Wireless LAN interface

This chapter provides information about the wireless LAN (WLAN) interface. Topics include:

• Overview

• WLAN radio MDA configuration

• WLAN port configuration

• WLAN MDA operating as both AP and station

• WLAN security

• Router and Layer 3 interfaces for WLAN ports

• WLAN interface status

• WLAN statistics

The node provides IEEE 802.11 b/g/n WLAN interface support.

The WLAN interface can be configured as an access point (AP) that clients can connect to or as a station that can connect to another AP. The interface can perform both functions concurrently.

There are two areas of configuration for the WLAN interface:

• the MDA-level configuration, which includes parameters such as channel, frequency band, and country

• the port-level configuration, which includes elements such as the network service set identifier (SSID), security parameters, WLAN access point parameters, and WLAN station parameters

There can be multiple APs per WLAN MDA, but only one station. The station can connect to one network from a list of possible candidates.

The WLAN ports on the node share the same WLAN MDA-level configuration. Each port has parameters that are configurable per network SSID.

The following parameters must be configured for the WLAN MDA:

• country

• frequency band

• channel

• bandwidth

• administrative status

• beacon interval

The country parameter is required to bring the radio up. The country must be configured before any other MDA-level configuration can proceed and before the WLAN radio can be enabled with the no shutdown command. The country parameter is configured by entering one of the following country names in the CLI: Australia, Belgium, Bolivia, Brazil, Canada, Chile, Colombia, France, Germany, India, Iran, Italy, Japan, Malaysia, Mexico, New Zealand, Peru, Russia, Singapore, South Africa, United States, or Venezuela.

The frequency-band can be configured as either 2.4 GHz or 5 GHz. The default is 2.4 GHz. If the configured country changes, the frequency band resets to the default value.

The channel can be configured either as auto or as a specific channel identifier. The channel ID supported by the node depends on the configured country. See the Appendix for channel ID and country mappings. The default channel setting is auto. If the configured country changes, the channel resets to the default value.

A network SSID can only be configured when the country parameter is configured.

The bandwidth can be configured as either 20 MHz or 40 MHz, depending on the configured country. See the Appendix for bandwidth and country mapping. The default bandwidth is 20 MHz. If the configured country or frequency band changes, the bandwidth resets to the default value.

The WLAN station port uses the configured frequency-band to scan for an SSID that it can connect to.

The WLAN AP broadcasts a beacon packet in order to synchronize the wireless network. The frequency with which the packet is sent can be configured using the beacon-interval command.

The WLAN radio can be turned off using the shutdown command in the config>card>mda>wlan-radio context. When the WLAN radio is turned off, any configured WLAN ports become operationally down if they were not already shut down. When the no shutdown command is issued in this context, the radio is turned on and configured WLAN ports can begin operating; however, the no shutdown command cannot be issued until the country parameter is configured.

The WLAN radio can be put into reset mode using the shutdown command in the config>card>mda context. Any configured WLAN ports become operationally down when the WLAN radio is in reset mode. When the no shutdown command is issued in this context, the radio comes out of reset and configured WLAN ports can begin operating.

The WLAN port identifiers for the WLAN MDA are fixed and represent either the APs or the station, as follows:

• port 1/4/1 is always AP 1

• port 1/4/2 is always AP 2

• port 1/4/3 is always AP 3

• port 1/4/4 is always station 1

All three APs can be operationally up concurrently when the station is not configured. Only one AP can be operationally up when the station is configured.

Each WLAN port operates either as an access port or as a network port as configured by the mode command in the config>port>wlan context. By default, when the port is an AP, its mode is access, and when the port is a station, its mode is network.

When a WLAN AP port is acting as an access port, it provides access-level connectivity to the Nokia WLAN gateway (GW) for subscriber and WLAN access and for WLAN mobility management. For more information, see "Transporting WLAN Access Point Traffic over Services" in the 7705 SAR-Hm and SAR-Hmc Main Configuration Guide. When acting as a network port, a WLAN AP provides network-level connectivity to transport services to other connected WLAN stations in order to extend services over the AP. For more information, see "Services over the WLAN station port" in the 7705 SAR-Hm and SAR-Hmc Main Configuration Guide.

Each WLAN port can be configured with security parameters for the WLAN network (see WLAN security).

Each WLAN AP port is configured with a unique network SSID and with AP-specific parameters, including dot1x parameters, DHCP relay, and access point control parameters. Layer 3 interfaces can be configured on a WLAN AP port.

The WLAN station port is configured with a list of network SSIDs it can connect to if the network is available. It is also configured with station-specific parameters, including network authentication and a password.

A router interface can be configured on any WLAN port. When a router interface is configured on a port, the port ID cannot be used as a SAP.

WLAN ports support IPv4.

The 7705 SAR-Hm WLAN interface can operate both as a station and as an AP at the same time. This is possible when one of the WLAN AP ports is configured and the station port is also configured.

When the configure>card>mda>wlan-radio>channel command is set either to auto or to a specific channel, the station will scan and look for an SSID that it can connect to. The WLAN APs that are configured on the node will go down until the station connects to a channel. When the station connects to the SSID using the channel provided, the WLAN APs will also use the same channel.

When the WLAN MDA is operating concurrently as an AP and as a station and the configured frequency band of the WLAN radio MDA changes for example, from 2.4 GHz to 5 GHz or from 5 GHz to 2.4 GHz, a clear mda 1/4 command must be issued to ensure the station connects to a remote AP.

The WLAN ports support the following security options:

• open

• WPA2-PSK

• WPA2-Enterprise

When no WLAN security is required, a WLAN port is configured with no wlan-security and WLAN port security is open.

When WLAN security is required, a WLAN port can be configured with WPA2-PSK or WPA2-Enterprise security. When configuring either of these security types, the encryption must be set to either TKIP or AES using the wpa-encryption command. AES is the default.

When a WLAN port is configured for WPA2-PSK security, operators must use the wpa-passphrase command to configure a pre-shared secret passphrase that is used by clients to connect to the AP.

When the WLAN AP port is configured for WPA2-Enterprise security, operators must configure a RADIUS policy under the config>system>security>dot1x context in the CLI. For information about configuring a RADIUS policy in this context, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide. The dot1x RADIUS policy ID used to configure the RADIUS policy is then configured on the WLAN AP port using the config>port>wlan>access-point>dot1x>radius-plcy command.

The retry and timeout commands in the config>system>security>dot1x> radius-plcy context are ignored by the WLAN AP port. Instead, the retry count is set to 3 and the timeout value is set to 5 s so that the node will try each server four times before moving on to the next server if multiple servers are configured.

When the WLAN station port is configured with WPA2-Enterprise security, operators must configure the authentication type as one of EAP-TTLS, EAP-FAST, or EAP-PEAP using the config>port>wlan>network>wlan-security>station>authentication command. If the port is configured with WPA2-PSK security, the authentication type defaults to none and cannot be changed.

When the WLAN AP port is configured for WPA2-Enterprise security, connected clients are required to periodically reauthenticate themselves to the WLAN network. The interval is configured using the re-auth-period command.

WLAN client authentication types lists the authentication methods that the node supports.

Security parameters can only be modified when the WLAN port is shut down.

The WLAN ports can be configured with a router interface or a Layer 3 interface in order to enable transport of network-level services, including VPRN services.

When a WLAN port is configured with a router interface, the port ID cannot be used as a SAP and the port can only operate in network mode.

When a WLAN port is configured with a Layer 3 interface, it can only operate in access mode.

WLAN interface status describes the operational states that apply to the WLAN interface.

Statistics items can be displayed on the CLI for the WLAN port and for each WLAN instance. The node also collects access point and client-specific data transfer and operational statistics.