3e Technologies International 3e-531AP, QVT-531AP User manual

  • Hello! I am an AI chatbot trained to assist you with the 3e Technologies International 3e-531AP User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Wireless Access Point
User's Guide
Model 3e-531AP
3e Technologies International
700 King Farm Blvd., Rockville, MD 20850
(301) 670-6779 www.3eti.com
29000125-001 C
publ. 09/29/04
This page intentionally left blank.
3e Technologies International's
Wireless Access Point
User's Guide
Model 3e-531AP
700 King Farm Blvd.
Rockville, MD 20850
(301) 670-6779 www.3eti.com
Safety Requirements
If AC power will be used, the socket outlet
shall be installed near the equipment and
shall be easily accessible.
CAUTION: Risk of explosion if battery is
replaced by an incorrect type. DIspose of
used batteries according to the instructions.
External Power to Earth (PE) or ground
connector must be connecetd  rst and shall
always be connected if power is applied to
the unit.
Copyright © 2004 3e Technologies International. All rights reserved. No part of this documentation
may be reproduced in any form or by any means or to make any derivative work (such as translation,
transformation, or adaptation) without written permission from 3e Technologies International.
3e Technologies International reserves the right to revise this documentation and to make changes in
content from time to time without obligation on the part of 3e Technologies International to provide
noti cation of such revision or change.
3e Technologies International provides this documentation without warranty, term or condition
of any kind, either implied or expressed, including, but not limited to, the implied warranties,
terms, or conditions of merchantability, satisfactory quality, and  tness for a particular purpose.
3e Technologies International may make improvements or changes in the product(s) and/or the
program(s) described in this documentation at any time.
If there is any software or removable media described in this documentation, it is furnished under a
license agreement included with the product as a separate document, in the printed documentation,
or on the removable media in a readable  le such as license.txt or the like. If you are unable to locate a
copy of the license, contact 3e Technologies International and a copy will be provided to you.
___________________________________
UNITED STATES GOVERNMENT LEGEND
If you are a United States Government agency, then this documentation and the product described
herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private
expense. Software is delivered as “Commercial Computer Software” as de ned in DFARS 252.227-
7014 (June 1995) or as a “commercial item” as de ned in FAR 2.101(a) and as such is provided with
only such rights as are provided in 3e Technologies International’s standard commercial license for
the software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015
(Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface
any portion of any legend provided on any licensed program or documentation contained in, or
delivered to you in conjunction with, this User Guide.
___________________________________
3e Technologies International and the 3e Technologies International logo are registered trademarks.
Windows is a registered trademark of Microsoft Corporation. Palm and Palm OS are registered
trademarks of Palm, Inc. PRISM is a registered trademark of Intersil Corporation. Samsung, CC&C
and Senao are registered trademarkes of their companies respectively.
Any other company and product name mentioned herein is a trademark of the respective company
with which they are associated.
EXPORT RESTRICTIONS
This 3e Technologies International product contains encryption and may require U.S. and/or local
government authorization prior to export to another country.
29000125-001 C
iii
3e-531AP Wireless Access Point
Table of Contents
Table of Contents
Chapter 1: Introduction
...............................................................
....................................
1
Basic Features
...............................................................
..............................................
2
Wireless Basics
...............................................................
.............................................
3
802.11b
...............................................................
........................................................
3
Network Con guration
...............................................................
...........................
4
Access Point Con gurations
...............................................................
...................
4
Possible AP Topologies
...............................................................
..........................
4
Gateway Con gurations
...............................................................
.........................
5
Bridging Mode
...............................................................
..........................................
6
Default Con guration
...............................................................
..............................
6
Data Encryption and Security
...............................................................
...................
6
SSID
...............................................................
............................................................
7
AES and 3DES
...............................................................
...........................................
7
Dynamic Key Management
...............................................................
....................
7
Authentication
...............................................................
..........................................
7
DHCP Server and NAT
...............................................................
............................
8
Operator Authentication and Management
........................................................
8
Management
...............................................................
................................................
8
Chapter 2: Hardware Installation
...............................................................
...................
9
Preparation for Use
...............................................................
.....................................
9
Installation Instructions
...............................................................
...........................
10
Minimum System and Component Requirements
............................................
