background image

5-132

C

HAPTER

 5: C

OMMAND

 L

INE

 I

NTERFACE

• To use WEP shared-key authentication, set the authentication type to 

“shared-key” and define at least one static WEP key with the 

key

 

command. Encryption is automatically enabled by the command.

• To use WEP encryption only (no authentication), set the authentication 

type to “open-system.” Then enable WEP with the 

encryption

 command, 

and define at least one static WEP key with the 

key

 command.

• When any WPA or WPA2 option is selected, clients are authenticated 

using 802.1X via a RADIUS server. Each client must be WPA-enabled or 
support 802.1X client software. The 802.1X settings (see “802.1X 
Authentication” on page 5-70) and RADIUS server details (see “RADIUS 
Client” on page 5-64) must be configured on the access point. A RADIUS 
server must also be configured and be available in the wired network.

• If a WPA/WPA2 mode that operates over 802.1X is selected (WPA, WPA2, 

WPA-WPA2-mixed, or WPA-WPA2-PSK-mixed), the 802.1X settings (see 
“802.1X Authentication” on page 5-70) and RADIUS server details (see 
“RADIUS Client” on page 5-64) must be configured. Be sure you have also 
configured a RADIUS server on the network before enabling 
authentication. Also, note that each client has to be WPA-enabled or 
support 802.1X client software. A RADIUS server must also be configured 
and be available in the wired network.

• If a WPA/WPA2 Pre-shared Key mode is selected (WPA-PSK, WPA2-PSK or 

WPA-WPA2-PSK-mixed), the key must first be generated and distributed 
to all wireless clients before they can successfully associate with the access 
point. Use the wpa-preshared-key command to configure the key (see 
“key” on page 5-134 and “transmit-key” on page 5-135).  

• WPA2 defines a transitional mode of operation for networks moving from 

WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 
clients to associate to a common VAP interface. When the encryption 
cipher suite is set to TKIP, the unicast encryption cipher (TKIP or 
AES-CCMP) is negotiated for each client. The access point advertises it’s 
supported encryption ciphers in beacon frames and probe responses. WPA 
and WPA2 clients select the cipher they support and return the choice in 
the association request to the access point. For mixed-mode operation, the 
cipher used for broadcast frames is always TKIP. WEP encryption is not 
allowed.

• The “required” option places the VAP into TKIP only mode. The 

“supported” option places the VAP into TKIP+AES+WEP mode. The 
“required” mode is used in WPA-only environments. 

• The “supported” mode can be used for mixed environments with legacy 

WPA products, specifically WEP. (For example, WPA+WEP. The 
WPA2+WEP environment is not available because WPA2 does not support 

Summary of Contents for 3CRWE876075 / WL-546

Page 1: ...www 3Com com Part Number 10015153 Rev AA User Guide 3Com Wireless 8760 Dual radio 11a b g PoE Access Point 3CRWE876075 WL 546 Published June 2006...

Page 2: ...opy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the fo...

Page 3: ...Point Installation Requirements 2 1 Power Requirements 2 2 Safety Information 2 2 Deciding Where to Place Equipment and Performing A Site Survey 2 3 Before You Begin 2 4 Connecting the Standard Anten...

Page 4: ...tings 4 5 RADIUS 4 8 Authentication 4 9 Filter Control 4 14 VLAN 4 16 SNMP 4 18 Configuring SNMP and Trap Message Parameters 4 18 Configuring SNMPv3 Users 4 21 Administration 4 22 Changing the Passwor...

Page 5: ...ommands 5 3 Keywords and Arguments 5 3 Minimum Abbreviation 5 3 Command Completion 5 3 Getting Help on Commands 5 3 Showing Commands 5 4 Partial Keyword Lookup 5 4 Negating the Effect of Commands 5 5...

Page 6: ...6...

Page 7: ...CSMA CA Carrier Sense Multiple Access with Collision Avoidance EAP Extensible Authentication Protocol which provides a generalized framework for several different authentication methods ESS Extended...

Page 8: ...of hosts that are on physically different segments but that communicate as though they were on the same segment WEP Wired Equivalent Privacy is based on the use of security keys and the popular RC4 e...

Page 9: ...e wireless network that provides users with seamless connectivity to the Internet company intranet and the wired corporate network from anywhere they happen to be conference room cafeteria or office 3...

Page 10: ...he market today To protect sensitive data broadcast over the wireless LAN 3Com supports WPA and WPA2 security standards 3Com strengthens this basic security mechanism with additional security features...

Page 11: ...le wireless services to clients in a network Each VAP can be configured to provide access to different network resources and can support different levels of security For example in a university networ...

Page 12: ...hard to reach locations WIRELESS NETWORK STANDARDS Understanding the characteristics of the 802 11g and 802 11a standards can help you make the best choice for your wireless implementation plans 802...

Page 13: ...multimedia over a wireless network that can benefit from a fivefold increase in data throughput Transferring large files like computer aided design files preprint publishing documents or graphics fil...

Page 14: ...1 6 CHAPTER 1 INTRODUCTION...

Page 15: ...nchors for drywall mounting If you do not have IEEE 802 3af power over Ethernet LAN equipment use the 3Com Integrated Power over Ethernet power supply that comes with the access point If your LAN equi...

Page 16: ...nnecting the access point from power make sure the power outlet is accessible See Using the Power Supply on page 2 8 and Using a Power Over Ethernet LAN Port on page 2 8 SAFETY INFORMATION This equipm...

Page 17: ...re with radio signals If you are connecting the access point to a wired network the location must provide an Ethernet connection You will need to run an Ethernet cable from the power supply to the acc...

Page 18: ...lecting the final location and be sure to allow for routing the antenna cable as required For optimal performance ensure the access point operates in temperature ranges between 0 C to 50 C 14 F to 122...

