3Com 3CRWX120695A Installation And Basic Configuration Manual Download

Page: 80 / 108

HAPTER

3: C

ONFIGURING

WX S

WITCH

FOR

ASIC

ERVICE

display aaa

The following commands configure two RADIUS servers, add them to
server group

grp1

, enable load balancing of authentication sessions

among the servers, and verify the change:

WX1200# set radius server svr1 address 10.10.70.20 key rad1pword

success: change accepted.

WX1200# set radius server svr2 address 10.10.70.40 key rad2pword

success: change accepted.

WX1200# set server group grp1 members svr1 svr2

success: change accepted.

WX1200# set server group grp1 load-balance enable

success: change accepted.

WX1200# display aaa

Default Values

authport=1812 acctport=1813 timeout=5 acct-timeout=5

retrans=3 deadtime=0 key=(null) author-pass=(null)

Radius Servers

Server

Addr

Ports

T/o Tries Dead State

-------------------------------------------------------------------

svr1

10.10.70.20

1812 1813

svr2

10.10.70.40

1812 1813

Server groups

grp1 (load-balanced): svr1 svr2

Configuring the Authentication Protocol for Pass-Through
Authentication

To configure the authentication protocol for 802.1X users, use the
following command:

set authentication dot1x {ssid ssid-name | wired} user-glob

[bonded] protocol method1 [method2] [method3] [method4]

To verify the change, use the following command:

display aaa

The asterisk in the example below is a wildcard. You cannot use a
wildcard to represent the delimiter characters in user globs, which are the
at sign (@) and the dot (

). To match a username that contains a delimiter,

you must specify the delimiter in the user glob as shown in these

Summary of Contents for 3CRWX120695A

Page 1: ...p www 3com com Part No 730 9502 0070 Revision A Published October 2004 Wireless LAN Mobility System Wireless LAN Switch and Controller Installation and Basic Configuration Guide 3CRWX120695A 3CRWX4400...

Page 2: ...une 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this...

Page 3: ...erfaces 13 Status LEDs 14 Software Features 15 Management Features 15 Layer 2 Switching Features 16 IP Services 16 Authentication Authorization and Accounting 17 Roaming 17 RF Management 17 2 INSTALLI...

Page 4: ...VLANs and IP Addresses 42 Configuring a Default Route 44 Verifying IP Connectivity 45 Enabling Secure Communication for 3WXM or Web Manager 46 Installing a Certificate 47 Installing a Server Certifica...

Page 5: ...ication 82 Displaying and Saving the Configuration 84 A WX TECHNICAL SPECIFICATIONS B WX TROUBLESHOOTING C SAFETY INFORMATION D OBTAINING SUPPORT FOR YOUR PRODUCT Register Your Product 101 Purchase Va...

Page 6: ......

Page 7: ...the information in this guide follow the instructions in the release notes Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the 3Com Wo...

Page 8: ...tion and management Table 2 Text Conventions Convention Description Monospace text Sets off command syntax or sample commands and system responses Bold text Highlights commands that you enter or items...

Page 9: ...SS CLI Wireless LAN Switch and Controller Command Reference This reference provides syntax information for all MSS commands supported on WX switches Documentation Comments Your suggestions are very im...

Page 10: ...10 ABOUT THIS GUIDE...

Page 11: ...otices and instructions marked on the product or included in the documentation MAP Model Numbers Table 3 lists the MAP switch model numbers Table 3 MAP Switch Model Numbers Model Port Configuration Po...

Page 12: ...1200 Switch Front Panel Control Features The rear of the switch contains a label with the serial ID MAC address and other identifying information WX4400 Switch A WX4400 switch is two rack units RUs hi...

Page 13: ...not used for normal WX operation Power Features Power supplies A WX4400 switch comes with one 100 240 VAC autosensing AC power supply You can add a second supply for load sharing and redundancy The po...

Page 14: ...one interface copper or fiber can be active on a port The GBIC interface is active by default Status LEDs The WX switches have LEDs that indicate port power and CPU status Table 4 lists the LEDs For...

Page 15: ...S Link WX1200 only Solid green 100 Mbps link is operational Solid amber 10 Mbps link is operational Blinking green Traffic is active on the 100 Mbps link Blinking amber Traffic is active on the 10 Mbp...

Page 16: ...s ports into separate Layer 2 collision domains A port can be a member of one or more VLANs Each VLAN can have its own IP interface MSS supports the 802 1Q tag format Internet Group Management Protoc...

Page 17: ...tasks locally or distributing the load across multiple servers Roaming MAP access point roaming You can configure the WX switch to allow users to roam from one MAP access point to another on the same...

