-3-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:11 18 wifi-3-1-2 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 19 wifi-3-1-3 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 20 wifi-3-1-4 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 21 wifi-3-1-5 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 22 wifi-3-1-6 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 23 wifi-3-1-7 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 24 wifi-3-1-8 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 25 wifi-4-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:19 26 wifi-4-1-2 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 27 wifi-4-1-3 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 28 wifi-4-1-4 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 29 wifi-4-1-5 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 30 wifi-4-1-6 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 31 wifi-4-1-7 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 32 wifi-4-1-8 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 33 eth-5-1 60:00:00:23:34:b0:3e:80 0 60:00:00:23:34:b0:3e:80 80:0f Example 3
/protocol/rstp# show topology port wifi-2-1-1 RSTP Port Topology Information
Port Name Designated-root Designated Designated-bridge Designated Interface-link Cost Port
9 wifi-2-1-1 00:00:00:00:00:00:00:00 0 00:00:00:00:00:00:00:00 00:00 Example 4
/protocol/rstp# show topology port active RSTP Port Topology Information
Port Name Designated-root Designated Designated-bridge Designated Interface-link Cost Port
1 wifi-1-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:01 17 wifi-3-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:11 25 wifi-4-1-1 60:00:00:23:34:b0:3e:80 200000 90:00:00:0d:67:00:69:5e 80:19 33 eth-5-1 60:00:00:23:34:b0:3e:80 0 60:00:00:23:34:b0:3e:80 80:0f October 11, 2011 Confidential Page 190 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Displaying RSTP Port Roles and States Layer 2 Network Configuration
/protocol/rstp/show port roles [all]
This command displays the roles and states of the RSTP ports. Specifying the all option displays all possible links for a specific interface. If the all option is omitted, then the command outputs data only for links with a status of UP. Example 1
/protocol/rstp# show port roles RSTP Port Roles and States
Port# Name Remote-id Port-Role Port-State Port-Status
9 wifi-2-1-1 10.5.1.22 Designated Forwarding Enabled 11 wifi-2-1-3 10.5.1.10 Designated Forwarding Enabled 17 wifi-3-1-1 10.5.1.13 Designated Forwarding Enabled 18 wifi-3-1-2 10.5.1.14 Designated Forwarding Enabled 25 wifi-4-1-1 10.5.1.25 Designated Forwarding Enabled 33 eth-1-1 Root Forwarding Enabled 34 eth-1-2 Designated Forwarding Enabled Example 2
/protocol/rstp# show port roles all RSTP Port Roles and States
Port# Name Remote-id Port-Role Port-State Port-Status Link-status
1 wifi-1-1-1 Disabled Discarding Enabled Down 2 wifi-1-1-2 Disabled Discarding Enabled Down 3 wifi-1-1-3 Disabled Discarding Enabled Down 4 wifi-1-1-4 Disabled Discarding Enabled Down 5 wifi-1-1-5 Disabled Discarding Enabled Down 6 wifi-1-1-6 Disabled Discarding Enabled Down 7 wifi-1-1-7 Disabled Discarding Disabled Down 8 wifi-1-1-8 Disabled Discarding Disabled Down 9 wifi-2-1-1 10.5.1.22 Designated Forwarding Enabled UP 10 wifi-2-1-2 Disabled Discarding Enabled Down 11 wifi-2-1-3 10.5.1.10 Designated Forwarding Enabled UP 12 wifi-2-1-4 Disabled Discarding Enabled Down 13 wifi-2-1-5 Disabled Discarding Enabled Down 14 wifi-2-1-6 Disabled Discarding Enabled Down 15 wifi-2-1-7 Disabled Discarding Enabled Down 16 wifi-2-1-8 Disabled Discarding Enabled Down 17 wifi-3-1-1 10.5.1.13 Designated Forwarding Enabled UP October 11, 2011 Confidential Page 191 of 267 Document Number BDTM02201-A01 Standard Layer 2 Network Configuration BelAir20E User Guide 18 wifi-3-1-2 10.5.1.14 Designated Forwarding Enabled UP 19 wifi-3-1-3 Disabled Discarding Enabled Down 20 wifi-3-1-4 Disabled Discarding Enabled Down 21 wifi-3-1-5 Disabled Discarding Enabled Down 22 wifi-3-1-6 Disabled Discarding Enabled Down 23 wifi-3-1-7 Disabled Discarding Enabled Down 24 wifi-3-1-8 Disabled Discarding Enabled Down 25 wifi-4-1-1 10.5.1.25 Designated Forwarding Enabled UP 26 wifi-4-1-2 Disabled Discarding Enabled Down 27 wifi-4-1-3 Disabled Discarding Enabled Down 28 wifi-4-1-4 Disabled Discarding Enabled Down 29 wifi-4-1-5 Disabled Discarding Enabled Down 30 wifi-4-1-6 Disabled Discarding Enabled Down 31 wifi-4-1-7 Disabled Discarding Enabled Down 32 wifi-4-1-8 Disabled Discarding Enabled Down 33 eth-1-1 Root Forwarding Enabled UP 34 eth-1-2 Designated Forwarding Enabled UP Configuring the Bridge Aging Time RSTP Priority RSTP Version Transmit Hold Count
/protocol/rstp/set bridge aging-time <10 - 630>
This command specifies the aging time, in seconds, for the dynamically learned forwarding information.
/protocol/rstp/set priority <Decimal (0 - 61440) or Hexadecimal (0x0000 -0xf000)>
This command specifies the STP priority. The default node priority is 36864 (or 0x9000). The priority values must be set in steps of 4096 (or 0x1000).
/protocol/rstp/set version {stpCompatible|rstp}
This command specifies the type of STP used by the BelAir20E. Setting the value to rstp mode forces it to transmit RST BPDUs while setting it to stpCompatible mode forces it to transmit configuration and TCN BPDUs. The default setting is rstp.
/protocol/rstp/set [tx-holdcount (1 - 10)]
This command configures the values of transmit hold count. The transmit hold count value indicates the number of BPDUs that need to be transmitted in any Hello Time interval. The default value is 6. October 11, 2011 Confidential Page 192 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration Max Age, Hello Time and Forward Delay RSTP Link Priority Note: BelAir Networks recommends that you do not change the RSTP parameter values from their default values. Experience has shown that the default values work well in a variety of networks. Example
/protocol/rstp# set tx-holdcount 5
/protocol/rstp/set ([max-age <6 - 40>] [hello-time <1 - 10>]
[forward-delay <4 - 30>]) The max-age field represents the time in seconds that all bridges use for MaxAge when this bridge is acting as the root. The default value is 20. The value must not exceed: 2(ForwardDelay -1). The hello-time field represents the time in seconds that all bridges use for HelloTime when this bridge is acting as the root. The default value is 2. The forward-delay field represents the time in seconds that all bridges use for ForwardDelay when this bridge is acting as the root. The default value is 15. The value must not be less than: 1 + 1/2 MaxAge. Note: BelAir Networks recommends that you do not change the RSTP parameter values from their default values. Experience has shown that the default values work well in a variety of networks. Example
/protocol/rstp# set max-age 20 hello-time 2 forward-delay 15
/protocol/rstp/set interface <interface-name>
priority <Decimal (0-240) or Hexadecimal (0x00 -0xF0)>
This command configures the link priority. This command is available only if dynamic path costs are disabled. Refer to Dynamic Path Cost on page 194. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. The link priority value forms the first component or the portion of the Port ID that can be written. The values for the link priority must only be in steps of 16
(only the first 4 bits can be set for the link priority). Example
/protocol/rstp# set interface wifi-2-1 priority 64 October 11, 2011 Confidential Page 193 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide RSTP Static Path Cost Layer 2 Network Configuration
/protocol/rstp/set interface <interface-name>
defaultcost <1 - 200000000>
This command sets the static path cost in the pathcost field. This command is available only if dynamic path costs are disabled. Refer to Dynamic Path Cost on page 194. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. The static path cost determines the preferred data paths between bridges throughout the network and the root bridge. The default path cost settings vary, depending on the hardware in use, the topology and whether dynamic path cost is used or not. Dynamic Path Cost Example
/protocol/rstp# set interface wifi-2-1 pathcost 65535
/protocol/rstp/set interface <interface-name>
[dynamic-cost {enabled|disabled}]
This command lets you manage how path costs are determined for each radio link on your BelAir20E. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. Dynamic path costs are a useful way to adjust the topology of a network to isolate a link as a result of unplanned or seasonal effects. For example, there may be an unplanned source of radio interference with a particular link. Or, vegetation may affect a link during summer. When dynamic cost is disabled, each link is assigned a fixed cost. The default value depends on the hardware and topology in use. When dynamic cost is enabled, the BelAir20E adjusts the links cost based on several link quality factors. For example, a link with a low RSSI, such as -80, implies poor link quality causing it to have an increased cost. Similarly, a link with a high RSSI, such as -40, implies good link quality causing its cost to be reduced. Enabling dynamic path costs disables the command to configure a static path cost. Refer to RSTP Static Path Cost on page 194. To prevent unnecessary topology changes based on transient behaviour, a new link cost may not automatically cause a topology change. If the new link cost is October 11, 2011 Confidential Page 194 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Layer 2 Network Configuration RSTP Protocol Migration on an Interface RSTP Edge Port Status very different from the current link cost, then the topology is changed. However, if the new link cost is only slightly different from the current link cost, then the current topology is maintained. As further protection against transient behaviour, the RSTP verifies that the new link cost is maintained for 30 minutes before it implements any potential topology changes. In all cases when a link is enabled or disabled, RSTP takes into account the new link costs as it creates a new topology. By default, dynamic cost is enabled for most combinations of platforms and topologies. Use the /protocol/rstp/show config port command to determine if it is enabled or disabled in your case. Note: Dynamic path cost should be disabled for mobile backhaul mesh applications because in such application path costs are determined by the mobility application.
/protocol/rstp/set interface <interface-name>
protocol-migration {true|false}
While operating in RSTP mode, setting of this value to true forces the interface to transmit RSTP BPDUs. The <interface-name> parameter specifies a particular interface, such as wifi-2-1.
/protocol/rstp/set interface <interface-name>
edge-port {true|false}
This command indicates whether the interface is an edge port or not. An edge port cannot communicate to another RSTP enabled device. This setting is typically false, but can be true for situations such as being connected to a laptop, or to a simple switch. RSTP uses edge port status to optimize performance during topology changes. If the edge port status is true, RSTP does not block it during a topology change. This command sets the administrative value of the edge port status. The operational value of the edge port status is initially its administrative value;
however, it can be updated later by the BelAir20E bridge software. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. The default settings vary, depending on the hardware in use, the topology and whether dynamic path cost is used or not. October 11, 2011 Confidential Page 195 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide RSTP Point-To-Point Status of an Interface Interface RSTP Configuration Changing RSTP Admin State Layer 2 Network Configuration
/protocol/rstp/set interface <interface-name>
p2p {forcetrue|forcefalse}
This command indicates whether the interface can do RSTP point-to-point communications or not. RSTP point-to-point communications is special case where the interface can communicate with only one other RSTP enabled device, such as when only two BelAir nodes are connected through a simple switch. RSTP uses RSTP point-to-point status to optimize performance during topology changes. This command sets the administrative value of the RSTP point-to-point status. The operational value of the RSTP point-to-point status is initially its administrative value; however, it can be updated later by the BelAir20E bridge software. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. Setting a value of forcetrue forces it to function as a point-to-point link. Setting a value of forcefalse forces it not to function as a point-to-point link. The default settings vary, depending on the hardware in use, the topology and whether dynamic path cost is used or not.
/protocol/rstp/set interface <interface-name>
admin-state {enable|disable}
This command allows or prevents RSTP from affecting the specified interface. The <interface-name> parameter specifies a particular interface, such as wifi-2-1. By default, RSTP affects all enabled interfaces. Setting admin-state to disable prevents RSTP from affecting this interface. Setting admin-state to enable allows RSTP to affect this interface.
