BelAir20 User Guide

BelAir20
BelAir20
User Guide
Draft
Release: 10.0
Document Date: April 6, 2009
Document Number: BDTM02001-A01
Document Status: Draft
Security Status: Confidential
Customer Support: 613-254-7070
1-877-BelAir1 (235-2471)
techsupport@belairnetworks.com
© Copyright 2009 by BelAir Networks.
The information contained in this document is confidential and proprietary to BelAir Networks. Errors and Omissions Excepted.
Specification may be subject to change. All trademarks are the property of their respective owners.
Protected by U.S. Patents: 7,171,223, 7,164,667, 7,154,356, 7,030,712 and D501,195. Patents pending in the U.S. and other countries.
BelAir Networks, the BelAir Logo, BelAir200, BelAir100, BelAir100S, BelAir100C, BelAir100T, BelAir20, BelView and BelView NMS are trademarks of BelAir
Networks Inc.
Page 1 of 205
BelAir20 User Guide Contents
Contents
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
BelAir20 Indoor Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
BelAir20 Configuration Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Command Line Interface Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
BelAir20 Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
User and Session Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 46
IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Draft
BelAir20 Auto-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Ethernet Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Card Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Wi-Fi Radio Configuration Overview . . . . . . . . . . . . . . . . . . . . . . 77
Configuring Wi-Fi Radio Parameters . . . . . . . . . . . . . . . . . . . . . . . 78
Configuring Wi-Fi Access Point Parameters . . . . . . . . . . . . . . . . . 84
Wi-Fi AP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Wi-Fi Backhaul Link Configuration . . . . . . . . . . . . . . . . . . . . . . . 105
Mobile Backhaul Mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Layer 2 Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 115
Using Layer 2 Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Quality of Service Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Layer 2 Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 130
Performing a Software Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . 142
For More Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Definitions and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
LIMITED WARRANTY; LIMITATION OF LIABILITY . . . . . . . . 156
Appendix A: Node Configuration Sheets . . . . . . . . . . . . . . . . . . 190
Appendix B: BelAir20 Factory Defaults . . . . . . . . . . . . . . . . . . . 193
Detailed Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
April 6, 2009 Confidential Page 2 of 205

Document Number BDTM02001-A01 Draft
BelAir20 User Guide About This Document
About This Document

This document provides the information you need to install and configure the
BelAir20™, and the procedures for using the BelAir20 Command Line
Interface (CLI).
This document may contain alternate references to the product. Table 1 shows
possible synonyms to the product name.
Table 1: Product Name Synonyms
Product Name Synonym

BelAir200™ BA200
Draft
BelAir100™ BA100
BelAir100S™ BA100S
BelAir100T™ BA100, BA100T
BelAir100C™ BA100, BA100C
BelAir20™ BA20
Typographical This document uses the following typographical conventions:

Conventions • Text in < > indicates a parameter required as input for a CLI command;
for example, < IP address >
• Text in [ ] indicates optional parameters for a CLI command.
• Text in { } refers to a list of possible entries with | as the separator.
• Parameters in ( ) indicate that at least one of the parameters must entered.
Related The following titles are BelAir reference documents:

Documentation • BelAir20 Quick Install Guide
• BelAir20 Troubleshooting Guide

BelAir20 User Guide BelAir20 Indoor Access Point
BelAir20 Indoor Access Point

The BelAir20 Access Point (AP) is the industry's highest performance and most
flexible dual-radio indoor access node and provides dual-radio 802.11n
capability. Offering all the same features and management as the other BelAir
products, the BelAir20 provides connectivity between indoor and outdoor
networks, enabling true standards-based seamless mobility for critical
applications, including voice and video, as they move from outside to inside.
Figure 1: BelAir20
Dual-radio
Draft
The dual-radio design of the BelAir20 provides support for concurrent
600 Mbps operation using both the 2.4 and 5 GHz frequency bands. The 5 GHz
architecture frequency band can fully mesh with other indoor or outdoor 5 GHz radios
available on any of the BelAir products.
Wireless radio The BelAir20 is available in both single radio and dual radio options. The dual
radio variant includes one dual-band 2.4/5 GHz and one single band 2.4 GHz
modules radio module. The single radio variant provides one 2.4/5 GHz module. Both
radio modules support the IEEE 802.11n Draft 2.0 and can be software
upgraded as the specification is finalized. Each radio supports full 3x3 MIMO
operation. The BelAir20 also supports 802.11a/b/g operation for full
compatibility with legacy clients.

BelAir20 User Guide BelAir20 Indoor Access Point
Mesh and Layer 2 The BelAir20 has an integrated Layer 2 network processor that runs all the
BelAirOS features including extensive WMM, QoS, VLAN, Network Security
networking and Traffic Management capabilities, necessary for transporting mission critical,
capabilities time-sensitive applications such as voice and video. It also runs all the state of
the art mesh networking features that BelAir has developed for its industry
leading outdoor products, enabling easy wireless interconnection of multiple
indoor nodes or bridging of indoor and outdoor networks.
Network The BelAir20 can be managed using all the powerful BelAirOS management
tools including the BelAirOS Command Line Interface (CLI), Web GUI or with
Management BelAir Networks BelView. Both CLI and Web GUI provide device level support,
and BelView provides complete networkwide support for Fault, Configuration
Draft
and Performance Management. BelView works on either Windows XP or SUN
Solaris platforms and can also be integrated into other management systems
such as HP OpenView or IBM NetView.

BelAir20 User Guide System Overview
System Overview
The BelAir20 is a Wi-Fi access point that meets IEEE 802.11n draft 2.0
standards. It is fully interoperable with older 802.11a/b/g standards, providing a
transparent, wireless high speed data communication between the wired LAN
and fixed or mobile devices. The unit includes three detachable dual-band
2.4/5 GHz antennas with the option to attach higher specification external
antennas that boost network coverage. A power adapter and all required
mounting hardware is also included.
Hardware Figure 2 shows the relationship between the main BelAir20 hardware modules.
Draft
Description Figure 2: BelAir20 Hardware Module Block Diagram
Antenna 1 Antenna 2 Antenna 3
Diplexer
Optional
Dual-band Single-band Radio
Radio (Future)
HTM
Reset Ethernet
10Base-TX
48 V DC AC Power 100-240 V AC
100Base-TX
Adapter
1000Base-TX

BelAir20 User Guide System Overview
The BelAir20 consists of the following modules:

• one High Throughput Module (HTM) providing:
—a wireline 10/100/1000 Base-TX Ethernet interface to the Internet
—a dual-band (2.4 and 5 GHz) Wi-Fi radio using enhanced performance
links. Each radio can act as an Access Point (AP) or provide backhaul
links. An AP provides user traffic wireless access to the BelAir20.
Backhaul links connect to other BelAir radios to create a radio mesh.
• three detachable dual-band antennas
• an external connector field
Draft

BelAir20 User Guide BelAir20 Configuration Interfaces
BelAir20 Configuration Interfaces

The BelAir20 can be accessed and configured using the following configuration
interfaces:
• the command line interface (CLI)
• the SNMP interface
• the Web interface (using either HTTPS or HTTP)
All three interfaces (CLI, SNMP and Web) have the same public IP address. All
three also access the same BelAir20 node database. That means that changes
made with one interface are seen immediately through the other interfaces.
Draft
Command Line The CLI allows you to configure and display all the parameters of a BelAir20
unit, including:
Interface
• system parameters
• system configuration and status
• radio module configuration and status
• user accounts
• BelAir20 traffic statistics
• layer 2 functionality, such as those related to bridging VLANs
• Quality of Service parameters
• alarm system configuration and alarms history
Each unit can have up to nine simultaneous CLI sessions (Telnet or SSH). For a
description of basic CLI commands and tasks see “Command Line Interface
Basics” on page 14.
SNMP Interface The Simple Network Management Protocol (SNMP) provides a means of
communication between SNMP managers and SNMP agents. The SNMP
manager is typically a part of a network management system (NMS) such as HP
OpenView, while the BelAir20 provides the services of an SNMP agent.
Configuring the BelAir20 SNMP agent means configuring the SNMP parameters
to establish a relationship between the manager and the agent.

The BelAir20 SNMP agent contains Management Information Base (MIB)

variables. A manager can query an agent for the value of MIB variables, or
request the agent to change the value of a MIB variable.
Refer to the following sections:
• “SNMP Configuration Guidelines” on page 29
• “SNMP Command Reference” on page 32
Integrating the BelAir20 In addition to providing support for the SNMP MIBs described in Table 2, BelAir
with a Pre-deployed Networks provides a number of enterprise MIB definitions that you can
NMS integrate with your Network Management System (NMS). Table 3 on page 10
describes the BelAir20 SNMP MIBs. A copy of the BelAir20 SNMP MIBs is
available from the BelAir Networks online support center at:
Draft
www.belairnetworks.com/support/index.cfm.
Table 2: Standard SNMP MIBs
File Name Description
BRIDGE-MIB.mib implements RFC1493

IANAifType-MIB.mib defines standard interface types assigned by the Internet
Assigned Numbers Authority (IANA)
IEEE802dot11-MIB.mib IEEE MIB to manage 802.11 devices
IF-MIB.mib implements RFC2863
IP-MIB.mib defines IP and ICMO data types
PerfHist-TC-MIB.mib defines data types to support 15-minute performance history
counts
RADIUS-ACC-CLIENT-MIB.mib implements RFC2620
RADIUS-AUTH-CLIENT-MIB.mib implements RFC2618
RSTP-MIB.mib implements 802.1w RSTP
SNMP-COMMUNITY-MIB.mib defines data types to support co-existence between SNMP
versions
SNMP-FRAMEWORK-MIB.mib implements RFC3411
SNMP-MPD-MIB.mib implements RFC3412

Table 2: Standard SNMP MIBs (Continued)
SNMP-NOTIFICATION-MIB.mib implements RFC3413

SNMP-TARGET-MIB.mib implements RFC3413
SNMP-USER-BASED-SM-MIB.mib implements RFC3414
SNMPv2-CONF.mib implements RFC1450
SNMPv2-MIB.mib implements RFC1907
SNMPv2-SMI.mib implements RFC1450
Draft
SNMPv2-TC.mib implements RFC1450
SNMP-VIEW-BASED-ACM-MIB.mib implements RFC3415
Table 3: BelAir Enterprise MIBs
BELAIR-IEEE802DOT11-CLIENT.mib defines features that are not supported by the standard

BELAIR-IEEE802DOT11.mib IEEE802.11 MIB
BELAIR-IP.mib defines BelAir IP data types
BELAIR-MESH.mib defines BelAir multipoint-to-multipoint data types
BELAIR-MOBILITY.mib defines data types to support mobile backhaul mesh and
point-to-point links
BELAIR-PHYIF-MAPPING.mib defines data types to support universal slots
BELAIR-PRODUCTS.mib defines product object IDs
BELAIR-RSTP.mib defines RSTP data types
BELAIR-SMI.mib defines BelAir top level OID tree
BELAIR-SYSTEM.mib defines basic OAM features such as software download,
temperature and BelAir alarms
BELAIR-TC.mib defines BelAir data types
BELAIR-TUNNEL.mib defines L2TP data types

Table 3: BelAir Enterprise MIBs (Continued)
BELAIR-WRM.mib defines BelAir WiMAX data types
The procedure for importing the SNMP MIB definition files depends on the
deployed NMS platform. Refer to your NMS platform documentation for
details.
Web Interface BelAir Networks has verified that the BelAir20 Web interface operates
correctly with the following web browsers:
Draft
• Microsoft Internet Explorer version 6.0, service pack 2
• Mozilla Firefox version 1.5, or later
Accessing the Web You can access the Web interface using either secure HTTP (HTTPS) or HTTP.
Interface Both HTTP and HTTPS are enabled when each BelAir20 node is shipped. Each
unit can have up to five simultaneous CLI sessions (HTTP or HTTPS).
By default, the BelAir20 Web interface has an associated time-out value. If the
interface is inactive for 9 minutes, then you are disconnected from the
interface. To reconnect to the interface, you need to log in again.
Accessing the System To log in to the BelAir20 Web interface and access the main page using HTTPS
Page with Secure HTTP or HTTP, do the following steps:
or with HTTP
1 Open your Web browser and specify the IP address of the BelAir20 node
you want to access.
The default IP address of each BelAir20 node is: 10.1.1.10.
Figure 3 shows the resulting Login page.

Figure 3: Typical Login Page
2 Enter a valid user name, such as root, and a valid password.

Note:The specified password is case sensitive.
Draft
Figure 4 on page 12 shows a typical resulting main page for the Web
interface.
Figure 4: Typical Web Interface Main Page

Stopping a Session To stop a Web interface session, click on the Logout button located in the top
right corner each page. See Figure 4.
Additional The Web interface provides the following tools to display radio performance
Troubleshooting Tools metrics:
• a throughput meter
• histogram display of various performance metrics
These tools are only available with the Web interface. For full details, see the
BelAir20 Troubleshooting Guide.
Draft

BelAir20 User Guide Command Line Interface Basics
Command Line Interface Basics

Use this chapter to familiarize yourself with basic CLI tasks, including:
• “Connecting to the BelAir20” on page 14
• “Starting a CLI Session” on page 15
• “Command Modes” on page 16
• “Abbreviating Commands ” on page 20
• “Command History” on page 20
• “Special CLI Keys ” on page 20
• “Help Command” on page 21
Draft
• “Common CLI Commands” on page 24
In addition, “Saving and Restoring the BelAir20 Configuration” on page 64
contains a detailed procedure on how to do that task.
Connecting to the You can connect to the BelAir20 default address using one of the following
methods:
BelAir20
• through the BelAir20 radio interface
• by connecting directly to the Ethernet port on the BelAir20
CAUTION! Do not connect the BelAir20 to an operational data network before you
configure its desired IP network parameters. This may cause traffic disruptions
due to potentially duplicated IP addresses.
The BelAir20 unit must connect to an isolated LAN, or to a desktop or laptop
PC configured to communicate on the same IP sub-network as the BelAir20.
Using the Radio Interface
Use a desktop or laptop PC equipped with a wireless 802.11a, 802.11b, 802.11g
or 802.11n compliant interface as required, configured with a static IP address
on the same subnet as the default OAM IP address (for example, 10.1.1.1/24).
For the required configuration procedure, refer to your PC and wireless
interface configuration manuals or contact your network administrator. The PC
will connect to the BelAir20 through the radio interface.
Connecting to the Ethernet Port
For a detailed procedure, refer to the BelAir20 Installation Guide.

Starting a CLI Start a Telnet or secure shell (SSH) client and connect to the BelAir20 IP
address. If you are configuring the BelAir20 for the first time, you must use the
Session BelAir20 default IP address (10.1.1.10). The BelAir20 prompts you for your
user name and password.
The default super-user account is “root”. The default password is “admin123”.
If the login is successful, the BelAir20 prompt is displayed. The default prompt is
“#”, if you login as root. Otherwise, the default prompt string is “>”.
Note 1: The terminal session locks after four unsuccessful login attempts. To
unlock the terminal session, you must enter the super-user password.
Note 2: BelAir20 CLI commands are not case sensitive (uppercase and
lowercase characters are equivalent). However, some command
parameters are case sensitive. For example, passwords and any Service
Draft
Set Identifier (SSID) supplied with the radio commands are case
sensitive. Also, all parameters of the syscmd commands are case
sensitive.
Note 3: Later, you will see that you can configure the BelAir20 to have more
than one interface with an IP address. For example, you can configure
Virtual LANs and management interfaces each with their own IP
address. If you do this, make sure your Telnet or secure shell (SSH)
connections are to a management interface. This ensures maximum
responsiveness for your session by keeping higher priority management
IP traffic separate from other IP traffic.

SSH Session Example of Initial Login

With secure shell, the system prompts you twice for your password.
ssh -l root 10.1.1.10
root@10.1.1.10's password:
BelAir Backhaul and Access Wireless Router
BelAir User: root
Password:
/#
Telnet Session Example of Initial Login
With Telnet, the system prompts you only once for your password.
telnet 10.1.1.10
BelAir Backhaul and Access Wireless Router
BelAir User: root
Draft
Password:
/#
Command Modes The BelAir20 CLI has different configuration “modes”. Different commands are
available to you, depending on the selected mode.
Each card in the BelAir20 has at least one associated physical interface. Some
examples of physical interfaces are a Wi-Fi radio or an Ethernet interface.
Use the mode command to display the modes that are available. Because each
physical interface and each card in the BelAir20 has its own mode, displaying
the modes also displays a profile summary of the BelAir20. See Figure 5.

Figure 5: Sample Output of mode Command

• The node has one card. The HTM
/# mode card is in slot 1.
/card
/htm-1 • The node has three physical
interfaces:
/interface —Interface wifi-1-1 is associated
/wifi-1-1 (HTMv1 5GHz 802.11n)
with the HTM 5 GHz radio.
/wifi-1-2 (HTMv1 2.4GHz 802.11n)
/eth-1-3 —Interface wifi-1-2 is associated
(1x1000baseTX [Electrical Single])
with the HTM 2.4 GHz radio.
/mgmt
—Interface eth-1-3 is associated with
Draft
the HTM cards Ethernet interface.
/protocol
/ip • The mgmt mode allows you to
/radius control user accounts, which
/rstp authentication to use, and whether
/snmp
/sntp
you can access the node with Telnet.
/te-syst (tunnel)
• You can control the IP, RADIUS,
RSTP, SNMP, SNTP and L2TP
/qos protocols through the protocol
mode and its submodes.
/services • You can control auto-connect and
/auto-conn
backhaul mobility through the
/mobility
services mode and its submodes.
/ssh • These modes allow you to control
/ssl SSH, SSL, Syslog and system settings.
/syslog You can also run diagnostics.
/system
/diagnostics
Table 4 describes the modes that are supported.

Table 4: Command Line Interface Modes
Mode Description
“root” mode (/) The top or root level of the CLI commands.
Card Management: /card/<card_type>-<n>

Table 4: Command Line Interface Modes (Continued)
Mode Description
one of: Configure hardware:
• htm-<n> • htm is High Throughput Module
• <n> is slot number
Physical Interfaces: /interface/<iface>-<n>-<m>
one of: Configure the BelAir20 physical interfaces:

• wifi-<n>-<m> • <iface> is the type of physical interface. One of:
• eth-<n>-<m> — wifi: 802.11n/a/b/g, ARM, BRM, HTM or PSM radios
— eth: 1000Base-TX, electrical HTM
Draft
• <n> is the slot number where the interface is located
in the BelAir platform
• <m> is port number. <m> is 1 for most interfaces.
The HTM card can have multiple ports representing
multiple Wi-Fi radios operating different frequencies.
Some configurations may have multiple Ethernet ports.
Node Management
mgmt • Configure user accounts, user authentication and

Telnet access
Protocol Management: /protocol/<protocol>
one of: Configure the following protocols:

• ip • IP parameters for node and VLANs
• radius • RADIUS for user sessions
• rstp • RSTP
• snmp • SNMP
• sntp • SNTP
• te-<eng> • L2TP tunnel engine (te). The BelAir200 can have many
tunnel engines. Other BelAir platforms can have one
tunnel engine per system (syst).
Services: /services/<service>

Table 4: Command Line Interface Modes (Continued)
Mode Description
one of: Configure the following services:
• auto-conn • Auto-configuration
• mobility • Backhaul mobility
Administration
qos Configure Quality of Service (QoS) parameters

ssh Configure Secure Shell (SSH) parameters
Draft
ssl Configure Secure Socket Layer (SSL) parameters
syslog Configure the destination of SYSLOG messages
See the BelAir20 Troubleshooting Guide for details.

system System and node configuration and administration
diagnostics Run link diagnostics.
You can move between modes with the cd command. For instance, you can
move from root mode to system mode using the command:
/# cd /system
/system#
Note 1: The prompt changes to match the current mode. You can further
customize the prompt to show the switch name or a 20-character
string that you define.
Note 2: Access to a mode is only allowed if the user has sufficient privileges to
execute commands in that mode.
When you access a given mode, only the commands pertaining to that mode
are available. For example, accessing snmp mode provides access to SNMP
commands. For a physical interface, this means that only the commands that
apply to that specific type and version of interface are available when you access
a particular physical interface. For example, if you access an ARMv3 interface,
only the commands that apply to an ARMv3 Wi-Fi radio are available.
Entering ? displays the commands that apply to the currently accessed mode.
Entering ?? or help displays the commands that apply to the currently accessed
mode plus common commands that are available in all modes.

Users may execute commands from other modes than the current one, by
prefixing the desired command with the slash character ‘/’ followed by the
mode’s name. For instance, entering:
/system# /snmp/show community
executes a command from snmp mode while in system mode.
Abbreviating You must enter only enough characters for the CLI to recognize the command
as unique.
Commands
The following example shows how to enter the mgmt mode command show
telnet status:
Draft
/mgmt# sh t s
Command You can use the history command to display a list of the last commands that
you have typed.
History
Example
/# history
8 h
9 hi
10 ?
11 show user
12 cd /system
13 show loads
14 show sessions
15 cd /
16 cd interface/wifi-1-1/
17 ?
18 show
19 show ssid table
20 show statistics
21 history
Special CLI Keys Command Completion

You can ask the CLI to complete a partially typed command or mode name by
pressing the tab key. If the command or mode name cannot be completed
unambiguously, the CLI presents you with a list of possible completions. For
instance, entering:
/system# show co{tab}
produces the following output:
Available commands :
show communications
show config-download status

show coordinates
show country [detail]
Execution of the Last Typed Command

You may repeat the last command, by entering the ! key twice, followed by
carriage return.
Executing the Previous Commands

You may browse through the command history by using the up and down arrow
keys of a VT100 or compatible terminal. You can also execute a certain
command from the command history by entering the ! key, followed by the
command number (as displayed in the history command output) and carriage
return.
Draft
Help Command ?
?? [<command>]
help [<command>]
These commands display:

• a list of commands available in the current mode
• help on a particular command available in the current mode
• help on commands starting with the given keyword in the current mode
Entering "??" is equivalent to entering "help".
Available Commands
Entering ? displays the commands that apply to the currently accessed mode.
For example:
/mgmt# ?
adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
set authentication-login {local | radius <list>}
set telnet {enabled|disabled}
show authentication-login
show telnet status
show user
Entering ?? or help displays the commands that apply to the currently accessed
mode plus common commands that are available in all modes. For example:
/mgmt# ??


deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
show telnet status
show user
alias [<replacement string> <token to be replaced>]

cd <path>
clear
console lock
exit
help [ command ]
history
mode [<mode_name>]
passwd
ping <ip addr> [-l <size>]
Draft
run script <script file> [<output file>]
version
whoami
config-save [{active|backup} remoteip <server> remotefile <filename>
[{tftp | ftp [user <username> password <password>]}]]
config-restore remoteip <ipaddress> remotefile <filename> [{tftp | ftp
[user <username> password <password>]}] [force]
show date
su <username>
Keyword Help
Entering ?? or help followed by a keyword displays all possible commands
starting with that keyword. For example:
/mgmt# ?? show
Description : show authentication login status and RADIUS servers
configuration
show telnet status
Description : shows the status of the telnet.
show user
Description : List all valid users, along with their permissible mode.
show date
Description : show current system date and time
Help for a Specific Command

When help is needed for a specific command, enter ?? or help followed by the
command within quotes. For example:
/mgmt# help "adduser"
Description : Create a user.

Help with Abbreviations

When an abbreviation is used in the help string, all matching commands are
listed with the description. For example:
/mgmt# ?? s
Description : defines how login session will be authenticated.
Description : enable or disable CLI access via the telnet protocol.
Description : show authentication login status and RADIUS servers
configuration
show telnet status
Description : shows the status of the telnet.
show user
Description : List all valid users, along with their permissible mode.
Draft
show date
Description : show current system date and time
su <username>
Description : Substitute present user with the given user.
Saving your If you change any settings from the system defaults, you must save those
changes to the configuration database to make sure they are applied the next
Changes time the BelAir20 reboots. Similarly, you can restore the entire configuration
database from a previously saved backup copy.
Saving the Configuration config-save [{active|backup} remoteip <ipaddress>

remotefile <filename>
Database [{tftp|ftp [user <usrname> password <pword>]}]]
This command allows you to save the current configuration of the entire
BelAir20 node. This includes all system and radio settings.
When used without its optional parameters, the config-save command saves
the configuration database for the active software load to persistent storage.
The stored configuration is automatically applied at the next reboot.
When used with its optional parameters, the config-save command also
transfers the configuration database to a remote server.
If active is specified, the config-save command saves the configuration database
for the active software load to persistent storage and then transfers it to a
remote server. If backup is specified, the configuration database for the active
software load is not saved. Instead, the configuration database for the active
software load that was saved previously to persistent storage, is transferred to
a remote server.
You can use either TFTP or FTP to communicate with the remote server. By
default, the config-save command uses TFTP. If you specify FTP, you can also
specify the username and password. The default FTP username is anonymous

and the default FTP password is root@<nodeip>, where <nodeip> is the IP

address of node making the request. If you do not use the default FTP
username, the FTP server must be configured to accept your username and
password.
Restoring the config-restore remoteip <ipaddress> remotefile <filename>

[{tftp|ftp [user <usrname> password <pword>]}]]
Configuration Database [force]
This command transfers the configuration database from a remote server to
the active software load in persistent storage. This allows you to restore the
entire configuration database from a previously saved backup copy.
Use the reboot command for the new configuration to take effect.
Draft
default, the config-restore command uses TFTP. If you specify FTP, you can also
specify the user name and password. The default FTP user name is anonymous
password.
The optional force parameter suppresses version checking on the configuration
file that is being downloaded. You can use a backup copy that was created with
a different version of software than the current software installed on the unit. If
you do, BelAir Networks strongly recommends that you fully and thoroughly
verify the configuration and operation of the unit after you reboot the system
and before you save the restored configuration.
Example
/# cd system
/system# config-restore remoteip 122.45.6.123 remotefile unitA.conf
Common CLI In addition to any previously described commands, the following commands are
always available, regardless of your current mode.
Commands
Terminating your CLI exit
Session Use this command to terminate your own CLI session at any time.

Changing Your passwd

Password This command lets you change your current password. First, you are asked to
enter your old password. Then you must enter your new password twice, to
verify that you have typed it correctly.
Note: The specified password is case sensitive and must be at least six
characters long.
CAUTION! If you forget the super-user account password, you may be unable to use all the
unit’s management functions and you may need to reset the unit’s configuration
to factory defaults.
Example
passwd
Draft
Old Password:
Enter New Password:
Reenter the Password:
Password updated Successfully
Clearing the Console clear

Display This command clears your console display window.
Locking the Console console lock

Display This command lock your console display window. You must enter your
password to unlock it.
Displaying the Current version

Software Version This command displays the version of the currently running BelAir software
load.
Example
/# version
Version is BA20 10.0.0.D.2009.01.19.14.32 (r21096)
Displaying the Current show date

Date and Time This command displays the current date and time.
Example 1
The following example displays the current date and time when it is set
manually.
/# show date
Current date: 2007-05-10 06:52:20

Example 2
The following example displays the current date and time when using a Simple
Network Time Protocol (SNTP) server and a time offset of -4 hours and 30
minutes. See “Configuring the System Date and Time” on page 61 for details.
/# show date
Current date: 2006-07-21 13:15:16 (UTC)
Current date: 2006-07-21 08:45:16
Displaying Current User whoami

This command displays current user.
Example
Draft
/# whoami
/# Current User is root
Switching User su <username>

Accounts This command changes the user account you are currently using. To return to
the original user account, use the exit command.
Example
/# whoami
Current User is root
/# su guest
/> whoami
Current User is guest
/> exit
/# whoami
Current User is root
Replacing a Token by a alias [<replacement string> <token to be replaced>]

String This command replaces the specified token by the given string. It is provided for
customers writing scripts. See “Script Files” on page 27.
Example
/# alias gu guest
Pinging a Host or Switch ping <ip address> [-1 <size>]

This command pings a host machine or switch using the IP address.
The following options are supported:
-l size specifies the size of the ping request packets to be sent.

Examples
The following example shows typical ping output:
/# ping 10.1.1.100 -l 128
PING 10.1.1.100 (10.1.1.100): 128 data bytes
136 bytes from 10.1.1.100: icmp_seq=0 ttl=128 time=2.0 ms
--- 10.1.1.100 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.0/1.4/2.0 ms
Radio Configuration show interface summary

Summary This command displays a summary of the configuration of all radio interfaces.
Draft
Example
The following example shows a typical output for a BelAir20.
/# show interface summary
wifi-1-1
Radio description:............ HTMv1 5GHz 802.11n
Admin state: ................. Enabled
Channel: ..................... 149
Access:
AP admin state: ............ Enabled
Backhaul:
link admin state: .......... Enabled
link id: ................... BelAirNetworks
topology: .................. mesh
wifi-1-2
Radio description:............ HTMv1 2.4GHz 802.11n
Admin state: ................. Enabled
Channel: ..................... 6
Access:
Backhaul:
link admin state: .......... Disabled
topology: .................. mesh
Script Files list scripts

run script <scriptname> [<output_file>]
The list scripts command displays the scripts that are available to you.
The run script command allows you to execute a previously created script file.
Refer to “Creating and Using Script Files” on page 65 for details.

Tip
You can also run a script by copying it and pasting it into a CLI session window.
If you use this method:
1 Paste only 20 to 25 commands at a time. Otherwise, you may overfill the
command buffer used for the CLI session. If you overfill the command buffer,
you need to determine exactly which commands were executed and which
were not before proceeding.
2 After pasting a block of commands, verify that your script behaved as
expected; that is, that the pasted commands produced the expected
configuration.
3 After verifying the script behaviour, manually enter the config-save and
reboot commands as required.
Draft

BelAir20 User Guide BelAir20 Access Methods
BelAir20 Access Methods

When a BelAir20 is shipped from the factory, all access methods (CLI, SNMP,
Telnet, HTTP, HTTPS and SSH) are enabled. You can use these interfaces to
configure the system’s IP networking parameters.
This chapter describes the CLI commands you can use to configure these
access methods.
Note: Some access methods, such as HTTP and HTTPS, are configured while
in SSL mode.
Draft
SNMP This section describes how to configure the BelAir20 to communicate to either
an SNMPv1/v2 server or an SNMPv3 server.
Configuration
Guidelines
SNMPv1/v2 Servers This section describes how to use the SNMP commands to configure the BelAir
node to operate with an SNMPv1 or v2 server.
To configure an SNMP community, use the set community command described
in “Communities” on page 32.
For sending traps, use the set trap command described in “Traps” on page 33
to configure the node with the parameters of the destination SNMP manager.
Refer to “SNMP Command Reference” on page 32 for detailed descriptions of
all SNMP commands.
SNMPv3 Servers This section provides examples on how to use the SNMP commands to
configure the a BelAir node to operate with an SNMPv3 server. Examples are
provided for the following tasks:
• “Configuring a User for Read or Write Operations” on page 30
• “Generating Notifications” on page 30
Some commands in these examples define entities such as users, groups and
views that are used by subsequent commands.
Refer to “SNMP Command Reference” on page 32 for detailed descriptions of
all SNMP commands, including entities that need to be predefined.

Configuring a User for Do the following steps:

Read or Write
Operations 1 Configure the user. See “Users” on page 34 for the complete command
syntax.
/protocol/snmp# set user beluser auth md5 belpasswd
In this example, the user beluser requires only authentication. Privacy can
also be configured. The specified password belpasswd must match the one
supplied when using a MIB browser.
2 Configure the group. See “Groups” on page 35 for the complete syntax
statement.
/protocol/snmp# set group belgroup user beluser
The user beluser must be predefined with the set user command.
Draft
3 Configure access. See “Access” on page 36 for the complete command
syntax.
/protocol/snmp# set access belgroup security-level auth read
belread write belwrite notify belnotify
The group belgroup must be predefined with the set group command.
4 Configure the view. See “Views” on page 38 for the complete command
syntax.
/protocol/snmp# set view belread 1 mask 1 included
The view belread must be predefined with the set access command. The
view belread is associated with read privileges.
Generating Do the following steps:

Notifications
1 Configure the user. See “Users” on page 34 for the complete command
syntax.
/protocol/snmp# set user beluser auth md5 belpasswd
In this example, the user beluser requires only authentication. Privacy can
also be configured. The specified password belpasswd must match the one
supplied when using a MIB browser.
2 Configure the group. See “Groups” on page 35 for the complete syntax
statement.
/protocol/snmp# set group belgroup user beluser
The user beluser must be predefined with the set user command.

3 Configure access. See “Access” on page 36 for the complete command

syntax.
/protocol/snmp# set access belgroup security-level auth read
belread write belwrite notify belnotify
The group belgroup must be predefined with the set group command.
4 Configure the view. See “Views” on page 38 for the complete command
syntax.
/protocol/snmp# set view belnotify 1 mask 1 included
The view belnotify must be predefined with the set access command. The
view belnotify is associated with notify privileges.
5 Configure the target address. See “Target Addresses” on page 40 for the
Draft
complete command syntax.
/protocol/snmp# set targetaddr beladdr param belparam ipaddr
10.1.1.10 taglist beltag
6 Configure the target parameters. See “Target Parameters” on page 41 for

the complete command syntax.
/protocol/snmp# set targetparams belparam user beluser
security-level auth message-processing v3
The user beluser must be predefined with the set user command. The target
address name belparam must be predefined with the set targetaddr
command.
7 Enable notification. See “Notifications” on page 42 for the complete
command syntax.
/protocol/snmp# set notify belairnotify tag beltag type trap
The tag name beltag must first be defined as a tag identifier with the set
targetaddr command.
8 Enable authentication traps.
/protocol/snmp# set authentication-trap enable

SNMP Command The following sections show you how to configure SNMP functions.
Reference
Communities /protocol/snmp/set community <CommunityIndex>
community-name <name> ipaddr <ip_addr>
privilege {readonly|readwrite}
/protocol/snmp/delete community <CommunityIndex>
/protocol/snmp/show community
The set community command configures the SNMP community security. You
can configure up to 10 communities. The community is assigned with privileges.
The <name> parameter must not contain the following characters:
—bar (|)
Draft
—semicolon (;)
—percent (%)
—double quotation mark (“)
The delete community command deletes the specific community information.
The show command displays the SNMP community configuration.
To change the parameters of an SNMP community, you must first delete the
SNMP community with the delete community command and then recreate it
with the correct parameters.
Assigning an IP address of 0.0.0.0 to an SNMP community of a node allows node
access by all managers configured for that community. See “Example 4” on
page 33. To limit access to a single manager, enter the manager’s IP address. See
“Example 1” on page 32.
Example 1
/protocol/snmp# set community 1 community-name belair200 ipaddr 10.10.10.11 privilege readonly
/protocol/snmp# set community 2 community-name belair100 ipaddr 20.20.20.20 privilege readwrite
/protocol/snmp# set community belindex community-name belcom ipaddr 30.30.30.30 privilege readonly
In the previous example, the manager at IP address 20.20.20.20 configured with

the SNMP community of belair100 has read-write access to the node.
Example 2
/#cd /protocol/snmp
/protocol/snmp# delete community belindex
Example 3
/#cd /protocol/snmp

/protocol/snmp# show community
Community Index : 1
Community Name : belair200
Privilege : ReadOnly
IP Address : 10.10.10.11
Row Status : Active
------------------------------
Community Index : 2
Community Name : belair100
Privilege : ReadWrite
IP Address : 20.20.20.20
Row Status : Active
------------------------------
Community Index : belindex
Community Name : belcom
Privilege : ReadOnly
Draft
IP Address : 30.30.30.30
Row Status : Active
------------------------------
Example 4
/protocol/snmp# set community 1 community-name belair ipaddr 0.0.0.11 privilege readonly
In this example, all managers configured with the SNMP community of belair
can access the node for read only functions.
Traps /protocol/snmp/set trap <index> mgr-addr <ip_addr>

community <name> version {v1|v2|both}
/protocol/snmp/delete trap <index>
/protocol/snmp/show trap
The set trap command configures the parameters of the SNMPv2 trap manager.
You can configure up to a total of 10 traps or notification names. For example,
if you configure four traps, you can also configure up to six notification names.
Refer to “Notifications” on page 42.
The <name> parameter must not contain the following characters:
—bar (|)
—semicolon (;)
—percent (%)
The delete trap command deletes the specified trap manager information.
The show trap command displays the SNMPv2 trap manager configuration
information.

Example 1
/protocol/snmp# set trap 1 mgr-addr 40.40.40.40 community bel1 version v1
/protocol/snmp# set trap 2 mgr-addr 41.41.41.41 community bel2 version v2
Example 2
/protocol/snmp# delete trap trap1
Example 3
/protocol/snmp# show trap
Trap Name : 1
IP Address : 40.40.40.40
Community : bel1
Manager Type : V1
Row Status : Active
------------------------------
Draft
Trap Name : 2
IP Address : 41.41.41.41
Community : bel2
Manager Type : V2
Row Status : Active
------------------------------
Users /protocol/snmp/set user <UserName>

[auth {md5 | sha} <passwd> [priv-DES <passwd>]]
/protocol/snmp/delete user <UserName>
/protocol/snmp/show user
The set user command defines an SNMPv3 user. You can define up to 50 users,
each with different authentication and privacy settings. The specified password
must match the one supplied when using a MIB browser.
The <UserName> parameter must not contain the following characters:
—bar (|)
—semicolon (;)
—percent (%)
The delete user command deletes the definition of the specified SNMP user.
The show command displays the configured users. The default configuration
contains three predefined users for get, set and walk operations by SNMPv3
servers. See “Example 2” on page 35.
Example 1
/protocol/snmp# set user beluser1 auth md5 belauth
/protocol/snmp# set user beluser2 auth md5 belauth priv-DES belauth
/protocol/snmp# set user beluser3 auth sha belsha

/protocol/snmp# set user beluser4 auth sha belsha priv-DES belsha

/protocol/snmp# set user beluser5
The previous commands configure different users with different authentication
and privacy settings. The beluser5 user has no authentication and privacy.
Example 2
/protocol/snmp# show user
Engine ID : 8000081c044653
User : initial
Authentication Protocol : None
Privacy Protocol : None
Row Status : Active
------------------------------
Engine ID : 8000081c044653
Draft
User : templateMD5
Authentication Protocol : MD5
Row Status : Active
------------------------------
Engine ID : 8000081c044653
User : templateSHA
Authentication Protocol : SHA
Privacy Protocol : DES_CBC
Row Status : Active
------------------------------
Engine ID : 8000081c044653
User : beluser1
Authentication Protocol : MD5
Row Status : Active
------------------------------
Groups /protocol/snmp/set group <GroupName> user <UserName>

/protocol/snmp/delete group <GroupName> user <UserName>
/protocol/snmp/show group {all|group-name <GroupName>}
The set group command defines an SNMPv3 group and specifies which SNMP
users it contains. You can define up to 50 groups. Specified user names must
first be defined with the set user command.
The <GroupName> parameter must not contain the following characters:
—bar (|)
—semicolon (;)
—percent (%)
The delete group command removes an SNMP user from the group.

The show command lists the SNMP groups that are currently configurated. The
default configuration contains four predefined groups used internally for
SNMPv1/v2. See “Example 2” on page 36.
Example 1
/protocol/snmp# set group belgroup user beluser1
Example 2
/protocol/snmp# show group all
Security Model : v1
Security Name : communityreaduser
Group Name : communityreadgroup
Row Status : Active
------------------------------
Draft
Security Model : v1
Security Name : communitywriteuser
Group Name : communityreadwritegroup
Row Status : Active
------------------------------
Security Model : v2c
Security Name : communityreaduser
Row Status : Active
------------------------------
Security Name : communitywriteuser
Row Status : Active
------------------------------
Security Model : v3
Security Name : beluser1
Group Name : belgroup
Row Status : Active
------------------------------
Security Model : v3
Security Name : initial
Group Name : initial
Row Status : Active
------------------------------
Security Model : v3
Security Name : templateMD5
Row Status : Active
------------------------------
Security Model : v3
Security Name : templateSHA
Row Status : Active
------------------------------
Access /protocol/snmp/set access <GroupName>

security-level {auth|noauth|priv}
([read <ReadViewName>]

[write <WriteViewName>]
[notify <NotifyViewName>])
/protocol/snmp/delete access <GroupName>
/protocol/snmp/show access
The set access command defines access views that are associated with SNMP
groups. You can define up to 50 access views. The specified group name must
first be defined with the set group command. The views are associated with
read, write or notify privileges.
The security level can be configured for authentication or no authentication.
For privacy, set the security level to priv. Also make sure the equivalent privacy
and authentication settings are also set with the set user command.
The read, write and notify parameters define views that are associated with
Draft
those privileges.
The <ReadViewName>, <WriteViewName> and <NotifyViewName>
parameters must not contain the following characters:
—bar (|)
—semicolon (;)
—percent (%)
The delete access command deletes the association of the specified SNMP
group to its access views.
The show command displays the currently configured groups and their access
view association.
Example 1
/protocol/snmp# set access belgroup security-level auth read belread write belwrite notify belnotify
Example 2
/protocol/snmp# show access

Security Level : No Authentication, No Privacy
Read View : restricted
Write View : restricted
Notify View : restricted
Row Status : Active
------------------------------
Security Level : Authentication, No Privacy
Read View : iso

Write View : iso

Notify View : iso
Row Status : Active
------------------------------
Security Level : Authentication, Privacy
Read View : iso
Write View : iso
Notify View : iso
Row Status : Active
------------------------------
Group Name : belgroup
Read View : belread
Write View : belwrite
Notify View : belnotify
Row Status : Active
Draft
------------------------------
Read View : All
Write View : none
Notify View : none
Row Status : Active
------------------------------
Read View : All
Write View : none
Notify View : none
Row Status : Active
------------------------------
Read View : All
Write View : All
Notify View : none
Row Status : Active
------------------------------
Read View : All
Write View : All
Notify View : none
Row Status : Active
------------------------------
Views /protocol/snmp/set view <ViewName> <OIDTree> [mask <OIDMask>]

{included|excluded}
/protocol/snmp/delete view <ViewName> <OIDTree>
/protocol/show view {all|view-name <name>}
The set view command configures the scope of a view as it applies to MIB
objects. You can configure up to 50 views. The specified view name must first

be defined with the set access command that associates the view with either
read, write or notify privileges. The following default views are available:
• belread allows read operations
• belwrite allows write operations
• belnotify allows notify operations
The all view is used internally for SNMPv1/v2.
The view applies only to the specified OID, unless you specify 1 (one) as the
OIDTree. Specifying 1 (one) means the view applies to all OIDs.
The included or excluded parameters affect the scope of the view. Specifying
included means that the privilege associated with the view (read, write or
Draft
notify) applies to all MIBs and OIDs. Specifying excluded means that the
privilege associated with the view (read, write or notify) are removed from all
MIBs and OIDs.
The delete view command deletes a view scope definition.
The show command displays the currently configured view scopes.
Example 1
/protocol/snmp# set view belread 1 mask 1 included
Example 2
/protocol/snmp# show view all
View Name : All

Subtree OID : 1
Subtree Mask : 1
View Type : Included
Row Status : Active
------------------------------
View Name : iso
Subtree OID : 1
Subtree Mask : 1
Row Status : Active
------------------------------
View Name : belread
Subtree OID : 1
Subtree Mask : 1
Row Status : Active
------------------------------
View Name : restricted
Subtree OID : 1
Subtree Mask : 1


Row Status : Active
------------------------------
Target Addresses /protocol/snmp/set targetaddr <TargetAddressName>

param <ParamName>
ipaddr <ip_addr> [timeout <1-1500>]
[retries <1-3>] [taglist <TagIdentifier>]
/protocol/snmp/delete targetaddr <TargetAddressName>
/protocol/snmp/show targetaddr
The set targetaddr command defines a target address to send traps and
notifications. You can define up to 30 target addresses. The default timeout
value is 1500. The default retry count value is 3.
The <TargetAddressName>, <ParamName> and <TagIdentifier> parameters
must not contain the following characters:
Draft
—bar (|)
—semicolon (;)
—percent (%)
The delete targetaddr command deletes a target address definition.
The show command displays the currently configured target addresses.
Example 1
/protocol/snmp# set targetaddr beladdr param belparam ipaddr 10.1.1.10 taglist beltag
Example 2
/protocol/snmp# show targetaddr
Target Address Name : CIP2

IP Address : 20.20.20.20
Tag List : CTG2
Parameters : communitytargetparam
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Address Name : CIPbelindex
IP Address : 30.30.30.30
Tag List : CTGbelindex
Parameters : communitytargetparam
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Address Name : NIP1

IP Address : 40.40.40.40
Tag List : NTG1
Parameters : TPN1
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Address Name : NIP2
IP Address : 41.41.41.41
Tag List : NTG2
Parameters : TPN2
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Address Name : NIPtrap1
IP Address : 50.50.50.50
Draft
Tag List : NTGtrap1
Parameters : TPNtrap1
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Address Name : beladdr
IP Address : 10.1.1.10
Tag List : beltag
Parameters : belparam
TimeoutValue : 1500
RetryCount : 3
Row Status : Active
------------------------------
Target Parameters /protocol/snmp/set targetparam <ParamName> user <UserName>

message-processing {v1|v2c|v3}
/protocol/snmp/delete targetparam <ParamName>
/protocol/snmp/show targetparam
The set targetparams command configures target parameter definitions to send

traps and notifications. You can define up to 20 target parameter definitions.
The specified parameter name must first be defined with the set targetaddr
command. The specified user name must first be defined with the set user
command.
The security level can be configured for authentication or no authentication.
For privacy, set the security level to priv. Also make sure the equivalent privacy
and authentication settings are also set with the set user command.
The delete targetparams command deletes a target parameter definition.
The show command displays the currently configured target parameter
definitions.

Example 1
/protocol/snmp# set targetparams belparam user beluser1 security-level auth message-processing v3
Example 2
/protocol/snmp# show targetparams
Target Parameter Name : TPN1

Message Processing Model : v1
Security Model : v1
Security Name : bel1
Row Status : Active
------------------------------
Target Parameter Name : TPN2
Message Processing Model : v2c
Security Name : bel2
Draft
Row Status : Active
------------------------------
Target Parameter Name : TPNtrap1
Message Processing Model : V1V2
Security Name : belboth
Row Status : Active
------------------------------
Target Parameter Name : belparam
Message Processing Model : v1
Security Model : v3
Security Name : beluser
Row Status : Active
------------------------------
Notifications /protocol/snmp/set notify <NotifyName> tag <TagName>

type {trap|inform}
/protocol/snmp/delete notify <NotifyName>
/protocol/snmp/show notify
The set notify command enables notifications to be sent to an SNMPv3

manager for the specified notification name. The specified tag name must first
be defined as a tag identifier with the set targetaddr command.
The <NotifyName> parameter must not contain the following characters:
—bar (|)
—semicolon (;)
—percent (%)

You can configure up to a total of 10 traps or notification names. For example,

if you configure four traps, you can also configure up to six notification names.
Refer to “Traps” on page 33.
The delete notify command disables notifications from being sent for the
specified notification name.
The show notify command displays the current SNMP notify configuration.
Example 1
/protocol/snmp# set notify belairnotify tag beltag type trap
Example 2
/protocol/snmp# show notify
Draft
Notify Name : 1
Notify Tag : NTG1
Notify Type : trap
Row Status : Active
------------------------------
Notify Name : 2
Notify Tag : NTG2
Notify Type : trap
Row Status : Active
------------------------------
Notify Name : belairnotify
Notify Tag : beltag
Notify Type : trap
Row Status : Active
------------------------------
Notify Name : trap1
Notify Tag : NTGtrap1
Notify Type : trap
Row Status : Active
------------------------------
Authentication Traps /protocol/snmp/set authentication-trap {enable|disable}

/protocol/snmp/show authentication-trap status
These commands enable or disable authentication traps.
Engine Identifier /protocol/show engineid
This command displays the current engine identifier.
Telnet /mgmt/telnet {enable|disable}

/mgmt/show telnet status
The telnet command enables or disables Telnet access to the unit.
The show command displays the status of the Telnet interface.

Example 1
/#cd /mgmt/
/mgmt# telnet enable
Example 2
cd /mgmt/
/mgmt# show telnet status
Telnet: Enabled
HTTP /ssl/set http {enable|disable}

/ssl/show http status
These commands enable or display the HTTP interface. The show command
displays the current status.
Draft
Secure HTTP /ssl/set secure-http {enable|disable}
/ssl/show secure-http status
These commands enable or display the secure HTTP interface. The show
command displays the current status.
SSH The following sections show you how to configure the Secure Shell (SSH)
functions.
SSH Access /ssh/show ssh status

This command displays the status of the SSH interface.
SSL The following sections show you how to configure the Secure Socket Layer
(SSL) functions.
Displaying Server /show ssl server-cert

Certificate This command displays the server-certificate for SSL.
Configuring the Server To configure the server certificate:

Certificate
1 Create the RSA key pair. See “Creating RSA Key Pair” on page 45.
2 Create a certificate request. See “Creating Certificate Request” on page 45.
The certificate request is displayed on the screen.
3 Copy the certificate request to a file and send it to the Certificate Authority
(CA) that will generate the certificate.
4 When the CA responds with the certificate, configure the BelAir20 SSL
configuration to use it. See “Configuring the Server Certificate” on page 45.
5 Save the SSL configuration. See “Saving an SSL Configuration” on page 45.

Creating RSA Key Pair /ssl/ssl gen key {rsa} <no. of bits>
This command creates a new RSA key pair. The input value of no of bits can be
512 or 1024.
Example
/#cd ssl
/ssl# ssl gen key rsa 1024
Creating Certificate /ssl/ssl gen cert-req algo rsa sn <SubjectName>

Request This command creates a certificate request using the RSA key pair and
SubjectName. The subject name is the identification of the switch or the
switch’s IP address.
Example
Draft
/#cd ssl
/ssl# ssl gen cert-req algo rsa sn 10.1.1.10
Configuring the Server /ssl/ssl server-cert

Certificate This command imports a server certificate provided by a CA.
When you use this command, you are prompted to enter the certificate. To do
so, open the certificate and copy its contents to the CLI.
Note: The application that you use to open the certificate may insert
additional line breaks and spaces at the end of each line of the
certificate. Make sure to remove these extra line breaks and spaces
when you copy the certificate to the CLI.
Saving an SSL /ssl/ssl save

Configuration This command saves the SSL configuration.
Example
/#cd ssl
/ssl# ssl save

BelAir20 User Guide User and Session Administration
User and Session Administration

This chapter describes user administration functions with the following topics:
• “User Privilege Levels” on page 46
• “User Accounts” on page 50
• “Configuring Authentication for User Accounts” on page 51
• “CLI and Web Sessions” on page 53
User Privilege User accounts on the BelAir20 can be assigned the following three privilege
Draft
levels:
Levels
• An observer user can execute only the following commands:
—most show commands
—the help and ? commands
—the passwd command
—the clear and exit commands
—the cd and mode commands
—the history command
—the whoami command
—the ping command
• A normal user can execute any CLI command, except those reserved for
the super-user.
• The super-user can execute any CLI command. Table 5 on page 47 lists the
CLI commands that are reserved for the super-user.
Each unit can have any number of observer users and normal users, but only
one super-user account, called root.

Table 5: Super-user commands
Common Commands
config-restore remoteip <ipaddress> remotefile <filename>
[force]
Mgmt Commands
adduser <user-name> -p <passwd> [-d <mode>] [-g <group>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <mode>] [-g <group>]
Draft
show user
System Commands
set country <country_name>
set global-session-timeout <period>
terminate session <session_index>
upgrade load remoteip <serverIPaddress>

remotepath <serverSubDir>
cancel upgrade
reboot [{force}]
commit load
set next-load {A|B|current-active|inactive}
syscmd restoreDefaultConfig
syscmd backupToShadow
syscmd restoreFromShadow
set egress pvid {<vlan_id>|untagged}
add egress vlan {<vlan_id>|untagged} (all platforms except BelAir200)
delete egress vlan {<vlan_id>|untagged} (all platforms except BelAir200)
/Card/<card_type>-n Commands

Table 5: Super-user commands (Continued)

reboot [{force}]
/Protocol/IP Commands
set interface {system | vlan <1-2814>}
static <ip addr> <mask>
[delay-activation]
set interface {system | vlan <1-2814>} dynamic

fallback-ip <address> <mask>
accept-dhcp-params {enabled|disabled}
[delay-activation]
renew ip {system | vlan <1-2814>}
Draft
/Protocol/RADIUS Commands
authentication login {local | radius}
add radius-server <IP address> <port> <shared secret>

[interface <NAS IP address>] [timeout <seconds>]
del radius-server <ip address>
show authentication login
SSL Mode Commands

set http {enable|disable}
set secure-http {enable|disable}
show http status
show secure-http status
show server-cert
ssl gen cert-req algo rsa sn <SubjectName>
ssl gen key {rsa} <no. of bits>
ssl save
ssl server-cert
Syslog Mode Commands

logserver {enable|disable} [<ip address>]
monitor logging {enable | disable}

Table 5: Super-user commands (Continued)

logging {enable | disable}
loglevel {debug|info|notice|warn|error|critical|alert|emerg}
/Protocol/SNMP Mode Commands

set community <CommunityIndex> name <Community_name>
privilege {readonly|readwrite}
delete snmp-community <CommunityIndex>
set user <userName>

[auth {md5 | sha} <passwd> [priv-DES <passwd>]]
delete user <userName>
Draft
set group <groupName> user <userName>
delete group <groupName> user <userName>
set access <groupName> security-level {auth|noauth|priv}

([read <ReadView | none>]
[write <WriteView | none>]
[notify <NotifyView | none>])
delete access <groupName> {auth|noauth|priv}
set view <viewName> <OIDTree> [mask <OIDMask>]

{included|excluded}
delete view <viewName> <OIDTree>
set targetaddr <targetAddressName> param <paramName>

ipaddr <ip addr> taglist <tagIdentifier|none>
delete targetaddr <targetAddressName>
set targetparams <paramName> user <UserName>

security-model {auth|noauth|priv}
message-processing {v1|v2c|v3}
delete targetparams <paramName>
set trap <trapName> mgr-addr <ip addr>

version {v1|v2|both}
delete trap <trapName>
set notify <notifyName> tag <tagName> type {trap|inform}
delete notify <notifyName>
set authentication-trap {enable|disable}

User Accounts /mgmt/adduser <user-name> -p <passwd> [-d <mode>] [-g <group>]

/mgmt/deluser <user-name>
/mgmt/moduser <user-name> [-p <passwd>] [-d <mode>] [-g <group>]
/mgmt/show user
The adduser command creates a new user account.
The deluser command deletes a user account. The default login, “root”, cannot
be deleted.
The moduser command modifies the parameters of a user account. For this
command, the group parameter does not apply to changes to the root account.
The show user command lists all valid user accounts, the mode in which they
start their session and their maximum privilege level. For example, under
Groups, normal users display NORMAL OBSERVER while the root account
Draft
displays root NORMAL OBSERVER.
The mode parameter sets the command mode that a user accesses when they
log in. If unspecified, it defaults to a slash (/) so the user begins their session in
root mode. Users with observer privileges must start their sessions in root
mode.
The group parameter specifies the user account’s privilege level. It can be
OBSERVER or NORMAL. If unspecified, the user account has observer
privileges.
To use this command, you must be in mgmt mode.
Note 1: The specified password is case sensitive and must be at least six
characters long. Changes the super-user account require that you
provide the super-user password.
Note 2: The specified group is case sensitive.
If you use a RADIUS server to authenticate users as they login, you must
specify the user’s privilege level in the RADIUS Reply-Message field. Specifically,
the Reply-Message field must contain in plain text one of the following: root,
NORMAL or OBSERVER. These entries in RADIUS are case sensitive, so make
sure the user privilege levels are entered exactly as specified. If the privilege
levels are unspecified in RADIUS, then the BelAir20 provides the user with
observer privileges.
Example 1
/mgmt# adduser testuser -p userpwd - d system

Example 2
/mgmt# deluser xyz
Example 3
In the following example, the user guest begins their session in interface mode
and their password is changed to “guest123”.
/mgmt# moduser guest –p guest123 –d interface
Example 4
/mgmt# show user
USER MODE GROUPS
root / root NORMAL OBSERVER
user1 / OBSERVER
user2 / OBSERVER
Draft
user3 interface NORMAL OBSERVER
Configuring You can use a RADIUS server to authenticate users as they login to their
accounts.
Authentication
for User
Accounts
Authentication Mode /mgmt/set authentication-login {local|radius <list>}
/mgmt/show authentication-login
These commands determine how the BelAir20 authenticates users.

The local setting means that the BelAir20 uses the locally stored password and
user account information to authenticate the user. This is the default setting.
The radius setting means that the BelAir20 uses a RADIUS server to
authenticate the user. The list parameter specifies the index used in the
RADIUS server list. Refer to “RADIUS Servers” on page 52.
Example 1
/mgmt# set authentication-login radius 1,2
Example 2
mgmt# show authentication-login
Authentication Login is radius
Radius Authentication server table

-------------------------------------
Index : 1
Radius Server Address : 10.1.3.254

UDP port number : 1812

Radius Client Address : 10.1.3.48
Timeout : 3
--------------------------------------------
Index : 2
Radius Server Address : 10.1.3.253
UDP port number : 1812
Radius Client Address : 10.1.3.48
Timeout : 3
--------------------------------------------
RADIUS Servers /protocol/radius/set server <server-idx> <IP_addr>

<shared-secret>
[authport <server-port>]
[acctport <acct-port>]
[interface <IP_addr]
[timeout <seconds>]
[reauthtime <seconds>]
/protocol/radius/set server-state <server-idx> {enabled | disabled}
Draft
/protocol/radius/del server <server-idx>
/protocol/radius/show servers
These commands allow you to specify a list of RADIUS servers that you can use
to authenticate users. The list can contain up to 25 servers.
The IP_addr parameter specifies the IP address of the RADIUS server.
The shared-secret parameter specifies the password for access to the RADIUS
server.
The authport parameter specifies the UDP port number of the RADIUS server
(typically 1812).
The acctport parameter specifies the UDP port number for RADIUS
accounting data (typically 1813).
The interface parameter specifies the Network Access Server (NAS) IP address
for the BelAir20 RADIUS client. It is used when the unit is configured with
multiple IP interfaces and matches the interface used to communicate with the
given RADIUS server. The default value is the IP address of the unit’s
management interface
Note: The NAS IP address parameter is entered statically with this command.
If the VLAN IP addresses are determined dynamically with a DHCP
server, then an updated VLAN IP address is not automatically reflected
into the NAS IP address parameter.
The timeout parameter specifies the interval (in seconds) after which the
RADIUS client considers that the remote server has timed out if a reply is not
received. The default value is 10 seconds.

The reauthtime parameter specifies the RADIUS re-authentication time (in

seconds). This forces the BelAir20 to check all connected clients with the
RADIUS server (that is, make sure they are still allowed to access the network)
at the specified interval. You only need to configure this parameter if it is not
specified on the RADIUS server. Setting the interval to zero disables this
feature. The maximum interval time is 2147483647. If you enter a higher
number, the value is set to its maximum.
Note: Make sure the user’s privilege level are correctly specified in the
RADIUS Reply-Message field. Refer to “User Accounts” on page 50.
Example 1
/protocol/radius# set server 3 172.16.1.20 my-secret12345 authport 1812 acctport 1813 interface
172.16.1.254 timeout 15 reauthtime 1
Draft
Example 2
/protocol/radius# set server-state 3 enabled
CLI and Web The BelAir20 allows you to manage CLI and Web session, such as listing and
terminating sessions as well as configuring the idle timeout period.
Sessions
Session Management /system/show sessions
/system/terminate session <session_index>
The show sessions command lists all active CLI and Web interface sessions.
The current session is flagged with an asterisk besides its session index number.
The terminate session command allows you to terminate any CLI or Web
session.
Example
/system# show sessions
index user type IP address since last-cmd timeout tssh
----- -------- ------- --------------- --------- --------- --------- ---------
1 root telnet 10.9.9.14 0:27:57 0:01:43 0:30:00 inactive
9 root telnet 10.9.9.14 0:22:09 0:00:00 0:30:00 inactive
11[*] root web 10.9.9.14 0:13:51 0:13:51 1:00:00
In this example, the current session is session 11 with an idle period set at
1 hour.
Configuring the Session /system/set global-session-timeout <period>

Timeout Interval /system/set session-timeout <period>
/system/show global-session-timeout

By default, a CLI session is automatically disconnected if it is idle for longer than

30 minutes. These commands allows you to change the idle period, preventing
unwanted disconnections. The idle period is specified in minutes. Setting a
period of 0 prevents any automatic disconnection.
The set global-session-timeout command changes the idle period of all CLI
sessions. Its <period> parameter ranges from 1 to 1440; that is up to 24 hours.
You cannot specify 0 as the global session idle period. You must be logged in as
root to use this command.
The set session-timeout command changes the idle period of only the current
CLI sessions. Its <period> parameter ranges from 0 to 1440; that is up to
24 hours. The session timeout period overrides the global timeout period.
Draft
The new idle period takes effect immediately and to all current and future
sessions; until changed with these commands again.
The show command displays the settings for the global timeout period. To see
the setting for the session, use the /system/show sessions command.
Example
/system# set idle-timeout 60
CLI Prompt /system/set prompt selection [default|string|switch-name}

Customization /system/set prompt string <20-char_string>
/system/show prompt
The set prompt selection command customizes the prompt for CLI sessions.
The choices are as follows:
• default, where the CLI prompt includes the current command mode only
• switch-name, where the CLI prompt includes the current command mode
and the first eight characters of the switch name described in “System
Identification Parameters” on page 61
• string, where the CLI prompt includes the current command mode and the
20-character string as defined by the set prompt string command. The string
can consist of any 20 ASCII characters, except for the semicolon (;).
The show prompt command displays the current prompt settings.
Examples
/system#set prompt string BelAir-128-50-46-189
/system#set prompt selection string
[BelAir-128-50-46-189]/system#system switch BA20-A
[BelAir-128-50-46-189]/system#set prompt selection switch-name

[BA20-A]/system#set prompt selection switch-name

[BA20-A]/system#set prompt selection default
/system# show prompt
User-defined string: BelAir-128-50-46-189
prompt selection: default
Draft

BelAir20 User Guide IP Settings
IP Settings
This chapter contains procedures for managing BelAir20 IP parameters as
follows:
• “Displaying IP Parameters” on page 56
• “Configuring IP Parameters” on page 57
—“Configuring Dynamic IP Addressing” on page 57
—“Renewing the IP Address” on page 58
—“Setting a Static IP Address and Subnet Mask” on page 58
Draft
—“Static IP Routes” on page 58
• “Configuring the Domain Name System Lookup Service” on page 59
CAUTION! The BelAir20 uses internal IP addresses in the range of 192.168.1.x, 192.168.2.x
and 192.168.3.x. As a result, do not configure the BelAir20 to use any IP
addresses within these ranges.
Displaying IP /protocol/ip/show config
Parameters The /protocol/ip/show config command displays a detailed view of the system’s
IP configuration.
Example
/protocol/ip# show config
Interfaces:
Address Configured/ Configured/ Accept
Current Current Alloc Fallback Fallback DHCP
Interface Address Netmask Type D Address Netmask Parameters
------------------------------------------------------------------------------------------------
System 10.9.9.20 255.255.255.0 Static 10.9.9.20 255.255.255.0 Disabled
AutoIP: Enabled
Routes:
Destination Netmask Gateway Interface Active
--------------- --------------- --------------- ------------------ ------
No static routes currently configured
DNS:
Domain name lookup: disabled
Configured domain name:
Configured primary DNS server: 0.0.0.0
Configured secondary DNS server: 0.0.0.0

Configuring IP You can configure:

Parameters • dynamic IP addressing
• a static IP address and subnet mask, as well as static IP routes.
Configuring Dynamic IP /protocol/ip/set interface {system | vlan <1-2814>} dynamic

fallback-ip <address> <mask>
Addressing accept-dhcp-params {enabled|disabled}
[delay-activation]
/protocol/ip/del ip vlan <1-2814>
The set interface command specifies that a Dynamic Host Configuration

Protocol (DHCP) server provides IP addresses for the node. This includes IP
addresses for the node’s management interface as well as any VLANs it may
have. If you specify a new VLAN, then that VLAN is created. The del ip vlan
Draft
command deletes VLAN IP parameters previously created with the set
interface command.
If the IP address is dynamically set, BelAir Networks recommends that you also
configure the switch name, location and contact parameters. These parameters
then allow you to identify the node if you later need to do a remote CLI
session. Refer to “System Identification Parameters” on page 61.
In addition to providing the IP address, the DHCP server can be used to supply
additional parameters including:
• a TFTP server and a script file name
• DNS server IP address and a domain name
• a SNTP server list and time offset
The accept-dhcp-params parameter controls whether the node accepts
additional parameters from the DHCP server or not. Refer to “DHCP
Options” on page 68 for details.
The delay-activation parameter specifies that the new IP parameters do not
take effect until after you execute a config-save command. BelAir Networks
recommends that you always specify delay-activation if you change the system
IP parameters. Otherwise you will need to start a new CLI session using the
new IP address to execute the config-save command to save your changes.
Note 1: DHCP servers usually have the ability to assign a default route to
DHCP clients. Make sure that the DHCP server assigns only one
default route, even you are using many different IP interfaces on the

same BelAir platform (for example, a management IP interface and a

VLAN IP interface).
Note 2: You must configure the DHCP server lease time to be one minute or
longer.
Note 3: If the network contains nodes with static IP addressing and nodes with
dynamic IP addressing, make sure the DHCP server does not issue
addresses that been previously issued statically.
Renewing the IP /protocol/ip/renew ip {system | vlan <1-2814>}

Address
This command is used when the node is configured to dynamically receive IP
addresses. See “Configuring Dynamic IP Addressing” on page 57.
Draft
Issuing this command causes the DHCP server to renew the IP address of the
node’s management interface or of the VLAN.
CAUTION! Using this command may cause the DHCP server to change the IP address of
the node’s management interface. If this happens you may need to reconnect to
the node using the new IP address.
Setting a Static IP /protocol/ip/set interface {system | vlan <1-2814>}

static <ip addr> <mask>
Address and Subnet [delay-activation]
Mask /protocol/ip/del ip vlan <1-2814>
The set interface command specifies that the node uses static IP addressing for
the node’s management interface as well as any VLANs it may have. If you
specify a new VLAN, then that VLAN is created. The del ip vlan command
deletes VLAN IP parameters previously created with the set interface
command.
The delay-activation parameter specifies that the new IP parameters do not
take effect until after you execute do a config-save command. BelAir Networks
recommends that you always specify delay-activation if you change the system
IP parameters. Otherwise you will need to start a new CLI session using the
new IP address to execute the config-save command to save your changes.
Static IP Routes /protocol/ip/add route <dest ip addr> <dest mask> gw <gateway>

/protocol/ip/del route <dest ip addr> <dest mask> gw <gateway>
The ip route add command adds extra static IP routes. If your units needs to
communicate with an IP interface from another sub-network, you must add the
appropriate routes to the remote IP interface. Contact your administrator to
obtain the IP address and mask of the remote IP interface.

The ip route del command deletes a static route.

Use the gateway parameter to specify the IP address of the network gateway.
Configuring the /protocol/ip/set

/protocol/ip/del
dns
dns
server
server
{primary | secondary} <ip_address>
{primary | secondary}
Domain Name /protocol/ip/set
/protocol/ip/del
dns
dns
domain
domain
name <customer.com>
name
System Lookup /protocol/ip/set dns domain lookup {enabled | disabled}
Service The BelAir20 provides a Domain Name System (DNS) lookup service by
providing a DNS client that resolves computer names to IP addresses. If the
local DNS server fails, a query to the public network is made.
The set dns server command specifies the IP address of a primary and
Draft
secondary DNS server. The del dns server command erases the current IP
address.
The set dns domain name command specifies the default domain name required
to perform Fully Qualified Domain Name requests. The del dns domain name
command erases the current domain name.
The IP addresses of the DNS servers and the default domain name can also be
specified automatically through DHCP. See “DHCP Options” on page 68.
The set dns domain lookup command enables or disables the DNS client. To
use this service, you must configure the IP address of at least one DNS server
either manually or through DHCP.

BelAir20 User Guide System Settings
System Settings
This chapter contains procedures for managing BelAir20 parameters as follows:
• “Country of Operation” on page 60
• “System Identification Parameters” on page 61
• “Configuring the System Date and Time” on page 61
• “GPS Coordinates” on page 63
• “Find Me Function” on page 63
• “Displaying Unit Inventory Information” on page 63
Draft
• “Battery and Temperature Controls” on page 64
• “Displaying System Up Time” on page 64
• “Saving and Restoring the BelAir20 Configuration” on page 64
• “Restarting the Node” on page 65
• “Creating and Using Script Files” on page 65
Country of /system/show country [detail]

/system/set country <country_code>
Operation
These commands allow you to adjust the radios in your unit to conform to the
regulatory requirements for your country. This includes valid radio channel
ranges as well as transmit power levels and the use of Dynamic Frequency
Selection (DFS), a regulatory requirement in some jurisdictions.
The show country command displays the current country of operation.
Specifying the detail parameter also displays both the name and the ISO 3066
identity code for all supported countries.
The set country sets the country of operation for your unit. The
<country_code> parameter is the ISO 3066 identifier for the country as listed
by the show country detail. The default value is US.
CAUTION! Improper setting of a unit’s country setting may exceed regulatory
requirements and void the operator’s right to operate the radio equipment.
Contact BelAir Networks for details regarding country specific approvals.
Additional country settings are also available by contacting BelAir Networks.

System /system/set system-id ([switch <name>] [contact <firm>]

[location <place>])
Identification /system/show system-id
Parameters These commands let you manage system identification parameters such as
switch name, switch contact information and physical switch location.
Example
The following example sets the switch name to BA20-A, the contact
information to BelAirNetworks and its location to PoleNumber1.
/system# system-id switch BA20-A contact BelAirNetworks location
PoleNumber1
Configuring the The system date and time can be configured:
Draft
System Date and • manually
Time • using a Simple Network Time Protocol (SNTP) server
When using SNTP, you can use an offset to convert the displayed Coordinated
Universal Time (UTC) to local time.
Manual Date and Time /system/set date <YYYY-MM-DD> [time <hh:mm:ss>]

Configuration /system/set time <hh:mm:ss>
This commands set the current date and time. The value must be formatted as
follows:
• YYYY is the year
• MM is the month
• DD is the date
• hh specifies the hour
• mm specifies the minutes
• ss specifies the seconds
You must enter the exact date and time format as specified; that is, four digits
for the year and two digits for the month, day, hour, minutes and seconds.
Example 1
/system# set date 2004-02-10 time 06:50:00
Example 2
/system# set time 08:45:00

Managing an SNTP /protocol/sntp/set ip-address {primary|secondary}

{<ip_address> | disabled}
Server /protocol/sntp/set timeoffset <hour_offset> [<minute_offset>]
/protocol/sntp/set status {enabled | disabled}
/protocol/sntp/show {config | status}
The BelAir20 supports the Simple Network Time Protocol (SNTP) by

providing an SNTP client that can synchronize the unit date and time with any
SNTP compatible external time server.
The set ip-address command lets you set the IP address of a primary and
secondary SNTP server, or disable this functionality. If the SNTP client cannot
synchronize the unit date and time with the primary SNTP server, it attempts
to synchronize with the secondary unit.
Draft
The set timeoffset command configures an offset that is used to convert the
displayed UTC time to local time. The hour_offset parameter ranges from -12
to +13. The minute_offset parameter ranges from 0 to 59.
The IP addresses of the SNTP servers and the time offset can also be specified
automatically through DHCP. See “DHCP Options” on page 68.
The set status {enable|disable} command enables or disables the SNTP client.
To use this service, you must configure the IP address of at least one SNTP
server either manually or through DHCP. When the SNTP client is enabled, the
BelAir20’s clock is reset to use UTC.
The show status and the show config commands display whether the SNTP
process is running or not and the effective (actual) information used by the
SNTP client as well as the information stored by the BelAir20. Differences may
be caused by the setting of the accept-dhcp-params parameter. See “DHCP
Options” on page 68.
Example 1
/protocol/sntp# set ip-address primary 10.1.1.2
Example 2
/protocol/sntp# set timeoffset -4 30
Example 3
/protocol/sntp# show status
SNTP process is running
Effective SNTP Timeoffset:

===========================
SNTP Timeoffset origin: SNTP schema
SNTP Timeoffset: -4:00

Effective SNTP server:

======================
SNTP Servers origin: SNTP schema
Active Server: Primary - 180.1.4.31
SNTP server Primary : 180.1.4.31
SNTP server Secondary: 0.0.0.0
GPS Coordinates /system/set coordinates {latitude|longitude}

([degrees <-180,180>] [minutes <0,59>]
[seconds <0,59>] [milliseconds <0,999>])
/system/show coordinates
These commands allow you to manually specify the exact geographic location of
a BelAir unit. You can then use the Global Positioning System (GPS)
coordinates to locate a unit in the field.
Draft
Example
/system# set coordinates latitude degrees 76 minutes 55 seconds 54 milliseconds 53
/system# set coordinates longitude degrees -120 minutes 12 seconds 34 milliseconds 56
/system# show coordinates
latitude : 76 degrees 55 minutes 54 seconds 53 milliseconds
longitude: -120 degrees 12 minutes 34 seconds 56 milliseconds
Find Me Function /system/find-me {start|stop}
This command helps you determine the physical location of a unit.

When you start the find me function, the unit’s power LED starts a green and
red flashing cycle.
Displaying Unit /system/show phyinv
Inventory This command displays the manufacturing parameters (name, serial number and
Information part version numbers) of the equipment parts contained in a unit.
Example - BelAir20
/system# show phyinv
System
Name Serial number Assembly code BA order code
unknown? 844000010 BELAIR20-11
Physical Inventory Table

Slot Card type Version Serial number Assembly code
1 HTM 1.1.1 844000010 B2CH103AA-A A01
Physical Interface Table

Name Type Slot Card type Description
wifi-1-1 Wifi 802.11 1 HTM HTMv1 5GHz 802.11n
wifi-1-2 Wifi 802.11 1 HTM HTMv1 2.4GHz 802.11n
eth-1-1 Ethernet 1 HTM 1x1000baseTx [Electrical: Single]

Battery and /system/set battery-present {true|false}

/system/show environment
Temperature
Controls If your unit is equipped with a battery, you must enable the battery-present
indicator with the set command. Setting this indicator to true allows automatic
battery monitoring to occur and various battery alarms to be automatically
generated. The default setting is false.
The show command displays the unit’s the internal temperature (in degrees
Celsius), whether a battery is present and the battery’s current voltage.
Displaying System /system/show sysuptime
Up Time This command displays the time the system has been operating.
Draft
Example
/system# show sysuptime
System Up Time: 234 days, 16:45:32.34
Saving and In addition to the previously described config-save and config-restore

commands, the following commands let you save changes from the system
Restoring the defaults.
BelAir20
Configuration
Copying the /system/syscmd backupToShadow
Configuration Database
to the Standby Load This command copies the configuration database from the active software load
in persistent storage to the standby software load in persistent storage. (The
term Shadow refers to the standby software load.)
Note: The parameters of the syscmd command are case sensitive.
Restoring the /system/syscmd restoreFromShadow

Configuration Database
from the Standby Load This command copies the configuration database from the standby software
load in persistent storage to the active software load in persistent storage. (The
term Shadow refers to the standby software load.)
Use the reboot command for the new configuration to take effect.

Displaying the Running /system/show running-configuration

Configuration This command displays the configuration that the node is currently operating
with. It executes a series of show commands with results displayed on the CLI
screen. Use the scroll bar of the Telnet or SSH window to see any particular
section of the output.
Restarting the /system/reboot [{force}]
Node This command restarts the entire node. You must confirm your intent before
the node is rebooted.
Under some circumstances, a reboot may be prevented because of processing
from other user sessions. Use the force parameter to override these
restrictions and restart the node regardless.
Draft
See also “Restarting a Card” on page 76.
Example
/system# reboot
Creating and You can use script files to make repetitive tasks quicker and easier. The
BelAir20 provides several CLI commands to manage script files.
Using Script Files
Script Creation Use the following guidelines to create a script file:
Guidelines
• Make sure the script contains only valid and supported BelAir CLI
commands. If you are using an older script, make sure the CLI commands
that it contains are still valid and supported.
• Avoid including the reboot command in the script. Avoid including
commands that required rebooting the node. A good approach is to run the
script, manually verify that the parameters were correctly set, then manually
reboot the node.
• Test the final script to ensure all commands are valid, syntactically correct
and appropriate for the installed hardware.
Put the final script on a TFTP, FTP or FTPS server to transfer the script file to
the BelAir unit.
Transferring Files to and /system/tftpget remoteip <ip_addr> remotefile <filename>

[localfile <filename>]
from a BelAir Node /system/tftpput remoteip <ip_addr> localfile <filename>
[remotefile <name>]
/system/getfile remoteip <ip_addr> remotefile <filename>
[localfile <filename>]
[{tftp|

ftp [user <username> password <password>]|

ftps [user <username> password <password>]}]
These commands allow you to transfer files, such as script files, to and from a
BelAir node.
For the tftpget and getfile commands, if you do not specify a local file name,
then the transferred file maintains the same name as on the remote file system.
For the tftpput command, if you do not specify a remote file name, then the
transferred file maintains the same name as on the local file system.
For the getfile command:
• The default protocol is TFTP.
• For FTP, the default user name is anonymous and the default password is
Draft
root@ followed by the node IP address. For example, if the node has
148.16.4.123 as an IP address, then the default password is
root@148.16.4.123.
• For FTPS, the default user name is the unit’s MAC address stripped of
colons. The default password is unit’s MAC address stripped of colons,
followed by @, followed by the node IP address. For example, if the node
has 11:22:33:44:55:66 as a MAC address and 148.16.4.123 as an IP address,
then the default user name is 112233445566 and the default password is
112233445566@148.16.4.123.
CAUTION! Do not use these commands to perform a software upgrade on a BelAir node.
Use the upgrade load command instead. Refer to “Performing a Software
Upgrade” on page 142 for full details on performing software upgrades.
Managing Script Files /system/copy script <script file> <copied file name>
/system/delete script <script file>
/system/rename script <script file> <new name>
/system/show script <script file>
These commands allow you to manage script files.

You can run a script file while in any mode. See “Script Files” on page 27.
Tip
You can also run a script by copying it and pasting it into a CLI session window.
If you use this method:
1 Paste only 20 to 25 commands at a time. Otherwise, you may overfill the
command buffer used for the CLI session. If you overfill the command buffer,

you need to determine exactly which commands were executed and which
were not before proceeding.
2 After pasting a block of commands, verify that your script behaved as
expected; that is, that the pasted commands produced the expected
configuration.
3 After verifying the script behaviour, manually enter the config-save and
reboot commands as required.
Draft

BelAir20 User Guide BelAir20 Auto-configuration
BelAir20 Auto-configuration
With auto-configuration, the BelAir20 can automatically obtain a script file after
it powers up. The unit then configures itself based on the content of the file.
Auto-configuration minimizes the amount of manual intervention required to
pre-configure the unit before you install it. To create a valid script file, refer to
the guidelines listed in “Script Files” on page 27.
The following sections describe the different ways you can automatically supply
a script file to the BelAir20:
• “DHCP Options” on page 68
Draft
• “Configuration Download Profile” on page 71
Both methods are independent, but can be used in conjunction with each other.
For example, you can use DHCP options to download a script file that
configures the configuration download profile. You then use the configuration
download profile to download a second script file for the rest of the BelAir20.
DHCP Options With DHCP options, a DHCP server provides the BelAir20 with the following
parameters in addition to an IP address described in “Configuring Dynamic IP
Addressing” on page 57:
• TFTP server IP address and script file. These parameters cause a TFTP
session to be created and the script file to be downloaded and executed
during startup.
• DNS domain name. Only one domain name is valid at any one time per
BelAir20 and not per interface. See “Configuring the Domain Name System
Lookup Service” on page 59.
• DNS server IP addresses. Up to two DNS servers are supported. See
“Configuring the Domain Name System Lookup Service” on page 59.
• IP address for a time server. Two time servers are supported for use by the
SNTP service. See “Managing an SNTP Server” on page 62.
• time offset value used by the SNTP service. See “Managing an SNTP Server”
on page 62.
You can use DHCP options to configure the BelAir20 management interface or
one of its VLAN interfaces.

After the BelAir20 receives these parameters, it configures the interface in

question. At startup, it downloads the script file from the TFTP server and
executes it.
DHCP options can only be enabled for one interface. For example, if you
enable DHCP options for the management interface, you are prevented from
enabling them for a VLAN interface until you first disable them for the
management interface.
By default, the BelAir20 rejects all parameters provided by the DHCP server.
However, you can configure the BelAir20 to accept or reject any individual
parameter. By accepting only specific parameters, you can control how much of
the BelAir20 is auto-configured. For example, if you do not want to use a script
file from the TFTP server, you can set the accept-tftp-download parameter to
Draft
disabled. See “Accepting Specific DHCP Parameters” on page 70.
Data provided by the DHCP server overrides any data configured locally.
During operation, if the DHCP server provides updated data, the BelAir20
continues operation with the updated data.
Pre-requisites To use DHCP options, your DCHP server must be configured to supply the
information requested by the BelAir platform. In particular, make sure of the
following:
• Your DHCP server supplies a list of SNTP servers instead of NTP servers
and that they are listed in order of preference.
• Your DHCP server assigns only one default route, even you are using many
different IP interfaces on the same BelAir platform (for example, a
management IP interface and a VLAN IP interface).
Configuring and Using To use DHCP options, you must:

DHCP Options
1 Set the default IP address assignment to dynamic and set the
accept-dhcp-params parameter to enabled. See “Configuring Dynamic IP
Addressing” on page 57.
2 Specify which specific parameters to accept from DHCP server. See
“Accepting Specific DHCP Parameters” on page 70.
The BelAir20 then contacts the DHCP server to request the parameters.

Accepting Specific /protocol/ip/set dhcp-accept ([dns-domain {enabled|disabled}]

[dns-server {enabled|disabled}]
DHCP Parameters [tftp-download {enabled|disabled}]
[time-server {enabled|disabled}]
[time-offset {enabled|disabled}])
These commands control the whether individual parameters supplied by the

DHCP server are accepted or not by the BelAir20. To use this command you
must first set the default IP address assignment for the interface to dynamic and
set the accept-dhcp-params parameter to enabled. See “Configuring Dynamic
IP Addressing” on page 57.
By default, the node rejects all parameters from the DHCP server; that is, each
of these parameters is set to disabled.
The dns-domain parameter controls the domain name option used to perform
Draft
DNS requests. Only one domain name is valid at any one time per BelAir20.
See “Configuring the Domain Name System Lookup Service” on page 59.
The dns-server parameter controls DNS server IP addresses. Up to two DNS
servers are supported. See “Configuring the Domain Name System Lookup
Service” on page 59.
The tftp-download parameter controls two DHCP options: TFTP server IP
address and script file. Enabling this option causes a TFTP session to be created
and the script file to be downloaded and executed during startup.
The time-server parameter controls the IP address for a time server. Two time
servers are supported. This information is used by the SNTP service. See
“Managing an SNTP Server” on page 62.
The time-offset parameter controls the time offset value that is used by the
SNTP service. See “Managing an SNTP Server” on page 62.
The TFTP server IP address and the script file are downloaded and executed
only during a startup. If the script on the server changes, it is not sent to the
node until the next time the node reboots or starts up.
If DNS and SNTP data on the DHCP server changes, then it is sent to the node
whenever the node renews DHCP information. The new DNS and SNTP data
then takes effect immediately.
In all cases, DNS and SNTP data provided by the DHCP server overrides any
data configured locally.

Configuration With the configuration download profile you specify:

Download Profile • the filename of the script file
• the server from which to get the script file
• a user-name and password
You can specify the server by either its IP address or its name. If both are
specified, the IP address has precedence. The default name is belairconfig.com.
The script file is downloaded and executed only during a startup. If the script on
the server changes, it is not sent to the node until the next time the node
reboots or starts up.
Draft
Pre-requisites To use a configuration download profile, your server must be configured with
the appropriate user accounts and passwords. The account must contain a valid
script file.
Also, if you identify the server with a name, you need a DNS server to resolve
names to IP addresses.
Using a Configuration /system/set config-download [server <name_or_ip_addr>]

[auto-conf-protocol {ftps|ftp|tftp]
Download Profile [filename <filename>]
[user <user_name>]
[password <pword>]
{enabled|disabled}
/system/show config-download status
These commands provision the configuration download profile.

The server may be identified by supplying either its IP address or providing its
name. The default server name is belairconfig.com. The default protocol is
FTPS. The default user name and password is anonymous. The default filename
is auto-config.txt. By default, the configuration download file is disabled.
Example
/system#show config-download status
config-download adminStatus: enabled
config-download server: 0.0.0.0
config-download servername: belairconfig.com
config-download user-name: auto-config.txt
config-download password: anonymous
config-download filename: auto-config.txt
config-download protocol: ftp

BelAir20 User Guide Ethernet Interface Settings
Ethernet Interface Settings

This chapter describes how to configure the Ethernet interfaces provided by
your unit’s HTM card. The following topics are covered:
• “Displaying the Ethernet Interface Configuration Settings” on page 72
• “Displaying the Ethernet Interface Operational Settings” on page 72
• “Modifying Ethernet Interface Parameters” on page 73
Displaying the /interface/eth-<n>-<m>/show config

Ethernet Interface
Draft
The show config command displays the locally configured Ethernet interface
Configuration settings.
Settings
Example - BelAir20
/interface/eth-1-1# show config
Type : 1x1000baseTx [Electrical: Single]
Admin Status : Enabled
Speed : 100 Mbps
Mode : Full Duplex
Auto-Negotiation : Enabled
Mac Address : 00:0D:67:0C:23:38
Displaying the /interface/eth-<n>-<m>/show status

Ethernet Interface
The show status command displays the current operational Ethernet interface
Operational settings. The current operational settings are a result of the negotiation that
Settings occurs with another Ethernet device and may be different than that configured
locally.
Example - BelAir20
/interface/eth-7-1# show status
Type : 1x1000baseTx [Electrical: Single]
Admin Status : Enabled
Speed : 100 Mbps
Mode : Full Duplex
Auto-Negotiation : Disabled
Mac Address : 00:0D:67:0C:23:38

BelAir20 User Guide Ethernet Interface Settings
Modifying /interface/eth-<n>-<m>/set [auto-negotiation {enable|disble}]

[speed <10-or-100>]
Ethernet Interface [duplex {full|half}]
Parameters This command controls the local Ethernet interface settings. By default, each
Ethernet interface is enabled in full duplex mode at 100 Mbits/s with
auto-negotiation.
You cannot enable auto-negotiation if the speed is set to 10 MBytes/s. Similarly,
you cannot set the speed to 10 Mbytes/s if auto-negotiation is enabled.
Draft

BelAir20 User Guide Card Settings
Card Settings
This chapter contains the following topics that describe card operations:
• “Determining which Cards are in a Node” on page 74
• “Displaying Card Information” on page 75
• “Card Administrative State” on page 76
• “Restarting a Card” on page 76
Table 6 lists the location of documentation for physical interface parameters.
Draft
Table 6: Physical Interface Parameter Settings
Physical Interface
Refer to...
Type
Wi-Fi • “Wi-Fi Radio Configuration Overview” on page 77

• “Configuring Wi-Fi Radio Parameters” on page 78
• “Configuring Wi-Fi Access Point Parameters” on
page 84
• “Wi-Fi AP Security” on page 93
• “Wi-Fi Backhaul Link Configuration” on page 105
• “Mobile Backhaul Mesh” on page 112
• “Mobile Backhaul Point-to-point Links” on
page 118
Ethernet • “Ethernet Interface Settings” on page 68
(1000Base-TX)
Determining /mode
/card/mode
which Cards are
in a Node Use the mode command to determine <card_type> and <n>.
Example 1
/# mode
/card
/htm-1

/interface
/wifi-1-1 (HTMv1 5GHz 802.11n)
/wifi-1-2 (HTMv1 2.4GHz 802.11n)
/eth-1-3 (1x1000baseTX [Electrical Single])
/mgmt
/protocol
/ip
/radius
/rstp
/snmp
/sntp
/te-syst (tunnel)
/qos
/services
/auto-conn
/mobility
/ssh
Draft
/ssl
/syslog
/system
/diagnostics
Example 2
/card# mode
/htm-1
Displaying Card The following sections describe commands that display card parameters.
Information
Displaying Card /card/<card_type>-<n>/show capabilities
Capabilities
This command displays any extended capabilities that the card may have.
Example
/card/htm-1# show capabilities
Extended capabilities for B2CH103AA-A A01 (htmv1):
has no extended capabilities
Displaying the Card /card/<card_type>-<n>/show info

Physical Data
This command displays various physical aspects of the card.
Example
/card/htm-1# show info
Slot Type Version Serial Number Assembly Code

==== ==== ======= =============== ===============
1 htm 1 844000010 B2CH103AA-A A01
Displaying the Card /card/<card_type>-<n>/show interfaces

Physical Interfaces
This command displays the physical interfaces that the card provides.

Example
/card/htm-1# show interfaces
htm: has the following interfaces:
wifi-1-1
wifi-1-2
eth-1-1
Card /card/<card_type>-<n>/show state

/card/<card_type>-<n>/set state {enabled | disabled}
Administrative
These commands manage the card’s administrative state.
State
Example
/card/htm-1# show state
Admin:Up Status:running
Draft
Restarting a Card /card/<card_type>-<n>/reboot [{force}]
This command restarts a specific card. You must confirm your intent before the
card is rebooted.
Under some circumstances, a reboot may be prevented because of processing
from other user sessions. Use the force parameter to override these
restrictions and restart the card regardless.
Example
/card/htm-1# reboot

BelAir20 User Guide Wi-Fi Radio Configuration Overview
Wi-Fi Radio Configuration Overview
Available Wi-Fi Table 7 on page 77 lists the available BelAir Wi-Fi radios.
Radios Table 7: BelAir Wi-Fi Radio Summary
Can
Supported
Radio Operating Operate
Platform Backhaul
Module Frequency as Access
Topologies
Point?
HTM 2.4/5 GHz BelAir20 Yes mp-to-mp
Draft
p-to-mp
p-to-p
Configuration Use the following process to configure a Wi-Fi radio:

Process 1 Configure basic radio parameters. See “Configuring Wi-Fi Radio
Parameters” on page 78.
2 Configure AP parameters, if required. See “Configuring Wi-Fi Access Point
Parameters” on page 84 and “Wi-Fi AP Security” on page 93.
3 Configure backhaul parameters. See “Wi-Fi Backhaul Link Configuration” on
page 105.
4 Configure mobile backhaul parameters. See:
— “Mobile Backhaul Mesh” on page 112

BelAir20 User Guide Configuring Wi-Fi Radio Parameters
Configuring Wi-Fi Radio Parameters

This chapter describes how to display and configure Wi-Fi radio parameters,
including:
• “Displaying Wi-Fi Radio Configuration” on page 78
• “Displaying Configuration Options” on page 79
• “Operating Channel” on page 80
• “Antenna Gain” on page 81
• “Transmit Power Level” on page 81
Draft
• “Link Distance” on page 82
• “Dynamic Frequency Selection” on page 83
• “Rate Aware Fairness” on page 83
• “Changing Wi-Fi Interface Admin State” on page 83
To configure parameters that are specific to Wi-Fi Access Points (APs), see
“Configuring Wi-Fi Access Point Parameters” on page 84.
To configure parameters that are specific to backhaul radios, including the
different types of backhaul links, see “Wi-Fi Backhaul Link Configuration” on
page 105.
See also:
• “Configuring Wi-Fi Access Point Parameters” on page 84
Displaying Wi-Fi /interface/wifi-<n>-<m>/show config [{all|access|backhaul|qos}]
Radio This command displays various aspects of the radio’s configuration.

Configuration
Example
/interface/wifi-1-1# show config all
Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n
admin state: ................. Enabled

frequency band: .............. Generic

channel: ..................... 149
tx power: .................. 18.0 (dBm)
antenna location: ............ External Port
antenna index: ............... 1
antenna gain: ................ 5.0 (dBi)
link distance: ............... 1 (km)
base radio MAC : ............. Value is invalid
Access:
secure port state: ......... Disabled
secure addresses (vlan): ... Not configured
deauth dos defense: ........ Disabled
client auth trap: .......... Disabled
Misc:
rts-cts threshold: ......... 100
broadcast filter status: ... Disabled
Draft
broadcast filter rate: ..... 200
QOS:
wmm: ....................... Enabled
uapsd: ..................... Enabled
mapping: ................... UP/DSCP
voice acm: ................. Disabled
video acm: ................. Disabled
Common Backhaul:
privacy: ................... AES
key: .......................
traffic limit: ............. Disabled
mesh-min-rssi............... -100 (dbm)
Stationary Backhaul:
topology: .................. mesh
Mobile Backhaul:
mobile admin state: ........ Disabled
mobile link id: ............
mobile link role: .......... ss
Blacklist:
No blacklist entries
Link Failure Detection: ...... Disabled
Backhaul T1 Bandwidth limit:.. Disabled
Displaying /interface/wifi-<n>-<m>/show available-config-options
Configuration This command displays valid channel, antenna gains and transmit power values
Options for your unit. The displayed values vary depending on the country of operation.

Example
/interface/wifi-1-1# show available-config-options
Channels:
--------------------------------------------------------------------
1 2 3 4 5 6 7 8 9 10
11
Antenna gains:
--------------------------------------------------------------------
4.00 6.00 8.00 10.00 12.00
Tx power values for channel [6] and antenna gain [8]:

--------------------------------------------------------------------
27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12
11 10
Operating /interface/wifi-<n>-<m>/set channel <channel_num>

[secondary <channel_num2>]
Draft
Channel
This command let you specify the channel number for a Wi-Fi radio. Use the
show available-config-options command to display valid channel numbers. The
displayed values vary depending on the country of operation. Refer to your RF
plan and site survey to determine which value you should use.
CAUTION! Improper setting of channel, antenna gain and transmit power may exceed
regulatory requirements and void the operator’s right to operate the radio
equipment. Refer to the BelAir Radio Transmit Power Tables to determine valid
combinations of channel, antenna gain and transmit power for your country.
If the unit is a member of a multipoint-to-multipoint mesh cluster, the channel
must be set to match the one used by the multipoint-to-multipoint mesh
cluster.
If a unit is equipped with many radios for backhaul, their channels must be
separated by at least 35 MHz (that is, seven channel numbers) to avoid radio
interference resulting in poor data communication quality. For example, channel
numbers 53 and 61 can be used together, but not 53 and 59.
The secondary parameter applies to the BRMv3, the BRMv4, and the 5 GHz
radio of the HTM only. It sets an optional secondary channel for use with
Dynamic Frequency Selection (DFS), a regulatory requirement in some
jurisdictions. The default value is 0, instructing DFS to operate as if the
secondary channel is the same as the primary channel. If you change the
channel number from the default value and if you do not specify a secondary
channel, then your secondary channel is set to be the same as your primary
channel. DFS behaves the same way regardless of whether your secondary
channel is the same as the primary channel or whether your secondary channel

is 0. Refer to your RF plan and site survey to determine if you need to set a
secondary channel other than 0 or your primary channel.
See also:
• the BelAir Radio Transmit Power Tables
Antenna Gain /interface/wifi-<n>-<m>/set antenna-gain <gain>
This command let you specify the gain of the antenna installed with your unit.
Use the show available-config-options command to display valid gain values (in
dBi). The displayed values vary depending on the country of operation and the
Draft
channel in use.
You must set the antenna type to match the gain of the antenna installed in your
unit. For all countries except Korea, the default access antenna gain is 8 dBi. For
Korea, the default access antenna gain is 6 dBi.
CAUTION! Improper setting of channel, antenna gain and transmit power may exceed
regulatory requirements and void the operator’s right to operate the radio
equipment. Refer to the BelAir Radio Transmit Power Tables to determine valid
combinations of channel, antenna gain and transmit power for your country.
See also:
• the BelAir Radio Transmit Power Tables
Transmit Power /interface/wifi-<n>-<m>/set tx-power <tx-power-value>

[secondary <tx-power-value>]
Level [tx-power-optimize
{{enable [target-rssi <rssi_level>]
[max-tx-power <max_power>]}|disable}]
This command sets the transmit power for a Wi-FI radio. The range of
<tx-power-value> is limited to be valid for your country of operation, physical
channel in use, and type of antenna that is installed. Use the show
available-config-options command to display valid transmit power values
(in dBm). The displayed values vary depending on the country of operation and
channel in use.
The default setting is to have the radio transmit at maximum power.

The secondary parameter applies only to the following radios: BRMv3, BRMv4,
ERMv1, ERMv2, and the 5 GHz radio of the HTM. It sets the transmit power
for an optional secondary channel for use with Dynamic Frequency Selection
(DFS), a regulatory requirement in some jurisdictions. The default is to have the
same transmit power level for both the primary and secondary channel. Refer
to your RF plan and site survey to determine if you need to set a different
power level for the DFS secondary channel.
CAUTION! Improper setting of the transmit power may exceed regulatory requirements
and void the operator’s right to operate the radio equipment.
The tx-power-optimize parameter applies only to the following radios: BRMv3,
BRMv4, PSMv1, ARMv3, ARMv4. It enables automatic transmit power control
that negotiates the minimal power to maintain the maximum modulation rate.
Draft
If tx-power-optimize is enabled, <tx-power-value> is the default power level.
You must also specify the target RSSI level for the other end of the link and the
maximum power level that the link can transmit.
During operation, the RSSI level of the remote end of the link is monitored and
compared to the target RSSI level. If they are sufficiently different, the transmit
power level is adjusted. The <max_power> parameter limits the output of the
radio.
Automatic transmit power control operates only on the local end of the link.
To operate on both ends of a link, you must enable tx-power-optimize on both
ends of the link.
See also:
• “Antenna Gain” on page 81
Example - Automatic Transmit Power Control

/interface/wifi-1-1# set tx-power 10 tx-power-optimize enable target-rssi -65 max-tx-power 20
Link Distance /interface/wifi-<n>-<m>/set link-distance <distance>
This command adjusts the unit’s MAC timers to compensate for the additional
time to receive acknowledgements because the other unit is farther. The
distance parameter has a range of 0 to 40 and is specified in kilometers. The
default value is 1 km.
A distance beyond 20 km requires the use of a BRMv3, BRMv4, ERMv1 or
ERMv2.

Dynamic /interface/wifi-<n>-<m>/show dfs
Frequency This command applies to the BRMv3, BRMv4, and the 5 GHz radio of the HTM
Selection only. It displays current Dynamic Frequency Selection (DFS) settings, a
regulatory requirement in some jurisdictions. DFS is automatically implemented
depending on the country of operation.
See also:
• “Transmit Power Level” on page 81
Draft
Example
/interface/wifi-1-1# show dfs
DFS admin state : enabled

current channel : 53
channel DFS radar holdoff-time

# required detected remaining
------------------ --------- ---------- ------------
primary: 53 no no 0 (sec)
secondary: 53 no no 0 (sec)
Rate Aware set rate-aware-fairness {enable|disable}
Fairness This command applies to the ARMv3, BRMv3, BRMv4 and HMP only.
Rate aware fairness is a transmission algorithm that chooses dynamic retreat
and progress thresholds based on the transmission rate of the station being
transmitted to, and the size of the packet. This can give a better response in
some environments.
By default, rate aware fairness is disabled.
Changing Wi-Fi /interface/wifi-<n>-<m>/set admin-state {enable|disable}
Interface Admin This command controls the state of the Wi-Fi interface including all links.
State When set to enable, the Wi-Fi interface is in the operational state. When set to
disable, the Wi-Fi interface and all associated functions are disabled. After
disabling and re-enabling a Wi-Fi interface, all performance management
statistics are reset. The default is disabled.
Use the /interface/wifi-<n>-<m>/show config command to view the current
admin state of the Wi-Fi interface.

BelAir20 User Guide Configuring Wi-Fi Access Point Parameters
Configuring Wi-Fi Access Point Parameters

This chapter describes how to display and configure Wi-Fi Access Point (AP)
parameters, including:
• “Displaying AP Configuration” on page 84
• “DHCP Server Broadcast to Unicast Conversion” on page 85
• “Displaying Associated Wireless Clients” on page 85
• “Displaying Wireless Client Details” on page 87
• “Disconnecting a Wireless Client” on page 88
Draft
• “Enabling RTS-CTS Handshaking” on page 88
• “Changing AP Admin State” on page 88
• “AP Service Set Identifiers” on page 88
—“Displaying the SSID Table” on page 88
—“Displaying SSID Details” on page 90
—“Default Management SSID” on page 90
—“Configuring SSIDs” on page 91
—“Changing SSID Admin State” on page 92
See also:
Displaying AP Use the show config access command to display the current AP configuration.
See “Displaying Wi-Fi Radio Configuration” on page 78 for details.
Configuration
Example
Slot: 1, Card Type: htm, revision: 1, Port: 2, Radio: HTMv1 2.4GHz 802.11n
channel: ..................... 1
tx power: .................. 18.0 (dBm)

antenna index: ............... 1

antenna gain: ................ 2.5 (dBi)
link distance: ............... 1 (km)
base radio MAC : ............. 00:0d:67:08:48:97
Access:
secure port state: ......... Disabled
secure addresses (vlan): ... Not configured
deauth dos defense: ........ Disabled
client auth trap: .......... Disabled
DHCP Server /interface/wifi-<n>-<m>/set dhcp unicast {enable|disable}
Broadcast to This command lets the AP convert broadcast packets from a DHCP server to
Unicast unicast packets to wireless client. This provides the following benefits:
Conversion
Draft
• Broadcast packet are not retried in wireless transmissions, so in high
interference environments wireless clients can miss their DHCP exchange.
• It reduces the number of broadcast packets sent over wireless connections,
reducing the bandwidth required for exchanges of DHCP messages.
The default is disabled.
Displaying /interface/wifi-<n>-<m>/show clients [ssid <ssid_index>]
Associated This command displays the list of associated wireless clients for a given SSID. If
Wireless Clients no SSID is specified, the displayed list shows all associated clients and their
SSID.
The ssid_index parameter must be a valid SSID index.
In the resulting output:
• The time field displays how long the client has been associated to the BelAir
radio.
• The IP field lists the client's IP address. (s) indicates static IP addressing.
• The identity field lists the 802.1X client identity. It is present for dot1x or
WPA SSIDs.
• The auth field lists the authentication state of the client. See Table 8.

• The dhcp field lists the client DHCP state (applicable only if client uses
dynamic IP addressing). See Table 9.
Table 8: Auth Field Value Descriptions
Value Description
unauth default or initial state

auth client is authorized for Open or WEP privacy
eapAuth client is authorized for dot1x, WPA1 or WPA2 privacy
pskErr Possible wrong WPAPSK key configured on client
Draft
radto For dot1x, WPA1 or WPA2. Problems connecting to radius
server, possibly because of a network problem.
cltto For dot1x, WPA1 or WPA2. Problems sending EAP packets to
client.
Table 9: DHCP Field Value Descriptions
Value Description
init Client has just connected and has not yet started a DHCP
sequence
disc Client has sent a DHCP Discover message and is waiting for a
DHCP Offer message to get its IP address.
(Applicable only if client does not already have a valid IP address.
Otherwise client sends DHCP Request message.)
offer Server has responded to the DHCP Discover message with a
DHCP Offer message. This packet tells the client its IP address.
The client should then send a DHCP Request message to verify the
IP address.
req Client has sent the DHCP Request message to the server and is
waiting for a DHCP Ack message to confirm the assigned IP
address.
decl Server has declined the client’s DHCP request. Verify the server
settings.

Table 9: DHCP Field Value Descriptions (Continued)
Value Description
ack Client has sent a DHCP Request message and the server has
confirmed the assigned IP address.
(a * appended to the value indicates a completed DHCP process.)
nack Server has responded to the client’s DHCP request with a DHCP
Nack message. Verify the server settings.
relse Client has sent a DHCP Release message.
inform Client has sent a DHCP Inform message. Depending on the server,
the server may respond with a DHCP Ack message.
Draft
arpRes Client has gone through one of the DHCP state transitions and
replied to an ARP request for its IP address.
Depending on the server configuration, if a client moves to a different subnet, it

may need to timeout the current IP address (approx. 30 seconds) and then
restart the DHCP sequence. During this process the client may use the
standard default IP address for Microsoft Windows (169.254.X.X).
Example
/interface/wifi-2-1# show clients
SS-ID vlan mac addr time IP identity rssi auth dhcp

----- ---- ----------------- ---- ------------------ ---------- ---- ------- ------
2-4 0 00:11:24:26:24:AA 4m 10.9.9.20(s) -82 eapAuth static
Displaying /interface/wifi-<n>-<m>/show client <1|2|...|2007>
Wireless Client This command displays the details of a wireless client that is associated or was
Details recently associated with the AP. You determine the client number
<1|2|...|2007> with the show clients command. See “Displaying Associated
Wireless Clients” on page 85.
In the resulting output, the age parameter shows the time since the radio last
received a data frame from the client and the state parameter shows
authenticated (2) if the client is no longer associated.

Example
/interface/wifi-1-1# show client 35
id : 35
address : 00:40:96:38:2e:03
state : associated (5)
age : 594 secs
rssi : -82 dBm
Disconnecting a /interface/wifi-<n>-<m>/disconnect client <mac_address>
Wireless Client This command lets you disconnect the specified client from the AP.
You determine the client MAC address with the show clients command. See
“Displaying Associated Wireless Clients” on page 85.
Enabling RTS-CTS
Draft
/interface/wifi-<n>-<m>/set rts-cts <threshold>
Handshaking This command sets the threshold to do Request-to-Send (RTS) and

Clear-to-Send (CTS) handshaking. Handshaking occurs for packets larger than
the threshold. The <threshold> parameter can range from 1 to 2347. The
default value is 100. Setting the value to 2347 disables handshaking.
Changing AP /interface/wifi-<n>-<m>/set ap admin-state {enable|disable}
Admin State This command controls the state of the AP. When set to enable, the AP is in
the operational state. When set to disable, the AP and all associated functions
are disabled. The default is enabled.
AP Service Set Use the commands in this section to:

Identifiers • configure AP Service Set Identifiers (SSIDs)
• map an SSID to a VLAN
Each AP supports up to 16 SSIDs. If associated clients use different SSIDs, then
the BelAir20 can use the SSID to direct traffic to different VLANs.
Displaying the SSID /interface/wifi-<n>-<m>/show ssid table

Table
This command summarizes in table format the parameters of all configured
SSIDs. In the resulting output:
• The broadcast setting is the default for SSID 1. A broadcast setting means
that the access radio responds to a broadcast probe request and that SSID
information element is present in the beacon dataframe. A broadcast SSID

has a Basic Service Set (BSS), a unique identifier having the same format as a
MAC address.
• A suppressed setting means that the access radio responds only to a unicast
probe request and that SSID information element is present in the beacon
dataframe, but has a length of 0 and a null value. A suppressed SSID has a
Basic Service Set (BSS), a unique identifier having the same format as a MAC
address.
• A hidden setting means that the access radio responds only to a unicast
probe request and that SSID information element is not present in the
beacon dataframe. A hidden SSID does not have a unique Basic Service Set
(BSS), a unique identifier having the same format as a MAC address. It uses
the same BSS as SSID 1.
Draft
Example
/interface/wifi-2-1# sh ssid table
SSID Information
-------------------------------------------------------------------------------------
id enabled vlan type privacy wb sp acl bss ssid
-------------------------------------------------------------------------------------
1 yes -- Broadcast none -- * -- 00:0D:67:08:48:97 DefaultSsid1-1
2 no -- Hidden none -- -- -- 00:00:00:00:00:00 DefaultSsid1-2
3 no -- Hidden none -- -- * 00:00:00:00:00:00 DefaultSsid1-3
9 no -- Hidden none * -- -- 00:00:00:00:00:00 DefaultSsid1-9
16 yes -- Hidden wpa-tkip-psk -- -- -- 00:0D:67:08:48:98 BelAir1-084896
==================================================
In the previous example:
• wb is for wireless bridge; see “Disabling or Enabling AP Wireless Bridging”
on page 102
• sp is for secure port; see “AP Secure Port Mode” on page 103
• acl is for access control list; see “Wireless Client Access Control List” on
page 100

• bss is for basic service set; see “Configuring SSIDs” on page 91

• a star ( * ) means that the feature is enabled for that particular SSID
• a double dash ( -- ) means that the feature is not enabled for that particular
SSID
Displaying SSID Details /interface/wifi-<n>-<m>/show ssid <ssid_index> config
This command displays details of a particular SSID. Use the show ssid table
command to determine <ssid_index>.
Example
/interface/wifi-1-1# show ssid 1 config
Draft
Configuration for ssid 1
admin state: ..................... Enabled
SSID: ............................ DefaultSsid1-1
mbssid state: .................... Enabled
type: ............................ Broadcast
privacy mode: .................... none
rekey: ........................... Disabled
key update: ...................... no
traffic mapped to vlan: .......... none
wireless bridge state: ........... Disabled
acl state: ....................... Disabled
secure port state: ............... Disabled
radius NAS identifier: ........... belair
radius accounting: ............... Disabled
radius station id unformatting: .. Disabled
radius account session id: ....... Disabled
secure addresses (vlan):
No secure addresses configured
radius servers:
No radius servers configured for this ssid
Default Management By default, SSID 16 of each radio is a hidden SSID preconfigured for a
SSID management session.
The default management SSID is BelAir<n>-<MAC_info>, where:
• <n> is the slot number where the radio is located
• <MAC_info> is the last six digits of the node’s MAC address
For example, if a node has a MAC address of 00:0D:67:08:48:98, the default
management SSID for wifi-1-1 is BelAir1-084896. The default management SSID
for wifi-2-1 of that node is BelAir2-084896.
By default, SSID 16:

• uses WPA encryption with the following pre-shared key: DefaultKey123.

Users may wish to change the security settings to suit their needs.
• is not mapped to a VLAN. Users may wish to map SSID 16 to a separate
VLAN reserved for management sessions.
Refer to the following topics for details on changing the default settings for
SSID 16:
• To change the SSID and map it to a VLAN, see “Configuring SSIDs” on
page 91.
• To change the security settings, see “Wi-Fi AP Security” on page 93.
Configuring SSIDs /interface/wifi-<n>-<m>/set ssid <ssid_index>
Draft
service-set-identifier <ssid_string>
{broadcast | suppressed | hidden}
vlan {1-2814>|none}
This command allows you to configure AP SSIDs.

The ssid_string parameter is the SSID setting. SSIDs are case sensitive and can
contain up to 32 alphanumeric characters.
The ssid_index parameter is an integer from 1 to 16. Use the show ssid table
For a description of the broadcast, suppressed and hidden parameters, see
“Displaying the SSID Table” on page 88.
The vlan_id parameter, if present, specifies that traffic for all wireless clients
associated to the BelAir20 unit with the given SSID be directed to the specified
Virtual LAN (VLAN). The VLAN ID is an integer from 1 to 2814. If VLAN is
specified as none, traffic from the wireless clients corresponding to that SSID is
passed through the access radio without change.
Note 1: Configuring multiple broadcast SSIDs increases the number of beacon
data frames sent by the unit. To maximize multipoint-to-multipoint
mesh performance, BelAir Networks recommends that you do not
enable broadcast SSIDs on BelAir platform implementing a
multipoint-to-multipoint mesh with an ARMv3.
Note 2: If you are using Spectralink to provide Voice over IP services, make
sure that you do not use broadcast SSIDs for making calls.

Changing SSID Admin /interface/wifi-<n>-<m>/set ssid <ssid_index> admin-state

{enable|disable}
State
This command enables or disables a particular SSID. Use the show ssid table
The default is enabled for SSID 1 and disabled for all others.
Draft

BelAir20 User Guide Wi-Fi AP Security
Wi-Fi AP Security
This chapter describes how you can set up security to encrypt your Wi-Fi
transmissions so that your data cannot be deciphered if it is intercepted, and to
prevent access to the network by unauthorized clients. The following topics are
covered:
• “Security Options for Wireless Clients” on page 93
• “RADIUS Servers for Wireless Clients” on page 94
—“Managing RADIUS Servers” on page 97
—“Changing RADIUS Server Admin State” on page 98
Draft
—“Assigning SSIDs to RADIUS Servers” on page 98
—“RADIUS Assigned VLAN” on page 98
—“RADIUS Accounting” on page 99
• “AP Privacy” on page 99
• “Wireless Client Access Control List” on page 100
• “Controlling Inter-client Communication” on page 101
• “Protecting against Denial of Service Attacks” on page 103
See also:
Security Options The BelAir20 has several options for wireless authentication and data
encryption. The method that you use depends on your security needs and your
for Wireless network configuration.
Clients
If multiple SSIDs are configured, each SSID can be configured with its own
security options.

The authentication options are:

• instruct the AP to connect to a Remote Authentication Dial In User Service
(RADIUS) server in your network that keeps a list of accepted clients.
RADIUS is a standard for user authentication. For this option, you need a
RADIUS server. Multiple BelAir20 units can share the information from the
same RADIUS server.
• use a pre-shared key. This is a simpler authentication option, but more
difficult to maintain because pre-shared keys must be distributed to all users.
You can also create a list of accepted clients; that is, an Access Control List
(ACL). This option is best suited for small networks.
The encryption options are:
Draft
• Wired Equivalent Privacy (WEP). This is a basic encryption scheme.
• Temporal Key Integrity Protocol (TKIP). This is an more advanced
encryption scheme.
• Advance Encryption Standard (AES). This is the strongest encryption
scheme.
BelAir Wi-Fi radios offer WEP, WPA, WPA2 and WPA2mixed privacy settings.
With WPA2mixed, the wireless client can use WPA or WPA2, and the AP
accepts them both. WPA, WPA2 and WPA2mixed privacy uses TKIP or AES
encryption. Because of this, WPA, WPA2 and WPA2mixed provide much
stronger security than WEP. For small networks, you can use WEP or WPA
with pre-shared keys. For large networks, you can use WPA, WPA2 or
WPA2mixed in combination with dot1x (a RADIUS server) authentication.
CAUTION! RADIUS authentication, WPA or WPA2 can only be used with wireless clients
that support these standards (both the operating system and the network card).
For clients that only support WEP, select a combination with WEP.
Note: A network is as secure as its weakest link. If WEP is enabled, the overall
level of network security will be that of WEP.
RADIUS Servers To use RADIUS authentication, you need to configure at least one RADIUS
server.
for Wireless
Clients

Table 10 shows the attributes that are included in the access-request packets
sent to the RADIUS server.
Table 10: RADIUS Attributes
Name ID Description
RA_USERNAME 1 Client identity

RA_NAS_IP_ADDRESS 4 Node IP address configured with the /radio/add arm<n>
radius-server command
RA_NAS_PORT 5 For accounting packets, contains the client association ID
that ranges from 1 to 256.
Draft
For RADIUS packets, contains the SSID index values (from
0 to 15) + 100
RA_SERVICE_TYPE 6 Always 2
RA_FRAMED_MTU 12 Always 1488
RA_STATE 24 Client state from the RADIUS server
RA_CLASS 25 Always 0
RA_VENDOR_SPECIFIC 26 Not used
RA_SESSION_TIMEOUT 27 RADIUS reauth time configured with the /radio/set
arm<n> radius-reauth-time command
RA_IDLE_TIMEOUT 28 Client timeout value, always 5 minutes
RA_TERMINATION_ACTION 29 Incoming only (0 for terminate or 1 for reauth)
RA_CALLED_STATION_ID 30 AP MAC address
If station-id-unformatting is set to enable, colons are

removed.
RA_CALLING_STATION_ID 31 Client MAC address
If station-id-unformatting is set to enable, colons are

removed.

Table 10: RADIUS Attributes (Continued)
Name ID Description
RA_NAS_IDENTIFIER 32 Name configured with /radio/set arm<n>
radius-nas-identifier command
RA_ACCT_STATUS_TYPE 40 Always 1,2 or 3
RA_ACCT_INPUT_OCTET 42 Integer counter
RA_ACCT_OUTPUT_OCTET 43 Integer counter
RA_ACCT_SESSION_ID 44 Unique number generated by system.
Draft
RA_ACCT_AUTH 45 1 for RADIUS or 2 for local
RA_ACCT_SESSION_TIME 46 RADIUS reauth time configured with the /radio/set
arm<n> radius-reauth-time command
RA_ACCT_INPUT_PACKET 47 Integer counter
RA_ACCT_OUTPUT_PACKET 48 Integer counter
RA_TERMINATE_CAUSE 49 One of:
• 1 for session terminated by user request
• 2 for session terminated due to lost carrier
• 4 for session terminated due to idle timeout
• 5 for session timeout
• 9 for session terminated due to NAS error
• 20 for session terminated due to reauth failure
RA_ACCT_INPUT_GIGAWORDS 52 Not used
RA_ACCT_OUTPUT_GIGAWORDS 53 Not used
RA_EVENT_TIMESTAMP 55 System time when the RADIUS packet is sent
RA_NAS_PORT_TYPE 61 Always 9 for port type of wireless
RA_TUNNEL_TYPE 64 Refer to “RADIUS Assigned VLAN” on page 98.
RA_TUNNEL_MEDIUM_TYPE 65 Refer to “RADIUS Assigned VLAN” on page 98.
RA_TUNNEL_PRIVATE_GROUP_ID 81 Refer to “RADIUS Assigned VLAN” on page 98.
RA_CONNECT_INFO 77 Always CONNECT 11Mbps 802.11b

Table 10: RADIUS Attributes (Continued)
Name ID Description
RA_EAP_MESSAGE 79 EAP packet

RA_MESSAGE_AUTHENTICATOR 80 Authentication string from RADIUS server
RA_INTERIM_INTERVAL 85 Not used
Managing RADIUS /protocol/radius/show servers

Servers /protocol/radius/set server <server_idx> <server_ip_address>
<shared secret> [authport <server_port>]
[acctport <radius_acc_port>]
[interface <NAS IP address>] [timeout <seconds>]
[reauthtime <seconds>]
Draft
/protocol/radius/del server <server_idx>
These commands let you manage the RADIUS server list used for
authenticating wireless clients. The list can contain up to 16 RADIUS servers.
After the list is configured, you can then assign which AP SSID uses which
server on the list. See “Assigning SSIDs to RADIUS Servers” on page 98. By
default, if a RADIUS server is unavailable, then the SSID uses the next RADIUS
server in the list. You cannot delete a server if it is being used by an SSID.
The server_ip address parameter specifies the IP address of the RADIUS
server.
The shared secret parameter specifies the password for access to the RADIUS
server.
The server_port parameter specifies the UDP port number of the RADIUS
server. The default is 1812.
The radius_acc_port parameter specifies the UDP port number for RADIUS
accounting data. The default value is 1813.
The NAS IP address parameter specifies the Network Access Server (NAS) IP
address for the BelAir20 RADIUS client. It is used when the unit is configured
with multiple IP interfaces and matches the interface used to communicate with
the given RADIUS server. The default value is the IP address of the unit’s
management interface, which is usually VLAN1.
Note: The NAS IP address parameter is entered statically with this command.
If the VLAN IP addresses are determined dynamically with a DHCP
server, then an updated VLAN IP address is not automatically reflected
into the NAS IP address parameter.

The timeout parameter specifies the interval (in seconds) after which the
RADIUS client considers that the remote server has timed out if a reply is not
received. The default value is 10 seconds.
The reauthtime parameter specifies the RADIUS re-authentication time (in
seconds). This forces the BelAir20 to check all connected clients with the
RADIUS server (that is, make sure they are still allowed to access the network)
at the specified interval. You only need to configure this parameter if it is not
specified on the RADIUS server. Setting the interval to zero disables this
feature. The maximum interval time is 2147483647. If you enter a higher
number, the value is set to its maximum.
Example
Draft
/protocol/radius# set server 3 172.16.1.20 my-secret12345 authport 1812 acctport 1813
interface 172.16.1.254 timeout 15 reauthtime 1
Changing RADIUS /protocol/radius/set server-state <server_idx> {enable|disable}

Server Admin State
This command enables or disables a particular RADIUS server on the server
list. Use the show servers command to determine <server_idx>.
Assigning SSIDs to /interface/wifi-<n>-<m>/add ssid <ssid_index>

radius-server <server_idx>
RADIUS Servers /interface/wifi-<n>-<m>/del ssid <ssid_index>
radius-server <server_idx>
The add command specifies which RADIUS server to use to authenticate the
specified SSID. The del command means that the specified RADIUS server
stops authenticating the specified SSID. Use the /wifi-<n>-<m>/show ssid table
command to determine <ssid_index>. Use the /radius/show servers command
to determine <server_idx>.
RADIUS Assigned The BelAir20 can create VLANs as instructed by the RADIUS server. When
VLAN this feature is activated, the RADIUS server instructs the BelAir20 to tag the
authenticated packets to use the specified VLAN.
This feature has no BelAir CLI commands. To activate this feature, you must
provision the following attributes on your RADIUS server:
• RA_TUNNEL_TYPE, set to 13
• RA_TUNNEL_MEDIUM_TYPE, set to 6
• RA_TUNNEL_PRIVATE_GROUP_ID, configure to contain the VLAN to be
created.
Refer to Table 10 on page 95.

RADIUS Accounting /interface/wifi-<n>-<m>/set ssid <ssid_index> radius

([accounting {enable|disable}]
[nas-id <name>]
[station-id-unformatting {enable|disable}]
[session-id {enable|disable}])
These commands let you manage RADIUS accounting for wireless clients.
By default RADIUS accounting is disabled.
The nas-id <name> parameters specify the RADIUS Network Access Server
(NAS) identifier. The default value for <name> is the switch name as set with
the /system/set system-id switch <name> command.
The station-id-unformatting parameter specifies RADIUS station ID formatting.
By default the called-station-ID and the calling-station-ID fields are formatted to
Draft
include SSID information to the provided MAC address.
The session-id parameter specifies whether to include or not an accounting
session identifier in access-request packets. The session identifier is
automatically generated by the system.
AP Privacy /interface/wifi-<n>-<m>/set ssid <ssid_index> privacy

{none|wep40|wep104|
{wpa {tkip|aes}}|wpa2 {tkip|aes}|wpa2mixed}
[{psk <key-str>}|dot1x]
[rekey {no|kpackets <count>|seconds <seconds>}]
[update {yes|no}]
This command configures wireless privacy for a particular SSID. Use the show
ssid table command to determine <ssid_index>. Use the show ssid
<ssid_index> config command to show the current privacy settings.
WPA2 privacy can use TKIP or AES encryption for the following radios only:
ARMv4, ERMv1, ERMv2 and PSMv2. For other radio modules, WPA2 privacy
uses AES encryption only.
The psk parameter specifies using a pre-shared key for authentication. When
specifying the pre-shared key, note the following:
• For wep40, the pre-shared key must be exactly 5 bytes.
• For wep104 with psk, the pre-shared key must be exactly 13 bytes.
• For wpa, wpa2 and wpa2mixed, the pre-shared key must be between 8 and
63 bytes long. The longer the key, the more secure the connection.

• The pre-shared key can be specified as a hexadecimal number or ASCII

string. Hexadecimal numbers must be preceded by 0X or 0x. ASCII strings
must not contain the following characters:
—bar (|)
—semicolon (;)
—question mark (?)
The dot1x parameter specifies using RADIUS (EAP) authentication. You must
pre-configure a list of RADIUS servers. See “RADIUS Servers for Wireless
Clients” on page 94.
Draft
The rekey parameter allows you to specify Group Key Rekey options to
improve security. These options allow you to specify that a new group key (the
key that is used for communication between the access radio and a group of
clients) must be generated at regular intervals.
The default rekey setting is no meaning that the group key is not changed. If
rekey is set to n seconds, the group key is changed after that time period. If
rekey is set to n kpackets, the group key is changed after that many thousand
packets.
If update is set to yes, the group key changes immediately when one client
leaves the network. The default is no. The update setting applies to wpa and
wpa2 encryption only.
Additional Considerations
Make sure to set the AP SSID to something other than the default before
enabling wpa, wpa2 or wpa2mixed. The BelAir20 unit combines the password
phrase with your SSID to create the key.
Note: Some configuration commands take longer than others to be applied to
a radio module. For example, it can take up to 40 seconds per SSID for
a WPA PSK configuration to be applied to radio. The delay varies
depending on the amount of computing resources required to
implement the configuration.
Wireless Client /interface/wifi-<n>-<m>/show ssid <ssid_index> acl

[page <page-number> <page-size>]
Access Control /interface/wifi-<n>-<m>/add ssid <ssid_index> acl-mac-address
<mac-address>
List /interface/wifi-<n>-<m>/del ssid <ssid_index> acl-mac-address
<mac-address>

/interface/wifi-<n>-<m>/set ssid <ssid_index> acl

{enabled|disabled}
You can create a local list of clients (an ACL) that controls access to the
network. The list can contain up to 256 clients per SSID. Clients are identified
by the MAC address of their network card. If you have multiple BelAir20 units
in your network, you need to create this list for every AP.
You should only use an ACL as an extra security measure if:
• you cannot or prefer not to set up a RADIUS server
• your network provides access to network clients which do not support
RADIUS authentication
In both cases, it is recommended that you enable pre-shared key encryption
Draft
(WEP, WPA, WPA2 or WPA2mixed).
The enabled setting for the set acl command means that only the wireless
clients on the ACL can access the network. All other clients are denied access.
The disabled setting means that all wireless clients can access the network. See
also “AP Secure Port Mode” on page 103.
Typically, you enable ACL mode only after you have added all the desired MAC
addresses to the control list.
CAUTION! When used with multiple SSIDs, this method affects wireless clients attempting
to associate with any of the SSIDs.
Use the show ssid table command to determine <ssid_index>.
Controlling If wireless bridging is enabled for an SSID, then by default wireless clients
associated to an AP and using that SSID can communicate to one another
Inter-client (assuming they are able to determine the IP addresses of their peer wireless
Communication clients).
For security reasons in a public network environment, it may be desirable to
block inter-client communications.
CAUTION! Provisioning inter-client communication can affect the wireless clients
associated with all the SSIDs of that BelAir20 unit.
To prevent communications between associated wireless clients and still allow
them to connect to the Internet, you need to:
1 Determine the MAC address of the Internet gateway(s) or router(s) in your
network.
2 Disable wireless bridging for each AP in your network.

3 Disable inter-AP wireless client communications:

a Add the previously determined gateway MAC address or addresses to the
secure MAC white list. This allows wireless clients to communicate with
the Internet. The secure MAC white list typically contains the MAC
address of the gateway interfaces.
b Enable secure port mode for each of the APs in your network.
Determining the MAC Determining the MAC address of your Internet gateway(s) depends on the type
Address of the Internet of equipment you are using. Refer to your equipment’s User Manual for the
gateway specific details.
You will need the MAC address of your gateways later to provision the secure
MAC white list of the APs configured in secure port mode.
Draft
Disabling or Enabling AP /interface/wifi-<n>-<m>/set ssid <ssid_index> wireless-bridge
{enabled|disabled}
Wireless Bridging
Disabling wireless bridging for an AP prevents wireless clients associated to that
particular AP from communicating with one another.
It does not prevent a wireless client associated with one AP (AP “A”) from
communicating with a wireless client associated with another AP (AP “B”). The
secure port mode prevents this. See “AP Secure Port Mode” on page 103.
By default, wireless bridging is enabled.
Disabling Inter-AP Disabling inter-AP wireless client communications involves setting up a secure
Wireless Client MAC white list and enabling secure port mode for each AP.
Communication
Secure MAC White List /interface/wifi-<n>-<m>/add secure-mac-address <mac address> [<vlan-id>]

/interface/wifi-<n>-<m>/del secure-mac-address <mac address> [<vlan-id>]
These commands add and remove a MAC address and VLAN pair from the
secure MAC white list. When configured in secure port mode, the AP forwards
to the associated wireless clients only those Layer 2 (Ethernet) frames for
which the source MAC address and VLAN matches a MAC addresses and
VLAN pair in its white list. The white list can contain up to 32 MAC address
and VLAN pairs. If a VLAN is not specified, it is assumed to have a value of zero.
In effect, while in this mode the AP acts as a firewall for all Layer 2 frames
arriving from inside the network for the wireless clients. The secure MAC
white list should only contain the MAC addresses of the gateway interfaces.
Thus, wireless clients associated to other APs in the network are prevented
from communicating with locally associated clients.

Note 1: The secure MAC white list is different from the list described in
“Wireless Client Access Control List” on page 100. In a client ACL,
only the listed MAC addresses are allowed to associate with an AP. The
secure MAC white list controls data forwarding to the wireless clients
from remote entities in the network.
The content of the secure MAC white list takes effect only when the AP secure
port mode is enabled.
AP Secure Port Mode /interface/wifi-<n>-<m>/set ssid <ssid_index> secure-port

{enabled|disabled}

To prevent wireless clients associated with different APs from communicating
Draft
with each other, you must enable the secure port mode on each of the APs in
your network.
By default, the secure port mode is disabled.
Note: Typically, you provision the secure MAC white list before enabling the
secure port mode. This ensures that wireless clients that are already
associated do not lose their connection to the Internet.
Protecting against The BelAir20 provides protection against the following types of Denial of
Service (DoS) attacks:
Denial of Service
Attacks • deauthentication DoS, where deauthentication packets are maliciously sent
to the BelAir platform causing it to terminate wireless sessions
• Network Allocation Vector (NAV) DoS, where packets are maliciously sent
with the maximum duration value (approx. 32 milliseconds) in their header.
Sending a series of such packets may cause a BelAir radio to stop
transmitting.
The BelAir20 also automatically generates alarms when it detects the following
conditions:
• If the BelAir20 detects more than 600 DHCP requests within 30 seconds, it
raises a DHCP_STARVATION alarm.
• If the BelAir20 detects a client with a MAC address that matches any of the
addresses in the secure MAC white list, it raises a SECURE_MAC_SPOOF
alarm.

You can clear these alarms with the following command:

/interface/wifi-<n>-<m>/clear alarm
{secure-mac-spoof | dhcp-starvation}
Deauthentication DoS /interface/wifi-<n>-<m>/set deauth dos defense {enabled|disabled}
When a deauthentication packet arrives and this feature is enabled, the BelAir
platform waits 5 to 10 seconds before it terminates the wireless session. If the
wireless client sends another data packet during that interval, then the previous
deauthentication packet is deemed false and ignored. If the BelAir platform
does not receive any data packets during the interval, then the session is
terminated.
Use the show config access command to display the number of potential attacks
Draft
it has detected since you enabled the feature.
NAV DoS /interface/wifi-<n>-<m>/set nav dos defense

{enabled <limit>|disabled}
The limit parameter specifies a maximum duration value in microseconds. It

ranges from 320 to 32767.
When a packet arrives and this feature is enabled, the BelAir platform checks
the duration value in their header. If the packet’s duration value exceeds the
specified limit, the packet is ignored.
Use the show config access command to display the current value of the limit
parameter and the number of potential attacks it has detected since you
enabled the feature.

BelAir20 User Guide Wi-Fi Backhaul Link Configuration
Wi-Fi Backhaul Link Configuration

This chapter describes how to display and configure Wi-Fi backhaul parameters,
including:
• “Displaying Backhaul Link Configuration” on page 105
• “Configuring Backhaul Link Identifier, Topology and Privacy” on page 106
• “Managing MP-to-MP Meshes” on page 108
—“Displaying the Mesh Topology” on page 108
—“Managing Mesh Bandwidth” on page 109
Draft
—“Setting a Link RSSI Threshold” on page 110
—“Managing the Mesh Blacklist” on page 110
• “Egress Protection” on page 110
• “Changing Backhaul Link Admin State” on page 111
See also:
Displaying Use the show config backhaul command to display the current backhaul
configuration. See “Displaying Wi-Fi Radio Configuration” on page 78 for
Backhaul Link details.
Configuration
Example
/interface/wifi-1-1# show config backhaul
Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz 802.11n
channel: ..................... 149
tx power: .................. 18.0 (dBm)
antenna index: ............... 1
antenna gain: ................ 5.0 (dBi)
link distance: ............... 1 (km)
base radio MAC : ............. 00:0d:67:00:00:13
Common Backhaul:
privacy: ................... AES
key: .......................

traffic limit: ............. Disabled

mesh-min-rssi............... -100 (dbm)
Stationary Backhaul:
topology: .................. mesh
Mobile Backhaul:
mobile admin state: ........ Disabled
mobile link id: ............
mobile link role: .......... ss
Blacklist:
No blacklist entries
Link Failure Detection: ...... Disabled
Backhaul T1 Bandwidth limit:.. Disabled
Configuring /interface/wifi-<n>-<m>/set backhaul link [identifier <link-id>]

[topology {p2p|mesh|{star role {bs|ss} index <lnk_idx>}}]
Backhaul Link [privacy {{enabled key <pre_shared_key>}|disabled}]
Draft
Identifier, This command configures the backhaul link identifier, the backhaul topology and
Topology and backhaul privacy.
Privacy The backhaul link identifier identifies all members of a particular topology. The
<link_id> parameter is case sensitive and can be up to 32 alphanumeric
characters:
• For Point-to-Point (P-to-P) links, BelAir Networks recommends that the
link identifier describes the link; that is, the nodes it connects.
• For Point-to-Multipoint (P-to-MP) or Multipoint-to-Multipoint (MP-to-MP)
links, the link identifier is also known as a mesh identifier. It is the same for
all members of a particular mesh. A suitable link identifier is short phrase
unique to the MP-to-MP mesh, for instance Company x Mesh A or Mesh
Number 23.
When configuring a particular topology, you must configure all members to
have:
• the same channel. Refer to “Operating Channel” on page 80 for the
appropriate command
• the same link identifier
• the same privacy settings

As well, you must meet the requirements listed in Table 11 on page 107.
Table 11: Wi-Fi Backhaul Configuration Requirements
Topology Requirements
P-to-P 1 Set the topology parameter to p2p.

P-to-MP 1 Set the topology parameter to p2p.
2 Set the node’s role. The node can be a base
(Star topology with one station (bs) or a subscriber station (ss). A base
base station in the station is located at the center of the star and
middle connecting up to can support up to eight subscriber stations.
eight subscriber 3 Set the <lnk_idx> parameter. The link index
Draft
stations)
identifies individual links in the star topology. It
ranges from 1 to 8. For a subscriber station,
you specify a single link index. For a base
station, you specify all the link indexes that are
used to connect to subscriber stations.
To configure P-to-MP links configure the
subscriber stations first followed by the base
station.
MP-to-MP 1 Set the topology parameter to mesh.
(Full mesh topology

with each BelAir radio
having up to eight links)
The privacy setting determines whether AES privacy is used or not.

The pre-shared key must be exactly 32 bytes long (16 characters). The
pre-shared key can be specified as a hexadecimal or ASCII string and must not
contain the following characters:
• bar (|)
• semicolon (;)
• question mark (?)
• double quotation mark (“)

Managing This section describe additional commands to help you configure and manage
an MP-to-MP mesh clusters, including:
MP-to-MP Meshes
• “Displaying the Mesh Topology” on page 108
• “Managing Mesh Bandwidth” on page 109
• “Setting a Link RSSI Threshold” on page 110
• “Managing the Mesh Blacklist” on page 110
Displaying the Mesh /interface/wifi-<n>-<m>/show backhaul status

Topology
This command displays the operating parameters of the MP-to-MP links you are
connected to. A star (*) beside the RSTP state of a link indicates that it is the
Draft
link to the root bridge.
Example 1 and Example 2 that follow illustrate the output describing a mesh
between three radios: RadioA, RadioB and RadioC.
Example 1: RadioA
/interface/wifi-4-1# show backhaul status
Backhaul Links:
Link Radio MAC State(L,R) RSSI Radio Node IP Node Name
---- ----------------- ---------- ---- ----- -------- ----------
[S] 1 00:0d:67:0b:55:17 fwd fwd -49 wifi-3-1 180.1.5.120
[S] 2 00:0d:67:0b:51:ed fwd fwd -54 wifi-3-1 180.1.4.150
In the previous output, link 1 goes to RadioC and link 2 goes to RadioB.
RadioA is measuring a signal strength of -49 dBm from RadioC. RadioC has a
MAC address of 00:0d:67:0b:55:17 and is physical interface wifi-3-1 on a node
with IP address 180.1.5.120.
RadioA is measuring a signal strength of -54 dBm from RadioB. RadioB has a
MAC address of 00:0d:67:0b:51:ed and is physical interface wifi-3-1 on a node
with IP address 180.1.5.150.
Example 2: RadioB
Backhaul Links:
Link Radio MAC State(L,R) RSSI Radio Node IP Node Name
---- ----------------- ---------- ---- ----- -------- ----------
[S] 1 00:0d:67:0b:55:17 fwd fwd -68 wifi-3-1 180.1.5.120
[S] 2 00:0d:67:08:63:31 fwd fwd -54 wifi-4-1 180.1.5.180
In the previous output, link 1 goes to RadioC and link 2 goes to RadioA.

RadioB is measuring a signal strength of -68 dBm from RadioC. As in example 1,

RadioC has a MAC address of 00:0d:67:0b:55:17 and is physical interface
wifi-3-1 on a node with IP address 180.1.5.120.
As in example 1, RadioB is measuring a signal strength of -54 dBm from RadioA.
RadioA has a MAC address of 00:0d:67:08:63:31 and is physical interface
wifi-4-1 on a node with IP address 180.1.5.180.
Example 3: Mobile Backhaul Mesh

Backhaul Links:
Link Radio Mac State(L,R) RSSI Radio Node IP Node Name
----- ----------------- ---------- ---- ----- -------- ----------
[M] 1 00:0d:67:09:23:6a fwd fwd -68 wifi-3-1 10.1.1.123 NYC_WALLST
Draft
[M] 1 00:0d:67:00:08:06 fwd UP -71 wifi-3-1 10.1.1.122 NYC_BROADWAY
In the previous output, there are two mobile backhaul mesh links. One is
forwarding while the other is listening.
Managing Mesh /interface/wifi-<n>-<m>/set backhaul traffic-limit

{transmit|inject} <max_rate>
Bandwidth
This command lets you manage the rate at which the interface can transmit
traffic. The interface attempts to police incoming traffic depending on the
transmit or inject setting.
The max_rate parameter is specified in kBits/s. Typically, it is set between 1000
and 4000 kBits/s. By default, the traffic limit is set to 0, meaning it is disabled.
The transmit setting is intended for interfaces in an MP-to-MP mesh. When this
setting is selected, the maximum traffic rate applies to both the interface’s
access traffic and its backhaul traffic through the mesh links. It also applies to all
clients that are associated to the interface. The goal is to equalize traffic from all
the various sources.
The inject setting is intended for interfaces configured in a linear chain of nodes,
where one interface feeds traffic to the next in the chain. When this setting is
selected, the maximum traffic rate does not apply to traffic originating from
backhaul links. The maximum traffic rate applies only to traffic originating from
other sources. The goal is to equalize traffic without interfering with through
traffic from previous nodes in the chain.
Note: Although this command may be used on any BelAir unit with the proper
hardware, it is intended for use on units in the previously described
configuration (MP-to-MP mesh or linear chain).

Setting a Link RSSI /interface/wifi-<n>-<m>/set backhaul mesh-min-rssi <rssi_value>

Threshold
This command lets you set a signal strength threshold for creating mesh links. If
a radio signal from another node is weaker than the specified threshold, then
no link is created to that other node, except if there is no other link to either
node at each end of the link. In that case, the link is still created even if the
radio signal is weaker than the specified threshold.
This command applies only when a node is forming MP-to-MP links with other
nodes. Existing links are not affected by this command.
The rssi_value parameter is specified in as a negative number in dBm. The
default value is -100 dBm. Use the show config backhaul command to display
the current value.
Draft
Example
/interface/wifi-1-1# set backhaul mesh-min-rssi -70
The previous command sets the link RSSI threshold to -70 dBm. If the signal
from another radio is stronger than -70 dBm, then a backhaul link to that radio
is created. If it is weaker than -70 dBm, then a link is not created.
Managing the Mesh /interface/wifi-<n>-<m>/add backhaul blacklist <mesh_pt_MAC_addr>

/interface/wifi-<n>-<m>/del backhaul blacklist <mesh_pt_MAC_addr>
Blacklist
These commands allow you to control whether or not a link is used between
two mesh points in an MP-to-MP mesh. To blacklist a link, you need to log in to
both ends of the link and put the radio of other node on the local blacklist. For
example, to prevent the use of a link between node A and B, you need to:
1 Log in to node A and add to its blacklist the MAC address of node B radio.
2 Log in to node B and add to its blacklist the MAC address of node A radio.
The MAC addresses of the node radios can be determined with the show
backhaul status command.
Typically, these commands are used to disable an unstable link. This behavior
may occur when either radio at each end of the link is operating at the limit of
its sensitivity.
As well, these commands can be used to disable a particular link if the RF plan
predicts low RSSI values for it.
Egress Protection /interface/wifi-<n>-<m>/set backhaul protection-admin-state {enable|disable}
This command controls egress protection. The default setting is disable.

Egress protection provides extra redundancy for the BelAir20’s egress point.
The egress point is the point where the BelAir20’s access traffic leaves the
BelAir wireless network. This may be through an Ethernet connection, L2TP
tunnel end-point, or a cable modem.
If the egress point fails and egress protection is enabled, the BelAir20 uses a
Wi-Fi backhaul link to connect to another BelAir node so that traffic can leave
the BelAir wireless network through that node’s egress point. The BelAir20
selects the best node to use based on several factors including signal strength
and the number of hops to the egress point.
Egress protection is revertive. If the original egress point becomes operational
again, the access data is redirected back to original egress point.
Draft
To use egress protection, make sure of the following:
• The BelAir20 and it surrounding nodes are equipped with appropriate
hardware to provide the Wi-Fi backhaul link.
• The channel number, privacy settings and link identifier are the same for all
surrounding nodes.
• The backhaul protection-admin-state option for the radios has been
enabled.
• The tunnel engine for the BelAir20 is enabled, if the egress point is an L2TP
tunnel end point. See “Setting Tunnel Engine Parameters” on page 120.
Changing /interface/wifi-<n>-<m>/set backhaul admin-state {enable|disable}
Backhaul Link This command lets you enable or disable backhaul functionality regardless of
Admin State the topology (MP-to-MP, P-to-MP or P-to-P). The default setting is disable.

BelAir20 User Guide Mobile Backhaul Mesh
Mobile Backhaul Mesh

This feature extends the BelAir Networks fixed wireless infrastructure onto
high-speed vehicles such as trains, buses, police and fire vehicles, and
ambulances. Refer to Figure 6.
Figure 6: Mobile Backhaul Links Connecting Vehicle Cameras to Roadside Network
Roadside Mobile Backhaul
Network Mesh Link
Draft
A BelAir100M with mobile backhaul mesh links can support uninterrupted
high-performance broadband connectivity for critical applications, including
voice and video, as the vehicle moves throughout the wireless mesh at speeds
up to 150 mph (240 kph).
In such a deployment, the mobile node, mounted on a vehicle, acts as a
subscriber station to a stationary base station node. All mobile subscriber
stations and their stationary base stations use the same wireless channel,
mobile link identifier and privacy settings.
Each mobile subscriber station can have up to three mobile links with three
different stationary base station nodes. Mobile links can be either listening or
forwarding. Only one of the three mobile links from the subscriber station can
be forwarding at a particular moment to a particular stationary base station
node. Traffic from the forwarding link is propagated to the rest of the network.
The mobile subscriber station constantly determines the relative link quality of
all its links based on several factors, including signal strength, aging and failure
rates.

When the mobile subscriber station determines that a listening link has a better
link quality than the current forwarding link, it changes the link state so that the
listening link with the higher quality becomes forwarding.
These look ahead and make before break handover schemes allow the
BelAir100M with mobile backhaul mesh links to provide uninterrupted support
for a wide variety of applications, including voice and video.
Each base station node can support up to eight links. These can be mobile links
or links to other stationary base stations. Mobile links can be either forwarding
or listening. If a mobile subscriber station arrives within range of the base
station, its forwarding link has precedence over the listening links of the other
mobile subscriber stations.
Draft
Configuring The following tasks can be done:
Mobile Backhaul • “Displaying Mobility Configuration and Status” on page 113
Mesh Links • “Configuring and Enabling Mobile Backhaul Mesh Links” on page 113
Displaying Mobility Refer to the following sections and command descriptions:

Configuration and
Status • “Displaying Backhaul Link Configuration” on page 105
• “Displaying the Mesh Topology” on page 108
• show rf-survey backhaul, described in the BelAir20 Troubleshooting
Guide
Configuring and /interface/wifi-<n>-<m>/set backhaul mobile

([identifier <link-id>] [role {bs|ss}]
Enabling Mobile [privacy {{enabled key <pre_shared_key>}|disabled}]
Backhaul Mesh Links [admin-state {enable|disable}])
This command configures the mobile backhaul link identifier, the role of the
node and backhaul privacy. It also lets you enable or disable mobile backhaul
mesh functionality. The default setting is disable.
The mobile backhaul link identifier identifies all members of a particular mobile
backhaul mesh. The <link_id> parameter is case sensitive and can be up to 32
alphanumeric characters. A suitable link identifier is short phrase unique to the
mobile backhaul mesh.

When configuring a particular mobile backhaul mesh, you must configure all
members to have:
• the same channel. Refer to “Operating Channel” on page 80 for the
appropriate command
• the same mobile link identifier
• the same privacy settings
As well, you must meet the requirements for the P-to-MP topology listed in
Table 11 on page 107.
The privacy setting determines whether AES privacy is used or not.
The pre-shared key must be exactly 32 bytes long (16 characters). The
Draft
pre-shared key can be specified as a hexadecimal or ASCII string and must not
contain the following characters:
• bar (|)
• semicolon (;)
• question mark (?)
• double quotation mark (“)
Example 1 - Mobile Node

/interface/wifi-1-1# set backhaul mobile identifier test100m role ss
/interface/wifi-1-1# set backhaul mobile admin-state enable
Example 2 - Stationary Node

/interface/wifi-1-1# set backhaul mobile identifier test100m role bs
/interface/wifi-1-1# set backhaul mobile admin-state enable

BelAir20 User Guide Layer 2 Network Configuration
Layer 2 Network Configuration

The BelAir20 behaves as a layer 2 switch and transparent bridge without the
need to configure any software features. However, to control and manage the
traffic inherent in a bridge (for example, broadcast and flooding), you can invoke
layer 2 features, such as Virtual LANs (VLANs), that divide traffic among several
sets of users and restrict broadcast to the respective VLANs.
In addition you can create layer 2 tunnels between a BelAir20 and one or more
gateway routers to a core network.
See the following sections for a description of these layer 2 features:
• “Using Layer 2 Bridging” on page 115
Draft
• “Using Virtual LANs” on page 115
• “Managing Egress Node Traffic” on page 116
• “Using Layer 2 Tunnels” on page 118
Using Layer 2 With the BelAir20, traffic from any radio or Ethernet interface is switched to
any other radio or Ethernet interface.
Bridging
There are no CLI commands for the BelAir20 bridge functions.
Note: Clients that associate with the BelAir20 are not allowed to operate as a
bridge. This is to prevent issues associated with network loops. The
BelAir20 automatically disassociates without warning from any client
that is detected as behaving as a bridge; that is, sending spanning-tree
BPDUs. However, clients are allowed to operate as router to allow
features such as sharing a wireless Internet connection. For this type of
operation, BelAir Networks recommends that the computer with the
wireless connection to the BelAir20 have its operating system
configured to act as a router. For example, Microsoft Windows XP
offers the Internet Sharing function.
Using Virtual A virtual LAN (VLAN) refers to a group of devices that communicate with each
other as if they were on the same physical LAN. VLANs have the following
LANs benefits:
• You can control traffic by excluding broadcast traffic from the VLAN, and
including only those devices that must communicate with each other

• You can provide security by forcing traffic between VLANs through a routing
device.
BelAir nodes can support up to 2814 VLANs. Up to four management VLANs
can be configured. VLANs can be implemented based on client SSID, as
described in “AP Service Set Identifiers” on page 88.
Note: BelAir Networks recommends that the total number of VLANs do not
exceed 16, which should cover most deployments. This
recommendation is based on practical experience and the likely amount
of available hardware resources.
CAUTION! If your network contains a BelAir200, you must configure a BelAir200 VLAN
subsystem with the same VLAN ID as specified on the BelAir20 before assigning
client SSID traffic to a VLAN on a BelAir20. All traffic from the specified client is
Draft
discarded by the BelAir200 if the mapped VLAN is not previously configured.
Data packets from the client are tagged for the appropriate VLAN by the access
radio. If the client traffic is bridged to a backhaul radio that sends the traffic to a
BelAir200, then the BelAir200 segregates the traffic onto the appropriate
VLAN based on the tag. If the client traffic is bridged to the LPM, then the LPM
sends the traffic onto the Ethernet connection without removing the tag. This is
different than the case of the BelAir200, where you can choose to have the tag
removed before the traffic is sent onto the Ethernet connection.
Configuring the IP To configure IP addressing for VLANs, use the commands described in “IP
Address of a VLAN Settings” on page 56 and “BelAir20 Auto-configuration” on page 68.
If the specified VLAN does not previously exist, then it is created.
CAUTION! If you create a new VLAN with this command and if your network contains
BelAir200 nodes, then, you must configure a BelAir200 VLAN subsystem with
the same VLAN ID as specified on the BelAir20. All traffic from the specified
client is discarded by the BelAir200 if the mapped VLAN is not previously
configured.
Managing Egress In a BelAir network, the LPM port of a node can act as an egress point for the
backhaul traffic of many other nodes. The other nodes may be connected to
Node Traffic the egress node through point-to-point, point-to-multipoint or
multipoint-to-multipoint links.

VLAN Conversion /system/show egress pvid

/system/set egress pvid {<vlan_id>|untagged}
These commands let you convert the VLAN tagging of traffic entering or leaving
the LPM port of an egress node. If you specify a VLAN ID, untagged VLAN
packets coming from the LPM port of an egress node are converted to tagged
packets with the specified VLAN ID. Similarly, packets that are tagged with the
specified VLAN ID are sent to the LPM port of the egress node as untagged
VLAN packets.
If you specify the keyword untagged instead of VLAN ID, then packets are not
converted as they enter or leave the LPM port of the egress node. The default
setting is untagged.
VLAN Filtering
Draft
/system/show egress vlans
/system/add egress vlan {<vlan_id>|untagged}
/system/delete egress vlan {<vlan_id>|untagged}
You can create a list containing up to four VLAN IDs to control which traffic
enters or leaves the LPM port of an egress node. Only packets that are tagged
with a VLAN ID in the list are allowed to enter or leave the LPM port of the
egress node.
These commands let you manage list of VLAN IDs. By default, the list is empty
meaning that all traffic is allowed to enter or leave the LPM port of the egress
node. If you add a VLAN ID to the list, then only traffic belonging to that VLAN
can enter or leave the LPM port of the egress node. If you add the keyword
untagged to the list, then only untagged traffic can enter or leave the LPM port
of the egress node.

BelAir20 User Guide Using Layer 2 Tunnels
Using Layer 2 Tunnels

Layer 2 tunnels use the Layer 2 Tunneling Protocol (L2TP), version 2, to provide
the following benefits:
• provide a bi-directional communication path between the BelAir20 and a
central router. The path is unaffected by the size, topology and complexity
of the Layer 2 and Layer 3 access network between them.
• ensure efficient handling of mobile client MAC addresses, especially for
customers using DOCSIS technology in their access network
Figure 7 shows how wireless mobility is implemented with L2TP. When a
wireless client transmits an 802.11 frame, the BelAir Access Point (AP)
Draft
converts it to an Ethernet frame with VLAN information, encapsulates it within
an IP packet and then sends the packet to a Tunnel End Point (TEP). The TEP is
usually part of a network central router. The BelAir implementation of Layer 2
tunnels currently operates with a Cisco 7200 router or equivalent.
Figure 7: Wireless Mobility using L2TP
Mobile wireless client
device going from BelAir Access Points (APs)
one AP to another
BelAir Access Points (APs)

The TEP strips off the encapsulation data to reveal the original Ethernet frame
exactly as sent by the AP. The TEP delivers the Ethernet frame to a
VLAN-aware Ethernet switch. The switch applies normal Ethernet forwarding
rules to send it to a gateway router with one router port per subnet. The
gateway router switches the Ethernet frame to the appropriate outgoing router
port.
For packets moving in the other direction to the wireless client, the gateway
router applies to IP traffic an Ethernet header with the client’s MAC address as
the destination. The VLAN switch forwards this packet to the interface on
which it last saw the client’s MAC address, which is the interface connected to
the tunnel. The TEP receives the frame and encapsulates it in an IP packet.
When the AP receives the packet, it strips off the encapsulation data, converts
Draft
the resulting Ethernet frame to an 802.11frame, and then transmits it to the
wireless client.
When a mobile wireless client moves to a new AP, its traffic travels through a
different Layer 2 tunnel. The traffic is encapsulated and sent to TEP as before.
The VLAN-aware Ethernet switch then updates its MAC address table as
required with the information for the wireless client’s new AP. Any subsequent
frames sent to the wireless client are then forwarded to the new AP.
Tunneling is performed by a software module called a tunnel engine. For the
BelAir200, each Wi-FI radio card acting as an AP can have a tunnel engine and
the tunnel engine forwards access traffic only from the wireless clients
associated to that AP. Other BelAir platforms can have only one tunnel engine.
Each tunnel engine can create up to five tunnels to one or more TEPs. The end
points of a Layer 2 tunnel are identified by their IP addresses. The IP address of
the BelAir tunnel end point can be the IP address of the unit’s management
interface, or any IP address associated with a VLAN. The BelAir IP addresses
can be set manually or through the Dynamic Host Configuration Protocol
(DHCP).
Each tunnel can carry traffic belonging to any group of configured VLANs.
Configuring the The following tasks can be done:

BelAir Node for • “Displaying Tunnel Configuration and Status” on page 120
Layer 2 Tunneling • “Starting and Stopping Layer 2 Tunneling” on page 120
• “Setting Tunnel Engine Parameters” on page 120
• “Adding and Removing Layer 2 Tunnels” on page 121

• “Mapping User Traffic” on page 121

• “Configuring Authentication” on page 122
Layer 2 tunnel CLI commands are available in /protocol/te-<eng> mode. For
the BelAir200, <eng> is card-<n> where <n> is the BelAir200 slot containing
the AP. For all other platforms, <eng> is syst.
Displaying Tunnel /protocol/te-<eng>/show config

Configuration and
Status This command displays the current tunnel configuration and status.
Example
/protocol/te-syst# show config
Draft
Tunnel server is running, mode local, IP address 10.1.1.20 (system)
N Remote IP Name State uptime Tx packets Rx packets

== =============== ================== ===== ============= ========== ==========
1 10.1.1.4 sergey UP 0d 00:08:19 0 18

VLAN map: 1000
2 10.1.1.2 john DOWN
10.1.1.4 cathy DOWN active
3 N/C
4 N/C
5 N/C
Starting and Stopping /protocol/te-<eng>/set engine admin-state {enabled|disabled}

Layer 2 Tunneling
This command starts and stops tunneling operation. Use enabled to begin
tunneling operation. Use disabled to stop all tunnel forwarding.
Setting Tunnel Engine /protocol/te-<eng>/set mode {local|egress}

Parameters [interface-vlan <VLAN_ID>] [backhaul-backup]
The set mode command is used when the unit is connected to other units
through backhaul links. In this case, you may want the unit to act as an egress
point and put access traffic from itself and the other nodes into the tunnel. Use
local mode when the BelAir unit puts only its own access traffic into the tunnel.
Use egress mode when the BelAir unit puts its own access traffic and that of
many other units into the tunnel.
If the VLAN interface is not specified, the unit’s management IP address is used
to identify the local tunnel end point. IP addresses may be manually configured
or obtained by DHCP.

If a VLAN interface is specified, it must be previously configured. Refer to

“Using Virtual LANs” on page 115.
Use the backhaul-backup parameter to inform the tunnel engine that the node
uses egress protection. Before using the backhaul-backup parameter, make sure
all requirements described in “Egress Protection” on page 110 are met.
Adding and Removing /protocol/te-<eng>/add tunnel <index> ip <peer_IP_addr>

[name <stn_name>]
Layer 2 Tunnels [backup-ip <backup_IP_addr> [backup-name <backup_name>]]
[switch {equal | preffered}]
/protocol/te-<eng>/delete tunnel <index>
The add tunnel command creates a new tunnel to be terminated at the

specified peer IP address, which is usually the network central router. You can
Draft
create up to five tunnels to the same peer or to different peers. Each tunnel
carries just one L2TP session.
The <index> parameter is used for easy reference when using other
commands. It can be displayed with the /protocol/te-<eng>/show config
command.
The <stn_name> parameter can be any series of 18 alphanumeric ASCII
characters. L2TP protocol provides the <stn_name> parameter to the other
end point so it can identify different tunnels coming from the same IP address.
You can optionally specify the IP address and name of a backup server. If a
tunnel cannot be created to the main router or if a tunnel fails, the backup
parameters become active.
The switch parameter controls whether the use of a backup router is revertive
or not. Once the BelAir unit starts to use a tunnel to a backup router:
• If switch is set to equal, then the BelAir unit uses the tunnel to the backup
router until it fails. Only then does the BelAir unit switches back to the
tunnel using the main router. This is the default setting.
• If switch is set to preferred, then the BelAir unit uses the tunnel to the
backup router only while the main tunnel is unavailable. The BelAir unit
switches back to the tunnel using the main router as soon as it becomes
available again.
The delete tunnel command removes the specified tunnel. After using this
command, user data mapped to this tunnel is dropped instead of forwarded.
Mapping User Traffic /protocol/te-<eng>/map vlan {untagged|<VLAN ID>} to <index>

/protocol/te-<eng>/unmap vlan {untagged|<VLAN ID>}

The map vlan command instructs the tunnel engine to forward traffic to the
specified tunnel. You can specify either traffic associated with a specific VLAN
or traffic that is not tagged for any VLAN. All packets that meet this criteria
received by any of the node’s radios are forwarded through the tunnel. If the
tunnel is not configured or not active, all corresponding packets are dropped.
If you specify untagged traffic, then the tunnel interface itself must be associated
with a VLAN. Refer to “Setting Tunnel Engine Parameters” on page 120.
The unmap vlan command removes the tunnel mapping entry. After this
command, the specified packets are then forwarded as if the tunnel does not
exist.
Configuring /protocol/te-<eng>/set tunnel <index (1-5)>
Draft
[secret <shared_secret>]
Authentication [ppp-name <id>] [ppp-password <pw>]
[backup-secret <backup_shared_secret>]
[backup-ppp-name <backup_id>] [backup-ppp-password <backup_pw>]
/protocol/te-<eng>/set tunnel <index (1-5)>
authentication {enabled|disabled}
The set secret command configures the parameters for L2TP authentication for
a specified tunnel. The secret parameter sets the shared secret for tunnel
authentication. The ppp-name and ppp-password parameters set the data for
session authentication. The settings for each of these three parameters must
match the equivalent settings on the main router.
The backup-secret, backup-ppp-name and backup-ppp-password parameters
are equivalent settings for a backup router.
Once the authentication parameters are configured, you use the set
authentication command to enable authentication for a specified tunnel.
Configuring the The specific configuration tasks and commands for the network central router
vary, depending on the type of router that is installed.
Network Central
Router for Refer to the Tunnel Mobility Technical Bulletin, available at
www.support.belairnetworks.com for guidance on configuring the Cisco 7200
Layer 2 Tunneling router.

