manualshive.com logo in svg

Motorola AP-7131N-FGR, Product Reference Manual

Share
Download
Motorola AP-7131N-FGR Product Reference Manual Download Page 29

Introduction

1-13

Authentication Code (CBC-MAC) 

technique. Changing just one bit in a message produces a totally 

different result. 

WPA2-CCMP is based on the concept of a 

Robust Security Network (RSN),

 which defines a hierarchy 

of keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator provides are used 
to derive other keys. Messages are encrypted using a 256-bit secret key and a 256-bit block of data. 
The end result is an encryption scheme as secure as any the access point provides. 

For detailed information on WPA2-CCMP, see 

Configuring WPA2-CCMP (802.11i) on page 6-12

.

1.2.11.3 Firewall Security

A firewall keeps personal data in and hackers out. The access point’s firewall prevents suspicious 
Internet traffic from proliferating the access point managed network. The access point performs 

Network Address Translation

 (NAT) on packets passing to and from the WAN port. This combination 

provides enhanced security by monitoring communication with the wired network. 

For detailed information on configuring the access point’s firewall, see 

Configuring Firewall Settings 

on page 6-14

.

1.2.11.4 VPN Tunnels

Virtual Private Networks (VPNs)

 are IP-based networks using encryption and tunneling providing 

users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN 
across the public network to another LAN, without sacrificing security. A VPN behaves like a private 
network; however, because the data travels through the public network, it needs several layers of 
security. The access point can function as a robust VPN gateway. 

For detailed information on configuring VPN security support, see 

Configuring VPN Tunnels on page 

6-23

.

1.2.11.5 Content Filtering

Content filtering allows system administrators to block specific commands and URL extensions from 
going out through the WAN port. Therefore, content filtering affords system administrators selective 
control on the content proliferating the network and is a powerful screening tool. Content filtering 
allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound 
requests. 

For detailed information on configuring content filtering support, see 

Configuring Content Filtering 

Settings on page 6-41

.

Summary of Contents for AP-7131N-FGR

Page 1: ...AP 7131N FGR Access Point Product Reference Guide ...

Page 2: ...Logo are registered in the US Patent Trademark Office Symbol is a registered trademark of Symbol Technologies Inc All other product or service names are the property of their respective owners 2009 Motorola Inc All rights reserved ...

Page 3: ...AP 7131N FGR Access Point Product Reference Guide 72E 126727 01 Revision A September 2009 ...

Page 4: ......

Page 5: ... Per Radio MU Limit 1 3 Power Setting Configuration 1 3 AMSDU Transmission Support 1 4 IPSec VPN Support 1 4 Feature Overview 1 5 802 11n Support 1 6 Sensor Support 1 6 Mesh Roaming Client 1 8 Dual Mode Radio Options 1 9 Separate LAN and WAN Ports 1 9 Multiple Mounting Options 1 10 Antenna Support for 2 4 GHz and 5 GHz Radios 1 10 Sixteen Configurable WLANs 1 10 Support for 4 BSSIDs per Radio 1 10...

Page 6: ...ization 1 16 Support for CAM and PSP MUs 1 16 Statistical Displays 1 17 Transmit Power Control 1 17 Advanced Event Logging Capability 1 17 Configuration File Import Export Functionality 1 17 Default Configuration Restoration 1 18 DHCP Support 1 18 Mesh Networking 1 18 Additional LAN Subnet 1 19 On board Radius Server Authentication 1 20 Hotspot Support 1 20 Routing Information Protocol RIP 1 21 Ma...

Page 7: ... for Site Installation 2 8 Cabling the Power Injector 2 9 Mounting an AP 7131N FGR 2 10 Wall Mounted Installations 2 10 Suspended Ceiling T Bar Installations 2 13 Above the Ceiling Plenum Installations 2 15 LED Indicators 2 18 Dual Radio 2 4 5 GHz LEDs 2 20 Rear LED 2 21 Setting Up MUs 2 21 Legacy MUs 2 21 802 11n MUs 2 22 Chapter 3 Getting Started Installing the Access Point 3 1 Configuration Opt...

Page 8: ...Managing Certificate Authority CA Certificates 4 19 Importing a CA Certificate 4 19 Creating Self Certificates for Accessing the VPN 4 21 Creating a Certificate for Onboard Radius Authentication 4 25 Configuring SNMP Settings 4 28 Configuring SNMP Access Control 4 35 Enabling SNMP Traps 4 36 Configuring Specific SNMP Traps 4 39 Configuring SNMP RF Trap Thresholds 4 42 Configuring Network Time Prot...