/protocol/rstp/set admin-state {enabled|disabled}
This command lets you enable or disable RSTP functionality. The default setting is enabled. October 11, 2011 Confidential Page 196 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade Performing a Software Upgrade This section instructs you how to upgrade a BelAir20E unit by downloading a new software load from a remote server. The procedures in this section assume the following:
You have connected to the BelAir20E. You have started a Command Line Interface (CLI) session and you have logged in as root. When you need to login again, such as after a reboot, use the root user account so you have access to all the required commands. You are familiar with the operation of the CLI. You are familiar with the operation of the config-save command. Refer to Saving your Changes on page 21 for details. Make sure to read and understand the entire upgrade procedure described in this section before attempting to upgrade a unit. An improper upgrade could result in a unit becoming inoperable and isolated from the network. A units configuration database in one release can be structurally different than in other releases. For example, the configuration database in Release 12.0 is structurally different than in previous releases. Because of this, downgrading a software load from Release 12.0 to the previous release requires much effort. BelAir Networks strongly recommends that you fully verify the configuration and operation of an upgraded unit before you commit the new load to replace the old load and configuration. The upgrade process in this document contains guidelines to help you verify a unit. For instructions on how to downgrade a unit, contact BelAir Networks. An operator logged in as root can upgrade a BelAir20E unit by downloading a new software load from a remote server. You can use either TFTP or FTP to communicate with the remote server. You must ensure that the server is running at an accessible IP address. For redundancy purposes, BelAir20E units store two copies of the software load in two application banks: banks A and B. The active software load is the software load that is currently running. The standby software load is the software load in the alternate application bank. Either bank A or bank B may be active at a given time. See Figure 8 on page 198. CAUTION!
CAUTION!
Upgrade Process Overview October 11, 2011 Confidential Page 197 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade Figure 8: Active and Standby Software Loads BelAir Unit Active Software Load Pointer to software load for next restart A B Active Software Load Standby Software Load Under normal operating conditions, the contents of the two software load banks are identical. During a software upgrade, the new software load is copied into the standby bank at the time of the upgrade. A software upgrade consists of the following steps:
1 Ensure the current configuration is saved. Refer to Saving your Changes on page 21. 2 Determine what software load is active (A or B). The new software load will overwrite the standby bank. 3 Download the new software load. The new software load is downloaded to the standby software load bank. If A is active, then the new software load is downloaded to bank B. If B is active, then the new software load is downloaded to bank A. 4 Verify the new software downloaded successfully. 5 Activate the new software load from the standby software load bank
(containing the new load) by rebooting the node. The new load is promoted to active and the formerly active software load bank becomes standby. 6 Verify the configuration and operation of the unit operating with the new software load 7 Commit the load (copy the newly activated load to the standby software load bank). October 11, 2011 Confidential Page 198 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade Note: Any configuration changes that you make before you commit the new software load are lost if you back out of the upgrade. You can also use BelView NMS to manage how nodes are upgraded. For details, refer to the BelView NMS User Guide and Auto-upgrade on page 204. CAUTION!
Do not change or save the node configuration while upgrading the system. CAUTION!
It is always possible to downgrade a committed software load to an older release. However, while the existing configuration data is saved (upgraded) during a software upgrade, the existing configuration data could be lost (erased) during a software downgrade. BelAir Networks recommends that you save and remotely store the current existing configuration database in case you choose to downgrade a software load. For instructions on how to downgrade a unit, contact BelAir Networks. Displaying the Active and Next Software Loads Downloading a New Software Load Display the active software load and the load that is activated at the next reboot with the following command:
/system/show loads
/system/upgrade load remoteip <serverIPaddress>
remotepath <serverSubDir>
[{tftp|ftp [user <usrname> password <pword>]}]]
This command downloads a new software image from a remote server. It copies the new software load into the standby software load bank and sets the new load as the next active load. See Figure 9 on page 200. You can use either TFTP or FTP to communicate with the remote server. By default, the upgrade load command uses TFTP. If you specify FTP, you can also specify the user name and password. The default FTP user name is anonymous and the default FTP password is root@<nodeip>, where <nodeip> is the IP address of node making the request. If you do not use the default FTP username, the FTP server must be configured to accept your username and password. CAUTION!
Once it begins, the upgrade process cannot be interrupted or terminated by the user with the current CLI session. See Canceling a Software Upgrade on page 200. October 11, 2011 Confidential Page 199 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Canceling a Software Upgrade Performing a Software Upgrade
/system/cancel upgrade This command stops the transfer of the new software load into the standby software load bank. If you reboot the node, the software in the active software load bank is used. See Figure 9. To cancel the upgrade process:
1 Start another CLI session to the BelAir20E being upgraded and log in as in as root. 2 Issue the following command:
/system/cancel upgrade 3 When requested, confirm your intent. CAUTION!
If you confirm that you want to cancel the software upgrade, a message appears in the other CLI session informing its user that the upgrade has been cancelled. Because the software upgrade process was interrupted, the software in the standby software load bank may no longer be suitable to reboot the system. Do not set it to be the next active load unless you first commit the current active software load, or complete a new software upgrade. Figure 9: Software Upgrade Step 3 - Downloading the New Software Load BelAir Unit Active Software Load Pointer to software load for next restart A B Active Software Load Standby Software Load External TFTP Server Software Download October 11, 2011 Confidential Page 200 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade Verifying a Successful Download Verify that the new software downloaded successfully with the following command:
/system/show loads verify The verify option calculates and verifies the checksum. A bad checksum indicates an issue with the load. If there are any issues, perform the download again. Example
/system# show loads verify Application BankA
Sw Version: BA100 9.0.0.S.2009.01.05.16.35 (r20884) State: Running (next reboot) CommitState: committed Md5Sum: OK Application BankB
Sw Version: BA100 8.0.8.D.2008.09.18.18.18 (r19148) State: Shadow CommitState: committed Md5Sum: OK Bootloader Info
PPC405EP Common Bootloader Version 4.06 11/06/2008 Activating a Software Load To activate a software load, enter the following:
/system/reboot The reboot command is only available if you are logged in as root. This command forces the unit to execute with the new load and completes the activation process. When upgrading several nodes in a network, BelAir recommends that you reboot the most remote node first and progress towards the near-end, node-by-node. For star topologies, reboot the subscriber station nodes before rebooting the associated base station node. Note: Rebooting a unit as part of a software upgrade can take significantly longer, up to 20 minutes, depending on the units configuration. October 11, 2011 Confidential Page 201 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Verifying the New Software Load Committing a New Software Load CAUTION!
Performing a Software Upgrade BelAir Networks recommends that you fully verify the configuration and operation of an upgraded unit before you commit the new load. Use the following steps as guidelines. 1 Fully verify the units configuration and operation. 2 If required, adjust any settings and save the new configuration. 3 Reboot the unit and verify that all changes take effect. If you observe any issues, follow the steps in Backing Out from a Software Upgrade on page 203.
/system/commit load Once you have activated the unit with new software load, you can commit it with this command. See Figure 10. This command copies the contents of the active software bank to the standby bank. For example, if the active software bank is A, its contents overwrite those of bank B. Backing out is no longer possible after the new software load has been committed. After the new software load has been committed, you can no longer back out of the upgrade; but you can downgrade the unit. For instructions on how to downgrade a unit, contact BelAir Networks. Figure 10: Software Upgrade Step 7 - Commit the Software Load BelAir Unit Active Software Load Pointer to software load for next restart A B Standby Software Load Active Software Load Commit: Overwrite old software load in the standby bank October 11, 2011 Confidential Page 202 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade The commit command copies the system software and the configuration database to the adjacent bank at the time of execution. However, changes to the active loads configuration after the commit command is executed are not automatically stored in the standby bank. To keep both banks synchronized, you must use the commit command after every configuration change of the active load. Backing Out from a Software Upgrade It is possible to back out from a software upgrade in case its effects are undesired, but only if the new software load has not been committed. See Figure 11 on page 203. Figure 11: Backing Out from an Uncommitted Software Upgrade BelAir Unit Active Software Load Pointer to software load for next restart A Activate old software load B Old Software Load New Software Load Backout: Overwrite new software load with old software load When you back out of a software upgrade, the old load overwrites the new software load. To back out from an upgrade, do the following steps:
1 Determine which bank has the old software load with the following command:
/system/show loads 2 Set the old software load to be the next active load with the following command:
/system/set next-load {A|B}
October 11, 2011 Confidential Page 203 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Performing a Software Upgrade If you have just upgraded the software, you must set the unit to reboot with the currently standby load. For example, if the old software load is in bank A, as shown in Figure 11, and the new software load is in bank B, then you must activate bank A with the following command:
/system/set next-load A Alternatively, steps 1 and 2 can be combined with the following command:
/system/set next-load {current|inactive}
If you specify inactive, at the next reboot the system uses the bank containing a load other than the one that is running. Specify current to switch back to the bank containing the active load. 3 Reboot the system, with the reboot command. Note: Rebooting a unit as part of a software upgrade can take significantly longer, up to 20 minutes, depending on the units configuration. 4 Run the commit command. Running the commit command is not necessary if the system is already executing the old software load (because you have decided, for example, to back-out of the upgrade before activating the new load). In this case, the content of the old software load (which is active) overwrites the contents of the new undesired software load.
/system/show upgrade status This command displays the status of the software upgrade process.
/system/clear alarm upgrade-failure This command allows you to clear the alarm generated when a software upgrade fails. Displaying the Status of the Software Upgrade Clearing the Upgrade Failure Alarm Auto-upgrade
/system/show auto-upgrade
/system/set auto-upgrade {enabled|disabled}
This command allows you to control whether a node can be upgraded automatically through BelView NMS. The default setting is enabled, meaning that BelView NMS can automatically upgrade the node, For details, refer to the BelView NMS User Guide. October 11, 2011 Confidential Page 204 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide For More Information For More Information BelAir Networks documentation is modular and organized to be of best use to you during the logical process of setting up a network of BelAir devices. Use the documents as outlined in the following sections. Installation Guide Use this document when you are:
installing BelAir units determining infrastructure requirements pre-configuring the BelAir units problem-solving on the site mounting BelAir units commissioning the BelAir units User Guide Use this document when you are:
becoming accustomed to the CLI interface becoming accustomed to the SNMP interface accessing the Web interface configuring the unit:
IP parameters data and time Ethernet interfaces configuring the radios:
antenna and link features access channel numbers transmission power levels radio transmission rates wireless security configuring Quality of Service (QoS) October 11, 2011 Confidential Page 205 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide For More Information Troubleshooting Guide upgrading the unit saving and restoring the configuration Use this document when you are:
troubleshooting and in need of technical support looking up system configuration details:
Alarms and events System logs Statistics October 11, 2011 Confidential Page 206 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Technical Support Technical Support Support Resources This section provides direction should you have questions about your BelAir20E unit. In general, BelAir Networks recommends that you do the following steps to seek the information you want:
1 Refer to the Troubleshooting Guide of the BelAir unit to see if it describes your situation. If it does, do the provided corrective actions. 2 If the troubleshooting guide does not cover your situation, contact your BelAir Networks product representative 3 If you still need assistance, use the BelAir Networks online support center at http://support.belairnetworks.com 4 Finally, if your issue is not resolved, contact BelAir Networks:
