8/9/2019 Wireless Mesh Network Solution Reference
1/252
Part No. 318507-B Rev 01
March 2005
Wireless Mesh NetworkSolution Reference
8/9/2019 Wireless Mesh Network Solution Reference
2/252
2
318507-B Rev 01
Copyright © 2005 Nortel Networks
All rights reserved. March 2005
The information in this document is subject to change without notice. The statements, configurations, technical data, andrecommendations in this document are believed to be accurate and reliable, but are presented without express or impliedwarranty. Users must take full responsibility for their applications of any products specified in this document. Theinformation in this document is proprietary to Nortel Networks Inc.
The software described in this document is furnished under a license agreement and may be used only in accordancewith the terms of that license. The software license agreement is included in this document.
Trademarks
Nortel Networks, the Nortel Networks logo, and Contivity are trademarks of Nortel Networks.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Check Point and Firewall 1 are trademarks of Check Point Software Technologies Ltd.
Java is a trademark of Sun Microsystems.
Microsoft, Windows, Windows NT, and MS-DOS are trademarks of Microsoft Corporation.
NETVIEW is a trademark of International Business Machines Corp (IBM).
OPENView is a trademark of Hewlett-Packard Company.SPECTRUM is a trademark of Cabletron Systems, Inc.
All other trademarks and registered trademarks are the property of their respective owners.
Restricted rights legend
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in theCommercial Computer Software-Restricted Rights clause at FAR 52.227-19.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves theright to make changes to the products described in this document without notice.
Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or
circuit layout(s) described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. Allrights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that theabove copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertisingmaterials, and other materials related to such distribution and use acknowledge that such portions of the software weredeveloped by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITYAND FITNESS FOR A PARTICULAR PURPOSE.
8/9/2019 Wireless Mesh Network Solution Reference
3/252
3
Wireless Mesh Network Solution Reference
In addition, the program and information contained herein are licensed only pursuant to a license agreement that containsrestrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third
parties).
Nortel Networks Inc. software license agreement
This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWINGCAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THESOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSEAGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shippingcontainer, within 30 days of purchase to obtain a credit for the full purchase price.
“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrightedand licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel
Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain norights other than those granted to you under this License Agreement. You are responsible for the selection of theSoftware and for the installation of, use of, and results obtained from the Software.
1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software ononly one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. Tothe extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer
is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains tradesecrets and Customer agrees to treat Software as confidential information using the same care and discretion Customeruses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure thatanyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use,copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile,reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expresslyauthorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are
beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designatedhardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify itsdestruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Softwareactivation or usage levels. If suppliers of third party software included in Software require Nortel Networks to includeadditional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to suchthird party software.
2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMSALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to
provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, insuch event, the above exclusions may not apply.
3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BELIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF,OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOURUSE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEENADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplierof the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do notallow these limitations or exclusions and, in such event, they may not apply.
8/9/2019 Wireless Mesh Network Solution Reference
4/252
4
318507-B Rev 01
4. General
a. If Customer is the United States Government, the following paragraph shall apply: All Nortel NetworksSoftware available under this License Agreement is commercial computer software and commercial computer
software documentation and, in the event Software is licensed for or on behalf of the United StatesGovernment, the respective rights to the software and software documentation are governed by Nortel
Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer failsto comply with the terms and conditions of this license. In either event, upon termination, Customer musteither return the Software to Nortel Networks or certify its destruction.
c. Customer is responsible for payment of any taxes, including personal property taxes, resulting fromCustomer’s use of the Software. Customer agrees to comply with all applicable laws including all applicableexport and import laws and regulations.
d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e. The terms and conditions of this License Agreement form the complete and exclusive agreement betweenCustomer and Nortel Networks.
f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. Ifthe Software is acquired in the United States, then this License Agreement is governed by the laws of the stateof New York.
8/9/2019 Wireless Mesh Network Solution Reference
5/252
5
Wireless Mesh Network Solution Reference
Preface 19
Before you begin 19
Text conventions 20
Icon conventions 21
Documentation roadmap 22
Hard-copy technical manuals 24
How to get help 24
Chapter 1
Fundamentals 27
Wireless Mesh Network solutions 27
Network overview 28
Network architecture 28
Community Area Network 29
Network Access Point 29Wireless Access Point 7220 29
Enterprise/ISP backbone network 30
Wireless Gateway 7250 30
Enterprise / ISP / Metro distribution network 31
Border Gateway 31
Network Operations Support System 31
Wireless Mobile Node 35
Inter-Wireless Gateway 7250 roaming and mobility 35
Access and transit links 38
Principles of operation 39
Wireless Mesh Network topology 40
Mobility management 40
Chapter 2Network installation overview 43
IP addressing requirements 43
Wireless Mesh Network subnetting 44
Requirements for a pre-existing network 47
DHCP server requirements 48RADIUS server requirements 50
8/9/2019 Wireless Mesh Network Solution Reference
6/252
6
318507-B Rev 01
FTP server requirements 50
SNTP server 51
NAP router requirements 51Network Access Controller requirements 52
Ethernet switch 55
ONMS installation and configuration 55
Distribution network 56
Wireless AP 7220 deployment requirements 57
Power requirements and information 57
Network specifications 58
Chapter 3Fault management 59
Faults in the Wireless Mesh Network 59
Faults in the Wireless AP 7220 59
Faults in the Wireless Gateway 7250 60
Optivity Network Management System (ONMS) 60
Collecting and managing fault data 61
Collecting fault data 61
Managing fault data 62
Alarm filtering 62
Error logging 63 Alarm statistics 64
Fault reports and fault summaries 64
Fault detection and investigation 65
Fault correction 67
Network recovery / auto-healing 68
Chapter 4Configuration management 69
Configuration overview 69
Tools and utilities 70
KeyGen tool 70
ConfigVerify tool 71
Configuring the Dynamic Host Configuration Protocol (DHCP) server 71
8/9/2019 Wireless Mesh Network Solution Reference
7/252
7
Wireless Mesh Network Solution Reference
Configuring the NAP router 72
Configuring the RADIUS server 73
Configuring the FTP server 74Configuring super ping in ONMS 75
Configuring the Network Access Controller (NAC) 76
Configuring an Ethernet switch 76
Configuring the Wireless Gateway 7250 77
Managing the Wireless Gateway 7250 through a console 79
Configuring the interfaces 80
Connecting to the Wireless Gateway 7250 using the web browser 82
Configuring default routes (private and public) 82
Configuring default routes 82
Configuring default routes using the CLI 84
Enabling services 85
Enabling the FTP, Telnet, and SNMP service 85
Using the Telnet service 86
Installing/upgrading/downgrading Wireless Gateway 7250 software 86
Setting up an FTP server 86
Starting the upgrade process 86
Enabling and configuring the Stateful Firewall 90
Creating filters 92
Saving and activating a policy 101Configuring advanced routing software 103
Configuring client address redistribution (CAR) pools 105
Configuring IPsec parameters 109
Configuring Wireless AP 7220 user accounts 121
Configuring a static IP address 123
Configuring classifier rules 124
Creating classifiers 124
Creating classifier rules 126
Associating the classifier to the rules 130
Applying the classifiers to the interfaces 133
Configuring a Wireless AP 7220 @ NAP 136
Configuring a Wireless AP 7220 137
Wireless AP 7220 pre-deployment configuration 138
8/9/2019 Wireless Mesh Network Solution Reference
8/252
8
318507-B Rev 01
Wireless AP 7220 post-deployment configuration 140
Initializing the Wireless AP 7220 from flash memory 140
Initializing the Wireless AP 7220 from the Ethernet port 140Writing an image into flash memory 141
Command line interface (CLI) option 141
Configuring the configuration manager (ConfigMgr) 141