Page 9: ...74 Configuring IP Filtering 5 76 Applying a Filter to LAN1 LAN2 or a WLAN 1 16 5 79 Chapter 6 Configuring Access Point Security Configuring Security Options 6 2 Setting Passwords 6 2 Resetting the Access Point Password 6 4 Enabling Authentication and Encryption Schemes 6 4 Configuring 802 1x EAP Settings 6 6 Configuring WPA2 CCMP 802 11i 6 12 Configuring Firewall Settings 6 14 Configuring LAN to W...

Page 10: ...Statistics Viewing WAN Statistics 7 2 Viewing LAN Statistics 7 6 Viewing a LAN s STP Statistics 7 9 Viewing Wireless Statistics 7 12 Viewing WLAN Statistics 7 15 Viewing Radio Statistics Summary 7 18 Viewing Radio Statistics 7 20 Retry Histogram 7 24 Viewing MU Statistics Summary 7 25 Viewing MU Details 7 27 Pinging Individual MUs 7 30 MU Authentication Statistics 7 31 Viewing the Mesh Statistics ...

Page 11: ...imiting Commands 8 126 Network Rogue AP Commands 8 129 WIPS Commands 8 139 Network MU Locationing Commands 8 142 Network Firewall Commands 8 145 Network Router Commands 8 150 System Commands 8 156 Power Setup Commands 8 162 Adaptive AP Setup Commands 8 165 System Access Commands 8 169 System Certificate Management Commands 8 172 System SNMP Commands 8 185 System SNMP Access Commands 8 186 System S...

Page 12: ... Point Radio for Mesh Support 9 13 Mesh Network Deployment Quick Setup 9 20 Scenario 1 Two Base Bridges and One Client Bridge 9 20 Configuring AP 1 9 20 Configuring AP 2 9 24 Configuring AP 3 9 25 Verifying Mesh Network Functionality for Scenario 1 9 27 Scenario 2 Two Hop Mesh Network with a Base and a Client Bridge 9 27 Configuring AP 1 9 27 Configuring AP 2 9 28 Configuring AP 3 9 29 Verifying M...

Page 13: ... 12 Adopting an Adaptive AP Manually 10 12 Adopting an Adaptive AP Using a Configuration File 10 14 Adopting an Adaptive AP Using DHCP Options 10 14 Switch Configuration 10 15 Adaptive AP Deployment Considerations 10 18 Sample Switch Configuration File for IPSec and Independent WLAN 10 19 Appendix A Technical Specifications Physical Characteristics A 2 Electrical Characteristics A 2 Radio Characte...

Page 14: ...nce Guide xii BootP Priorities B 9 Configuring an IPSEC Tunnel and VPN FAQs B 10 Configuring a VPN Tunnel Between Two Access Points B 10 Configuring a Cisco VPN Device B 13 Frequently Asked VPN Questions B 15 Appendix C Customer Support Index ...

Page 15: ...on and setup information for the AP 7131N FGR model access point Document Conventions The following document conventions are used in this document NOTE Indicate tips or special requirements CAUTION Indicates conditions that can cause equipment damage or data loss ...

Page 16: ...oblem is encountered with the access point contact Customer Support Refer to Appendix C for contact information Before calling have the model and serial number on hand If the problem cannot be solved over the phone you may need to return your equipment for servicing If that is necessary you will be given specific instructions Motorola is not responsible for any damages incurred during shipment if ...

Page 17: ... a fully featured intelligent access point that can be centrally configured and managed via a Motorola wireless switch in either corporate headquarters or a network operations center NOC In the event the connection between the access point and the wireless switch is lost a Remote Site Survivability RSS feature ensures the delivery of uninterrupted wireless services at the local or remote site All ...

Page 18: ...you to configure one radio for 802 11a n support and the other for 802 11b g n support The two models available to the AP 7131N FGR series include AP 7131N 66040 FGR 802 11an and 802 11bgn capable AP 7131N 44040 FGR 802 11a and 802 11bg capable 1 1 New Features The following features are now available with the introduction of the new 4 0 access point hardware and firmware baseline IP Filtering MU ...

Page 19: ...AN basis To globally enable or disable the MU rate limit and assess the WLANs in which it s currently invoked see Configuring MU Rate Limiting on page 5 70 To define the actual MU rate limit maximum downstream bandwidth allocation in kbps see Creating Editing Individual WLANs on page 5 32 1 1 3 Per Radio MU Limit Prior to this new 4 0 AP firmware baseline an access point allowed a total of 127 MU ...

Page 20: ...disabled The WAN port configuration could be changed enabled or disabled For information on configuring the access point s power configuration see Configuring Power Settings on page 4 6 1 1 5 AMSDU Transmission Support Aggregate MAC Service Data Unit AMSDU is an 802 11n specific MAC feature which enhances the transmission of multiple MSDU contents wrapped within a single preamble packet infrastruc...

