manualshive.com logo in svg

3Com 3CRWEASYA73 / WL-575, User Manual, Page: 258 / 335

Share
Download
3Com 3CRWEASYA73 / WL-575 User Manual Download Page 258

6-126

C

HAPTER

 6: C

OMMAND

 L

INE

 I

NTERFACE

bridge stp enable

This command enables the Spanning Tree Protocol. Use the 

no

 form to disable 

the Spanning Tree Protocol.

Syntax 

[

no

bridge stp enable

Default Setting 

Enabled

Command Mode 

Global Configuration

Example 

This example globally enables the Spanning Tree Protocol.

bridge stp forwarding-delay

Use this command to configure the spanning tree bridge forward time globally 
for the wireless bridge. Use the 

no

 form to restore the default.

Syntax 

bridge stp forwarding-delay

 <

seconds

>

no bridge stp forwarding-delay

seconds

 - Time in seconds. (Range: 4 - 30 seconds)

The minimum value is the higher of 4 or [(max-age / 2) + 1]. 

Default Setting 

15 seconds

Command Mode 

Global Configuration

show bridge stp

Displays the global spanning tree settings

Exec

6-130

show bridge link

Displays current bridge settings for specified interfaces Exec

6-124

AP(config)bridge stp enable

AP(config)

Command

Function

Mode

Page

Summary of Contents for 3CRWEASYA73 / WL-575

Page 1: ...www 3Com com User Guide 3Com Outdoor 11a Building to Building Bridge and 11bg Access Point 3CRWEASYA73 WL 575 Part Number 10016517 Rev AA Published December 2007 ...

Page 2: ...copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 701...

Page 3: ...Power Injector Module 1 5 Grounding Point 1 6 Water Tight Test Point 1 6 Wall and Pole Mounting Bracket Kit 1 7 System Configuration 1 7 Operating Modes 1 7 Point to Point Configuration 1 8 Point to Multipoint Configuration 1 8 Bridge Link Planning Data Rates 2 2 Radio Path Planning 2 3 Antenna Height 2 4 Antenna Position and Orientation 2 6 Radio Interference 2 7 Weather Conditions 2 7 Ethernet C...

Page 4: ...hout a DHCP Server 4 1 Using the 3Com Installation CD 4 2 Launch the 3COM Wireless Infrastructure Device Manager Widman utility 4 2 Launching the 3com Wireless Interface Device Manager 4 2 First Time Only 4 4 Using the Setup Wizard 4 4 System Configuration Advanced Setup 5 2 System Identification 5 4 TCP IP Settings 5 5 RADIUS 5 8 RADIUS Accounting 5 11 Authentication 5 12 Filter Control 5 17 VLAN...

Page 5: ...a Interface 5 55 Configuring Radio Settings 5 55 Configuring Common Radio Settings 5 57 802 11b g Interface 5 60 Configuring Wi Fi Multimedia 5 64 Security 5 68 Wired Equivalent Privacy WEP 5 71 Wi Fi Protected Access WPA 5 75 Command Line Interface Using the Command Line Interface 6 1 Accessing the CLI 6 1 Console Connection 6 1 Telnet Connection 6 2 Entering Commands 6 3 Keywords and Arguments 6...

Page 6: ...Commands 6 6 Command Line Processing 6 6 Command Groups 6 7 Troubleshooting Cables and Pinouts Twisted Pair Cable Assignments B 1 10 100BASE TX Pin Assignments B 2 Straight Through Wiring B 3 Crossover Wiring B 4 8 Pin DIN Connector Pinout B 5 8 Pin DIN to RJ 45 Cable Wiring B 6 Glossary Index ...

Page 7: ...s interconnected with other cells bases BSS Basic Service Set It is an access point and all the LAN PCs that are associated with it CSMA CA Carrier Sense Multiple Access with Collision Avoidance EAP Extensible Authentication Protocol which provides a generalized framework for several different authentication methods ESS Extended Service Set More than one BSS is configured to become an ESS LAN mobi...

Page 8: ...An access point radio capable of operating as four separate access points VLAN Virtual Local Area Network A LAN consisting of groups of hosts that are on physically different segments but that communicate as though they were on the same segment WEP Wired Equivalent Privacy is based on the use of security keys and the popular RC4 encryption algorithm Wireless devices without a valid WEP key will be...

Page 9: ...for attaching to a wall pole radio mast or tower structure The unit is powered through its Ethernet cable connection from a power injector module that is installed indoors The wireless bridge system offers a fast reliable and cost effective solution for connectivity between remote Ethernet wired LANs or to provide Internet access to an isolated site The system is also easy to install and operate i...

Page 10: ... Orthogonal Frequency Division Multiplexing OFDM and a shared collision domain CSMA CA The 802 11a standard operates in the 5 GHz Unlicensed National Information Infrastructure UNII band and the 802 11g standard in the 2 4 GHz band IEEE 802 11g includes backward compatibility with the IEEE 802 11b standard IEEE 802 11b also operates at 2 4 GHz but uses Direct Sequence Spread Spectrum DSSS and Comp...

Page 11: ...Console to RS232 cable PoE power injector Ethernet connector and AC power cord One grounding screw not attached One Quick Start Guide One CD ROM containing the Setup Wizard software and User s Manual One Warranty Flyer Optional One N type RF coaxial cable Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Us...

Page 12: ... both 5 GHz and 2 4 GHz operation In a point to multipoint configuration an external high gain omnidirectional sector or high gain panel antenna can be attached to communicate with bridges spread over a wide area The bridge requires a 2 4 GHz external antenna for 802 11b g operation The following table summarizes the external antenna options Console Port with Protective Cap Grounding Point Etherne...

Page 13: ... power through its network cable connection using power over Ethernet technology A power injector module is included in the wireless bridge package and provides two RJ 45 Ethernet ports one for connecting to the wireless bridge Output and the other for connecting to a local LAN switch Input The Input port uses an MDI i e internal straight through pin configuration You can therefore use straight th...

Page 14: ...ower injector module automatically adjusts to any AC voltage between 100 240 volts at 50 or 60 Hz No voltage range settings are required GROUNDING POINT Even though the wireless bridge includes its own built in lightning protection it is important that the unit is properly connected to ground A grounding screw is provided for attaching a ground wire to the unit WATER TIGHT TEST POINT Input Output ...

Page 15: ... services through either the 5 GHz or 2 4 GHz radio interfaces The unit supports both point to point and point to multipoint bridge modes Wireless bridge units can be used as regular 802 11a b g access points connected to a local wired LAN providing connectivity and roaming services for wireless clients in an outdoor area Units can also be used purely as bridges connecting remote LANs Alternativel...

Page 16: ...TO POINT CONFIGURATION Two bridges can form a wireless point to point link using their 5 GHz 802 11a integrated antennas A point to point configuration can provide a limited data rate 6 Mbps link over a long range up to 15 4 km or a high data rate 108 Mbps over a short range 1 3 km POINT TO MULTIPOINT CONFIGURATION A wireless bridge set to Master mode can use an omnidirectional antenna to connect ...

Page 17: ...1 9 The following figure shows a point to multipoint in line configuration with one bridge set to Master and using a directional panel antenna 19 Beam Angle ...

Page 18: ...1 10 ...

Page 19: ...some careful site planning is required This chapter provides guidance and information for planning your wireless bridge links NOTE The planning and installation of the wireless bridge requires professional personnel that are trained in the installation of radio transmitting equipment The user is responsible for compliance with local regulations concerning items such as antenna power use of lightni...

Page 20: ...for the various antenna options A summary for 5 0 GHz 802 11a antennas is provided in the following table Distances Achieved Using 17 dBi Integrated Antennas Data Rate Distance 6 Mbps 15 4 km 9 Mbps 14 7 km 12 Mbps 14 km 18 Mbps 12 8 km 24 Mbps 11 1 km 36 Mbps 6 5 km 48 Mbps 2 9 km 54 Mbps 1 8 km 12 Mbps Turbo 13 4 km 18 Mbps Turbo 12 8 km 24 Mbps Turbo 12 2 km 36 Mbps Turbo 11 1 km 48 Mbps Turbo ...

Page 21: ...und must intrude within 60 of the first Fresnel Zone The following figure illustrates the concept of a good radio line of sight If there are obstacles in the radio path there may still be a radio link but the quality and strength of the signal will be affected Calculating the maximum clearance from objects on a path is important as it directly affects the decision on antenna placement and height I...

Page 22: ... mast or pole may need to be constructed to attain the minimum required height Use the following table to estimate the required minimum clearance above the ground or path obstruction for 5 0 GHz bridge links Total Link Distance Max Clearance for 60 of First Fresnel Zone at 5 8 GHz Approximate Clearance for Earth Curvature Total Clearance Required at Mid point of Link 0 25 mile 402 m 4 5 ft 1 4 m 0...

Page 23: ...s at each end of the link need to be at least 22 3 m 73 ft high Building A is six stories high or 20 m 66 ft so a 2 3 m 7 5 ft mast or pole must be constructed on its roof to achieve the required antenna height Building B is only three stories high or 9 m 30 ft but is located at an elevation that is 12 m 39 ft higher than building A To mount an antenna at the required height on building B a mast o...

Page 24: ...ir conditioning equipment tinted windows wire fences or water pipes The wireless bridge antennas at both ends of the link must be positioned with the same polarization direction either horizontal or vertical Antenna Polarization The wireless bridge s integrated antenna sends a radio signal that is polarized in a particular direction The antenna s receive sensitivity is also higher for radio signal...

Page 25: ...city The wireless bridge can operate in winds up to 100 MPH and survive higher wind speeds up to 150 MPH You must consider the known maximum wind velocity and direction at the site and be sure that any supporting structure such as a pole mast or tower is built to withstand this force Lightning The wireless bridge includes its own built in lightning protection However you should make sure that the ...

Page 26: ...nts The Ethernet cable length should never be longer than 100 m 328 ft Determine a building entry point for the cable Determine if conduits bracing or other structures are required for safety or protection of the cable For lightning protection at the power injector end of the cable use a lightning arrestor immediately before the Ethernet cable enters the building GROUNDING It is important that the...

Page 27: ... kit for mounting the unit to a 2 to 3 inch diameter steel pole or tube The pole mounting bracket allows the unit to be mounted to part of a radio mast or tower structure The unit also has a wall mounting bracket kit that enables it to be fixed to a building wall or roof when using external antennas Hardware installation of the wireless bridge involves these steps 1 Mount the unit on a wall pole m...

Page 28: ... UNIT The bridge can be mounted on the following types of surfaces Pole Wall USING THE POLE MOUNTING BRACKET Perform the following steps to mount the unit to a 2 to 3 inch diameter steel pole or tube using the mounting bracket 1 Place the V shaped part of the bracket around the pole and tighten the securing nuts just enough to hold the bracket to the pole The bracket may need to be rotated around ...

Page 29: ... into the slots in the rectangular plate and tighten the nuts 3 Attach the adjustable rectangular plate to the bridge with supplied screws Fit the edges of the V shaped part into the slots Attach the adjustable rectangular plate to the bridge ...

Page 30: ... sure to take account of the antenna polarization direction all antennas in a link must be mounted with the same polarization USING THE WALL MOUNTING BRACKET Perform the following steps to mount the unit to a wall using the wall mounting bracket Attach the bridge to the plate on the pole CAUTION The wall mounting bracket does not allow the wireless bridge s intrgrated antenna to be aligned It is i...

Page 31: ...sition the bracket in the intended location and mark the position of the four mounting screw holes 3 Drill four holes in the wall that match the screws and wall plugs included in the bracket kit then secure the bracket to the wall 4 Use the included nuts to tightly secure the wireless bridge to the bracket ...

Page 32: ...ire an external antenna for 2 4 GHz operation Perform these steps 1 Mount the external antenna to the same supporting structure as the bridge within 3 m 10 ft distance using the bracket supplied in the antenna package 2 Connect the antenna to the bridge s N type connector using the RF coaxial cable provided in the antenna package 3 Apply weatherproofing tape to the antenna connectors to help preve...

Page 33: ...t cable between the bridge and power injector The lightning arrestor should be placed outdoors immediately before the Ethernet cable enters the building CONNECT THE POWER INJECTOR To connect the wireless bridge to a power source WARNING Do not connect or disconnect cables or otherwise work with the bridge during periods of lightning activity CAUTION Be sure that grounding is available and that it ...

Page 34: ...being supplied to the wireless bridge through the Ethernet connection NOTE The wireless bridge s Ethernet port does not support Power over Ethernet PoE based on the IEEE 802 3af standard Do not try to power the unit by connecting it directly to a network switch that provides IEEE 802 3af PoE Always connect the unit to the included power injector module NOTE The RJ 45 port on the power injector is ...

Page 35: ...idge has a 10 100 Mbps Fast Ethernet connection but there is no activity Flashing Indicates that the bridge is transmitting or receiving data on a 10 100 Mbps Ethernet LAN Flashing rate is proportional to network activity Off No link is present or the Ethernet LAN port is disabled 11a Three LEDs Green and Flashing The 802 11a 5 3 GHz radio is enabled RSSI Mode One fully lit LED indicates a low RSS...

Page 36: ...orizontally and vertically Point to Multipoint Configurations In a point to multipoint configuration all bridge nodes must be aligned with the root bridge antenna The alignment process is the same as in point to point links but only the bridge node end of the link requires the alignment The signal strength LEDs indicate the received radio signal strength for a particular bridge link The more LEDs ...

Page 37: ...agement interface Start with one antenna fixed and then perform the following procedure on the other antenna Main Lobe Maximum Horizontal Scan Vertical Scan RSSI Voltage Side Lobe Maximum RSSI Voltage Remote Antenna Maximum Signal Strength Position for Horizontal Alignment Maximum Signal Strength Position for Vertical Alignment NOTE The RSSI output can be configured through management interfaces t...

Page 38: ...on and secure the horizontal adjustment in that position 3 Loosen the vertical adjustment on the mounting bracket and tilt the antenna slowly up and down while checking the LEDs 4 Find the point where the signal is strongest and secure the vertical adjustment in that position NOTE Sometimes there may not be a central lobe peak in the voltage because vertical alignment is too far off only two simil...

Page 39: ...t NETWORKS WITH A DHCP SERVER If your network has a DHCP server an IP address is automatically assigned to the AP It takes between one and two minutes for the Access Point to determine if there is a DHCP server on the network Use the 3Com Wireless Infrastructure Device Manager Widman included on the 3Com Installation CD to locate the Access Point on the network and view its IP address After you de...

Page 40: ...d utilities 3Com Wireless Infrastructure Device Manager an administration tool that helps you select 3Com wireless LAN devices and launch their configurations in your Web browser LAUNCH THE 3COM WIRELESS INFRASTRUCTURE DEVICE MANAGER WIDMAN UTILITY 1 Turn on the computer 2 Insert the 3Com Installation CD into the CD ROM drive The CD will Autorun If it does not Autorun you can start the setup menu ...

Page 41: ...following screen Figure 2 Wireless Interface Device Manager Properties Directly connect to the device through its Ethernet port or console port Follow the instructions below to login into the AP Configuration screen 1 Load a web browser and enter http 169 254 2 1 2 The Logon screen appears ...

Page 42: ...e form 169 254 2 1 Use the 3Com Wireless Infrastructure Device Manager to locate 3Com Wireless LAN devices and launch their configurations When installing the device manager make sure the computer is connected to the same network as the device to be configured After installing and launching the device manager select the device to be configured from network tree and click Configure to launch the co...

Page 43: ...Enter the default IP address http 169 254 2 1 Logging In Enter the username admin and password password then click LOGIN For information on configuring a user name and password see page 34 Figure 4 Login Page NOTE If you changed the default IP address via the command line interface above use that address instead of the one shown here ...

Page 44: ...etup Wizard on the home page select the VAP you wish to configure then click on the Next button to start the process Figure 6 Setup Wizard Start 1 Service Set ID Enter the service set identifier in the SSID box which all wireless clients must use to associate with the access point The SSID is case sensitive and can consist of up to 32 alphanumeric characters ...

Page 45: ...tup Wizard Step 2 NOTE Available channel settings are limited by local regulations which determine the channels that are available This User Guide shows channels and settings that apply to North America United States and Canada with 13 channels available for the 802 11a interface and 11 channels for the 802 11g interface Other regions have different channels and settings available ...

Page 46: ...bled 802 11g Radio Channel Set the operating radio channel number Range 1 11 3 IP Configuration Either enable or disable Dynamic Host Configuration Protocol DHCP for automatic IP configuration If you disable DHCP then manually enter the IP address and subnet mask If a management station exists on another network segment then you must enter the IP address for a gateway that can route traffic betwee...

Page 47: ...P Wired Equivalent Privacy is used to encrypt transmissions passing between wireless clients and the access point Default Disabled Shared Key Setup If you select Shared Key authentication enable WEP then configure the shared key by selecting 64 bit or 128 bit key type and entering a hexadecimal or ASCII string of the appropriate length The key can be entered as alphanumeric characters or hexadecim...

Page 48: ...IAL CONFIGURATION 5 Click Finish 6 Click the OK button to complete the wizard Figure 11 Setup Wizard Completed NOTE All wireless devices must be configured with the same Key ID values to communicate with the access point ...

Page 49: ...access point installation the default WLAN Service Area ESSID is 3Com and no security is set Unless it detects a DHCP server on the network the access point uses Auto IP to assign an IP address of the form 169 254 2 1 Use the 3Com Wireless Infrastructure Device Manager to locate 3Com Wireless LAN devices and launch their configurations When installing the device manager make sure the computer is c...

Page 50: ... 1 Advanced Setup Menu Description Page System Configures basic administrative and client access 5 4 Identification Specifies the host name 5 4 TCP IP Settings Configures the IP address subnet mask gateway and domain name servers 5 5 RADIUS Configures the RADIUS server for wireless client authentication and accounting 5 8 Authentication Configures 802 1X client authentication with an option for MA...

Page 51: ...he access point and wireless clients 5 78 AP Status Displays configuration settings for the basic system and the wireless interface 5 78 Station Status Shows the wireless clients currently associated with the access point 5 79 Rogue AP Status Displays the Rouge AP scan results 5 81 RSSI Monitor Displays RSSI signal strength results 5 82 Event Logs Shows log messages stored in memory 5 83 802 11a I...

Page 52: ...lt setting However modifying this parameter can help you to more easily distinguish different devices in your network Figure 13 System Identification System Name An alias for the access point enabling the device to be uniquely identified on the network Default Enterprise Outdoor Wireless Bridge AP Range 1 32 characters ...

Page 53: ...astructure Device Manager to discover or set the initial IP address of the unit WIDMAN will allow you to launch a web browser on the Access Point s web management interface by selecting the Access Point and the configure button Figure 14 TCP IP Settings NOTE You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through yo...

Page 54: ...ve management stations DNS RADIUS or other network servers located on another subnet type the IP address of the default gateway router in the text field provided Otherwise leave the address as all zeros 0 0 0 0 Primary and Secondary DNS Address The IP address of Domain Name Servers on the network A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familia...

Page 55: ... AP when it cannot not reach a critical network element such as the RADIUS server VPN Terminator Mail Server etc Disable Enable Disables or enables a link check to a host device on the wired network Target IP address Specifies the IP address of a host device in the wired network Enable Enables traffic between the host s IP address and the AP Ping Interval Specifies the time between each Ping sent ...

Page 56: ...ccess control and Wi Fi Protected Access WPA wireless security A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible In addition a RADIUS Accounting server can be configured to receive user session accounting information from the access point RADIUS Accounting can be used to provide valuable information on user activity in the network NOT...

Page 57: ...812 Key A shared text string used to encrypt messages between the access point and the RADIUS server Be sure that the same text string is specified on the RADIUS server Do not use blank spaces in the string Maximum length 255 characters Timeout Number of seconds the access point waits for a reply from the RADIUS server before resending a request Range 1 60 seconds Default 5 Retransmit attempts The...

Page 58: ...VLAN IDs must be configured on the RADIUS server for each user authorized to access the network VLAN IDs can be entered as hexadecimal numbers or as ASCII strings MAC Address Format MAC addresses may take several different formats Select the option that best suits your needs No Delimiter Specifies a sequential non delimiter address in the format aabbccddeeff Default Single Dash Specifies a sequent...

Page 59: ...tes a subscription Figure 17 RADIUS Accounting RADIUS Accounting Enable Enables sending of accounting messages to a RADIUS accounting server RADIUS Accounting Disable Disables the sending of RADIUS accounting messages Log All authenticated clients Allows logging for both RADIUS Server authenticated WLAN client and non RADIUS server authentication clients Log RADIUS authenticated clients only Allow...

Page 60: ...gured on the access point or by using a database configured on a central RADIUS server Alternatively authentication can be implemented using the IEEE 802 1X network access control protocol A client s MAC address provides relatively weak user authentication since MAC addresses can be easily captured and used by another station to break into the network Using 802 1X provides more robust user authent...

Page 61: ...fore configuring MAC address or 802 1X authentication Use MAC address authentication for a small network with a limited number of users MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server but managing a large number of MAC addresses across many access points is very cumbersome A RADIUS server can be used to centrally manage a larger databa...

Page 62: ...are authorized to access the network This provides a basic level of authentication for wireless clients attempting to gain access to the network A database of authorized MAC addresses can be stored locally on the access point or remotely on a central RADIUS server Default Disabled Disabled No checks are performed on an associating station s MAC address ...

Page 63: ...pports 802 1X authentication only for clients initiating the 802 1X authentication process i e the access point does not initiate 802 1X authentication For clients initiating 802 1X only those successfully authenticated are allowed to access the network For those clients not initiating 802 1X access to the network is allowed after successful wireless association with the access point The 802 1X su...

Page 64: ...al MAC authentication database The MAC database provides a mechanism to take certain actions based on a wireless client s MAC address The MAC list can be configured to allow or deny network access to specific clients System Default Specifies a default action for all unknown MAC addresses that is those not listed in the local MAC database Deny Blocks access for all MAC addresses except those listed...

Page 65: ...d to a VLAN If IEEE 802 1X is being used to authenticate wireless clients specific VLAN IDs can be configured on the RADIUS server to be assigned to each client If a client is not assigned to a specific VLAN or if 802 1X is not used the client is assigned to the default VLAN for the VAP interface with which it is associated The access point only allows traffic tagged with assigned VLAN IDs or defa...

Page 66: ... to the configured default VLAN ID for the VAP interface When setting up VLAN IDs for each user on the RADIUS server be sure to use the RADIUS attributes and values as indicated in the following table VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string see radius server vlan format on page 63 NOTE When using IEEE 802 1X to dynamically assign VLAN IDs the access point mus...

Page 67: ...As Communication Filter Sets the global mode for wireless to wireless communications between clients associated to Virtual AP VAP interfaces on the access point Default Prevent Inter and Intra VAP client Communication Disabled All clients can communicate with each other through the access point Prevent Intra VAP client communication When enabled clients associated with a specific VAP interface can...

Page 68: ...licking Edit Port MAC Address Filtering List displays the following screen which allows you to enter up to eight MAC addresses for filtering Figure 20 Port MAC Address Filtering Uplink Port MAC Address Filtering Status Prevents traffic with specified source MAC addresses from being forwarded to wireless clients through the access point You can add a maximum of eight MAC addresses to the filter tab...

Page 69: ... configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A defined set of variables known as managed objects is maintained by the SNMP agent and used to manage the device These objects are defi...

Page 70: ...ard agent using SNMP v1 and v2c is controlled by community strings To communicate with the access point the management station must first submit a valid community string for authentication Access to the access point using SNMP v3 provides additional security features that cover message integrity authentication and encryption as well as controlling notifications that are sent to specified user targ...

Page 71: ... location Maximum length 255 characters Contact A text string that describes the system contact Maximum length 255 characters Community Name Read Only Defines the SNMP community access string that has read only access Authorized management stations are only able to retrieve MIB objects Maximum length 23 characters case sensitive Default public Community Name Read Write Defines the SNMP community a...

Page 72: ...he engine identifier for the SNMPv3 agent that resides on the access point This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A default engine ID is automatically generated that is unique to the access point Range 10 to 64 hexadecimal character...

Page 73: ...out to shutdown and reboot sysRadiusServerChanged The access point has changed from the primary RADIUS server to the secondary or from the secondary to the primary sysConfigFileVersionChanged The access point s configuration file has been changed dot11StationAssociation A client station has successfully associated with the access point dot11StationReAssociation A client station has successfully re...

Page 74: ... successfully authenticated by the RADIUS server localMacAddrAuthSuccess A client station has successfully authenticated its MAC address with the local database on the access point localMacAddrAuthFail A client station has failed authentication with the local MAC address database on the access point iappStationRoamedFrom A client station has roamed from another access point identified by its IP ad...

Page 75: ...word in the corresponding Passphrase field Priv Type The data encryption type used for the SNMP user either DES or none When DES is selected enter a key in the corresponding Passphrase field Passphrase The password or key associated with the authentication and privacy settings A minimum of eight plain text characters is required Action Click the Add button to add a new user to the list Click the e...

Page 76: ...ns to configure the settings see below To edit an existing target select the radio button next to the entry in the table and then click the Edit button To delete targets select the radio button next to the entry in the table and then click the Delete button Figure 26 Configuring SNMPv3 Targets Define the parameters and select a filter if required Click on the Add button to save the configured para...

Page 77: ...er select the radio button next to the entry in the table and then click the Edit button To delete a filter select the radio button next to the entry in the table and then click the Delete button Figure 27 Configuring SNMPv3 Filters Filter ID A user defined name that identifies the filter Maximum length 32 characters Filter Type Indicates if the filter is to include or exclude the MIB subtree obje...

Page 78: ... resources Rogue AP detection may be enabled or disabled for each radio interface The access point can be configured to periodically scan all radio channels and find other access points within range A database of nearby access points is maintained where any rogue APs can be identified During a scan Syslog messages are sent for each access point detected Rogue access points can be identified by unk...

Page 79: ...will detect more access points in the area but causes more disruption to client access Range 100 1000 milliseconds Default 350 milliseconds AP Scan Now Starts an immediate rogue AP scan on the radio interface Default Disable AP MANAGEMENT The Web Telnet and SNMP management interfaces are enabled and open to all IP addresses by default To provide more security for management access to the access po...