Manually upgrading the Wireless AP 7220 software 142
Software image information 143
Configuring the DHCP user class 143
Restarting a Wireless AP 7220 143
Configuring the Wireless AP 7220 location 144
Configuring the access link 144
Configuring the transit link 145
Enabling and configuring Wireless AP 7220 logging 147
Configuring the log subsystem 147
Specifying the severity of Wireless AP 7220 events forwarded to syslog 149
Enabling or disabling Wireless AP 7220 logging 149
Specifying the syslog server 152
Upgrading the Wireless AP 7220 software 152
Wireless AP 7220 pre-deployment software upgrade 152
Command Line Interface (CLI) Wireless AP 7220 software download 153
Switching to the new Wireless AP 7220 software load 154Rebooting the Wireless AP 7220 154
Wireless AP 7220 post-deployment software upgrade 155
ONMS Wireless AP 7220 software download 155
Setting the delay timer 157
Switching to the new Wireless AP 7220 software load 157
Starting the delay reboot 158
Load Redundancy in flash memory 158
Configuring the Wireless AP 7220 for transit link authentication 158
Configuring the Simple Network Time Protocol (SNTP) 159
Configuring the Simple / Secure Network Management Protocol (SNMP) 160
Configuring the RADIUS server shared secret 160
Configuring the DHCP server user class 161
Configuring the Subscriber Management Entity (SME) 161
8/9/2019 Wireless Mesh Network Solution Reference
9/252
9
Wireless Mesh Network Solution Reference
162
Chapter 5
Accounting 163
Overview 163
Accounting server configurations 164
RADIUS server accounting attributes 165
Tracking of services and resource usage 168
Time-based accounting 168
Idle timeouts 168
Network failure 169
Fraud reporting 170
Accounting traps 170
Chapter 6Performance management 171
Optivity Network Management System (ONMS) 171
Collecting performance measurements 172
Reporting performance measurements 173
Analyzing performance measurements 173
Maintaining and analyzing logs 176
Chapter 7Security 179
Security standards 179
Security in the Wireless Mesh Network 179
Subscriber security 181
Transit link security 182
Network security 183
AAA policy services 184
Authenticating Wireless AP 7220s 185
Authenticating subscribers 185
Authenticating subscribers using RSNA mobile nodes 185
Authenticating subscribers using non-RSNA devices 186
Quarantining unauthorized mobile nodes 187
8/9/2019 Wireless Mesh Network Solution Reference
10/252
10
318507-B Rev 01
Security alarms and event reporting 187
Security audit trails 188
Chapter 8Administration 189
Tools and utilities 189
Managing network changes 190
Managing Wireless Access Point 7220s 190
Rebooting the Wireless AP 7220 192
Managing Wireless Gateway 7250s 193
Managing network access point routers (NAP-Rs) 194
Managing end users 194
Creating user accounts 195
Modifying user accounts 196
Deleting user accounts 196
Performing and managing backups 196Restoring from backups 197
Appendix AKeyGen tool 199
Appendix B
Sample DHCP configuration file 201
Appendix C
FTP server user permissions 209
Modifying FTP server user permissions 209
Appendix D
Sample NAP router configuration 211
Appendix E
Sample NAC configuration 215
Appendix F
Sample FTP configuration file 219
Appendix G
8/9/2019 Wireless Mesh Network Solution Reference
11/252
11
Wireless Mesh Network Solution Reference
Wireless Access Point 7220 performance statistics 223
Wireless Access Point 7220 statistics 223
Wireless AP 7220 Access Link statistics 224
Wireless AP 7220 Mobile IP statistics 224
Wireless AP 7220 Transit Link Activity statistics 224
Wireless AP 7220 IPsec Activity statistics 225
RADIUS Authentication statistics 225
RADIUS Authentication General statistics 225
RADIUS Authentication Incoming statistics 225RADIUS Authentication OutGoingToServer statistics 226
RADIUS Accounting statistics 226
RADIUS Accounting General statistics 226
RADIUS Accounting Incoming statistics 227
RADIUS Accounting Outgoing statistics 227
SNMP statistics 227
SNMP engine statistics 228
SNMP MPD statistics 228
SNMP target statistics 228
SNMP USM statistics 228
OSPF statistics 229
OSPF area table statistics 229
OSPF interface statistics 229
OSPF neighbor table statistics 229
MIB-II statistics 230
MIB-II system statistics 230
MIB-II system status/profile statistics 230
MIB-II interface statistics 231
MIB-II interface status/profile statistics 231MIB-II interface InActivity statistics 231
MIB-II interface OutActivity statistics 232
MIB-II IP statistics 232
MIB-II IP profile statistics 232
MIB-II IP InActivity statistics 232
MIB-II IP OutActivity statistics 233MIB-II IP address table statistics 233
8/9/2019 Wireless Mesh Network Solution Reference
12/252
12
318507-B Rev 01
MIB-II IP route table statistics 233
MIB-II ICMP statistics 234
MIB-II ICMP InActivity statistics 234MIB-II ICMP OutActivity statistics 235
MIB-II UDP statistics 235
MIB-II UDP activity statistics 235
MIB-II TCP statistics 236
MIB-II TCP profile statistics 236
MIB-II TCP activity statistics 236
MIB-II SNMP statistics 236
MIB-II SNMP InActivity statistics 236
MIB-II SNMP OutActivity statistics 237
Appendix HWireless Access Point 7220 traps 239
Glossary 241
8/9/2019 Wireless Mesh Network Solution Reference
13/252
13
Wireless Mesh Network Solution Reference
Figure 1 Basic Wireless Mesh Network architecture 28
Figure 2 Inter-Wireless Gateway 7250 roaming Wireless Mesh Network
architecture 36
Figure 3 Wireless AP 7220 radio links overview 39
Figure 4 Basic Wireless Mesh Network IP addressing architecture 44
Figure 5 InfoCenter window indicating devices in fault 66
Figure 6 Fault Summary window with fault, trap, and syslog details 67
Figure 7 Basic network layout example 77
Figure 8 Inter-Wireless Gateway 7250 roaming and mobility network layout
example 78Figure 9 The Static Routes screen 83
Figure 10 Private Default Route screen 83
Figure 11 Enabling the FTP service 85
Figure 12 Directory tree screen 87
Figure 13 The Upgrades screen 87
Figure 14 Upgrade Retrieval screen 88
Figure 15 Retrieval progress screen 89
Figure 16 New Version Retrieve status screen 89
Figure 17 Upgrade apply screen 90
Figure 18 The License key screen 91
Figure 19 The Firewall / NAT screen 92
Figure 20 New Policy screen 93
Figure 21 Adding a MIP policy 94
Figure 22 Creating a mobile IP (MIP) service filter 95
Figure 23 Adding a mobile IP (MIP) service filter 96
Figure 24 The Stateful Firewall screen 96
Figure 25 Network Object Type Selection screen 98
Figure 26 IP range object screen 99
Figure 27 Assigning a captive portal to the mobile node pool 100Figure 28 Defined mobile node pools 101
Figure 29 Global configuration 102
Figure 30 Enabling the gratuitous ARP 103
Figure 31 Example of the local OSPF parameters 104
Figure 32 Example of the global OSPF parameters 105
Figure 33 Adding an IP address pool 107
Figure 34 Example of an IP address pool list 107
8/9/2019 Wireless Mesh Network Solution Reference
14/252
14
318507-B Rev 01
Figure 35 Enable CAR pools 108
Figure 36 Enabling a route policy 109
Figure 37 Global IPsec parameters 110
Figure 38 Global IPsec parameters (continued) 110
Figure 39 Global IPsec parameters (continued) 111
Figure 40 Example of a Wireless AP 7220 address pool configuration 113
Figure 41 Example of adding a Wireless AP 7220 group 114
Figure 42 Example of editing a Wireless AP 7220 group 115
Figure 43 Wireless AP 7220 @ NAP group connectivity parameters 116
Figure 44 Wireless AP 7220 @ NAP group connectivity parameters (continued) 116
Figure 45 Wireless AP 7220 @ NAP group connectivity parameters (continued) 117
Figure 46 Wireless AP 7220 group connectivity parameters 117
Figure 47 Wireless AP 7220 group connectivity parameters (continued) 118
Figure 48 Wireless AP 7220 group connectivity parameters (continued) 118
Figure 49 Group IPsec parameters 120
Figure 50 Group IPsec parameters (continued) 121Figure 51 Example of configuring a Wireless AP 7220 user account 122
Figure 52 Configuring a static IP address 123
Figure 53 Creating a classifier 125
Figure 54 Edit Classifier screen 125
Figure 55 Classifiers screen 126
Figure 56 Creating classifier rules 127Figure 57 Classifiers Rules Port screen 128
Figure 58 Create Port screen 129
Figure 59 Associating the classifier to the rules 131
Figure 60 Edit Classifier (PRIVATE_INGRESS) screen 132
Figure 61 Edit Classifier (PUBLIC_EGRESS) screen 133
Figure 62 QoS Interfaces screen 134
Figure 63 Enabling the private classifier 135
Figure 64 Computer to Wireless AP 7220 @ NAP Ethernet connection 136
Figure 65 Pre-deployment configuration 139
Figure 66 Selecting a Wireless AP 7220 to enable logging 150
Figure 67 The Monitor Options - Syslog Registration option 151
Figure 68 Accounting server configurations 164
8/9/2019 Wireless Mesh Network Solution Reference
15/252
15
Wireless Mesh Network Solution Reference
Figure 69 Example OmniView GUI displaying Wireless AP 7220 statistics tables
174
Figure 70 Example OmniView GUI displaying Wireless AP 7220 statistics graphs
175
Figure 71 Example OmniView MIB help window 176
Figure 72 Wireless Mesh Network and other network components relative to private
and public network entities 180
Figure 73 Subscriber security in the Wireless Mesh Network 182
Figure 74 Transit link and network security in the Wireless Mesh Network 183
Figure 75 Wireless AP 7220 device configuration screen 192
8/9/2019 Wireless Mesh Network Solution Reference
16/252
16
318507-B Rev 01
8/9/2019 Wireless Mesh Network Solution Reference
17/252
17
Wireless Mesh Network Solution Reference
Table 1 NOSS requirements 32
Table 2 ONMS applications 34
Table 3 Wireless Mesh Network subnetting 45
Table 4 IP address categories 46
Table 5 Private ingress classifier rules port information 129
Table 6 Public egress classifier rules port information 130
Table 7 Accounting attributes 165
Table 8 Transit link parameters requiring Wireless AP 7220 reboot 191
Table 9 Fault correlation of Wireless Mesh Network traps 240
8/9/2019 Wireless Mesh Network Solution Reference
18/252
18
318507-B Rev 01
8/9/2019 Wireless Mesh Network Solution Reference
19/252
19
Wireless Mesh Network Solution Reference
Preface
This guide introduces the Nortel Wireless Mesh Network. It provides overview,
configuration, and maintenance information to help you install, configure and
maintain your Wireless Mesh Network.