Page 21: ...ied forward into the 4 x firmware baseline 802 11n Support Sensor Support Mesh Roaming Client Dual Mode Radio Options Separate LAN and WAN Ports Multiple Mounting Options Antenna Support for 2 4 GHz and 5 GHz Radios Sixteen Configurable WLANs Support for 4 BSSIDs per Radio Quality of Service QoS Support Industry Leading Data Security VLAN Support Multiple Management Accessibility Options Updatable...

Page 22: ...he Motorola Wireless Intrusion Protection System WIPS protects your wireless network mobile devices and traffic from attacks and unauthorized access WIPS provides tools for standards compliance and around the clock 802 11a b g wireless network security in a distributed environment WIPS allows administrators to identify and accurately locate attacks rogue devices and network vulnerabilities in real...

Page 23: ...Sensor functionality is not provided by the access point alone The access point works in conjunction with a dedicated WIPS server For information on configuring an AirDefense server for optimal use with an access point in sensor mode go to http support symbol com support product manuals do select AirDefense and open the Motorola AirDefense Enterprise 7 3 3 Users Guide NOTE The functions described ...

Page 24: ...ion tree Access Live View by right clicking on the device which automatically limits the data to the specific device your choose Sensor radios can be tuned to channels in both the 2 4GHz and 5 0 GHz band The channels in use by a given radio are defined by the WIPS application There is no need to explicitly set a band for a sensor radio Instead select either default values or specific channels Spec...

Page 25: ...P client DHCP server or using a static IP address The access point can only use a Power over Ethernet device when connected to the LAN port For detailed information on configuring the LAN port see Configuring the LAN Interface on page 5 1 A Wide Area Network WAN is a widely dispersed telecommunications network In a corporate environment the WAN port might connect to a larger corporate network For ...

Page 26: ...anuals do 1 2 8 Sixteen Configurable WLANs A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable for wireless networking Roaming users can be handed off from one access point to another like a cellular phone system WLANs can therefore...

Page 27: ... can significantly benefit from the QoS implementation The WiFi Multimedia QOS Extensions WMM implementation used by the shortens the time between transmitting higher priority data traffic and is thus desirable for multimedia applications In addition U APSD WMM Power Save is also supported WMM defines four access categories voice video best effort and background to prioritize traffic for enhanced ...

Page 28: ...N through the access point The access point then requests the identity of the user and transmits that identity to an authentication server The server prompts the AP for proof of identity supplied to the by the user and then transmits the user data back to the server to complete the authentication process An MU is not able to access the network if not authenticated When configured for EAP support t...

Page 29: ...n configuring the access point s firewall see Configuring Firewall Settings on page 6 14 1 2 11 4 VPN Tunnels Virtual Private Networks VPNs are IP based networks using encryption and tunneling providing users remote access to a secure LAN In essence the trust relationship is extended from one LAN across the public network to another LAN without sacrificing security A VPN behaves like a private net...

Page 30: ...ts even when they are not members of the same network segment For detailed information on configuring VLAN support see Configuring VLAN Support on page 5 5 1 2 13 Multiple Management Accessibility Options The access point can be accessed and configured using one of the following Java Based Web UI Human readable config file imported via SFTP MIB Management Information Base Command Line Interface CL...

Page 31: ...g backward compatibility For detailed information on configuring SNMP traps see Configuring SNMP Settings on page 4 28 1 2 16 Power over Ethernet Support When users purchase a Motorola WLAN solution they often need to place access points in obscure locations In the past a dedicated power source was required for each access point in addition to the Ethernet infrastructure This often required an ele...

Page 32: ...s the access point to assign priority to voice traffic over data traffic and if necessary assign legacy voice supported devices non WMM supported voice devices additional priority For detailed information on configuring voice prioritization over other voice enabled devices see Setting the WLAN Quality of Service QoS Policy on page 5 42 1 2 19 Support for CAM and PSP MUs The access point supports b...

Page 33: ...vel for each radio This enables the network administrator to define the antenna s transmission power level in respect to the access point s placement or network requirements as defined in the site survey For detailed information on setting the radio transmit power level see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 1 2 22 Advanced Event Logging Capability The access point periodi...

Page 34: ... DHCP and requires network settings to be set manually If running both DHCP and BOOTP do not select BOOTP Only BOOTP should only be used when the server is running BOOTP exclusively The DHCP client automatically sends a DHCP request at an interval specified by the DHCP server to renew the IP address lease as long as the access point is running this parameter is programmed at the DHCP server For ex...

Page 35: ... A client bridge always initiates the connections and the base bridge is always the acceptor of the mesh network data proliferating the network Since each access point can establish up to 3 simultaneous wireless connections some of these connections may be redundant In that case the STP algorithm determines which links are the redundant links and disables the links from forwarding For an overview ...