613-254-7070, option 2 1-877-BelAir1 (235-2471), option 2 techsupport@belairnetworks.com Warranty and Limitations To review BelAirs product warranty, refer to the document called BelAir Products Warranty and Limitations available on the BelAir Networks Website, or contact your BelAir Representative. October 11, 2011 Confidential Page 207 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Definitions and Acronyms Definitions and Acronyms ACL AES AP Beacon BID BPDU BSS Client CLI DHCP IP IP address Access Control List Advanced Encryption System Access Point. A wireless LAN data transceiver that uses radio waves to provide connectivity services to a network A protocol packet that signals the availability and presence of a wireless device Bridge identifier used in spanning-tree calculations Bridge protocol data unit. When the spanning tree protocol is enabled, bridges send and receive spanning-tree frames, called BPDUs, at regular intervals and use the frames to maintain a loop-free network. Basic Service Set: A set of 802.11-compliant stations that operate as a fully connected wireless network A device that uses the services of a wireless access point to connect to a network Command Line Interface Dynamic Host Configuration Protocol Internet Protocol The Internet Protocol (IP) address of a station. Expressed in dotted notation, for instance, 10.21.1.14 IP subnet mask The number used to identify the IP sub-network. LAN LPM MAC Local Area Network Line and Power Module Media Access Control MAC Address Media Access Control address. A unique 48-bit number used in Ethernet data MAU MIB MPDU NAS OAM packets to identify an Ethernet device. Medium Attachment Unit SNMP Management Information Base MAC Protocol Data Unit Network Access Server Operations, Administration and Maintenance October 11, 2011 Confidential Page 208 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Definitions and Acronyms OUI PVID PDU QoS RADIUS RTS SNMP SNTP SSH SSID SSL TCP TKIP TU UDP VLAN WEP WPA Organizationally Unique Identifier (first 3 bytes of a MAC address) Port VLAN identifier Protocol Data Unit Quality of Service Remote Authentication Dial-In User Service. An Internet protocol (RFC 2138) for carrying dial-in users' authentication information and configuration information between a shared, centralized authentication server (the RADIUS server) and a network access server (the RADIUS client) that needs to authenticate the users of its network access ports Request to Send Simple Network Management Protocol Simple Network Time Protocol Secure Shell Service Set Identifier (also referred to as Network Name or Id). A unique identifier used to identify a radio network and which stations must use to be able to communicate with each other or to an access point Secure Socket Layer Transmission Control Protocol Temporal Key Integrity Protocol, an optional IEEE 802.11 function that offers frame transmission privacy. Like WEP, it is based on RC4 encryption. It generates new encryption keys for every 10 kilobytes of data transmitted. Wireless Time Unit, as defined in IEEE 802.11, a measure of time equal to 1024 microseconds User Datagram Protocol Virtual Local Area Network Wired Equivalent Privacy, an optional IEEE 802.11 function that offers frame transmission privacy. The Wired Equivalent Privacy generates secret shared encryption keys that both source and destination stations can use to alter frame bits to avoid disclosure to eavesdroppers. Wi-Fi Protected Access October 11, 2011 Confidential Page 209 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements Conformity and Regulatory Statements Regulatory Information and Disclaimers This section provides declarations of conformity and regulatory information for the BelAir20E. This section contains the following sections:
Regulatory Information and Disclaimers on page 210 Manufacturers US Federal Communication Commission Conformity Statement on page 211 Manufacturers Industry Canada Conformity Statement on page 212 Manufacturers European Community Conformity Statement on page 213 Declaration of Conformity for RF Exposure on page 216 Product Disposal on page 216 Installation and use of this device must be in strict accordance with the instructions included in the user documentation provided with the product. Any changes or modifications to this product not expressly approved by the party responsible for compliance could void the users authority to operate this equipment. The manufacturer is not responsible for any interference to radio or television equipment caused by unauthorized modification of this device, or attachment of any antennas or equipment other than those specified by the manufacturer. The manufacturer or its authorized resellers or distributors will assume no liability for any damage arising from failure to comply with these guidelines, or failure to comply with local, regional or national safety, electrical or building codes, or government regulations. This product is manufactured in Canada with originating and non-originating product. Ce produit est fabriqu au Canada avec des matires originaires et non originaires du produit. October 11, 2011 Confidential Page 210 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Manufacturers US Federal Communication Commission Conformity Statement FCC Interference Statement Conformity and Regulatory Statements This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for assistance. FCC Caution: Any changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Operations in the 5.15-5.25GHz band are restricted to indoor usage only. October 11, 2011 Confidential Page 211 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Manufacturers Industry Canada Conformity Statement Conformity and Regulatory Statements This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. IMPORTANT NOTE:
Radiation Exposure Statement:
This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 25 cm between the radiator and a human body. Caution:
The device for the band 5150-5250 MHz is only for indoor usage to reduce potential for harmful interference to co-channel mobile satellite systems. High power radars are allocated as primary users (meaning they have priority) of 5250-5350 MHz and 5650-5850 MHz and these radars could cause interference and/or damage to LE-LAN devices. Ce dispositif est conforme la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire de brouillage prjudiciable, et (2) ce dispositif doit accepter tout brouillage reu, y compris un brouillage susceptible de provoquer un fonctionnement indsirable. NOTE IMPORTANTE:
Dclaration d'exposition aux radiations:
Cet quipement est conforme aux limites d'exposition aux rayonnements IC tablies pour un environnement non contrl. Cet quipement doit tre install et utilis avec un minimum de 25 cm de distance entre la source de rayonnement et dun corps humain. Avertissement:
Le dispositif fonctionnant dans la bande 5150-5250 MHz est rserv uniquement pour une utilisation l'intrieur afin de rduire les risques de brouillage prjudiciable aux systmes de satellites mobiles utilisant les mmes canaux. Les utilisateurs de radars de haute puissance sont dsigns utilisateurs principaux (c.--d., qu'ils ont la priorit) pour les bandes 5250-5350 MHz et October 11, 2011 Confidential Page 212 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements 5650-5850 MHz et que ces radars pourraient causer du brouillage et/ou des dommages aux dispositifs LAN-EL. Manufacturers European Community Conformity Statement Table 17: European Community Conformity Statement Language Statement English Deutsch Dansk Espaol Franais slenska Italiano This equipment is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Dieses Gert entspricht den grundlegenden Anforderungen und den weiteren entsprecheneden Vorgaben der Richtlinie 1999/5/EU. Dette udstyr er i overensstemmelse med de vsentlige krav og andre relevante bestemmelser i Directiv 1999/5/EF. Este equipo cumple con los requisitos esenciales asi como con otras disposiciones de la Directiva 1999/5/EC. Cet appareil est conforme aux exigences essentielles et aux autres dispositions pertinentes de la Directive 1999/5/EC. essi bnaur samrmist lgbonum krfum og rum kvum tilskipunar 1999/5/ESB. Questo apparato conforme ai requisiti essenziali ed agli altri principi sanciti dalla Direttiva 1999/5/EC. Nederlands Deze apparatuur voldoet aan de belangrijkste eisen en andere voorzieningen van richtlijn 1999/5/EC. Norsk Portugus Dette utstyret er i samsvar med de grunnleggende krav og andre relevante bestemmelser i EU-directiv 1999/5/EC. Este equipamento satisfaz os requisitos essenciais e outras provises da Directiva 1999/5/EC. October 11, 2011 Confidential Page 213 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements Table 17: European Community Conformity Statement (Continued) Language Statement Suomalainen Tm laite tytt direktiivin 1999/5/EY oleelliset vaatimukset ja on siin asetettujen muidenkin ehtojen mukainen. Svenska Denna utrustning r i verensstmmelse med de vsentliga kraven och andra relevanta bestmmelser i Direktiv 1999/5/
EC. The Declaration of Conformity related to this product can be found at the following URL: www.belairnetworks.com/support/index.cfm. The BelAir20E complies with the following EU Radio standards:
EN 300 328 V1.4.1 (2003-04) and EN300 328-2 V1.2.1 (2001-12) Electromagnetic compatibility and Radio spectrum Matters (ERM);
Wideband Transmission systems; Data transmission equipment operating in the 2,4 GHz ISM band and using spread spectrum modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive. EN 300 440-2 V1.1.1 (2001-09) Electromagnetic compatibility and Radio spectrum Matters (ERM); Short range devices; Radio equipment to be used in the 1 GHz to 40 GHz frequency range; Part 2: Harmonized EN under article 3.2 of the R&TTE Directive. EN 300 440-2 V1.1.2 (2004-07) Electromagnetic Compatibility and Radio spectrum Matters (ERM); Short range devices; Radio equipment to be used in the 1GHz to 40 GHz frequency range; Part2: Harmonized EN under article 3.2 of the R&TTE Directive. EN 301 893 V1.4.1 (2007-07) Broadband Radio Access Networks (BRAN);
5 GHz high performance RLAN; Harmonized EN covering essential requirements of article 3.2 of the R&TTE Directive EN 300 328 V1.6.1 (2004-11) Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband Transmission systems; Data transmission equipment operating in the 2,4 GHz ISM band and using spread spectrum modulation techniques; Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive. October 11, 2011 Confidential Page 214 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements UK Interface Requirement 2005 UK Radio Interface Requirement for Wideband Transmission Systems operating in the 2.4 GHz ISM Band and Using Wide Band Modulation Techniques (November 2006). UK Interface Requirement 2006 Wireless Access Systems (WAS) including RLANs operating in the 5150-5725 MHz band (Version 3.0) 98/34/EC Notification number: 2006/421/UK Published 14 November 2006 UK Interface Requirement 2007 Fixed Broadband Services operating in the 5725 -5850 MHz band (Version 3.0) 98/34/EC Notification Number: 2006/422/UK Published 30 May 2007 The BelAir20E complies with the following EU EMC standards:
EN 301 489-17 V1.2.1 (2002-08) ElectroMagnetic Compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC) Standard for Radio Equipment and Services; Part 17: Specific Conditions for 2.4 GHz Wideband Transmission Systems and 5 GHz High Performance RLAN Equipment The BelAir20E complies with the following EU Safety standards:
EN 60825-2:2000 Safety of Optical Fibre Communication Systems EN 60950:2000 Safety of Information Technology Equipment IEC 60950:2005 Second Edition and/or EN 60950-1:2006 The following CE mark is affixed to the BelAir20E:
Note: This equipment is intended to be used in all EU and EFTA countries. Outdoor use may be restricted to certain frequencies and/or may require a license for operation for example in France the frequencies 2454-2483.5 MHz are restricted to 10 mW effective isotropic radiated power (EIRP) in outdoor environments, so channels 8-13 require reduced power. For more details, contact BelAir Networks. October 11, 2011 Confidential Page 215 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Declaration of Conformity for RF Exposure Product Disposal Mise au rebut du produit Conformity and Regulatory Statements This Wireless LAN radio device has been evaluated under FCC Bulletin OET 65C, Health Canada Safety Code 6 and EN 62311:2008, and found to be compliant to the requirements set forth in CFR 47 Sections 2.1091, 2.1093, and 15.247 (b) (4) addressing RF exposure from radio frequency devices. This Wireless LAN radio device also conforms to EU Health and Safety Directive 2004/40/EC as per EN 50385. This device complies with FCC RF radiation exposure limits for an uncontrolled environment. The radiated output power of this Wireless LAN device is below the FCC radio frequency exposure limits. However, this device should still be installed and used in such a manner that the potential for human contact during normal operation is minimized. Warning: In order to comply with RF exposure limits established in the ANSI C95.1 standard, this equipment should be installed and operated at a minimum distance of 9.8 inches (25 cm) between the radiator and a human body. This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. The availability of some specific channels and/or operational frequency bands are country dependent and are firmware programmed at the factory to match the intended destination. The firmware setting is not accessible by the end user. BelAir Networks adheres to directive 2002/96/EC of the European Parliament and the council of 27 January 2003 on Waste Electrical and Electronic Equipment (WEEE). To dispose of equipment, including batteries, contact BelAir Networks customer service to get a Return Material Authorization (RMA) number and shipping instructions. BelAir Networks customer service can be reached at:
613-254-7070, menu item 3 1-877-BelAir1 (235-2471), menu item 3 customerservice@belairnetworks.com BelAir Networks se conforme la directive 2002/96/EC du Parlement europen et du Conseil de lEurope du 27 janvier 2003 relative la destruction des dchets dquipements lectriques et lectroniques (DEEE). Si vous souhaitez vous dbarrasser de lquipement, y compris des piles, veuillez communiquer avec le service la clientle de BelAir Networks, afin dobtenir un numro dautorisation de retour du matriel et des instructions October 11, 2011 Confidential Page 216 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements sur les modalits dexpdition. Veuillez trouver ci-dessous les coordonnes du service la clientle de BelAir Networks :
Produktentsorgung 613-254-7070, option 3 1 877 BelAir1 (235-2471), option 3 customerservice@belairnetworks.com BelAir Networks erfllt die Anforderungen der Richtlinie 2002/96/EG des Europischen Parlaments und des Rates vom 27. Januar ber Elektro- und Elektronik-Altgerte (Waste Electrical and Electronic Equipment = WEEE). Fr die Entsorgung von Gerten, einschlielich Batterien, wenden Sie sich bitte an den Kundendienst von BelAir Networks, um eine RMA-Nummer
(Rcksendenummer) und die Versandanweisungen zu erhalten. Den Kundendienst von BelAir Networks erreichen Sie unter:
+001 613 254 7070, Menpunkt 3
+001 877 235 2471, Menpunkt 3 customerservice@belairnetworks.com Verwijdering van het product BelAir Networks volgt Richtlijn 2002/96/EG van het Europese Parlement en de Raad van 27 januari 2003 betreffende afgedankte elektrische en elektronische apparatuur (AEEA). Voor het verwijderen van apparatuur, met inbegrip van batterijen, neemt u contact op met BelAir Networks klantenservice voor een retournummer
(RMA) en verzendinstructies. BelAir Networks klantenservice kunt u bereiken via:
+1 613-254-7070, menupunt 3
+1-877-BelAir1 (235-2471), menupunt 3 customerservice@belairnetworks.com Tuotteen hvittminen BelAir Networks noudattaa shk- ja elektroniikkalaiteromusta 27 pivn tammikuuta 2003 annettua Euroopan parlamentin ja neuvoston direktiivi 2002/
96/EY. October 11, 2011 Confidential Page 217 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements Palauttaaksesi vlineet, mukaan luettuina akut, ota yhteys BelAir Networks asiakaspalveluun, niin saat RMA (Return Material Authorization) numeron ja lhetysohjeet. BelAir Networks asiakaspalveluun saa yhteyden seuraavasti:
613-254-7070, valikon vaihtoehto 3 1-877-BelAir1 (235-2471), valikon vaihtoehto 3 customerservice@belairnetworks.com Smaltimento del prodotto BelAir Networks aderisce alla direttiva 2002/96/CE del parlamento Europeo e del Consiglio dEuropa del 27 gennaio 2003, sullo smaltimento degli apparecchi elettrici ed elettronici (WEEE). Produktbortskaffelse Per lo smaltimento di tali apparecchi, comprese le batterie, contattare lassistenza clienti di BelAir Networks per ottenere un numero di autorizzazione alla restituzione del materiale da smaltire (Return Material Authorization - RMA) e le istruzioni per la spedizione. Il supporto clienti di BelAir Networks pu essere contattato ai numeri/allindirizzo e-mail:
613-254-7070, selezione menu 3 1-877-BelAir1 (235-2471), selezione menu 3 customerservice@belairnetworks.com BelAir Networks overholder direktivet 2002/96/EC fra Europa-Parlamentet og
-Rdet dateret den 27. januar 2003 om Waste Electrical and Electronic Equipment (WEEE) (Affald af elektrisk og elektronisk udstyr). For at bortskaffe udstyr, samt batterier, kontakt kundeservicen hos BelAir Networks for at f et Return Material Authorization (RMA)-nummer
(returneringstilladelsesnummer) og forsendelsesinstruktioner. BelAir Networks kundeservice kan kontaktes p:
613-254-7070, menunummer 3 1-877-BelAir1 (235-2471), menunummer 3 customerservice@belairnetworks.com Eliminao do produto A BelAir Networks cumpre a Directiva 2002/96/CE do Parlamento Europeu e do Conselho, de 27 de Janeiro de 2003, relativa aos Resduos de Equipamentos Elctricos e Electrnicos (REEE). Para proceder eliminao do equipamento, incluindo as baterias, favor contactar a assistncia ao cliente da BelAir Networks para obter um nmero October 11, 2011 Confidential Page 218 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements Eliminacin del producto de Autorizao de Devoluo do Material (RMA Return Material Authorization) e as instrues relativas ao envio. A assistncia ao cliente da BelAir Networks pode ser contactada atravs de:
613-254-7070, item de menu 3 1-877-BelAir1 (235-2471), item de menu 3 customerservice@belairnetworks.com BelAir Networks cumple con la directiva 2002/96/EC del Parlamento Europeo y del Consejo de 27 de enero de 2003 sobre los residuos de aparatos elctricos y electrnicos (RAEE). Para la eliminacin de equipo, incluyendo las pilas, contacte con el servicio de atencin al cliente de BelAir Networks y obtenga el nmero de una Autorizacin de Devolucin de Material (RMA) y las instrucciones para la expedicin. Utilice la siguiente informacin para comunicarse con el servicio de atencin al cliente de BelAir Networks:
613-254-7070, nmero 3 del men 1-877-BelAir1 (235-2471), nmero 3 del men customerservice@belairnetworks.com October 11, 2011 Confidential Page 219 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Conformity and Regulatory Statements October 11, 2011 Confidential Page 220 of 47 Document Number BDTM02201-A01 Standard BelAir20E User Guide Appendix A: Node Configuration Sheets Node Configuration Sheets You can use this sample worksheet to document the basic configuration of a BelAir20E unit. Store your worksheets in a secure location because they contain sensitive information (super-user password and privacy keys). Unit part number (located on the sticker on to the unit):__________________________ Unit serial number (located on the sticker on to the unit):__________________________ Super-user password: ____________________________ System Name: ______________ Location: ____________ Contact: _______________ Base MAC Address: ______________ IP Address: _____________Subnet:______________ Gateway: ______________ Cable Modem MAC Address (BA00SN and BA100SNE only): ________________________________ Layer 2 Configuration: STP Priority: _______ Client to VLAN mapping:
Y or N October 11, 2011 Confidential Page 221 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Node Configuration Sheets Wi-FI Access Point (AP) Settings (if configured) Interface: wifi-___-___ Channel: ________ Table 18: AP Privacy Setting Table (Optional) SSID (1 to 8) ACL Encryption and Authentication __________________ Y or N wep40 RADIUS or 5-byte pre-shared key: _______________________________________________ wep104 RADIUS or 13-byte pre-shared key: ______________________________________________ wpa encryption (TKIP or AES):____________________ RADIUS or 8 to 63-byte pre-shared key: ___________________________________________ wpa2 encryption (PSMv2 only: TKIP or AES. Others: AES only):____________________ RADIUS or 8 to 63-byte pre-shared key: ___________________________________________ dot1x (RADIUS (EAP) authentication) 1. ________________ 2. ________________ 3. ________________ 4. ________________ __________________ Y or N wep40 RADIUS or 5-byte pre-shared key: _______________________________________________ wep104 RADIUS or 13-byte pre-shared key: ______________________________________________ wpa encryption (TKIP or AES):____________________ RADIUS or 8 to 63-byte pre-shared key: ___________________________________________ wpa2 encryption (PSMv2 only: TKIP or AES. Others: AES only):____________________ RADIUS or 8 to 63-byte pre-shared key: ___________________________________________ dot1x (RADIUS (EAP) authentication) 1. ________________ 2. ________________ 3. ________________ 4. ________________ October 11, 2011 Confidential Page 222 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Wi-Fi Backhaul Setting (if configured) Interface: wifi-___-___ Channel: ________ Link ID: _____________________ Node Configuration Sheets AES Privacy (Y or N):__________ Key (16 characters):_____________________________________ Topology (P-to-P, MP-to-MP mesh, P-to-MP star): ________________________________ P-to-MP star role (base-station or subscriber-station): ____________________________ P-to-MP star link index: ____________________________ October 11, 2011 Confidential Page 223 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Appendix B: Mesh Auto-connection Example Mesh Auto-connection Example This example uses two meshes of BelAir20 nodes to show how mesh auto-connection operates. Setup and Initial Conditions See Figure 12. Figure 12: Auto-connection Initial Conditions Mesh A Mesh B Node122 BelAir20 Child BA20MeshA Link ID Node120 BelAir20 Egress Ethernet Egress Connection Node123 BelAir20 Child BA20MeshB Link ID Node121 BelAir20 Egress Ethernet Egress Connection To setup auto-connection:
The first six bytes of the respective link IDs must match. This is true in our example (B20MeshA and B20MeshB). The auto-connection admin state in the child nodes must be enabled. October 11, 2011 Confidential Page 224 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example The egress node of each mesh must have its system egress point set to either yes direct or yes indirect. See Setting the Network Egress Point on page 54 for details. The following series of CLI commands show this for both meshes. Node122 (Child Node of Mesh A) Display the backhaul configuration.
/interface/wifi-1-1# show config backhaul Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 161 mode: ...................... ht20 mimo: ...................... 3x3 tx power: .................. 18.0 (dBm per-chain), 23.0 (dBm total) antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) tx aggregation:............... Enabled base radio MAC : ............. 00:0d:67:10:e8:92 Backhaul:
Common:
privacy: ................. Disabled mesh-min-rssi............. -100 (dbm) Stationary Backhaul:
link admin state: ........ Enabled link id: ................. B20MeshA topology: ................ mesh Mobile Backhaul:
mobile admin state: ...... Disabled mobile link id: .......... mobile link role: ........ ss Protection Backhaul:
protection admin state: .. Disabled Blacklist:
No blacklist entries Link Failure Detection: ...... Disabled Backhaul T1 Bandwidth limit:.. Disabled Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0c:22:4b fwd fwd -46 wifi-1-1 180.7.4.120 October 11, 2011 Confidential Page 225 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Enable auto-connection and verify it.
/services/auto-conn# set admin enabled
/services/auto-conn# show config admin state: ................. Enabled
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up down no no Node120 (Egress Node of Mesh A) Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:10:e8:92 fwd fwd -44 wifi-1-1 180.7.4.122 Identify Node120 as an egress node.
/system# set system-egress-point yes direct
/system# show system-egress-point egress point:................. direct Enable auto-connection and verify it.
/services/auto-conn# set admin enable
/services/auto-conn# show config admin state: ................. Enabled
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up up yes no Node123 (Child Node of Mesh B) Display the backhaul configuration.
/interface/wifi-1-1# show config backhaul Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 153 mimo: ...................... 1x1 tx power: .................. 18.0 (dBm per-chain), 18.0 (dBm total) antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) tx aggregation:............... Enabled base radio MAC : ............. 00:0d:67:10:f8:d7 Backhaul:
October 11, 2011 Confidential Page 226 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Common:
privacy: ................. Disabled mesh-min-rssi............. -100 (dbm) Stationary Backhaul:
link admin state: ........ Enabled link id: ................. B20MeshB topology: ................ mesh Mobile Backhaul:
mobile admin state: ...... Disabled mobile link id: .......... mobile link role: ........ ss Protection Backhaul:
protection admin state: .. Disabled Blacklist:
No blacklist entries Link Failure Detection: ...... Disabled Backhaul T1 Bandwidth limit:.. Disabled Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0c:22:29 fwd fwd -49 wifi-1-1 180.7.4.121 Enable auto-connection and verify it.
/services/auto-conn# set admin enabled
/services/auto-conn# show config admin state: ................. Enabled
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up down no no Node121 (Egress Node of Mesh B) Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:10:f8:d7 fwd fwd -41 wifi-1-1 180.7.4.123 October 11, 2011 Confidential Page 227 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Identify Node121 as an egress node.
/system# set system-egress-point yes direct
/system# show system-egress-point egress point:................. direct Enable auto-connection and verify it.
/services/auto-conn# set admin enable
/services/auto-conn# show config admin state: ................. Enabled
/services/auto-conn# sh status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up up yes no Fault Conditions At this point, the Ethernet connection used by the Mesh B egress node
(Node121) becomes unavailable. The Mesh B nodes (Node121 and Node123) connect to the Mesh A nodes and all traffic flows through the Mesh A egress node (Node 120). Node121 and Node123 become members of Mesh A. See Figure 13 on page 229. October 11, 2011 Confidential Page 228 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Figure 13: Auto-connection and Fault Conditions Mesh A Mesh B Node122 BelAir20 Child BA20MeshA Link ID Node120 BelAir20 Egress Ethernet Egress Connection Node123 BelAir20 Child BA20MeshB Link ID Node121 BelAir20 Egress Ethernet Egress Connection Node120 (Egress Node of Mesh A) Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:10:e8:92 fwd up -46 wifi-1-1 180.7.4.122
[S] 2 00:0d:67:0c:22:29 fwd fwd -36 wifi-1-1 180.7.4.121
[S] 3 00:0d:67:10:f8:d7 fwd up -64 wifi-1-1 180.7.4.123 October 11, 2011 Confidential Page 229 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Display the auto-connect topology. It shows that the Mesh A egress node still operates normally.
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up up yes no Node122 (Child Node of Mesh A) Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0c:22:4b up fwd -51 wifi-1-1 180.7.4.120
[S] 2 00:0d:67:0c:22:29 fwd fwd -41 wifi-1-1 180.7.4.121
[S] 3 00:0d:67:10:f8:d7 fwd up -58 wifi-1-1 180.7.4.123 Display the auto-connect topology.
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up down yes no Node123 (Child Node of Mesh B) Display the backhaul configuration.
/interface/wifi-1-1# show config backhaul Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n admin state: ................. Enabled channel: ..................... 153 mimo: ...................... 1x1 tx power: .................. 18.0 (dBm per-chain), 18.0 (dBm total) antenna gain: ................ 5.0 (dBi) link distance: ............... 1 (km) tx aggregation:............... Enabled base radio MAC : ............. 00:0d:67:10:f8:d7 Backhaul:
Common:
privacy: ................. Disabled mesh-min-rssi............. -100 (dbm) Stationary Backhaul:
link admin state: ........ Enabled link id: ................. B20MeshB topology: ................ mesh Mobile Backhaul:
October 11, 2011 Confidential Page 230 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide mobile admin state: ...... Disabled mobile link id: .......... mobile link role: ........ ss Protection Backhaul:
protection admin state: .. Disabled Blacklist:
No blacklist entries Link Failure Detection: ...... Disabled Backhaul T1 Bandwidth limit:.. Disabled Mesh Auto-connection Example Display the mesh topology.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:10:e8:92 up fwd -58 wifi-1-1 180.7.4.122
[S] 2 00:0d:67:0c:22:29 fwd fwd -47 wifi-1-1 180.7.4.121
[S] 3 00:0d:67:0c:22:4b up fwd -67 wifi-1-1 180.7.4.120 Display the auto-connect topology.
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up down yes yes Node121 (Egress Node of Mesh B) Display the auto-connect topology. It shows that it is using the alternate mesh as an egress point.
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up down yes yes Recovery Conditions At this point, the Ethernet connection used by the Mesh B egress node
(Node121) is re-established. Because it is an egress node, Node121 automatically reverts back to its own mesh and begins to use the Ethernet connection to egress its traffic. However, its child nodes (for example, Node123) continue to use the Mesh A egress node until an explicit revert command is issued on each child you want to return to using Node121 as an egress. October 11, 2011 Confidential Page 231 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Node121 (Egress Node of Mesh B) Display the auto-connect topology after the Ethernet connection is re-established.
/services/auto-conn# show status Oper State Ether Link State Egress Reachable Use Alternate Mesh
up up yes no Display the nodes links to neighboring mesh, even after the Ethernet connection is re-established.
/services/auto-conn# show alternate-mesh Alternate Mesh:
Radio Interface --- wifi-1-1 Mesh ID --- B20MeshA Channel --- 161 Status --- Up Node122 (Child Node of Mesh A) Display the mesh topology after the Ethernet connection is re-established on Node121 but before the auto-connection revert command is given.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0c:22:4b fwd fwd -49 wifi-1-1 180.7.4.120
[S] 3 00:0d:67:10:f8:d7 fwd fwd -58 wifi-1-1 180.7.4.123 See Figure 14 on page 233. October 11, 2011 Confidential Page 232 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Mesh Auto-connection Example Figure 14: Auto-connection after Recovery before Revert Mesh A Mesh B Node122 BelAir20 Child BA20MeshA Link ID Node120 BelAir20 Egress Ethernet Egress Connection Node123 BelAir20 Child BA20MeshB Link ID Node121 BelAir20 Egress Ethernet Egress Connection Display the mesh topology after the Ethernet connection is re-established on Node121 and after the auto-connection revert command is given.
/interface/wifi-1-1# show backhaul status WiFi backhaul states:: stationary=[Enabled] mobile=[Disabled] protection=[Disabled]
Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
[S] 1 00:0d:67:0c:22:4b fwd fwd -49 wifi-1-1 180.7.4.120 After the revert command is given, the mesh topology returns to that shown in Figure 12 on page 224. October 11, 2011 Confidential Page 233 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Appendix C: Scripting Guidelines Scripting Guidelines General Scripting Guidelines Overview Creating a BelAirOS Script This appendix provides guidance so you can create, manage and run scripts for BelAirOS platforms. This chapter introduces you to the concepts of creating and managing scripts for platforms that use the BelAirOS. The following sections are provided:
Overview on page 234 Creating a BelAirOS Script on page 234 Manually Transferring Files to and from a BelAir Node on page 235 Managing and Manually Running Script Files on page 236 In general, a script is a series of programming language statements to allow control of one or more software applications or devices. Scripts are distinct from the core code of an application, as they are created by the end-user. Scripts are often interpreted, whereas the applications they control are traditionally compiled to native machine code. For BelAirOS platforms you can create scripts consisting of valid and supported BelAir CLI commands to:
make repetitive tasks quicker and easier to do automate the configuration of a node when it starts up Your script file must contain special declarations for the following cases:
If you want to specify and control physical interfaces, such as wifi-1-1, use the declarations described in Specifying Physical Interfaces on page 237. Depending on the CLI commands in your script, you may need to reboot the BelAirOS platform. If this case, use the declarations described in Including a Reboot Command in a Script on page 242. Use the following general guidelines to create a script file:
Make sure the script contains only valid and supported BelAir CLI commands. If you are using an older script, make sure the CLI commands that it contains are still valid and supported. Some BelAir functions, such as Network Address Translation (NAT), require that you reboot the node after you configure them. If your script is for BelAirOS auto-configuration at startup and if it must include the reboot October 11, 2011 Confidential Page 234 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines command, then your script must include special declarations. For details, see Including a Reboot Command in a Script on page 242. Caution!
Using the reboot command in an auto-configuration script without the correct declarations may cause the node to enter a continuous reboot loop. Manually Transferring Files to and from a BelAir Node Test the final script to ensure all commands are valid, syntactically correct and appropriate for the installed hardware. To help debugging, redirect the output of the script to a file. Use the optional <output_file> parameter of the run script command. When you are satisfied with your script:
1 Put the final version of it on a TFTP, FTP or FTPS server to transfer the script file to the BelAir unit. 2 Use the commands described in Manually Transferring Files to and from a BelAir Node on page 235 to transfer the script to the BelAir platforms you want to control. 3 Use the commands described in Managing and Manually Running Script Files on page 236 as required. The process of downloading and running a script file on startup can be automated. For details, see the Auto-configuration chapter of the BelAir platform User Guide. Use the following CLI commands to manually transfer files, such as script files, to and from a BelAir node:
/system/tftpget remoteip <ip_addr> remotefile <filename>
[localfile <filename>]
/system/tftpput remoteip <ip_addr> localfile <filename>
[remotefile <name>]
/system/getfile remoteip <ip_addr> remotefile <filename>
[localfile <filename>]
[{tftp|
ftp [user <username> password <password>]|
ftps [user <username> password <password>]}]
For the tftpget and getfile commands, if you do not specify a local file name, then the transferred file maintains the same name as on the remote file system. For the tftpput command, if you do not specify a remote file name, then the transferred file maintains the same name as on the local file system. For the getfile command:
The default protocol is TFTP. For FTP, the default user name is anonymous and the default password is root@ followed by the node IP address. For example, if the node has October 11, 2011 Confidential Page 235 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines 148.16.4.123 as an IP address, then the default password is root@148.16.4.123. For FTPS, the default user name is the units MAC address stripped of colons. The default password is units MAC address stripped of colons, followed by @, followed by the node IP address. For example, if the node has 11:22:33:44:55:66 as a MAC address and 148.16.4.123 as an IP address, then the default user name is 112233445566 and the default password is 112233445566@148.16.4.123. CAUTION!
Do not use these commands to perform a software upgrade on a BelAir node. Use the upgrade load command instead. Refer to Performing a Software Upgrade on page 197 for full details on performing software upgrades. Managing and Manually Running Script Files Use the following commands as required:
/system/copy script <script file> <copied file name>
/system/delete script <script file>
/system/rename script <script file> <new name>
/system/show script <script file>
list scripts run script <scriptname> [<output_file>]
The copy, delete, rename and show script commands are available in system mode and allow you to manage and customize script files as you require. The list and run script commands are available from any mode. The list scripts command displays the scripts that are available to you. The run script command allows you to execute a previously created script file. Tip If you have a simple script that does not specify physical interfaces and does not contain a reboot command, you can also run it by copying it and pasting it into a CLI session window. If you use this method:
1 Paste only 20 to 25 commands at a time. Otherwise, you may overfill the command buffer used for the CLI session. If you overfill the command buffer, you need to determine exactly which commands were executed and which were not before proceeding. 2 After pasting a block of commands, verify that your script behaved as expected; that is, that the pasted commands produced the expected configuration. October 11, 2011 Confidential Page 236 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines 3 After verifying the script behavior, manually enter the config-save and reboot commands as required. Specifying Physical Interfaces If you want your script file to specify and control physical interfaces, such as wifi-1-1, then your script must contain the declarations described in the following sections:
Physical Interface Declaration Summary on page 237 Physical Interface Declaration Specifications on page 238 As well, this chapter contains examples of the setup, contents and results of a typical script. Physical Interface Declaration Summary Table 19 summarizes the declarations required in your script file to specify a physical interface. Table 19: BelAir Script Declaration Summary Script Declaration int[-<asbly>]-<iftype>[-<desc>]-<instance> Used to define a physical interface to which the Description
int-stop following CLI commands apply to. For a definition of <asbly>, <iftype>, <desc>, and <instance>, see Physical Interface Declaration Specifications on page 238. Precedes a CLI command that is not directed to the specified physical interface. The CLI command must start with a slash (/) followed by the mode(s) containing that command. For details, see Physical Interface Declaration Specifications on page 238. Terminates a command sequence associated with a previous declaration October 11, 2011 Confidential Page 237 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Physical Interface Declaration Specifications Scripting Guidelines Script files can use the following method to ensure commands are applied to the correct physical interface:
1 Begin the command sequence by specifying the physical interface with the following declaration:
int[-<asbly>]-<iftype>[-<desc>]-<instance>
<asbly> specifies the platforms assembly code. This part of the declaration is optional. If provided, it must match at least part of the text in the Assembly code field output by the /system/show phyinv command. <asbly>
must start with BelAir or BA. See also Common BelAirOS Platform Assembly Codes on page 244.
<iftype> specifies the type of physical interface. This part of the declaration is mandatory. It must be one of wifi, wimax, pwe, eth or opt.
<desc> specifies a description of the interface to uniquely identify it. This part of the declaration is optional. If provided, it must be at least three characters long and match at least part of the text in the Description field in the Physical Interface Table output by the /system/show phyinv command. See also Common Radio Card Descriptions on page 246.
<instance> specifies which instance of the interface to apply the commands to. It must be a digit between 1 and 127. Use a dash ( - ) to separate each part in the declaration. The system uses the information in your declaration to determine which physical interface the following commands apply to. 2 List the CLI commands. These may be commands directed to the physical interface specified by step 1 or they may be other commands. Any commands not directed to the specified physical interface must start with a slash ( / ) followed by the mode(s) containing that command. In all cases, make sure you follow the guidelines in Creating a BelAirOS Script on page 234. 3 Terminate the command sequence with the following declaration:
int-stop If the BelAirOS cannot identify a physical interface based on the information in the int declaration, then it skips the list of commands and continues executing the script after the int-stop declaration. The following example shows the setup, script and output of a typical application of this functionality for a BelAir100T. October 11, 2011 Confidential Page 238 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Physical Interface Script Example - Setup The following output of the show phyinv command shows the configuration of the BelAir100T where the script will run:
/system# show phyinv Scripting Guidelines System Name: BelAir100T Type Class Serial number Assembly code BA order code BelAir100 triRadios BELAB0407 BELAIR100T_20-BC08 1TNYYXJ0KXX31-H Physical Inventory Table Slot Card type Version Serial number Assembly code 1 LPM 2.2.8 K002092633 B2CH082AA-B B08 2 BRM 3.2.1 K001362023 B2CC033AA-B B01 3 BRM 3.2.1 A000003408 B2CC033AA-B B01 Physical Interface Table Name Type Slot Card type Description wifi-1-1 Wifi 802.11 1 LPM LPMv2 4.9GHz 802.11a eth-1-1 Ethernet 1 LPM 1x100baseTx [Electrical: Single]
wifi-2-1 Wifi 802.11 2 BRM BRMv3 5GHz 802.11a wifi-3-1 Wifi 802.11 3 BRM BRMv3 5GHz 802.11a Physical Interface Script Example - Script The following is a listing of the script contents:
int-wifi-2.4GHz-1 set channel 11 set admin-state enabled show config int-stop int-wifi-4.9GHz-1 set channel 10 set admin-state disabled show config int-stop int-wifi-5GHz-1 set channel 155 set backhaul admin-state disabled show config int-stop int-wifi-5GHz-2 set channel 148 set backhaul admin-state disabled show config int-stop int-BELAIR100T_20-wifi-5GHz-1 show config int-stop int-BELAIR20-11-wifi-5GHz-1 October 11, 2011 Confidential Page 239 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines show config int-stop int-BELAIR100-wifi-1 show config int-stop The following shows the output generated by the script:
Physical Interface Script Example - Output Unknown interface ---> int-wifi-2.4GHz-1, skipping Interface stop
Interface int-wifi-4.9GHz-1 ---> /interface/wifi-1-1/ start
/# /interface/wifi-1-1/set channel 10
/# /interface/wifi-1-1/set admin-state disabled
/# /interface/wifi-1-1/show config Slot: 1, Card Type: lpm, revision: 2, Port: 1, Radio: LPMv2 4.9GHz 802.11a admin state: ................. Disabled frequency band: .............. 4900MHz SchemeA channel: ..................... 10 tx power: .................. 20.0 (dBm) bandwidth: ................. 10.0 (MHz) antenna gain: ................ 9.5 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:00:48:52 Interface stop
Interface int-wifi-5GHz-1 ---> /interface/wifi-2-1/ start
/# /interface/wifi-2-1/set channel 155
/# /interface/wifi-2-1/set backhaul admin-state disabled
/# /interface/wifi-2-1/show config Slot: 2, Card Type: brm, revision: 3, Port: 1, Radio: BRMv3 5GHz 802.11a admin state: ................. Enabled channel: ..................... 155 tx power: .................. 20.0 (dBm) tx-power-optimize: ......... Disabled antenna gain: ................ 10.5 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:00:44:49 Interface stop
Interface int-wifi-5GHz-2 ---> /interface/wifi-3-1/ start
/# /interface/wifi-3-1/set channel 148
/# /interface/wifi-3-1/set backhaul admin-state disabled October 11, 2011 Confidential Page 240 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines
/# /interface/wifi-3-1/show config Slot: 3, Card Type: brm, revision: 3, Port: 1, Radio: BRMv3 5GHz 802.11a admin state: ................. Enabled channel: ..................... 148 tx power: .................. 20.0 (dBm) tx-power-optimize: ......... Disabled antenna gain: ................ 10.5 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:00:c4:6b Interface stop
Interface int-BELAIR100T_20-wifi-5GHz-1 ---> /interface/wifi-2-1/ start
/# /interface/wifi-2-1/show config Slot: 2, Card Type: brm, revision: 3, Port: 1, Radio: BRMv3 5GHz 802.11a admin state: ................. Enabled channel: ..................... 155 tx power: .................. 20.0 (dBm) tx-power-optimize: ......... Disabled antenna gain: ................ 10.5 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:67:00:44:49 Interface stop
assembly code tag does not match Unknown interface ---> int-BELAIR20-11-wifi-5GHz-1, skipping Interface stop
Interface int-BELAIR100-wifi-1 ---> /interface/wifi-1-1/ start
/# /interface/wifi-1-1/show config Slot: 1, Card Type: lpm, revision: 2, Port: 1, Radio: LPMv2 4.9GHz 802.11a admin state: ................. Disabled frequency band: .............. 4900MHz SchemeA channel: ..................... 10 tx power: .................. 20.0 (dBm) bandwidth: ................. 10.0 (MHz) antenna gain: ................ 9.5 (dBi) link distance: ............... 1 (km) base radio MAC : ............. 00:0d:5e:36:88:ff Interface stop
October 11, 2011 Confidential Page 241 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Including a Reboot Command in a Script Scripting Guidelines Some BelAir node functions, such as Network Address Translation (NAT), require that you reboot the node after you configure them. If your script must include a reboot command, then your script must contain the declarations described in the following sections:
Reboot Declaration Summary on page 242 Reboot Declaration Specification on page 242 As well, this chapter contains a typical script as an example. Reboot Declaration Summary Table 19 summarizes the declarations required in your script if it needs to include a reboot command. Table 20: Script Declaration Summary for Reboot Command Script Declaration check-db-change-start Verifies and records whether the following commands change the nodes Description settings. check-db-change-stop Stops verifying whether commands change the nodes settings. For details, see Reboot Declaration Specification on page 242 int-db-change-start Used in conjunction with the previous check-db-change declarations. For details, see Reboot Declaration Specification on page 242 The int-db-change-start declaration instructs the node to execute the commands that follow if the nodes settings have changed. int-stop Terminates a command sequence associated with a previous declaration For details, see Reboot Declaration Specification on page 242 Reboot Declaration Specification If your script must include the reboot command, then your script must include the declarations described in this section. Caution!