Page 18: ...18 CHAPTER 1 WX SWITCH OVERVIEW...

Page 19: ...for a WX switch contains the following items One WX switch containing one power supply For some countries one country specific power cord One serial cable for connection to the management console Two...

Page 20: ...If any item is missing or damaged contact 3Com Installation Requirements and Recommendations For best results follow these requirements and recommendations before installing a WX switch 3Com Wireless...

Page 21: ...s are located in the rear of the switch and air inlets are located on the sides of the switch Make sure these areas have adequate ventilation after installation Do not block air vents WARNING The WX s...

Page 22: ...ansmit 2 Receive 5 Ground 5 Ground Table 6 Ethernet Interfaces Link Type Cable Type Connector Type Maximum Distance 10 100BASE T Cat 5 copper Straight through or crossover signaling RJ 45 100 m 328 fe...

Page 23: ...8 on page 23 lists the pin signals for 10 100 Ethernet straight through wiring Pins 4 5 7 and 8 are used only when Power over Ethernet PoE is enabled on the port RD means Receive Data and TD means Tr...

Page 24: ...s support front mounting only To install a WX switch use one of the following procedures WARNING Earth grounding is required for a WX switch installed in a rack If you are relying on the rack to provi...

Page 25: ...tion for the supply connections When using an extension cord or power strip pay attention to the grounding type Equipment Rack Installation You can install a WX4400 switch into a front mount or center...

Page 26: ...26 CHAPTER 2 INSTALLING AND CONNECTING A WX SWITCH Figure 4 WX4400 Installation Front Mount Equipment Rack First attach brackets to chassis Then install chassis into rack...

Page 27: ...s front panel and extends away from the switch For a center mount equipment rack align the bracket so that the bracket flange is located near the center screw holes 3 Reinsert the screws to secure the...

Page 28: ...for the rubber feet to clear away any oil or dust The location areas are marked by X s 3 Attach the four rubber adhesive feet over the X s 4 Turn the WX switch right side up and place the switch in p...

Page 29: ...s CLI through the serial console port Figure 6 shows how to install a serial cable on the WX switch Refer to this figure as you perform the procedure For cable requirements see Serial Console Cable on...

Page 30: ...appear when attempting to initiate a serial management connection do the following 1 Verify that the WX switch is powered on 2 Verify that the serial cable is fully inserted in the PC and WX switch p...

Page 31: ...ions in Japan Provide an earthing connection before you connect the mains plug to the mains When disconnecting the earthing connection make sure to disconnect only after you pull out the mains plug fo...

Page 32: ...nt s active link with PoE enabled all the following are true MAP access point has booted MAP access point has received a valid configuration from the WX switch Management link with a MAP access point...

Page 33: ...e switch use the enable command to enter configuration mode and use the following command to set the active interface on the port to RJ 45 copper set port preference port list rj45 3 Observe the lower...

Page 34: ...port If the LED is green the 1000 Mbps link is operational If the LED is blinking amber traffic is active on the 1000 Mbps link If the LED is unlit the link is not operational Check the cable and ver...

Page 35: ...command syntax and examples and includes complex terminology For syntax descriptions additional configuration and a glossary of terms see the Wireless LAN Switch and Controller Command Reference and t...

Page 36: ...e 38 2 Install an upgrade license if applicable See Installing an Upgrade License on page 39 3 Configure time and date parameters See Configuring the Time and Date on page 40 4 Configure IP connectivi...

Page 37: ...ave them to the configuration file See Displaying and Saving the Configuration on page 84 Figure 7 shows the Mobility System configured by the command examples in this chapter All CLI configuration ex...

Page 38: ...set enablepass Router Router Wired authentication client System IP address 10 10 10 4 Port 1 Port 2 Port 4 WX1 10 10 40 19 24 10 10 20 19 24 10 10 30 19 24 RADIUS servers 10 10 70 20 10 10 70 40 10 10...

Page 39: ...ssword Retype new password MSS does not display your password but lets you know that the enable password is set success password changed For information about additional ways to secure CLI access see...

Page 40: ...s The following command installs an upgrade license WX4400 set license WXL 076E 93E9 62DA 54D8 WXA 3E04 4CC2 430D B508 Serial Number M8XE4IBB8DB10 License Number 245 License Key WXL 076E 93E9 62DA 54D...

Page 41: ...our min set timedate date mmm dd yyyy time hh mm ss set ntp enable disable set ntp server ip addr To verify the changes use the following commands display timezone display summertime display timedate...

Page 42: ...12 03 04 PST Configuring IP Connectivity To configure IP connectivity 1 Configure a VLAN assign a port to the VLAN that can provide IP connectivity through the network for administrative purposes and...

Page 43: ...cess change accepted WX1200 set vlan 4 name blue success change accepted WX1200 set vlan blue port 5 tag 20 success change accepted To avoid confusion do not assign numbers as VLAN names Every VLAN on...

Page 44: ...does not require an IP address on every VLAN WX1200 set interface mgmt ip 10 10 10 4 24 success change accepted WX1200 set interface blue ip 10 10 20 2 24 success change accepted WX1200 display inter...

Page 45: ...10 10 10 x and 10 10 20 x routes in this example are automatically added by MSS when you configure the corresponding IP interfaces The 224 0 0 0 route is for IGMP snooping MSS automatically places thi...

Page 46: ...19 icmp_seq 5 ttl 255 time 0 608 ms 20 20 20 1 ping statistics 5 packets transmitted 5 packets received 0 errors 0 packet loss Enabling Secure Communication for 3WXM or Web Manager To enable secure co...

Page 47: ...er certificate Use one of the following methods to enable secure communication between 3WXM or Web Manager and a WX switch Generate a self signed certificate on the switch See Generating a Self Signed...

Page 48: ...self signed certificate WX1200 crypto generate key admin 1024 key pair generated WX1200 crypto generate self signed admin Country Name State Name Locality Name Organizational Name Organizational Unit...

Page 49: ...uthenticate the PKCS 12 object file c Install the public private key pair and certificate from the PKCS 12 object file into the switch s certificate and key store For more information see Installing a...

Page 50: ...ommand Here is an example WX1200 copy tftp 10 10 10 10 p12file WX1200 crypto otp admin temppwd WX1200 crypto pkcs12 admin p12file Installing a Certificate from a PKCS 7 Object File To generate a publi...

Page 51: ...te the PKCS 7 object file into the CLI For example WX1200 crypto certificate admin Enter PEM encoded certificate BEGIN CERTIFICATE MIIGDDCCBbagAwIBAgIKFrJ2aAAAAAAAn DANBgkqhkiG9w0BAQUFADCBmzErMCkG CSq...

Page 52: ...NvbTEL RGpOeQ END CERTIFICATE Displaying Certificate Information Use the following command to display administrative certificate information display crypto certificate admin This command displays the...

Page 53: ...te a self signed certificate on the WX switch To use a self signed certificate use the following commands crypto generate key eap 1024 2048 crypto generate self signed eap The common name is required...

Page 54: ...ormatted certificate After you submit the certificate request to a CA and receive a signed certificate from the CA as a PKCS 7 object file install the certificate into the WX switch s certificate and...

Page 55: ...e CA then open the file with an ASCII text editor such as Notepad 2 Type the crypto ca certificate eap command 3 After the prompt paste the PKCS 7 object file into the CLI For example WX1200 crypto ca...

Page 56: ...d field type the enable password you configured on the switch See Configuring an Enable Password on page 38 Leave the User name field blank 3 Click OK If your web browser has the Google toolbar instal...

Page 57: ...cified 3WXM rejects the configuration To specify the country use the following command set system countrycode code For the country code specify one of the codes listed in Table 11 Table 11 Country Cod...

Page 58: ...The following example sets the country code to US United States and verifies the setting Mexico MX Netherlands NL New Zealand NZ Norway NO Poland PL Portugal PT Saudi Arabia SA Singapore SG Slovakia...

Page 59: ...P Address You can designate one of the IP addresses configured on a WX switch s VLAN to be the system IP address of the switch The system IP address provides a common IP interface and source IP addres...

Page 60: ...4 23 Total Power Over Ethernet 32 000 Configuring for Authenticating Users A WX switch can provide authentication authorization and accounting AAA services for wireless and wired users Wireless users...

Page 61: ...nable port fast convergence called PortFast on some vendors devices on the port or disable STP on the port For more information see the Configuring MAP Access Points chapter in the Wireless LAN Switch...

Page 62: ...and only one MAP is connected to the WX port The WX 10 100 port typically provides PoE to the MAP The WX forwards data only to and from the configured MAP on that port The port numbers on the WX conf...

Page 63: ...by IP routers to WX1 WX1 needs a Distributed MAP configuration in order to boot and configure MAP3 The Layer 2 network that MAP3 is attached to must provide DHCP services The network s DNS server mus...

Page 64: ...the Ethernet connections to the MAP Be sure to utilize a PoE injection device that has been tested by 3Com Providing PoE on both of the Ethernet connections if the MAP has two allows for redundant Po...

