802.11b Access Point and Device Point
Technical training
http://www.axis.com
Agenda
 System Overview
 Marketing information
 WLAN Technology
 Security
 802.11b Access point
 802.11b Device Point
 Hands on Training
System Overview
System Overview
The 802.11b Access Point is connected on the
main network.
The Camera is connected to the 802.11b Device
Point.
System Overview
Internet
Device
Point
Device
Point
Access Point
Device
Point
Future overview
*Today only one device can be connected to the Device Point through the
network interface but a future SW-release will (probably) contain multiple
device support. This is not a big issue in our customers cases. Our
customers will probably only connect one camera to each Device Point.
Future overview
Internet
Device
Point
Access Point
Device
Point
Multi-Client Support
(will probably be
available)
How to connect the 802.11b Access Point
 Connect the 802.11b Access Point on the main
network.
 Configure the 802.11b Access Point from a
computer on the main network (Smart AP utility)
 Configure the network parameters and the Securitysettings.
How to connect the Camera to the 802.11b Device Point
 Use a cross over connected UTP Ethernet cable to connect the
Camera Server to the Device Point.
 The 802.11b Device Point is a bridge (converter) between cabled
Ethernet and wireless Ethernet (IEEE 802.11b).
 Today only one camera can be connected to each Device Point.
Marketing information
802.11b Wireless Device Point
Main messaging
Make your move from wired to wireless surveillance!
Unleash your video surveillance cameras with
802.11 Device Points from Axis!
Features and benefits
 The 802.11b Wireless Device Point allows Axis network video
products to integrate into new and existing WLAN
infrastructures
 Eliminates the need for network cabling within network video
solutions—lowering both the cost and complexity of the
installation
 Mobility. Wireless capability enables easy relocation of
complete surveillance/monitoring systems
 Fully compatible with 802.11b Access Points from Axis
Features and benefits (cont.)
 Supports 128-bit WEP encryption for reduced risk of
unauthorized video access
 Platform independent with no special driver software
required
 Dual antenna design ensures optimal RF performance
 Range: 100m (los) with reduced bandwidth
 Range: 30 m (los) with full bandwidth
Key Applications
 All traditional camera video applications are applicable;
the key feature of 802.11b Wireless Device Point is to
remove the need of network cabling.
 Public transportation – wireless capability enables
surveillance in hard to reach spots
 Building security – allows for surveillance in older
buildings without the need for extensive rewiring of the
building infrastructure.
Key Applications (cont)
 Surveillance of shopping centers and malls –
wireless capability enables surveillance in
hard to reach spots
 Marketing – Broadcasting, cameras can watch
otherwise unreachable points of interests
 Industrial process monitoring – wireless
capability enables surveillance in hard to
reach spots
 Monitoring of events (as example trade shows,
concerts etc.) - wireless capability enables
easy reallocation of the complete system)
Bundles
 The 802.11b Wireless DevicePoint will be
bundled with the following products:
 AXIS 2100 Network Camera
 AXIS 2120 Network Camera
 AXIS 2130/2130R Network PTZ Camera
EMEA Pricing
Product Name
List
Price
802.11b Device Point
AXIS 2100 Wireless Bundle
AXIS 2120 Wireless Bundle
AXIS 2130/2130R PTZ Wireless Bundle
169 €
499 €
1349 €
1845 €
US Pricing
Product Name
List
Price
802.11b Device Point
AXIS 2100 Wireless Bundle
AXIS 2120 Wireless Bundle
AXIS 2130/2130R PTZ Wireless Bundle
169 $
399 $
1049 $
1799 $
Important
 The product has a radio type approval to be sold in the
following countries:
 Austria, Belgium, Denmark, Finland, France, Germany,
Ireland, Italy, Luxembourg, the Netherlands, Norway,
Portugal, Spain, Sweden, Switzerland, USA and the
United Kingdom.
 It cannot be sold outside these countries for legal
reasons.
802.11b Wireless Access Point
Main messaging
Make your move from wired to wireless networks
Unleash your video surveillance cameras and
network printing with 802.11b Wireless Access
Points from Axis!
Features and benefits
 Provides an easy and flexible approach towards developing a
variety of wireless applications
 Facilitates wireless network video installations that can be
viewed from anywhere, and complete wireless printing
solutions together with the
AXIS 5900 Print Server
 Fully compatible with 802.11b Device Points from Axis
 Provides 128-bit WEP encryption, mac-address filtering and
hidden accesspoint for added security
 Dual antenna design ensures optimal RF performance
US Pricing
Product Name
List
Price
802.11b Access Point
169 $
EMEA Pricing
Product Name
List
Price
802.11b Access Point
169 €
Important
 The product has a radio type approval to be sold in the
following countries:
 Austria, Belgium, Denmark, Finland, France, Germany,
Ireland, Italy, Luxembourg, the Netherlands, Norway,
Portugal, Spain, Sweden, Switzerland, USA and the
United Kingdom.
 It cannot be sold outside these countries for legal
reasons.
Wireless LAN Technologies Overview
Network Definitions
 Channel
─ The medium use for passing data in specific frequency, such as 2.4GHz.
 BSS (Basic Service Set):
The conceptual area within which members of a basic service set may communicate
Infrastructure mode
 ESS (Extended Service Set):
A set of one or more interconnected BSSs and integrated WLANs.
Infrastructure mode
 IBSS (Independent BSS)
─ Ad-Hoc mode
Authentication
 Association
 Wired Equivalent Privacy (WEP)
 Wireless Distribution System (WDS)
The whole interconnected Wireless LAN, including the different cells, their respective Access
Points and the Distribution System
Infrastructure-BSS
Access Point
 BSS/ESS uses
infrastructure
mode.
Client
Basic Service Set – single cell
Infrastructure-ESS
Access Point
Access Point
Client
Client
Ad-Hoc (IBSS)
 IBSS uses AdHoc mode
How to Join the Infrastructure Network
ID : SanDisk1
Channel 7
Open system
w/o WEP
Searching
Auth.
Access Point
Assoc.
Connected
Client
How to Join Infrastructure Network
 Synchronization
 Searching target wireless networks
 Active Scanning (STA probes a frame)
 Passive Scanning (STA waits for a Beacon) – XI-815
 The Authentication Process
 To get authenticated from the target wireless network
 The Association Process
 A state where a client is allowed to pass data through an AP
 Additional Authentication(802.1x)
 Exchange the ID & Password with RADIUS server
Roaming
Inter-cell Roaming
The Unlicensed Radio Frequency Spectrum
5.15-5.35
5.725-5.825GHz
IEEE 802.11a
HiperLAN/2
Physical Layer
802.11a
802.11g
802.11b
Standard
Approved
September 1999
September 1999
September 1999
Available
Bandwidth
300MHz
83.5MHz
83.5MHz
Unlicensed
Frequencies of
Operation
5.15-5.35GHz
2.4-2.4835GHz
2.4-2.4835GHz
3(Indoor/Outdoor)
3(Indoor/Outdoor)
1,2,5.5,11
1,2,5.5,11Mbps
Number of Nonoverlapping
Channels
5.725-5.825GHz
4(Indoor)
4(Indoor/Outdoor)
4(Indoor/Outdoor)
Data Rate Per
Channel
6,9,12,18,24,36,48,54
Mbps
6,9,12,18,22,24,33,36,48,54Mbps
Modulation
OFDM
DSSS,OFDM
DSSS
PBCC(O),CCK-OFDM(O)
CCK
Channel Plan – 802.11/11b/11g
Channel Spacing (5MHz)
2.462
2.437
2.412
Non-overlapping channels
Co-Channel Interference
3
2
1
3
1
3
2
1
2
1
3
2
11
1
3
2
1
2
6
1
1
3
11
1
11
6
1
Channel Plan : {1,6,11} or {…}
Hidden notes interfere
6
1
11
6
1
11
6
1
6
1
11
1
Robust for Interference
 Sources of interference in 2.4GHz band
 Main Source: consumer microwave ovens
– Spread Spectrum Receiver design allows narrowband interference
– Rate reduction allows even more robust operation
 Other radios
– RFID tag ( radio frequency ID tag )
– Generally, various systems in the 2.4GHz and will interfere with each
other
 Bluetooth, IEEE802.11 and Home RF are currently imcompatible and
will interfere
 IEEE802.11 and Home RF interoperability is currently being evaluated
by Home RF working group
Security
Why Security is so important?
 Privacy
 Preventing Unauthorized Access
 Information security (read only/fully authorized)
 Preventing Attacks
 Virus
 Personal Security Policy
 Networking Security Policy
 Tunnel
 Firewall
How to protect your network?






Use virus protection software
Use firewall
Set up personal and group firewall.
Do not open unknown email attachments
Do not run programs of unknown origin
Disable hidden filename extensions
 Keep all applications (including your operating system) patched
 Turn off your computer or disconnect from the network when not in
use
 Disable Java, JavaScript, and ActiveX if possible
 Disable scripting features in email programs
 Make regular backups of critical data
 Make a boot disk in case your computer is damaged or
compromised
Security in the 802.11b
SSID (Wireless network name)
Authentication
MAC address Control
WEP-keys
However…
 Wireless Network Vulnerability
 2.4GHz radio signal and unlicensed
band
 Broadcasting all the time
 WEP Encryption has been broken by certain
means, it is not secure any more.
 Authentication process is not strong enough since
WEP encryption has been defeated.
Recommendation 1
 More secure with WEP on than with WEP off.
 The wireless link between the AP and client is only one
small part of a secure network.
 Large companies should implement end-to-end security
 VPN, RADIUS, IEEE 802.1x
 Home and small business can take several measures to
improve security until a solution is available
Recommendation 2
 Turn WEP on and manage your WEP key by changing the
default key
 Changing the WEP key, daily to weekly.
 Password protect drives and folders.
 Change the default SSID (Wireless Network Name).
 Use MAC address control.
 Use a VPN system. Though it would require a VPN server,
the VPN client is already included in many operating
systems such as Windows 98 Second Edition, Windows
2000 and Windows XP.
802.11b Access Point
Hardware Overview
 Solution
 Atmel (Z-Com)
 Power Supply
- 5V
 LAN Port
 One 10Base RJ-45 LAN port – a cross Ethernet cable is included
 Antenna Design
 One Dipole and one PIFA
Led Status
PWR
Green
Power enabled
Off: No Wireless LAN activity
WLAN
Green
Flashing: Wireless LAN traffic
activity
Off: No Ethernet traffic activity
LAN
Green
Flashing: Wired LAN traffic activity
On: Connect to the Ethernet.
Feature Highlights
 AP Operation Modes
 AP
 Repeater
 AP with Repeating
 Configuration Management
 Web-based and Windows-based
configuration
 SNMP MIBII support (monitoring)
AP with Repeating
Wired Network
AP with
Repeating
The AP is capable of performing AP
and Wireless Bridge function at the
same time. Same channel is
required for all bridges.
AP with
Repeating
AP with
Repeating
Wired Network
AP / Repeater only
Wired Network
Bridge
(repeater)
Repeater Bridge
While using a wireless bridge
in this configuration has the
advantage of extending the link,
it has the disadvantage of
decreased throughput due to
having to repeat all frames
using the same half duplex
radio. Same channel is
required for all bridges.
Bridge
(repeater)
AP with
Repeating
Wired Network
Feature Highlights (Cont.)
 Standard:
Wi-Fi Compliant (not certified)
 Security
 WEP encryption up to 128-bits
 MAC Filtering (up to 128 wireless nodes)
 Hidden Access Point
What security means does 802.11b Access Point
provide? (I)
 WEP
 40bit encryption
 Alphanumeric: 5 characters
 Hexadecimal: 10 hexadecimal digits
 128bit encryption
 Alphanumeric: 13 characters
 Hexadecimal: 26 hexadecimal digits
What security means does 802.11b Access Point
provide? (II)
 MAC Access Control
 Enable MAC access control
 Click “Add” to enter MAC addresses
 Click “Apply”
 Only the client with the MAC address
that is listed on the table is allowed to
associate with the Access Point
 At most 128 clients
What security means does 802.11b Access Point
provide? (III)
 Enable Security and select “Hide
Access Point” to make AP invisible for
AP browsing engaged by stations.
 If stations get the correct SSID, stations
still can connect to AP by assigning
SSID manually.
802.11b Access Point
Management/Configuration
How to configure the 802.11b Access Point
 Via Web-based utility
 Via Windows-based utility
Windows-Based Utility
By installing and using
Wireless Access Point Utility
in Any PC on the local
network,
you may then access and
configure the Wireless
Station Adapter Anywhere
on the local network.
Password: default
Windows-Based Utility - Info
Shows the Current
Information of the
Wireless
Station Adapter, including
ESSID, AP name, Channel,
Mode, SNMP, DHCP Client,
IP address, subnetmask and
default gateway.
Windows-Based Utility –
Parameter Setup
Configurable
parameters
includes ESSID, AP
name, Channel, Mode,
SNMP, DHCP Client,
IP address subnetmask,
default gateway and
password.
Windows-Based Utility –
Security
To prevent unauthorized
wireless stations from
accessing data transmitted
over the network, the
Wireless LAN Micro
Access Point offers
security
Options such as WEP,
MAC Access Control as
well as Hide AP Access.
Windows-Based Utility –
WEP
For 40-bit WEP
ASCII: 5 characters (case sensitive) ranging from
“a-z”, “A-Z” and “0-9” (e.g. MyKey)
Hex: 10 hexadecimal digits in the range of “A-F”,
“a-f” and “0-9” (e.g. 11AA22BB33)
Passphrase: click Generate to generate WEP keys
automatically.
For 128-bit WEP
ASCII: 13 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g.
MyKey12345678)
Hex: 26 hexadecimal digits in the range of “A-F”,
“a-f” and “0-9” (e.g.
00112233445566778899AABBCC)
Passphrase : click Generate to generate WEP
keys automatically.
Windows-Based Utility –
MAC Access Control
With the Access Control
Table enabled, you can
authorize wireless units to
access the Access Point by
identifying the MAC
address of the wireless
devices that are allowed
access to transmit data.
Windows-Based Utility –
Hide AP Access
With hide AP access
enabled by checking
“Hide AP Access” check
box, wireless stations
with ESSID “ANY” will
not browser and
associate to the Wireless
Micro Access Point.
Windows-Based Utility –
About
Shows the Current
Utility and Firmware of the
Wireless Access point
Windows-Based Utility –
About
With the Firmware Upgrade Utility, you will be able to
upgrade any of the 802.11b Access Point on the network.
Password : default
WEB-Based Utility –
Login
WEB-Based Utility – Info
WEB-Based Utility –
Configuration
WEB-Based Utility – WEP
WEB-Based Utility –
Hide AP and MAC Access Control
WEB-Based Utility –
TCP/IP
802.11b Access Point FAQs
How to reset 802.11b Access Point to the default?
 Software
 Press the “Default”
button of the utility.
 Hardware
 Press the “Default”
button by the side of the
LAN port on hardware
How to upgrade firmware
 Firmware upgrade utility
 Add *.bin file
 Press “Upgrade” button.
How many Wireless Bridges can the 802.11b
Access Point grant the connection with?
 Software limit
 At most 256 clients
 Suggestion
 No more than 4 clients
 Cells around each repeater will overlap by a
minimum of 50%
How to use the “AP with Repeating Mode”
 From the “Mode” item
on utility, select
“AP+Repeater” .
 The same channel is
required to all Access
Points.
How does SNMP work in 802.11b Access Point?
 Enable SNMP.
 Install a SNMP
management tool to
compile the 802.11
MIB files and use the
tool or other tools to
monitor the SNMP
agent.
802.11b Device Point
802.11b Device point Hardware
Overview
 Solution
 Atmel (Z-Com)
 Power Supply
- 5V
 LAN Port
 One 10Base RJ45 LAN port, a cross Ethernet cable is included
 Antenna Design
 One Dipole and one PIFA
 Output Power
18dBm typical
Hardware Overview (Cont.)
PWR
Green
Power enabled
Off: No Wireless LAN traffic activity
WLAN
Green
Flashing: Wireless LAN traffic
activity
On: Associated to the Wireless AP.
Off: No Ethernet traffic activity
LAN
Green
Flashing: Wired LAN traffic activity
On: Connect to the Ethernet.
What security means does the 802.11b Device
Point provide?
 WEP
 40bit encryption
 Alphanumeric: 5 characters
 Hexadecimal: 10 hexadecimal digits
 128bit encryption
 Alphanumeric: 13 characters
 Hexadecimal: 26 hexadecimal digits
 Passphrase
 ASCII string
Act just like Wireless Station
Internet
Device
Point
Access Point
Device
Point
Act just like Wireless Station
Internet
Device
Point
Access Point
Device
Point
Multi-Client Support
(will probably be
available)
How to configure the 802.11b Device
Point?
 Via Web-based utility
 Via Windows-based utility
Windows-Based Utility
By installing and using
Station Adapter Utility in
Any PC on the local
network,
you may then access and
configure the 802.11b
Device Point Anywhere
on the local network.
Password: default
Windows-Based Utility - Info
Shows the Current
Information of the
Device point, including
ESSID, AP name, TX rate,
IP address, subnetmask
and
default gateway.
Windows-Based Utility –
Parameter Setup
Configurable parameters
includes ESSID, AP name,
TX
rate, IP address
subnetmask,
default gateway and
password.
Windows-Based Utility –
Security
To prevent unauthorized
wireless stations from
accessing data transmitted
over the network, the
802.11b Device Point offers
WEP security
options.
Windows-Based Utility –
Security
For 40-bit WEP
ASCII: 5 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g. MyKey)
Hex: 10 hexadecimal digits in the range of “AF”, “a-f” and “0-9” (e.g. 11AA22BB33)
Passphrase: click Generate to generate WEP
keys automatically.
For 128-bit WEP
ASCII: 13 characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (e.g.
MyKey12345678)
Hex: 26 hexadecimal digits in the range of “AF”, “a-f” and “0-9” (e.g.
00112233445566778899AABBCC)
Passphrase : click Generate to generate WEP
keys automatically.
Windows-Based Utility –
About
Shows the Current
Utility and Firmware of the
802.11b Device Point
Firmware Upgrade
Utility
Allow you to upgrade the firmware for the Device point.
Password: default
WEB-Based Utility – Info
802.11b Device Point FAQs
How to reset the 802.11b Device Point to the
default?
 Software
 Press the “Default”
button of the
utility.
 Hardware
 Press the “Default”
button by the side
of the LAN port on
hardware
How to upgrade firmware
 Firmware upgrade utility
 Add *.bin file
 Press “Upgrade” button.
Does the 802.11b Device Point support Wireless
Workgroup Bridge?
 No, not today:
 But it will probably support Wireless
Ethernet Bridge (same as Wireless
Workgroup Bridge) on the later version.
 The number of Ethernet clients will be
limited to under 8.
Demonstration/ Hands On Training
Questions