Page 80: ...h SNMP Default Enable Management IP Restricts management access to Telnet Web and SNMP interfaces to specified IP addresses Default Any IP Any IP Indicates that any IP address is allowed management access Single IP Specifies a single IP address that is allowed management access Multiple IP Specifies an address range as defined by the entered IP address and subnet mask For example IP address 169 25...

Page 81: ...he local user name and password for access authentication Note that SSH client software needs to be installed on the management station to access the access point for management via the SSH protocol Figure 30 Telnet and SSH Settings Telnet and SSH Settings Configures Telnet and SSH settings Telnet Server Status Enables or disables the Telnet server Default Enabled SSH Server Status Enables or disa...

Page 82: ...PS connections will be severed Default 600 Range 0 1800 ADMINISTRATION CHANGING THE PASSWORD Management access to the web and CLI interface on the access point is controlled through a single user name and password You can also gain additional access security by using control filters see Filter Control on page 17 To protect access to the management interface you need to configure an Administrator s...

Page 83: ...g menu provides the facility Figure 33 Changing the country code UPGRADING FIRMWARE You can upgrade new access point software from a local file on the management workstation or from an TFTP server New software may be provided periodically from your distributor After upgrading new software you must reboot the access point to implement the new code Until a reboot occurs the access point will continu...

Page 84: ...ed on the access point determine the VLAN ID with which the FTP or TFTP server is associated and then configure the management station or the network port to which it is attached with the same VLAN ID If you are managing the access point from a wireless client the VLAN ID for the wireless client must be configured on a RADIUS server Firmware Upgrade Configures local and remote firmware upgrade par...

Page 85: ...le on the unit FTP TFTP Specifies whether to use FTP or TFTP for file transfer New firmware file Specifies the name of the code file on the server The new firmware file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names is 32 characters for files on the access point Valid characters A Z a z 0 9 _ IP Address IP address...

Page 86: ...nterface to reboot the system Auto provisioning The access point supports automatic and scheduled configuration and firmware file updating from either similar Bridge Access Points acting as remote servers Autoupdate only or FTP servers Autoupdate and Autoupgrade When either Autoupdate or Autoupgrade is enabled the Bridge AP will attempt to copy the configuration or firmware file from the list of c...

Page 87: ...the client service Immediately Sends an immediate request for a configuration file update Startup Upon booting up sends a request for a configuration file update Startup Periodic Both upon booting up and at a specified interval sends requests for a configuration file update Polling Interval If using periodic auto configuration this sets the frequency with which the access point will search for new...

Page 88: ... Autoupgrade Client Enables the Bridge AP to operate as a client that sends requests to a specified server for firmware file updates and schedules the times at which the requests are sent Range Disable Immediately Startup Startup Periodic Default Disable Disable Disables the client service Immediately Sends an immediate request for a firmware file update Startup Upon booting up sends a request for...

Page 89: ... 575 Bridge AP and WL 546 Access Point are completely interoperable and can form bridge links in the same network In bridge or repeater mode the unit forwards traffic directly to other access point units To set up bridge links between access point units you must configure the Wireless Distribution System WDS forwarding table by specifying the wireless MAC address of all units to which you want to ...

Page 90: ...er when a primary link goes down Figure 38 WDS and Spanning Tree Settings WDS Setting Configures bridge settings for both radio interfaces Bridge Role Each radio interface can be set to operate in one of the following four modes Default AP AP Access Point Operates as an access point for wireless clients providing wireless connectivity to a wired LAN Enabling the AP function disables WDS ...

Page 91: ... A slave will have only one link to the master root bridge A root bridge sits at the edge of a wireless network as an overall parent and so does not have a Master or Slave mode Channel Auto Sync This command allows a child node to automatically find the operating channel of its parent node Bridge Parent The physical layer address of the root bridge unit or the bridge unit connected to the root bri...

Page 92: ... network Bridge Child Selects one of the child nodes in the wireless bridge network Range 2 6 Station to Copy Selects a detected Bridge AP from which to copy WDS settings SSID The name of the basic service set of the detected AP RSSI Represents a signal to noise ratio that determines the strength of the signal being transmitted from the detected AP BSSID The MAC address of the detected AP ...

Page 93: ...5 45 WDS and Spanning Tree Settings Figure 40 Spanning Tree Protocol ...

Page 94: ...ted bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Prot...

Page 95: ...efault 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Bridge Hello Time Interval in seconds at which the root device transmits a configuration message Range 1 10 seconds Default 2 Minimum 1 Maximum The lower of 10 or Max Message Age 2 1 Bridge Forwarding Delay The maximum time in seconds this device waits before changing states i e discarding to learn...

Page 96: ...alue will be configured as an active link in the spanning tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Default 128 Range 0 240 in steps of 16 Dynamic Entry Age time The period of time after which the unit...

Page 97: ... to memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Logging Level Sets the minimum severity level for event logging Default Informational Logging Host Enables the sending of log messages to a Syslog server host Up to four Syslog servers are supported...

Page 98: ...or event entries If the clock is not set the access point will only record the time from the factory default set at the last bootup The access point acts as an SNTP client periodically sending time synchronization requests to specific time servers You can configure up to two time server IP addresses The access point will attempt to poll each server in the configured sequence Error Level Descriptio...

Page 99: ... Set Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours your time zone is located before east or after west UTC Enable Daylight Saving The access point provides a way to automatically adjust the system...

Page 100: ... to align antennas and monitor the quality of the received signal for bridge links An RSSI value of about 30 or more indicates a strong enough signal to support the maximum data rate of 54 Mbps Below a value of 30 the supported data rate would drop to lower rates A value of 15 or less indicates that the signal is weak and the antennas may require realignment The RSSI controls allow the receive sig...

Page 101: ...de or Bridge mode Bridge Port Allows the user to select the bridge port for the LED display Default 1 Range 1 6 There are currently no equivalent CLI commands for the RSSI controls RADIO INTERFACE The IEEE 802 11a and 802 11g interfaces include configuration options for radio signal characteristics and wireless security features The configuration options are nearly identical and are therefore both...

Page 102: ...meters apply to all four VAP interfaces The VAPs function similar to a VLAN with each VAP mapped to its own VLAN ID Traffic to specific VAPs can be segregated based on user groups or application traffic NOTE The Building to Building Bridge AP ships from the factory enabled only for channels allowed in the US Canada If you live in an area where additional channels are allowed go to the 3Com web sit...

Page 103: ...ervice provided by each VAP Remember that only clients with the same SSID can associate with a VAP Configuring Radio Settings To configure VAP radio settings select the Radio Settings page Figure 45 Radio Settings A Radio Status Displays if the radio is enabled or disabled for this VAP SSID The name of the basic service set provided by a VAP interface Clients that want to connect to the network th...

Page 104: ...aximum number of clients that can be associated with the access point at the same time Authentication Timeout Interval The time within which the client should finish authentication before authentication times out Range 5 60 minutes Default 60 minutes Association Timeout Interval The idle time interval when no frames are sent after which a client is disassociated from the VAP interface Range 5 60 m...

Page 105: ...omment or description to the wireless interface Range 1 80 characters Turbo Mode The normal 802 11a wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps Default Disabled NOTE In normal mode the access...

Page 106: ... 40 44 48 in the same area For 11b g access points the recommended channel separation for optimal performance is 5 in the United States e g channels 1 6 11 Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked Default Channel 42 for Turbo mode Antenna ID Selects the antenna to be used by the access point either the i...

Page 107: ...ault 100 Maximum Transmit Data Rate The maximum data rate at which the access point transmits unicast packets on the wireless interface The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Options 54 48 36 24 Mbps Default 54 Mbps Maximum Multicast Data Rate The maximum data rate at which the access point transmits multicast and...

Page 108: ...he retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames Range 256 2346 bytes Default 2346 bytes RTS Threshold Sets the packet size threshold at which a Request to Send RTS signal must be sent to a receiving station prior to the sending station starting communic...

Page 109: ...y clients with the same SSID can associate with a VAP Most of the 802 11g commands are identical to those used by the 802 11a interface For information on the these commands refer to the following sections Configuring Radio Settings on page 55 Rogue AP on page 30 Configuring Common Radio Settings on page 57 Wi Fi Protected Access WPA on page 75 Only the radio settings specific to the 802 11g inter...

Page 110: ...unicate with the access point but 802 11g clients can only transfer data at 802 11b standard rates up to 11 Mbps 802 11g only Only 802 11g clients can communicate with the access point up to 54 Mbps Turbo Mode The normal 802 11g wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced proprietary mode Atheros 802 11g Turbo that provides a higher data rate of up to 108 M...

Page 111: ...nt transmits unicast packets on the wireless interface The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Default 54 Mbps Preamble Length Sets the length of the signal preamble that is used at the start of a data transmission Default Long Short Sets the preamble to short 96 microseconds Using a short preamble can increase dat...

Page 112: ...E 802 11e QoS standard and it enables the access point to inter operate with both WMMenabled clients and other devices that may lack any WMM functionality Access Categories WMM defines four access categories ACs voice video best effort and background These categories correspond to traffic priority levels and are mapped to IEEE 802 1D priority tags The direct mapping of the four ACs to 802 1D prior...

Page 113: ...parameters AIFSN Arbitration Inter Frame Space Number a number used to calculate the minimum time between data frames CW Contention Window a number used to calculate a random backoff time After a collision detection a backoff wait time is calculated The total wait time is the sum of a minimum wait time Arbitration Inter Frame Space or AIFS determined from the AIFSN and a random backoff time calcul...

Page 114: ... scroll down to the WMM configuration settings Figure 49 WMM Configuration WMM Sets the WMM operational mode on the access point When enabled the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM enabled clients Default Support Disable WMM is disabled AIFS Random Backoff AIFS Random Backoff CWMin CWMax CWMin CWMax Time High Priority Low Pr...

Page 115: ... random value between zero and the CWMin value Specify the CWMin value in the range 0 15 microseconds Note that the CWMin value must be equal or less than the CWMax value logCWMax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium access can be attempted The contention window is doubled after each detected collision up to the CWMax value Specif...

Page 116: ...or each virtual access point VAP interface MAC address filtering and RADIUS server settings are global and apply to all VAP interfaces The security mechanisms that may be employed depend on the level of security required the network and management resources available and the software support provided on wireless clients A summary of wireless security considerations is listed in the following table...

Page 117: ...ver native support provided in Windows XP Provides the strongest security in WPA2 only mode Provides robust security in mixed mode for WPA and WPA2 clients Offers fast roaming for time sensitive client applications Requires configured RADIUS server 802 1X EAP type may require management of digital certificates for clients and server Clients may require hardware upgrade to be WPA2 compliant WPA2 PS...

Page 118: ...Local RADIUS or Disabled Yes Dynamic WEP and 802 1x WPA Authentication WPA Encryption Enable WPA Configuration Supported Cipher Suite WEP 802 1x Required Set 802 1x key refresh and re authentication rates Local or Disabled Yes Static and dynamic 802 1x WEP keys and 802 1x WPA Enter 1 to 4 WEP keys Select a WEP transmit key Authentication WPA Encryption Enable WPA Configuration Supported Cipher Sui...

Page 119: ...at the WEP shared keys are the same for each client in the wireless network 802 1x WPA WPA2 Mixed Mode Authentication WPA WPA2 mixed Encryption Enable WPA Configuration Required Cipher Suite TKIP 802 1x Required Set 802 1x key refresh and re authentication rates Local or Disabled Yes WPA WPA2 Mixed Mode Pre Shared Key Authentication WPA WPA2 PSK mixed Encryption Enable WPA Configuration Required C...

Page 120: ...t for other methods of encryption than WEP Figure 50 Authentication and Encryption Virtual AP Specifies the VAP on which to make changes Default 1 3Com1 Authentication Sets the access point to communicate as an open system that accepts network access attempts from any client or with clients using pre configured static shared keys Default Open System Open System If you don t set up any other securi...

Page 121: ...e shared Key PSK Requires that 802 1x authentication be disabled Key Type Select the preferred method of entering WEP encryption keys on the access point and enter up to four keys Hexadecimal Enter keys as 10 hexadecimal digits 0 9 and A F for 64 bit keys 26 hexadecimal digits for 128 bit keys or 32 hexadecimal digits for 152 bit keys 802 11a radio only This is the default setting Alphanumeric Ent...

Page 122: ...nts only All clients must support TKIP WEP clients only All clients must support WEP WEP Configuration Under open authentication it is still possible to configure WEP keys Key Size 64 Bit 128 Bit or 152 Bit key length Note that the same size of encryption key must be supported on all wireless clients Default None Key Type Select the preferred method of entering WEP encryption keys on the access po...

Page 123: ...ement The 802 1X client and RADIUS server should use an appropriate EAP type such as EAP TLS Transport Layer Security EAP TTLS Tunneled TLS or PEAP Protected EAP for strongest authentication Working together these protocols provide mutual authentication between a client the access point and a RADIUS server that prevents users from accidentally joining a rogue network Only when a RADIUS server has ...

Page 124: ...its beacon signal WPA compatible clients can likewise respond to indicate their WPA support This enables the access point to determine which clients are using WPA security and which are using legacy WEP The access point uses TKIP unicast data encryption keys for WPA clients and WEP unicast keys for WEP clients The global encryption key for multicast and broadcast traffic must be the same for all c...

Page 125: ...on that the access point names and holds in a cache Preauthentication Each time a client roams to another access point it has to be fully re authenticated This authentication process is time consuming and can disrupt applications running over the network WPA2 includes a mechanism known as pre authentication that allows clients to roam to a new access point and be quickly associated The first time ...

Page 126: ... as the settings for the wireless interface Figure 53 AP Status AP System Configuration The AP System Configuration table displays the basic system configuration settings System Up Time Length of time the management agent has been up MAC Address The physical layer address for the Ethernet port System Name Name assigned to this system System Country Code The country for which the device has been se...

Page 127: ...n tables display the radio and VAP interface settings listed below Note that Interface Wireless A refers to the 802 11a radio and Interface Wireless G refers the 802 11b g radio VAP Displays the VAP number Radio Status Displays if the radio is enabled or disabled for this VAP SSID The service set identifier for the VAP interface Radio Channel The radio channel through which the access point commun...

Page 128: ... key to stations before attempting authentication Associated Shows if the station has been successfully associated with the access point Once authentication is completed stations can associate with the current access point or reassociate with a new access point The association procedure allows the wireless system to track the location of each mobile client and ensure that frames destined for each ...

Page 129: ... of the signal detected from the neighboring device in a color representative graph If a signal with an RSSI value less than 20 displays the color graph illuminates red Over 20 illuminates yellow RSSI Value The RSSI figure for the detected device in percentage Operation Mode Indicates what radio mode the detected device is using Channel Indicates the channel number that the detected devise is usin...

Page 130: ...used or not RSSI Indicator Indicates the strength of the signal detected from the neighboring device in a color representative graph If a signal with an RSSI value less than 20 displays the color graph illuminates red Over 20 illuminates yellow RSSI Value The RSSI figure for the detected device in percentage Operation Mode Indicates what radio mode the detected device is using Channel Indicates th...

Page 131: ... on page 5 49 Event Message The content of the log message Error Messages An example of a logged error message is Station Failed to authenticate unsupported algorithm This message may be caused by any of the following conditions Access point was set to Open Authentication but a client sent an authentication request frame with a Shared key Access point was set to Shared Key Authentication but a cli...

Page 132: ...5 84 CHAPTER 5 SYSTEM CONFIGURATION ...

Page 133: ... To access the access point through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin and the default password is password When the user name is entered the CLI displays the AP prompt 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the exit command After connecting to the ...

Page 134: ... connected to another network outside your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to which you are attached After you configure the access point with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter th...

Page 135: ... example to set a password for the administrator enter AP config password newpassword Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaini...

Page 136: ...P information authentication Show Authentication parameters autoconfig Show automated update config setting autoupgrade Show automated update firmware setting bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp relay Show DHCP Relay Configuration event log Show event log on console filters Show filters hardware Show hardware version history Display the sessi...

Page 137: ...guration classes Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain functions These classes are further divided into different modes Available commands depend on the selected mode You can always enter a question mark at the prompt to display a list of the commands availabl...

Page 138: ...he command configure in Exec mode The system prompt will change to AP config which gives you access privilege to all Global Configuration commands To enter Interface mode you must enter the interface ethernet or interface wireless a or interface wireless g command while in Global Configuration mode The system prompt will change to AP if ethernet or AP if wireless indicating that you have access pr...

Page 139: ... system or quitting the CLI 6 8 System Management Controls user name password web browser management options and a variety of other system information 6 12 System Logging Configures system logging parameters 6 62 System Clock Configures SNTP and system clock settings 6 67 DHCP Relay Configures the access point to send DHCP requests from clients to specified servers 6 72 SNMP Configures community a...

Page 140: ... Wireless Security Configures radio interface security and encryption settings 6 159 Rogue AP Detection Configures settings for the detection of rogue access points in the network 6 159 Link Integrity Configures a link check to a host device on the wired network 6 174 IAPP Enables roaming between multi vendor access points 6 177 VLANs Configures VLAN membership 6 178 WMM Configures WMM quality of ...

Page 141: ...how to return to the Configuration mode from the Interface Configuration mode exit This command returns to the Exec mode or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Exec mode from the Interface Configuration mode and then quit the CLI session AP configure AP config AP if ethernet end AP config AP if ethernet exit AP exit ...

Page 142: ...twork can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway ...

Page 143: ...em Default Setting None Command Mode Exec Command Usage When the system is restarted it will always run the Power On Self Test Example This example shows how to reset the system show history This command shows the contents of the command history buffer Default Setting None Command Mode Exec Command Usage The history buffer size is fixed at 10 commands Use the up or down arrow keys to scroll throug...

Page 144: ...management options clock settings and a variety of other system information Table 11 System Management Commands AP show history con exit show history AP AP show line Console Line Information databits 8 parity none speed 9600 stop bits 1 AP Command Function Mode Page Country Setting country Sets the access point country code Exec 6 14 Device Designation prompt Customizes the command line prompt GC ...

Page 145: ...munication between client and server GC 6 27 autoconfig password Specifies a password for authentication between client and server GC 6 28 show autoconfig Displays the auto configuration parameters GC 6 29 Auto Upgrade autoupgrade client status Enables the unit to be auto update client and schedules the times at which it will perform a search GC 6 29 autoupgrade interval Specifies the frequency wi...

Page 146: ...s hardware version Exec 6 62 Country Code Country Code Country Code Country Code Albania AL Dominican Republic DO Kuwait KW Romania RO Algeria DZ Ecuador EC Latvia LV Russia RU Argentina AR Egypt EG Lebanon LB Saudi Arabia SA Armenia AM Estonia EE Liechtenstein LI Singapore SG Australia AU Finland FI Lithuania LT Slovak Republic SK Austria AT France FR Macao MO Spain ES Azerbaijan AZ Georgia GE Ma...

Page 147: ...haracters Bulgaria BG Indonesia ID Qatar QA United Arab Emirates AE Canada CA Iran IR Oman OM United Kingdom GB Chile CL Ireland IE Pakistan PK United States US China CN Israel IL Panama PA Uruguay UY Colombia CO Italy IT Peru PE Uzbekistan UZ Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ ...

Page 148: ...name name The name of this host Maximum length 32 characters Default Setting Enterprise Outdoor Wireless Bridge AP Command Mode Global Configuration Example username This command configures the user name for management access Syntax username name name The name of the user Length 3 16 characters case sensitive Default Setting admin AP config prompt RD2 RD2 config AP config system name AP AP config ...

Page 149: ...assword password no password password Password for management access Length 3 16 characters case sensitive Default Setting null Command Mode Global Configuration Example ip ssh server enable This command enables the Secure Shell server Use the no form to disable the server Syntax ip ssh server enable no ip ssh server Default Setting Disabled Command Mode Interface Configuration Ethernet AP config ...

Page 150: ...his command sets the Secure Shell server port Use the no form to disable the server Syntax ip ssh server port port number port number The UDP port used by the SSH server Range 1 65535 Default Setting 22 Command Mode Interface Configuration Ethernet Example ip telnet server enable This command enables the Telnet server Use the no form to disable the server Syntax ip telnet server enable no ip telne...

Page 151: ...p http port port number The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 6 19 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled AP if ethernet ip telnet serve...

Page 152: ...port used for HTTPS SSL Range 80 1024 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port To avoid using common reserved TCP port numbers below 1024 the configurable range is restricted to 443 and between 1024 and 65535 If you change the HTTPS port number clients attempting to connect to the HTTPS server mus...

Page 153: ...is in the URL https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connect...

Page 154: ...be configured on the access point See show bootfile on page 93 Use the show system command to display the current web redirect status Example APmgmtIP This command specifies the client IP addresses that are allowed management access to the access point through various protocols Syntax APmgmtIP multiple IP_address subnet_mask single IP_address any multiple Adds IP addresses within a specifiable ran...

Page 155: ...l accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This example restricts management access to the indicated addresses APmgmtUI This command enables and disable...

Page 156: ...rating as clients Syntax autoconfig server status disable enable disable Disables the feature enable Enables the feature Default Setting Disable Command Mode Global Configuration Example This example enables the unit to be an auto configuration server AP config apmgmtui SNMP enable AP config NOTE When the Bridge AP is configured as an autoconfig server the username and password required to access ...

Page 157: ...oots up and periodically The periodic parameter may be configured using the autoconfig interval command Default Setting Disabled Command Mode Global Configuration Example This example schedules a search for configuration file updates at each boot up and periodically as well as specifying the interval time of 72 hours autoconfig interval This command specifies the frequency with which the unit will...

Page 158: ...rch for a configuration file update Syntax autoconfig filename name name The name of the configuration file to update Length 1 32 characters case sensitive Default syscfg Default Setting Disabled Command Mode Global Configuration Example This example directs the access point to search for a configuration file by the name of 3ComConfig on the specified server s AP config autoconfig interval 168 AP ...

Page 159: ... 0 0 Command Mode Global Configuration Example This example specifies the IP addresses for two auto configuration servers autoconfig username This command specifies the username used for communication between client and server Syntax autoconfig username string string The username used to gain access to the server s specified as having configuration file updates Length 1 32 characters case sensitiv...

Page 160: ...nt and server Syntax autoconfig password string string The password used to gain access to the auto config server s Length 1 32 characters case sensitive Default Setting none Command Mode Global Configuration Example This example specifies the password string don t tell anyone AP config autoconfig username 3Com1 AP config NOTE The autoconfig password must be the same for all devices designated as ...

Page 161: ...figuration file updates and schedules the times at which the update requests are sent Syntax autoupgrade client status disable imediately startup startup periodic disable Disables the feature imediately Schedules an instantaineous search startup Schedules a search each time the unit boots up AP config show auto config Config Autoupdate Information Server Status Enable Client Status Startup and Per...

Page 162: ...iodically autoupgrade interval This command specifies the frequency with which the unit will search for firmware upgrades when the command autoupgrade client status startup periodic is used Syntax autoupgrade interval hours hours The period of time after which the unit will search for firmware upgrades Length 1 8760 hours Default Setting 24 hours Command Mode Global Configuration Example This exam...

Page 163: ...de IP This command specifies the servers on which to search for firmware upgrades Syntax autoupgrade IP 1 2 3 4 IP_address 1 4 The server on which to search for updates up to a maximum of 4 IP_address Specifies the IP address of the auto upgrade server in the form xx xx xx xx Using 0 0 0 0 disables communication NOTE Firmware files used with this feature must be in the following format A73_xx_yy_z...

Page 164: ...tax autoupgrade password string string The password used to gain access to the server s specified as having firmware updates Length 1 32 characters case sensitive Default Setting none Command Mode Global Configuration Example This example specifies the password string keep it a secret AP config autoupgrade IP 2 192 168 1 1 AP config NOTE The autoupgrade password must be the same for all devices de...

Page 165: ...le updates Length 1 32 characters case sensitive Default Setting Disable Command Mode Global Configuration Example This example permits the server to act as a source for updated configuration files show autoupgrade This command displays the auto upgrade settings Syntax show autoconfig Default Setting Disable Command Mode Global Configuration NOTE The autoupgrade username must be the same for all d...

Page 166: ...interface protocols which are open to management access Command Mode Exec Example AP config show autoupgrade Firmware Autoupgrade Information Client Status Enabled Polling Interval 24 hours Server 1 IP 169 254 10 0 Server 2 IP 169 254 20 0 Server 3 IP 0 0 0 0 Server 4 IP 0 0 0 0 Login Username Login Password Firmware Directory d AP config AP show apmanagement Management AP Information AP Managemen...

Page 167: ...cation System Contact System Country Code US UNITED STATES MAC Address 00 30 F1 F0 9A 9C IP Address 192 254 2 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 HTTPS Server ENABLED HTTPS Server Port 443 Slot Status Dual band a g Boot Rom Version v3 0 3 Software Version v4 3 ...

Page 168: ... 2 14tmp4_sh Date Nov 16 2007 19 45 24 BootRom Version v1 2 3 Hardware Version R01 AP AP show config Management AP Information AP Management IP Mode Any IP Telnet UI Enable WEB UI Enable SNMP UI Enable Press n next p previous a abort y continue to end Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x DISABLED 802 1x supplicant DISABLED 802 1x...

Page 169: ...able MAC Port Fwd Type VlanID Origin Life Remain Life Type 01 80 c2 00 00 00 255 5 0 300 300 Static 01 80 c2 00 00 03 255 5 0 300 300 Static 00 18 6e 09 4f 3a 1 0 1 300 300 Static 00 18 6e 09 4f 3b 2 0 0 300 300 Static 00 18 6e 09 4f 3c 6 0 0 300 300 Static 00 18 6e 09 4f 3d 3 0 0 300 300 Static 00 18 6e 09 4f 3e 7 0 0 300 300 Static 00 18 6e 09 4f 3f 4 0 0 300 300 Static 00 18 6e 09 4f 40 8 0 0 3...

Page 170: ... Stations Bridge Port Link Information Wireless A 1 Port No 10 status Enabled state Forwarding priority 128 path cost 19 message age Timer Inactive message age 0 designated root priority 0 MAC 00 00 00 00 00 00 designated cost 0 designated bridge priority 0 MAC 00 00 00 00 00 00 designated port priority 0 port No 0 forward transitions 0 Bridge Port Link Information Wireless A 2 Port No 11 status E...

Page 171: ...less A 4 Port No 13 status Enabled state Forwarding priority 128 path cost 19 message age Timer Inactive message age 0 designated root priority 0 MAC 00 00 00 00 00 00 designated cost 0 designated bridge priority 0 MAC 00 00 00 00 00 00 designated port priority 0 port No 0 forward transitions 0 Bridge Port Link Information Wireless A 5 Port No 14 status Enabled state Forwarding priority 128 path c...

Page 172: ...s Bridge Port Link Information Wireless G 1 Port No 16 status Enabled state Forwarding priority 128 path cost 19 message age Timer Inactive message age 0 designated root priority 0 MAC 00 00 00 00 00 00 designated cost 0 designated bridge priority 0 MAC 00 00 00 00 00 00 designated port priority 0 port No 0 forward transitions 0 Bridge Port Link Information Wireless G 2 Port No 17 status Enabled s...

Page 173: ...rt No 19 status Enabled state Forwarding priority 128 path cost 19 message age Timer Inactive message age 0 designated root priority 0 MAC 00 00 00 00 00 00 designated cost 0 designated bridge priority 0 MAC 00 00 00 00 00 00 designated port priority 0 port No 0 forward transitions 0 Bridge Port Link Information Wireless G 5 Port No 20 status Enabled state Forwarding priority 128 path cost 19 mess...

Page 174: ...t no 0 Hold Time 1 Seconds Hello Time 2 Seconds Maximum Age 20 Seconds Forward Delay 15 Seconds bridge Hello Time 2 Seconds bridge Maximum Age 20 Seconds bridge Forward Delay 15 Seconds time since top change 87052 Seconds topology change count 0 DHCP Relay Information DHCP Relay DISABLED Primary DHCP Server 0 0 0 0 Secondary DHCP Server 0 0 0 0 Event Logs Information Jan 02 00 02 09 Alert 802 11a ...

Page 175: ...iption updated to Enterprise 802 11a Access Point Jan 01 20 04 54 Information 802 11a Description updated to Enterprise 802 11a Access Point Jan 01 20 00 42 Information 802 11a Antenna ID updated to 100 Jan 01 20 00 41 Information 802 11a Description updated to Enterprise 802 11a Access Point Jan 01 20 00 41 Information 802 11a Description updated to Enterprise 802 11a Access Point Jan 01 20 00 41...

Page 176: ...Alert 802 11a Invalid AP detected BSSID 02 20 d8 03 82 43 SSID test111 Channel 48 5240 MHz RSSI 16 Type ESS Privacy 1 RSN 0 Jan 01 12 02 10 Alert 802 11a Invalid AP detected BSSID 00 12 cf 12 cf 33 SSID ECVAP0 Channel 40 5200 MHz RSSI 23 Type ESS Privacy 1 RSN 0 Jan 01 00 02 27 Information Auto configuration client Did not successfully obtain an auto configuration file using existing configuration...

Page 177: ...s 169 254 2 1 Subnet Mask 255 255 0 0 Default Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 Admin status Up Operational status Up Wireless Interface Information Identification Description Enterprise 802 11a Access Point SSID 3Com1 Turbo Mode DISABLED Channel 44 AUTO Status ENABLED MAC Address 00 18 6e 09 4f 3b 802 11 Parameters Transmit Power FULL 13 dBm Max Station Data Rate 54Mbps Mu...

Page 178: ...SABLED WMM Acknowledge Policy AC0 Best Effort Acknowledge AC1 Background Acknowledge AC2 Video Acknowledge AC3 Voice Acknowledge WMM BSS Parameters AC0 Best Effort logCwMin 4 logCwMax 10 AIFSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008...

Page 179: ...s Association Timeout Interval 30 Mins DTIM Interval 1 beacon Maximum Association 64 stations MIC Mode Software Super A Disabled VLAN ID 1 Antenna Antenna ID 3CWE591 3Com 6 8dBi Dual Band Omni Antenna External Quality of Service WMM Mode DISABLED WMM Acknowledge Policy AC0 Best Effort Acknowledge AC1 Background Acknowledge AC2 Video Acknowledge AC3 Voice Acknowledge WMM BSS Parameters AC0 Best Eff...

Page 180: ...UTO Status ENABLED MAC Address 00 18 6e 09 4f 3f 802 11 Parameters Transmit Power FULL 13 dBm Max Station Data Rate 54Mbps Multicast Data Rate 6Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Maximum Association 64 stations MIC Mode Software Super A Disabled ...

Page 181: ... 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFS...

Page 182: ...TY PMKSA Lifetime 720 minutes Encryption DISABLED Default Transmit Key 1 Common Static Keys Key 1 EMPTY Key 2 EMPTY Key 3 EMPTY Key 4 EMPTY Pre Authentication DISABLED Authentication Type OPEN Antenna Antenna ID 3CWE591 3Com 6 8dBi Dual Band Omni Antenna External Quality of Service WMM Mode DISABLED WMM Acknowledge Policy AC0 Best Effort Acknowledge AC1 Background Acknowledge AC2 Video Acknowledge...

Page 183: ...atus DISABLED MAC Address 00 18 6e 09 4f 3e 802 11 Parameters Radio Mode b g mixed mode Protection Method CTS only Transmit Power FULL 13 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length L...

Page 184: ...ax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit ...

Page 185: ... WPA Key Mgmt Mode PRE SHARED KEY WPA PSK Key Type PASSPHRASE WPA PSK Key EMPTY PMKSA Lifetime 720 minutes Encryption DISABLED Default Transmit Key 1 Common Static Keys Key 1 EMPTY Key 2 EMPTY Key 3 EMPTY Key 4 EMPTY Pre Authentication DISABLED Authentication Type OPEN Antenna Antenna Control method Diversity Antenna ID 3CWE591 3Com 6 8dBi Dual Band Omni Antenna Quality of Service WMM Mode DISABLE...

Page 186: ...ption Enterprise 802 11g Access Point SSID 3Com8 Turbo Mode DISABLED Channel 1 AUTO Status DISABLED MAC Address 00 18 6e 09 4f 42 802 11 Parameters Radio Mode b g mixed mode Protection Method CTS only Transmit Power FULL 13 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval...

Page 187: ... Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008 ms Admission Control No WPA Key Mgmt Mode PRE SHARED KEY WPA PSK Key Type PASSPHRASE WPA PSK Key EMPTY PMKSA Lifetime 720 minutes Encryption DISABLED Default Transmit Key 1 Common Static Keys K...

Page 188: ...Max 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admission Control No TXOP Limit 1 504 ms Console Line Information databits 8 parity none speed 9600 stop bits 1 Link Integrity Information Ethernet Detect Disabled Ping Detect Disabled Target IP Name 0 0 0 0 Ping Fail Retry...

Page 189: ...ius MAC format no delimiter Radius VLAN format ASCII Radius Secondary Server Information Status Disabled IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format ASCII Radius Accounting Server Information Status Disabled IP 0 0 0 0 Accounting Port 1813 Key Retransmit 3 Timeout 5 InterimUpdate 3600 Accounting Log Options RADIUS Authenticated Client Only Acco...

Page 190: ...02 11g Channel Rogue AP Setting Rogue AP Detection Enabled Rogue AP Authentication Enabled Rogue AP Scan Interval 720 minutes Rogue AP Scan Duration 1000 milliseconds 802 11g Channel Rogue AP Status AP Address BSSID SSID Channel MHz RSSI Type Privacy RSN 00 0b ac e6 1b 07 genie 11 2462 MHz 6 ESS 1 0 00 12 cf 12 cf 37 SkyG0 13 2472 MHz 6 ESS 0 0 00 18 84 a0 6b 6d FON_BigGuy 6 2437 MHz 7 ESS 0 0 00 ...

Page 191: ...AFail Enabled dot11InterfaceBGFail Enabled dot1XMacAddrAuthSuccess Enabled dot1XMacAddrAuthFail Enabled dot1XAuthNotInitiated Enabled dot1XAuthSuccess Enabled dot1XAuthFail Enabled localMacAddrAuthSuccess Enabled localMacAddrAuthFail Enabled iappStationRoamedFrom Enabled iappStationRoamedTo Enabled iappContextDataSent Enabled dot1XSuppAuthenticated Enabled wirelessExternalAntenna Enabled sntpServe...

Page 192: ...802 11a Channel Stations if wireless A VAP 1 802 11a Channel 44 No 802 11a Channel Stations if wireless A VAP 2 802 11a Channel 44 No 802 11a Channel Stations if wireless A VAP 3 802 11a Channel 44 No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel 1 No 802 11g Channel Stations if wireless G VAP 1 802 11g Channel 1 No 802 11g Channel Stations if wireless G VAP 2 802 11g Channel 1 No 8...

Page 193: ...9 4F 3C IP Address 169 254 2 1 Subnet Mask 255 255 0 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 HTTP Session Timeout 600 sec s HTTPS Server ENABLED HTTPS Server Port 443 Slot Status Dual band a g Boot Rom Version v1 2 3 Software Version v2 2 14tmp4_sh SSH Server ENABLED SSH Server Port 22 Teln...

Page 194: ...ration AP show hardware Hardware Version Information Hardware version R01 AP Command Function Mode Page logging on Controls logging of error messages GC 6 62 logging host Adds a syslog server host IP address that will receive logging messages GC 6 63 logging console Initiates logging of error messages to the console GC 6 64 logging level Defines the minimum severity level for event logging GC 6 64...

Page 195: ...se the no form to remove syslog server host Syntax logging host 1 2 3 4 host_name host_ip_address udp_port no logging host 1 2 3 4 1 First syslog server 2 Second syslog server 3 Third syslog server 4 Fourth syslog server host_name The name of a syslog server Range 1 20 characters host_ip_address The IP address of a syslog server udp_port The UDP port used by the syslog server Default Setting None ...

Page 196: ...onsole Syntax no logging console Default Setting Disabled Command Mode Global Configuration Example logging level This command sets the minimum severity level for event logging Syntax logging level Emergency Alert Critical Error Warning Notice Informational Debug Default Setting Informational Command Mode Global Configuration AP config logging console AP config ...

Page 197: ...type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the access point However it may be used by the syslog server to sort messages or to store messages in the corresponding database Level Argument Description Emergency System unusable Alert Immediate action needed Critical Critical conditions e g memory allocation or free memory error resource e...

Page 198: ...gging configuration Syntax show logging Command Mode Exec Example AP config logging facility 19 AP config AP config logging clear AP config AP show logging Logging Information Syslog State Enabled Logging Console State Enabled Logging Level Alert Logging Facility Type 16 Servers 1 192 254 2 19 UDP Port 514 State Enabled 2 0 0 0 0 UDP Port 514 State Disabled 3 0 0 0 0 UDP Port 514 State Disabled 4 ...

Page 199: ...ion SSH task Set SSH server port to 22 Mar 09 11 55 52 Information SSH task Enable SSH server Mar 09 11 55 52 Information Enable Telnet Mar 09 11 55 40 Information 802 11a 11a Radio Interface Disabled Mar 09 11 55 40 Information 802 11a Transmit Power set to QUARTER Press n next p previous a abort y continue to end AP configure Enter configuration commands one per line End with CTRL Z AP config lo...

Page 200: ... Command Usage When SNTP client mode is enabled using the sntp server enable command the sntp server ip command specifies the time servers from which the access point polls for time updates The access point will poll the time servers in the order specified until a response is received Example Related Commands sntp server enable 6 68 show sntp 6 71 sntp server enable This command enables SNTP clien...

Page 201: ...last bootup i e 00 14 00 January 1 1970 Example Related Commands sntp server ip 6 68 show sntp 6 71 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Command Mode Global Configuration Example This example sets the system clock to 17 37 June 19 2003 Related Commands sntp server enable 6 68 AP config sntp server enable AP config AP sntp server date time...

Page 202: ...g the specified period Example This sets daylight savings time to be used from July 1st to September 1st sntp server timezone This command sets the time zone for the access point s internal clock Syntax sntp server timezone hours hours Number of hours before after UTC Range 12 to 12 hours Default Setting 5 BOGOTA EASTERN INDIANA Command Mode Global Configuration AP config sntp server daylight savi...

Page 203: ...t indicate the number of hours and minutes your time zone is east before or west after of UTC Example show sntp This command displays the current time and configuration settings for the SNTP client Command Mode Exec Example AP config sntp server timezone 8 AP config AP show sntp SNTP Information Service State Enabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 08 04 ...

Page 204: ...elay enable This command enables the access point s DHCP relay agent Use the no form to disable the agent Syntax no dhcp relay enable Default Setting Disabled Command Mode Global Configuration Command Usage For the DHCP relay agent to function the primary DHCP server must be configured using the dhcp relay primary command A secondary DHCP server does not need to be configured but it is recommended...

Page 205: ...ry The secondary DHCP server ip_address IP address of the server Default Setting Primary and secondary 0 0 0 0 Command Mode Global Configuration Example show dhcp relay This command displays the current DHCP relay configuration Command Mode Exec Example AP config dhcp relay primary 192 254 2 10 AP config AP show dhcp relay DHCP Relay ENABLED Primary DHCP Server 192 254 2 10 Secondary DHCP Server 0...

Page 206: ...MP notifications GC 6 78 snmp server engine id Sets the engine ID for SNMP v3 GC 6 80 snmp server user Sets the name of the SNMP v3 user GC 6 81 snmp server targets Configures SNMP v3 notification targets GC 6 82 snmp server filter Configures SNMP v3 notification filters GC 6 83 snmp server filter assignments Assigns SNMP v3 notification filters to targets GC 6 84 show snmp groups Displays the pre...

Page 207: ...ss Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw o...

Page 208: ...m location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 6 75 AP config snmp server contact Paul AP config AP config snmp server location WC 19 AP config ...

Page 209: ...thentication failure notifications and link up down notifications The snmp server host command specifies the host device that will receive SNMP notifications Example Related Commands snmp server host 6 77 snmp server host This command specifies the recipient of an SNMP notification Use the no form to remove the specified host Syntax snmp server host 1 2 3 4 host_ip_address host_name community stri...

Page 210: ...server command to enable SNMP notifications Example Related Commands snmp server enable server 6 77 snmp server trap This command enables the access point to send specific SNMP traps i e notifications Use the no form to disable specific trap messages Syntax snmp server trap trap no snmp server trap trap trap One of the following SNMP trap messages dot11InterfaceAFail The 802 11a or 802 11g interfa...

Page 211: ... point identified by its IP address iappStationRoamedTo A client station has roamed to another access point identified by its IP address localMacAddrAuthFail A client station has failed authentication with the local MAC address database on the access point localMacAddrAuthSuccess A client station has successfully authenticated its MAC address with the local database on the access point pppLogonFai...

Page 212: ... server engine id engine id no snmp server engine id engine id Enter engine id in hexadecimal 5 32 characters Default Setting Enabled Command Mode Global Configuration Command Usage This command is used in conjunction with the snmp server user command Entering this command invalidates all engine IDs that have been previously configured If the engineID is deleted or changed all SNMP users will be c...

Page 213: ... three pre defined groups Other groups cannot be defined The available groups are RO A read only group using no authentication and no data encryption Users in this group use no security either authentication or encryption in SNMP messages they send to the agent This is the same as SNMP v1 or SNMP v2c RWAuth A read write group using authentication but no data encryption Users in this group send SNM...

Page 214: ...to access the database An AuthPriv user must be assigned to the RWPriv group with the AuthPriv security level To configure a user for the RWAuth group you must include the auth proto and auth passphrase keywords To configure a user for the RWPriv group you must include the auth proto auth passphrase priv proto and priv passphrase keywords Example snmp server targets This command configures SNMP v3...

Page 215: ...that is specified in the target must first be configured using the snmp server user command Example snmp server filter This command configures SNMP v3 notification filters Use the no form to delete an SNMP v3 filter or remove a subtree from a filter Syntax snmp server filter filter id include exclude subtree mask mask no snmp server filter filter id subtree filter id A user defined name that ident...

Page 216: ...ld card For example a mask value of 0xFFBF provides a bit mask 1111 1111 1011 1111 If applied to the subtree 1 3 6 1 2 1 2 2 1 1 23 the zero corresponds to the 10th subtree ID When there are more subtree IDs than bits in the mask the mask is padded with ones Example snmp server filter assignments This command assigns SNMP v3 notification filters to targets Use the no form to remove an SNMP v3 filt...

Page 217: ...erver filter assignments mytraps trapfilter AP config exit AP show snmp target Host ID mytraps User chris IP Address 192 254 2 33 UDP Port 162 AP show snmp filter assignments HostID FilterID mytraps trapfilter AP config AP show snmp groups GroupName RO SecurityModel USM SecurityLevel NoAuthNoPriv GroupName RWAuth SecurityModel USM SecurityLevel AuthNoPriv GroupName RWPriv SecurityModel USM Securit...

Page 218: ...nd Mode Exec Example show snmp group assignments This command displays the SNMP v3 user group assignments Syntax show snmp group assignments Command Mode Exec Example AP show snmp users UserName chris GroupName RWPriv AuthType MD5 Passphrase PrivType DES Passphrase AP AP show snmp group assignments GroupName RWPriv UserName chris AP AP ...

Page 219: ...MP v3 notification filter settings Syntax show snmp filter filter id filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Command Mode Exec Example AP show snmp target Host ID mytraps User chris IP Address 192 254 2 33 UDP Port 162 AP AP show snmp filter Filter trapfilter Type include Subtree iso 3 6 1 2 1 2 2 1 Type exclude Subtree iso 3 6 1 2 ...

Page 220: ...ERFACE show snmp filter assignments This command displays the SNMP v3 notification filter assignments Syntax show snmp filter assignments Command Mode Exec Example AP show snmp filter assignments HostID FilterID mytraps trapfilter AP ...

Page 221: ...nity State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess Enabled iappContextDataSent Enabled iappStationRoamedFrom En...

Page 222: ...file name should not be a period and the maximum length for file names is 32 characters Valid characters A Z a z 0 9 _ If the file contains an error it cannot be set as the default file Example Command Function Mode Page bootfile Specifies the file or image used to start up the system GC 6 90 copy Copies a code image or configuration between flash memory and a FTP TFTP server Exec 6 91 delete Dele...

Page 223: ...config Keyword that allows you to upload the configuration file from flash memory Default Setting None Command Mode Exec Command Usage The system prompts for data required to complete the copy command Only a configuration file can be uploaded to an FTP TFTP server but every type of file can be downloaded to the access point The destination file name should not contain slashes or the leading letter...

Page 224: ... tftp file 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 2 TFTP Source file name syscfg TFTP Server IP 192 254 2 19 AP NOTE Beware of deleting application images from flash memory At least one application image is required in order to boot the access point If there are multiple image files in flash memory and the one used to boot the access point is delet...

Page 225: ... bootfile This command displays the name of the current operation code file that booted the system Syntax show snmp filter assignments Command Mode Exec Column Heading Description File Name The name of the file Type 2 Operation Code and 5 Configuration file File Size The length of the file in bytes AP dir File Name Type File Size dflt img bin 2 1044140 syscfg 5 16860 syscfg_bak 5 16860 zz img bin ...

Page 226: ...secondary Secondary server host_ip_address IP address of server host_name Host name of server Range 1 20 characters AP show bootfile Bootfile Information Bootfile ec img bin AP Command Function Mode Page radius server address Specifies the RADIUS server GC 6 94 radius server port Sets the RADIUS server network port GC 6 95 radius server key Sets the RADIUS encryption key GC 6 95 radius server retr...

Page 227: ...entication messages Range 1024 65535 Default Setting 1812 Command Mode Global Configuration Example radius server key This command sets the RADIUS encryption key Syntax radius server secondary key key_string secondary Secondary server key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting DEFAULT AP ...

Page 228: ...US server Range 1 30 Default Setting 3 Command Mode Global Configuration Example radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Syntax radius server secondary timeout number_of_seconds secondary Secondary server number_of_seconds Number of seconds the access point waits for a reply before resending a request Range 1 60 Default...

Page 229: ...x xx xx xx xx no delimiter Enter MAC addresses in the form xxxxxxxxxxxx single dash Enter MAC addresses in the form xxxxxx xxxxxx Default Setting No delimiter Command Mode Global Configuration Example radius server vlan format This command sets the format for specifying VLAN IDs on the RADIUS server Syntax radius server vlan format hex ascii hex Enter VLAN IDs as a hexadecimal number ascii Enter V...

Page 230: ... Mode Exec Example AP config radius server vlan format ascii AP config AP show radius Radius Server Information Status Disabled IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format ASCII Radius Secondary Server Information Status Disabled IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format ASCII ...

Page 231: ... Accounting Server State DOWN Radius Accounting Secondary Server Information Status Disabled IP 0 0 0 0 Accounting Port 1813 Key Retransmit 3 Timeout 5 InterimUpdate 3600 Accounting Log Options RADIUS Authenticated Client Only Accounting Server State DOWN AP Command Function Mode Page radius accounting enable Enables RADIUS Accounting GC 6 100 radius accounting address Specifies the network locati...

Page 232: ...s accounting address This command sets the primary and secondary RADIUS Accounting server hostname or IP address Syntax radius accounting secondary address address secondary Additional parameter used to specify a secondary RADIUS Accounting server address IP address or url of the RADIUS Accounting server radius accounting timeout Sets the interval in between sending RADIUS Accounting authenticatio...

Page 233: ...here is a fault with the primary server Example radius accounting key This command sets the RADIUS Accounting encryption key Syntax radius accounting secondary key key_string secondary Secondary server key_string Encryption key used to authenticate accounting logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting DEFAULT Example AP config radius ...

Page 234: ...us client only Sends accounting data for RADIUS authenticated clients only Default Setting none Example radius accounting port This command sets the RADIUS Accounting server network port Syntax radius accounting secondary port port_number secondary Secondary server port_number RADIUS server UDP port used for authentication messages Range 1024 65535 Default Setting 1813 Command Mode Global Configur...

Page 235: ...l Configuration Example radius accounting timeout This command sets the interval between transmitting accounting requests to the RADIUS Accounting server Syntax radius accounting secondary timeout number_of_seconds secondary Secondary server number_of_seconds Number of seconds the access point waits for a reply before resending a request Range 1 60 Default Setting 5 Command Mode Global Configurati...

Page 236: ... access to the network by requiring an 802 1X client application to submit user credentials for authentication Client authentication is then verified by a RADIUS server using EAP Extensible Authentication Protocol before the access point grants client access to the network The 802 1X EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients Table ...

Page 237: ...ork When 802 1X is supported the access point supports 802 1X authentication only for clients initiating the 802 1X authentication process i e the access point does NOT initiate 802 1X authentication For stations initiating 802 1X only those stations successfully authenticated are allowed to access the network For those stations not initiating 802 1X access to the network is allowed after successf...

Page 238: ...rate The interval at which the access point rotates broadcast keys Range 0 1440 minutes Default Setting 0 Disabled Command Mode Global Configuration Command Usage The access point uses AP OL Extensible Authentication Protocol Over LANs packets to pass dynamic unicast session and broadcast keys to wireless clients The 802 1x broadcast key refresh rate command specifies the interval after which the ...

Page 239: ...iguration Command Usage Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point Example 802 1x session timeout This command sets the time period after which a connected client must be re authenticated Use the no form to disable 802 1X re authentication Syntax 802 1x session timeout seconds ...

Page 240: ...nt feature can be enabled Example 802 1x supplicant user This command sets the user name and password used for authentication of the access point when operating as a 802 1X supplicant Use the no form to clear the supplicant user name and password Syntax 802 1x supplicant user username password no 802 1x supplicant user username The access point name used for authentication to the network Range 1 3...

Page 241: ...filter table Command Mode Exec Example AP config 802 1x supplicant user AP8760 dot1xpass AP config AP show authentication Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter ...

Page 242: ...resses entered as denied in the address filtering table are denied denied Only MAC addresses entered as allowed in the address filtering table are allowed Default allowed Command Mode Global Configuration Command Function Mode Page address filter default Sets filtering to allow or deny listed addresses GC 6 110 address filter entry Enters a MAC address in the filter table GC 6 111 address filter d...

Page 243: ...phens e g 00 90 D1 12 AB 89 allowed Entry is allowed access denied Entry is denied access Default None Command Mode Global Configuration Command Mode The access point supports up to 1024 MAC addresses An entry in the address table may be allowed or denied access depending on the global setting configured for the address entry default command Example Related Commands address filter default 6 110 80...

Page 244: ...er This command sets address filtering to be performed with local or remote options Use the no form to disable MAC address authentication Syntax mac authentication server local remote local Authenticate the MAC address of wireless clients with the local authentication database during 802 11 association remote Authenticate the MAC address of wireless clients with the RADIUS server during 802 1X aut...

Page 245: ...section are used to filter communications between wireless clients control access to the management interface from wireless clients and filter traffic using specific Ethernet protocol types Table 22 Filtering Commands AP config mac authentication session timeout 1 AP config Command Function Mode Page filter local bridge Disables communication between wireless clients GC 6 114 filter ap manage Prev...

Page 246: ...ssociated with a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Default Disabled Command Mode Global Configuration Command Usage This command can disable wireless to wireless communications between clients via the access point However it does not affect communications between wireless clients a...

Page 247: ... This command enables filtering of MAC addresses from the Ethernet port Syntax no filter uplink enable Default Disabled Command Mode Global Configuration Example filter uplink This command adds or deletes MAC addresses from the uplink filtering table Syntax filter uplink add delete MAC address MAC address Specifies a MAC address in the form xx xx xx xx xx xx A maximum of eight addresses can be add...

Page 248: ...e the no form to disable this feature Syntax no filter ethernet type enable Default Disabled Command Mode Global Configuration Command Usage This command is used in conjunction with the filter ethernet type protocol command to determine which Ethernet protocol types are to be filtered Example Related Commands filter ethernet type protocol 6 117 AP config filter uplink add 00 12 34 56 78 9a AP conf...

Page 249: ...lk Appletalk ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test IP IPv6 NetBEUI PPPoE_Discovery PPPoE_PPP_Session Default None Command Mode Global Configuration Command Usage Use the filter ethernet type enable command to enable filtering for Ethernet types specified in the filtering table or the no filter ethernet type enable command to disable all filtering based on ...

Page 250: ... IC W 6 119 bridge role Selects the bridge operation mode for a radio interface IC W 6 119 bridge channel auto sync Automatically finds the parent bridge operating channel IC W 6 120 CAUTION Do not enable Channel Auto Sync on a master bridge if there is no root bridge acting as the master bridge s parent bridge link parent Configures the MAC addresses of the parent bridge node IC W 6 120 bridge li...

Page 251: ...oint for wireless clients repeater Operates as a wireless repeater extending the range for remote wireless clients and connecting them to the root bridge The Parent link to the root bridge must be configured In this mode traffic is not forwarded to the Ethernet port from the radio interface bridge Operates as a bridge to other access points also in bridge mode root bridge Operates as the root brid...

Page 252: ...Bridge or Root Bridge mode VAP interfaces 2 to 4 are not available for use In Repeater mode VAP interfaces 2 to 4 can still be used to provide an access point service Example bridge channel auto sync This command allows a child bridge to automatically find the operating channel of its parent bridge Syntax bridge channel auto sync enable disable enable The bridge will automatically search and find ...

Page 253: ...MAC address of the parent bridge that is linked to the root bridge or the root bridge itself Example bridge link child This command configures the MAC addresses of child bridge nodes Syntax bridge link child index mac address index The link index number of the child node Range 1 6 mac address The wireless MAC address of a child bridge unit 12 hexadecimal digits in the form xx xx xx xx xx xx Defaul...

Page 254: ...10000 seconds Default Setting 300 seconds Command Mode Global Configuration Command Usage If the MAC address of an entry in the address table is not seen on the associated interface for longer than the aging time the entry is discarded Example show bridge aging time This command displays the current WDS forwarding table aging time setting Command Mode Exec Example AP if wireless a bridge link chil...

Page 255: ...2 00 00 00 0 5 4095 300 300 Static 01 80 c2 00 00 03 0 5 4095 300 300 Static 00 30 f1 f0 9b 20 1 0 1 300 300 Static 00 30 f1 f0 9b 21 1 0 1 300 300 Static 00 30 f1 f0 9b 22 1 0 1 300 300 Static 00 30 f1 f0 9b 23 1 0 1 300 300 Static 00 30 f1 f0 9b 24 1 0 1 300 300 Static 00 30 f1 f0 9b 25 1 0 1 300 300 Static 00 30 f1 f0 9b 26 1 0 1 300 300 Static 00 30 f1 f0 9b 27 1 0 1 300 300 Static 00 30 f1 2f...

Page 256: ...ireless Specifies a wireless interface a The 802 11a radio interface g The 802 11g radio interface index The index number of a bridge link Range 1 6 Command Mode Exec Example AP show bridge link wireless a Interface Wireless A WDS Information AP Role Bridge Parent 00 12 34 56 78 9a Child Child 2 00 08 12 34 56 de Child 3 00 00 00 00 00 00 Child 4 00 00 00 00 00 00 Child 5 00 00 00 00 00 00 Child 6...

Page 257: ... Forwarding priority 0 path cost 19 message age Timer Inactive message age 4346 designated root priority 32768 MAC 00 30 F1 F0 9A 9C designated cost 0 designated bridge priority 32768 MAC 00 30 F1 F0 9A 9C designated port priority 0 port No 1 forward transitions 1 AP Command Function Mode Page bridge stp enable Enables the Spanning Tree feature GC 6 126 bridge stp forwarding delay Configures the s...

Page 258: ...gure the spanning tree bridge forward time globally for the wireless bridge Use the no form to restore the default Syntax bridge stp forwarding delay seconds no bridge stp forwarding delay seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 Default Setting 15 seconds Command Mode Global Configuration show bridge stp Displays the global spanning tree setti...

Page 259: ...erwise temporary data loops might result Example bridge stp hello time Use this command to configure the spanning tree bridge hello time globally for the wireless bridge Use the no form to restore the default Syntax bridge stp hello time time no bridge stp hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Command Mode G...

Page 260: ... a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ...

Page 261: ... specified port Syntax bridge link path cost index cost index Specifies the bridge link number on the wireless bridge Range 1 6 required on wireless interface only cost The path cost for the port Range 1 65535 Default Setting 19 Command Mode Interface Configuration Command Usage This command is used by the Spanning Tree Protocol to determine the best path between devices Therefore lower values sho...

Page 262: ...priority for the use of a port in the Spanning Tree Protocol If the path cost for all ports on a wireless bridge are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands bridge link path cost...

Page 263: ...ridge Maximum Age 20 Seconds bridge Forward Delay 15 Seconds time since top change 89185 Seconds topology change count 0 AP Command Function Mode Page interface ethernet Enters Ethernet interface configuration mode GC 6 132 dns primary server Specifies the primary name server IC E 6 132 dns secondary server Specifies the secondary name server IC E 6 132 ip address Sets the IP address for the Ether...

Page 264: ...lution Syntax dns primary server server address dns secondary server server address primary server Primary server used for name resolution secondary server Secondary server used for name resolution server address IP address of domain name server Default Setting None Command Mode Global Configuration Command Usage The primary and secondary name servers are queried in sequence Example This example s...

Page 265: ...CP is enabled by default To manually configure a new IP address you must first disable the DHCP client with the no ip dhcp command You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets You can manually configure a specific IP address using this command or direct the device to obtain an address from a DHCP serve...

Page 266: ...c IP address using the ip address command or direct the device to obtain an address from a DHCP server using this command When you use this command the access point will begin broadcasting DHCP client requests The current IP address i e default or manually configured address will continue to be effective until a DHCP reply is received Requests will be broadcast periodically by this device in an ef...

Page 267: ...F Forces 100 Mbps full duplex operation Default Setting Auto negotiation is enabled by default Command Mode Interface Configuration Ethernet Command Usage If autonegotiation is disabled the speed and duplex mode must be configured to match the setting of the attached device Example The following example configures the Ethernet port to 100 Mbps full duplex operation shutdown This command disables t...

Page 268: ...e disables the Ethernet port show interface ethernet This command displays the status for the Ethernet interface Syntax show interface ethernet Default Setting Ethernet interface Command Mode Exec Example AP if ethernet shutdown AP if ethernet AP show interface ethernet Ethernet Interface Information IP Address 192 254 2 1 Subnet Mask 255 255 255 0 Default Gateway 192 254 2 253 Primary DNS 192 254...

Page 269: ... the 802 11g radio IC W b g 6 143 preamble Sets the length of the 802 11g signal preamble IC W b g 6 144 antenna control Selects the antenna control method to use for the radio IC W 6 144 antenna id Selects the antenna ID to use for the radio IC W 6 145 antenna location Selects the location of the antenna IC W 6 146 beacon interval Configures the rate at which beacon signals are transmitted from t...

Page 270: ...n Configures the maximum number of clients that can be associated with the access point at the same time IC W VAP 6 152 assoc timeout interval Configures the idle time interval when no frames are sent after which a client is disassociated from the VAP interface IC W VAP 6 153 auth timeout value Configures the time interval after which clients must be re authenticated IC W VAP 6 153 shutdown Disabl...

Page 271: ...peed speed Maximum access speed allowed for wireless clients Options for 802 11a 6 9 12 18 24 36 48 54 Mbps Options for 802 11b g 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps Default Setting 54 Mbps Command Mode Interface Configuration Wireless Command Usage The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Please refer to the tabl...

Page 272: ...sage The normal 802 11a wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitte...

Page 273: ...fault Setting 1 Mbps for 802 11b g 6 Mbps for 802 11a Command Mode Interface Configuration Wireless Example channel This command configures the radio channel through which the access point communicates with wireless clients Syntax channel channel auto channel Manually sets the radio channel used for communications with wireless clients auto Automatically selects an unoccupied channel if available ...

Page 274: ...oint to which it is linked Example transmit power This command adjusts the power of the radio signals transmitted from the access point Syntax transmit power signal strength signal strength Signal strength transmitted from the access point Options full half quarter eighth min Default Setting full Command Mode Interface Configuration Wireless Command Usage The min keyword indicates minimum power Th...

Page 275: ...ed mode Both 802 11b and 802 11g clients can communicate with the access point up to 54 Mbps Default Setting b g mode Command Mode Interface Configuration Wireless 802 11g Command Usage For Japan only 13 channels are available when set to g or b g modes When set to b mode 14 channels are available Both the 802 11g and 802 11b standards operate within the 2 4 GHz band If you are operating in g mode...

Page 276: ...ase data throughput on the access point but requires that all clients can support a short preamble Set the preamble to long to ensure the access point can support all 802 11b and 802 11g clients Example antenna control This command selects the use of two diversity antennas or a single antenna for the radio interface Syntax antenna control diversity left right diversity The radio uses both antennas...

Page 277: ...lt Antenna or an optional external antenna Syntax antenna id antenna id antenna id Specifies the ID number of an approved antenna that is connected to the access point The options are 802 11a Original 3Com Integrated Antenna 3CWE591 3Com 6 8dBi Dual Band Omni Antenna 3CWE596 3Com 18 20dBi Dual Band Panel Antenna 3CWE598 3Com 8 10dBi Dual Band Panel Antenna 802 11b g Original None external antenna ...

Page 278: ... antenna options Example antenna location This command selects the antenna mounting location for the radio interface Syntax antenna location indoor outdoor indoor The antenna is mounted indoors outdoor The antenna is mounted outdoors Default Setting Indoor Command Mode Interface Configuration Wireless Command Usage When an external antenna is selected the antenna control must be set to right Selec...

Page 279: ...e The beacon signals allow wireless clients to maintain contact with the access point They may also carry power management information Example dtim period This command configures the rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Syntax dtim period interval interval Interval between the beacon frames that transmit broadcast or multicast traffic Range...

Page 280: ...ng higher DTIM values reduces the power used by stations in Power Save mode but delays the transmission of broadcast multicast frames Example fragmentation length This command configures the minimum packet size that can be fragmented when passing through the access point Syntax fragmentation length length length Minimum packet size for which fragmentation is allowed Range 256 2346 bytes Default Se...

Page 281: ...347 Command Mode Interface Configuration Wireless Command Usage If the threshold is set to 0 the access point always sends RTS signals If set to 2347 the access point never sends RTS signals If set to any other value and the packet size equals or exceeds the RTS threshold the RTS CTS Request to Send Clear to Send mechanism will be enabled The access point sends RTS frames to a receiving station to...

Page 282: ... 802 11a Command Usage Super A enhancements include bursting compression and fast frames Maximum throughput ranges between 40 to 60 Mbps for connections to Atheros compatible clients Example super g This command enables Atheros proprietary Super G performance enhancements Use the no form to disable this function Syntax no super g Default Setting Disabled Command Mode Interface Configuration Wirele...

Page 283: ...tax description string no description string Comment or a description for this interface Range 1 80 characters Default Setting None Command Mode Interface Configuration Wireless VAP Example ssid This command configures the service set identifier SSID Syntax ssid string string The name of a basic service set supported by the access point Range 1 32 characters Default Setting 802 11a Radio VAP_TEST_...

Page 284: ...Default Setting Disabled Command Mode Interface Configuration Wireless VAP Command Usage When closed system is enabled the access point will not include its SSID in beacon messages Nor will it respond to probe requests from clients that do not include a fixed SSID Example max association This command configures the maximum number of clients that can be associated with the access point at the same ...

Page 285: ...mber of minutes of inactivity before disassociation Range 5 60 Default Setting 30 Command Mode Interface Configuration Wireless VAP Example auth timeout value This command configures the time interval within which clients must complete authentication to the VAP interface Syntax auth timeout value minutes minutes The number of minutes before re authentication Range 5 60 Default Setting 60 AP if wir...

Page 286: ...ireless VAP Command Usage You must first enable VAP interface 0 before you can enable VAP interfaces 1 2 3 4 5 6 or 7 Example show interface wireless This command displays the status for the wireless interface Syntax show interface wireless a g vap id a 802 11a radio interface g 802 11g radio interface vap id The number that identifies the VAP interface Options 0 3 AP if wireless g VAP 0 auth time...

Page 287: ...7f fe 03 02 802 11 Parameters Radio Mode b g mixed mode Protection Method CTS only Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length LONG Maximum Association 64 stati...

Page 288: ...n Key Refresh Rate 30 min 802 1x Session Timeout Value 0 min Antenna Antenna Control method Diversity Antenna ID 0x0000 Default Antenna Antenna Location Indoor Quality of Service WMM Mode SUPPORTED WMM Acknowledge Policy AC0 Best Effort Acknowledge AC1 Background Acknowledge AC2 Video Acknowledge AC3 Voice Acknowledge WMM BSS Parameters AC0 Best Effort logCwMin 4 logCwMax 10 AIFSN 3 Admission Cont...

Page 289: ...FSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admission Control No TXOP Limit 1 504 ms AP ...

Page 290: ...ss A VAP 0 802 11a Channel 60 No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel 1 802 11g Channel Station Table Station Address 00 04 23 94 9A 9C VLAN ID 0 Authenticated Associated Forwarding KeyType TRUE FALSE FALSE NONE Counters pkts Tx Rx bytes Tx Rx 20 0 721 0 Time Associated LastAssoc LastDisAssoc LastAuth 0 0 0 0 if wireless G VAP 1 802 11g Channel 1 No 802 11g Channel Stations...

Page 291: ...Ps can be identified Table 27 Rogue AP Commands rogue ap enable This command enables the periodic detection of nearby access points Use the no form to disable periodic detection Syntax no rogue ap enable Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access...

Page 292: ...int during a rogue AP scan Example rogue ap authenticate This command forces the unit to authenticate all access points on the network Use the no form to disable this function Syntax no rogue ap authenticate Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage Enabling authentication in conjunction with a database of approved access points stored on a RADIUS server ...

Page 293: ... 100 1000 milliseconds Default Setting 350 milliseconds Command Mode Interface Configuration Wireless Command Usage During a scan client access may be disrupted and new clients may not be able to associate to the access point If clients experience severe disruption reduce the scan duration time A long scan duration time will detect more access points in the area but causes more disruption to clien...

Page 294: ...cess points but will cause more disruption to client access Example Related Commands rogue ap duration 6 161 rogue ap scan This command starts an immediate scan for access points on the radio interface Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access p...

Page 295: ... Type Privacy RSN 802 11g Channel Rogue AP Status AP Address BSSID SSID Channel MHz RSSI Type Privacy RSN 00 04 e2 2a 37 23 WLAN1AP 11 2462 MHz 17 ESS 0 0 00 04 e2 2a 37 3d ANY 7 2442 MHz 42 ESS 0 0 00 04 e2 2a 37 49 WLAN1AP 9 2452 MHz 42 ESS 0 0 00 90 d1 08 9d a7 WLAN1AP 1 2412 MHz 12 ESS 0 0 00 30 f1 fb 31 f4 WLAN 6 2437 MHz 16 ESS 0 0 AP Command Function Mode Page auth Defines the 802 11 authen...

Page 296: ...ed for authentication wpa2 psk Clients using WPA2 with a Pre shared Key are accepted for authentication wpa wpa2 mixed Clients using WPA or WPA2 are accepted for authentication wpa wpa2 psk mixed Clients using WPA or WPA2 with a Pre shared Key are accepted for authentication required Clients are required to use WPA or WPA2 supported Clients may use WPA or WPA2 if supported Default Setting open sys...

Page 297: ...settings see 802 1X Authentication on page 104 and RADIUS server details see RADIUS Client on page 94 must be configured Be sure you have also configured a RADIUS server on the network before enabling authentication Also note that each client has to be WPA enabled or support 802 1X client software A RADIUS server must also be configured and be available in the wired network If a WPA WPA2 Pre share...

Page 298: ...or wireless communications Use the no form to disable data encryption Syntax no encryption Default Setting disabled Command Mode Interface Configuration Wireless VAP Command Usage Wired Equivalent Privacy WEP is implemented in this device to prevent unauthorized access to your wireless network For more secure data transmissions enable encryption with this command and set at least one static WEP ke...

Page 299: ...For 152 bit keys use 16 alphanumeric characters or 32 hexadecimal digits Default Setting None Command Mode Interface Configuration Wireless Command Usage To enable Wired Equivalent Privacy WEP use the auth shared key command to select the shared key authentication type use the key command to configure at least one key and use the transmit key command to assign a key to one of the VAP interfaces If...

Page 300: ...y encryption option the access point uses the transmit key to encrypt multicast and broadcast data signals that it sends to client devices Other keys can be used for decryption of data from clients When using IEEE 802 1X the access point uses a dynamic key to encrypt unicast and broadcast messages to 802 1X enabled clients However because the access point sends the keys during the 802 1X authentic...

Page 301: ... capability of the client Default Setting wep Command Mode Interface Configuration Wireless VAP Command Usage WPA enables the access point to support different unicast encryption keys for each client However the global encryption key for multicast and broadcast traffic must be the same for all clients If any clients supported by the access point are not WPA enabled the cipher suite algorithm must ...

Page 302: ...tion The main enhancement is its use of AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 bit key The AES CCMP encryption cipher is specified as a standard requirement for WPA2 However the computational intensive operations of AES C...

Page 303: ...en both 802 11a and 802 11g interfaces are supporting a high number of clients simultaneously Example wpa pre shared key This command defines a Wi Fi Protected Access WPA WPA2 Pre shared key Syntax wpa pre shared key hex passphrase key value hex Specifies hexadecimal digits as the key input format passphrase key Specifies an ASCII pass phrase string as the key input format value The key string For...

Page 304: ...hen returns reauthentication is not required When a WPA2 client is first authenticated it receives a Pairwise Master Key PMK that is used to generate other keys for unicast data encryption This key and other client information form a Security Association that the access point names and holds in a cache The lifetime of this security association can be configured with this command When the lifetime ...

Page 305: ...s clients to roam to a new access point and be quickly associated The first time a client is authenticated to a wireless network it has to be fully authenticated When the client is about to roam to another access point in the network the access point sends pre authentication messages to the new access point that include the client s security association information Then when the client sends an as...

Page 306: ... Syntax no link integrity ping detect Default Setting Disabled Command Mode Global Configuration Command Usage When link integrity is enabled the IP address of a host device in the wired network must be specified The access point periodically sends an ICMP echo request Ping packet to the link host IP address When the number of failed responses either the Command Function Mode Page link integrity p...

Page 307: ...ost host_name ip_address no link integrity ping host host_name Alias of the host ip_address IP address of the host Default Setting None Command Mode Global Configuration Example link integrity ping interval This command configures the time between each Ping sent to the link host Syntax link integrity ping interval interval interval The time between Pings Range 5 60 seconds Default Setting 30 secon...

Page 308: ...t Setting 6 Command Mode Global Configuration Example link integrity ethernet detect This command enables an integrity check to determine whether or not the access point is connected to the wired Ethernet Syntax no link integrity ethernet detect Default Setting Disabled Command Mode Global Configuration Example AP config link integrity ping interval 20 AP config AP config link integrity ping fail ...

Page 309: ...nvironment iapp This command enables the protocol signaling required to hand over wireless clients roaming between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802 11 standard does not specify the signaling required between access points in order to support clients r...

Page 310: ...IUS server The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network If a user does not have a configured VLAN ID the access point assigns the user to its own configured native VLAN ID The VLAN commands supported by the access point are listed below Table 30 VLAN Commands AP config iapp AP config NOTE When VLANs are enabled the access point s Ethernet...

Page 311: ...ent on the RADIUS server then the frames are tagged with the access point s native VLAN ID Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point s native VLAN ID or with a VLAN tag that matches one of the wireless clients currently associated with the access point Example Related Commands management vlanid 6 179 management vlanid This command configures the...

Page 312: ... VLAN ID setting for VAP interface the access point must enable VLAN support using the vlan command When VLANs are enabled the access point tags frames received from wireless clients with the default VLAN ID for the VAP interface If IEEE 802 1X is being used to authenticate wireless clients specific VLAN IDs can be configured on the RADIUS server to be assigned to each client Using IEEE 802 1X and...

Page 313: ...l mode on the access point Use the no form to disable WMM Syntax no wmm supported required supported WMM will be used for any associated device that supports this feature Devices that do not support this feature may still associate with the access point required WMM must be supported on any device trying to associated with the access point Devices that do not support this feature will not be allow...

Page 314: ...ty levels and are mapped to IEEE 802 1D priority tags see Table The direct mapping of the four ACs to 802 1D priorities is specifically intended to facilitate interpretability with other wired network QoS policies While the four ACs are specified for specific types of traffic WMM allows the priority levels to be configured to match any network wide QoS policy WMM also specifies a protocol that acc...

Page 315: ...alue Range 1 15 microseconds LogCwMax Maximum log value of the contention window This is the maximum upper limit of the random backoff wait time before wireless medium access can be attempted The contention window is doubled after each detected collision up to the LogCwMax value Note that the CWMax value must be greater or equal to the LogCwMin value Range 1 15 microseconds AIFS Arbitrary InterFra...

Page 316: ...gCwMin 4 4 3 2 LogCwMax 10 10 4 3 AIFS 3 7 2 2 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled BSS Parameters WMM Parameters AC0 Best Effort AC1 Background AC2 Video AC3 Voice LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled AP if wireless a wmmparams ap 0 4 6 3 1 1 AP if wireless a ...

Page 317: ...nnas used Be sure that antennas in the link are properly aligned Check that there is an unobstructed radio line of sight between the antennas Be sure there is no interference from other radio sources Try setting the bridge link to another radio channel Be sure there is no other radio transmitter too close to either antenna If necessary move the antennas to another location 3 If wireless clients ca...

Page 318: ...Management Filter should be disabled page 17 Check that you have a valid network connection to the bridge and that the Ethernet port or the wireless interface that you are using has not been disabled If you are connecting to the bridge through the wired Ethernet interface check the network cabling between the management station and the bridge If you are connecting to bridge from a wireless client ...

Page 319: ...A 3 Reset the bridge s hardware using the console interface web interface or through a power reset ...

Page 320: ...A 4 ...

Page 321: ...nnector must be attached to both ends of the cable The following figure illustrates how the pins on the RJ 45 connector are numbered Be sure to hold the connectors in the same orientation when attaching the wires to the pins CAUTION Each wire pair must be attached to the RJ 45 connectors in a specific orientation CAUTION DO NOT plug a phone jack connector into a power injector RJ 45 port Use only ...

Page 322: ...t use crossover cables for connections to PCs or servers and straight through cable for connections to switches or hubs However when connecting to devices that support automatic MDI MDI X pinout configuration you can use either straight through or crossover cable 10 100BASE TX MDI and MDI X Port Pinouts Pin MDI X Signal Name MDI Signal Name 1 Receive Data plus RD Transmit Data plus TD 2 Receive Da...

Page 323: ...ches that only have MDI X ports However if the device to which you are connecting supports automatic MDI MDI X operation you can use either straight through or crossover cable White Orange Stripe Orange White Green Stripe Green 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX Straight through Cable End A End B Blue White Blue Stripe Brown White Brown Stripe ...

Page 324: ... nodes that only have MDI ports However if the device to which you are connecting supports automatic MDI MDI X operation you can use either straight through or crossover cable White Orange Stripe Orange White Green Stripe 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX Crossover Cable End A End B Green Blue White Blue Stripe Brown White Brown Stripe ...

Page 325: ...is described in the following figure and table 8 Pin DIN Ethernet Port Pinout Pin Signal Name 1 Transmit Data plus TD 2 Transmit Data minus TD 3 Receive Data plus RD 4 48 VDC power 5 48 VDC power 6 Receive Data minus RD 7 Return power 8 Return power Note The and signs represent the polarity of the wires that make up each wire pair 1 7 2 3 4 5 8 6 ...

Page 326: ... better UTP or STP cable maximum length 100 m 328 ft and be sure to connect all four wire pairs NOTE To construct a reliable Ethernet cable always use the proper tools or ask a professional cable supplier to construct the cable White Orange Stripe Orange White Green Stripe Green 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 8 Pin DIN Female RJ 45 1 7 2 3 4 5 8 6 White Blue Stripe White Brown Stripe Brown Blue 8...

Page 327: ...ption algorithm that implements symmetric key cryptography AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP Authentication The process to verify the identity of a client requesting network access IEEE 802 11 specifies two forms of authentication open system and shared key Backbone The core infrastructure of a network The portion of the network th...

Page 328: ...Set ESS More than one wireless cell can be configured with the same Service Set Identifier to allow mobile users can roam between different cells with the Extended Service Set Extensible Authentication Protocol EAP An authentication protocol used to authenticate network clients EAP is combined with IEEE 802 1X port authentication and a RADIUS authentication server to provide mutual authentication ...

Page 329: ...s Local Area Network LAN A group of interconnected computer and support devices MAC Address The physical layer address used to uniquely identify network nodes Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clocks within the subnet and to national time st...

Page 330: ...each client attached to a wireless network Shared Key authentication must be used along with the 802 11 Wireless Equivalent Privacy algorithm Simple Network Management Protocol SNMP The application protocol in the Internet suite of protocols which offers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic updates from a Net...

Page 331: ...resources as though located on the same LAN Wi Fi Protected Access WPA employs 802 1X as its basic framework for user authentication and dynamic key management to provide an enhanced security solution for 802 11 wireless networks Wired Equivalent Privacy WEP WEP is based on the use of security keys and the popular RC4 encryption algorithm Wireless devices without a valid WEP key will be excluded f...

Page 332: ...Glossary 6 ...

Page 333: ...al 5 59 6 147 rate 5 59 6 147 BOOTP 6 133 6 134 BPDU 5 46 C cable assignments B 1 crossover B 4 straight through B 3 channel 6 141 Clear To Send See CTS CLI 6 1 command modes 6 5 closed system 6 152 command line interface See CLI community name configuring 6 75 community string 5 24 6 75 configuration settings saving or restoring 6 91 configuration initial setup 4 1 country code configuring 6 14 c...

Page 334: ...setup 4 1 IP address BOOTP DHCP 6 133 6 134 configuring 4 8 5 5 6 133 6 134 L log messages 5 50 5 83 6 63 server 5 49 6 63 login CLI 6 1 web 4 5 logon authentication RADIUS client 5 16 6 94 6 99 M MAC address authentication 5 14 6 110 6 111 maximum associated clients 5 59 maximum data rate 6 141 802 11a interface 6 141 802 11g interface 6 141 MDI RJ 45 pin configuration 1 5 O OFDM 1 2 open system ...

Page 335: ...status 5 79 6 158 status displaying device status 5 78 6 35 displaying station status 5 79 6 158 straight through cable B 3 system clock setting 5 50 6 69 system log enabling 5 49 6 62 server 5 49 6 63 system software downloading from server 5 35 6 91 T Telnet for managenet access 6 2 Temporal Key Integrity Protocol See TKIP time zone 5 51 6 70 TKIP 5 76 transmit power configuring 5 59 6 142 trap ...

Reviews:

No comments