Use of Adaptive AP for Limited WAN Bandwidth Deployments
Opportunity
With the adaptive AP architecture, Motorola Enterprise WLAN offers
a unique alternative to our customers who want to centrally manage their
wireless infrastructure that may be deployed in remote
branch offices. This technical brief is based on the requirements
of a major retailer that the EWLAN recently engaged with and highlights the
advantages of the Adaptive AP architecture.
Customer Requirements
1. The total number of stores is
1100 distributed throughout the US. Each regular store is approximately10,000
sq.ft. A 3 RF cell coverage was proposed to meet the coverage requirements.
2. Wireless Intrusion detection and protection is a key
requirement in all stores. One WIPS Sensor per store has been proposed (with
the WIPS Server at the NOC)
3. Wireless infrastructure must be centrally manageable
because of limited IT staff in the stores.
4. Wireless infrastructure must share a 56 Kbps private WAN
link to the head office. Wireless LAN infrastructure must make the best use of
available WAN bandwidth and not interfere with or interrupt critical store
operations
5. There are 4- 5 mobile clients used in eachstore including
handhelds and scanners.
Possible Wireless Deployment Solutions:
I. Distributed Wireless Switch (WS2000) Solution
This deployment calls for 1 WS2000 and 3 dual radios AP300’s for
data and one dual radio AP300 for WIPS sensor in each store. An extra WS2000 is
recommended for store level wireless redundancy. This
solution would be centrally managed using RFMS at the central
site. WIPS server would be located at the central site as well.
In this solution all data traffic is switched locally in each
store. Management traffic monitoring and configuring the devices in the store
will use bandwidth on the 56 Kbps link. Since RFMS uses the SNMP protocol with
polling approach, it is not considered an efficient solution for highly limited
WAN
link deployments. In addition WIPS sensor traffic will use 5 Kbps
of bandwidth on the WAN link. This does not include the live view mode of debugging.,
A local wireless switch solution while highly recommended for distributed sites
with 3 or more APs per store and the stores having reasonable WAN Bandwidth, is
not recommended in this particular case due to the amount of management traffic
which
could consume a substantial portion of the WAN link depending on
the monitoring requirements.
II. Standalone AP Solution
This deployment calls for 3 dual radio AP5131 Access Points
functioning in a standalone modefor data and one of these APs supporting a
dedicated radio for WIPS sensor in each store. This solution would be centrally
managed using RFMS at the central site. WIPS server would be located at the central
site as well.
In this solution all data traffic isswitched locally in each
store. RFmanagement traffic for monitoring and configuring the devices in the
store will use bandwidth on the WAN link. The WAN utilization patterns will be
more than the WS2000 in this scenario as there are more points of management.
Again, given the bandwidth constraints,this is not a recommended
solution.
(Note: Using one of the radios for WIPS
Sensing on the AP-5131 implies that on that particular AP, the other radio can
service either 802.11a or 802.11b/g client but not both simultaneously. This
may not be an issue when there are no 802.11a devices in the store but it has
be taken into consideration while designing the network. An alternate solution
would be to use a low cost AP300 Sensor).
III. Adaptive AP Solution
This scenario calls for 3 Dual radio “Adaptive” AP5131 Access
Points for data in the store and a cluster of RFS7000 Switches in the Data
Center providing remote management of the Adaptive Aps (AAPs). In this case,
two clusters of 12 RF7000 (24 total) switches at the centralsite would be
required
to adopt 3300 adaptive AP’s (1100x3). This solution would be
centrally manageable using RFMS at the central site. An additional AP300 per
store was optionally recommended for dedicated WIPS sensing if the customer was
not interested in using a radio on one of the AP-5131’s for WIPS. A WIPS
server would be located at the central site as well.
In this solution all data traffic is switched locally in each
store.Control and statistics messages exchanged between the Wireless Switch and
Adaptive AP’s will use some amount of WAN bandwidth.RF management traffic for
monitoring and configuring the devices in the store will not directly use any
bandwidth on the WAN link. In this deployment scenario, RFMS
traffic is terminated at the Wireless Switch at the central site and does not
use any WAN bandwidth. As in the other cases, WIPS sensor traffic will use 5
Kbps of bandwidth on the wan link.
WAN bandwidth usage of Adaptive AP is very different from other
solutions proposed. We ran some tests to determine the minimum bandwidth
required to operate the Adaptive AP solution. The next section details of the
protocol exchange and the bandwidth consumed in this scenario.
Data flow in Adaptive AP Solution
Test Scenario:
• Access Points: Three dual radio access points.
• WLANs: Three – e.g. SN1, SN2, SN3 available on both 802.11a and 802.11b/g radios.
• Encryption: Each WLAN is WPA-PSK encrypted.
• VLANs: Each WLAN is mapped to a different VLAN.
• Routing: Router in the store does the routing for VLANs.
• Mobile users do not access any applications residing in the central site.
• WAN link has been constricted to 6 Kbps withdegradation of 200 msround trip latency
• Version RFS7000 version 1.2.0.0-034B; Adaptive AP Firmware Version: 2.1.0.0-020B
1) Access Point to Switch Communication:
- Access Point initiates the
discovery process
- After a switch is discovered AP
adoption takes place
- At the end of adoption AP receives
configuration from the switch
- Once configured the AP reaches
steady state of communication with AP
- AP periodically updates radio,
wlan and mobileunit statistics (assuming no extended wlans)
- AP also sends a periodic WNMP
message which is understood by other Motorola AP’s.
2) Switch to Access Point Communication:
- Switch replies to AP’s discovery
messages
- Switch also provides configuration
to the access points.
- Every statistic message is
acknowledged.
- Switch can send configuration
message to the AP if the configuration changes
Note: Bandwidth utilization depends upon
number of radios, WLANs and mobile users. Also note that
no data is being passed from the store to
the centralized NOC in these examples.
3) Sensor to WIPS Communication:
- Sensor discovers the WIPS server
- Sensor forwards a summarized
message indicating the key RF variables in the environment
- This message is sent over TCP and
is acknowledged by the WIPS server
4) RFMS to Switch Communication:
- RF Monitoring, report generation,
configuration compliance and status checks are achieved by issuing SNMP
commands directly to the RFS7000 Wireless Switch rather than to each of the APs
in distributed stores.
- No WAN link bandwidth is used in this communication
5) AP Firmware Update Operation:
- AP Firmware image ~ 15 MB.
- Firmware update operation can
bescheduled during non-peak hours.
Bandwidth used: FTP file transfer flow
will adapt to available bandwidth – and more importantly does not impact the
operation of the AAPs. This would apply to any large file transfers to and from
the stores. There are other solutions available to transfer firmware image over
slow WAN link.
Alternatively, an in-Store FTP server can also be used. Auto
firmware update operation can be triggered from in-store DHCP server using DHCP
options
The above results basically show that adoption of 3 dual radio APs
in Adaptive Mode would only consume a total of less than 6 Kbps. Under normal
conditions, the WIPS sensor traffic would add no more than 4 - 5 Kbps per
sensor. MSP provides various options for tuning the Device management in stores
to optimize the WAN bandwidth. While the traffic for MSP would depend on how
frequently the status of devices is updates and polled, etc., under normal
conditions, this traffic would not amount to
more 1 – 2 Kbps per store with 4 – 5 devices.
The total bandwidth consumed for this
deployment scenario – Adaptive APs with RFMS and WIPS – is no more than 12 Kbps
(with the assumptions outlined).
Conclusion:
We considered three different solutions
for remote stores – WS2000 based switch solution, Standalone AP solution and
Adaptive AP solution. Each solution has its own merits. However, since Adaptive
AP
solution can operate with as low bandwidth as 6Kbps, we recommend
the adaptive AP solution in this case because it offers centralized management
and distributed switching and uses the least amount of WAN bandwidth.
In a separate but related paper we will look into the details of
all the available deployment options for general enterprise deployment in more
detail and outline their capabilities based on current and future implementation.
Appendix:
RFS7000 configuration
!
! configuration of RFS7000 version 1.2.0.0-034B
!
version 1.1
!
aaa authentication login default local none
service prompt crash-info
!
username "admin" password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d
username "admin" privilege superuser
username "operator" password 1 fe96dd39756ac41b74283a9292652d366d73931f
!
!
spanning-tree mst cisco-interoperability enable
spanning-tree mst configuration
name My Name
!
country-code us
logging console 7
snmp-server sysname RFS7000
snmp-server manager v2
snmp-server manager v3
snmp-server user snmptrap v3 encrypted auth md5 0x3a063540a6b1db3711d168559cc89b6f
snmp-server user snmpmanager v3 encrypted auth md5
0x3a063540a6b1db3711d168559cc89b6f
snmp-server user snmpoperator v3 encrypted auth md5
0x471273d8946cdcee22210324697c5120
ip http server
ip http secure-trustpoint default-trustpoint
ip http secure-server
ip ssh
ip telnet
no service pm sys-restart
license AP
5b38b18b37e19a1f5901cafb3eef2f37f774b003961bb5397717c0baae4d338ff28d4f0e03e42ad5
!
wireless
manual-wlan-mapping enable
wlan 1 enable
wlan 1 ssid SN1
wlan 1 vlan 100 limit 10
wlan 1 encryption-type tkip
wlan 1 dot11i phrase 0 test1234
wlan 1 independent
wlan 2 enable
wlan 2 ssid SN2
wlan 2 vlan 200 limit 10
wlan 2 encryption-type tkip
wlan 2 dot11i phrase 0 test2345
wlan 2 independent
wlan 3 enable
wlan 3 ssid SN3
wlan 3 vlan 300 limit 10
wlan 3 encryption-type tkip
wlan 3 dot11i phrase 0 test3456
wlan 3 independent
radio add 1 00-15-70-30-D6-13 11bg ap300
radio 1 bss 1 1
radio 1 bss 2 2
radio add 2 00-15-70-30-D6-13 11a ap300
radio 2 bss 1 1
radio 2 bss 2 2
radio 2 channel-power indoor 44 17
radio add 3 00-A0-F8-D5-C4-70 11bg ap300
radio 3 bss 1 1
radio 3 bss 2 2
radio add 4 00-A0-F8-D5-C4-70 11a ap300
radio 4 bss 1 1
radio 4 bss 2 2
radio 4 channel-power indoor 36 12
radio add 5 00-A0-F8-BC-E8-F1 11bg ap300
radio 5 bss 1 1
radio 5 bss 2 2
radio add 6 00-A0-F8-BC-E8-F1 11a ap300
radio 6 bss 1 1
radio 6 bss 2 2
radio add 7 00-A0-F8-D8-7A-16 11bg ap300
radio 7 bss 1 1
radio 7 bss 2 2
radio add 8 00-A0-F8-D8-7A-16 11a ap300
radio 8 bss 1 1
radio 8 bss 2 2
radio add 9 00-15-70-71-39-82 11bg aap5131
radio 9 bss 1 1
radio 9 bss 2 2
radio 9 bss 3 3
radio add 10 00-15-70-71-39-82 11a aap5131
radio 10 bss 1 1
radio 10 bss 2 2
radio 10 bss 3 3
radio add 11 00-15-70-52-38-8E 11bg aap5131
radio 11 bss 1 1
radio 11 bss 2 2
radio 11 bss 3 3
radio add 12 00-15-70-52-38-8E 11a aap5131
radio 12 bss 1 1
radio 12 bss 2 2
radio 12 bss 3 3
radio add 13 00-15-70-72-ED-D8 11bg aap5131
radio 13 bss 1 1
radio 13 bss 2 2
radio 13 bss 3 3
radio add 14 00-15-70-72-ED-D8 11a aap5131
radio 14 bss 1 1
radio 14 bss 2 2
radio 14 bss 3 3
radio default-11a bss 1 1
radio default-11a bss 2 2
radio default-11bg bss 1 1
radio default-11bg bss 2 2
radio default-11b bss 1 1
radio default-11b bss 2 2
no ap-ip default-ap switch-ip
!
radius-server local
!
interface ge1
switchport access vlan 14
!
interface ge2
switchport access vlan 14
!
interface ge3
switchport access vlan 64
!
interface ge4
switchport access vlan 192
!
interface me1
no ip address
!
interface vlan1
no ip address
!
interface vlan14
management
ip address dhcp
!
service dhcp
!
rtls
rfid
espi
sole
!
ip route 0.0.0.0/0 10.100.1.1
!
line con 0
line vty 0 24
!
end
Adaptive AP configuration
//
// AP-51xx Configuration Command Script
// System Firmware Version: 2.1.0.0-020B
//
dual-radio-hardware
//
cfg-version-00
//
// Admin Password
/
enc-admin-passwd d2
/
// System Configuration
/
system
set name AP-51xx
set loc \0
set email \0
set cc us
/
system
aap-setup
// Adaptive AP menu
set auto-discovery enable
set interface lan1
set name \0
set port 24576
delete all
set ipadr 1 172.20.4.167
set enc-passphrase bf0819993a702c39
set ac-keepalive 10
set tunnel-to-switch disable
/
// System-Access menu
system
access
set applet lan 1 enable
set applet slan 1 enable
set cli lan 1 enable
set ssh lan 1 enable
set snmp lan 1 enable
set applet lan 2 enable
set applet slan 2 enable
set cli lan 2 enable
set ssh lan 2 enable
set snmp lan 2 enable
set admin-auth radiusset applet wan enable
set applet swan enable
set app-timeout 0
set cli wan enable
set ssh wan enable
set auth-timeout 120
set inactive-timeout 120
set snmp wan enable
set server 192.168.0.4
set port 1812
set enc-secret bf0819993a702c39
set admin-auth local
set mode disable
set msg \0
set trusted-host mode disable
/
// System-SNMP-Access Configuration
system
snmp
access
// SNMP ACL configuration
delete acl all
// SNMP v1/v2c configuration
delete v1v2c all
add v1v2c public ro 1.3.6.1
add v1v2c private rw 1.3.6.1
// SNMP v3 user definitions
delete v3 all
/
// System-SNMP-Traps Configuration
system
snmp
traps
// SNMP trap selection
set mu-assoc disable
set mu-unassoc disable
set mu-deny-assoc disable
set mu-deny-auth disable
set snmp-auth disable
set snmp-acl disable
set port disable
set dos-attack disable
set interval 10
set cold disable
set cfg disable
set rogue-ap disable
set ap-radar disable
set wpa-counter disable
set hotspot-mu-status disable
set vlan disable
set lan-monitor disable
set min-pkt 1000
set dyndns-update disable
// SNMP v1/v2c trap configuration
delete v1v2c all
// SNMP v3 trap configuration
delete v3 all
/
// System-NTP menu
system
ntp
set mode disable
/
// System-Logs menu
system
logs
set level L6
set mode disable
/
// System-Config Update menu
system
config
set file cfg.txt
set path \0
set mode ftp
set server 192.168.0.10
set user \0
set enc-passwd d2
/
// System-Firmware Update menu
system
fw-update
set fw-auto enable
set cfg-auto enable
set mode ftp
set file tf.bin
set path ./
set server 157.235.94.166
set user ftpuser
set enc-passwd b4131d833b7a32
/
system
userdb
user
// userdb user configuration
clearall
/
system
userdb
group
// userdb group configuration
clearall
/
system
radius
// radius server configuration
set database local
/
system
radius
eap
// radius EAP configuration
set auth all
/
system
radius
eap
peap
// radius EAP PEAP configuration
set auth gtc
/
system
radius
eap
ttls
// radius EAP TTLS configuration
set auth pap
/
system
radius
ldap
// radius LDAP configuration
set port 389
set binddn cn=Manager,o=trion
set basedn o=trion
set enc-passwd d2
set login (uid=%{Stripped-User-Name:-%{User-Name}})
set pass_attr userPassword
set groupname cn
set filter (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
set membership radiusGroupName
/
system
radius
proxy
// radius proxy server configuration
set delay 5
set count 3
// radius proxy realm configuration
clearall
/
system
radius
client
// radius client configuration
/
// /Network-WAN configuration
network
wan
set wan 1 enable
set dhcp disable
set pppoe mode disable
// Ethernet Port configuration
set auto-negotiation disableset speed 100M
set duplex full
set auto-negotiation enable
set ipadr 1 10.1.1.1
set mask 255.0.0.0
set dgw 0.0.0.0
set dns 1 0.0.0.0
