manualshive.com logo in svg

Extreme Networks Altitude 3500 Series, Product Reference Manual

Share
Download
Extreme Networks Altitude 3500 Series Product Reference Manual Download Page 176

 

Configuring Access Point Security

Altitude 3500 Series Access Point Product Reference Guide

176

6

Click the 

Apply 

button to return to the 

WLAN 

screen to save any changes made within the Kerberos 

Configuration field of the New Security Policy screen.

7

Click the 

Cancel 

button to undo any changes made within the Kerberos Configuration field and 

return to the 

WLAN 

screen. This reverts all settings for the Kerberos Configuration field to the last 

saved configuration.

Configuring 802.1x EAP Authentication

The IEEE 802.1x standard ties the 802.1x EAP authentication protocol to both wired and wireless LAN 
applications.

The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an 
authenticator (in this case, the authentication server). The Altitude 35xx passes EAP packets from the 
client to an authentication server on the wired side of the Altitude 35xx. All other packet types are 
blocked until the authentication server (typically, a RADIUS server) verifies the MU’s identity.

To configure 802.1x EAP authentication on the Altitude 35xx:

1

Select

 Network Configuration 

>

 Wireless 

>

 Security 

from the Altitude 35xx menu tree. 

If security policies supporting 802.1x EAP exist, they appear within the 

Security Configuration

 screen. 

These existing policies can be used as is, or their properties edited by clicking the 

Edit

 button. To 

configure a new security policy supporting 802.1x EAP, continue to step 2.

2

Click the 

Create

 button to configure a new policy supporting 802.1x EAP.

The

 New Security Policy

 screen displays with no authentication or encryption options selected.

3

Select the

 802.1x EAP 

radio button.

The 

802.1x EAP Settings 

field displays within the New Security Policy screen.

4

Ensure the 

Name

 of the security policy entered suits the intended configuration or function of the 

policy.

5

If using the access point’s Internal RADIUS server, leave the 

Radius Server

 drop-down menu in the 

default setting of 

Internal

. If an external RADIUS server is used, select 

External 

from the drop-down 

menu.

Primary KDC

Specify a numerical (non-DNS) IP address and port for the 
primary 

Key Distribution Center (KDC).

 The KDC 

implements an Authentication Service and a Ticket 
Granting Service, whereby an authorized user is granted a 
ticket encrypted with the user's password. The KDC has a 
copy of every user password.

Backup KDC

Optionally, specify a numerical (non-DNS) IP address and 
port for a backup KDC. Backup KDCs are referred to as 
slave servers. The slave server periodically synchronizes 
its database with the primary (or master) KDC.

Remote KDC

Optionally, specify a numerical (non-DNS) IP address and 
port for a remote KDC. Kerberos implementations can use 
an administration server allowing remote manipulation of 
the Kerberos database. This administration server usually 
runs on the KDC.

Port

Specify the ports on which the Primary, Backup and 
Remote KDCs reside. The default port number for 
Kerberos Key Distribution Centers is Port 88.

Summary of Contents for Altitude 3500 Series

Page 1: ...roe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com AltitudeTM 3500 Series Access Point Product Reference Guide Software Version 2 6 Published February 2012...

Page 2: ...Watch Summit SummitStack Triumph Unified Access Architecture Unified Access RF Manager UniStack XNV the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the Summ...

Page 3: ...io 18 Quality of Service QoS Support 18 Industry Leading Data Security 19 Kerberos Authentication 19 EAP Authentication 20 WEP Encryption 20 KeyGuard Encryption 21 Wi Fi Protected Access WPA Using TKI...

Page 4: ...enna Options 39 Power Options 39 Altitude 3510 Power Options 39 Altitude 3550 Power Options 39 Power Tap Systems 40 Installing the Power Tap 40 Preparing for Site Installation 40 Cabling the Power Tap...

Page 5: ...uring LAN1 and LAN2 Settings 119 Configuring Advanced DHCP Server Settings 122 Setting the Type Filter Configuration 123 Configuring WAN Settings 125 Configuring Network Address Translation NAT Settin...

Page 6: ...25 Defining User Access Permissions by Group 226 Editing Group Access Permissions 228 Chapter 7 Monitoring Statistics 231 Viewing WAN Statistics 231 Viewing LAN Statistics 234 Viewing a LAN s STP Stat...

Page 7: ...figuration Update Commands 492 Firmware Update Commands 499 Statistics Commands 503 Chapter 9 Configuring Mesh Networking 519 Mesh Networking Overview 519 The Altitude 35xx Client Bridge Association P...

Page 8: ...Adaptive AP Adoption 560 Establishing Basic Adaptive AP Connectivity 560 Adaptive AP Configuration 560 Adopting an Adaptive AP Manually 561 Adopting an Adaptive AP Using a Configuration File 562 Adop...

Page 9: ...Altitude 3500 Series Access Point Product Reference Guide 9 Configuring a Cisco VPN Device 586 Frequently Asked VPN Questions 587 Appendix C Customer Support 593 Registration 593 Documentation 593...

Page 10: ...Altitude 3500 Series Access Point Product Reference Guide 10...

Page 11: ...l configuration activities are applied to both models When command line interface CLI commands are displayed and apply to both models a 35xx convention is used Document Conventions The following docum...

Page 12: ...Point Product Reference Guide 12 Bullets indicate action items lists of alternatives lists of required steps that are not necessarily sequential Sequential lists those describing step by step procedur...

Page 13: ...tude 3510 and Altitude 3550 are available in only a dual radio SKU except the Israel SKU which has a single radio An Altitude 3550 cannot use the Altitude 3510 s 48 volt power supply and therefore is...

Page 14: ...IPS allows administrators to identify and accurately locate attacks rogue devices and network vulnerabilities in real time and permits both a wired and wireless lockdown of wireless device connections...

Page 15: ...nation local encryption decryption local traffic bridging the tunneling of centralized traffic to the wireless controller For a information overview of the adaptive AP feature as well as how to config...

Page 16: ...7 Separate LAN and WAN Ports on page 17 Multiple Mounting Options on page 17 Antenna Support for 2 4 GHz and 5 GHz Radios on page 17 Sixteen Configurable WLANs on page 18 Support for 4 BSSIDs per Radi...

Page 17: ...he WAN port might connect to a larger corporate network For a small business the WAN port might connect to a DSL or cable modem to access the Internet Regardless network address information must be co...

Page 18: ...ess displayed on the Radio Settings screen is 00 A0 F8 72 20 DC then the BSSIDs for that radio will have the following MAC addresses For detailed information on strategically mapping BSSIDs to WLANs s...

Page 19: ...Authentication is a means of verifying information transmitted from a secure source If information is authentic you know who created it and you know it has not been altered in any way since originate...

Page 20: ...orms of WLAN security rely on encryption to various extents Encryption entails scrambling and coding information typically with mathematical formulas called algorithms before the information is transm...

Page 21: ...11i standard that provides even stronger wireless security than Wi Fi Protected Access WPA and WEP Counter mode CBC MAC Protocol CCMP is the security standard used by the Advanced Encryption Standard...

Page 22: ...irtual Local Area Network VLAN can electronically separate data on the same AP from a single broadcast domain into separate broadcast domains By using a VLAN you can group by logical function instead...

Page 23: ...llowing 2 MIB files EXTR CC adp35xx MIB 2 0 standard common MIB file EXTR adp35xx MIB Altitude 35xx specific MIB file The access point s SNMP agent functions as a command responder and is a multilingu...

Page 24: ...broadcast by the AP to keep the network synchronized A beacon includes the ESSID MAC address Broadcast destination addresses a time stamp a DTIM Delivery Traffic Indication Message and the TIM Traffi...

Page 25: ...g configuration files see Importing Exporting Configurations on page 103 Default Configuration Restoration The access point has the ability to restore its default configuration or a partial default co...

Page 26: ...mesh networking association process is identical to the access point s MU association process Once the association authentication process is complete the wireless client adds the connection as a port...

Page 27: ...to define the data source authentication type and associate digital certificates with the authentication scheme The LDAP screen allows the administrator to configure an external LDAP Server for use w...

Page 28: ...dynamically assigned IP address of a client changes the new IP address is sent to the DynDNS service and traffic for the specified domain s is routed to the new IP address For information on configur...

Page 29: ...lled a Basic Service Set BSS or cell When in a particular cell the MU associates and communicates with the access point supporting the radio coverage area of that cell Adding access points to a single...

Page 30: ...ation or interface information that is not used for a specified time The AP refreshes its database when it transmits or receives data from these destinations and interfaces Media Types The access poin...

Page 31: ...sequence channel used by the access point Scanning is a periodic process where the MU sends out probe messages on all channels defined by the country code The statistics enable an MU to reassociate b...

Page 32: ...nd LAN side the access point can assign private IP addresses Firewall A firewall protects against a number of known attacks Management Access Options Managing the access point includes viewing network...

Page 33: ...adio1 802 11bg Random address located on the Web UI CLI and SNMP interfaces Radio2 802 11a Random address located on the Web UI CLI and SNMP interfaces The access point s BSS virtual AP MAC addresses...

Page 34: ...Introduction Altitude 3500 Series Access Point Product Reference Guide 34...

Page 35: ...Altitude 3550 LED Indicators on page 54 Setting Up MUs on page 54 CAUTION Extreme Networks recommends conducting a radio site survey prior to installing an access point A site survey is an excellent m...

Page 36: ...erable Contact your sales associate for specific information Altitude 3550 Configurations An Altitude 3550 is only available in a dual radio configuration NOTE Extreme Networks recommends using the Al...

Page 37: ...e 573 Access Point Placement For optimal performance install the access point regardless of model away from transformers heavy duty motors fluorescent lights microwave ovens refrigerators and other in...

Page 38: ...na suite supporting the 2 4 GHz band and another antenna suite supporting the 5 GHz band Select an antenna model best suited to the intended operational environment of your Altitude 3510 NOTE On a dua...

Page 39: ...supporting the 5 GHz band Select an antenna model best suited to the intended operational environment of your Altitude 3550 Similar to Altitude 3510 the Altitude 3550 antenna connectors N male for Ra...

Page 40: ...ng 110 220 VAC power to combine low voltage DC with Ethernet data in a single cable connecting to the access point The access point can only use a Power Tap when connecting the unit to the access poin...

Page 41: ...s point s LAN port CAUTION Cabling the Power Tap to the access point s WAN port renders the access point non operational Only use a Power Tap with the access point s LAN port Ensure the cable length f...

Page 42: ...wnward orientation CAUTION Both the Dual and Single Radio model Altitude 3510 s use RSMA type antenna connectors On the Dual Radio Altitude 3510 a single dot on the antenna connector indicates the pri...

Page 43: ...0mm Type D Self Tapping screw Two wall anchors Security cable optional To mount the Altitude 3510 on a wall 1 Orient the Altitude 3510 on the wall by its width or length 2 Using the arrows on one edge...

Page 44: ...information 9 Verify the behavior of the Altitude 3510 LEDs For more information see Altitude 3510 LED Indicators on page 48 The Altitude 3510 is ready to configure For information on an Altitude 3510...

Page 45: ...ply host and the Altitude 3510 LAN port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power ad...

Page 46: ...rear panel status LEDs of the unit An above the ceiling Altitude 3510 installation enables installations compliant with drop ceilings suspended ceilings and industry standard tiles from 625 to 75 inc...

Page 47: ...d surface of the ceiling tile when creating the light pipe hole and installing the light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8 Connect the light pipe to the...

Page 48: ...dapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the Altitude 3510 e...

Page 49: ...n that has not been approved in a site survey Power Status Solid white indicates the Altitude 3510 is adequately powered Error Conditions Solid red indicates the Altitude 3510 is experiencing a proble...

Page 50: ...clamp parts around the pole and tighten the nuts just enough to hold the bracket to the pole The bracket may need to be rotated around the pole during the antenna alignment process 3 Attach the square...

Page 51: ...e power cable to the unit s three screw termination block and tighten the unit s LINE AC clamp by hand to ensure the power cable cannot be pulled from the unit d For Power Tap installations attach a g...

Page 52: ...s in the wall that match the screws and wall plugs 3 Secure the bracket to the wall 4 Attach the square mounting plate to the bridge with the supplied screws Attach the bridge to the plate on the pole...

Page 53: ...r cable cannot be pulled from the unit d For Power Tap installations attach a ground cable between the EARTH GROUND connector on the back of the unit to a suitable earth ground connection as defined b...

Page 54: ...the ESSID and other configuration parameters until the network connection is verified MUs attach to the network and interact with the AP transparently Power Status Solid white indicates the access poi...

Page 55: ...ociated MU before mounting and securing the access point Carefully follow the mounting instructions in one of the following sections to ensure the access point is installed correctly For installing an...

Page 56: ...ss point CLI is accessed through the RS232 port via Telnet or SSH The CLI follows the same configuration conventions as the device user interface with a few documented exceptions Config file Readable...

Page 57: ...and set the county code Refer to Country Codes on page 574 for a list of each available countries two digit country code 6 At the CLI prompt admin type summary The access point s LAN IP address will d...

Page 58: ...isplays Change the password Enter the current password and a new admin password in fields provided Click Apply Once the admin password has been updated a warning message displays stating the access po...

Page 59: ...ings in the Quick Setup screen the values also change within the screen where these parameters also exist Additionally if the values are updated in these other screens the values initially set within...

Page 60: ...tically Refer to the access point Product Reference Guide for information on defining alternate time servers and setting a synchronization interval for the access point to adjust its displayed time Re...

Page 61: ...oint automatically reestablishes the connection to the ISP b Specify the Username entered when connecting to the ISP When the Internet session begins the ISP authenticates the username c Specify the P...

Page 62: ...lect the WLAN 1 tab WLANs 1 4 are available within the Quick Setup screen to define its ESSID and security scheme for basic operation NOTE A maximum of 16 WLANs are configurable within the Wireless Co...

Page 63: ...asic security scheme in this case WEP 128 is recommended in a network environment wherein sensitive data is transmitted NOTE For information on configuring the other encryption and authentication opti...

Page 64: ...o the specified MU address Refer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the access point Use the ratio of packe...

Page 65: ...ime importing exporting device configurations and device firmware updates see System Configuration on page 67 For detailed information on configuring access point LAN interface subnet and WAN interfac...

Page 66: ...Getting Started Altitude 3500 Series Access Point Product Reference Guide 66...

Page 67: ...disable Microsoft s Java Virtual Machine if installed To connect to the access point an IP address is required If connected to the access point using the WAN port the default static IP address is 10...

Page 68: ...tion set the country of operation and view device version information System Name Specify a device name for the access point Extreme Networks recommends selecting a name serving as a reminder of the u...

Page 69: ...uptime of the access point defined in the System Name field System Uptime is the cumulative time since the access point was last rebooted or lost power Serial Number Displays the access point serial...

Page 70: ...o securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed Adaptive AP Setup An access point needs settings defined to discover and adopt an ava...

Page 71: ...ailable for connection The access point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the access point fails to obtain an IP address using DHCP...

Page 72: ...either enabled or disabled It is not meant to function as an ACL in routers or other firewalls where you can specify and customize specific IPs to access specific interfaces Use the AP35xx Access scr...

Page 73: ...on page 76 To configure access for the AP35xx 1 Select System Configuration AP35xx Access from the menu tree The Trusted Hosts field appears at the top of the screen but the remainder of the screen c...

Page 74: ...ification If using this option the connected PC is required to have its RADIUS credentials verified with an external RADIUS server Additionally the RADIUS Server s Active Directory should have a valid...

Page 75: ...assword Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to create a text message Once displayed select the Enable...

Page 76: ...x Access screen to the last saved configuration 12 Click Logout to securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed Defining Trusted Hos...

Page 77: ...ted permission to access point resources 4 Select an existing IP address and click the Edit button to modify the address if no longer relevant 5 If you are near the capacity of 8 allowed IP addresses...

Page 78: ...r information The AP35xx can import and maintain a set of CA certificates to use as an authentication option for Virtual Private Network VPN access To use the certificate for a VPN tunnel define a tun...

Page 79: ...Imported root CA Certificates field to view the certificate issuer name subject and certificate expiration data 5 To delete a certificate select the Id from the drop down menu and click the Del button...

Page 80: ...he generated certificate request displays in the drop down list of certificates within the Self Certificates screen Key ID Enter a logical name for the certificate to help distinguish between certific...

Page 81: ...ipboard 7 Click the Paste from clipboard button The content of the email displays in the window Click the Load Certificate button to import the certificate and make it available for use as a VPN authe...

Page 82: ...em Configuration Certificate Mgmt Self Certificates from the AP35xx menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request...

Page 83: ...ewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen NOTE An administrato...

Page 84: ...ck the Load Certificate button 21 Verify the contents of the certificate file display correctly within the Self Certificates screen The certificate for the onboard RADIUS authentication of MUs has now...

Page 85: ...certificate FTP Select the FTP radio button if using an FTP server to import or export the security certificate TFTP Select the TFTP radio button if using an FTP server to import or export the securit...

Page 86: ...iable of a MIB The access point Web download package contains the following 2 MIB files EXTR CC adp35xx MIB 2 0 standard common MIB file EXTR adp35xx MIB Altitude 35xx specific MIB file NOTE The EXTR...

Page 87: ...de the attempted security enhancements of other version 2 protocols Instead SNMP v2c defaults to SNMP standard community strings for read only and read write access SNMP version 3 v3 further enhances...

Page 88: ...unity definition using a site appropriate name and access level Set up a read write definition at a minimum to facilitate full access by the AP35xx administrator 2 Configure the SNMP v1 v2 Configurati...

Page 89: ...AuthNoPriv setting requires login authorization but no encryption The AuthPriv setting requires login authorization and uses the Data Encryption Standard DES protocol OID Use the OID Object Identifier...

Page 90: ...s can read SNMP generated information and if capable modify related settings from an SNMP capable client Use the SNMP Access Control screen s Access Control List ACL to limit by Internet Protocol IP a...

Page 91: ...on Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addresses for SNMP users To add a single I...

Page 92: ...orting this information Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed SNMP environment ge...

Page 93: ...e an entry for an SNMP v3 user Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the AP35xx SNMP agent Port Specify a destination User Datagram Pro...

Page 94: ...Configure the MU Traps field to generate traps for MU associations MU association denials and MU authentication denials When a trap is enabled a trap is sent every 10 seconds until the condition no l...

Page 95: ...a link is lost between the AP35xx and a connected device DynDNS Update Generates a trap whenever domain name information is updated as a result of the IP address associated with that domain being modi...

Page 96: ...pplet A prompt displays confirming the logout before the applet is closed Configuring SNMP RF Trap Thresholds Use the SNMP RF Trap Threshold screen as a means to track RF activity and the AP35xx s rad...

Page 97: ...nter a maximum threshold for the total throughput in Pps Packets per second Throughput Set a maximum threshold for the total throughput in Mbps Megabits per second Average Bit Speed Enter a minimum th...

Page 98: ...ros authentication time synchronization is required Use the Date and Time Settings screen to enable NTP and specify the IP addresses and ports of available NTP servers NOTE The current time is not set...

Page 99: ...r to manually enter the access point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be viewed as a sec...

Page 100: ...stination MAC address Certain TLVs are mandatory and always sent once LLDP is enabled while other TLVs are optionally configured LLDP defines a set of common advertisement messages a protocol for tran...

Page 101: ...val in seconds 5 32768 to define the LLDP refresh interval transmit interval The Refresh Interval is the interval LLDP frames are transmitted on behalf of the LLDP agent The default is 30 seconds 4 Se...

Page 102: ...d to save event logs set the log level and optionally port the AP35xx s log to an external server View Log Click View to save a log of events retained on the AP35xx The system displays a prompt reques...

Page 103: ...int The exported file can be edited with any document editor if necessary NOTE Use the System Settings screen as necessary to restore an AP35xx s default configuration For more information on restorin...

Page 104: ...iguration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radio access point Use the Config Import Export screen to config...

Page 105: ...tem displays a confirmation window indicating the administrator must log out of the AP35xx after the operation completes for the changes to take effect Click Yes to continue the operation Click No to...

Page 106: ...ible Hardware Type Error message indicates the configuration was not applied due to a hardware compatibility issue between the importing and exporting devices Status After executing an operation by cl...

Page 107: ...an the version currently in use on the access point Additionally the configuration version can be manually changed in the text file to cause the configuration to be applied when required The parameter...

Page 108: ...he AP35xx current configuration settings before updating the firmware to have the most recent settings available after the firmware is updated Refer to Importing Exporting Configurations on page 103 f...

Page 109: ...he file within the Filepath optional field 6 Enter an IP address for the FTP or TFTP server used for the update Only numerical IP address names are supported no DNS can be used 7 Select FTP or TFTP to...

Page 110: ...successful If an error occurs one of the following error messages will display FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authenticatio...

Page 111: ...Altitude 3500 Series Access Point Product Reference Guide 111 14 Click Logout to securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed...

Page 112: ...System Configuration Altitude 3500 Series Access Point Product Reference Guide 112...

Page 113: ...cal LAN port supporting two unique LAN interfaces The Altitude 35xx LAN port has its own MAC address The LAN port MAC address is always the value of the Altitude 35xx WAN port MAC address plus 1 The L...

Page 114: ...trunking enabled and the correct management VLAN defined 2 Configure the LAN Settings field to enable the Altitude 35xx LAN1 and or LAN2 interface assign a timeout value enable 802 1q trunking configu...

Page 115: ...can be active at any given time but only one can transmit over the access point s physical LAN connection thus the selected LAN has priority Enable 802 1q Trunking Select the Enable 802 1q Trunking ch...

Page 116: ...VLANs have the same attributes as physical LANs but they enable system administrators to group MUs even when they are not members of the same network segment NOTE A WLAN supporting a mesh network does...

Page 117: ...LAN from the Altitude 35xx menu tree 2 Ensure the Enable 802 1q Trunking button is selected from within the LAN Setting field Trunk links are required to pass VLAN information between destinations A t...

Page 118: ...to extend an internal LAN between the locations An Altitude 35xx managed infrastructure could provide this connectivity but it requires VLAN numbering be managed carefully to avoid conflicts between...

Page 119: ...When a frame arrives on the Altitude 35xx it queries the VMPS for the VLAN assignment based on the source MAC address of the arriving frame If statically mapping VLANs leave the Dynamic checkbox speci...

Page 120: ...terface is a DHCP Client Select this button to enable DHCP to set network address information via this LAN1 or LAN2 connection This is recommended if the Altitude 35xx resides within a large corporate...

Page 121: ...nced DHCP Server Click the Advanced DHCP Server button to display a screen used for generating a list of static MAC to IP address mappings for reserved clients A separate screen exists for each of the...

Page 122: ...n IP address for as long as it remains in active use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically...

Page 123: ...the window to navigate 5 Click the Del delete button to remove a selected table entry 6 Click OK to return to the LAN1 or LAN2 page where the updated settings within the Advanced DHCP Server screen ca...

Page 124: ...te whether the Ethernet Types defined for the LAN are allowed or denied for use by the Altitude 35xx 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this scree...

Page 125: ...k Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed Configuring WAN Settings A Wide Area Network WAN is a widely dispersed telecommuni...

Page 126: ...lient mode is enabled the other WAN IP configuration parameters are grayed out IP Address Specify a numerical non DNS name IP address for the Altitude 35xx s WAN connection This address defines the AP...

Page 127: ...e information over its WAN port about data transmission speed and duplex capabilities Auto negotiation is helpful when using the access point in an environment where different devices are connected an...

Page 128: ...active even when there is no traffic If the ISP drops the connection after an idle period the Altitude 35xx automatically re establishes the connection to the ISP Enabling Keep Alive mode disables gra...

Page 129: ...anslates the WAN IP addresses on incoming packets to local IP addresses NAT is useful because it allows the authentication of incoming and outgoing requests and minimizes the number of WAN IP addresse...

Page 130: ...cal IP address 1 to 1 mapping is useful when users need dedicated addresses and for public facing servers connected to the Altitude 35xx Set the NAT Type as 1 to Many to map a WAN IP address to multip...

Page 131: ...ansport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter...

Page 132: ...ly the primary WAN IP address To configure dynamic DNS for the Altitude 35xx 1 Select Network Configuration WAN DynDNS from the Altitude 35xx menu tree 2 Select the Enable checkbox to allow domain nam...

Page 133: ...being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the screen to the last saved configuration Enabling Wireless LANs WLANs A Wireless...

Page 134: ...existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individua...

Page 135: ...existing WLAN ensure it is not being used by an Altitude 35xx radio or is a WLAN that is needed in its current configuration Once updated the previous configuration is not available unless saved CAUT...

Page 136: ...name should be logical representation of WLAN coverage area engineering marketing etc The maximum number of characters that can be used for the name is 31 Available On Use the Available On checkboxes...

Page 137: ...the WLAN available in the WLAN drop down menu within the Radio Configuration screen This checkbox can be ignored for WLANs not supporting mesh networking to purposely exclude them from the list of WLA...

Page 138: ...password if Kerberos has been selected as the security scheme from within the Security Policies field The field is grayed out if Kerberos has not been selected for the WLAN Disallow MU to MU Communic...

Page 139: ...ter See Configuring Access Point Security on page 169 for more details on configuring Altitude 35xx security For detailed information on the authentication and encryption options available to the Alti...

Page 140: ...LAN For detailed information on assigning ACL policies to specific WLANs see Creating Editing Individual WLANs on page 135 To create or edit ACL policies for WLANs 1 Select Network Configuration Wirel...

Page 141: ...r Edit MU ACL Policy screen and return to the Mobile Unit Access Control List Configuration screen Navigating away from the screen without clicking Apply results in changes to the screens being lost 6...

Page 142: ...e new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Extreme Networks recommends using t...

Page 143: ...ss Point Product Reference Guide 143 2 Click the Create button to configure a new QoS policy or select a policy and click the Edit button to modify an existing QoS policy The access point supports a m...

Page 144: ...ake use of multicast addresses Using this mechanism ensures that the multicast packets for these devices are not delayed by the packet queue 6 Use the drop down menu to select the radio traffic best r...

Page 145: ...ultimedia traffic Video Video traffic includes music streaming and application traffic requiring priority over all other types of network traffic Voice Voice traffic includes VoIP traffic and typicall...

Page 146: ...vice Rather than rely on built in 802 11security features to control access point association privileges configure a WLAN with no WEP an open network The access point issues an IP address to the user...

Page 147: ...ogin page welcome page and fail page used for hotspot access Defining these settings is required when the Use External URL checkbox has been selected within the HTTP Redirection field Use Default File...

Page 148: ...ation IP addresses These allowed destination IP addresses are called a White List Ten configurable IP addresses are allowed for each WLAN For more information see Defining the Hotspot White List on pa...

Page 149: ...127 0 0 1 and cannot be used for the external RADIUS server Radius Port Specify the port on which the RADIUS accounting server is listening Shared Secret Specify a shared secret for accounting authent...

Page 150: ...address for an allowed destination IP address 3 Select a White List entry and click the Del button to remove the address from the White List 4 Click OK to return to the Hotspot Config screen where th...

Page 151: ...tabs are selected and configured separately to enable the radio s and set their mesh networking definitions To set the Altitude 35xx radio configuration this example is for a dual radio access point...

Page 152: ...his is an existing radio within a mesh network this value updates in real time CAUTION A problem could arise if a Base Bridge s Indoor channel is not available on an Outdoor Client Bridge s list of av...

Page 153: ...If the signal strength falls below a configurable threshold the link to the existing base bridge is dropped and a connection to the base bridge with the stronger signal is established Enter a value in...

Page 154: ...changes have been applied 10 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Radio Configuration screen to the last saved configuration 11 C...

Page 155: ...selected for the Altitude 35xx MAC Address The Altitude 35xx like other Ethernet devices has a unique hardware encoded Media Access Control MAC or IEEE address MAC addresses determine the device sendi...

Page 156: ...st average power level Select the Exclude Channels button to display a screen used to prohibit 802 11a or 802 11b g channels from operating with this radio When channel exceptions are defined the acce...

Page 157: ...ude 35xx 802 11a radios Set Rates Click the Set Rates button to display a window for selecting minimum and maximum data transmit rates for the radio At least one Basic Rate must be selected as a minim...

Page 158: ...interval controls the performance of power save stations A small interval may make power save stations more responsive but it will also cause them to consume more battery power A large interval makes...

Page 159: ...Space Number and TXOPs Time for each Access Category These are the QoS policies for the 802 11a or 802 11b g radio not the QoS policies configured for the WLAN as created or edited from the Quality o...

Page 160: ...LANs on a BSSID have the same security policy It is generally a bad idea to have WLANs with different security policies on the same BSSID as this will result in warning or error messages NOTE If using...

Page 161: ...load sensor mode operation information to its parent WIPS Server Either or both of the access point s radios can be set as a WIPS sensor When an access point radio is functioning as a WIPS sensor it i...

Page 162: ...titude 35xx menu tree The Wireless Intrusion Prevention System screen displays NOTE At least one radio is required to be set to WIPS within the Wireless Intrusion Prevention System screen to support W...

Page 163: ...ole server 4 Click Apply to save any changes to the WIPS screen Navigating away from the screen without clicking Apply results in all changes to the screens being lost 5 Click Undo Changes if necessar...

Page 164: ...those associated with destination IP addresses To change any of the network address information within the WAN screen see Configuring WAN Settings on page 125 3 From the Use Default Gateway drop down...

Page 165: ...ion drop down menu Both for both directions Rx only receive only and TX only transmit only are available options No RIP The No RIP option prevents the access point s router from exchanging routing inf...

Page 166: ...to save the changes Configuring IP Filtering Use the access point s IP filtering functionality to determine which IP packets are processed normally by the access point and which are discarded If disca...

Page 167: ...ain their defined IP filtering configurations IP filtering is a network layer facility The IP filtering mechanism does not know anything about the application using the network connections only the co...

Page 168: ...Network Management Altitude 3500 Series Access Point Product Reference Guide 168...

Page 169: ...curely route traffic through a IPSEC tunnel and block transmissions with devices interpreted as Rogue APs NOTE Security for the Altitude 35xx can be configured in various locations throughout the Alti...

Page 170: ...omputer to the Altitude 35xx LAN port using a standard CAT 5 cable 2 Set up the computer for TCP IP DHCP network addressing and make sure the DNS settings are not hardcoded 3 Start Internet Explorer w...

Page 171: ...ings on page 68 Once the password has been set refer back to Configuring Security Options on page 169 to determine which Altitude 35xx security feature to configure next Resetting the Access Point Pas...

Page 172: ...alent Privacy WEP is available in two encryption modes 40 bit also called WEP 64 and 104 bit also called WEP 128 The 104 bit encryption mode provides a longer algorithm better security that takes long...

Page 173: ...5 Enable and configure an Encryption option if necessary for the target security policy Manually Pre Shared Key No Authentication Select this button to disable authentication This is the default value...

Page 174: ...d and developed by MIT provides strong authentication for client server applications using secret key cryptography Using Kerberos a client must prove its identity to a server and vice versa across an...

Page 175: ...tton to configure a new policy supporting Kerberos The New Security Policy screen displays with no authentication or encryption options selected 3 Select the Kerberos radio button The Kerberos Configu...

Page 176: ...curity policy supporting 802 1x EAP continue to step 2 2 Click the Create button to configure a new policy supporting 802 1x EAP The New Security Policy screen displays with no authentication or encry...

Page 177: ...ddresses RADIUS is a client server protocol and software enabling remote access clients to communicate with a server used to authenticate users and authorize access to the requested system or service...

Page 178: ...shared secret is 8d 9fq4bV H7 a3 zE13sW External Radius Server Address Specify the IP address of the external RADIUS server used to provide RADIUS accounting External Radius Port Specify the port on...

Page 179: ...k from a WEP flaw The existing 802 11 standard alone offers administrators no effective method to update keys Max Retries 1 99 retries Define the maximum number of MU retries to reauthenticate after f...

Page 180: ...either the WEP 64 40 bit key or WEP 128 104 bit key radio button The WEP 64 Settings or WEP 128 Settings field displays within the New Security Policy screen 4 Ensure the Name of the security policy e...

Page 181: ...uration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy supporting KeyGuard continue to step 2 2 Click the Cr...

Page 182: ...the Apply button to save any changes made within the KeyGuard Setting field of the New Security Policy screen Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key...

Page 183: ...Fi Protected Access 2 WPA2 is an enhanced version of WPA WPA2 uses the Advanced Encryption Standard AES instead of TKIP AES supports 128 bit 192 bit and 256 bit keys WPA WPA2 also provide strong user...

Page 184: ...st keys every 30 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 3600 seconds for tighter broadcast traff...

Page 185: ...d used by the Advanced Encryption Standard AES AES serves the same function TKIP does for WPA TKIP CCMP computes a Message Integrity Check MIC using the proven Cipher Block Chaining CBC technique Chan...

Page 186: ...icy entered suits the intended configuration or function of the policy 5 Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval Broadcast Key Rotat...

Page 187: ...c string of 8 to 63 characters The string allows character spaces The Altitude 35xx converts the string to a numeric value This passphrase saves the administrator from entering the 256 bit key each ti...

Page 188: ...threat in order to reduce processor overhead Use the WLAN Security screens WEP Kerberos etc as required for setting user authentication and data encryption parameters To configure the Altitude 35xx fi...

Page 189: ...s to terminate the IP address translation process if no translation activity is detected after the specified interval SYN Flood Attack Check A SYN flood attack requests a connection and then fails to...

Page 190: ...ss between these two areas Yellow Limited Access One or more protocol rules are specified Specific protocols are either enabled or disabled between these two areas Click the table cell of interest and...

Page 191: ...on protocol using the Internet s TCP IP protocols FTP provides an efficient way to exchange files between computers on the Internet FTP uses TCP port 21 SMTP Simple Mail Transfer Protocol is a TCP IP...

Page 192: ...sec The other key component is Encapsulating Security Protocol ESP AH provides authentication proving the packet sender really is the sender and the data really is the data sent AH can be used in tran...

Page 193: ...ing and 1 to many mappings from the system Only enable advanced subnet access rules if your configuration requires rules that cannot be configured within the Subnet Access screen Import rules from Sub...

Page 194: ...n button moves the selected rule down by one row in the table The index numbers for the affected rows adjust to reflect the new order Index The index number determines the order firewall rules are exe...

Page 195: ...ltitude 35xx 1 Select Network Configuration WAN VPN from the Altitude 35xx menu tree 2 Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels list tunnel network address...

Page 196: ...is selected this column displays Manual If Auto IKE Key Exchange is selected the field displays Automatic Tunnel Name Enter a name to define the VPN tunnel The tunnel name is used to uniquely identif...

Page 197: ...nd other settings must match a transform set at the remote end of the gateway Use the Manual Key Settings screen to specify the transform sets used for VPN access To configure manual key settings for...

Page 198: ...butes when possible AH Authentication AH provides data authentication and anti replay services for the VPN tunnel Select the required authentication method from the drop down menu None Disables AH aut...

Page 199: ...ion ESP Encryption Algorithm Select the encryption and authentication algorithms for the VPN tunnel using the drop down menu DES Uses the DES encryption algorithm requiring 64 bit 16 character hexadec...

Page 200: ...35xx menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the Auto Key Settings button Inbound ESP Authentication Key Define a key for computing th...

Page 201: ...vailable range is from 300 to 65535 seconds The default is 300 seconds AH Authentication AH provides data authentication and anti replay services for the VPN tunnel Select the desired authentication m...

Page 202: ...o button and click the IKE Settings button ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are r...

Page 203: ...s faster but less secure than Main mode Identities are not encrypted unless public key encryption is used The authentication method cannot be negotiated if the initiator chooses public key encryption...

Page 204: ...create and import certificates into the system IKE Authentication Algorithm IKE provides data authentication and anti replay services for the VPN tunnel Select an authentication methods from the drop...

Page 205: ...reen is read only with no configurable parameters To configure a VPN tunnel use the VPN configuration screen in the WAN section of the Altitude 35xx menu tree Diffie Hellman Group Select a Diffie Hell...

Page 206: ...VE When the tunnel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each tunnel The SPI is used locally by the Altitude 35xx to...

Page 207: ...llows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP SMTP and FTP requests Tx Bytes The Tx Bytes column lists the amount of data in bytes transmitted th...

Page 208: ...Blocking allows for blocking of specific HTTP commands going outbound on the Altitude 35xx WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following...

Page 209: ...CPT Recipient Identifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with an OK reply and t...

Page 210: ...f the country the access point is operating in The rogue detection interval is used in conjunction with Motorola MUs that identify themselves as rogue detection capable to the access point The detecti...

Page 211: ...could render the Altitude 35xx s Rogue AP Detector Mode feature inoperable Contact your Extreme Networks sales associate for specific information To configure Rogue AP detection for the Altitude 35xx...

Page 212: ...band is used as the detector radio RF A BG Scan Select this checkbox to scan for rouges over all channels on both of the access point s 11a and 11bg radio bands The switching of radio bands is based...

Page 213: ...nables the user to view the list of detected rogue APs and if necessary select and move an AP into a list of allowed devices This is helpful when the settings defined within the Rogue AP Detection scr...

Page 214: ...e AP Details on page 214 7 To remove the Rogue AP entries displayed within the e Rogue APs field click the Clear Rogue AP List button Extreme Networks only recommends clearing the list of Rogue APs wh...

Page 215: ...hould be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The higher the RSSI the closer the rogue AP If m...

Page 216: ...etection area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the Altitude 35xx menu...

Page 217: ...en Only use this option if you are sure all of the devices detected and displayed within the Scan Results table are non hostile APs 5 Highlight a different MU from the Rogue AP enabled MUs field as ne...

Page 218: ...S PAP are supported 3 Use the TTLS PEAP Configuration field to specify the RADIUS Server default EAP type EAP authentication type and a Server or CA certificate if used Local An internal user database...

Page 219: ...ion method based on Microsoft s challenge response authentication protocol TTLS options include PAP Password Authentication Protocol sends a username and password over a network to a server that compa...

Page 220: ...rnal LDAP server see Configuring the Radius Server on page 217 the LDAP screen is used to configure the properties of the external LDAP server To configure the LDAP server 1 Select System Configuratio...

Page 221: ...he login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory users must use sAMAccountName as their login attribute to successfull...

Page 222: ...confirming the logout before the applet is closed Configuring a Proxy Radius Server The access point has the capability to proxy authentication requests to a remote RADIUS server based on the suffix o...

Page 223: ...r a value between 3 and 6 to indicate the number of times the access point attempts to reach a proxy server before giving up Timeout Enter a value between 5 and 10 to indicate the number of elapsed se...

Page 224: ...mpt displays confirming the logout before the applet is closed Managing the Local User Database Use the User Database screen to create groups for use with the RADIUS server The database of groups is e...

Page 225: ...s to Groups on page 225 8 Click Apply to save any changes to the Users screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Change...

Page 226: ...es can be applied to each group With this latest 2 0 version access point firmware individual groups can be associated with their own time based access policy Each group s policy has a user defined in...

Page 227: ...ess Policy screen displays the following fields Groups The Groups field displays the names of those existing groups that can have access intervals applied to them Click the Edit button to display a sc...

Page 228: ...include any hour of the day Ten unique access intervals can be defined for each existing group To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the...

Page 229: ...and end time as defined using the Edit Access Policy screen Only during this period of time can authentication requests from users be honored with no overlaps Any authentication request outside of thi...

Page 230: ...Configuring Access Point Security Altitude 3500 Series Access Point Product Reference Guide 230...

Page 231: ...in the Altitude 35xx radio coverage area The type of AP detected can be displayed as well as the properties of individual APs See the following sections for more details on viewing statistics for the...

Page 232: ...ble the WAN connection HW Address The Media Access Control MAC address of the Altitude 35xx WAN port The WAN port MAC address is hard coded at the factory and cannot be changed For more information on...

Page 233: ...e WAN interface If this number appears excessive consider a new connection to the device RX Overruns RX overruns are buffer overruns on the WAN connection RX overruns occur when packets are received f...

Page 234: ...before the applet is closed Viewing LAN Statistics Use the LAN Stats screen to monitor the activity of the Altitude 35xx s LAN1 or LAN2 connection The Information field of the LAN Stats screen displa...

Page 235: ...speed is not achieved examine the number of transmit and receive errors or consider increasing the supported data rate Duplex Displays whether the current LAN connection is full or half duplex WLANs...

Page 236: ...saging and initiate a spanning tree recalculation when spanning tree is enabled TX Packets TX packets are data packets sent over the Altitude 35xx LAN port The displayed number is a cumulative total s...

Page 237: ...idge is powered up or when a topology change is detected Designated Root Displays the access point MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen For infor...

Page 238: ...d learning state This time is equal to 15 sec by default but you can tune the time to be between 4 and 30 sec For information on setting the Bridge Forward Delay see Setting the LAN Configuration for...

Page 239: ...thin the Wireless Statistics Summary screen see Enabling Wireless LANs WLANs on page 133 to enable the WLAN For information on configuring the properties of individual WLANs see Creating Editing Indiv...

Page 240: ...WLAN that are non unicast Non unicast packets include broadcast and multicast packets Retries Displays the average number of retries per packet An excessive number could indicate possible network or...

Page 241: ...lays the Extended Service Set ID ESSID for the target WLAN Radio s Displays the name of the 802 11a or 802 11b g radio the target WLAN is using for Altitude 35xx transmissions Authentication Type Disp...

Page 242: ...ived The number in black represents statistics for the last 30 seconds and the number in blue represents statistics for the last hour If the bit speed is significantly slower than the selected data ra...

Page 243: ...Statistics Summary Select the Radio Stats Summary screen to view high level information radio name type number of associated MUs etc for the radio s enabled on an Altitude 35xx Individual radio stati...

Page 244: ...r 802 11b g currently deployed by the Altitude 35xx MUs Displays the total number of MUs currently associated with each Altitude 35xx radio T put Displays the total throughput in Megabits per second M...

Page 245: ...screen There are four fields within the screen The Information field displays device address and location information as well as channel and power information The Traffic field displays statistics for...

Page 246: ...lays the average total packets per second received The Tx column displays the average total packets per second transmitted The number in black represents this statistic for the last 30 seconds and the...

Page 247: ...r If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU Noise Displays the average RF noise for all MUs associated with the A...

Page 248: ...he screen without clicking Apply results in changes to the screens being lost 3 Click Undo Changes if necessary to undo any changes made to the screen Undo Changes reverts the settings to the last sav...

Page 249: ...erifying the link with an associated MU IP Address Displays the IP address of each of the associated MU MAC Address Displays the MAC address of each of the associated MU WLAN Displays the WLAN name ea...

Page 250: ...The MU Details screen is separated into four fields MU Properties MU Traffic MU Signal and MU Errors The MU Properties field displays basic information such as hardware address IP address and associat...

Page 251: ...second sent on the MU The number in black represents throughput for the last 30 seconds the number in blue represents throughput for the last hour Avg Bit Speed The Total column displays the average...

Page 252: ...ts sent versus packets received to assess the link quality between MU and the Altitude 35xx 5 Click the Ok button to exit the Echo Test screen and return to the MU Stats Summary screen Avg Num of Retr...

Page 253: ...ion Statistics button Use the displayed statistics to determine if the target MU would be better served with a different Altitude 35xx WLAN or Altitude 35xx radio 4 Click Ok to return to the MU Stats...

Page 254: ...is used to create a known AP list The list has field indicating the properties of the access point discovered NOTE The Known AP Statistics screen only displays statistics for access points located on...

Page 255: ...in order to begin new data collections 3 Click the Details button to display access point address and radio information IP Address The network assigned Internet Protocol address of the located AP MAC...

Page 256: ...re target devices that are not Extreme Networks access points are unable to respond to the ping test 5 Click the Send Cfg to APs button to send the your access point s configuration to other access po...

Page 257: ...he location of the devices displayed within the Known AP Statistics screen When an Altitude 35xx is highlighted and the Start Flash button is selected the LEDs on the selected Altitude 35xx flash When...

Page 258: ...Monitoring Statistics Altitude 3500 Series Access Point Product Reference Guide 258...

Page 259: ...t one end of a null modem serial cable to the AP35xx s serial connector NOTE If using an Altitude 3510 model access point a null modem cable is required If using an Altitude 3550 model access point an...

Page 260: ...is is your first time logging into the access point you are unable to access any of the access point s commands until the country code is set A new password will also need to be created Admin and Comm...

Page 261: ...rgument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forward...

Page 262: ...rd successfully updated For information on configuring passwords using the applet GUI see Setting Passwords on page 170 passwd Changes the admin password for AP35xx access This requires typing the old...

Page 263: ...QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 10 255 108 253 LAN1 Mask 255 255 255 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode disable LAN2 IP 192 168 1 1 LAN2...

Page 264: ...ference Guide 264 AP35xx admin Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the di...

Page 265: ...de 265 AP35xx admin Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in t...

Page 266: ...he save command appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The...

Page 267: ...it Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the...

Page 268: ...e Wireless Configuration submenu firewall Goes to the firewall submenu router Goes to the router submenu ipfilter Goes to the IP Filtering submenu Goes to the parent menu Goes to the root menu save Sa...

Page 269: ...twork Mask 255 255 255 0 Default Gateway 10 255 108 1 Domain Name ADP35xxExtreme com Primary DNS Server 10 255 181 87 Secondary DNS Server 10 0 4 72 WINS Server 192 168 0 254 LAN2 Information LAN Name...

Page 270: ...et port timeout seconds Sets the interval in seconds the AP35xx uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trun...

Page 271: ...Access Point Product Reference Guide 271 Related Commands For information on configuring the LAN using the applet GUI see Configuring the LAN Interface on page 113 show Shows the current settings for...

Page 272: ...iew of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 519 show Displays the mesh configuration parameters for the AP35xx s LANs set Sets the me...

Page 273: ...lo Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 65500 Hello Time seconds 2 Message Age Time seconds...

Page 274: ...Entry Ageout Time seconds 300 LAN2 Mesh Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview...

Page 275: ...onfiguring VLAN Support on page 116 show Displays the VLAN list currently defined for the AP35xx set Sets the AP35xx VLAN configuration create Creates a new AP35xx VLAN edit Edits the properties of an...

Page 276: ...ement VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 admin network lan wlan m...

Page 277: ...in network lan wlan mapping set mode 1 static admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static For information on...

Page 278: ...LAN for the AP35xx Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Page 279: ...n_002 3 3 Vlan_003 admin network lan wlan mapping edit name 1 VlanConfRoom admin network lan wlan mapping show name Index VLAN ID VLAN Name 1 1 VlanConfRoom 2 2 Vlan_002 3 3 Vlan_003 For information o...

Page 280: ...n mapping show name Index VLAN ID VLAN Name 1 1 VlanConfRoom 2 2 Vlan_002 3 3 Vlan_003 admin network lan wlan mapping delete 2 admin network lan wlan mapping show name Index VLAN ID VLAN Name 1 1 Vlan...

Page 281: ...WLAN Syntax Example admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 116 lan map wlan name Maps an existing...

Page 282: ...o a WLAN Syntax Example admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 116 vlan map wlan name Maps an ex...

Page 283: ...items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static DH...

Page 284: ...Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168...

Page 285: ...rk lan dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the ap...

Page 286: ...24 6 admin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on addin...

Page 287: ...min network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhcp delete 1 all...

Page 288: ...dress IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing clie...

Page 289: ...ilter submenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry d...

Page 290: ...et Type Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration...

Page 291: ...configuration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on pa...

Page 292: ...work wireless type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type f...

Page 293: ...Ethernet Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet...

Page 294: ...and the AP35xx s current PPPoE configuration set Defines the AP35xx s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can be defined vpn Goes to the...

Page 295: ...negotiation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name John...

Page 296: ...on page 125 set wan enable disable Enables or disables the AP35xx WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP address...

Page 297: ...NAT configuration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 129 show Displays the AP35xx s current NAT parameters for the specified index...

Page 298: ...AT Type 1 to many Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235...

Page 299: ...to many nat mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 129 set...

Page 300: ...et GUI see Configuring Network Address Translation NAT Settings on page 129 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is...

Page 301: ...te 1 1 admin network wan nat list 1 index name prot start port end port internal ip translation port Related Commands For an overview of the NAT options available using the applet GUI see Configuring...

Page 302: ...port start port end port internal ip translation port 1 special tcp 20 21 192 168 42 16 21 Related Commands 1 For an overview of the NAT options available using the applet GUI see Configuring Network...

Page 303: ...ng the applet GUI see Configuring VPN Tunnels on page 194 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all...

Page 304: ...I values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 194 add name subnet idx l...

Page 305: ...tions include DES 3DES AES128 AES192 or AES256 esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends...

Page 306: ...FQDN myiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE...

Page 307: ...68 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway...

Page 308: ...rkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209...

Page 309: ...network wan vpn reset Resets all of the AP35xx s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI...

Page 310: ...atistics for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displayin...

Page 311: ...tate Dest IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 20...

Page 312: ...the Outbound Content Filtering menu The items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic lis...

Page 313: ...raffic proxy Adds a Web proxy command activex Adds activex files file Adds Web URL extensions 10 files maximum smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcp...

Page 314: ...traffic proxy Deletes a Web proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail ma...

Page 315: ...wan content list smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing...

Page 316: ...items available under this command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 132 set Sets Dynamic DNS parameters update Set...

Page 317: ...twork wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 132 set mode enable disable Enables or disables the D...

Page 318: ...WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the apple...

Page 319: ...n network wan dyndns show DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview...

Page 320: ...Goes to the Security Policy submenu acl Goes to the MU Access Control Policy submenu radio Goes to the Radio configuration submenu qos Goes to the Quality of Service submenu rate limiting Goes to the...

Page 321: ...ns available to the using the applet GUI see Enabling Wireless LANs WLANs on page 133 show Displays the AP35xx s current WLAN configuration create Defines the parameters of a new WLAN edit Modifies th...

Page 322: ...vailable Client Bridge Mesh Backhaul not available Hotspot not available Maximum MUs 127 Security Policy Default MU Access Control Default Kerberos User Name Kerberos Password Disallow MU to MU Commun...

Page 323: ...limiting enable disable Per MU Rate Limiting limit w2wl set per MU rate limit wired to wireless limit wl2w set per MU rate limit wireless to wired Example admin network wireless wlan create show wlan...

Page 324: ...Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy Name Associated WLANs 1 Default Front Lobby 2 Voice Audio Dept 3 Video Video Dept The CLI treats the follow...

Page 325: ...AP35xx admin network wireless wlan edit Edits the properties of an existing WLAN policy Syntax For information on editing a WLAN using the applet GUI see Creating Editing Individual WLANs on page 135...

Page 326: ...6 AP35xx admin network wireless wlan delete Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 135 delete wlan name D...

Page 327: ...on configuring the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 146 show Show hotspot parameters redirection Goes to the hotspot redirection menu...

Page 328: ...35 21 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0...

Page 329: ...iguring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 redirection set page loc Sets the hotspot http re direction by index 1 1...

Page 330: ...enu Syntax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 set Sets the RADIUS hotspot configurat...

Page 331: ...e Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 set server idx srvr_type ipadr Sets the RADIUS hotspot server IP address per wlan...

Page 332: ...ary Server Secret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Secret Accounti...

Page 333: ...ist Rules Idx IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 white li...

Page 334: ...configuration options available to the access point using the applet GUI see Configuring Security Options on page 169 show Displays the AP35xx s current security configuration set Sets security param...

Page 335: ...Open Manual no encrypt 1st Floor WPA Countermeasure enable admin network wireless security show policy 1 Policy Name Default Authentication Manual Pre shared key No Authentication Encryption type no e...

Page 336: ...remote to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in affect if eap is specified for the authe...

Page 337: ...eout time Sets the server timeout time in seconds 1 255 svr retry count Sets the maximum number of server retries to count 1 255 Note The WEP authentication mechanism saves up to four different keys o...

Page 338: ...Enables or disables preauthentication fast roaming type key type Sets the TKIP key type key 256 bit key Sets the TKIP key to 256 bit key phrase ascii phrase Sets the TKIP ASCII pass phrase to ascii p...

Page 339: ...ecurity edit Edits the properties of a specific security policy A new context opens for the profile being edited AP35xx admin network wireless security edit For more information on this context see Ne...

Page 340: ...rk wireless security edit Displays the AP35xx wireless security policy edit submenu The items available under this menu include show Displays the security policy parameters for the selected security p...

Page 341: ...twork wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable ccmp key type phrase c...

Page 342: ...rimary 2 secondary and sets its IP address to ip port s idx p num Sets the RADIUS Server port number for server type s idx 1 primary 2 secondary to port number p num 1 65535 secret s idx c Sets the sh...

Page 343: ...y index key idx 1 4 key str can be 10 hex digits for WEP40 and 26 digits for WEP104 Keyguard ascii key k idx key str Sets the ASCII key key str for the key index key idx 1 4 key str can be 5 chars for...

Page 344: ...p interval 46 admin network wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable...

Page 345: ...etwork wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable ccmp key type key ccm...

Page 346: ...n network wireless acl Displays the AP35xx Mobile Unit Access Control List ACL submenu The items available under this command include delete sec name Removes the specified security policy from the lis...

Page 347: ...by WLAN1 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For information...

Page 348: ...ireless acl create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 create show a...

Page 349: ...access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy add...

Page 350: ...delete Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 del...

Page 351: ...io submenu The items available under this command include show Summarizes AP35xx radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 802 11b g radio s...

Page 352: ...ents 6 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable RF Band of Operation 802 11a 5 GHz RF Function WLAN Wireless Mesh Config...

Page 353: ...5xx s 802 11a radio 11bg mode Enables or disables the AP35xx s 802 11b g radio rf function radio id rf func Sets the radio function as either a WIPS sensor or a WLAN radio mesh base mode Enables or di...

Page 354: ...Point Product Reference Guide 354 Dot11 Auth Algorithm shared key allowed For information on configuring the Radio Configuration options available to the access point using the applet GUI see Setting...

Page 355: ...le to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 150 show Displays 802 11b g radio settings set Defines specific 802 11b g radio parameters delete Deletes...

Page 356: ...Supported Rates 1 2 5 5 6 9 11 12 18 24 36 48 54 Beacon Interval 100 K usec DTIM Interval per BSSID 1 10 beacon intvls 2 10 beacon intvls 3 10 beacon intvls 4 10 beacon intvls short preamble disable R...

Page 357: ...TIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number for example set dtim 2 50 This will change the DTIM for BSSID 2 to 50 For information...

Page 358: ...802 11bg set ch mode user admin network wireless radio 802 11bg set channel 1 admin network wireless radio 802 11bg set acs exception list 10 admin network wireless radio 802 11bg set antenna full ad...

Page 359: ...CAUTION If you do NOT include the index number for example set dtim 50 the DTIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number for examp...

Page 360: ...Displays the advanced submenu for the 802 11b g radio The items available under this command include show Displays advanced radio settings for the 802 11b g radio set Defines advanced parameters for...

Page 361: ...onfiguration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 11a...

Page 362: ...radio 802 11bg advanced set wlan demoroom 1 admin network wireless radio 802 11bg advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access poin...

Page 363: ...der this command include Syntax show Displays 802 11a radio settings set Defines specific 802 11a radio parameters delete Deletes the ACS exception channels advanced Displays the Advanced radio settin...

Page 364: ...s 6 9 12 18 24 36 48 54 Beacon Interval 100 K usec DTIM Interval per BSSID 1 10 beacon intvls 2 10 beacon intvls 3 10 beacon intvls 4 10 beacon intvls RTS Threshold 2346 bytes Extended Range 0 miles Q...

Page 365: ...ries Access Point Product Reference Guide 365 For information on configuring Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a or 802 11b g R...

Page 366: ...min network wireless radio 802 11a set ch mode user admin network wireless radio 802 11a set channel 1 admin network wireless radio 802 11a set acs exception list 44 153 161 admin network wireless rad...

Page 367: ...s the advanced submenu for the 802 11a radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11a radio set Defines advanced parameters for the 8...

Page 368: ...good configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Rad...

Page 369: ...802 11a advanced set wlan demoroom 1 admin network wireless radio 802 11a advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using t...

Page 370: ...Quality of Service QoS submenu The items available under this command include show Displays AP35xx QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Page 371: ...ideo Vidio Dept admin network wireless qos show policy 1 Policy Name IP Phones Support Legacy Voice Mode disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mod...

Page 372: ...ata type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 1...

Page 373: ...e data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wif...

Page 374: ...os delete Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page...

Page 375: ...network wireless rate limiting Displays the AP35xx Rate Limiting submenu The items available under this command include show Shows the Rate Limiting state and WLAN values set Sets the Rate Limiting s...

Page 376: ...ss rate limiting show Displays the AP35xx s current Rate Limiting configuration Syntax Example admin network wireless rate limiting show summary Per MU Rate Limiting disable show summary wlan Displays...

Page 377: ...tude 3500 Series Access Point Product Reference Guide 377 AP35xx admin network wireless rate limiting set Defines the AP35xx Rate Limiting configuration Syntax set rate limit Enable disable Rate Limit...

Page 378: ...ude show Displays the current AP35xx Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed...

Page 379: ...e ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Extreme APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For in...

Page 380: ...annel disable Detector Radio Scan disable Auto Authorize Extreme Networks APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP options avai...

Page 381: ...mu scan Displays the Rogue AP mu scan submenu add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to th...

Page 382: ...eless rogue ap mu scan start Initiates an MU scan for a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Conf...

Page 383: ...network wireless rogue ap mu scan show Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Page 384: ...wed list Displays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the all...

Page 385: ...x Example admin network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring...

Page 386: ...161BB 103 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on...

Page 387: ...address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 210...

Page 388: ...ess wips Displays the wips Locationing submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention param...

Page 389: ...ork wireless wips show Shows the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips show WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 10 1 1 admin...

Page 390: ...5xx admin network wireless wips set Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip...

Page 391: ...rk wireless mu locationing Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing paramete...

Page 392: ...x admin network wireless mu locationing show Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 adm...

Page 393: ...Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu locationing set Def...

Page 394: ...e under this command include show Displays the AP35xx s current firewall configuration set Defines the AP35xx s firewall parameters access Enables disables firewall permissions through the LAN and WAN...

Page 395: ...k filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood...

Page 396: ...ce routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enabl...

Page 397: ...440 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settin...

Page 398: ...eny 255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuring the Firewall options avai...

Page 399: ...bmenu The items available under this command are show Displays the existing AP35xx router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined routes list...

Page 400: ...ric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 168 24 0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255 2...

Page 401: ...g the Router options available to the access point using the applet GUI see Configuring Router Settings on page 163 set auth Sets the RIP authentication type dir Sets RIP direction id Sets MD5 authent...

Page 402: ...t index destination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI...

Page 403: ...2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 1...

Page 404: ...t index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For informatio...

Page 405: ...sword exec execute a Linux command arp display arp table aap setup go to Adaptive AP Settings sub menu lldp go to LLDP sub menu access go to ADP 35xx Access sub menu cmgr go to Certificate Manager sub...

Page 406: ...sure to save changes before resetting Are you sure you want to restart the AP35xx yes no AP35xx Boot Firmware Version 2 2 0 0 XXX Copyright c Extreme Networks 2007 All rights reserved Press escape key...

Page 407: ...em uptime 0 days 0 hours 56 minutes 27 seconds led state enable DNS Relay Mode enable SSLv2 support from HTTP server enable weak cipher support in SSL enable SSHv1 support enable ADP 35xx firmware ver...

Page 408: ...ocation email set ADP 35xx admin email address cc set ADP 35xx country code led set ADP 35xx LED state dns relay mode set DNS relay mode sslv2 set SSLv2 mode for apache enable disable weak ssl cipher...

Page 409: ...Guide 409 AP35xx admin system lastpw Displays last expired debug password Example admin system lastpw AP35xx MAC Address is 00 15 70 02 7A 66 Last debug password was Extreme Networks Current debug pas...

Page 410: ...61 A8 C ixp1 157 235 92 179 ether 00 14 22 F3 D7 39 C ixp1 157 235 92 248 ether 00 11 25 B2 09 60 C ixp1 157 235 92 180 ether 00 0D 60 D0 06 90 C ixp1 157 235 92 3 ether 00 D0 2B A0 D4 FC C ixp1 157...

Page 411: ...ee Adaptive AP Setup on page 70 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 551 show Displays Adaptive AP information set Defines the Adaptive AP configur...

Page 412: ...0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Controller disable AC keepalive 5 Load Balancing enable Inactivity Timeout 42 Current Controller 10 255 108 37 AP Adoption...

Page 413: ...r ip addresses name set controller domain name port set control port passphrase set controller passphrase tunnel to cntrlr enable disable AP Controller Tunnel ac keepalive set the AC KeepAlive period...

Page 414: ...ntax Example admin system aap setup delete 1 admin system aap setup For information on configuring adaptive AP using the applet GUI see Adaptive AP Setup on page 70 For an overview of adaptive AP func...

Page 415: ...tax For information on configuring LLDP using the applet GUI see Configuring LLDP Settings on page 4 100 show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to the roo...

Page 416: ...ystem lldp show Displays LLDP information Syntax ExampleExample admin system lldp show LLDP Status disable LLDP Referesh Interval 30 LLDP Holdtime Multiplier 4 For information on configuring LLDP usin...

Page 417: ...admin system lldp set Sets the LLDP configuration Syntax show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to the root menu save Saves the current configuration to t...

Page 418: ...in system access Displays the access point access submenu show Displays AP35xx system access capabilities set Goes to the AP35xx system access submenu Goes to the parent menu Goes to the root menu sav...

Page 419: ...Disables global management access snmp http https telnet and ssh for up to 8 addresses hosts auth timout seconds Disables the radio interface if no data activity is detected after the interval define...

Page 420: ...and telnet trusted host s 1 10 1 1 1 10 1 1 10 trusted host s 2 0 0 0 0 0 0 0 0 trusted host s 3 0 0 0 0 0 0 0 0 trusted host s 4 0 0 0 0 0 0 0 0 trusted host s 5 0 0 0 0 0 0 0 0 trusted host s 6 0 0...

Page 421: ...CA listself list the Signed Certificate loaded loadca load root CA certificate delca delete the root CA certificate listca list the root CA certificate loaded showreq displays certificate request in P...

Page 422: ...7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management...

Page 423: ...r delself Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for A...

Page 424: ...e signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 79 loadself IDna...

Page 425: ...xx admin system cmgr listself Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the V...

Page 426: ...system cmgr loadca Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78...

Page 427: ...erence Guide 427 AP35xx admin system cmgr delca Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78...

Page 428: ...Reference Guide 428 AP35xx admin system cmgr listca Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate...

Page 429: ...howreq Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78 showreq IDname Displays a...

Page 430: ...e Guide 430 AP35xx admin system cmgr delprivkey Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the V...

Page 431: ...AP35xx admin system cmgr listprivkey Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78 listpriv...

Page 432: ...tory default configuration admin system cmgr genreq generate Certificate Request delself delete Signed Certificate loadself load Signed Certificate signed by CA listself list the Signed Certificate lo...

Page 433: ...ault configuration admin system cmgr genreq generate Certificate Request delself delete Signed Certificate loadself load Signed Certificate signed by CA listself list the Signed Certificate loaded loa...

Page 434: ...ess menu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent menu Goes to the root menu save Saves the...

Page 435: ...the SNMP v3 engine ID Syntax Example admin system snmp access show eid AP35xx snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings u...

Page 436: ...chars E g 1 3 6 1 v3 user access oid sec auth pass1 priv pass2 user username 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security none auth auth priv au...

Page 437: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 90 delete acl idx Deletes entry idx 1 10 f...

Page 438: ...rivate read write 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password priv...

Page 439: ...NMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list...

Page 440: ...olation disable SNMP Network Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config ch...

Page 441: ...te enable disable Enables disables dyndns update trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disa...

Page 442: ...see Configuring SNMP RF Trap Thresholds on page 96 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port...

Page 443: ...s delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 86 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Dele...

Page 444: ...comm v1 admin system snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level...

Page 445: ...es to the user database submenu For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 user Goes to the user submenu gr...

Page 446: ...rds For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 add Adds a new user delete Deletes an existing user ID clear...

Page 447: ...r to the user database Syntax Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining U...

Page 448: ...te Removes a new user to the user database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI...

Page 449: ...ves all existing user IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see De...

Page 450: ...set Sets a password for a user Syntax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see D...

Page 451: ...User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 create Creates a group name delete Deletes a group name clearall Removes all existing group nam...

Page 452: ...ame Once defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet G...

Page 453: ...db group delete Deletes an existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see...

Page 454: ...Removes all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet G...

Page 455: ...ser to an existing group Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining...

Page 456: ...a user from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see D...

Page 457: ...rdb group show groups List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Acce...

Page 458: ...ing the applet GUI see Configuring User Authentication on page 217 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu cl...

Page 459: ...DIUS user database Syntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring RADIUS using the applet GUI see...

Page 460: ...ring EAP RADIUS using the applet GUI see Configuring User Authentication on page 217 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defin...

Page 461: ...e Peap submenu Syntax For information on configuring PEAP RADIUS using the applet GUI see Configuring User Authentication on page 217 set Defines Peap parameters show Displays the Peap configuration s...

Page 462: ...plays Peap parameters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP RADIUS values using the appl...

Page 463: ...submenu Syntax For information on configuring EAP TTLS RADIUS values using the applet GUI see Configuring User Authentication on page 217 set Defines TTLS parameters show Displays the TTLS configurat...

Page 464: ...plays TTLS parameters Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS RADIUS values using the appl...

Page 465: ...tion on configuring RADIUS access policies using the applet GUI see Configuring User Authentication on page 217 set Sets a group s WLAN access policy access time Goes to the time based login submenu s...

Page 466: ...s WLAN access policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring RADIUS WLAN policy values using the applet GUI see Configuri...

Page 467: ...e is in DayDDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Des...

Page 468: ...access policy Syntax Example admin system radius policy show List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configurin...

Page 469: ...ation on configuring a RADIUS LDAP server using the applet GUI see Configuring LDAP Authentication on page 220 set Defines the LDAP parameters show Displays existing LDAP parameters command must be su...

Page 470: ...tem radius ldap set groupname 0 0 0 0 admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a RADIUS L...

Page 471: ...on LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue cn LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass...

Page 472: ...US proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 222 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets pro...

Page 473: ...xy add lancelot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 222 add...

Page 474: ...m radius proxy delete Deletes a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Page 475: ...ves all proxy server records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Page 476: ...radius proxy set delay 10 admin system radius proxy set count 5 admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius...

Page 477: ...g RADIUS client values using the applet GUI see Configuring the Radius Server on page 217 add Adds a RADIUS client to list of available clients delete Deletes a RADIUS client from list of available cl...

Page 478: ...ADIUS server Syntax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Page 479: ...e available to the RADIUS server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Page 480: ...clients Syntax Example admin system radius client show Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring RADIUS client val...

Page 481: ...ns to be configured accurately on the AP35xx Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 98 show Shows NTP parameters settings date...

Page 482: ...0 Time Zone ntp mode enable preferred Time server ip 203 21 37 18 preferred Time server port 123 first alternate server ip 203 21 37 19 first alternate server port 123 second alternate server ip 0 0 0...

Page 483: ...date zone Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone UTC For information on configuring NTP using the applet GUI see C...

Page 484: ...zone list Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list For information on configuring NTP using the applet GUI see Configuring Net...

Page 485: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 98 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines t...

Page 486: ...Displays the AP35xx log submenu Logging options include show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the designa...

Page 487: ...P35xx logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings using...

Page 488: ...mation on configuring logging settings using the applet GUI see Logging Configuration on page 102 set level level Sets the level of the events that will be logged All events with a level at or above l...

Page 489: ...up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 0...

Page 490: ...erence Guide 490 AP35xx admin system logs delete Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configur...

Page 491: ...transfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 102 send Sends the system log file via...

Page 492: ...the default AP35xx configuration partial Restores a partial default AP35xx configuration show Shows import export parameters set Sets import export AP35xx configuration parameters export Exports AP35...

Page 493: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Page 494: ...P35xx s LAN WAN and SNMP settings are unaffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP35xx yes no For information on importing...

Page 495: ...nfiguration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing expo...

Page 496: ...tftp server ip address 192 168 22 12 ftp user name myadmin ftp password For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations...

Page 497: ...configuration file Done File transfer In progress File transfer Done Export Operation Done CAUTION Make sure a copy of the AP35xx s current configuration is exported to a secure location before expor...

Page 498: ...on Done Import TFTP Example admin system config set server 192 168 0 101 admin system config set file config txt admin system config import tftp Import operation Started File transfer In progress File...

Page 499: ...the reboot process to successfully update the device firmware regardless of whether the reboot is conducted using the GUI or CLI interfaces show Displays the current AP35xx firmware update settings s...

Page 500: ...fw update show automatic firmware upgrade enable automatic config upgrade enable firmware filename APFW bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name jsmith ftp passw...

Page 501: ...Device Firmware on page 107 set fw auto mode When enabled updates device firmware each time the firmware versions are found to be different between the AP35xx and the specified firmware on the remote...

Page 502: ...process to successfully update the device firmware regardless of whether the reboot is conducted using the GUI or CLI interfaces admin system fw update update ftp For information on updating access p...

Page 503: ...onfig file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash all leds...

Page 504: ...s Bridge Statistics known ap show Known APs Summary Details For information on displaying WAN port statistics using the applet GUI see Viewing WAN Statistics on page 231 For information on displaying...

Page 505: ...all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on copying the access point config to another access point usin...

Page 506: ...cfg all admin stats NOTE The send cfg all command copies all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on cop...

Page 507: ...for specified LAN index either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears AP35xx...

Page 508: ...nt s LEDs Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Vi...

Page 509: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 252 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters...

Page 510: ...s Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Pin...

Page 511: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Page 512: ...f the echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 252 set station mac Defines MU target MAC address request num Sets number of ec...

Page 513: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Page 514: ...test to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 252 ping show Shows Known AP Summary details list Defines ping test p...

Page 515: ...erence Guide 515 AP35xx admin stats ping show Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 acce...

Page 516: ...ping test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known A...

Page 517: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 252 s...

Page 518: ...es the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For informa...

Page 519: ...igured as both a base and a client bridge function as repeaters to transmit data with associated MUs in their coverage area client bridge mode as well as forward traffic to other access points in the...

Page 520: ...tter optimization of the mesh networking feature by enabling the access point to transmit to other mesh network members using one independent radio and transmit with associated MUs using the second in...

Page 521: ...a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the base bridge configuration Therefore when a radio is configured as a repea...

Page 522: ...its own STP The WLAN assignment controls the subnet LAN1 or 2 upon which a given connection resides If WLAN2 is assigned to LAN1 and WLAN2 is used to establish a client bridge connection then the mesh...

Page 523: ...as the root imposes these settings within the mesh network The user does not necessarily have to change these settings as the default settings will work However Extreme Networks encourages the user t...

Page 524: ...en it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data unit sent This time is equal to 2 seconds sec by default but you c...

Page 525: ...same ESSID radio designation security policy MU ACL and Quality of Service policy If intending to use the access point for mesh networking support Extreme Networks recommends configuring at least one...

Page 526: ...erent ESSID and WLAN assignments within a single mesh network one set between the Base Bridge and repeater and another between the repeater and Client Bridge However for ease of management and to not...

Page 527: ...one of the existing policies are suitable select the Create button to the right of the Security Policy drop down menu and configure a policy suitable for the mesh network For information on configurin...

Page 528: ...configuring a QoS policy see Setting the WLAN Quality of Service QoS Policy on page 142 13 Click Apply to save the changes made to the mesh network configured WLAN An access point radio is now ready...

Page 529: ...e in real time CAUTION If a radio is disabled be careful not to accidentally configure a new WLAN expecting the radio to be operating when you have forgotten it was disabled 3 Select the Base Bridge c...

Page 530: ...initiate client bridge connections with other mesh network supported access points radios on the same WLAN If the Client Bridge checkbox has been selected use the Mesh Network Name drop down menu to...

Page 531: ...ection checkbox to allow the access point to select the links used by the client bridge to populate the mesh network Selecting this checkbox prohibits the user from selecting the order base bridges ar...

Page 532: ...ers but still worthy of being on the preferred list select it and click the Down button to decrease its likelihood of being selected as a member of the mesh network 13 If a device MAC address is on th...

