manualshive.com logo in svg

Extreme Networks Altitude 4700 Series, Product Reference Manual

Share
Download
Extreme Networks Altitude 4700 Series Product Reference Manual Download Page 302

 

CLI Reference

Altitude 4700 Series Access Point Product Reference Guide

302

Network LAN Commands

AP4700>admin(network.lan)>

Displays the LAN submenu. The items available under this command are shown below.

For an overview of the LAN configuration options using the applet (GUI), see 

“Configuring the LAN 

Interface” on page 123

.

show

Shows current access point LAN parameters. 

set

Sets LAN parameters. 

bridge

Goes to the mesh configuration submenu.

wlan-mapping

Goes to the WLAN/Lan/Vlan Mapping submenu.

dhcp

Goes to the LAN DHCP submenu. 

type-filter

Goes to the Ethernet Type Filter submenu.

ipfpolicy

Goes to the LAN IP Filter Policy submenu.

..

Goes to the parent menu.

/

Goes to the root menu.

save

Saves the configuration to system flash.

quit

Quits the CLI. 

Summary of Contents for Altitude 4700 Series

Page 1: ...onroe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com AltitudeTM 4700 Series Access Point Product Reference Guide Software Version 4 1 Published March 2011 P...

Page 2: ...iceWatch Summit SummitStack Triumph Unified Access Architecture Unified Access RF Manager UniStack XNV the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the S...

Page 3: ...26 Antenna Support for 2 4 GHz and 5 GHz Radios 26 Sixteen Configurable WLANs 26 Support for 4 BSSIDs per Radio 26 Quality of Service QoS Support 27 Industry Leading Data Security 27 VLAN Support 30...

Page 4: ...uirements 45 Package Contents 46 Access Point Placement 47 Site Surveys 47 Antenna Options 47 Power Options 48 Power Injector System 48 Installing the Power Injector 49 Mounting an Altitude 4700 Serie...

Page 5: ...LAN Support 126 Configuring LAN1 and LAN2 Settings 129 Configuring WAN Settings 135 Configuring Network Address Translation NAT Settings 141 Configuring Dynamic DNS 145 Enabling Wireless LANs WLANs 14...

Page 6: ...iewing a LAN s STP Statistics 268 Viewing a LAN s IP Filter Statistics 270 Viewing Wireless Statistics 271 Viewing WLAN Statistics 272 Viewing a WLAN s IP Filter Statistics 275 Viewing Radio Statistic...

Page 7: ...in network wan 327 AP4700 admin network wan show 328 AP4700 admin network wan set 329 AP4700 admin network wan nat 331 AP4700 admin network wan nat show 332 AP4700 admin network wan nat set 333 AP4700...

Page 8: ...etwork wireless radio set 391 AP4700 admin network wireless radio 802 11n 2 4 GHz 393 AP4700 admin network wireless radio 802 11n 2 4 GHz show 394 AP4700 admin network wireless radio 802 11n 2 4 GHz s...

Page 9: ...441 AP4700 admin network wireless mu locationing set 442 Network Firewall Commands 443 AP4700 admin network firewall 443 AP4700 admin network firewall show 444 AP4700 admin network firewall set 445 A...

Page 10: ...dmin system snmp access 492 AP4700 admin system snmp access show 493 AP4700 admin system snmp access add 494 AP4700 admin system snmp access delete 495 AP4700 admin system snmp access list 496 AP4700...

Page 11: ...ocol NTP Commands 539 AP4700 admin system ntp 539 AP4700 admin system ntp show 540 AP4700 admin system ntp date zone 541 AP4700 admin system ntp zone list 542 AP4700 admin system ntp set 543 System Lo...

Page 12: ...Scenario 2 Two Hop Mesh Network with a Base Bridge Repeater and a Client Bridge 597 Mesh Networking Frequently Asked Questions 601 Chapter 10 Adaptive AP 605 Adaptive AP Overview 605 Where to Go From...

Page 13: ...titude 4750 Radio Characteristics 626 Country Codes 627 Appendix B Usage Scenarios 631 Configuring Automatic Updates using a DHCP or Linux BootP Server 631 Windows DHCP Server Configuration 632 Linux...

Page 14: ...Altitude 4700 Series Access Point Product Reference Guide 14...

Page 15: ...d the generic term Access Point when identical configuration activities are applied to both models When command line interface CLI commands are displayed and apply to both models an AP4700 convention...

Page 16: ...document Italics are used to highlight specific items in the general text and to identify chapters and sections in this and related documents Bullets indicate action items lists of alternatives lists...

Page 17: ...Survivability RSS feature ensures the delivery of uninterrupted wireless services at the local or remote site All traffic between the adaptive Access Points and the wireless controller is secured thou...

Page 18: ...types 0 Default antenna 1 Dual band antenna 2 Omni antenna 3 Yagi antenna 4 Embedded antenna 5 Panel antenna 6 Patch antenna and 7 Sector antenna The antenna gain can be defined using either the Acces...

Page 19: ...o allow failover from the primary wired WAN connection to a 3G WAN connection Since a 3G cellular network infrastructure is completely separate from the access point s wired infrastructure such a wire...

Page 20: ...equesting packets to the target MU Through this process the Access Point can pass ARP requests in both directions making an MU appear to be connected to a public network even though it s on a private...

Page 21: ...onfiguration The new enhancement provides an option to increase performance by transmitting broadcast multicast group packets at a higher rate based on the radio s defined basic data rates This option...

Page 22: ...page 23 Sensor Support on page 23 Mesh Roaming Client on page 25 Separate LAN and WAN Ports on page 25 Multiple Mounting Options on page 26 Antenna Support for 2 4 GHz and 5 GHz Radios on page 26 Six...

Page 23: ...ystem WIPS protects your wireless network mobile devices and traffic from attacks and unauthorized access WIPS provides tools for standards compliance and around the clock 802 11a b g wireless network...

Page 24: ...pectrum is provided to the WIPS server The Access Point does not display the data but it is available to the WIPS server Spectrum analysis can operate only when there are no WLAN radios configured The...

Page 25: ...rted to avoid a loop within the mesh topology Thus the Mesh Roaming Client is always an end point by design within the mesh wireless topology The base bridge will need STP disabled to immediately begi...

Page 26: ...and are thus desirable for wireless networking Roaming users can be handed off from one Access Point to another like a cellular phone system WLANs can therefore be configured around the needs of speci...

Page 27: ...n page 156 Industry Leading Data Security The Access Point supports numerous encryption and authentication techniques to protect the data transmitting on the WLAN The following authentication techniqu...

Page 28: ...ess Point by the user and then transmits the user data back to the server to complete the authentication process An MU is not able to access the network if not authenticated When configured for EAP su...

Page 29: ...ryption Wi Fi Protected Access WPA is a security standard for systems operating with a Wi Fi wireless connection WEP s lack of user authentication mechanisms is addressed by WPA Compared to WEP WPA pr...

Page 30: ...ors to block specific commands and URL extensions from going out through the WAN port Therefore content filtering affords system administrators selective control on the content proliferating the netwo...

Page 31: ...information accessed via SNMP is defined by a set of managed objects called Object Identifiers OIDs An OID is used to uniquely identify each object variable of a MIB SNMP allows a network administrat...

Page 32: ...oritize the network traffic requirements for associated MUs A WLAN QoS page is available for each enabled WLAN on either the 802 11a n or 802 11b g n radio Use the QoS page to enable voice prioritizat...

Page 33: ...network requirements as defined in the site survey For detailed information on setting the radio transmit power level see Configuring the 802 11a n or 802 11b g n Radio on page 174 Advanced Event Log...

Page 34: ...authentication process to establish a wireless connection The mesh networking association process is identical to the Access Point s MU association process Once the association authentication process...

Page 35: ...o define the data source authentication type and associate digital certificates with the authentication scheme The LDAP screen allows the administrator to configure an external LDAP Server for use wit...

Page 36: ...vice Dynamic DNS or DynDNS is a feature offered by www dyndns com allowing the mapping of domain names to dynamically assigned IP addresses When the dynamically assigned IP address of a client changes...

Page 37: ...ssions by Group on page 259 QBSS Support Each Access Point radio can be configured to optionally allow the Access Point to communicate channel usage data to associated devices and define the beacon in...

Page 38: ...able the MU rate limit and assess the WLANs in which it s currently invoked see Configuring MU Rate Limiting on page 184 To define the actual MU rate limit maximum downstream bandwidth allocation in k...

Page 39: ...less Radio Configuration Radio1 screen IPSec VPN Support A VPN ensures data privacy between two end points even while using a communication medium which is itself insecure like the Internet VPNs creat...

Page 40: ...ll the MU associates and communicates with the Access Point supporting the radio coverage area of that cell Adding Access Points to a single LAN establishes more cells to extend the range of the netwo...

Page 41: ...d for a specified time The AP refreshes its database when it transmits or receives data from these destinations and interfaces Media Types The Access Point radio interface conforms to IEEE 802 11 spec...

Page 42: ...ronizing its channel to the Access Point The MU continues communicating with that Access Point until it needs to switch cells or roam MUs perform partial scans at programmed intervals when missing exp...

Page 43: ...nt can assign private IP addresses Firewall A Firewall protects against a number of known attacks Management Access Options Managing the Access Point includes viewing network statistics and setting co...

Page 44: ...I CLI and SNMP interfaces Radio2 802 11a n Random address located on the Web UI CLI and SNMP interfaces The Access Point s BSS virtual AP MAC addresses are calculated as follows BSS1 The same as the c...

Page 45: ...ltitude 4700 Series Access Point on page 50 LED Indicators on page 57 Setting Up MUs on page 60 CAUTION Extreme Networks recommends conducting a radio site survey prior to installing an Access Point A...

Page 46: ...ports both Altitude 4710 and Altitude 4750 models China ROHS compliance addendum Wall mount screw and anchor kit Accessories Bag 4 rubber feet and an LED light pipe and badge with label for above the...

Page 47: ...of 802 11a n Access Points differs from 802 11b g n Access Points because the locations and number of Access Points required are different to support the radio coverage area Extreme Networks recommend...

Page 48: ...ector System The AP4700 access point can receive power via an Ethernet cable connected to the access point s GE1 POE LAN port When users purchase a WLAN solution they often need to place access points...

Page 49: ...Networks is reselling Motorola Power Supply Part No 50 14000 247R as an accessory for AP4700 CAUTION The access point supports any standards based compliant POE sources 802 3at and 802 3af Using a non...

Page 50: ...le with an appropriate ground connection approved for the country of operation 1 Connect an RJ 45 Ethernet cable between the network data supply host and the Power Injector s Data In connector 2 Conne...

Page 51: ...ires hanging the Access Point along its width or length using the pair of slots on the bottom of the unit and using the Access Point mounting template for the screws CAUTION An Access Point should be...

Page 52: ...template needs to be positioned vertically The cabling shall exit the Access Point in a vertical direction If the installation requires the antenna be positioned horizontally the vertical centerline...

Page 53: ...he country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the Access Point e Plug the power adapter into an outlet...

Page 54: ...meters 333 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Power Injector System...

Page 55: ...nded ceilings and industry standard tiles from 625 to 75 inches thick NOTE The Altitude 4700 Series Access Points are Plenum rated to UL2043 and NEC1999 to support above the ceiling installations CAUT...

Page 56: ...aken not to damage the finished surface of the ceiling tile when creating the light pipe hole and installing the light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8...

Page 57: ...ready to configure For information on an Access Point default configuration see Getting Started on page 63 For specific details on system configurations see System Configuration on page 77 LED Indicat...

Page 58: ...amber and yellow 5 GHz radio and emerald and yellow 2 4 GHz radio The LEDs on the top housing of the Access Point are clearly visible in wall and below ceiling installations The top housing LEDs have...

Page 59: ...cates the radio is defined as a sensor but is disabled Alternates between Emerald and Amber when the radio is defined as a sensor with no Server connected The blink interval is 1 second Alternates bet...

Page 60: ...ndows XP settings so the adapter can use settings defined for legacy 802 11a bg adapter operation Once network conditions improve use Windows XP to re enable the adapter for 802 11n support To change...

Page 61: ...ce Guide 61 NOTE If re enabling the adapter for 802 11 support ensure additional 802 11n settings Aggregation Channel Width Guard Interval etc are also enabled to ensure optimal operation 9 Click OK t...

Page 62: ...Hardware Installation Altitude 4700 Series Access Point Product Reference Guide 62...

Page 63: ...e required cable and power connections before mounting the Access Point in its final operating position Test the Access Point with an associated MU before mounting and securing the Access Point Carefu...

Page 64: ...ngs for an Access Point can be downloaded from the current configuration of another Access Point meeting the import export requirements For information on importing or exporting configuration files se...

Page 65: ...d and set the county code Refer to Country Codes on page 627 for a list of each available countries two digit country code 6 At the CLI prompt admin type summary The Access Point s LAN IP address will...

Page 66: ...y The export function will always export the encrypted Admin User password The import function will import the Admin Password only if the Access Point is set to factory default If the Access Point is...

Page 67: ...ement has been added within the Quick Setup GUI applet Up to eight radio buttons are now available depending on the number radios supported by the Access Point These radio buttons define how WLAN and...

Page 68: ...peration The Access Point prompts for the correct country code on the first login A warning message also displays stating an incorrect country setting may result in illegal radio operation Selecting t...

Page 69: ...d their implications 5 Select the Quick Setup screen s Network Configuration tab to define a minimum set of WAN or LAN configuration values The WAN tab displays by default 2 4 GHz WLAN 5 0 GHz WLAN on...

Page 70: ...c configuration parameters from a DHCP server to a host Some of these parameters are IP address network mask and gateway NOTE Extreme Networks recommends that the WAN and LAN ports should not be confi...

Page 71: ...s Interface drop down menu to specify how network address information is defined over the LAN connection Select DHCP Client if the larger corporate network uses DHCP DHCP is a protocol that includes m...

Page 72: ...Performance and Beacon Settings those fields can also be defined at this time Define the Channel Settings Power Level and 802 11 mode in respect to the 2 4 or 5 GHz 802 11b g n or 802 11a n radio tra...

Page 73: ...d in a network environment wherein sensitive data is transmitted NOTE For information on configuring the other encryption and authentication options available to the access point see Configuring Secur...

Page 74: ...efer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the Access Point Use the ratio of packets sent versus the number of...

Page 75: ...ime importing exporting device configurations and device firmware updates see System Configuration on page 77 For detailed information on configuring access point LAN interface subnet and WAN interfac...

Page 76: ...Getting Started Altitude 4700 Series Access Point Product Reference Guide 76...

Page 77: ...Java Virtual Machine if installed To connect to the Access Point an IP address is required If connected to the Access Point using the WAN port the default static IP address is 10 1 1 1 The default pas...

Page 78: ...access point CAUTION The Access Point s country of operation is set from within the System Settings screen If the country code is changed the Access Point s power level primary channel and secondary...

Page 79: ...ncerning electromagnetic emissions channel range and the maximum RF signal strength transmitted To ensure compliance with national and local laws be sure to set the Country field correctly Disable LED...

Page 80: ...ure Shell SSH is a protocol that provides a secure remote connection to an Access Point This feature is enabled by default Enable Weak Cipher Support Select the radio button to enable the Access Point...

Page 81: ...et When the AP is powered on or performing a cold reset the CPLD determines the maximum power provided by the POE device and the budget available to the Access Point The CPLD also determines the Acces...

Page 82: ...sing full power each radio has 3x3 antenna mode support and its intended transmit power budget Radios at Full Power The table below describes the maximum transmit power available to each radio at vary...

Page 83: ...onal it is configured as either a WIPS or WLAN radio Consequently if the Access Point transitions from dual to single radio operation a WIPS radio might not be available MCS6 MCS14 25 HT20 40 21 17 MC...

Page 84: ...d Option as best suited to that hardware For example if Option is selected for 3af Power and the Access Point is a dual radio model the following configuration is set LAN port ON 1000 BAST T WAN port...

Page 85: ...s CLI Power Mode When the Access Point is powered on for the first time the system determines the power budget available to the Access Point Using the Auto setting default setting the Access Point au...

Page 86: ...ddresses available for connection The Access Point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the Access Point fails to obtain an IP address...

Page 87: ...cess options are either enabled or disabled It is not meant to function as an ACL in routers or other firewalls where you can specify and customize specific IPs to access specific interfaces Use the A...

Page 88: ...the LAN1 LAN2 and or WAN checkboxes to enable access to the access point configuration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI TELNET port 23 Select the LAN1 LAN2 and o...

Page 89: ...on Radius Designates that a RADIUS server is used in the authentication credential verification If using this option the connected PC is required to have its RADIUS credentials verified with an extern...

Page 90: ...ow your customized message to be displayed when the user is logging into the Access Point If the checkbox is not selected as is the case by default the user will encounter the login screen with no add...

Page 91: ...and maintain a set of CA certificates to use as an authentication option for Virtual Private Network VPN access To use the certificate for a VPN tunnel define a tunnel and select the IKE settings to...

Page 92: ...tton to import it into the CA Certificate list 4 Once in the list select the certificate ID within the View Imported root CA Certificates field to view the certificate issuer name subject and certific...

Page 93: ...Only 4 values are required the others optional 4 When the form is completed click the Generate button Key ID Enter a logical name for the certificate to help distinguish between certificates The name...

Page 94: ...certificate and will send it back Once received copy the content from the email into the clipboard 7 Click the Paste from clipboard button The content of the email displays in the window Click the Loa...

Page 95: ...ration Certificate Mgmt Self Certificates from the access point menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request for...

Page 96: ...e or a renewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen NOTE An ad...

Page 97: ...s the exchange of management information between network devices SNMP uses Management Information Bases MIBs to manage the device configuration and monitor Internet devices in potentially remote locat...

Page 98: ...AP4700 MIB 02a02 NAT Address Mapping EXTR CC AP4700 MIB 2 0 MU ACL Configuration EXTR AP4700 MIB 02a02 VPN Tunnel Configuration EXTR CC AP4700 MIB 2 0 QOS Configuration EXTR AP4700 MIB 02a02 VPN Tunn...

Page 99: ...he SNMP community includes users whose IP addresses are specified on the SNMP Access Control screen A read only community string allows a remote device to retrieve information while a read write commu...

Page 100: ...v authorization with privacy The NoAuth setting specifies no login authorization or encryption for the user The AuthNoPriv setting requires login authorization but no encryption The AuthPriv setting r...

Page 101: ...rated information and if capable modify related settings from an SNMP capable client Use the SNMP Access Control screen s Access Control List ACL to limit by Internet Protocol IP address who can acces...

Page 102: ...e community definition Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addresses for SNMP use...

Page 103: ...tion Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed SNMP environment generated traps can b...

Page 104: ...r Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SNMP agent Port Specify a destination User Datagram Protocol UDP port for rece...

Page 105: ...e MU Traps field to generate traps for MU associations MU association denials and MU authentication denials When a trap is enabled a trap is sent every 10 seconds until the condition no longer exists...

Page 106: ...and a connected device DynDNS Update Generates a trap whenever domain name information is updated as a result of the IP address associated with that domain being modified Denial of service DOS attemp...

Page 107: ...old screen as a means to track RF activity and the access point s radio and associated MU performance SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field...

Page 108: ...representing the physical network connections of a given network management domain The LLDP neighbor discovery protocol allows you to discover and maintain accurate network topologies in a multivendor...

Page 109: ...rtisements containing device information and media specific configuration information to neighbors attached to the same network LLDP agents cannot solicit information from other agents by way of LLDP...

Page 110: ...r the Access Point s network operations For sites using Kerberos authentication time synchronization is required Use the Date and Time Settings screen to enable NTP and specify the IP addresses and po...

Page 111: ...bles the user to manually enter the Access Point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be vie...

Page 112: ...level standard syslog levels and view or save the current access point system log Enable NTP on AP4700 Select the Enable NTP on access point checkbox to allow a connection between the access point and...

Page 113: ...uesting the administrator password before saving the log After the password has been entered click Get File to display a dialogue with buttons to Open or Save the log txt file Click Save and specify a...

Page 114: ...Access Point are deleted and updated by the imported file Therefore the imported configuration is not a merge with the configuration of the target Access Point The exported file can be edited with an...

Page 115: ...ted NOTE When modifying the text file manually and spaces are used for wireless security MU policy names etc ensure you use 20 between the spaces For example Second 20Floor 20Lab When imported the nam...

Page 116: ...th the assigned filename and login information The system displays a confirmation window indicating the administrator must log out of the access point after the operation completes for the changes to...

Page 117: ...re Type Error message indicates the configuration was not applied due to a hardware compatibility issue between the importing and exporting devices Status After executing an operation by clicking any...

Page 118: ...ent than the name of the file previously loaded on the Access Point or when the file version on the server is different than the version currently in use on the Access Point Additionally the configura...

Page 119: ...perform the update CAUTION Make sure a copy of the access point s configuration is exported before updating the firmware To conduct a firmware update on the access point 1 Export the access point curr...

Page 120: ...If the target firmware file resides within a directory specify a complete path for the file within the Filepath optional field 6 Enter an IP address for the SFTP FTP or TFTP server used for the update...

Page 121: ...splay FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authentication FAIL connection time out FAIL control channel error FAIL data channel er...

Page 122: ...System Configuration Altitude 4700 Series Access Point Product Reference Guide 122...

Page 123: ...g two unique LAN interfaces The access point LAN port has its own MAC address The LAN port MAC address is always the value of the access point WAN port MAC address plus 1 The LAN and WAN port MAC addr...

Page 124: ...Name Use the LAN Name field to modify the existing LAN name LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port radio buttons allow you...

Page 125: ...o 16 mappings are possible per Access Point Auto Negotiation Select the Auto Negotiation checkbox to enable the Access Point to automatically exchange information over its LAN port about data transmis...

Page 126: ...ators to group MUs even when they are not members of the same network segment NOTE A WLAN supporting a mesh network does not need to be assigned to a particular VLAN as all the traffic proliferating t...

Page 127: ...a link 3 Select the VLAN Name button The VLAN name screen displays The first time the screen is launched a default VLAN name of 1 and a default VLAN ID of 1 display The VLAN name is auto generated on...

Page 128: ...ement VLAN uses a default tag value of 1 The Management VLAN is used to distinguish VLAN traffic flows for the LAN The trunk port marks the frames with special tags as they pass between the access poi...

Page 129: ...o configure VLAN memberships manually The Dynamic checkbox is enabled only when a WLAN is having EAP configured Otherwise the checkbox is disabled 13 Use the VLAN drop down menu to select the name of...

Page 130: ...re the DHCP Configuration field to define the DHCP settings used for the LAN NOTE When setting the LAN interface to be a DHCP Server and adding an IP address the primary DNS IP address might not be up...

Page 131: ...ress Assignment Range Use the address assignment parameter to specify a range of numerical non DNS name IP addresses reserved for mapping client MAC addresses to IP addresses If a manually static mapp...

Page 132: ...ive use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more...

Page 133: ...gned to the DHCP server If multiple entries exist within the Reserved Clients field use the scroll bar to the right of the window to navigate 5 Click the Del delete button to remove a selected table e...

Page 134: ...d or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this screen to add one type filter option at a time for a list of up to...

Page 135: ...ports an express card slot that can provide a secondary link in the event of a wired WAN failure The Altitude 4710 s wired WAN is the primary WAN link as long as it s enabled and connected and the WWA...

Page 136: ...access point 1 Select Network Configuration WAN from the access point menu tree 2 Refer to the WAN IP Configuration field to enable the WAN interface and set network address information for the WAN co...

Page 137: ...address for the access point s WAN connection This address defines the AP s presence on a larger network or on the Internet Obtain a static dedicated IP address from the ISP or network administrator A...

Page 138: ...ission speed and duplex capabilities Auto negotiation is helpful when using the Access Point in an environment where different devices are connected and disconnected on a regular basis Selecting Auto...

Page 139: ...s the connection after an idle period the access point automatically re establishes the connection to the ISP Enabling Keep Alive mode disables grays out the Idle Time field Idle Time seconds Specify...

Page 140: ...he username cannot exceed 48 characters Password Specify a password entered when connecting to the ISP supporting the express card When the Internet session starts the ISP authenticates the password T...

Page 141: ...d translates the WAN IP addresses on incoming packets to local IP addresses NAT is useful because it allows the authentication of incoming and outgoing requests and minimizes the number of WAN IP addr...

Page 142: ...rom address settings applied on the WAN screen NAT Type Specify the NAT Type as 1 to 1 to map a WAN IP address to a single host local IP address 1 to 1 mapping is useful when users need dedicated addr...

Page 143: ...o 1 or 1 to Many from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area Outbound Mappings When 1 to 1 NAT is selected a single IP address can be entere...

Page 144: ...fy the transport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single p...

Page 145: ...the DynDNS service and traffic for the specified domain s is routed to the new IP address NOTE DynDNS supports only the primary WAN IP address To configure dynamic DNS for the access point 1 Select N...

Page 146: ...ges to the Dynamic DNS screen Navigating away from the screen without clicking the Apply button results in all changes to the screens being lost 9 Click Undo Changes if necessary to undo any changes m...

Page 147: ...WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individual WLANs on page 148 to change the name of a WLAN ESSID Displays the Extended Services Set Identif...

Page 148: ...to a public network even though it s on a private network hidden behind the Access Point Select the following options as required a Select Dynamic for the Access Point to respond to an ARP request for...

Page 149: ...ties of an existing WLAN 1 Select Network Configuration Wireless from the access point menu tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlig...

Page 150: ...e Max MUs field to define the number of MUs permitted to interoperate within the new or revised WLAN The maximum and default is 127 However each Access Point can only support a maximum 127 MUs spanned...

Page 151: ...see Configuring a WLAN Access Control List ACL on page 153 Kerberos User Name Displays the read only Kerberos User Name used to associate the wireless client This value is the ESSID of the Access Poin...

Page 152: ...ection scheme To create a new security policy or modify an existing policy 1 Select Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears wi...

Page 153: ...ection that describes your intended security scheme 2 Click Logout to exit the Security Configuration screen Configuring a WLAN Access Control List ACL An Access Control List ACL affords a system admi...

Page 154: ...rk Configuration Wireless MU ACL from the access point menu tree The Mobile Unit Access Control List Configuration screen displays with existing ACL policies and their current WLAN if mapped to a WLAN...

Page 155: ...Edit MU ACL Policy screen and return to the Mobile Unit Access Control List Configuration screen Navigating away from the screen without clicking Apply results in changes to the screens being lost 6...

Page 156: ...new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Extreme Networks recommends using th...

Page 157: ...w QoS policy or select a policy and click the Edit button to modify an existing QoS policy The Access Point supports a maximum of 16 QoS policies 3 Assign a name to the new or edited QoS policy that m...

Page 158: ...adio traffic best representing the network requirements of this WLAN Options include CAUTION Extreme Networks recommends using the drop down menu to define the intended radio traffic within the WLAN O...

Page 159: ...ll other types of network traffic Voice Voice traffic includes VoIP traffic and typically receives priority over Background and Best Effort traffic CW Min The contention window minimum value is the le...

Page 160: ...net browser as a secure authentication device Rather than rely on built in 802 11 security features to control Access Point association privileges configure a WLAN with no WEP an open network The Acce...

Page 161: ...Ns on the Access Point can be configured as a hotspot For hotspot enabled WLANs DHCP DNS HTTP and HTTPS traffic is allowed before you login to the hotspot while TCP IP packets are redirected to the po...

Page 162: ...e Access Point s internal RADIUS Server for user authentication 6 Click the White List Entries button within the WhiteList Configuration field to create a set of allowed destination IP addresses These...

Page 163: ...he IP address of the internal RADIUS server is fixed at 127 0 0 1 and cannot be used for the external RADIUS server Radius Port Specify the port on which the RADIUS accounting server is listening Shar...

Page 164: ...page URL is specified in the location s HTTP header To host a Login page on the external Web server the IP address of the Web server should be in the White list list of IP addresses allowed to access...

Page 165: ...etworks provides a default set of HTML files for the login welcome and fail pages and one css file that s referenced by these HTML files The professional installer is also provided two default images...

Page 166: ...characters that can be entered into the text area is 10240 5 Select Apply to save the updates made thus far 6 Select the CSS Editor tab to review a guide describing css file customizations impacting h...

Page 167: ...ceed 12500 bytes or it cannot be exported back onto the Access Point for effective deployment with the hotspot 7 Select the FTP Transfer tab to define the configuration of the FTP server configuration...

Page 168: ...ress Enter the IP address of the FTP server used by the Access Point to import and export hotspot file information to the clients providing hotspot access Username Specify a username to be used when l...

Page 169: ...the dual radio model The Altitude 4750 model Access Point is available in a three radio model The third Altitude 4750 radio is never a WLAN radio The third radio is either disabled or set to WIPS mod...

Page 170: ...ided to the WIPS server The Access Point does not display the data but it is available to the WIPS server Spectrum analysis can operate only when there are no WLAN radios configured The WIPS daemon an...

Page 171: ...level For a detailed overview on the theory of mesh networking see Mesh Networking Overview on page 577 For detailed information on the implications of setting the mesh configuration see Configuring M...

Page 172: ...Access Point again Once the settings within the Radio Configuration screen are applied for an initial deployment the current number of client bridge connections for this specific radio displays withi...

Page 173: ...e Out EPTO setting on the LAN page when the Access Point is in bridge mode As long as the mesh is down the Access Point acts in accordance to the Mesh Time Out setting regardless of the state of the E...

Page 174: ...ick Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Radio Configuration screen to the last saved configuration 10 Click Logout to securely exit th...

Page 175: ...MAC addresses determine the device sending or receiving data A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons For example 00 A0 F8 24 9A C8 Radio Type The Radio Ty...

Page 176: ...ansmit to both b and g clients if legacy clients 802 11b partially comprise the network Select accordingly based on the MU requirements of the network The rates for the Access Point s 2 4 GHz radio ar...

Page 177: ...l Selection The following channel selection options exist User Selected This is the default setting If 20 40 MHz is selected as the Channel Width supporting 11n the Secondary Channel drop down menu be...

Page 178: ...egulatory domain restrictions Once the antenna type and gain are provided the Access Point calculates the power range Antenna gain relates the intensity of an antenna in a given direction to the inten...

Page 179: ...needed for additional supported rates Enable the Support Short Guard Interval checkbox to set a guard interval for interference protection for 20 MHz and 40 MHz channel widths When enabled the AP s ra...

Page 180: ...11b radio The preamble length for 802 11b transmissions is rate dependant A short preamble is 50 shorter than a long preamble Leave the checkbox unselected if in a mixed MU AP environment as MUs and...

Page 181: ...ltimedia traffic default is typical data traffic and voice is for Voice Over IP supported wireless devices Click OK to implement the selected QoS values and return to the 802 11a n or 802 11b g n radi...

Page 182: ...power save stations less responsive but could increase power savings The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines ho...

Page 183: ...oadcast multicast rate control is supported in both standalone and adaptive AP configurations and can be imported exported as part of the Access Point s existing configuration import and export capabi...

Page 184: ...d Configuring MU Rate Limiting Use the Rate Limiting screen to control the MU rate limit allotted to individual WLANs MU rate limiting enables an administrator to determine how much radio bandwidth is...

Page 185: ...defined thus far for any of the Access Point s 16 WLANs The rates are displayed in Kbps for both wired to wireless and wireless to wired traffic flows from the WLAN and its radio configuration 4 Click...

Page 186: ...ess point Router Table field to view existing routes The access point Router Table field displays a list of connected routes between an enabled subnet and the router These routes can be changed by mod...

Page 187: ...let A prompt displays confirming the logout before the applet is closed Setting the RIP Configuration To set the RIP configuration 1 From within the RIP Configuration field select the RIP Type from th...

Page 188: ...the MD5 Auth Key area 6 Click the OK button to return to the Router screen From there click Apply to save the changes Configuring IP Filtering Use the Access Point s IP filtering functionality to dete...

Page 189: ...ith the filter policy list Packets are always filtered in sequential order filtering always begins with the first filter policy displayed in the IP Filtering screen then the second third and so on The...

Page 190: ...olicy or filtering rule attributes require definition Filter name Create a name for the filter policy unique to its function in order to differentiate it from others that may have somewhat similar con...

Page 191: ...ithin the main IP Filtering menu To apply an existing IP filter policy to LAN1 LAN2 or a WLAN 1 Display the IP Filtering menu From the LAN1 or LAN2 screen a Select Network Configuration LAN LAN1 or LA...

Page 192: ...of Allow or Deny to permit or restrict the rules of this filter in the direction selected 5 Select Add to apply the filter s and their rules and permissions to the LAN or WLAN 6 Click OK add the IP f...

Page 193: ...ALL 10 1 1 1 11 1 1 1 NO 10 1 1 10 11 1 1 10 admin network ipfilter Once created the filter displays within the Network Configuration IP Filtering screen Applying the Filter to a WLAN or LAN Once cre...

Page 194: ...ering on a LAN or WLAN By default when IP filtering is enabled all inbound and outbound traffic is disabled Default filters are applied when no other applied filter is matched When applying multiple f...

Page 195: ...applet see Applying a Filter to LAN1 LAN2 or a WLAN 1 16 on page 191 Assessing IP Filter Stats Detailed IP filter statistics can be displayed as follows from the Access Point CLI admin stats show s w...

Page 196: ...ation LAN Interface 1 enable IP Address 1 192 168 0 1 Network Mask 255 255 255 0 Ethernet Address 0015700078C5 Speed 100 Mbps Duplex full LAN Rx Information rx packets 12520 rx bytes 2663360 rx errors...

Page 197: ...securely route traffic through a IPSEC tunnel and block transmissions with devices interpreted as Rogue APs NOTE Security for the access point can be configured in various locations throughout the acc...

Page 198: ...sword protect and restrict access point device access 1 Connect a wired computer to the access point LAN port using a standard CAT 5 cable 2 Set up the computer for TCP IP DHCP network addressing and...

Page 199: ...ettings on page 78 Once the password has been set refer back to Configuring Security Options on page 197 to determine which access point security feature to configure next Resetting the Access Point P...

Page 200: ...w security policy using the authentication and encryption schemes discussed above can be created CAUTION Mesh configurations do not support mismatched security policies when operating using a mixed mo...

Page 201: ...x EAP Authentication on page 204 No Encryption If No Encryption is selected encryption is disabled for the security policy If security is not an issue this setting avoids the overhead an encryption pr...

Page 202: ...Kerberos assumes that it is running on a trusted host with an untrusted network If host security is compromised Kerberos is compromised as well Kerberos uses the Network Time Protocol NTP for synchron...

Page 203: ...omain name In theory the realm name is arbitrary However in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with hosts in the realm Primary KDC Specify a numer...

Page 204: ...exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy supporti...

Page 205: ...fy the numerical non DNS IP address of a primary Remote Dial In User Service RADIUS server Optionally specify the IP address of a secondary server The secondary server acts as a failover server if the...

Page 206: ...ch the shared secret on the RADIUS server Optionally specify a shared secret for a secondary failover server Use shared secrets to verify RADIUS messages with the exception of the Access Request messa...

Page 207: ...d to a longer time interval at most 9999 seconds to relax security on wireless connections The default interval of 3600 seconds is recommended Max Retries 1 99 retries Define the maximum number of MU...

Page 208: ...WEP on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting WEP exist they appear within the Security Configuration screen...

Page 209: ...e access point menu tree If security policies supporting KeyGuard exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by cli...

Page 210: ...packets between the two devices Default hexadecimal keys for KeyGuard include Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key can be any alphanumeric string Th...

Page 211: ...s Temporal Key Integrity Protocol TKIP TKIP addresses WEP s weaknesses with a re keying mechanism a per packet mixing function a message integrity check and an extended initialization vector Wi Fi Pro...

Page 212: ...ation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keys every 300 604800 seconds Specify a time period in seconds to rotate the key index used...

Page 213: ...sed by the Advanced Encryption Standard AES AES serves the same function TKIP does for WPA TKIP CCMP computes a Message Integrity Check MIC using the proven Cipher Block Chaining CBC technique Changin...

Page 214: ...t menu tree If security policies supporting WPA2 CCMP exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Ed...

Page 215: ...secs ASCII Passphrase To use an ASCII passphrase and not a hexadecimal value select the checkbox enter an alphanumeric string of 8 to 63 characters The string allows character spaces The access point...

Page 216: ...To support this feature certain security policy combinations need to be available on a per WLAN basis The following combinations are supported WEP 64 and WPA WPA2 TKIP WEP 64 and WPA2 CCMP WEP 128 and...

Page 217: ...gn it a security scheme see Creating Editing Individual WLANs on page 148 For information on how to assign a WLAN a security policy supporting WEP see Configuring WEP Encryption on page 208 2 Create a...

Page 218: ...ewall uses a collection of filters to screen information packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable Use the access po...

Page 219: ...ll checkbox to disable all firewall functions on the access point This includes firewall filters NAT VP content filtering and subnet access Disabling the access point firewall makes the access point v...

Page 220: ...net associations The three possible colors indicate the current access level as defined for each subnet association SYN Flood Attack Check A SYN flood attack requests a connection and then fails to pr...

Page 221: ...o areas Click the table cell of interest and look at the exceptions area in the lower half of the screen to determine the protocols that are either allowed or denied Red No Access All protocols are de...

Page 222: ...is an application protocol using the Internet s TCP IP protocols FTP provides an efficient way to exchange files between computers on the Internet FTP uses TCP port 21 SMTP Simple Mail Transfer Proto...

Page 223: ...e other key component is Encapsulating Security Protocol ESP AH provides authentication proving the packet sender really is the sender and the data really is the data sent AH can be used in transport...

Page 224: ...les port forwarding and 1 to many mappings from the system Only enable advanced subnet access rules if your configuration requires rules that cannot be configured within the Subnet Access screen Impor...

Page 225: ...e down by one row in the table The index numbers for the affected rows adjust to reflect the new order Index The index number determines the order firewall rules are executed Rules are executed from t...

Page 226: ...n break the encryption The traffic is encrypted from your computer through the network to the VPN At that point the traffic is decrypted Use the VPN screen to add and remove VPN tunnels To configure a...

Page 227: ...te network the VPN tunnel connects to Ensure the address is the same as the WAN port address of the target gateway AP or controller Key Exchange Type The Key Exchange Type column lists the key exchang...

Page 228: ...l Key Exchange Selecting Manual Key Exchange requires you to manually enter keys for AH and or ESP encryption and authentication Click the Manual Key Settings button to configure the settings Manual K...

Page 229: ...er the LAN IP subnet and mask of AP 2 in the Remote Subnet and Remote Subnet Mask fields 6 Enter the WAN port IP address of AP 2 in the Remote Gateway field 7 Click Add to add the tunnel to the list 8...

Page 230: ...ied to IPSec protected traffic During security association SA negotiation both gateways agree to use a particular transform set to protect data flow A transform set specifies one or two IPSec security...

Page 231: ...ting the keys provided are weak Some WEP attack tools invoke a dictionary to hack WEP keys based on commonly used words To avoid entering a weak key try to not to produce a WEP key using commonly used...

Page 232: ...igured on the remote security gateway ESP Type ESP provides packet encryption optional data authentication and anti replay services for the VPN tunnel Use the drop down menu to select the ESP type Opt...

Page 233: ...5 Enables the Message Digest 5 algorithm which requires 128 bit 32 character hexadecimal keys SHA1 Enables Secure Hash Algorithm 1 which requires 160 bit 40 character hexadecimal keys Inbound ESP Auth...

Page 234: ...The Security Association Life Time is the configurable interval used to timeout association requests that exceed the defined interval The available range is from 300 to 65535 seconds The default is 3...

Page 235: ...the IKE Settings button ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are required to be manu...

Page 236: ...e Aggressive mode is faster but less secure than Main mode Identities are not encrypted unless public key encryption is used The authentication method cannot be negotiated if the initiator chooses pub...

Page 237: ...certificates into the system IKE Authentication Algorithm IKE provides data authentication and anti replay services for the VPN tunnel Select an authentication methods from the drop down menu MD5 Enab...

Page 238: ...f the tunnels configured on the access point as well as their lifetime transmit and receive statistics The VPN Status screen is read only with no configurable parameters To configure a VPN tunnel use...

Page 239: ...nel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each tunnel The SPI is used locally by the access point to identify a secur...

Page 240: ...ntent filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP SMTP and FTP requests Tx Bytes The Tx Bytes column lists the amount of data in byt...

Page 241: ...or blocking of specific HTTP commands going outbound on the access point WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following user selectable o...

Page 242: ...he local server RCPT Recipient Identifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with...

Page 243: ...Access Point is operating in The rogue detection interval is used in conjunction with Motorola MUs that identify themselves as rogue detection capable to the Access Point The detection interval define...

Page 244: ...sociate for specific information To configure Rogue AP detection for the access point 1 Select Network Configuration Wireless Rogue AP Detection from the access point menu tree CAUTION Users cannot de...

Page 245: ...A BG Scan Select this checkbox to scan for rouges over all channels on both of the Access Point s 11a and 11bg radio bands The switching of radio bands is based on a timer with no user intervention re...

Page 246: ...the Access Point applet A prompt displays confirming the logout before the applet is closed Moving Rogue APs to the Allowed AP List The Active APs screen enables the user to view the list of detected...

Page 247: ...s table For more information on the displaying information on detected rogue APs see Displaying Rogue AP Details on page 247 7 To remove the Rogue AP entries displayed within the Rogue APs field click...

Page 248: ...ined to be non hostile and the device should be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The highe...

Page 249: ...enabled 2 Highlight an MU from within the Rogue AP enabled MUs field and click the scan button The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue A...

Page 250: ...6 Click Logout to return to the Rogue AP Detection screen Configuring User Authentication The Access Point can work with external RADIUS and LDAP Servers AAA Servers to provide user database informat...

Page 251: ...n the menu tree For more information see Configuring LDAP Authentication on page 253 EAP Type Use the EAP Type checkboxes to enable the default EAP type s for the RADIUS server Options include PEAP Se...

Page 252: ...in the table server access is authorized WatchGuard products do not support the PAP protocol because the username and password are sent as clear text that a hacker can read MD5 This option enables th...

Page 253: ...rnal LDAP server To configure the LDAP server 1 Select System Configuration User Authentication RADIUS Server LDAP from the menu tree NOTE For the onboard RADIUS server to work with Windows Active Dir...

Page 254: ...ource for the RADIUS The default port is 389 Login Attribute Specify the login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory...

Page 255: ...Radius Server The Access Point has the capability to proxy authentication requests to a remote RADIUS server based on the suffix of the user ID such as myisp com or company com The Access Point suppor...

Page 256: ...screen without clicking Apply results in all changes to the screen being lost Retry Count Enter a value between 3 and 6 to indicate the number of times the Access Point attempts to reach a proxy serv...

Page 257: ...ation on selecting Local as the Data Source see Configuring the Radius Server on page 250 To add groups to the User database NOTE Each group can be configured to have its own access policy using the A...

Page 258: ...lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Users screen to the last saved configuration 10 Click Logout to securely exit the Ac...

Page 259: ...policy Each group s policy has a user defined interval defining the days and hours access is permitted Authentication requests for users belonging to the group are honored only during these defined h...

Page 260: ...also exists for mapping specific WLANs to these intervals For more information see Editing Group Access Permissions on page 261 For information on creating a new group see Managing the Local User Dat...

Page 261: ...To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the menu tree 2 Select an existing group from within the groups field 3 Select the Edit button The...

Page 262: ...LANs field to select existing WLANs to apply to the selected group s set of access permissions The group s existing WLANs are already selected within the Edit screen Select those additional WLANs requ...

Page 263: ...ithin the access point radio coverage area The type of AP detected can be displayed as well as the properties of individual APs See the following sections for more details on viewing statistics for th...

Page 264: ...Control MAC address of the access point WAN port The WAN port MAC address is hard coded at the factory and cannot be changed IP Addresses The displayed Internet Protocol IP addresses for the access p...

Page 265: ...ed field displays the number of data packets that fail to reach the WAN interface If this number appears excessive consider a new connection to the device RX Overruns RX overruns are buffer overruns o...

Page 266: ...urable data fields To view access point LAN connection stats 1 Select Status and Statistics LAN Stats LAN1 Stats or LAN2 Stats from the access point menu tree 2 Refer to the Information field to view...

Page 267: ...include dropped data packets buffer overruns and frame errors on inbound traffic The number of RX errors is a total of RX Dropped RX Overruns and RX Carrier errors Use this information to determine pe...

Page 268: ...e when assessing mesh networking functionality for each of the two Access Point LANs Access points in bridge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bri...

Page 269: ...r the Maximum Message age timer For information on setting the Maximum Message Age Bridge Hello Time The Bridge Hello Time is the time between each bridge protocol data unit sent This time is equal to...

Page 270: ...These rules determine which IP packets are processed normally by LANs 1 and 2 and which are discarded For more information on how IP Filtering works and how its configured on the Access Point see Conf...

Page 271: ...or active enabled WLANs on the access point The WLAN Summary field displays basic information such as number of Mobile Units MUs and total throughput for each of the active WLANs The Total RF Traffic...

Page 272: ...NU Displays a percentage of the total packets for each active WLAN that are non unicast Non unicast packets include broadcast and multicast packets Retries Displays the average number of retries per p...

Page 273: ...m the access point menu tree ESSID Displays the Extended Service Set ID ESSID for the target WLAN Radio s Displays the name of the 802 11a n or 802 11b g n radio the target WLAN is using for access po...

Page 274: ...the average bit speed in Mbps for a given time period on the selected WLAN This includes all packets that are sent and received The number in black represents statistics for the last 30 seconds and t...

Page 275: ...policies supporting impacting the WLAN The LAN IP Filter Statistics screen shows a running count of packet traffic either allowed or denied when filter rules fail These rules determine which IP packe...

Page 276: ...f packets either allowed or denied access by the Access Point s filtering rules These are packets that are outgoing from the selected Access Point WLAN 4 Click the Clear LAN Stats button to reset each...

Page 277: ...g n currently deployed by the access point MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for ea...

Page 278: ...on field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and transmitte...

Page 279: ...ts this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour Throughput The Total column displays average throughput on the radio The Rx column displays...

Page 280: ...the number in blue represents the average signal for the last hour If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU Noi...

Page 281: ...without clicking Apply results in changes to the screens being lost 3 Click Undo Changes if necessary to undo any changes made to the screen Undo Changes reverts the settings to the last saved configu...

Page 282: ...detailed information on conducting a ping test for an MUs see Pinging Individual MUs on page 285 IP Address Displays the IP address of each of the associated MU MAC Address Displays the MAC address o...

Page 283: ...rors The MU Properties field displays basic information such as hardware address IP address and associated WLAN and AP Reference the MU Traffic field for MU RF traffic and throughput data Use the RF S...

Page 284: ...put for the last hour Avg Bit Speed The Total column displays the average bit speed in Mbps for a given time period on the MU This includes all packets sent and received The number in black represents...

Page 285: ...kets received to assess the link quality between MU and the access point Click the Ok button to exit the Echo Test screen and return to the MU Stats Summary screen MU Authentication Statistics The acc...

Page 286: ...s point WLAN or access point radio 4 Click Ok to return to the MU Stats Summary screen Viewing the Mesh Statistics Summary The access point has the capability of detecting and displaying the propertie...

Page 287: ...ress The unique 48 bit hard coded Media Access Control address known as the devices station identifier This value is hard coded at the factory by the manufacturer and cannot be changed WLAN Displays t...

Page 288: ...OTE The Known AP Statistics screen only displays statistics for Access Points located on the same subnet To view detected Access Point statistics 1 Select Status and Statistics Known AP Stats from the...

Page 289: ...Ping button to display a screen for verifying the link with a highlighted Access Point NOTE A ping test initiated from the access point Known AP Statistics screen uses WNMP pings Therefore target devi...

Page 290: ...cted and displayed within the Known AP Statistics screen Use the Start Flash button to determine the location of the devices displayed within the Known AP Statistics screen When an access point is hig...

Page 291: ...acters should be avoided Connecting to the CLI Accessing the CLI through the Serial Port To connect to the access point CLI through the serial port 1 Connect one end of a null modem serial cable to th...

Page 292: ...r access point keep in mind the access point uses a static IP WAN address 10 1 1 1 Additionally the access point s LAN port is set as a DHCP client 2 Enter the default username of admin and the defaul...

Page 293: ...nder this command are shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to t...

Page 294: ...ction argument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go...

Page 295: ...s For information on configuring passwords using the applet GUI see Setting Passwords on page 198 passwd Changes the admin password for access point access This requires typing the old admin password...

Page 296: ...ty Policy Default QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 10 255 108 230 LAN1 Mask 255 255 255 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP...

Page 297: ...Guide 297 AP4700 admin Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory...

Page 298: ...nce Guide 298 AP4700 admin Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top lev...

Page 299: ...command appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save c...

Page 300: ...dmin quit Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI O...

Page 301: ...submenu The items available under this command are shown below lan go to LAN sub menu wan go to WAN sub menu wireless go to Wireless sub menu firewall go to Firewall sub menu router go to Router sub...

Page 302: ...UI see Configuring the LAN Interface on page 123 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping Goes to the WLAN Lan...

Page 303: ...1 Network Mask 255 255 255 255 Default Gateway 192 168 0 1 Domain Name Primary DNS Server 192 168 0 1 Secondary DNS Server 192 168 0 2 WINS Server 192 168 0 254 LAN2 Information LAN Name LAN2 LAN Inte...

Page 304: ...on the Ethernet port timeout seconds Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or d...

Page 305: ...ess point s mesh networking options using the applet GUI see Configuring Mesh Networking Support on page 581 show Displays the mesh configuration parameters for the access point s LANs set Sets the me...

Page 306: ...5 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time sec...

Page 307: ...eout Time seconds 300 LAN2 Mesh Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the...

Page 308: ...N Support on page 126 show Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties o...

Page 309: ...Tag 1 1 1 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 admin network lan wlan mapping show wlan WLA...

Page 310: ...pping set mode 1 static admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 10 12 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static For information on configu...

Page 311: ...r the access point Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Page 312: ...ork lan wlan mapping edit Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 126 edit name name Modifies an existing VLAN n...

Page 313: ...700 admin network lan wlan mapping delete Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 126 delete VLAN id Del...

Page 314: ...VLAN to a WLAN Syntax Example admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 126 lan map wlan name Maps a...

Page 315: ...WLAN Syntax Example admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 126 vlan map wlan name Maps an existi...

Page 316: ...ubmenu The items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists...

Page 317: ...ting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lea...

Page 318: ...rk lan dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the ap...

Page 319: ...dmin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding clien...

Page 320: ...A0F8112236 192 169 24 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin netw...

Page 321: ...IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing client MAC...

Page 322: ...int Type Filter submenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filt...

Page 323: ...ype Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration usin...

Page 324: ...e Filter configuration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configurat...

Page 325: ...ess type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type filter sett...

Page 326: ...r show 1 Ethernet Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index...

Page 327: ...configuration set set WAN PPPoE and 3G WWAN configuration delete delete WWAN CRM Remote Gateways clear clear WWAN AP name nat go to NAT menu vpn go to VPN menu content go to Outbound Content Filtering...

Page 328: ...0 Auto negotiation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User N...

Page 329: ...ables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b c d for the access point WAN interface mask a b c d Sets the subnet mask for the access point WAN inte...

Page 330: ...CLI Reference Altitude 4700 Series Access Point Product Reference Guide 330 For an overview of the WAN configuration options available using the applet GUI see Configuring WAN Settings on page 135...

Page 331: ...onfiguration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 show Displays the access point s current NAT parameters for the specified index...

Page 332: ...Type 1 to many Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235 91...

Page 333: ...to many nat mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 set...

Page 334: ...w of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 add idx name tran port1 port2 ip dst_port Sets an inbound network address trans...

Page 335: ...te 1 1 admin network wan nat list 1 index name Transport start port end port internal ip translation Related Commands For an overview of the NAT options available using the applet GUI see Configuring...

Page 336: ...e Transport start port end port internal ip translation 1 special tcp 20 21 192 168 42 16 21 Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network...

Page 337: ...ng the applet GUI see Configuring VPN Tunnels on page 225 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all...

Page 338: ...l type is Manual proper SPI values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page...

Page 339: ...dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on the encryption algorithm 16 hex characters for DES 48 hex...

Page 340: ...ntication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required...

Page 341: ...192 168 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Ga...

Page 342: ...SJSharkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gatewa...

Page 343: ...work wan vpn reset Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet G...

Page 344: ...atistics for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displayin...

Page 345: ...tate Dest IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 23...

Page 346: ...ontent Filtering menu The items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic list Lists applica...

Page 347: ...raffic proxy Adds a Web proxy command activex Adds activex files file Adds Web URL extensions 10 files maximum smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcp...

Page 348: ...traffic proxy Deletes a Web proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail ma...

Page 349: ...wan content list smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing...

Page 350: ...ys the Dynamic DNS submenu The items available under this command include set set dyndns parameters update manual dyndns update show show dyndns parameters save save cfg to system flash quit quit cli...

Page 351: ...twork wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 145 set mode enable disable Enables or disbales the D...

Page 352: ...t s current WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available usi...

Page 353: ...n network wan dyndns show DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview...

Page 354: ...ss point WLANs acl Displays to the Access Control List ACL submenu to restrict or allow MU access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a n...

Page 355: ...et Sets the access point s wireless proxy arp configuration Syntax Example admin network wireless set proxy arp enable For informarton on configuring proxy arp support using the applet GUI see Enablin...

Page 356: ...how Displays the access point s wireless proxy arp configuration Syntax Example admin network wireless show Proxy ARP dynamic For informarton on configuring proxy arp support using the applet GUI see...

Page 357: ...ns available to the using the applet GUI see Enabling Wireless LANs WLANs on page 146 show Displays the access point s current WLAN configuration create Defines the parameters of a new WLAN edit Modif...

Page 358: ...n 2 4 GHz Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 MU Idle Timeout 30 Security Policy Default MU Access Control Default Kerberos User Name Kerber...

Page 359: ...utes Sets the interval the access point uses to timeout idle MUs from WLAN inclusion Set between 1 65532 minutes Default is 30 minutes security name Sets the security policy to the WLAN 1 32 acl name...

Page 360: ...show security Secu Policy Name Authen Encryption Associated WLANs 1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enab...

Page 361: ...WLAN using the applet GUI see Creating Editing Individual WLANs on page 148 edit index Edits the properties of an existing and specified WLAN policy 1 16 show Displays the WLANs pamaters and summary...

Page 362: ...dmin network wireless wlan delete Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 148 delete wlan name Deletes a t...

Page 363: ...irection Goes to the hotspot redirection menu radius Goes to the hotspot RADIUS menu white list Goes to the hotspot white list menu set Sets the WLAN s hotspot configuration hs_import Imports hotspot...

Page 364: ...Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Accounting Server Port 1813 Accounting Server Secret Accoutning...

Page 365: ...ormation on configuring the hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 redirection set page loc Sets the hotspot http re direct...

Page 366: ...enu Syntax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 set Sets the RADIUS hotspot configurat...

Page 367: ...tspot options available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 160 set server idx srvr_type ipadr Sets the RADIUS hotpost server IP address per wlan index...

Page 368: ...ecret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Secondary Server Secret Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Sec...

Page 369: ...ist Rules Idx IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 white li...

Page 370: ...the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 set file wlan idx file1 file2 Sets the hotspot customized file name s for the s...

Page 371: ...Syntax Example admin network wireless wlan hotspot hs_import 2 Import Operation Started File Transfer In Progress File Transfer Completed For information on configuring the Hotspot options available...

Page 372: ...lan idx Syntax Example admin network wireless wlan hotspot hs_export 2 Export Operation Started File Transfer In Progress File Transfer Completed For information on configuring the Hotspot options ava...

Page 373: ...files to a specified WLAN index wlan idx Syntax Example admin network wireless wlan hotspot default 2 For information on configuring the Hotspot options available to the access point using the applet...

Page 374: ...ndex wlan idx Syntax Example admin network wireless wlan hotspot delete 2 Warning This will delete all the files from the corresponding directory For information on configuring the Hotspot options ava...

Page 375: ...guration options available to the access point using the applet GUI see Configuring Security Options on page 197 show Displays the access point s current security configuration set Enables disables th...

Page 376: ...Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enable admin network wireless security show policy 1 Policy Name Default Authentication type Manual Pre shared key No authentication Encrypt...

Page 377: ...ow summary Secu Policy Name Authen Encryption Associated WLANs 1 Default Manual no encrypt Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enable Related...

Page 378: ...e to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in affect if eap is specified for the authentica...

Page 379: ...count Sets the maximum number of server retries to count 1 255 Note The WEP authentication mechanism saves up to four different keys one for each WLAN It is not requirement to set all keys but you mus...

Page 380: ...e key 256 bit key Sets the TKIP key to 256 bit key phrase ascii phrase Sets the TKIP ASCII pass phrase to ascii phrase 8 63 characters ccmp rotate mode mode Enables or disabled the broadcast key inter...

Page 381: ...n Encryption type no encryption For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 197...

Page 382: ...security policy Syntax For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 197 delete s...

Page 383: ...Control List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an exis...

Page 384: ...Front Lobby WLAN1 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For i...

Page 385: ...l create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 153 create show acl name Di...

Page 386: ...to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 153 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL pol...

Page 387: ...eless acl delete Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on pag...

Page 388: ...oint Radio submenu The items available under this command include show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 2 4...

Page 389: ...Roaming Client Bridge Mode disable Client Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable Radio Function WIPS RF Band of Operation 802 11n 5 GHz Roaming Client...

Page 390: ...4700 Series Access Point Product Reference Guide 390 For information on configuring the Radio Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Con...

Page 391: ...depending on the single dual or three radio configuration deployed see examples below max mus mus Defines the maximum number of MUs assigned to the specified radio idx 1 or 2 The range can be defined...

Page 392: ...rmation on the options available to the access point see Setting the WLAN s Radio Configuration on page 169 7 Radio 1 Disabled Radio 2 WLAN Radio 3 Disabled 8 Radio 1 Disabled Radio 2 Disabled Radio 3...

Page 393: ...show 802 11n radio parameters set set 802 11n radio parameters delete delete 802 11n radio parameters advanced go to Advanced Settings sub menu mesh go to Mesh Connections sub menu go to parent menu g...

Page 394: ...l Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Anetenna disable Dynamic Chain Selection disable TKIP HT rates compatibility disable Current BCMC Tx Speed for range optimiz...

Page 395: ...enable Transmit A MPDU Size Limit 65536 bytes Receive A MPDU Size Limit 65536 bytes Receive A MPDU Minimum Spacing 0 usec admin network wireless radio 802 11n 2 4 GHz admin network wireless radio 802...

Page 396: ...lude 0 Default antenna 1 Dual band antenna 2 Omni antenna 3 Yagi antenna 4 Embedded antenna 5 Panel antenna 6 Patch antenna 7 Sector antenna antenna gain Sets the gain used by the selected antenna typ...

Page 397: ...network wireless radio 802 11n 2 4 GHz set qos cwmax 255 admin network wireless radio 802 11n 2 4 GHz set qos aifsn 7 admin network wireless radio 802 11n 2 4 GHz set qos txops 0 admin network wirele...

Page 398: ...the advanced submenu for the 802 11n 2 4 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 2 4 GHz radio set Defines advanced param...

Page 399: ...ffice 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 2 4 GHz advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio Band s 2 4 and 5...

Page 400: ...adio 802 11n 2 4 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 2 4 GHz advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the...

Page 401: ...items available under this command include Syntax show Displays mesh settings and status for the 802 11n 2 4 GHz radio set Defines mesh parameters for the 802 11n 2 4 GHz radio add Adds a 802 11n 2 4...

Page 402: ...11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 2 4 GHz mesh show status idx AP M...

Page 403: ...mesh set Defines mesh parameters for the 802 11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh set auto select enable admin network wireless radio 802 11n 2 4 GHz mes...

Page 404: ...P4700 admin network wireless radio 802 11n 2 4 GHz mesh add Adds a 802 11n 2 4 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh add 2 AA21DCDD12DE add priorit...

Page 405: ...dio 802 11n 2 4 GHz mesh delete Deletes a 802 11n 2 4 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh delete 2...

Page 406: ...02 11n 5 0 GHz radio 2 submenu The items available under this command include Syntax show show 802 11n radio parameters set set 802 11n radio parameters delete delete 802 11n radio parameters advanced...

Page 407: ...ngle Antenna disable Dynamic Chain Selection disable TKIP HT rates compatibility disable Current BCMC Tx Speed for range optimization admin network wireless radio 802 11n 5 0 GHz show rates Basic Rate...

Page 408: ...e Transmit A MSDU enable Transmit A MSDU Buffer Limit 3839 bytes Enable Transmit A MPDU enable Transmit A MPDU Size Limit 65536 bytes Receive A MPDU Size Limit 65536 bytes Receive A MPDU Minimum Spaci...

Page 409: ...adio type channel and country antenna type Sets the numerical antenna type used with the access point 0 7 Antenna types include 0 default antenna 1 dual band antenna 2 Omni antenna 3 Yagi antenna 4 Em...

Page 410: ...nable admin network wireless radio 802 11n 5 0 GHz set tkip ht compatibility disable admin network wireless radio 802 11n 5 0 GHz set bcmc tx speed range CAUTION A 40 MHz channel is composed of two 20...

Page 411: ...vanced submenu for the 802 11n 5 0 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 5 0 GHz radio set Defines advanced parameters f...

Page 412: ...ion is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 5 0 GHz advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 2 4 an...

Page 413: ...n 5 0 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 5 0 GHz advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access poi...

Page 414: ...dio The items available under this command include Syntax show Displays mesh settings and status for the 802 11n 5 0 GHz radio set Defines mesh parameters for the 802 11n 5 0 GHz radio add Adds a 802...

Page 415: ...GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 5 0 GHz mesh show status idx AP MAC Addr...

Page 416: ...5 0 GHz mesh set Defines mesh parameters for the 802 11n 5 0 GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh set auto select enable admin network wireless radio 802 11n 5 0...

Page 417: ...dmin network wireless radio 802 11n 5 0 GHz mesh add Adds a 802 11n 5 0 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh add 2 AA21DCDD12DE add priority Defin...

Page 418: ...less radio 802 11n 5 0 GHz mesh delete Deletes a 802 11n 5 0 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh de...

Page 419: ...y of Service QoS submenu The items available under this command include show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Page 420: ...o Dept admin network wireless qos show policy 1 Policy Name Default Support Voice Prioritization disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode disabl...

Page 421: ...pe used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voi...

Page 422: ...data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi...

Page 423: ...te Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 156 del...

Page 424: ...Displays the access point Rate Limiting submenu The items available under this command include show Displays Rate Limiting information for how data is processed by the access point set Defines Rate L...

Page 425: ...U Rate Limiting disable admin network wireless rate limiting show wlan WLAN 1 WLAN Name WLAN1 ESSID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting...

Page 426: ...work wireless rate limiting set Defines the access point Rate Limiting configuration Syntax For information on configuring the Rate Limiting options available to the access point using the applet GUI...

Page 427: ...isplays the current access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List...

Page 428: ...ss rogue ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Extreme APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes...

Page 429: ...rogue ap admin network wireless rogue ap set mu scan enable admin network wireless rogue ap set interval 10 admin network wireless rogue ap set on channel disable admin network wireless rogue ap set...

Page 430: ...ys the Rogue AP mu scan submenu Syntax add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start The access point initiates an immediate scan for known...

Page 431: ...gue ap mu scan start Initiates an MU scan from a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Page 432: ...admin network wireless rogue ap mu scan show Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Confi...

Page 433: ...t Displays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed li...

Page 434: ...t Syntax Example admin network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on confi...

Page 435: ...03 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on configu...

Page 436: ...ist delete Deletes an AP MAC address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Ro...

Page 437: ...ss wips Displays the WIPS submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention parameters Goes to...

Page 438: ...ireless wips show Shows the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips show WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 1 1 1 admin networ...

Page 439: ...in network wireless wips set Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip Define...

Page 440: ...n network wireless mu locationing Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing p...

Page 441: ...rk wireless mu locationing show Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 admin network wi...

Page 442: ...ocating MUs Syntax Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu...

Page 443: ...is command include show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and W...

Page 444: ...ce attack filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mim...

Page 445: ...outing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enables o...

Page 446: ...40 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Setting...

Page 447: ...255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuring the Firewall options availabl...

Page 448: ...r submenu The items available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined r...

Page 449: ...show routes index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 1...

Page 450: ...figuring Router Settings on page 186 set auth Sets the RIP authentication type none simple or MD5 dir Sets RIP direction rx tx or both id Sets MD5 authetication ID 1 256 for specific index 1 2 key Set...

Page 451: ...destination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Co...

Page 452: ...0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan...

Page 453: ...destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on co...

Page 454: ...er submenu The items available under this command are show Displays Global IP Filter table entries set Sets Global IP Filter table entries add Adds a filter to the Global IP Filter table delete Delete...

Page 455: ...5 AP4700 admin network ipfilter show Displays Global IP Filter table entries Syntax Example admin network ipfilter show Idx name Protocol Port Start End SrcIP Start End DestIP Start End In Use admin n...

Page 456: ...ts the protocol of the IP filter port start Sets the starting port of the IP Filter port end Sets the end port of the IP Filter saddr start Sets the source address start of the IP Filter saddr end Set...

Page 457: ...col loc Adds protocol for IP Filter start port port Adds a starting port for IP Filter end port port Adds an ending port for IP Filter start src address ip Adds a starting source IP address for IP Fil...

Page 458: ...0 admin network ipfilter delete Deletes a filter from the Global IP Filter table Syntax Example admin network ipfilter delete all admin network ipfilter delete index idx Deletes a filter index from th...

Page 459: ...to the Power Settings submenu aap setup Goes to the Adaptive AP Settings submenu lldp Goes to the LLDP submenu access Goes to the access point access submenu where access point access methods can be...

Page 460: ...s point is reset Please be sure to save changes before resetting Are you sure you want to restart the AP4700 yes no AP4700 Boot Firmware Version 4 1 0 0 xxx Press escape key to run boot firmware Power...

Page 461: ...l address system uptime 3 days 23 hours 17 minutes 14 seconds DNS Relay Mode enable SSLv2 support from HTTP server enable weak cipher support in SSL enable SSHv1 support enable led state enable AP4700...

Page 462: ...ng the applet GUI see Configuring System Settings on page 78 set name name Sets the access point system name to name 1 to 59 characters The access point does not allow intermediate space characters be...

Page 463: ...nce Guide 463 AP4700 admin system lastpw Displays last expired debug password Example admin system lastpw AP 4700 MAC Address is 00 15 70 02 7A 66 Last debug password was extreme Current debug passwor...