BelAir20 User Guide Quality of Service Settings
Quality of Service Settings

The BelAir20 includes Quality of Service (QoS) settings for the following
functional areas:
• traffic switching. See “System QoS” on page 123.
• client to access point radio communications. See “Radio QoS” on page 126.
System QoS BelAir nodes work in conjunction with one another to allow you to separate
and prioritize traffic. Each BelAir20 node can inspect incoming traffic and
prioritize traffic into four priority queues.
Draft
Prioritization Each BelAir node supports four traffic priority queues, numbered 0 to 3.
Queue 3 has the highest priority while queue 0 has the lowest priority. Table 12
describes each queue.
Table 12: Traffic Priority Queues
Queue
Description
Number
0 Background traffic
1 Best effort traffic
Use this queue for traffic that does not require QoS features,
such as most data traffic
2 Video traffic, T1 circuit emulation
Use this queue for high priority traffic such as T1 circuit

emulation, video or “gold service” customer traffic
3 Voice over IP (VoIP) traffic
Use this queue for SVP or other VoIP applications
All traffic that is not associated to a VLAN has priority 1. This means that until
you create VLANs, all traffic has priority 1.
Once VLANs have been created, you configure the node traffic to have different
priorities based on User Priority bits (0 to 7) or VLAN IDs.

The prioritization commands (map and no map) described in this chapter apply
strictly to the BelAir node that you are currently logged on to. You must repeat
them on each related BelAir node. For example, when specifying that particular
VLAN traffic has a particular priority, you must execute the associated
commands on each possible BelAir node in the path of that VLAN.
Marking Spectralink /qos/set svp {enable|disable}

Voice Priority Packets
Spectralink Voice Priority (SVP) packets are given a User Priority value of 6 and
are given the highest precedence and priority.
By default, SVP marking is enabled.
Note: If you are using Spectralink to provide Voice over IP services, make sure
that the SSIDs for making calls do not use BSSID.
Draft
Prioritizing Traffic Based /qos/set up-to-queue-mapping <priority> <queue_id>
on User Priority Bits
This command instructs the BelAir20 to process packets with the specified
User Priority value to the specified priority queue. The priority parameter
ranges from 0 to 7. The queue_id parameter ranges from 0 to 3, as described in
Table 12 on page 123.
Note: Settings made with the set vlan-to-queue-mapping command have
precedence over settings made with this command.
Table 13 shows how User Priority values are processed to priority queues by
default.
Table 13: User Priority Value to Priority Queue Processing
User Priority Value Priority Queue to which it is processed
0 1
1 0
2 0
3 1
4 2
5 2
6 3
7 3

To unmap a previously set priority, use the set up-to-queue-mapping command

to map that priority back to the default priority queue as shown in Table 13.
Prioritizing Traffic using /qos/set vlan-to-queue-mapping <vlan_id> {none|<queue_id>}

VLAN IDs /qos/show vlan {all|id <2-2814>}
The set command instructs the BelAir20 to process packets from the specified
VLAN to the specified priority queue. The vlan_id parameter ranges from 1 to
2814. The queue_id parameter ranges from 0 to 3, as described in Table 12 on
page 123. The none parameter removes the mapping of a VLAN ID to priority
queue.
Note: Settings made with this command have precedence over settings made
with the set up-to-queue-mapping command.
Draft
The show command displays a summary of the QoS settings that are based on
VLAN IDs.
Example
/qos# show vlan id 100
Qos Vlan Id Configuration

------------------------
Vlan Id : 100
------------------------
Vlan Qos Status : Enabled
Queue Map : 3
Resetting the QoS /qos/set defaults

Configuration
This command returns the system QoS configuration to factory default
settings.
Note: This command does not affect radio QoS configuration.
Displaying a Summary of /qos/show config

System QoS Settings
This command displays a summary of all current QOS settings, including:
• the Spectralink Voice Priority (SVP) marking settings, if applicable
• how User Priority bits are currently mapped to the priority queues
Example
/qos# show config

Qos Global Configuration

------------------------
Qos Status : Enabled
SVP Status : Enabled
Qos Global UP to Queue Mapping

---------------------------------
UP Value : 0 -- Queue : 1
No Vlan based Qos Configured!

-----------------------------
Draft
Displaying the /qos/show user-priority-map
Prioritization Settings
The show user-priority-map command displays how User Priority bits are
currently mapped to the priority queues.
Example
/qos# show user-priority-map
Qos Global UP to Queue Mapping

---------------------------------
Radio QoS BelAir radios offer Wireless Multi-Media (WMM) support for multiple priority
packets and transmit opportunities. This allows over-the-air QoS for WMM
client devices with faster burst transfer. (Use the /mode command to see the
version number of your radio modules.)
Some WMM features, such as selecting the priority scheme and the mapping
scheme, are also available for BelAir backhaul radios to provide end-to-end
QoS functionality.
Displaying a Summary of Use the /interface/wifi-<n>-<m>/show config qos command to display the
Radio QoS Settings current radio QoS settings. See “Displaying Wi-Fi Radio Configuration” on
page 78 for details.

Example
/interface/wifi-1-1# show config qos
Slot: 1, Card Type: htm, revision: 1, Port: 1, Radio: HTMv1 5GHz
802.11n
channel: ..................... 149
tx power: .................. 18.0 (dBm)
antenna index: ............... 1
antenna gain: ................ 5.0 (dBi)
link distance: ............... 1 (km)
base radio MAC : ............. 00:0d:67:00:00:13
QOS:
wmm: ....................... Enabled
uapsd: ..................... Enabled
mapping: ................... UP/DSCP
Draft
voice acm: ................. Disabled
video acm: ................. Disabled
Enabling or Disabling /interface/wifi-<n>-<m>/set qos wmm {enable|disable}

Wireless Multi-media
Wireless Multi-media is normally enabled. It allows the access point to
communicate with a WMM enabled wireless client using WMM features.
When disabled, the access point ignores requests for WMM communications
from wireless clients and instead uses traditional non-WMM features to
communicate with them. To disable WMM, you must first disable Unscheduled
Automatic Power-save Delivery (UAPSD). See “Unscheduled Automatic
Power-save Delivery” on page 129.
QoS Priority Scheme /interface/wifi-<n>-<m>/set qos schedule {edca|spq|lspq|t1}
This command applies only to the following radios: ARMv3, BRMv3, BRMv4,
PSMv1, PSMv2, ERMv1 and ERMv2. This command lets you decide which
priority setting to use.
BelAir recommends the following priority settings:
• Use edca for WMM applications. Selecting ebca means that the BelAir node
uses Enhanced Distributed Channel Access (EDCA) priority queuing,
including support for transmit opportunities (TXOP). EDCA and TXOP are
part of the WMM specification.
• Use spq for Spectralink applications. Selecting spq means that the BelAir
node uses Strict Priority Queueing.
• Use t1 when a BRMv3 or BRMv4 backhaul link carries traffic from a Circuit
Emulation Module (CEM) or from pseudo-wire circuits from another
manufacturer.

• Use lspq for all other applications that use a BRMv3 or BRMv4 radio.
Selecting lspq means that the BelAir node uses Legacy Strict Priority
Queueing.
By default, the QoS priority scheme is edca for ARMv3 radios and lspq for the
BRMv3 and BRMv4.
QoS Mapping Scheme /interface/wifi-<n>-<m>/set qos mapping {up|dscp|both}
The set command lets you decide how traffic is processed to the four BelAir
priority queues depending on the values of the User Priority (UP) field or the
Differentiated Services Code Point (DSCP) subfield in the client traffic fields.
Selecting up means that traffic is sent to the four BelAir priority queues based
on the UP field value. Selecting dscp means that traffic is sent to the four BelAir
Draft
priority queues based on the DSCP subfield value. Selecting both means that
traffic is sent to the four BelAir priority queues based on the highest priority
value of either the UP field or the DSCP subfield. By default, QoS mapping is set
to both. Table 14 shows the mapping of the UP value and the DSCP value to
the priority queue.
Table 14: UP and DSCP Value to Priority Queue Processing
UP Value DSCP Value Target Priority Queue
0 0 (0x0) 1
1 32 (0x20) 0
2 64 (0x40) 0
3 96 (0x60) 1
4 128 (0x80) 2
5 160 (0xA0) 2
6 192 (0xC0) 3
7 224 (0xE0) 3
Voice and Video Access /interface/wifi-<n>-<m>/set qos acm voice {enable|disable}

video {enable|disable}
Control
Admission Control Mandatory (ACM) is a voice and video access control
setting used with WMM. With ACM, the AP radio instructs the wireless client
during association whether it needs to pass admission control for the voice

queue and the video queue before it can send data through either queue to the
AP. To use this feature, the wireless client must also support ACM.
The show command displays the current QoS ACM setting. The set command
let you enable or disable access control for either voice or video streams.
By default, voice access control is disabled and video access control is disabled.
Unscheduled Automatic /interface/wifi-<n>-<m>/set qos uapsd {enable|disable}

Power-save Delivery
Unscheduled Automatic Power-save Delivery (UAPSD) extends the battery life
of wireless clients and reduces radio transmission traffic. To enable UAPSD, you
must first enable Wireless Multi-media (WMM) for the radio. Refer to
“Enabling or Disabling Wireless Multi-media” on page 127.
Draft
This command lets you enable or disable UAPSD. By default, UAPSD is enabled.

Layer 2 Network Configuration

The BelAir20 acts as a transparent bridge and layer 2 switch without the need
to configure any software features. However, to control and manage the traffic
inherent in a bridge (for example, broadcast and flooding) and to handle loop
situations where multiple paths exist between nodes, you can invoke layer 2
features such as:
• Virtual LANs (VLANs), that divide traffic among several sets of users and
restrict broadcast to the respective VLANs. See “Configuring IP
Parameters” on page 57.
• Spanning Tree Protocol (STP), where the optimum path is selected and
Draft
ports of alternate paths are shutdown
If there are no loops in the network, the BelAir20 can operate in bridge mode
or with VLANs. If a loop exists, STP must be invoked to manage the different
paths.
This chapter contains the following sections:
• “Spanning Tree Protocol Overview” on page 130
—“Configuring Spanning Tree Priority” on page 131
—“Configuring Other Spanning Tree Parameters” on page 132
—“RSTP Commands” on page 133
Spanning Tree It is important to configure the Spanning Tree Protocol (STP) when multiple
paths between nodes are created. As networks become more complex,
Protocol multiple paths between nodes, either intentional or unintentional, become
Overview more likely.
Although loops benefit the network by providing path redundancy, loops must
be dynamically eliminated to prevent proliferation of broadcast traffic and
confusion in the MAC learning tables of the bridge. This is accomplished by a
spanning tree protocol, which generates a loop-free subset of the network's
topology by placing those bridge or switch ports that, if active, would create
loops into a standby (blocking) condition. Blocked bridge or switch ports can
be activated in the event of primary link failure, providing a new path through
the network.

Loops can also occur accidentally or maliciously. For example, a technician may
connect their laptop to the Ethernet port of a BelAir20 and also have a wireless
link to a BelAir20 in the same network. If the laptop is configured to act as a
bridge then it creates a loop in the network, and broadcast traffic quickly
proliferates until the slowest link in the loop is saturated. This broadcast storm
renders part—or all—of the network unusable.
Note: To prevent issues as described previously, clients that associate with the
BelAir20 are not allowed to operate as a bridge. The BelAir20 will
automatically disassociate without warning from any client that is
detected as behaving as a bridge; that is, sending spanning-tree BPDUs.
However, clients are allowed to operate as router to allow features
such as sharing a wireless Internet connection. For this type of
Draft
operation, BelAir Networks recommends that the computer with the
wireless connection to the BelAir20 have its operating system
configured to act as a router. For example, Microsoft Windows XP
offers the Internet Sharing function.
The original spanning tree protocol is STP. When STP detects a topology
change in the network, STP blocks all user traffic, creates a new loop-free
configuration, and then re-enables user traffic. STP reconfigurations create
outages that are typically 30 to 60 seconds in length.
A newer protocol, Rapid STP (RSTP), greatly reduces the length of outages
caused by topology reconfigurations. RSTP is backwards compatible with STP
so it can be used in networks where some equipment only supports STP.
BelAir20 units are shipped from the factory with RSTP enabled and default
settings that are a suitable starting point for most deployments. The default
node priority is 36864 (or 0x9000). The default port settings vary depending on
the hardware in use, the topology and whether dynamic path cost is used or
not.
You should adjust the STP node priority and path cost settings for each node to
match the topology of your network. Refer to your network plan for details.
Configuring Spanning If all BelAir20 units are enabled with default settings, the switch with the lowest
Tree Priority MAC address in the network becomes the root switch. However, due to traffic
patterns, number of forwarding ports, or line types, the BelAir20 with the
lowest MAC address might not be the ideal root switch. By increasing the
priority (lowering the numerical priority number) of the ideal switch so that it
becomes the root switch, an STP recalculation will be done to form a new

topology. BelAir recommends that the root node is the Ethernet switch that is
used to connect to the LIM(s).
Refer to your network plan for details.
Use the command described in “Configuring Spanning Tree Priority” on
page 137 to specify the STP priority and the version of STP used by the
BelAir20 unit.
Configuring Other Table 15 describes spanning tree parameters that you can configure in addition
Spanning Tree to the STP node priority and path cost.
Parameters
Table 15: Configurable Spanning Tree Timers and Associated Parameters
Draft
Default
Parameter Description Possible Range
Value
Hello Timer 2s Determines how often 1 s to 10 s

the bridge broadcasts
hello messages to other Must be less than
bridges or equal to:
(1/2Max_Age - 1)
Forward 15 s Determines how long 4 s to 30 s
Delay Timer each of the listening and
learning states last before Must not be less
the interface begins than:
forwarding (1/2Max_Age + 1)
Maximum 20 s Determines the amount 6 s to 40 s
Age Timer of time the bridge stores
protocol information Must not be less
received on an interface than:
2(Hello_timer + 1)
Must not exceed:

2(Forward_Delay - 1)
Transmit 6 Transmit hold count 1 to 10
Hold Count (packet queue length)
Path Cost 32 bit Represents the media 16 bit or 32 bit
Type speed (or bit rate)

Table 15: Configurable Spanning Tree Timers and Associated Parameters
Default
Parameter Description Possible Range
Value
Link 3 Represents the number 3 to the ratio of the

Detection Hello timer periods to Maximum Age
Count wait before declaring the timer to the Hello
link is down timer
Note: BelAir Networks recommends that you do not change the RSTP
parameter values in Table 15 from their default values. Experience has
shown that these default values work well in a variety of networks.
Draft
To change the spanning tree transmit hold count and the path cost, refer to
“Transmit Hold Count” on page 138.
To change the values of the spanning-tree timers, refer to “Max Age, Hello
Time and Forward Delay” on page 138.
Note: The STP or RSTP parameter values that are actually used are inherited
from the root bridge. When you configure STP or RSTP parameters on
a BelAir20, you are setting the values that are used if that BelAir20 is
the root bridge.
RSTP Commands This section describes commands that you can execute while in rstp mode.
Some RSTP commands apply to specific physical interfaces or to specific radio
links. The Name column of the /protocol/rstp/show config port all command
displays available interfaces and radio links. For example, if the Name column
displays wifi-3-1-1, then wifi-3-1 identifies the interface and the -1 suffix
identifies radio link 1 of that interface.
The BelAir20 layer 2 switch forwards layer 2 frames to the output of one or
more physical interfaces or radio links based on the information contained in
the frame header (tags).
Displaying the RSTP /protocol/rstp/show config [port {all|<interface-name>}]

Configuration Settings
This command displays the currently configured RSTP settings. To see the
currently active RSTP parameters, as inherited from the root bridge, use the
/protocol/rstp/show topology command.

Specifying the port keyword displays RSTP configuration settings for each
physical interface and radio link. Use the <interface-name> parameter to
specify a particular interface and radio link, as shown under the Name column of
the /protocol/rstp/show config port all command.
Example 1
/protocol/rstp# show config
RSTP Configurations
--------------------
Rstp Status : Enabled

Stp priority : 36864
Stp Version : Rstp Mode
Bridge Max Age : 20 seconds
Draft
Bridge Hello Time : 2 seconds
Bridge Forward Delay Time : 15 seconds
Tx Hold Count : 3
Link Detection Count : 3
Bridge Address : 00:0d:67:00:69:d4
Bridge Aging Time : 300
---------------------------------------
Example 2
/protocol/rstp# show config port all
RSTP Port Configurations
--------------------
Port Name Prio Pathcost Migration Edge(Conf/Oper) P2P(conf/Oper)

Protocol Dynamic-Cost
Version Status Default
---- ---------- ---- ---------- --------- --------------- -------------------- -------- ---------------
9 wifi-2-1-1 128 2000000 False (False/False) (ForceTrue/True) RSTP Enabled 2000000

33 eth-7-1 128 200000 False (True/True) (ForceFalse/False) RSTP Disabled
Example 3
/protocol/rstp# show config port wifi-2-1-1
RSTP Port Configurations
--------------------
Port Name Prio Pathcost Migration Edge(Conf/Oper) P2P(conf/Oper)

Protocol Dynamic-Cost
Version Status Default
---- ---------- ---- ---------- --------- --------------- -------------------- -------- ---------------
Displaying the RSTP /protocol/rstp/show topology [port {all|<interface-name>}]

Topology Information

This command displays the currently active RSTP parameters as inherited from
the root bridge, including the MAC address of the designated root bridge in a
network, the cost of the path to the root, the port used to message to the root
bridge, as well as the current values of the spanning tree timers.
To see the currently configured RSTP parameters, use the /protocol/rstp/show
config command.
In the resulting output when the port keyword is omitted, Root Cost reflects
the node's cost to root that it would advertise in its BPDUs sent out to
designated or alternate ports.
Specifying the port keyword displays per port RSTP topology information for
each physical interface and radio link. Use the <interface-name> parameter to
Draft
specify a particular interface and radio link, as shown under the Name column of
the /protocol/rstp/show config port all command.
In the resulting output when the port keyword is used, Designated Cost is the
minimum port cost seen in BPDUs on that link (either from the node itself or
from another node on that same link).
Example 1
/protocol/rstp# show topology
RSTP Topology Information

--------------------
Designated Root : 00:00:00:12:00:32:9d:80

Stp Root Cost : 4000000
Stp Root Port : 33
Stp Max Age : 31 seconds
Stp Hello Time : 1 seconds
Stp Forward Delay Time : 21 seconds
---------------------------------------
Example 2
/protocol/rstp# show topology port all
RSTP Port Topology Information
-------------------------------
Port# Name Designated-root Designated Designated-bridge Designated

Cost Port
----- ---------- ----------------------- ---------- ----------------------- ----------
9 wifi-2-1-1 90:00:00:0d:67:00:68:ce 4000000 90:00:00:0d:67:00:db:e3 80:03

17 wifi-3-1-1 90:00:00:0d:67:00:68:ce 4000000 90:00:00:0d:67:00:dd:9d 80:02
25 wifi-4-1-1 90:00:00:0d:67:00:68:ce 6000000 90:00:00:0d:67:00:69:d4 80:19
33 eth-7-1 90:00:00:0d:67:00:68:ce 6000000 90:00:00:0d:67:00:69:d4 80:21

Example 3
/protocol/rstp# show topology port wifi-2-1
RSTP Port Topology Information
-------------------------------
Port# Name Designated-root Designated Designated-bridge Designated

Cost Port
----- ---------- ----------------------- ---------- ----------------------- ----------
9 wifi-2-1-1 90:00:00:0d:67:00:68:ce 4000000 90:00:00:0d:67:00:db:e3 80:03
Displaying RSTP Port /protocol/rstp/show port roles [all]

Roles and States
This command displays the roles and states of the RSTP ports.
Specifying the all option displays all possible links for a specific interface. If the
Draft
all option is omitted, then the command outputs data only for links with a
status of UP.
Example 1
/protocol/rstp# show port roles
RSTP Port Roles and States

---------------------------
Port# Name Remote-id Port-Role Port-State Port-Status
----- ----------- --------------- ---------- ---------- ---------
9 wifi-2-1-1 10.5.1.22 Designated Forwarding Enabled
33 eth-7-1 Root Forwarding Enabled
34 eth-7-2 Designated Forwarding Enabled
Example 2
/protocol/rstp# show port roles all
RSTP Port Roles and States

---------------------------
Port# Name Remote-id Port-Role Port-State Port-Status Link-status
----- ----------- --------------- ---------- ---------- --------- ------------
1 wifi-1-1-1 Disabled Discarding Enabled Down

7 wifi-1-1-7 Disabled Discarding Disabled Down

8 wifi-1-1-8 Disabled Discarding Disabled Down
9 wifi-2-1-1 10.5.1.22 Designated Forwarding Enabled UP
Draft
33 eth-7-1 Root Forwarding Enabled UP
34 eth-7-2 Designated Forwarding Enabled UP
Configuring the Bridge /protocol/rstp/set bridge aging-time <10 - 630>

Aging Time
This command specifies the aging time, in seconds, for the dynamically learned
forwarding information.
Configuring Spanning /protocol/rstp/set ([priority <Decimal (0 - 61440) or

Hexadecimal (0x0000 -0xf000)>]
Tree Priority [version {stpCompatible|rstp}])
This command specifies the STP priority and the version of STP used by the
BelAir20.
The default node priority is 36864 (or 0x9000). The priority values must be set
in steps of 4096 (or 0x1000).
The spanning tree version shows the type of STP used by the BelAir20.
Setting the value to rstp mode forces it to transmit RST BPDUs while setting it

to stpCompatible mode forces it to transmit configuration and TCN BPDUs.

The default setting is rstp.
Transmit Hold Count /protocol/rstp/set [tx-holdcount (1 - 10)]
This command configures the values of transmit hold count. The transmit hold
count value indicates the number of BPDUs that need to be transmitted in
any Hello Time interval. The default value is 6.
parameter values from their default values. Experience has shown that
the default values work well in a variety of networks.
Example
Draft
/protocol/rstp# set tx-holdcount 5
Max Age, Hello Time /protocol/rstp/set ([max-age <6 - 40>] [hello-time <1 - 10>]
[forward-delay <4 - 30>])
and Forward Delay
The max-age field represents the time in seconds that all bridges use for
MaxAge when this bridge is acting as the root. The default value is 20. The
value must not exceed: 2(ForwardDelay -1).
The hello-time field represents the time in seconds that all bridges use for
HelloTime when this bridge is acting as the root. The default value is 2.
The forward-delay field represents the time in seconds that all bridges use for
ForwardDelay when this bridge is acting as the root. The default value is 15.
The value must not be less than: 1 + 1/2 MaxAge.
parameter values from their default values. Experience has shown that
the default values work well in a variety of networks.
Example
/protocol/rstp# set max-age 20 hello-time 2 forward-delay 15
RSTP Link Priority and /protocol/rstp/set interface <interface-name>

Static Path Cost [priority <Decimal (0-240)
or Hexadecimal (0x00 -0xF0)>]
[pathcost <1 - 200000000>]
This command configures the link priority and sets the static path cost in the
pathcost field. This command is available only if dynamic path costs are disabled.
Refer to “Dynamic Path Cost” on page 139.

The <interface-name> parameter specifies a particular interface.

The link priority value forms the first component or the portion of the Port ID
that can be written. The values for the link priority must only be in steps of 16
(only the first 4 bits can be set for the link priority).
The static path cost determines the preferred data paths between bridges
throughout the network and the root bridge. The default path cost settings
vary, depending on the hardware in use, the topology and whether dynamic
path cost is used or not.
Example
/protocol/rstp# set interface wifi-2-1 priority 64 pathcost 65535
Draft
Dynamic Path Cost /protocol/rstp/set interface <interface-name>
[dynamic-cost {enabled|disabled}]
This command lets you manage how path costs are determined for each radio
link on your BelAir20.
Dynamic path costs are a useful way to adjust the topology of a network to
isolate a link as a result of unplanned or seasonal effects. For example, there
may be an unplanned source of radio interference with a particular link. Or,
vegetation may affect a link during summer.
When dynamic cost is disabled, each link is assigned a fixed cost. The default
value depends on the hardware and topology in use.
When dynamic cost is enabled, the BelAir20 adjusts the link’s cost based on
several link quality factors. For example, a link with a low RSSI, such as -80,
implies poor link quality causing it to have an increased cost. Similarly, a link
with a high RSSI, such as -40, implies good link quality causing it’s cost to be
reduced.
Enabling dynamic path costs disables the command to configure a static path
cost. Refer to “RSTP Link Priority and Static Path Cost” on page 138.
To prevent unnecessary topology changes based on transient behaviour, a new
link cost may not automatically cause a topology change. If the new link cost is
very different from the current link cost, then the topology is changed.
However, if the new link cost is only slightly different from the current link cost,
then the current topology is maintained. As further protection against transient

behaviour, the RSTP verifies that the new link cost is maintained for 30 minutes
before it implements any potential topology changes.
In all cases when a link is enabled or disabled, RSTP takes into account the new
link costs as it creates a new topology.
By default, dynamic cost is enabled for most combinations of platforms and
topologies. Use the /protocol/rstp/show config port command to determine if
it is enabled or disabled in your case.
RSTP Protocol /protocol/rstp/set interface <interface-name>

protocol-migration {true|false}
Migration on an
Interface
While operating in RSTP mode, setting of this value to true forces the interface
to transmit RSTP BPDUs.
Draft
RSTP Edge Port Status /protocol/rstp/set interface <interface-name>

edge-port {true|false}
This command sets the administrative value of the edge port status of the
interface. This indicates whether the interface should be assumed an edge port
or not.
The operational value of the edge port status is initially its administrative value.
However, it can be updated later by the BelAir20 bridge software.
The default settings vary, depending on the hardware in use, the topology and
whether dynamic path cost is used or not.
RSTP Point-To-Point /protocol/rstp/set interface <interface-name>

p2p {forcetrue|forcefalse}
Status of an Interface
This command sets the administrative value of the point-to-point status of the
interface. This indicates whether the interface should be treated as a
point-to-point link or not.
Setting a value of forcetrue forces it to function as a point-to-point link. Setting
a value of forcefalse forces it not to function as a point-to-point link.
The default settings vary, depending on the hardware in use, the topology and
whether dynamic path cost is used or not.

Interface RSTP /protocol/rstp/set interface <interface-name>

admin-state {enable|disable}
Configuration
This command allows or prevents RSTP from affecting the specified interface.
By default, RSTP affects all enabled interfaces. Setting admin-state to disable
prevents RSTP from affecting this interface. Setting admin-state to enable allows
RSTP to affect this interface.
Draft

BelAir20 User Guide Performing a Software Upgrade
Performing a Software Upgrade

This section instructs you how to upgrade a BelAir20 unit by downloading a
new software load from a remote server. The procedures in this section
assume the following:
• You have connected to the BelAir20.
• You have started a Command Line Interface (CLI) session and you have
logged in as root. When you need to login again, such as after a reboot, use
the root user account so you have access to all the required commands.
• You are familiar with the operation of the CLI.
Draft
• You are familiar with the operation of the config-save command. Refer to
“Saving and Restoring the BelAir20 Configuration” on page 64 for details.
CAUTION! Make sure to read and understand the entire upgrade procedure described in
this section before attempting to upgrade a unit. An improper upgrade could
result in a unit becoming inoperable and isolated from the network.
CAUTION! A unit’s configuration database in one release can be structurally different than
in other releases. For example, the configuration database in Release 10.0 is
structurally different than in previous releases. Because of this, downgrading a
software load from Release 10.0 to the previous release requires much effort.
BelAir Networks strongly recommends that you fully verify the configuration
and operation of an upgraded unit before you commit the new load to replace
the old load and configuration. The upgrade process in this document contains
guidelines to help you verify a unit.
For instructions on how to downgrade a unit, contact BelAir Networks.
Upgrade Process An operator logged in as root can upgrade a BelAir20 unit by downloading a
new software load from a remote server. You can use either TFTP or FTP to
Overview communicate with the remote server. You must ensure that the server is
running at an accessible IP address. For redundancy purposes, BelAir20 units
store two copies of the software load in two application banks: banks A and B.
The active software load is the software load that is currently running. The
standby software load is the software load in the alternate application bank.
Either bank A or bank B may be active at a given time. See Figure 8 on
page 143.

Figure 8: Active and Standby Software Loads
BelAir Unit
Active
Software Load
Pointer to software
load for next restart
A B
Active Standby
Draft
Software Load Software Load
Under normal operating conditions, the contents of the two software load
banks are identical. During a software upgrade, the new software load is copied
into the standby bank at the time of the upgrade.
A software upgrade consists of the following steps:
1 Ensure the current configuration is saved. Refer to “Saving and Restoring the
BelAir20 Configuration” on page 64.
2 Determine what software load is active (A or B). The new software load will
overwrite the standby bank.
3 Download the new software load. The new software load is downloaded to
the standby software load bank. If A is active, then the new software load is
downloaded to bank B. If B is active, then the new software load is
downloaded to bank A.
4 Verify the new software downloaded successfully.
5 Activate the new software load from the standby software load bank
(containing the new load) by rebooting the node. The new load is promoted
to active and the formerly active software load bank becomes standby.
6 Verify the configuration and operation of the unit operating with the new
software load
7 Commit the load (copy the newly activated load to the standby software
load bank).

Note: Any configuration changes that you make before you commit the new
software load are lost if you back out of the upgrade.
CAUTION! Do not change or save the node configuration while upgrading the system.
CAUTION! It is always possible to downgrade a committed software load to an older
release. However, while the existing configuration data is saved (upgraded)
during a software upgrade, the existing configuration data could be lost (erased)
during a software downgrade. BelAir Networks recommends that you save and
remotely store the current existing configuration database in case you choose
to downgrade a software load. For instructions on how to downgrade a unit,
contact BelAir Networks.
Displaying the
Draft
Display the active software load and the load that is activated at the next
reboot with the following command:
Active and Next
Software Loads /system/show loads
Downloading a /system/upgrade load remoteip <serverIPaddress>

remotepath <serverSubDir>
New Software [{tftp|ftp [user <usrname> password <pword>]}]]
Load This command downloads a new software image from a remote server. It
copies the new software load into the standby software load bank and sets the
new load as the next active load. See Figure 9 on page 145.
default, the upgrade load command uses TFTP. If you specify FTP, you can also
specify the user name and password. The default FTP user name is anonymous
password.
CAUTION! Once it begins, the upgrade process cannot be interrupted or terminated by the
user with the current CLI session. See “Canceling a Software Upgrade” on
page 144.
Canceling a /system/cancel upgrade
Software Upgrade This command stops the transfer of the new software load into the standby
software load bank. If you reboot the node, the software in the active software
load bank is used. See Figure 9.

To cancel the upgrade process:

1 Start another CLI session to the BelAir20 being upgraded and log in as in as
root.
2 Issue the following command:
/system/cancel upgrade
3 When requested, confirm your intent.

If you confirm that you want to cancel the software upgrade, a message
appears in the other CLI session informing it’s user that the upgrade has
been cancelled.
CAUTION! Because the software upgrade process was interrupted, the software in the
standby software load bank may no longer be suitable to reboot the system. Do
Draft
not set it to be the next active load unless you first commit the current active
software load, or complete a new software upgrade.
Figure 9: Software Upgrade Step 3 - Downloading the New Software Load
BelAir Unit
Active
Software Load
Pointer to software
External
TFTP
A B Server
Software
Active Standby Download
Verifying a Verify that the new software downloaded successfully with the following
command:
Successful
Download /system/show loads verify
The verify option calculates and verifies the checksum. A bad checksum
indicates an issue with the load. If there are any issues, perform the download
again.

Example
/system# show loads verify
Application BankA
-----------------
Sw Version: BA100 9.0.0.S.2009.01.05.16.35 (r20884)
State: Running (next reboot)
CommitState: committed
Md5Sum: OK
Application BankB
-----------------
Sw Version: BA100 8.0.8.D.2008.09.18.18.18 (r19148)
State: Shadow
CommitState: committed
Md5Sum: OK
Draft
Bootloader Info
---------------
PPC405EP Common Bootloader Version 4.06 11/06/2008
Activating a To activate a software load, enter the following:

Software Load /system/reboot
The reboot command is only available if you are logged in as root.

This command forces the unit to execute with the new load and completes the
activation process.
When upgrading several nodes in a network, BelAir recommends that you
reboot the most remote node first and progress towards the near-end,
node-by-node. For star topologies, reboot the subscriber station nodes before
rebooting the associated base station node.
Note: Rebooting a unit as part of a software upgrade can take significantly
longer, up to 20 minutes, depending on the unit’s configuration.
Verifying the New BelAir Networks recommends that you fully verify the configuration and
operation of an upgraded unit before you commit the new load. Use the
Software Load following steps as guidelines.
1 Fully verify the unit’s configuration and operation.
2 If required, adjust any settings and save the new configuration.
3 Reboot the unit and verify that all changes take effect.
If you observe any issues, follow the steps in “Backing Out from a Software
Upgrade” on page 148.

Committing a /system/commit load
New Software Once you have activated the unit with new software load, you can commit it
Load with this command. See Figure 10.
CAUTION! This command copies the contents of the active software bank to the standby
bank. For example, if the active software bank is A, its contents overwrite those
of bank B. Backing out is no longer possible after the new software load has
been committed. After the new software load has been committed, you can no
longer back out of the upgrade; but you can downgrade the unit. For
instructions on how to downgrade a unit, contact BelAir Networks.
Figure 10: Software Upgrade Step 7 - Commit the Software Load
Draft
BelAir Unit
Active
Software Load
Pointer to software
A B
Standby Active
Commit: Overwrite old software

load in the standby bank
The commit command copies the system software and the configuration
database to the adjacent bank at the time of execution. However, changes to
the active load’s configuration after the commit command is executed are not
automatically stored in the standby bank. To keep both banks synchronized, you
must use the commit command after every configuration change of the active
load.

Backing Out from It is possible to back out from a software upgrade in case its effects are
undesired, but only if the new software load has not been committed. See
a Software Figure 11 on page 148.
Upgrade
Figure 11: Backing Out from an Uncommitted Software Upgrade
BelAir Unit
Active
Software Load
Pointer to software
Activate old
Draft
software load
A B
Old New
Backout: Overwrite new software

load with old software load
When you back out of a software upgrade, the old load overwrites the new
software load.
To back out from an upgrade, do the following steps:
1 Determine which bank has the old software load with the following
command:
/system/show loads
2 Set the old software load to be the next active load with the following
command:
/system/set next-load {A|B}
If you have just upgraded the software, you must set the unit to reboot with
the currently standby load. For example, if the old software load is in
bank A, as shown in Figure 11, and the new software load is in bank B, then
you must activate bank A with the following command:
/system/set next-load A

Alternatively, steps 1 and 2 can be combined with the following command:

/system/set next-load {current-active|inactive}
If you specify inactive, at the next reboot the system uses the bank
containing a load other than the one that is running. Specify current-active
to switch back to the bank containing the active load.
3 Reboot the system, with the reboot command.
Note: Rebooting a unit as part of a software upgrade can take significantly
longer, up to 20 minutes, depending on the unit’s configuration.
4 Run the commit command.
Running the commit command is not necessary if the system is already
executing the old software load (because you have decided, for example, to
Draft
back-out of the upgrade before activating the new load). In this case, the
content of the old software load (which is active) overwrites the contents of
the new undesired software load.
Displaying the /system/show upgrade status
Status of the This command displays the status of the software upgrade process.
Software Upgrade

BelAir20 User Guide For More Information
For More Information

BelAir Networks documentation is modular and organized to be of best use to
you during the logical process of setting up a network of BelAir devices.
Use the documents as outlined in the following sections.
Installation Guide Use this document when you are:

• determining infrastructure requirements
• pre-configuring the BelAir units
• installing BelAir units
Draft
• problem-solving on the site
• mounting BelAir units
• commissioning the BelAir units
User Guide Use this document when you are:

• becoming accustomed to the CLI interface
• becoming accustomed to the SNMP interface
• accessing the Web interface
• configuring the unit:
—IP parameters
—data and time
—Ethernet interfaces
• configuring the radios:
—antenna and link features
—access channel numbers
—transmission power levels
—radio transmission rates
—wireless security
• configuring Quality of Service (QoS)

BelAir20 User Guide For More Information
• upgrading the unit

• saving and restoring the configuration
Troubleshooting Use this document when you are:

Guide • troubleshooting and in need of technical support
• looking up system configuration details:
—Alarms and events
—System logs
—Statistics
Draft

BelAir20 User Guide Technical Support
Technical Support
This section provides direction should you have questions about your BelAir20
unit.
Support In general, BelAir Networks recommends that you do the following steps to
seek the information you want:
Resources
1 Refer to the Troubleshooting Guide of the BelAir unit to see if it describes
your situation. If it does, do the provided corrective actions.
2 If the troubleshooting guide does not cover your situation, contact your
BelAir Networks product representative
Draft
3 If you still need assistance, use the BelAir Networks online support center
at www.support.belairnetworks.com
4 Finally, if your issue is not resolved, contact BelAir Networks:
—613-254-7070
—1-877-BelAir1 (235-2471)
—techsupport@belairnetworks.com
Warranty and To review BelAir’s product warranty, refer to the chapter called “Warranty and
Limitations” in the Installation Guide.
Limitations

BelAir20 User Guide Definitions and Acronyms
Definitions and Acronyms

ACL Access Control List
AES Advanced Encryption System
ARM Access Radio Module. BelAir Wi-Fi (802.11b/g) radio module operating in the
unlicensed 2.4 GHz band.
AP Access Point. A wireless LAN data transceiver that uses radio waves to provide
connectivity services to a network
Beacon A protocol packet that signals the availability and presence of a wireless device
BID Bridge identifier used in spanning-tree calculations
Draft
BPDU Bridge protocol data unit. When the spanning tree protocol is enabled, bridges
send and receive spanning-tree frames, called BPDUs, at regular intervals and
use the frames to maintain a loop-free network.
BRM Backhaul Radio Module. BelAir Wi-Fi (802.11a) radio module operating in the
unlicensed 5.75 GHz band.
BSS Basic Service Set: A set of 802.11-compliant stations that operate as a fully
connected wireless network
Client A device that uses the services of a wireless access point to connect to a
network
CLI Command Line Interface
DHCP Dynamic Host Configuration Protocol
IP Internet Protocol
IP address The Internet Protocol (IP) address of a station. Expressed in dotted notation,
for instance, 10.21.1.14
IP subnet mask The number used to identify the IP sub-network.
LAN Local Area Network
MAC Media Access Control
MAC Address Media Access Control address. A unique 48-bit number used in Ethernet data
packets to identify an Ethernet device.
MAU Medium Attachment Unit
MIB SNMP Management Information Base

MPDU MAC Protocol Data Unit

NAS Network Access Server
OAM Operations, Administration and Maintenance
OUI Organizationally Unique Identifier (first 3 bytes of a MAC address)
PVID Port VLAN identifier
PDU Protocol Data Unit
PSM Public Safety Module. BelAir Wi-Fi radio module operating in the licensed
4.9 GHz frequency band, reserved in North America for technologies that
relate to the protection of life, health and property.
QoS Quality of Service
Draft
RADIUS Remote Authentication Dial-In User Service. An Internet protocol (RFC 2138)
for carrying dial-in users' authentication information and configuration
information between a shared, centralized authentication server (the RADIUS
server) and a network access server (the RADIUS client) that needs to
authenticate the users of its network access ports
RTS Request to Send
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SSH Secure Shell
SSID Service Set Identifier (also referred to as Network Name or Id). A unique
identifier used to identify a radio network and which stations must use to be
able to communicate with each other or to an access point
SSL Secure Socket Layer
TCP Transmission Control Protocol
TKIP Temporal Key Integrity Protocol, an optional IEEE 802.11 function that offers
frame transmission privacy. Like WEP, it is based on RC4 encryption. It
generates new encryption keys for every 10 kilobytes of data transmitted.
TU Wireless Time Unit, as defined in IEEE 802.11, a measure of time equal to
1024 microseconds
UDP User Datagram Protocol
VLAN Virtual Local Area Network

WEP Wired Equivalent Privacy, an optional IEEE 802.11 function that offers frame
transmission privacy. The Wired Equivalent Privacy generates secret shared
encryption keys that both source and destination stations can use to alter frame
bits to avoid disclosure to eavesdroppers.
WPA Wi-Fi Protected Access
WRM WiMAX Radio Module. BelAir WiMAX (802.16) radio module.
Draft

BelAir20 User Guide LIMITED WARRANTY; LIMITATION OF LIABILITY
LIMITED WARRANTY; LIMITATION OF LIABILITY

Limited Warranty. BelAir Networks, Inc. (“BelAir”) warrants that the BelAir products shipped
to you, a BelAir customer (“Customer”) shall be free from hardware defects in material and
workmanship under normal use and service for a period of 12 months from the date of shipment
to Customer, and free from software defects for a period of 90 days from the date of shipment to
Customer (respectively, the “Limited Warranty Period”).
Exclusions. This limited warranty is conditioned upon proper use of the Products. This limited
warranty does not cover plastic surfaces and other externally exposed components that are
scratched or damaged due to normal use. This limited warranty will not cover, and will become
null and void in the event of: (a) defects or damage resulting from accident, misuse, abuse,
Draft
neglect, unusual physical, electrical or electromechanical stress, modification of the Products or
any part thereof, or cosmetic damage; (b) removal, alteration or defacing of the serial number or
other identifying marks on the Products; (c) malfunctions resulting from the use of the Products
in conjunction with accessories, products or equipment not provided by BelAir; or (d) defects or
damage from unauthorized or improper testing, operation, maintenance, installation, servicing or
adjustment of the Products. Further, this warranty shall also become void in the event the sealed
electronics enclosure is opened, or BelAir determines, upon inspection, that attempts have been
made to open the electronics enclosure.
Remedies. During the applicable Limited Warranty Period, BelAir will repair or replace, at
BelAir’s sole option, without charge to Customer, any defective component of the Products,
provided that the Products are returned promptly upon discovery of the defect and during the
applicable Limited Warranty Period. To obtain service, Products must be returned to an
authorized service facility in the original packaging or packaging adequate for shipping,
accompanied by proof of sale showing the date of purchase and the serial number of the
Products. A valid RMA is required prior to any return. BelAir may, at BelAir’s sole option, use
rebuilt, reconditioned, or new parts or components when repairing any Products or replace a
Product with a rebuilt, reconditioned or new Product. Repaired Products will be warranted for a
period equal to the remainder of the original applicable Limited Warranty Period for the original
Product or for 90 days, whichever is greater. All replaced parts, components, boards or
equipment shall become the property of BelAir. If BelAir determines that this limited warranty
does not cover any Product, Customer must pay the costs for all parts, shipping, and labour
charges for the repair or return of such Products. The foregoing is Customer’s sole remedy and
BelAir’s sole obligation and liability with respect to this limited warranty.
No Warranty. EXCEPT FOR THE EXPRESS WARRANTY ABOVE, THE PRODUCTS

AND STORAGE MEDIA ARE SUPPLIED ON AN “AS IS” BASIS AND THERE ARE NO
WARRANTIES, REPRESENTATIONS OR CONDITIONS, EXPRESS OR IMPLIED,
WRITTEN OR ORAL, ARISING BY STATUTE, OPERATION OF LAW, COURSE OF
DEALING, USAGE OF TRADE OR OTHERWISE, REGARDING THEM OR ANY OTHER

PRODUCT OR SERVICE PROVIDED HEREUNDER OR IN CONNECTION HEREWITH

BY BELAIR. TO THE EXTENT PERMITTED BY APPLICABLE LAW, BELAIR
DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF QUALITY,
SATISFACTORY QUALITY, MERCHANTABILITY, DURABILITY, FITNESS FOR A
PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. BELAIR DOES NOT
REPRESENT OR WARRANT THAT THE PRODUCTS WILL MEET ANY OR ALL OF
CUSTOMERS’ PARTICULAR REQUIREMENTS, THAT THE PRODUCTS WILL
OPERATE ERROR-FREE OR UNINTERRUPTED OR THAT ALL ERRORS OR DEFECTS
IN THE PRODUCTS CAN BE FOUND TO BE CORRECTED.
THIS PRODUCT IS NOT FAULT-TOLERANT AND IS NOT DESIGNED,

MANUFACTURED, OR INTENDED FOR USE OR RESALE AS EQUIPMENT FOR
USE IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE,
Draft
SUCH AS AIRCRAFT NAVIGATION, OR COMMUNICATION SYSTEMS, AIR
TRAFFIC CONTROL, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE
DELIVERABLES COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR
SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGES.
NO REPRESENTATION OR OTHER AFFIRMATION OF FACT, INCLUDING BUT NOT

LIMITED TO STATEMENTS REGARDING PERFORMANCE OF THE PRODUCTS, THAT
IS NOT CONTAINED IN THIS LIMITED WARRANTY, SHALL BE DEEMED TO BE A
WARRANTY, CONDITION OR REPRESENTATION BY BELAIR. The agents, employees,
distributors, dealers or representatives of BelAir are not authorized to make modifications to this
limited warranty, or make additional warranties binding on BelAir. Accordingly, additional
statements such as advertising or presentations, whether oral or written, do not constitute
warranties by BelAir and should not be relied upon.
NO AGREEMENTS VARYING OR EXTENDING THE ABOVE TERMS WILL BE

BINDING ON BELAIR UNLESS IN WRITING AND SIGNED BY A BELAIR
AUTHORIZED SIGNING OFFICER. Products performance is dependant upon the
performance and availability of services or technology provided by third parties and BelAir is
not responsible for service continuity and reliability, reception, or other performance related
limitations associated with use of the Products.
This limited warranty allocates risk between Customer and BelAir, and the BelAir Product
pricing reflects this allocation of risk and the limitations of liability contained in this limited
warranty.
Any technical support or Product repair or replacement provided outside of the applicable
Limited Warranty Period (including repairs to or replacement after the end of the applicable
Limited Warranty Period) by BelAir will be paid for by Customer at BelAir’s then prevailing
rates.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, NEITHER BELAIR NOR ITS

DEALERS OR SUPPLIERS SHALL HAVE ANY LIABILITY TO CUSTOMER OR ANY
OTHER PERSON OR ENTITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR
CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, BUT NOT LIMITED TO,
LOSS OF REVENUE OR PROFIT, LOST OR DAMAGED DATA, COST OF ACQUIRING
SUBSTITUTE GOODS, OR OTHER COMMERCIAL OR ECONOMIC LOSS, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR THEY ARE FORESEEABLE.
BELAIR’S MAXIMUM AGGREGATE LIABILITY TO CUSTOMER AND THAT OF ITS
DEALERS AND SUPPLIERS SHALL NOT EXCEED THE AMOUNT PAID BY
CUSTOMER FOR THE PRODUCT. THE FOREGOING LIMITATIONS SHALL APPLY
WHETHER OR NOT THE ALLEGED BREACH OR DEFAULT IS A BREACH OF A
FUNDAMENTAL CONDITION OR TERM OR A FUNDAMENTAL BREACH.
Draft
If any provision of this limited warranty is found invalid or unenforceable, it will be enforced to
the maximum extent permissible by law, and the legality and enforceability of the other
provisions of this limited warranty will remain in full force and effect, to be read and construed
as if the void or unenforceable provision was originally deleted.

GARANTIE LIMITÉE; LIMITE DE RESPONSABILITÉ

Garantie limitée. BelAir garantit que les produits sont exempts de tout défaut matériel en ce qui
a trait au matériau et à la fabrication, dans des conditions normales d’utilisation et de service,
durant une période de douze mois à compter de la date d’expédition au client, et de tout défaut
logiciel durant une période de 90 jours à compter de la date d’expédition au client de BelAir
(«Période de garantie limitée»).
Exclusions. La présente garantie limitée est conditionnelle à l’utilisation appropriée des

produits. La garantie limitée ne porte pas sur les surfaces de recouvrement en plastique et les
autres éléments externes exposés qui sont égratignés ou endommagés par suite d’une utilisation
normale. La présente garantie limitée est nulle et non avenue en cas : a) de défauts ou de
dommages découlant d’un accident, d’un mésusage, d’un usage abusif, d’une négligence, de
Draft
contraintes physiques, électriques ou électromécaniques inhabituelles, de modifications
apportées aux produits ou à n’importe quelle de leurs parties, ou de dommages cosmétiques; b)
de retrait, de modification ou de défiguration du numéro de série ou de toute autre marque
d’identification se trouvant sur les produits; c) de défauts de fonctionnement découlant de
l’utilisation des produits conjointement avec des accessoires, des produits, des dispositifs
auxiliaires ou des périphériques qui ne sont pas fournis par BelAir; d) de défauts ou de
dommages causés par des essais, une utilisation, une maintenance, une installation, un entretien
ou un réglage des produits, non autorisés ou inappropriés. En outre, la présente garantie devient
nulle et non avenue si l’enceinte électronique scellée est ouverte, ou si BelAir détermine, après
inspection, que des tentatives ont été faites pour ouvrir l’enceinte électronique.
Réparations. Durant la Période de garantie limitée, BelAir s’engage à réparer ou à remplacer, à

la seule discrétion de BelAir, sans frais pour le client, tout composant défectueux des produits, à
la condition que les produits en question soient immédiatement retournés après que le défaut a
été découvert durant la période de garantie limitée. Pour que BelAir fasse la réparation, il faut
que les produits soient retournés aux installations d’entretien autorisées dans leur emballage
original ou qu’ils soient emballés de façon adéquate pour l’expédition, et qu’ils soient
accompagnés d’une preuve de vente indiquant la date d’achat et le numéro de série des produits.
Une autorisation de retour de marchandises (ARM) valide est requise avant de procéder à tout
retour. BelAir peut, à sa seule discrétion, utiliser des pièces ou des composants remis à neuf,
remis en état ou nouveaux, au moment de la réparation des produits, ou remplacer un produit par
un produit remis à neuf, remis en état ou nouveau. Les produits réparés sont garantis durant une
période égale au reste de la période de garantie limitée initiale couvrant le produit original, ou
durant 90 jours, selon la plus longue des deux périodes. Les pièces, composants, cartes ou
matériel remplacés deviennent la propriété de BelAir. Si BelAir détermine que la présente
garantie limitée ne couvre pas un produit, le client doit défrayer toutes les pièces, l’expédition et
la main-d’œuvre nécessaires pour réparer ou retourner les produits en question. Ce qui précède
est le seul recours du client et la seule obligation et responsabilité de BelAir en ce qui a trait à la
garantie limitée.

Aucune garantie. SOUS RÉSERVE DE LA GARANTIE EXPLICITE SUSMENTIONNÉE,

LES PRODUITS ET LES SUPPORTS DE STOCKAGE SONT FOURNIS TELS QUELS, ET
IL N’EXISTE AUCUNE GARANTIE, REPRÉSENTATION NI CONDITION, EXPLICITES
OU IMPLICITES, ÉCRITES OU VERBALES, NÉES D’UNE LOI, PAR ACTION D’UNE
LOI, D’UNE CONDUITE HABITUELLE, D’UN USAGE DU COMMERCE OU
AUTREMENT, LES CONCERNANT OU TOUT AUTRE PRODUIT OU SERVICE PRÉVU
AUX PRÉSENTES OU EN RAPPORT AVEC CEUX-CI, PAR BELAIR. BELAIR
DÉSAVOUE TOUTE GARANTIE IMPLICITE OU CONDITION DE QUALITÉ, QUALITÉ
SATISFAISANTE, QUALITÉ MARCHANDE, DURABILITÉ, ADAPTABILITÉ À UNE FIN
PARTICULIÈRE, À UN TITRE ET À UNE NON-VIOLATION. BELAIR NE PRÉTEND PAS
NI NE GARANTIT QUE LES PRODUITS RÉPONDRONT À UNE OU À TOUTES LES
EXIGENCES PARTICULIÈRES DES CLIENTS, QUE LES PRODUITS
Draft
FONCTIONNERONT SANS ERREUR OU SANS INTERRUPTION, OU QUE TOUTES LES
ERREURS ET TOUS LES DÉFAUTS ÉVENTUELS INHÉRENTS AUX PRODUITS
PUISSENT ÊTRE DÉCELÉS POUR ÊTRE CORRIGÉS.
CE PRODUIT N’EST PAS INSENSIBLE AUX DÉFAILLANCES ET N’EST PAS

CONÇU, FABRIQUÉ OU DESTINÉ À UN USAGE OU À LA REVENTE COMME
MATÉRIEL À UTILISER DANS DES ENVIRONNEMENTS DANGEREUX
EXIGEANT UNE PERFORMANCE À SÛRETÉ INTÉGRÉE, TELS QUE LA
NAVIGATION AÉRIENNE, OU LES SYSTÈMES DE COMMUNICATION, LE
CONTRÔLE DE LA CIRCULATION AÉRIENNE OU LES SYSTÈMES D’ARMES,
DANS LESQUELS LA DÉFAILLANCE DES PRODUITS LIVRABLES POURRAIT
DIRECTEMENT ENTRAÎNER LA MORT, DES BLESSURES CORPORELLES OU
DES DOMMAGES PHYSIQUES OU ENVIRONNEMENTAUX GRAVES.
AUCUNE REPRÉSENTATION NI AUTRE AFFIRMATION DE FAIT, NOTAMMENT LES

DÉCLARATIONS RELATIVES À LA PERFORMANCE DES PRODUITS, QUI N’EST PAS
CONTENUE DANS LA PRÉSENTE SECTION, N’EST CONSIDÉRÉE COMME UNE
GARANTIE, UNE CONDITION OU UNE REPRÉSENTATION PAR BELAIR. Les agents,
employés, distributeurs, concessionnaires ou représentants de BelAir ne sont pas autorisés à
apporter des modifications à la présente garantie limitée, ni à ajouter des garanties susceptibles
d’engager la responsabilité de BelAir. En conséquence, tout autre énoncé tel que la publicité et
les présentations, qu’il soit verbal ou écrit, ne constitue pas une garantie de la part de BelAir, et
ne doit pas être pris en compte.
AUCUNE ENTENTE MODIFIANT OU PROROGEANT LES DISPOSITIONS

SUSMENTIONNÉES NE PEUT AVOIR D’EFFET OBLIGATOIRE SUR BELAIR, À MOINS
D’AVOIR ÉTÉ CONCLUE PAR ÉCRIT ET D’AVOIR ÉTÉ SIGNÉE PAR UN SIGNATAIRE
AUTORISÉ DE BELAIR. La performance des produits dépend de l’exécution et de la
disponibilité des services et de la technologie fournis par des tierces parties, et BelAir décline

toute responsabilité en ce qui a trait à la continuité et à la fiabilité des services, à la réception ou

aux restrictions liées à l’exécution, et associées à l’utilisation des produits.
La présente garantie limitée attribue un risque entre le client et BelAir, et la fixation des prix des
produits BelAir reflète cette attribution de risque et les limitations de responsabilité contenues
dans la présente garantie limitée.
Tout soutien technique, toute réparation et tout remplacement des produits assurés en dehors de
la période de garantie limitée, notamment la réparation ou le remplacement après l’expiration de
la période de garantie limitée, par BelAir doivent être défrayés par le client selon les tarifs de
BelAir alors en vigueur.
NI BELAIR, NI SES CONCESSIONNAIRES OU SES FOURNISSEURS NE PEUVENT
Draft
ÊTRE TENUS RESPONSABLES À L’ÉGARD DU CLIENT OU DE TOUTE AUTRE
PERSONNE OU ENTITÉ POUR DES DOMMAGES INDIRECTS, ACCIDENTELS,
SPÉCIAUX OU CONSÉCUTIFS, DE QUELQUE NATURE QU’ILS SOIENT,
NOTAMMENT LA PERTE DE REVENUS OU DE PROFITS, LA PERTE OU
L’ENDOMMAGEMENT DE DONNÉES, LES COÛTS D’ACQUISITION D’ARTICLES DE
REMPLACEMENT, OU D’AUTRES PERTES COMMERCIALES OU FINANCIÈRES,
MÊME SI LE CLIENT A ÉTÉ AVERTI DE LA POSSIBILITÉ DE DOMMAGES
ÉVENTUELS OU PRÉVISIBLES. L’OBLIGATION GLOBALE MAXIMALE DE BELAIR À
L’ÉGARD DU CLIENT, ET CELLE DE SES CONCESSIONNAIRES ET DE SES
FOURNISSEURS, NE DOIT PAS DÉPASSER LE MONTANT PAYÉ PAR LE CLIENT
POUR LE PRODUIT EN QUESTION. LES LIMITATIONS SUSMENTIONNÉES
S’APPLIQUENT, QUE L’INOBSERVATION OU LE DÉFAUT PRÉSUMÉS
CONSTITUENT OU NON UNE VIOLATION D’UNE CONDITION OU D’UNE
DISPOSITION FONDAMENTALE, OU UNE CONTRAVENTION ESSENTIELLE À
L’ENTENTE.
Si une disposition de la présente section Garantie et restrictions est jugée invalide ou non
exécutoire, elle est alors appliquée dans la plus large mesure permise par la loi, et la légalité et le
caractère exécutoire des autres dispositions de la présente section Garantie et restrictions
demeurent en vigueur, et sont lues et interprétées comme si la disposition nulle ou non
exécutoire avait été initialement supprimée.

BESCHRÄNKTE GARANTIE, BESCHRÄNKTE

HAFTUNG
Beschränkte Garantie. BelAir Networks, Inc. (im Folgenden BelAir genannt) garantiert, dass
die Ihnen, einem Kunden von BelAir (im Folgenden Kunde genannt), zugesandten Produkte bei
normaler Benutzung und Wartung für einen Zeitraum von 12 Monaten ab Datum des Versands
an den Kunden frei von Material- und Verarbeitungsfehlern und dass die Software für einen
Zeitraum von 90 Tagen ab Datum des Versands an den Kunden frei von Defekten bleibt
(„Zeitraum der beschränkten Garantie“).
Ausschließung. Bedingung dieser beschränkten Garantie ist die korrekte Benutzung des
Produkts. Nicht gedeckt von dieser beschränkten Garantie sind Kunststoffflächen und sonstige
Draft
extern sichtbaren Bauteile, die bei normaler Benutzung zerkratzt oder beschädigt werden. Diese
beschränkte Garantie deckt folgende Fälle nicht ab, sondern wird dann unwirksam: (a) Defekte
oder Schäden durch Unfall, Missbrauch, Misshandlung, Vernachlässigung, ungewöhnliche
physische, elektrische oder elektromechanische Belastung, Modifikationen des Produkts oder
eines Teils davon oder kosmetische Schäden. (b) Entfernung, Änderung oder Verunstaltung der
Seriennummer oder sonstiger Identifikationszeichen auf dem Produkt. (c) Funktionsstörungen
durch die Benutzung des Produkts in Verbindung mit Zubehör, Produkten oder Geräten, die
nicht von BelAir stammen. (d) Defekte oder Schäden durch nicht autorisiertes oder falsches
Prüfen, Betreiben, Warten, Installieren, Reparieren oder Justieren des Produkts. Weiterhin
erlischt der Garantieanspruch, wenn das versiegelte Elektronikgehäuse geöffnet wird oder wenn
BelAir durch eine Inspektion feststellt, dass versucht wurde, das elektronische Gehäuse zu
öffnen.
Abhilfe. Während des anwendbaren Zeitraums der beschränkten Garantie repariert oder ersetzt
BelAir nach eigenem Ermessen ohne Kosten für den Käufer defekte Bauteile des Produkts,
wenn das Produkt bei Feststellung des Defekts und während des anwendbaren Zeitraums der
beschränkten Garantie unverzüglich zurückgesandt wird. In diesem Fall ist das Produkt in der
Originalverpackung oder einer für den Versand geeigneten Verpackung zusammen mit einem
mit Kaufdatum und Seriennummer des Produkts versehenem Kaufbeleg an eine
Vertragswerkstatt zurückzugeben. Vor dem Zurücksenden muss eine Rücksendeerlaubnis
eingeholt werden. Bei der Reparatur eines Produkts kann BelAir nach eigenem Ermessen
wiederhergestellte, wiederhergerichtete oder neue Teile oder Komponenten verwenden, oder
BelAir kann das Produkt mit einem wiederhergestellten, wiederhergerichteten oder neuen
Produkt ersetzen. Die Zeitdauer der Garantie eines reparierten Produkts ist die verbleibende
Zeitdauer der ursprünglichen anwendbaren beschränkten Garantie des Originalprodukts,
mindestens aber 90 Tage. Alle ersetzten Teile, Komponenten, Platinen oder Geräte bleiben
Eigentum von BelAir. Sollte BelAir feststellen, dass diese beschränkte Garantie für ein Produkt
unwirksam ist, hat der Käufer die Kosten für Teile, Versand und Arbeit zu tragen, die im
Zusammenhang mit der Reparatur oder dem Zurücksenden des Produkts anfallen. Das Obige ist

die ausschließliche Abhilfe für den Käufer und die einzige Verpflichtung und Haftung seitens
BelAir in Bezug auf die beschränkte Garantie.
Keine Gewährleistung. MIT AUSNAHME DER AUSDRÜCKLICHEN OBIGEN

GARANTIE WERDEN DIE PRODUKTE UND SPEICHERMEDIEN „WIE BESEHEN”
GELIEFERT, UND ES GIBT KEINE GARANTIEN ODER BEDINGUNGEN, WEDER
AUSDRÜCKLICHE NOCH STILLSCHWEIGENDE, WEDER SCHRIFTLICHE NOCH
MÜNDLICHE, WEDER GESETZLICHE NOCH AUS GESETZLICHEM
RECHTSÜBERGANG, AUS GESCHÄFTS- ODER HANDELSVERKEHR ODER
ANDERWEITIG RESULTIERENDE, IN BEZUG AUF DIESE ODER SONSTIGE
PRODUKTE ODER DIENSTLEISTUNGEN, DIE VON BELAIR HIERMIT ODER IN
VERBINDUNG HIERMIT GELIEFERT WERDEN. SOWEIT DAS ANWENDBARE RECHT
ES ERLAUBT, LEHNT BELAIR HIERMIT JEGLICHE STILLSCHWEIGENDEN
Draft
GARANTIEN UND BEDINGUNGEN IN BEZUG AUF QUALITÄT, BEFRIEDIGENDE
QUALITÄT, HANDELSÜBLICHE QUALITÄT, LEBENSDAUER, EIGNUNG FÜR EINEN
BESTIMMTEN ZWECK, RECHTSTITEL UND NICHTVERLETZUNG AB. BELAIR
ÜBERNIMMT KEINE GEWÄHR DAFÜR, DASS DIE PRODUKTE DIE BESONDEREN
ERFORDERNISSE DES KÄUFERS ERFÜLLEN, DASS DIE PRODUKTE FEHLERFREI
UND UNTERBRECHUNGSFREI ARBEITEN UND DASS ALLE FEHLER UND DEFEKTE
GEFUNDEN UND KORRIGIERT WERDEN KÖNNEN.
DIESES PRODUKT IST NICHT FEHLERTOLERANT UND IST NICHT FÜR DIE
VERWENDUNG ODER DEN WEITERVERKAUF ALS GERÄT FÜR DIE
VERWENDUNG IN GEFÄHRLICHEN UMGEBUNGEN WIE IN DER
FLUGZEUGNAVIGATION ODER -KOMMUNIKATION, IN DER FLUGSICHERUNG
ODER IN WAFFENSYSTEMEN, DIE EINEN AUSFALLSICHEREN BETRIEB
ERFORDERN UND IN DENEN EIN AUSFALL DIREKT ZUM TODE, ZU
KÖRPERVERLETZUNGEN ODER ZU SCHWEREN SACH- UND
UMWELTSCHÄDEN FÜHREN KÖNNEN, KONZIPIERT UND HERGESTELLT
WORDEN ODER DAFÜR GEDACHT.
EINE GEWÄHR ODER SONSTIGE TATSACHENBESTÄTIGUNG, EINSCHLIESSLICH

ABER NICHT AUSSCHLIESSLICH SOLCHE ERKLÄRUNGEN BEZÜGLICH DER
LEISTUNG DES PRODUKTS, DIE NICHT IN DIESER BESCHRÄNKTEN GARANTIE
ENTHALTEN SIND, KANN NICHT ALS GARANTIE, BEDINGUNG ODER
GEWÄHRLEISTUNG SEITENS BELAIR ANGESEHEN WERDEN. Die Bevollmächtigten,
Mitarbeiter, Wiederverkäufer, Händler und Vertreter von BelAir sind nicht autorisiert, diese
beschränkte Garantie zu modifizieren oder zusätzliche für BelAir bindende Garantien zu geben.
Dementsprechend stellen zusätzliche Erklärungen wie Werbung oder Präsentationen, ob
mündliche oder schriftliche, keine Garantie seitens BelAir dar und man sollte sich nicht darauf
verlassen.

BelAir ist NUR DANN AN EINE Vereinbarung gebunden, die die obigen Bedingungen
abändert oder erweitert, wenn ihre schriftliche Form von einem für die Unterzeichnung
autorisierten Vertreter von BelAir unterzeichnet wird. Die Leistung eines Produkts hängt von
der Leistung und Verfügbarkeit von Diensten oder Technologien ab, die von Dritten zur
Verfügung gestellt werden, und BelAir ist nicht verantwortlich für Unterbrechungsfreiheit und
Zuverlässigkeit, Empfang und sonstige Leistungseinschränkungen der Dienste, die im
Zusammenhang mit der Verwendung des Produkts stehen.
Diese beschränkte Garantie teilt das Risiko zwischen dem Käufer und BelAir auf, und BelAirs
Preisgestaltung widerspiegelt diese Risikoaufteilung und die Haftungsbeschränkungen, die in
dieser beschränkten Garantie enthalten sind.
Eine technische Unterstützung, eine Produktreparatur oder ein Produktersatz, die bzw. der von
Draft
BelAir außerhalb des anwendbaren Zeitraums der beschränkten Garantie (einschließlich
Reparaturen oder Ersatz nach Ablauf des anwendbaren Zeitraums der beschränkten Garantie)
geleistet wird, ist vom Käufer zu den dann aktuellen Preisen zu bezahlen.
SOWEIT DAS ANWENDBARE RECHT ES ERLAUBT, HAFTEN WEDER BELAIR NOCH

IHRE HÄNDLER ODER ZULIEFERER GEGENÜBER DEM KÄUFER ODER EINER
DRITTEN PERSON BEI MITTELBAREN ODER UNGEWÖHNLICHEN SCHÄDEN ODER
NEBEN- ODER FOLGESCHÄDEN, EINSCHLIESSLICH ABER NICHT
AUSSCHLIESSLICH ENTGANGENE EINNAHMEN ODER GEWINNE, VERLORENE
ODER BESCHÄDIGTE DATEN, DIE KOSTEN FÜR DEN KAUF VON ERSATZGÜTERN
ODER SONSTIGE KOMMERZIELLE ODER WIRTSCHAFTLICHE VERLUSTE, SELBST
WENN VOR SOLCHEN SCHÄDEN GEWARNT WIRD ODER DIESE VORHERSEHBAR
SIND. BELAIRS MAXIMALE GESAMTHAFTUNG DEM KUNDEN GEGENÜBER UND
DIE IHRER HÄNDLER UND ZULIEFERER ÜBERSTEIGT IN KEINEM FALL DEN VOM
KÄUFER FÜR DAS PRODUKT GEZAHLTEN BETRAG. DIE OBIGEN
BESCHRÄNKUNGEN GELTEN AUCH, WENN EIN ANGEBLICHER VERSTOSS ODER
EIN ANGEBLICHES VERSÄUMNIS EIN VERSTOSS GEGEN EINE GRUNDBEDINGUNG
ODER GRUNDBESTIMMUNG ODER EIN FUNDAMENTALER VERSTOSS IST.
Falls eine Bestimmung in dieser beschränkten Garantie sich als ungültig oder nicht durchsetzbar
erweist, wird sie soweit durchgesetzt, wie das Gesetz es erlaubt, und die anderen Bestimmungen
in dieser beschränkten Garantie bleiben uneingeschränkt gültig und wirksam und sind so zu
lesen und auszulegen, als wäre die nicht durchsetzbare Bestimmung ursprünglich gelöscht
worden.

BEPERKTE GARANTIE; BEPERKING VAN

AANSPRAKELIJKHEID
Beperkte garantie. BelAir Networks, Inc. („BelAir”) garandeert dat de BelAir producten die
aan u, een BelAir klant („Klant”) verzonden zijn, bij normaal gebruik en onderhoud vrij zullen
zijn van hardwaredefecten in materiaal en constructie gedurende een periode van 12 maanden
vanaf de datum van verzending naar de Klant, en vrij zijn van softwaredefecten gedurende een
periode van 90 dagen vanaf de datum van verzending naar de Klant (de respectievelijke
„Beperkte Garantieperiode”).
Uitsluitingen. Deze beperkte garantie is geldig op voorwaarde dat de Producten op de juiste

wijze worden gebruikt. Kunststofoppervlakken en andere aan de buitenzijde blootgestelde
Draft
componenten die krassen of beschadiging vertonen te wijten aan normaal gebruik, worden niet
gedekt door deze beperkte garantie. Deze beperkte garantie dekt het onderstaande niet en zal van
nul en gener waarde worden door: (a) defecten of beschadiging te wijten aan een ongeluk,
misbruik, wangebruik, verwaarlozing, ongewone fysieke, elektrische of elektromechanische
spanningen, modificatie van de Producten of enig onderdeel ervan of in geval van esthetische
beschadiging, (b) verwijdering, wijziging of het onleesbaar maken van het serienummer of
andere identificerende markeringen op de Producten, (c) storingen door het gebruik van de
Producten met niet door BelAir geleverde accessoires, producten of apparatuur, of (d) defecten
of beschadiging door het niet-geautoriseerd of onjuist testen, bedienen, onderhouden, installeren,
repareren of afstellen van de Producten. Bovendien zal deze garantie van nul en gener waarde
zijn als de afgesloten elektronicabehuizing is geopend of als BelAir na inspectie vaststelt dat
pogingen zijn ondernomen om de elektronicabehuizing te openen.
Verhaalsmogelijkheden. Gedurende de toepasselijke Beperkte Garantieperiode zal BelAir een

defect onderdeel van de Producten repareren of vervangen, uitsluitend naar keuze van BelAir,
zonder kosten voor de Klant, op voorwaarde dat de Producten onmiddellijk na ontdekking van
het defect en gedurende de toepasselijke Beperkte Garantieperiode worden geretourneerd. De
Producten moeten voor reparatie naar een erkend servicecentrum in de oorspronkelijke of een
voor verzending geschikte verpakking worden geretourneerd en vergezeld zijn van de kassabon
met de datum van aankoop en het serienummer van de Producten. Vóór elke retourzending moet
een geldig retournummer worden verkregen. BelAir mag, uitsluitend naar eigen keuze,
gereviseerde, herstelde of nieuwe onderdelen of componenten gebruiken om de Producten te
repareren, of een Product door een gereviseerd, hersteld of nieuw Product vervangen. De
garantieperiode voor gerepareerde Producten is gelijk aan de nog resterende tijd van de
oorspronkelijke toepasselijke Beperkte Garantieperiode voor het oorspronkelijke Product of
bedraagt 90 dagen als dat langer is. Alle vervangen onderdelen, componenten, printplaten of
apparatuur worden het eigendom van BelAir. Als BelAir bepaalt dat deze beperkte garantie een
Product niet dekt, dan zijn de kosten voor alle onderdelen, de verzending en de werkuren voor
het repareren of retourneren van een dergelijk Product voor rekening van de Klant. Het

voorgaande is het enige recht van verhaal dat de Klant heeft en de enige verplichting en
aansprakelijkheid van BelAir met betrekking tot de beperkte garantie.
No Warranty. MET UITZONDERING VAN DE BOVENVERMELDE UITDRUKKELIJKE

GARANTIE WORDEN DE PRODUCTEN EN OPSLAGMEDIA GELEVERD ‘ZOALS DEZE
ZIJN’ EN ZIJN ER GEEN GARANTIES, VERKLARINGEN OF VOORWAARDEN, HETZIJ
UITDRUKKELIJK OF STILZWIJGEND, SCHRIFTELIJK OF MONDELING, DIE
VOORTVLOEIEN UIT DE WET, DE EISEN VAN DE WET, KOOPMANSGEBRUIK,
HANDELSGEBRUIK OF ANDERSZINS, MET BETREKKING TOT DEZE PRODUCTEN
OF MEDIA OF TOT ENIG ANDER PRODUCT OF SERVICE WELK(E) ONDER DEZE
OVEREENKOMST OF IN VERBAND ERMEE DOOR BELAIR WORDT VERSTREKT.
VOOR ZOVER TOEGESTAAN DOOR DE TOEPASSELIJKE WET, WIJST BELAIR ALLE
STILZWIJGENDE GARANTIES OF VOORWAARDEN VAN KWALITEIT,
Draft
TOEREIKENDE KWALITEIT, VERKOOPBAARHEID, DUURZAAMHEID,
GESCHIKTHEID VOOR EEN BEPAALD DOEL, EIGENDOMSRECHT EN
NIET-NALEVING AF. BELAIR VERKLAART NOCH GARANDEERT DAT DE
PRODUCTEN AAN EEN OF ALLE VAN DE BIJZONDERE VEREISTEN VAN DE KLANT
ZULLEN VOLDOEN, DAT DE PRODUCTEN FOUTLOOS OF ZONDER
ONDERBREKING ZULLEN WERKEN OF DAT ALLE FOUTEN OF DEFECTEN IN DE
PRODUCTEN REPAREERBAAR ZULLEN ZIJN.
DIT PRODUCT IS NIET FOUTTOLERANT EN IS NIET ONTWORPEN,

VERVAARDIGD OF BESTEMD VOOR GEBRUIK OF WEDERVERKOOP ALS
APPARATUUR VOOR GEBRUIK IN GEVAARLIJKE OMGEVINGEN WAAR
STORINGBESTENDIGE PRESTATIES ZIJN VEREIST, ZOALS
VLIEGTUIGNAVIGATIE, OF COMMUNICATIESYSTEMEN,
LUCHTVERKEERSLEIDING OF WAPENSYSTEMEN WAAR STORINGEN VAN DE
GELEVERDE PRODUCTEN RECHTSTREEKS TOT DE DOOD, LICHAMELIJK
LETSEL OF ERNSTIGE MILIEU- OF FYSIEKE SCHADE KUNNEN LEIDEN.
VERKLARINGEN OF ANDERE BEKRACHTINGEN VAN FEITEN, MET INBEGRIP VAN,

DOCH NIET BEPERKT TOT, VERKLARINGEN MET BETREKKING TOT NIET IN DEZE
BEPERKTE GARANTIE VERVATTE PRESTATIES VAN DE PRODUCTEN, ZULLEN
DOOR BELAIR NIET ALS EEN GARANTIE, VOORWAARDE OF VERKLARING
WORDEN BESCHOUWD. De agenten, werknemers, groothandelaren, dealers of
vertegenwoordigers van BelAir zijn niet gemachtigd om wijzigingen in deze beperkte garantie
aan te brengen of aanvullende garanties te verstrekken die BelAir binden. Dienovereenkomstig
vormen aanvullende verklaringen, zoals reclame of voorstellingen, hetzij mondeling of
schriftelijk, geen door BelAir verstrekte garanties en moet men er niet op vertrouwen.
BELAIR IS NIET GEBONDEN DOOR OVEREENKOMSTEN DIE AFWIJKINGEN OF

UITBREIDINGEN ZIJN VAN BOVENSTAANDE VOORWAARDEN, TENZIJ DEZE
SCHRIFTELIJK ZIJN EN DOOR EEN DOOR BELAIR DAARTOE GEMACHTIGDE

FUNCTIONARIS ZIJN ONDERTEKEND. De prestaties van de Producten zijn afhankelijk van

de prestaties en beschikbaarheid van door derden verstrekte services of technologie en BelAir is
niet verantwoordelijk voor de continuïteit en betrouwbaarheid, de ontvangst of andere
prestatiegerelateerde beperkingen die met het gebruik van de Producten zijn geassocieerd.
Deze beperkte garantie verdeelt het risico over de Klant en BelAir, en de productprijsstelling van
BelAir weerspiegelt deze risicoallocatie en de in deze beperkte garantie vervatte
aansprakelijkheidsbeperkingen.
Alle door BelAir buiten de toepasselijke Beperkte Garantieperiode verstrekte technische

ondersteuning of reparatie of vervanging van Producten (met inbegrip van reparatie of
vervanging na afloop van de toepasselijke Beperkte Garantieperiode) is voor rekening van de
Klant tegen de op dat moment geldige tarieven van BelAir.
Draft
VOOR ZOVER TOEGESTAAN DOOR DE TOEPASSELIJKE WET ZULLEN BELAIR
NOCH HAAR DEALERS OF LEVERANCIERS AANSPRAKELIJK ZIJN TEGENOVER DE
KLANT OF EEN ANDERE PERSOON OF ENTITEIT VOOR WELKE INDIRECTE,
INCIDENTELE, GEVOLG- OF SPECIALE SCHADE DAN OOK, MET INBEGRIP VAN,
DOCH NIET BEPERKT TOT, INKOMSTEN- OF WINSTDERVING, VERLOREN OF
BESCHADIGDE GEGEVENS, KOSTEN VOOR HET AANSCHAFFEN VAN
VERVANGENDE GOEDEREN OF ANDER COMMERCIEEL OF ECONOMISCH
VERLIES, ZELFS ALS HET BEDRIJF VAN DE MOGELIJKHEID VAN DERGELIJKE
SCHADEVERGOEDING OP DE HOOGTE IS GEBRACHT OF DEZE VOORSPELBAAR IS.
DE MAXIMALE GEZAMENLIJKE AANSPRAKELIJKHEID VAN BELAIR TEGENOVER
DE KLANT EN DIE VAN HAAR DEALERS EN LEVERANCIERS ZAL NIET HOGER ZIJN
DAN HET BEDRAG DAT DE KLANT VOOR HET PRODUCT HEEFT BETAALD.
BOVENSTAANDE BEPERKINGEN ZIJN VAN TOEPASSING, ONGEACHT OF DE
VERMEENDE INBREUK OF NIET-NAKOMING EEN INBREUK OP EEN
FUNDAMENTELE VOORWAARDE OF BEPALING OF EEN FUNDAMENTELE
INBREUK IS.
Indien een bepaling van deze beperkte garantie ongeldig of niet-afdwingbaar wordt geacht,
wordt het uitgevoerd in de ruimste mate door de wet toegestaan, en zullen de wettigheid en
afdwingbaarheid van de overblijvende bepalingen van deze beperkte garantie volledig van
kracht blijven en worden gelezen en uitgelegd als of the nietige of niet-afdwingbare bepaling
oorspronkelijk geschrapt was.

RAJOITETTU TAKUU JA VASTUUN RAJOITUS

Rajoitettu takuu. BelAir Networks, Inc. (“BelAir”) takaa, että BelAir-tuotteet, jotka
toimitetaan sinulle eli BelAirin asiakkaalle (“Asiakas”) ovat virheettömiä materiaalin ja
valmistuksen osalta normaalissa käytössä 12 kuukauden ajan siitä, kun Tuotteet toimitettiin
asiakkaalle ja virheettömiä ohjelmiston osalta 90 vuorokauden ajan siitä, kun toimitus
Asiakkaalle tapahtui (“Rajoitettu takuuaika” on siis kaksijakoinen).
Rajoitukset. Tämä rajoitettu takuu on voimassa vain, kun Tuotteita käytetään oikein. Tämä
rajoitettu takuu ei koske muovipintoja ja muita ulkopintoja, jotka voivat naarmuuntua tai
vaurioitua normaalissa käytössä. Tämä rajoitettu takuu ei korvaa seuraavia tapauksia ja
mitätöityy seuraavissa tapauksissa: (a) viat tai vauriot, joiden syynä on onnettomuus,
Draft
väärinkäyttö, laiminlyönti, epätavallinen fyysinen, sähköinen tai sähkömekaaninen rasitus,
Tuotteen tai sen jonkin osan muutos tai kosmeettinen vaurio; (b) Tuotteen sarjanumeron tai
muun tunnisteen irrotus, muutos tai lukukelvottomaksi tekeminen; (c) toimintaviat, jotka ovat
tulosta Tuotteiden käytöstä yhdessä sellaisten lisälaitteiden, tuotteiden tai laitteiden kanssa, joita
BelAir ei ole toimittanut; tai (d) Tuotteiden viat tai vauriot, jotka ovat tulosta
valtuuttamattomasta tai väärästä testauksesta, käytöstä, huollosta, asennuksesta tai säädöstä.
Lisäksi tämä takuu raukeaa, jos sinetöity elektroniikkakotelo on avattu tai BelAir toteaa
tutkimuksissaan, että elektroniikkakoteloa on yritetty avata.
Korvaukset. Rajoitetun takuun aikana BelAir korjaa tai vaihtaa BelAirin valinnan mukaisesti
veloittamatta asiakasta Tuotteiden vialliset komponentit, jos Tuotteet palautetaan välittömästi
vikojen havaitsemisen jälkeen ja tuotepalautus tapahtuu Rajoitetun takuun ollessa voimassa.
Takuupalvelun saamisen ehtona on se, että Tuotteet palautetaan valtuutettuun huoltokeskukseen
alkuperäispakkauksessa tai sopivassa kuljetuspakkauksessa yhdessä ostotositteen kanssa, josta
käy ilmi ostopäivämäärä ja Tuotteiden sarjanumerot. Tuotepalautukselle on saatava valtuutus.
BelAir voi BelAirin oman valinnan mukaisesti käyttää uudelleenvalmistettuja, kunnostettuja tai
uusia osia tai komponentteja korjatessaan Tuotteita tai vaihtaa tuotteen uudelleenvalmistettuun,
kunnostettuun tai uuteen Tuotteeseen. Korjatuille tuotteille myönnetään alkuperäisen rajoitetun
takuun jäljellä oleva takuuaika tai 90 vuorokauden takuu sen mukaan, kumpi ajoista on pidempi.
Vaihdetuista osista, komponenteista, levyistä tai laitteista tulee BelAirin omaisuutta. Jos BelAir
määrittää, ettei tämä rajoitettu takuu kata Tuotetta, asiakkaan on maksettava tuotteen
korjaukseen tai palautukseen käytetyistä kaikista osista, lähetyksistä ja työstä. Edellä selostettu
on asiakkaan ainoa korvaus ja BelAirin ainoa vastuu tähän rajoitettuun takuun liittyen.
Ei takuuta. YLLÄ SELOSTETTUA NIMENOMAISTA TAKUUTA LUKUUN

OTTAMATTA, TUOTTEET JA TALLENNUSVÄLINEET TOIMITETAAN
“SELLAISINAAN” EIKÄ BEL AIR MYÖNNÄ NIILLE MITÄÄN NIMENOMAISTA TAI
EPÄSUORAA KIRJALLISTA TAI SUULLISTA TAKUUTA MIHINKÄÄN JURIDISEEN
SEIKKAAN PERUSTUEN KOSKIEN TUOTTEIDEN KAUPATTAVUUTTA TAI
TIETTYYN KÄYTTÖTARKOITUKSEEN SOPIVUUTTA. SIINÄ MÄÄRIN KUIN

SOVELLETTAVA LAKI SEN SALLII, BELAIR NIMENOMAISESTI TORJUU

PÄTEMÄTTÖMINÄ KAIKKI NIMENOMAISET JA OLETETUT VASTUUT MUKAAN
LUKIEN MUUN MUASSA TAKUU TAVARAN LAADUSTA, TYYDYTTÄVÄSTÄ
LAADUSTA, SOVELTUVUUDESTA KAUPANKÄYNTIIN, KESTÄVYYDESTÄ TAI
SOVELTUVUUDESTA TIETTYYN TARKOITUKSEEN SEKÄ OIKEUKSIEN
LOUKKAAMATTOMUUS. BELAIR EI TAKAA TUOTTEIDEN SOPIVUUTTA
ASIAKKAAN VAATIMUKSIIN MILLÄÄN TAVALLA. TUOTTEIDEN
VIRHEETTÖMYYTTÄ TAI NIIDEN KESKEYTYKSETÖNTÄ TOIMINTAA EI TAATA
TAI, ETTÄ TUOTTEESTA LÖYDETYT KAIKKI VIAT TAI PUUTTEET VOITAISIIN
KORJATA.
TÄMÄ TUOTE EI OLE VIKASIETOINEN EIKÄ SITÄ OLE SUUNNITELTU,

VALMISTETTU TAI TARKOITETTU KÄYTETTÄVÄKSI TAI MYYTÄVÄKSI
Draft
TUOTTEEKSI, JOKA SOVELTUISI VAARALLISIIN YMPÄRISTÖIHIN, JOISSA
TARVITAAN VIKASIETOISTA TOIMINTAA. TÄLLAISIA KÄYTTÖYMPÄRISTÖJÄ
OVAT ESIMERKIKSI LENTOKONEET, NAVIGOINTI- TAI
TIEDONSIIRTOJÄRJESTELMÄT, LENNONJOHTOJÄRJESTELMÄT TAI
ASEJÄRJESTELMÄT, JOISSA TUOTEVIKA VOISI JOHTAA SUORAAN
KUOLEMAAN, VAMMAAN TAI VAKAVIIN FYYSISIIN TAI YMPÄRISTÖLLISIIN
VAHINKOIHIN.
MITÄÄN TÄHÄN RAJOITETTUUN TAKUUN KUULUMATONTA VÄITETTÄ,

MUKAAN LUKIEN TUOTTEIDEN TOIMINTAA KOSKEVAT VÄITTEET NIIHIN
KUITENKAAN RAJOITTUMATTATTA, TAI VÄITETTYÄ TOSIAA EI VOIDA PITÄÄ
BELAIRIN ANTAMANA TAKUUNA, EHTONA TAI EDUSTUKSENA. BelAirin agenteilla,
työntekijöillä, jakelijoilla, kauppiailla tai edustajilla ei ole oikeutta muuttaa tätä rajoitettua
takuuta tai antaa BelAiria sitovia lisätakuita. Tästä syystä muita lausuntoja, kuten mainoksia tai
esityksiä, olivatpa ne suullisia tai kirjallisia, ei voida pitää BelAirin myöntämänä takuuna eikä
niihin tule luottaa tässä mielessä.
MIKÄÄN SOPIMUS, JOKA MUUTTAA TAI LAAJENTAA YLLÄ MAINITTUJA EHTOJA,

EI SIDO BELAIRIA, ELLEI SOPIMUSTA OLE TEHTY KIRJALLISESTI JA ELLEI SE OLE
BELAIRIN NIMENKIRJOITUSOIKEUDELLISEN EDUSTAJAN ALLEKIRJOITTAMA.
Tuotteiden toimintaan vaikuttaa kolmansien osapuolten toimittamat palvelut tai tekniikat eikä
BelAir vastaa Tuotteiden käyttöön liittyen katkottomasta toiminnasta ja luotettavuudesta,
signaalin vastaanotosta tai muuhun toimintaan tässä mielessä liittyvästä seikasta.
Tämä rajoitettu takuu jakaa riskin Asiakkaan ja BelAirin välillä, ja BelAirin Tuotteiden
hinnoittelu perustuu tähän riskin jakoon ja tämän rajoitetun takuun rajoituksiin.
Asiakas maksaa BelAirin kulloinkin voimassa olevan hinnaston mukaan teknisestä tuesta tai
Tuotekorjauksista tai tuotevaihdoista, jotka eivät kuulu Rajoitetun takuun piiriin (mukaanlukien
korjaukset tai tuotevaihdot Rajoitetun takuun umpeuduttua).

BELAIR TAI SEN KAUPPIAAT TAI TAVARANTOIMITTAJAT EIVÄT MISSÄÄN

TAPAUKSESSA OLE VASTUUSSA ASIAKKAALLE TAI KELLEKÄÄN MUULLE
HENKILÖLLE TAI TAHOLLE MISTÄÄN KORVAUSVELVOLLISUUKSISTA,
SUORISTA, SATUNNAISISTA, ERIKOISLAATUISISTA, JOHDANNAISISTA TAI
ESIMERKINOMAISISTA VAATEISTA MUKAAN LUKIEN RAJOITUKSETTA TULON
TAI VOITON MENETYS, TIETOJEN MENETYS TAI VAURIOITUMINEN TAI MUU
KAUPALLINEN TAI TALOUDELLINEN MENETYS, VAIKKA BELAIRILLE OLISI
ETUKÄTEEN ILMOITETTU TÄLLAISTEN VAHINKOJEN MAHDOLLISUUDESTA TAI
NE OLISIVAT ENNAKOITAVISSA. BELAIRIN, SEN KAUPPIAIDEN JA
TAVARANTOIMITTAJIEN KOKONAISVASTUU RAJOITTUU AINA ASIAKKAAN
TUOTTEESTA MAKSAMAAN OSTOHINTAAN. NÄMÄ RAJOITUKSET OVAT
VOIMASSA, VAIKKA VÄITETTY RIKKOMUS TAI PUUTE OLISI RISTIRIIDASSA
Draft
OLENNAISEN EHDON KANSSA TAI OLISI ITSESSÄÄN PERUSTAVANLAATUINEN
RIKKOMUS.
Jos tämän rajoitetun takuun jotakin osaa pidetään pätemättömänä tai toimeenpanokelvottomana,
pätemätöntä tai toimeenpanokelvotonta osaa tulkitaan täysimääräisesti sovellettavan lain
mukaisesti. Rajoitetun takuun muut ehdot ovat edelleen täysimääräisesti voimassa, lainmukaisia
ja toimeenpanokelpoisia, ja rajoitettua takuuta tulkiten siten, kuin toimeenpanokelvoton osa olisi
alun perin poistettu.

GARANZIA LIMITATA; LIMITAZIONE DELLA

RESPONSABILITÀ
Garanzia Limitata. BelAir Networks, Inc. (“BelAir”) garantisce che i prodotti BelAir inviati al
Cliente BelAir (“Cliente”) sono privi di difetti di materiale e manodopera relativi all’hardware in
condizioni di normale utilizzo per un periodo di 12 mesi dalla data di spedizione al Cliente, e
privi di difetti relativi al software per un periodo di 90 giorni dalla data di spedizione al Cliente
(rispettivamente denominati “Periodo di Garanzia Limitato”).
Esclusioni. La validità della Garanzia Limitata è subordinata a un uso corretto dei Prodotti. La
presente Garanzia Limitata non si applica a superfici di plastica e altri componenti esterni
suscettibili a graffi e danni in condizioni di normale utilizzo. La presente Garanzia Limitata non
Draft
si applica e risulterà nulla in caso di: (a) difetti o danni risultanti da incidenti, uso improprio,
abuso, negligenza, sollecitazioni fisiche, elettriche o elettromeccaniche che esulano
dall’ordinario, alterazioni dei Prodotti o di loro parti, e danni estetici; (b) rimozione, alterazione
o imbrattamento del numero di serie o di altri segni identificativi riportati sui Prodotti; (c)
funzionamenti difettosi derivanti dall’uso dei Prodotti insieme ad accessori, prodotti o
apparecchiature non forniti da BelAir; oppure (d) difetti o danni provocati da collaudo,
azionamento, manutenzione, installazione, riparazioni o regolazioni non autorizzati o impropri
dei Prodotti. In aggiunta, la presente garanzia non sarà più valida in caso di apertura del
contenitore delle parti elettroniche a tenuta stagna, oppure nel caso in cui BelAir determini,
previa ispezione, che siano stati effettuati tentativi di aprire il contenitore delle parti elettroniche.
Indennizzi. Durante il periodo di validità della Garanzia Limitata BelAir riparerà o sostituirà, a
propria discrezione, senza addebiti al Cliente, qualsiasi componente difettoso dei Prodotti, a
condizione che gli stessi siano tempestivamente restituiti non appena venga riscontrato il difetto
nel corso del Periodo coperto dalla Garanzia Limitata. Per usufruire di questo servizio, i Prodotti
devono essere restituiti a un centro di assistenza autorizzato nella confezione originale o in un
imballaggio idoneo alla spedizione, allegando la prova di acquisto datata e il numero di serie dei
Prodotti. Fornire sempre il codice di autorizzazione per la restituzione del prodotto (“RMA”).
Nel corso della riparazione di un qualsiasi Prodotto BelAir può, a propria discrezione, utilizzare
parti o componenti ricostruiti, revisionati o nuovi, oppure sostituire il Prodotto con un Prodotto
ricostruito, revisionato o nuovo. I Prodotti riparati sono coperti da garanzia per 90 giorni o per il
periodo residuo di durata della Garanzia Limitata originale applicabile prevista per il Prodotto
originale, se superiore a 90 giorni. Tutti i pezzi, componenti, schede o apparecchiature sostituiti
diventeranno di proprietà di BelAir. Nel caso in cui BelAir stabilisca che un qualsiasi prodotto
non è coperto dalla Garanzia Limitata, il Cliente sarà tenuto a pagare i costi relativi a pezzi di
ricambio, spedizione e manodopera per la riparazione o la restituzione di tali Prodotti. Quanto
sopra indicato costituisce l'unico indennizzo a favore del Cliente e l'unico obbligo e
responsabilità di BelAir nell’ambito della presente Garanzia Limitata.

Esclusione di garanzie. AD ECCEZIONE DELLA GARANZIA ESPLICITA SOPRA

CITATA, I PRODOTTI E I SUPPORTI DI ARCHIVIAZIONE SONO FORNITI “NELLO
STATO IN CUI SI TROVANO” E NON SUSSISTONO GARANZIE, DICHIARAZIONI O
CONDIZIONI, ESPLICITE O IMPLICITE, SCRITTE OPPURE VERBALI, DERIVANTI DA
LEGGI, EFFETTI DI LEGGE, CONSUETUDINI ED USI COMMERCIALI O ALTRO,
RELATIVE AI PRODOTTI IN OGGETTO O A QUALSIASI ALTRO PRODOTTO O
SERVIZIO FORNITO DA BELAIR IN VIRTÙ O IN COLLEGAMENTO CON IL PRESENTE
CONTRATTO. NELLA MISURA CONSENTITA DALLE LEGGI VIGENTI, BELAIR NON
RICONOSCE ALCUNA GARANZIA IMPLICITA, CONDIZIONE DI QUALITÀ O DI
QUALITÀ SODDISFACENTE, COMMERCIABILITÀ, DURATA, IDONEITÀ PER UN
PARTICOLARE SCOPO, TITOLO O NON VIOLAZIONE DI BREVETTI. BELAIR NON
DICHIARA NÉ GARANTISCE CHE I PRODOTTI RISPONDANO PARZIALMENTE O
INTEGRALMENTE ALLE ESIGENZE SPECIFICHE DEL CLIENTE, NÉ CHE IL
Draft
FUNZIONAMENTO DEI PRODOTTI SIA PRIVO DI ERRORI O INTERRUZIONI, NÉ CHE
TUTTI GLI ERRORI O DIFETTI RISCONTRATI NEI PRODOTTI POSSANO ESSERE
CORRETTI.
QUESTO PRODOTTO NON È A PROVA DI ERRORE E NON È STATO

PROGETTATO, FABBRICATO O DESTINATO ALL'IMPIEGO O ALLA RIVENDITA
COME APPARECCHIATURA DA UTILIZZARE IN AREE A RISCHIO DOVE SONO
RICHIESTE PRESTAZIONI A PROVA DI GUASTO, COME LA NAVIGAZIONE
AEREA, I SISTEMI DI COMUNICAZIONE, Il CONTROLLO DEL TRAFFICO
AEREO O I SISTEMI DI ARMAMENTI IN CUI L'EVENTUALE GUASTO DEI
PRODOTTI POTREBBE PROVOCARE DIRETTAMENTE LA MORTE, LESIONI
PERSONALI OPPURE GRAVI DANNI FISICI O AMBIENTALI.
NESSUNA RAPPRESENTAZIONE O ALTRA AFFERMAZIONE DI FATTO, COMPRESE,

A TITOLO ESEMPLIFICATIVO, LE DICHIARAZIONI RELATIVE ALLE PRESTAZIONI
DEI PRODOTTI NON RIPORTATE IN QUESTA GARANZIA LIMITATA DOVRANNO
ESSERE RITENUTE GARANZIE, CONDIZIONI O RAPPRESENTAZIONI FATTE DA
BELAIR. Gli agenti, dipendenti, distributori, rivenditori o rappresentanti di BelAir non sono
autorizzati ad apportare modifiche alla presente Garanzia Limitata, né a fornire ulteriori garanzie
vincolanti per BelAir. Di conseguenza, ulteriori dichiarazioni quali ad esempio messaggi
pubblicitari o presentazioni, sia verbali che scritte, non costituiscono garanzie da parte di BelAir
e non devono essere ritenute affidabili.
NESSUN CONTRATTO CONTENENTE TERMINI DIVERSI O PIÙ ESTESI RISPETTO A

QUELLI SOPRA CITATI SARÀ VINCOLANTE PER BELAIR A MENO CHE NON SIA
STATO STILATO E SOTTOSCRITTO DA PERSONA AUTORIZZATA ALLA FIRMA PER
CONTO DI BELAIR. Le prestazioni dei prodotti dipendono dalle prestazioni e dalla
disponibilità di servizi o tecnologie forniti da terze parti e BelAir non è responsabile della

continuità e affidabilità di tali servizi, nonché della ricezione o di altre limitazioni inerenti alle
prestazioni associate all’utilizzo dei Prodotti.
La presente Garanzia Limitata ripartisce il rischio fra il Cliente e BelAir, e i prezzi dei Prodotti
BelAir rispecchiano tale ripartizione del rischio e le limitazioni di responsabilità riportate nella
presente Garanzia Limitata.
Per qualsiasi assistenza tecnica o riparazione e sostituzione del Prodotto fornita da BelAir al di
fuori del Periodo di Garanzia Limitata applicabile (ivi incluse le riparazioni o le sostituzioni
eseguite al termine del Periodo di Garanzia Limitata applicabile), il Cliente pagherà il
corrispettivo a BelAir in base alle tariffe in vigore.
NELLA MISURA CONSENTITA DALLA LEGGE VIGENTE, BELAIR (E RELATIVI
Draft
RIVENDITORI E FORNITORI) NON POTRÀ IN ALCUN CASO ESSERE RITENUTA
RESPONSABILE NEI CONFRONTI DEL CLIENTE O DI ALTRE PERSONE O ENTITÀ IN
CASO DI DANNI INDIRETTI, ACCIDENTALI, PARTICOLARI O CONSEQUENZIALI DI
QUALSIASI TIPO COMPRESI, A TITOLO ESEMPLIFICATIVO, MANCATI INTROITI O
GUADAGNI, PERDITA O DANNEGGIAMENTO DI DATI, COSTI SOSTENUTI PER
L’ACQUISTO DI MERCI SOSTITUTIVE O ALTRE PERDITE COMMERCIALI O
ECONOMICHE, ANCHE NEL CASO IN CUI FOSSERO A CONOSCENZA DELLA
POSSIBILITÀ DI TALI DANNI O QUESTI FOSSERO IN ALTRO MODO PREVEDIBILI.
LA RESPONSABILITÀ CUMULATIVA MASSIMA DI BELAIR (E RELATIVI
RIVENDITORI E FORNITORI) NEI CONFRONTI DEL CLIENTE NON POTRÀ
SUPERARE L’IMPORTO PAGATO DAL CLIENTE PER IL PRODOTTO. LE
LIMITAZIONI DI CUI ALLA PRESENTE SEZIONE SARANNO VALIDE A
PRESCINDERE DAL FATTO CHE LA PRESUNTA VIOLAZIONE O INADEMPIENZA
COSTITUISCA UNA VIOLAZIONE DI UN TERMINE O CONDIZIONE
FONDAMENTALE OVVERO UNA VIOLAZIONE FONDAMENTALE.
Nel caso in cui una clausola della presente Garanzia Limitata sia ritenuta invalida o
inapplicabile, essa sarà applicata nella misura massima consentita dalla legge, e la legalità e
l’applicabilità delle altre clausole della presente Garanzia Limitata avranno piena validità ed
efficacia, e dovranno essere lette e interpretate come se la clausola nulla o inapplicabile fosse
stata originariamente omessa.

BEGRÆNSET GARANTI;
ANSVARSBEGRÆNSNING.
Begrænset garanti. BelAir Networks, Inc. (”BelAir”) garanterer at BelAir-produkterne, som
sendes til dig, en kunde hos BelAir (”Kunde”), har ingen hardwaredefekter i materiale eller
udførelse ved almindelig anvendelse og betjening i en periode på 12 måneder fra
forsendelsesdatoen til Kunde, og har ingen softwaredefekter i en periode på 90 dage fra
forsendelsesdatoen til Kunde (henholdsvis; ”Begrænset garantiperiode”.)
Undtagelser. Denne begrænsede garanti er betinget af, at produktet anvendes korrekt. Denne
begrænsede garanti dækker ikke plastik overflader og andre eksterne ubeskyttede komponenter,
som er ridset eller skadet pga. almindelig anvendelse. Denne begrænsede garanti dækker ikke og
Draft
bliver ugyldig i tilfælde af: (a) defekter eller skade fra uheld, fejlagtig anvendelse, misbrug,
forsømmelse, ualmindelig fysisk, elektrisk, eller elektromekanisk stress, ændringer af
produkterne eller enhver del deraf, eller kosmetisk skade; (b) fjernelse, ændring eller udviskning
af produktets serienummer eller andre identificerende mærker; (c) funktionsfejl som resultat af,
at produktet anvendes i forbindelse med tilbehør, produkter eller udstyr, som ikke leveres af
BelAir; eller (d) defekter eller skade fra uautoriseret eller fejlagtig testning, betjening,
vedligeholdelse, installation, servicering eller tilpasning af produkterne. Desuden bliver denne
garanti også ugyldig i tilfælde af, at det forseglede elektroniske bilag er åbnet, eller BelAir
fastslår, efter inspektion, at der var forsøg på at åbne det elektroniske bilag.
Retsmidler. Under den gældende begrænsede garantiperiode, vil BelAir reparere eller erstatte,
på BelAirs egne vegne og uden at debitere Kunden, alle mangelfulde produktkomponenter, givet
at produkterne er returneret, så snart defekten er opdaget og under den gældende begrænsede
garantiperiode. For at blive serviceret, skal produkterne returneres til et autoriseret
servicecenter i den originale pakning eller pakning, som passer til forsendelsen, med et vedlagt
salgsbevis, der viser produktets købsdato og serienummer. En gældende RMA (Return Materiel
Authorisation) kræves før nogen som helst returnering. BelAir kan, på BelAirs egne vegne,
bruge genopbyggede, istandsatte, eller nye dele eller komponenter til reparation af alle produkter
eller erstatning af produkt med et genopbygget, istandsat eller nyt produkt. Reparerede
produkter bliver garanteret i en periode, som er magen til resten af den originale anvendelige
begrænsede garantiperiode for det originale produkt eller i 90 dage, hvilken periode er størst.
Alle erstattede dele, komponenter, kort eller ustyr bliver BelAirs ejendom. Hvis BelAir
fastsætter, at denne begrænsede garanti ikke dækker et produkt, skal Kunden betale
omkostningerne for alle reservedele, forsendelse, og arbejdsudgifter for reparationen eller
returnering af disse produkter. Det føromtalte er Kundens eneste retsmiddel og BelAirs eneste
forpligtelse og ansvarlighed mht. denne begrænsede garanti.
Garantifraskrivelse. MED UNDTAGELSE AF OVENFOR OMTALTE GARANTI,

LEVERES PRODUKTER OG DATABÆRENDE MEDIA SOM DET ER OG FOREFINDES,

OG BELAIR FRASKRIVER SIG ENHVER GARANTI, REPRÆSENTATION ELLER

FORHOLD, UDTRYKKELIGT ELLER UNDERFORSTÅET, SKRIFTLIG ELLER
MUNDTLIG, I HENHOLD TIL GÆLDENDE RET, I KRAFT AF LOVGIVNING,
SAMHANDEL, HANDELSBRUG ELLER PÅ ANDEN MÅDE, ANGÅENDE DISSE ELLER
ETHVERT ANDET PRODUKT ELLER SERVICE, SOM ER LEVERET HERI ELLER I
FORBINDELSE HERMED. I DET OMFANG DE GÆLDENDE LOVE TILLADER,
FRASKRIVER BELAIR SIG ALLE UNDERFORSTÅET GARANTIER ELLER
KVALITETSBETINGELSER, TILFREDSSTILLENDE KVALITET, SALGBARHED,
HOLDBARHED, EGNETHED TIL ET BESTEMT FORMÅL, TITEL OG
IKKE-OVERTRÆDELSE. BELAIR HVERKEN ERKLÆRER ELLER GARANTERER, AT
PRODUKTET OPFYLDER ET ELLER ALLE KUNDENS SPECIELLE KRAV, AT
PRODUKTET KØRER UDEN FEJL ELLER AFBRYDELSER, ELLER AT ALLE
PRODUKTFEJL ELLER -DEFEKTER BLEV RETTET.
Draft
DETTE PRODUKT ER IKKE FEJLTOLERANT OG ER IKKE DESIGNET,
FREMSTILLET, ELLER BEREGNET TIL BRUG ELLER GENSALG SOM UDSTYR
TIL ANVENDELSE I FARLIGE OMGIVELSER, SOM FORLANGER DRIFTSSIKKER
PERFORMANS, SOM FOR EKSEMPEL I FLYNAVIGATION, I HVILKET
FUNKTIONSFEJL KAN FORÅRSAGE DIREKTE DØDSFALD, PERSONLIG
KVÆSTELSE, ELLER SVÆRE LEGEMLIGE ELLER MILJØMÆSSIGE SKADER.
INGEN REPRÆSENTATION ELLER ANDEN ERKLÆRING OM KENDSGERNING,

HERUNDER MEN IKKE BEGRÆNSET TIL ANGIVELSER OM
PRODUKTPERFORMANS, SOM IKKE FINDES I DENNE BEGRÆNSEDE GARANTI, MÅ
BETRAGTES SOM GARANTI, FORHOLD ELLER REPRÆSENTATION FRA BELAIR.
BelAirs agenter, ansatte, distributører, forhandlere eller repræsentanter er ikke autoriseret til at
udføre ændringer i denne begrænsede garanti, eller til at give yderligere garantier, som er
bindende for BelAir. Derfor, yderligere erklæringer såsom reklame eller præsentationer, enten
mundtligt eller skriftligt, udgør ikke garantier fra BelAir og er ikke pålidelige.
AFTALER, SOM VARIERER ELLER FORLÆNGER PERIODERNE OVENFOR, ER IKKE

BINDENDE FOR BELAIR, UNDTAGEN SKRIFTLIGT OG UNDERSKREVET AF EN
BELAIR FUNKTIONÆR, SOM ER AUTORISERET TIL AT SKRIVE UNDER.
Produktperformans afhænger af performans og tilgængelighed af service eller teknologi, som
leveres a tredjeparter, og BelAir er ikke ansvarlig for servicekontinuitet og –pålidelighed,
modtagelse, eller anden performans i forbindelse med produkternes anvendelse.
Denne begrænsede garanti deler risiko mellem Kunde og BelAir, og BelAirs produktpriser
reflekterer denne risikofordeling og ansvarsfraskrivelse i denne begrænsede garanti.

Enhver teknisk support eller produktreparation eller –erstatning, som er udført af BelAir uden
for perioden i denne begrænsede garanti (herunder reparation af eller erstatning efter den
begrænsede garantiperiode heri er ophørt), betales af Kunde med BelAirs mest gængse priser.
I DET OMFANG DE GÆLDENDE LOVE TILLADER, HAR HVERKEN BELAIR ELLER

DETS FORHANDLERE ELLER LEVERANDØRER ANSVARLIGHED PÅ NOGEN MÅDE
OVER FOR KUNDEN ELLER ENHVER ANDEN PERSON ELLER SELSKAB FOR
ENHVER DIREKTE, TILFÆLDIG, SPECIEL ELLER EFTERFØLGENDE SKADER,
HERUNDER, MEN IKKE BEGRÆNSET TIL, TABT INDTÆGT ELLER UDBYTTE, TABT
ELLER SKADET DATA, OMKOSTNINGER TIL OPKØB AF ERSTATNINGSVARER,
ELLER ANDET KOMMERCIELT ELLER ØKONOMISK TAB, SELV EFTER
UNDERRETNING OM MULIGHEDEN FOR SÅDANNE SKADER, ELLER AT DE ER TIL
AT FORUDSE. BELAIRs STØRSTE SAMMENLAGTE FORPLIGTELSE TIL KUNDER
Draft
OG TIL SINE FORHANDLERE OG LEVERANDØRER MÅ IKKE VÆRE STØRRE EN
BELØBET, SOM KUNDEN BETALTE FOR PRODUKTET.DE FØROMTALTE
BEGRÆNSNINGER GÆLDER, HVAD ENTEN DET FREMFØRTE BRUD ELLER
MISLIGHOLDELSE ER ET BRUD PÅ DE GRUNDLÆGGENDE BETINGELSER ELLER
PERIODE ELLER EN VÆSENTLIG MISLIGHOLDELSE.
Hvis nogen som helt bestemmelse i denne begrænsede garanti erkendes ugyldig eller uden
retskraft, bliver den håndhævet i den højeste grad, som loven tillader, og lovligheden og
eksigibilitet af de andre bestemmelser i denne begrænsede garanti vedbliver at være fuldt ud
gældende og effektive, som skal læses og opfattes som om bestemmelsen, som er ugyldige eller
uretskraftig, var slettet oprindeligt.

GARANTIA LIMITADA; LIMITAÇÃO DA

RESPONSABILIDADE
Garantia Limitada. A BelAir Networks, Inc. (“BelAir”) garante que os Produtos BelAir que
lhe foram entregues a si, um cliente da BelAir (“Cliente”), estarão isentos de defeitos de
hardware relativamente a material e mão-de-obra, sob condições normais de utilização e
assistência, por um período de 12 meses a partir da data de expedição para o Cliente, e livre de
defeitos de software por um período de 90 dias a partir da data de expedição para o Cliente
(respectivamente, o “Período de Garantia Limitada”).
Exclusões. Esta garantia limitada está condicionada à correcta utilização dos Produtos. Esta
garantia limitada não cobre superfícies de plástico e outros componentes expostos externamente
Draft
que estejam riscados ou danificados devido a utilização normal. Esta garantia limitada não
cobrirá, e será considerada nula e sem efeito em caso de: (a) defeitos ou danos resultantes de
acidentes, utilização incorrecta, abuso, negligência, tensão física, eléctrica ou electromecânica
invulgar, alteração dos Produtos ou de qualquer peça dos mesmos, ou danos estéticos; (b)
remoção, alteração ou deterioração do número de série ou outras marcas de identificação dos
Produtos; (c) mau funcionamento resultante da utilização dos Produtos em conjunto com
acessórios, produtos ou equipamentos não fornecidos pela BelAir; ou (d) defeitos ou danos
resultantes de testes, funcionamento, manutenção, instalação, assistência ou ajustes não
autorizados ou indevidos dos Produtos. Mais, esta garantia ficará igualmente sem efeito em caso
de abertura da caixa electrónica selada, ou caso a BelAir apure, mediante inspecção, que foram
efectuadas tentativas de abertura da caixa electrónica.
Medidas de Correcção. Durante o Período de Garantia Limitada aplicável, a BelAir irá reparar
ou substituir, a seu exclusivo critério, sem quaisquer encargos para o Cliente, qualquer
componente defeituoso dos Produtos, desde que os Produtos sejam devolvidos imediatamente
após descoberta do defeito e durante o Período de Garantia Limitada aplicável. Para obter
assistência, os Produtos têm que ser devolvidos a um local de assistência autorizado, na
embalagem original ou em embalagem adequada para expedição, acompanhados do
comprovativo de compra indicando a data de aquisição e o número de série dos Produtos. Antes
de qualquer devolução é necessária uma RMA (Autorização de Devolução de Mercadoria)
válida. A BelAir pode, a seu exclusivo critério, utilizar peças ou componentes reconstruídos,
reparados ou novos na reparação de qualquer Produto, ou substituir um Produto por um Produto
reconstruído, reparado ou novo. Os Produtos reparados serão garantidos por um período igual ao
período remanescente do Período de Garantia Limitada original aplicável para o Produto
original, ou por um período de 90 dias, aquele que for superior. Todas as peças, componentes,
placas ou equipamentos substituídos tornar-se-ão propriedade da BelAir. Se a BelAir determinar
que esta garantia limitada não cobre qualquer Produto, o Cliente terá que pagar os custos de
todas as peças, expedição e encargos de mão-de-obra pela reparação ou devolução de tais
Produtos. O disposto acima constitui as únicas medidas de correcção à disposição do Cliente e a
única obrigação e responsabilidade da BelAir no que se refere a esta garantia limitada.

Sem Garantia. EXCEPTO NO QUE SE REFERE À GARANTIA EXPRESSA ACIMA, OS

PRODUTOS E MEIOS DE ARMAZENAMENTO SÃO FORNECIDOS NUMA BASE “TAL
COMO ESTÁ” E NÃO EXISTEM GARANTIAS, REPRESENTAÇÕES OU CONDIÇÕES,
EXPRESSAS OU IMPLÍCITAS, ESCRITAS OU ORAIS, EMERGENTES PELO
ESTATUTO, ACÇÃO DA LEI, USO COMERCIAL, OU OUTROS, EM RELAÇÃO AOS
MESMOS OU A QUALQUER OUTRO PRODUTO OU SERVIÇO FORNECIDO PELA
BELAIR AO ABRIGO DA PRESENTE GARANTIA OU RELACIONADO COM A MESMA.
TANTO QUANTO PERMITIDO PELA LEGISLAÇÃO APLICÁVEL, A BELAIR REJEITA
QUAISQUER GARANTIAS IMPLÍCITAS OU CONDIÇÕES DE QUALIDADE,
QUALIDADE SATISFATÓRIA, COMERCIALIZAÇÃO, DURABILIDADE, ADEQUAÇÃO
A UM FIM ESPECÍFICO, TÍTULO E NÃO-VIOLAÇÃO. A BELAIR NÃO REPRESENTA
NEM GARANTE QUE OS PRODUTOS IRÃO CUMPRIR QUALQUER OU TODOS OS
Draft
REQUISITOS PARTICULARES DO CLIENTE, QUE OS PRODUTOS IRÃO FUNCIONAR
SEM ERROS OU ININTERRUPTAMENTE, OU QUE TODOS OS ERROS OU DEFEITOS
DOS PRODUTOS POSSAM SER CONSIDERADOS PASSÍVEIS DE SEREM
CORRIGIDOS.
ESTE PRODUTO NÃO É TOLERANTE A FALHAS E NÃO FOI CONCEBIDO,

FABRICADO OU DESTINADO PARA A UTILIZAÇÃO OU REVENDA COMO
EQUIPAMENTO PARA SER UTILIZADO EM AMBIENTES PERIGOSOS QUE
EXIJAM UM DESEMPENHO SEM FALHAS, TAL COMO A NAVEGAÇÃO DE
AVIÕES OU SISTEMAS DE COMUNICAÇÃO, CONTROLO DE TRÁFEGO AÉREO
OU SISTEMAS DE ARMAMENTO, NOS QUAIS AS FALHAS DE RESULTADOS
TANGÍVEIS PODEM CONDUZIR DIRECTAMENTE À MORTE, FERIMENTOS
PESSOAIS OU DANOS FÍSICOS OU AMBIENTAIS GRAVES.
NENHUMA REPRESENTAÇÃO OU OUTRA AFIRMAÇÃO DE FACTO, INCLUINDO,

MAS NÃO SE LIMITANDO A, DECLARAÇÕES RESPEITANTES AO DESEMPENHO
DOS PRODUTOS, QUE NÃO ESTEJAM CONTIDAS NESTA GARANTIA LIMITADA,
SERÃO CONSIDERADAS GARANTIA, CONDIÇÃO OU REPRESENTAÇÃO PELA
BELAIR. Os agentes, colaboradores, distribuidores, vendedores ou representantes da BelAir não
estão autorizados a efectuar alterações a esta garantia limitada, nem a efectuar garantias
adicionais vinculando a BelAir. Da mesma forma, quaisquer declarações adicionais, tais como
publicidade ou apresentações, orais ou escritas, não constituem garantias por parte da BelAir e
não devem ser consideradas fiáveis.
NENHUM ACORDO QUE ENVOLVA VARIAÇÕES OU ALARGAMENTO DOS TERMOS

DA GARANTIA ACIMA DESCRITOS SERÁ VINCULATIVO PARA A BELAIR,
EXCEPTO SE FOR EFECTUADO POR ESCRITO E ASSINADO POR UM RESPONSÁVEL
DA BELAIR COM AUTORIZAÇÃO DE ASSINATURA. O desempenho dos Produtos
depende do desempenho e disponibilidade de serviços ou tecnologia fornecida por terceiros, e a

BelAir não é responsável pela continuidade e fiabilidade dos serviços, recepção ou outras
limitações relacionadas com o desempenho, associadas à utilização dos Produtos.
Esta garantia limitada atribui um risco entre o Cliente e a BelAir, e os preços dos Produtos
BelAir reflectem esta atribuição de risco e as limitações de fiabilidade contidas nesta garantia
limitada.
Qualquer assistência técnica ou reparação ou substituição do Produto fornecida pela BelAir fora
do Período de Garantia Limitada aplicável (incluindo reparações ou substituição depois de
terminado o Período de Garantia Limitada aplicável) será paga pelo Cliente ao preço da BelAir
em vigor.
TANTO QUANTO PERMITIDO PELA LEGISLAÇÃO APLICÁVEL, NEM A BELAIR NEM
Draft
OS SEUS VENDEDORES OU FORNECEDORES TERÃO QUALQUER
RESPONSABILIDADE EM RELAÇÃO AO CLIENTE OU QUALQUER OUTRA PESSOA
OU ENTIDADE, POR QUAISQUER DANOS INDIRECTOS, INCIDENTAIS, ESPECIAIS
OU CONSEQUENCIAIS, INCLUINDO, MAS NÃO SE LIMITANDO A, PERDA DE
GANHOS OU LUCROS, PERDA OU DANOS DE DADOS, CUSTO DE AQUISIÇÃO DE
BENS DE SUBSTITUIÇÃO, OU OUTRAS PERDAS COMERCIAIS OU ECONÓMICAS,
MESMO SE AVISADO QUANTO À POSSIBILIDADE DE TAIS DANOS OU SE OS
MESMOS FOREM PREVISÍVEIS. A RESPONSABILIDADE AGREGADA MÁXIMA DA
BELAIR EM RELAÇÃO AO CLIENTE E A RESPONSABILIDADE DOS SEUS
VENDEDORES E FORNECEDORES NÃO DEVERÁ EXCEDER O VALOR PAGO PELO
CLIENTE POR ESSE PRODUTO. AS LIMITAÇÕES ANTERIORES APLICAR-SE-ÃO
QUER AS ALEGADAS VIOLAÇÕES OU DEFEITOS SEJAM OU NÃO UMA VIOLAÇÃO
DE UMA CONDIÇÃO OU TERMO FUNDAMENTAL OU UMA VIOLAÇÃO
FUNDAMENTAL.
Se qualquer cláusula desta garantia limitada for considerada inválida ou não executória, a
mesma será executada na extensão máxima permitida pela lei, e a legalidade e executabilidade
das restantes cláusulas desta garantia limitada permanecerão plenamente em vigor, devendo ser
lidas e interpretadas como se a cláusula nula ou não executória estivesse originalmente excluída.

