Professional Documents
Culture Documents
Please read the End User License Agreement before installing or upgrading the AirTight Wi-Fi or AirTight WIPS
server. The End User License Agreement is available at the following location
http://www.airtightnetworks.com/fileadmin/pdf/AirTight-EULA.pdf.
Installing the software constitutes your acceptance of the terms and conditions of the End User License
Agreement.
DISCLAIMER
THE INFORMATION IN THIS GUIDE IS SUBJECT TO CHANGE WITHOUT ANY PRIOR NOTICE.
AIRTIGHT NETWORKS, INC. IS NOT LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS
OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER
PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THIS PRODUCT.
THIS PRODUCT HAS THE CAPABILITY TO BLOCK WIRELESS TRANSMISSIONS FOR THE PURPOSE OF
PROTECTING YOUR NETWORK FROM MALICIOUS WIRELESS ACTIVITY. BASED ON THE POLICY
SETTINGS, YOU HAVE THE ABILITY TO SELECT WHICH WIRELESS TRANSMISSIONS ARE BLOCKED AND,
THEREFORE, THE CAPABILITY TO BLOCK AN EXTERNAL WIRELESS TRANSMISSION. IF IMPROPERLY
USED, YOUR USAGE OF THIS PRODUCT MAY VIOLATE US FCC PART 15 AND OTHER LAWS. BUYER
ACKNOWLEDGES THE LEGAL RESTRICTIONS ON USAGE AND UNDERSTANDS AND WILL COMPLY WITH
US FCC RESTRICTIONS AS WELL AS OTHER GOVERNMENT REGULATIONS. AIRTIGHT IS NOT
RESPONSIBLE FOR ANY WIRELESS INTERFERENCE CAUSED BY YOUR USE OF THE PRODUCT.
AIRTIGHT NETWORKS, INC. AND ITS AUTHORIZED RESELLERS OR DISTRIBUTORS WILL ASSUME NO
LIABILITY FOR ANY DAMAGE OR VIOLATION OF GOVERNMENT REGULATIONS ARISING FROM YOUR
USAGE OF THE PRODUCT, EXCEPT AS EXPRESSLY DEFINED IN THE INDEMNITY SECTION OF THIS
DOCUMENT.
LIMITATION OF LIABILITY
AirTight Networks will not be liable to customer or any other party for any indirect, incidental, special,
consequential, exemplary, or reliance damages arising out of or related to the use of AirTight Wi-Fi, AirTight
WIPS, AirTight Cloud Services, and AirTight devices under any legal theory, including but not limited to lost profits,
lost data, or business interruption, even if AirTight Networks knows of or should have known of the possibility of
such damages. Regardless of the cause of action or the form of action, the total cumulative liability of AirTight
Networks for actual damages arising out of or related to the use of AirTight Wi-Fi, AirTight WIPS, AirTight Cloud
Services or AirTight devices will not exceed the respective price paid for AirTight Wi-Fi, AirTight WIPS, AirTight
Cloud Services, or AirTight devices.
TM
TM
TM
TM
Powered by Marker Packet , Active Classification , Live Events , VLAN Policy Mapping , Smart Forensics ,
TM
TM
WEPGuard and WPAGuard . AirTight Networks and the AirTight Networks logo are trademarks and AirTight is
a registered trademark of AirTight Networks, Inc.
This product contains components from Open Source software. These components are governed by the terms
and conditions of the GNU Public License. To read these terms and conditions visit
http://www.gnu.org/copyleft/gpl.html.
Protected by one or more of U.S. patent Nos. 7,002,943; 7,154,874; 7,216,365; 7,333,800; 7,333,481; 7,339,914;
7,406,320; 7,440,434; 7,447,184; 7,496,094; 7,536,723; 7,558,253; 7,710,933; 7,751,393; 7,764,648; 7,804,808;
7,856,209; 7,856,656; 7,970,894; 7,971,253; 8,032,939; and international patents: AU 200429804; GB 2410154;
JP 4639195; DE 60 2004 038 621.9; and GB/NL/FR/SE 1976227. More patents pending. For more information on
patents, please visit: www.airtightnetworks.com/patents.
Intended Audience
This guide is intended for anyone who wants to configure and use sensors in the ND mode.
Document Overview
This guide contains the following chapters:
1. Modes of Operation of Sensor: Describes the sensor operation modes
2. Guidelines for Using Sensor Operation Modes: Provides guidelines for deploying sensors in various
modes.
3. Guidelines for Configuring and Installing ND: Describes the installation and configuration of a sensor
in the ND mode.
4. Upgrade the Network Detector: Describes how to upgrade a sensor in the ND mode.
5. VLAN States: Explains the various states of a VLAN.
6. Useful Tips: Few tips for ND configuration.
Note: All instances of the term server in this document refer to the AirTight Wi-Fi / AirTight WIPS server,
unless the server name or type is explicitly stated.
Contact Information
AirTight Networks, Inc.
339 N, Bernardo Avenue, Suite #200,
Mountain View, CA 94043
Tel: (650) 961-1111
Fax: (650) 963-3388
For technical support, send an email to support@airtightnetworks.com.
1.
There are two types of AirTight sensors that are available for deployment:
All these sensors are capable of operating in two modes as described below.
Note: In the document, the generic model name SS-300-AT would refer to SS-300-AT-C-10, SS-300-AT-C-50,
SS-300-AT-C-55, and SS-300-AT-C-60 sensors.
Sensor Mode (Sensor): This is the default mode of operation. In this mode, the sensor can be connected to an
access port or a trunk port (802.1Q capable) on a switch. When connected to a trunk port, it monitors multiple
VLANs that are configured on that trunk port and are chosen by the user. The wireless interface of the sensor is
enabled. In this mode, an SS-200-AT sensor can monitor up to 4 VLANs, the SS-300-AT-C-10, SS-300-AT-C-55,
and SS-300-AT-C-60 sensors can monitor up to 16 VLANs, and an SS-300-AT-C-50 sensor can monitor up to 8
VLANs.
Network Detector Mode (ND): This mode must be explicitly configured. In this mode, the ND should be
connected to a trunk port (802.1Q capable) on a switch. It then monitors multiple VLANs that are configured on
that trunk port and are chosen by the user using the ND CLI. The wireless interface of the ND is disabled. In this
mode, an SS-200-AT sensor monitor up to 32 VLANs, the SS-300-AT-C-10, SS-300-AT-C-55, and SS-300-AT-C60 sensors can monitor up to 100 VLANs, and an SS-300-AT-C-50 sensor can monitor up to 50 VLANs.
2.
Guideline 1 Determine the sensor count and placement using air coverage criterion.
You can achieve good air coverage by using appropriate number of sensors that are strategically
placed on the enterprise premises. You can use AirTight Planner or Planning Service to plan for the
right number and placement of sensors for your floor plan.
Guideline 2 Attempt to cover as many VLANs as possible with the sensors on the wired side.
Each sensor can be connected to an access port of a switch. This sensor monitors the VLAN
configured on this access port, in addition to monitoring wireless signals within its radio coverage
area. Same sensor can also monitor additional VLANs by connecting it to a switch trunk port and
configuring the list of VLANs to be monitored.
Guideline 3 Use a ND to cover the remaining VLANs on the wired side.
When a sensor in sensor mode is connected to a trunk port, it can monitor multiple VLANs. In the
sensor mode, a sensor can monitor relatively lesser number of VLANs than that a sensor in the ND
mode can monitor. An SS-200-AT sensor in the sensor mode can monitor up to 4 VLANs and in the
ND mode can monitor a maximum of 32 VLANs. An SS-300-AT-C-10, SS-300-AT-C-55, and SS300-AT-C-60 sensor in the sensor mode can monitor up to 16 VLANs and in the ND mode can
monitor a maximum of 100 VLANs. An SS-300-AT-C-50 sensor in the sensor mode can detect and
monitor up to 8 VLANs and in the ND mode can detect and monitor up to 50 VLANs. The number of
sensors in the sensor mode and the number of sensors in the ND mode should be adjusted based
on the number of VLANs to be monitored.
Guideline 4 Use sensor in remote sites with few VLANs.
Remote sites are generally small and have few VLANs. Therefore, a single sensor should be
sufficient to provide good air coverage as well as network coverage. The sensor can be connected to
a trunk port on the switch. All VLANs at that site are trunked on that switch port. The sensor should
be configured to monitor all VLANs .The following figures show Air cover using sensors and network
cover using sensors and NDs.
3.
For SS-300-AT: 115200 bps, 8 data bits, No parity, 1 stop bit, No flow control
For SS-200-AT; 9600 bps, 8 data bits, No parity, 1 stop bit, No flow control
8. Type the command get mode to ensure that the mode has correctly changed to ND before proceeding to
next step.
Note: In the onsite deployment, either primary or secondary server IP address/ hostname should be specified with
the IP address of the server.
Online Deployment: Provide connection details for ND to connect to the server
In online deployment, sensors do not directly connect to the server. Instead, they connect through a redirector.
The default IP address/ hostname of the redirector is redirector.airtightnetworks.net.
1. Type the set server discovery command.
2. Choose option 2 (which is the default option) and press Enter.
3. Enter the IP address/ hostname of the redirector and press Enter.
Note: In the online deployment, either primary or secondary server IP address/ hostname should be specified with
the IP address/ hostname of the redirector. In case you have problems connecting to the redirector, contact
support@airtightnetworks.com who will guide you through the process.
10
11
Configure only the VLANs that you want the ND to monitor on this trunk port (maximum of 100 for SS300-AT, 50 for SS-300-AT-C-50, and 32 for SS-200-AT). ND will monitor only the configured VLANs.
A VLAN must be configured on the trunk port such that a route exists from the VLAN to the server VLAN.
This VLAN can be tagged or untagged VLAN and is referred to as Communication VLAN of ND. To
configure/change communication VLAN, please refer to the Step 4 above.
Step 8: Use the get vlan id command to get the list of VLANs seen by ND
12
13
Step 10: Ensure that all the VLANs are properly displayed in the Console
1. Go to the Devices > AirTight Devices tab and locate the entry for the ND.
The ND entry has a superscript N and is indicated by
in the (Device) Active Status column. You can
also locate the entry for your ND by matching the Ethernet MAC address displayed on the physical device
with the MAC address displayed in the Console.
2. See the Visible LANs widget below the list of AirTight Devices on the Devices page.
3. You should see all the VLANs that you wanted ND to monitor, along with their correct IP addresses, Net
Mask, and Status as Monitored.
You can also navigate to Devices > Networks tab on the UI and verify the list of networks being
monitored. The following figure shows the Networks tab.
14
4.
When you upgrade a sensor operating in SNDC/Sensor mode, it continues to monitor the previously configured
VLANs, and operates in sensor mode. You can add or delete the VLANs to be monitored by a sensor in sensor
mode from the AirTight Management Console. For details, refer to the Sensor Configuration section in the Users
Guide.
When you upgrade a sensor operating in ND mode, it continues to monitor the previously configured VLANs. You
can add more VLANs to the list of monitored VLANs or delete existing VLANs from the list of monitored VLANs.
The following procedure is recommended:
1. Before upgrade, type the get vlan config command to capture information about all VLANs being
monitored.
2. After the upgrade, type the get vlan config command and compare list of VLANs with those before
upgrade.
3. Configure any missing VLANs that need to be monitored.
AirTight Wi-Fi and AirTight WIPS support the use of a tagged VLAN as the communication VLAN of ND.
Upgrade from versions prior 5.5 to 7.1 Update 1 will keep the communication VLAN as untagged VLAN by
default, but this can be changed to any monitored tagged VLAN using the set vlan config command.
Even for an upgrade of sensor version 4.3, the communication VLAN will default to untagged VLAN.
15
5.
VLAN States
The status of the VLAN configured by the user can be seen using the get vlan status command. The status
of the VLAN can be any of the following:
Inactive and Unmonitored: In this state a VLAN is configured by the user and is not detected. All the
VLANs configured by the user will be in this state, when the ND starts.
Active and Unmonitored: In this state a VLAN is configured by the user and is detected, but not yet
monitored.
Active and Monitored: In this state a VLAN is configured by the user and is monitored by the ND.
Note: The get vlan status command displays the status of the VLAN at that given instance. This status
changes randomly and ND will automatically switch in monitoring the VLANs.
Various messages, their VLAN states, and descriptions of these states are described in the table below:
Message
VLAN State
Description
Inactive and
Unmonitored
Inactive and
Unmonitored
IP address configured,
but no activity seen
Inactive and
Unmonitored
16
6.
Useful Tips
The communication VLAN of ND is used for communication with the server. An untagged VLAN is also
called native VLAN in some switches.
Multiple sensors/NDs can be configured to monitor same VLAN for redundancy purpose, although, at a
particular time, only one connected device will monitor the VLAN.
Do not use Ctrl+C while configuring the VLANs using the set vlan config command.
17