Using the reboot command in an auto-configuration script without the correct declarations may cause the node to enter a continuous reboot loop. The declarations for using the reboot command in a script are an extension of those for specifying a physical interface in a script. See Specifying Physical Interfaces on page 237. October 11, 2011 Confidential Page 242 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines The declarations are:
check-db-change-start. This declaration verifies and records whether the following commands change the nodes settings. It ignores commands that change a setting to be the current setting. For example, if a physical interfaces administrative state is enabled, the set admin-state enabled command for that physical interface is ignored. check-db-change-stop. This declaration stops verifying whether commands change the nodes setting. int-db-change-start. This declaration is used with the previous check-db-change declarations. The int-db-change-start declaration instructs the node to execute the commands that follow if the nodes settings have changed. Typically, your script uses the declarations in the following sequence:
1 Use valid CLI commands and physical interface declarations as required. 2 Use the config-save command to save the changes to this point to the nodes database. 3 Include the check-db-change-start declaration. (Begin recording whether the following commands change the nodes settings.) 4 Use the CLI commands for the functionality that requires a reboot, for example /protocol/nat/set commands. 5 Include the check-db-change-stop declaration. (Stop recording whether the following commands change the nodes settings.) 6 Use more valid CLI commands and physical interface declarations as required. 7 At the end of the script, include the int-db-change-start declaration. 8 Use the config-save command to save any remaining changes to the nodes database. 9 Include the /system/reboot CLI command. 10 Include y. (Confirm the reboot.) 11 Include the int-stop declaration, as a terminator for the int-db-change-start declaration. The first time the auto-configuration script is run (during initial startup), the check-db-change-start and check-db-change-stop declarations record the fact that the NAT commands have changed NAT settings. The condition for the int-db-change-start declaration is therefore true. The config-save and reboot October 11, 2011 Confidential Page 243 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines commands at the end of the script are executed. The second time the auto-configuration script is run (during the second startup), the NAT commands do not change the NAT settings. Hence the condition for the int-db-change-start declaration is false, and the config-save and reboot commands at the end of the script are not executed. The following is a listing of a typical script:
Reboot Script Example int-wifi-2.4GHz-1 set channel 11 set admin-state enabled show config int-stop int-wifi-5GHz-1 set channel 155 set backhaul admin-state disabled show config config-save int-BELAIR-20 check-db-change-start
/protocol/nat/set scope 1 dhcp-server vlan 401 based-ip 45.89.233.0 lease-time 30
/protocol/nat/set scope 1 status enabled
/protocol/nat/set admin-state enabled check-db-change-stop int-stop int-db-change-start config-save
/system/reboot y int-stop Common BelAirOS Platform Assembly Codes This section lists the most common BelAirOS platform assembly codes that can be used when specifying a physical interface in a script. Additional assembly codes are possible. For details, contact your BelAir Networks representative. Table 21: Common BelAirOS Platform Assembly Codes Platform BelAir200-12 BelAir200-13 BelAir200-04 BelAir200-13R Assembly Code BELAIR200_12 BELAIR200_13 BELAIR200_04 BELAIR200_13R October 11, 2011 Confidential Page 244 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines Table 21: Common BelAirOS Platform Assembly Codes (Continued) Platform Assembly Code BelAir100-10 BelAir100-11 BelAir100M-10 BelAir100M-11 BelAir100T-12 BelAir100T-21 BelAir100T-12R BelAir100T-21R BelAir100S-10 BelAir100S-11 BelAir100N-10 BelAir100N-11 BelAir100N-10R BelAir100N-11R BelAir100SN-10 BelAir100SN-11 BelAir100SN-10R BelAir100SN-11R BELAIR100_10 BELAIR100_11 BELAIR100M_10 BELAIR100M_11 BELAIR100T_12 BELAIR100T_21 BELAIR100T_12R BELAIR100T_21R BELAIR100S_10 BELAIR100S_11 BA100N-10 BA100N-11 BA100N-10R BA100N-11R BA100SN-10 BA100SN-11 BA100SN-10R BA100SN-11R October 11, 2011 Confidential Page 245 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines Table 21: Common BelAirOS Platform Assembly Codes (Continued) Platform Assembly Code Common Radio Card Descriptions BelAir20-11 BELAIR20-11 This section lists the most common card descriptions for radios so you can specify a physical interface in a script. Additional card descriptions are possible. For details contact your BelAir Networks representative. Table 22: Common BelAirOS Radio Card Descriptions Card Description Notes ARMv3 ARMv3 2.4GHz 802.11b/g BRMv3 BRMv4 ERMv1 ERMv2 ERMv5 PSMv1 PSMv2 BRMv3 5GHz 802.11a BRMv4 5GHz 802.11a ERMv1 5GHz Multiband 802.11a ERMv2 5GHz 802.11a ERMv5 5GHz 802.11n PSMv1 4.9GHz 802.11a LPMv2 4.9GHz 802.11a WRMv1 WRMv1 2.3GHz 5MHz 802.16d WRMv2 WRMv2 2.5GHz 5MHz 802.16d WRMv3 WRMv3 2.5GHz 10MHz 802.16d MRMv1 HTMv1 MRMv1 4.4GHz 802.11n HTMv1 5GHz 802.11n HTMv1 2.4GHz 802.11n HTMEv1 HTMEv1 5GHz 802.11n HTMEv1 2.4GHz 802.11n 5-GHz radio 2.4-GHz radio 5-GHz radio 2.4-GHz radio October 11, 2011 Confidential Page 246 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Scripting Guidelines Table 22: Common BelAirOS Radio Card Descriptions (Continued) Card Description DRUv1 DRUv1 5GHz 802.11n DRUv1 2.4GHz 802.11n DRUv2 DRUv2 5GHz 802.11n DRUv3 DRUv4 DRUv2 2.4GHz 802.11n DRUv3 2.4GHz 802.11n DRUv4 5GHz 802.11n DRUv4 2.4GHz 802.11n DRUv5 DRUv5 5GHz 802.11n DRUv5 2.4GHz 802.11n DRUEv1 DRUEv1 5GHz 802.11n DRUEv1 2.4GHz 802.11n Notes 5-GHz radio 2.4-GHz radio 5-GHz radio 2.4-GHz radio 2.4-GHz radio 5-GHz radio 2.4-GHz radio 5-GHz radio 2.4-GHz radio 5-GHz radio 2.4-GHz radio Sample Universal The following script can be used to auto-configure at startup multiple types of BelAir platforms, such as the BelAir20, where each type of platform can have Auto-configuratio different types of radios such as 5-GHz 802.11a radios, 2.4-GHz 802.11g radios n Script and 2.4-GHz 802.11n radios.
/protocol/ip/set dhcp-accept dns-domain enable
/protocol/ip/set dhcp-accept dns-server enable
/protocol/ip/set dhcp-accept tftp-download enable
/protocol/ip/set dhcp-accept time-server dis
/protocol/ip/set dhcp-accept time-offset dis
/protocol/ip/set ip-addr-notification enabled
/protocol/te-syst/add tunnel 1 ip xxx.xxx.xxx.xxx name name1
/protocol/te-syst/set engine admin-state enabled
/protocol/snmp/set community 1 community-name commu1 ipaddr xxx.xxx.xxx.xxx privilege readonly
/protocol/snmp/set community 2 community-name commu2 ipaddr 0.0.0.0 privilege readwrite
/protocol/snmp/set community 3 community-name commu3 ipaddr xxx.xxx.xxx.xxx privilege readwrite
/protocol/snmp/set trap 1 mgr-addr xxx.xxx.xxx.xxx community commu1 version v2
/protocol/snmp/set trap 2 mgr-addr xxx.xxx.xxx.xxx community commu2 version v2
/protocol/snmp/set trap 3 mgr-addr xxx.xxx.xxx.xxx community commu2 version v2
/protocol/snmp/set trap 4 mgr-addr xxx.xxx.xxx.xxx community commu3 version v2
/protocol/sntp/set ip-address primary xxx.xxx.xxx.xxx
/protocol/sntp/set ip-address secondary xxx.xxx.xxx.xxx October 11, 2011 Confidential Page 247 of 267 Document Number BDTM02201-A01 Standard Scripting Guidelines BelAir20E User Guide
/protocol/sntp/set timeoffset -5
/protocol/sntp/set status enabled
#int-cm-1
#/card/cm-9/set attenuation downstream mode auto
#/card/cm-9/set attenuation upstream mode auto
#int-stop int-wifi-5Ghz-1 set qos wmm enabled set qos mapping both set rts-cts 2347 set backhaul admin-state disabled set admin-state enabled int-stop int-wifi-5Ghz 802.11n-1 set tx-power 17 set antenna-gain 8 set mimo-mode 2x2 set channel 149 set arp-filter enable set max-num-clients 50 set dhcp unicast enable set ap-oos enable set deauth dos defense disabled set ssid 2 service-set-identifier dummy broadcast vlan none set ssid 1 service-set-identifier superwifi broadcast vlan 801 set ssid 1 wireless-bridge disabled set ssid 1 privacy none set ssid 1 group-address-filter ipv4 set ssid 1 secure-port disabled set ssid 1 admin-state enabled set ssid 2 service-set-identifier optimumwifi broadcast vlan 800 set ssid 2 wireless-bridge disabled set ssid 2 privacy none set ssid 2 group-address-filter ipv4 set ssid 2 secure-port disabled set ssid 2 admin-state enabled set ssid 3 service-set-identifier maxwifi broadcast vlan 832 set ssid 3 wireless-bridge disabled set ssid 3 privacy none set ssid 3 group-address-filter ipv4 set ssid 3 secure-port disabled set ssid 3 admin-state enabled int-stop int-BELAIR20-11-wifi-5Ghz-1 set tx-power 18 set antenna gain 5 set mimo-mode 3x3 set channel 149 int-stop int-wifi-5Ghz 802.11a-1 set ap admin-state disabled October 11, 2011 Confidential Page 248 of 267 Document Number BDTM02201-A01 Standard Scripting Guidelines BelAir20E User Guide set admin-state enabled int-stop int-wifi-2.4Ghz-1 set qos wmm enabled set qos mapping both set rts-cts 2347 set ssid 2 service-set-identifier dummy broadcast vlan none set ssid 1 service-set-identifier superwifi broadcast vlan 201 set ssid 1 wireless-bridge disabled set ssid 1 privacy none set ssid 1 group-address-filter ipv4 set ssid 1 secure-port disabled set ssid 1 admin-state enabled set ssid 2 service-set-identifier ultrawifi broadcast vlan 200 set ssid 2 wireless-bridge disabled set ssid 2 privacy none set ssid 2 group-address-filter ipv4 set ssid 2 secure-port disabled set ssid 2 admin-state enabled set ssid 3 service-set-identifier maxwifi broadcast vlan 245 set ssid 3 wireless-bridge disabled set ssid 3 privacy none set ssid 3 group-address-filter ipv4 set ssid 3 secure-port disabled set ssid 3 admin-state enabled set backhaul admin-state disabled set admin-state enabled int-stop int-wifi-2.4Ghz 802.11n-1 set channel auto set tx-power 23 set antenna-gain 8 set mimo-mode 2x2 set arp-filter enable set max-num-clients 50 set dhcp unicast enable set ap-oos enable set deauth dos defense disabled int-stop int-BELAIR20-11-wifi-2.4Ghz-1 set tx-power 20 set antenna gain 5 set mimo-mode 3x3 int-stop int-wifi-2.4Ghz 802.11b/g-1 set qos schedule edca set tx-power 27 set antenna-gain 8 set profile mixed_b_g int-stop
/system/add egress vlan untagged October 11, 2011 Confidential Page 249 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide
/interface/eth-1-1/add vlan untagged
/protocol/te-syst/map vlan 200 to 1
/protocol/te-syst/map vlan 201 to 1
/protocol/te-syst/map vlan 245 to 1
/protocol/te-syst/limit tunnel 1 bandwidth transmit 1500000 receive 1500000
/protocol/te-syst/set tunnel 1 bandwidth-limit upstream 1500000 downstream 1500000 config-save Scripting Guidelines October 11, 2011 Confidential Page 250 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Appendix D: BelAir20E Factory Defaults BelAir20E Factory Defaults You can reset the configuration of a BelAir20E to the factory default settings by using a CLI command or by pressing the units reset button. Typically, you would reset to factory defaults only when all other methods of changing the units configuration have failed. The reset button is used when there is no way of communicating to the unit. If you are logged in as root and have access to system commands, you can reset the unit to the factory defaults. By performing the following procedure, all local configuration data will be replaced by default factory settings. You will not be able to recover any local configuration data. Resetting to Factory Defaults with a CLI Command CAUTION!
CAUTION!
You may not able to reestablish connectivity to a remotely located unit after you execute this procedure. Use the following command sequence:
cd /system syscmd restoreDefaultConfig reboot Note: The parameters of the syscmd command are case sensitive. To perform this procedure, you need physical access to the unit. By performing the following procedure, all local configuration data will be replaced by default factory settings. You will not be able to recover any local configuration data. Resetting to Factory Defaults with the Reset Button CAUTION!
October 11, 2011 Confidential Page 251 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir20E Factory Defaults To reset the BelAir20E configuration to factory defaults, do the following steps:
1 Access the BelAir20E rear panel. You may need to detach it from its mounting bracket. 2 With a pen tip or paperclip, gently press the units reset button for more than 5 seconds. Refer to Figure 15. Figure 15: BelAir20E Rear Panel with Reset Button Reset (Hole) 3 If necessary, re-attach the BelAir20E to its mounting bracket. October 11, 2011 Confidential Page 252 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Detailed Table of Contents About This Document . 3 Typographical Conventions . 3 Related Documentation . 3 System Overview . 4 Hardware Description . 4 BelAir20E Configuration Interfaces . 6 Command Line Interface . 6 SNMP Interface . 6 Integrating the BelAir20E with a Pre-deployed NMS . 7 Web Interface . 9 Accessing the Web Interface . 9 Accessing the System Page with Secure HTTP or with HTTP .9 Stopping a Session . 11 Additional Troubleshooting Tools . 11 Command Line Interface Basics . 12 Connecting to the BelAir20E . 12 Starting a CLI Session . 12 Command Modes . 14 Abbreviating Commands . 18 Command History . 18 Special CLI Keys . 19 Help Command . 19 Saving your Changes . 21 Saving the Configuration Database . 21 Restoring the Configuration Database . 22 Common CLI Commands . 23 Terminating your CLI Session . 23 Changing Your Password . 23 Clearing the Console Display . 23 October 11, 2011 Confidential Page 253 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Locking the Console Display . 23 Displaying the Current Software Version . 23 Displaying the Current Date and Time . 24 Displaying Current User . 24 Switching User Accounts . 24 Replacing a Token by a String . 24 Pinging a Host or Switch . 25 Starting a Telnet Session . 25 Radio Configuration Summary . 25 BelAir20E Access Methods. 27 SNMP Configuration Guidelines . 27 SNMPv1/v2 Servers . 27 SNMPv3 Servers . 27 SNMP Naming Restrictions . 27 SNMP Command Reference . 28 SNMP Agent . 28 SNMP Configuration . 28 Communities . 29 Traps . 29 Users . 30 Notifications . 30 Authentication Traps . 31 Engine Identifier . 32 Telnet . 32 HTTP . 32 Secure HTTP . 32 SSH . 32 SSH Access . 32 SSL . 32 Displaying Server Certificate . 32 Configuring the Server Certificate . 33 Creating RSA Key Pair . 33 Creating Certificate Request . 33 Configuring the Server Certificate . 33 October 11, 2011 Confidential Page 254 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Saving an SSL Configuration . 33 User and Session Administration . 35 User Privilege Levels . 35 User Accounts . 38 Configuring Authentication for User Accounts . 39 Authentication Mode . 39 RADIUS Servers . 40 CLI and Web Sessions . 41 Session Management . 41 Configuring the Session Timeout Interval . 42 CLI Prompt Customization . 42 IP Settings . 44 Displaying IP Parameters . 44 Configuring IP Parameters . 45 Configuring Dynamic IP Addressing . 45 Renewing the IP Address . 46 Auto-IP . 46 Setting a Static IP Address and Subnet Mask . 47 Static IP Routes . 47 Configuring the Domain Name System Lookup Service . 48 Configuring IP Address Notification . 48 System Settings . 49 Country of Operation . 49 System Identification Parameters . 50 Custom Fields . 50 Configuring the System Date and Time . 51 Manual Date and Time Configuration . 51 Managing an SNTP Server . 52 GPS Coordinates . 53 LED Control . 53 Find Me Function . 53 LED Enable or Disable . 53 October 11, 2011 Confidential Page 255 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Setting the Network Egress Point . 54 Limiting Broadcast Packets . 54 Displaying Unit Inventory Information . 55 Defining a Maintenance Window . 55 Displaying System Up Time . 55 Displaying the Running Configuration . 56 Restarting the Node . 56 Creating and Using Script Files . 56 Enabling or Disabling Session Logging . 56 BelAir20E Auto-configuration . 58 DHCP Options . 58 Pre-requisites . 60 Configuring and Using DHCP Options . 60 Accepting Specific DHCP Parameters . 60 DNS . 61 Configuration Download Profile . 62 Pre-requisites . 62 Using a Configuration Download Profile . 62 Ethernet or LAN Interface Settings . 64 Managing the Ethernet or LAN Interface Settings . 64 Managing Egress Node Traffic . 64 VLAN Conversion . 65 VLAN Filtering . 65 Card Settings. 67 Determining which Cards are in a Node . 67 Displaying Card Information . 68 Displaying the Card Physical Data . 68 Displaying the Card Physical Interfaces . 68 Displaying the Card CPU and Memory Usage . 69 Card Administrative State . 70 Restarting a Card . 70 October 11, 2011 Confidential Page 256 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Wi-Fi Radio Configuration Overview . 71 Available Wi-Fi Radios . 71 Configuration Process . 71 Configuring Wi-Fi Radio Parameters . 72 Displaying Wi-Fi Radio Configuration . 73 Displaying Configuration Options . 74 Operating Channel . 74 Antenna Gain . 76 Transmit Power Level . 76 Link Distance . 77 Dynamic Frequency Selection . 77 Collision Aware Rate Adaptation . 78 Rate Aware Fairness . 78 802.11n Aggregation . 78 Minimum Receive Threshold . 78 Changing Wi-Fi Interface Admin State . 79 Configuring Wi-Fi Access Point Parameters . 80 Displaying AP Configuration . 81 AP Custom Rates . 81 Displaying Associated Wireless Clients . 83 Displaying Wireless Client Details . 85 Disconnecting a Wireless Client . 85 Wireless Client Load Balancing . 85 Configuring RTS-CTS Handshaking . 86 Specifying the Beacon Period . 86 Displaying Client Association Records . 87 Changing AP Admin State . 88 AP Service Set Identifiers . 88 Displaying the SSID Table . 89 Displaying SSID Details . 90 Default Management SSID . 90 Configuring SSIDs . 91 October 11, 2011 Confidential Page 257 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Upstream User Priority Marking . 92 Setting Traffic Limits . 93 Providing Vendor Specific Information . 93 Changing SSID Admin State . 94 Out-of-service Advertising . 95 Filtering Broadcast and Multicast Packets . 96 Broadcast to Unicast Packet Conversion . 96 Limiting Upload and Download Rates . 97 ARP Filtering . 97 ARP to Unicast Conversion . 98 802.11b Protection . 98 Wi-Fi AP Security . 100 Security Options for Wireless Clients . 100 RADIUS Servers for Wireless Clients . 101 Managing RADIUS Servers . 104 Changing RADIUS Server Admin State . 105 Assigning SSIDs to RADIUS Servers . 105 RADIUS Pre-authentication . 105 RADIUS Assigned VLAN . 106 RADIUS Accounting . 106 Client Authentication and De-authentication Trap . 107 AP Privacy . 107 Wireless Client Blacklist . 109 Wireless Client Access Control List . 109 Controlling Inter-client Communication . 110 Determining the MAC Address of the Internet gateway . 111 Disabling or Enabling AP Wireless Bridging . 111 Disabling Inter-AP Wireless Client Communication . 111 Secure MAC White List . 111 AP Secure Port Mode . 112 Auto-secure Gateway . 113 Protecting against Denial of Service Attacks . 113 Deauthentication DoS . 114 October 11, 2011 Confidential Page 258 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Wi-Fi Backhaul Link Configuration . 115 Displaying Backhaul Link Configuration . 115 Configuring Backhaul Link Identifier, Topology and Privacy . 116 Managing MP-to-MP Meshes . 118 Displaying the Mesh Topology . 118 Setting a Link RSSI Threshold . 119 Managing the Mesh Blacklist . 120 Mesh Auto-connections . 120 Managing Mesh Auto-connections . 121 Egress Protection . 122 Changing Backhaul Link Admin State . 122 Mobile Backhaul Mesh . 123 Configuring Mobile Backhaul Mesh Links . 124 Displaying Mobility Configuration and Status . 124 Configuring MIMO Operation for Mobile Applications . 125 Configuring and Enabling Mobile Backhaul Mesh Links . 125 Mobile Backhaul Point-to-point Links . 127 Scanning Process . 128 Sample Subscriber Station Configuration . 128 Sample Base Station Configuration . 130 Mobile Backhaul Point-to-point Commands . 132 Displaying Mobile Backhaul Point-to-point Configuration . 132 Displaying Link Status . 132 Displaying Scan Results . 133 Managing Interfaces . 133 Managing the Scan List . 134 Associating a Scan List to an Interface . 134 Configuring RSSI Threshold . 134 Primary Link Drop . 135 Mobile Link Identifier . 135 Home Check . 135 Base Station Out-of-service Check . 135 October 11, 2011 Confidential Page 259 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Release 7 Compatibility . 136 Single Channel Mesh . 136 Operating in High Capacity and Interference Environments. 138 Modulation Rate Control . 139 VLAN based QOS . 139 Traffic Priority Based on Modulation Rate . 140 No SSID on Egress Down . 140 Ethernet Port Statistics . 140 Access Receive and Transmit Error Statistics with SNMP Support .141 Noise Floor Support . 141 Access Packet RSSI Filter . 141 Effective Mesh Path Selection . 141 Blacklist SNMP Support . 141 Client Association Records . 142 CTS-to-Self Control . 142 DHCP to Attached Clients Only . 142 ARP to Attached Clients Only . 142 Upstream Broadcast Filter . 142 Secure Port Mode . 143 Wireless Bridging . 143 Client Load Balancing . 143 Client Authentication History . 144 Automatic Mesh Connect . 144 Traffic Test Tool . 144 DHCP Relay Settings . 145 Displaying the DHCP Relay Configuration . 145 Modifying DHCP Relay Parameters . 146 Interface Administrative State . 147 Assigning SSID Traffic to Use DHCP Relay . 147 DHCP Address Filtering . 147 Network Address Translation . 149 Displaying the Operational Status . 150 October 11, 2011 Confidential Page 260 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Displaying the Current DHCP Lease Status . 150 Displaying the DHCP Lease History . 150 Configuring Network Address Translation . 151 Preventing Node Management from within the Scope . 151 Enabling or Disabling Individual Scopes . 152 Changing NAT Admin State . 152 Managing Nodes in a NAT Cluster . 152 Mac Address to IP Address Mapping . 152 Port Forwarding . 152 Universal Access Method . 154 Displaying the Current Configuration . 156 Displaying the Operational Status . 156 Displaying the Client Session Information . 157 Specifying the Web Server . 158 Specifying Redirection Variable Pairs . 159 Specifying the RADIUS Server . 159 Managing White List Entries . 159 Associating VLAN Traffic to a Scope . 160 Performing MAC Address Authentication . 160 Collecting Accounting Information . 161 Operating in WAN Mode . 162 Changing UAM Admin State . 162 Using Layer 2 Tunnels . 163 Configuring the BelAir Node for Layer 2 Tunneling . 164 Displaying Tunnel Configuration and Status . 165 Starting and Stopping Layer 2 Tunneling . 166 Configuring Layer 2 Tunnels . 166 Setting Tunnel Engine Parameters . 167 Configuring Tunnel Advanced Parameters . 168 Enabling Backhaul Protection for Tunnels . 169 Bandwidth Limits . 169 Configuring Tunnels for the RedBack SmartEdge Router . 170 Configuring Tunnels for a Router using GRE . 172 October 11, 2011 Confidential Page 261 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Configuring Tunnels for PMIP Implementations . 173 Mapping User Traffic . 174 Configuring Authentication . 174 Configuring a Tunnel Group Name . 175 Relaying Traffic QOS Settings . 175 Setting the Tunnel Down Alarm Threshold . 175 Configuring the Network Central Router for Layer 2 Tunneling . 176 Quality of Service Settings . 177 System QoS . 177 Prioritization . 177 Prioritizing Traffic Based on User Priority Bits . 178 Prioritizing Traffic using VLAN IDs . 178 Resetting the QoS Configuration . 179 Displaying a Summary of System QoS Settings . 179 Displaying the Prioritization Settings . 180 Radio QoS . 180 Displaying a Summary of Radio QoS Settings . 180 Enabling or Disabling Wireless Multi-media . 181 QoS Mapping Scheme . 181 Unscheduled Automatic Power-save Delivery . 182 Layer 2 Network Configuration. 183 Spanning Tree Protocol Overview . 183 Configuring Spanning Tree Priority . 184 Configuring Other Spanning Tree Parameters . 185 RSTP Commands . 186 Displaying the RSTP Configuration Settings . 186 Displaying the RSTP Topology Information . 188 Displaying RSTP Port Roles and States . 191 Configuring the Bridge Aging Time . 192 RSTP Priority . 192 RSTP Version . 192 Transmit Hold Count . 192 Max Age, Hello Time and Forward Delay . 193 October 11, 2011 Confidential Page 262 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents RSTP Link Priority . 193 RSTP Static Path Cost . 194 Dynamic Path Cost . 194 RSTP Protocol Migration on an Interface . 195 RSTP Edge Port Status . 195 RSTP Point-To-Point Status of an Interface . 196 Interface RSTP Configuration . 196 Changing RSTP Admin State . 196 Performing a Software Upgrade. 197 Upgrade Process Overview . 197 Downloading a New Software Load . 199 Canceling a Software Upgrade . 200 Verifying a Successful Download . 201 Activating a Software Load . 201 Committing a New Software Load . 202 Backing Out from a Software Upgrade . 203 Displaying the Status of the Software Upgrade . 204 Clearing the Upgrade Failure Alarm . 204 Auto-upgrade . 204 For More Information. 205 Installation Guide . 205 User Guide . 205 Troubleshooting Guide . 206 Technical Support. 207 Support Resources . 207 Warranty and Limitations . 207 Definitions and Acronyms . 208 Conformity and Regulatory Statements. 210 Regulatory Information and Disclaimers . 210 Manufacturers US Federal Communication Commission Conformity October 11, 2011 Confidential Page 263 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Statement . 211 FCC Interference Statement . 211 Manufacturers Industry Canada Conformity Statement . 212 Manufacturers European Community Conformity Statement . 213 Declaration of Conformity for RF Exposure . 216 Product Disposal . 216 Appendix A: Node Configuration Sheets . 221 Appendix B: Mesh Auto-connection Example . 224 Setup and Initial Conditions . 224 Fault Conditions . 228 Recovery Conditions . 231 Appendix C: Scripting Guidelines . 234 General Scripting Guidelines . 234 Overview . 234 Creating a BelAirOS Script . 234 Manually Transferring Files to and from a BelAir Node . 235 Managing and Manually Running Script Files . 236 Specifying Physical Interfaces . 237 Physical Interface Declaration Summary . 237 Physical Interface Declaration Specifications . 238 Physical Interface Script Example - Setup . 239 Physical Interface Script Example - Script . 239 Physical Interface Script Example - Output . 240 Including a Reboot Command in a Script . 242 Reboot Declaration Summary . 242 Reboot Declaration Specification . 242 Reboot Script Example . 244 Common BelAirOS Platform Assembly Codes . 244 Common Radio Card Descriptions . 246 Sample Universal Auto-configuration Script . 247 Appendix D: BelAir20E Factory Defaults . 251 October 11, 2011 Confidential Page 264 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Resetting to Factory Defaults with a CLI Command . 251 Resetting to Factory Defaults with the Reset Button . 251 Detailed Table of Contents . 253 List of Figures Figure 1: BelAir20E Hardware Module Block Diagram . 5 Figure 2: Typical Login Page . 10 Figure 3: Typical Web Interface Main Page . 10 Figure 4: Sample Output of mode Command . 15 Figure 5: Client Record Detail Example . 88 Figure 6: Mobile Backhaul Links Connecting Vehicle Cameras to Roadside Net-
work . 123 Figure 7: Wireless Mobility using L2TP. 163 Figure 8: Active and Standby Software Loads . 198 Figure 9: Software Upgrade Step 3 - Downloading the New Software Load 200 Figure 10: Software Upgrade Step 7 - Commit the Software Load . 202 Figure 11: Backing Out from an Uncommitted Software Upgrade . 203 Figure 12: Auto-connection Initial Conditions . 224 Figure 13: Auto-connection and Fault Conditions . 229 Figure 14: Auto-connection after Recovery before Revert . 233 Figure 15: BelAir20E Rear Panel with Reset Button . 252 List of Tables Table 1: Product Name Synonyms . 3 Table 2: Standard SNMP MIBs. 7 Table 3: BelAir Enterprise MIBs . 8 Table 4: Command Line Interface Modes . 16 Table 5: Super-user commands . 35 Table 6: Physical Interface Parameter Settings . 67 Table 7: BelAir Wi-Fi Radio Summary . 71 Table 8: Auth Field Value Descriptions. 83 Table 9: DHCP Field Value Descriptions . 83 Table 10: RADIUS Attributes . 102 Table 11: Wi-Fi Backhaul Configuration Requirements . 117 Table 12: Attributes for UAM Client Access Policy Enforcement. 154 Table 13: Traffic Priority Queues . 177 October 11, 2011 Confidential Page 265 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide Detailed Table of Contents Table 14: User Priority Value to Priority Queue Processing . 178 Table 15: UP and DSCP Value to Priority Queue Processing . 181 Table 16: Configurable Spanning Tree Timers and Associated Parameters .185 Table 17: European Community Conformity Statement . 213 Table 18: AP Privacy Setting Table (Optional) . 222 Table 19: BelAir Script Declaration Summary . 237 Table 20: Script Declaration Summary for Reboot Command . 242 Table 21: Common BelAirOS Platform Assembly Codes . 244 Table 22: Common BelAirOS Radio Card Descriptions . 246 October 11, 2011 Confidential Page 266 of 267 Document Number BDTM02201-A01 Standard BelAir20E User Guide BelAir Networks Inc. 603 March Road Kanata, Ontario Canada K2K 2M5 1-877-BelAir1 (235-2471) 613-254-7070 October 11, 2011 General Information info@belairnetworks.com Sales sales@belairnetworks.com Visit us on the web at:
www.belairnetworks.com Technical Support techsupport@belairnetworks.com Document Number BDTM02201-A01 Standard Confidential Page 267 of 267 267
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2011-10-12 | 5180 ~ 5240 | NII - Unlicensed National Information Infrastructure TX | Original Equipment |
2 | 5745 ~ 5825 | DTS - Digital Transmission System |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 2 | Effective |
2011-10-12
|
||||
1 2 | Applicant's complete, legal business name |
Ericsson Wi-Fi
|
||||
1 2 | FCC Registration Number (FRN) |
0022616338
|
||||
1 2 | Physical Address |
6300 Legacy Drive
|
||||
1 2 |
Plano, Texas 75024
|
|||||
1 2 |
United States
|
|||||
app s | TCB Information | |||||
1 2 | TCB Application Email Address |
c******@curtis-straus.com
|
||||
1 2 | TCB Scope |
A4: UNII devices & low power transmitters using spread spectrum techniques
|
||||
app s | FCC ID | |||||
1 2 | Grantee Code |
RAR
|
||||
1 2 | Equipment Product Code |
40005001
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 2 | Name |
R**** A**** S****
|
||||
1 2 | Title |
R&D Wi-Fi Products
|
||||
1 2 | Telephone Number |
(613)********
|
||||
1 2 | Fax Number |
(613)********
|
||||
1 2 |
r******@ericsson.com
|
|||||
app s | Technical Contact | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
G****** C******
|
||||
1 2 | Physical Address |
No. 19, Hwa Ya 2nd Rd., Kwei Shan Hsiang
|
||||
1 2 |
Taoyuan Hsien, 333
|
|||||
1 2 |
Taiwan
|
|||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
g******@tw.bureauveritas.com
|
|||||
app s | Non Technical Contact | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
N******** C********
|
||||
1 2 | Physical Address |
No. 19, Hwa Ya 2nd Rd., Kwei Shan Hsiang
|
||||
1 2 |
Taoyuan Hsien, 333
|
|||||
1 2 |
Taiwan
|
|||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
n******@tw.bureauveritas.com
|
|||||
app s | Confidentiality (long or short term) | |||||
1 2 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | Yes | ||||
1 2 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 2 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 2 | Equipment Class | NII - Unlicensed National Information Infrastructure TX | ||||
1 2 | DTS - Digital Transmission System | |||||
1 2 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | 802.11n dual-band WIFI router | ||||
1 2 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 2 | Modular Equipment Type | Does not apply | ||||
1 2 | Purpose / Application is for | Original Equipment | ||||
1 2 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | Yes | ||||
1 2 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 2 | Grant Comments | Power listed is the maximum combined conducted output power. End-users and responsible parties must be provided with operating and installation instructions to ensure RF exposure compliance. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 25 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. Operations in the 5.15-5.25GHz band are restricted to indoor usage only. | ||||
1 2 | Power listed is the maximum combined conducted output power. End-users and responsible parties must be provided with operating and installation instructions to ensure RF exposure compliance. The antenna(s) used for this transmitter must be installed to provide a separation distance of at least 25 cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. | |||||
1 2 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 2 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 2 | Firm Name |
Bureau Veritas CPS (H.K.) Ltd. Taoyuan Branch
|
||||
1 2 | Name |
R****** C******
|
||||
1 2 | Telephone Number |
886-3******** Extension:
|
||||
1 2 | Fax Number |
886-3********
|
||||
1 2 |
r******@tw.bureauveritas.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15E | CC MO | 5180.00000000 | 5240.00000000 | 0.0340000 | |||||||||||||||||||||||||||||||||||
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
2 | 1 | 15C | CC MO | 2412 | 2462 | 0.873 | |||||||||||||||||||||||||||||||||||
2 | 2 | 15C | CC MO | 5745 | 5825 | 0.584 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC