3Com 8760 - Wireless Dual Radio 11a/b/g PoE Access Point User Manual Download Page 172 | Manualshive

Page: 172 / 261

background image

5-70

C

HAPTER

5: C

OMMAND

L

INE

I

NTERFACE

Example

802.1X Authentication

The access point supports IEEE 802.1X access control for wireless clients. This
control feature prevents unauthorized access to the network by requiring an
802.1X client application to submit user credentials for authentication. Client
authentication is then verified by a RADIUS server using EAP (Extensible
Authentication Protocol) before the access point grants client access to the
network. The 802.1X EAP packets are also used to pass dynamic unicast session
keys and static broadcast keys to wireless clients.

Table 20

802.1X Authentication

Enterprise AP#show radius

Radius Server Information

========================================

IP : 0.0.0.0

Port : 1812

Key : *****

Retransmit : 3

Timeout : 5

Radius MAC format : no-delimiter

Radius VLAN format : HEX

========================================

Radius Secondary Server Information

========================================

IP : 0.0.0.0

Port : 1812

Key : *****

Retransmit : 3

Timeout : 5

Radius MAC format : no-delimiter

Radius VLAN format : HEX

========================================

Enterprise AP#

Command

Function

Mode

Page

802.1x

Configures 802.1X as disabled, supported, or required IC-W-VAP

5-71

802.1x broadcast-key-
refresh-rate

Sets the interval at which the primary broadcast keys
are refreshed for stations using 802.1X dynamic keying

IC-W-VAP

5-72

802.1x session-key-
refresh-rate

Sets the interval at which unicast session keys are
refreshed for associated stations using dynamic keying

IC-W-VAP

5-73

802.1x session-timeout

Sets the timeout after which a connected client must be
re-authenticated

IC-W-VAP

5-73

«
...
170
171
172
173
174
...
»

Summary of Contents for 8760 - Wireless Dual Radio 11a/b/g PoE Access Point

Page 1: ...www 3Com com Part Number 10015153 Rev AA User Guide 3Com Wireless 8760 Dual radio 11a b g PoE Access Point 3CRWE876075 WL 546 Published June 2006 ...

Page 2: ...copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 701...

Page 3: ...s Point Installation Requirements 2 1 Power Requirements 2 2 Safety Information 2 2 Deciding Where to Place Equipment and Performing A Site Survey 2 3 Before You Begin 2 4 Connecting the Standard Antennas 2 5 Connecting Power 2 6 Using the Power Supply 2 8 Using a Power Over Ethernet LAN Port 2 8 Checking the LEDs 2 9 Reset Button 2 9 Wall Ceiling or Electrical Box Mounting 2 10 Flat Surface Insta...

Page 4: ...ttings 4 5 RADIUS 4 8 Authentication 4 9 Filter Control 4 14 VLAN 4 16 SNMP 4 18 Configuring SNMP and Trap Message Parameters 4 18 Configuring SNMPv3 Users 4 21 Administration 4 22 Changing the Password 4 22 Telnet and SSH Settings 4 23 Upgrading Firmware 4 24 WDS and Spanning Tree Settings 4 27 System Log 4 33 Enabling System Logging 4 33 Configuring SNTP 4 34 Radio Interface 4 35 802 11a Interfa...

Page 5: ...Commands 5 3 Keywords and Arguments 5 3 Minimum Abbreviation 5 3 Command Completion 5 3 Getting Help on Commands 5 3 Showing Commands 5 4 Partial Keyword Lookup 5 4 Negating the Effect of Commands 5 5 Using Command History 5 5 Understanding Command Modes 5 5 Exec Commands 5 5 Configuration Commands 5 6 Command Line Processing 5 6 Command Groups 5 7 6 Troubleshooting Index ...

Page 6: ...6 ...

Page 7: ...t CSMA CA Carrier Sense Multiple Access with Collision Avoidance EAP Extensible Authentication Protocol which provides a generalized framework for several different authentication methods ESS Extended Service Set More than one BSS is configured to become an ESS LAN mobile users can roam between different BSSs in an ESS ESS ID SSID Ethernet A popular local area data communications network which acc...

Page 8: ...s of hosts that are on physically different segments but that communicate as though they were on the same segment WEP Wired Equivalent Privacy is based on the use of security keys and the popular RC4 encryption algorithm Wireless devices without a valid WEP key will be excluded from network traffic WDS Wireless Distribution System WPA Wi Fi Protected Access ...

Page 9: ...re wireless network that provides users with seamless connectivity to the Internet company intranet and the wired corporate network from anywhere they happen to be conference room cafeteria or office 3Com s dual mode design supports 802 11g 802 11a and 802 11b wireless standards on a single access point This capability increases configuration and coverage flexibility and protects your network inve...

Page 10: ...the market today To protect sensitive data broadcast over the wireless LAN 3Com supports WPA and WPA2 security standards 3Com strengthens this basic security mechanism with additional security features including MAC address access control lists IEEE 802 1x per port user authentication with RADIUS server support IEEE 802 1x supplicant support SSH v2 HTTP HTTPS SNMP v3 Legacy WEP 40 64 bit 128 bit a...

Page 11: ...ple wireless services to clients in a network Each VAP can be configured to provide access to different network resources and can support different levels of security For example in a university network an access point AP could be used to offer two services The first service provides access to protected data for authenticated university staff members while the second service provides open access t...

Page 12: ...r hard to reach locations WIRELESS NETWORK STANDARDS Understanding the characteristics of the 802 11g and 802 11a standards can help you make the best choice for your wireless implementation plans 802 11G 802 11g operates in the 2 4 GHz band at up to 54Mbps and supports the widest coverage up to 100 meters 328 feet However is subject to a greater risk of radio interference because it operates in t...

Page 13: ...r multimedia over a wireless network that can benefit from a fivefold increase in data throughput Transferring large files like computer aided design files preprint publishing documents or graphics files such as MRI scans for medical applications that demand additional bandwidth Supporting a dense user base confined to a small coverage area Because 802 11a has a greater number of non overlapping c...

Page 14: ...1 6 CHAPTER 1 INTRODUCTION ...

Page 15: ...anchors for drywall mounting If you do not have IEEE 802 3af power over Ethernet LAN equipment use the 3Com Integrated Power over Ethernet power supply that comes with the access point If your LAN equipment complies with the IEEE 802 3af power over Ethernet standard you can connect directly to the equipment and the 3Com power supply is not needed Standard category 5 straight 8 wire Ethernet cable ...

Page 16: ...onnecting the access point from power make sure the power outlet is accessible See Using the Power Supply on page 2 8 and Using a Power Over Ethernet LAN Port on page 2 8 SAFETY INFORMATION This equipment must be installed in compliance with local and national building codes regulatory restrictions and FCC rules For the safety of people and equipment only professional network personnel should inst...

Page 17: ...ere with radio signals If you are connecting the access point to a wired network the location must provide an Ethernet connection You will need to run an Ethernet cable from the power supply to the access point An access point provides coverage at distances of up to 100 Meters 300 Feet Signal loss can occur if metal concrete brick walls floors or other architectural barriers block transmission If ...

Page 18: ...electing the final location and be sure to allow for routing the antenna cable as required For optimal performance ensure the access point operates in temperature ranges between 0 C to 50 C 14 F to 122 F BEFORE YOU BEGIN Record the access point MAC address in a safe place before the access point is installed in a hard to reach location The MAC address is printed on the back of the access point hou...

Page 19: ... detachable antennas 2 Screw an antenna into each of the sockets in the access point housing 3 Hand tighten the antennas at the very base of the RSMA connectors 4 Position the antennas so they turn out and away from the access point at a 45 degree angle After network startup you may need to adjust the antennas to fine tune coverage in your area LEDs Kensington Lock Slot POE Port Console Port CAUTI...

Page 20: ...nd check the Ethernet cables and LEDs before installing the unit in a hard to reach location The access point complies with the IEEE 802 3af power over Ethernet standard It receives power over a standard category 5 straight 8 wire Ethernet cable There are two ways to supply power to the access point Use the 3Com Integrated Power over Ethernet power supply In this case you need to supply a second E...

Page 21: ...ly your own Ethernet cable for connecting power be sure that it is standard category 5 straight through 8 wire cable that has not been altered in any way Use of nonstandard cable could damage the access point Figure 3 Connecting Power ...

Page 22: ...able to the port labeled To Access Point on the power supply 3 Connect the power cord to the power supply and plug the cord into a power outlet 4 To link the access point to your Ethernet network plug one end of another Ethernet cable into the port labeled To Hub Switch on the power supply and plug the other end into a LAN port on a hub or in a wall USING A POWER OVER ETHERNET LAN PORT If your LAN...

Page 23: ...factory default configuration is restored to the access point LED Color Indicates Power Green The access point is powered up and operating normally Off The access point is not receiving power or there is a fault with the power supply Link Green The access point has a 10 100 Mbps Fast Ethernet connection Flashing Indicates that the access point is transmitting or receiving data on a 10 100 Mbps Eth...

Page 24: ...e the power cable if using an external power supply and Ethernet cable through the large opening on the back of the mounting bracket The figures below show a cable being routed through the large opening on the back of the mounting bracket and then the mounting bracket being mounted to a wall CAUTION For easy installation and removal of the access point from the mounting bracket make sure that ther...

Page 25: ...ll Ceiling or Electrical Box Mounting Figure 4 Routing a Cable Figure 5 Mounting Bracket 4 Connect the Ethernet cable to the port on the back of the access point Routing a cable Installing the mounting bracket ...

Page 26: ...ntennas supplied with the Access Point are suitable for a broad variety of environments If you require a different type of antenna for the Access Point several options are available by model number from the 3Com Web site www 3Com com For each of the antenna models you will need an RSMA to SMA adapter cable model 3CRWE586 either a 6 foot accessory cable model 3CWE580 or a 20 foot accessory cable mo...

Page 27: ...for routing the antenna cable from the antenna to the access point 2 If they are installed remove both standard detachable antennas 3 Connect one end of the optional antenna cable to the antenna and secure the antenna in place 4 Connect the free end of the antenna cable to the connection on the access point as shown in the illustration above 5 Make certain that the antennas and antenna masts are a...

Page 28: ... This tool can act in four different capacities As a TFTP Server necessary for firmware upgrades and backup and restore functions Use this option if you do not have a TFTP server set up As a SysLog Server which is necessary to view SysLog messages As an optional TFTP Client As an optional FTP Server To install a tool from the CD 1 Power up the computer and put the 3Com CD in the CD ROM drive 2 The...

Page 29: ...S WITH A DHCP SERVER If your network has a DHCP server an IP address is automatically assigned to the AP It takes between one and two minutes for the Access Point to determine if there is a DHCP server on the network Use the 3Com Wireless Infrastructure Device Manager Widman included on the 3Com Installation CD to locate the Access Point on the network and view its IP address After you determine t...

Page 30: ...d utilities 3Com Wireless Infrastructure Device Manager an administration tool that helps you select 3Com wireless LAN devices and launch their configurations in your Web browser LAUNCH THE 3COM WIRELESS INFRASTRUCTURE DEVICE MANAGER WIDMAN UTILITY 1 Turn on the computer 2 Insert the 3Com Installation CD into the CD ROM drive The CD will Autorun If it does not Autorun you can start the setup menu ...

Page 31: ...3 3 Figure 8 Wireless Interface Device Manager Click on the Properties button to see the following screen Figure 9 Wireless Interface Device Manager Properties ...

Page 32: ...ccess point uses Auto IP to assign an IP address of the form 169 254 2 1 Use the 3Com Wireless Infrastructure Device Manager to locate 3Com Wireless LAN devices and launch their configurations When installing the device manager make sure the computer is connected to the same network as the device to be configured After installing and launching the device manager select the device to be configured ...

Page 33: ...min and password password then click LOGIN For information on configuring a user name and password see page 4 22 Figure 10 Login Page NOTE If you changed the default IP address via the command line interface above use that address instead of the one shown here ...

Page 34: ...splays the Main Menu Figure 11 Home Page Launching the Setup Wizard To perform initial configuration click Setup Wizard on the home page select the VAP you wish to configure then click on the Next button to start the process Figure 12 Setup Wizard Start ...

Page 35: ...dio Channel You must enable radio communications for 802 11a and 802 11b g and set the operating radio channel NOTE Available channel settings are limited by local regulations which determine the channels that are available This User Guide shows channels and settings that apply to North America United States and Canada with 13 channels available for the 802 11a interface and 11 channels for the 80...

Page 36: ...00 GHz when Auto Channel Select is not enabled Auto Channel Select Select Enable for automatic radio channel detection Default Enabled 802 11b g Turbo Mode If you select Enable the access point will operate in turbo mode with a data rate of up to 108 Mbps Normal mode support 11 channels Turbo mode supports only 1 channel Default Disabled 802 11g Radio Channel Set the operating radio channel number...

Page 37: ...or host name to IP address resolution Figure 15 Setup Wizard Step 3 DHCP Client With DHCP Client enabled the IP address subnet mask and default gateway can be dynamically assigned to the access point by the network DHCP server Default Disabled 4 Security Set the Authentication Type to Open to allow open access without authentication or Shared to require authentication based on a shared key Enable ...

Page 38: ...abled Shared Key Setup If you select Shared Key authentication enable WEP then configure the shared key by selecting 64 bit or 128 bit key type and entering a hexadecimal or ASCII string of the appropriate length The key can be entered as alphanumeric characters or hexadecimal 0 9 A F e g D7 0A 9C 7F E5 Default 128 bit hexadecimal key type 64 Bit Manual Entry The key can contain 10 hexadecimal dig...

Page 39: ...3 11 Using the Setup Wizard 5 Click Finish 6 Click the OK button to complete the wizard Figure 17 Setup Wizard Completed ...

Page 40: ...3 12 CHAPTER 3 INITIAL CONFIGURATION ...

Page 41: ...access point installation the default WLAN Service Area ESSID is 3Com and no security is set Unless it detects a DHCP server on the network the access point uses Auto IP to assign an IP address of the form 169 254 2 1 Use the 3Com Wireless Infrastructure Device Manager to locate 3Com Wireless LAN devices and launch their configurations When installing the device manager make sure the computer is c...

Page 42: ...ns Table 2 Advanced Setup Menu Description Page System Configures basic administrative and client access 4 4 Identification Specifies the host name 4 4 TCP IP Settings Configures the IP address subnet mask gateway and domain name servers 4 5 RADIUS Configures the RADIUS server for wireless client authentication 4 8 Authentication Configures 802 1X client authentication with an option for MAC addre...

Page 43: ...tings for the basic system and the wireless interface 4 59 Station Status Shows the wireless clients currently associated with the access point 4 60 Event Logs Shows log messages stored in memory 4 61 802 11a Interface Configures the IEEE 802 11a interface 4 35 Radio Settings Configures common radio signal parameters and other settings for each VAP interface 4 36 Security Enables each virtual acce...

Page 44: ...s default setting However modifying this parameter can help you to more easily distinguish different devices in your network Figure 19 System Identification System Name An alias for the access point enabling the device to be uniquely identified on the network Default Enterprise Wireless AP Range 1 32 characters ...

Page 45: ...astructure Device Manager to discover or set the initial IP address of the unit WIDMAN will allow you to launch a web browser on the Access Point s web management interface by selecting the Access Point and the configure button Figure 20 TCP IP Settings NOTE You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through yo...

Page 46: ...bnet If you have management stations DNS RADIUS or other network servers located on another subnet type the IP address of the default gateway router in the text field provided Otherwise leave the address as all zeros 0 0 0 0 Primary and Secondary DNS Address The IP address of Domain Name Servers on the network A DNS maps numerical IP addresses to domain names and can be used to identify network ho...

Page 47: ...e AP when it cannot not reach a critical network element such as the RADIUS server VPN Terminator Mail Server etc Disable Enable Disables or enables a link check to a host device on the wired network Target IP address Specifies the IP address of a host device in the wired network Enable Enables traffic between the host s IP address and the AP Ping Interval Specifies the time between each Ping sent...

Page 48: ...up should the primary server fail or become inaccessible In addition the configured RADIUS server can also act as a RADIUS Accounting server and receive user session accounting information from the access point RADIUS Accounting can be used to provide valuable information on user activity in the network Figure 22 RADIUS Authentication Primary RADIUS Server Setup Configure the following settings to...

Page 49: ...tion with the primary server is re established the secondary server reverts to a backup role VLAN ID Format A VLAN ID a number between 1 and 4094 can be assigned to each client after successful authentication using IEEE 802 1X and a central RADIUS server The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network VLAN IDs can be entered as hexadecimal n...

Page 50: ...rval The access point can also operate in a 802 1X supplicant mode This enables the access point itself to be authenticated with a RADIUS server using a configured MD5 user name and password This prevents rogue access points from gaining access to the network Take note of the following points before configuring MAC address or 802 1X authentication Use MAC address authentication for a small network...

Page 51: ...orized to access the network This provides a basic level of authentication for wireless clients attempting to gain access to the network A database of authorized MAC addresses can be stored locally on the access point or remotely on a central RADIUS server Default Disabled Disabled No checks are performed on an associating station s MAC address ...

Page 52: ...as optionally supported or as required to enhance the security of the wireless network Default Disable Disable The access point does not support 802 1X authentication for any wireless client After successful wireless association with the access point each client is allowed to access the network Supported The access point supports 802 1X authentication only for clients initiating the 802 1X authent...

Page 53: ...e and password This prevents rogue access points from gaining access to the network Local MAC Authentication Configures the local MAC authentication database The MAC database provides a mechanism to take certain actions based on a wireless client s MAC address The MAC list can be configured to allow or deny network access to specific clients System Default Specifies a default action for all unknow...

Page 54: ... wireless communications between clients associated to Virtual AP VAP interfaces on the access point Default Prevent Inter and Intra VAP client Communication Disable All clients can communicate with each other through the access point Prevent Intra VAP client communication When enabled clients associated with a specific VAP interface cannot establish wireless communications with each other Clients...

Page 55: ...e filter table Default Disabled MAC Address Specifies a MAC address to filter in the form xx xx xx xx xx xx Permission Adds or deletes a MAC address from the filtering table Ethernet Type Filter Controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table Default Disabled Disabled Access point does not filter Ethernet protocol types Enable...

Page 56: ... it is associated The access point only allows traffic tagged with assigned VLAN IDs or default VLAN IDs to access clients associated on each VAP interface When VLAN support is enabled on the access point traffic passed to the wired network is tagged with the appropriate VLAN ID either an assigned client VLAN ID default VLAN ID or the management VLAN ID Traffic received from the wired network must...

Page 57: ...its or a string see radius server vlan format on page 5 69 Figure 25 Filter Control VLAN ID VLAN Enables or disables VLAN tagging support on the access point Management VLAN ID The VLAN ID that traffic must have to be able to manage the access point Range 1 4094 Default 1 NOTE When using IEEE 802 1X to dynamically assign VLAN IDs the access point must have 802 1X authentication enabled and a RADIU...

Page 58: ...hat supports SNMP versions 1 2c and 3 clients This agent continuously monitors the status of the access point as well as the traffic passing to and from wireless clients A network management station can access this information using SNMP management software that is compliant with MIB II To implement SNMP management the access point must first have an IP address and subnet mask configured either ma...

Page 59: ...ad only access Authorized management stations are only able to retrieve MIB objects Maximum length 23 characters case sensitive Default public Community Name Read Write Defines the SNMP community access string that has read write access Authorized management stations are able to both retrieve and modify MIB objects Maximum length 23 characters case sensitive Default private Trap Destination 1 to 4...

Page 60: ...ng items are available sysSystemUp The access point is up and running sysSystemDown The access point is about to shutdown and reboot sysRadiusServerChanged The access point has changed from the primary RADIUS server to the secondary or from the secondary to the primary dot11StationAssociation A client station has successfully associated with the access point dot11StationReAssociation A client stat...

Page 61: ...se on the access point sntpServerFail The access point has failed to set the time from the configured SNTP server CONFIGURING SNMPV3 USERS The access point allows up to 10 SNMP v3 users to be configured Each user must be defined by a unique name assigned to one of three pre defined security groups and configured with specific authentication and encryption settings Figure 28 Configuring SNMPv3 User...

Page 62: ...assword as soon as possible If the user name and password are not configured then anyone having access to the access point may be able to compromise access point and network security Once a new Administrator has been configured you can delete the default admin user name from the system NOTE Users must be assigned to groups that have the same security levels For example a user who has Auth Type and...

Page 63: ...ure replacement for Telnet The SSH protocol uses generated public keys to encrypt all data transfers passing between the access point and SSH enabled management station clients and ensures that data traveling over the network arrives unaltered Clients can then securely use the local user name and password for access authentication Note that SSH client software needs to be installed on the manageme...

Page 64: ...ocal file on the management workstation or from an TFTP server New software may be provided periodically from your distributor After upgrading new software you must reboot the access point to implement the new code Until a reboot occurs the access point will continue to run the software it was using before the upgrade started Also note that new software that is incompatible with the current config...

Page 65: ...the access point is connected to the network and has been configured with a compatible IP address and subnet mask If you need to download from an FTP or TFTP server take the following additional steps Obtain the IP address of the FTP or TFTP server where the access point software is stored ...

Page 66: ...he following fields click Start Upgrade to proceed New firmware file Specifies the name of the code file on the server The firmware file must be named 3com img bin IP Address IP address or host name of the TFTP server Configuration File Backup Restore Uploads the current access point configuration file to a specified remote TFTP server A configuration file can also be downloaded to the access poin...

Page 67: ...e wireless bridge network The Spanning Tree Protocol STP can be used to detect and disable network loops and to provide backup links between bridges This allows a wireless bridge to interact with other bridging devices that is an STP compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automati...

Page 68: ...4 28 CHAPTER 4 SYSTEM CONFIGURATION Figure 32 WDS and Spanning Tree Settings ...

Page 69: ...root bridge must be configured Up to five other Child links are available to other bridges Repeater Operates as a wireless repeater extending the range for remote wireless clients and connecting them to the root bridge The Parent link to the root bridge must be configured In this mode traffic is not forwarded to the Ethernet port from the radio interface Root Bridge Operates as the root bridge in ...

Page 70: ...ocol STP uses a distributed algorithm to select a bridging device STP compliant switch bridge or router that serves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet ...

Page 71: ...disables STP on the wireless bridge or repeater Default Disabled Bridge Priority Used in selecting the root device root port and designated port The device with the highest priority becomes the STP root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Range 0 65535 De...

Page 72: ...mine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority Range 1 65535 Default Ethernet interface 19 Wireless interface 40 Link Port Priority Defines the priority used for this port in the Spanning Tree Protocol If the path cost for all ports on ...

Page 73: ...ble tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Logging Level Sets the minimum severity level for event logging Default Informational Logging Host Enables the sending of log messages to a Syslog server host Up to four Syslog servers are supported on the access point Default Disable Server Name IP Specifies a Syslog ser...

Page 74: ...nchronization requests to specific time servers You can configure up to two time server IP addresses The access point will attempt to poll each server in the configured sequence SNTP Server Configures the access point to operate as an SNTP client When enabled at least one time server IP address must be specified Primary Server The IP address of an SNTP or NTP time server that the access point atte...

Page 75: ... IEEE 802 11a and 802 11g interfaces include configuration options for radio signal characteristics and wireless security features The configuration options are nearly identical and are therefore both covered in this section of the manual The access point can operate in three modes IEEE 802 11a only 802 11b g only or a mixed 802 11a b g mode Also note that 802 11g is backward compatible with 802 1...

Page 76: ... network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Configuring Radio Settings To configure VAP radio settings select the Radio Settings page Figure 35 Radio Settings A Radio Status Displays if the radio is enabled or disabled for this VAP NOTE The 8760 Access Point ships from the factory enabled only for channels allowed in the US Canada If...

Page 77: ...n Default 1 Closed System When enabled the VAP interface does not include its SSID in beacon messages Nor does it respond to probe requests from clients that do not include a fixed SSID Default Disable Maximum Associations This command configures the maximum number of clients that can be associated with the access point at the same time Authentication Timeout Interval The time within which the cli...

Page 78: ...cess point to radio channels and transmit power levels permitted for wireless networks in the specified country Description Adds a comment or description to the wireless interface Range 1 80 characters Turbo Mode The normal 802 11a wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mb...

Page 79: ... used by the access point to which it is linked Default Channel 60 for normal mode and channel 42 for Turbo mode Antenna ID Selects the antenna to be used by the access point either the included diversity antennas or an optional external antenna The optional external antennas that are certified for use with the access point are listed in the drop down menu Selecting the correct antenna ID ensures ...

Page 80: ...io devices in the service area Options 100 50 25 12 minimum Default 100 Maximum Transmit Data Rate The maximum data rate at which the access point transmits unicast packets on the wireless interface The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Options 6 9 12 18 24 36 48 and 54 for 802 11a 1 2 5 5 6 9 11 12 18 24 36 48 a...

Page 81: ...ansmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames R...

Page 82: ...enable the radio service for any of the VAP interfaces and then set an SSID to identify the wireless network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Most of the 802 11g commands are identical to those used by the 802 11a interface For information on the these commands refer to the following sections Configuring Radio Settings on page 4 36...

Page 83: ...mmunicate with the access point up to 54 Mbps Turbo Mode The normal 802 11g wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced proprietary mode Atheros 802 11g Turbo that provides a higher data rate of up to 108 Mbps Enabling Turbo mode allows the access point to provide connections up to 108 Mbps to Atheros compatible clients NOTE In normal mode the access point ...

Page 84: ... The lower the data rate the longer the transmission distance Default 54 Mbps Preamble Length Sets the length of the signal preamble that is used at the start of a data transmission Default Long Short Sets the preamble to short 96 microseconds Using a short preamble can increase data throughput Long Sets the preamble to long 192 microseconds Using a long preamble ensures the access point can suppo...

Page 85: ...es a protocol that access points can use to communicate the configured traffic priority levels to QoS enabled wireless clients Table 4 WMM Access Categories WMM Operation WMM uses traffic priority based on the four ACs Voice Video Best Effort and Background The higher the AC priority the higher the probability that data is transmitted When the access point forwards traffic WMM adds data packets to...

Page 86: ...um of a minimum wait time Arbitration Inter Frame Space or AIFS determined from the AIFSN and a random backoff time calculated from a value selected from zero to the CW The CW value varies within a configurable range It starts at CWMin and doubles after every collision up to a maximum value CWMax After a successful transmission the CW value is reset to its CWMin value Figure 38 WMM Backoff Times F...

Page 87: ...s point Devices that do not support this feature will not be allowed to associate with the access point WMM Acknowledge Policy By default all wireless data transmissions require the sender to wait for an acknowledgement from the receiver WMM allows the acknowledgement wait time to be turned off for each Access Category AC Although this increases data throughput it can also result in a high number ...

Page 88: ...st be greater or equal to the CWMin value AIFS Arbitration Inter Frame Space The minimum amount of wait time before the next data transmission attempt Specify the AIFS value in the range 0 15 microseconds TXOP Limit Transmit Opportunity Limit The maximum time an AC transmit queue has access to the wireless medium When an AC queue is granted a transmit opportunity it can transmit data for a time up...

Page 89: ...tual access point VAP interface MAC address filtering and RADIUS server settings are global and apply to all VAP interfaces The security mechanisms that may be employed depend on the level of security required the network and management resources available and the software support provided on wireless clients A summary of wireless security considerations is listed in the following table Table 5 Wi...

Page 90: ...rk card driver native support provided in Windows XP Provides the strongest security in WPA2 only mode Provides robust security in mixed mode for WPA and WPA2 clients Offers fast roaming for time sensitive client applications Requires configured RADIUS server 802 1X EAP type may require management of digital certificates for clients and server Clients may require hardware upgrade to be WPA2 compli...

Page 91: ...S or Disabled Yes Dynamic WEP and 802 1x WPA Authentication WPA Encryption Enable WPA Configuration Supported Cipher Suite WEP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or Disabled Yes Static and dynamic 802 1x WEP keys and 802 1x WPA Enter 1 to 4 WEP keys Select a WEP transmit key Authentication WPA Encryption Enable WPA Configuration Supported Cipher Suite WEP 802 1...

Page 92: ...authentication and data encryption Also be sure that the WEP shared keys are the same for each client in the wireless network 802 1x WPA WPA2 Mixed Mode Authentication WPA WPA2 mixed Encryption Enable WPA Configuration Required Cipher Suite TKIP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or Disabled Yes WPA WPA2 Mixed Mode Pre Shared Key Authentication WPA WPA2 PSK mix...

Page 93: ...m that accepts network access attempts from any client or with clients using pre configured static shared keys Default Open System Open System If you don t set up any other security mechanism on the access point the network has no protection and is open to all users This is the default setting Shared Key Sets the access point to use WEP shared keys If this option is selected you must configure at ...

Page 94: ... as the multicast encryption cipher You should select WEP only when both WPA and WEP clients are supported Figure 41 WPA Key Management WPA Key Management Specifies the type of WPA encryption to use WPA authentication over 802 1x Requires the use of 802 1x authentication WPA Pre shared Key PSK Requires that 802 1x authentication be disabled Key Type Select the preferred method of entering WEP encr...

Page 95: ... update the client keys Default Key 1 Figure 42 WEP Keys Client Types Specifies the type of client to encrypt WEP and WPA clients Both WEP and TKIP encryption are supported WPA clients only All clients must support TKIP WEP clients only All clients must support WEP WEP Configuration Under open authentication it is still possible to configure WEP keys Key Size 64 Bit 128 Bit or 152 Bit key length N...

Page 96: ...thentication Protocol EAP WPA employs 802 1X as its basic framework for user authentication and dynamic key management The 802 1X client and RADIUS server should use an appropriate EAP type such as EAP TLS Transport Layer Security EAP TTLS Tunneled TLS or PEAP Protected EAP for strongest authentication Working together these protocols provide mutual authentication between a client the access point...

Page 97: ...signal WPA compatible clients can likewise respond to indicate their WPA support This enables the access point to determine which clients are using WPA security and which are using legacy WEP The access point uses TKIP unicast data encryption keys for WPA clients and WEP unicast keys for WEP clients The global encryption key for multicast and broadcast traffic must be the same for all clients ther...

Page 98: ...y Association that the access point names and holds in a cache Preauthentication Each time a client roams to another access point it has to be fully re authenticated This authentication process is time consuming and can disrupt applications running over the network WPA2 includes a mechanism known as pre authentication that allows clients to roam to a new access point and be quickly associated The ...

Page 99: ...ic system configuration settings System Up Time Length of time the management agent has been up MAC Address The physical layer address for the Ethernet port System Name Name assigned to this system System Country Code The country for which the device has been set for use System Contact Administrator responsible for the system IP Address IP address of the management interface for this device IP Def...

Page 100: ...interface Radio Channel The radio channel through which the access point communicates with wireless clients Radio Encryption The key size used for data encryption Radio Auth Type Shows the type of authentication used Output Antenna Displays which antenna e are in use by the VAP MAC The physical layer address of the radio interface Station Status The Station Status window shows the wireless clients...

Page 101: ...ed to the appropriate access point Forwarding Allowed Shows if the station has passed 802 1X authentication and is now allowed to forward traffic to the access point Key Type Displays one of the following WEP Disabled The client is not using Wired Equivalent Privacy WEP encryption keys Dynamic The client is using Wi Fi Protected Access 802 1X or pre shared key mode or using 802 1X authentication w...

Page 102: ...set to Open Authentication but a client sent an authentication request frame with a Shared key Access point was set to Shared Key Authentication but a client sent an authentication frame for Open System WEP keys do not match When the access point uses Shared Key Authentication but the key used by client and access point are not the same the frame will be decrypted incorrectly using the wrong algor...

Page 103: ...TION To access the access point through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin and the default password is password When the user name is entered the CLI displays the Enterprise AP prompt 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the exit command After con...

Page 104: ...side your office or to the Internet you need to apply for a registered IP address However if you are attached to an isolated network then you can use any IP address that matches the network segment to which you are attached After you configure the access point with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP addre...

Page 105: ...example to set a password for the administrator enter Enterprise AP config username smith Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the rem...

Page 106: ...anagement Show management AP information authentication Show Authentication parameters bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp relay Show DHCP Relay Configuration event log Show event log on console filters Show filters hardware Show hardware version history Display the session history interface Show interface information line TTY line informatio...

Page 107: ...asses Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or enable certain functions These classes are further divided into different modes Available commands depend on the selected mode You can always enter a question mark at the prompt to display a list of the commands available for the c...

Page 108: ...obal Configuration mode enter the command configure in Exec mode The system prompt will change to Enterprise AP config which gives you access privilege to all Global Configuration commands To enter Interface mode you must enter the interface ethernet or interface wireless a or interface wireless g command while in Global Configuration mode The system prompt will change to Enterprise AP if ethernet...

Page 109: ...d one word Delete key or backspace key Erases a mistake when entering a command Command Group Description Page General Basic commands for entering configuration mode restarting the system or quitting the CLI 5 8 System Management Controls user name password web browser management options and a variety of other system information 5 13 System Logging Configures system logging parameters 5 32 System ...

Page 110: ...the Ethernet interface 5 97 Wireless Interface Configures radio interface settings 5 103 Wireless Security Configures radio interface security and encryption settings 5 125 Rogue AP Detection Configures settings for the detection of rogue access points in the network 5 125 Link Integrity Configures a link check to a host device on the wired network 5 141 IAPP Enables roaming between multi vendor a...

Page 111: ...nd returns to the previous configuration mode Default Setting None Command Mode Global Configuration Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode Enterprise AP configure Enterprise AP config Enterprise AP if ethernet end Enterprise AP config ...

Page 112: ...yntax ping host_name ip_address host_name Alias of the host ip_address IP address of the host Default Setting None Command Mode Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If th...

Page 113: ... system or restores the factory default settings Syntax reset board configuration board Reboots the system configuration Resets the configuration settings to the factory defaults and then reboots the system Default Setting None Command Mode Exec Command Usage When the system is restarted it will always run the Power On Self Test Example This example shows how to reset the system Enterprise AP ping...

Page 114: ... commands in the history buffer Example In this example the show history command lists the contents of the command history buffer show line This command displays the console port s configuration settings Command Mode Exec Example The console port settings are fixed at the values shown below Enterprise AP show history config exit show history Enterprise AP Enterprise AP show line Console Line Infor...

Page 115: ... 18 ip telnet server enable Enables the Telnet server IC E 5 18 APmgmtIP Specifies an IP address or range of addresses allowed access to the management interface GC 5 23 APmgmtUI Enables or disables SNMP Telnet or web management access GC 5 24 show APmanagement Shows the AP management configuration Exec 5 25 Web Server ip http port Specifies the port to be used by the web browser interface GC 5 19...

Page 116: ... EE Liechtenstein LI Singapore SG Australia AU Finland FI Lithuania LT Slovak Republic SK Austria AT France FR Macao MO Spain ES Azerbaijan AZ Georgia GE Macedonia MK Sweden SE Bahrain BH Germany DE Malaysia MY Switzerland CH Belarus BY Greece GR Malta MT Syria SY Belgium BE Guatemala GT Mexico MX Taiwan TW Honduras HN Monaco MC Thailand TH Belize BZ Hong Kong HK Morocco MA Trinidad Tobago TT Boli...

Page 117: ...ample prompt This command customizes the CLI prompt Use the no form to restore the default prompt Syntax prompt string no prompt string Any alphanumeric string to use for the CLI prompt Maximum length 32 characters Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR...

Page 118: ...ystem name Syntax system name name no system name name The name of this host Maximum length 32 characters Default Setting Enterprise AP Command Mode Global Configuration Example username This command configures the user name for management access Syntax username name name The name of the user Length 3 16 characters case sensitive Enterprise AP config prompt RD2 RD2 config Enterprise AP config syst...

Page 119: ...ord Syntax password password no password password Password for management access Length 3 16 characters case sensitive Default Setting null Command Mode Global Configuration Example ip ssh server enable This command enables the Secure Shell server Use the no form to disable the server Syntax ip ssh server enable no ip ssh server Default Setting Disabled Enterprise AP config username bob Enterprise...

Page 120: ...This command sets the Secure Shell server port Use the no form to disable the server Syntax ip ssh server port port number port number The UDP port used by the SSH server Range 1 65535 Default Setting 22 Command Mode Interface Configuration Ethernet Example ip telnet server enable This command enables the Telnet server Use the no form to disable the server Syntax ip telnet server enable no ip teln...

Page 121: ...r The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server 5 19 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax no ip http server Default Setting Enabled Enterprise AP if ethernet ip telnet server enable En...

Page 122: ...L Range 80 1024 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port To avoid using common reserved TCP port numbers below 1024 the configurable range is restricted to 443 and between 1024 and 65535 If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port num...

Page 123: ...ce can be enabled independently If you enable HTTPS you must indicate this in the URL https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and de...

Page 124: ... to an access point login web page as soon as Internet access is attempted The client is then authenticated by entering a user name and password on the web page This process allows controlled access for clients without requiring 802 1X or MAC authentication Web redirect requires a RADIUS server on the wired network with configured user names and passwords for authentication The RADIUS server detai...

Page 125: ...n the access point from an invalid address the unit will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i ...

Page 126: ...ifies Telnet management access Web Specifies web based management access enable disable Enables or disables the selected management access method Default Setting All enabled Command Mode Global Configuration Example This example restricts management access to the indicated addresses Enterprise AP config apmgmtip multiple 192 254 1 50 255 255 255 0 Enterprise AP config NOTE Secure Web HTTPS connect...

Page 127: ...the IP addresses of management stations allowed to access the access point as well as the interface protocols which are open to management access Command Mode Exec Example Enterprise AP show apmanagement Management AP Information AP Management IP Mode Any IP Telnet UI Enable WEB UI Enable SNMP UI Enable Enterprise AP ...

Page 128: ...ystem Contact System Country Code US UNITED STATES MAC Address 00 30 F1 F0 9A 9C IP Address 192 254 2 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 HTTPS Server ENABLED HTTPS Server Port 443 Slot Status Dual band a g Boot Rom Version v3 0 3 Software Version v4 3 1 9 SSH ...

Page 129: ... show version Version Information Version v4 3 2 2 Date Dec 20 2005 18 38 12 Enterprise AP Enterprise AP show config Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter Table...

Page 130: ... 255 255 255 0 Default Gateway 192 254 0 1 Primary DNS 210 200 211 225 Secondary DNS 210 200 211 193 Speed duplex 100Base TX Full Duplex Admin status Up Operational status Up Wireless Interface 802 11a Information Identification Description 802 11a Access Point SSID A 0 Channel 0 AUTO Status Disable 802 11 Parameters Transmit Power 100 5 dBm Data Rate 54Mbps Fragmentation Threshold 2346 bytes RTS ...

Page 131: ...Rogue AP Detection Disabled Rogue AP Scan Interval 720 minutes Rogue AP Scan Duration 350 milliseconds Console Line Information databits 8 parity none speed 9600 stop bits 1 Logging Information Syslog State Disabled Logging Console State Disabled Logging Level Informational Logging Facility Type 16 Servers 1 0 0 0 0 UDP Port 514 State Disabled 2 0 0 0 0 UDP Port 514 State Disabled 3 0 0 0 0 UDP Po...

Page 132: ... 4 0 0 0 0 Community State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess Enabled iappContextDataSent Enabled iappStat...

Page 133: ...802 11g Channel Stations System Information Serial Number System Up time 0 days 0 hours 16 minutes 51 seconds System Name Enterprise Wireless AP System Location System Contact Contact System Country Code 99 NO_COUNTRY_SET MAC Address 00 12 CF 05 B7 84 IP Address 192 254 0 151 Subnet Mask 255 255 255 0 Default Gateway 192 254 0 1 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP C...

Page 134: ...Hardware Version Information Hardware version R01 Enterprise AP Command Function Mode Page logging on Controls logging of error messages GC 5 33 logging host Adds a syslog server host IP address that will receive logging messages GC 5 33 logging console Initiates logging of error messages to the console GC 5 34 logging level Defines the minimum severity level for event logging GC 5 34 logging faci...

Page 135: ...l the type of error messages that are stored in memory Example logging host This command specifies syslog servers host that will receive logging messages Use the no form to remove syslog server host Syntax logging host 1 2 3 4 host_name host_ip_address udp_port no logging host 1 2 3 4 1 First syslog server 2 Second syslog server 3 Third syslog server 4 Fourth syslog server host_name The name of a ...

Page 136: ... no logging console Default Setting Disabled Command Mode Global Configuration Example logging level This command sets the minimum severity level for event logging Syntax logging level Emergency Alert Critical Error Warning Notice Informational Debug Default Setting Informational Command Mode Global Configuration Enterprise AP config logging host 1 10 1 0 3 Enterprise AP config Enterprise AP confi...

Page 137: ...nt in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the access point However it may be used by the syslog server to sort messages or to store messages in the corresponding database Level Argument Description Emergency System unusable Alert Immediate action needed Critical Critical conditions e g memory allocation or free memory error resource exhausted Er...

Page 138: ...ogging Command Mode Exec Example Enterprise AP config logging facility 19 Enterprise AP config Enterprise AP config logging clear Enterprise AP config Enterprise AP show logging Logging Information Syslog State Enabled Logging Console State Enabled Logging Level Alert Logging Facility Type 16 Servers 1 192 254 2 19 UDP Port 514 State Enabled 2 0 0 0 0 UDP Port 514 State Disabled 3 0 0 0 0 UDP Port...

Page 139: ...H task Set SSH server port to 22 Mar 09 11 55 52 Information SSH task Enable SSH server Mar 09 11 55 52 Information Enable Telnet Mar 09 11 55 40 Information 802 11a 11a Radio Interface Disabled Mar 09 11 55 40 Information 802 11a Transmit Power set to QUARTER Press n next p previous a abort y continue to end Enterprise AP configure Enter configuration commands one per line End with CTRL Z Enterpr...

Page 140: ...age When SNTP client mode is enabled using the sntp server enable command the sntp server ip command specifies the time servers from which the access point polls for time updates The access point will poll the time servers in the order specified until a response is received Example Related Commands sntp server enable 5 38 show sntp 5 41 sntp server enable This command enables SNTP client requests ...

Page 141: ...st bootup i e 00 14 00 January 1 1970 Example Related Commands sntp server ip 5 38 show sntp 5 41 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Command Mode Global Configuration Example This example sets the system clock to 17 37 June 19 2003 Enterprise AP config sntp server enable Enterprise AP config Enterprise AP sntp server date time Enter Yea...

Page 142: ...m clock back one hour during the specified period Example This sets daylight savings time to be used from July 1st to September 1st sntp server timezone This command sets the time zone for the access point s internal clock Syntax sntp server timezone hours hours Number of hours before after UTC Range 12 to 12 hours Default Setting 5 BOGOTA EASTERN INDIANA Enterprise AP config sntp server daylight ...

Page 143: ...icate the number of hours and minutes your time zone is east before or west after of UTC Example show sntp This command displays the current time and configuration settings for the SNTP client Command Mode Exec Example Enterprise AP config sntp server timezone 8 Enterprise AP config Enterprise AP show sntp SNTP Information Service State Enabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 4...

Page 144: ... This command enables the access point s DHCP relay agent Use the no form to disable the agent Syntax no dhcp relay enable Default Setting Disabled Command Mode Global Configuration Command Usage For the DHCP relay agent to function the primary DHCP server must be configured using the dhcp relay primary command A secondary DHCP server does not need to be configured but it is recommended If there i...

Page 145: ...server ip_address IP address of the server Default Setting Primary and secondary 0 0 0 0 Command Mode Global Configuration Example show dhcp relay This command displays the current DHCP relay configuration Command Mode Exec Example Enterprise AP config dhcp relay primary 192 254 2 10 Enterprise AP config Enterprise AP show dhcp relay DHCP Relay ENABLED Primary DHCP Server 192 254 2 10 Secondary DH...

Page 146: ...MP notifications GC 5 48 snmp server engine id Sets the engine ID for SNMP v3 GC 5 50 snmp server user Sets the name of the SNMP v3 user GC 5 51 snmp server targets Configures SNMP v3 notification targets GC 5 52 snmp server filter Configures SNMP v3 notification filters GC 5 53 snmp server filter assignments Assigns SNMP v3 notification filters to targets GC 5 54 show snmp groups Displays the pre...

Page 147: ...ed management stations are able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option the d...

Page 148: ...the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact 5 45 Enterprise AP config snmp server contact Paul Enterprise AP config Enterprise AP config snmp server location WC 19 Ente...

Page 149: ...n failure notifications and link up down notifications The snmp server host command specifies the host device that will receive SNMP notifications Example Related Commands snmp server host 5 47 snmp server host This command specifies the recipient of an SNMP notification Use the no form to remove the specified host Syntax snmp server host 1 2 3 4 host_ip_address host_name community string no snmp ...

Page 150: ...and to enable SNMP notifications Example Related Commands snmp server enable server 5 47 snmp server trap This command enables the access point to send specific SNMP traps i e notifications Use the no form to disable specific trap messages Syntax snmp server trap trap no snmp server trap trap trap One of the following SNMP trap messages dot11InterfaceAFail The 802 11a or 802 11g interface has fail...

Page 151: ...ion has roamed from another access point identified by its IP address iappStationRoamedTo A client station has roamed to another access point identified by its IP address localMacAddrAuthFail A client station has failed authentication with the local MAC address database on the access point localMacAddrAuthSuccess A client station has successfully authenticated its MAC address with the local databa...

Page 152: ... Syntax snmp server engine id engine id no snmp server engine id engine id Enter engine id in hexadecimal 5 32 characters Default Setting Enabled Command Mode Global Configuration Command Usage This command is used in conjunction with the snmp server user command Entering this command invalidates all engine IDs that have been previously configured If the engineID is deleted or changed all SNMP use...

Page 153: ... three pre defined groups Other groups cannot be defined The available groups are RO A read only group using no authentication and no data encryption Users in this group use no security either authentication or encryption in SNMP messages they send to the agent This is the same as SNMP v1 or SNMP v2c RWAuth A read write group using authentication but no data encryption Users in this group send SNM...

Page 154: ...he database An AuthPriv user must be assigned to the RWPriv group with the AuthPriv security level To configure a user for the RWAuth group you must include the auth proto and auth passphrase keywords To configure a user for the RWPriv group you must include the auth proto auth passphrase priv proto and priv passphrase keywords Example snmp server targets This command configures SNMP v3 notificati...

Page 155: ...cified in the target must first be configured using the snmp server user command Example snmp server filter This command configures SNMP v3 notification filters Use the no form to delete an SNMP v3 filter or remove a subtree from a filter Syntax snmp server filter filter id include exclude subtree mask mask no snmp server filter filter id subtree filter id A user defined name that identifies an SN...

Page 156: ...d card For example a mask value of 0xFFBF provides a bit mask 1111 1111 1011 1111 If applied to the subtree 1 3 6 1 2 1 2 2 1 1 23 the zero corresponds to the 10th subtree ID When there are more subtree IDs than bits in the mask the mask is padded with ones Example snmp server filter assignments This command assigns SNMP v3 notification filters to targets Use the no form to remove an SNMP v3 filte...

Page 157: ... pre defined groups Syntax show snmp groups Command Mode Exec Enterprise AP config snmp server filter assignments mytraps trapfilter Enterprise AP config exit Enterprise AP show snmp target Host ID mytraps User chris IP Address 192 254 2 33 UDP Port 162 Enterprise AP show snmp filter assignments HostID FilterID mytraps trapfilter Enterprise AP config ...

Page 158: ... v3 user group assignments Syntax show snmp group assignments Command Mode Exec Enterprise AP show snmp groups GroupName RO SecurityModel USM SecurityLevel NoAuthNoPriv GroupName RWAuth SecurityModel USM SecurityLevel AuthNoPriv GroupName RWPriv SecurityModel USM SecurityLevel AuthPriv Enterprise AP Enterprise AP show snmp users UserName chris GroupName RWPriv AuthType MD5 Passphrase PrivType DES ...

Page 159: ...ays the SNMP v3 notification filter settings Syntax show snmp filter filter id filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Command Mode Exec Enterprise AP show snmp group assignments GroupName RWPriv UserName chris Enterprise AP Enterprise AP Enterprise AP show snmp target Host ID mytraps User chris IP Address 192 254 2 33 UDP Port 162 ...

Page 160: ... filter assignments Syntax show snmp filter assignments Command Mode Exec Example Enterprise AP show snmp filter Filter trapfilter Type include Subtree iso 3 6 1 2 1 2 2 1 Type exclude Subtree iso 3 6 1 2 1 2 2 1 1 23 Enterprise AP Enterprise AP show snmp filter assignments HostID FilterID mytraps trapfilter Enterprise AP ...

Page 161: ...nity State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess Enabled iappContextDataSent Enabled iappStationRoamedFrom En...

Page 162: ...hould not be a period and the maximum length for file names is 32 characters Valid characters A Z a z 0 9 _ If the file contains an error it cannot be set as the default file Example Command Function Mode Page bootfile Specifies the file or image used to start up the system GC 5 60 copy Copies a code image or configuration between flash memory and a FTP TFTP server Exec 5 61 delete Deletes a file ...

Page 163: ...word that allows you to copy to from a flash memory file config Keyword that allows you to upload the configuration file from flash memory Default Setting None Command Mode Exec Command Usage The system prompts for data required to complete the copy command Only a configuration file can be uploaded to an FTP TFTP server but every type of file can be downloaded to the access point The destination f...

Page 164: ...name syscfg TFTP Server IP 192 254 2 19 Enterprise AP Enterprise AP copy tftp file 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 2 TFTP Source file name syscfg TFTP Server IP 192 254 2 19 Enterprise AP NOTE Beware of deleting application images from flash memory At least one application image is required in order to boot the access point If there are mult...

Page 165: ...shown below Example The following example shows how to display all file information Enterprise AP delete test cfg Are you sure you wish to delete this file y n Enterprise AP Column Heading Description File Name The name of the file Type 2 Operation Code and 5 Configuration file File Size The length of the file in bytes Enterprise AP dir File Name Type File Size dflt img bin 2 1044140 syscfg 5 1686...

Page 166: ... Table 19 RADIUS Client Enterprise AP show bootfile Bootfile Information Bootfile ec img bin Enterprise AP Command Function Mode Page radius server address Specifies the RADIUS server GC 5 65 radius server port Sets the RADIUS server network port GC 5 65 radius server key Sets the RADIUS encryption key GC 5 66 radius server retransmit Sets the number of retries GC 5 66 radius server timeout Sets t...

Page 167: ...uration Example radius server port This command sets the RADIUS server network port Syntax radius server secondary port port_number secondary Secondary server port_number RADIUS server UDP port used for authentication messages Range 1024 65535 Default Setting 1812 Command Mode Global Configuration radius server vlan format Sets the format for specifying VLAN IDs on the RADIUS server GC 5 69 show r...

Page 168: ...obal Configuration Example radius server retransmit This command sets the number of retries Syntax radius server secondary retransmit number_of_retries secondary Secondary server number_of_retries Number of times the access point will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 3 Command Mode Global Configuration Example Enterprise AP config radius server port...

Page 169: ...sets the RADIUS Accounting server network port Syntax radius server secondary port accounting port_number secondary Secondary server If secondary is not specified then the access point assumes you are configuring the primary RADIUS server port_number RADIUS Accounting server UDP port used for accounting messages Range 0 or 1024 65535 Default Setting 0 disabled Command Mode Global Configuration Com...

Page 170: ...g updates after every interim period until the user logs off and a stop message is sent Example radius server radius mac format This command sets the format for specifying MAC addresses on the RADIUS server Syntax radius server radius mac format multi colon multi dash no delimiter single dash multi colon Enter MAC addresses in the form xx xx xx xx xx xx multi dash Enter MAC addresses in the form x...

Page 171: ...format hex ascii hex Enter VLAN IDs as a hexadecimal number ascii Enter VLAN IDs as an ASCII string Default Setting Hex Command Mode Global Configuration Example show radius This command displays the current settings for the RADIUS server Default Setting None Command Mode Exec Enterprise AP config radius server radius mac format multi dash Enterprise AP config Enterprise AP config radius server vl...

Page 172: ...ise AP show radius Radius Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Enterprise AP Command Function Mode Page 802 1x Configures 802 1X as disabled supported or required IC W VAP 5 71 8...

Page 173: ... 11 association each client is allowed to access the network When 802 1X is supported the access point supports 802 1X authentication only for clients initiating the 802 1X authentication process i e the access point does NOT initiate 802 1X authentication For stations initiating 802 1X only those stations successfully authenticated are allowed to access the network For those stations not initiati...

Page 174: ...the access point rotates broadcast keys Range 0 1440 minutes Default Setting 0 Disabled Command Mode Global Configuration Command Usage The access point uses Enterprise APOL Extensible Authentication Protocol Over LANs packets to pass dynamic unicast session and broadcast keys to wireless clients The 802 1x broadcast key refresh rate command specifies the interval after which the broadcast keys ar...

Page 175: ...ommand Usage Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point Example 802 1x session timeout This command sets the time period after which a connected client must be re authenticated Use the no form to disable 802 1X re authentication Syntax 802 1x session timeout seconds no 802 1x s...

Page 176: ...e enabled Example 802 1x supplicant user This command sets the user name and password used for authentication of the access point when operating as a 802 1X supplicant Use the no form to clear the supplicant user name and password Syntax 802 1x supplicant user username password no 802 1x supplicant user username The access point name used for authentication to the network Range 1 32 alphanumeric c...

Page 177: ...mand Mode Exec Example Enterprise AP config 802 1x supplicant user AP8760 dot1xpass Enterprise AP config Enterprise AP show authentication Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in fil...

Page 178: ...addresses entered as denied in the address filtering table are denied denied Only MAC addresses entered as allowed in the address filtering table are allowed Default allowed Command Mode Global Configuration Command Function Mode Page address filter default Sets filtering to allow or deny listed addresses GC 5 76 address filter entry Enters a MAC address in the filter table GC 5 77 address filter ...

Page 179: ...AB 89 allowed Entry is allowed access denied Entry is denied access Default None Command Mode Global Configuration Command Mode The access point supports up to 1024 MAC addresses An entry in the address table may be allowed or denied access depending on the global setting configured for the address entry default command Example Related Commands address filter default 5 76 802 1x supplicant user 5 ...

Page 180: ...dress filtering to be performed with local or remote options Use the no form to disable MAC address authentication Syntax mac authentication server local remote local Authenticate the MAC address of wireless clients with the local authentication database during 802 11 association remote Authenticate the MAC address of wireless clients with the RADIUS server during 802 1X authentication Default Dis...

Page 181: ...e used to filter communications between wireless clients control access to the management interface from wireless clients and filter traffic using specific Ethernet protocol types Table 22 Filtering Commands Enterprise AP config mac authentication session timeout 1 Enterprise AP config Command Function Mode Page filter local bridge Disables communication between wireless clients GC 5 80 filter ap ...

Page 182: ...with a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Default Disabled Command Mode Global Configuration Command Usage This command can disable wireless to wireless communications between clients via the access point However it does not affect communications between wireless clients and the wir...

Page 183: ...filtering of MAC addresses from the Ethernet port Syntax no filter uplink enable Default Disabled Command Mode Global Configuration Example filter uplink This command adds or deletes MAC addresses from the uplink filtering table Syntax filter uplink add delete MAC address MAC address Specifies a MAC address in the form xx xx xx xx xx xx A maximum of eight addresses can be added to the filtering ta...

Page 184: ...le this feature Syntax no filter ethernet type enable Default Disabled Command Mode Global Configuration Command Usage This command is used in conjunction with the filter ethernet type protocol command to determine which Ethernet protocol types are to be filtered Example Related Commands filter ethernet type protocol 5 83 Enterprise AP config filter uplink add 00 12 34 56 78 9a Enterprise AP confi...

Page 185: ...k ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test IP IPv6 NetBEUI PPPoE_Discovery PPPoE_PPP_Session Default None Command Mode Global Configuration Command Usage Use the filter ethernet type enable command to enable filtering for Ethernet types specified in the filtering table or the no filter ethernet type enable command to disable all filtering based on the filteri...

Page 186: ... 56 78 9a Enabled Protocol Filters No protocol filters are enabled Enterprise AP Command Function Mode Page bridge role Selects the bridge operation mode for a radio interface IC W 5 85 bridge link parent Configures the MAC addresses of the parent bridge node IC W 5 86 bridge link child Configures MAC addresses of connected child bridge nodes IC W 5 86 bridge dynamic entry age time Sets the aging ...

Page 187: ...he bridge role is set to repeater the Parent link to the root bridge must be configured see bridge link parent on page 5 86 When the access point is operating in this mode traffic is not forwarded to the Ethernet port from the radio interface Up to four WDS bridge links MAC addresses per radio interface can be specified for each unit in the wireless bridge network One unit only must be configured ...

Page 188: ... of the parent bridge that is linked to the root bridge or the root bridge itself Example bridge link child This command configures the MAC addresses of child bridge nodes Syntax bridge link child index mac address index The link index number of the child node Range 1 6 mac address The wireless MAC address of a child bridge unit 12 hexadecimal digits in the form xx xx xx xx xx xx Default Setting N...

Page 189: ...nds The time to age out an address entry Range 10 10000 seconds Default Setting 300 seconds Command Mode Global Configuration Command Usage If the MAC address of an entry in the address table is not seen on the associated interface for longer than the aging time the entry is discarded Example Enterprise AP if wireless a bridge link child 2 00 08 3e 84 bc 6d Enterprise AP if wireless a bridge link ...

Page 190: ... 5 COMMAND LINE INTERFACE show bridge aging time This command displays the current WDS forwarding table aging time setting Command Mode Exec Example Enterprise AP show bridge aging time Aging time 300 Enterprise AP ...

Page 191: ...2 00 00 00 0 5 4095 300 300 Static 01 80 c2 00 00 03 0 5 4095 300 300 Static 00 30 f1 f0 9b 20 1 0 1 300 300 Static 00 30 f1 f0 9b 21 1 0 1 300 300 Static 00 30 f1 f0 9b 22 1 0 1 300 300 Static 00 30 f1 f0 9b 23 1 0 1 300 300 Static 00 30 f1 f0 9b 24 1 0 1 300 300 Static 00 30 f1 f0 9b 25 1 0 1 300 300 Static 00 30 f1 f0 9b 26 1 0 1 300 300 Static 00 30 f1 f0 9b 27 1 0 1 300 300 Static 00 30 f1 2f...

Page 192: ...cifies a wireless interface a The 802 11a radio interface g The 802 11g radio interface index The index number of a bridge link Range 1 6 Command Mode Exec Example Enterprise AP show bridge link wireless a Interface Wireless A WDS Information AP Role Bridge Parent 00 12 34 56 78 9a Child Child 2 00 08 12 34 56 de Child 3 00 00 00 00 00 00 Child 4 00 00 00 00 00 00 Child 5 00 00 00 00 00 00 Child 6...

Page 193: ... Enabled state Forwarding priority 0 path cost 19 message age Timer Inactive message age 4346 designated root priority 32768 MAC 00 30 F1 F0 9A 9C designated cost 0 designated bridge priority 32768 MAC 00 30 F1 F0 9A 9C designated port priority 0 port No 1 forward transitions 1 Enterprise AP Command Function Mode Page bridge stp enable Enables the Spanning Tree feature GC 5 92 bridge stp forwardin...

Page 194: ...his command to configure the spanning tree bridge forward time globally for the wireless bridge Use the no form to restore the default Syntax bridge stp forwarding delay seconds no bridge stp forwarding delay seconds Time in seconds Range 4 30 seconds The minimum value is the higher of 4 or max age 2 1 show bridge stp Displays the global spanning tree settings Exec 5 96 show bridge link Displays c...

Page 195: ...tate otherwise temporary data loops might result Example bridge stp hello time Use this command to configure the spanning tree bridge hello time globally for the wireless bridge Use the no form to restore the default Syntax bridge stp hello time time no bridge stp hello time time Time in seconds Range 1 10 seconds The maximum value is the lower of 10 or max age 2 1 Default Setting 2 seconds Comman...

Page 196: ...an wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attac...

Page 197: ... bridge link path cost index cost index Specifies the bridge link number on the wireless bridge Range 1 6 required on wireless interface only cost The path cost for the port Range 1 65535 Default Setting 19 Command Mode Interface Configuration Command Usage This command is used by the Spanning Tree Protocol to determine the best path between devices Therefore lower values should be assigned to por...

Page 198: ...r the use of a port in the Spanning Tree Protocol If the path cost for all ports on a wireless bridge are the same the port with the highest priority that is lowest value will be configured as an active link in the spanning tree Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Example Related Commands bridge link path cost 5 95 show ...

Page 199: ... bridge Maximum Age 20 Seconds bridge Forward Delay 15 Seconds time since top change 89185 Seconds topology change count 0 Enterprise AP Command Function Mode Page interface ethernet Enters Ethernet interface configuration mode GC 5 98 dns primary server Specifies the primary name server IC E 5 98 dns secondary server Specifies the secondary name server IC E 5 98 ip address Sets the IP address for...

Page 200: ...rver server address dns secondary server server address primary server Primary server used for name resolution secondary server Secondary server used for name resolution server address IP address of domain name server Default Setting None Command Mode Global Configuration Command Usage The primary and secondary name servers are queried in sequence Example This example specifies two domain name ser...

Page 201: ...default To manually configure a new IP address you must first disable the DHCP client with the no ip dhcp command You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets You can manually configure a specific IP address using this command or direct the device to obtain an address from a DHCP server using the ip dh...

Page 202: ...ng the ip address command or direct the device to obtain an address from a DHCP server using this command When you use this command the access point will begin broadcasting DHCP client requests The current IP address i e default or manually configured address will continue to be effective until a DHCP reply is received Requests will be broadcast periodically by this device in an effort to learn it...

Page 203: ...0 Mbps full duplex operation Default Setting Auto negotiation is enabled by default Command Mode Interface Configuration Ethernet Command Usage If autonegotiation is disabled the speed and duplex mode must be configured to match the setting of the attached device Example The following example configures the Ethernet port to 100 Mbps full duplex operation shutdown This command disables the Ethernet...

Page 204: ...t port show interface ethernet This command displays the status for the Ethernet interface Syntax show interface ethernet Default Setting Ethernet interface Command Mode Exec Example Enterprise AP if ethernet shutdown Enterprise AP if ethernet Enterprise AP show interface ethernet Ethernet Interface Information IP Address 192 254 2 1 Subnet Mask 255 255 255 0 Default Gateway 192 254 2 253 Primary ...

Page 205: ... the 802 11g radio IC W b g 5 109 preamble Sets the length of the 802 11g signal preamble IC W b g 5 110 antenna control Selects the antenna control method to use for the radio IC W 5 111 antenna id Selects the antenna ID to use for the radio IC W 5 112 antenna location Selects the location of the antenna IC W 5 112 beacon interval Configures the rate at which beacon signals are transmitted from t...

Page 206: ...s the maximum number of clients that can be associated with the access point at the same time IC W VAP 5 119 assoc timeout interval Configures the idle time interval when no frames are sent after which a client is disassociated from the VAP interface IC W VAP 5 119 auth timeout value Configures the time interval after which clients must be re authenticated IC W VAP 5 120 shutdown Disables the wire...

Page 207: ...ss speed allowed for wireless clients Options for 802 11a 6 9 12 18 24 36 48 54 Mbps Options for 802 11b g 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps Default Setting 54 Mbps Command Mode Interface Configuration Wireless Command Usage The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance When turbo mode is enabled page 5 106 for 802 1...

Page 208: ...ctions up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitted by local regulations e g 11 channels for the United States I...

Page 209: ...acon packets on the wireless interface Syntax multicast data rate speed speed Maximum transmit speed allowed for multicast data Options for 802 11a 6 12 24 Mbps Options for 802 11b g 1 2 5 5 11 Mbps Default Setting 1 Mbps for 802 11b g 6 Mbps for 802 11a Command Mode Interface Configuration Wireless Example Enterprise AP if wireless g multicast data rate 5 5 Enterprise AP if wireless g ...

Page 210: ...Interface Configuration Wireless Command Usage The available channel settings are limited by local regulations which determine the number of channels that are available When multiple access points are deployed in the same area be sure to choose a channel separated by at least two channels for 802 11a to avoid having the channels interfere with each other and at least five channels for 802 11b g Yo...

Page 211: ...sible Power selection is not just a trade off between coverage area and maximum supported clients You also have to ensure that high strength signals do not interfere with the operation of other radio devices in your area Example radio mode This command forces the operating mode for the 802 11g wireless interface Syntax radio mode b g b g b b only mode Both 802 11b and 802 11g clients can communica...

Page 212: ...sets the length of the signal preamble that is used at the start of a 802 11b g data transmission Syntax preamble long short or long long Sets the preamble to long 192 microseconds short or long Sets the preamble to short if no 802 11b clients are detected 96 microseconds Default Setting Short or Long Command Mode Interface Configuration Wireless 802 11b g Command Usage Using a short preamble inst...

Page 213: ...int LEDs The access point does not support an external antenna connection on its left antenna Therefore this method is not valid for the access point right The radio only uses the antenna on the right side the side closest to the access point LEDs Select this method when using an optional external antenna that is connected to the right antenna connector Default Setting Diversity Command Mode Inter...

Page 214: ... Usage The optional external antennas if any that are certified for use with the access point are listed by typing antenna control id Selecting the correct antenna ID ensures that the access point s radio transmissions are within regulatory power limits for the country of operation The antenna ID must be selected in conjunction with the antenna control method to configure proper use of any of the ...

Page 215: ...d configures the rate at which beacon signals are transmitted from the access point Syntax beacon interval interval interval The rate for transmitting beacon signals Range 20 1000 milliseconds Default Setting 100 Command Mode Interface Configuration Wireless Command Usage The beacon signals allow wireless clients to maintain contact with the access point They may also carry power management inform...

Page 216: ...c This parameter is necessary to wake up stations that are using Power Save mode The DTIM is the interval between two synchronous frames with broadcast multicast information The default value of 2 indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every second beacon Using smaller DTIM intervals delivers broadcast multicast...

Page 217: ...successful transmission due to smaller frame size If there is significant interference present or collisions due to high network utilization try setting the fragment size to send smaller fragments This will speed up the retransmission of smaller frames However it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send mult...

Page 218: ... RTS frame the station sends a CTS frame to notify the sending station that it can start sending data Access points contending for the wireless medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node problem Example super a This command enables Atheros proprietary Super A performance enhancements Use the no form to disable this function Syntax no super a Default Sett...

Page 219: ...d dynamic turbo Maximum throughput ranges between 40 to 60 Mbps for connections to Atheros compatible clients Example description This command adds a description to a the wireless interface Use the no form to remove the description Syntax description string no description string Comment or a description for this interface Range 1 80 characters Default Setting None Command Mode Interface Configurat...

Page 220: ...ace Configuration Wireless VAP Command Usage Clients that want to connect to the wireless network via an access point must set their SSIDs to the same as that of the access point Example closed system This command prohibits access to clients without a pre configured SSID Use the no form to disable this feature Syntax no closed system Default Setting Disabled Enterprise AP if wireless g VAP 0 descr...

Page 221: ...t the same time Syntax max association count count Maximum number of associated stations Range 0 64 Default Setting 64 Command Mode Interface Configuration Wireless VAP Example assoc timeout interval This command configures the idle time interval when no frames are sent after which the client is disassociated from the VAP interface Syntax assoc timeout interval minutes minutes The number of minute...

Page 222: ...inutes before re authentication Range 5 60 Default Setting 60 Command Mode Interface Configuration Wireless VAP Example shutdown This command disables the wireless interface Use the no form to restart the interface Syntax no shutdown Default Setting Interface enabled Command Mode Interface Configuration Wireless VAP Enterprise AP if wireless g VAP 0 association timeout interval 20 Enterprise AP if...

Page 223: ...3 4 5 6 or 7 Example show interface wireless This command displays the status for the wireless interface Syntax show interface wireless a g vap id a 802 11a radio interface g 802 11g radio interface vap id The number that identifies the VAP interface Options 0 3 Enterprise AP if wireless g VAP 0 shutdown Enterprise AP if wireless g ...

Page 224: ...00 03 7f fe 03 02 802 11 Parameters Radio Mode b g mixed mode Protection Method CTS only Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length LONG Maximum Association 64...

Page 225: ...n Key Refresh Rate 30 min 802 1x Session Timeout Value 0 min Antenna Antenna Control method Diversity Antenna ID 0x0000 Default Antenna Antenna Location Indoor Quality of Service WMM Mode SUPPORTED WMM Acknowledge Policy AC0 Best Effort Acknowledge AC1 Background Acknowledge AC2 Video Acknowledge AC3 Voice Acknowledge WMM BSS Parameters AC0 Best Effort logCwMin 4 logCwMax 10 AIFSN 3 Admission Cont...

Page 226: ... Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admission Control No TXOP Limit 1 504 ms Enterprise AP ...

Page 227: ...ns may mistakenly associate to a rogue AP and be prevented from accessing network resources Rogue APs may also cause radio interference and degrade the wireless LAN performance Enterprise AP show station Station Table Information if wireless A VAP 0 802 11a Channel 60 No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel 1 802 11g Channel Station Table Station Address 00 04 23 94 9A 9C V...

Page 228: ...ensive scanning is required to find a rogue AP A rogue AP is either an access point that is not authorized to participate in the wireless network or an access point that does not have the correct security configuration Rogue access points can be identified by unknown BSSID MAC address or SSID configuration A database of nearby access points should therefore be maintained on a RADIUS server allowin...

Page 229: ...ccess point to discover rogue APs With authentication enabled and a configure RADIUS server the access point checks the MAC address Basic Service Set Identifier BSSID of each access point that it finds against a RADIUS server to determine whether the access point is allowed With authentication disabled the access point can identify its neighboring access points only it cannot identify whether the ...

Page 230: ...d and new clients may not be able to associate to the access point If clients experience severe disruption reduce the scan duration time A long scan duration time will detect more access points in the area but causes more disruption to client access Example Related Commands rogue ap interval 5 128 rogue ap interval This command sets the interval at which to scan for access points Syntax rogue ap i...

Page 231: ...ault Setting Disabled Command Mode Interface Configuration Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access point Therefore avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP Example Enterprise AP if wireless g rogue ...

Page 232: ... WLAN1AP 9 2452 MHz 42 ESS 0 0 00 90 d1 08 9d a7 WLAN1AP 1 2412 MHz 12 ESS 0 0 00 30 f1 fb 31 f4 WLAN 6 2437 MHz 16 ESS 0 0 Enterprise AP Command Function Mode Page auth Defines the 802 11 authentication type allowed by the access point IC W VAP 5 134 encryption Defines whether or not WEP encryption is used to provide privacy for wireless communications IC W VAP 5 133 key Sets the keys used for WE...

Page 233: ...a2 Clients using WPA2 are accepted for authentication wpa2 psk Clients using WPA2 with a Pre shared Key are accepted for authentication wpa wpa2 mixed Clients using WPA or WPA2 are accepted for authentication wpa wpa2 psk mixed Clients using WPA or WPA2 with a Pre shared Key are accepted for authentication required Clients are required to use WPA or WPA2 supported Clients may use WPA or WPA2 if su...

Page 234: ... 802 1X client software A RADIUS server must also be configured and be available in the wired network If a WPA WPA2 Pre shared Key mode is selected WPA PSK WPA2 PSK or WPA WPA2 PSK mixed the key must first be generated and distributed to all wireless clients before they can successfully associate with the access point Use the wpa preshared key command to configure the key see key on page 5 134 and...

Page 235: ...uivalent Privacy WEP is implemented in this device to prevent unauthorized access to your wireless network For more secure data transmissions enable encryption with this command and set at least one static WEP key with the key command The WEP settings must be the same on each client in your wireless network Note that WEP protects data transmitted between wireless nodes but does not protect any tra...

Page 236: ... keys use 16 alphanumeric characters or 32 hexadecimal digits Default Setting None Command Mode Interface Configuration Wireless Command Usage To enable Wired Equivalent Privacy WEP use the auth shared key command to select the shared key authentication type use the key command to configure at least one key and use the transmit key command to assign a key to one of the VAP interfaces If WEP option...

Page 237: ...used for decryption of data from clients When using IEEE 802 1X the access point uses a dynamic key to encrypt unicast and broadcast messages to 802 1X enabled clients However because the access point sends the keys during the 802 1X authentication process these keys do not have to appear in the client s key list In a mixed mode environment with clients using static and dynamic keys select transmi...

Page 238: ... If any clients supported by the access point are not WPA enabled the cipher suite algorithm must be set to WEP WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key Communicating devices must use the same WEP key to encrypt and decrypt radio signals WEP has many security flaws and is not recommended for transmitting highly sensiti...

Page 239: ...2 compliant hardware Example mic_mode This command specifies how to calculate the Message Integrity Check MIC Syntax mic_mode hardware software hardware Uses hardware to calculate the MIC software Uses software to calculate the MIC Default Setting software Command Mode Interface Configuration Wireless Command Usage The Michael Integrity Check MIC is part of the Temporal Key Integrity Protocol TKIP...

Page 240: ...ut format value The key string For ASCII input specify a string between 8 and 63 characters For HEX input specify exactly 64 digits Command Mode Interface Configuration Wireless VAP Command Usage To support WPA or WPA2 for client authentication use the auth command to specify the authentication type and use the wpa preshared key command to specify one static key If WPA or WPA2 is used with pre sha...

Page 241: ...ster Key PMK that is used to generate other keys for unicast data encryption This key and other client information form a Security Association that the access point names and holds in a cache The lifetime of this security association can be configured with this command When the lifetime expires the client security association and keys are deleted from the cache If the client returns to the access ...

Page 242: ...as to be fully authenticated When the client is about to roam to another access point in the network the access point sends pre authentication messages to the new access point that include the client s security association information Then when the client sends an association request to the new access point the client is known to be already authenticated so it proceeds directly to key exchange and...

Page 243: ... Syntax no link integrity ping detect Default Setting Disabled Command Mode Global Configuration Command Usage When link integrity is enabled the IP address of a host device in the wired network must be specified The access point periodically sends an ICMP echo request Ping packet to the link host IP address When the number of failed responses either the Command Function Mode Page link integrity p...

Page 244: ...ss no link integrity ping host host_name Alias of the host ip_address IP address of the host Default Setting None Command Mode Global Configuration Example link integrity ping interval This command configures the time between each Ping sent to the link host Syntax link integrity ping interval interval interval The time between Pings Range 5 60 seconds Default Setting 30 seconds Command Mode Global...

Page 245: ...onfiguration Example link integrity ethernet detect This command enables an integrity check to determine whether or not the access point is connected to the wired Ethernet Syntax no link integrity ethernet detect Default Setting Disabled Command Mode Global Configuration Example Enterprise AP config link integrity ping interval 20 Enterprise AP config Enterprise AP config link integrity ping fail ...

Page 246: ...iapp This command enables the protocol signaling required to hand over wireless clients roaming between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802 11 standard does not specify the signaling required between access points in order to support clients roaming from...

Page 247: ...The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network If a user does not have a configured VLAN ID the access point assigns the user to its own configured native VLAN ID The VLAN commands supported by the access point are listed below Table 30 VLAN Commands Enterprise AP config iapp Enterprise AP config NOTE When VLANs are enabled the access point...

Page 248: ...configured for a client on the RADIUS server then the frames are tagged with the access point s native VLAN ID Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point s native VLAN ID or with a VLAN tag that matches one of the wireless clients currently associated with the access point Example Related Commands management vlanid 5 146 management vlanid This co...

Page 249: ... Range 1 4094 Default Setting 1 Command Mode Interface Configuration Wireless VAP Command Usage To implement the default VLAN ID setting for VAP interface the access point must enable VLAN support using the vlan command When VLANs are enabled the access point tags frames received from wireless clients with the default VLAN ID for the VAP interface If IEEE 802 1X is being used to authenticate wirel...

Page 250: ...d below Table 31 WMM Commands wmm This command sets the WMM operational mode on the access point Use the no form to disable WMM Syntax no wmm supported required supported WMM will be used for any associated device that supports this feature Devices that do not support this feature may still associate with the access point required WMM must be supported on any device trying to associated with the a...

Page 251: ...rt and background These categories correspond to traffic priority levels and are mapped to IEEE 802 1D priority tags The direct mapping of the four ACs to 802 1D priorities is specifically intended to facilitate interpretability with other wired network QoS policies While the four ACs are specified for specific types of traffic WMM allows the priority levels to be configured to match any network w...

Page 252: ...aximum log value of the contention window This is the maximum upper limit of the random backoff wait time before wireless medium access can be attempted The contention window is doubled after each detected collision up to the LogCwMax value Note that the CWMax value must be greater or equal to the LogCwMin value Range 1 15 microseconds AIFS Arbitrary InterFrame Space specifies the minimum amount o...

Page 253: ...3 2 LogCwMax 10 10 4 3 AIFS 3 7 2 2 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled BSS Parameters WMM Parameters AC0 Best Effort AC1 Background AC2 Video AC3 Voice LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled Enterprise AP if wireless a wmmparams ap 0 4 6 3 1 1 Enterprise AP if wireless a ...

Page 254: ...5 152 CHAPTER 5 COMMAND LINE INTERFACE ...

Page 255: ...e subnet as the wired LAN If necessary reset the access point to the factory defaults Try the solutions in the following table If you need further assistance contact 3Com Technical Support through the following Web page http www 3com com products en_US supportedindex jsp Symptom Solutions Access point does not power up Make sure the Ethernet cable is plugged into the port labeled To Access Point o...

Page 256: ...which mobile users can roam are configured to the same WEP setting SSID and authentication settings Slow or erratic performance Try changing the wireless channel on the access point Check the access point antennas connectors and cabling for loose connections Check the wired network topology and configuration for malfunctions Running on a computer connected to the wired LAN the 3Com Device Manager ...

Page 257: ...ervice area to match If you change the IP address and save the change you cannot continue to configure the access point using the old IP address Therefore if you want to continue configuring this access point after you save this change you must do the following 1 Close your browser 2 Return to the 3Com Device Manager Wireless Network Tree and click Refresh 3 Select the access point and click Confi...

Page 258: ...6 4 CHAPTER 6 TROUBLESHOOTING ...

Page 259: ...configuring 5 45 community string 4 20 5 45 configuration settings saving or restoring 5 61 configuration initial setup 3 1 connecting power 2 2 2 6 country code configuring 5 14 CTS 4 41 5 116 D device status displaying 4 59 5 26 DHCP 3 9 4 5 4 6 4 7 5 99 5 100 DNS 4 6 5 98 Domain Name Server See DNS downloading software 4 24 5 61 DTIM 4 41 5 114 Dynamic Host Configuration Protocol See DHCP E EAP...

Page 260: ...tallation 2 3 log messages 4 34 4 61 5 33 server 4 33 5 33 login CLI 5 1 web 3 5 logon authentication RADIUS client 4 13 5 64 M MAC address recording 2 4 MAC address authentication 4 11 5 76 5 77 maximum associated clients 4 40 maximum data rate 5 107 802 11a interface 5 107 802 11g interface 5 107 O open system 3 9 4 49 5 118 P password configuring 4 22 5 17 management 4 22 5 17 port priority STA...

Page 261: ...iles setting 5 60 station status 4 60 5 125 status displaying device status 4 59 5 26 displaying station status 4 60 5 125 system clock setting 4 34 5 39 system log enabling 4 33 5 33 server 4 33 5 33 system software downloading from server 4 24 5 61 T Telnet for managenet access 5 2 Temporal Key Integrity Protocol See TKIP time zone 4 35 5 40 TKIP 4 57 transmit power configuring 4 40 5 109 trap d...

Reviews:

No comments

Related manuals for 8760 - Wireless Dual Radio 11a/b/g PoE Access Point

Brand: IBM Pages: 104

System Storage TS3100

Brand: IBM Pages: 375

Brand: WAGO Pages: 2

Brand: Queclink Pages: 9

DG834GT - 108 Mbps Super G Wireless ADSL Router

Brand: NETGEAR Pages: 2

Brand: IEI Technology Pages: 86

Lite N42B1P Series

Brand: Dahua Technology Pages: 14

Brand: Garland Pages: 43

Brand: Velopex Pages: 7

SUPERLOADER DLT MAGAZINE

Brand: Tandberg Data Pages: 6

Brand: FDI Pages: 2

Brand: ZoneVu Pages: 15

Brand: FUNcube Pages: 23

Brand: Federal Signal Corporation Pages: 49

Brand: Microchip Technology Pages: 9

Brand: Unex Pages: 27

B-Control Fader BCF2000

Brand: Behringer Pages: 13

Brand: Kaya Instruments Pages: 48

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands