Beruflich Dokumente
Kultur Dokumente
Training Doc
Introduction of WiMAX
The WiMAX network uses an approach that is similar to that of cell phones.
Coverage for a geographical area is divided into a series of overlapping areas called cells.
Each cell provides coverage for users within that immediate Area. When subscriber travels
from one cell to another, the wireless connection is handed off from one cell to another.
• A Base station, similar in concept to a cell-phone tower - A single WiMAX tower can
provide coverage to a very large area -- as big as 3,000 square miles (~8,000 square
km).is mounted on a tower or tall building to broadcast the wireless signal.
Page 1 of 34
Banglalion Communications Ltd. Training Doc
The user pays the service provider for wireless Internet access, just as they would for a
normal Internet connection via a cable network. The service provider provides the end user
with the CPE, software, an userid and a password.
If the CPE at the user end catches the signals, an uninterrupted internet connection will be
established as long as the signal is available. One WiMAX base station can send signals over
distances of several miles depending on the terrain. The more flat the terrain, more the
coverage area. If end user moves from one base station to another, your laptop receiver will
hook up to the other base station (of the same service provider) with a stronger signal.
We are using the radio frequency 2.5 GHz which is a 35 MHz spectrum and the range is from
2585—2620 MHz.
If we see the available usage of RF frequency all over the world in respect to WiMAX
we can see WiMAX basically high RF frequency which nature is more likely Microwave
frequency.
Canada Russia
2.3/2.5GHz 2.3/2.5/3.5GHz
3.5/5GHz Europe 5GHz
3.5GHz
USA 5GHz
1.5/2.3GHz
2.5/5GHz
Asia Pacific
2.3/3.3/3.5GHz
ME & A 5GHz
3.5GHz
5GHz
C & SA
2.5/3.5GHz
5GHz
We can check the status of Air interface or Um interface by checking some parameter at the
user end which are:
Receive Signal Strength Index (RSSI): This is the parameter which basically indicates the
strength of signal which comes from WiMAX BTS.
Page 2 of 34
Banglalion Communications Ltd. Training Doc
Usually RSSI is good for near to the BTS and getting worst if we go away from the BTS.
Sometimes it is bad even if we are near to BTS as because of blockage.
The above picture shows MS B is getting poor signal than MSA as because of large distance
from BTS/Tower. In technical language it is called “Path Loss”. Sometimes we may
experience different scenario, for example we may get poor signal even if we are very close to
BTS. Refer to the picture below:
In the above picture there is an wall or blockage in between BTS and MS, so it’s getting poor
signal. As a result RSSI will be poor for this MS.
RSSI Unit: Usually we defined this parameter in dB. Its value is always negative. So the value
tends to zero is better. For example if RSSI of MSA is -60dB and MS B is -85 dB so MS A is in
better condition. This value can not be zero. Maximum RSSI value can be up to -30 dB and in
worst case RSSI can be up to -120 dB.
Carrier to Interference and Noise Ratio (CINR): The name indicates it is an ratio. So
mathematically we can write:
CINR = Carrier (Our desired WiMAX signal)/ (Noise (System Noise)+Interference (Either
external or internal))
This is another parameter by which we can measures the signal status or quality. The main
challenge in WiMAX technology is interference. So the RF engineers try to minimize this
interference as much as possible.
This value is not depending on the BTS position as like RSSI but it depends on Radio
planning, external illegal users.
Page 3 of 34
Banglalion Communications Ltd. Training Doc
CINR Units: This parameter is unit less as because its an ratio. The CINR is better if its value
is greater. For example: CINR of MS A with 20 is better than CINR of MS B 10. The greater
the value the better it is. This value is up to 40. But the minimum value for WiMAX service is
at least 10. WiMAX CPE or MS still sometimes work under CINR value 10 but that one is not
guaranteed service.
In summary, we have to check the combined RSSI and CINR value to have the status and
quality of signal. Both parameters should be in acceptable range for better service.
At present we are providing multi vendors CPE and MS to our end users/ Subscribers. The
CPE which we usually provide are:
Subscriber can’t buy any CPE from the free market. The subscriber has to choose one from
the tested one that we are providing.
