Cooper Bussmann VERSION 1.6 BU-945U-E 802.11 DSSS User Manual

24

www.cooperbussmann.com/BussmannWirelessResources

Cooper Bussmann Wireless Ethernet & Device Server BU-945U-E 802.11 DSSS User Manual

3A1582Rev1.6

3.5 Network Configuration

You can view or modify Ethernet network parameters by selecting the “Network” menu. When prompted for username and password, enter “user”
as the username, and “user” as the password in the password field (This is the factory default – See section 3.17 “Module Information
Configuration” to change). If you have forgotten the IP address or password, the Factory Default switch may be used to access the existing
configuration. Refer to previous section above for this procedure.

The Network Configuration page allows configuration of parameters related to the wired and wireless Ethernet interfaces. In general, IP address
selection will be dependent upon the connected wired Ethernet device(s) – before connecting to an existing LAN consult the network
administrator.

A system of BU-945U-Es must have at least one Access Point configured as a master with one or more Clients. All BU-945U-Es should be given
the same System Address (ESSID) and Radio Encryption settings. For further information and examples on wireless network topologies refer
section 1.1 “Network Topology” above.

The BU-945U-E supports several different radio encryption schemes. If utilizing any form of encryption, all modules in the system that
communicate with each other will need the same encryption method and encryption keys.

WEP (Wired Equivalent Privacy) encryption is the weakest encryption method, defined by the original IEEE802.11 standard and uses a 40bit or
104bit key with a 24bit initialization vector to give a 64bit and 128bit WEP encryption level. WEP is not considered an effective security scheme,
and should only be used if it is necessary to interoperate with other equipment which does not support more modern encryption methods.

WPA (Wi-Fi Protected Access) is a subset of the IEEE802.11i Security Enhancements specification.

The BU-945U-E supports WPA-1 TKIP and WPA-2 AES using a Pre-Shared Key (PSK).

• TKIP (Temporal Key Integrity Protocol) enhances WEP by using 128-bit encryption plus separate 64bit Tx and Rx MIC (Message Integrity Check)

keys.

• AES (Advanced Encryption Standard), the most secure encryption method, is also based on 128-bit encryption key and is the recommended

encryption method in most applications.

WPA-Enterprise (802.1x) removes the need to manage the Pre-shared Key (PSK) by using an external server to provide client authentication.
Clients that are not authorized will be prevented from accessing the network. Once a client has provided the correct authentication credentials,
access is permitted and data encryption keys are established, similar to WPA-PSK. Fine-grain (user level) access control can be achieved using
this method.

An 802.1x capable RADIUS server may already be deployed in a large scale network environment. The BU-945U-E can make use of this server
reducing replication of user authentication information.

In a typical WPA-enterprise setup, the BU-945U-E Access point acts as Authenticator, controlling access to the network. Wireless clients
(BU-945U-Es, Laptops or other devices) act as Supplicants, requesting access to the network. The Authenticator communicates with an authenti-
cation (RADIUS) server on the Ethernet network to verify Supplicant identity. When a Supplicant requests access, it sends an access request to the
Authenticator, which passes an authentication request to the external authentication server. When the user credentials of the Supplicant are
verified, the Authenticator enables network access for the Supplicant, data encryption keys are established, and network traffic can pass.

Configuration of WPA-Enterprise differs when the unit is configured as an Access point (Authenticator) or Client (Supplicant).

If WDS interfaces are used, it is possible for one BU-945U-E to act as both an Authenticator and a Supplicant, however in this situation, only one
set of user credentials can be entered for all Supplicants.

After changes are made to Network Configuration, it is important to save the configuration by selecting “Save Changes” or by selecting “Save
Changes and Reset.”

Note: If making changes to a remote module via the radio link please make sure all changes are compliant and accurate
before pressing the “Save to flash and reset” button. Some field changes may stop the radio link from working and will
require a hard wire connection to change back.