Wireless Mesh Network Solution Reference

8/9/2019 Wireless Mesh Network Solution Reference

1/252

Part No. 318507-B Rev 01

March 2005

Wireless Mesh NetworkSolution Reference


2/252

2

318507-B Rev 01

Copyright © 2005 Nortel Networks

All rights reserved. March 2005

The information in this document is subject to change without notice. The statements, configurations, technical data, andrecommendations in this document are believed to be accurate and reliable, but are presented without express or impliedwarranty. Users must take full responsibility for their applications of any products specified in this document. Theinformation in this document is proprietary to Nortel Networks Inc.

The software described in this document is furnished under a license agreement and may be used only in accordancewith the terms of that license. The software license agreement is included in this document.

Trademarks

Nortel Networks, the Nortel Networks logo, and Contivity are trademarks of Nortel Networks.

Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.

Check Point and Firewall 1 are trademarks of Check Point Software Technologies Ltd.

Java is a trademark of Sun Microsystems.

Microsoft, Windows, Windows NT, and MS-DOS are trademarks of Microsoft Corporation.

NETVIEW is a trademark of International Business Machines Corp (IBM).

OPENView is a trademark of Hewlett-Packard Company.SPECTRUM is a trademark of Cabletron Systems, Inc.

All other trademarks and registered trademarks are the property of their respective owners.

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in theCommercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves theright to make changes to the products described in this document without notice.

Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or

circuit layout(s) described herein.

Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. Allrights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that theabove copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertisingmaterials, and other materials related to such distribution and use acknowledge that such portions of the software weredeveloped by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITYAND FITNESS FOR A PARTICULAR PURPOSE.


3/252

3

Wireless Mesh Network Solution Reference

In addition, the program and information contained herein are licensed only pursuant to a license agreement that containsrestrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third

parties).

Nortel Networks Inc. software license agreement

This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWINGCAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THESOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSEAGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shippingcontainer, within 30 days of purchase to obtain a credit for the full purchase price.

“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrightedand licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel

Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain norights other than those granted to you under this License Agreement. You are responsible for the selection of theSoftware and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software ononly one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. Tothe extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer

is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains tradesecrets and Customer agrees to treat Software as confidential information using the same care and discretion Customeruses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure thatanyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use,copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile,reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expresslyauthorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are

beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designatedhardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify itsdestruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Softwareactivation or usage levels. If suppliers of third party software included in Software require Nortel Networks to includeadditional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to suchthird party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMSALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to

provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, insuch event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BELIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF,OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOURUSE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEENADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplierof the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do notallow these limitations or exclusions and, in such event, they may not apply.


4/252

4

318507-B Rev 01

4. General

a. If Customer is the United States Government, the following paragraph shall apply: All Nortel NetworksSoftware available under this License Agreement is commercial computer software and commercial computer

software documentation and, in the event Software is licensed for or on behalf of the United StatesGovernment, the respective rights to the software and software documentation are governed by Nortel

Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer failsto comply with the terms and conditions of this license. In either event, upon termination, Customer musteither return the Software to Nortel Networks or certify its destruction.

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting fromCustomer’s use of the Software. Customer agrees to comply with all applicable laws including all applicableexport and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement betweenCustomer and Nortel Networks.

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. Ifthe Software is acquired in the United States, then this License Agreement is governed by the laws of the stateof New York.


5/252

5


Preface 19

Before you begin 19

Text conventions 20

Icon conventions 21

Documentation roadmap 22

Hard-copy technical manuals 24

How to get help 24

Chapter 1

Fundamentals 27

Wireless Mesh Network solutions 27

Network overview 28

Network architecture 28

Community Area Network 29

Network Access Point 29Wireless Access Point 7220 29

Enterprise/ISP backbone network 30

Wireless Gateway 7250 30

Enterprise / ISP / Metro distribution network 31

Border Gateway 31

Network Operations Support System 31

Wireless Mobile Node 35

Inter-Wireless Gateway 7250 roaming and mobility 35

Access and transit links 38

Principles of operation 39

Wireless Mesh Network topology 40

Mobility management 40

Chapter 2Network installation overview 43

IP addressing requirements 43

Wireless Mesh Network subnetting 44

Requirements for a pre-existing network 47

DHCP server requirements 48RADIUS server requirements 50


6/252

6

318507-B Rev 01

FTP server requirements 50

SNTP server 51

NAP router requirements 51Network Access Controller requirements 52

Ethernet switch 55

ONMS installation and configuration 55

Distribution network 56

Wireless AP 7220 deployment requirements 57

Power requirements and information 57

Network specifications 58

Chapter 3Fault management 59

Faults in the Wireless Mesh Network 59

Faults in the Wireless AP 7220 59

Faults in the Wireless Gateway 7250 60

Optivity Network Management System (ONMS) 60

Collecting and managing fault data 61

Collecting fault data 61

Managing fault data 62

Alarm filtering 62

Error logging 63 Alarm statistics 64

Fault reports and fault summaries 64

Fault detection and investigation 65

Fault correction 67

Network recovery / auto-healing 68

Chapter 4Configuration management 69

Configuration overview 69

Tools and utilities 70

KeyGen tool 70

ConfigVerify tool 71

Configuring the Dynamic Host Configuration Protocol (DHCP) server 71


7/252

7


Configuring the NAP router 72

Configuring the RADIUS server 73

Configuring the FTP server 74Configuring super ping in ONMS 75

Configuring the Network Access Controller (NAC) 76

Configuring an Ethernet switch 76

Configuring the Wireless Gateway 7250 77

Managing the Wireless Gateway 7250 through a console 79

Configuring the interfaces 80

Connecting to the Wireless Gateway 7250 using the web browser 82

Configuring default routes (private and public) 82

Configuring default routes 82

Configuring default routes using the CLI 84

Enabling services 85

Enabling the FTP, Telnet, and SNMP service 85

Using the Telnet service 86

Installing/upgrading/downgrading Wireless Gateway 7250 software 86

Setting up an FTP server 86

Starting the upgrade process 86

Enabling and configuring the Stateful Firewall 90

Creating filters 92

Saving and activating a policy 101Configuring advanced routing software 103

Configuring client address redistribution (CAR) pools 105

Configuring IPsec parameters 109

Configuring Wireless AP 7220 user accounts 121

Configuring a static IP address 123

Configuring classifier rules 124

Creating classifiers 124

Creating classifier rules 126

Associating the classifier to the rules 130

Applying the classifiers to the interfaces 133

Configuring a Wireless AP 7220 @ NAP 136

Configuring a Wireless AP 7220 137

Wireless AP 7220 pre-deployment configuration 138


8/252

8

318507-B Rev 01

Wireless AP 7220 post-deployment configuration 140

Initializing the Wireless AP 7220 from flash memory 140

Initializing the Wireless AP 7220 from the Ethernet port 140Writing an image into flash memory 141

Command line interface (CLI) option 141

Configuring the configuration manager (ConfigMgr) 141

Manually upgrading the Wireless AP 7220 software 142

Software image information 143

Configuring the DHCP user class 143

Restarting a Wireless AP 7220 143

Configuring the Wireless AP 7220 location 144

Configuring the access link 144

Configuring the transit link 145

Enabling and configuring Wireless AP 7220 logging 147

Configuring the log subsystem 147

Specifying the severity of Wireless AP 7220 events forwarded to syslog 149

Enabling or disabling Wireless AP 7220 logging 149

Specifying the syslog server 152

Upgrading the Wireless AP 7220 software 152

Wireless AP 7220 pre-deployment software upgrade 152

Command Line Interface (CLI) Wireless AP 7220 software download 153

Switching to the new Wireless AP 7220 software load 154Rebooting the Wireless AP 7220 154

Wireless AP 7220 post-deployment software upgrade 155

ONMS Wireless AP 7220 software download 155

Setting the delay timer 157

Switching to the new Wireless AP 7220 software load 157

Starting the delay reboot 158

Load Redundancy in flash memory 158

Configuring the Wireless AP 7220 for transit link authentication 158

Configuring the Simple Network Time Protocol (SNTP) 159

Configuring the Simple / Secure Network Management Protocol (SNMP) 160

Configuring the RADIUS server shared secret 160

Configuring the DHCP server user class 161

Configuring the Subscriber Management Entity (SME) 161


9/252

9


162

Chapter 5

Accounting 163

Overview 163

Accounting server configurations 164

RADIUS server accounting attributes 165

Tracking of services and resource usage 168

Time-based accounting 168

Idle timeouts 168

Network failure 169

Fraud reporting 170

Accounting traps 170

Chapter 6Performance management 171

Optivity Network Management System (ONMS) 171

Collecting performance measurements 172

Reporting performance measurements 173

Analyzing performance measurements 173

Maintaining and analyzing logs 176

Chapter 7Security 179

Security standards 179

Security in the Wireless Mesh Network 179

Subscriber security 181

Transit link security 182

Network security 183

AAA policy services 184

Authenticating Wireless AP 7220s 185

Authenticating subscribers 185

Authenticating subscribers using RSNA mobile nodes 185

Authenticating subscribers using non-RSNA devices 186

Quarantining unauthorized mobile nodes 187


10/252

10

318507-B Rev 01

Security alarms and event reporting 187

Security audit trails 188

Chapter 8Administration 189

Tools and utilities 189

Managing network changes 190

Managing Wireless Access Point 7220s 190

Rebooting the Wireless AP 7220 192

Managing Wireless Gateway 7250s 193

Managing network access point routers (NAP-Rs) 194

Managing end users 194

Creating user accounts 195

Modifying user accounts 196

Deleting user accounts 196

Performing and managing backups 196Restoring from backups 197

Appendix AKeyGen tool 199

Appendix B

Sample DHCP configuration file 201

Appendix C

FTP server user permissions 209

Modifying FTP server user permissions 209

Appendix D

Sample NAP router configuration 211

Appendix E

Sample NAC configuration 215

Appendix F

Sample FTP configuration file 219

Appendix G


11/252

11


Wireless Access Point 7220 performance statistics 223

Wireless Access Point 7220 statistics 223

Wireless AP 7220 Access Link statistics 224

Wireless AP 7220 Mobile IP statistics 224

Wireless AP 7220 Transit Link Activity statistics 224

Wireless AP 7220 IPsec Activity statistics 225

RADIUS Authentication statistics 225

RADIUS Authentication General statistics 225

RADIUS Authentication Incoming statistics 225RADIUS Authentication OutGoingToServer statistics 226

RADIUS Accounting statistics 226

RADIUS Accounting General statistics 226

RADIUS Accounting Incoming statistics 227

RADIUS Accounting Outgoing statistics 227

SNMP statistics 227

SNMP engine statistics 228

SNMP MPD statistics 228

SNMP target statistics 228

SNMP USM statistics 228

OSPF statistics 229

OSPF area table statistics 229

OSPF interface statistics 229

OSPF neighbor table statistics 229

MIB-II statistics 230

MIB-II system statistics 230

MIB-II system status/profile statistics 230

MIB-II interface statistics 231

MIB-II interface status/profile statistics 231MIB-II interface InActivity statistics 231

MIB-II interface OutActivity statistics 232

MIB-II IP statistics 232

MIB-II IP profile statistics 232

MIB-II IP InActivity statistics 232

MIB-II IP OutActivity statistics 233MIB-II IP address table statistics 233


12/252

12

318507-B Rev 01

MIB-II IP route table statistics 233

MIB-II ICMP statistics 234

MIB-II ICMP InActivity statistics 234MIB-II ICMP OutActivity statistics 235

MIB-II UDP statistics 235

MIB-II UDP activity statistics 235

MIB-II TCP statistics 236

MIB-II TCP profile statistics 236

MIB-II TCP activity statistics 236

MIB-II SNMP statistics 236

MIB-II SNMP InActivity statistics 236

MIB-II SNMP OutActivity statistics 237

Appendix HWireless Access Point 7220 traps 239

Glossary 241


13/252

13


Figure 1 Basic Wireless Mesh Network architecture 28

Figure 2 Inter-Wireless Gateway 7250 roaming Wireless Mesh Network

architecture 36

Figure 3 Wireless AP 7220 radio links overview 39

Figure 4 Basic Wireless Mesh Network IP addressing architecture 44

Figure 5 InfoCenter window indicating devices in fault 66

Figure 6 Fault Summary window with fault, trap, and syslog details 67

Figure 7 Basic network layout example 77

Figure 8 Inter-Wireless Gateway 7250 roaming and mobility network layout

example 78Figure 9 The Static Routes screen 83

Figure 10 Private Default Route screen 83

Figure 11 Enabling the FTP service 85

Figure 12 Directory tree screen 87

Figure 13 The Upgrades screen 87

Figure 14 Upgrade Retrieval screen 88

Figure 15 Retrieval progress screen 89

Figure 16 New Version Retrieve status screen 89

Figure 17 Upgrade apply screen 90

Figure 18 The License key screen 91

Figure 19 The Firewall / NAT screen 92

Figure 20 New Policy screen 93

Figure 21 Adding a MIP policy 94

Figure 22 Creating a mobile IP (MIP) service filter 95

Figure 23 Adding a mobile IP (MIP) service filter 96

Figure 24 The Stateful Firewall screen 96

Figure 25 Network Object Type Selection screen 98

Figure 26 IP range object screen 99

Figure 27 Assigning a captive portal to the mobile node pool 100Figure 28 Defined mobile node pools 101

Figure 29 Global configuration 102

Figure 30 Enabling the gratuitous ARP 103

Figure 31 Example of the local OSPF parameters 104

Figure 32 Example of the global OSPF parameters 105

Figure 33 Adding an IP address pool 107

Figure 34 Example of an IP address pool list 107


14/252

14

318507-B Rev 01

Figure 35 Enable CAR pools 108

Figure 36 Enabling a route policy 109

Figure 37 Global IPsec parameters 110

Figure 38 Global IPsec parameters (continued) 110

Figure 39 Global IPsec parameters (continued) 111

Figure 40 Example of a Wireless AP 7220 address pool configuration 113

Figure 41 Example of adding a Wireless AP 7220 group 114

Figure 42 Example of editing a Wireless AP 7220 group 115

Figure 43 Wireless AP 7220 @ NAP group connectivity parameters 116

Figure 44 Wireless AP 7220 @ NAP group connectivity parameters (continued) 116

Figure 45 Wireless AP 7220 @ NAP group connectivity parameters (continued) 117

Figure 46 Wireless AP 7220 group connectivity parameters 117

Figure 47 Wireless AP 7220 group connectivity parameters (continued) 118

Figure 48 Wireless AP 7220 group connectivity parameters (continued) 118

Figure 49 Group IPsec parameters 120

Figure 50 Group IPsec parameters (continued) 121Figure 51 Example of configuring a Wireless AP 7220 user account 122

Figure 52 Configuring a static IP address 123

Figure 53 Creating a classifier 125

Figure 54 Edit Classifier screen 125

Figure 55 Classifiers screen 126

Figure 56 Creating classifier rules 127Figure 57 Classifiers Rules Port screen 128

Figure 58 Create Port screen 129

Figure 59 Associating the classifier to the rules 131

Figure 60 Edit Classifier (PRIVATE_INGRESS) screen 132

Figure 61 Edit Classifier (PUBLIC_EGRESS) screen 133

Figure 62 QoS Interfaces screen 134

Figure 63 Enabling the private classifier 135

Figure 64 Computer to Wireless AP 7220 @ NAP Ethernet connection 136

Figure 65 Pre-deployment configuration 139

Figure 66 Selecting a Wireless AP 7220 to enable logging 150

Figure 67 The Monitor Options - Syslog Registration option 151

Figure 68 Accounting server configurations 164


15/252

15


Figure 69 Example OmniView GUI displaying Wireless AP 7220 statistics tables

174

Figure 70 Example OmniView GUI displaying Wireless AP 7220 statistics graphs

175

Figure 71 Example OmniView MIB help window 176

Figure 72 Wireless Mesh Network and other network components relative to private

and public network entities 180

Figure 73 Subscriber security in the Wireless Mesh Network 182

Figure 74 Transit link and network security in the Wireless Mesh Network 183

Figure 75 Wireless AP 7220 device configuration screen 192


16/252

16

318507-B Rev 01


17/252

17


Table 1 NOSS requirements 32

Table 2 ONMS applications 34

Table 3 Wireless Mesh Network subnetting 45

Table 4 IP address categories 46

Table 5 Private ingress classifier rules port information 129

Table 6 Public egress classifier rules port information 130

Table 7 Accounting attributes 165

Table 8 Transit link parameters requiring Wireless AP 7220 reboot 191

Table 9 Fault correlation of Wireless Mesh Network traps 240


18/252

18

318507-B Rev 01


19/252

19


Preface

This guide introduces the Nortel Wireless Mesh Network. It provides overview,

configuration, and maintenance information to help you install, configure and

maintain your Wireless Mesh Network.

Before you begin

This guide is for network managers who are responsible for setting up,

configuring, and maintaining the Wireless Mesh Network. This guide assumes

that you have experience with windowing systems or graphical user interfaces

(GUIs) and familiarity with network management.

Along with the Wireless AP 7220 software provided on the Wireless AP 7220

software CD, two Wireless Mesh Network tools are also provided: KeyGen and

ConfigVerify. You can also download these tools using theNortel Customer

Support portal at http://www.nortelnetworks.com/index.html if you have a Nortel

Customer Support Contract.

http://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.html


20/252

20 Preface

318507-B Rev 01

Text conventions

This guide uses the following text conventions:

angle brackets (< >) Indicate that you choose the text to enter based on thedescription inside the brackets. Do not type the brackets when entering the command.

Example: If the command syntax isping , you enter

ping 192.32.10.12 bold Courier text Indicates command names and options and text that

you need to enter.

Example: Use the dinfo command.

Example: Enter show ip {alerts|routes}.

braces ({}) Indicate required elements in syntax descriptions wherethere is more than one option. You must choose only

one of the options. Do not type the braces whenentering the command.

Example: If the command syntax isshow ip {alerts|routes}, you must enter either show ip alerts or show ip routes, but not both.

brackets ([ ]) Indicate optional elements in syntax descriptions. Donot type the brackets when entering the command.

Example: If the command syntax isshow ip interfaces [-alerts], you can enter either show ip interfaces or show ip interfaces -alerts.

ellipsis points (. . . ) Indicate that you repeat the last element of thecommand as needed.

Example: If the command syntax is

ethernet/2/1 [ ]... ,you enter ethernet/2/1 and as many parameter-value pairs as needed.

P f 21


21/252

Preface 21


Icon conventions

Figures in this guide that depict a Wireless Mesh Network use the following

standard icons:

italic text Indicates new terms, book titles, and variables incommand syntax descriptions. Where a variable is twoor more words, the words are connected by anunderscore.

Example: If the command syntax isshow at , valid_route is onevariable and you substitute one value for it.

plain Couriertext

Indicates command syntax and system output, forexample, prompts and system messages.

Example: Set Trap Monitor Filters

separator ( > ) Shows menu paths.

Example: Protocols > IP identifies the IP option on theProtocols menu.

vertical line ( | ) Separates choices for command keywords andarguments. Enter only one of the choices. Do not typethe vertical line when entering the command.

Example: If the command syntax isshow ip {alerts|routes}, you enter either show ip alerts or show ip routes, but not both.

Wireless Access Point 7220

Wireless Gateway 7250

Network Access Point router

22 P f


22/252

22 Preface

318507-B Rev 01

Documentation roadmap

For information about installing, configuring, monitoring, and managing a

Wireless Mesh Network, refer to the following publications:

• Wireless Mesh Network Solution Reference Guide (318507-A)

• Configuration Record for a Nortel Networks Wireless Mesh Network(318509-A)

For information about installing a Wireless Access Point 7220, refer to the

following publications:

• Installing the Nortel Networks Wireless Access Point 7220 (318527-A)

Network Access Controller

Ethernet switch

Network Operations Support System (NOSS) servers(DHCP, FTP, RADIUS AAA, SNTP)

Optivity Network Management System (ONMS) in NOSS

Mobile Node

RF wireless connection

Border Gateway

Preface 23


23/252

Preface 23


• Quick Reference to Installing the Nortel Networks Wireless Access Point 7220

(318528-A)

For information about installing and using a Wireless Gateway 7250, refer to thefollowing publications:

• Installing the Nortel Networks Wireless Gateway 7250 (318511-A)

• Installing Hardware Options for the Nortel Networks Wireless Gateway 7250

(318519-A)

• Configuring Firewalls and Filters for the Nortel Networks Wireless Gateway

7250 (318516-A)

• Managing and Troubleshooting the Nortel Networks Wireless Gateway 7250

(318517-A)

• Command Line Interface for the Nortel Networks Wireless Gateway 7250

(318518-A)

For information about using the Optivity Network Management System, refer to

the following publications:

• Release Notes for Optivity NMS Release 10.2 (205970-G)

Provides the latest information, including brief descriptions of the new

features, problems fixed in this release, and known problems and

workarounds.

• Quick Installation and Startup for Optivity NMS 10.2 for Windows(208830-F)

Provides brief instructions for installing and getting started with Optivity

NMS 10.2 for Windows NT*, Windows 2000, and Windows 2003 platforms.

• Quick Installation and Startup for Optivity NMS 10.2 for UNIX (208949-F)

Provides brief instructions for installing and getting started with Optivity

NMS 10.2 for UNIX platforms.

• Quick Installation of Optivity NMS 10.2 Database (213315-C)

Provides brief instructions for installing the Oracle database software required

for Optivity NMS 10.2 on a UNIX or Windows platform.

• Installing and Administering Optivity NMS 10.2 (205969-G)

24 Preface


24/252

24 Preface

318507-B Rev 01

Describes how to install and administer Optivity NMS 10.2 to start managing

your Wireless Mesh Network.

• Using Optivity NMS 10.2 Applications (207569-E)Describes how to use the integrated Optivity Network Management System

tools and applications to get the most out of your network resources.

• Agent Support for Optivity NMS 10.2 (216729-A)

Describes devices and agents supported for Optivity NMS 10.2.

Hard-copy technical manuals

You can print selected technical manuals and release notes free of charge, directly

from the Internet. Go to the www.nortelnetworks.com/documentation URL. Find

the product for which you need documentation. Then locate the specific category

and model or version for your hardware or software product. Use Adobe* Acrobat

Reader* to open the manuals and release notes, search for the sections you need,and print them on most standard printers. Go to Adobe Systems at the

www.adobe.com URL to download a free copy of the Adobe Acrobat Reader.

How to get help

If you purchased a service contract for your Nortel product from a distributor or

authorized reseller, contact the technical support staff for that distributor or

reseller for assistance.

If you purchased a Nortel service program, contact one of the following Nortel

Technical Solutions Centers:

Technical Solutions Center Telephone

Europe, Middle East, and Africa (33) (4) 92-966-968

North America (800) 4NORTEL or (800) 466-7835

Asia Pacific (61) (2) 9927-8800

China (800) 810-5000

Preface 25

http://www.nortelnetworks.com/documentationhttp://www.adobe.com/http://www.adobe.com/http://www.adobe.com/http://www.adobe.com/http://www.nortelnetworks.com/documentation


25/252

Preface 25


Additional information about the Nortel Technical Solutions Centers is available

from the www.nortelnetworks.com/help/contact/global URL.

An Express Routing Code (ERC) is available for many Nortel products andservices. When you use an ERC, your call is routed to a technical support person

who specializes in supporting that product or service. To locate an ERC for your

product or service, go to the http://www.nortelnetworks.com/help/contact/erc/

index.html URL.

26 Preface

http://www.nortelnetworks.com/help/contact/globalhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/global


26/252

318507-B Rev 01


27/252

27


Chapter 1

Fundamentals

Wireless Mesh Network solutions

A Wireless Mesh Network enables mobile users to enjoy secure, seamless,

wireless roaming across converging public and private networks, as well as

hotspot environments.

Nortel’s Wireless Mesh Network solution uses a number of wireless access points

connected point to point. The traditional hub or star configuration found in atraditional WLAN backhaul is replaced with point to point connections between

wireless access points to form a mesh network backhaul to the broadband

network. Replacing the wired backhaul with wireless backhaul does not require

existing LAN infrastructure when deploying the Wireless Mesh Network solution.

The Wireless Mesh Network solution uses standard IEEE 802.11 technology for

providing broadband wireless access and wireless backhaul. A Wireless Mesh Network solution is ideal in providing WLAN coverage in open spaces where

traditional WLAN systems are prohibitive to deploy because CAT5 or LAN

cabling does not exist or is costly and difficult to deploy. Some examples of places

where a Wireless Mesh Network solution would have advantages over a standard

WLAN solution are:

• open spaces such as parks or public plazas• shopping malls

• campus environments such as universities or research parks

• airports, bus stations, train stations

• industrial facilities such as truck stops and dockyards

• stadiums and outdoor recreational facilities

• metropolitan areas

28 Chapter 1 Fundamentals


28/252

318507-B Rev 01

Network overview

Network architecture

A graphical representation of a basic Wireless Mesh Network system is shown in

Figure 1.

Figure 1 Basic Wireless Mesh Network architecture

Chapter 1 Fundamentals 29


29/252


Community Area Network

The Community Area Network (CAN) is a cluster of Wireless Access Point 7220s

that form a self-organizing and auto-configuring mesh structure. It is a cluster ofWireless Access Point 7220s that can associate with each other within the control

of one Wireless Gateway 7250. The CAN uses multi-hop, wireless (unlicensed)

backhaul from a wired broadband network access point (NAP). Security functions

protect control, management, and user traffic flowing over the wireless links, and

authorize access by mobile subscribers.

Network Access Point

The Wireless AP 7220 connected to the Network Access Point (NAP) router

(known as a NAP-R) is referred to as a Wireless AP 7220 @ NAP. It is the point

of interconnection between the CAN and the distribution network. The Wireless

AP 7220 @ NAP is a Wireless AP 7220 connected to the NAP-R via a wired

Ethernet connection. This Wireless AP 7220 @ NAP communicates with a cluster

of Wireless AP 7220s in a CAN. The Wireless AP 7220 @ NAP performs trafficcollection and distribution functions for traffic originating and terminating over

the broadband backbone network.

The NAP-R incorporates routing functions and multiple wired Ethernet links for

connection to Wireless AP 7220 @ NAPs. The NAP-R acts as a standard IP router

or an IP routing function in a network edge device. The IP router must support

OSPF.

Wireless Access Point 7220

The Wireless Access Point 7220 (Wireless AP 7220) provides the following:

• traffic collection and distribution functions for traffic within the Community

Area Network

• extended reach, simplified deployment, and reliability due to its antenna

design

• wireless access functions for connection to wireless mobile nodes (MNs)

• routing and wireless transit functions for connection to two or more Wireless

AP 7220s and to NAPs

• incorporates security functions for validating connections to other Wireless

AP 7220s



30/252

318507-B Rev 01

• security functions for controlling user device access

The Wireless AP 7220 also acts as a:

• DHCP-Client - for itself

• DHCP-Relay - for mobile nodes and for neighbor Wireless AP 7220s

• RADIUS Authentication Client (Authenticator) - for mobile nodes and for

neighbor Wireless AP 7220s

• RADIUS Accounting Client - for mobile nodes

Enterprise/ISP backbone network

The Enterprise/ISP backbone network is a Layer 3 routed domain (that is, IP

routing decisions are made by the backbone network). It is used to carry IP traffic

between the Wireless Gateway 7250 and other elements of the Enterprise/ISP

network (for example, Border Gateways and NOSS servers).


The Wireless Gateway 7250 advertises reachability (within the Enterprise/ ISP

Distribution Network) for one or more IP subnets assigned to Wireless Mesh

Network CAN subscribers and network entities. It is the security and mobility

anchor point for the Wireless Mesh Network. In addition, it hides Wireless Mesh

Network-specific mobility and security functions from the rest of the Enterprise /

ISP Distribution and Backbone Networks.

The Wireless Mesh Network solution integrates elements of existing Nortel

products and solutions. As a result, references to “Contivity” may appear in both

Wireless Gateway 7250 operator interfaces and in this document. However, note

that the Wireless Gateway 7250 platform is unique to the Wireless Mesh Network

solution, and is not interchangeable with any other Nortel platform.

The standard CLI can be used for all needed OAM&P interactions with the

Wireless Gateway 7250, such as statistics, configuration, event/fault handling.

The CLI can be accessed remotely by using the standard telnet protocol.



31/252


Enterprise / ISP / Metro distribution network

The Enterprise / ISP / Metro distribution network is used to carry IP traffic

between the Wireless Gateway 7250 and Network Access Point routers (NAP-R).It can be a Layer 3 routed domain (where IP routing decisions are made by the

distribution network), or can be a Layer 1 or Layer 2 transport domain (that is,

(virtual) point-to-point links between Wireless Gateway 7250 and NAP-R). This

network can be the same network as the Enterprise / ISP Backbone Network.

Border Gateway

The Border Gateway is a (logical) network entity that incorporates all functions

required to interface with the Internet. It advertises reachability to the Internet for

IP addresses assigned to Wireless Mesh Network subscribers and network entities.

The border gateway can also provide connectivity for other, non-Wireless Mesh

Network Enterprise/ISP entities. Also, it can incorporate other inter-networking

functions (for example, NAT, firewall, redirection). However, the border gateway

has no knowledge of Wireless Mesh Network specific mobility and securityfunctions.

Network Operations Support System

The Network Operations Support Systems (NOSS) provides centralized facilities

for monitoring and managing network operations, using industry-standard

protocols to communicate with the distributed elements in the Wireless Mesh Network.



32/252

318507-B Rev 01

The NOSS consists of the Nortel Optivity Network Management System

(ONMS), industry standard FTP, RADIUS, Dynamic Host Configuration Protocol

(DHCP), and SNTP servers. The minimum requirements for the NOSS are listed

in Table 1.

Centralized management

The NOSS provides centralized facilities for monitoring and managing network

operations, using industry-standard protocols to communicate with the distributed

elements in the Wireless Mesh Network.

Table 1 NOSS requirements

Element Requirement Description

Network ManagementSystem

Nortel Optivity NMS (release10.2)

The ONMS provides fault,performance, andconfiguration management,

and discovers and displaysWireless AP 7220s and theWireless Gateway 7250

DHCP server RFC3011 support (subnetselection option)

The DHCP server providesdynamic IP addressassignments for Wireless AP7220s and mobile nodes

RADIUS server EAP-TLS, EAP-TTLS,

EAP-PEAP, EAP-LEAPsupport

The RADIUS server

performs mobile andWireless AP 7220authentication andaccounting

FTP Server No special requirements The FTP server stores:

- Configuration files that theWireless AP 7220downloads when poweringup

- Wireless AP 7220 software

SNTP server No special requirements The SNTP server providesthe Wireless AP 7220 withthe time parameters it needsto ensure that each eventlogged on the Wireless AP7220 has the propertime-stamp information



33/252


In the first release of Wireless Mesh Networks, the NOSS uses ONMS version

10.2 (with the Wireless Mesh Network specific OIT – Optivity Integration Toolkit

and patches. Refer to “ONMS installation and configuration” for more

information.) which incorporates the added functionality to support the WirelessAP 7220 and enable the ONMS to manage the Wireless AP 7220s in the network.

The ONMS uses common graphical user interfaces and proven technology to

provide the necessary tools to manage and visualize the Wireless Mesh Network

and its key elements.

ONMS fits into any network operations model, providing the flexibility to access

key management functions across the network from various locations. Based upona scalable client/server architecture, ONMS enables users to access any ONMS

server in the network from one client installation, or supported web browser

(Internet Explorer or Netscape). This distributed approach provides access to key

management tools from any Web-enabled workstation.

The following Optivity Network Management Options are available:

• ONMS Campus — supports 500 IP Nodes (Nodes is the number of managed

Nortel IP Interfaces. This is only available for Windows OS.)

• ONMS Enterprise — supports 5000 IP Nodes (Nodes is the number of

managed Nortel IP interfaces. An upgrade to 10000 IP Nodes is available.)

• ONMS Eval to Campus — upgrade from Campus Evaluation to a licensed

version. Note that this is the same as buying a Campus version.

With ONMS Enterprise, a single ONMS server scales to support up to 5,000 IP

addressable network elements. An upgrade is available for ONMS Enterprise to

support 10,000 IP addressable network elements. With ONMS Enterprise, a

network manager can display a sum of 5,000 objects across all views. They can

use multiple servers to manage a larger number of IP addressable network

elements from a single management station.

For smaller environments, Nortel offers the Campus version of ONMS. OptivityCampus scales to support up to 500 IP addressable network elements and runs on

Windows NT and Windows 2000. With Campus, a network manager can display a

sum of 1,500 objects in all views.

In addition, ONMS provides “day one” device support via the Optivity Integration

Toolkit (OIT). The OIT enables ONMS applications to take advantage of new

Nortel hardware devices right out of the box.



34/252

318507-B Rev 01

ONMS provides a single location for managing fault and performance across the

network, and a launch point and interface to other Optivity products. ONMS

provides visualization of Layer 1, 2, and 3 devices, network topology, faults, and

real-time performance statistics.

The following table briefly describes the supported ONMS applications:

Key benefits of ONMS include

• ease of managing and troubleshooting networks

• automated discovery and display of topology and devices

• consolidation and correlation of network faults

• powerful diagnostic functions

• real-time performance analysis

• scalability and security for managing large networks

Table 2 ONMS applications

ONMS Application

SupportDescription

Discovery Enables discovery of Wireless Mesh Network devices withONMS’ AutoTopology applications.

Organization Wireless Mesh Network devices are placed in the WMNfolder in the ONMS InfoCenter folder tree.

Performance Management Ability to monitor Wireless Mesh Network deviceperformance with ONMS OmniView.

Fault Management Enables management of Wireless Mesh Network device

traps and faults with Fault Summary.

Device ConfigurationManagement

Ability to open the embedded web configuration interfacesfor Wireless Mesh Network devices in InfoCenter byright-clicking the device and choosing Configuration /Embedded Web Interface.

Inventory Management The inventory of Wireless Mesh Network devices andagents can be managed with the Device Inventory Viewer.

Graphical View ONMS ExpandedView presents a physical graphical viewof a given network device. For the Wireless AP 7220, usingExpandedView enables the use to verify specificconfiguration parameters.



35/252


Wireless Mobile Node

The subscriber's wireless mobile node is a commercial, off-the-shelf consumer

device (For example, a PDA or laptop) with a standard IEEE 802.11b/g NetworkInterface Card.

Inter-Wireless Gateway 7250 roaming and mobility

The Wireless Mesh Network architecture can be extended to support seamless

Inter-Wireless Gateway 7250 roaming and mobility. This distributed architecture

allows for extensive scalablity over multiple CANs across multiple WirelessGateway 7250s in a wide area Wireless Mesh Network. The Inter-Wireless

Gateway 7250 roaming and mobility functionality is well-suited for larger

deployments.

The Inter-Wireless Gateway 7250 roaming architecture is based on a two-tier

anchor points hierarchy over a distributed network.



36/252

318507-B Rev 01

Figure 2 Inter-Wireless Gateway 7250 roaming Wireless Mesh Network architecture

Inter-Wireless Gateway 7250 roaming adds two major network elements into the

Wireless Mesh Network architecture:

Network Access Controller

The Network Access Controller (NAC) performs two major functions:

• Inter-Wireless Gateway 7250 roaming support function

It is responsible for controlling mobile traffic going in and coming out of theWireless Mesh Network cluster (WMC). Traffic originating from or

terminating at a mobile node must be funneled to a NAC through a routing

protocol information exchange or through a static route configuration.The

same NAC remains the anchor point for the mobile node to direct all the

incoming and outgoing traffic to and from the mobile node.



37/252


• Access control function

The access control function includes the captive portal re-direct function of

the NAC. It ensures all mobile subscribers are authenticated before mobile

node traffic can flow through. Before a mobile subscriber is authenticated, thecaptive portal redirects all mobile node HTTP traffic to a dedicated internet

web page specified by the local network provider for mobile subscriber

authentication.

Any product that can support these two functions can be configured as a NAC in a

Wireless Mesh Network.Additional requirements must be met if the NAC is

deployed in a network that supports the Inter-Wireless Gateway 7250 roamingcapability. Refer to “Network Access Controller requirements” for more

information.

Once the mobile subscriber has successfully authenticated, the NAC provides

web-based accounting support for non-RSNA-based subscribers. RSNA

subscribers that use web-based accounting must be independently authenticated

twice: once through the Wireless AP 7220 with the RADIUS server, and once

through the captive portal with the RADIUS server. RSNA subscribers that do notuse web-based accounting are authenticated only through the Wireless AP 7220

with the RADIUS server but must provide special filtering at the captive portal.

Refer to “Configuring the Network Access Controller (NAC)” and Appendix E,

“Sample NAC configuration” for complete instructions on how to configure a

sample NAC.

The NAC can be deployed in a basic Wireless Mesh Network architecture as well

as in a network that supports Inter-Wireless Gateway 7250 roaming. In both cases,

packet steering rules must be configured on the Wireless Gateway 7250 to direct

mobile traffic towards the appropriate NAC. The NAC can then authenticate the

mobile subscriber (if the mobile subscriber has not yet been authenticated) and

exercise access control on the mobile traffic.

Refer to “Filter 4” and “Configuring client address redistribution (CAR) pools” in

Chapter 4, “Configuration management” for complete information about

configuring packet steering rules.


Eth t it h


38/252

318507-B Rev 01

Ethernet switch

The Layer 2 Ethernet switch provides the technology to support the mobility

information exchange between the two-tier anchor points. It connects thedistributed Network Access Controllers and the distributed Wireless Mesh

Network cluster (WMC).

Any Ethernet switch that can support this function can be configured in a Wireless

Mesh Network.

Access and transit links

The Nortel Wireless Mesh Network Wireless AP 7220 has both access and transit

link antennas.

Transit links are used in the Wireless Mesh Network to interconnect the WirelessAP 7220s to form a self-configuring access network for packet data services.

There is a single transit link (TL) IEEE 802.11a radio per Wireless AP 7220 and

this is shared among the directional (patch) antennas for the transit links to

neighboring Wireless AP 7220s. The antenna is configured for six independently

selected, directional, facet-equipped beam antennas. The Wireless AP 7220 or

Wireless AP 7220 @ NAP automatically selects the best transit link beam to

connect with its neighbors.

Access links connect mobile stations (subscribers) to the Wireless AP 7220s.

There is a single access link (AL) IEEE 802.11b or 802.11g radio per Wireless AP

7220 with two switched antenna diversity connections. The Access Link antenna

is at the base of the unit and provides omni-directional coverage and is used to

connect to wireless mobile nodes.

Access and Transit Radio links are separated in frequency (2.4 GHz for access and

5 GHz for transit). Figure 3 shows an overview of Wireless AP 7220 radio links.


Figure 3 Wireless AP 7220 radio links overview


39/252


Figure 3 Wireless AP 7220 radio links overview

Principles of operation

A Nortel Wireless Mesh Network operates in the following manner:

• traffic routing follows users as they roam from the coverage of one Wireless

AP 7220 to another

• fault recovery occurs when a Wireless AP 7220 becomes unavailable


Wireless Mesh Network topology


40/252

318507-B Rev 01

Wireless Mesh Network topology

A Wireless Mesh Network has an arbitrary topology. The network operates in a

“peer-to-peer” fashion which means that each Wireless AP 7220 has routingcapabilities built into it and can use its neighbors as routers to transmit traffic back

and forth to the broadband network. The Wireless AP 7220 also incorporates

neighbor auto-discovery techniques, enabling it to identify neighboring Wireless

AP 7220s and possible routing paths automatically without the intervention of a

technician or management system. When combined with the included adaptive

routing algorithms using OSPF routing capabilities, this provides a “self-healing”

network - a network that is able to recover from the loss of a Wireless AP 7220 byconnecting with other neighboring Wireless AP 7220s and using alternate routes

to transmit data.

Mobility management

In the Wireless Mesh Network solution, end users can roam seamlessly across the

Wireless AP 7220s in the network that are within the span of the Wireless

Gateway 7250 or in the case of Inter-Wireless Gateway 7250 roaming, between

multiple Wireless Gateway 7250s. Key attributes to this solution include:

• mobility client software is not required on a mobile node

• path update is transparent to the mobile node

• session hand-over between Wireless AP 7220s

• multi-session accounting co-ordination across Wireless AP 7220s (Note thatthis functionality is only applicable in a basic Wireless Mesh Network

environment.)

• IP address retention while mobile node roaming

When a mobile node moves from one Wireless AP 7220 coverage area to another

(either through roaming or link fading), the endpoint of the connection path is

moved to the new Wireless AP 7220 using IP layer 3 routing capabilities. The new path may even be routed through a different NAP router. No client software is

required on mobile node.


41/252



42/252

318507-B Rev 01


43/252

44 Chapter 2 Network installation overview

Figure 4 Basic Wireless Mesh Network IP addressing architecture


44/252

318507-B Rev 01

Wireless Mesh Network subnetting

The Wireless Mesh Network consists of two basic networks; intranet and extranet.

Each Wireless Access Point 7220 is assigned an extranet address and an intranet

address. All other devices excluding mobile nodes are assigned Intranet addresses.

The Wireless AP 7220 Extranet address is primarily used for signalling within the

Wireless Mesh Network while the Intranet address is used for management

Chapter 2 Network installation overview 45

purposes and IPsec tunneling. All mobile nodes are assigned an IP address from


45/252


the mobile node address pool. To allow for better security control of mobile

traffic, the mobile node IP addresses are completely separated from the Intranet

and Extranet address pools.

The following are examples of subnets used on a typical network deployment (see

Figure 7”):

• NOSS subnet is 192.168.30.0/24

• AP Extranet Subnet is 27.0.27.x/24 subnet

• AP intranet subnet is 192.168.50.x/24 subnet• mobile node subnet is 192.168.40.y subnet (for example, a range of

192.168.40.10 to 192.168.40.50).

Table 3 provides further details for Wireless Mesh Network subnetting.

Table 3 Wireless Mesh Network subnetting

Network Segment Subnet Specific Addresses Comments

NOSS Elements 192.168.30.0/24 DHCP=192.168.30.11

FTP=192.168.30.13

RADIUS=192.168.30.12

SNTP=192.168.30.15

Can be any subnet within

Corporate network

AP Network (Extranet) 27.0.27.x NAP-R=27.0.27.1

Wireless AP 7220 @

NAP=27.0.27.4

All APs assigned address

within this range with

mask 255.255.255.255(except for the Wireless

AP 7220 @ NAP which is

set to 255.255.255.0.)

AP Network (Intranet) 192.168.50.x/24 Wireless Gateway

7250=30.0.30.1

Assigned by Wireless

Gateway 7250


Untrusted

30.0.30.1 Any


Management

192.168.20.248 Any

Distribution Network Any Any Can be any subnet

between NAP router and


Mobile Nodes 192.168.40.y (e.g., range

of 192.168.40.10 to

192.168.40.50)

Access Point Access

Link=192.168.40.9

One address in this

Subnet is reserved for AP

Access Link


Table 3 Wireless Mesh Network subnetting


46/252

318507-B Rev 01

IP Address categories and usage are shown in Table 4. See Figure 7 for the

network layout of this example.:

Ethernet switch 192.168.20.x 192.168.20.0 netmask 255.255.255.0Network Access

Controller Interface

192.168.20.10x (e.g.

range of 192.168.20.101

to 192.168.20.199)

192.168.20.101 The NAC must be located

northbound of the

Wireless Gateway 7250.

Network Access

Controller Private

Interface IP

192.168.80.1/99 192.168.80.1 The NAC must be located

northbound of the


Network Access

Controller Private

Management Interface IP

192.168.80.10x (e.g.

range of 192.168.80.101

to 192.168.80199)

192.168.80.101 The NAC must be located

northbound of the


Table 4 IP address categories

Address Category (See accompanying documents for descriptions) Address

TypeValue (Examples) Additional Comments

Intranet Domain Addresses

2A NOSS Elements

Optivity Network Management System (ONMS) Specific 192.168.30.13 Configured on the N/W Element interface

RADIUS Servers

Authentication Server

Accounting Server

Specific

Specific

192.168.30.12

192.168.30.12

Configured on the N/W Element interface

Configured on the N/W Element interface

DHCP Server Specific 192.168.30.11 Configured on the N/W Element interface

FTP File Server (for software download and Wireless AP 7220 configuration data download)

Specific 192.168.30.13 Configured on the N/W Element interface

SNTP Server Specific 192.168.30.14 Configured on the N/W Element interface

2B Enterprise Extension Space

2B1 i.AP - The intranet Wireless AP 7220 IP Address range Subnet 192.168.50.x (24bit netmask)

Configured at the Wireless Gateway 7250. TheWireless Gateway 7250 assigns a unique i.APaddress from this subnet pool to each Wireless AP7220 that establishes an IPsec tunnel with the


2B2 i.WG - The intranet Wireless Gateway 7250 IP Address Each Wireless Gateway 7250 in the network requiresthe following IP addresses.

Private Interface IP AddressManagement IP Address

SpecificSpecific

192.168.20.1192.168.20.248

Configured on the Wireless Gateway 7250.Configured on the Wireless Gateway 7250 privateinterface.

2B3 i.MN - Mobile Node intranet IP Address Subnet 192.168.40.y(e.g., range of192.168.40.10 to192.168.40.50)

Configured on the DHCP Server. The DHCP assigns aunique i.MN address from this subnet pool to eachmobile node (MN) that establishes connection with theWireless Mesh Network.

Network Segment Subnet Specific Addresses Comments


Table 4 IP address categories


47/252


Requirements for a pre-existing network

For an overview of Network Operations and Support Systems (NOSS)requirements see Table 1. The following network elements are included in the

NOSS:

• DHCP Server

— The installation and operation of the DHCP server will depend on the

vendor chosen to supply the server. Please refer to the vendor manuals for

information on the mechanisms used to configure the chosen DHCPserver.

— For DHCP configuration information, refer to the section titled

“Configuring the Dynamic Host Configuration Protocol (DHCP) server‘”

and Appendix B, “Sample DHCP configuration file” for complete

instructions.

• FTP Server

• (Optivity) Network Management System (ONMS)

• RADIUS Server

• SNTP server

Before Wireless Mesh Network deployment ensure that existing network

components meet the requirements indicated in the sections that follow.

Extranet Domain Addresses

3A x.AP - The extranet Wireless AP 7220 IP Address

AP 7220 @ NAP IP static address

Subnet

Specific

27.0.27.x (32 bitnetmask)

27.0.27.4/24

Configured on the DHCP Server. The DHCP assigns aunique x.AP address from this subnet pool to eachWireless AP 7220 that establishes connection with theWireless Mesh Network. Any statically configuredWireless AP 7220 IP address (for example, Wireless AP 7220 @ NAP) must be excluded from the x.APsubnet pool configured at the DHCP Server.

3B x.WG - The extranet Wireless Gateway 7250 IP Address Specific 30.0.30.1 Configured on the public interface of the WirelessGateway 7250.

3C x.NAP - The extranet IP Address for the NAP router Specific 27.0.27.1 Configured on the NAP interface to which Wireless AP7220 @ NAP will be connected. A NAP router may

have multiple interfaces to which each Wireless AP7220 @ NAP is connected. Each of these interfacesrequires an IP address.Note that for each Wireless AP 7220 @ NAP, the IPaddress must belong to the subnet of the NAP routerinterface to which the Wireless AP 7220 @ NAP isconnected via it’s Ethernet interface.

Address Category (See accompanying documents for descriptions) Address

TypeValue (Examples) Additional Comments


DHCP server requirements


48/252

318507-B Rev 01

The DHCP Server must:

• support the RFC 3011 subnet selection option (SSO)

• have a reserved lease timer set to be high (or configurable to be high)

The high time is necessary to accommodate the delays potentially incurred

through multiple Wireless AP 7220 hops.

DHCP configuration information can be found in Chapter 4, “Configuration

management.”

Possible DHCP server configurations

The following Wireless AP 7220 configurations are provisioned through the

DHCP server:

• address pool (x.AP subnet)

• subnet mask

• default routers

• address lease time

• location of Configuration File (FTP server address)

• name of Configuration File (on the FTP server)

The following mobile node configurations are provisioned through the DHCP

server:

• address pools (i.MN subnet) and subnet mask reflecting the size of the pool

• default router Wireless Gateway 7250 intranet IP address

• address lease time

DHCP server configuration for Wireless AP 7220

Configure the DHCP for standalone Wireless AP 7220 support with the following

information:

• a range of extranet IP addresses (x.AP) for assignment to Wireless AP 7220s

• a Subnet mask of 255.255.255.255 must be assigned to all Wireless AP 7220s


• the Default router list must contain only one entry which must be set to the IP

address of the designated Wireless Gateway 7250 (This is the public side of


49/252


address of the designated Wireless Gateway 7250 (This is the public side of

the network.)

• the Server Name must be set to the IP address of the FTP server • the Filename must be set to the pathname of the configuration file on the FTP

server.

DHCP server configuration for mobile nodes

Configure the DHCP for mobile node support with the following information:

• a range of intranet IP addresses (i.MN) for assignment to mobile nodes

• a Subnet mask reflecting the size of the address pool reserved for mobile

nodes

• the Default router list must contain only one entry which must be set to the

management IP address of the Wireless Gateway 7250 for this mobile node

address pool

It is possible to assign an IP address to any mobile node statically by creating a

host declaration that contains each mobile node Ethernet MAC address. When the

mobile node broadcasts for an IP address, the MAC address for that device isallocated to a specific IP address. The following parameters can be modified for

each declared host:

• mobile node Ethernet MAC address

• the fixed address of this mobile node (must be in the same subnet and outside

the declared range values)

• lease times

For more information on statically assigning an IP address to a mobile node see

Appendix B, “Sample DHCP configuration file.”

Note: The Wireless AP 7220 @ NAP must be statically configured. Refer to

“Configuring a Wireless AP 7220 @ NAP‘.


RADIUS server requirements


50/252

318507-B Rev 01

The RADIUS authentication server must provide:

• EAP Support (EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-LEAP)

• Tunnel Support

In order to authenticate a mobile node, the user device must be matched to a

profile stored on the server. Once the user is authenticated, a Tunnel-Id stored

in the profile is returned to the Wireless AP 7220. The Wireless AP 7220

maps the Tunnel-Id to the Subnet Selection Option. This mapping has been

downloaded earlier to the Wireless AP 7220 as part of the Wireless AP 7220configuration file. Once the Wireless AP 7220 has completed the Tunnel-Id to

SSO mapping, the DHCP Relay Agent in the Wireless AP 7220 requests a

session IP address for the mobile node from the DHCP server.

KeyGen is a software package that is installed on the same workstation that

houses the RADIUS server during initial installation of the Wireless Mesh

Network. The output of KeyGen is used as the password for a Wireless AP 7220

account on both the RADIUS server and the Wireless Gateway 7250. Although

KeyGen can run on any Windows based platform, it is best if the tool is installed

on the RADIUS server that runs on a Windows platform.

RADIUS configuration information and KeyGen information can be found in

Chapter 4, “Configuration management.” A KeyGen configuration example can

be found in Appendix A, “KeyGen tool.”

FTP server requirements

The FTP server is the host for software that will be downloaded to other network

elements in the Wireless Mesh Network. The FTP server in a Wireless Mesh

Network is used for several functions:

• for downloading the configuration file to a Wireless AP 7220 (The FTP serverhosts the configuration file which is used to dynamically configure a Wireless

AP 7220 when it initializes)

• for software upgrade to Wireless AP 7220 (The FTP server hosts the software

images for APs)

• for software upgrade and for backup and restore operations to the Wireless

Gateway 7250


The Following parameters must be configured at the FTP server (as well as at the

Wireless AP 7220):


51/252


)

• the location of the FTP server (IP address)• the user name for File/Image access

• the password to access the configuration file or the software image

FTP server configuration information can be found in “Configuring the FTP

server‘.” An FTP configuration example can be found in Appendix F, “Sample

FTP configuration file.”

SNTP server

The SNTP server provides the Wireless AP 7220 with the time parameters it

needs to ensure that each event logged on the Wireless AP 7220 has the proper

time-stamp information.

NAP router requirements

The NAP router performs traffic collection and distribution functions for traffic

originating and terminating over the broadband backbone network. It incorporates

routing functions and multiple wired Ethernet links for connection to Wireless AP

7220 @ NAPs. It acts as a standard IP router or an IP routing function in a

network edge device.

Any IP router that supports OSPF can act as a NAP router in the Wireless Mesh

Network. The NAP router must be able to propagate default route information

into the CAN. OSPF on the CAN interfaces of the NAP router must be configured

so that it can exchange routing information with the Wireless AP 7220 @ NAP.

NAP configuration information can be found in Chapter 4, “Configuration

management.” For a sample NAP router configuration see Appendix D, “Sample

NAP router configuration.”


Network Access Controller requirements


52/252

318507-B Rev 01

In an Inter-Wireless Gateway 7250 roaming environment, the Network Access

Controller (NAC) is responsible for the reachability of the set of authenticatedmobile nodes within a specified IP address range to support the mobile

communications for external and internal networking.

The Wireless Mesh Network requires the following two main functions from the

NAC to enable

• Inter-Wireless Gateway 7250 roaming and mobility support

• Subscriber management system interface

Inter-Wireless Gateway 7250 roaming and mobility support

The NAC interfaces with the Wireless Gateway 7250 through the Ethernet

switching function. This layer-2 Ethernet switching function is used to leverage

the auto-learning bridge design rather than the host-specific layer-3 routing update

to enable the NAC to keep track of the mobile subscriber’s mobility within the

Wireless Mesh Network.

In order to minimize the amount of broadcast traffic to support Ethernet

switching, the NAC must support the following key Ethernet functions:

• unsolicited unicast Address Resolution Protocol (ARP) requests (that is,

gratuitous ARP requests).Allows Wireless Gateway 7250s to send unicast ARP requests to update the

ARP cache in the NAC to enable the incoming packet forwarding to the

mobile subscribers through their serving Wireless Gateway 7250s

• configurable ARP cache size

Ensures sufficient ARP cache entries in the NAC to sustain the expected

mobile subscriber volume that is engineered for the NAC. Without a sufficient

amount of ARP cache size, broadcast proxy ARP requests may have to begenerated to resolve the IP-to-MAC address mapping if the corresponding

entry is overwritten by the latest ARP request originating from the Wireless

Gateway 7250.


