PDF Datasheet

Managed Access Point Solution (MAPS)

Tech Specification

Turnkey, customizable, fully-managed software for advanced Wi-Fi® access points

The SecureF1rst Managed Access Point Solution (MAPS) from TeamF1 is a comprehensive turnkey software package that combines the latest 802.11 wireless standards with field-proven networking and security components.

As a member of TeamF1’s SecureF1rst line of innovative prepackaged solutions, MAPS enables OEMs/ODMs to deliver leading-edge Wi-Fi devices, such as business-class wireless APs and gateways, broadband access points (APs)/routers, WISP and hot-spot infrastructure nodes, for the small-to-medium business (SMB) market.

A complete secure AP solution
SecureF1rst MAPS provides OEMs/ODMs a production-ready solution for building secure, managed access point devices while dramatically reducing development cost, risk, and time to market. With SecureF1rst MAPS, OEMs can easily differentiate their Wi-Fi AP products by choosing from a wide range of advanced networking and security modules available from TeamF1 as part of its SecureF1rst platform.

SecureF1rst MAPS supports:

  • Dual-band, multimode networks (5 GHz and 2.4 GHz, 54 Mbps) capable of delivering high-performance throughput.
  • Power over Ethernet (PoE), which eliminates extra cabling and the necessity to locate a device near a power source.
  • Point-to-point and point-to-multipoint wireless distribution system (WDS), which extends a network’s wireless range without additional cabling.
  • Advanced 802.11 security standards — including WEP, WAPI (for devices in the China market), WPA, WPA2 (802.11i) — for any generation of wireless security, in Personal and Enterprise modes.
  • Extensive Wireless Intrusion Prevention (WIPS) features to prevent from various threats originating in wireless networks such as spoofing and dictionary attacks, DoS and flood attacks, etc. Detailed WIPS logging and reporting options available for analysis.
  • 802.11n MIMO technology (including support for channel width selection), which uses multiple radios to create a robust signal that travels farther with fewer dead spots at high data rates.
  • Wi-Fi Multimedia (WMM), which provides improved quality of service over wireless connections for better video and voice performance and power saving through Unscheduled Automatic Power Save Delivery (UAPSD).
  • Fully optimized and validated support for IPv6 protocol (host and router) for next generation wireless networking with support for various transitioning mechanisms.
  • Router and bridge only modes for connecting wireless devices in a network as required by the topology.
  • Comprehensive management capabilities, with SNMPv3 and full 802.11 MIB support, enabling network administrators to remotely and seamlessly configure, update, and monitor multiple devices.
  • Variety of hardware/software options with support for Linux and VxWorks platforms and a broad range of Wi-Fi chipsets, including multiple radios in single system.

Key 802.11 standards
SecureF1rst MAPS supports key IEEE standards for WLANs including:

  • 802.11e: Full Wi-Fi Multimedia standard plus MAC enhancements for QoS. Improves audio, video (e.g., MPEG-2), and voice applications over wireless networks and allows network administrators to give priority to time-sensitive traffic such as voice.
  • 802.11i: Strengthens wireless security by incorporating stronger encryption techniques, such as the Advanced Encryption Standard (AES), into the MAC layer. Adds pre-authentication support for fast roaming between APs.
  • 802.11n: Uses multiple-input, multiple-output (MIMO) techniques to boost wireless bandwidth and range. Multiple radios create a robust signal that travels farther, with fewer dead spots.
  • 802.11r: Enables fast roaming for wireless devices in motion through quick handoff from one AP to another. Uninterrupted connectivity allows better user experience, particularly while using voice and media streaming applications.
  • 802.11h: Helps avoid wireless channel interference with other radios and reserved frequencies through Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).
  • 802.11d: Enables the use of 802.11 standard by adhering to specific regulatory compliance requirement of particular regions called “additional regulatory domains”.
  • 802.11s: Provides for creation of wireless mesh networks. Supports both static and ad-hoc topology creation for a wireless setup.

Other major Wi-Fi features

  • Multiple SSIDs create virtual access points, whereby a single device can deliver multiple services, each with its own independent security and connectivity profile.
  • Advanced radio configuration enables optimized device management. Network administrators can tune APs to specific environments, trading-off range, for example, for increased data rates or power management requirements.
  • VLAN support (VLAN tagging per SSID, VLAN-based priority assignment) ensures QoS and segmentation of wireless network data when a mobile user is travelling on the wired network side. Enables isolated guest network access.
  • Captive Portal feature with fully customizable page design and elements such as user login, policy compliance checkbox, etc.
  • Security features such as MAC address filtering, rogue AP detection, wireless intrusion prevention and built-in RADIUS client for enterprise user authentication.
  • Time of day (ToD) mapping of virtual access points with network usage policies and service access levels.
  • Support for MeshF1 – an optimized wireless application layer mesh topology with hierarchical, secure and redundant connectivity of multiple wireless devices in a deployment.
  • Detailed monitoring capability, utilizing statistics (per client, per AP, per radio), helps to optimize networks and provide additional security.
  • Inter Access Point Protocol (IAPP) support for communication between access points from multiple vendors.
  • SecureF1rst MAPS’ hardware acceleration capability and the use of dedicated resources for cryptographic off-load in modern processors and Wi-Fi chipsets ensures high-speed performance.

Features & Benefits

  • Complete turnkey solution for building Wi-Fi devices with secure, managed access points lessens OEMs’ development costs, risk, and time to market.
  • Selected SecureF1rst networking and security modules enable OEMs to easily differentiate products.
  • Adherence to standards enables:
    • 802.11 a/b/g/n support for maximum flexibility and high performance.
    • PoE for simplified power requirements.
    • WEP, WAPI, WPA, WPA2 (802.11i), and WPS for advanced security.
    • WDS, using a wireless medium, for a flexible and efficient distribution mechanism.
  • MIMO technology for stronger signals and fewer dead spots.
  • Comprehensive management capabilities including secure remote management.
  • Support for a broad range of Wi-Fi chipsets.
  • Branding options offer a cost-effective, customized look and feel.

OS Platforms: Linux®, VxWorks® and other embedded OSs.
Hardware Platforms: ARM/XScale®, MIPS®, PowerPC®, x86.

The SecureF1rst Advantage
SecureF1rst software modules provide OEMs flexible connectivity options, aggravation-free branding, and validated software components. In addition to Wi-Fi capabilities, OEMs can select modules for building an AP bridge or AP gateways between multiple LAN, WLAN, and DMZ interfaces – plus any other security zones – of several different types. In addition to a standard Ethernet interface on the wired side, SecureF1rst MAPS supports a variety of other back-haul options such as broadband and serial interfaces, and cellular data (3G/LTE) links.

Field-proven software modules
In order to create specific instances of the Managed Access Point Solution, TeamF1 leverages pre-existing software blocks that have proven their merit in thousands of deployments, not only minimizing risk for OEMs but also keeping licensing terms flexible. And only TeamF1’s Managed Access Point Solution can offer such a comprehensive set of features with completely modular packaging that allows for full customization to meet an OEM's specific requirements.

Mix and match SecureF1rst software modules
To create a fully customized device, OEMs first select from a comprehensive set of SecureF1rst software modules. In addition to SecureF1rst modules, OEMs can select from third-party modules provided by TeamF1 partners or modules developed in-house by OEMs. TeamF1 then integrates these modules to create validated software packages that meet an OEM’s specific needs.

The final custom touches are added by TeamF1's professional services experts, who develop specific features such as BSPs, bootloaders, drivers, and hardware accelerators for OS platforms running the Managed Access Point Solution; integrate non-TeamF1 software modules; and customize end-user device management interfaces.

The result is a standard, field-tested software solution in a production-ready custom package, with all hardware integration, porting, testing, and validation completed by TeamF1.

Easy-to-use device management features

  • User friendly, browser-based remote management.
  • Advanced AJAX-enabled web management powered by TeamF1's DynaMO (Dynamic Management Objects) technology optionally offers cutting-edge interactive features including dynamic refresh, RSS feeds and search tags.
  • The flexibility of user profiles with different privileges such as super-users, administrators, operators, and guests.
  • Multi-user features for simultaneous device management and information sharing with two-factor authentication support for stronger identity management.
  • Simple Network Management Protocol (SNMP) enables administrators to remotely monitor and fully control network devices and to manage configurations, generate usage reports, and monitor performance, and security. Monitoring features alert managers to events such as exceeded traffic limits reached, authentication failures, and attacks, while also tracking statistics.
  • A flexible and powerful command line interface (CLI) is provided to configure and monitor the Wi-Fi device and automate common tasks. The CLI has a hierarchical command structure for direct execution of management commands using a serial/USB console or remote access mechanisms such as FTP/SFTP, Telnet/SSH and RCP/SCP and includes easy-to-use features such as line editing and history.
  • Support for executing device maintenance tasks such as manufacturing tests capability for ODMs, and device diagnostics and custom CLI scripts for administrators. Predefined CLI scripts can also be saved and run through the GUI.
  • An internal, extensible management framework can be used with automated techniques such as XML/SOAP.
  • Support for TR-069 and extension protocols for automatic configuration and provisioning of network devices.

Customization Flexibility
SecureF1rst MAPS is based on an advanced networking and security platform with well-integrated modular technologies tailored to the SMB/SME market. The modular approach enables end-product requirements technically as well as from the perspective of each device’s look and feel. TeamF1's solution engineering team specializes in integrating and customizing our technologies into branded, ready-to-deploy turnkey solutions meeting specific market requirements.

Aggravation-free branding
TeamF1 offers OEMs different ways to customize, or “brand,” the graphical user interfaces (GUIs) of Wi-Fi devices. Options include:

  • Support for multiple themes that provide an OEM-branded look and feel with no programming or HTML changes.
  • Support for multiple GUI skins that provide GUI design customization beyond the use of OEM-branded colors and graphics, while requiring no code changes or retesting.
  • Advanced user interface control requiring some programming—using documented APIs supported by the flexible management infrastructure. This enables options such as dynamic graphics, Flash, and Java that provide the ultimate in branding with a unique look and feel.

Benefits for End-Customers

  • Advanced wireless security.
  • Easy-to-use device management features.
  • Multiple add-on options for VPN, firewall, QoS, and authentication functions.

Validated software components
TeamF1’s software component products are all extensively validated on a variety of embedded operating systems including Linux and VxWorks, and CPU platforms that include ARM/XScale, MIPS, PowerPC, and x86 processors.

Flexible Licensing
TeamF1’s embedded software products are licensed with very flexible terms from cost-effective object-code licenses to full-source and royalty-free licenses to best suit our customers' financial and technology requirements, with production-license fee as well as royalty-free options available.

Technical Specifications

Interfaces

  • Ethernet connection to wired LAN (single or multiple)
  • DSL/Cable/Dialup/WWAN connection to ISP
  • 3G/4G/WiMAX connection to ISP
  • Optional Ethernet LAN switch (managed/unmanaged)
  • Wi-Fi Supplicant upstream connection

Protocol Support

  • IPv4 and IPv6 (host and router)
  • Bridging
  • IP, TCP, UDP, ICMP
  • PPPoE, PPTP client
  • DHCP, NTP, DNS, DNSsec
  • RIPv1, RIPv2 (B & M), RIPng
  • STP/RSTP/MSTP on wired and wireless interfaces
  • IGMP snooping
  • Optional IPSec connectivity (ESP, AH) with IKE/IKEv2
  • Key IEEE 802.11 standards such as 802.11 a/b/d/e/f/g/h/i/k/n/s

Networking Capabilities

  • Static routing, dynamic routing
  • Unlimited users (subject to capacity)
  • Static IP address assignment
  • Optional (multi-instance) DHCP server on WLAN, including address reservation capabilities
  • DHCP client on wired side
  • DHCP MAC filtering and MAC binding
  • VLAN (static/dynamic, QoS, subnetting)
  • NAT, classical routing and bridging options
  • Port triggering
  • UPnP support for zero-configuration networking
  • Configurable MTU and PMTU discovery when used as access device
  • Multiple LAN sub-nets
  • Dynamic DNS clients (DynDNS, Iego, PeanutHull, DDNS 3322, others)
  • Network device on USB (NAS, printer, 3G, Windows Connect Now, etc)
  • Mail Transfer Agent for device email capabilities (client and server)
  • MeshF1 – TeamF1’s optimized technology for application layer mesh networking
  • 802.11 MIB support

Wireless Features

  • 802.11 a/b/g/n radio support from various Wi-Fi chip vendors
  • Multiple customizable SSIDs per radio
  • WEP/WPA/WPA2 – Personal and Enterprise modes
  • WPS (soft and hard push button, PIN as well as USB mode)
  • MAC access list – black or white list
  • Disable SSID broadcast
  • Multiple BSSID support (Virtual AP)
  • VLAN support (per SSID segmentation, and priority)
  • Independent profile per Virtual AP
  • Multiple vendor WLAN chipset support
  • Vendor-specific extensions (Super-G/XR Extended Range/Afterburner etc.)
  • Auto-channel selection
  • Multiple radio support
  • Transmit Power Control
  • Dynamic Frequency Selection
  • WDS: point-to-point, multi-point, repeater
  • 802.11d roaming extensions
  • WMM / 802.11e QoS / UAPSD power save support
  • 802.11r Fast roaming
  • Inter Access Point Protocol
  • 802.11s Mesh support
  • 802.1x Port-based Network Access Control
  • WLAN Authentication and Privacy Infrastructure (WAPI) support

Security Features

  • WIPS (Layer 2 Wireless Intrusion Prevention Service)
  • DoS attack resistance
  • E-mail alerts
  • Choice of additional TeamF1 security modules such as VPN, FW, IDS etc.
  • 802.11 security standards including WPA/WPA2(802.11i)/WEP/DWEP/WPS
  • Choice of advanced encryption and integrity algorithms
  • Built-in RADIUS client
  • Support for device certificates
  • Hidden, Guest and Maintenance SSIDs
  • MAC address filtering
  • Rogue AP Detection
  • Wireless client isolation
  • Captive Portal
  • Weak IV Avoidance
  • Multiple security options for Virtual APs
  • SSL and SSH secured management
  • Internal local user database authentication
  • VLAN based per-SSID isolation

Cryptography

  • SHA-1, SHA-256/384/512
  • DES/3DES
  • AES 128/192/256
  • RC-4
  • RSA/DSA
  • X.509 v.3 certificates

Device Management

  • Intuitive, easily brandable browser-based GUI
  • Admin login with two factor authentication
  • Multiple profiles and rights
  • SNMP v2.c and v3 support
  • TR-069 family of protocols for remote access and provisioning, including WLAN Profile
  • Telnet and serial console CLI support
  • Advanced per-client, AP and radio statistics
  • Localization and Internationalization
  • Telnet/SSH, FTP/SFTP, RCP/SCP
  • Serial console (RS232/USB) CLI support
  • SSL (HTTPS) based remote mgmt with IP address restrictions
  • Custom remote management port
  • Save/Restore configuration settings to/from PC/USB thumb-drive
  • USB thumb-drive booting and firmware backup/restore/upgrade
  • Windows Connect Now™ (WCN)
  • GUI-based firmware upgrade
  • SYSLOG, email logs, alerts
  • ToD (Time of Day) policies
  • SMTP authentication for email
  • Traffic metering
  • Admin inactivity timeout
  • Support for manufacturing tests access for ODMs

General Administration Features

  • Export/Import config in ASCII
  • Restore factory defaults, last known good configuration
  • Advanced wireless statistics
  • Display statistics and router status
  • Comprehensive logging
  • Diagnostics ping, DNS lookup, trace-route, etc.
  • Web-based packet capture
  • Web 2.0 features such as RSS feeds, search tags, etc.