Transcript AP_&_DP[1]
802.11b Access Point and Device Point
Technical training
http://www.axis.com
Agenda
System Overview
Marketing information
WLAN Technology
Security
802.11b Access point
802.11b Device Point
Hands on Training
System Overview
System Overview
The 802.11b Access Point is connected on the
main network.
The Camera is connected to the 802.11b Device
Point.
System Overview
Internet
Device
Point
Device
Point
Access Point
Device
Point
Future overview
*Today only one device can be connected to the Device Point through the
network interface but in next SW-release will contain multiple device
support. This is not a big issue in our customers cases. Our customers will
probably only connect one camera to each Device Point.
Future overview
Internet
Device
Point
Access Point
Device
Point
Multi-Client Support
(will be available)
How to connect the 802.11b Access Point
Connect the 802.11b Access Point on the main network.
Configure the 802.11b Access Point from a computer on
the main network (Smart AP utility)
Configure the network parameters and the Securitysettings.
How to connect the Camera to the 802.11b Device Point
Use a cross over connected UTP Ethernet cable to connect the
Camera Server to the Device Point.
The 802.11b Device Point is a bridge (converter) between cabled
Ethernet and wireless Ethernet (IEEE 802.11b).
Today only one camera can be connected to each Device Point.
Marketing information
802.11b Wireless Device Point
Main messaging
Make your move from wired to wireless surveillance!
Unleash your video surveillance cameras with
802.11 Device Points from Axis!
Features and benefits
Server-side device allows Axis network video products to
integrate into new and existing WLAN infrastructures
Eliminates the need for network cabling within network video
solutions—lowering both the cost and complexity of the
installation
Mobility. Wireless capability enables easy relocation of
complete surveillance/monitoring systems
Fully compatible with 802.11b Access Points from Axis
Features and benefits (cont.)
Supports 128-bit WEP encryption for reduced risk of
unauthorized video access
Platform independent with no special driver software
required
Dual antenna design ensures optimal RF performance
Range: 100m (los) with reduced bandwidth
Range: 30 m (los) with full bandwidth
Key Applications
All traditional camera video applications are applicable;
the key feature of 802.11b Wireless Device Point is to
remove the need of network cabling.
Public transportation – wireless capability enables
surveillance in hard to reach spots
Building security – allows for surveillance in older
buildings without the need for extensive rewiring of the
building infrastructure.
Key Applications (cont)
Surveillance of shopping centers and malls –
wireless capability enables surveillance in
hard to reach spots
Marketing – Broadcasting, cameras can watch
otherwise unreachable points of interests
Industrial process monitoring – wireless
capability enables surveillance in hard to
reach spots
Monitoring of events (as example trade shows,
concerts etc.) - wireless capability enables
easy reallocation of the complete system)
Bundles
The 802.11b Wireless DevicePoint will be
bundled with the following products:
2100
2120
2130/2130R
Important
The product has a radio type approval to be sold in the
following countries:
Austria, Belgium, Denmark, Finland, France, Germany,
Ireland, Italy, Luxembourg, the Netherlands, Norway,
Portugal, Spain, Sweden, Switzerland, USA and the
United Kingdom.
It cannot be sold outside these countries for legal
reasons.
802.11b Wireless Access Point
Main messaging
Make your move from wired to wireless networks
Unleash your video surveillance cameras and
network printing with 802.11b Wireless Access
Points from Axis!
Features and benefits
Client-side device allows Axis network video products to
integrate into new and existing WLAN infrastructures
Provides an easy and flexible approach towards developing a
variety of wireless applications
Facilitates wireless network video installations that can be
viewed from anywhere, and complete wireless printing
solutions together with the
AXIS 5900 Print Server
Fully compatible with 802.11b Device Points from Axis
Provides mac-address filtering and hidden accesspoint for
added security
Dual antenna design ensures optimal RF performance
Important
The product has a radio type approval to be sold in the
following countries:
Austria, Belgium, Denmark, Finland, France, Germany,
Ireland, Italy, Luxembourg, the Netherlands, Norway,
Portugal, Spain, Sweden, Switzerland, USA and the
United Kingdom.
It cannot be sold outside these countries for legal
reasons.
Wireless LAN Technologies Overview
Network Definitions
Channel
─ The medium use for passing data in specific frequency, such as 2.4GHz.
BSS (Basic Service Set):
The conceptual area within which members of a basic service set may communicate
Infrastructure mode
ESS (Extended Service Set):
A set of one or more interconnected BSSs and integrated WLANs.
Infrastructure mode
IBSS (Independent BSS)
─ Ad-Hoc mode
Authentication
Association
Wired Equivalent Privacy (WEP)
Wireless Distribution System (WDS)
The whole interconnected Wireless LAN, including the different cells, their respective Access
Points and the Distribution System
Infrastructure-BSS
Access Point
BSS/ESS uses
infrastructure
mode.
Client
Basic Service Set – single cell
Infrastructure-ESS
Access Point
Access Point
Client
Client
Ad-Hoc (IBSS)
IBSS uses AdHoc mode
How to Join the Infrastructure Network
ID : SanDisk1
Channel 7
Open system
w/o WEP
Searching
Auth.
Access Point
Assoc.
Connected
Client
How to Join Infrastructure Network
Synchronization
Searching target wireless networks
Active Scanning (STA probes a frame)
Passive Scanning (STA waits for a Beacon) – XI-815
The Authentication Process
To get authenticated from the target wireless network
The Association Process
A state where a client is allowed to pass data through an AP
Additional Authentication(802.1x)
Exchange the ID & Password with RADIUS server
Roaming
Inter-cell Roaming
The Unlicensed Radio Frequency Spectrum
5.15-5.35
5.725-5.825GHz
IEEE 802.11a
HiperLAN/2
Physical Layer
802.11a
802.11g
802.11b
Standard
Approved
September 1999
September 1999
September 1999
Available
Bandwidth
300MHz
83.5MHz
83.5MHz
Unlicensed
Frequencies of
Operation
5.15-5.35GHz
2.4-2.4835GHz
2.4-2.4835GHz
3(Indoor/Outdoor)
3(Indoor/Outdoor)
1,2,5.5,11
1,2,5.5,11Mbps
Number of Nonoverlapping
Channels
5.725-5.825GHz
4(Indoor)
4(Indoor/Outdoor)
4(Indoor/Outdoor)
Data Rate Per
Channel
6,9,12,18,24,36,48,54
Mbps
6,9,12,18,22,24,33,36,48,54Mbps
Modulation
OFDM
DSSS,OFDM
DSSS
PBCC(O),CCK-OFDM(O)
CCK
Channel Plan – 802.11/11b/11g
Channel Spacing (5MHz)
2.462
2.437
2.412
Non-overlapping channels
Co-Channel Interference
3
2
1
3
1
3
2
1
2
1
3
2
11
1
3
2
1
2
6
1
1
3
11
1
11
6
1
Channel Plan : {1,6,11} or {…}
Hidden notes interfere
6
1
11
6
1
11
6
1
6
1
11
1
Robust for Interference
Sources of interference in 2.4GHz band
Main Source: consumer microwave ovens
– Spread Spectrum Receiver design allows narrowband interference
– Rate reduction allows even more robust operation
Other radios
– RFID tag ( radio frequency ID tag )
– Generally, various systems in the 2.4GHz and will interfere with each
other
Bluetooth, IEEE802.11 and Home RF are currently imcompatible and
will interfere
IEEE802.11 and Home RF interoperability is currently being evaluated
by Home RF working group
Security
Why Security is so important?
Privacy
Preventing Unauthorized Access
Information security (read only/fully authorized)
Preventing Attacks
Virus
Personal Security Policy
Networking Security Policy
Tunnel
Firewall
How to protect your network?
Use virus protection software
Use firewall
Set up personal and group firewall.
Do not open unknown email attachments
Do not run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in
use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or
compromised
Security in the 802.11b
SSID (Wireless network name)
Authentication
MAC address Control
WEP-keys
However…
Wireless Network Vulnerability
2.4GHz radio signal and unlicensed
band
Broadcasting all the time
WEP Encryption has been broken by certain
means, it is not secure any more.
Authentication process is not strong enough since
WEP encryption has been defeated.
Recommendation 1
More secure with WEP on than with WEP off.
The wireless link between the AP and client is only one
small part of a secure network.
Large companies should implement end-to-end security
VPN, RADIUS, IEEE 802.1x
Home and small business can take several measures to
improve security until a solution is available
Recommendation 2
Turn WEP on and manage your WEP key by changing the
default key
Changing the WEP key, daily to weekly.
Password protect drives and folders.
Change the default SSID (Wireless Network Name).
Use MAC address control.
Use a VPN system. Though it would require a VPN server,
the VPN client is already included in many operating
systems such as Windows 98 Second Edition, Windows
2000 and Windows XP.
802.11b Access Point
Hardware Overview
Solution
Atmel (Z-Com)
Power Supply
- 5V
LAN Port
One 10Base RJ-45 LAN port – a cross Ethernet cable is included
Antenna Design
One Dipole and one PIFA
Led Status
PWR
Yellow
Power enabled
Off: No Wireless LAN activity
WLAN
Yellow
Flashing: Wireless LAN traffic
activity
Off: No Ethernet traffic activity
LAN
Yellow
Flashing: Wired LAN traffic activity
On: Connect to the Ethernet.
Feature Highlights
AP Operation Modes
AP
Repeater
AP with Repeating
Configuration Management
Web-based and Windows-based
configuration
SNMP MIBII support
AP with Repeating
Wired Network
AP with
Repeating
The AP is capable of performing AP
and Wireless Bridge function at the
same time. Same channel is
required for all bridges.
AP with
Repeating
AP with
Repeating
Wired Network
AP / Repeater only
Wired Network
Bridge
(repeater)
Repeater Bridge
While using a wireless bridge
in this configuration has the
advantage of extending the link,
it has the disadvantage of
decreased throughput due to
having to repeat all frames
using the same half duplex
radio. Same channel is
required for all bridges.
Bridge
(repeater)
AP with
Repeating
Wired Network
Feature Highlights (Cont.)
Standard:
Wi-Fi Compliant (not certified)
Security
WEP encryption up to 128-bits
MAC Filtering (up to 128 wireless nodes)
Hidden Access Point
What security means does 802.11b Access Point
provide? (I)
WEP
40bit encryption
Alphanumeric: 5 characters
Hexadecimal: 10 hexadecimal digits
128bit encryption
Alphanumeric: 13 characters
Hexadecimal: 26 hexadecimal digits
What security means does 802.11b Access Point
provide? (II)
MAC Access Control
Enable MAC access control
Click “Add” to enter MAC addresses
Click “Apply”
Only the client with the MAC address
that is listed on the table is allowed to
associate with the Access Point
At most 128 clients
What security means does 802.11b Access Point
provide? (III)
Enable Security and select “Hide
Access Point” to make AP invisible for
AP browsing engaged by stations.
If stations get the correct SSID, stations
still can connect to AP by assigning
SSID manually.
802.11b Access Point
Management/Configuration
How to configure the 802.11b Access Point
Via Web-based utility
Via Windows-based utility
Windows-Based Utility
By installing and using
Wireless Access Point Utility
in Any PC on the local
network,
you may then access and
configure the Wireless
Station Adapter Anywhere
on the local network.
Password: default
Windows-Based Utility - Info
Shows the Current
Information of the
Wireless
Station Adapter, including
ESSID, AP name, Channel,
Mode, SNMP, DHCP Client,
IP address, subnetmask and
default gateway.
Windows-Based Utility –
Parameter Setup
Configurable
parameters
includes ESSID, AP
name, Channel, Mode,
SNMP, DHCP Client,
IP address subnetmask,
default gateway and
password.
Windows-Based Utility –
Security
To prevent unauthorized
wireless stations from
accessing data transmitted
over the network, the
Wireless LAN Micro
Access Point offers
security
Options such as WEP,
MAC Access Control as
well as Hide AP Access.
Windows-Based Utility –
WEP
For 40-bit WEP
ASCII: 5 characters (case sensitive) ranging from
“a-z”, “A-Z” and “0-9” (e.g. MyKey)
Hex: 10 hexadecimal digits in the range of “A-F”,
“a-f” and “0-9” (e.g. 11AA22BB33)
Passphrase: click Generate to generate WEP keys
automatically.
For 128-bit WEP
ASCII: 13 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g.
MyKey12345678)
Hex: 26 hexadecimal digits in the range of “A-F”,
“a-f” and “0-9” (e.g.
00112233445566778899AABBCC)
Passphrase : click Generate to generate WEP
keys automatically.
Windows-Based Utility –
MAC Access Control
With the Access Control
Table enabled, you can
authorize wireless units to
access the Access Point by
identifying the MAC
address of the wireless
devices that are allowed
access to transmit data.
Windows-Based Utility –
Hide AP Access
With hide AP access
enabled by checking
“Hide AP Access” check
box, wireless stations
with ESSID “ANY” will
not browser and
associate to the Wireless
Micro Access Point.
Windows-Based Utility –
About
Shows the Current
Utility and Firmware of the
Wireless Access point
Windows-Based Utility –
About
With the Firmware Upgrade Utility, you will be able to
upgrade any of the 802.11b Access Point on the network.