Page 65: ...be configured for 802 11a or 802 11b g MAP models MP 52 MP 252 MP 262 and MP 352 have two radios One radio is always 802 11a The other radio is 802 11b g but can be configured for 802 11b or 802 11g e...

Page 66: ...fect the power applied on the configured ports Would you like to continue y n n y success change accepted To verify the configuration change use the following command display ap config port list radio...

Page 67: ...hat can be used later for displaying and configuration much like the physical ports for directly connected MAPs WX1200 set dap 1 serial id M9DE48B012F00 model mp 262 success change accepted WX1200 set...

Page 68: ...M9DE48B123400 10 10 50 4 HIGH M9DE48B6EAD00 10 10 40 4 HIGH M9DE48B6EAD00 10 10 50 4 HIGH M9DE48B234500 10 10 40 4 HIGH M9DE48B234500 10 10 50 4 HIGH M9DE48BDEA200 10 10 40 4 HIGH M9DE48BDEA200 10 10...

Page 69: ...Service Profile Parameters Parameter Default Value Radio Behavior When Parameter Set To Default Value auth dot1x enable When the Wi Fi Protected Access WPA information element IE is enabled uses 802...

Page 70: ...io profile auth psk command ssid name private Uses the SSID name private ssid type crypto Encrypts wireless traffic for the SSID tkip mc time 60000 Uses Michael countermeasures for 60 000 ms 60 second...

Page 71: ...tion Use the clear SSID for public access to nonsecure portions of your network A radio can send and receive traffic for both types of SSID at the same time By default a radio sends beacons to adverti...

Page 72: ...x lifetime 2000 Allows a received frame to stay in the buffer for up to 2000 ms 2 seconds max tx lifetime 2000 Allows a frame that is scheduled for transmission to stay in the buffer for up to 2000 ms...

Page 73: ...External antenna model ANT1180 The channel and power defaults listed above apply only when RF Auto Tuning is disabled RF Auto Tuning can automatically set and adjust the channel and power settings on...

Page 74: ...es radio profile rp1 to radio 1 on MAP access ports 1 2 and 4 and on Distributed MAP 1 and Distributed MAP 2 and enables the radios WX1200 set ap 1 2 4 radio 1 radio profile rp1 mode enable success ch...

Page 75: ...es and subsequently if configurations of member switches change or switches are added or deleted For normal operation the seed switch need not be available for the rest of the Mobility Domain to funct...

Page 76: ...ility Domain but not the seed for the domain use the following command set mobility domain mode member seed ip ip addr Enter the system IP address of the seed switch Configuring User Authentication MS...

Page 77: ...cation access or last resort ssid where ssid is the SSID requested by the user If the user information is on a RADIUS server MSS also checks for a password Users cannot access the network unless they...

Page 78: ...te VSA You cannot configure the Tunnel Private Group ID attribute in the local user database Specify the VLAN name not the VLAN number The examples in this chapter assume the VLAN is assigned on a RAD...

Page 79: ...eout seconds retransmit number deadtime minutes key string author password password To add the server s to a server group use the following command set server group group name members server name1 ser...

Page 80: ...t 5 acct timeout 5 retrans 3 deadtime 0 key null author pass null Radius Servers Server Addr Ports T o Tries Dead State svr1 10 10 70 20 1812 1813 5 3 0 UP svr2 10 10 70 40 1812 1813 5 3 0 UP Server g...

Page 81: ...ass through grp1 success change accepted Authentication Example for Users in a UNIX Domain The following commands add authentication rules for user globs in a UNIX domain Users are authenticated by us...

Page 82: ...ertificates on the WX switch You can install certificates assigned by a CA or generate self signed certificate on the switch See Installing a Server Certificate for Network Users on page 52 Generating...

Page 83: ...fload and pass through user authentication Configuring the Authentication Protocol for Offload Authentication To configure the authentication protocol for 802 1X users use the following command A user...

Page 84: ...s Alternatively use a double asterisk with no delimiters to match all usernames If you have more than one authentication rule add the rules in the order you want MSS to use them For example add the mo...

Page 85: ...WX1200 set system ip address 10 10 10 4 set system countrycode US set timezone pdt 8 0 set summertime PDT start first sun apr 4 0 end last sun oct 31 0 set service profile corp1 ssid name private_wlan...

Page 86: ...86 CHAPTER 3 CONFIGURING A WX SWITCH FOR BASIC SERVICE...

Page 87: ...t With one power supply 9 75 kg 21 50 pounds With two power supplies 11 35 kg 25 00 pounds Operating Temperature 0 C to 50 C 32 F to 122 F Storage Temperature 20 C to 70 C 4 F to 158 F Humidity 10 to...

