http:// 802.11b access point and device point technical training

http://www.axis.com

802.11b Access Point and Device PointTechnical training

Agenda

Marketing information

System Overview

WLAN Technology

Security

802.11b Access point

802.11b Device Point

Hands on Training

Marketing information (not yet)

System Overview

System Overview

The 802.11b Access Point is connected on the main network.

The Camera is connected to the 802.11b Device Point.

System Overview

Access Point

Wired N

etwork

Device Point

Internet Device Point

Device Point

*Today only one device can be connected to the Device Point through the network interface but in next SW-release will contain multiple device support. This is not a big issue in our customers cases. Our customers will probably only connect one camera to each Device Point.

Future overview

Future overview

Access Point

Wired N

etwork

Device Point

Wired N

etwork

Internet

Multi-Client Support

(will be available)

Device Point

How to connect the 802.11b Access Point

Connect the 802.11b Access Point on the main network.

Configure the 802.11b Access Point from a computer on the main network (Smart AP utility)

Configure the network parameters and the Security-settings.

How to connect the Camera to the 802.11b Device Point

Use a cross over connected UTP Ethernet cable to connect the Camera Server to the Device Point.

The 802.11b Device Point is a bridge (converter) between cabled Ethernet and wireless Ethernet (IEEE 802.11b).

Today only one camera can be connected to each Device Point.

Wireless LAN Technologies Overview

Channel─ The medium use for passing data in specific frequency, such as 2.4GHz.

BSS (Basic Service Set): The conceptual area within which members of a basic service set may communicate Infrastructure mode

ESS (Extended Service Set): A set of one or more interconnected BSSs and integrated WLANs. Infrastructure mode

IBSS (Independent BSS)─ Ad-Hoc modeAuthentication

Association Wired Equivalent Privacy (WEP) Wireless Distribution System (WDS)

The whole interconnected Wireless LAN, including the different cells, their respective Access Points and the Distribution System

Network Definitions

Infrastructure-BSS

BSS/ESS uses infrastructure mode.

Wired Network

Access Point

Client

Basic Service Set – single cell

Infrastructure-ESS

Wired NetworkAccess Point

Client

Access Point

Client

Ad-Hoc (IBSS)

IBSS uses Ad-Hoc mode

How to Join the Infrastructure Network

Wired Network

Access Point

Client

ID : SanDisk1

Channel 7

Open system

w/o WEP

Searching

Auth.

Assoc.

Connected

ΘΞΠ

ΘΞΠ

ΘΞΠ

Synchronization Searching target wireless networks

Active Scanning (STA probes a frame) Passive Scanning (STA waits for a Beacon) – XI-815

The Authentication Process To get authenticated from the target wireless network

The Association Process A state where a client is allowed to pass data through an AP

Additional Authentication(802.1x) Exchange the ID & Password with RADIUS server

How to Join Infrastructure Network

Roaming

Inter-cell Roaming

The Unlicensed Radio Frequency Spectrum

5.15-5.35

5.725-5.825GHz

IEEE 802.11a

HiperLAN/2

Physical Layer

802.11a 802.11g 802.11b

Standard Approved

September 1999 September 1999 September 1999

Available Bandwidth

300MHz 83.5MHz 83.5MHz

Unlicensed Frequencies of

Operation

5.15-5.35GHz

5.725-5.825GHz

2.4-2.4835GHz 2.4-2.4835GHz

Number of Non-overlapping Channels

4(Indoor)

4(Indoor/Outdoor)

4(Indoor/Outdoor)

3(Indoor/Outdoor) 3(Indoor/Outdoor)

Data Rate Per Channel

6,9,12,18,24,36,48,54Mbps

1,2,5.5,11

6,9,12,18,22,24,33,36,48,54Mbps

1,2,5.5,11Mbps

Modulation OFDM DSSS,OFDM

PBCC(O),CCK-OFDM(O)

DSSS

CCK

Channel Plan – 802.11/11b/11g

2.412

2.437

2.462

Non-overlapping channels

Channel Spacing (5MHz)

111

11

116

66

1

1 1

11

1

11

6

1111

6

6

1

13

3

32

22

1

1 1

11

1

3

2

33

2

2

Channel Plan : {1,6,11} or {…}Hidden notes interfere

Co-Channel Interference

Sources of interference in 2.4GHz band Main Source: consumer microwave ovens – Spread Spectrum Receiver design allows narrowband interference – Rate reduction allows even more robust operation Other radios – RFID tag ( radio frequency ID tag ) – Generally, various systems , such as FHSS and DSSS in the 2.4GHz and will interfere with each other All FHSS systems will interfere with each other to some extent Bluetooth, IEEE802.11 and Home RF are currently imcompatible and

will interfere IEEE802.11 and Home RF interoperability is currently being evaluated

by Home RF working group

Robust for Interference

Security

Why Security is so important?

Privacy Preventing Unauthorized Access

Information security (read only/fully authorized)

Preventing Attacks Virus

Personal Security Policy Networking Security Policy

Tunnel Firewall

How to protect your network?

Use virus protection software Use firewall Set up personal and group firewall. Do not open unknown email attachments Do not run programs of unknown origin Disable hidden filename extensions Keep all applications (including your operating system) patched Turn off your computer or disconnect from the network when not in

use Disable Java, JavaScript, and ActiveX if possible Disable scripting features in email programs Make regular backups of critical data Make a boot disk in case your computer is damaged or

compromised

SSID (Wireless network name)

Authentication

Open system

Share Key

MAC address Control

WEP-keys

Security in the 802.11b

However…

Wireless Network Vulnerability

2.4GHz radio signal and unlicensed band

Broadcasting all the time WEP Encryption has been broken by certain

means, it is not secure any more. Authentication process is not strong enough since

WEP encryption has been defeated.

Recommendation 1

More secure with WEP on than with WEP off. The wireless link between the AP and client is only one

small part of a secure network. Large companies should implement end-to-end security

VPN, RADIUS, IEEE 802.1x Home and small business can take several measures to

improve security until a solution is available

Recommendation 2

Turn WEP on and manage your WEP key by changing the default key

Changing the WEP key, daily to weekly. Password protect drives and folders. Change the default SSID (Wireless Network Name). Use MAC address control. Use a VPN system. Though it would require a VPN server,

the VPN client is already included in many operating systems such as Windows 98 Second Edition, Windows 2000 and Windows XP.

802.11b Access Point

Solution

Atmel (Z-Com)

Power Supply- 5V

LAN Port One 10Base RJ-45 LAN port – a cross Ethernet cable is included

Antenna Design One Dipole and one PIFA

Hardware Overview

PWR Yellow Power enabled

WLAN Yellow

Flashing: Wireless LAN traffic activity

LAN Yellow

Off: No Ethernet traffic activity

Flashing: Wired LAN traffic activity

On: Connect to the Ethernet.

Led Status

Off: No Wireless LAN activity

Feature Highlights

AP Operation ModesAP Operation Modes AP AP RepeaterRepeater AP with RepeatingAP with Repeating

Configuration Management Web-based and Windows-based

configuration SNMP MIBII support

AP with Repeating

AP with Repeating

Wired Network

AP with Repeating

AP with Repeating

Wired Network The AP is capable of performing AP and Wireless Bridge function at the

same time. Same channel is required for all bridges.

AP / Repeater only

AP with Repeating

Wired Network

Wired Network

Repeater BridgeWhile using a wireless bridge in this configuration has the advantage of extending the link, it has the disadvantage of decreased throughput due to having to repeat all frames using the same half duplex radio. Same channel is required for all bridges.

Bridge

(repeater)

Bridge

(repeater)

Standard:Standard:

Wi-Fi Compliant (not certified)Wi-Fi Compliant (not certified)

SecuritySecurity

WEP encryption up to 128-bitsWEP encryption up to 128-bits

MAC Filtering (up to 128 wireless nodes)MAC Filtering (up to 128 wireless nodes)

Hidden Access PointHidden Access Point

Feature Highlights (Cont.)

What security means does 802.11b Access Point provide? (I)

WEP 40bit encryption

Alphanumeric: 5 characters Hexadecimal: 10 hexadecimal digits

128bit encryption Alphanumeric: 13 characters Hexadecimal: 26 hexadecimal digits

What security means does 802.11b Access Point provide? (II)

MAC Access Control Enable MAC access control

Click “Add” to enter MAC addresses

Click “Apply”

Only the client with the MAC address that is listed on the table is allowed to associate with the Access Point

At most 128 clients

What security means does 802.11b Access Point provide? (III)

Enable Security and select “Hide Access Point” to make AP invisible for AP browsing engaged by stations.

If stations get the correct SSID, stations still can connect to AP by assigning SSID manually.

802.11b Access Point Management/Configuration

How to configure the 802.11b Access Point

Via Web-based utility

Via Windows-based utility

Windows-Based Utility

Password: default

By installing and using Wireless Access Point

Utility in Any PC on the local network,

you may then access and

configure the Wireless

Station Adapter Anywhere

on the local network.

Windows-Based Utility - Info

Shows the Current

Information of the Wireless

Station Adapter, including

ESSID, AP name, Channel, Mode, SNMP, DHCP Client,

IP address, subnetmask and

default gateway.

Windows-Based Utility – Parameter Setup

Configurable parameters

includes ESSID, AP name, Channel, Mode, SNMP, DHCP Client, IP address subnetmask, default gateway and password.

Windows-Based Utility – Security

To prevent unauthorized

wireless stations from

accessing data transmitted

over the network, the

Wireless LAN Micro Access Point offers security

Options such as WEP, MAC Access Control as well as Hide AP Access.

Windows-Based Utility – WEP

For 40-bit WEPASCII: 5 characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (e.g. MyKey) Hex: 10 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (e.g. 11AA22BB33) Passphrase: click Generate to generate WEP keys automatically.

For 128-bit WEPASCII: 13 characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (e.g. MyKey12345678) Hex: 26 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (e.g. 00112233445566778899AABBCC)Passphrase : click Generate to generate WEP keys automatically.

Windows-Based Utility – MAC Access Control

With the Access Control Table enabled, you can authorize wireless units to access the Access Point by identifying the MAC address of the wireless devices that are allowed access to transmit data.

Windows-Based Utility – Hide AP Access

With hide AP access enabled by checking “Hide AP Access” check box, wireless stations with ESSID

“ANY” will not browser and associate to the Wireless Micro Access Point.

Windows-Based Utility – About

Shows the Current

Utility and Firmware of the

Wireless Access point

Windows-Based Utility – About

With the Firmware Upgrade Utility, you will be able to upgrade any of the 802.11b Access Point on the network.

Password : default

WEB-Based Utility – Login

WEB-Based Utility – Info

WEB-Based Utility – Configuration

WEB-Based Utility – WEP

WEB-Based Utility – Hide AP and MAC Access Control

WEB-Based Utility – TCP/IP

802.11b Access Point FAQs

How to reset 802.11b Access Point to the default?

Software Press the “Default”

button of the utility.

Hardware Press the “Default”

button by the side of the LAN port on hardware

How to upgrade firmware

Firmware upgrade utility

Add *.bin file

Press “Upgrade” button.

How many Wireless Bridges can the 802.11b Access Point grant the connection with?

Software limit At most 256 clients

Suggestion No more than 4 clients

Cells around each repeater will overlap by a minimum of 50%

How to use the “AP with Repeating Mode”

From the “Mode” item on utility, select “AP+Repeater” .

The same channel is required to all Access Points.

How does SNMP work in 802.11b Access Point?

Enable SNMP. Install a SNMP

management tool to compile the 802.11 MIB files and use the tool or other tools to monitor the SNMP agent in WL-013.

802.11b Device Point

802.11b Device point Hardware Overview

Solution

Atmel (Z-Com)

Power Supply- 5V

LAN Port One 10Base RJ45 LAN port, a cross Ethernet cable is included

Antenna Design One Dipole and one PIFA

Output Power18dBm typical

802.11b Access Point Operation ModeOperation Mode Perform as wireless client stationPerform as wireless client station

Configuration Management Web-based and Windows-based configuration (support

98\ME\NT\2K\XP.

802.11b Access Point Feature Highlights

Type of Approval Europe: EC-Type Approval Certificate ETS 300 328 Test Report North America: FCC, IC Japan: MKK/TELEC/JATE Taiwan: DGT/BSMI

PWR Yellow Power enabled

WLAN Yellow

Off: No Wireless LAN traffic activity

Flashing: Wireless LAN traffic activity

On: Associated to the Wireless AP.

LAN Yellow

Off: No Ethernet traffic activity

Flashing: Wired LAN traffic activity

On: Connect to the Ethernet.

Hardware Overview (Cont.)

SecuritySecurity WEP encryption up to 128-bitsWEP encryption up to 128-bits

MAC Filtering (up to 128 wireless nodes)MAC Filtering (up to 128 wireless nodes)

Support of 802.1x (not yet)Support of 802.1x (not yet)

Feature Highlights (Cont.)

What security means does the 802.11b Device

Point provide?

WEP 64bit encryption

Alphanumeric: 5 characters Hexadecimal: 10 hexadecimal digits

128bit encryption Alphanumeric: 13 characters Hexadecimal: 26 hexadecimal digits

Passphrase ASCII string

802.1x later

Act just like Wireless Station

Access Point

Wired N

etwork

Device Point

Device Point

Internet

Act just like Wireless Station

Access Point

Wired N

etwork

Device Point

Multi-Client Support

(will be available)

Device Point

Internet

How to configure the 802.11b Device Point?

Via Web-based utility

Via Windows-based utility

Windows-Based Utility

Password: default

By installing and using

Station Adapter Utility in

Any PC on the local network,

you may then access and

configure the 802.11b

Device Point Anywhere

on the local network.

Windows-Based Utility - Info

Shows the Current

Information of the Device point, including

ESSID, AP name, TX rate,

IP address, subnetmask and

default gateway.

Windows-Based Utility – Parameter Setup

Configurable parameters

includes ESSID, AP name, TX

rate, IP address subnetmask,

default gateway and password.

Windows-Based Utility – Security

To prevent unauthorized

wireless stations from

accessing data transmitted

over the network, the 802.11b Device Point offers

WEP security

options.

Windows-Based Utility – Security

For 40-bit WEPASCII: 5 characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (e.g. MyKey) Hex: 10 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (e.g. 11AA22BB33) Passphrase: click Generate to generate WEP keys automatically.

For 128-bit WEPASCII: 13 characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (e.g. MyKey12345678) Hex: 26 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (e.g. 00112233445566778899AABBCC)Passphrase : click Generate to generate WEP keys automatically.

Windows-Based Utility – About

Shows the Current

Utility and Firmware of the

802.11b Device Point

Firmware UpgradeUtility

Allow you to upgrade the firmware for the Device point.

Password: default

WEB-Based Utility – Info

802.11b Device Point FAQs

How to reset the 802.11b Device Point to the default?

Software Press the “Default”

button of the utility.

Hardware Press the “Default”

button by the side of the LAN port on hardware

How to upgrade firmware

Firmware upgrade utility

Add *.bin file

Press “Upgrade” button.

Does the 802.11b Device Point support Wireless Workgroup Bridge?

No, not today: But it will support Wireless Ethernet Bridge

(same as Wireless Workgroup Bridge) on the later version.

The number of Ethernet clients will be limited to under 8.

Demonstration/ Hands On Training

Questions