Password : default
WEB-Based Utility –
Login
WEB-Based Utility – Info
WEB-Based Utility –
Configuration
WEB-Based Utility – WEP
WEB-Based Utility –
Hide AP and MAC Access Control
WEB-Based Utility –
TCP/IP
802.11b Access Point FAQs
How to reset 802.11b Access Point to the default?
Software
Press the “Default”
button of the utility.
Hardware
Press the “Default”
button by the side of the
LAN port on hardware
How to upgrade firmware
Firmware upgrade utility
Add *.bin file
Press “Upgrade” button.
How many Wireless Bridges can the 802.11b
Access Point grant the connection with?
Software limit
At most 256 clients
Suggestion
No more than 4 clients
Cells around each repeater will overlap by a
minimum of 50%
How to use the “AP with Repeating Mode”
From the “Mode” item
on utility, select
“AP+Repeater” .
The same channel is
required to all Access
Points.
How does SNMP work in 802.11b Access Point?
Enable SNMP.
Install a SNMP
management tool to
compile the 802.11
MIB files and use the
tool or other tools to
monitor the SNMP
agent in WL-013.
802.11b Device Point
802.11b Device point Hardware
Overview
Solution
Atmel (Z-Com)
Power Supply
- 5V
LAN Port
One 10Base RJ45 LAN port, a cross Ethernet cable is included
Antenna Design
One Dipole and one PIFA
Output Power
18dBm typical
Hardware Overview (Cont.)
PWR
Yellow
Power enabled
Off: No Wireless LAN traffic activity
WLAN
Yellow
Flashing: Wireless LAN traffic
activity
On: Associated to the Wireless AP.
Off: No Ethernet traffic activity
LAN
Yellow
Flashing: Wired LAN traffic activity
On: Connect to the Ethernet.
What security means does the 802.11b Device
Point provide?
WEP
40bit encryption
Alphanumeric: 5 characters
Hexadecimal: 10 hexadecimal digits
128bit encryption
Alphanumeric: 13 characters
Hexadecimal: 26 hexadecimal digits
Passphrase
ASCII string
802.1x later
Act just like Wireless Station
Internet
Device
Point
Access Point
Device
Point
Act just like Wireless Station
Internet
Device
Point
Access Point
Device
Point
Multi-Client Support
(will be available)
How to configure the 802.11b Device
Point?
Via Web-based utility
Via Windows-based utility
Windows-Based Utility
By installing and using
Station Adapter Utility in
Any PC on the local
network,
you may then access and
configure the 802.11b
Device Point Anywhere
on the local network.
Password: default
Windows-Based Utility - Info
Shows the Current
Information of the
Device point, including
ESSID, AP name, TX rate,
IP address, subnetmask
and
default gateway.
Windows-Based Utility –
Parameter Setup
Configurable parameters
includes ESSID, AP name,
TX
rate, IP address
subnetmask,
default gateway and
password.
Windows-Based Utility –
Security
To prevent unauthorized
wireless stations from
accessing data transmitted
over the network, the
802.11b Device Point offers
WEP security
options.
Windows-Based Utility –
Security
For 40-bit WEP
ASCII: 5 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g. MyKey)
Hex: 10 hexadecimal digits in the range of “AF”, “a-f” and “0-9” (e.g. 11AA22BB33)
Passphrase: click Generate to generate WEP
keys automatically.
For 128-bit WEP
ASCII: 13 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g.
MyKey12345678)
Hex: 26 hexadecimal digits in the range of “AF”, “a-f” and “0-9” (e.g.
00112233445566778899AABBCC)
Passphrase : click Generate to generate WEP
keys automatically.
Windows-Based Utility –
About
Shows the Current
Utility and Firmware of the
802.11b Device Point
Firmware Upgrade
Utility
Allow you to upgrade the firmware for the Device point.
Password: default
WEB-Based Utility – Info
802.11b Device Point FAQs
How to reset the 802.11b Device Point to the
default?
Software
Press the “Default”
button of the
utility.
Hardware
Press the “Default”
button by the side
of the LAN port on
hardware
How to upgrade firmware
Firmware upgrade utility
Add *.bin file
Press “Upgrade” button.
Does the 802.11b Device Point support Wireless
Workgroup Bridge?
No, not today:
But it will support Wireless Ethernet Bridge
(same as Wireless Workgroup Bridge) on
the later version.
The number of Ethernet clients will be
limited to under 8.
Demonstration/ Hands On Training
Questions