Page 19: ...detachable antennas 2 Screw an antenna into each of the sockets in the access point housing 3 Hand tighten the antennas at the very base of the RSMA connectors 4 Position the antennas so they turn out...

Page 20: ...d check the Ethernet cables and LEDs before installing the unit in a hard to reach location The access point complies with the IEEE 802 3af power over Ethernet standard It receives power over a standa...

Page 21: ...y your own Ethernet cable for connecting power be sure that it is standard category 5 straight through 8 wire cable that has not been altered in any way Use of nonstandard cable could damage the acces...

Page 22: ...ble to the port labeled To Access Point on the power supply 3 Connect the power cord to the power supply and plug the cord into a power outlet 4 To link the access point to your Ethernet network plug...

Page 23: ...actory default configuration is restored to the access point LED Color Indicates Power Green The access point is powered up and operating normally Off The access point is not receiving power or there...

Page 24: ...the power cable if using an external power supply and Ethernet cable through the large opening on the back of the mounting bracket The figures below show a cable being routed through the large openin...

Page 25: ...l Ceiling or Electrical Box Mounting Figure 4 Routing a Cable Figure 5 Mounting Bracket 4 Connect the Ethernet cable to the port on the back of the access point Routing a cable Installing the mounting...

Page 26: ...tennas supplied with the Access Point are suitable for a broad variety of environments If you require a different type of antenna for the Access Point several options are available by model number fro...

Page 27: ...or routing the antenna cable from the antenna to the access point 2 If they are installed remove both standard detachable antennas 3 Connect one end of the optional antenna cable to the antenna and se...

Page 28: ...This tool can act in four different capacities As a TFTP Server necessary for firmware upgrades and backup and restore functions Use this option if you do not have a TFTP server set up As a SysLog Ser...

Page 29: ...WITH A DHCP SERVER If your network has a DHCP server an IP address is automatically assigned to the AP It takes between one and two minutes for the Access Point to determine if there is a DHCP server...

Page 30: ...utilities 3Com Wireless Infrastructure Device Manager an administration tool that helps you select 3Com wireless LAN devices and launch their configurations in your Web browser LAUNCH THE 3COM WIRELE...

Page 31: ...3 3 Figure 8 Wireless Interface Device Manager Click on the Properties button to see the following screen Figure 9 Wireless Interface Device Manager Properties...

Page 32: ...cess point uses Auto IP to assign an IP address of the form 169 254 2 1 Use the 3Com Wireless Infrastructure Device Manager to locate 3Com Wireless LAN devices and launch their configurations When ins...

Page 33: ...in and password password then click LOGIN For information on configuring a user name and password see page 4 22 Figure 10 Login Page NOTE If you changed the default IP address via the command line int...

Page 34: ...plays the Main Menu Figure 11 Home Page Launching the Setup Wizard To perform initial configuration click Setup Wizard on the home page select the VAP you wish to configure then click on the Next butt...

Page 35: ...io Channel You must enable radio communications for 802 11a and 802 11b g and set the operating radio channel NOTE Available channel settings are limited by local regulations which determine the chann...

Page 36: ...0 GHz when Auto Channel Select is not enabled Auto Channel Select Select Enable for automatic radio channel detection Default Enabled 802 11b g Turbo Mode If you select Enable the access point will op...

Page 37: ...r host name to IP address resolution Figure 15 Setup Wizard Step 3 DHCP Client With DHCP Client enabled the IP address subnet mask and default gateway can be dynamically assigned to the access point b...

Page 38: ...bled Shared Key Setup If you select Shared Key authentication enable WEP then configure the shared key by selecting 64 bit or 128 bit key type and entering a hexadecimal or ASCII string of the appropr...

Page 39: ...3 11 Using the Setup Wizard 5 Click Finish 6 Click the OK button to complete the wizard Figure 17 Setup Wizard Completed...

Page 40: ...3 12 CHAPTER 3 INITIAL CONFIGURATION...

Page 41: ...ccess point installation the default WLAN Service Area ESSID is 3Com and no security is set Unless it detects a DHCP server on the network the access point uses Auto IP to assign an IP address of the...

Page 42: ...s Table 2 Advanced Setup Menu Description Page System Configures basic administrative and client access 4 4 Identification Specifies the host name 4 4 TCP IP Settings Configures the IP address subnet...

Page 43: ...ings for the basic system and the wireless interface 4 59 Station Status Shows the wireless clients currently associated with the access point 4 60 Event Logs Shows log messages stored in memory 4 61...

Page 44: ...default setting However modifying this parameter can help you to more easily distinguish different devices in your network Figure 19 System Identification System Name An alias for the access point en...

Page 45: ...structure Device Manager to discover or set the initial IP address of the unit WIDMAN will allow you to launch a web browser on the Access Point s web management interface by selecting the Access Poin...

Page 46: ...net If you have management stations DNS RADIUS or other network servers located on another subnet type the IP address of the default gateway router in the text field provided Otherwise leave the addre...

Page 47: ...AP when it cannot not reach a critical network element such as the RADIUS server VPN Terminator Mail Server etc Disable Enable Disables or enables a link check to a host device on the wired network T...

Page 48: ...p should the primary server fail or become inaccessible In addition the configured RADIUS server can also act as a RADIUS Accounting server and receive user session accounting information from the acc...

Page 49: ...ion with the primary server is re established the secondary server reverts to a backup role VLAN ID Format A VLAN ID a number between 1 and 4094 can be assigned to each client after successful authent...

Page 50: ...val The access point can also operate in a 802 1X supplicant mode This enables the access point itself to be authenticated with a RADIUS server using a configured MD5 user name and password This preve...

Page 51: ...rized to access the network This provides a basic level of authentication for wireless clients attempting to gain access to the network A database of authorized MAC addresses can be stored locally on...

