Beruflich Dokumente
Kultur Dokumente
Features
Additional Security
- FIPS mode operation with AES 256 encryption
- New security option order code 80i-P-WE2
- FIPS 140-2 Level 2 Security Standard (NIST/CSE)
- 128, 192 & 256 bit AES over-the-air encryption
- Digitally signed software binary files
- RADIUS Support (standard)
- Authenticate access and device management
- SNMP v3 Support (standard)
- Authorization methods using MD5 or SHA with privacy methods DES or AES
- Uses same accounts (username/password) for SNMP v3, CLI and Web connections
Improved Usability
- Notification of temporary key expiration (log message/SNMP trap)
- New statistics compiled each 15 minutes for RMS reports
- Notification when logging in during 'long reset' opportunity
- Data link status indicator
Check the latest AN-80i user manual for a compete description of all new features. Refer
to Chapter 8 for a complete description of the FIPS mode of operation.
Compatibility
Hardware
Options Keys
PTP option keys are required to run PTP software. Each deployed AN-80i unit
requires a PTP options key.
FIPS mode operation is an optional feature and requires purchase of an
options key supporting this feature.
Interoperability
AES is not over the air compatible with any prior software release.
Digitally Signed
Binary File
RL80PTPZR_0400_98.sbin
70-00083-02-03
Page 1 of 4
AN-80i PTP
Feature Reference
Refer to the AN-80i User Manual for information on new features and related updates.
Description
Document
CLI General.
3.3
6.1.4
6.1.6
6.1.8
6.1.9
5.1
FIPS Mode
3.3
3.4.4
6.1.8
6.1.8
FIPS Mode
Long Reset
7.1
5.3
RADIUS
3.4.1
3.4.3
Statistics
Resolved Issues
684
Problem Description
Resolved in Build
User Accounts: The AN-80i does not report an error when CLI is
used to enter passwords longer than 15 characters (password is
truncated to 15 characters).
v3.11.010
v4.00.087
v4.00.98
70-00083-02-03
Page 2 of 4
AN-80i PTP
System Behavior
Software Download
Important Notice for - Read this section carefully.
New security features for uploading software have been introduced beginning with PTP
v4.00. If a signed software binary is uploaded into both AN-80i software banks, it will not
be possible to upload a previous version of software that is not digitally signed.
With the introduction of FIPS 140-2 level 2 security software, the AN-80i is permitted to
upload only digitally signed software files (*.sbin). The use of signed software binary files
provides enhanced security for all operators by verifying the authenticity of the software
binary file, and that the file has not been altered in any way.
The restriction to load only digitally signed files prevents the uploading of unsigned
versions of PTP or PMP software while FIPS-enabled software is active on the AN-80i.
This restriction is a new general security feature and is not affected by the status of the
FIPS option.
This restriction does not affect switching between the two software banks on the AN-80i.
For example, after uploading and executing FIPS-capable software, use the following
steps to upload an unsigned software binary file:
1. Go to the Configuration screen and select the non FIPS-capable software version
(e.g., PTP v3.nn, or PMP v12.nn). Click Save and then reboot the AN-80i.
2. When the AN-80i completes the reboot cycle, use the Upload Software screen to load
the desired unsigned software binary file. The uploaded file will overwrite the inactive
software bank.
If you are unable to resolve an operating issue resulting from this upload restriction
contact Redline customer support for assistance.
Configuration
1. When 64-bit Redline encryption is used, the Peer MAC address must be entered, and
the Link Name and encryption settings must be identical on communicating systems.
2. When ATPC is enabled, best results are obtained by also enabling Adaptive
Modulation.
3. When Adaptive Modulation is enabled, the maximum achievable uncoded burst rate
(UBR) is limited to the wireless Uncoded Burst Rate setting.
4. Refer to the Table 4: Web - Maximum TX Power Settings (dBm) and Table 5: Web Modulation/Coding in the AN-80i User Manual to determine the maximum transmit
power level available at each modulation setting.
5. In some deployment scenarios, high Tx Power settings may result in lower than
expected SINADR values. Lowering the TX power may provide higher SINADR.
6. RSA is not used for SSH connections in v4.00 and higher.
Management
1. A permanent Options Key must be entered for in-service operation. AN-80i units
2.
3.
4.
5.
shipped from the factory do not contain any options key, and allow only restricted
operation (frequency range, channel size, data rate, etc.).
Changes made to the Telnet port setting are not effective until the AN-80i is rebooted.
The AN-80i does not send a Linkdown trap following a reboot.
Only Microsoft Internet Explorer 6 or higher is fully supported for the Web GUI.
The SNMP objects ifAdminStatus and ifOperStatus report the status of the Radio
Enable setting (Wireless Configuration screen).
70-00083-02-03
Page 3 of 4
AN-80i PTP
6. The long reset login opportunity (30 seconds) begins approximately 75 seconds after
the initiating power-cycle sequence. Refer to section 6.2 Long Reset (Recover from
Lost IP or Password) in the AN-80i User Manual.
7. A duplex mismatch between the data port and the customer Ethernet device may
cause a lockup condition on the AN-80i internal Ethernet switch resulting in loss of
data connectivity over Ethernet interface. Management of a remote system will be
available over-the-air. Reboot the AN-80i to restore Ethernet connectivity. If rebooting
the AN-80i does not restore connectivity, a long reset must be performed. Refer to the
AN-80i User Manual for instructions.
It is strongly recommended to manually set all devices to matching speed and duplex.
If manual settings are not available, both devices must be set to auto-negotiate.
8. SSH does not support the DELETE key function. Use the BACKSPACE key.
9. Linux Telnet clients do not support DELETE or BACKSPACE keys. Use CTRL-H.
Status
1. Following a power loss lasting less than 10 seconds, the AN-80i may require up to 10
Software Upgrade
Before You Begin
Review the following list before beginning the upgrade procedure.
Obtain a copy of the software binary file.
For new installations, an options key must be purchased for each unit.
The operator must login as administrator.
A network computer or portable PC is required. Configure a TFTP server and copy the
software binary file to the server default directory.
Upgrade the remote unit before upgrading the local unit.
Page 4 of 4