Page 88: ...inches Height 4 4 cm 1 72 inches Weight Without a power supply 3 40 kg 7 50 pounds With power supply 3 8 kg 8 50 pounds Operating Temperature 0 C to 50 C 32 F to 122 F Storage Temperature 20 C to 70...

Page 89: ...PoE Two RJ 45 ports for 10 100BASE T Ethernet uplinks without PoE Safety and electromagnetic compliance FCC PART 15 UL 60950 ICES PART 15 CSA 22 2 NO 60950 EN 55022 EN 55024 CISPR 22 TUV GS EN 60 950...

Page 90: ...90 APPENDIX A WX TECHNICAL SPECIFICATIONS...

Page 91: ...r were incorrect when you generated the self signed certificate or certificate request 1 Use set timezone to set the time zone in which you are operating the switch See Configuring the Time and Date o...

Page 92: ...ized for a VLAN 1 Type the display aaa command to check the authentication rules on the WX switch to ensure that the client can be authenticated 2 Check the authorization rules in the switch s local d...

Page 93: ...or the missing configuration information 2 Type the save config command to save the changes Mgmt LED is quickly blinking amber CLI stops at boot prompt boot The WX switch was unable to load the system...

Page 94: ...94 APPENDIX B WX TROUBLESHOOTING...

Page 95: ...uer des blessures Esta situaci n o condici n puede causar lesiones High voltage This situation or condition can cause injury due to electric shock Hoog voltage Deze situatie of omstandigheid kan letse...

Page 96: ...nnel only Read and follow all warning notices and instructions marked on the product or included in the documentation De installatie mag alleen worden uitgevoerd door bevoegd onderhoudspersoneel Het i...

Page 97: ...Glasfaserschnittstellen werden bei Gigabit Ethernet Class 1 Laser verwendet Vermeiden Sie Augenverletzungen indem Sie nicht in die Schnittstelle schauen oder den Laserstrahl auf Ihr Auge richten Les i...

Page 98: ...installiert ist ist eine Erdung erforderlich Wenn Sie die Erdung ber das Rack vornehmen m chten m ssen Sie es ber ein Masseband mit der Erde verbinden Die Erdung zum Rack erfolgt dann ber die Metalls...

Page 99: ...vous laissez tomber le commutateur WX par accident vous pouvez vous blesser et le commutateur risque d tre endommag 3Com le recomienda que pida la ayuda de alguien para realizar los pasos restantes S...

Page 100: ...Lastschutz des WX Switch h ngt vom Gesamtlastschutz des Geb udes ab Sie sollten sicherstellen dass die Phasen mit maximal 240 V 10 A abgesichert sind La protection du commutateur WX contre les surinte...

Page 101: ...oduct please contact 3Com Global Services for assistance Purchase Value Added Services To enhance response times or extend warranty benefits contact 3Com or your authorized 3Com reseller Value added s...

Page 102: ...d related documentation you must first purchase a service contract from 3Com or your reseller Telephone Technical Support and Repair To enable telephone support and other service benefits you must fir...

Page 103: ...0 446 398 61 2 9937 5083 Philippines P R of China Singapore S Korea Taiwan Thailand 1235 61 266 2602 or 1800 1 888 9469 800 810 3033 800 6161 463 080 333 3308 00801 611 261 001 800 611 2000 You can al...

Page 104: ...ama Paraguay Peru Puerto Rico Salvador Trinidad and Tobago Uruguay Venezuela Virgin Islands AT T 800 998 2112 57 1 657 0888 AT T 800 998 2112 1 800 998 2112 571 657 0888 01 800 849CARE AT T 800 998 21...

Page 105: ...talling for users self signed 53 invalid troubleshooting 91 channels configuring 73 CLI command line interface accessing 35 clients no network access troubleshooting 92 command line interface accessin...

Page 106: ...g 66 logging in 35 M Managed Access Point See MAP MAP Managed Access Point configuring 61 connections 31 denial of configuration information troubleshooting 92 LEDs 15 32 models 65 66 members Mobility...

Page 107: ...tabletop installation 28 terminal emulator settings 29 time configuring 40 tools required for installation 24 transmit power configuring 73 troubleshooting blinking amber Mgmt LED 93 denial of MAP con...

Page 108: ...108 INDEX troubleshooting 91 WX1200 11 WX4400 11...

Search results

Summary of Contents for 3CRWX120695A

Reviews:

Related manuals for 3CRWX120695A

Brands by name

Popular brands

3Com 3CRWX120695A, Installation And Basic Configuration Manual

Search results

Summary of Contents for 3CRWX120695A

Reviews:

Related manuals for 3CRWX120695A

Brands by name

Popular brands