Page 533: ...onnection must be re instated If updating the mesh network using a WAN connection the applet does not lose connection but the mesh network is unavailable until the changes have been applied 18 Click U...

Page 534: ...scenarios will be addressed Scenario 1 Two base bridges redundant and one client bridge Scenario 2 A two hop mesh network with a base bridge repeater combined base bridge and client bridge mode and a...

Page 535: ...Product Reference Guide 535 Configuring AP 1 1 Provide a known IP address for the LAN1 interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them...

Page 536: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 536 2 Assign a Mesh STP Priority of 40000 to LAN1 Interface...

Page 537: ...Altitude 3500 Series Access Point Product Reference Guide 537 3 Define a mesh supported WLAN...

Page 538: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 538 4 Enable base bridge functionality on the 802 11a radio Radio 2...

Page 539: ...Altitude 3500 Series Access Point Product Reference Guide 539 5 Define a channel of operation for the 802 11a radio...

Page 540: ...LAN1 Interface different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority of...

Page 541: ...ries Access Point Product Reference Guide 541 Configuring AP 3 To define the configuration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the...

Page 542: ...ence Guide 542 2 Assign the maximum value 65535 for the Mesh STP Priority 3 Create a mesh supported WLAN with the Enable Client Bridge Backhaul option selected NOTE This WLAN should not be mapped to a...

Page 543: ...client bridge functionality on the 802 11a radio Use the Mesh Network Name drop down menu to select the name of the WLAN created in step 3 NOTE You don t need to configure channel settings on the cli...

Page 544: ...802 11bg radio if 802 11bg support is required for MUs on that 802 11 band Verifying Mesh Network Functionality for Scenario 1 You now have a three AP mesh network ready to demonstrate Associate a sin...

Page 545: ...links In scenario 2 the following three AP configurations comprise the mesh network AP 1 is a base bridge AP 2 is a repeater client bridge base bridge combination AP 3 is a client bridge Configuring...

Page 546: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 546 1 Enable client bridge backhaul on the mesh supported WLAN...

Page 547: ...idge functionality on the 802 11a radio Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Lin...

Page 548: ...each AP and pass traffic among the members of the mesh network Mesh Networking Frequently Asked Questions The following scenarios represent issues that could be encountered and resolved when defining...

Page 549: ...Issue 5 Do I need to use secure beacons on a mesh backhaul supported WLAN Can I use secure beacons on the mesh backhaul supported WLAN Resolution Yes you can enable a secure beacon on a mesh backhaul...

Page 550: ...connectivity when updating configurations When I make a configuration change and apply the changes on a client bridge or repeater I momentarily loose connectivity to that AP why Resolution That is ex...

Page 551: ...a secure WAN link from a remote site to the central site already exists The controller can be discovered using one of the following mechanisms DHCP Controller fully qualified domain name FQDN Static I...

Page 552: ...controller see How the AP Receives Its Adaptive Configuration on page 559 For an overview of how to configure both the access point and controller for basic AAP connectivity and operation see Establi...

Page 553: ...to receive its configuration There are two methods of controller discovery Auto Discovery using DHCP on page 553 Manual Adoption Configuration on page 554 Auto Discovery using DHCP Extended Global Opt...

Page 554: ...ich they are listed from 1 12 NOTE An AAP can use its LAN or WAN Ethernet interface to adopt The LAN is PoE and DHCP enabled by default The WAN has no PoE support and has a default static AP address o...

Page 555: ...initialize this process takes less than 2 seconds forcing associated MUs to be deauthenticated MUs are quickly able to associate Securing Data Tunnels between the Controller and AAP If a secure link...

Page 556: ...figuration changes 300 seconds after the last received controller configuration message When the configuration is applied on the Mesh AAP the radios shutdown and re initialize this process takes less...

Page 557: ...eness of the deployment An AAP firmware upgrade will not be performed at the time of adoption from the wireless controller Instead the firmware is upgraded using the Altitude 35xx Access Point s firmw...

Page 558: ...es all MU traffic be bridged locally by the AAP No wireless traffic is tunneled back to the controller Each extended WLAN is mapped to the access point s LAN1 interface The only traffic between the co...

Page 559: ...requisites Converting an Altitude 3510 or Altitude 3550 model access point into an AAP requires A version 2 0 or higher firmware running on the access point An Extreme Networks controller The appropri...

Page 560: ...tional information in greater detail on the controller configuration activities described above see Adopting an Adaptive AP Using a Configuration File on page 562 Establishing Basic Adaptive AP Connec...

Page 561: ...correct management VLAN defined 2 Select the Auto Discovery Enable checkbox Enabling auto discovery will allow the AAP to be detected by a controller once its connectivity medium has been configured...

Page 562: ...firmware see Updating Device Firmware on page 107 Adopting an Adaptive AP Using DHCP Options An AAP can be adopted to a wireless controller by providing the following options in the DHCP Offer NOTE Op...

Page 563: ...e Controller Configuration File for IPSec and Independent WLAN on page 566 and take note of the CLI commands in red and associated comments in green Any WLAN configured on the controller becomes an ex...

Page 564: ...n be defined as independent using the wlan index independent command from the config wireless context Once an AAP is adopted by the controller it displays within the controller Access Point Radios scr...

Page 565: ...If deploying multiple independent WLANs mapped to different VLANs ensure the AP s LAN1 interface is connected to a trunk port on the L2 L3 controller and appropriate management and native VLANs are co...

Page 566: ...cess list extended AAP ACL permit ip host 10 10 10 250 any rule precedence 20 spanning tree mst cisco interoperability enable spanning tree mst config name My Name country code us logging buffered 4 l...

Page 567: ...sid qs5 open wlan 4 vlan 230 wlan 5 enable wlan 5 ssid Mesh wlan 5 vlan 111 wlan 5 encryption type ccmp wlan 5 dot11i phrase 0 admin123 To configure a WLAN as an independent WLAN wlan 5 independent wl...

Page 568: ...le to match and transform and set to the Crypto Map crypto map AAP CRYPTOMAP 10 ipsec isakmp set peer 255 255 255 255 set mode aggressive match address AAP ACL set transform set AAP TFSET interface ge...

Page 569: ...trunk allowed vlan add 1 9 100 110 120 130 140 150 160 170 controllerport trunk allowed vlan add 180 190 200 210 220 230 240 250 interface vlan1 ip address dhcp To attach a Crypto Map to a VLAN Inter...

Page 570: ...Adaptive AP Altitude 3500 Series Access Point Product Reference Guide 570...

Page 571: ...Characteristics on page 572 Altitude 3510 Physical Characteristics The Altitude 3510 has the following physical characteristics Dimensions 5 32 inches long x 9 45 inches wide x 1 77 inches thick 135 m...

Page 572: ...concrete excluding side with connectors Dimensions 12 inches long x 8 25 inches wide x 3 5 inches thick Housing Aluminum Weight 4 lbs Operating Temperature 30 to 55 Celsius Storage Temperature 40 to 8...

Page 573: ...Extreme Networks sales associate for specific information For more information about the antennas approved for the AP3510 refer to the Altitude 35xx 46xx AP Antenna Selection Guide Rev xx Operating C...

Page 574: ...n using the access point configuration file CLI or the MIB to configure the access point Country Code Argentina AR Australia AU Austria AT Bahamas BS Bahrain BH Barbados BB Belarus BY Belgium BE Bermu...

Page 575: ...ngary HU Iceland IS India IN Indonesia ID Ireland IE Israel IL Italy IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macau MO...

Page 576: ...co PR Qatar QA Romania RO Russian Federation RU Saudi Arabia SA Serbia RS Singapore SG Slovak Republic SK Slovenia SI South Africa ZA South Korea KR Spain ES Sri Lanka LK Sweden SE Switzerland CH Taiw...

Page 577: ...t The update process is conducted over the LAN or WAN port depending on which server responds first to the access point s request for an automatic update The firmware is automatically updated each tim...

Page 578: ...er and access point on the same Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example apfw extremenetworks com From the Action menu selec...

Page 579: ...Windows DHCP Server 1 TFTP Server To configure Global options using extended standard options 1 Set the Windows DHCP Server and access point on the same Ethernet segment 2 Configure the Windows based...

Page 580: ...oots up verify the access point Obtains and applies the expected IP Address from the DHCP Server Downloads the firmware and configuration files from the TFTP Server and updates both as required Verify...

Page 581: ...the access point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global options the embedded options take precedence Linux BootP Server Configuration Se...

Page 582: ...P root directory NOTE The bf option prefixes a forward slash to the configuration file name The forward slash may not be supported on Windows based TFTP Servers 3 Copy the firmware and configuration f...

Page 583: ...tP Priorities The following flowchart displays the priorities used by the access point when the BootP server is configured for multiple options If the BootP Server is configured for options 186 and 66...

Page 584: ...ide of the access point s LAN To configure a VPN tunnel between two access points 1 Ensure the WAN ports are connected via the internet 2 On access point 1 select WAN VPN from the main menu tree 3 Cli...

Page 585: ...ity needed as long as both devices on each end of the tunnel are configured exactly the same 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button 11 For the ESP Type...

Page 586: ...back to the VPN screen 17 Click Apply to make the changes 18 Check the VPN Status screen Notice the status displays NOT_ACTIVE This screen automatically refreshes to get the current status of the VPN...

Page 587: ...f the entire configuration is setup correctly once the VPN tunnel is active The status field should display ACTIVE Frequently Asked VPN Questions The following are common questions that arise when con...

Page 588: ...e used The VPN tunnel can be established only when these corresponding keys match Ensure the Inbound Outbound SPI and ESP Authentication Keys have been properly specified Question 5 Can an IPSec tunne...

Page 589: ...ceived certificate FQDN tries to match the user entered remote ID data string to the domain name field of the received certificate UFQDN tries to match the user entered remote ID data string to the em...

Page 590: ...N WAN Access page to configure my firewall Now that I use Advanced LAN Access my VPN stops working What am I doing wrong VPN requires certain packets to be passed through the firewall Subnet Access au...

Page 591: ...ecial routes on the access point to get my VPN tunnel to work No However clients could need extra routing information Clients on the local LAN side should either use the access point as their gateway...

Page 592: ...Altitude 3500 Series Access Point Product Reference Guide 592...

Page 593: ...ustomer support see the Technical Assistance Center User Guide at www extremenetworks com go TACUserGuide The Extreme Networks eSupport website provides the latest information on Extreme Networks prod...

Page 594: ...Altitude 3500 Series Access Point Product Reference Guide 594...

Reviews:

No comments

Brands by name

Popular brands

Load more brands