10
Cabling
...............................................................
.......................................................
11
Indicator Lights
...............................................................
.......................................
12
Chapter 3: Access Point Con guration
...............................................................
......
13
Introduction
...............................................................
...............................................
13
Preliminary Con guration Steps
...............................................................
............
14
Initial Setup using the “Local” Port
...............................................................
.......
14
System Con guration
...............................................................
...............................
16
General
...............................................................
.....................................................
16
WAN
...............................................................
.........................................................
17
LAN
...............................................................
..........................................................
18
Operating Mode
...............................................................
......................................
18
Wireless Setup
...............................................................
...........................................
19
General
...............................................................
.....................................................
19
Encryption
...............................................................
...............................................
21
Dynamic Key Management
...............................................................
................
21
Static 3DES Key/Open System Authentication
..............................................
21
Static AES Key/Open System Authentication
................................................
22
MAC Address Filtering
...............................................................
.........................
23
Bridging and Bridging Encryption
...............................................................
......
23
Rogue AP Detection
...............................................................
...............................
24
802.1x
...............................................................
........................................................
24
Advanced
...............................................................
.................................................
25
Services Settings
...............................................................
........................................
26
DHCP Server
...............................................................
...........................................
26
Print Server
...............................................................
..............................................
26
SNMP
...............................................................
.......................................................
27
User Management
...............................................................
.....................................
28
List All Users
...............................................................
...........................................
28
Add New User
...............................................................
........................................
28
iv
29000125-001 C
3e-531AP Wireless Access Point
Table of Contents
Monitoring/Reports
...............................................................
.................................
29
System Status
...............................................................
..........................................
29
Bridging Status
...............................................................
........................................
30
Wireless Clients
...............................................................
.......................................
30
Rogue AP List
...............................................................
..........................................
32
DHCP Client List
...............................................................
....................................
32
System Log
...............................................................
..............................................
33
Web Access Log
...............................................................
......................................
33
Network Activites
...............................................................
..................................
34
System Administration
...............................................................
............................
34
Firmware Upgrade
...............................................................
.................................
34
Self-Test
...............................................................
....................................................
35
Factory Default
...............................................................
.......................................
36
Remote Logging
...............................................................
......................................
36
Reboot
...............................................................
......................................................
37
Utilities
...............................................................
.....................................................
37
Chapter 4: Gateway Con guration
...............................................................
..............
39
Introduction
...............................................................
...............................................
39
Con guring in Gateway Mode
...............................................................
...............
41
System Con guration
...............................................................
...............................
43
General
...............................................................
.....................................................
43
WAN
...............................................................
.........................................................
43
LAN
...............................................................
..........................................................
44
Operating Mode
...............................................................
......................................
45
Wireless Con guration
...............................................................
............................
45
General
...............................................................
.....................................................
45
Encryption
...............................................................
...............................................
47
WEP (RC4) Data Encryption
...............................................................
..............
47
Static 3DES Key/Open System Authentication
..............................................
47
Static AES Key/Open System Authentication
................................................
48
Mac Address Filtering
...............................................................
............................
49
Rogue AP Detection
...............................................................
...............................
50
802.1x
...............................................................
........................................................
50
Advanced
...............................................................
.................................................
51
Services Settings
...............................................................
........................................
52
DHCP Server
...............................................................
...........................................
52
Print Server
...............................................................
..............................................
53
SNMP Agent
...............................................................
............................................
53
Firewall
...............................................................
.......................................................
54
Content Filtering
...............................................................
.....................................
54
IP Filtering
...............................................................
...............................................
55
Port Filtering
...............................................................
...........................................
55
Virtual Server
...............................................................
..........................................
56
Demilitarized Zone (DMZ)
...............................................................
...................
57
Block WAN ICMP
...............................................................
...................................
58
User Management
...............................................................
.....................................
58
List All Users
...............................................................
...........................................
58
Add New User
...............................................................
........................................
59
Monitoring/Reports
...............................................................
.................................
60
System Status
...............................................................
..........................................
60
Wireless Clients
...............................................................
.......................................
60
Rogue AP List
...............................................................
..........................................
61
DHCP Client List
...............................................................
....................................
61
System Log
...............................................................
..............................................
62
29000125-001 C
v
3e-531AP Wireless Access Point
Table of Contents
Web Access Log
...............................................................
......................................
62
Network Activites
...............................................................
..................................
63
System Administration
...............................................................
............................
63
Firmware Upgrade
...............................................................
.................................
63
Factory Default
...............................................................
.......................................
64
Remote Logging
...............................................................
......................................
64
Reboot
...............................................................
......................................................
65
Utilities
...............................................................
.....................................................
65
Chapter 5: Bridge Con guration
...............................................................
..................
67
Introduction
...............................................................
...............................................
67
Preliminary Setup
...............................................................
.....................................
67
General Bridge Setup
...............................................................
...............................
68
Bridging Type Con guration
...............................................................
..................
71
Point-to-Point Bridge Con guration
...............................................................
...
71
Point-to-Point Bridging Setup Guide
...............................................................
72
Point-to-Multipoint Bridge Con guration
........................................................
75
Point-to-Multipoint Bridging Setup Guide
.....................................................
76
Back-to-Back Bridge Con guration
...............................................................
.....
76
Back-to-Back Bridging Setup Guide
...............................................................
..
77
Repeater Bridge Con guration
...............................................................
............
78
Repeater Bridging Setup Guide
...............................................................
.........
78
Chapter 6: PC Card Installation on a Laptop
............................................................
79
Chapter 7: The RF Manager Function
...............................................................
.........
81
Introduction
...............................................................
...............................................
81
How to Access the RF Manager Function
............................................................
82
How to Program the RF Manager
...............................................................
..........
83
Chapter 8: Network Printer Setup
...............................................................
...............
87
Install Print Service for Unix (Windows 2000):
...................................................
87
Printer Setup
...............................................................
..............................................
88
Chapter 9: Technical Support
...............................................................
........................
93
Manufacturer’s Statement
...............................................................
.......................
93
Radio Frequency Interference Requirements
.......................................................
93
vi
29000125-001 B
3e-531AP Wireless Access Point
Navigation Options
3e-531AP Navigation Options
3e-531AP Navigation Options
Access Point
Gateway
Not FIPS 140-2
FIPS 140-2
Not FIPS 140-2
System Con guration
System Con guration
System Con guration
General
General
General
WAN
WAN
WAN
LAN
LAN
LAN
Operating Mode
Operating Mode
Operating Mode
Wireless con guration
Wireless con guration
Wireless con guration
General
General
General
Encryption
Encryption
Encryption
Bridging
Bridging
MAC Address Filtering
MAC Address Filtering
MAC Address Filtering
Rogue AP detection
Rogue AP detection
Rogue AP detection
802.1x
802.1x
Advanced
Advanced
Advanced
Services Settings
Services Settings
Services Settings
DHCP Server
DHCP Server
DHCP Server
Print Server
Print Server
Print Server
SNMP agent
SNMP agent
Firewall
Firewall
Firewall
Content Filtering
IP Filtering
Port Filtering
Virtual Server
DMZ
Block WAN IP ICMP
User Management
User Management
User Management
List All Users
List All Users
List All Users
Add New User
Add New User
Add New User
Monitoring Reports
Monitoring Reports
Monitoring Reports
System Status
System Status
System Status
Bridging Status
Bridging Status
Wireless clients
Wireless clients
Wireless clients
Rogue AP List
Rogue AP List
Rogue AP List
DHCP Client List
DHCP Client List
DHCP Client List
System Log
System Log
System Log
Web Access Log
Web Access Log
Web Access Log
Network Activities
Network Activities
Network Activities
System Administration
System Administration
System Administration
Firmware Upgrade
Firmware Upgrade
Firmware Upgrade
Self-Test
Factory Default
Factory Default
Factory Default
Remote Logging
Remote Logging
Reboot
Reboot
Reboot
Utilities
Utilities
Utilities
3e-531AP Wireless Access Point
Chapter 1: Introduction
29000125-001 C
1
Chapter 1: Introduction
This manual covers the installation and operation of the 3e Technolo-
gies International’s 3e-531AP Wireless Access Point, which conforms to
the requirements of FIPS PUB 140-2, Security Requirements for Crypto-
graphic Modules. The 3e-531AP Wireless Access Point provides a connec-
tion between an Ethernet LAN and a wireless LAN (WLAN). The wireless
LAN can include mobile devices such as handheld Personal Data Assis-
tants (PDAs), mobile web pads, and wireless laptops as long as they have
the 3e-010F Crypto Client software installed. (The 3e-010F Crypto Client
software is sold with the 3e-110 long range PC Card or sold separately for
use with other compatible PC Cards.)
The 3e-531AP incorporates Power over Ethernet (PoE), IEEE 802.3af,
and the highest security functionality including the ability to manage RF
centrally and to even shut off RF to wireless devices entirely, should that
be necessary. The PoE solution eliminates the need for internal gateway
power supply units (AC-DC converters) and 110-220V cabling installa-
tions for the gateway operation. In the 3e-531AP, however, the capability
to switch to AC power has been provided as a backup in the event the
Power over Ethernet hub is lost or unavailable. The device detects power
failure and automatically switches to AC current with minimal wireless
connection interruption using the power cord provided. (Note: a power
cord does not have to be plugged in to the 3e-531AP during setup, but it
is recommended that it be kept available for use in case of failure of the
PoE Power Supply.)
The PoE interface on the 3e-531AP is compatible with commercial
vendor “injected power” hub units (also known as Ethernet Power Sup-
ply or Power over Ethernet Hub) interfaces.
The 3e-531AP conforms to the FIPS 140-2 speci cation. It includes
the following cryptographic modules: AES/3DES for wireless encryption;
dynamic key exchange (Dif e-Hellman module 1024) for wireless com-
munication; and HTTPS/TLS, for secure web communication. The 3e-
531AP contains three cryptographic modules and ports: Ethernet WAN
uplink interface for communication to the wired LAN backbone; Ethernet
LAN local port for communication to a local wired LAN; and wireless
LAN port for wireless communication to local clients. The authorized
roles supported are Crypto Of cer Role and Administrator Role. Crypto-
graphic services provided include; AES and 3DES for wireless; SHA-1 for
authentication; HMAC SHA-1 for keyed authenticated  rmware upgrade;
3e-531AP Wireless Access Point
Chapter 1: Introduction
2
29000125-001 C
Dif e-Hellman Key Exchange; and HTTPS/TLS for web services via a
secure link. Operator Authentication is performed by assigning operator
type: Administrator can view con gurations and logs, can do non-cryp-
tographic functions such as assigning hostname, domain name, system
date/time, TX Pwr Mode/Level and the like; the Crypto Of cer role has
total access and control and can perform cryptographic initialization or
management functions such as module initialization, input or output of
cryptographic keys and CSPs, and audit functions.
The 3e-531AP is wall-mountable and physically sealed with special
tape for physical security. Violation of the unit's integrity will cause the
unit to fail and display an Error State alarm, requiring reboot.
Basic Features
The 3e-531AP is housed in a sturdy case which is not meant to be
opened except by an authorized technician for maintenance or repair. The
unit should work without fail. If you wish to reset to factory settings, use
the reset function available through the web-screen management module.
It has the following features:
Local Ethernet LAN
Ethernet uplink WAN
Wireless (802.11b) interface with operating range of 2000+ feet
AES/3DES encryption
HTTPS/TLS secure Web
802.1x/EAP-TLS
Sealed cover with tamper-proof tape
DHCP client/sever
Firewall
NAT
Bridging Mode
Repeater Mode
Adjustable Radio Power
MAC address  ltering
The following cryptographic modules have been implemented in the
3e-531AP.
AES for wireless (802.11b)
3DES for wireless (802.11b)
802.1x/EAP-TLS for authentication
SHA-1
HMAC SHA-1 for  rmware upgrade
3e-531AP Wireless Access Point
Chapter 1: Introduction
29000125-001 C
3
Wireless Basics
Wireless networking uses electromagnetic radio frequency waves to
transmit and receive data. Communication occurs by establishing radio
links between the wireless gateway and devices con gured to be part of
the
WLAN.
The 3e-531AP incorporates the 802.11b (Wi-Fi) standard and
the most
state of the art encryption for a very powerful and secure wireless envi-
ronment.
802.11b
The IEEE 802.11b standard, developed by the Wireless Ethernet
Compatibility Alliance (
WECA), establishes a stable standard. A user with
an 802.11b product can use any brand of gateway/access point with any
other brand of client hardware that is built to the 802.11b standard for ba-
sic interconnection.
802.11b devices provide 11 Mbps transmission (with a
fallback to 5.5, 2 and 1 Mbps depending on signal strength) in the 2.4 GHz
band.
802.11b uses
DSSS (direct-sequence spread spectrum) for radio com-
munication.
Direct-sequence systems communicate by continuously
transmitting a redundant pattern of bits called a chipping sequence. The
chipping sequence is combined with a transmitted data stream to produce
the wireless output signal.
For wireless devices to communicate with the 3e-531AP, they must
meet the following conditions:
The signal strength must be suf cient;
The wireless device and wireless gateway must have been con g-
ured to recognize each other using the
SSID (a unique ID assigned
in setup so that the wireless device is seen to be part of the net-
work by the 3e-531AP);
Encryption and authentication capabilities and types enabled
must conform;
The wireless device and wireless gateway must have compatible
data rate con gurations; and
If MAC  ltering is used, the 3e-531AP must be con gured to
allow the wireless device’s MAC address to associate (communi-
cate) with the 3e-531AP wireless interface.
3e-531AP Wireless Access Point
Chapter 1: Introduction
4
29000125-001 C
Network Con guration
The 3e-531AP is capable of various con gurations. The three basic
con gurations are:
Access point mode with wired infrastructure
Gateway mode with wired infrastructure
Wireless bridging with choice of:
— Point-to-point setup
— Point-to-multipoint setup
— Repeater setup
Bridging actually has more choices, but the above choices are popular
and are discussed later in this user guide.
Access Point Con gurations
When a 3e-531AP is con gured as an access point, IP addresses for
wireless devices are typically assigned by the wired network’s
DHCP
server. The wired LAN’s DHCP server assigns addresses dynamically,
and the AP virtually connects wireless users to the host wired network.
All wireless devices connected to the AP are con gured on the same sub-
network as the attached wired network interface and can be accessed by
devices on the wired network.
Possible AP Topologies
1.
An access point can be used as a single AP without any connec-
tion to a wired network. In this con guration, it simply provides a
stand-alone wireless network for a group of wireless devices.

2.
The 3e-531AP can be used as one of a number of APs connected
to an existing Ethernet network to bridge between the wired and
wireless environments. Each AP can operate independently of the
other APs on the LAN. Multiple APs can coexist as separate indi-
vidual networks at the same site without interference if each AP is
set with a different
network ID (SSID).
3e-531AP Wireless Access Point
Chapter 1: Introduction
29000125-001 C
5

 
   
3.
And lastly, multiple APs connected to a wired network and operat-
ing off that network’s DHCP server can provide a wider coverage
area for wireless devices, enabling the devices to “
roam” freely
about the entire site.
 

Gateway Con gurations
In gateway mode, wireless users are provided additional
rewall
protection from the rest of the industrial or shipboard network or Internet
using
Network Address Translation (
NAT) protocol features and  rewall
options.
Wireless users can still communicate with the wired network resourc-
es but communication must be initiated by the wireless devices. Using the
NAT protocol, the only IP address visible to the wired network is that of
the gateway itself, as assigned by the wired Ethernet DHCP server. The
gateway provides  rewall protection to its wireless users. It can dynami-
cally assign private addresses to member devices using its own internal
DHCP server. It acts as a
router, not a
bridge, and controls traf c  ow and
access control between the wired and wireless networks.
3e-531AP Wireless Access Point
Chapter 1: Introduction
6
29000125-001 C
 

 
 

 
 




Alternately, if you wish, the network administrator can assign
static
addresses to the member wireless devices. In order to set static addresses,
the system administrator will need to manually con gure the TCP/IP
con guration on each wireless device.
Bridging Mode
The wireless bridging function in the 3e-531AP allows setup as a
bridge, in a number of alternate con gurations, including the following
popular con gurations:
1.
Point-to-point bridging of 2 Ethernet Links;
2.
Point-to-multipoint bridging of several Ethernet links;
3.
Repeater mode (wireless client to wireless bridge.)
Default Con guration
By default, the 3e-531AP boots up in access point mode. See your
network administrator or more advanced technical sections of this User’s
Guide for information if the device is to be con gured in gateway mode
or bridging mode.
Data Encryption and Security
The 3e-531AP Wireless Access Point includes advanced wireless
security features, including Dynamic Key Management or Static key AES
or 3DES encryption. AES or 3DES and MAC Address authentication are
available in the 3e-531AP in all modes, and some level of encryption is
recommended. In gateway mode, WEP encryption is an option.
The incorporation of AES and 3DES brings system security up to the
most stringent standards. The functionality of these two enhancements,
along with a more detailed discussion of the 3e-531AP security features,
is further covered in the following paragraphs.
3e-531AP Wireless Access Point
Chapter 1: Introduction
29000125-001 C
7
SSID
The Service Set ID (SSID) is a string used to de ne a common roam-
ing domain among multiple wireless access points. Different SSIDs on
gateways can enable overlapping wireless networks. The SSID can act as
a basic password without which the client cannot connect to the network.
However, this is easily overridden by allowing the wireless AP to broad-
cast the SSID, which means any client can associate with the AP. SSID
broadcasting can be disabled in the 3e-531AP setup menus.
AES and 3DES
The Advanced Encryption Standard (AES) was selected by National
Institute of Standards and Technology (NIST) in October 2000 as an up-
grade from the previous DES standard. AES uses a 128-bit block cipher
algorithm and encryption technique for protecting computerized infor-
mation. It has the ability to use even larger 192-bit and 256-bit keys, if
necessary. AES is incorporated into all current and future models of 3e
Technologies International’s series of wireless APs/gateways.
3DES is also incorporated on the 3e-531AP. 3DES is modeled on the
older DES standard but encrypts data three times over. Triple-DES uses
more CPU resources than AES because of the triple encryption.
Dynamic Key Management
Addition of Security Server software (3e-030, sold separately), which
is con gured to dynamically assign secure key access, raises the secu-
rity capability to its highest level. The Security Server software operates
from a remote point on the WLAN and is accessed by pointing to its IP
Address in each of the 3e-531APs on the WLAN as part of the wireless
encryption con guration process.
Authentication
The
MAC address, short for
Media Access Control address,
is a hard-
ware address that uniquely identi es each node of a network. In IEEE 802
networks, the
Data Link Control (
DLC) layer of the
OSI Reference Model
is divided into two sub-layers: the
Logical Link Control (LLC) layer
and the
Media Access Control (MAC) layer.
The MAC layer interfaces directly with
the network media. Consequently, each type of network media requires a
unique MAC address.
Authentication is the process of proving a client identity. The 3e-
531AP gateways, if set up to use MC address  ltering, detect an attempt
to connect by a client and compare the client’s MAC address to those on
a prede ned MAC address  lter list. Only client addresses found on the
list are allowed to associate. MAC addresses are assigned and registered
to each of the wireless cards used by the portable computing devices dur-
ing initial setup and after physical installation of the gateways.
3e-531AP Wireless Access Point
Chapter 1: Introduction
8
29000125-001 C
DHCP Server and NAT
In AP mode, the 3e-531AP has a DHCP (
Dynamic Host Con guration
Protocol
) server function that is accessible to the LAN port. If the 3e-
531AP is set up in gateway mode, this DHCP function is available, with
many  rewall functions in addition, to both the LAN and WLAN ports.
DHCP is a protocol for assigning
dynamic IP addresses.
When the 3e-531AP is in access point mode, the DHCP function is
accessible only from the local LAN port. A local LAN can be established
from the LAN port and can utilize the DHCP function.
If the 3e-531AP is recon gured for gateway mode, and the DHCP
function is enabled, the gateway
Ethernet uplink interface becomes the
only visible
IP address to the Ethernet network. It uses Network Address
Translation (NAT) to forward packets from wireless devices as if they
were coming from the one visible IP address, managing a database of in-
formation in order to sort out and forward the replies to the correct client.
NAT provides an additional layer of security by protecting information
on the wireless LAN from direct access by the Ethernet LAN.
Operator Authentication and Management
Authentication mechanisms may be required within a cryptographic
module to authenticate an operator accessing the module and to verify
that the operator is authorized to assume the requested role and perform
services within that role.
There are two types of operators de ned:
Crypto Of cer: The Crypto Of cer user has total control of the
gateway. The Crypto Of cer can con gure the encryption keys
and upload  rmware.
Administrator: The Administrator can view con gurations and
logs, can do non-cryptographic functions such as assigning host-
name, domain name, system date/time, TX Pwr Mode/Level and
the like. This user can reboot the gateway if it is deemed neces-
sary.
The Crypto Of cer initially installs and con gures the 3e-531AP after
which the
password should be changed from the
default password. The
enclosure itself must be physically secured.
Management
After initial setup, maintenance of the system and programming of
security functions are performed by personnel trained in the procedure
using the embedded web-based management screens. For general mainte-
nance, the Administrator logon should be suf cient.
The next chapter covers the basic procedure for setting up the hard-
ware.
3e-531AP Wireless Access Point
Chapter 2: Hardware Installation
29000125-001 C
9
Chapter 2: Hardware Installation
Preparation for Use
The 3e Technologies International's 3e-531AP Wireless Access Point
requires physical mount ing and in stal la tion on the site, following a
prescribed placement design to ensure optimum operation and roaming.
Professional installation is required.
If the 3e-531AP's Power over Ethernet (PoE) solution is being activat-
ed, it will, in addition, re quire the installation of a separate PoE-capable
hub switch which “in jects” DC cur rent into the Cat5 cable. This injector
device should have been spec’ed and installed by a wireless LAN installa-
tion team.
To ensure that there is no possibility of danger from contact with the
in ject ed current should anyone open the 3e-531AP enclosure, each 3e-
531AP device has been  tted with a safety interlock that functions as an
in ter nal circuit breaker to interrupt the  ow of current when the device is
opened.
The 3e-531AP package includes the following items:
The FIPS-compliant 3e-531AP
2 removable antennas
Documentation as PDF  les (on CD-ROM)
Installable RF Manager utility (on CD-ROM)
Registration card
Warranty card
The following items are separately purchased in accordance with the
exact dimensions of the network to be con gured:
Power cable with water-resistant circular connector
Ethernet cable with special water-resistant circular con-
nec tor
3e-531AP Wireless Access Point
Chapter 2: Hardware Installation
10
29000125-001 C
The antennas used with the 525A must be installed with a mini-
mum separation distance of 20 cm from all persons, and must
not be co-located or operated in conjunction with any other
antenna or transmitter. Installation should be accomplished
using the authorized cables and/or connectors provided with the device
or available from the manufacturer/distributor for use with this device.
Changes or modi cations not expressly approved by the manufacturer or
party responsible for this FCC compliance could void the user’s authority
to operate the equipment.
Installation Instructions
The 3e-531AP is intended to be installed as part of a complete wireless
design solution, and, as such, the design and ar chi tec ture of that solution
is unique to each lo ca tion and is addressed in a separate doc u ment. Prop-
er installation of the wire less sys tem will ensure that users can “roam”
freely throughout the serviced location, passing transparently from node
to node with no loss of service but at the same time maintaining top secu-
rity on the wireless LAN.
This manual deals only and speci cally with the single 3e-531AP de-
vice as a unit. The purpose of this chapter is the description of the device
and its identi able parts so that the user is suf ciently familiar to interact
with the physical unit. Preliminary setup information provided below
is intended for information and instruction of the wireless LAN system
administration personnel.
It is intended, and is the philosophy of 3e Technologies International,
that the user not be required to open the individual unit. Any main te -
nance required is limited to the external enclosure surface, cable con nec -
tions, and to the man age ment software (as described in Chapter three,
four and  ve) only. A failed unit should be returned to the man u fac tur er
for maintenance. Sites requiring emergency backup will maintain extra
units of the device to interchange in case of failure.
Minimum System and Component Requirements
The 3e-531AP is designed to be attached to the wall or bulkhead at
appropriate locations. To complete the con guration, you should have at
least the following components:
PCs with one of the following operating systems installed:
Win dows Windows NT 4.0, Windows 2000 or Windows XP;
A compatible 802.11b PC Card or 802.11b device for each
computer that you wish to wirelessly connect to your wire-
less network. (For wireless cards, select the 3e-110 PC Card
with 3e-010F Crypto Client software (sold separately) or
install the 3e-010F software with any compatible PC Card.
(For maximum security and compatibility, we recommend
the 3e Technologies International 3e-110 PC Card);
3e-531AP Wireless Access Point
Chapter 2: Hardware Installation
29000125-001 C
11
Access to at least one laptop or PC with an Ethernet card
and cable that can be used to complete the initial con g u-
ra tion of the unit. (The cable required will have a standard
RJ-45 connector on one end and a circular connector on the
other.)
A Web browser program (such as Microsoft Internet Explor-
er 5.5 or later, or Netscape 6.2 or later) in stalled on the PC or
laptop you will be using to con gure the Gateway.
TCP/IP Protocol (usually comes installed on any Windows
PC.)
Cabling
The 3e-531AP is well-protected in a met al enclosure which is gen-
er al ly bolted to the bulk head. The front of the box is hinged but should
not be opened, particularly if being employed as FIPS 140-2 compatible
device.
The fol low ing il lus tra tion shows the external cabling on the 3e-531AP.
However, even if the On-off switch is “on”, if the lid of the de vice is
opened, power will cease to  ow be cause of the safe ty in ter lock.
Printer
connector
(Not active in
3e-531APs.)
AC Power
Connector
Power
Switch
(On/Off)
Lo cal
Ethernet
Connector
Ethernet
uplink
An AC Power Con nec tor (not provided) can be plugged into an AC
outlet. In some situations, the in stal la tion design may include elimination
of the ability to plug the unit into an AC outlet. In such circumstances, the
AC power is supplied (that is, hardwired) using the same AC Power Con-
nector port. Usually, in the default con guration of the 3e-531AP, the AC
Pow er Con nec tor is not ac tive ly used. The socket outlet must be installed
near the equipment and be easily accessible.
The Ethernet Up link con nec tor is used to connect the 3e-531AP to the
ship board LAN. When used as a PoE device, the Ethernet Uplink con-
nec tor will have been routed from the unit to a PoE-capable hub switch
which runs the power through the Ethernet cable to the unit. The Ethernet
3e-531AP Wireless Access Point
Chapter 2: Hardware Installation
12
29000125-001 C
cable is thus run from the 3e-531AP to the PoE-capable hub switch which
is then connected to the wired LAN and to a power source.
The 3e-531AP design includes an external Power Switch for the pur-
pose of disabling power to the unit for servicing or removal.
Although a safety interlock is provided on the unit to disable power
when the enclosure door is opened, AC and PoE power cables must be
disconnected prior to servicing or removing the device. This is a pre cau -
tion ary measure.
An additional Ethernet connector labeled "Local" is designated for use
during initial con guration. The installation team uses an RJ45 cable with
Circular con nec tor to connect the 3e-531AP to a laptop.
Indicator Lights
The top panel of the 3e-531AP con tains a set of in di ca tor lights (
Light
Emitting Diodes or
LEDs) that help describe the state of various network-
ing and connection operations.
This closeup shows the ground and one of the seals that
are standard on the FIPS 140-2 compliant 3e-531AP.
Note that the ground will be installed permanently on
installation of the unit and should not be disturbed after
that.
Ethernet Uplink
Power
Wireless LAN
Activity
Error State
LED indicator
LED
Description
Power
The Power indicator LED informs you when the
gateway is on or off. If this light is on, the gateway is
on; if it is not on, the gate way is off. During
rmware
upgrades and resets, this light will blink
Ethernet Uplink
This light indicates the state of your connection to the
shipboard network. When on, the WAN light indicates
that the gateway is con nect ed to the net work. When
the WAN light is off, the gateway does not have an ac-
tive connection to the shipboard net work.
Wireless LAN Activity
This light may be steady or blinking and indicates that
in for ma tion is passing through the connection.
Error State
LED indicator
The Error State LED indicator will light to alert you if
the device enters Error State. If the 3e-531AP enters an
Error State, you must power down and up (using the
On/Off switch), to allow it to invoke the power-up self
tests.
/