GARANTÍA LIMITADA; LIMITACIÓN DE

RESPONSABILIDAD
Garantía Limitada. BelAir Networks, Inc. (“BelAir”) garantiza que los productos BelAir que
se le enviaron a usted, un cliente de BelAir (“Cliente”) estarán libres de defectos de hardware
respecto al material y a la fabricación en condiciones normales de uso y servicio por un período
de 12 meses a partir de la fecha del envío al Cliente y estarán libres de defectos de software por
un período de 90 días a partir de la fecha del envío al Cliente (respectivamente, el “Período de
Garantía Limitada”).
Exclusiones. Esta garantía limitada está condicionada a la correcta utilización de los Productos.
Esta garantía limitada no cubre las superficies de plástico ni otros componentes al descubierto
Draft
que se rayen o dañen como consecuencia del uso normal. Esta garantía limitada no cubre, y se
considerará nula y sin efecto en los siguientes casos: (a) defectos o daños ocasionados por
accidentes, uso incorrecto, abuso, descuido, tensión física, eléctrica o electromecánica fuera de
lo normal, alteraciones a los Productos o a cualesquiera de sus piezas, o daños estéticos; (b) el
retiro, la alteración o la desfiguración del número de serie o de otras señas de identificación de
los Productos; (c) el mal funcionamiento que resulte del uso de los Productos en conjunto con
accesorios, productos o equipo que no sean provistos por BelAir; o (d) defectos o daños
causados por pruebas, funcionamiento, mantenimiento, instalación, servicio o ajustes de los
Productos que se realicen sin autorización o que sean inadecuados. Además, esta garantía
también quedará sin efecto si se abre la caja sellada del sistema electrónico, o si BelAir
determina, después de efectuar una inspección, que se han realizado intentos por abrir la caja del
sistema electrónico.
Recursos. Durante el Período de vigencia de la Garantía Limitada, BelAir reparará o

reemplazará, a su criterio exclusivo, sin cargo al Cliente, cualquier componente defectuoso de
los Productos, siempre y cuando los Productos sean devueltos con prontitud tras haberse
detectado el defecto y durante el Período de vigencia de la Garantía Limitada. Para obtener
servicio, los Productos deben devolverse a una instalación de servicio autorizada, en el embalaje
original o en embalaje adecuado para el transporte, junto con el comprobante de pago en el que
aparezca la fecha de compra y el número de serie de los Productos. Es necesario contar con una
autorización de devolución de mercancías (RMA) válida antes de efectuar cualquier devolución.
En la reparación de los Productos BelAir puede, a su exclusivo criterio, utilizar piezas o
componentes reconstruidos, reacondicionados o nuevos, o bien, puede sustituir un Producto con
un Producto reconstruido, reacondicionado o nuevo. Los Productos reparados estarán
garantizados por el tiempo que quede del Período de Garantía Limitada original en vigencia
correspondiente al Producto original o por 90 días, aplicando el que sea mayor de los dos. Todas
las piezas, componentes, placas o equipo sustituidos pasarán a ser propiedad de BelAir. Si
BelAir determina que esta garantía limitada no cubre ningún Producto, el Cliente deberá pagar
los gastos de todas las piezas, el transporte y la mano de obra por la reparación o devolución de

tales Productos. Lo dispuesto anteriormente constituye el único recurso del Cliente y la única
obligación y responsabilidad de BelAir con respecto a esta Garantía Limitada.
Sin Garantía. SALVO LA GARANTÍA EXPRESA EXPUESTA ARRIBA, LOS

PRODUCTOS Y LOS MEDIOS DE ALMACENAMIENTO SE SUMINISTRAN “TAL
CUAL” Y NO EXISTEN GARANTÍAS, REPRESENTACIONES O CONDICIONES,
EXPRESAS O IMPLÍCITAS, ESCRITAS O VERBALES, QUE SE DERIVEN DE LA LEY,
LA ACCIÓN DE LA LEY, COSTUMBRES COMERCIALES ESTABLECIDAS, USOS DEL
COMERCIO U OTROS, EN RELACIÓN CON ELLOS O CON CUALQUIER OTRO
PRODUCTO O SERVICIO QUE PRESTE BELAIR EN VIRTUD DEL PRESENTE
DOCUMENTO O EN RELACIÓN CON EL MISMO. EN LA MEDIDA QUE LO
PERMITA EL DERECHO APLICABLE, BELAIR DECLINA TODA GARANTÍA
IMPLÍCITA O CONDICIONES DE CALIDAD, CALIDAD SATISFACTORIA,
Draft
COMERCIABILIDAD, DURABILIDAD, IDONEIDAD PARA UN FIN DETERMINADO,
TÍTULO Y AUSENCIA DE INCUMPLIMIENTO. BELAIR NO REPRESENTA NI
GARANTIZA QUE LOS PRODUCTOS SATISFARÁN ALGUNO O TODOS LOS
REQUISITOS PARTICULARES DE LOS CLIENTES, QUE LOS PRODUCTOS
FUNCIONARÁN SIN ERRORES O SIN INTERRUPCIONES O QUE TODOS LOS
ERRORES O DEFECTOS DE LOS PRODUCTOS SE HAYAN CORREGIDO.
ESTE PRODUCTO NO ES TOLERANTE A FALLOS NI ESTÁ DISEÑADO,

FABRICADO O DESTINADO PARA USARSE, O REVENDERSE PARA SER USADO,
EN ENTORNOS PELIGROSOS QUE REQUIEREN UN RENDIMIENTO SIN
ERRORES, COMO EN LA NAVEGACIÓN AÉREA, EN LOS SISTEMAS DE
COMUNICACIONES, EN EL CONTROL DE TRÁFICO AÉREO O EN LOS
SISTEMAS DE ARMAMENTO, EN LOS QUE EL FALLO DE LOS PRODUCTOS
PODRÍA DERIVAR DIRECTAMENTE EN MUERTE, LESIONES O DAÑOS GRAVES
TANTO FÍSICOS COMO AL MEDIO AMBIENTE.
NINGUNA REPRESENTACIÓN O AFIRMACIÓN DE HECHO, INCLUYENDO PERO SIN

LIMITARSE A LAS DECLARACIONES EN RELACIÓN CON EL RENDIMIENTO DE LOS
PRODUCTOS, QUE NO SE ENCUENTREN EN ESTA GARANTÍA LIMITADA, SERÁN
CONSIDERADAS GARANTÍA, CONDICIÓN O REPRESENTACIÓN DE BELAIR. Los
agentes, empleados, distribuidores, vendedores o representantes de BelAir no están autorizados
para hacer modificaciones a esta garantía limitada ni efectuar garantías adicionales vinculantes
para BelAir. Asimismo, cualquier expresión adicional en materia de publicidad o
presentaciones, ya sean verbales o escritas, no constituyen garantías de BelAir y no se debe
recurrir a ellas.
NINGÚN ACUERDO QUE MODIFIQUE O AMPLÍE LAS CONDICIONES ARRIBA

MENCIONADAS SERÁ VINCULANTE PARA BELAIR A MENOS QUE SEA POR
ESCRITO Y QUE LLEVE LA FIRMA DE UN SIGNATARIO AUTORIZADO POR BELAIR.

El rendimiento de los Productos depende del desempeño y disponibilidad de los servicios o

tecnología de terceros y BelAir no es responsable de la continuidad y confiabilidad del servicio,
la recepción u otras limitaciones respecto al rendimiento asociadas con el uso de los Productos.
Esta garantía limitada atribuye riesgos entre el Cliente y BelAir, y el establecimiento de precios
de los Productos BelAir refleja esta asignación y las limitaciones de responsabilidad contenidas
en esta garantía limitada.
Todo apoyo técnico o reparación o sustitución de Productos provistos por BelAir fuera del
Período vigente de la Garantía Limitada (incluyendo las reparaciones o sustituciones que se
realicen después de concluir el Período vigente de la Garantía Limitada) serán pagados por el
Cliente conforme a los precios de BelAir que estén en vigor.
Draft
EN LA MEDIDA EN QUE LO PERMITA EL DERECHO APLICABLE, NI BELAIR NI SUS
EMPLEADOS O PROVEEDORES TENDRÁN, EN ABSOLUTO, NINGUNA
RESPONSABILIDAD EN RELACIÓN CON EL CLIENTE O CON CUALQUIER OTRA
PERSONA O ENTIDAD POR DAÑOS INDIRECTOS, INCIDENTALES, ESPECIALES O
CONSECUENCIALES, INCLUYENDO PERO SIN LIMITARSE A LA PÉRDIDA DE
INGRESOS O GANANCIAS, PÉRDIDA O DAÑOS DE DATOS, EL COSTE DE ADQUIRIR
BIENES DE SUSTITUCIÓN, U OTRAS PÉRDIDAS COMERCIALES O ECONÓMICAS,
AUN CUANDO SE HAYA COMUNICADO LA POSIBILIDAD DE TALES DAÑOS O LA
PREVISIÓN DE LOS MISMOS. LA RESPONSABILIDAD TOTAL MÁXIMA DE BELAIR
EN RELACIÓN CON EL CLIENTE, SUS VENDEDORES Y PROVEEDORES NO
SOBREPASARÁ EL MONTO QUE EL CLIENTE PAGÓ POR EL PRODUCTO. LAS
LIMITACIONES ANTERIORES SE APLICARÁN YA SEA QUE EL SUPUESTO
INCUMPLIMIENTO U OMISIÓN CONSTITUYA O NO UNA VIOLACIÓN DE UNA
CONDICIÓN FUNDAMENTAL O UNA VIOLACIÓN FUNDAMENTAL.
Si cualquier cláusula de esta garantía limitada se considera sin validez o inejecutable, dicha
cláusula se ejecutará en la medida máxima permitida por la ley, y la legalidad y fuerza ejecutoria
de las otras cláusulas de esta garantía limitada permanecerán plenamente en vigor, debiendo ser
leídas e interpretadas como si la cláusula nula o inejecutable se hubiese eliminado originalmente.

BEGRÄNSAD GARANTI;
ANSVARSBEGRÄNSNING
Begränsad garanti. BelAir Networks, Inc. (”BelAir”) garanterar att de BelAir-produkter som
skickats till dig, som är kund hos BelAir (”kunden”) är fria från material- och tillverkningsfel på
maskinvaran, vid normalt bruk och med normal service, i 12 månader från det datum
produkterna sändes till kunden, och att programvaran är fri från fel i 90 dagar från det datum
produkterna sändes till kunden (respektive period benämns ”garantiperioden”).
Förbehåll. Denna begränsade garanti gäller under förutsättning att produkterna används på ett
riktigt sätt. Denna begränsade garanti omfattar inte plastytor eller andra yttre delar som skrapas
eller skadas på grund av normal användning. Denna begränsade garanti täcker inte, och blir
Draft
ogiltig i händelse av: (a) fel eller skada som uppstår genom olyckshändelse, felaktig användning,
vanvård, försummelse, onormal yttre, elektrisk eller elektromekanisk påfrestning, ändring av
produkterna eller någon del av dem, eller kosmetisk skada; (b) avlägsnande eller ändring av
serienummer eller annan identitetsmärkning på produkterna eller att sådan blivit oläslig; (c)
tekniska fel som beror på att produkterna använts tillsammans med tillbehör, produkter eller
utrustning som inte levererats av BelAir; eller (d) fel eller skada som uppkommit genom
obehörig eller olämplig testning, hantering, underhåll, installation, service eller anpassning av
produkterna. Vidare blir denna garanti ogiltig även i händelse att förseglingen för elektroniken
har brutits, eller om BelAir vid inspektion upptäcker att försök har gjorts att bryta förseglingen.
Kompensation. Under den tillämpliga garantiperioden kommer BelAir att reparera eller ersätta
alla felaktiga delar av produkterna, utifrån BelAirs eget gottfinnande och utan kostnad för
kunden, under förutsättning att produkterna skickas tillbaka omedelbart så snart felet upptäckts
och inom den tillämpliga garantiperioden. För att erhålla service måste produkter returneras till
ett auktoriserat serviceställe i originalförpackning eller i förpackning som är lämplig för
transporten, tillsammans med kvitto som visar datum för köpet och produkternas serienummer.
Giltig RMA (Return Material Authorization) krävs före retur. BelAir kan utifrån eget
gottfinnande använda ombyggda, reparerade eller nya delar eller komponenter när produkter
repareras, eller ersätta en produkt med en ombyggd, reparerad eller ny produkt. För reparerade
produkter gäller garantin under en period som motsvarar återstoden av den ursprungliga
tillämpliga garantiperioden för originalprodukten, eller under 90 dagar, om den senare är längre.
Alla utbytta delar, komponenter, kretskort eller annan utrustning blir BelAirs egendom. Om
BelAir fastställer att denna begränsade garanti inte täcker någon produkt, måste kunden stå för
kostnaderna för alla delar, frakt och arbete i samband med reparation eller retur av sådana
produkter. Vad som ovan sagts är den enda kompensation kunden kan få, och den enda
skyldighet och det enda ansvar som åligger BelAir beträffande denna begränsade garanti.
Ingen garanti. MED UNDANTAG AV DEN UTTRYCKLIGA GARANTIN OVAN,

LEVERERAS PRODUKTER OCH LAGRINGSMEDIA I ”BEFINTLIGT SKICK”, OCH DET
FINNS INGA GARANTIER, FRAMSTÄLLNINGAR ELLER VILLKOR, UTTRYCKLIGA

ELLER UNDERFÖRSTÅDDA, MUNTLIGA ELLER SKRIFTLIGA, INSKRIVNA I

STADGAR, LAGSTIFTNING, ENLIGT GOD HANDELSSED ELLER PRAXIS ELLER PÅ
ANNAT SÄTT, FÖR DEM ELLER NÅGON ANNAN PRODUKT ELLER SERVICE SOM
TILLHANDAHÅLLS AV BELAIR ENLIGT ELLER I ANSLUTNING TILL DENNA
GARANTI. I DEN UTSTRÄCKNING SOM ÄR LAGLIGEN TILLÅTET, FRÅNSÄGER SIG
BELAIR ALLT ANSVAR AVSEENDE UNDERFÖRSTÅDDA GARANTIER ELLER
VILLKOR SOM GÄLLER KVALITET, TILLFREDSSTÄLLANDE KVALITET,
SÄLJBARHET, HÅLLBARHET, LÄMPLIGHET FÖR VISST ÄNDAMÅL, ÄGANDERÄTT
OCH ICKE-INTRÅNG. BELAIR FRAMHÅLLER ELLER GARANTERAR INTE ATT
PRODUKTERNA MOTSVARAR KUNDERNAS ALLA SÄRSKILDA KRAV, ATT
PRODUKTERNA FUNGERAR FELFRITT ELLER UTAN AVBROTT, ELLER ATT ALLA
FEL ELLER FABRIKATIONSFEL PÅ PRODUKTERNA KAN ÅTGÄRDAS.
Draft
DENNA PRODUKT ÄR INTE TILLFÖRLITLIG OCH DEN ÄR INTE FORMGIVEN,
TILLVERKAD ELLER AVSEDD FÖR ATT ANVÄNDAS I, ELLER SÄLJAS VIDARE
SOM, UTRUSTNING FÖR ANVÄNDNING I RISKFYLLDA MILJÖER SOM KRÄVER
FELFRI PRESTANDA, SÅSOM FLYGNAVIGERING, KOMMUNIKATIONSSYSTEM,
FLYGKONTROLL ELLER VAPENSYSTEM, DÄR BRISTER I FUNKTIONEN
DIREKT SKULLE KUNNA LEDA TILL DÖDSFALL, PERSONSKADA ELLER
ALLVARLIG FYSISK SKADA ELLER SKADA PÅ MILJÖN.
ÅTERGIVANDE ELLER ANNAN FAKTAFÖRSÄKRAN, INKLUSIVE, MEN INTE

BEGRÄNSAT TILL, PÅSTÅENDEN OM PRODUKTERS PRESTANDA, SOM INTE TAS
UPP I DENNA BEGRÄNSADE GARANTI, SKALL INTE ANSES SOM GARANTI,
VILLKOR ELLER ÅTERGIVANDE AV BELAIR. Ingen av BelAirs anställda, agenter,
återförsäljare eller representanter har behörighet att ändra denna begränsade garanti eller ge
ytterligare garantier som är bindande för BelAir. I enlighet därmed utgör inga, vare sig skriftliga
eller muntliga, ytterligare påståenden såsom annonsering eller presentationer, garantier av
BelAir och skall inte anses tillförlitliga.
INGA ÖVERENSKOMMELSER SOM FÖRÄNDRAR ELLER UTÖKAR OVANSTÅENDE

VILLKOR ÄR BINDANDE FÖR BELAIR, SÅVIDA DE INTE ÄR SKRIFTLIGA OCH
UNDERTECKNADE AV EN AV BELAIR AUKTORISERAD FIRMATECKNARE.
Produkternas funktion är beroende av utförandet av och tillgängligheten till service och
teknologi som tillhandahålls av tredje part, och BelAir är inte ansvarigt för kontinuiteten och
tillförlitligheten i service, mottagande eller andra begränsningar av funktionen vid användning
av produkterna.
Denna begränsade garanti fördelar risken mellan kunden och BelAir, och prissättningen på
BelAirs produkter speglar fördelningen av risken och ansvarsbegränsningarna som finns i den
begränsade garantin.

All teknisk support för, reparation eller utbyte av någon produkt som görs utanför den
tillämpliga garantiperioden (inklusive reparationer eller utbyte efter utgången av den tillämpliga
garantiperioden) som utförs av BelAir betalas av kunden och till BelAirs då gällande
prissättning.
I DEN UTSTRÄCKNING SOM GÄLLANDE LAG TILLÅTER, SKALL VARKEN BELAIR,

DESS ÅTERFÖRSÄLJARE ELLER LEVERANTÖRER INFÖR NÅGON ANNAN PERSON
ELLER ENHET HÅLLAS ANSVARIGA FÖR NÅGON INDIREKT, TILLFÄLLIG,
SÄRSKILD SKADA ELLER FÖLJDSKADA AV NÅGOT SLAG, INKLUSIVE, MEN INTE
BEGRÄNSAT TILL, UTEBLIVEN INKOMST ELLER VINST, FÖRLORAD ELLER
SKADAD INFORMATION, KOSTNADER FÖR ATT SKAFFA ERSÄTTNINGSVAROR,
ELLER ANNAN KOMMERSIELL ELLER EKONOMISK SKADA, ÄVEN OM RÅD HAR
GIVITS OM ATT SÅDAN SKADA SKULLE KUNNA UPPSTÅ ELLER OM DEN ÄR
Draft
MÖJLIG ATT FÖRUTSE. BELAIRS, DESS ÅTERFÖRSÄLJARES OCH
LEVERANTÖRERS MAXIMALA SAMLADE ANSVAR GENTEMOT KUNDEN SKALL
INTE ÖVERSKRIDA DEN SUMMA SOM KUNDEN HAR BETALT FÖR PRODUKTEN.
DE BEGRÄNSNINGAR SOM FRAMGÅR AV DET TIDIGARE SAGDA TILLÄMPAS
VARE SIG DET ANFÖRDA KONTRAKTSBROTTET ELLER FÖRSUMMELSEN ÄR ETT
BROTT MOT ETT VÄSENTLIGT VILLKOR ELLER OM DET ÄR ETT VÄSENTLIGT
KONTRAKTSBROTT.
Om någon åtgärd inom denna begränsade garanti befinns ogiltig eller inte kan genomföras,
kommer den att genomföras i den utsträckning som är möjligt enligt lag, och lagligheten och
genomförandet av andra åtgärder som omfattas av denna begränsade garanti kommer att förbli i
kraft, samt läsas och tolkas som om den ogiltiga eller ogenomförbara åtgärden inte fanns med
från början.

Draft

Draft

Draft

Draft

BelAir20 User Guide Node Configuration Sheets
Appendix A: Node Configuration Sheets

You can use this sample worksheet to document the basic configuration of a
BelAir20 unit. Store your worksheets in a secure location because they contain
sensitive information (super-user password and privacy keys).
Unit part number (located on the sticker on to the unit):__________________________
Unit serial number (located on the sticker on to the unit):__________________________
Draft
Super-user password: ____________________________
System Name: ______________ Location: ____________ Contact: _______________
Base MAC Address: ______________
IP Address: _____________Subnet:______________ Gateway: ______________
Cable Modem MAC Address (BelAir100S only): ________________________________
Layer 2 Configuration (BelAir200 only): STP Priority: _______
Client to VLAN mapping: Y or N

Wi-FI Access Point (AP) Settings (if configured)

Interface: wifi-___-1
Channel: ________
Table 16: AP Privacy Setting Table (Optional)
SSID (1 to 16) ACL Encryption and Authentication

__________________ Y or N wep40
RADIUS or 5-byte pre-shared key: _______________________________________________
wep104
RADIUS or 13-byte pre-shared key: ______________________________________________
Draft
wpa
encryption (TKIP or AES):____________________
RADIUS or 8 to 63-byte pre-shared key: ___________________________________________
wpa2
encryption (PSMv2 only: TKIP or AES. Others: AES only):____________________
dot1x (RADIUS (EAP) authentication)

1. ________________
2. ________________
3. ________________
4. ________________
__________________ Y or N wep40
RADIUS or 5-byte pre-shared key: _______________________________________________
wep104
RADIUS or 13-byte pre-shared key: ______________________________________________
wpa
encryption (TKIP or AES):____________________
wpa2
encryption (PSMv2 only: TKIP or AES. Others: AES only):____________________
dot1x (RADIUS (EAP) authentication)

1. ________________
2. ________________
3. ________________
4. ________________

Wi-Fi Backhaul Setting (if configured)

Interface: wifi-___-1
Channel: ________
Link ID: _____________________
AES Privacy (Y or N):__________ Key (16 characters):_____________________________________
Topology (P-to-P, MP-to-MP mesh, P-to-MP star): ________________________________
P-to-MP star role (base-station or subscriber-station): ____________________________
Draft
P-to-MP star link index: ____________________________
WiMAX Backhaul Setting (if configured)

Interface: wimax-___-1
Mode (base-station or subscriber-station): ____________________________
Channel: _______________ Bandwidth: _____________________
Antenna gain: ________
Key (16 characters):_____________________________________
Transmit power:_____________________________________
Frame size: ________
BSID (6 characters): _____________________

BelAir20 User Guide BelAir20 Factory Defaults
Appendix B: BelAir20 Factory Defaults

You can reset the configuration of a BelAir20 to the factory default settings by
using a CLI command. or by pressing the unit’s reset button.
Typically, you would reset to factory defaults only when all other methods of
changing the unit’s configuration have failed. The reset button is used when
there is no way of communicating to the unit.
Resetting to If you are logged in as root and have access to system commands, you can reset
the unit to the factory defaults.
Factory Defaults
with a CLI
Draft
Command
CAUTION! By performing the following procedure, all local configuration data will be
replaced by default factory settings. You will not be able to recover any local
configuration data.
CAUTION! You may not able to reestablish connectivity to a remotely located unit after you
execute this procedure.
Use the following command sequence:
cd /system
syscmd restoreDefaultConfig
reboot
Resetting to To perform this procedure, you need physical access to the unit.
Factory Defaults
with the Reset
Button
CAUTION! By performing the following procedure, all local configuration data will be
replaced by default factory settings. You will not be able to recover any local
configuration data.

BelAir20 User Guide BelAir20 Factory Defaults
To reset the BelAir20 configuration to factory defaults, do the following steps:

1 Access the BelAir20 rear panel. You may need to detach it from its
mounting bracket.
2 With a pen tip or paperclip, press the unit’s reset button for more than
5 seconds. Refer to Figure 12.
Figure 12: BelAir20 Rear Panel with Reset Button
Reset (Hole)
Draft
3 If necessary, re-attach the BelAir20 to its mounting bracket.

BelAir20 User Guide Detailed Table of Contents
Detailed Table of Contents

About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
BelAir20 Indoor Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Dual-radio architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Wireless radio modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Mesh and Layer 2 networking capabilities . . . . . . . . . . . . . . . . . . . . . . .5
Draft
Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hardware Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
BelAir20 Configuration Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 8

Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
SNMP Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Integrating the BelAir20 with a Pre-deployed NMS . . . . . . . . .9
Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Accessing the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . .11
Accessing the System Page with Secure HTTP or with HTTP 11
Stopping a Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Additional Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . .13
Command Line Interface Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Connecting to the BelAir20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Starting a CLI Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Abbreviating Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Command History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Special CLI Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Help Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Saving your Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Saving the Configuration Database . . . . . . . . . . . . . . . . . . . . .23

Restoring the Configuration Database . . . . . . . . . . . . . . . . . .24
Common CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Terminating your CLI Session . . . . . . . . . . . . . . . . . . . . . . . . .24
Changing Your Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Clearing the Console Display . . . . . . . . . . . . . . . . . . . . . . . . . .25
Locking the Console Display . . . . . . . . . . . . . . . . . . . . . . . . . .25
Displaying the Current Software Version . . . . . . . . . . . . . . . .25
Displaying the Current Date and Time . . . . . . . . . . . . . . . . . .25
Displaying Current User . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Switching User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Draft
Replacing a Token by a String . . . . . . . . . . . . . . . . . . . . . . . . .26
Pinging a Host or Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Radio Configuration Summary . . . . . . . . . . . . . . . . . . . . . . . . .27
Script Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
BelAir20 Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

SNMP Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
SNMPv1/v2 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
SNMPv3 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Configuring a User for Read or Write Operations . . . . . . . . .30
Generating Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
SNMP Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Target Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
Target Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Authentication Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Engine Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Secure HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
SSH Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Displaying Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . .44
Configuring the Server Certificate . . . . . . . . . . . . . . . . . . . . . .44
Creating RSA Key Pair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Creating Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . .45
Configuring the Server Certificate . . . . . . . . . . . . . . . . . . . . . .45
Saving an SSL Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Draft
User and Session Administration . . . . . . . . . . . . . . . . . . . . . . . . . 46
User Privilege Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Configuring Authentication for User Accounts . . . . . . . . . . . . . . . . . .51
Authentication Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
CLI and Web Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Session Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Configuring the Session Timeout Interval . . . . . . . . . . . . . . . .53
CLI Prompt Customization . . . . . . . . . . . . . . . . . . . . . . . . . . .54
IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Displaying IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Configuring IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Configuring Dynamic IP Addressing . . . . . . . . . . . . . . . . . . . . .57
Renewing the IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Setting a Static IP Address and Subnet Mask . . . . . . . . . . . . . .58
Static IP Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Configuring the Domain Name System Lookup Service . . . . . . . . . . .59
System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Country of Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
System Identification Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Configuring the System Date and Time . . . . . . . . . . . . . . . . . . . . . . . .61

Manual Date and Time Configuration . . . . . . . . . . . . . . . . . . .61
Managing an SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
GPS Coordinates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Find Me Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63
Displaying Unit Inventory Information . . . . . . . . . . . . . . . . . . . . . . . . .63
Battery and Temperature Controls . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Displaying System Up Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Saving and Restoring the BelAir20 Configuration . . . . . . . . . . . . . . . .64
Copying the Configuration Database to the Standby Load . . .64
Restoring the Configuration Database from the Standby Load .
Draft
64
Displaying the Running Configuration . . . . . . . . . . . . . . . . . . .65
Restarting the Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Creating and Using Script Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Script Creation Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Transferring Files to and from a BelAir Node . . . . . . . . . . . . .65
Managing Script Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
BelAir20 Auto-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
Pre-requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Configuring and Using DHCP Options . . . . . . . . . . . . . . . . . .69
Accepting Specific DHCP Parameters . . . . . . . . . . . . . . . . . . .70
Configuration Download Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Pre-requisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Using a Configuration Download Profile . . . . . . . . . . . . . . . . .71
Ethernet Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Displaying the Ethernet Interface Configuration Settings . . . . . . . . . .72
Displaying the Ethernet Interface Operational Settings . . . . . . . . . . .72
Modifying Ethernet Interface Parameters . . . . . . . . . . . . . . . . . . . . . .73
Card Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Determining which Cards are in a Node . . . . . . . . . . . . . . . . . . . . . . .74

Displaying Card Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Displaying Card Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Displaying the Card Physical Data . . . . . . . . . . . . . . . . . . . . . .75
Displaying the Card Physical Interfaces . . . . . . . . . . . . . . . . . .75
Card Administrative State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Restarting a Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Wi-Fi Radio Configuration Overview . . . . . . . . . . . . . . . . . . . . . 77

Available Wi-Fi Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Draft
Configuring Wi-Fi Radio Parameters . . . . . . . . . . . . . . . . . . . . . . 78
Displaying Wi-Fi Radio Configuration . . . . . . . . . . . . . . . . . . . . . . . . .78
Displaying Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Operating Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Antenna Gain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Transmit Power Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Link Distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Dynamic Frequency Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Rate Aware Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Changing Wi-Fi Interface Admin State . . . . . . . . . . . . . . . . . . . . . . . . .83
Configuring Wi-Fi Access Point Parameters . . . . . . . . . . . . . . . . 84

Displaying AP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
DHCP Server Broadcast to Unicast Conversion . . . . . . . . . . . . . . . .85
Displaying Associated Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . .85
Displaying Wireless Client Details . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Disconnecting a Wireless Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Enabling RTS-CTS Handshaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Changing AP Admin State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
AP Service Set Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Displaying the SSID Table . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
Displaying SSID Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Default Management SSID . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Configuring SSIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Changing SSID Admin State . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Wi-Fi AP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Security Options for Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . .93
RADIUS Servers for Wireless Clients . . . . . . . . . . . . . . . . . . . . . . . . .94
Managing RADIUS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Changing RADIUS Server Admin State . . . . . . . . . . . . . . . . . .98
Assigning SSIDs to RADIUS Servers . . . . . . . . . . . . . . . . . . . .98
RADIUS Assigned VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
AP Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99
Draft
Wireless Client Access Control List . . . . . . . . . . . . . . . . . . . . . . . . .100
Controlling Inter-client Communication . . . . . . . . . . . . . . . . . . . . . .101
Determining the MAC Address of the Internet gateway . . .102
Disabling or Enabling AP Wireless Bridging . . . . . . . . . . . . . .102
Disabling Inter-AP Wireless Client Communication . . . . . . .102
Secure MAC White List . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
AP Secure Port Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Protecting against Denial of Service Attacks . . . . . . . . . . . . . . . . . . .103
Deauthentication DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
NAV DoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Wi-Fi Backhaul Link Configuration . . . . . . . . . . . . . . . . . . . . . . 105

Displaying Backhaul Link Configuration . . . . . . . . . . . . . . . . . . . . . . .105
Configuring Backhaul Link Identifier, Topology and Privacy . . . . . . .106
Managing MP-to-MP Meshes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Displaying the Mesh Topology . . . . . . . . . . . . . . . . . . . . . . . .108
Managing Mesh Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Setting a Link RSSI Threshold . . . . . . . . . . . . . . . . . . . . . . . .110
Managing the Mesh Blacklist . . . . . . . . . . . . . . . . . . . . . . . . . .110
Egress Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Changing Backhaul Link Admin State . . . . . . . . . . . . . . . . . . . . . . . . .111
Mobile Backhaul Mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Configuring Mobile Backhaul Mesh Links . . . . . . . . . . . . . . . . . . . . . .113

Displaying Mobility Configuration and Status . . . . . . . . . . . .113

Configuring and Enabling Mobile Backhaul Mesh Links . . . . .113
Layer 2 Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . 115

Using Layer 2 Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Using Virtual LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Configuring the IP Address of a VLAN . . . . . . . . . . . . . . . . .116
Managing Egress Node Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
VLAN Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
VLAN Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Draft
Using Layer 2 Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configuring the BelAir Node for Layer 2 Tunneling . . . . . . . . . . . . .119
Displaying Tunnel Configuration and Status . . . . . . . . . . . . .120
Starting and Stopping Layer 2 Tunneling . . . . . . . . . . . . . . . .120
Setting Tunnel Engine Parameters . . . . . . . . . . . . . . . . . . . . .120
Adding and Removing Layer 2 Tunnels . . . . . . . . . . . . . . . . .121
Mapping User Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121
Configuring Authentication . . . . . . . . . . . . . . . . . . . . . . . . . .122
Configuring the Network Central Router for Layer 2 Tunneling . . .122
Quality of Service Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

System QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Marking Spectralink Voice Priority Packets . . . . . . . . . . . . . .124
Prioritizing Traffic Based on User Priority Bits . . . . . . . . . . .124
Prioritizing Traffic using VLAN IDs . . . . . . . . . . . . . . . . . . . .125
Resetting the QoS Configuration . . . . . . . . . . . . . . . . . . . . . .125
Displaying a Summary of System QoS Settings . . . . . . . . . . .125
Displaying the Prioritization Settings . . . . . . . . . . . . . . . . . . .126
Radio QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
Displaying a Summary of Radio QoS Settings . . . . . . . . . . . .126
Enabling or Disabling Wireless Multi-media . . . . . . . . . . . . .127
QoS Priority Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
QoS Mapping Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

Voice and Video Access Control . . . . . . . . . . . . . . . . . . . . . .128

Unscheduled Automatic Power-save Delivery . . . . . . . . . . .129
Layer 2 Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . 130

Spanning Tree Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Configuring Spanning Tree Priority . . . . . . . . . . . . . . . . . . . .131
Configuring Other Spanning Tree Parameters . . . . . . . . . . .132
RSTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Displaying the RSTP Configuration Settings . . . . . . . . . . . . .133
Displaying the RSTP Topology Information . . . . . . . . . . . . . .134
Displaying RSTP Port Roles and States . . . . . . . . . . . . . . . . .136
Draft
Configuring the Bridge Aging Time . . . . . . . . . . . . . . . . . . . .137
Configuring Spanning Tree Priority . . . . . . . . . . . . . . . . . . . .137
Transmit Hold Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Max Age, Hello Time and Forward Delay . . . . . . . . . . . . . . .138
RSTP Link Priority and Static Path Cost . . . . . . . . . . . . . . . .138
Dynamic Path Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
RSTP Protocol Migration on an Interface . . . . . . . . . . . . . . .140
RSTP Edge Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
RSTP Point-To-Point Status of an Interface . . . . . . . . . . . . . .140
Interface RSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . .141
Performing a Software Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . 142

Upgrade Process Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Downloading a New Software Load . . . . . . . . . . . . . . . . . . . . . . . . .144
Canceling a Software Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Verifying a Successful Download . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Activating a Software Load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Committing a New Software Load . . . . . . . . . . . . . . . . . . . . . . . . . .147
Backing Out from a Software Upgrade . . . . . . . . . . . . . . . . . . . . . . .148
Displaying the Status of the Software Upgrade . . . . . . . . . . . . . . . . .149
For More Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Installation Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
User Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150

Troubleshooting Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151
Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Support Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Warranty and Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Definitions and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
LIMITED WARRANTY; LIMITATION OF LIABILITY . . . . . . . 156
Appendix A: Node Configuration Sheets . . . . . . . . . . . . . . . . . . 190
Draft
Appendix B: BelAir20 Factory Defaults . . . . . . . . . . . . . . . . . . . 193
Resetting to Factory Defaults with a CLI Command . . . . . . . . . . . .193
Resetting to Factory Defaults with the Reset Button . . . . . . . . . . . .193
Detailed Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
List of Figures
Figure 1: BelAir20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Figure 2: BelAir20 Hardware Module Block Diagram . . . . . . . . . . . . . . . . . . . .6
Figure 3: Typical Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Figure 4: Typical Web Interface Main Page . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Figure 5: Sample Output of mode Command . . . . . . . . . . . . . . . . . . . . . . . . .17
Figure 6: Mobile Backhaul Links Connecting Vehicle Cameras to Roadside Net-
work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Figure 7: Wireless Mobility using L2TP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
Figure 8: Active and Standby Software Loads . . . . . . . . . . . . . . . . . . . . . . . .143
Figure 9: Software Upgrade Step 3 - Downloading the New Software Load 145
Figure 10: Software Upgrade Step 7 - Commit the Software Load . . . . . . .147
Figure 11: Backing Out from an Uncommitted Software Upgrade . . . . . . . .148
Figure 12: BelAir20 Rear Panel with Reset Button . . . . . . . . . . . . . . . . . . . .194
List of Tables
Table 1: Product Name Synonyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Table 2: Standard SNMP MIBs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Table 3: BelAir Enterprise MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Table 4: Command Line Interface Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Table 5: Super-user commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Table 6: Physical Interface Parameter Settings . . . . . . . . . . . . . . . . . . . . . . . . .74
Table 7: BelAir Wi-Fi Radio Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77
Table 8: Auth Field Value Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Table 9: DHCP Field Value Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Table 10: RADIUS Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Table 11: Wi-Fi Backhaul Configuration Requirements . . . . . . . . . . . . . . . . .107
Table 12: Traffic Priority Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123
Table 13: User Priority Value to Priority Queue Processing . . . . . . . . . . . . .124
Table 14: UP and DSCP Value to Priority Queue Processing . . . . . . . . . . . .128
Draft
Table 15: Configurable Spanning Tree Timers and Associated Parameters .132
Table 16: AP Privacy Setting Table (Optional) . . . . . . . . . . . . . . . . . . . . . . . .191

BelAir20 User Guide
Draft
BelAir Networks Inc. General Information Sales Visit us on the web at:
603 March Road info@belairnetworks.com sales@belairnetworks.com
Kanata, Ontario www.belairnetworks.com
Canada Technical Support
K2K 2M5 techsupport@belairnetworks.com
1-877-BelAir1 (235-2471)
613-254-7070

205

BelAir20 User Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BelAir20 User Guide

Uploaded by

Copyright:

Available Formats

BelAir20

April 6, 2009 Confidential Page 2 of 205

About This Document

Product Name Synonym

Typographical This document uses the following typographical conventions:

Related The following titles are BelAir reference documents:

April 6, 2009 Confidential Page 3 of 205

BelAir20 Indoor Access Point

April 6, 2009 Confidential Page 4 of 205

April 6, 2009 Confidential Page 5 of 205

Antenna 1 Antenna 2 Antenna 3

April 6, 2009 Confidential Page 6 of 205

The BelAir20 consists of the following modules:

April 6, 2009 Confidential Page 7 of 205

BelAir20 Configuration Interfaces

April 6, 2009 Confidential Page 8 of 205

The BelAir20 SNMP agent contains Management Information Base (MIB)

Table 2: Standard SNMP MIBs

File Name Description

BRIDGE-MIB.mib implements RFC1493

April 6, 2009 Confidential Page 9 of 205

Table 2: Standard SNMP MIBs (Continued)

File Name Description

SNMP-NOTIFICATION-MIB.mib implements RFC3413

Table 3: BelAir Enterprise MIBs

File Name Description

BELAIR-IEEE802DOT11-CLIENT.mib defines features that are not supported by the standard

April 6, 2009 Confidential Page 10 of 205

Table 3: BelAir Enterprise MIBs (Continued)

File Name Description

BELAIR-WRM.mib defines BelAir WiMAX data types

April 6, 2009 Confidential Page 11 of 205

Figure 3: Typical Login Page

2 Enter a valid user name, such as root, and a valid password.

April 6, 2009 Confidential Page 12 of 205

April 6, 2009 Confidential Page 13 of 205

Command Line Interface Basics

April 6, 2009 Confidential Page 14 of 205

April 6, 2009 Confidential Page 15 of 205

SSH Session Example of Initial Login

April 6, 2009 Confidential Page 16 of 205

Figure 5: Sample Output of mode Command

Table 4 describes the modes that are supported.

Card Management: /card/<card_type>-<n>

April 6, 2009 Confidential Page 17 of 205

Table 4: Command Line Interface Modes (Continued)

Physical Interfaces: /interface/<iface>-<n>-<m>

one of: Configure the BelAir20 physical interfaces:

mgmt • Configure user accounts, user authentication and

Protocol Management: /protocol/<protocol>

one of: Configure the following protocols:

April 6, 2009 Confidential Page 18 of 205

Table 4: Command Line Interface Modes (Continued)

qos Configure Quality of Service (QoS) parameters

See the BelAir20 Troubleshooting Guide for details.

April 6, 2009 Confidential Page 19 of 205

executes a command from snmp mode while in system mode.

Special CLI Keys Command Completion

April 6, 2009 Confidential Page 20 of 205

Execution of the Last Typed Command

Executing the Previous Commands

These commands display:

April 6, 2009 Confidential Page 21 of 205

adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]