Page 464: ...35 92 210 ether 00 11 25 14 61 A8 C 157 235 92 179 ether 00 14 22 F3 D7 39 C 157 235 92 248 ether 00 11 25 B2 09 60 C 157 235 92 180 ether 00 0D 60 D0 06 90 C 157 235 92 3 ether 00 D0 2B A0 D4 FC C 15...

Page 465: ...configuring power settings using the applet GUI see Configuring Power Settings on page 81 show Displays the current power setting configuration set Defines the access point s power setting configurati...

Page 466: ...t power configuration Syntax Example admin system power setup show Power Mode Auto Power Status Full Power 3af Power Option default 3at Power Option default Default Radio Radio1 For information on con...

Page 467: ...em power setup set power option 3af option admin system power setup set def radio 1 For information on configuring power settings using the applet GUI see Configuring Power Settings on page 81 set mod...

Page 468: ...e Adaptive AP Setup on page 85 For an overview of adaptive AP functionality and its implications see Adaptive AP Overview on page 605 show Displays Adaptive AP information set Defines the Adaptive AP...

Page 469: ...IP Address 6 0 0 0 0 IP Address 7 0 0 0 0 IP Address 8 0 0 0 0 IP Address 9 0 0 0 0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Controller disable AC Keepalive 5 Load B...

Page 470: ...daptive AP using the applet GUI see Adaptive AP Setup on page 85 For an overview of adaptive AP functionality and its implications see Adaptive AP Overview on page 605 set auto discovery Sets the cont...

Page 471: ...admin system aap setup delete 1 admin system aap setup For information on configuring Adaptive AP using the applet GUI see Adaptive AP Setup on page 85 For an overview of adaptive AP functionality an...

Page 472: ...DP submenu For information on configuring LLDP using the applet GUI see Configuring LLDP Settings on page 108 show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to th...

Page 473: ...ldp show Displays LLDP information Syntax admin system lldp show LLDP Status enable LLDP Refresh Interval 30 LLDP Holdtime Mutiplier 4 admin system lldp For information on configuring LLDP using the a...

Page 474: ...lldp mode enable admin system lldp set lldp refresh 100 admin system lldp set lldp holdtime 2 admin system lldp For information on configuring LLDP using the applet GUI see Configuring LLDP Settings o...

Page 475: ...Displays the access point access submenu show Displays access point system access capabilities set Goes to the access point system access submenu Goes to the parent menu Goes to the root menu save Sa...

Page 476: ...I SSH access parameters auth timout seconds Disables the radio interface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout minutes Inactivity interval...

Page 477: ...able enable cli ssh access enable enable enable snmp access enable enable enable SSLV2 enable http s timeout 0 ssh server authetnication timeout 120 ssh server inactivity timeout 120 admin authetnicat...

Page 478: ...ds a Self Certificate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded...

Page 479: ...7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management...

Page 480: ...tem cmgr delself Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificate...

Page 481: ...oads a self certificate signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on...

Page 482: ...82 AP4700 admin system cmgr listself Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessin...

Page 483: ...cmgr loadca Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 loadca...

Page 484: ...uct Reference Guide 484 AP4700 admin system cmgr delca Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on p...

Page 485: ...ce Guide 485 AP4700 admin system cmgr listca Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Page 486: ...dmin system cmgr showreq Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 showreq...

Page 487: ...487 AP4700 admin system cmgr delprivkey Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on p...

Page 488: ...88 AP4700 admin system cmgr listprivkey Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 listpr...

Page 489: ...e a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate...

Page 490: ...generate a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA cert...

Page 491: ...00 admin system snmp Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent men...

Page 492: ...p access Displays the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SN...

Page 493: ...the SNMP v3 engine ID Syntax Example admin system snmp access show eid AP4700 snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings u...

Page 494: ...chars E g 1 3 6 1 v3 user access oid sec auth pass1 priv pass2 user username 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security none auth auth priv a...

Page 495: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 101 delete acl idx Deletes entry idx 1 10...

Page 496: ...vate read write 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password privac...

Page 497: ...NMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list...

Page 498: ...ork Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable rogue ap de...

Page 499: ...al cold enable disable Enables disables the system cold start trap cfg enable disable Enables disables a configuration changes trap rogue ap enable disable Enables disables a trap when a rogue ap is d...

Page 500: ...ee Configuring SNMP RF Trap Thresholds on page 107 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port...

Page 501: ...s delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 97 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Dele...

Page 502: ...m v1 admin system snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level non...

Page 503: ...to the user database submenu Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 user Goes to the user submen...

Page 504: ...ords Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 add Adds a new user delete Deletes a new user cleara...

Page 505: ...the user database Syntax Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User A...

Page 506: ...a new user to the user database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI see Defini...

Page 507: ...ves all existing user IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see De...

Page 508: ...ssword for a user Syntax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User A...

Page 509: ...ng User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 create Creates a group name delete Deletes a group name clearall Removes all existing group...

Page 510: ...Once defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet GUI s...

Page 511: ...up delete Deletes an existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defini...

Page 512: ...Removes all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet G...

Page 513: ...ser to an existing group Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining...

Page 514: ...a user from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see D...

Page 515: ...rdb group show groups List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Acce...

Page 516: ...using the applet GUI see Configuring User Authentication on page 250 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu...

Page 517: ...DIUS user database Syntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring RADIUS using the applet GUI see...

Page 518: ...ring EAP RADIUS using the applet GUI see Configuring User Authentication on page 250 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defin...

Page 519: ...e Peap submenu Syntax For information on configuring PEAP RADIUS using the applet GUI see Configuring User Authentication on page 250 set Defines Peap parameters show Displays the Peap configuration s...

Page 520: ...meters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP RADIUS values using the applet GUI see Conf...

Page 521: ...submenu Syntax For information on configuring EAP TTLS RADIUS values using the applet GUI see Configuring User Authentication on page 250 set Defines TTLS parameters show Displays the TTLS configurat...

Page 522: ...Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS RADIUS values using the applet GUI see Configurin...

Page 523: ...tion on configuring RADIUS access policies using the applet GUI see Configuring User Authentication on page 250 set Sets a group s WLAN access policy access time Goes to the time based login submenu s...

Page 524: ...WLAN access policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring RADIUS WLAN policy values using the applet GUI see Configuring...

Page 525: ...e is in DayDDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Des...

Page 526: ...access policy Syntax Example admin system radius policy show List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configurin...

Page 527: ...nu Syntax For information on configuring a RADIUS LDAP server using the applet GUI see Configuring LDAP Authentication on page 253 set Defines the LDAP parameters show all Displays existing LDAP param...

Page 528: ...s ldap set groupname 0 0 0 0 admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a RADIUS LDAP serve...

Page 529: ...on LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue cn LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass...

Page 530: ...RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 255 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets...

Page 531: ...xy add lancelot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 255 add...

Page 532: ...n system radius proxy delete Adds a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring RADIUS proxy server values using the applet...

Page 533: ...ves all proxy server records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Page 534: ...radius proxy set delay 10 admin system radius proxy set count 5 admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius...

Page 535: ...uring RADIUS client values using the applet GUI see Configuring the Radius Server on page 250 add Adds a RADIUS client to list of available clients delete Deletes a RADIUS client from list of availabl...

Page 536: ...ADIUS server Syntax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Page 537: ...om those available to the RADIUS server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring RADIUS client values using the applet...

Page 538: ...clients Syntax Example admin system radius client show Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring RADIUS client val...

Page 539: ...to be configured accurately on the access point Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 110 show Shows NTP parameters settings...

Page 540: ...m ntp show Displays the NTP server configuration Syntax Example admin system ntp show current time 2006 07 31 14 35 20 time zone UTC ntp mode enable For information on configuring NTP using the applet...

Page 541: ...ate zone Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone UTC For information on configuring NTP using the applet GUI see Co...

Page 542: ...zone list Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list For information on configuring NTP using the applet GUI see Configuring Netw...

Page 543: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 110 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines...

Page 544: ...ys the access point log submenu Logging options include Syntax show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the...

Page 545: ...ss point logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings us...

Page 546: ...rmation on configuring logging settings using the applet GUI see Logging Configuration on page 112 set level level Sets the level of the events that will be logged All events with a level at or above...

Page 547: ...6pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf...

Page 548: ...nce Guide 548 AP4700 admin system logs delete Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configurati...

Page 549: ...ansfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 112 send Sends the system log file via FT...

Page 550: ...ult access point configuration partial Restores a partial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exp...

Page 551: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Page 552: ...ss point s LAN WAN and SNMP settings are unaffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP4700 yes no For information on import...

Page 553: ...configuration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing e...

Page 554: ...is never be generated For configuration file import the legacy command set rf function X wips wlan is processed as it has historically There is no CLI menu allowing the user to enter set rf function X...

Page 555: ...xport Operation Done CAUTION Make sure a copy of the access point s current configuration is exported to a secure location before exporting the access point s configuration as you will want a valid ve...

Page 556: ...nt cannot import export its configuration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radio access point CAUTION Extre...

Page 557: ...oot process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings set...

Page 558: ...fw update show automatic firmware upgrade enable automatic config upgrade enable firmware filename apn bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name jsmith ftp passwo...

Page 559: ...ware on page 118 set fw auto mode When enabled updates device firmware each time the firmware versions are found to be different between the access point and the specified firmware on the remote syste...

Page 560: ...t process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces admin system fw update update ftp For information on updating access p...

Page 561: ...a config file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash all l...

Page 562: ...mmary on page 286 For information on displaying Known AP statistics using the applet GUI see Viewing Known Access Point Statistics on page 288 show wan Displays stats for the access point WAN port lan...

Page 563: ...ll existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on copying the access point config to another access point using...

Page 564: ...cfg all admin stats NOTE The send cfg all command copies all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on cop...

Page 565: ...r specified LAN index either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access po...

Page 566: ...LEDs Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing...

Page 567: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 285 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters...

Page 568: ...s Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Pin...

Page 569: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Page 570: ...f the echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 285 set station mac Defines MU target MAC address request num Sets number of ec...

Page 571: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Page 572: ...test to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 285 ping show Shows Known AP Summary details list Defines ping test p...

Page 573: ...erence Guide 573 AP4700 admin stats ping show Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 Acce...

Page 574: ...ping test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known A...

Page 575: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 285 s...

Page 576: ...es the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For informa...

Page 577: ...ing the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This association process is identica...

Page 578: ...ing This gives the user the freedom to configure their topology in a variety of ways without limitations This is important when configuring multiple Access Points for base bridge support in areas like...

Page 579: ...st connection needs to be established before the system starts bridging traffic The dual radio model Access Point affords users better optimization of the mesh networking feature by allowing the Acces...

Page 580: ...re information see Configuring Mesh Networking Support on page 581 Mesh Networking and the Access Point s Two Subnets The Access Point now has a second subnet on the LAN side of the system This means...

Page 581: ...defined to correctly function as a base or client bridge within a mesh network This section describes the configuration activities required to define a mesh network s LAN configuration As the Spanning...

Page 582: ...it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data unit sent This time is equal to 2 seconds sec by default but you can...

Page 583: ...and Quality of Service policy If intending to use the Access Point for mesh networking support Extreme Networks recommends configuring at least one WLAN of the 16 WLANs available specifically for mesh...

Page 584: ...ing it too high could prohibit other WLANs from granting access to the all the devices needed 6 Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in the Mesh Network Name d...

Page 585: ...using Traffic within a mesh network probably consists of known devices so you may want to leave the checkbox unselected and configure each MU with an ESSID The default is selected However for WLANs u...

Page 586: ...checkbox to allow the Access Point radio to accept client bridge connections from other Access Points in client bridge mode The base bridge is the acceptor of mesh network data from those client brid...

Page 587: ...a wireless link The default setting is WLAN1 Extreme Networks recommends creating and naming a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non Mesh sup...

Page 588: ...ty and a greater likelihood of joining the mesh network if an association with another device is lost If a MAC address is not desirable as others but still worthy of being on the preferred list select...

Page 589: ...nnection must be re instated If updating the mesh network using a WAN connection the applet does not lose connection but the mesh network is unavailable until the changes have been applied 18 Click Un...

Page 590: ...eployment scenarios will be addressed Scenario 1 Two base bridges redundant and one client bridge Scenario 2 A two hop mesh network with a base bridge repeater combined base bridge and client bridge m...

Page 591: ...Configuring AP 1 1 Provide a known IP address for the LAN1 interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via...

Page 592: ...Configuring Mesh Networking Altitude 4700 Series Access Point Product Reference Guide 592 3 Define a mesh supported WLAN...

Page 593: ...Altitude 4700 Series Access Point Product Reference Guide 593 4 Enable base bridge functionality on the 802 11a n radio Radio 2 5 Define a channel of operation for the 802 11a n radio...

Page 594: ...e LAN1 Interface different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority...

Page 595: ...erence Guide 595 Configuring AP 3 To define the configuration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the LAN1 interface 2 Assign the...

Page 596: ...cted 4 Select the Client Bridge checkbox to enable client bridge functionality on the 802 11a n radio Use the Mesh Network Name drop down menu to select the name of the WLAN created in step 3 NOTE You...

Page 597: ...and redundant links If member APs are not far apart in physical distance the algorithm intelligently chooses a single hop link to forward data To force APs to use multiple hops for demonstrations use...

Page 598: ...Access Point Product Reference Guide 598 Configuring AP 2 AP 2 requires the following modifications from AP 2 in the previous scenario to function in base bridge client bridge repeater mode 1 Enable c...

Page 599: ...dge functionality on the 802 11a n radio Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Li...

Page 600: ...N is mapped to BSS1 on the 802 11a n radio if each AP The Radio MAC Address the BSSID 1 MAC Address is used for the AP 2 Preferred Base Bridge List Ensure both the AP 1 and AP 2 Radio MAC Addresses ar...

Page 601: ...e members of the mesh network Mesh Networking Frequently Asked Questions The following scenarios represent issues that could be encountered and resolved when defining an Access Point supported mesh co...

Page 602: ...Bridge Backhaul option Mesh Deployment Issue 4 Do I need to map a WLAN to a radio when configuring mesh backhaul on a Client Bridge When creating a mesh backhaul WLAN on a client bridge only AP do yo...

Page 603: ...make a configuration change and apply the changes on a client bridge or repeater I momentarily loose connectivity to that AP why Resolution That is expected behavior when you make a configuration cha...

Page 604: ...Configuring Mesh Networking Altitude 4700 Series Access Point Product Reference Guide 604...

Page 605: ...is an Access Point that can adopt like an Altitude 4600 Series Access Point L3 The management of an AAP is conducted by the controller once the Access Point connects to a Extreme Networks controller...

Page 606: ...gured for the Access Point and its connected controller see How the AP Receives its Adaptive Configuration on page 612 For an overview of how to configure both the Access Point and controller for basi...

Page 607: ...tion 43 Vendor Specific options can be embedded in Option 43 using the vendor class identifier ExtremeAP 4700 The Access Point uses an encryption key to hash passphrases and security keys To obtain th...

Page 608: ...can choose from When providing a list the AAP tries to adopt based on the order in which they are listed from 1 12 NOTE An AAP can use its LAN or WAN Ethernet interface to adopt The LAN is PoE and DHC...

Page 609: ...he configuration changes it receives from the controller after 30 seconds from the last received controller configuration message When the configuration is applied on the AAP the radios shutdown and r...

Page 610: ...ller configuration message When the configuration is applied on the Mesh AAP the radios shutdown and re initialize this process takes less than 2 seconds forcing associated MUs to be deauthenticated a...

Page 611: ...wired controller Be aware IPSec Mode supports NAT Traversal NAT T Extended WLANs Only An extended WLAN configuration forces all MU traffic through the controller No wireless traffic is locally bridged...

Page 612: ...s its configuration from the controller If the AP s WAN link fails it continues to operate using the last valid configuration until its link is re established and a new configuration is pushed down fr...

Page 613: ...information in greater detail on the AP configuration activities described above see Adaptive AP Configuration on page 614 Configuring the Controller for Adaptive AP Adoption The tasks described below...

Page 614: ...page 614 Controller Configuration on page 616 NOTE Refer to Adaptive AP Deployment Considerations on page 619 for usage and deployment caveats that should be considered before defining the AAP config...

Page 615: ...to 12 Controller IP Addresses constituting the target controllers available for AAP connection The AAP will begin establishing a connection with the first addresses in the list If unsuccessful the AP...

Page 616: ...sing DHCP Options An AAP can be adopted to a wireless controller by providing the following options in the DHCP Offer NOTE Options 189 and 192 are mandatory to trigger adoption using DHCP options Unli...

Page 617: ...ontroller Configuration File for IPSec and Independent WLAN on page 620 and take note of the CLI commands in red and associated comments in green Any WLAN configured on the controller becomes an exten...

Page 618: ...a WLAN can be defined as independent using the wlan index independent command from the config wireless context Once an AAP is adopted by the controller it displays within the controller Access Port Ra...

Page 619: ...ropriate management and native VLANs are configured The WLAN used for mesh backhaul must always be an independent WLAN The controller configures an AAP If manually changing wireless settings on the AP...

Page 620: ...rivilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f To configure the ACL to be used in the CRYPTO MAP ip access list extended AAP ACL permit ip host 10 10 10 250 a...

Page 621: ...wlan 2 encryption type tkip wlan 2 dot11i phrase 0 admin123 wlan 3 enable wlan 3 ssid qs5 wep128 wlan 3 vlan 220 wlan 3 encryption type wep128 wlan 4 enable wlan 4 ssid qs5 open wlan 4 vlan 230 wlan 5...

Page 622: ...to ipsec transform set AAP TFSET esp aes 256 esp sha hmac mode tunnel To create a Crypto Map add a remote peer set the mode add a ACL rule to match and transform and set to the Crypto Map crypto map A...

Page 623: ...rport trunk allowed vlan none controllerport trunk allowed vlan add 1 9 100 110 120 130 140 150 160 170 controllerport trunk allowed vlan add 180 190 200 210 220 230 240 250 interface vlan1 ip address...

Page 624: ...Adaptive AP Altitude 4700 Series Access Point Product Reference Guide 624...

Page 625: ...and Altitude 4750 Physical Characteristics on page 625 Altitude 4710 and Altitude 4750 Physical Characteristics An Altitude 4710 and Altitude 4750 Access Point has the following physical characteristi...

Page 626: ...5825 MHz except channel 52 64 Channels 1 13 EU Channels 1 11 US Canada Channel 14 2484 MHz Japan only Actual operating frequencies depend on regulatory Data Rates Supported 802 11g 1 2 5 5 11 6 9 12...

Page 627: ...ry Code Algeria DZ Anguilla AI Argentina AR Australia AU Austria AT Bahamas BS Bahrain BH Barbados BB Belarus BY Belgium BE Bermuda BM Bolivia BO Botswana BW Botznia Herzegovina BA Brazil BR Bulgaria...

Page 628: ...y IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kenya KE Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macau MO Macedonia MK Malaysia MY Malta MT Martinique MQ Mexico MX...

Page 629: ...Romania RO Russia RU Saudi Arabia SA Serbia RS Singapore SG Slovak Republic SK Slovenia SI South Africa ZA South Korea KR Spain ES Sri Lanka LK Sweden SE Switzerland CH Taiwan TW Thailand TH Trinidad...

Page 630: ...Altitude 4700 Series Access Point Product Reference Guide 630...

Page 631: ...is reset or does a DHCP request The update process is conducted over the LAN or WAN port depending on which server responds first to the Access Point s request for an automatic update The firmware is...

Page 632: ...for automatic updates 1 Set the Windows DHCP Server and Access Point on the same Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example a...

Page 633: ...Altitude 4750 model 1 Microsoft Windows DHCP Server 1 TFTP Server To configure Global options using extended standard options 1 Set the Windows DHCP Server and Access Point on the same Ethernet segmen...

Page 634: ...oots up verify the Access Point Obtains and applies the expected IP Address from the DHCP Server Downloads the firmware and configuration files from the TFTP Server and updates both as required Verify...

Page 635: ...e DHCP Server is configured for options 187 and 67 for the firmware file the Access Point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global options...

Page 636: ...file Using options 66 67 and 129 AP47xx ha 00a0f88aa6d8 LAN MAC Address sm 255 255 255 0 Subnet Mask ip 157 235 93 128 IP Address gw 157 235 93 2 gateway T66 157 235 93 250 TFTP Server IP T67 apfw bi...

Page 637: ...ile name If T136 is not specified the Access Point uses the entire bf field as the config file name NOTE The update process is conducted over the LAN or WAN port depending on which Server responds fir...

Page 638: ...ng a Cisco VPN Device on page 641 Frequently Asked VPN Questions on page 642 Configuring a VPN Tunnel Between Two Access Points The Access Point can connect to a non AP device supporting IPSec such as...

Page 639: ...mask of AP 2 Device 2 7 Enter the WAN port IP address of AP 2 Device 2 for a Remote Gateway 8 Click Apply to save the changes NOTE For this example Auto IKE Key Exchange is used Any key exchange can b...

Page 640: ...th Authentication and use AES 128 bit as the ESP encryption algorithm and MD5 as the authentication algorithm Click OK 12 Select the IKE Settings button 13 Select Pre Shared Key PSK from the IKE Authe...

Page 641: ...the same procedure However replace Access Point 2 information with Access Point 1 information 20 Once both tunnels are established ping each side of the tunnel to ensure connectivity Configuring a Ci...

Page 642: ...ess Point IPSec tunnel support multiple subnets on the other end of a VPN concentrator Yes The Access Point can access multiple subnets on the other end of the VPN Concentrator from the Access Point s...

Page 643: ...setup an Access Point so clients can access both the WAN normally and only use the VPN when talking to specific networks Yes Only packets that match the VPN Tunnel Settings will be sent through the VP...

Page 644: ...VPN gateway and vice versa Question 9 I have setup my tunnel and the status still says Not Connected What should I do now VPN tunnels are negotiated on an as needed basis If you have not sent any tra...

Page 645: ...und rules need to be configured to control incoming outgoing packet flow for IPSec to work properly with Advanced LAN Access These rules should be configured first before other rules are configured Qu...

Page 646: ...Altitude 4700 Series Access Point Product Reference Guide 646...

Page 647: ...ustomer support see the Technical Assistance Center User Guide at www extremenetworks com go TACUserGuide The Extreme Networks eSupport website provides the latest information on Extreme Networks prod...

Page 648: ...Altitude 4700 Series Access Point Product Reference Guide 648...

Reviews:

No comments

Brands by name

Popular brands

Load more brands