set dns 2 0.0.0.0
set wan 2 disable
set wan 3 disable
set wan 4 disable
set wan 5 disable
set wan 6 disable
set wan 7 disable
set wan 8 disable
/
// Network-WAN-NAT configuration
network
wan
nat
// wan ip 1
set type 1 1-to-many
set inb mode 1 disable
// Inbound NAT configuration
// wan ip 1
delete 1 all
// wan ip 2
set type 2 none
// Inbound NAT configuration
// wan ip 2
delete 2 all
// wan ip 3
set type 3 none
// Inbound NAT configuration
// wan ip 3
delete 3 all
// wan ip 4
set type 4 none
// Inbound NAT configuration
// wan ip 4
delete 4 all
// wan ip 5
set type 5 none
// Inbound NAT configuration
// wan ip 5
delete 5 all
// wan ip 6
set type 6 none
// Inbound NAT configuration
// wan ip 6
delete 6 all
// wan ip 7
set type 7 none
// Inbound NAT configuration
// wan ip 7
delete 7 all
// wan ip 8
set type 8 none
// Inbound NAT configuration
// wan ip 8
delete 8 all
// Outbound 1-To-Many NAT configuration
set outb map lan 1
set outb map lan2 1
/
network
wan
vpn
delete all
/
// Network-WAN-Content Filtering configur
network
wan
content
delcmd web proxy
delcmd web activex
delcmd smtp helo
delcmd smtp mail
delcmd smtp rcpt
delcmd smtp data
delcmd smtp quit
delcmd smtp send
delcmd smtp saml
delcmd smtp reset
delcmd smtp vrfy
delcmd smtp expn
delcmd ftp put
delcmd ftp get
delcmd ftp ls
delcmd ftp mkdir
delcmd ftp cd
delcmd ftp pasv
delcmd web file all
addcmd web file \0
addcmd web file \0
addcmd web file \0
addcmd web file \0
addcmd web file \0
addcmd web file \0
/
// Network-Wireless-Security configuration
network
wireless
security
set wpa-countermeasure enabledelete all
// Security Policy 1 configuration
edit 1
set auth none
set enc none
change
// Security Policy 1 configuration
create
set sec-name Sec1-PskTkip
set auth none
set enc tkip
set tkip rotate-mode disable
set tkip allow-wpa2-tkip enable
set tkip type phrase
set tkip enc-phrase a6021e82792d736c
add-policy
// Security Policy 2 configuration
create
set sec-name Sec2-PskTkip
set auth none
set enc tkip
set tkip rotate-mode disable
set tkip allow-wpa2-tkip enable
set tkip type phrase
set tkip enc-phrase a6021e827a2c746d
add-policy
// Security Policy 3 configuration
create
set sec-name Sec3-PskTkip
set auth none
set enc tkip
set tkip rotate-mode disable
set tkip allow-wpa2-tkip enable
set tkip type phrase
set tkip enc-phrase a6021e827b2b756e
add-policy
/
// Network-Wireless-ACL configuration
network
wireless
acl
delete all
// MU ACL Policy 1 configuration
edit 1
set mode allow
delete all
change
/
// Network-Wireless-WMM_QOS configuration
network
wireless
qos
delete all
// WMM-QoS Policy 1 configuration
edit 1
set vop disable
set mcast 1 01005E000000
set mcast 2 09000E000000
set wmm-qos disable
set param-set 11ag-default
change
// WMM-QoS Policy 2 configuration
create
set qos-name QOS-WLAN1
set vop disable
set mcast 1 000000000000
set mcast 2 000000000000
set wmm-qos disable
set param-set manual
add-policy
// WMM-QoS Policy 3 configuration
create
set qos-name QOS-WLAN2
set vop disable
set mcast 1 000000000000
set mcast 2 000000000000
set wmm-qos disable
set param-set manual
add-policy
// WMM-QoS Policy 4 configuration
create
set qos-name QOS-WLAN3
set vop disable
set mcast 1 000000000000
set mcast 2 000000000000
set wmm-qos disable
set param-set manual
add-policy
/
// Network-Wireless-WLAN configuratio
network
wireless
wlan
delete all
// WLAN 1 configuration
create
set ess SN1
set wlan-name WLAN1-SN1
set max-mu 127
set enc-passwd d2
set no-mu-mu disable
set sbeacon disable
set bcast enable
set 11a enable
set 11bg enable
set mesh disable
set hotspot disable
set security Sec1-PskTkip
set acl Default
set qos QOS-WLAN1
add-wlan
// WLAN 2 configuration
create
set ess SN2
set wlan-name WLAN2-SN2
set max-mu 127
set enc-passwd d2
set no-mu-mu disable
set sbeacon disable
set bcast enable
set 11a enable
set 11bg enable
set mesh disable
set hotspot disable
set security Sec2-PskTkip
set acl Default
set qos QOS-WLAN2
add-wlan
// WLAN 3 configuration
create
set ess SN3
set wlan-name WLAN3-SN3
set max-mu 127
set enc-passwd d2
set no-mu-mu disable
set sbeacon disable
set bcast enable
set 11a enable
set 11bg enable
set mesh disable
set hotspot disable
set security Sec3-PskTkip
set acl Default
set qos QOS-WLAN3
add-wlan
/
system
radius
policy
// radius access policy configuration
access-time
// radius access time rule configuration
/
// Network-Wireless-WLAN-Hotspot configuration
// Hotspot Redirection configuration
network
wireless
wlan
hotspot
redirection
// Wlan 1 - Hotspot Redirection configuration
set page-loc 1 default
set exturl 1 login \0
set exturl 1 welcome \0
set exturl 1 fail \0
// Wlan 2 - Hotspot Redirection configuration
set page-loc 2 default
set exturl 2 login \0
set exturl 2 welcome \0
set exturl 2 fail \0
// Wlan 3 - Hotspot Redirection configuration
set page-loc 3 default
set exturl 3 login \0
set exturl 3 welcome \0
set exturl 3 fail \0
/
// Hotspot Radius configuration
network
wireless
wlan
hotspot
radius
// Wlan 1 - Hotspot Radius configuration
set acct-mode 1 disable
set acct-timeout 1 10
set acct-retry 1 3
set acct-port 1 1813
set enc-acct-secret 1 d2
set port 1 primary 1812
set enc-secret 1 primary d2
set port 1 secondary 1812
set enc-secret 1 secondary d2
set sess-mode 1 disable
// Wlan 2 - Hotspot Radius configuration
set acct-mode 2 disable
set acct-timeout 2 10
set acct-retry 2 3
set acct-port 2 1813
set enc-acct-secret 2 d2
set port 2 primary 1812
set enc-secret 2 primary d2
set port 2 secondary 1812
set enc-secret 2 secondary d2
set sess-mode 2 disable
// Wlan 3 - Hotspot Radius configuration
set acct-mode 3 disable
set acct-timeout 3 10
set acct-retry 3 3
set acct-port 3 1813
set enc-acct-secret 3 d2
set port 3 primary 1812
set enc-secret 3 primary d2
set port 3 secondary 1812
set enc-secret 3 secondary d2
set sess-mode 3 disable
/
// Hotspot Whitelist configuration
network
wireless
wlan
hotspot
white-list
clear rule all
// Hotspot Whitelist 1 configuration// Hotspot Whitelist 2 configuration// Hotspot
Whitelist 3 configuration/
/
// Network-wireless-Rogue_AP configuration
network
wireless
rogue-ap
set mu-scan disable
set interval 15
set on-channel disable
set motorola-ap disable
set applst-ageout 0
set roglst-ageout 0
set ABG-scan disable
set detector-scan disable
// Rogue AP Allowed AP list
allowed-list
delete all
/
// Network-Wireless-Radio configuration
network
wireless
radio
set 11a enable
set mesh-base 2 disable
set mesh-client 2 disable
set mesh-max 2 12
set mesh-wlan 2 \0
set 11bg enable
set mesh-base 1 disable
set mesh-client 1 disable
set mesh-max 1 12
set mesh-wlan 1 \0
set rf-function 1 wlan
set rf-function 2 wlan
set dot11-auth open-system-only
radio1
// 802.11b/g Radio Configuration
set rates 1,2,5.5,11 1,2,5.5,6,9,11,12,18,24,36,48,54
set beacon 100
set dtim 1 10
set dtim 2 10
set dtim 3 10
set dtim 4 10
set preamble disable
set placement indoor
set ch-mode user
set channel 6
set antenna full
set power 20
set rts 2346
set qbss-beacon 10
set qbss-mode enable
set qos param-set 11g-default
// Radio Advanced Configuration
advanced
set wlan WLAN1-SN1 1
set wlan WLAN2-SN2 2
set wlan WLAN3-SN3 3
set bss 1 WLAN1-SN1
set bss 2 WLAN2-SN2
set bss 3 WLAN3-SN3
..
// Radio Advanced Mesh Configuration
mesh
set auto-select enable
/
network
wireless
radio
radio2
// 802.11a Radio Configuration
set rates 6,12,24 6,9,12,18,24,36,48,54
set beacon 100
set dtim 1 10
set dtim 2 10
set dtim 3 10
set dtim 4 10
set placement indoor
set ch-mode user
set channel 40
set antenna full
set power 17
set rts 2346
set qbss-beacon 10
set qbss-mode enable
set qos param-set 11a-default
// Radio Advanced Configuration
advanced
set wlan WLAN1-SN1 1
set wlan WLAN2-SN2 2
set wlan WLAN3-SN3 3
set bss 1 WLAN1-SN1
set bss 2 WLAN2-SN2
set bss 3 WLAN3-SN3
..
// Radio Advanced Mesh Configuration
mesh
set auto-select enable
/
// Network-Wireless-bandwidth configuration
network
wireless
bandwidth
set mode 1 fifo
set mode 2 fifo
/
// Network-Wireless-mu-locationing configuration
network
wireless
mu-locationing
set mode disable
set size 200
/
// /Network-LAN configuration
/
network
lan
// Ethernet Port configuration
set auto-negotiation disableset speed 100M
set duplex full
set auto-negotiation enable
set lan 1 enable
set trunking 1 enable
set name 1 LAN1
set ip-mode 1 client
set lan 2 disable
set trunking 2 disable
set name 2 LAN2
set ip-mode 2 server
set timeout 0
set username admin
set enc-passwd bf0819993a702c39
// Port To Subnet Map configuration
set ethernet-port-lan 1
set ipadr 2 192.168.1.1
set mask 2 255.255.255.0
set dgw 2 192.168.1.1
set domain 2 \0
set dns 2 1 192.168.1.1
set dns 2 2 192.168.1.1
set wins 2 192.168.1.254
// Network-LAN-DHCP configuration
/ network
lan
dhcp
set lease 2 86400
set range 2 192.168.1.100 192.168.1.254
delete 2 all
// LAN Bridge configuration
/
network
lan
bridge
set priority 1 65500
set hello 1 2
set msgage 1 20
set fwddelay 1 15
set ageout 1 300
set priority 2 65500
set hello 2 2
set msgage 2 20
set fwddelay 2 15
set ageout 2 300
/
// Network-LAN-VLAN configuration
network
lan
wlan-mapping
// WLAN To LAN Map configuration
lan-map WLAN1-SN1 LAN1
lan-map WLAN2-SN2 LAN1
lan-map WLAN3-SN3 LAN1
set mgmt-tag 1 1
set native-tag 1 1
set mgmt-tag 2 1
set native-tag 2 1
delete all
create 100 VLAN_100
create 200 VLAN_200
create 300 VLAN_300
vlan-map WLAN1-SN1 VLAN_100
vlan-map WLAN2-SN2 VLAN_200
vlan-map WLAN3-SN3 VLAN_300
/
// Network-Wireless-Filter configuration
network
lan
type-filter
// Ethernet Type Filter Policy for LAN 1
set mode 1 allow
delete 1 all
// Ethernet Type Filter Policy for LAN 2
set mode 2 allow
delete 2 all
/
// Network-Firewall configuration
network
firewall
set mode enable
set nat-timeout 10
set syn enable
set src enable
set win enable
set ftp enable
set ip enable
set seq enable
set mime enable
set len 8192
set hdr 16
/
network
firewall
access
// LAN to WAN Access Rule
set rule lan wan allow
set rule lan lan2 allow
set rule lan2 wan allow
set rule lan2 lan allow
delete lan all
delete lan2 all
/
// Advanced LAN Access configuration
network
firewall
advanced
// enable override to go to inbound sub-menu
set override enable
// Inbound policy configuration
inbound
delete all
/
network
firewall
advanced
// enable override to go to outbound sub-menu
set override enable
// Outbound policy configuration
outbound
delete all
/
network
firewall
advanced
// Restore back user-defined override mode
set override disable
/
// Network-Router configuration
network
router
set type off
set dir both
set auth none
set enc-passwd d2
set id 1 1
set enc-key 1 e2565fc57c2a766fb0d55160d6f92952
set id 2 2
set enc-key 2 e2565fc57c2a766fb0d55160d6f92952
delete all
set dgw-iface lan1
/
network
wan
dyndns
// DynDNS menu
set mode disable
set username \0
set password \0
set hostname \0
/
save
0 nhận xét:
Post a Comment