html5-img
1 / 97

Altai Certification Training Configuration

Altai Certification Training Configuration. Professional Services Altai Technologies Limited. Module Outline. AP Default Settings A8 Basic Configurations A8 Advanced Configurations 5GHz Bridge Mode Configuration A8-A2 Bridge Mode Configuration A8-C1 CPE Mode Configuration

roden
Télécharger la présentation

Altai Certification Training Configuration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Altai Certification TrainingConfiguration Professional Services Altai Technologies Limited

  2. Module Outline • AP Default Settings • A8 Basic Configurations • A8 Advanced Configurations • 5GHz Bridge Mode Configuration • A8-A2 Bridge Mode Configuration • A8-C1 CPE Mode Configuration • A8-Ein/A8n Configurations

  3. AP Default Settings • A8/A8-Ei/A8-i default IP address • 192.168.1.222 • 255.255.255.0 • FW 2.2.3.101 • Username: altai • Password: wag • A2/A2e default IP address • 192.168.1.20 • 255.255.255.0 • FW 1.0.0.26 • Username: altai • Password: wag • A8-Ein/A8n default IP address • 192.168.1.222 • 255.255.255.0 • FW 1.2.0.621 • Username: root • Password: superwifi123 • C1 management IP address • 192.168.99.99 • 255.255.255.0 • FW 1.0.0.19 • Username: altai • Password: wag

  4. A8 Basic Configuration

  5. Configuration Case • A8 Basic configurations: • Regulatory domain: RoW • Disable DHCP Client (Static IP Address) • IP Address: 10.6.127.185 • Subnet mask: 255.255.255.0 • Default gateway: 10.6.127.1 • Wireless mode: 802.11b/g mode • Radio frequency: To be determined by Channel Scan result • Transmitting power: 25dBm • VAP 0 (Management and normal service VAP) • SSID: WiFi_mgt • Suppressed SSID: Enabled • Maximum Clients: 10 • Wireless security: WPA-PSK + AES • VAP 1 (For service only VAP) • SSID: WiFi_Service • Maximum Clients: 256 • Wireless security: WPA-PSK + AES 5 5

  6. Tools>Channel Scan Click to start channel scan All the clients traffic would be interrupted during the channel scan test. 6 6

  7. Tools>Channel Scan Channel Scan Success Click to show Noise Floor 7 7

  8. Tools>Channel Scan Key Considerations: Num of SSID Neighbor SSID Usage Noise level 8 8

  9. Configuration>System Select A8 FCC (US Standard) – 2.4GHz Max EIRP 36dBm ETSI (European Standard) – 2.4GHz Max EIRP 20dBm RoW (Rest of the world) – 2.4GHz Max EIRP 60dBm Click Save to batch the changes 9 9

  10. Configuration>Network Recommend “Static IP” Static IP, subnet mask and default gateway configuration (Default IP address: 192.168.1.222) Click Save to batch the changes 10 10

  11. Configuration>2.4G Wireless AP>General Wireless mode (802.11b Max 11Mbps, 802.11b/g Max 54Mbps, 802.11g Max 54Mbps) Select channel: ETSI/RoWCh1-13 FCC Ch1-11 11

  12. Configuration>2.4G Wireless AP>Sectors Maximum Tx Power 25dBm Antenna Gain - Cable Loss + Tx Power ≤ Max EIRP 12

  13. Configuration>2.4G Wireless AP>VAP Basic Default value: 256 A8 will not broadcast SSID Set SSID Enabled allows traffic to pass between stations in a VAP. For mgt VAP, recommended enable. For normal service VAP, disable. Enable VAP • Normal Service: • Allow to access Internet • Management: • Allow to access the A8 web interface. Only VAP 0 has this configuration. Click Save to batch the changes Remark: VAP 0 usually acts as management VAP so it only allows small number of wireless clients and hidden its SSID. VAP 1 acts as normal service VAP so it sets maximum clients. 13

  14. Inter/Intra-VAP Traffic Control The user benefit: Improved network security Better network traffic control The feature: • Traffic among clients of the same SSID/VAP can be blocked • Traffic among clients of different SSID/VAP can be blocked Intra-VAP traffic blocked Inter-VAP traffic blocked SSID 2 A8 SSID 1 SSID 2 SSID 1

  15. Configuration>2.4G Wireless AP>VAP Basic Default: Access Can change to “Trunk” Click Save to batch the changes Remark: VAP 0 usually acts as management VAP so it only allows small number of wireless clients and hidden its SSID. VAP 1 acts as normal service VAP so it sets maximum clients. 15

  16. Configuration>2.4G Wireless AP>VAP Security 16

  17. Highly Secure The Altai technology: • SSID suppression, inter/intra-VAP traffic blocking • Rogue AP detection • WPA, WPA2-PSK, 802.1x (PEAP, TLS, TTLS) authentication, MAC address filtering • WEP, TKIP and AES encryption • Backup RADIUS server support The user benefit: • Latest encryption and authentication support • Radio channel scanning and auto alarm for rogue AP

  18. Reboot AP Click Reboot AP to apply all changes Click OK Wait for 30s to reload the web page 18

  19. A8 Advanced Configuration

  20. Configuration Case • A8 configurations: • Similar to basic configuration, except • Network Operation Mode: Gateway • Local IP Address: 192.168.125.1/24 • NAT Mode: Enabled • 2.4GHz DHCP Snooping Trusted Port: Disabled • Bandwidth Control: Airtime: DL 30%, UL 30% • Multicast Data Rate Control • QoS and DiffServ Tag: Enabled • Congestion Avoidance: FW-RED • Access Link Safe Mode: Enabled • Ping Host: 10.6.127.1 • Ping interval: 30s 20 20

  21. Configuration Case • VAP 0 (Management and normal service VAP) • QoS Profile: Very High • VAP 1 (For normal WiFi service only) • QoS Profile: ToS/802.1Q • VAP 2 (For surveillance camera, authenticated by RADIUS) • SSID: WiFi_camera • Maximum Clients: 15 • QoS Profile: High • Wireless security: WPA + AES • Primary RADIUS Server: 10.6.127.120 • RADIUS Port: 1812 • RADIUS secret: test 21 21

  22. Configuration > Network>General Recommended: FWRED Enable Gateway Mode Configure LAN port IP, subnet mask Configuration > Network>NAT Enable NAT Mode Click Save to batch the changes 22

  23. Congestion Avoidance The user benefit: Avoid congestion due to a few problem clients Higher average throughput for the majority The feature: • A8 can avoid congestion by dropping selected frames in the Tx queue when it is full based on one of the following mechanisms: 1) Tail Drop 2) Random Early Drop (RED) 3) Fair Weighted Random Early Drop (FWRED) (Altai patent pending) Tail drop – all last incoming packets will be dropped A8 Tx queue is FULL RED – most frequently occurred client packets will be dropped FWRED – highest airtime usage client packets will be dropped

  24. Configuration > 2.4G Wireless AP>General • 2.4GHz (unselected by default) Click Save to batch the changes 24

  25. Configuration > 2.4G Wireless AP>General • Ethernet (Trusted by default) • 5GHz (Optional) • 2.4GHz (Optional) Click Save to batch the changes 25

  26. DHCP Snooping Trusted Port x means untrusted interface By default, Ethernet is trusted port DHCP Server Client3 (DHCP Server) Ethernet 2.4G 5G x A8-2 x A8-1 x x x Client4 2.4G 2.4G 2.4G Suppose A8 is in switch mode, all clients should get IP address from ethernet DHCP server, to avoid getting from client’s DHCP server, need to disable two A8s’ 2.4GHz trusted port and A8-1’s 5GHz trusted port. Client2 (DHCP Server) Client1 26

  27. Bandwidth Control on Airtime/Throughput The operation: • 2 modes of control - Throughput (in kbps) or Airtime (in % of occupancy) • Bandwidth limit can be set per VPA/client/uplink/downlink for both modes • Airtime control can prevent the low data rate (11b) clients from occupying too much airtime(throughput mode cannot solve this problem) Throughput controlled to 250 Kbps per station Airtime controlled to 5% per station

  28. Configuration > 2.4G Wireless AP>Bandwidth Control Enabled Throughput VAP: Total bandwidth for one SSID Station: Total bandwidth for each wireless client Set value to specify the maximum bandwidth 28

  29. Configuration > 2.4G Wireless AP>Bandwidth Control Enabled Airtime Set airtime value, default setting is 5%. Used to limit the use time of low data rate user. 29

  30. Bandwidth Control Example BEFORE 3000 ms response time There are many low speed free WiFi users dragging down the performance of premium WiFi users Using the airtime bandwidth control feature with VAP set to 15% and Station set to 5%, the congestion problem was totally resolved. CPE client ping time improved from 3000 ms to 50 ms AFTER 50 ms response time

  31. Configuration > 2.4G Wireless AP>General Protection Mode (Auto) When 11b only client exists, protection mode is automatically enabled to use protection rate for either CTS or RTS-CTS packet. Enabled Multicast Traffic Choose Multicast Data Rate. Enabled IGMP Snooping Recommended low multicast data rate and IGMP snooping enabled Click Save to batch the changes 31

  32. Multicast Traffic Filter The user benefit: Limit unnecessary multicast traffic Improve bandwidth utilization The feature: • A8 can be set to drop all multicast traffic • A8 can be set to limit multicast traffic to certain data rate Multicast packets at high data rate Source Multicast packets can be limited to lower data rate

  33. IGMP Snooping The user benefit: Reduce multicast storm and unnecessary traffic Improve bandwidth utilization The feature: • Multicast traffic from a client in one SSID will only broadcast to the clients within that multicast group of the same SSID Without IGMP snooping, multicast packets will be transmitted to all clients across all SSIDs With IGMP snooping, multicast packets will only be transmitted to the registered clients under the same SSID Source Source A8 SSID 1 SSID 3 SSID 1 SSID 3 Multicast packets SSID 2 SSID 2 IGMP: Internet Group Management Protocol

  34. Configuration > Network>Backhaul Link Integrity Enable access link safe mode A8 pings to 10.6.127.1 for every other 30s. If ping request timeout for 3 times, it reboots and enters safe mode with SSID: “SafeMode<MAC address>”. Click Save to batch the changes 34

  35. Highly Resilient The Altai technology: • Link Integrity – check link status from client up to the application servers • Backhaul Link Self Healing – automatic backhaul failover and recovery • Access redundancy – clients are at least covered by 2 or more A8 • Access Link Safe Mode – automatic reboot with new SSID forcing client to release Resilient Backhaul Architecture The user benefit: • Complete backhaul protection • Mission critical proof • Improve network stability • Saves downtime cost A2 Backhaul link self healing Multiple coverage by A8 A8

  36. Configuration > Network>QoS Enabled QoS and DiffServ Enabling QoS adds traffic priority tag in the packets. DiffServ Tagging is effective after enabling QoS. ToS field of IP packets will be changed based on QoS policy configuration. QoS Profile: Very High, High, Normal, Low, ToS/802.1Q, IP ToS/802.1Q changes the tag basing on the packet type IP changes the tag basing on the port range and protocol Click Save to batch the changes 36

  37. Configuration > 2.4G Wireless AP>VAP Basic Enable VAP2 Set SSID Set 15 clients High QoS Click Save to batch the changes 37

  38. Configuration > 2.4G Wireless AP>VAP Security Select WPA Click Update Select AES Enter RADIUS Server information 38 Click Save to batch the changes

  39. 5GHz Bridge Configuration

  40. Bridge Combinations • A8-A2 • 802.11a Mode • Maximum Data Rate: 54 Mbps • A2-A2 • 802.11na HT40 ext ch +1/-1 • Maximum Data Rate: 300 Mbps • A8-A8 • 802.11a Turbo + Bursting Mode + Fast Mode • Maximum Data Rate: 108 Mbps 40

  41. A8-A2 5GHz Bridge Configuration

  42. Sample Solution Layout A8-A2 Bridge 42 42

  43. 5GHz Bridge Access Up to 1km LOS 2km A2: 450 m LOS A2 for coverage & capacity enhancement A8 for large outdoor coverage • Bridge: a backhaul link at 5GHz signal (802.11a) • Example Configurations: • A2 setups 5GHz bridge with A8 5GHz MAC address • Enable 802.11a • Channel 56 • Enable AES (Recommended bridge security) • A8 setups 5GHz bridge with A2 5GHz MAC address • Enable 802.11a • Channel 56 • Enable AES • All configurations on both sides must be the same, except MAC address 43 43

  44. Rogue AP Detection

  45. Rogue AP Detection The user benefit: Reduce security threats to the network Auto alert & reporting with the use of AWMS Useful tool for deployment The feature: • Neighboring APs’ information is obtained by the channel scan function • The scanned neighboring AP list will be validated against the defined legitimate AP list (BSSID with MAC address info, SSID) • Rogue AP is declared if the validation with the legitimate AP list fails A8 is scheduled to perform channel scan Rogue AP Check against legitimate AP list in A8 Legitimate AP list Reporting through AWMS or remote access

  46. A8: Status > Overview A8 5GHz MAC address Remark: The backside of AP unit also has 5GHz MAC address 46 46

  47. A2: Configuration > 5G Radio 1. Select 802.11a mode 2. Click Update 3. Select Frequency 4. Type in Bridge Distance 5. A8 5GHz radio MAC address 6. Select AES 7. Type in Key 8. Click Update 47

  48. A8: Configuration>5G Wireless Bridge 1. Select 802.11a mode 2. Click Save 3. Select Frequency 4. Type in Bridge Distance Click Save to batch the changes

  49. A8: Configuration>5G Wireless Bridge>Remote Bridge 5. Type in A2 5GHz radio MAC address and click Add to List A8: Configuration>5G Wireless Bridge>Security 6. Select AES 7. Type in Key Click Save to batch the changes

  50. A8: Status > 5G Wireless Bridge State Up: associated Inactive: disconnected 50

More Related