SecureMeshTM Extender Installation Guide
Trilliant Incorporated page 7 of 21
•The installation location must not obstruct radio communications. For example:
— The mounting structure should not block radio coverage or be adjacent to structures that block
radio coverage).
— The installation location must be clear of thick trees or brush growth upon installation and in the
foreseeable future. Foliage in the line of sight with other communicating devices can
detrimentally affect radio performance.
— The Extender should have an unobstructed view of the sky overhead. The Extender relies upon
GPS (Global Positioning System) signals to establish time synchronization, and the strongest
GPS signals are available if the device has an unobstructed view of the sky. Upon startup, the
Extender searches for a GPS signal. If the device cannot detect a signal, it will be unable to
complete startup and will not establish wireless connections with other SecureMesh WAN
devices.
•As necessary, adequate space must be available to use a bucket truck.
•The installation location must not impede normal maintenance activities (for example, access to the
Extender’s associated Power Service Unit to replace the battery).
•If choosing a streetlight pole installation, make sure the streetlight is providing constant power.
Pre-Provisioning
In general, each Extender is shipped from the factory with basic configuration items already written into non-
volatile memory. However, certain information must still be configured prior to installation.
Provide power to the Extender, and then configure parameters associated with both Extender and Collector
functionality.
To configure the Extender’s parameters, connect the Extender to an Ethernet network, establish a Telnet
session to IP address 192.168.0.2 to access and invoke the command line interpreter. Please refer to the
“SecureMesh™ WAN Command-Line Interface” (Trilliant document number DP-0985) for complete
information.
The following Extender parameter must be configured:
Shared network key (“netkey”) — the shared network key is used by a SecureMesh WAN node to
prove (via an authentication handshake) that the node belongs to a particular network or operator; i.e.,
the shared network key is used to authenticate the SecureMesh WAN node to the SecureMesh WAN
and, reciprocally, authenticate the SecureMesh WAN to the SecureMesh WAN node. The netkey is a
string of 6 to 64 ASCII letters, numbers, or symbols.
If IPsec VPNs are being used (and Trilliant strongly recommends their use), the following Extender parameter
must also be configured:
VPN credentials — the VPN shared secret allows a SecureMesh WAN management tunnel to be
established to the VPN router (note that in automatic provisioning mode, node configuration is provided
in a secure manner over the IPsec VPN tunnel, requiring the VPN credentials in order to establish the
tunnel and thus necessitating that they be configured before deployment). Because a SecureMesh
WAN node’s IP address may be dynamic (for instance, a node may connect to different IP subnets
through different SecureMesh WAN Gateways), a VPN router will be unable to differentiate between
different VPN clients, and the SecureMesh WAN nodes in a network must all employ the same VPN
