manualshive.com logo in svg

3Com OfficeConnect WX1200, Reference Manual

The 3Com OfficeConnect WX1200 is a versatile networking device designed for small businesses. With its powerful features and simple setup process, this product ensures seamless connectivity for your office environment. Start using it hassle-free with our convenient Quick Start Manual. Download the free manual from manualshive.com to unlock the full potential of this incredible networking solution.

Share
Download
background image

462

C

HAPTER

 17: D

ETECTING

 

AND

 C

OMBATTING

 R

OGUE

 D

EVICES

Rogue Detection 
Lists

Rogue detection lists specify the third-party devices and SSIDs that MSS 
allows on the network, and the devices MSS classifies as rogues. You can 
configure the following rogue detection lists:

„

Permitted SSID list—A list of SSIDs allowed in the Mobility Domain. 
MSS generates a message if an SSID that is not on the list is detected.

„

Permitted vendor list—A list of the wireless networking equipment 
vendors whose equipment is allowed on the network. The vendor of a 
piece of equipment is identified by the Organizationally Unique 
Identifier (OUI), which is the first three bytes of the equipment’s MAC 
address. MSS generates a message if an AP or wireless client with an 
OUI that is not on the list is detected.

„

Client black list—A list of MAC addresses of wireless clients who are 
not allowed on the network. MSS prevents clients on the list from 
accessing the network through a WX switch. If the client is placed on 
the black list dynamically by MSS due to an association, reassociation 
or disassociation flood, MSS generates a log message.

„

Ignore list—A list of third-party devices that you want to exempt from 
rogue detection. MSS does not count devices on the ignore list as 
rogues or interfering devices, and does not issue countermeasures 
against them. 

An empty permitted SSID list or permitted vendor list implicitly allows all 
SSIDs or vendors. However, when you add an entry to the SSID or vendor 
list, all SSIDs or vendors that are not in the list are implicitly disallowed. 
An empty client black list implicitly allows all clients, and an empty ignore 
list implicitly considers all third-party wireless devices to be potential 
rogues. 

All the lists except the black list require manual configuration. You can 
configure entries in the black list and MSS also can place a client in the 
black list due to an association, reassociation or disassociation flood from 
the client.

The rogue classification algorithm examines each of these lists when 
determining whether a device is a rogue. The following figure shows how 
the rogue detection algorithm uses the lists.

Summary of Contents for OfficeConnect WX1200

Page 1: ... 3Com com Part No 10015404 Rev AA Published August 2006 Wireless LAN Mobility System Wireless LAN Switch Manager Reference Manual WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A WX2200 3CRWX220095A ...

Page 2: ...June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com is a registered trademark of 3Com Corpor...

Page 3: ...3 User Privileges 23 Serial Number and License Key 24 Installing 3WXM 24 Installing 3WXM on Windows Systems 24 Installing 3WXM on Linux Systems 26 Installation Log File 27 Upgrading 3WXM 28 Uninstalling 3WXM on Windows Systems 28 Uninstalling 3WXM on Linux Systems 30 2 WORKING WITH THE 3WXM USER INTERFACE Overview 31 Display Panels 32 Organizer Panel 32 Alerts Panel 34 Content Panel 35 Task List P...

Page 4: ...G WITH NETWORK PLANS Creating a Network Plan 56 Managing Network Plans 57 Saving a Network Plan 57 Opening a Network Plan 58 Importing a Network Plan 59 Closing a Network Plan 60 Deleting a Network Plan 60 Sharing a Network Plan 61 Defining a Mobility Domain 62 Roaming Behavior 62 Traffic Ports Used by a Mobility Domain 64 Creating a Mobility Domain 64 Creating a WX Switch 65 Creating a Third Part...

Page 5: ...of a Floor 96 Recommendations 96 Converting Objects into RF Obstacles 97 Drawing RF Obstacles 99 Importing RF Obstacle Data from a Site Survey 100 Defining Wireless Coverage Areas 112 Creating a Wiring Closet 113 Defining a Coverage Area 115 Editing Coverage Areas 127 Placing Third Party Access Points 132 Moving a Third Party AP Icon to its Floor Location 133 Creating and Placing an Icon for a Thi...

Page 6: ...nges 166 Deploying Changes 167 Using the Create Wireless Switch Wizard 167 Setting Up a Switch 169 Modifying Basic Switch Parameters 172 Changing the WX Software Version 174 Changing the WX Model 174 Changing Timezone Properties 174 Changing System Information 175 Converting Auto DAPs into Statically Configured DAPs 176 Deleting Auto DAPs 177 Launching a Telnet Management Session with the Switch 1...

Page 7: ...2 Changing VLAN IGMP Settings 216 Restricting Layer 2 Traffic Among Clients in a VLAN 219 Restricting Layer 3 Traffic Among Clients in a VLAN 220 Changing a VLAN s Tunnel Affinity 220 Configuring the MSS DHCP Server 221 Changing the Aging Time for FDB Entries 222 Viewing and Configuring ACLs 222 Viewing ACLs 223 Creating an ACL 223 Configuring Advanced ACL Settings 228 Adding a New ACE to a Config...

Page 8: ...t Radio Profile 266 Configuring Advanced Radio Profile Settings 267 Viewing and Changing the Auto DAP Profile 271 Viewing Auto DAP Profile Settings 271 Changing Auto DAP Profile Settings 272 Converting Auto DAPs into Statically Configured DAPs 274 Deleting Auto DAPs 274 Viewing and Configuring MAPs 274 Viewing the Configured MAPs 275 Creating a Distributed MAP 275 Configuring a Directly Connected ...

Page 9: ... and Configuring Global 802 1X Settings 305 Viewing Global 802 1X Settings 305 Changing Global 802 1X Settings 305 Viewing and Configuring 802 1X Network Access Rules 308 Viewing 802 1X Network Access Rules 308 Creating an 802 1X Network Access Rule 308 Viewing and Configuring MAC Network Access Rules 312 Viewing MAC Network Access Rules 312 Creating a MAC Network Access Rule 312 Viewing and Confi...

Page 10: ... 334 Staged WX 336 3WXM Requirements 337 Staging a WX Switch for Configuration by 3WXM 338 Example 1 Deployment Site Has DHCP and Local DNS 338 Example 2 Deployment Site Has No DHCP and No DNS 339 Example 3 Deployment Site Has DNS But No DHCP 340 Example 4 Deployment Site Has DHCP But Local DNS Domain Differs From Corporate DNS Domain 341 Preconfiguring a Switch in 3WXM 342 Uploading a Partially C...

Page 11: ...a Switch by 3WXM 359 Viewing the Operation Log 360 Canceling a Scheduled Operation 360 Importing and Exporting Switch Configuration Files 361 Modifying Configuration Change Polling Options 363 11 VERIFYING CONFIGURATION CHANGES Verification Tabs 365 Toolbar Options 366 Filtering the Message List 366 Resolving an Error or Warning 366 Disabling a Rule from the Message List 367 Changing Verification ...

Page 12: ...Content 381 Filtering Events by Severity 383 Filtering Events by Facility 383 Creating and Saving Filters 384 Deleting Filters 384 Exporting Filtered Data 384 15 GENERATING REPORTS Overview 386 Generating an Inventory Report 387 Generating a Mobility Domain Configuration Report 388 Generating a WX Configuration Report 389 Generating a Client Summary Report 390 Generating a Client Details Report 39...

Page 13: ...t Activity Information 418 Displaying Client Session Information 429 Managing the Client Watch List 436 Displaying a Client s Geographical Location 441 Terminating a Client s Session 443 Using the RF Monitor View 444 Displaying RF Neighborhood Information 445 Displaying the SSID to BSSID Mapping 446 Displaying the Activity Log 447 Displaying RF Environment Statistics 448 Using the RF Trends View 4...

Page 14: ...ements 477 Importing the Measurements 477 Applying the RF Measurements to the Floor Plan 479 Locating and Fixing Coverage Holes 480 Locating a Coverage Hole 480 Fixing a Coverage Hole 482 Computing and Placing New MAPs 482 Adding New MAPs that Are Already Installed to the Network Plan 482 A CHANGING 3WXM PREFERENCES Overview 483 Resetting Preferences Values 483 Changing Network Synchronization Opt...

Page 15: ...ettings 501 Changing Monitoring Settings 503 To change monitoring settings 504 Accessing the 3WXM Services Log 505 Managing Network Plans 506 Backing Up a Plan 506 Changing Backup Settings 507 Restoring a Plan from a Backup 507 Copying a Plan Backup from One Server to Another 507 Deleting a Plan Backup 508 C OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 50...

Page 16: ......

Page 17: ...mation in this guide follow the instructions in the release notes Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the 3Com World Wide Web site http www 3com com Conventions Table 1 and Table 2 list conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description Information note Information that descr...

Page 18: ...nventions Convention Description Menu Name Command Indicates a menu item that you select For example File New indicates that you select New from the File menu Monospace text Sets off command syntax or sample commands and system responses Bold text Highlights commands that you enter or items you select Italic text Designates command variables that you replace with appropriate values or highlights p...

Page 19: ...nd Controller Hardware Installation Guide This guide provides instructions and specifications for installing a WX wireless switch in a Mobility System WLAN Wireless LAN Switch and Controller Configuration Guide This guide provides instructions for configuring and managing the system through the Mobility System Software MSS CLI Wireless LAN Switch and Controller Command Reference This reference pro...

Page 20: ...ide Part number 730 9502 0071 Revision B Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e mail address Questions related to Technical Support or sales should be directed in the first instance to your network supplier ...

Page 21: ...requirements to run the 3WXM client on Windows and Linux platforms Table 3 Hardware Requirements for Running 3WXM Client Minimum Recommended Processor Intel Pentium 4 2 GHz or equivalent Intel Pentium 4 3 GHz or equivalent RAM 512 MB 1 GB Hard drive space available 100 MB 200 MB Monitor resolution 1024x768 pixels 24 bit color 1600x1200 pixels 32 bit color CD ROM drive CD ROM or equivalent CD ROM ...

Page 22: ...more data including client sessions which requires more RAM and storage Table 4 Hardware Requirements for Running 3WXM Monitoring Service Minimum Recommended Processor Intel Pentium 4 2 4 GHz or equivalent Intel Pentium 4 3 6 GHz or equivalent RAM 1 GB 2 GB Hard drive space available 1 GB 2 GB Monitor resolution 1024x768 pixels 24 bit color 1600x1200 pixels 32 bit color CD ROM drive CD ROM or equi...

Page 23: ...M comes with a base license key Before you install 3WXM make sure you have the appropriate administrative privileges on the system After you have installed 3WXM you will need to register your license and the serial number with 3Com in order to obtain an activation key The base key along with its activation key enables you to manage up to 10 wireless LAN switches To manage more than 10 wireless LAN...

Page 24: ...ormation If the product is not licensed you will have to install the license on the server machine Installing 3WXM To install the 3Com Wireless Switch Manager follow the instructions for your operating system below Installing 3WXM on Windows Systems To install 3WXM on a Windows system The 3WXM install program installs either just the 3WXM client or both the 3WXM client and Services There is no opt...

Page 25: ... 3 Select 3Com Wireless Switch Manager 4 Click the View button The 3Com Wireless LAN Switch Manager 3WXM information screen appears 5 Click the Install button The installation begins During the installation the 3Com Wireless Switch Manager installation wizard minimizes ...

Page 26: ...pack files on Linux systems 1 Log in as superuser 2 Insert the 3WXM CD in the CD ROM drive 3 For the platform on which you are installing 3WXM click the appropriate Installer link 4 Save the installation binary to a directory 5 Open a shell window 6 Use the cd command to go to the directory in which you saved the installation binary 7 In the shell window type sh install bin The Introduction page o...

Page 27: ...P port on the same host For example port 443 is defined by the Internet Assigned Numbers Authority IANA as the well known HTTPS port If the host on which you install 3WXM Services uses its default HTTPS port 443 and the same host also runs Microsoft Internet Information Services IIS on its default HTTPS port 443 there will be a conflict over the port 3WXM clients will not be able to communicate wi...

Page 28: ...install a previous version of 3WXM before upgrading make sure you note the serial number and license key from the License Information dialog box which you access by selecting Help Licensing from the main 3WXM window You can also save a copy of the license information by starting 3WXM and clicking Save in the License Information dialog box Uninstalling 3WXM on Windows Systems You uninstall 3WXM by ...

Page 29: ...nst this serial number If you delete the serial number the software will generate a new serial number if it is ever reinstalled You will then require new licenses to register against the new serial number If you delete the serial number the license information will also be deleted CAUTION If you delete an item the item is permanently lost For example if you delete the database directory all data c...

Page 30: ...ault all the following are removed Network plans Access control Monitoring service database if the monitoring service was installed along with the client on this machine License information To prevent an item from being uninstalled click on the checkbox next to the item to remove the checkmark The monitoring service plug in is uninstalled automatically CAUTION If you delete an item the item is per...

Page 31: ...ter describes how to use the 3Com Wireless LAN Switch Manager 3WXM interface Overview When you start 3WXM client and log into 3WXM Services the network plan is displayed by the 3WXM client Toolbar Organizer panel Content panel Alerts panel Lock icon ...

Page 32: ...y needs Alternatively you can add new or existing switches and access points individually Planning and equipment configuration and network management are described in detail in other chapters of this manual This chapter describes the 3WXM user interface Display Panels The main 3WXM window contains the following display panels Their locations are shown in the previous figure on page 34 Organizer pa...

Page 33: ...played by the Configuration tool bar option The set of devices in your network plan This includes Mobility Domains 3Com switches and MAPs as well as third party access points that 3WXM needs to be aware of while planning or monitoring the network Sites displayed by the RF Planning tool bar option Named sets of buildings and floors where 3Com equipment is deployed The tree that is displayed depends...

Page 34: ...d correct the warning or error click on the arrow to expand the panel then click on the statistic to open the corresponding tab in the Content panel Table 6 lists the types of alerts displayed in the Alerts panel Table 6 Alerts Alert Category Description Configuration Lists the number of configuration errors and warnings encountered when 3WXM verifies WX switch configurations in the network plan 3...

Page 35: ... still operating in the Mobility Domain s defined in the network plan Select this alert to open the Rogue Detection tab in the Content panel You can use this tab to list information about non 3Com wireless devices detected in the network See Detecting and Combatting Rogue Devices on page 459 Local Changes Lists the number of WX switch configuration changes that have occurred in 3WXM in the network...

Page 36: ...s in the Content panel remain greyed out because there are no unsaved changes to save or discard When you click a link to open a configuration wizard if there are unsaved changes 3WXM prompts you to apply or cancel the changes Click Apply to save the buffered changes and open the wizard The Save Apply Finish and OK buttons do not send configuration changes to the WX switches in the network To send...

Page 37: ...n page 365 Task List Panel The Task List panel displays lists of tasks related to the object selected in the Organizer panel Click a task to open the configuration wizard required to perform that task The Task List panel is located to the right of the Content panel Here is an example of the task list for an individual WX switch Configuration Wizards When you click on a task in the Task List panel ...

Page 38: ...tton saves the changes If applicable saving the changes also results in the newly configured object appearing in a table in the Content panel The following example shows the Wireless Service Profiles table which lists the SSID configurations on a switch The wizards displayed by selecting tasks in the Task List panel allow configuration of settings that are essential or that are commonly customized...

Page 39: ... Table 7 Resize Icons Option Description Minimize the panel When the panel is minimized the panel title is displayed as a tab Place the cursor over the tab to temporarily maximize the panel The panel is maximized only until you move the cursor away from the panel To make the panel stay maximized click on the maximize icon This option is supported on the Organizer and Task List panels Maximize the ...

Page 40: ...nother network plan into the currently open plan Save As Save a copy of the currently open network plan under a new name Import Import a WX configuration file into the currently open network plan Export Export a WX configuration file from the currently open network plan Exit Close 3WXM Tools Preferences Change 3WXM user preferences Performance Display Ethernet or radio statistics Certificate Manag...

Page 41: ...Open the License Information dialog box Report Problem Report a problem to 3Com Technical Support About 3WXM About 3WXM 3WXM version information Memory usage Java garbage collection Force GC Table 8 3WXM Menu Options continued Menu Option Description Table 9 3WXM Tool Bar Options Option Description Back Page back through the previously selected tool bar options or Organizer panel tree selections F...

Page 42: ...Display a list of the WX switches in the network plan To upload restart or change the management status of switches view scheduled tasks or distribute certificates use the Device tab To review and either allow or disallow local and network changes or to schedule configuration deployment use the Changes tab To manage and distribute MSS software images use the Image tab See Managing WX System Images...

Page 43: ...d WX switches in the network plan To filter the message list use the Filters tab To display more information about a message click on the row containing the message then use the Details tab See Using the Event Log on page 379 Reports Display links for configuring and generating reports See Generating Reports on page 385 The following icons are smaller and are located underneath the Back and Forwar...

Page 44: ...Copy and Paste Replace options to replace an object with a copy of another instance of the same type of object You also can copy and paste objects listed in tables in the Content panel using the copy and paste icons See Copy and Paste in the Content Panel on page 45 To delete an object in a table select the object then click Delete Copy and Paste in the Organizer Panel To create a new object in th...

Page 45: ...nd other parameters if needed When you are finished the replaced object is removed and the copied object appears under the parent object Copy and Paste in the Content Panel 1 Select the objects rows To select a single object click on the row for the object To select multiple contiguous objects click Shift while selecting them To select multiple noncontiguous objects click Ctrl while selecting them...

Page 46: ...es in toolbars and menus When a character is underlined you can press the corresponding letter key on the keyboard to display the toolbar menu or perform the menu action Depending on your Windows XP desktop setup 3WXM might not show action mnemonics To enable action mnemonics 1 Right click on the desktop and select Properties 2 Click the Appearance tab The Display Properties dialog box appears 3 C...

Page 47: ...y 47 4 Clear the box labeled Hide underlined letters for keyboard navigation until I press the Alt key Clearing this option allows programs to show the underlined character for mnemonics in 3WXM 5 Click OK 6 In the Display Properties dialog box click OK ...

Page 48: ...48 CHAPTER 2 WORKING WITH THE 3WXM USER INTERFACE ...

Page 49: ...e how to start 3WXM You must install a license key and activation key for the server before you can connect to the server and work with network plans To license a server you must start the 3WXM client on the same machine where the server is installed 1 Select Start Programs 3Com 3WXM 3WXM or double click the 3WXM icon on the desktop The 3WXM Service Connection dialog appears 2 Click Next If a Cert...

Page 50: ... Select Help Licensing from the tool bar The License Wizard is displayed 4 If you are installing a licensed copy select Standard Base Product and click Next Go to step 5 If you are installing an evaluation copy a Select Time Limited Evaluation and click Next b Click Finish and go to step 13 5 Type the license key that was supplied with the 3WXM CD and click Next 6 Click Get Activation Key A 3Com w...

Page 51: ...e 12 Click Finish 13 To connect to the server select File Connect from the menu bar The 3WXM Services Connection dialog box appears 14 In the 3WXM Services Connection dialog box enter the IP address of a host running 3WXM Services leave this as 127 0 0 1 if the services are being run on this host and then click Next 15 After a connection is established to the specified 3WXM Services host do one of...

Page 52: ...ox are greyed out Monitor This account can only monitor the network When users with a monitor account open a network plan they can see configuration changes that have been deployed to the network Any configuration changes that have not been deployed are not visible On the File menu all options except Open Close and Exit are greyed out On the Tools menu the Certificate Management option is greyed o...

Page 53: ...a new password for the administrator 1 to 80 alphanumeric characters with no spaces or tabs The password is case sensitive 4 Type the administrator password again for verification 5 Click OK 6 In the 3WXM Services Setup dialog box click Save to save the changes If this is the first user account 3WXM Services inserts the username you used to log onto the machine that is running 3WXM Services in the...

Page 54: ... Deleting 3WXM User Accounts To delete a 3WXM user account 1 Access the 3WXM Services Setup dialog box 2 Select a user account from the Authorized Users list 3 Click Remove an Account The account is deleted 4 In the 3WXM Services Setup dialog box click Save to save the changes 5 Click Close to close the dialog box Disabling Access Control If you have enabled access control for 3WXM you can disable...

Page 55: ...de network You also can define a physical representation of the network sites buildings and floors In this case you can import drawings of your floor plans into the network plan or draw plan details manually You can then identify the RF characteristics by importing data from a site survey or by manually identifying RF objects 3Com recommends that you limit a network plan to a single campus or Mobi...

Page 56: ...pendent on the country code you chose in step 3 The channel numbers you select are used later in the planning process when you assign channels to 802 11b g radios You might be able to select a set of overlapping channels However in some network layouts using overlapping channels reduces network performance Channel numbers used for 802 11a radios do not overlap and are not listed at this stage of t...

Page 57: ...APs that were configured by an Auto AP profile into statically configured MAPs See Converting Auto DAPs into Statically Configured APs on page 69 Network Domain Configure a group of Mobility Domains into a single Network Domain See Creating a WX Switch on page 65 Managing Network Plans After creating a network plan you can save close open or delete it You can also share a network plan with others ...

Page 58: ...y Plan Name type a new network plan name Optionally you can select an existing network plan name to replace it 3 Click Next You see the status of the save process 4 Click Finish Opening a Network Plan Network plans reside on a host running 3WXM Services You can open an existing network plan by connecting to the 3WXM Services host where the plan resides selecting File Switch Network Plan then speci...

Page 59: ...n Importing a Network Plan You can import objects from another network plan into the currently open plan When you import objects from another plan objects are added to the currently open plan as follows If an object object name exists in the plan you are importing but not in the open plan the object is added to the open plan If an object object name exists in both plans the copy of the object in t...

Page 60: ...lan 1 In the main 3WXM window select File Close or File Exit If the network plan has no unsaved changes the network plan is closed Otherwise go to the next step 2 If there are unsaved changes 3WXM displays a dialog asking whether you want to save the changes discard them or cancel the request to close the plan or exit the application Do one of the following Select Apply to save the changes and clo...

Page 61: ...r 3WXM displays the Lock Info page The Lock Info page indicates who has locked the network plan You can optionally override the user s lock Note that only a user with Administrator privileges can override another user s lock To override another user s lock 1 Select Tools 3WXM Services Lock Management The 3WXM Services Lock Management dialog box appears 2 Select the lock you want to delete and clic...

Page 62: ...t VLAN A network plan can contain more than one Mobility Domain Standalone WX switches and third party APs do not need to be configured within a Mobility Domain You use 3WXM to create a Mobility Domain and define its seed device and the other WX switches in the Mobility Domain If you already have WX switches installed and configured you can upload the configurations of the switches to 3WXM to have...

Page 63: ...s the session is cleared and its accounting is stopped You cannot configure the grace period If the client MAC address in a Mobility Domain is not found in 5 seconds the session is considered new The 802 1X reauthentication timeout has little impact on roaming If the timeout lapses 802 1X processing is performed on the existing association Accounting and roaming history are not affected if the rea...

Page 64: ...itches to place in the Mobility Domain and to select the seed switch Add the switches to the network plan before you configure the Mobility Domain 1 Select the Configuration tool bar option 2 Select the network plan in the Organizer panel 3 Select the Mobility Domain task in the Task List panel The Create Mobility Domain wizard appears 4 In the Name box type the name for the Mobility Domain 1 to 1...

Page 65: ... into account when assigning channels to MAPs 1 Select the Configuration tool bar option 2 Select the network plan in the Organizer panel 3 Select the Third Party AP task in the Task List panel The Create Third Party AP wizard appears 4 In the Name box type a name for the access point You can use 1 to 32 characters with no punctuation except the following period hyphen or underscore _ 5 Optionally...

Page 66: ...ber of 2 15 In the Channel Number list select the channel number for the radio 16 In the Transmit Power box specify the transmit power for the radio 17 To enable the radio select Enabled The access point s radio must be enabled in order to be considered in channel allocation 18 In the SSID box type the service set identifier SSID for the radio 19 In the MAC Address box type the MAC address of the ...

Page 67: ...ttings to the Network Plan If RF Auto Tuning is running on MAP radios in the network you can update the radios in the network plan with the channel and power settings currently in effect on the same radios in the network You also can lock down the channel and power settings in the plan and in the network by disabling RF Auto Tuning on the radios RF Auto Tuning settings are applied only to configur...

Page 68: ...type the IP address for the WX switch 4 In the Enable Password box type the enable password for the WX switch This password must match the enable password that was defined using the CLI command set enablepass For more information see the Wireless LAN Switch and Controller Configuration Guide 5 Click Next The uploading progress is shown 6 After the Successfully uploaded device message is displayed ...

Page 69: ...cally configured MAPs 5 Click Next 6 Select the temporary connections you want to convert into static connections 7 Click Finish Creating a Network Domain MSS Version 4 1 allows functionality found in Mobility Domains to be extended over a multiple site installation in a Network Domain A Network Domain is a group of geographically dispersed Mobility Domains that share information over a WAN link T...

Page 70: ...n Name box type the name for the Network Domain 1 to 60 characters with no spaces or tabs 5 Click Next 6 In the Available Devices list select the WX switches you want to use as the Network Domain seeds 7 Click Next 8 In the Available Devices list select the WX switches you want to use as Network Domain members Make sure to select the seed switch as a member For the Network Domain to work properly ...

Page 71: ...ement and generate RF network design information RF Planning Overview The 3WXM planning tools calculate the 3Com equipment you need how to configure it and where to install it all based on the information you provide about your wireless coverage needs You can display projected coverage and even experiment with network changes You can also optimize the plan based on RF measurements from the live ne...

Page 72: ...me in the Organizer panel and select Create Building in the Task List panel If you are modifying an existing building click on the plus sign next to the site name to expand it then click on the name of the building you want to modify Table 12 lists the toolbar icons at the top of the floor display area Table 12 Toolbar icons available in RF Planning Tools Option Description Edit 3WXM preferences C...

Page 73: ...play area Toggle AP label Copy selected objects Paste selected objects Undo last change Redo last change Group selected objects Ungroup selected objects Select all visible objects Assign layers to selected objects Create RF obstacle Edit properties Remove RF obstacle information Delete selected components Table 12 Toolbar icons available in RF Planning Tools continued Option Description ...

Page 74: ... prompts you for information about the new site If you are modifying an existing site click on the plus sign next to the network plan to expand it then click on the name of the site you want to modify Information about the site appears in the Content panel The following figure illustrates the information displayed in the Content panel for a site Note that this information is the same as the inform...

Page 75: ...anel then in the Change Country Code dialog select the country where the network is to be deployed 3 In the Channel Set 802 11b g list select the set of operating channels for any 802 11b g MAP radios you plan to use if different from the default From the Content panel you can also change the properties of existing buildings at the site See Creating or Modifying Buildings in a Site next for more i...

Page 76: ...ou are modifying an existing building select the building name in the Content panel for the site then click Properties A dialog box allows you to edit the building s properties In the Organizer panel click on the plus sign next to the site name to expand it then click on the name of the building you want to modify Information about the building appears in the Content panel You can edit the buildin...

Page 77: ... Name box type the name of the building 1 to 30 alphanumeric characters with no spaces or tabs 2 In the Task List Panel under Other click Edit Building The Edit Building dialog box is displayed 3 In the Number Of Floors box specify how many floors the building has ...

Page 78: ...it of Measurement list select Feet or Metric If you are importing a drawing of a floor plan choose the measurement system the drawing uses 8 In the Height of the Ceiling box type the number of feet or meters from the floor to the ceiling 1 to 1000 feet or meters The ceiling height is based on the surface of the ceiling where the access points will be mounted not on the center of the plenum space b...

Page 79: ... the building then click Properties A dialog box allows you to edit the floor s properties Click on the floor name in the Organizer panel click on Floor in the Task List panel and then select Floor properties under Edit Floor The following figure illustrates the information displayed in the Floor Properties dialog box for a floor Note that this information is the same as the information for which ...

Page 80: ...e attenuation information when calculating how many MAPs you need and where to place them in order to provide the desired wireless coverage The following sections describe how to import or draw a floor For information about specifying the RF characteristics of the floor see Specifying the RF Characteristics of a Floor on page 96 Importing a Drawing of a Floor You can import a drawing of your floor...

Page 81: ... of a DWG file for the same drawing You can reduce the file size for a drawing by pruning unneeded information from the drawing as described below Preparing a Drawing Before Importing It 3WXM has a file cleanup feature that can help remove unwanted information from an imported drawing However the more cleanup work you do before importing a file the better the results will be In addition cleaning u...

Page 82: ...atically To perform an audit in AutoCAD select File Drawing Utilities Audit Check for grouped objects especially groups that span multiple layers or include the entire drawing If a grouped object contains objects that you will to assign differing RF values to or if some objects will not become RF obstacles ungroup the objects and delete the unneeded objects If all the RF objects in the grouped obj...

Page 83: ...Click drag to select unwanted objects and delete them When all unwanted objects are deleted purge the drawing of all unwanted layers blocks and fonts by selecting File Drawing Utilities Purge Make sure purge nested items is selected Click Purge until the option is greyed out CAUTION In AutoCAD you cannot delete a layer if the layer is not empty However in TurboCAD Options Layers allows you to dele...

Page 84: ...s in the previous table refer to specific command names in AutoCAD The commands are mentioned in 3WXM documentation as a guide for finding the appropriate commands or options in your CAD application However the best source of information about how to use your CAD application is the user documentation for that application Table 13 Operating Tips Operation Path Hotkey Zoom Extension Arranges all ite...

Page 85: ... select it and click Open The drawing appears After you import a drawing 3WXM remembers the directory you chose If you originally imported a DXF or DWG file you can import a DXF DWG GIF or JPEG file and layer it over the original file When you import another file you are asked whether you want to delete the existing layout or add the objects to the existing layout If you are reimporting the origin...

Page 86: ...For example if the drawing includes parking lot information you can easily remove the parking lot by cropping CAUTION All objects that are outside the area you select to keep are permanently removed To crop the paper space 1 Display the floor plan in the Content panel 2 Click on the toolbar 3 Click and diagonally drag the cursor over the area you want to keep 4 Release the mouse button A warning i...

Page 87: ...g If you imported a DWG or DXF drawing you might need to adjust the scale of the drawing because the units used in these drawings might not have a one to one correspondence to meters and feet To adjust the scale of the drawing you draw a line between two points of known distance and adjust the measurement To adjust the scale 1 Display the floor plan in the Content panel 2 Click on the toolbar 3 Dr...

Page 88: ...laces the origin point in the upper left corner of the drawing by default You are not required to use the upper left corner of the building as the origin point You can select an easily identifiable feature on all floors such as an elevator shaft Or to include additional features that are not on the floor itself you can extend the drawing beyond the exterior walls by moving the origin farther up an...

Page 89: ...F obstacles Generally only some of a drawing s layers contain details relevant to RF planning You can hide layers to simplify a drawing 3WXM performs RF calculations only with information in visible layers Each drawing that you import into 3WXM has a layer 0 which contains information that 3WXM creates You can hide layer 0 but you cannot delete it and 3WXM requires layer 0 to be visible when calcu...

Page 90: ...eanup criteria which you can modify See Cleaning Up a Drawing on page 91 You also can select and delete individual objects Hiding Layers With the drawing displayed in the Content panel click Layers in the Organizer panel to bring up a list of the layers in the drawing Click the checkbox next to the layer name to show or hide the layer Figure 3 shows the same floor plan as Figure 2 after hiding unn...

Page 91: ...he down arrow to display the list of layers in the drawing and select the layer to which you want to move the object s 4 Click OK Cleaning Up a Drawing 3WXM can simplify an imported CAD drawing by removing unnecessary objects from each layer Drawing cleanup eliminates unneeded objects lines and text Note the following when cleaning up a drawing Drawing cleanup does not apply to GIF or JPEG drawing...

Page 92: ...e from the drawing during cleanup 3WXM removes all these items by default 4 To change the short line length type the new length in the Short Line Length box 3WXM removes all lines that are this length or shorter 5 To change the parallel shape separation distance type the new length in the Parallel Shape Separation box 3WXM removes parallel shapes that are this distance or shorter from the shape th...

Page 93: ...lect the layers you want to clean up You can select individual layers or all layers 3WXM removes the specified objects only from the layers you select By default no layers are selected 8 Click Next The Before Cleanup tab appears The progress of the cleanup is listed in the message area below the floor plan When cleanup is finished the After Cleanup tab appears The example below shows a cleanup in ...

Page 94: ... 5 PLANNING THE 3COM MOBILITY SYSTEM 10 Do one of the following Click Finish to accept the changes Click Previous to change the cleanup constraints Go back to step 2 on page 77 Click Cancel to cancel the changes ...

Page 95: ...the Free Draw area under Layout click one of the icons and draw the object as described in the following table Object Action circle Diagonally drag the cursor over the area where you want the circle to appear square Diagonally drag the cursor over the area where you want the square to appear parallelogram 1 Click at a vertex and drag the cursor to the next vertex 2 Click again and drag the cursor ...

Page 96: ...stacles and assign attenuation values to them This method is available for any floor plan See Drawing RF Obstacles on page 99 Import RF measurements from a site survey This method requires the Ekahau Site Survey tool to create the site survey You can use this method alone or in combination with the methods above See Importing RF Obstacle Data from a Site Survey on page 100 You also can use site su...

Page 97: ...list of the layers in the drawing 2 Right click the list of layers in the Organizer panel 3 Select Create RF Obstacles from the menu that is displayed The Create RF Obstacle dialog box appears 4 Go to To use the Create RF Obstacle Dialog box on page 98 To create RF obstacles for an area in a drawing 1 Diagonally drag the cursor over the area where you want to create RF obstacles 2 Right click and ...

Page 98: ...up objects icon on the toolbar The grouped objects now appear as one object group 4 Right click and select Create RF Obstacle The Create RF Obstacle dialog box appears See To use the Create RF Obstacle Dialog box To use the Create RF Obstacle Dialog box The Create RF Obstacle dialog box is shown in Figure 4 Figure 4 Create RF Obstacle Dialog Box 1 In the Description box type a description for the ...

Page 99: ...RF obstacles for grouped objects each grouped object is converted into a single RF obstacle Drawing RF Obstacles 1 Display the floor plan in the Content panel 2 In the Task List panel click Tools 3 In the RF Obstacle area under Layout click one of the icons and draw the object as described in the following table Object Action circle Diagonally drag the cursor over the area where you want the circl...

Page 100: ...his method of adding RF obstacle data requires the following tools 3WXM 4 1 Ekahau Site Survey Tool www ekahau com and a laptop PC on which to run the tool when you take measurements An AP on wheels a portable AP that you can move to different locations on the floor as you take RF measurements with the site survey tool polygon 1 Click at a vertex then move the cursor to the next vertex 2 Repeat un...

Page 101: ...ing LOS Points on page 102 You can place the LOS points at the places where you are thinking of installing the permanent MAPs but this is not a requirement 3 In 3WXM generate a site survey order The site survey order includes the locations and MAC addresses of the LOS points and also provides a GIF image of the floor See Generating a Site Survey Order on page 108 4 In the site survey tool import t...

Page 102: ...ame MAC address for multiple locations the RF measurement data will be inaccurate While conducting the survey Walk slowly and evenly and click at each turn Walk completely around the area you are surveying completing a 360 degree scan of the area Avoid placing your body between the AP and the laptop PC Your body adds attenuation Adding LOS Points Line of sight LOS points are the locations for the ...

Page 103: ...racteristics of a Floor 103 5 Click Yes next to File 6 In the File Format listbox select Ekahau 7 Click Choose to navigate to the csv file that contains the LOS points 8 Click Next The MAC addresses of the LOS points appear ...

Page 104: ...adio types Select the MAC addresses for the radio types you want to use in the network 10 Click Finish 11 Place the LOS points on the floor plan Click Objects to Place in the Organizer panel to display the LOS points for each MAC address you selected Click on an LOS point to select it then move the cursor to the floor location and click again to place the LOS point ...

Page 105: ... Organizer Panel To create LOS points in 3WXM 1 Display the floor plan in the Content panel 2 In the Task List panel click Tools 3 Under Site Survey click the icon 4 On the floor plan click on the location for the LOS The Create AP Placement Point wizard appears LOS points in Organizer Panel LOS point placed in floor location ...

Page 106: ...type or model of AP you plan to use for the portable AP If the model is not listed select AP Dual Radio for a dual radio AP or AP Single Radio for a single radio AP 7 In the Radio Type listbox select the 802 11 radio type The radio types that are available depend on the AP model or type you selected 8 Click Next The radio configuration page appears ...

Page 107: ... 11 In the MAC Address box type the MAC address you want to use for this position of the AP To ensure valid site survey results you must use a unique MAC address for each LOS point 12 If the AP model you selected has more than one radio configure the other radio 13 Click Finish to save the changes and close the wizard An LOS point icon appears on the floor plan where you clicked to open the Create...

Page 108: ... 2 Move the cursor to the floor location where you want to place the LOS 3 Click to place the LOS You cannot delete an LOS point directly from the Objects To Place tab To delete an LOS point place the LOS point somewhere on the floor space then delete it See To delete an LOS point To delete an LOS point To permanently remove an LOS icon from the floor 1 Right click on the LOS icon 2 Select Delete ...

Page 109: ...lect the language for the site survey order English German 6 To specify the output directory for the site survey order click the button below Output Directory and navigate to the directory where you want 3WXM to place the site survey order 7 Click Generate 3WXM generates the site survey order When the order is complete the View button becomes available 8 To view the site survey order click View A ...

Page 110: ...k order to set up the survey When you import the floor map into the site survey tool make sure you use the map name specified in the work order The site survey data will not appear when you import RF measurements into 3WXM unless the map name is correct Importing RF Measurements 1 Display the floor plan in the Content panel 2 In the Task List panel click RF Planning 3 Under Site Survey click Impor...

Page 111: ...ame must match the name specified in the site survey work order and must be the same map name used in the site survey tool 8 Click Next The import progress is displayed When the import is done check the Total valid RF measurements found line in the progress messages If the number is greater than 0 3WXM successfully imported measurements If the number is 0 no measurements were imported Try the impo...

Page 112: ...WXM creates an RF obstacle For RF obstacles created by 3WXM the description is auto generated and the obstacle type is Other You can edit these values by selecting the obstacle clicking the Edit properties icon to open the Modify RF Obstacle wizard and modifying the values Click OK to close the wizard and save the changes See To use the Create RF Obstacle Dialog box on page 98 The wizard is the sa...

Page 113: ...witches and defined them in 3WXM you can place them in the wiring closet and specify them as switches to be used when 3WXM calculates how many MAP access points are required If you do not have any WX switches placed in the wiring closet 3WXM automatically creates and configures the switches that are needed Each floor plan must have at least one wiring closet if the floor will use MAPs that are dir...

Page 114: ...t click the WX switch in the Available Devices box then click the Add button to move it to the Current Devices box To remove a WX switch from the wiring closet click the WX switch in the Current Devices box then click the Remove button to move it to the Available Devices box If there are two or more WX switches in the wiring closet you can change the order in which 3WXM checks switches for free po...

Page 115: ...or MAPs in the Coverage Area on page 122 7 Configuring Capacity Calculation for Data on page 124 8 Configuring Capacity Calculation for Voice on page 125 9 Specifying Mobility Domain Radio Profile and Wiring Closet Associations on page 127 Shared Coverage Areas 3WXM supports the sharing of coverage areas if one area is completely within a larger area For example you might want to provide 802 11a a...

Page 116: ...ology cannot be shared A coverage area using 802 11b and a coverage area using 802 11g cannot be shared MAP access points placed in shared areas must be configured as dual radio models Drawing a Coverage Area 3WXM supports concave polygons which have an internal angle greater than 180 degrees When drawing a polygon make sure that two sides of the polygon do not intersect each other as shown in Fig...

Page 117: ... as described in the following table Object Action circle Diagonally drag the cursor over the area where you want the circle to appear square Diagonally drag the cursor over the area where you want the square to appear parallelogram 1 Click at a vertex and drag the cursor to the next vertex 2 Click again and drag the cursor until the parallelogram takes the shape you want 3 Click to finish polygon...

Page 118: ...ist select one of the following 802 11a 802 11b 802 11g 802 11a and 802 11b 802 11a and 802 11g Select 802 11a and 802 11b if the area requires 802 11a and 802 11b coverage Select 802 11a and 802 11g if the area requires 802 11a and 802 11g coverage When you specify a coverage area requiring different technologies 3WXM creates two areas that completely overlap each other one area for 802 11a and a...

Page 119: ...for each technology type a name for the coverage area 1 to 60 characters long with no tabs 2 In the Rate Mb s list for each technology select the average desired association rate for typical clients in this coverage area 3 For 802 11g to prevent the association of 802 11b clients to any radio in this coverage area select Exclude 802 11b clients To allow 802 11b clients to associate to radios in th...

Page 120: ...onally specify floor properties for the coverage area if they are different from the defaults for the floor 1 To change the ceiling height specify the new height in the Height of the Ceiling box 2 To change the height where MAPs are mounted specify the new mounting height in the MAP Placement Height box 3 Click Next The Default Device Settings page appears ...

Page 121: ...ted 3 To change the MAP connection type select the type from the AP Connection Type list Direct MAPs are directly attached to dedicated WX switch ports Distributed MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices Distributed Auto MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices They receive their configuration automatically using a prof...

Page 122: ... to Specifying Redundancy Computation for MAPs in the Coverage Area on page 122 If you selected Distributed Auto in the AP Connection Type list the Capacity Planning for Data page appears Go to Configuring Capacity Calculation for Data on page 124 Specifying Redundancy Computation for MAPs in the Coverage Area You can optionally configure 3WXM to compute redundant connections for the APs in the co...

Page 123: ...d from the MAP Connection Type list WX4400 switches support indirect MAP connections only 3 To change the number of redundant connections for the distributed connection type type the number in the Redundancy Level box For direct connections the redundancy level is always 1 4 Click Next The Capacity Planning for Data page appears ...

Page 124: ...lculations 2 In the Per Station Throughput list specify the throughput combined transmit and receive in kilobits per second Kbps for a station The throughput value cannot exceed the value you selected for the baseline association rate 3Com recommends that per station throughput values do not exceed 1 Mbps for 802 11b technology and 5 Mbps for 802 11a g technology 3 In the Expected Station Count li...

Page 125: ...lations and selects the calculation that results in more MAPs 1 To calculate MAP placement and configuration based on both coverage and on capacity for voice over IP enable Use Capacity Calculation for Voice Otherwise click Next By default 3WXM performs only the coverage calculation If you enable the Use Capacity Calculation for Voice option 3WXM performs both calculations 2 In the Active Call Ban...

Page 126: ...pect to be in the coverage area 5 In the Handset Oversubscription Ratio list select the ratio for the average transmit behavior of the voice over IP phones The handset oversubscription ratio is the ratio of active handsets compared to total handsets For example the ratio 4 1 indicates that statistically 25 percent of the voice over IP phones are active at any given time 6 Click Next The Mobility D...

Page 127: ...et that contains the WX switch or switches to be connected to the shared MAP access points If the MAPs will be directly connected to WX switches a wiring closet is required If all the MAPs in the coverage area will be indirectly connected to WX switches through the network a wiring closet is not required 4 In the Redundant Wiring Closet list select the wiring closet that will provide redundant con...

Page 128: ...t and click Properties The Coverage Area Properties dialog for the selected coverage area appears You can also display this dialog by displaying the floor plan selecting Coverage Areas in the Organizer panel then right clicking on the coverage area and selecting Edit Properties from the menu ...

Page 129: ...er the Capacity tab you can do the following To calculate MAP placement and configuration based on coverage and on capacity for data enable Use Capacity Calculation for Data In the Per Station Throughput list specify the throughput combined transmit and receive in kilobits per second Kbps for a station In the Expected Station Count list specify the number of clients you expect to be in the coverag...

Page 130: ...icy is listed If you select default the default radio profile settings are applied to the coverage area For information about policies see Configuring and Applying Policies on page 375 In the Shared Area list select a coverage area that will share MAP access points with the one you are configuring If you selected two radio technologies when defining the coverage area a shared area is automatically...

Page 131: ... assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch The profile also configures the MAP with the MAP and radio parameter settings in the profile To allow locked MAP access points to be deleted when the Compute and Place function determines that they are no longer required select Allow Deletion of Locked MAPs A locked MAP is a MAP th...

Page 132: ...his assumes that the network plan already has a WX switch defined If you are planning a new installation you do not need to specify a WX switch to use 11 When you have finished editing the properties of the coverage area click OK to exit the Coverage Area Properties dialog and OK again to exit the Coverage Area Selection dialog Placing Third Party Access Points If you have third party access point...

Page 133: ...f the AP 4 On the floor plan click on the location where you want to place the AP You must click in a coverage area 3WXM removes the AP from the Objects to Place list and places an icon for it on the floor plan Creating and Placing an Icon for a Third Party Access Point 1 In RF Planning navigate to the floor plan 2 In the Task List panel click Tools 3 In the Coverage Area task group under Wiring C...

Page 134: ...point 1 to 30 characters with no spaces 7 In the Product ID box type the product identification for the access point 1 to 30 characters with no spaces 8 In the IP Address box type the IP address for the access point If you specify an IP address you can use Telnet and a Web browser with this access point 9 In the Telnet Port Number box specify the port number for Telnet service 10 In the HTTP Port ...

Page 135: ...the following AP Dual Radio 802 11a and 802 11b or 802 11b g AP Single Radio 802 11a 802 11b or 802 11g 13 In the Radio Type drop down list select one of the following 11a 11b 11g The choices available depend on the selection you made in step 12 14 Click Next The following dialog appears ...

Page 136: ...dio 18 To enable the radio select Enabled The access point s radio must be enabled in order to be considered in channel allocation 19 In the SSID box type the service set identifier SSID for the radio 20 In the MAC Address box type the MAC address of the radio 21 In the Antenna Gain list select the antenna gain for the radio 22 If the access point has only one radio click Finish Otherwise go to th...

Page 137: ...ar click the Network Verification tab and upload the MAP configuration into 3WXM See Verifying Configuration Changes on page 365 2 Select the RF Planning option in the main 3WXM tool bar and display the floor plan in the Content panel 3 In the Coverage Areas section right click on the coverage area for which the MAP is providing coverage and select Edit Properties The Coverage Area Properties dial...

Page 138: ...for the coverage area 3WXM shows the expected simulated coverage of the completed design and allows you to see how the coverage changes when you make adjustments to MAP location or power levels Computing and Placing MAP Access Points for a Coverage Area When you perform Compute and Place for one or more coverage areas 3WXM automatically calculates the number of MAPs you require based on coverage a...

Page 139: ...place MAPs 1 Specify design constraints See To specify design constraints 2 Compute and place MAPs See To compute and place MAPs on page 142 3 Review coverage area computation progress See To review coverage area computation on page 143 To specify design constraints 1 Display the floor plan in the Content panel 2 In the Task List panel click Floor 3 Under Edit Floor click Constraints The Manage Co...

Page 140: ...e Reserved Tx Power Margin listbox This is the number of dBm below the maximum power setting that you want 3WXM to reserve in case the power needs to be increased later 9 To allow locked MAP access points to be deleted when Compute and Place determines that they are no longer required select Allow Deletion of Locked MAPs A locked MAP is a MAP that is already associated with the coverage area For e...

Page 141: ...elect Update All Constraints By default 3WXM applies only changed constraint values to the selected areas This default behavior preserves any constraint changes you make to individual areas when you configure them 15 Select the coverage areas for which you want to apply constraints To select a coverage area click the box in the select column 16 Click Next The Manage Constraints Progress page is ac...

Page 142: ...rimary wiring closet for directly attached MAP access points Specifying the primary wiring closet for distributed MAPs is optional 6 To specify the redundant wiring closet for a coverage area click in the Redundant Wiring Closet column to display the wiring closet list and select a wiring closet from the list This step is optional 7 To specify the shared area for a coverage area click in the Share...

Page 143: ... computation To review coverage area computation 1 Review the number of MAPs required for each coverage area and the overriding criterion used coverage or capacity 2 Click Finish to apply the changes Icons for the suggested MAP locations appear on the floor plan ...

Page 144: ...lable depend on the wireless technology you chose for the coverage area This example shows the 802 11b coverage for an area 3 To see the RF coverage area for a specific MAP or radio right click the MAP or radio and select one of the following Display RF Coverage 802 11a Display RF Coverage 802 11b Display RF Coverage 802 11g The choices available depend on the wireless technology you chose for the...

Page 145: ...ove them to fine tune the wireless coverage If you need a MAP to be located at a fixed location on the floor you can lock its current location when you recompute the necessary coverage A dual radio MAP model that is part of two coverage areas and is not locked can be placed in the shared coverage area To lock a MAP 1 Select the MAP you want to lock 2 Right click and select Lock You can no longer m...

Page 146: ...ross the floor minimizes co channel interference Figure 8 shows how to minimize co channel interference for an 802 11b environment when using the nonoverlapping channels 1 6 and 11 Figure 8 Channel Assignment to Minimize Co Channel Interference To assign channels 1 Display the floor plan in the Content panel 2 In the Task List panel click RF Planning Under RF Planning click Assign Channels The Cha...

Page 147: ...adio type for which to assign channels select the radio type from the Technology list By default 3WXM assigns channels for all radio types on the MAPs placed in the building 6 To prevent 3WXM from taking the channel assignments for the floor above into account when calculating the channel assignments for a floor clear Use Cross Floor Channel Information 7 Click Next The Channel Assignment Progress...

Page 148: ...mber is changed to match the results of channel assignment However the channel is not changed for MAPs that are running in the live network and are being managed by 3WXM For these MAPs 3WXM displays the channels that are in use on the live MAPs To make the MAPs in the live network use the channels assigned by RF Planning deploy the configuration to the network After you deploy the configuration wi...

Page 149: ...uning feature to automatically set the power levels on the MAPs after deployment and installation use the Compute Optimal Power option to calculate the power settings for the MAPs Transmit power levels must be high enough to adequately cover an area but also low enough to minimize co channel interference 3WXM factors in these considerations when calculating optimal power 3Com recommends that you a...

Page 150: ...gured for coverage not capacity Unless you disabled the option to place MAPs based on capacity do not select the Optimize AP Count option 4 Select Compute Power for the areas for which you want to compute power 5 Click Next The Compute Power For Progress page appears If the power computation succeeds click Finish to see the results If the power computation fails click OK in the Optimal Power Compu...

Page 151: ...ransmit rates supported by the radio These rates are standard for each radio type RSSI Coverage is shown based on the received signal strength indication RSSI of the radio s signal heard by other radios 2 In the Coverage Areas section of the Organizer panel select the scope for which you want to display coverage You can display coverage for an individual radio a specific coverage area or all cover...

Page 152: ... or below do the following 3 In the Coverage Areas section of the Organizer panel navigate to the floor 4 Expand the floor to display its coverage areas 5 Right click on a coverage area and select Show RF Coverage If the coverage area provided by an access point on the floor above or below is one meter or less 3WXM displays a message This coverage area is not displayed on the current floor plan Re...

Page 153: ...them on the floor 3 Modify the coverage area so that the capacity requirements are higher If you manually add MAPs to a coverage area they might be moved or removed when you next perform Compute and Place If you have already installed a MAP in the network and you want to add it to the coverage area see Adding New MAPs that Are Already Installed to the Network Plan on page 482 Placing RF Measuremen...

Page 154: ...characters 6 In the RSSI Options box select display options for the dialog box To list access points that cannot be detected from this RF measurement point select Show Unreachable MAPs To list disabled access points select Show Disabled MAPs To list access on other floors that can be detected from this RF measurement point select Show MAPs on Other Floors See Reading the RF Measurement Table on pa...

Page 155: ...engths for any location on the floor To use the RF interactive measurement mode 1 Click the icon in the toolbar 2 Click any location on the floor Received signal strength indication RSSI measurements for the selected location appear next to the Floor View See Reading the RF Measurement Table for information about the fields in the display Reading the RF Measurement Table The projected signal stren...

Page 156: ...f the panel Show Unreachable APs Show MAPs that are too far away to accurately measure signal strength Show Disabled APs Show all disabled MAPs Show APs on Other Floors Show the MAPs located on other floors that can be detected from this RF measurement point MAP AP MAP or third party access points detected Distance Distance between MAP and RF measurement point Channel Channel of the MAP or third p...

Page 157: ...k order shows where the MAPs should be installed WX initial setup configuration information and projected RSSI information that is useful when verifying the installation After deployment you can generate a work order with the optional RSSI projection tables and MAP MAC addresses and use it for post deployment verification To generate a work order report 1 Display the floor plan in the Content pane...

Page 158: ...lick Choose The Select dialog box appears 7 Navigate to the directory you want and click Select 3WXM uses this directory when generating subsequent reports 8 Click Generate Work Order The work order is saved in the directory you specified in the format WO_scope_name_date If you generate another order for the same scope on the same day the old work order is overwritten When the work order has been ...

Page 159: ...71 If you are planning to use 3WXM to configure switches in a remote office see Configuring WX Switches Remotely on page 333 WX Switch Configuration Objects Configuration objects for WX switches are organized into the following categories System Wireless AAA You can access configuration wizards for these object types by clicking on tasks in the Task List panel or by selecting the object type under...

Page 160: ...hes Telnet Controls Telnet management access to the WX switches SSH Controls Secure Shell SSH management access to the WX switches Web Portal Controls web based login of network users clients SNMP Configures traps communities and trap receivers Timezone Controls local offsets to Universal Mean Time UMT See Viewing and Changing Management Settings on page 188 Log Controls log and trace settings See...

Page 161: ...s Wireless Services Settings for SSIDs to provide network services Wizards are provided for configuring the following types of services 802 1X voice Web Portal open access and custom See Viewing and Configuring Wireless Services on page 237 Radio Profiles Sets of radio parameters that can be applied to multiple radios including the beacon interval RF Auto Tuning settings and service profiles See V...

Page 162: ... See Viewing and Configuring 802 1X Network Access Rules on page 308 MAC Access Rules Access rules for MAC clients See Viewing and Configuring MAC Network Access Rules on page 312 WebAAA Access Rules Access rules for WebAAA Web Portal clients See Viewing and Configuring WebAAA Network Access Rules on page 315 Last Resort Access Rules Access rules for last resort access See Viewing and Configuring ...

Page 163: ...em on page 71 Creating a WX Switch Using the Create Wireless Switch Wizard 1 Select the Configuration tool bar option 2 In the Organizer panel select the network plan name 3 In the Task List panel select Create Wireless Switch 4 Go to Using the Create Wireless Switch Wizard on page 167 AAA cont Location Policy Policies to locally override VLAN or security ACLs assigned to a user by a RADIUS server...

Page 164: ...s the interface or source IP address MSS uses for system tasks including the following Mobility Domain operations Topology reporting for dual homed MAP access points Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP notifications 7 Click Management Interface 8 To enable the switch to be managed by 3WXM select Managed Until this option is selected ...

Page 165: ...d close the wizard 15 Edit other parameters as required See the rest of this chapter and the following two chapters Adding a Switch by Uploading its Configuration from the Network If you have already deployed a WX switch in the network and you want to add the switch to the network plan you can upload the switch s configuration into 3WXM edit the switch then redeploy the switch with the new paramet...

Page 166: ... click Properties to make the change for all the selected objects For example to disable or reenable multiple ports you can select all the ports click Properties change the port state in the dialog then close the dialog The changes take effect on all the ports you selected Reviewing and Deploying Changes 3WXM does not automatically deploy switch configuration changes from the network plan to the a...

Page 167: ...ith no spaces or tabs Within a network plan and all Mobility Domains each WX must have a unique name 3 In the WX Model list select the WX switch model 4 In the Software Version list select the version of Mobility System Software MSS you expect to run on the WX switch 5 In the Enable Password box type the enable password for the WX This password must match the enable password that was defined on th...

Page 168: ...already be created See Defining a Mobility Domain on page 62 If you still need to create the Mobility Domain finish creating the switch then create the Mobility Domain Select the switch in the Organizer panel to display its basic settings in the Content panel and select the Mobility Domain from the Mobility Domain drop down list 15 To place the switch in a wiring closet select the closet from the ...

Page 169: ...anizer panel select the WX switch 3 In the Task List panel select System Setup The System Setup wizard appears 4 Read the first page then click Next 5 Configure SNMP settings a Select the minimum level of security to allow for any SNMP communication with the switch from the Security Level drop down list Unsecured SNMP message exchanges are not secure This is the default and is the only value suppo...

Page 170: ...ween the switch and 3WXM Services Unsecured SNMP message exchanges are not secure This is the default and is the only value supported for SNMPv1 and SNMPv2c This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs Authenticated SNMP message exchanges are authenticated but are not encrypted This security level is the same as the authNoPriv level described in SNMPv3 RFCs En...

Page 171: ...d You can modify existing servers and groups and create new ones To create a RADIUS server and place it in a group a Click Create The Create RADIUS Server wizard appears b See Viewing and Configuring RADIUS Settings on page 300 c When you are finished configuring RADIUS settings click Next and go to step 8 8 Configure wireless services Wireless services that are already configured are listed You c...

Page 172: ...1g 10 Click Finish Modifying Basic Switch Parameters Basic switch parameters are displayed in the Content panel when you select a switch in the Organizer panel 1 Select the Configuration tool bar option 2 In the Organizer panel select the WX switch Basic parameters for the switch appear in the Content panel 3 To modify the name edit the string in the WX Name box 4 To modify the serial number edit ...

Page 173: ...is replaced with the settings from the network plan which can result in loss of connectivity to the switch 7 To modify the management interface select the IP interface and VLAN from the VLAN IP drop down list 8 To modify the enable password edit the string in the Enable Password box Use this option when you are creating a new switch in 3WXM This option modifies the password in the network plan How...

Page 174: ...drop down list 5 Click OK Changing Timezone Properties You can specify the number of hours and optionally the minutes that the WX switch s real time clock is offset from Coordinated Universal Time UTC also known as Greenwich Mean Time GMT The time zone information is used by Network Time Protocol NTP if you enabled it You can also specify whether the WX modifies the clock during daylight savings t...

Page 175: ... box specify the minute between 0 and 59 when the time change starts 13 In the End Month list select the month of the year when the time change ends 14 In the End Week list select the week of the month when the time change ends First Second Third Fourth or Last 15 In the End Day list select the day of the week when the time change ends 16 In the End Hour box specify the hour between 0 and 23 when ...

Page 176: ... Distributed MAPs and has capacity to manage the MAP A MAP that is booted and managed using a Distributed MAP profile is here called an Auto DAP You can convert the temporary connection of an Auto DAP to a WX switch into a permanent statically configured connection on the switch This procedure converts Auto DAPS into configured Distributed MAPs only on the switch you are managing To convert Auto D...

Page 177: ...r power it down Then use this procedure to remove it from the Auto DAP list To delete an Auto DAP 1 Select the Configuration tool bar option 2 In the Organizer panel select the WX switch 3 In the Task List panel select Delete Auto APs The Delete Auto APs wizard appears The MAPs that were configured using a Distributed MAP template are listed 4 Select the Auto DAP that is no longer on the network 5...

Page 178: ...red authentication Speed and autonegotiation Power over Ethernet PoE state Media type gigabit Ethernet ports only Load sharing see Viewing and Changing Port Groups on page 186 Viewing Port Settings 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to System 4 Select Ports The ports and their configuration settin...

Page 179: ...port if supported by the switch to disable auto negotiation clear Auto Negotiation This option is enabled by default 7 For a gigabit Ethernet port if supported by the switch select the interface you want to enable GBIC Enables the fiber interface and disables the copper interface RJ45 Enables the copper interface and disables the fiber interface The port supports only the physical interface you se...

Page 180: ...nfiguring MAPs on page 274 1 Access the Create AP wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Ports e Select PoE Enabled if you have not already done so f In the Task List panel select AP 2 To change the name edit the string in the Name field The name can contain up to 16 alphanum...

Page 181: ...icated For 802 1X clients wired authentication works only if the clients are directly attached to the wired authentication port or are attached through a hub that does not block forwarding of packets from the client to the PAE group address 01 80 c2 00 00 03 Wired authentication works in accordance with the 802 1X specification which prohibits a client from sending traffic directly to an authentic...

Page 182: ...ame and password from the client Web Portal Serves the client a web page from the WX switch s nonvolatile storage for login to the SSID None Denies authentication and prohibits the client from accessing the SSID This is the default The fallthru authentication method is attempted only if the switch does not have an 802 1X or MAC authentication rule for wired access that matches the client s usernam...

Page 183: ...r information see AAA Methods RADIUS Server Groups and the Local User Database on page 242 g Click Next h To configure accounting select Enabled select the record type Start Stop or Stop Only then select a RADIUS server group or LOCAL for the accounting and click Add i Click Finish j Click Next 6 To use MAC authentication to control access to the port create or select a MAC authentication rule Oth...

Page 184: ...Otherwise go to step 11 8 Click Next The ACEs ACL rules that 3WXM will configure for the Web Portal service are listed The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated These ACEs are used only during authentication After the user is authenticated the ACEs are not used If you need to add ACEs continue with this step Otherwise go to ste...

Page 185: ... Only then select LOCAL or a RADIUS server group for the accounting and click Add g Click Finish If you selected Local as an authentication method the users in the local database are listed Go to step 12 If you did not select LOCAL click Finish to close the wizard and save the changes You are finished with this procedure 11 If you selected Open Access in step 2 select the VLAN to which you want th...

Page 186: ...r all subsequent traffic for that flow A port group ensures link stability by providing redundant connections for the same link If an individual port in a group fails the WX reassigns traffic to the remaining ports When the failed port starts operating again the WX begins using it for new traffic flows Traffic that belonged to the port before it failed continues to be assigned to other ports Layer...

Page 187: ...ort The Port Group Member Remove dialog box appears Click Yes to change the port s membership Click No to leave the membership unchanged 7 Click Finish Changing a Port Group To change a port group 1 In the Content panel select the row for the port group 2 Click Properties The Port Group Properties wizard appears 3 To add a port to the port group select the Member checkbox for the port The port gro...

Page 188: ...xt to the WX switch 3 Click the plus sign next to System 4 Select Management Services The management services and their settings appear in the Content panel Changing Management Service Settings To change management service settings 1 To enable or disable a management service select or deselect it by clicking the checkbox next to the service name For example to enable Telnet click the checkbox to p...

Page 189: ...d 3WXM Services as an SNMP notification target to the switch For simple configuration of 3WXM Services as an SNMP notification target see Setting Up a Switch on page 169 1 Click the checkbox next to SNMP to enable it if you have not already done so By default SNMP is disabled 2 To change the minimum level of security MSS requires for SNMP select one of the following from the Security Level drop do...

Page 190: ...t If you enable SNMP service on the WX 3Com recommends that you do not use the well known strings public for READ or private for WRITE These strings are commonly used and can easily be guessed 3 Select the access type read only An SNMP management application using the string can get read object values on the switch but cannot set write them This is the default read notify An SNMP management applic...

Page 191: ...t set them The switch can use the string to send notifications notify only The switch can use the string to send notifications read write An SNMP management application using the string can get and set object values on the switch notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications 4 Specif...

Page 192: ...he format type a 16 byte hexadecimal string for MD5 or a 20 byte hexadecimal string for SHA If you selected Pass Phrase as the format type a string at least 8 characters long 7 Select the encryption type used for SNMP traffic None No encryption is used This is the default DES Data Encryption Standard DES encryption is used 3DES Triple DES encryption is used AES Advanced Encryption Standard AES enc...

Page 193: ...e To enable all notification types click the Enable checkbox at the top of the list 4 Click Finish Configuring a Notification Target A notification target is a remote device to which MSS sends SNMP notifications You can configure the MSS SNMP engine to send confirmed notifications informs or unconfirmed notifications traps The available options differ depending on the SNMP version and the type of ...

Page 194: ...tification profile The name can be 1 to 32 alphanumeric characters with no spaces or tabs c Click Next d Click the checkbox next to each notification type you want to enable To enable all notification types click the Enable checkbox at the top of the list e Click Next 7 From the Security Model drop down list select the SNMP version 8 For USM SNMPv3 select the security type Unsecured SNMP message e...

Page 195: ...ice on the WX 3Com recommends that you do not use the well known strings public for READ or private for WRITE These strings are commonly used and can easily be guessed c Select the access type read notify An SNMP management application using the string can get object values on the switch but cannot set them The switch can use the string to send notifications notify only The switch can use the stri...

Page 196: ...on MSS calculates the engine ID based on the address LocalID Uses the value computed from the switch s system IP address To send informs you must specify the engine ID of the inform receiver To send traps and to allow get and set operations and so on specify local as the engine ID If you select Hex or IP type the hexadecimal string or IP address in the Value box To configure authentication and enc...

Page 197: ...get on page 193 Configuring 3WXM Services as a Notification Target 1 Access the Setup 3WXM Notification Target wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select Management Services e In the Task List panel select 3WXM Notification Target 2 In the Security Model drop down list select the...

Page 198: ...P community string a If a list of community string is displayed select Create new Community and click Next b In the Community String box type the name of the community The name can be 1 to 32 alphanumeric characters with no spaces or tabs Community string names are transmitted in clear text If you enable SNMP service on the WX 3Com recommends that you do not use the well known strings public for R...

Page 199: ...y only The switch can use the string to send notifications notify read write An SNMP management application using the string can get and set object values on the switch The switch can use the string to send notifications d Select the Engine ID format Hex ID is a hexadecimal string IP ID is based on the IP address of the station running the management application Enter the IP address of the station...

Page 200: ... keyword such as authentication or sm to trace activity for a particular feature such as authentication or the session manager CAUTION Setting traces can have adverse effects on system performance 3Com recommends that you use the lowest levels possible for initial trace commands and slowly increase the levels to get the data you need Viewing Log Settings To view log settings 1 Select the Configura...

Page 201: ... to the console b In the Severity Filter list select the lowest level of severity of the event or condition to be logged see the list in step 2 The default severity level is Error 4 Configure logging to the current login session a To specify that logging messages be sent to the current login session select Enabled Clear Enabled to disable the logging of messages sent to the current login session b...

Page 202: ...everity of the event or condition to be logged see the list in step 2 on page 200 The default severity level is Error 4 To map all the facilities to a standard local facility select Facility Mapping Some syslog servers require the facility to be set to a standard local facility name 5 In the Map to Local Facility List select the local facility Local 0 to Local 7 that all the facilities are mapped ...

Page 203: ...dress to trace Specify a MAC address using colons to separate the octets for example 00 11 22 aa bb cc 6 Optionally in the Port Name box type the port number to trace 7 Click Finish Viewing and Configuring IP Services Settings You can configure the following IP services Static routes IP aliases Domain Name System DNS service Network Time Protocol NTP service Address Resolution Protocol ARP entries...

Page 204: ... the route Otherwise MSS uses a default route For more information about static routes see the Configuring and Managing IP Routes section in the Configuring and Managing IP Interfaces and Services chapter of the Wireless LAN Switch and Controller Configuration Guide To create a static route 1 Access the Create Route wizard a Select the Configuration tool bar option b In the Organizer panel click t...

Page 205: ...st IP Address box type the IP address that the IP alias is mapped to 4 Click Finish Configuring DNS You can configure the WX switch to resolve hostnames to their IP addresses by querying a Domain Name Service DNS server By enabling DNS you can specify a hostname rather than an IP address For example rather than typing telnet 10 1 2 3 you could type telnet monterey example com By default DNS is not...

Page 206: ...default NTP is not enabled You can specify up to three NTP servers If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes convergence of the WX time can take many NTP update intervals 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence 1 Under NTP in the Content p...

Page 207: ...ng permanent ARP entries you can set the amount of time unused dynamic entries remain in the table before they are removed 1 In the Aging Time box specify the amount of time a dynamic entry can remain unused before the entry is removed from the ARP table The value range for the aging timeout is 0 to 1 000 000 seconds The default value is 1200 seconds To disable aging specify 0 as the aging timeout...

Page 208: ...WX ports that are configured for MAPs or wired authentication access Users are assigned to VLANs automatically through authentication and authorization mechanisms such as 802 1X By default none of a WX switch s ports are in VLANs A switch cannot forward traffic on the network until you configure VLANs and add network ports to those VLANs Users and VLANs When a user successfully authenticates to th...

Page 209: ...ility Domains see Defining a Mobility Domain on page 62 Because the default VLAN might not be in the same subnet on each switch 3Com recommends that you do not rename the default VLAN or use it for user traffic Instead configure other VLANs for user traffic Viewing VLANs To view VLANs 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Cl...

Page 210: ... or port group to the VLAN and remove previous VLAN membership click Move Moving a port or port group could potentially affect multiple VLANs To add a port or port group to the VLAN and retain previous VLAN membership click Add 7 Click Next 8 To add an IP interface to the VLAN do one of the following Statically configure an address by editing the IP address and subnet mask for example 10 10 10 10 ...

Page 211: ...lue as the VLAN number MSS does not require the VLAN number and tag value to be the same but some other vendors devices do Do not assign the same VLAN multiple times using different tag values to the same network port Although MSS does not prohibit you from doing so the configuration is not supported 1 Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click ...

Page 212: ... are untagged However each VLAN still runs its own instance of STP even if two or more VLANs contain untagged ports To run a single instance of STP in 802 1D mode on the entire switch configure all network ports as untagged members of the same VLAN MSS uses PVST BPDUs on VLAN ports that are tagged PVST BPDUs include tag information in the 802 1Q field of the BPDUs MSS runs a separate instance of P...

Page 213: ...nds 7 In the Hello Time box specify the interval 1 to 10 seconds between each configuration message from the root bridge The default is 2 seconds 8 In the Forward Delay box specify the amount of time 4 to 30 seconds a bridge waits after a topology change to begin forwarding data packets The default is 15 seconds 9 Click OK Changing STP Port Settings in a VLAN 1 Access the VLAN table a Select the C...

Page 214: ...k port group 3 1000 Mbps full duplex 4 100 Mbps full duplex aggregate link port group 15 100 Mbps full duplex 18 100 Mbps half duplex 19 10 Mbps full duplex aggregate link port group 90 10 Mbps full duplex 95 10 Mbps half duplex 100 Specify 0 to use the default cost for the port based on link speed 8 To enable port fast convergence select the PortFast checkbox Port fast convergence bypasses both t...

Page 215: ...ridge fails and immediately verifies whether BPDU information stored on a port is still valid If the BPDU information on the port is no longer valid the bridge immediately starts the listening stage on the port If you plan to use the backbone fast convergence feature you must enable it on all the bridges in the spanning tree Uplink fast convergence Uplink fast convergence enables a WX switch that ...

Page 216: ...ividual VLAN basis The current software version supports IGMP versions 1 and 2 To configure IGMP snooping 1 Access the VLAN table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select VLANs 2 In the Content panel select the VLAN 3 In the Task List panel select Configure IGMP 4 To enable IGMP snoop...

Page 217: ...ed station IGMP reports select Proxy Report 13 To enable multicast router solicitation which allows the WX to discover multicast routers on the subnet select Multicast Router Solicitation 14 In the Solicitation Interval box specify the interval 1 to 65 535 seconds between multicast router solicitations by a WX The default interval is 30 seconds 15 Click OK Configuring Static Multicast Ports A WX l...

Page 218: ...s sign next to the WX switch c Click the plus sign next to System d Select VLANs 2 In the Content panel select the VLAN 3 Click Properties 4 Click the VLAN Member Details tab 5 To add a static multicast receiver port select the Forward Multicast IP Out checkbox for each port you want to add By default ports are not selected To remove a static multicast receiver port clear the checkbox 6 To add a m...

Page 219: ...e specified gateway routers You can specify up to four gateway MAC addresses The addresses must be unicast not multicast or broadcast For networks with IP only clients you can restrict client to client forwarding using ACLs Use the Restrict L3 Traffic option See Restricting Layer 3 Traffic Among Clients in a VLAN 1 Access the VLAN table a Select the Configuration tool bar option b In the Organizer...

Page 220: ... WX switches configured to comprise a Mobility Domain allow users to roam seamlessly across MAP access points and across WX switches Although a WX that is not a member of a user s VLAN cannot directly forward traffic for the user the WX can tunnel the traffic through another WX that is a member of the user s VLAN If a WX that is not in the user s VLAN has a choice of more than one other WX through...

Page 221: ...onally you can configure the DHCP server to also provide IP addresses to Distributed MAPs and to clients Use of the MSS DHCP server to allocate client addresses is intended for temporary demonstration deployments and not for production networks 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network To enable the MSS DHCP server on a VLAN 1 Acce...

Page 222: ...box specify the aging timeout period 0 to 1 000 000 seconds for dynamic entries in the forwarding database The default is 300 seconds 5 minutes If you specify 0 aging is disabled 5 Click OK Viewing and Configuring ACLs An access control list ACL filters packets to restrict or permit network usage by certain users network devices or traffic types You can also assign a class of service CoS level whi...

Page 223: ...r broadcast destination address Viewing ACLs To view ACLs 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to System 4 Select ACLs The configured ACLs and their mappings appear in the Content panel Creating an ACL The Create ACL wizard enables you to configure ACEs with the following parameters Match criteria S...

Page 224: ...sses This rule provides security be ensuring that the only traffic permitted by an ACL is the traffic you want to permit This rule is automatically added to the end of each ACL and cannot be edited or removed After you add an ACE to the table each subsequent ACE appears above the implicit deny all ACE at the bottom of the list but beneath all the other ACEs you have configured The switch uses the ...

Page 225: ...tor from the Operator drop down list Less Than Greater Than Equal IP Protocol Number Protocol 1 Internet Control Message Protocol ICMP 2 Internet Group Management Protocol IGMP 6 Transmission Control Protocol TCP 9 Any private interior gateway used by Cisco for Internet Gateway Routing Protocol 17 User Datagram Protocol UDP 41 IPv6 46 Reservation Protocol RSVP 47 Generic Routing Encapsulation GRE ...

Page 226: ...w in the DSCP column b Select Type Of Service or Diff Serv Code Point c If you selected Type Of Service select the IP precedence value from the Precedence drop down list Any 1 All packets are subject to the ACL regardless of whether precedence is set Routine 0 Packets with routine precedence are filtered Priority 1 Packets with priority precedence are filtered Immediate 2 Packets with immediate pr...

Page 227: ... values For example to select minimum delay and maximum throughput as the TOS options type 12 which is the sum of the two values d Click OK 10 Select the action from the Action drop down list Permit allows access if the conditions in the ACE are matched Deny refuses access if the conditions in the ACE are matched 11 To mark the packet with a CoS value select the value in the CoS box By default the...

Page 228: ... The hit sample rate specifies the time interval in seconds at which the packet counter is sampled for each security ACE on which the hit counter is enabled By default the hit sample rate is 0 even when the hit counter is enabled To use the hit counter you must enable it and set the hit sample rate The hit sample rate applies globally to all ACEs on which the hit counter is enabled 1 In the Task L...

Page 229: ...ist panel select ICMP Properties 3 Select or type the ICMP message type in the Type box See Table 17 4 Select or type the ICMP message code in the Code box See Table 17 5 Click OK Table 17 ICMP Messages and Codes ICMP Message Type Number Code Number Echo Reply 0 None Destination Unreachable 3 Network Unreachable 0 Host Unreachable 1 Protocol Unreachable 2 Port Unreachable 3 Fragmentation Needed 4 ...

Page 230: ...r virtual ports You cannot map an ACL to a MAP port or a wired authentication port You also can map ACLs to user by configuring the filter in and filter out user attributes User based ACLs are more specific than ACLs applied to interfaces and are therefore processed first See Authorization Attributes on page 295 1 Access the ACL table a Select the Configuration tool bar option b In the Organizer p...

Page 231: ...tual port in a VLAN The tag value can be a number from 1 to 4093 The default value is 1 Make sure that you do not specify duplicate mappings that specify the same port and tag value b In the port list select the port to which you want to map the ACL You cannot map an ACL to a MAP port or a wired authentication port c In the Direction list select In to filter incoming packets or Out to filter outgo...

Page 232: ... ACL you want to delete 3 In the Task List panel select Delete ACL Deleting an Individual ACE from an ACL To delete an individual ACE from an ACL 1 Access the ACL table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select ACLs 2 Select any ACE in the ACL 3 In the Task List panel select ACL Rules ...

Page 233: ...WX MAPs place traffic from a WX to a wireless client in a forwarding queue based on the DSCP value in the tunnel carrying the traffic then forward the traffic based on the queue s priority MSS performs classification on ingress to determine a packet s CoS value This CoS value is used to mark the packet at the egress interface The classification and marking performed by the switch depend on whether...

Page 234: ...ration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to System d Select QoS 2 In the CoS column of the DSCP to CoS table use the arrows to select the new value or type the new value 3 Click Save Changing a CoS to DSCP Mapping To change the mapping between an internal CoS value and the DSCP value that is marked in egress traffic 1 Acce...

Page 235: ...t DSCP list select the lower DSCP value in the range 4 In the Last DSCP list select the upper DSCP value in the range 5 In the CoS value list select the internal CoS value to which you want MSS to map all DSCP values within the selected range 6 Click Finish Resetting CoS Mapping to their Default Values To reset CoS mapping to their default values 1 Access the QoS tables a Select the Configuration ...

Page 236: ...236 CHAPTER 6 CONFIGURING WX SYSTEM PARAMETERS ...

Page 237: ...wizards to configure the following types of wireless services 802 1X Service Profile Provides wireless access to 802 1X clients Voice Service Profile Provides wireless access to Voice over IP VoIP devices Web Portal Service Profile Provides wireless access to clients who log in using a web page Open Access Service Profile Provides wireless access to clients without requiring them to log in Custom ...

Page 238: ...e Based on service profile type Secure 802 1x Voice Web Portal Open Custom service profiles do not have a default name SSID name SSID name with wireless clients will associate Blank no default value SSID type Encryption setting for data Encrypted Clear unencrypted Based on service profile type 802 1X Encrypted clear is not applicable Voice Encrypted Web Portal Clear Open Clear Custom Encrypted Bea...

Page 239: ...n Standard AES with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol CCMP Temporal Key Integrity Protocol TKIP WEP with 104 bit keys WEP with 40 bit keys TKIP Authentication method Location of user information the switch checks when authenticating and authorizing users Can be one or more RADIUS server groups the switch s local database or both Voice LOCAL a RADIUS serve...

Page 240: ... are wildcards The wildcard matches on all usernames To match on all MAC addresses MAC access rules only use only a single You can restrict access by specifying part of the username or MAC address along with a wildcard In this case only the usernames or MAC addresses that match the partial username or address are allowed access User Globs and MAC Address Globs For a user glob type a full or partia...

Page 241: ...type a full or partial username to be matched during authentication MAC addresses must be specified with colons as the delimiters for example 00 11 22 33 44 55 You can use wildcards by specifying an asterisk in MAC addresses The following lists examples of using wildcards in MAC addresses all MAC addresses 00 00 01 00 01 02 00 01 02 03 00 01 02 03 04 00 01 02 03 04 0 To view a service profile s ac...

Page 242: ...oth sides of the connection Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication requires user information to be in the switch s local database External RADIUS Server No protocol is used by the WX The switch sends the authentication traffic to a RADIUS server for EAP processing If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other ...

Page 243: ...s for accounting can be but are not required to be the same as the method s for authentication and authorization If you plan to specify a RADIUS server group configure the group first before using the wizard To be available for selection in the wizard the RADIUS server group must already be configured before you open the wizard See Viewing and Configuring RADIUS Settings on page 300 Viewing Wirele...

Page 244: ...vice profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select 802 1X Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in the Name box Editing the name is optional if this is the first service of this type you are configuring on the switch 4 Type the SSID name in the SSID box 5 Click Ne...

Page 245: ... to users in the local database on remote servers or in the service profile of the SSID the user logs into The VLAN you select here is used only if a VLAN attribute is not configured for the user on the RADIUS server or in the switch s local database 14 Select or create the radio profile to map to this service profile By default the default radio profile is selected To map the service profile to t...

Page 246: ...file wizard a In the Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select Voice Service Profile 2 Read the description of the wizard on the first page then click Next 3 Edit the service name in the Name box Editing the name is optional if t...

Page 247: ... of the following RSN WPA2 WPA Static WEP 11 Click Next 12 If you selected RSN or WPA in step 10 select the encryption algorithms to use Otherwise go to step 16 AES CCMP Usually used with RSN WPA2 TKIP Usually used with WPA WEP 104 Used with dynamic WEP WEP 40 Used with dynamic WEP 13 Click Next 14 If you selected RSN or WPA in step 10 you can select whether to use dynamically generated keys or st...

Page 248: ...E click Add Rule 3WXM adds an ACE to the end of the list The ACE matches on all source and destination IP addresses and denies them To modify an ACE select the part of the ACE you want to modify and edit or select the new value For information about ACE settings see Viewing and Configuring ACLs on page 222 21 If you selected MAC Access in step 8 select or create the MAC address globs you want to a...

Page 249: ...rofile table Configuring a Web Portal WebAAA Service To configure a Web Portal WebAAA service 1 Access the Web Portal Service Profile wizard a In the Organizer panel click on the plus sign next to the WX switch on which you want to configure the service profile b Click on the plus sign next to Wireless c Select Wireless Services d In the Task List panel select Web Portal Service Profile 2 Read the...

Page 250: ...hms to use AES CCMP Usually used with RSN WPA2 TKIP Usually used with WPA WEP 104 Used with dynamic WEP WEP 40 Used with dynamic WEP 12 Click Next 13 If you selected Static WEP in step 7 specify WEP keys Otherwise click Next and go to step 15 For each key up to four type the key value in the corresponding key box By default data in unicast and multicast packets are encrypted using WEP key 1 To use...

Page 251: ...change the deny rule at the bottom of the ACL This rule must be present and the capture option must be used with the rule If the rule does not have the capture option the Web Portal user never receives a login page 17 Click Next 18 Specify the authentication method RADIUS server group or local database For information see AAA Methods RADIUS Server Groups and the Local User Database on page 242 If ...

Page 252: ...o the Current Members list If you have not planned RF coverage or configured any MAPs in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile Settings on page 267 d Go to step 21 21 Click Finish Configuring an Open Access Service To configure an Open Access service 1 Acces...

Page 253: ... keys based on a passphrase To use dynamically generated keys leave the Pre shared Key box blank and go to step 10 To use static keys type a string from 8 to 63 characters long in the Pre shared Key box and click Generate 10 Click Next 11 Select the encryption algorithms to use AES CCMP Usually used with RSN WPA2 TKIP Usually used with WPA WEP 104 Used with dynamic WEP WEP 40 Used with dynamic WEP...

Page 254: ...file name in the Name box and click Next c Select the radios you want to manage with the radio profile and click Move to move them to the Current Members list If you have not planned RF coverage or configured any MAPs in the network plan yet no radios are listed You can add the radios later Select the radio profile click Properties then select Radio Selection See Configuring Advanced Radio Profile...

Page 255: ...e Profile WPA RSN Static WEP Authorization Attributes Broadcast Settings Radio Profile Selection Voice Configuration Client Timeout Rate Configuration SODA Service Profile Tab All the settings on the Service Profiles tab are explained in the sections on the service profile wizards For descriptions see Table 18 on page 238 WPA RSN Tab Most of the settings on the WPA RSN tab are explained in the sec...

Page 256: ...nge the default VLAN select it from the VLAN Name box To set other default attributes click in the value column and type the values For more information about attributes and how they are selected see the Assigning Authorization Attributes section in the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Broadcast Settings Tab The Broadcast Setti...

Page 257: ... other service profile types Static CoS Value When static CoS is enabled this is the CoS value assigned by the MAP to all traffic on the service profile s SSID This value is used only when static CoS is enabled The default is 0 if you enable static CoS manually However if static CoS is enabled automatically as part of a Vocera service profile the default is 7 highest priority CAC Mode Call Admissi...

Page 258: ...fies how many seconds MSS waits after a Web Portal client enters the Disassociated state before terminating the client s session This can be useful if you want to allow a client connecting through Web Portal WebAAA to enter standby or hibernation mode then be able to resume its session after waking up without having to log in again You can specify from 5 seconds up to 2800 seconds a little over 46...

Page 259: ... the specified mandatory rates The valid rates depend on the radio type 802 11a 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 802 11b 1 0 2 0 5 5 11 0 802 11g 1 0 2 0 5 5 6 0 9 0 11 0 12 0 18 0 24 0 36 0 48 0 54 0 The default depends on the radio type 802 11a 6 0 12 0 and 24 0 802 11b 1 0 and 2 0 802 11g 1 0 2 0 5 5 and 11 0 Supported rates Rates that are not mandatory but that the radio can nonetheless u...

Page 260: ...downloaded rather than waiting for the security checks to be run Remediation ACL ACL to be applied to a client if it fails the checks performed by the SODA agent Failure Page Name of the web page served to the user s browser if the user s computer fails one of the SODA agent checks Success Page Name of the web page served to the user s browser when the user s computer successfully completes all th...

Page 261: ...rvice profile is configured 2 Click on the plus sign next to AAA 3 Select the type of access rule assigned to the service profile 802 1X Access Rules for 802 1 service profiles MAC Access Rules for Voice service profiles Web Access Rules for Web Portal WebAAA service profiles Last Resort Access Rules for Open service profiles For a custom service profile the option to select depends on the access ...

Page 262: ... List panel 3 To configure encryption settings and access rules select one of the following in the Task List panel and go to Modifying Encryption Settings 802 1X Access MAC Access used for voice Web Portal Access Open Access To configure access rules only select Access Rules and go to Modifying Access Rules on page 264 Modifying Encryption Settings 1 Select the security modes you want the SSID to ...

Page 263: ...AN later when configuring the access rules you can leave the VLAN Name box blank 10 Click Next If the access type is Web Portal the ACEs ACL rules that 3WXM will configure for the Web Portal service are listed The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated These ACEs are used only during authentication After the user is authenticate...

Page 264: ... b Select one of the following in the Task List panel 802 1X Access MAC Access used for voice Web Portal Access Open Access Access Rules c If you selected Access Rules go to step 2 Otherwise click Next to advance through the wizard until you reach the Access Rules Configuration page 2 To create a new rule click Create Specify the user glob or MAC address glob For syntax information see Access Rule...

Page 265: ...an s coverage area and configured the WX switches with the information in the floor plan If you create a new radio profile while configuring a coverage area for a floor 3WXM automatically copies the new profile to the domain policy of the Mobility Domain selected for the coverage area Later when you configure WX switches in the Mobility Domain using the information in the floor plan 3WXM also copi...

Page 266: ...ick Move The radios are removed from the radio profile they are currently in and added to the new profile 5 Click Next 6 To map the radio profile to a service profile select the service profile in the Available Service Profiles list and click Add 7 Click Finish Moving Radios Back to the Default Radio Profile To move radios back to the default radio profile 1 Access the Radio Profiles table a Selec...

Page 267: ...asures This is the default All Radios use countermeasures against devices classified by MSS as rogues and against devices classified by MSS as interfering devices A rogue is a device that is in the 3Com network but does not belong there An interfering device is not part of the 3Com network but also is not a rogue MSS classifies a device as an interfering device if no client connected to the device...

Page 268: ...h the MAP advertises its SSIDs You can specify from 25 to 8191 milliseconds ms The default is 100 ms DTIM Period Number of beacons 1 to 31 the MAP transmits before transmitting the multicast and broadcast frames stored in its buffers The default is 1 Fragment Threshold Frame length 256 to 2346 bytes at which the long retry count is applicable instead of the short retry count The default is 2 346 b...

Page 269: ...he default channel interval is 3600 seconds 3Com recommends that you use an interval of at least 300 seconds 5 minutes If you set the interval to 0 RF Auto Tuning does not reevaluate the channel at regular intervals However RF Auto Tuning can still change the channel in response to RF anomalies Tx Power Tuning Interval Interval at which RF Auto Tuning decides whether to change the power level on r...

Page 270: ...emove the mapping between the radio profile and a service profile select the service profile in the Current Service Profiles list Click Remove to move the profile name to the Available Service Profiles list Radio Selection Tab The Radio Selection Tab lists the radios managed by the radio profile A radio can be managed by only one radio profile To add a radio to the radio profile select the radio i...

Page 271: ... MAPs A Distributed MAP that does not have a configuration on a WX switch can receive its configuration from the Auto DAP profile instead The Auto DAP profile assigns a Distributed MAP number and name to the MAP from among the unused valid MAP numbers available on the switch The Auto DAP profile also configures the MAP with the MAP and radio parameter settings in the profile The MAP and radio para...

Page 272: ...to a single MAP for booting configuration and data transfer You can set a Distributed MAP s bias to be low or high A configuration with a high bias has priority over a configuration for the same MAP with low bias The default is High If the bias for all connections is the same the MAP selects the switch that has the greatest capacity to add more active MAPs For example if a MAP is dual homed to two...

Page 273: ...b To change the minimum transmit data rate for 802 11b g clients or 802 11a clients associated with the radio select the rate from the drop down list in the Client Data Rate column By default a radio does not lower the transmit data rate for any client below the following values 5 5 Mbps for 802 11b g clients 24 Mbps for 802 11a clients c To change the maximum percentage of client retransmissions ...

Page 274: ...o the WX port The WX 10 100 port provides PoE to the MAP The WX also forwards data only to and from the configured MAP on that port The port numbers on the WX configured for directly attached MAPs reference a particular MAP A MAP that is not directly connected to a WX is considered a Distributed MAP There may be intermediate Layer 2 switches or Layer 3 IP routers between the WX and MAP The WX may ...

Page 275: ...a WX or indirectly through other Layer 2 or Layer 3 wired networking devices Configure a Distributed MAP for each indirectly connected MAP Table 20 lists how many MAPs you can configure on a WX switch and how many MAPs a switch can boot The numbers are for directly connected and Distributed MAPs combined For a MAP that is directly connected to the WX configure a MAP port instead For information se...

Page 276: ... hexadecimal number of the MAP s encryption fingerprint Use either of the following formats 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff 00 1122 3344 5566 7788 99aa bbcc ddee ff00 A MAP s fingerprint is the hash value of the MAP s public encryption key The fingerprint is displayed on a label on the back of the MAP and is labeled RSA key If the MAP is already installed and operating use the CLI com...

Page 277: ...02 11 wireless users A MAP can connect to the wired network through a direct 10 100 Ethernet connection to a WX or indirectly through other Layer 2 or Layer 3 wired networking devices Configure a MAP port for each directly connected MAP Table 21 lists how many MAPs you can configure on a WX switch and how many MAPs a switch can boot The numbers are for directly connected and Distributed MAPs combi...

Page 278: ... configured member of a VLAN the port is removed from the VLAN 4 Click Next 5 Select the MAP model from the MAP Model list 6 To select the radio type for a single radio model click the MAP Radio Type box and select the radio type from the list 11a 802 11a 11b 802 11b only 11g 802 11b g 7 Click Next The non editable number 1 or 2 indicates the radio number on the MAP 8 To select the radio type for ...

Page 279: ...he switch even if they do not have encryption keys or their keys have not been verified by an administrator Encryption is used for MAPs that support it Require Distributed MAPs can be managed by the switch only if they have encryption keys and their keys have been verified by an administrator If a MAP does not have an encryption key or the key has not been verified the WX does not establish a mana...

Page 280: ...test capacity to add more active MAPs For example if a MAP is dual homed to two WX4400 switches and one of the switches has 50 active MAPs while the other switch has 60 active MAPs the new MAP selects the switch that has only 50 active MAPs Bias applies only to WX switches that are indirectly attached to the MAP through an intermediate Layer 2 or Layer 3 network A MAP always attempts to boot on MA...

Page 281: ...the MAP right click and select Edit Properties from the drop down list to display the Modify MAP or Modify DAP wizard In the wizard click the tab for the radio to display its configuration page edit the value in the Antenna Direction box and click OK 3WXM assumes that the external antenna will be installed so that the front faces in the direction of coverage not up or down and so that the antenna ...

Page 282: ...m rate with an associated client The valid values depend on the radio type All values are in Mbps For 802 11g radios 54 48 36 24 18 12 11 9 6 5 5 2 or 1 For 802 11b radios 11 5 5 2 or 1 For 802 11a radios 54 48 36 24 18 12 9 or 6 The default minimum data transmit rate depends on the radio type The default minimum data rate for 802 11b g and 802 11b radios is 5 5 Mbps The default minimum data rate ...

Page 283: ...r a radio select the radio and click Properties Changing Radio Settings To change radio settings 1 Access the radio table a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select Radios 2 To change basic radio settings select the new values in the table To change more advanced features select the r...

Page 284: ...Detecting and Combatting Rogue Devices on page 459 To convert a rogue into a third party AP see Converting a Rogue into a Third Party AP on page 473 Viewing RF Detection Settings To view RF detection settings 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to Wireless 4 Select RF Detection The RF detection set...

Page 285: ...st 10 Click OK Adding an Entry to the Permitted SSID List To add an entry to the permitted SSID list 1 Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Type the SSID name in the SSID box 3 Click OK Adding an Entry to the Ignore List To add an ...

Page 286: ...n next to the WX switch c Click the plus sign next to Wireless d Select RF Detection 2 Edit the MAC address in the Client MAC Address box 3 Click OK Enabling Countermeasures To enable countermeasures 1 Access the RF detection settings a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to Wireless d Select RF Dete...

Page 287: ...measures the radio is disabled for use by network traffic until the radio finishes sending the countermeasures Configured Configures radios to attack only devices specified in the attack list on the switch on demand countermeasures When this option is used devices found to be rogues by other means such as policy violations or by determining that the device is providing connectivity to the wired ne...

Page 288: ...288 CHAPTER 7 CONFIGURING WIRELESS PARAMETERS ...

Page 289: ...A for clients of third party APs Location policies for overriding authorization parameters assigned by AAA to network clients Mobility profiles for controlling network client access to specific MAP ports Distributed MAPs or wired authentication ports Creating and Managing Users in the Local User Database The WX switch contains a local database that can store user information for a 3Com Mobility Sy...

Page 290: ...ou can configure authorization attributes for users Authorization attributes specify the network resources the user can access The most commonly used attribute is VLAN Name which specifies the VLAN to place the user in after they are authorized You can configure authorization attributes for individual users and for user groups When you configure attributes for a user group the attribute settings a...

Page 291: ...ser group If you do select a user group you only need to specify a password for the user All other attributes are obtained from the user group 5 To set authorization attributes for the user click Next and go to step 6 6 In the VLAN Name box select or type the name of the VLAN that the user belongs to 1 to 16 alphanumeric characters with no spaces or tabs The WX switch will authorize the user for t...

Page 292: ...attributes in another way such as configuring default AAA attribute values for the SSID the user will access click Finish 3 In the VLAN Name box select or type the VLAN that the user group belongs to 1 to 16 alphanumeric characters with no spaces or tabs The WX switch will authorize the users in this group for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page 208 4 ...

Page 293: ...igured 4 To set authorization attributes for the user click Next and go to step 5 Otherwise if you plan to set authorization attributes in another way such as adding the user to a group or configuring default AAA attribute values for the SSID the user will access click Finish 5 In the VLAN Name box select or type the name of the VLAN that the user device belongs to 1 to 16 alphanumeric characters ...

Page 294: ...ization attributes in another way such as configuring default AAA attribute values for the SSID the user will access click Finish 4 In the VLAN Name box select or type the VLAN that the group belongs to 1 to 16 alphanumeric characters with no spaces or tabs The WX switch will authorize the MAC users in this group for that VLAN For more information on VLANs see Viewing and Configuring VLANs on page...

Page 295: ... access by the client Clients who attempt to use an unauthorized encryption method are rejected Encryption Type is a 3Com vendor specific attribute VSA The vendor ID is 43 and the vendor type is 3 One of the following numbers that identifies an encryption algorithm 1 AES_CCM Advanced Encryption Standard using Counter with CBC MAC 2 Reserved 4 TKIP Temporal Key Integrity Protocol 8 WEP_104 the defa...

Page 296: ...e RADIUS server Regardless of whether the attributes are defined locally or on a RADIUS server the ACLs must already be configured on the WX switch For more information see Mapping an ACL on page 230 idle timeout This option is not implemented in the current MSS version mobility profile network access mode only Mobility Profile attribute for the user For more information see Viewing and Changing M...

Page 297: ...strative The RADIUS server can reply with one of the values listed above If the service type is not set on the RADIUS server administrative users receive NAS Prompt access and network users receive Framed access Note MSS will quietly accept Callback Framed but you cannot select this access type in MSS session timeout network access mode only Maximum number of seconds for the user s session Number ...

Page 298: ... unless the attempt to access the network occurs at or after the specified date and time but before the end date if specified Date and time in the following format YY MM DD HH MM You can use start date alone or with end date You also can use start date end date or both in conjunction with time of day Table 22 Authentication Attributes for Local Users continued Attribute Description Valid Value s ...

Page 299: ...ations required and a time range in hhmm hhmm 4 digit 24 hour format optional mo Monday tu Tuesday we Wednesday th Thursday fr Friday sa Saturday su Sunday wk Any day between Monday and Friday Separate values or a series of ranges except time ranges with commas or a vertical bar Do not use spaces The maximum number of characters is 253 For example to allow access only on Tuesdays and Thursdays bet...

Page 300: ...switch to authenticate users 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network For information about the RADIUS attributes supported by MSS see the Wireless LAN Switch and Controller Configuration Guide url network access mode only URL to which the user is redirected after successful WebAAA Web URL in standard format For example http www example com You...

Page 301: ...ect RADIUS Server 2 In the Name box type the name of an existing RADIUS server 1 to 64 alphanumeric characters with no spaces or tabs Do not use the same name for a RADIUS server and a RADIUS server group 3 In the IP Address box type the IP address for the RADIUS server in dotted decimal notation 3WXM suggests the name of a server group to place the server in The server group is required because A...

Page 302: ...paces or tabs Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last resort users neither of which have a regular username or password The default authorization password is 3Com Changing the password applies both to MAC users and to last resort users All MAC address authenticated users or last resort users must share the sa...

Page 303: ...rvers in the Available RADIUS Servers list and click Add 6 To reorder the servers select a server and click Up or Down If load balancing is enabled the first AAA request goes to the first RADIUS server in the list The second AAA request goes to the second RADIUS server in the list and so on until the end of the list is reached after which the first server in the list is used again Any server that ...

Page 304: ...est The default is 3 4 In the Dead Time box specify the amount of time 0 to 1440 minutes that must elapse before the WX switch attempts to reach an unresponsive RADIUS server The default is 0 minutes When the dead time is set to 0 and there are two or more RADIUS servers in a RADIUS server group authentication starts with the first server in the group unless there are two or more RADIUS servers an...

Page 305: ...gs The IEEE 802 1X standard provides an authentication framework that supports a variety of methods for authenticating and authorizing network access for wired or wireless users You can configure 802 1X authentication parameters for an individual WX or for a domain policy CAUTION 802 1X parameter settings are global for all SSIDs configured on the switch Viewing Global 802 1X Settings To view glob...

Page 306: ...Timeout box The default is 30 seconds 6 To specify the number of seconds before the WX switch times out a request to an authentication server specify the timeout value 1 to 65 535 seconds in the Authentication Server Timeout box The default is 30 seconds 7 To set the maximum number of times the WX switch retransmits an EAP request to the client before timing out the authentication session specify ...

Page 307: ...tication Period box The default is 3600 seconds one hour MSS reauthenticates dynamic WEP clients based on the reauthentication timer MSS also reauthenticates WPA clients if the clients use the WEP 40 or WEP 104 cipher For each dynamic WEP client or WPA client using a WEP cipher the reauthentication timer is set to the lesser of the global setting or the value returned by the AAA server with the re...

Page 308: ...n MSS For detailed information see the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing 802 1X Network Access Rules To view 802 1X network access rules 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to AAA 4 Select 802 1X Access Rules The configur...

Page 309: ...anumeric characters with no spaces or tabs The format of a user glob depends on the client type and EAP method For Windows domain clients using Protected EAP PEAP the user glob is in the format Windows_domain_name username The Windows domain name is the NetBIOS domain name and must be specified in capital letters For example EXAMPLE sydney or EXAMPLE which specifies all usernames whose usernames c...

Page 310: ...with RADIUS server authentication requires user information to be in the switch s local database Pass Through No protocol is used by the WX 3Com Mobility System Software MSS sends the EAP processing to a RADIUS server If you select PEAP the EAP Sub Protocol is MS CHAPV2 For other protocols there is no the EAP Sub Protocol to select 6 Click Next 7 If the authentication rule is disabled select Enabl...

Page 311: ...ion methods you select are also used for authorization 9 Click Next 10 To enable an accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration 11 Select one of the following record options Select Start Stop to specify that records are sent at the start of a session and the end of a...

Page 312: ...ch can be Web Open Access last resort or none This section assumes that you are familiar with the AAA options in MSS For detailed information see the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing MAC Network Access Rules To view MAC network access rules 1 Select the Configuration tool bar option 2 In the Organizer panel click the pl...

Page 313: ...access any SSID 3 In the User Glob box type a full or partial username to be matched during authentication MAC addresses must be specified with colons as the delimiters for example 00 11 22 33 44 55 You can use wildcards by specifying an asterisk in MAC addresses The following lists examples of using wildcards in MAC addresses all MAC addresses 00 00 01 00 01 02 00 01 02 03 00 01 02 03 04 00 01 02...

Page 314: ...empted with a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 7 Click Next 8 To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration 9 Select one of the following record options Select ...

Page 315: ...b or MAC address glob in an 802 1X or MAC access rule and the rule also matches on the SSID or wired authentication port through which the user is trying to access the network In this case the 802 1X or MAC rule is used instead Web Portal WebAAA replaces the WebAAA implementation in MSS Version 3 x The previous implementation is deprecated beginning in MSS Version 4 0 During upgrade from MSS Versi...

Page 316: ... is for access through a wired authentication port select Wired CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the authentication rule allows clients who match the userglob to access any SSID 3 Type the userglob that is allowed to use Web AAA to access the SSID or wired authentication port A user glob is a string contain...

Page 317: ...r both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server no authentication and authorization are attempted with the other methods specified in the list If you specify LOCAL as the first method and...

Page 318: ...s chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing Last Resort Network Access Rules To view last resort network access rules 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to AAA 4 Select Last Resort Access Rules The configured last resort network access rules appear Creating a La...

Page 319: ...add it to the switch s configuration 5 Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Grou...

Page 320: ...the same as those for authentication methods See step 5 10 Click Finish Viewing and Configuring WX Administrator Access Rules MSS supports administrative access to a WX switch through the serial console port or through the network Connections through the network use Telnet or SSH This section assumes that you are familiar with the AAA options for administrative access For detailed information see ...

Page 321: ...e Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for user information to authenticate users You can select a RADIUS server group LOCAL the switch s local user database or both MSS tries the methods in the order they appear in the Current RADIUS Server Groups list To reorder the methods select a method and click Up or Down If you spec...

Page 322: ...5 10 Click Finish Creating an Access Rule for Telnet or SSH Access To create an access rule for Telnet or SSH access 1 Access the Create Admin User wizard a Select the Configuration tool bar option b In the Organizer panel click the plus sign next to the WX switch c Click the plus sign next to AAA d Select Admin Access Rules e In the Task List panel select Admin Access 2 Type the userglob that is ...

Page 323: ... a RADIUS server group if one is defined in the method list The authentication methods you select are also used for authorization 6 Click Next 7 To enable this accounting rule for the SSID select Enabled By default accounting rules you configure in 3WXM are disabled which means 3WXM does not add the rules to the switch s configuration 8 Select one of the following record options Select Start Stop ...

Page 324: ...e third party AP For information about configuration requirements on the third party AP see the Configuring AAA for Users of Third Party APs section in the Configuring AAA for Network Users chapter of the Wireless LAN Switch and Controller Configuration Guide Viewing Settings for Third Party AP AAA Support To view settings for third party AP AAA support 1 Select the Configuration tool bar option 2...

Page 325: ...com 3 Optionally edit the name in the SSID box CAUTION The default SSID name any matches on all SSID names If the SSID box contains any and you do not change the SSID name the rule allows clients who match the userglob to access any SSID 4 Select the authentication method s in the Available RADIUS Server Groups list and click Add An authentication method specifies where the switch will look for us...

Page 326: ...hentication Port box 4 To change the UDP port number on which the WX switch will listen for RADIUS stop accounting records from the AP edit the number in the Accounting Port box 5 Type the key which is the shared secret configured on the RADIUS servers MSS uses the shared secret to authenticate and encrypt RADIUS communication 6 Click Finish Specifying the WX Port Connected to the Third Party AP T...

Page 327: ...hange the Filter Id and VLAN Name authorization attributes obtained from AAA Conditions within a rule are ANDed All conditions in the rule must match in order for MSS to take the specified action If the location policy contains multiple rules MSS compares the user information to the rules one at a time in the order the rules appear in the switch s configuration file beginning with the rule at the ...

Page 328: ...d user glob In the User Glob box type the user glob for the users to which the location policy does not apply Type the user glob in the box When specifying a user glob enter a username a double asterisk wildcard character to specify all usernames or a single asterisk wildcard character to specify a set of usernames up to or following the first delimiter character either an at sign or a period 5 To...

Page 329: ...rule are matched If you select Deny go to step 14 12 In the In ACL Name box type the name of the input ACL that applies if the location policy rules are matched The ACL name can be 1 to 32 alphanumeric characters with no spaces or tabs The name can include hyphens underscores _ or periods ACL names are case sensitive and must begin with a letter Do not include any of the following terms in the nam...

Page 330: ...IUS server You assign the name of the Mobility Profile by using the Mobility Profile RADIUS attribute which is a 3Com vendor specific attribute VSA Viewing Mobility Profiles To view mobility profiles 1 Select the Configuration tool bar option 2 In the Organizer panel click the plus sign next to the WX switch 3 Click the plus sign next to AAA 4 Select Mobility Profiles The configured Mobility Profi...

Page 331: ...select Selected select the individual ports in the Available Physical Ports list and click Add 5 Click Next 6 In the Distributed MAPs drop down list select the Distributed MAPs to include in the Mobility Profile All Include all Distributed MAPs Selected Include a selected list of Distributed MAPs None Include no Distributed MAPs If you select Selected select the individual MAPs in the Available Di...

Page 332: ...332 CHAPTER 8 CONFIGURING AUTHENTICATION AUTHORIZATION AND ACCOUNTING PARAMETERS ...

Page 333: ... config then sending the switch to the remote office The switch contacts 3WXM Services in the corporate network to complete its configuration The drop ship option is supported only for the WXR100 The staged option is supported for all switch models Both options require 3WXM Services If you know a switch s serial number you can create a complete configuration for the switch in 3WXM When the switch ...

Page 334: ...at the remote office where the switch is delivered physically installs the switch by connecting port 1 to the network If the switch will manage a directly connected MAP the MAP needs to be physically installed and connected by an Ethernet cable to port 2 If Distributed MAPs will be managed these also must be physically installed connected to the network by Ethernet cables and connected to Power ov...

Page 335: ...e installed The WXR100 sends a configuration request to 3WXM Services 8 3WXM receives the configuration request and looks in the currently selected network plan for a WXR100 configuration with the same serial number as the one in the configuration request If the network plan contains a configuration with a matching serial number 3WXM deploys the configuration to the switch See Preconfiguring a Swi...

Page 336: ...s recommended if DNS is available If DNS is available an entry must be added to the DNS server that maps the IP address of the host where 3WXM Service are installed to the well known hostname wlan config srv Otherwise an IP alias can be configured on the switch itself to map the address to the hostname 2 The preconfigured switch is shipped to the remote office where it will be deployed 3 Someone a...

Page 337: ...fication tab The warning lists the switch s serial number and IP address The network administrator can upload the switch into the network plan configure switch parameters and deploy the configuration to the switch See Uploading a Partially Configured Switch and Completing its Configuration with 3WXM on page 343 3WXM Requirements 3WXM must be installed and 3WXM Services must be running The 3WXM Ser...

Page 338: ...ou can statically configure the information The IP address and DNS information are configured independently You can configure the combination of settings that work with the network resources available at the deployment site The following examples show some of the combinations you can configure If DNS is available an entry must be added to the DNS server that maps the IP address of the host where 3...

Page 339: ... well known hostname wlan config srv 1 Configure a VLAN WX1200 set vlan 1 port 7 success change accepted 2 Configure an IP interface on the VLAN WX1200 set interface 1 ip 192 168 1 252 255 255 255 0 success change accepted 3 Configure a default route through the local gateway WX1200 set ip route default 192 168 1 1 1 success change accepted 4 Configure the default DNS domain name WX1200 set ip dns...

Page 340: ... ip 192 168 1 252 255 255 255 0 success change accepted 3 Configure a default route through the local gateway WX1200 set ip route default 192 168 1 1 0 success change accepted 4 Configure the default DNS domain name WX1200 set ip dns domain example com Domain name changed 5 Configure DNS server information WX1200 set ip dns server 192 168 11 2 6 Enable the MSS DNS client WX1200 set ip dns server e...

Page 341: ...switch overrides the DNS configuration from the DHCP server 1 Configure a VLAN WX4400 set vlan 1 port 7 success change accepted 2 Enable the DHCP client on VLAN 1 WX4400 set interface 1 ip dhcp client enable success change accepted 3 Configure the default DNS domain name WX4400 set ip dns domain examplecorp com Domain name changed 4 Configure DNS server information WX4400 set ip dns server 192 168...

Page 342: ...on b In the Organizer panel select the network plan name c In the Task List panel select Create Wireless Switch 10 Enter a name for the switch in the WX Name box 11 Select the switch model 12 Enter the serial number in the Serial Number box 13 Configure other parameters as required for the switch s deployment You can configure an enable password for the switch even if it does not already have one ...

Page 343: ...ype the Enable password if one is configured on the switch If an Enable password has not been configured yet leave the Enable Password box blank 6 Click Finish 3WXM uploads the configuration file from the switch into the network plan The switch appears in the Equipment section of the Organizer panel 7 Select the Configuration tab on the 3WXM tool bar 8 Select the WX switch 9 Create or modify param...

Page 344: ...h replacement works only under the following conditions The new switch must be the same model as the one being replaced The new switch must run the same major MSS version for example 4 1 x as the one being replaced For models other than the WXR100 the new switch must be pre staged by a network administrator See Staging a WX Switch for Configuration by 3WXM on page 338 The new switch must send its ...

Page 345: ...prestaged 5 3WXM finds a switch configuration that matches the model and MSS version and has a management interface in the same subnet as the new switch 3WXM also notices that the serial number of the new switch does not match the serial number in the switch configuration in 3WXM However because the Auto Config IP Subnet Matching option is enabled 3WXM does not reject the configuration request Ena...

Page 346: ...o indicate the switch port numbers to which they are connected you might want to label them before unplugging them 3 Plug the network cables into the new switch 4 Plug the power cord into the new switch 5 Perform this step only if the switch is a WXR100 and was not prestaged by your network administrator While the switch is powering on insert a paperclip or similar object into the WXR100 s Fn hole...

Page 347: ... File Management Options in 3WXM Option Description Upload configuration Creates a new WX switch in a network plan by copying the configuration file from the live switch in the network See Adding a Switch by Uploading its Configuration from the Network on page 165 Configure and apply policies Applies configuration settings from policies to a single switch or multiple switches See Configuring and A...

Page 348: ...he differences and either deploy the new changes to synchronize the configurations or undo the changes See Synchronizing Local and Network Changes on page 352 Save image in repository Adds a WX system image to a repository When you distribute images and configuration files you can select an image from the repository See Using the Image Repository on page 356 Distribute System Images Applies softwa...

Page 349: ...Deploying Switch Configuration Changes on page 354 Schedule Deploy Schedule configuration changes to be sent from 3WXM to the same switch in the network Deploying Switch Configuration Changes on page 354 Undo Remove the changes from the switch in the network plan See Undoing Local or Network Changes on page 353 Network Changes Review Display the configuration changes that have occurred in the netw...

Page 350: ...ls a scheduled task such as an image deployment See Canceling a Scheduled Operation on page 360 Device Operations Images Image Install Install the selected MSS image onto WX switches See Distributing System Images on page 356 Schedule Install Schedule installation of the selected MSS image onto WX switches in the future See Distributing System Images on page 357 Image Repository Opens the Image Re...

Page 351: ... Switch by 3WXM on page 359 Distribute Certificates Install a certificate from a PKCS 12 file onto WX switches See Distributing Certificates to WX Switches on page 374 Other Upload WX Add a WX switch to the network plan by copying its configuration from a live switch in the network See Adding a Switch by Uploading its Configuration from the Network on page 165 View Operation Log Lists the tasks pe...

Page 352: ...work Status columns indicate where changes have occurred Reviewing Switch Configuration Changes To review switch configuration changes 1 Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking 4 In the Local...

Page 353: ...hes while clicking 4 In the Task List panel in the Network Changes group click Accept The status is shown in the Network Status and Local Status columns Undoing Local or Network Changes To undo local or network changes 1 Select the Devices tool bar option 2 At the bottom of the Task List panel select Change Management 3 Select one or more WX switches To select multiple switches press Shift for con...

Page 354: ...To select multiple switches press Shift for contiguous switches or Control for noncontiguous switches while clicking 4 In the Local Changes group in the Task List panel click Deploy The Deploy Configurations dialog box appears The dialog lists the switches that have configuration changes 5 Select the switches to which you want to deploy the changes To select more than one WX click Shift while clic...

Page 355: ...ervices is installed 6 Click OK Synchronizing When the Network and 3WXM Have Nonmatching Changes If a WX switch in the network has configuration changes and the switch s counterpart in the network plan also has changes but the changes are different you still can synchronize the changes The Devices tab indicates that both the network and the network plan have nonmatching changes in the following wa...

Page 356: ...system image 1 Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Task List panel select Image Repository 4 Click Add Image The Add to Repository dialog box appears 5 Navigate to the directory containing the system image 6 Select the system image 7 Click Add to Repository The image is added to the image repository and appears in the Image Li...

Page 357: ... list select the WX switches onto which you want to install the image To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items 4 In the Task List panel select Image Install 5 Click on Select an Image to display the list of images in the repository 6 Select the image and click Install To schedule installation of an i...

Page 358: ...ift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items 4 In the Task List panel select Reboot WX and APs Information about the rebooting process is shown in the Status column 5 Click Close To reboot MAPs without rebooting the switch 1 Select the Devices tool bar option 2 At the bottom of the Task List panel select Device Operations 3 In the Managed...

Page 359: ...elect Device Operations 3 In the Managed Devices list select the WX switches you want to manage To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items 4 In the Task List panel select Manage Device To disable management of switches by 3WXM 1 Select the Devices tool bar option 2 At the bottom of the Task List panel ...

Page 360: ...anaged Devices list select the WX switches with scheduled tasks you want to cancel To select more than one WX click Shift while clicking to select contiguous items or click Ctrl while clicking to select noncontiguous items 4 In the Task List panel select Cancel Scheduled Operation The Deploy Status column in the Managed Devices table indicates that the operation has been canceled Table 26 Devices ...

Page 361: ...loy the switch to the network To enable 3WXM management of a switch see Modifying Basic Switch Parameters on page 172 To import a configuration 1 In the main 3WXM window select File Import The Import Configurations dialog box appears 2 In the Import Into Mobility Domain group box select one of the following options Click Use File Info to import the configuration information using the Mobility Doma...

Page 362: ...e output directory and click Select 4 To overwrite previously exported configuration files select Overwrite Existing Files If you do not select this option you cannot export a configuration file with the same name as an existing file in the output directory You can rename the existing file or move the file to another directory 5 To have 3WXM create a backup copy of a previous configuration file se...

Page 363: ...onfiguration changes in the network make sure Enabled is selected next to Poll for configuration changes 4 To specify how often network checks occur specify the interval between checks from 1 to 1440 minutes 24 hours in the Interval box The default is 15 minutes 5 To be notified of network changes by a popup message select Prompt when network changes are detected To disable the popup message desel...

Page 364: ...364 CHAPTER 10 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS ...

Page 365: ... tab contains a Config Verification tab and a Network Verification tab The Config Verification tab shows errors and warnings for switch configuration information in 3WXM The Network Verification tab shows errors and warnings for configuration information in the network The errors and warnings can be for switch configuration items and for the monitoring service On each tab the Message column lists ...

Page 366: ...ation information that caused the error or warning The link appears in the Resolutions section of the tab under the Messages column When you click the edit link 3WXM opens the configuration wizard for the configuration item For example if you create a new WX switch called dang wxr100 but you do not specify the system IP address of the switch the error message System IP address is not assigned or i...

Page 367: ... rule for that error or warning You can disable rules on a per instance basis or globally for all instances If you disable a rule for a specific instance 3WXM stops alerting you about that particular instance but still uses the rule when evaluating other configuration items If you disable a rule for all instances 3WXM stops using that rule altogether when verifying a configuration Rules that are d...

Page 368: ...ploy or export configuration changes that cause error messages by default To change verification options 1 On the toolbar of the Verification tab click Options The Verification Options dialog box appears 2 Select the cases in which you want 3WXM to perform verification Verify changes only 3WXM performs verification only on configuration items that change instead of verifying the entire configurati...

Page 369: ...ers to sort alphabetically by rule class or by rule name You also can filter the display to show only the rules in a specific class To filter the rule list based on class a Click Filter By Class The rule list changes to list the rules in the selected class b Select a rule class from the listbox The list of rules changes to list the rules in the selected class In this example the selected rule clas...

Page 370: ...ou want to reenable Alternatively if you want to reenable all the disabled instances you can click on the checkbox in the Enabled column 7 Go to step 10 8 Click on the checkbox in the Enabled column The disable options become editable By default the Disable All Instances option is selected 9 To leave all instances disabled go to step 10 To disable only specific instances a Select Disable Selected ...

Page 371: ...WXM connects to 3WXM Services or a WX switch the administrative certificate is used to authenticate the service or WX switch and establish a secure connection If a WX switch does not already have certificates MSS automatically generates them the first time you boot using MSS Version 4 2 or later You do not need to install certificates unless you want to replace the ones automatically generated by ...

Page 372: ...hose connections too To process a certificate 1 If you do not want to see the Certificate Check dialog box each time 3WXM connects to a WX switch select one of the following options Always accept self signed certificates Use this option to configure the 3WXM client to always accept a self signed certificate from the 3WXM monitoring service and from WX switches Install this certificate to validate ...

Page 373: ...oolbar in the main 3WXM window 2 Select a certificate from the list and click Details You can also double click the certificate to see its details The Certificate Details dialog box appears listing the certificate information 3 Click Close 4 In the Certificate Management dialog box click Close Deleting Certificates To delete certificates follow these steps 1 Select Tools Certificate Management 2 S...

Page 374: ...g to select noncontiguous items 4 In the Task List panel select Distribute Certificates 5 Click Select PKCS12 File 6 Navigate to the PKCS 12 file and click Select PKCS12 File 7 In the PKCS12 Password box type the one time password used to authenticate the PKCS12 file The following characters cannot be used as part of the one time password of a PKCS 12 file quotation marks question mark ampersand T...

Page 375: ...olicy automatically receive the parameter settings in the policy However after you have associated a policy with at least one switch any changes you later make to the policy are not automatically applied to any switches To apply the changes you make to a policy to the switches associated with that policy you must explicitly reapply the policy to the switches Policies Created When You Migrate a 3 x...

Page 376: ... 3 To configure a policy for a specific switch model select the model from the WX Model Filter drop down list 4 To configure the policy to support an older version of 3WXM than is currently running select the version from the WX Version Filter drop down list 5 Click Next 6 Select the feature areas you want to set in the policy When you apply the policy to a switch all parameter settings from all t...

Page 377: ...which the policy change will apply 6 Only the settings you change from their default values are listed 7 After you review the changes click Close 8 Correct any changes if needed then go to Applying Policy Changes to Switches Applying Policy Changes to Switches To apply policy changes to WX switches 1 Select Apply in the Task List panel to apply the changes to WX switches that are already associate...

Page 378: ...Detection Settings on page 284 Viewing and Configuring Radio Profiles on page 265 RF Detection Detecting and Combatting Rogue Devices on page 459 AAA Features RADIUS Viewing and Configuring RADIUS Settings on page 300 Local User Database Creating and Managing Users in the Local User Database on page 289 Admin and Network Access Rules Viewing and Configuring WX Administrator Access Rules on page 32...

Page 379: ...n 3WXM window Event messages are displayed on top The bottom section allows you to filter the display By default only the messages generated by the 3WXM client are displayed Messages are displayed for all severities and for all log facilities Toolbar Options Table 29 lists the options on the Event tab s toolbar These options are in addition to the standard toolbar options See Tool Bar Options on p...

Page 380: ... by using predefined filters in 3WXM or by specifying filter criteria based on content facility or severity You can save specified filter criteria as a stored filter Using Predefined Event Filters To use predefined filters select one of the following from the Name list in the Stored Filters group box All Entries Shows all entries in the log 3WXM Shows only 3WXM client events Server Shows only 3WXM...

Page 381: ...d Select this option if you enter more than one string and want to see messages that contain all the strings contains at least one of the strings The filter looks for messages that contain one or more of the strings you entered Select this option if you enter more than one string and want to see messages that contain any of the strings 2 In the Message box type a word or exact phrase used in a mes...

Page 382: ...th and year Specify the starting time In the End box click the arrow to use the calendar to specify the day month and year Specify the end time 5 In the Show list select one of the following All To see all log entries Last To see a specified number of entries at the bottom of the log First To see a specified number of entries at the top of the log If you selected All go to step 7 Otherwise go to t...

Page 383: ...oblem exists Notice Events that potentially can cause system problems have occurred These are logged for diagnostic purposes Info Informational messages only No problems exist Debug Output from debugging By default all severity levels are selected Toggle the All checkbox to select or clear all severity levels 3 After selecting the severity levels to log click Apply to filter out the unwanted sever...

Page 384: ...the Stored Filters group box select the filter to be deleted 2 Click Delete The filter is deleted Exporting Filtered Data You can export the filtered data shown in Event Viewer to a comma delimited text csv file To export filtered data 1 In the Event tab s toolbar click The Export Data dialog appears 2 To specify a directory and name for the file click Choose 3 To overwrite existing files select O...

Page 385: ...cribes the reports you can generate with 3WXM Inventory Mobility Domain Configuration WX Configuration Client Summary Client Details Client Errors Watch List Client Network Usage RF Summary Radio Details Rogue Summary Site Survey Work Order ...

Page 386: ...ion WX Configuration Client monitoring reports Client Summary Client Details Client Errors Watch List Client RF reports Network Usage RF Summary Radio Details Rogue reports Rogue Details Rogue Summary RF Planning reports Site Survey Work Order When you generate a report you can specify the scope of the report and the location where 3WXM saves the report Some reports also have additional options 3W...

Page 387: ...n select the Mobility Domain 6 To select or change the output directory for the report click Choose navigate to the new directory and click Select 7 To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option 8 Click Generate 9 When the report is generated click the report link to view it Table 30 lists the ...

Page 388: ...nd click Select 6 To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option 7 Click Generate 8 When the report is generated click the report link to view it Table 31 lists the sections in the report Table 31 Mobility Domain Configuration Report Sections Section Description Wireless Switches Name model and ...

Page 389: ... type with this new report click next to Overwrite Existing Files to deselect this option 7 Click Generate 8 When the report is generated click the report link to view it Table 32 lists the sections in the report Table 32 WX Configuration Report Sections Section Description System Info Name system IP address software states of the management services and states of active RF scanning and countermea...

Page 390: ...obility Domain Wireless Switch Site Building Floor Coverage Area ACLs Access Control Lists ACLs configured on the WX switch APs Directly connected MAPs configured on the WX switch Distributed APs Distributed MAPs configured on the WX switch Radio Profiles Radio profiles configured on the WX switch Service Profiles Service profiles configured on the WX switch 802 1X 802 1X parameters configured on ...

Page 391: ... sections Session Summary Total Num Sessions Average SNR Average RSSI SSID Summary Access Type Summary Top Bandwidth Sessions Low RSSI Sessions Low SNR Sessions See Using the Client Monitor View on page 417 for information about the data columns in each section of the report Generating a Client Details Report The client details report lists details about current client sessions The data for this r...

Page 392: ...7 for each user you want to display details for 9 To select or change the output directory for the report click Choose navigate to the new directory and click Select 10 To prevent 3WXM from replacing an existing report of the same type with this new report click next to Overwrite Existing Files to deselect this option 11 Click Generate 12 When the report is generated click the report link to view ...

Page 393: ...ge Area 5 Select the instance for which you want the report For example if the scope is Building select the building 6 Select the time period for the report 1 Hour 24 Hours 7 Days 30 Days 7 To select or change the output directory for the report click Choose navigate to the new directory and click Select 8 To prevent 3WXM from replacing an existing report of the same type with this new report clic...

Page 394: ...6 Click on the Select field and select MAC Address 3WXM monitors the clients on the watch list by MAC address 7 Click on the Value field Erase the text in the field and type the MAC address of a client 8 Press Enter to complete the filter 9 Repeat step 5 through step 8 for each user you want to display details for 10 To select or change the output directory for the report click Choose navigate to ...

Page 395: ... be enabled See Changing Monitoring Settings on page 503 1 Select the Reports tool bar option 2 In the Report Category list select RF Reports 3 In the Reports list select Network Usage 4 Select the scope type of the report from the Report Scope Type drop down list Mobility Domain Wireless Switch Site Building Floor Coverage Area 5 Select the instance for which you want the report For example if th...

Page 396: ...summary RF statistics The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 503 1 Select the Reports tool bar option 2 In the Report Category list select RF Reports 3 In the Reports list select RF Summary 4 Select the scope type of the report from th...

Page 397: ...sts details about an individual radio The data for this report comes from 3WXM Services The Enable RF trending option located in the RF Monitor group box of the Monitoring Settings tab must be enabled See Changing Monitoring Settings on page 503 1 Select the Reports tool bar option 2 In the Report Category list select RF Reports 3 In the Reports list select Radio Details 4 Select the radio for whi...

Page 398: ...orts tool bar option 2 In the Report Category list select Rogue Reports 3 In the Reports list select Rogue Details 4 Click Add to add a report filter The filter configuration fields are activated 5 Click on the Select field and select MAC Address 6 Click on the Value field Erase the text in the field and type the BSSID of the rogue 7 Press Enter to complete the filter 8 Repeat step 4 through step ...

Page 399: ...pe type of the report from the Report Scope Type drop down list Mobility Domain Site Building Floor 5 Select the instance for which you want the report For example if the scope is Building select the building 6 Select the time period for the report 1 Hour 24 Hours 7 Days 30 Days 7 To specify the rogue type click on the Value field in the Report Filter area of the dialog and select one of the follo...

Page 400: ... survey order to be meaningful you must specify the line of site LOS points first See Importing RF Obstacle Data from a Site Survey on page 100 To generate a site survey order 1 Select the Reports tool bar option 2 In the Report Category list select RF Plan Reports 3 In the Reports list select Site Survey Order 4 Select the scope for the work order You can select the network plan a site a building...

Page 401: ...ation information and projected RSSI information that is useful when verifying the installation The work order has meaning only after you add planning information See Planning the 3Com Mobility System on page 71 1 Select the Reports tool bar option 2 In the Report Category list select RF Plan Reports 3 In the Reports list select Work Order 4 Select the scope for the work order You can select the n...

Page 402: ...ect 8 Click Generate 9 When the report is generated click View A browser window containing the report opens 10 Optionally select the floor 11 Click View Work Order The origin reference point used in work orders to indicate MAP placement is the upper left corner of the coverage area Typically this origin point will not match the origin point used on the floor plan itself ...

Page 403: ...rmation based on those traps The Monitor tab displays information retrieved from the 3WXM Services Information is presented in the following windows within the Monitor tab Explore Shows the operational status of 3Com equipment WX switches MAP access points and radios Status Summary Shows tables of basic information for the 3Com equipment Client Monitor Shows activity errors and session information...

Page 404: ...lan In addition SNMP traps must be enabled on the WX switches By default the 3WXM Services supplies data to all of the windows within the Monitoring tab This data is refreshed at regular intervals according to the polling interval configured for the 3WXM Services The default polling interval is 5 minutes You can optionally disable the 3WXM Services from supplying data to specified windows To confi...

Page 405: ... the scope of the object selected in the Equipment or Sites section of the Organizer panel If you select a Mobility Domain or WX switch 3WXM presents a link based view of the equipment You can hide or redisplay the MAP access point connections on a WX switch by clicking on the minus sign or plus sign in the right corner of the object Likewise you can hide or redisplay the WX switches in a Mobility...

Page 406: ...If you select a MAP access point radio wiring closet or coverage area in the Sites section of the Organizer panel the floor plan is displayed The floor plan is displayed only if you add the floor to the site information in the network plan ...

Page 407: ...s on the toolbar in the link display Table 33 Toolbar Options in Link Display of Explore View Icon Description Edit 3WXM preferences Configure 3WXM Services Launch Help Zoom in Zoom out Refresh the information Fit the view in the window Print the view displayed in the window Display link labels for WX switches ports buildings floors Show wired authentication ports A wired authentication port uses ...

Page 408: ... information Fit the view in the window Print the view displayed in the window Display link labels for MAPs Show RF Coverage Using Modifies display of wireless coverage based on one of the following Baseline association rate Data rate RSSI SNR by data rate Load by data rate SNR by RSSI bands Load by RSSI bands To display coverage click on the icon for the technology 802 11a 802 11b or 802 11g Chan...

Page 409: ... 3WXM Services See Changing 3WXM Services Preferences on page 493 For example a red flag next to a MAP might indicate that the threshold for the number of active clients on a MAP has been crossed Show 802 11b coverage Show 802 11g coverage Hide the 802 11 coverage Take an RF measurement Display the view in reverse video Table 34 Toolbar Options in Floor Display of Explore View continued Icon Descr...

Page 410: ...atistic whose threshold was crossed In the example below the WX switch has a higher signal to noise ratio SNR than specified for the threshold Double click on the object with the red flag to drill down to even more detailed information In the example below the client counts for each MAP being actively managed by the switch are displayed ...

Page 411: ...Using the Explore Window 411 When a red flag appears in the Explore view the column for the statistic whose threshold was exceeded also turns red in the RF Trends view ...

Page 412: ...atus for a Mobility Domain and you want to display information for a specific WX switch double click on the switch Displaying 802 11 Coverage When a floor view is displayed in the Explore view you can display 802 11 coverage for the floor To display coverage select MAPs then click on one or more of the following icons on the Explore view s toolbar Here is an example of the 802 11g coverage of a MA...

Page 413: ...to indicate the values represented by each color Table 35 Coverage Display Options in Explore Window Display Option Description Baseline association rate Coverage is shown based on the MAP radio s baseline association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a c...

Page 414: ...he floor plan display of the Explore view click on the window s toolbar RF measurement options appear on the left 2 In the RSSI Options box select display options for the dialog box To list access points that cannot be detected from this RF measurement point select Show Unreachable MAPs To list disabled access points select Show Disabled MAPs 3 Click on a spot on the floor plan RF measurements for...

Page 415: ...Y direction from the 0 0 coordinate the upper left corner of the panel Show Unreachable MAPs Show MAP access points that are too far away to accurately measure signal strength Show Disabled MAPs Show all disabled MAP access points MAP AP MAP or third party access points detected Distance Feet Distance between MAP and RF measurement point Channel Channel of the MAP or third party access point RSSI ...

Page 416: ... new measurement point The measurement data is immediately updated for the new measurement point Using the Status Summary View The Status Summary view shows the operational status of 3Com equipment WX switches their MAPs and MAP radios The Status column shows the equipment status using the same colors as the Explore view Additional information is displayed for each equipment type ...

Page 417: ...ata is accumulated from up to 1000 traps at which point the oldest traps are discarded to make way for new traps Toolbar Options Table 37 lists the options on the toolbar in the Client Monitor view Table 37 Toolbar Options in Client Monitor View Option Description Edit 3WXM preferences Configure 3WXM Services Launch Help Refreshes the data by immediately polling 3WXM Services when you click the ic...

Page 418: ...building within a Site is selected a row of data is displayed for each floor in the building If a floor is selected a row of data is displayed for each coverage area within the floor If a WX switch MAP or radio is selected SNMP traps reported to the 3WXM Services for that device are displayed Data Displayed When a Mobility Domain or Site is Selected When a Mobility Domain is selected in the Organi...

Page 419: ... Client Activity Columns When a Mobility Domain is Selected Option Description Scope Scope of the data displayed in the row For a Mobility Domain the scope for each row in the Client Activity tab is always a WX switch The down arrow in front of the WX switch name indicates that you can double click on the arrow to change the scope in the Status Summary and Explore windows to display information sp...

Page 420: ...equested by the client is not enabled or not supported on the radio A static WEP key is required but the client did not present the correct key Session load balancing is enabled on the MAP and the MAP s maximum session count has already been reached The client is requesting a different SSID than the one for which they have been authenticated and are authorized The client is already associated with...

Page 421: ...vity trap generated by the selected device Associations Number of times a client associated with a radio on this WX switch De Associations Number of times a client de associated from a radio on this WX switch Roams Number of times a client roamed to a new MAP access point either on the same WX switch or another WX switch Clears Number of times a client session was cleared Table 38 Client Activity ...

Page 422: ...ed Option Description Event Type Type of SNMP trap Association Failure ClientAssociationFailure trap Authentication Failure ClientAuthenticationFailure trap Authorization Failure ClientAuthorizationFailure trap Authorization Successful ClientAuthorizationSuccess trap Clear ClientCleared trap Disassociation ClientDeAssociation trap Dot1x Failure ClientDot1xFailure trap Roam ClientRoaming trap Time ...

Page 423: ...and radio that were dealing with the client SSID SSID the client was requesting Failure Cause Description Cause of the failure Table 41 Activity Details for Authentication Failure Column Description User Name Username of the client MAC Address MAC address of the client Auth Protocol Type 802 1X protocol used to authenticate the client EAP TLS MD5 NONE PASS THROUGH PEAP Authentication Failure Cause...

Page 424: ...was using a RADIUS server to authenticate the client SSID SSID the client was requesting Failure Cause Description Cause of the failure Table 42 Activity Details for Authorization Failure Column Description User Name Username of the client MAC Address MAC address of the client Auth Protocol Type 802 1X protocol used to authenticate the client EAP TLS MD5 NONE PASS THROUGH PEAP N A Location Policy ...

Page 425: ... address of the WX switch that was attempting to authenticate the client Note The system IP address is listed even if the switch was using a RADIUS server to authenticate the client SSID SSID the client was requesting User Parameters User attributes if set to values other than null Failure Cause Description Cause of the failure Table 43 Activity Details for Authorization Successful Column Descript...

Page 426: ...ed User is disassociated from the MAP Roaming_away User is roaming a connection in the new location is established Updated_to_roam User is roaming Session statistics have been collected and will be transmitted to the new location Web_authing User is being authenticated by WebAAA Wired User is being authenticated using an 802 11 protocol on a wired authentication port Clearing User session is being...

Page 427: ...tion Mobility Domain WX switch MAP and radio that were dealing with the client Table 45 Activity Details for Disassociation Column Description User Name Username of the client MAC Address MAC address of the client Client VLAN Name VLAN to which the client was assigned Auth Protocol Type 802 1X protocol used to authenticate the client EAP TLS MD5 NONE PASS THROUGH PEAP N A Client Location Mobility ...

Page 428: ...the client Auth Protocol Type 802 1X protocol used to authenticate the client EAP TLS MD5 NONE PASS THROUGH PEAP Client Location Mobility Domain WX switch MAP and radio that were dealing with the client Failure Cause Cause of the failure MAC Address MAC address of the client SSID SSID the client was requesting Dot1x State 802 1X state of the client administrative kill bad rsnie bonded auth failure...

Page 429: ...is selected in the Organizer panel the Client Monitor view s Client Sessions tab displays a row of information for each WX switch in the Mobility Domain Table 47 Activity Details for Roam Column Description User Name Username of the client MAC Address MAC address of the client SSID SSID the client was associated with Roamed from Client Location WX switch MAP access point and radio from which the c...

Page 430: ...adio Table 48 Client Sessions Columns When a Mobility Domain is Selected Column Description Scope Scope of the data displayed in the row The scope for each row in the Client Activity tab is always a WX switch The down arrow in front of the WX switch name indicates that you can double click on the arrow to change the scope in the Status Summary and Explore windows to display information specificall...

Page 431: ...cope Is a WX Switch MAP or Radio Column Description Username Username the client used to log on to the network The username is shown in one of the following formats Named user Windows domain users using PEAP MAC address for devices that are authenticated by MAC authentication IP Address IP address of the client MAC Address MAC address of the client SSID SSID with which the client is associated Acc...

Page 432: ...n EAP session directly between the client and the RADIUS server All authentication information and certificate exchanges between the client and RADIUS server passed through the switch None EAP was not used to authenticate this client None is the EAP type when MAC authentication last resort authentication or WebAAA is used to authenticate the client IP Address IP address of the client VLAN Name VLA...

Page 433: ...e MAP Roaming_away User is roaming a connection in the new location is established Updated_to_roam User is roaming Session statistics have been collected and will be transmitted to the new location Web_authing User is being authenticated by WebAAA Wired User is being authenticated using an 802 11 protocol on a wired authentication port Clearing User session is being terminated Invalid Usually indi...

Page 434: ... the information displayed on the tab Table 51 Session Statistics Columns Column Description Operational Rate Data rate of the last packet received by the radio from the client SNR SNR of data transmissions from the client to the radio RSSI RSSI of data transmissions from the client to the radio Bandwidth Bytes sec Bytes per second rate of traffic between the radio and the client The rate includes...

Page 435: ...ugh for the transmission attempt to time out Unicast Bytes In Number of unicast bytes received by the radio from the client during this session Unicast Packets In Number of unicast packets received by the radio from the client during this session Multicast Bytes In Number of multicast bytes received by the radio from the client during this session Multicast Packets In Number of multicast packets r...

Page 436: ...the Client Session tab select the client then click on the Client Monitor window s toolbar Use the Find Client dialog box to find the client s information then select the Watch option Using the Find Client dialog box to find a user You can use 3WXM to find users network clients on the network You can search for individual users based on specific criteria or you can find all users in a Mobility Dom...

Page 437: ...r using specific search attributes Go to step 3 Find all users to find all users Go to step 4 3 Use any or all of the following search criteria In the Username box specify the username of the user you want to find In the IP Address box specify the IP address of the user In the MAC Address box specify the MAC address of the user In the VLAN Name box specify the VLAN whose users you want to find ...

Page 438: ...le com nat Wildcards are not supported in search criteria For example the user natasha cannot be found if you specify nat in the Username box 4 In the Mobility Domain list select the Mobility Domain that you want to search 5 In the Wireless Switch list select a specific WX switch or select All If you select All you must have a seed device defined for the Mobility Domain in order for the search to ...

Page 439: ...x in the user row Repeat for all users that you want to add to the watch list 8 Click Finish Displaying the Client Watch List To display the watch list select the Client Watch List tab in the Client Monitor window To display details for a client on the watch list select the client Details for the client appear in the window ...

Page 440: ...e SNR and RSSI trend data You can display trend data for periods covering the most recent one hour 24 hours 7 days or 30 days The data is also shown in a graph Trend Lifetime AP Stats Shows byte and packet statistics for the client s roaming history If the client has roamed statistics for each session are combined For column descriptions see Table 57 on page 450 Activity Log Shows the activity mes...

Page 441: ...nt s Geographical Location You can show the approximate location of a client within a site The floor the client is currently on is displayed as well as the client s likely location on the floor To display a client s session 1 Select the client 2 Click on the Client Monitor view s toolbar 3WXM checks whether three or more MAPs have detected the selected client within 15 seconds of each other If so ...

Page 442: ...lect the MAPs that have detected the client most recently When selecting multiple MAPs you should select those that have collected data at approximately the same time In the example above three MAPs are selected all of which collected data about the client approximately 1 second before which is the most recent data collected 4 After selecting the MAPs from the Listeners list click OK to display th...

Page 443: ...n to the right of the floor display To refresh the list of MAPs click the Refresh Listeners button 7 To change the MAPs used for calculating the client s location select or deselect MAPs from the list and click the Locate button Terminating a Client s Session To terminate a client s session 1 Select the client 2 Click on the Client Monitor view s toolbar The Clear User dialog box appears 3 Do one ...

Page 444: ...ssociated with each SSID the radio can hear Activity lists log messages for the radio RF Environment lists 802 11 statistics for the radio Table 53 lists the information displayed in the top section of the RF Monitor view Table 53 RF Monitor Columns Column Description Radio WX switch name MAP name and radio number Type Radio type 802 11a 802 11b or 802 11g Channel Channel number on which the radio...

Page 445: ...ers To list the other transmitters that can hear the selected radio select Listeners Information is displayed for a radio if the radio sends beacon frames or responds to probe requests Even if a radio s SSIDs are unadvertised 3Com radios detect the empty beacon frames beacon frames without SSIDs sent by the radio and include the radio in the neighbor list Table 54 lists the information displayed o...

Page 446: ...s column displays a single entry for each 3Com radio even if the radio is supporting multiple BSSIDs However BSSIDs for third party 802 11 radios are listed separately even if a radio is supporting more than one BSSID Channel Channel on which the BSSID is detected RSSI Received signal strength indication RSSI in decibels referred to 1 milliwatt dBm A higher value indicates a stronger signal Table ...

Page 447: ...ype Type of event that caused the message Counter Measure Start The radio began countermeasures against a rogue transmitter Event information comes from the CounterMeasureStart trap Tx Power Change The RF Auto Tuning feature changed the transmit power level of the radio Event information comes from the AutoTuneRadioPowerChange trap Channel Change The RF Auto Tuning feature changed the transmit cha...

Page 448: ...h higher noise levels CRC Errors Number of frames received by the radio on that active channel that had CRC errors A high CRC error count can indicate a hidden node or co channel interference PHY Errors Number of packets that could not be decoded by the MAP This condition can have any of the following causes Collision of an 802 11 packet Packet whose source is too far away thus rendering the packe...

Page 449: ...smissions Number of retransmitted packets sent from the client to the radio on the active channel Retransmissions can indicate that the client is not receiving ACKs from the MAP radio Utilization Number of multicast packets per second that a radio can send on a channel while continuously sending fixed size frames over a period of time The number of packets that are successfully transmitted indicat...

Page 450: ...of the following types of errors 802 1X failures association failures authentication failures authorization failures 802 11 Packet Errors Number of frames received by the MAP radio that had physical layer errors on the active channel These errors can indicate interference from a non 802 11 device Non 802 11 PHY Errors Number of times the radio detected energy on the active channel that either was ...

Page 451: ...sing Realtime Performance Statistics In addition to information supplied by 3WXM s monitoring features you can access performance statistics directly from the network To access performance statistics from the network 1 Do one of the following Select Tools Performance Monitor from the toolbar in the main 3WXM window The Performance Monitoring dialog box appears Go to step 4 Select an object in the ...

Page 452: ...le selecting To select multiple noncontiguous objects click Ctrl while selecting 4 Select the statistic type from the Monitoring Options box Ethernet Statistics Ethernet Errors EtherStats packets per second by different packet lengths Radio Statistics 5 Select the polling interval from the Poll Interval box The intervals available depend on the scope and statistic type you selected 6 Click Start M...

Page 453: ...e To see details for performance data on page 454 If you make changes in the network plan that affect the object membership list for example you add a WX to a Mobility Domain and deploy it the current monitoring session does not update this change Stop the session and restart performance monitoring for the scope For more information about viewing performance data see Viewing Performance Data on pa...

Page 454: ...rt For more information see Viewing Data in Percentages on page 456 Viewing Current Data To see the current performance data click the Current tab To sort data You can sort data in ascending or descending order to see the highest or lowest values at a glance To sort data click the title of the column whose data you want to sort Click the column title again to toggle between ascending and descendin...

Page 455: ...n you click the tab and is based on the polling interval you selected To see details for historical data You can see historical data for the objects in the scope you selected For example if you selected a Mobility Domain as the scope you can see historical data for the Mobility Domain WX switches in the Mobility Domain or WX ports To see the objects available in the scope click the button next to ...

Page 456: ...ou selected a Mobility Domain as the scope you can see percentage data for the Mobility Domain WX switches in the Mobility Domain or WX ports To see the objects available in the scope click the button next to Select Detail the button text depends on what scope you selected and select the object whose percentage data you want to see To hide the list of objects that you can graph click Hide Object S...

Page 457: ...tics 457 Exporting Performance Data You can export performance data absolute values only to a file in comma delimited text csv format To export data to a file 1 In the Statistics tab click Export Absolute The Export Data dialog box appears ...

Page 458: ... box 3 To overwrite existing files select Overwrite Existing Files By default this option is selected 4 To make a copy of files before overwriting them select Copy Files Before Overwriting By default this option is selected The existing file is copied to a file with a bak extension 5 Click Export You can see the progress in the Results box The data is written to a comma delimited file in the direc...

Page 459: ... RF spectrum for other devices transmitting in the same spectrum The RF scans discover third party transmitters in addition to other 3Com radios MSS considers the third party transmitters to be devices of interest which are potential rogues You can display information about the devices of interest To identify friendly devices such as non 3Com access points in your network or neighbor s network you...

Page 460: ...otifications RogueDetect Indicates that MSS has detected a rogue AP RFDetectRougeDisappear Indicates that MSS is no longer detecting a previously detected rogue AP RFDetectInterferingRogueAP Indicates that MSS has detected an interfering device RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting a previously detected interfering device RFDetectAdHocUser Indicates that MSS h...

Page 461: ...ive switch from the member list on the seed CounterMeasureStop Indicates that MSS has stopped countermeasures against a rogue access point RFDetetSpoofedMacAP Indicates that MSS has detected a wireless packet with the source MAC address of a 3Com MAP but without the spoofed MAP s signature fingerprint RFDetectSpoofedSSIDAP Indicates that MSS has detected beacon frames for a valid SSID but sent by ...

Page 462: ...he client is placed on the black list dynamically by MSS due to an association reassociation or disassociation flood MSS generates a log message Ignore list A list of third party devices that you want to exempt from rogue detection MSS does not count devices on the ignore list as rogues or interfering devices and does not issue countermeasures against them An empty permitted SSID list or permitted...

Page 463: ...in SSID in Permitted Ignore List Device is not a threat SSID List Yes OUI in Permitted Vendor List No Source MAC in Attack List No Generate an alarm Classify device as a rogue No Yes Issue countermeasures if enabled No Rogue classification Yes algorithm deems the device to be a rogue ...

Page 464: ...k The rogue list section lists all rogues detected within the time period specified in the filter section To display information about a rogue select the rogue Detailed information appears in the rogue details section of the screen The rogue details section contains the following tabs Current Current Hour Current Day and History List rogues detected during the most recent polling interval the most...

Page 465: ... rogue Toolbar Options The Rogue Detection tab has a toolbar Table 59 lists the options on the toolbar Table 59 Toolbar Options on Rogue Detection Screen Icon Description Edit 3WXM preferences Configure 3WXM Services Launch Help Refresh the information Opens the Rogue List Filter Options dialog box which enables you to filter the rogue list Displays the rogue s location on the floor plan See Displ...

Page 466: ...elong there Interfering APs Devices that are not part of the 3Com network but also are not rogues No clients connected to these devices have been detected communicating with any network entity listed in the forwarding database FDB of any WX switch in the Mobility Domain Although interfering devices are not connected to your network they might be causing RF interference with MAP radios Adds the cli...

Page 467: ... day Go to step 5 History Lists the rogues detected during a specific date range Go to step 4 4 To change the start and end dates for the History interval edit the values in the boxes or click on the down arrows next to From and To to display calendars and select the dates 5 Click Apply 3WXM replaces the rogue list with the set of rogues detected during the period you selected Displaying Rogue Det...

Page 468: ...the appearance and disappearance of the selected rogue the rogue s SSID and the number of MAP radios that detected the rogue or its disappearance Table 60 lists the information displayed in the Activity Log tab Listeners Tab The Listeners tab lists listener details for each appearance or disappearance of the selected rogue To display listener information for a rogue select the rogue in the Filtere...

Page 469: ...he rogue or its disappearance is modeled in a floor plan Floor Floor on which the rogue was detected or disappeared if the network plan contains floor information Note This column has data only if the radio that detected the rogue or its disappearance is modeled in a floor plan Channel Channel on which the rogue was detected or disappeared RSSI Strength of the signal received by the listener from ...

Page 470: ... the Mobility Domain s seed WX switch If the rogue has moved since then the location information will not be current To display the location of a rogue within a site 1 Select the rogue in the rogue list 2 Click on the toolbar The Location tab appears next to the details tab The likely location of the rogue is indicated by color The legend beneath the floor view indicates the likelihood represented...

Page 471: ...ar The Device Location screen appears indicating the approximate location of the client The client is most likely in the vicinity of the area indicated by the red squares in the floor plan The number in red on the legend 0 90 in this example is the probability 90 that the client is where the display indicates ...

Page 472: ...s to the ignore list of one or multiple switches To add a device to the ignore list 1 In the Filtered List of rogues on the Rogue Detection tab select the devices you want to add to the ignore list 2 Click on the toolbar The Select Devices to Create Ignore List dialog is displayed 3 If the switch es on which you are configuring the ignore list are in a Mobility Domain select the Mobility Domain Ot...

Page 473: ...abled MSS uses them to attack the devices on the list Converting a Rogue into a Third Party AP If a device in the rogue list belongs to a third party AP in your network you can convert the rogue into a third party AP When you convert a rogue into a third party AP the rogue disappears from the rogue list Converting a rogue into a third party AP applies only to the network plan in 3WXM 3WXM does not...

Page 474: ...s in the Organizer panel The third party APs are listed in the Content panel To remove a third party AP 1 Select the Configuration option in the main 3WXM tool bar and click on Third Party APs in the Organizer panel The third party APs are listed in the Content panel 2 Select on the third party AP you want to remove and click the Delete button The address is removed from the third party AP list If...

Page 475: ...d to the black list 4 If the switch es on which you want to enforce the black list are in a Mobility Domain select the Mobility Domain Otherwise select None 5 Click next to Select to select all the switches that are listed or click next to individual switches to select them 6 Click OK The selected clients are added to the attack list MSS drops all packets from these clients Configuring RF Detectio...

Page 476: ...476 CHAPTER 17 DETECTING AND COMBATTING ROGUE DEVICES ...

Page 477: ...twork plan improves the accuracy of the model and provides more precise results when you visualize wireless coverage locate users and rogue devices and so on You also can use optimization to find and fill coverage holes Importing RF Measurements To import RF measurements you need to import the measurements from MAP radio in the network from a site survey file or both Then update the RF obstacle da...

Page 478: ... Choose to navigate to the csv file that contains the RF measurement data 6 In the Map Name field specify the map name The map name must match the name specified in the site survey work order and must be the same map name used in the site survey tool 7 Click Next The import progress is displayed When the import is done check the Total valid RF measurements found line in the progress messages If th...

Page 479: ...3WXM the description is auto generated and the obstacle type is Other You can edit these values by selecting the obstacle clicking the Edit properties icon to open the Modify RF Obstacle wizard and modifying the values Click OK to close the wizard and save the changes See To use the Create RF Obstacle Dialog box on page 98 The wizard is the same whether it is labeled Create or Modify 2 Click Finis...

Page 480: ...elect how you want to display the coverage Baseline Association Rate Coverage is shown based on the MAP radio baseline association rate The baseline association rate is the typical data rate the radio is expected to support for client associations The baseline association rate is specified during planning on a coverage area basis Data Rate Coverage is shown in colored bands that represent each of ...

Page 481: ...cting Show RF Coverage Coverage for the selected scope s is displayed This example shows 802 11a coverage by transmit data rate for the coverage area CoverA To hide coverage again right click on the scope in the Coverage Areas section and select Hide RF Coverage Displays 802 11a coverage for the selected scope s Displays 802 11b coverage for the selected scope s Displays 802 11g coverage for the s...

Page 482: ...APs that Are Already Installed to the Network Plan If you installed a new MAP in the network and you want to add it to the network plan do the following 1 Select the Verification option in the main 3WXM tool bar click the Network Verification tab and upload the MAP configuration into 3WXM See Verifying Configuration Changes on page 365 2 Select the RF Planning option in the main 3WXM tool bar and ...

Page 483: ...s installed The preferences you set are valid only for that user on that system This chapter describes how to change 3WXM client preferences To change monitoring service preferences see Changing 3WXM Services Preferences on page 493 To change 3WXM preferences in the main 3WXM window select Tools Preferences Resetting Preferences Values You can reset the preferences values to their default values b...

Page 484: ...ying to connect again specify the timeout 1 to 30 seconds in the Connect Timeout box The default is 5 seconds 4 To set the number of times 0 to 5 3WXM tries to reconnect to the WX after the original attempt specify the value in the Retry Count box The default is 3 times For example if the retry count is 3 3WXM attempts to establish a connection to a WX four times If you specify 0 3WXM does not att...

Page 485: ...he default setting 20x20 Change all icons to 20x20 pixels 24x24 Change all icons to 24x24 pixels 6 Within Show Wizard Index select one of the following On Top See the wizard index at the top of wizard dialog boxes This is the default setting On Left See the wizard index on the left of wizard dialog boxes 7 Click Close to close the Preferences dialog box or click another tab to continue making chan...

Page 486: ...n used by 3WXM type the path of the executable file in the Browser Executable box For Windows systems the default Web browser executable file is C Program Files Internet Explorer iexplore exe For Linux systems the default is usr bin mozilla You can also click Browse to navigate the computer filesystem 5 Click Close to close the Preferences dialog box or click another tab to continue making changes...

Page 487: ...mit Power To change the typical client s transmit power 1 Select Tools Preferences The Preferences dialog box appears 2 Click the RF tab 3 In the Typical Client Tx Power box specify the typical transmit power 1 to 20 dBm for clients in the network The default is 13 dBm which is a common client transmit power If you want to choose the color for an RF technology or obstacle see Changing Colors Chang...

Page 488: ...Colors SNR Band Colors Load Band Colors Probability Colors 4 Click on the color column for the color you want to change The Choose Color dialog box appears See one of the following sections For more information about using the color palette see Defining a Color from the Palette on page 488 For more information about using HSB see Defining a Color by Changing HSB Properties on page 489 For more inf...

Page 489: ...for example blue orange or purple Hue is measured in degrees 0 to 360 degrees Saturation is the strength of the color Saturation values are measured in percentages with 0 percent indicating no color saturation gray and 100 percent indicating full saturation Brightness is the amount of light in the color Brightness is also measured in percentages with 0 percent indicating black and 100 percent indi...

Page 490: ...nces dialog box is active 6 Do one of the following Change another color Click another Preferences tab Click Close to close the Preferences dialog box Defining a Color by Changing RGB Properties You can define a color by changing red blue and green RGB color properties 1 To specify a color by changing RGB click RGB in the Choose Color dialog box 2 Use the Red Green and Blue sliders to define a col...

Page 491: ...ct one of the following event levels Critical A critical condition has occurred that requires immediate resolution Warning An event that might require attention has occurred Info Informational messages only No action is required Debug All events are shown including debug messages Select the Debug option only if 3Com Technical Support has advised you to do so Debug level logging significantly impac...

Page 492: ...492 CHAPTER A CHANGING 3WXM PREFERENCES ...

Page 493: ...ect Tools 3WXM Services Setup from the toolbar in the main 3WXM window See the figure at the bottom of this page This chapter describes how to change monitoring service preferences To change 3WXM client preferences see Changing 3WXM Preferences on page 483 To configure access control for the 3WXM client see Restricting Access to 3WXM on page 52 ...

Page 494: ...ce is installed Windows systems 3WXM Services is started automatically when you complete installation and starts automatically whenever you restart your system Linux systems You can start and stop the service manually from the command line using a shell script that is installed when you install 3WXM Services You also can configure the service to start and stop automatically 3Com recommends that al...

Page 495: ...s from within 3WXM or from Windows Services 1 Display the Services window Here is an example of the Services window in Windows XP The window might look differently on your system 2 Scroll down and select 3WXM Services 3 Select the Start or Stop option 4 Close the Services window 5 Within 3WXM enable it to access the service ...

Page 496: ...lly start and stop Other methods might also work These are the ones that 3Com has tested Linux Example SUSE 9 1 The recommended way to add services to a SUSE 9 1 installation is with the insserv command Enter commands such as the following as root suse cd etc init d suse ln s opt 3wxm bin 3wxm services 3wxm services suse insserv 3wxm services Linux Example Red Hat WS 3 The recommended way to add s...

Page 497: ... different from the port number in the Service Port listbox The port number used by 3WXM Services must not be used by another application on the machine where 3WXM Services is installed If the port number is used by another application change the port number on 3WXM Services See Changing Service Settings on page 500 4 Enter a username and password if required for access to the service Usernames an...

Page 498: ...Check When the 3WXM client connects to 3WXM Services the client checks the certificate presented by 3WXM Services to ensure that the certificate is valid The certificate is in a key store file on the server The default key store file is services_keystore This file contains a self signed certificate for 3WXM Services You can use this certificate if desired or you can configure the service to use a ...

Page 499: ... To reject the certificate and refuse the connection click Reject The 3WXM ends the connection The Certificate Check dialog box is redisplayed each time the 3WXM client attempts to establish a connection with 3WXM Services Verifying that the 3WXM Client is Receiving Service Data If you are using a network plan that already contains equipment use the following procedure to verify that the 3WXM clie...

Page 500: ...nection with the service and will need to reconnect on the new port number The HTTPS port number is automatically updated for the 3WXM client you are using and your connection is automatically restored Other clients will need to use the Monitor Service Select wizard to change the service port and reconnect 4 The change the UDP port on which 3WXM Services listens for SNMP traps type or select the p...

Page 501: ...close the 3WXM Services Setup dialog box Changing WX Connection Settings The WX connection settings control the timeout and retries for connections with monitored WX switches and the types of certificates the service will accept from the WX switches 1 Select Tools 3WXM Services Setup The 3WXM Services Setup dialog box appears 2 Click the WXs Connection Settings tab 3 To change the number of second...

Page 502: ...ecify a key store filename and a password to protect access to that file a Enter the filename in the File box b To change the file type for the key store file select one of the following PKCS12 Public Key Cryptography Standard number 12 the standard format used by Unix machines JKS Java Key Store a format used by Java platforms and applications c Enter the password in the Password box When both th...

Page 503: ...f Monitor Data 3WXM Client Display Data Source Default Event tab 3WXM client for 3WXM client messages Enabled 3WXM Services for monitoring service messages Enabled Enable log monitoring option for WX switch messages Enabled Monitor tab Explore window Status monitoring of WX switches 3WXM Services Enabled Monitor tab Status Summary window Status monitoring of WX switches by 3WXM Services Enabled Mo...

Page 504: ...ber of log entries 3WXM Services stores for an individual WX switch change the value in the entries per WX box You can specify from 1000 to 5000 entries in increments of 100 The default is 1000 entries 5 To enable data collection for client sessions select Enable client session collection This option is disabled by default The Polling Interval is 5 minutes and cannot be changed 6 To enable RF data...

Page 505: ... rogue detection and countermeasures information select Enable Rogue Detection This option is enabled by default 8 Click Save to save the changes or Cancel to cancel the changes 9 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box Accessing the 3WXM Services Log You can access the 3WXM Services log through a web browser To access the 3WXM Servic...

Page 506: ...pe is Manual Only the backups for the currently open plan are listed By default backups created automatically by 3WXM are stored in the following location 3WXM backup auto plan_name Backups created by you are stored in the following location by default 3WXM backup manual plan_name 3WXM zips the backup files and assigns them unique names You can assign a name to a backup that you create However thi...

Page 507: ...Copying a Plan Backup from One Server to Another You can copy a plan to another server by copying that plan s backup file to the other server then restoring the plan on the other server from the backup To copy a network plan backup from one server to another 1 Access the Backup Restore dialog 2 Click on the backup you want to transfer 3 Click Transfer The Transfer Backup dialog appears 4 Select th...

Page 508: ...Click Close to close the dialog 9 On the other server the one to which you copied the backup access the Backup Restore dialog 10 Select the backup and click Restore 11 Click Close to close the dialog 12 Select File Save from the menu bar in the main 3WXM window to save the plan This completes the procedure 13 To change the destination path click on the path The Select dialog appears 14 Navigate to...

Page 509: ...take advantage of warranty and other service benefits you must first register your product at http eSupport 3com com 3Com eSupport services are based on accounts that are created or that you are authorized to access Solve Problems Online 3Com offers the following support tool 3Com Knowledgebase Helps you to troubleshoot 3Com products This query based interactive tool is located at http knowledgeba...

Page 510: ... the version of software that you initially purchased with your 3Com product To obtain access to this software you need to register your product and then use the Serial Number as your login Restricted Software is available at http eSupport 3com com To obtain software releases that follow the software version that you originally purchased 3Com recommends that you buy an Express or Guardian contract...

Page 511: ...arly marked on the outside of the package will be returned to the sender unopened at the sender s expense If your product is registered and under warranty you can obtain an RMA number online at http eSupport 3com com First time users must apply for a user name and password Telephone numbers are correct at the time of publication Find a current directory of 3Com resources by region at http csoweb4 ...

Page 512: ...mail html You can also obtain non urgent support in this region at these email addresses Technical support and general requests customer_support 3com com Return material authorization warranty_repair 3com com Contract requests emea_contract 3com com Latin America Telephone Technical Support and Repair Antigua Argentina Aruba Bahamas Barbados Belize Bermuda Bonaire Brazil Cayman Chile Colombia Cost...

Page 513: ...d Canada Telephone Technical Support and Repair All locations Network Jacks Wired or Wireless Network Interface Cards All other 3Com products 1 847 262 0070 1 800 876 3266 Country Telephone Number Country Telephone Number ...

Page 514: ...514 APPENDIX C OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS ...

Page 515: ...g MAP channels 146 attributes reassigning with the location policy 327 authorization attributes 295 local database assignment 245 295 Auto AP profile 271 B backbone fast convergence 215 bug fixes 510 C certificates deleting 373 distributing 374 managing 373 processing 372 reviewing details 373 types 371 channel assignments 146 closing network plans 60 configuration verifying 365 configuration chan...

Page 516: ...features backbone fast convergence 215 port fast convergence 214 uplink fast convergence 215 Filter Id attribute reassigning with the location policy 327 G generating work orders 157 Guardian services contract 510 H hardware requirements for installation 21 22 HTTPS enabling 188 I IGMP Internet Group Management Protocol configuring 216 definition 216 image files distributing 356 image repository a...

Page 517: ...omains creating 64 definition 62 roaming behavior 62 traffic ports used by 64 Mobility Profiles definition 330 monitoring service starting 494 monitors WX switch performance 200 N named user groups creating 292 named users creating 291 network changes accepting 353 checking for 484 reviewing 352 354 synchronizing 352 verifying troubleshooting 365 network configuration changes undoing 353 network p...

Page 518: ... for US and Canada 513 repair support Europe Middle East and Africa 512 reports work orders 157 Restricted Software 510 return authorization number RMA 511 RF detection configuring 284 RF measurement point 153 RF obstacles considerations 96 creating 96 RFC 3164 syslog servers 200 RMA numbers 511 roaming behavior 62 rogue detection configuring 284 rules disabling or reenabling 369 S saving network ...

Page 519: ...finity 220 U uninstalling 3WXM UNIX and Linux systems 30 uplink fast convergence 215 user attributes 295 user groups creating 292 294 users adding to watch list 439 creating 291 finding 436 V verification channel assignments 146 virtual ports mapping an ACL to 230 VLAN Name attribute reassigning with the location policy 327 VLANs virtual LANs adding ports to 211 configuring DHCP server 221 IGMP 21...

Page 520: ...520 INDEX ...

Reviews:

No comments

Related manuals for OfficeConnect WX1200

D-Link DGE-560T - Gigabit PCI-Express SNMP VLAN Flow Control Network... User Manual preview
DGE-560T - Gigabit PCI-Express SNMP VLAN Flow Control Network...
Brand: D-Link Pages: 53
Tripp Lite N48M Series Installation Manual preview
N48M Series
Brand: Tripp Lite Pages: 20
Intel Optane M Series Installation And User Manual preview
Optane M Series
Brand: Intel Pages: 59
DAD DPX2060 User Manual preview
DPX2060
Brand: DAD Pages: 32
BSD Networks bsg-0800t User Manual preview
bsg-0800t
Brand: BSD Networks Pages: 7
National Instruments Fieldpoint cFP-RTD-124 Operating Instructions Manual preview
Fieldpoint cFP-RTD-124
Brand: National Instruments Pages: 15
ETC Power Control Processor Configuration Manual preview
Power Control Processor
Brand: ETC Pages: 64
Intel Core 2 Quad Q9400 Product Brief preview
Core 2 Quad Q9400
Brand: Intel Pages: 2
Rosewill RC-402 User Manual preview
RC-402
Brand: Rosewill Pages: 3
NetComm 3G25W-R Manual preview
3G25W-R
Brand: NetComm Pages: 69
Xenya XS26GS User Manual preview
XS26GS
Brand: Xenya Pages: 189
B+B SmartWorx spectre lte User Manual preview
spectre lte
Brand: B+B SmartWorx Pages: 52
ZyXEL Communications ZyXEL ZyAIR B-120 Quick Installation Manual preview
ZyXEL ZyAIR B-120
Brand: ZyXEL Communications Pages: 20
TDK HHM Series HHM2245SA1 Specifications preview
HHM Series HHM2245SA1
Brand: TDK Pages: 2
axing EOC 1-31 Operation Instructions Manual preview
EOC 1-31
Brand: axing Pages: 52
Dialogic Media Board D/120JCT-LS-EW Installation Manual preview
Media Board D/120JCT-LS-EW
Brand: Dialogic Pages: 2
Promise Technology FastTrak TX4000 User Manual preview
FastTrak TX4000
Brand: Promise Technology Pages: 76
TP-Link TD-VG5612 Quick Installation Manual preview
TD-VG5612
Brand: TP-Link Pages: 2

Brands by name

Popular brands

Load more brands