Page 52: ...s optionally supported or as required to enhance the security of the wireless network Default Disable Disable The access point does not support 802 1X authentication for any wireless client After succ...

Page 53: ...and password This prevents rogue access points from gaining access to the network Local MAC Authentication Configures the local MAC authentication database The MAC database provides a mechanism to ta...

Page 54: ...wireless communications between clients associated to Virtual AP VAP interfaces on the access point Default Prevent Inter and Intra VAP client Communication Disable All clients can communicate with ea...

Page 55: ...filter table Default Disabled MAC Address Specifies a MAC address to filter in the form xx xx xx xx xx xx Permission Adds or deletes a MAC address from the filtering table Ethernet Type Filter Contro...

Page 56: ...it is associated The access point only allows traffic tagged with assigned VLAN IDs or default VLAN IDs to access clients associated on each VAP interface When VLAN support is enabled on the access po...

Page 57: ...ts or a string see radius server vlan format on page 5 69 Figure 25 Filter Control VLAN ID VLAN Enables or disables VLAN tagging support on the access point Management VLAN ID The VLAN ID that traffic...

Page 58: ...at supports SNMP versions 1 2c and 3 clients This agent continuously monitors the status of the access point as well as the traffic passing to and from wireless clients A network management station ca...

Page 59: ...d only access Authorized management stations are only able to retrieve MIB objects Maximum length 23 characters case sensitive Default public Community Name Read Write Defines the SNMP community acces...

Page 60: ...g items are available sysSystemUp The access point is up and running sysSystemDown The access point is about to shutdown and reboot sysRadiusServerChanged The access point has changed from the primary...

Page 61: ...e on the access point sntpServerFail The access point has failed to set the time from the configured SNTP server CONFIGURING SNMPV3 USERS The access point allows up to 10 SNMP v3 users to be configure...

Page 62: ...ssword as soon as possible If the user name and password are not configured then anyone having access to the access point may be able to compromise access point and network security Once a new Adminis...

Page 63: ...re replacement for Telnet The SSH protocol uses generated public keys to encrypt all data transfers passing between the access point and SSH enabled management station clients and ensures that data tr...

Page 64: ...cal file on the management workstation or from an TFTP server New software may be provided periodically from your distributor After upgrading new software you must reboot the access point to implement...

Page 65: ...he access point is connected to the network and has been configured with a compatible IP address and subnet mask If you need to download from an FTP or TFTP server take the following additional steps...

Page 66: ...e following fields click Start Upgrade to proceed New firmware file Specifies the name of the code file on the server The firmware file must be named 3com img bin IP Address IP address or host name of...

Page 67: ...wireless bridge network The Spanning Tree Protocol STP can be used to detect and disable network loops and to provide backup links between bridges This allows a wireless bridge to interact with other...

Page 68: ...4 28 CHAPTER 4 SYSTEM CONFIGURATION Figure 32 WDS and Spanning Tree Settings...

Page 69: ...oot bridge must be configured Up to five other Child links are available to other bridges Repeater Operates as a wireless repeater extending the range for remote wireless clients and connecting them t...

Page 70: ...col STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging devi...

Page 71: ...isables STP on the wireless bridge or repeater Default Disabled Bridge Priority Used in selecting the root device root port and designated port The device with the highest priority becomes the STP roo...

Page 72: ...ine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port...

Page 73: ...le tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Logging Level Sets the minimum severity level for event logging Default I...

Page 74: ...chronization requests to specific time servers You can configure up to two time server IP addresses The access point will attempt to poll each server in the configured sequence SNTP Server Configures...

Page 75: ...IEEE 802 11a and 802 11g interfaces include configuration options for radio signal characteristics and wireless security features The configuration options are nearly identical and are therefore both...

Page 76: ...network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Configuring Radio Settings To configure VAP radio settings select the Radio Settings page Fi...

Page 77: ...Default 1 Closed System When enabled the VAP interface does not include its SSID in beacon messages Nor does it respond to probe requests from clients that do not include a fixed SSID Default Disable...

Page 78: ...ess point to radio channels and transmit power levels permitted for wireless networks in the specified country Description Adds a comment or description to the wireless interface Range 1 80 characters...

Page 79: ...used by the access point to which it is linked Default Channel 60 for normal mode and channel 42 for Turbo mode Antenna ID Selects the antenna to be used by the access point either the included divers...

Page 80: ...o devices in the service area Options 100 50 25 12 minimum Default 100 Maximum Transmit Data Rate The maximum data rate at which the access point transmits unicast packets on the wireless interface Th...

Page 81: ...nsmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This will speed u...

Page 82: ...nable the radio service for any of the VAP interfaces and then set an SSID to identify the wireless network service provided by each VAP Remember that only clients with the same SSID can associate wit...

Page 83: ...municate with the access point up to 54 Mbps Turbo Mode The normal 802 11g wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced proprietary mode Atheros 802 11g Turbo t...

Page 84: ...The lower the data rate the longer the transmission distance Default 54 Mbps Preamble Length Sets the length of the signal preamble that is used at the start of a data transmission Default Long Short...

Page 85: ...s a protocol that access points can use to communicate the configured traffic priority levels to QoS enabled wireless clients Table 4 WMM Access Categories WMM Operation WMM uses traffic priority base...

Page 86: ...m of a minimum wait time Arbitration Inter Frame Space or AIFS determined from the AIFSN and a random backoff time calculated from a value selected from zero to the CW The CW value varies within a con...

Page 87: ...point Devices that do not support this feature will not be allowed to associate with the access point WMM Acknowledge Policy By default all wireless data transmissions require the sender to wait for...

Page 88: ...t be greater or equal to the CWMin value AIFS Arbitration Inter Frame Space The minimum amount of wait time before the next data transmission attempt Specify the AIFS value in the range 0 15 microseco...

Page 89: ...ual access point VAP interface MAC address filtering and RADIUS server settings are global and apply to all VAP interfaces The security mechanisms that may be employed depend on the level of security...

Page 90: ...k card driver native support provided in Windows XP Provides the strongest security in WPA2 only mode Provides robust security in mixed mode for WPA and WPA2 clients Offers fast roaming for time sensi...

Page 91: ...or Disabled Yes Dynamic WEP and 802 1x WPA Authentication WPA Encryption Enable WPA Configuration Supported Cipher Suite WEP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or...

Page 92: ...uthentication and data encryption Also be sure that the WEP shared keys are the same for each client in the wireless network 802 1x WPA WPA2 Mixed Mode Authentication WPA WPA2 mixed Encryption Enable...

Page 93: ...that accepts network access attempts from any client or with clients using pre configured static shared keys Default Open System Open System If you don t set up any other security mechanism on the ac...

Page 94: ...as the multicast encryption cipher You should select WEP only when both WPA and WEP clients are supported Figure 41 WPA Key Management WPA Key Management Specifies the type of WPA encryption to use WP...

Page 95: ...update the client keys Default Key 1 Figure 42 WEP Keys Client Types Specifies the type of client to encrypt WEP and WPA clients Both WEP and TKIP encryption are supported WPA clients only All clients...

Page 96: ...hentication Protocol EAP WPA employs 802 1X as its basic framework for user authentication and dynamic key management The 802 1X client and RADIUS server should use an appropriate EAP type such as EAP...

Page 97: ...ignal WPA compatible clients can likewise respond to indicate their WPA support This enables the access point to determine which clients are using WPA security and which are using legacy WEP The acces...

Page 98: ...Association that the access point names and holds in a cache Preauthentication Each time a client roams to another access point it has to be fully re authenticated This authentication process is time...

Page 99: ...c system configuration settings System Up Time Length of time the management agent has been up MAC Address The physical layer address for the Ethernet port System Name Name assigned to this system Sys...

Page 100: ...nterface Radio Channel The radio channel through which the access point communicates with wireless clients Radio Encryption The key size used for data encryption Radio Auth Type Shows the type of auth...

Page 101: ...d to the appropriate access point Forwarding Allowed Shows if the station has passed 802 1X authentication and is now allowed to forward traffic to the access point Key Type Displays one of the follow...

Page 102: ...et to Open Authentication but a client sent an authentication request frame with a Shared key Access point was set to Shared Key Authentication but a client sent an authentication frame for Open Syste...

Page 103: ...ION To access the access point through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin and the default password is password...

Page 104: ...ide your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to...

Page 105: ...xample to set a password for the administrator enter Enterprise AP config username smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For ex...

Page 106: ...nagement Show management AP information authentication Show Authentication parameters bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp relay Show DHCP Relay...

Page 107: ...sses Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain functions These c...

Page 108: ...bal Configuration mode enter the command configure in Exec mode The system prompt will change to Enterprise AP config which gives you access privilege to all Global Configuration commands To enter Int...

Page 109: ...one word Delete key or backspace key Erases a mistake when entering a command Command Group Description Page General Basic commands for entering configuration mode restarting the system or quitting t...

Page 110: ...he Ethernet interface 5 97 Wireless Interface Configures radio interface settings 5 103 Wireless Security Configures radio interface security and encryption settings 5 125 Rogue AP Detection Configure...

Page 111: ...d returns to the previous configuration mode Default Setting None Command Mode Global Configuration Interface Configuration Example This example shows how to return to the Configuration mode from the...

Page 112: ...ntax ping host_name ip_address host_name Alias of the host ip_address IP address of the host Default Setting None Command Mode Exec Command Usage Use the ping command to see if another site on the net...

Page 113: ...system or restores the factory default settings Syntax reset board configuration board Reboots the system configuration Resets the configuration settings to the factory defaults and then reboots the s...

Page 114: ...commands in the history buffer Example In this example the show history command lists the contents of the command history buffer show line This command displays the console port s configuration settin...

Page 115: ...18 ip telnet server enable Enables the Telnet server IC E 5 18 APmgmtIP Specifies an IP address or range of addresses allowed access to the management interface GC 5 23 APmgmtUI Enables or disables SN...

Page 116: ...EE Liechtenstein LI Singapore SG Australia AU Finland FI Lithuania LT Slovak Republic SK Austria AT France FR Macao MO Spain ES Azerbaijan AZ Georgia GE Macedonia MK Sweden SE Bahrain BH Germany DE Ma...

Page 117: ...mple prompt This command customizes the CLI prompt Use the no form to restore the default prompt Syntax prompt string no prompt string Any alphanumeric string to use for the CLI prompt Maximum length...

Page 118: ...stem name Syntax system name name no system name name The name of this host Maximum length 32 characters Default Setting Enterprise AP Command Mode Global Configuration Example username This command c...

Page 119: ...rd Syntax password password no password password Password for management access Length 3 16 characters case sensitive Default Setting null Command Mode Global Configuration Example ip ssh server enabl...

Page 120: ...his command sets the Secure Shell server port Use the no form to disable the server Syntax ip ssh server port port number port number The UDP port used by the SSH server Range 1 65535 Default Setting...

Page 121: ...The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 5 19 ip http server This command allows...

Page 122: ...Range 80 1024 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port To avoid using common reserved TCP port nu...

Page 123: ...e can be enabled independently If you enable HTTPS you must indicate this in the URL https device port_number When you start HTTPS the connection is established in this way The client authenticates th...

Page 124: ...to an access point login web page as soon as Internet access is attempted The client is then authenticated by entering a user name and password on the web page This process allows controlled access fo...

Page 125: ...the access point from an invalid address the unit will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP...

Page 126: ...fies Telnet management access Web Specifies web based management access enable disable Enables or disables the selected management access method Default Setting All enabled Command Mode Global Configu...

Page 127: ...he IP addresses of management stations allowed to access the access point as well as the interface protocols which are open to management access Command Mode Exec Example Enterprise AP show apmanageme...

Page 128: ...stem Contact System Country Code US UNITED STATES MAC Address 00 30 F1 F0 9A 9C IP Address 192 254 2 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAP...

Page 129: ...show version Version Information Version v4 3 2 2 Date Dec 20 2005 18 38 12 Enterprise AP Enterprise AP show config Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeo...

Page 130: ...255 255 255 0 Default Gateway 192 254 0 1 Primary DNS 210 200 211 225 Secondary DNS 210 200 211 193 Speed duplex 100Base TX Full Duplex Admin status Up Operational status Up Wireless Interface 802 11a...

Page 131: ...ogue AP Detection Disabled Rogue AP Scan Interval 720 minutes Rogue AP Scan Duration 350 milliseconds Console Line Information databits 8 parity none speed 9600 stop bits 1 Logging Information Syslog...

Page 132: ...4 0 0 0 0 Community State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11St...

Page 133: ...02 11g Channel Stations System Information Serial Number System Up time 0 days 0 hours 16 minutes 51 seconds System Name Enterprise Wireless AP System Location System Contact Contact System Country Co...

Page 134: ...ardware Version Information Hardware version R01 Enterprise AP Command Function Mode Page logging on Controls logging of error messages GC 5 33 logging host Adds a syslog server host IP address that w...

Page 135: ...the type of error messages that are stored in memory Example logging host This command specifies syslog servers host that will receive logging messages Use the no form to remove syslog server host Sy...

Page 136: ...no logging console Default Setting Disabled Command Mode Global Configuration Example logging level This command sets the minimum severity level for event logging Syntax logging level Emergency Alert...

Page 137: ...t in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the access point However it may be used by the syslog server to sort messages or to store messages in the...

Page 138: ...gging Command Mode Exec Example Enterprise AP config logging facility 19 Enterprise AP config Enterprise AP config logging clear Enterprise AP config Enterprise AP show logging Logging Information Sys...

Page 139: ...task Set SSH server port to 22 Mar 09 11 55 52 Information SSH task Enable SSH server Mar 09 11 55 52 Information Enable Telnet Mar 09 11 55 40 Information 802 11a 11a Radio Interface Disabled Mar 09...

Page 140: ...ge When SNTP client mode is enabled using the sntp server enable command the sntp server ip command specifies the time servers from which the access point polls for time updates The access point will...

Page 141: ...t bootup i e 00 14 00 January 1 1970 Example Related Commands sntp server ip 5 38 show sntp 5 41 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Comman...

Page 142: ...clock back one hour during the specified period Example This sets daylight savings time to be used from July 1st to September 1st sntp server timezone This command sets the time zone for the access p...

Page 143: ...cate the number of hours and minutes your time zone is east before or west after of UTC Example show sntp This command displays the current time and configuration settings for the SNTP client Command...

Page 144: ...This command enables the access point s DHCP relay agent Use the no form to disable the agent Syntax no dhcp relay enable Default Setting Disabled Command Mode Global Configuration Command Usage For t...

Page 145: ...erver ip_address IP address of the server Default Setting Primary and secondary 0 0 0 0 Command Mode Global Configuration Example show dhcp relay This command displays the current DHCP relay configura...

Page 146: ...P notifications GC 5 48 snmp server engine id Sets the engine ID for SNMP v3 GC 5 50 snmp server user Sets the name of the SNMP v3 user GC 5 51 snmp server targets Configures SNMP v3 notification targ...

Page 147: ...d management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write a...

Page 148: ...he no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Comm...

Page 149: ...failure notifications and link up down notifications The snmp server host command specifies the host device that will receive SNMP notifications Example Related Commands snmp server host 5 47 snmp se...

Page 150: ...nd to enable SNMP notifications Example Related Commands snmp server enable server 5 47 snmp server trap This command enables the access point to send specific SNMP traps i e notifications Use the no...

Page 151: ...on has roamed from another access point identified by its IP address iappStationRoamedTo A client station has roamed to another access point identified by its IP address localMacAddrAuthFail A client...

Page 152: ...Syntax snmp server engine id engine id no snmp server engine id engine id Enter engine id in hexadecimal 5 32 characters Default Setting Enabled Command Mode Global Configuration Command Usage This co...

Page 153: ...three pre defined groups Other groups cannot be defined The available groups are RO A read only group using no authentication and no data encryption Users in this group use no security either authenti...

Page 154: ...e database An AuthPriv user must be assigned to the RWPriv group with the AuthPriv security level To configure a user for the RWAuth group you must include the auth proto and auth passphrase keywords...

Page 155: ...ified in the target must first be configured using the snmp server user command Example snmp server filter This command configures SNMP v3 notification filters Use the no form to delete an SNMP v3 fil...

Page 156: ...card For example a mask value of 0xFFBF provides a bit mask 1111 1111 1011 1111 If applied to the subtree 1 3 6 1 2 1 2 2 1 1 23 the zero corresponds to the 10th subtree ID When there are more subtre...

Page 157: ...pre defined groups Syntax show snmp groups Command Mode Exec Enterprise AP config snmp server filter assignments mytraps trapfilter Enterprise AP config exit Enterprise AP show snmp target Host ID myt...

Page 158: ...v3 user group assignments Syntax show snmp group assignments Command Mode Exec Enterprise AP show snmp groups GroupName RO SecurityModel USM SecurityLevel NoAuthNoPriv GroupName RWAuth SecurityModel U...

Page 159: ...ys the SNMP v3 notification filter settings Syntax show snmp filter filter id filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Command Mode Exe...

Page 160: ...filter assignments Syntax show snmp filter assignments Command Mode Exec Example Enterprise AP show snmp filter Filter trapfilter Type include Subtree iso 3 6 1 2 1 2 2 1 Type exclude Subtree iso 3 6...

Page 161: ...ity State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail...

Page 162: ...ould not be a period and the maximum length for file names is 32 characters Valid characters A Z a z 0 9 _ If the file contains an error it cannot be set as the default file Example Command Function M...

Page 163: ...ord that allows you to copy to from a flash memory file config Keyword that allows you to upload the configuration file from flash memory Default Setting None Command Mode Exec Command Usage The syste...

Page 164: ...ame syscfg TFTP Server IP 192 254 2 19 Enterprise AP Enterprise AP copy tftp file 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 2 TFTP Source file name syscf...

Page 165: ...hown below Example The following example shows how to display all file information Enterprise AP delete test cfg Are you sure you wish to delete this file y n Enterprise AP Column Heading Description...

Page 166: ...Table 19 RADIUS Client Enterprise AP show bootfile Bootfile Information Bootfile ec img bin Enterprise AP Command Function Mode Page radius server address Specifies the RADIUS server GC 5 65 radius se...

Page 167: ...ration Example radius server port This command sets the RADIUS server network port Syntax radius server secondary port port_number secondary Secondary server port_number RADIUS server UDP port used fo...

Page 168: ...bal Configuration Example radius server retransmit This command sets the number of retries Syntax radius server secondary retransmit number_of_retries secondary Secondary server number_of_retries Numb...

Page 169: ...ets the RADIUS Accounting server network port Syntax radius server secondary port accounting port_number secondary Secondary server If secondary is not specified then the access point assumes you are...

Page 170: ...updates after every interim period until the user logs off and a stop message is sent Example radius server radius mac format This command sets the format for specifying MAC addresses on the RADIUS s...

Page 171: ...ormat hex ascii hex Enter VLAN IDs as a hexadecimal number ascii Enter VLAN IDs as an ASCII string Default Setting Hex Command Mode Global Configuration Example show radius This command displays the c...

Page 172: ...se AP show radius Radius Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 18...

Page 173: ...11 association each client is allowed to access the network When 802 1X is supported the access point supports 802 1X authentication only for clients initiating the 802 1X authentication process i e t...

Page 174: ...he access point rotates broadcast keys Range 0 1440 minutes Default Setting 0 Disabled Command Mode Global Configuration Command Usage The access point uses Enterprise APOL Extensible Authentication P...

Page 175: ...mmand Usage Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point Example 802 1x session...

Page 176: ...enabled Example 802 1x supplicant user This command sets the user name and password used for authentication of the access point when operating as a 802 1X supplicant Use the no form to clear the supp...

Page 177: ...and Mode Exec Example Enterprise AP config 802 1x supplicant user AP8760 dot1xpass Enterprise AP config Enterprise AP show authentication Authentication Information MAC Authentication Server DISABLED...

Page 178: ...ddresses entered as denied in the address filtering table are denied denied Only MAC addresses entered as allowed in the address filtering table are allowed Default allowed Command Mode Global Configu...

Page 179: ...B 89 allowed Entry is allowed access denied Entry is denied access Default None Command Mode Global Configuration Command Mode The access point supports up to 1024 MAC addresses An entry in the addres...

Page 180: ...ress filtering to be performed with local or remote options Use the no form to disable MAC address authentication Syntax mac authentication server local remote local Authenticate the MAC address of wi...

Page 181: ...used to filter communications between wireless clients control access to the management interface from wireless clients and filter traffic using specific Ethernet protocol types Table 22 Filtering Co...

Page 182: ...ith a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Default Disabled Command Mode Global Confi...

Page 183: ...iltering of MAC addresses from the Ethernet port Syntax no filter uplink enable Default Disabled Command Mode Global Configuration Example filter uplink This command adds or deletes MAC addresses from...

Page 184: ...e this feature Syntax no filter ethernet type enable Default Disabled Command Mode Global Configuration Command Usage This command is used in conjunction with the filter ethernet type protocol command...

Page 185: ...ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test IP IPv6 NetBEUI PPPoE_Discovery PPPoE_PPP_Session Default None Command Mode Global Configuration Command Usage Use the...

Page 186: ...56 78 9a Enabled Protocol Filters No protocol filters are enabled Enterprise AP Command Function Mode Page bridge role Selects the bridge operation mode for a radio interface IC W 5 85 bridge link par...

Page 187: ...e bridge role is set to repeater the Parent link to the root bridge must be configured see bridge link parent on page 5 86 When the access point is operating in this mode traffic is not forwarded to t...

Page 188: ...of the parent bridge that is linked to the root bridge or the root bridge itself Example bridge link child This command configures the MAC addresses of child bridge nodes Syntax bridge link child inde...

Page 189: ...ds The time to age out an address entry Range 10 10000 seconds Default Setting 300 seconds Command Mode Global Configuration Command Usage If the MAC address of an entry in the address table is not se...

Page 190: ...5 COMMAND LINE INTERFACE show bridge aging time This command displays the current WDS forwarding table aging time setting Command Mode Exec Example Enterprise AP show bridge aging time Aging time 300...

Page 191: ...00 00 00 0 5 4095 300 300 Static 01 80 c2 00 00 03 0 5 4095 300 300 Static 00 30 f1 f0 9b 20 1 0 1 300 300 Static 00 30 f1 f0 9b 21 1 0 1 300 300 Static 00 30 f1 f0 9b 22 1 0 1 300 300 Static 00 30 f...

Page 192: ...ifies a wireless interface a The 802 11a radio interface g The 802 11g radio interface index The index number of a bridge link Range 1 6 Command Mode Exec Example Enterprise AP show bridge link wirele...

Page 193: ...Enabled state Forwarding priority 0 path cost 19 message age Timer Inactive message age 4346 designated root priority 32768 MAC 00 30 F1 F0 9A 9C designated cost 0 designated bridge priority 32768 MAC...

Page 194: ...is command to configure the spanning tree bridge forward time globally for the wireless bridge Use the no form to restore the default Syntax bridge stp forwarding delay seconds no bridge stp forwardin...

Page 195: ...ate otherwise temporary data loops might result Example bridge stp hello time Use this command to configure the spanning tree bridge hello time globally for the wireless bridge Use the no form to rest...

Page 196: ...n wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that...

Page 197: ...bridge link path cost index cost index Specifies the bridge link number on the wireless bridge Range 1 6 required on wireless interface only cost The path cost for the port Range 1 65535 Default Setti...

Page 198: ...the use of a port in the Spanning Tree Protocol If the path cost for all ports on a wireless bridge are the same the port with the highest priority that is lowest value will be configured as an activ...

Page 199: ...bridge Maximum Age 20 Seconds bridge Forward Delay 15 Seconds time since top change 89185 Seconds topology change count 0 Enterprise AP Command Function Mode Page interface ethernet Enters Ethernet in...

Page 200: ...ver server address dns secondary server server address primary server Primary server used for name resolution secondary server Secondary server used for name resolution server address IP address of do...

Page 201: ...efault To manually configure a new IP address you must first disable the DHCP client with the no ip dhcp command You must assign an IP address to this device to gain management access over the network...

Page 202: ...g the ip address command or direct the device to obtain an address from a DHCP server using this command When you use this command the access point will begin broadcasting DHCP client requests The cur...

Page 203: ...Mbps full duplex operation Default Setting Auto negotiation is enabled by default Command Mode Interface Configuration Ethernet Command Usage If autonegotiation is disabled the speed and duplex mode...

Page 204: ...port show interface ethernet This command displays the status for the Ethernet interface Syntax show interface ethernet Default Setting Ethernet interface Command Mode Exec Example Enterprise AP if e...

Page 205: ...the 802 11g radio IC W b g 5 109 preamble Sets the length of the 802 11g signal preamble IC W b g 5 110 antenna control Selects the antenna control method to use for the radio IC W 5 111 antenna id Se...

Page 206: ...the maximum number of clients that can be associated with the access point at the same time IC W VAP 5 119 assoc timeout interval Configures the idle time interval when no frames are sent after which...

Page 207: ...s speed allowed for wireless clients Options for 802 11a 6 9 12 18 24 36 48 54 Mbps Options for 802 11b g 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps Default Setting 54 Mbps Command Mode Interface Configura...

Page 208: ...tions up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections u...

Page 209: ...con packets on the wireless interface Syntax multicast data rate speed speed Maximum transmit speed allowed for multicast data Options for 802 11a 6 12 24 Mbps Options for 802 11b g 1 2 5 5 11 Mbps De...

Page 210: ...nterface Configuration Wireless Command Usage The available channel settings are limited by local regulations which determine the number of channels that are available When multiple access points are...

Page 211: ...ible Power selection is not just a trade off between coverage area and maximum supported clients You also have to ensure that high strength signals do not interfere with the operation of other radio d...

Page 212: ...ets the length of the signal preamble that is used at the start of a 802 11b g data transmission Syntax preamble long short or long long Sets the preamble to long 192 microseconds short or long Sets t...

Page 213: ...nt LEDs The access point does not support an external antenna connection on its left antenna Therefore this method is not valid for the access point right The radio only uses the antenna on the right...

Page 214: ...Usage The optional external antennas if any that are certified for use with the access point are listed by typing antenna control id Selecting the correct antenna ID ensures that the access point s ra...

Page 215: ...configures the rate at which beacon signals are transmitted from the access point Syntax beacon interval interval interval The rate for transmitting beacon signals Range 20 1000 milliseconds Default...

Page 216: ...This parameter is necessary to wake up stations that are using Power Save mode The DTIM is the interval between two synchronous frames with broadcast multicast information The default value of 2 indi...

Page 217: ...uccessful transmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This...

Page 218: ...RTS frame the station sends a CTS frame to notify the sending station that it can start sending data Access points contending for the wireless medium may not be aware of each other The RTS CTS mechani...

Page 219: ...dynamic turbo Maximum throughput ranges between 40 to 60 Mbps for connections to Atheros compatible clients Example description This command adds a description to a the wireless interface Use the no...

Page 220: ...ce Configuration Wireless VAP Command Usage Clients that want to connect to the wireless network via an access point must set their SSIDs to the same as that of the access point Example closed system...

Page 221: ...the same time Syntax max association count count Maximum number of associated stations Range 0 64 Default Setting 64 Command Mode Interface Configuration Wireless VAP Example assoc timeout interval T...

Page 222: ...nutes before re authentication Range 5 60 Default Setting 60 Command Mode Interface Configuration Wireless VAP Example shutdown This command disables the wireless interface Use the no form to restart...

Page 223: ...4 5 6 or 7 Example show interface wireless This command displays the status for the wireless interface Syntax show interface wireless a g vap id a 802 11a radio interface g 802 11g radio interface va...

Page 224: ...0 03 7f fe 03 02 802 11 Parameters Radio Mode b g mixed mode Protection Method CTS only Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346...

Page 225: ...Key Refresh Rate 30 min 802 1x Session Timeout Value 0 min Antenna Antenna Control method Diversity Antenna ID 0x0000 Default Antenna Antenna Location Indoor Quality of Service WMM Mode SUPPORTED WMM...

Page 226: ...Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit...

Page 227: ...s may mistakenly associate to a rogue AP and be prevented from accessing network resources Rogue APs may also cause radio interference and degrade the wireless LAN performance Enterprise AP show stati...

Page 228: ...nsive scanning is required to find a rogue AP A rogue AP is either an access point that is not authorized to participate in the wireless network or an access point that does not have the correct secur...