Dongle / USB Modem: It is small and can use it with our laptop or desktop. The antenna gain
of this type of USB modem is only 2 dBi. It is suggested to use this type of USB modem in
good radio condition (for example: RSSI>= -75; CINR>= 15)
Indoor CPE: This type of CPE usage in indoor as it name indicates. The main difference in
between USB modem and indoor CPE is the antenna gain (which is 4 to 6 dBi) higher
than USB modem and need external power source to run this modem as well as one Ethernet
cable if no built-in Wi-Fi.
Page 4 of 34
Banglalion Communications Ltd. Training Doc
It can work with poor radio condition than USB modem. We suggest to use this type of
modem placing near window.
Outdoor CPE: This is very similar with indoor CPE but the name indicates that this type of
CPE placed in outdoor (maybe wall mounted). The antenna gain is higher than indoor CPE
(above 10 dBi). As the antenna gain is high it is capable to work in poor radio condition.
Typical scenario is it is used in village or used in place where radio signal is poor.
So, in WiMAX network there are several types of users using several types of CPEs in
different radio signal status.
In Bangladesh the clutter (Area Scenario) is not the same all over the country. Some areas
are highly dense (for ex: City area), some are less dense (for ex: thana, upozilla) and some
are in almost flat area (for ex: village area). The coverage also varies with respect to this
clutter definition.
Page 5 of 34
Banglalion Communications Ltd. Training Doc
In WiMAX technology one site has three antennae and each Antennae has one WBS
(Wireless Base Station). This type of naming is vendor dependent. For Alcatel it is WBS
where as in other vendors (ZTE or Huawei) they are called RRU (Radio Receiving Unit) in
each sector. But three antennas in one site is the unique configuration. Rarely some of the
sites may have two sectors (two antennae).
Conclusion
In summary Radio part is not as smooth as like other part of WiMAX network. This document
is just having an idea or overview of Radio part of WiMAX technology. In reality the scenario is
much more complex and complicated.
Core Network
There are different network elements in the core network and those are AAA, switch, Router,
HA etc.
Page 6 of 34
Banglalion Communications Ltd. Training Doc
What Is Radius?
However, it has evolved a lot since then, and has become the authentication standard for any
other access technology: xDSL, GPRS/UMTS, CDMA2000/1xEVDO, IPsec with
IKEv1&IKEv2, etc. And also for access over Ethernet (802.1X) including Wi- Fi and Wi-Max.
• RADIUS client (WAC, Home Agent… in WiMAX), which is usually the access device
that provides IP connectivity to users. This Network Access Server is also known as
NAS in RADIUS terminology.
• RADIUS server, which is a central repository of user authentication information and
user profiles, that based on some configuration, decides to authorize the user into the
network and how.
Authentication types
1. Verify the user trying to connect (user authentication), to validate that (s)he really
belongs to that Network Service Provider to connect in that network (NSP) and can be
billed for the connection and access the company intranet (or
IP network),
2. For the user to verify that (s)he connecting to the correct network, and not to a
hacker’s network (network authentication)
Page 7 of 34
Banglalion Communications Ltd. Training Doc
security, these keys should be dynamically changed. This imply doing a user re-authentication
periodically (every 30 min, every hour, etc.). This
EAP Overview
The authenticator is the element that will prompt the user to be authenticated, and will
encapsulate any EAP message coming over Ethernet into RADIUS, and vice versa.
• End-to-end authentication, between the user and the final AAA server. Even if there
are proxy-radius servers in between, they won’t be able to know about the user’s
credentials.
• The EAP authenticator (the WAC for WiMAX) doesn’t have to understand the
authentication mechanism used (EAP-TTLS, EAP-AKA, etc.), and even if in the future
new EAP methods arise, it won’t need to be modified to understand it.
The 1st message in any EAP exchange is an EAP-Identity where the user provides an
Identity in the form of NAI (Network Address Identifier), made up of:
NAI = <identity>@<realm>
The realm is the network Identifier where this user is registered, and is used between RADIUS
servers to proxy the RADIUS request to the correct AAA server in case of roaming.
EAP-TTLS
Page 8 of 34
Banglalion Communications Ltd. Training Doc
It also provides mutual authentication, as the user knows (s)he is connecting to the right
network because the AAA server provides an X.509 digital certificate, usually issued by the
WiMAX Forum®.
Optionally, it can also authenticate the device, in case the device has a digital certificate
issued by the device manufacturer.
In WiMAX, the EAP-TTLS version used is the 0.6, and the inner method used to authenticate
the user by login/password is MS-Chap-V2.
• It supports putting a different User-Name inside the TTLS tunnel, than the EAP-
Identity for outside of the TTLS tunnel (should be at least a random 32-digit
Hexadecimal number, to comply with the standards)
• It supports different authentication methods inside the TTLS tunnel: PAP, CHAP
& MsChapV2
Page 9 of 34
Banglalion Communications Ltd. Training Doc
Due to the digital certificate verification, which involves very complex cryptographic
operations, EAP-TTLS is very CPU intensive, both in the EAP server and the EAP supplicant.
As the EAP server has to authenticate several users in parallel, this CPU issue can be a
bottleneck in the AAA server.
As the users have to re-authenticate periodically (30 or 60m) to verify the user is still there
and to generate new keys to encrypt the session traffic in the air interface
(PKMv2), EAP-TTLS provides a session-resumption mechanism. Basically, during the
1st EAP-TTLS full authentication, the EAP server and the EAP supplicant generate a session
key, which can be used for the next re-authentications, so that the authentication can take
place without the exchange and verification of the X.509 digital certificate(s).
This session resumption is very advantageous for the AAA server, as the CPU usage is
reduced, but the EAP supplicant must also support it to take full advantage of it. It not, a full
authentication will have to take place as in the 1st authentication of the session.
EAP-TLS
EAP-TLS (Transport Layer Security) is a mechanism that provides mutual authentication (the
EAP server authenticates before the EAP supplicant, and the Supplicant before the user)
based on having each peer an X.509 digital certificate.
In this case, there is no login/password, and the subscription is not associated to a person
(login) but to the device itself. The EAP-Identity used will be the device MAC address (without
dashes).
Page 10 of 34
Banglalion Communications Ltd. Training Doc
• Temporal access to a WiMAX network from the user’s device, usually paying in
advance to having the service. Typically in an airport or fair via a web portal
• Satellite TV STB (Set Top Box), where the return channel is via WiMAX instead of via
dial-up modem.
• Rental of CPE/USB dongles, where the user pays both for the service and for the
device
• Remote measuring devices spreaded across the country, and the measuring company
has the list of provisioned MAC address.
In these cases, the device must have the MAC address inside the digital certificate, that
guarantees the authenticity of that MAC address and that it hasn’t been hacked. The typical
certification authority will be the WiMAX Forum®, which will issue sub-CA certificates to the
manufacturers.
There can even be another case where there is no subscription neither by login/password nor
by device; anonymous access for free. In this case, the digital certificate subject (the MAC
address) is not validated to be in a list of paying/allowed MAC addresses, and even the device
could not provide a digital certificate.
This type of access is used for On-Line Subscription (OLS). The user connects initially to the
WiMAX network of the NSP, but can not access the Internet, only a subscription portal to
register initially in the network, and paying a fee for the access. In that subscription portal, the
user will auto-register and will associate the money paid
In this case, the device will indicate it doesn't want subscription authentication because the
user wants to do On-Line Subscription, by prefixing the Identity with
{sm=1}. The rest of the identity is the device MAC address, and the realm indicates to which
NSP the user wants to subscribe to:
{sm=1}<MAC>@<NSP realm>
Summary of EAP methods and the authentication types they are valid for
The following table tries to make a summary of the different authentication types that can be
used in WiMAX.
Page 11 of 34
Banglalion Communications Ltd. Training Doc
For providing Video on Demand, DATA, VOICE, VIDEO, VPN, Video Conference we can use
following service profile type.
Page 12 of 34
Banglalion Communications Ltd. Training Doc
Work Flow
In this case, the WAC receives all user IP information via RADIUS. When the WAC receives
the DHCP Discover message from the user, instead of doing a relay to a DHCP server, it will
answer the message directly with the information provided by the AAA server. This way of
behaving is know as “DHCP proxy” instead of “DHCP relay”.
Page 13 of 34
Banglalion Communications Ltd. Training Doc
The DNS is a hierarchical naming system for computers, services, or any resource
connected to the Internet or a private network. It associates various informations with
domain names assigned to each of the participants. Most importantly, it translates
domain names meaningful to humans into the numerical (binary) identifiers associated
with networking equipment for the purpose of locating and addressing these devices
worldwide. An often used analogy to explain the Domain Name System is that it serves
as the "phone book" for the Internet by translating human-friendly computer hostnames
into IP addresses. For example, www.banglalion.com.bd.com translates to 180.149.31.2.
The Domain Name System distributes the responsibility of assigning domain names and
mapping those names to IP addresses by designating authoritative name servers for
each domain. Authoritative name servers are assigned to be responsible for their
particular domains, and in turn can assign other authoritative name servers for their sub-
domains. This mechanism has made the DNS distributed, fault tolerant, and helped
avoid the need for a single central register to be continually consulted and updated.
In general, the Domain Name System also stores other types of information, such as the
list of mail servers that accept email for a given Internet domain. By providing a
worldwide, distributed keyword-based redirection service, the Domain Name System is
an essential component of the functionality of the Internet.
Page 14 of 34
Banglalion Communications Ltd. Training Doc
Introduction to DHCP
Benefits of DHCP
DHCP enables this entire process to be automated and managed centrally. The DHCP
server maintains a pool of IP addresses and leases an address to any DHCP-enabled
client when it starts up on the network. Because the IP addresses are dynamic (leased)
rather than static (permanently assigned), addresses no longer in use are automatically
returned to the pool for reallocation.
The network administrator establishes DHCP servers that maintain TCP/IP configuration
information and provide address configuration to DHCP-enabled clients in the form of a
lease offer. The DHCP server stores the configuration information in a database, which
includes:
Page 15 of 34
Banglalion Communications Ltd. Training Doc
Term Definition
DHCP server A computer running the DHCP Server service that holds
information about available IP addresses and related
configuration information as defined by the DHCP administrator
and responds to requests from DHCP clients.
DHCP client A computer that gets its IP configuration information by using
DHCP.
Scope A range of IP addresses that are available to be leased to DHCP
clients by the DHCP Server service.
Subnetting The process of partitioning a single TCP/IP network into a
number of separate network segments called subnets.
DHCP option Configuration parameters that a DHCP server assigns to clients.
Most DHCP options are predefined, based on optional
parameters defined in Request for Comments (RFC) 2132,
although extended options can be added by vendors or users.
Lease The length of time for which a DHCP client can use a DHCP-
assigned IP address configuration.
Reservation A specific IP address within a scope permanently set aside for
leased use by a specific DHCP client. Client reservations are
made in the DHCP database using the DHCP snap-in and are
based on a unique client device identifier for each reserved
entry.
Exclusion/exclusion One or more IP addresses within a DHCP scope that are not
range allocated by the DHCP Server service. Exclusions ensure that
the specified IP addresses will not be offered to clients by the
DHCP server as part of the general address pool.
DHCP relay agent Either a host or an IP router that listens for DHCP client
messages being broadcast on a subnet and then forwards those
DHCP messages directly to a configured DHCP server. The
Page 16 of 34
Banglalion Communications Ltd. Training Doc
Page 17 of 34
Banglalion Communications Ltd. Training Doc
Check the OS in the computer. Also check the service pack for that OS
---Select My Computer
Page 18 of 34
Banglalion Communications Ltd. Training Doc
Page 19 of 34
Banglalion Communications Ltd. Training Doc
Page 20 of 34
Banglalion Communications Ltd. Training Doc
Page 21 of 34
Banglalion Communications Ltd. Training Doc
Page 22 of 34
Banglalion Communications Ltd. Training Doc
Page 23 of 34
Banglalion Communications Ltd. Training Doc
Page 24 of 34
Banglalion Communications Ltd. Training Doc
Make power ON
Click OK
Page 25 of 34
Banglalion Communications Ltd. Training Doc
Page 26 of 34
Banglalion Communications Ltd. Training Doc
Page 27 of 34
Banglalion Communications Ltd. Training Doc
Page 28 of 34
Banglalion Communications Ltd. Training Doc
Type: cmd
Page 29 of 34
Banglalion Communications Ltd. Training Doc
Press enter and verify the IP Adress, Subnetmask, Defaultgetway, DNS and DHCP
server, Physical Address
Page 30 of 34
Banglalion Communications Ltd. Training Doc
Page 31 of 34
Banglalion Communications Ltd. Training Doc
Page 32 of 34
Banglalion Communications Ltd. Training Doc
Page 33 of 34
Banglalion Communications Ltd. Training Doc
Page 34 of 34