The recommended ARP cache size is two times the number of mobile

subscribers supported by the NAC. For example, if each NAC supports 2000


53/252


mobile subscribers, set the ARP cache size to 4000. Refer to Appendix E,

“Sample NAC configuration” for a sample NAC configuration.• configurable ARP entry age out time

The ARP entry age out time must be configurable to a long enough time to

sustain the duration of the mobile subscriber’s connection to the Wireless

Mesh Network. Otherwise, the ARP entry will expire before the active mobile

subscribers disconnect from the Wireless Mesh Network. As a result, the

broadcast proxy ARP request may be generated by the NAC to resolve the

IP-to-MAC address mapping to support IP packet forwarding.

The recommended ARP entry age out time is one and a half times the

session-idle-timeout value returned by the RADIUS server. For example, if

the session-idle-timeout value is set to 5 minutes (300 seconds), set the ARP

entry age out time to 450. Refer to Appendix E, “Sample NAC configuration”

for a sample NAC configuration.

For assured Wireless Mesh Network security, the NAC must support multiplesubnets over the same logical and physical interfaces. This multi-netting support

feature allows you to assign a different IP addressing plan for the mobile

subscribers and the network management and control systems. This is so that the

IP addressing space for network management and control systems is never

exposed to the mobile subscribers.

Subscriber management system interface

The NAC provides the access control for the Wireless Mesh Network. It must

support

• captive portal re-direct function

The captive portal re-direct function intercepts any unauthenticated mobile

subscriber’s HTTP request and redirects the mobile subscriber to a pre-configured web page. The web page captures the mobile subscriber’s

information for the authentication, authorization, and accounting process used

to grant network access privileges. The web page can be used for the

following purposes:

— Notify mobile subscribers regarding the network provider’s Acceptable

Use Policy (AUP) that must be agreed to before the mobile subscriber can

be granted access to the Wireless Mesh Network and the Internet.


— Inform mobile subscribers of any information relevant to the access to

which they are being granted. For example, this can be information about

t i t d t i ifi d t il f th t k id


54/252

318507-B Rev 01

restricted ports or services, or specific details of the network provider.

— Authenticate mobile subscribers with a user ID and password against aAAA server (that is, a standard RADIUS server) before being granted

access to the Wireless Mesh Network and the Internet.

— Support configurable HTTP re-direct to the dedicated web portal. That is,

the web portal’s URL used for re-direction for mobile subscriber session

authentication.

• access control firewall rules

There can be three mail groups of IP addressing plans assigned in the WirelessMesh Network:

— management and control

— non-RSNA mobile subscribers (that is, captive portal-based authenticated

mobile subscribers)

— RSNA mobile subscribers (that is, 802.1X-based authenticated mobile

subscribers)

Configure different firewall rules for each of these groups to control packet

processing and forwarding. For example,

— management and control traffic bypasses the NAC’s firewall northbound

towards the NOSS

— unauthenticated non-RSNA mobile subscribers trigger the captive portal

HTTP re-direct function to execute the authentication, authorization, andaccounting process

— RSNA mobile subscriber authentication and authorization processing

bypasses the NAC’s firewall. However, the per-RSNA mobile subscriber

access is controlled by the authentication, authorization, and accounting

process results.

— a mobile subscriber’s originated unicast DHCP renew messaging and

RSNA mobile subscribers authentication messaging is allowed to pass

through the NAC’s firewall and be forwarded to the DHCP server

— a mobile subscriber of one subnet cannot have access to the network

resources for another subnet through the use of the Access Control List

(ACL)


Ethernet switch

I I t Wi l G t 7250 i i t th L 2 Eth t


55/252


In an Inter-Wireless Gateway 7250 roaming environment, the Layer 2 Ethernet

switch connects the distributed NACs and the distributed Wireless Mesh Networkcluster (WMC). Any Ethernet switch that can provide a scalable high performance

capacity and a high density port count can be used in the Wireless Mesh Network.

ONMS installation and configuration

Wireless Mesh Network uses Optivity NMS (ONMS) to manage Wireless AP

7220s and Wireless Gateway 7250s. To ensure the latest Wireless Mesh Network

functionality, the following load-line up (based on the ONMS 10.2 code base) is

required:

• Oracle Database: ORc9.2

• Oracle patch 9.2.0.5

• ONMS 10.2 and ONMS 10.2.0.3 patch

• OIT version 1.0B (Optivity Integration Toolkit) for Wireless AP 7220• OIT version 1.0 for Wireless Gateway 7250

All existing and new customers need to use the ONMS 10.2 code base (with the

Wireless AP 7220 and Wireless Gateway 7250 OITs and 10.2.0.3 patch) in order

to have the full and latest Wireless Mesh Network functionality available.

For complete information about ONMS, refer to the Optivity NMS 10.2documentation suite.

Note: To add the Wireless Gateway 7250 and Wireless AP 7220 OITs in

Optivity, run the install.bat file for each OIT. Do not use the oitadmin tool to

add these OITs.


Distribution network



56/252

318507-B Rev 01


between Wireless Gateway 7250s and Network Access Point routers (NAP-Rs). Itcan be a Layer 3 routed domain (where IP routing decisions are made by the

distribution network), or can be a Layer 1 or Layer 2 transport domain (that is,

(virtual) point-to-point links between Wireless Gateway 7250 and Wireless AP

7220). This network can be the same network as the Enterprise / ISP Backbone

Network.

Wireless Gateway 7250 configuration

The Wireless Gateway 7250 performs the following functions:

• advertises reachability (within Enterprise / ISP Distribution Network) for one

or more IP subnets assigned to Wireless Mesh Network subscribers and

network entities

• hides Wireless Mesh Network specific mobility and security functions from

the rest of the Enterprise / ISP Distribution and Backbone Networks

The following configurations are required at the Wireless Gateway 7250:

• subnet addresses for mobiles for which the Wireless Gateway 7250 acts as a

“home agent” (these must be the same mobile node subnets configured on the

DHCP server)

• security related configurations

• user accounts for Wireless AP 7220s

Two groups must be configured, one for standalone Wireless AP 7220 and

one for Wireless AP 7220 @ NAP. For more information see “Configuring

Wireless AP 7220 user accounts‘.”

• address pool from which to assign intranet IP addresses to the IPsec clients on

Wireless AP 7220s

• the statefull firewall enables the ability to dynamically modify policies that

ensure network security (Specific filters can be defined to allow certain traffic

flow.)


Wireless AP 7220 deployment requirements

Th ll il bl it f Wi l M h N t k i di tl


57/252


The overall available capacity of a Wireless Mesh Network is directly

proportional to the number of Wireless AP 7220 @ NAPs in the network.

The Access Link throughput is determined by the Access Link data rate and

network capacity. The Access Link throughput is also determined by the distance

from a mobile node to a Wireless AP 7220 in the deployed network.

A capacity increase can be provided by deploying multiple Wireless AP 7220 @

NAPs, each wired to a common Wireless Gateway 7250.

The Wireless AP 7220 @ NAP needs to be located where the wired network is

accessible, and where AC power can be accessed. The Wireless AP 7220 @ NAP

and the NAP router may be separated by up to 100m (328 ft) of Ethernet cable. To

prevent radio interference between Wireless AP 7220 @ NAPs connected to the

NAP router, the minimum recommended distance between the Wireless AP 7220

@ NAPs is 8m (26 ft).

For redundancy and to take advantage of the mesh capabilities, each Wireless AP

7220 @ NAP should have routes to at least two subtending Wireless AP 7220s.

Power requirements and information

Depending on the deployment scenario, power to the Wireless AP 7220 can be

sourced from:

• standard building power sources

• lamp posts

• utility poles

In the event of AC power outages, the Wireless Mesh Network is designed to

re-route around localized failures. Service availability depends on the level of

access coverage overlap.


Network specifications

The network must be configured in a mesh, with at least two transit links to each


58/252

318507-B Rev 01

The network mus

Wireless Mesh Network Solution Reference

Documents

Transcript of Wireless Mesh Network Solution Reference