Page 229: ...cess point to discover rogue APs With authentication enabled and a configure RADIUS server the access point checks the MAC address Basic Service Set Identifier BSSID of each access point that it finds...

Page 230: ...and new clients may not be able to associate to the access point If clients experience severe disruption reduce the scan duration time A long scan duration time will detect more access points in the...

Page 231: ...ult Setting Disabled Command Mode Interface Configuration Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access point T...

Page 232: ...WLAN1AP 9 2452 MHz 42 ESS 0 0 00 90 d1 08 9d a7 WLAN1AP 1 2412 MHz 12 ESS 0 0 00 30 f1 fb 31 f4 WLAN 6 2437 MHz 16 ESS 0 0 Enterprise AP Command Function Mode Page auth Defines the 802 11 authenticati...

Page 233: ...2 Clients using WPA2 are accepted for authentication wpa2 psk Clients using WPA2 with a Pre shared Key are accepted for authentication wpa wpa2 mixed Clients using WPA or WPA2 are accepted for authent...

Page 234: ...802 1X client software A RADIUS server must also be configured and be available in the wired network If a WPA WPA2 Pre shared Key mode is selected WPA PSK WPA2 PSK or WPA WPA2 PSK mixed the key must f...

Page 235: ...ivalent Privacy WEP is implemented in this device to prevent unauthorized access to your wireless network For more secure data transmissions enable encryption with this command and set at least one st...

Page 236: ...keys use 16 alphanumeric characters or 32 hexadecimal digits Default Setting None Command Mode Interface Configuration Wireless Command Usage To enable Wired Equivalent Privacy WEP use the auth shared...

Page 237: ...sed for decryption of data from clients When using IEEE 802 1X the access point uses a dynamic key to encrypt unicast and broadcast messages to 802 1X enabled clients However because the access point...

Page 238: ...If any clients supported by the access point are not WPA enabled the cipher suite algorithm must be set to WEP WEP is the first generation security protocol used to encrypt data crossing the wireless...

Page 239: ...compliant hardware Example mic_mode This command specifies how to calculate the Message Integrity Check MIC Syntax mic_mode hardware software hardware Uses hardware to calculate the MIC software Uses...

Page 240: ...t format value The key string For ASCII input specify a string between 8 and 63 characters For HEX input specify exactly 64 digits Command Mode Interface Configuration Wireless VAP Command Usage To su...

Page 241: ...ter Key PMK that is used to generate other keys for unicast data encryption This key and other client information form a Security Association that the access point names and holds in a cache The lifet...

Page 242: ...s to be fully authenticated When the client is about to roam to another access point in the network the access point sends pre authentication messages to the new access point that include the client s...

Page 243: ...Syntax no link integrity ping detect Default Setting Disabled Command Mode Global Configuration Command Usage When link integrity is enabled the IP address of a host device in the wired network must b...

Page 244: ...s no link integrity ping host host_name Alias of the host ip_address IP address of the host Default Setting None Command Mode Global Configuration Example link integrity ping interval This command con...

Page 245: ...nfiguration Example link integrity ethernet detect This command enables an integrity check to determine whether or not the access point is connected to the wired Ethernet Syntax no link integrity ethe...

Page 246: ...app This command enables the protocol signaling required to hand over wireless clients roaming between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax no...

Page 247: ...he user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network If a user does not have a configured VLAN ID the access point assigns the user to its own config...

Page 248: ...onfigured for a client on the RADIUS server then the frames are tagged with the access point s native VLAN ID Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access p...

Page 249: ...Range 1 4094 Default Setting 1 Command Mode Interface Configuration Wireless VAP Command Usage To implement the default VLAN ID setting for VAP interface the access point must enable VLAN support usin...

Page 250: ...below Table 31 WMM Commands wmm This command sets the WMM operational mode on the access point Use the no form to disable WMM Syntax no wmm supported required supported WMM will be used for any assoc...

Page 251: ...t and background These categories correspond to traffic priority levels and are mapped to IEEE 802 1D priority tags The direct mapping of the four ACs to 802 1D priorities is specifically intended to...

Page 252: ...ximum log value of the contention window This is the maximum upper limit of the random backoff wait time before wireless medium access can be attempted The contention window is doubled after each dete...

Page 253: ...2 LogCwMax 10 10 4 3 AIFS 3 7 2 2 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled BSS Parameters WMM Parameters AC0 Best Effort AC1 Background AC2 Video AC3 Voice LogCwMin...

Page 254: ...5 152 CHAPTER 5 COMMAND LINE INTERFACE...

Page 255: ...subnet as the wired LAN If necessary reset the access point to the factory defaults Try the solutions in the following table If you need further assistance contact 3Com Technical Support through the...

Page 256: ...hich mobile users can roam are configured to the same WEP setting SSID and authentication settings Slow or erratic performance Try changing the wireless channel on the access point Check the access po...

Page 257: ...rvice area to match If you change the IP address and save the change you cannot continue to configure the access point using the old IP address Therefore if you want to continue configuring this acces...

Page 258: ...6 4 CHAPTER 6 TROUBLESHOOTING...

Page 259: ...onfiguring 5 45 community string 4 20 5 45 configuration settings saving or restoring 5 61 configuration initial setup 3 1 connecting power 2 2 2 6 country code configuring 5 14 CTS 4 41 5 116 D devic...

Page 260: ...allation 2 3 log messages 4 34 4 61 5 33 server 4 33 5 33 login CLI 5 1 web 3 5 logon authentication RADIUS client 4 13 5 64 M MAC address recording 2 4 MAC address authentication 4 11 5 76 5 77 maxim...

Page 261: ...les setting 5 60 station status 4 60 5 125 status displaying device status 4 59 5 26 displaying station status 4 60 5 125 system clock setting 4 34 5 39 system log enabling 4 33 5 33 server 4 33 5 33...

Reviews: