technical note - tn 063: 2016 - transport for nsw · technical note - tn 063: 2016 . technical note...

Technical Note - TN 063: 2016

Technical Note - TN 063: 2016

Subject: Withdrawal of T HR TE 41002 ST Wireless Data Communication in LIPD Class Licensed Bands

Issued date: 25 August 2016

Effective date: 25 August 2016

For queries regarding this document [email protected]

www.asa.transport.nsw.gov.au

This technical note is issued by the Asset Standards Authority as a notification to remove from

use T HR TE 41002 ST Wireless Data Communication in LIPD Class Licensed Bands,

version 1.0.

T HR TE 41002 ST should be used for reference purposes only.

T HR TE 41002 ST contained requirements for both radiocommunication in LIPD class licensed

bands and wireless local area networks (WLAN). The requirements for radiocommunication in

LIPD class licensed bands and WLAN are now split between two documents.

T MU TE 41004 ST Packet Switched Networks – Wireless Local Area Networks, version 1.0

contains requirements for WLAN.

T MU TE 41003 ST Radiocommunication in LIPD Class Licensed Bands, version 1.0 contains

requirements for radiocommunication in LIPD class licensed bands.

Technical content prepared by

Checked and approved by

Interdisciplinary coordination checked by

Authorised for release

Signature

Date

Name James Piper Trevor Payne Andrea Parker Graham Bradshaw

Position Principal Engineer Rail Systems

Lead Telecommunications Engineer

Chief Engineer Director Network Standards and Services

© State of NSW through Transport for NSW of 1

mailto:[email protected]

mailto:[email protected]

http://www.asa.transport.nsw.gov.au/

v1.0

ST

4100

4 TE

M

U

T &

v1

.0

ST

4100

3 TE

M

U

T by

S

uper

sede

d

Wireless Data Communication in LIPD Class Licensed Bands

T HR TE 41002 ST

Standard

Version 1.0

Issued Date: 03 October 2014

Important Warning This document is one of a set of standards developed solely and specifically for use on the rail network owned or managed by the NSW Government and its agencies. It is not suitable for any other purpose. You must not use or adapt it or rely upon it in any way unless you are authorised in writing to do so by a relevant NSW Government agency. If this document forms part of a contract with, or is a condition of approval by, a NSW Government agency, use of the document is subject to the terms of the contract or approval. This document may not be current. Current standards are available for download from the Asset Standards Authority website at www.asa.transport.nsw.gov.au. © State of NSW through Transport for NSW

v1.0

ST

4100

4 TE

M

U

T &

v1

.0

ST

4100

3 TE

M

U

T by

S

uper

sede

d T HR TE 41002 ST

Wireless Data Communication in LIPD Class Licensed Bands Version 1.0

Issued Date: 03 October 2014

© State of NSW through Transport for NSW

Standard governance

Owner: Lead Telecommunications Engineer, Asset Standards Authority

Authoriser: Chief Engineer Rail, Asset Standards Authority

Approver: Director, Asset Standards Authority on behalf of ASA Configuration Control Board

Document history

Version Summary of change

1.0 First issue

For queries regarding this document, please email the ASA at

[email protected]

or visit www.asa.transport.nsw.gov.au

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0

T HR TE 41002 ST Wireless Data Communication in LIPD Class Licensed Bands

Version 1.0 Issued Date: 03 October 2014

© State of NSW through Transport for NSW Page 3 of 24

Preface

The Asset Standards Authority (ASA) is an independent unit within Transport for NSW (TfNSW)

and is the network design and standards authority for defined NSW transport assets.

The ASA is responsible for developing engineering governance frameworks to support industry

delivery in the assurance of design, safety, integrity, construction, and commissioning of

transport assets for the whole asset life cycle. In order to achieve this, the ASA effectively

discharges obligations as the authority for various technical, process, and planning matters

across the asset life cycle.

The ASA collaborates with industry using stakeholder engagement activities to assist in

achieving its mission. These activities help align the ASA to broader government expectations of

making it clearer, simpler, and more attractive to do business within the NSW transport industry,

allowing the supply chain to deliver safe, efficient, and competent transport services.

The ASA develops, maintains, controls, and publishes a suite of standards and other

documentation for transport assets of TfNSW. Further, the ASA ensures that these standards

are performance based to create opportunities for innovation and improve access to a broader

competitive supply chain.

This document has been developed by the Chief Engineer Rail section of the ASA, reviewed by

a committee of TfNSW cluster representatives and approved by the ASA Configuration Control

Board.

This document standardises wireless data communication within certain low interference

potential devices (LIPD) class licensed bands, used for the purpose of data exchange between

connected internet protocol (IP) enabled computer systems.

This standard is a first issue.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Table of contents

1. Introduction............................................................................................................................................5

2. Purpose...................................................................................................................................................5 2.1. Scope ..................................................................................................................................................................... 5 2.2. Application............................................................................................................................................................. 6

3. Reference documents ...........................................................................................................................7

4. Terms and definitions ...........................................................................................................................9

5. Restrictions on use of WLAN systems..............................................................................................10 5.1. System safety ...................................................................................................................................................... 11 5.2. Engineering controls .......................................................................................................................................... 11

6. Interface between WLAN and LAN systems .....................................................................................11

7. Interfaces between DTE and WLAN systems ...................................................................................13 7.1. Media access control and physical layer .......................................................................................................... 13 7.2. Radiocommunications........................................................................................................................................ 14

8. Interfaces between WLAN systems ...................................................................................................14

9. Interfaces to physical environment ...................................................................................................15

10. Interfaces to network management systems....................................................................................16

11. Non-functional requirements for WLAN............................................................................................16 11.1. Availability ........................................................................................................................................................... 17 11.2. Interoperability .................................................................................................................................................... 17 11.3. Maintainability ..................................................................................................................................................... 17 11.4. Manageability ...................................................................................................................................................... 18 11.5. Performance ........................................................................................................................................................ 19 11.6. Reliability ............................................................................................................................................................. 20 11.7. Work, health, and safety ..................................................................................................................................... 20 11.8. Security ................................................................................................................................................................ 20 11.9. Supportability ...................................................................................................................................................... 23 11.10. Sustainability....................................................................................................................................................... 24

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




1. Introduction

Railway communication systems are increasingly based on internet protocol (IP) enabled

computer systems. Wireless data communication systems shall align with national and

international standards to create open industry involvement, increased competition, and optimal

asset stewardship outcomes.

2. Purpose

This document standardises wireless data communication within certain low interference

potential devices (LIPD) class licensed bands, used for the purpose of data exchange between

connected IP-enabled computer systems.

2.1. Scope

The scope of this standard includes all wireless data communication systems that operate in

class licensed bands as defined by items 44, 44A, 45A, 45B, 46, 53, 54, and 55 of the

Radiocommunications (Low Interference Potential Devices) Class Licence 2000 made under the

Radiocommunications Act, 1992.

For the purpose of this standard, the wireless data communication system is referred as the

wireless local area network (WLAN).

This document specifies the functional requirements for the following system interfaces:

wireless local area network to (wired) local area network (WLAN to LAN systems)

wireless data terminal equipment to wireless local area network (DTE to WLAN systems)

wireless local area network to wireless local area network (WLAN to WLAN systems)

WLAN systems to physical environment

WLAN systems to network management systems

The functional requirements specified in this document principally relate to the physical, data

link and network layers of the open systems interconnection model defined in ISO/IEC 7498-1

and the link and internet layers of the internet protocol suite (commonly referred to as the

TCP/IP model).

Figure 1 depicts the systems and interfaces that are in scope.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Figure 1 In-scope systems and interfaces (informational)

Figure 1 is informational and is not intended to convey any architectural information.

Solid lines represent systems and system interfaces, dashed lines within the solid

lines represent sub-systems and sub-system interfaces.

This document specifies minimum non-functional requirements for wireless local area network

systems.

More stringent non-functional requirements may be specified as part of a system requirements

specification for a wireless data communication system.

This document does not contain detailed and comprehensive requirements for functional areas

of the ASA other than network standards, such as asset planning, technical management or

maintenance plans, configuration control, asset stewardship inclusive of network strategy and

architecture.

2.2. Application

This document applies to all uses of wireless data communication systems.

This document applies to all installations of wireless data communication systems. For example,

outdoor installations on poles or towers, within fixed premises, or on rolling stock.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




3. Reference documents

International standards

EN 50159 Railway Applications - Communication, Signalling and Processing Systems - Safety-

related Communication in Transmission Systems

EN 60825-1 Safety of laser products - Equipment classification and requirements

EN 60825-2 Safety of laser products - Safety of optical fibre communication systems (OFCS)

EN 60950-1 Information technology equipment - Safety - General requirements

EN 61508-4 Functional Safety of electrical/electronic/programmable electronic safety-related

systems - Part 4: Definitions and abbreviations

ISO/IEC 18028 Information technology - Security techniques - IT network security

IEC 11801 Information technology - Generic cabling for customer premises

IEC 62380 Reliability data handbook - Universal model for reliability prediction of electronics

components, PCBs and equipment

IEEE 802.11-2007 Telecommunications and Information Exchange Between Systems – Local

and Metropolitan Area Networks – Specific Requirements – Part 11: Wireless LAN Medium

Access Control (MAC) and Physical Layer (PHY) Specifications

IEEE 802.11-2007 Telecommunications and Information Exchange Between Systems – Local


Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 4: Enhancements

for Very High Throughput for Operation in Bands below 6 GHz

IEEE 802.11i-2004 Telecommunications and Information Exchange Between Systems – Local


Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 6: Medium Access

Control (MAC) Security Enhancements

IEEE 802.11n-2009 Telecommunications and Information Exchange Between Systems – Local


Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 5: Enhancements

for Higher Throughput

IEEE 802.11s-2011 Telecommunications and Information Exchange Between Systems – Local


Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 10: Mesh

Networking

IEEE 802.11u-2011 Telecommunications and Information Exchange Between Systems – Local


Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 9: Interworking

with External Networks

IEEE 802.1X Port-Based Network Access Control

IETF RFC 2544 Benchmarking Methodology for Network Interconnect Devices

IETF RFC 5424 The Syslog Protocol

IETF RFC 6241 Network Configuration Protocol (NETCONF)

ISO/IEC 27001 Information technology - Security techniques - Information security management

systems - Requirements

ISO/IEC 7498-1 Information technology – Open Systems Interconnection – Basic Reference

Model: The Basic Model

MIL-HDBK-217F Notice 2 Reliability Prediction of Electronic Equipment

Telcordia SR-332 Reliability Prediction Procedure for Electronic Equipment

Australian standards

AusCERT AA-2004.02 -- Denial of Service Vulnerability in IEEE 802.11 Wireless Devices

Transport for NSW standards

T HR TE 41001 ST Packet Switched Networks – Wired – Local, Metropolitan, and Wide Area

Networks

T HR TE 81001 ST Telecommunication Equipment – Physical Interfaces and Environmental

Conditions

T HR TE 81002 ST Telecommunication Equipment – Network Management

T MU TE 81003 ST Test Processes and Documentation for Programmable Electronic Systems

and Software

TS 20001 System Safety Standard for New or Altered Assets

Legislation

Radiocommunications Act, 1992

Radiocommunications (Low Interference Potential Devices) Class Licence 2000

Radiocommunications (Short Range Devices) Standard 2004

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




4. Terms and definitions

The following terms and definitions apply in this document:

ANT antenna sub-system

AP access point sub-system

CERT computer emergency response team

CTR (CTR) counter mode

CBC-MAC cipher-block chaining with message authentication code

CCMP CTR with CBC-MAC protocol

CFR constant failure rate

constant failure rate (as defined in IEC 60050-191) that period, if any, in the life of a non-

repaired item during which the failure rate is approximately constant

data terminal equipment a computer system with one or more internet protocol addresses

assigned to its network interfaces for the purpose of resource sharing amongst systems

connected to the communication network. For example, laptop, tablet, smartphone.

DTE data terminal equipment

EN European Norms

EOS end of sale

end of sale the date when the original equipment manufacturer withdraws a product from sale,

both directly and through its authorised points of sale; for example, distributors and resellers

FOFS first offered for sale

first offered for sale the date when the original equipment manufacturer first offers a product

for sale in the Australian market

IEC International Electrotechnical Commission

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

ICMP internet control message protocol

LAN local and metropolitan area network

local area network computer network consisting of switches which forward ethernet frames

LIPD low interference potential device

LLDP link layer discovery protocol

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




MTTF mean time to failure

NETCONF network configuration protocol

OEM original equipment manufacturer

operational [availability] (as defined in IEC 60050-191) qualifies a value determined under

given operational conditions

RADIUS remote authentication dial in user service

safety related (as defined in EN 61508-4) designated system that both

– implements the required safety functions necessary to achieve or maintain a safe state for the

equipment under control; and

– is intended to achieve, on its own or with other electrical, electronic, or programmable

electronic safety-related systems and other risk reduction measures, the necessary safety

integrity for the required safety functions

steady state [availability] (as defined in IEC 60050-191) qualifies a value determined for

conditions of an item when characteristic parameters of the item remain constant

SNMP simple network management protocol

TFTP trivial file transfer protocol

WLAN wireless local area network

5. Restrictions on use of WLAN systems Many known denial of service and penetration attacks on WLANs are detectable, but not

preventable, even with the use of sophisticated wireless intrusion detection systems. The

following note contains considerations on the use of WLAN and wireless data communications

within LIPD class licensed bands:

The Radiocommunications (Low Interference Potential Devices) Class Licence 2000

contains a note cautioning against operating under a class licence, used by WLAN in

Australia, for applications with commercial and safety-of-life implications.

AusCERT advisory AA-2004.02 recommends that WLAN be "precluded from use in

safety, critical infrastructure and/or other environments where availability is a primary

requirement". The advisory applies to IEEE 802.11 using the direct sequence spread

spectrum (DSSS) physical layer, including IEEE 802.11b-1999 and

IEEE 802.11g-2003. However all WLAN protocols are inherently vulnerable due to the

clear channel assessment (CCA) procedure defined in all IEEE 802.11 protocols.

On the basis of vulnerability notes VU#106678 and VU#391513 CERT recommends

that due to "inherent vulnerabilities in 802.11 … do not deploy 802.11 networks for

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




applications that require high availability (e.g. safety, critical infrastructure)"

(VU#106678).

While it is recommended that WLAN and LIPD class licensed bands are not to be used for

safety and critical infrastructure applications, it is acknowledged that it may be possible to use

WLAN for these applications if the system safety is managed and appropriate engineering

controls are implemented.

5.1. System safety

System safety of WLAN data communication systems shall be managed in accordance to the

TS 20001 System Safety Standard for New or Altered Assets.

5.2. Engineering controls

WLAN systems may be used for safety-related systems if an alternate means of data

communication is provided that meets the reliability, availability, maintainability, and safety

requirements in the event that the WLAN system fails.

WLAN systems may be used for non safety-related systems under one of the following

conditions:

the radio frequency interference and channel utilisation is static and quantifiable across the

whole of life of the system, such that the reliability, availability, and maintainability

requirements are met

an alternate means of data communication is provided that meets the reliability, availability,

maintainability, and safety requirements in the event that the WLAN system fails

there are no reliability, availability, and maintainability requirements

6. Interface between WLAN and LAN systems

Figure 2 shows interface between the wireless local area network (WLAN) and local area

network (LAN) systems in the overall system.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Figure 2 WLAN to LAN system interfaces (informational)

WLAN systems shall comply with the following sections of T HR TE 41001 ST Packet Switched

Networks Wired - Local, Metropolitan, and Wide Area Networks as a DCE:

Bridging and management (section 5.1), except LLDP

100 Mb/s ethernet interfaces (section 5.4)

1 Gb/s ethernet interfaces (section 5.5)

Modular transceiver packages (section 5.10), except XFP and QSFP+

Port-based network access control (section 5.11)

Quality of service (section 5.15)

WLAN systems shall comply with the power over ethernet requirements in section 5.9 of

T HR TE 41001 ST as a DTE.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




7. Interfaces between DTE and WLAN systems

Figure 3 shows interface between the wireless data terminal equipment (DTE) and wireless

local area network (WLAN) systems in the overall system.

Figure 3 DTE to WLAN system interfaces (informational)

7.1. Media access control and physical layer

Systems shall comply with the medium access control and physical layer specifications defined

in IEEE 802.11-2007, with the exception of physical layer specifications that use infrared or

frequency-hopping spread spectrum.

Note that IEEE 802.11-2007 incorporates IEEE 802.11a-1999, IEEE 802.11b-1999,

IEEE 802.11d-2001, IEEE 802.11g-2003, IEEE 802.11h-2003, IEEE 802.11i-2004,

IEEE 802.11j-2004, and IEEE 802.11e-2005.

Systems shall be configured to use the physical layer specifications defined in

IEEE 802.11n-2009 or IEEE 802.11ac-2013. For backwards compatibility, systems may be

additionally configured to use the extended rate physical specifications (commonly known as

IEEE 802.11g-2003) defined in IEEE 802.11-2007.

Where data confidentiality, authentication, and integrity are required, systems shall be

configured to use CTR with CBC-MAC Protocol (CCMP) as defined in IEEE 802.11i-2004.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Where public access to the system is provided (for example, to customer laptops, tablets, or

smartphones), and data confidentiality, authentication, and integrity are required, systems shall

be additionally configured to use IEEE 802.11u-2011 and Wi-Fi® Certified Passpoint™.

7.2. Radiocommunications

Systems shall operate in class licensed bands as defined by items 44, 44A, 45A, 45B, 46, 53,

54, and 55 of the Radiocommunications (Low Interference Potential Devices) Class Licence

2000, as amended.

Systems shall comply with the Radiocommunications (Short Range Devices) Standard 2004, as

amended.

8. Interfaces between WLAN systems

Figure 4 shows interface between one WLAN system and another WLAN system within the

overall system.

Figure 4 WLAN to WLAN system interfaces (informational)

Systems shall comply with the requirements stated in Section 7 of this standard.

Systems shall be configured to use mesh networking as defined in IEEE 802.11s-2011.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




9. Interfaces to physical environment

Figure 5 depicts the WLAN interfaces with the physical environment. The physical environment

includes power supply, earth connections, equipment cords, environmental conditions and

electromagnetic emissions and immunity.

Figure 5 Interfaces to the physical environment (informational)

WLAN systems shall comply with the following sections of T HR TE 81001 ST

Telecommunication Equipment – Physical Interfaces and Environmental Conditions:

Power supply interfaces

Earth connections

Equipment cords

Environmental conditions

Electromagnetic emissions and immunity

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




10. Interfaces to network management systems

Figure 6 shows the WLAN interface with the network management systems. The network

management systems comprise fault and performance management, configuration

management, and security management.

Figure 6 Interfaces to network management systems (informational)

WLAN systems shall comply with T HR TE 81002 ST Telecommunication Equipment – Network

Management.

11. Non-functional requirements for WLAN

The non-functional requirements specify the following performance requirements for WLANs:

availability

interoperability

maintainability

manageability

performance

reliability

work, health, and safety

security

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




11.1. Availability

Unless otherwise qualified in this section, availability refers to the 'operational' and 'steady state'

availability inclusive of all factors that contribute to system down time within the operational

conditions, such as the physical environment and network management systems defined in

Section 9 and Section 10 of this standard.

The minimum availability requirement for the WLAN system (excluding the DTE to WLAN and

WLAN to WLAN radiocommunications interfaces) is 99.99%.

Where the radio frequency interference and channel utilisation is static and quantifiable across

the whole of life, the minimum availability of the DTE to WLAN and WLAN to WLAN

radiocommunications interfaces is 95%.

Where the radio frequency interference and channel utilisation is neither static nor quantifiable

across the whole of life, such as in public access applications, it is not possible to specify the

minimum availability of the DTE to WLAN and WLAN to WLAN radiocommunications interfaces.

Availability shall be demonstrated by the reliability block diagram (RBD) method as part of the

reliability, availability, and maintainability (RAM) programme.

11.2. Interoperability

Where no specific requirement exists, open standards shall be complied with instead of

proprietary alternatives.

Interoperability with nominated type approved or existing operators' systems shall be verified by

testing the systems, which complies with T MU TE 81003 ST Test Processes and

Documentation for Programmable Electronic Systems and Software as part of the verification

plan. This is in addition to other verification methods such as certification that may form part of

the verification plan.

Where modular transceiver packages are used, WLAN shall interoperate with any compliant

modular transceiver package from any third party. If a third-party modular transceiver package

is used the WLAN shall not disable or degrade its performance and the WLAN supplier shall not

alter the support or warranty conditions for the WLAN.

11.3. Maintainability

Preventative maintenance programs shall be identified for all components with an increasing

failure rate failure model such as fans, filters, transceivers, and connectors.

Maintenance programs shall be identified to detect imminent or conditional failures such as

thresholds for CPU and memory, interface utilisation and errors, temperature, power supply

current and voltage, and radio frequency coverage.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Maintenance programs shall be identified for all assets to ensure that the hardware, firmware,

software, physical and logical configuration is as designed throughout the life of the asset.

Where installed in a redundant configuration, cards and modules shall be able to be inserted or

removed without affecting system operation, that is, hot swappable. Hot swapping shall be

performed in hardware without issuing any system commands.

All message logs with a severity level between 0 and 4 inclusive as defined in

IETF RFC 5424 shall be logged to syslog.

All message logs with a severity level between 0 and 2 inclusive as defined in IETF RFC 5424

shall be regarded as failures requiring immediate corrective action.

All message logs with a severity level of 3 or 4 as defined in IETF RFC 5424 shall be regarded

as conditional failures requiring priority preventative action.

Table 1 contains the different severity levels of message logs.

Table 1 - Severity levels of message logs

Severity level Description

0 Emergency

1 Alert

2 Critical

3 Error

4 Warning

11.4. Manageability

Configuration datastore, running configuration datastores and startup configuration datastores

are defined in IETF RFC 6241. However, implementing the requirements in IETF RFC 6241 is

not required.

WLAN shall support the following logical configuration management capabilities:

support separate running and startup configuration datastores

retrieve all of a configuration datastore

load all of a configuration to a target configuration datastore

create or replace a configuration datastore with the contents of another configuration

datastore

delete a configuration datastore

retrieve running configuration

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




When queried using SNMPv3, the WLAN AP shall return values that correspond with configured

values for the following logical configuration attributes:

hostname (sysName)

location (sysLocation)

contact (sysContact)

When queried using SNMPv3, the WLAN AP shall return values that correspond with published

product documentation for the following physical configuration attributes:

hardware revision

firmware revision

software revision

serial number of chassis and field replaceable units

manufacturer name of chassis and field replaceable units

model name of chassis and field replaceable units

11.5. Performance

Throughput, latency, and frame loss rate are defined in IETF RFC 1242.

Performance requirements with confidence levels and confidence intervals (margin of error) of

the system shall be specified including but not limited to throughput, latency, frame loss rate,

received signal strength (RSS) within defined coverage area.

The confidence level shall be 95% or greater.

The confidence interval (margin of error) shall be 10% or less.

The performance shall be analysed using a radio frequency simulation tool.

The performance shall be verified by testing the system which complies with T MU TE 81003 ST

Test Processes and Documentation for Programmable Electronic Systems and Software. The

population for sampling purposes shall consist of discrete points at every linear or square metre

within the defined coverage area. A minimum of 100 random samples from the population shall

be used to verify the design.

Where a confidence level greater than 95% or confidence interval less than 10% are used the

increased sample size shall be statistically calculated assuming simple random sampling.

Where the radio frequency interference and channel utilisation is neither static nor quantifiable

across the whole of life, such as in public access applications, the test results are only valid at

the time the test was performed.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




All traffic flows shall be assigned a relative priority and information rates as part of a traffic policy

and serviced by WLAN accordingly, such that the network quality of service guarantees is

achieved.

11.6. Reliability

Failure models inclusive of the failure distribution and required parameters for all field

replaceable units (FRU) that comprise WLAN shall be specified. For example, a common failure

model is the constant failure rate (CFR) with exponential distribution and mean time to failure

(MTTF).

The mean time to failure of all CFR field replaceable units shall exceed 150,000 h.

Failure model parameters shall comply with the yearly average temperature for reliability,

availability, maintainability, and safety calculations defined in EN 50125-3.

Acceptable methods for predicting the failure model for electronic equipment, as stated in the

following standards shall be followed:

IEC/TR 62380

Telcordia SR-332 Issue 3

MIL-HDBK-217F Notice 2

Where multiple MTTF estimates are available, the lowest estimate shall be used.

Failure models shall be justified by stating the data source, methodology, environment,

assumptions, and parameters.

11.7. Work, health, and safety

WLAN shall comply with the safety of information technology requirements as defined in

EN 60950-1.

If modular transceiver packages are used, WLAN shall comply with the safety of laser products

requirements as defined in EN 60825-1 and EN 60825-2.

11.8. Security

Defences against security vulnerabilities such as interruption, interception, modification,

intrusion, and deception shall be implemented consistently with the guidance contained within

ISO/IEC 18028. These defences shall mitigate internal or external and intentional or

unintentional security vulnerabilities.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




11.8.1. Management-plane security

Full compliance to this section may not be required provided both of the following conditions are

satisfied:

the WLAN is dedicated to a single application

it is not feasible to implement network management systems based on the protocols

defined in Section 9 of this standard

As a minimum, the following management-plane security defences shall be implemented on

WLAN:

in-band management ports to be on dedicated management VLAN (not VLAN 1)

prune management VLAN from 802.1Q trunks where not required

enable password security (hashing) for local passwords

disable local password recovery using the console, that is, the WLAN AP is factory reset to

reinitialise

disable all unused services, such as discard, daytime, chargen and protocols, such as

SNMPv1, SNMPv2

enable an idle timeout of 5 minutes on console and remote terminal sessions

enable the generation of a trap or message notification when memory utilisation exceeds

80%

Enabling the generation of a message notification when memory and CPU utilisation

thresholds have been exceeded assists in detecting that a security attack is in progress.

enable the generation of a trap or message notification when CPU utilisation exceeds 80%

enable authentication in protocols where the support exists; for example, NTPv3, SNMPv3

enable encryption in protocols where the support exists; for example, SNMPv3

implement access control list 'white-list' to permit access to the WLAN management-plane

services, such as SNMPv3, syslog, DNS, NTPv3, SNTP, SSHv2, HTTPS, TACACS+,

RADIUS from authorised network management servers and clients

All other access to management-plane services is denied.

implement access control list 'white-list' to permit access to the WLAN using internet control

message protocol (ICMP) types 0, 8, and 11 from authorised network management servers

and clients

All other access to the WLAN using ICMP types 0, 8, and 11 is denied.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




restrict access to management services to configured interfaces

disable insecure management protocols, such as trivial file transfer protocol (TFTP), telnet

enable a retry limit for protocols that support authentication

disable any auxiliary or unused management ports

enable the banner on login as shown below to notify unauthorised users that they are not

permitted to use the system

***** This service is for authorised clients only *****

*************************************************************

* WARNING: It is a criminal offence to: *

* i. Obtain access to data without authority *

* (Penalty 2 years imprisonment) *

* ii Damage, delete, alter or insert data without authority *

* (Penalty 10 years imprisonment) *

*************************************************************

configure the primary method of authentication, authorisation and accounting to TACACS+

or RADIUS

configure the secondary method of authentication, in the event of the failure of the primary

method, to local passwords

Manufacturer default passwords shall not be used.

configure logging of messages with a severity level between 0 and 4 inclusive, as defined

in IETF RFC 5424 to syslog servers

disable logging of messages to console and terminal

enable logging of configuration change, authentication and authorisation events

11.8.2. Control-plane security

As a minimum, the following control-plane security defences shall be implemented on WLAN:

implement access control list 'white-list' to permit access to the control-plane

All other access to the control-plane is denied.

enable authentication in protocols where the support exists

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




11.8.3. Data-plane security

As a minimum, the following data-plane security defences shall be implemented on WLAN:

prune VLAN 1 from 802.1Q trunks where not required

enable IEEE 802.1X port-based network access control for all access to the network (both

wired and wireless interfaces)

enable traffic flow statistics

implement access control list 'white-list' to permit access to data-plane, specified by

internet layer, such as IP, ICMP or transport layer, such as TCP, UDP rules

All other access to data-plane is denied.

11.9. Supportability

The supportability life cycle is shown in Figure 7 and Figure 8.

An advance notice shall be issued by the original equipment manufacturer (OEM) more than six

months (180 days) prior to the end of sale (EOS).

WLAN shall only be submitted for type approval if either of the following conditions is met:

the OEM guarantees that the EOS is at least three years from the date of proposed

commissioning

the WLAN has been first offered for sale for less than two years from the date of proposed

commissioning

Software support services for operating system software shall be commercially available for at

least three years following the EOS.

Hardware repair and replacement services shall be commercially available for at least three

years following the EOS.

Type approval is withdrawn at EOS.

While software support and hardware repair and replacement services are available after EOS,

the use of the product may continue for existing installations, but shall not be used in new works

or upgraded installations except for emergency replacements.

When software support or hardware repair and replacement services are unavailable after EOS,

the use of the product shall be discontinued.

Sup

erse

ded

by T

MU

TE

410

03 S

T v1

.0 &

T M

U T

E 4

1004

ST

v1.0




Figure 7 Supportability life cycle based on time until end of sale

Figure 8 Supportability life cycle based on time from first offered for sale

11.10. Sustainability

WLAN shall comply with the restriction of hazardous substances directive requirements as

defined in EU 2002/95/EC.

technical note - tn 063: 2016 - transport for nsw · technical note - tn 063: 2016 . technical note...

Documents