Before you begin
This guide is for network managers who are responsible for setting up,
configuring, and maintaining the Wireless Mesh Network. This guide assumes
that you have experience with windowing systems or graphical user interfaces
(GUIs) and familiarity with network management.
Along with the Wireless AP 7220 software provided on the Wireless AP 7220
software CD, two Wireless Mesh Network tools are also provided: KeyGen and
ConfigVerify. You can also download these tools using theNortel Customer
Support portal at http://www.nortelnetworks.com/index.html if you have a Nortel
Customer Support Contract.
http://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.htmlhttp://www.nortelnetworks.com/index.html
8/9/2019 Wireless Mesh Network Solution Reference
20/252
20 Preface
318507-B Rev 01
Text conventions
This guide uses the following text conventions:
angle brackets (< >) Indicate that you choose the text to enter based on thedescription inside the brackets. Do not type the brackets when entering the command.
Example: If the command syntax isping , you enter
ping 192.32.10.12 bold Courier text Indicates command names and options and text that
you need to enter.
Example: Use the dinfo command.
Example: Enter show ip {alerts|routes}.
braces ({}) Indicate required elements in syntax descriptions wherethere is more than one option. You must choose only
one of the options. Do not type the braces whenentering the command.
Example: If the command syntax isshow ip {alerts|routes}, you must enter either show ip alerts or show ip routes, but not both.
brackets ([ ]) Indicate optional elements in syntax descriptions. Donot type the brackets when entering the command.
Example: If the command syntax isshow ip interfaces [-alerts], you can enter either show ip interfaces or show ip interfaces -alerts.
ellipsis points (. . . ) Indicate that you repeat the last element of thecommand as needed.
Example: If the command syntax is
ethernet/2/1 [ ]... ,you enter ethernet/2/1 and as many parameter-value pairs as needed.
P f 21
8/9/2019 Wireless Mesh Network Solution Reference
21/252
Preface 21
Wireless Mesh Network Solution Reference
Icon conventions
Figures in this guide that depict a Wireless Mesh Network use the following
standard icons:
italic text Indicates new terms, book titles, and variables incommand syntax descriptions. Where a variable is twoor more words, the words are connected by anunderscore.
Example: If the command syntax isshow at , valid_route is onevariable and you substitute one value for it.
plain Couriertext
Indicates command syntax and system output, forexample, prompts and system messages.
Example: Set Trap Monitor Filters
separator ( > ) Shows menu paths.
Example: Protocols > IP identifies the IP option on theProtocols menu.
vertical line ( | ) Separates choices for command keywords andarguments. Enter only one of the choices. Do not typethe vertical line when entering the command.
Example: If the command syntax isshow ip {alerts|routes}, you enter either show ip alerts or show ip routes, but not both.
Wireless Access Point 7220
Wireless Gateway 7250
Network Access Point router
22 P f
8/9/2019 Wireless Mesh Network Solution Reference
22/252
22 Preface
318507-B Rev 01
Documentation roadmap
For information about installing, configuring, monitoring, and managing a
Wireless Mesh Network, refer to the following publications:
• Wireless Mesh Network Solution Reference Guide (318507-A)
• Configuration Record for a Nortel Networks Wireless Mesh Network(318509-A)
For information about installing a Wireless Access Point 7220, refer to the
following publications:
• Installing the Nortel Networks Wireless Access Point 7220 (318527-A)
Network Access Controller
Ethernet switch
Network Operations Support System (NOSS) servers(DHCP, FTP, RADIUS AAA, SNTP)
Optivity Network Management System (ONMS) in NOSS
Mobile Node
RF wireless connection
Border Gateway
Preface 23
8/9/2019 Wireless Mesh Network Solution Reference
23/252
Preface 23
Wireless Mesh Network Solution Reference
• Quick Reference to Installing the Nortel Networks Wireless Access Point 7220
(318528-A)
For information about installing and using a Wireless Gateway 7250, refer to thefollowing publications:
• Installing the Nortel Networks Wireless Gateway 7250 (318511-A)
• Installing Hardware Options for the Nortel Networks Wireless Gateway 7250
(318519-A)
• Configuring Firewalls and Filters for the Nortel Networks Wireless Gateway
7250 (318516-A)
• Managing and Troubleshooting the Nortel Networks Wireless Gateway 7250
(318517-A)
• Command Line Interface for the Nortel Networks Wireless Gateway 7250
(318518-A)
For information about using the Optivity Network Management System, refer to
the following publications:
• Release Notes for Optivity NMS Release 10.2 (205970-G)
Provides the latest information, including brief descriptions of the new
features, problems fixed in this release, and known problems and
workarounds.
• Quick Installation and Startup for Optivity NMS 10.2 for Windows(208830-F)
Provides brief instructions for installing and getting started with Optivity
NMS 10.2 for Windows NT*, Windows 2000, and Windows 2003 platforms.
• Quick Installation and Startup for Optivity NMS 10.2 for UNIX (208949-F)
Provides brief instructions for installing and getting started with Optivity
NMS 10.2 for UNIX platforms.
• Quick Installation of Optivity NMS 10.2 Database (213315-C)
Provides brief instructions for installing the Oracle database software required
for Optivity NMS 10.2 on a UNIX or Windows platform.
• Installing and Administering Optivity NMS 10.2 (205969-G)
24 Preface
8/9/2019 Wireless Mesh Network Solution Reference
24/252
24 Preface
318507-B Rev 01
Describes how to install and administer Optivity NMS 10.2 to start managing
your Wireless Mesh Network.
• Using Optivity NMS 10.2 Applications (207569-E)Describes how to use the integrated Optivity Network Management System
tools and applications to get the most out of your network resources.
• Agent Support for Optivity NMS 10.2 (216729-A)
Describes devices and agents supported for Optivity NMS 10.2.
Hard-copy technical manuals
You can print selected technical manuals and release notes free of charge, directly
from the Internet. Go to the www.nortelnetworks.com/documentation URL. Find
the product for which you need documentation. Then locate the specific category
and model or version for your hardware or software product. Use Adobe* Acrobat
Reader* to open the manuals and release notes, search for the sections you need,and print them on most standard printers. Go to Adobe Systems at the
www.adobe.com URL to download a free copy of the Adobe Acrobat Reader.
How to get help
If you purchased a service contract for your Nortel product from a distributor or
authorized reseller, contact the technical support staff for that distributor or
reseller for assistance.
If you purchased a Nortel service program, contact one of the following Nortel
Technical Solutions Centers:
Technical Solutions Center Telephone
Europe, Middle East, and Africa (33) (4) 92-966-968
North America (800) 4NORTEL or (800) 466-7835
Asia Pacific (61) (2) 9927-8800
China (800) 810-5000
Preface 25
http://www.nortelnetworks.com/documentationhttp://www.adobe.com/http://www.adobe.com/http://www.adobe.com/http://www.adobe.com/http://www.nortelnetworks.com/documentation
8/9/2019 Wireless Mesh Network Solution Reference
25/252
Preface 25
Wireless Mesh Network Solution Reference
Additional information about the Nortel Technical Solutions Centers is available
from the www.nortelnetworks.com/help/contact/global URL.
An Express Routing Code (ERC) is available for many Nortel products andservices. When you use an ERC, your call is routed to a technical support person
who specializes in supporting that product or service. To locate an ERC for your
product or service, go to the http://www.nortelnetworks.com/help/contact/erc/
index.html URL.
26 Preface
http://www.nortelnetworks.com/help/contact/globalhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/erc/index.htmlhttp://www.nortelnetworks.com/help/contact/global
8/9/2019 Wireless Mesh Network Solution Reference
26/252
318507-B Rev 01
8/9/2019 Wireless Mesh Network Solution Reference
27/252
27
Wireless Mesh Network Solution Reference
Chapter 1
Fundamentals
Wireless Mesh Network solutions
A Wireless Mesh Network enables mobile users to enjoy secure, seamless,
wireless roaming across converging public and private networks, as well as
hotspot environments.
Nortel’s Wireless Mesh Network solution uses a number of wireless access points
connected point to point. The traditional hub or star configuration found in atraditional WLAN backhaul is replaced with point to point connections between
wireless access points to form a mesh network backhaul to the broadband
network. Replacing the wired backhaul with wireless backhaul does not require
existing LAN infrastructure when deploying the Wireless Mesh Network solution.
The Wireless Mesh Network solution uses standard IEEE 802.11 technology for
providing broadband wireless access and wireless backhaul. A Wireless Mesh Network solution is ideal in providing WLAN coverage in open spaces where
traditional WLAN systems are prohibitive to deploy because CAT5 or LAN
cabling does not exist or is costly and difficult to deploy. Some examples of places
where a Wireless Mesh Network solution would have advantages over a standard
WLAN solution are:
• open spaces such as parks or public plazas• shopping malls
• campus environments such as universities or research parks
• airports, bus stations, train stations
• industrial facilities such as truck stops and dockyards
• stadiums and outdoor recreational facilities
• metropolitan areas
28 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
28/252
318507-B Rev 01
Network overview
Network architecture
A graphical representation of a basic Wireless Mesh Network system is shown in
Figure 1.
Figure 1 Basic Wireless Mesh Network architecture
Chapter 1 Fundamentals 29
8/9/2019 Wireless Mesh Network Solution Reference
29/252
Wireless Mesh Network Solution Reference
Community Area Network
The Community Area Network (CAN) is a cluster of Wireless Access Point 7220s
that form a self-organizing and auto-configuring mesh structure. It is a cluster ofWireless Access Point 7220s that can associate with each other within the control
of one Wireless Gateway 7250. The CAN uses multi-hop, wireless (unlicensed)
backhaul from a wired broadband network access point (NAP). Security functions
protect control, management, and user traffic flowing over the wireless links, and
authorize access by mobile subscribers.
Network Access Point
The Wireless AP 7220 connected to the Network Access Point (NAP) router
(known as a NAP-R) is referred to as a Wireless AP 7220 @ NAP. It is the point
of interconnection between the CAN and the distribution network. The Wireless
AP 7220 @ NAP is a Wireless AP 7220 connected to the NAP-R via a wired
Ethernet connection. This Wireless AP 7220 @ NAP communicates with a cluster
of Wireless AP 7220s in a CAN. The Wireless AP 7220 @ NAP performs trafficcollection and distribution functions for traffic originating and terminating over
the broadband backbone network.
The NAP-R incorporates routing functions and multiple wired Ethernet links for
connection to Wireless AP 7220 @ NAPs. The NAP-R acts as a standard IP router
or an IP routing function in a network edge device. The IP router must support
OSPF.
Wireless Access Point 7220
The Wireless Access Point 7220 (Wireless AP 7220) provides the following:
• traffic collection and distribution functions for traffic within the Community
Area Network
• extended reach, simplified deployment, and reliability due to its antenna
design
• wireless access functions for connection to wireless mobile nodes (MNs)
• routing and wireless transit functions for connection to two or more Wireless
AP 7220s and to NAPs
• incorporates security functions for validating connections to other Wireless
AP 7220s
30 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
30/252
318507-B Rev 01
• security functions for controlling user device access
The Wireless AP 7220 also acts as a:
• DHCP-Client - for itself
• DHCP-Relay - for mobile nodes and for neighbor Wireless AP 7220s
• RADIUS Authentication Client (Authenticator) - for mobile nodes and for
neighbor Wireless AP 7220s
• RADIUS Accounting Client - for mobile nodes
Enterprise/ISP backbone network
The Enterprise/ISP backbone network is a Layer 3 routed domain (that is, IP
routing decisions are made by the backbone network). It is used to carry IP traffic
between the Wireless Gateway 7250 and other elements of the Enterprise/ISP
network (for example, Border Gateways and NOSS servers).
Wireless Gateway 7250
The Wireless Gateway 7250 advertises reachability (within the Enterprise/ ISP
Distribution Network) for one or more IP subnets assigned to Wireless Mesh
Network CAN subscribers and network entities. It is the security and mobility
anchor point for the Wireless Mesh Network. In addition, it hides Wireless Mesh
Network-specific mobility and security functions from the rest of the Enterprise /
ISP Distribution and Backbone Networks.
The Wireless Mesh Network solution integrates elements of existing Nortel
products and solutions. As a result, references to “Contivity” may appear in both
Wireless Gateway 7250 operator interfaces and in this document. However, note
that the Wireless Gateway 7250 platform is unique to the Wireless Mesh Network
solution, and is not interchangeable with any other Nortel platform.
The standard CLI can be used for all needed OAM&P interactions with the
Wireless Gateway 7250, such as statistics, configuration, event/fault handling.
The CLI can be accessed remotely by using the standard telnet protocol.
Chapter 1 Fundamentals 31
8/9/2019 Wireless Mesh Network Solution Reference
31/252
Wireless Mesh Network Solution Reference
Enterprise / ISP / Metro distribution network
The Enterprise / ISP / Metro distribution network is used to carry IP traffic
between the Wireless Gateway 7250 and Network Access Point routers (NAP-R).It can be a Layer 3 routed domain (where IP routing decisions are made by the
distribution network), or can be a Layer 1 or Layer 2 transport domain (that is,
(virtual) point-to-point links between Wireless Gateway 7250 and NAP-R). This
network can be the same network as the Enterprise / ISP Backbone Network.
Border Gateway
The Border Gateway is a (logical) network entity that incorporates all functions
required to interface with the Internet. It advertises reachability to the Internet for
IP addresses assigned to Wireless Mesh Network subscribers and network entities.
The border gateway can also provide connectivity for other, non-Wireless Mesh
Network Enterprise/ISP entities. Also, it can incorporate other inter-networking
functions (for example, NAT, firewall, redirection). However, the border gateway
has no knowledge of Wireless Mesh Network specific mobility and securityfunctions.
Network Operations Support System
The Network Operations Support Systems (NOSS) provides centralized facilities
for monitoring and managing network operations, using industry-standard
protocols to communicate with the distributed elements in the Wireless Mesh Network.
32 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
32/252
318507-B Rev 01
The NOSS consists of the Nortel Optivity Network Management System
(ONMS), industry standard FTP, RADIUS, Dynamic Host Configuration Protocol
(DHCP), and SNTP servers. The minimum requirements for the NOSS are listed
in Table 1.
Centralized management
The NOSS provides centralized facilities for monitoring and managing network
operations, using industry-standard protocols to communicate with the distributed
elements in the Wireless Mesh Network.
Table 1 NOSS requirements
Element Requirement Description
Network ManagementSystem
Nortel Optivity NMS (release10.2)
The ONMS provides fault,performance, andconfiguration management,
and discovers and displaysWireless AP 7220s and theWireless Gateway 7250
DHCP server RFC3011 support (subnetselection option)
The DHCP server providesdynamic IP addressassignments for Wireless AP7220s and mobile nodes
RADIUS server EAP-TLS, EAP-TTLS,
EAP-PEAP, EAP-LEAPsupport
The RADIUS server
performs mobile andWireless AP 7220authentication andaccounting
FTP Server No special requirements The FTP server stores:
- Configuration files that theWireless AP 7220downloads when poweringup
- Wireless AP 7220 software
SNTP server No special requirements The SNTP server providesthe Wireless AP 7220 withthe time parameters it needsto ensure that each eventlogged on the Wireless AP7220 has the propertime-stamp information
Chapter 1 Fundamentals 33
8/9/2019 Wireless Mesh Network Solution Reference
33/252
Wireless Mesh Network Solution Reference
In the first release of Wireless Mesh Networks, the NOSS uses ONMS version
10.2 (with the Wireless Mesh Network specific OIT – Optivity Integration Toolkit
and patches. Refer to “ONMS installation and configuration” for more
information.) which incorporates the added functionality to support the WirelessAP 7220 and enable the ONMS to manage the Wireless AP 7220s in the network.
The ONMS uses common graphical user interfaces and proven technology to
provide the necessary tools to manage and visualize the Wireless Mesh Network
and its key elements.
ONMS fits into any network operations model, providing the flexibility to access
key management functions across the network from various locations. Based upona scalable client/server architecture, ONMS enables users to access any ONMS
server in the network from one client installation, or supported web browser
(Internet Explorer or Netscape). This distributed approach provides access to key
management tools from any Web-enabled workstation.
The following Optivity Network Management Options are available:
• ONMS Campus — supports 500 IP Nodes (Nodes is the number of managed
Nortel IP Interfaces. This is only available for Windows OS.)
• ONMS Enterprise — supports 5000 IP Nodes (Nodes is the number of
managed Nortel IP interfaces. An upgrade to 10000 IP Nodes is available.)
• ONMS Eval to Campus — upgrade from Campus Evaluation to a licensed
version. Note that this is the same as buying a Campus version.
With ONMS Enterprise, a single ONMS server scales to support up to 5,000 IP
addressable network elements. An upgrade is available for ONMS Enterprise to
support 10,000 IP addressable network elements. With ONMS Enterprise, a
network manager can display a sum of 5,000 objects across all views. They can
use multiple servers to manage a larger number of IP addressable network
elements from a single management station.
For smaller environments, Nortel offers the Campus version of ONMS. OptivityCampus scales to support up to 500 IP addressable network elements and runs on
Windows NT and Windows 2000. With Campus, a network manager can display a
sum of 1,500 objects in all views.
In addition, ONMS provides “day one” device support via the Optivity Integration
Toolkit (OIT). The OIT enables ONMS applications to take advantage of new
Nortel hardware devices right out of the box.
34 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
34/252
318507-B Rev 01
ONMS provides a single location for managing fault and performance across the
network, and a launch point and interface to other Optivity products. ONMS
provides visualization of Layer 1, 2, and 3 devices, network topology, faults, and
real-time performance statistics.
The following table briefly describes the supported ONMS applications:
Key benefits of ONMS include
• ease of managing and troubleshooting networks
• automated discovery and display of topology and devices
• consolidation and correlation of network faults
• powerful diagnostic functions
• real-time performance analysis
• scalability and security for managing large networks
Table 2 ONMS applications
ONMS Application
SupportDescription
Discovery Enables discovery of Wireless Mesh Network devices withONMS’ AutoTopology applications.
Organization Wireless Mesh Network devices are placed in the WMNfolder in the ONMS InfoCenter folder tree.
Performance Management Ability to monitor Wireless Mesh Network deviceperformance with ONMS OmniView.
Fault Management Enables management of Wireless Mesh Network device
traps and faults with Fault Summary.
Device ConfigurationManagement
Ability to open the embedded web configuration interfacesfor Wireless Mesh Network devices in InfoCenter byright-clicking the device and choosing Configuration /Embedded Web Interface.
Inventory Management The inventory of Wireless Mesh Network devices andagents can be managed with the Device Inventory Viewer.
Graphical View ONMS ExpandedView presents a physical graphical viewof a given network device. For the Wireless AP 7220, usingExpandedView enables the use to verify specificconfiguration parameters.
Chapter 1 Fundamentals 35
8/9/2019 Wireless Mesh Network Solution Reference
35/252
Wireless Mesh Network Solution Reference
Wireless Mobile Node
The subscriber's wireless mobile node is a commercial, off-the-shelf consumer
device (For example, a PDA or laptop) with a standard IEEE 802.11b/g NetworkInterface Card.
Inter-Wireless Gateway 7250 roaming and mobility
The Wireless Mesh Network architecture can be extended to support seamless
Inter-Wireless Gateway 7250 roaming and mobility. This distributed architecture
allows for extensive scalablity over multiple CANs across multiple WirelessGateway 7250s in a wide area Wireless Mesh Network. The Inter-Wireless
Gateway 7250 roaming and mobility functionality is well-suited for larger
deployments.
The Inter-Wireless Gateway 7250 roaming architecture is based on a two-tier
anchor points hierarchy over a distributed network.
36 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
36/252
318507-B Rev 01
Figure 2 Inter-Wireless Gateway 7250 roaming Wireless Mesh Network architecture
Inter-Wireless Gateway 7250 roaming adds two major network elements into the
Wireless Mesh Network architecture:
Network Access Controller
The Network Access Controller (NAC) performs two major functions:
• Inter-Wireless Gateway 7250 roaming support function
It is responsible for controlling mobile traffic going in and coming out of theWireless Mesh Network cluster (WMC). Traffic originating from or
terminating at a mobile node must be funneled to a NAC through a routing
protocol information exchange or through a static route configuration.The
same NAC remains the anchor point for the mobile node to direct all the
incoming and outgoing traffic to and from the mobile node.
Chapter 1 Fundamentals 37
8/9/2019 Wireless Mesh Network Solution Reference
37/252
Wireless Mesh Network Solution Reference
• Access control function
The access control function includes the captive portal re-direct function of
the NAC. It ensures all mobile subscribers are authenticated before mobile
node traffic can flow through. Before a mobile subscriber is authenticated, thecaptive portal redirects all mobile node HTTP traffic to a dedicated internet
web page specified by the local network provider for mobile subscriber
authentication.
Any product that can support these two functions can be configured as a NAC in a
Wireless Mesh Network.Additional requirements must be met if the NAC is
deployed in a network that supports the Inter-Wireless Gateway 7250 roamingcapability. Refer to “Network Access Controller requirements” for more
information.
Once the mobile subscriber has successfully authenticated, the NAC provides
web-based accounting support for non-RSNA-based subscribers. RSNA
subscribers that use web-based accounting must be independently authenticated
twice: once through the Wireless AP 7220 with the RADIUS server, and once
through the captive portal with the RADIUS server. RSNA subscribers that do notuse web-based accounting are authenticated only through the Wireless AP 7220
with the RADIUS server but must provide special filtering at the captive portal.
Refer to “Configuring the Network Access Controller (NAC)” and Appendix E,
“Sample NAC configuration” for complete instructions on how to configure a
sample NAC.
The NAC can be deployed in a basic Wireless Mesh Network architecture as well
as in a network that supports Inter-Wireless Gateway 7250 roaming. In both cases,
packet steering rules must be configured on the Wireless Gateway 7250 to direct
mobile traffic towards the appropriate NAC. The NAC can then authenticate the
mobile subscriber (if the mobile subscriber has not yet been authenticated) and
exercise access control on the mobile traffic.
Refer to “Filter 4” and “Configuring client address redistribution (CAR) pools” in
Chapter 4, “Configuration management” for complete information about
configuring packet steering rules.
38 Chapter 1 Fundamentals
Eth t it h
8/9/2019 Wireless Mesh Network Solution Reference
38/252
318507-B Rev 01
Ethernet switch
The Layer 2 Ethernet switch provides the technology to support the mobility
information exchange between the two-tier anchor points. It connects thedistributed Network Access Controllers and the distributed Wireless Mesh
Network cluster (WMC).
Any Ethernet switch that can support this function can be configured in a Wireless
Mesh Network.
Access and transit links
The Nortel Wireless Mesh Network Wireless AP 7220 has both access and transit
link antennas.
Transit links are used in the Wireless Mesh Network to interconnect the WirelessAP 7220s to form a self-configuring access network for packet data services.
There is a single transit link (TL) IEEE 802.11a radio per Wireless AP 7220 and
this is shared among the directional (patch) antennas for the transit links to
neighboring Wireless AP 7220s. The antenna is configured for six independently
selected, directional, facet-equipped beam antennas. The Wireless AP 7220 or
Wireless AP 7220 @ NAP automatically selects the best transit link beam to
connect with its neighbors.
Access links connect mobile stations (subscribers) to the Wireless AP 7220s.
There is a single access link (AL) IEEE 802.11b or 802.11g radio per Wireless AP
7220 with two switched antenna diversity connections. The Access Link antenna
is at the base of the unit and provides omni-directional coverage and is used to
connect to wireless mobile nodes.
Access and Transit Radio links are separated in frequency (2.4 GHz for access and
5 GHz for transit). Figure 3 shows an overview of Wireless AP 7220 radio links.
Chapter 1 Fundamentals 39
Figure 3 Wireless AP 7220 radio links overview
8/9/2019 Wireless Mesh Network Solution Reference
39/252
Wireless Mesh Network Solution Reference
Figure 3 Wireless AP 7220 radio links overview
Principles of operation
A Nortel Wireless Mesh Network operates in the following manner:
• traffic routing follows users as they roam from the coverage of one Wireless
AP 7220 to another
• fault recovery occurs when a Wireless AP 7220 becomes unavailable
40 Chapter 1 Fundamentals
Wireless Mesh Network topology
8/9/2019 Wireless Mesh Network Solution Reference
40/252
318507-B Rev 01
Wireless Mesh Network topology
A Wireless Mesh Network has an arbitrary topology. The network operates in a
“peer-to-peer” fashion which means that each Wireless AP 7220 has routingcapabilities built into it and can use its neighbors as routers to transmit traffic back
and forth to the broadband network. The Wireless AP 7220 also incorporates
neighbor auto-discovery techniques, enabling it to identify neighboring Wireless
AP 7220s and possible routing paths automatically without the intervention of a
technician or management system. When combined with the included adaptive
routing algorithms using OSPF routing capabilities, this provides a “self-healing”
network - a network that is able to recover from the loss of a Wireless AP 7220 byconnecting with other neighboring Wireless AP 7220s and using alternate routes
to transmit data.
Mobility management
In the Wireless Mesh Network solution, end users can roam seamlessly across the
Wireless AP 7220s in the network that are within the span of the Wireless
Gateway 7250 or in the case of Inter-Wireless Gateway 7250 roaming, between
multiple Wireless Gateway 7250s. Key attributes to this solution include:
• mobility client software is not required on a mobile node
• path update is transparent to the mobile node
• session hand-over between Wireless AP 7220s
• multi-session accounting co-ordination across Wireless AP 7220s (Note thatthis functionality is only applicable in a basic Wireless Mesh Network
environment.)
• IP address retention while mobile node roaming
When a mobile node moves from one Wireless AP 7220 coverage area to another
(either through roaming or link fading), the endpoint of the connection path is
moved to the new Wireless AP 7220 using IP layer 3 routing capabilities. The new path may even be routed through a different NAP router. No client software is
required on mobile node.
8/9/2019 Wireless Mesh Network Solution Reference
41/252
42 Chapter 1 Fundamentals
8/9/2019 Wireless Mesh Network Solution Reference
42/252
318507-B Rev 01
8/9/2019 Wireless Mesh Network Solution Reference
43/252
44 Chapter 2 Network installation overview
Figure 4 Basic Wireless Mesh Network IP addressing architecture
8/9/2019 Wireless Mesh Network Solution Reference
44/252
318507-B Rev 01
Wireless Mesh Network subnetting
The Wireless Mesh Network consists of two basic networks; intranet and extranet.
Each Wireless Access Point 7220 is assigned an extranet address and an intranet
address. All other devices excluding mobile nodes are assigned Intranet addresses.
The Wireless AP 7220 Extranet address is primarily used for signalling within the
Wireless Mesh Network while the Intranet address is used for management
Chapter 2 Network installation overview 45
purposes and IPsec tunneling. All mobile nodes are assigned an IP address from
8/9/2019 Wireless Mesh Network Solution Reference
45/252
Wireless Mesh Network Solution Reference
the mobile node address pool. To allow for better security control of mobile
traffic, the mobile node IP addresses are completely separated from the Intranet
and Extranet address pools.
The following are examples of subnets used on a typical network deployment (see
Figure 7”):
• NOSS subnet is 192.168.30.0/24
• AP Extranet Subnet is 27.0.27.x/24 subnet
• AP intranet subnet is 192.168.50.x/24 subnet• mobile node subnet is 192.168.40.y subnet (for example, a range of
192.168.40.10 to 192.168.40.50).
Table 3 provides further details for Wireless Mesh Network subnetting.
Table 3 Wireless Mesh Network subnetting
Network Segment Subnet Specific Addresses Comments
NOSS Elements 192.168.30.0/24 DHCP=192.168.30.11
FTP=192.168.30.13
RADIUS=192.168.30.12
SNTP=192.168.30.15
Can be any subnet within
Corporate network
AP Network (Extranet) 27.0.27.x NAP-R=27.0.27.1
Wireless AP 7220 @
NAP=27.0.27.4
All APs assigned address
within this range with
mask 255.255.255.255(except for the Wireless
AP 7220 @ NAP which is
set to 255.255.255.0.)
AP Network (Intranet) 192.168.50.x/24 Wireless Gateway
7250=30.0.30.1
Assigned by Wireless
Gateway 7250
Wireless Gateway 7250
Untrusted
30.0.30.1 Any
Wireless Gateway 7250
Management
192.168.20.248 Any
Distribution Network Any Any Can be any subnet
between NAP router and
Wireless Gateway 7250
Mobile Nodes 192.168.40.y (e.g., range
of 192.168.40.10 to
192.168.40.50)
Access Point Access
Link=192.168.40.9
One address in this
Subnet is reserved for AP
Access Link
46 Chapter 2 Network installation overview
Table 3 Wireless Mesh Network subnetting
8/9/2019 Wireless Mesh Network Solution Reference
46/252
318507-B Rev 01
IP Address categories and usage are shown in Table 4. See Figure 7 for the
network layout of this example.:
Ethernet switch 192.168.20.x 192.168.20.0 netmask 255.255.255.0Network Access
Controller Interface
192.168.20.10x (e.g.
range of 192.168.20.101
to 192.168.20.199)
192.168.20.101 The NAC must be located
northbound of the
Wireless Gateway 7250.
Network Access
Controller Private
Interface IP
192.168.80.1/99 192.168.80.1 The NAC must be located
northbound of the
Wireless Gateway 7250.
Network Access
Controller Private
Management Interface IP
192.168.80.10x (e.g.
range of 192.168.80.101
to 192.168.80199)
192.168.80.101 The NAC must be located
northbound of the
Wireless Gateway 7250.
Table 4 IP address categories
Address Category (See accompanying documents for descriptions) Address
TypeValue (Examples) Additional Comments
Intranet Domain Addresses
2A NOSS Elements
Optivity Network Management System (ONMS) Specific 192.168.30.13 Configured on the N/W Element interface
RADIUS Servers
Authentication Server
Accounting Server
Specific
Specific
192.168.30.12
192.168.30.12
Configured on the N/W Element interface
Configured on the N/W Element interface
DHCP Server Specific 192.168.30.11 Configured on the N/W Element interface
FTP File Server (for software download and Wireless AP 7220 configuration data download)
Specific 192.168.30.13 Configured on the N/W Element interface
SNTP Server Specific 192.168.30.14 Configured on the N/W Element interface
2B Enterprise Extension Space
2B1 i.AP - The intranet Wireless AP 7220 IP Address range Subnet 192.168.50.x (24bit netmask)
Configured at the Wireless Gateway 7250. TheWireless Gateway 7250 assigns a unique i.APaddress from this subnet pool to each Wireless AP7220 that establishes an IPsec tunnel with the
Wireless Gateway 7250.
2B2 i.WG - The intranet Wireless Gateway 7250 IP Address Each Wireless Gateway 7250 in the network requiresthe following IP addresses.
Private Interface IP AddressManagement IP Address
SpecificSpecific
192.168.20.1192.168.20.248
Configured on the Wireless Gateway 7250.Configured on the Wireless Gateway 7250 privateinterface.
2B3 i.MN - Mobile Node intranet IP Address Subnet 192.168.40.y(e.g., range of192.168.40.10 to192.168.40.50)
Configured on the DHCP Server. The DHCP assigns aunique i.MN address from this subnet pool to eachmobile node (MN) that establishes connection with theWireless Mesh Network.
Network Segment Subnet Specific Addresses Comments
Chapter 2 Network installation overview 47
Table 4 IP address categories
8/9/2019 Wireless Mesh Network Solution Reference
47/252
Wireless Mesh Network Solution Reference
Requirements for a pre-existing network
For an overview of Network Operations and Support Systems (NOSS)requirements see Table 1. The following network elements are included in the
NOSS:
• DHCP Server
— The installation and operation of the DHCP server will depend on the
vendor chosen to supply the server. Please refer to the vendor manuals for
information on the mechanisms used to configure the chosen DHCPserver.
— For DHCP configuration information, refer to the section titled
“Configuring the Dynamic Host Configuration Protocol (DHCP) server‘”
and Appendix B, “Sample DHCP configuration file” for complete
instructions.
• FTP Server
• (Optivity) Network Management System (ONMS)
• RADIUS Server
• SNTP server
Before Wireless Mesh Network deployment ensure that existing network
components meet the requirements indicated in the sections that follow.
Extranet Domain Addresses
3A x.AP - The extranet Wireless AP 7220 IP Address
AP 7220 @ NAP IP static address
Subnet
Specific
27.0.27.x (32 bitnetmask)
27.0.27.4/24
Configured on the DHCP Server. The DHCP assigns aunique x.AP address from this subnet pool to eachWireless AP 7220 that establishes connection with theWireless Mesh Network. Any statically configuredWireless AP 7220 IP address (for example, Wireless AP 7220 @ NAP) must be excluded from the x.APsubnet pool configured at the DHCP Server.
3B x.WG - The extranet Wireless Gateway 7250 IP Address Specific 30.0.30.1 Configured on the public interface of the WirelessGateway 7250.
3C x.NAP - The extranet IP Address for the NAP router Specific 27.0.27.1 Configured on the NAP interface to which Wireless AP7220 @ NAP will be connected. A NAP router may
have multiple interfaces to which each Wireless AP7220 @ NAP is connected. Each of these interfacesrequires an IP address.Note that for each Wireless AP 7220 @ NAP, the IPaddress must belong to the subnet of the NAP routerinterface to which the Wireless AP 7220 @ NAP isconnected via it’s Ethernet interface.
Address Category (See accompanying documents for descriptions) Address
TypeValue (Examples) Additional Comments
48 Chapter 2 Network installation overview
DHCP server requirements
8/9/2019 Wireless Mesh Network Solution Reference
48/252
318507-B Rev 01
The DHCP Server must:
• support the RFC 3011 subnet selection option (SSO)
• have a reserved lease timer set to be high (or configurable to be high)
The high time is necessary to accommodate the delays potentially incurred
through multiple Wireless AP 7220 hops.
DHCP configuration information can be found in Chapter 4, “Configuration
management.”
Possible DHCP server configurations
The following Wireless AP 7220 configurations are provisioned through the
DHCP server:
• address pool (x.AP subnet)
• subnet mask
• default routers
• address lease time
• location of Configuration File (FTP server address)
• name of Configuration File (on the FTP server)
The following mobile node configurations are provisioned through the DHCP
server:
• address pools (i.MN subnet) and subnet mask reflecting the size of the pool
• default router Wireless Gateway 7250 intranet IP address
• address lease time
DHCP server configuration for Wireless AP 7220
Configure the DHCP for standalone Wireless AP 7220 support with the following
information:
• a range of extranet IP addresses (x.AP) for assignment to Wireless AP 7220s
• a Subnet mask of 255.255.255.255 must be assigned to all Wireless AP 7220s
Chapter 2 Network installation overview 49
• the Default router list must contain only one entry which must be set to the IP
address of the designated Wireless Gateway 7250 (This is the public side of
8/9/2019 Wireless Mesh Network Solution Reference
49/252
Wireless Mesh Network Solution Reference
address of the designated Wireless Gateway 7250 (This is the public side of
the network.)
• the Server Name must be set to the IP address of the FTP server • the Filename must be set to the pathname of the configuration file on the FTP
server.
DHCP server configuration for mobile nodes
Configure the DHCP for mobile node support with the following information:
• a range of intranet IP addresses (i.MN) for assignment to mobile nodes
• a Subnet mask reflecting the size of the address pool reserved for mobile
nodes
• the Default router list must contain only one entry which must be set to the
management IP address of the Wireless Gateway 7250 for this mobile node
address pool
It is possible to assign an IP address to any mobile node statically by creating a
host declaration that contains each mobile node Ethernet MAC address. When the
mobile node broadcasts for an IP address, the MAC address for that device isallocated to a specific IP address. The following parameters can be modified for
each declared host:
• mobile node Ethernet MAC address
• the fixed address of this mobile node (must be in the same subnet and outside
the declared range values)
• lease times
For more information on statically assigning an IP address to a mobile node see
Appendix B, “Sample DHCP configuration file.”
Note: The Wireless AP 7220 @ NAP must be statically configured. Refer to
“Configuring a Wireless AP 7220 @ NAP‘.
50 Chapter 2 Network installation overview
RADIUS server requirements
8/9/2019 Wireless Mesh Network Solution Reference
50/252
318507-B Rev 01
The RADIUS authentication server must provide:
• EAP Support (EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-LEAP)
• Tunnel Support
In order to authenticate a mobile node, the user device must be matched to a
profile stored on the server. Once the user is authenticated, a Tunnel-Id stored
in the profile is returned to the Wireless AP 7220. The Wireless AP 7220
maps the Tunnel-Id to the Subnet Selection Option. This mapping has been
downloaded earlier to the Wireless AP 7220 as part of the Wireless AP 7220configuration file. Once the Wireless AP 7220 has completed the Tunnel-Id to
SSO mapping, the DHCP Relay Agent in the Wireless AP 7220 requests a
session IP address for the mobile node from the DHCP server.
KeyGen is a software package that is installed on the same workstation that
houses the RADIUS server during initial installation of the Wireless Mesh
Network. The output of KeyGen is used as the password for a Wireless AP 7220
account on both the RADIUS server and the Wireless Gateway 7250. Although
KeyGen can run on any Windows based platform, it is best if the tool is installed
on the RADIUS server that runs on a Windows platform.
RADIUS configuration information and KeyGen information can be found in
Chapter 4, “Configuration management.” A KeyGen configuration example can
be found in Appendix A, “KeyGen tool.”
FTP server requirements
The FTP server is the host for software that will be downloaded to other network
elements in the Wireless Mesh Network. The FTP server in a Wireless Mesh
Network is used for several functions:
• for downloading the configuration file to a Wireless AP 7220 (The FTP serverhosts the configuration file which is used to dynamically configure a Wireless
AP 7220 when it initializes)
• for software upgrade to Wireless AP 7220 (The FTP server hosts the software
images for APs)
• for software upgrade and for backup and restore operations to the Wireless
Gateway 7250
Chapter 2 Network installation overview 51
The Following parameters must be configured at the FTP server (as well as at the
Wireless AP 7220):
8/9/2019 Wireless Mesh Network Solution Reference
51/252
Wireless Mesh Network Solution Reference
)
• the location of the FTP server (IP address)• the user name for File/Image access
• the password to access the configuration file or the software image
FTP server configuration information can be found in “Configuring the FTP
server‘.” An FTP configuration example can be found in Appendix F, “Sample
FTP configuration file.”
SNTP server
The SNTP server provides the Wireless AP 7220 with the time parameters it
needs to ensure that each event logged on the Wireless AP 7220 has the proper
time-stamp information.
NAP router requirements
The NAP router performs traffic collection and distribution functions for traffic
originating and terminating over the broadband backbone network. It incorporates
routing functions and multiple wired Ethernet links for connection to Wireless AP
7220 @ NAPs. It acts as a standard IP router or an IP routing function in a
network edge device.
Any IP router that supports OSPF can act as a NAP router in the Wireless Mesh
Network. The NAP router must be able to propagate default route information
into the CAN. OSPF on the CAN interfaces of the NAP router must be configured
so that it can exchange routing information with the Wireless AP 7220 @ NAP.
NAP configuration information can be found in Chapter 4, “Configuration
management.” For a sample NAP router configuration see Appendix D, “Sample
NAP router configuration.”
52 Chapter 2 Network installation overview
Network Access Controller requirements
8/9/2019 Wireless Mesh Network Solution Reference
52/252
318507-B Rev 01
In an Inter-Wireless Gateway 7250 roaming environment, the Network Access
Controller (NAC) is responsible for the reachability of the set of authenticatedmobile nodes within a specified IP address range to support the mobile
communications for external and internal networking.
The Wireless Mesh Network requires the following two main functions from the
NAC to enable
• Inter-Wireless Gateway 7250 roaming and mobility support
• Subscriber management system interface
Inter-Wireless Gateway 7250 roaming and mobility support
The NAC interfaces with the Wireless Gateway 7250 through the Ethernet
switching function. This layer-2 Ethernet switching function is used to leverage
the auto-learning bridge design rather than the host-specific layer-3 routing update
to enable the NAC to keep track of the mobile subscriber’s mobility within the
Wireless Mesh Network.
In order to minimize the amount of broadcast traffic to support Ethernet
switching, the NAC must support the following key Ethernet functions:
• unsolicited unicast Address Resolution Protocol (ARP) requests (that is,
gratuitous ARP requests).Allows Wireless Gateway 7250s to send unicast ARP requests to update the
ARP cache in the NAC to enable the incoming packet forwarding to the
mobile subscribers through their serving Wireless Gateway 7250s
• configurable ARP cache size
Ensures sufficient ARP cache entries in the NAC to sustain the expected
mobile subscriber volume that is engineered for the NAC. Without a sufficient
amount of ARP cache size, broadcast proxy ARP requests may have to begenerated to resolve the IP-to-MAC address mapping if the corresponding
entry is overwritten by the latest ARP request originating from the Wireless
Gateway 7250.
Chapter 2 Network installation overview 53
The recommended ARP cache size is two times the number of mobile
subscribers supported by the NAC. For example, if each NAC supports 2000
8/9/2019 Wireless Mesh Network Solution Reference
53/252
Wireless Mesh Network Solution Reference
mobile subscribers, set the ARP cache size to 4000. Refer to Appendix E,
“Sample NAC configuration” for a sample NAC configuration.• configurable ARP entry age out time
The ARP entry age out time must be configurable to a long enough time to
sustain the duration of the mobile subscriber’s connection to the Wireless
Mesh Network. Otherwise, the ARP entry will expire before the active mobile
subscribers disconnect from the Wireless Mesh Network. As a result, the
broadcast proxy ARP request may be generated by the NAC to resolve the
IP-to-MAC address mapping to support IP packet forwarding.
The recommended ARP entry age out time is one and a half times the
session-idle-timeout value returned by the RADIUS server. For example, if
the session-idle-timeout value is set to 5 minutes (300 seconds), set the ARP
entry age out time to 450. Refer to Appendix E, “Sample NAC configuration”
for a sample NAC configuration.
For assured Wireless Mesh Network security, the NAC must support multiplesubnets over the same logical and physical interfaces. This multi-netting support
feature allows you to assign a different IP addressing plan for the mobile
subscribers and the network management and control systems. This is so that the
IP addressing space for network management and control systems is never
exposed to the mobile subscribers.
Subscriber management system interface
The NAC provides the access control for the Wireless Mesh Network. It must
support
• captive portal re-direct function
The captive portal re-direct function intercepts any unauthenticated mobile
subscriber’s HTTP request and redirects the mobile subscriber to a pre-configured web page. The web page captures the mobile subscriber’s
information for the authentication, authorization, and accounting process used
to grant network access privileges. The web page can be used for the
following purposes:
— Notify mobile subscribers regarding the network provider’s Acceptable
Use Policy (AUP) that must be agreed to before the mobile subscriber can
be granted access to the Wireless Mesh Network and the Internet.
54 Chapter 2 Network installation overview
— Inform mobile subscribers of any information relevant to the access to
which they are being granted. For example, this can be information about
t i t d t i ifi d t il f th t k id
8/9/2019 Wireless Mesh Network Solution Reference
54/252
318507-B Rev 01
restricted ports or services, or specific details of the network provider.
— Authenticate mobile subscribers with a user ID and password against aAAA server (that is, a standard RADIUS server) before being granted
access to the Wireless Mesh Network and the Internet.
— Support configurable HTTP re-direct to the dedicated web portal. That is,
the web portal’s URL used for re-direction for mobile subscriber session
authentication.
• access control firewall rules
There can be three mail groups of IP addressing plans assigned in the WirelessMesh Network:
— management and control
— non-RSNA mobile subscribers (that is, captive portal-based authenticated
mobile subscribers)
— RSNA mobile subscribers (that is, 802.1X-based authenticated mobile
subscribers)
Configure different firewall rules for each of these groups to control packet
processing and forwarding. For example,
— management and control traffic bypasses the NAC’s firewall northbound
towards the NOSS
— unauthenticated non-RSNA mobile subscribers trigger the captive portal
HTTP re-direct function to execute the authentication, authorization, andaccounting process
— RSNA mobile subscriber authentication and authorization processing
bypasses the NAC’s firewall. However, the per-RSNA mobile subscriber
access is controlled by the authentication, authorization, and accounting
process results.
— a mobile subscriber’s originated unicast DHCP renew messaging and
RSNA mobile subscribers authentication messaging is allowed to pass
through the NAC’s firewall and be forwarded to the DHCP server
— a mobile subscriber of one subnet cannot have access to the network
resources for another subnet through the use of the Access Control List
(ACL)
Chapter 2 Network installation overview 55
Ethernet switch
I I t Wi l G t 7250 i i t th L 2 Eth t
8/9/2019 Wireless Mesh Network Solution Reference
55/252
Wireless Mesh Network Solution Reference
In an Inter-Wireless Gateway 7250 roaming environment, the Layer 2 Ethernet
switch connects the distributed NACs and the distributed Wireless Mesh Networkcluster (WMC). Any Ethernet switch that can provide a scalable high performance
capacity and a high density port count can be used in the Wireless Mesh Network.
ONMS installation and configuration
Wireless Mesh Network uses Optivity NMS (ONMS) to manage Wireless AP
7220s and Wireless Gateway 7250s. To ensure the latest Wireless Mesh Network
functionality, the following load-line up (based on the ONMS 10.2 code base) is
required:
• Oracle Database: ORc9.2
• Oracle patch 9.2.0.5
• ONMS 10.2 and ONMS 10.2.0.3 patch
• OIT version 1.0B (Optivity Integration Toolkit) for Wireless AP 7220• OIT version 1.0 for Wireless Gateway 7250
All existing and new customers need to use the ONMS 10.2 code base (with the
Wireless AP 7220 and Wireless Gateway 7250 OITs and 10.2.0.3 patch) in order
to have the full and latest Wireless Mesh Network functionality available.
For complete information about ONMS, refer to the Optivity NMS 10.2documentation suite.
Note: To add the Wireless Gateway 7250 and Wireless AP 7220 OITs in
Optivity, run the install.bat file for each OIT. Do not use the oitadmin tool to
add these OITs.
56 Chapter 2 Network installation overview
Distribution network
The Enterprise / ISP / Metro distribution network is used to carry IP traffic
8/9/2019 Wireless Mesh Network Solution Reference
56/252
318507-B Rev 01
The Enterprise / ISP / Metro distribution network is used to carry IP traffic
between Wireless Gateway 7250s and Network Access Point routers (NAP-Rs). Itcan be a Layer 3 routed domain (where IP routing decisions are made by the
distribution network), or can be a Layer 1 or Layer 2 transport domain (that is,
(virtual) point-to-point links between Wireless Gateway 7250 and Wireless AP
7220). This network can be the same network as the Enterprise / ISP Backbone
Network.
Wireless Gateway 7250 configuration
The Wireless Gateway 7250 performs the following functions:
• advertises reachability (within Enterprise / ISP Distribution Network) for one
or more IP subnets assigned to Wireless Mesh Network subscribers and
network entities
• hides Wireless Mesh Network specific mobility and security functions from
the rest of the Enterprise / ISP Distribution and Backbone Networks
The following configurations are required at the Wireless Gateway 7250:
• subnet addresses for mobiles for which the Wireless Gateway 7250 acts as a
“home agent” (these must be the same mobile node subnets configured on the
DHCP server)
• security related configurations
• user accounts for Wireless AP 7220s
Two groups must be configured, one for standalone Wireless AP 7220 and
one for Wireless AP 7220 @ NAP. For more information see “Configuring
Wireless AP 7220 user accounts‘.”
• address pool from which to assign intranet IP addresses to the IPsec clients on
Wireless AP 7220s
• the statefull firewall enables the ability to dynamically modify policies that
ensure network security (Specific filters can be defined to allow certain traffic
flow.)
Chapter 2 Network installation overview 57
Wireless AP 7220 deployment requirements
Th ll il bl it f Wi l M h N t k i di tl
8/9/2019 Wireless Mesh Network Solution Reference
57/252
Wireless Mesh Network Solution Reference
The overall available capacity of a Wireless Mesh Network is directly
proportional to the number of Wireless AP 7220 @ NAPs in the network.
The Access Link throughput is determined by the Access Link data rate and
network capacity. The Access Link throughput is also determined by the distance
from a mobile node to a Wireless AP 7220 in the deployed network.
A capacity increase can be provided by deploying multiple Wireless AP 7220 @
NAPs, each wired to a common Wireless Gateway 7250.
The Wireless AP 7220 @ NAP needs to be located where the wired network is
accessible, and where AC power can be accessed. The Wireless AP 7220 @ NAP
and the NAP router may be separated by up to 100m (328 ft) of Ethernet cable. To
prevent radio interference between Wireless AP 7220 @ NAPs connected to the
NAP router, the minimum recommended distance between the Wireless AP 7220
@ NAPs is 8m (26 ft).
For redundancy and to take advantage of the mesh capabilities, each Wireless AP
7220 @ NAP should have routes to at least two subtending Wireless AP 7220s.
Power requirements and information
Depending on the deployment scenario, power to the Wireless AP 7220 can be
sourced from:
• standard building power sources
• lamp posts
• utility poles
In the event of AC power outages, the Wireless Mesh Network is designed to
re-route around localized failures. Service availability depends on the level of
access coverage overlap.
58 Chapter 2 Network installation overview
Network specifications
The network must be configured in a mesh, with at least two transit links to each
8/9/2019 Wireless Mesh Network Solution Reference
58/252
318507-B Rev 01
The network mus
Top Related