Page 36: ...led information on configuring the access point for AAA Radius Server support see Configuring User Authentication on page 6 54 1 2 29 Hotspot Support The access point allows hotspot operators to provide user authentication and accounting without a special client application The access point uses a traditional Internet browser as a secure authentication device The access point issues an IP address ...

Page 37: ...ic DNS or DynDNS is a feature offered by www dyndns com allowing the mapping of domain names to dynamically assigned IP addresses When the dynamically assigned IP address of a client changes the new IP address is sent to the DynDNS service and traffic for the specified domain s is routed to the new IP address For information on configuring Dynamic DNS see Configuring Dynamic DNS on page 5 27 1 2 3...

Page 38: ...e configured with their own time based access policy Each group s policy has a user defined interval defining the days and hours access is permitted Authentication requests for users belonging to the group are honored only during these defined hourly intervals For more information on defining access point access policies by group see Defining User Access Permissions by Group on page 6 67 1 2 37 QB...

Page 39: ...eiving antenna on the MU in the path of the waves absorbs the waves as electrical signals The receiving MU interprets demodulates the signal by reapplying the direct sequence chipping code This demodulation results in the original digital data The access point uses its environment the air and certain objects as the transmission medium The access point can either transmit in the 2 4 to 2 5 GHz freq...

Page 40: ...ach 802 11a n or 802 11b g n radio A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable Within the WLAN roaming users can be handed off from one access point to another like a phone system WLANs can therefore be configured around the...

Page 41: ...is a Data Terminal Equipment DTE device with male pin connectors for the RS 232 port Connecting the access point to a PC requires a null modem serial cable 1 3 4 Direct Sequence Spread Spectrum Spread spectrum broadband uses a narrowband signal to spread the transmission over a segment of the radio frequency band or spectrum Direct sequence is a spread spectrum technique where the transmitted sign...

Page 42: ...tistics and determine the direct sequence channel used by the access point Scanning is a periodic process where the MU sends out probe messages on all channels defined by the country code The statistics enable an MU to reassociate by synchronizing its channel to the access point The MU continues communicating with that until it needs to switch cells or roam MUs perform partial scans at programmed ...

Page 43: ...way Router mode simultaneously The network architecture and access point configuration define how the Access Point and Wireless Gateway Router mode are negotiated Wireless Gateway Router If operating as a Wireless Gateway Router the access point functions as a router between two layer 2 networks the WAN uplink the ethernet port and the Wireless side The following options are available providing a ...

Page 44: ...he access point import export configuration function to download settings to other access points For detailed information see Importing Exporting Configurations on page 4 50 1 3 8 MAC Address Assignment MAC address assignments are as follows LAN GE1 The access point MAC address can be found underneath the access point chassis WAN GE2 WAN MAC address 1 LAN2 A virtual LAN not mapped to the LAN Ether...

Page 45: ...ess point to the network connecting antennae and applying power Installation procedures vary for different environments See the following sections for more details Precautions Requirements Package Contents Access Point Placement Power Options Power Injector System Mounting an AP 7131N FGR LED Indicators Setting Up MUs ...

Page 46: ...1P3 AFR A power outlet Dual band antennae or an antenna specifically supporting the AP s 2 4 or 5 GHz band 2 3 Package Contents Check package contents for the correct model and accessories Each available configuration at a minimum contains AP 7131N FGR access point accessories dependent on SKU ordered AP 7131N FGR Install Guide China ROHS compliance addendum Wall mount screw and anchor kit Accesso...

Page 47: ... be not bright enough An area lit sharply might minimize coverage and create dark areas Uniform antenna placement in an area like even placement of a light bulb provides even efficient coverage Place the access point using the following guidelines Install the access point at an ideal height of 10 feet from the ground NOTE The access point façade with 6 Element Antenna Part No ML 2452 PTA2M3X3 1 is...

Page 48: ...ea Motorola recommends conducting a new site survey and developing a new coverage area floor plan when switching from legacy access points to a new AP 7131N FGR model as the device placement requirements could be significantly different 2 4 2 Antenna Options Motorola supports two antenna suites for AP 7131N FGR One antenna suite supporting the 2 4 GHz band and another antenna suite supporting the ...

Page 49: ...in dBi ML 2499 11PNA2 01R Wide Angle Directional 8 5 ML 2499 HPA3 01R Omni Directional Antenna 3 3 ML 2499 BYGA2 01R Yagi Antenna 13 9 ML 2452 APA2 01 Dual Band 3 4 ML 2452 PTA2M3X3 1 Facade with 6 Element Antenna Module 3 5 ML 2452 PTA3M3 036 3 Port MIMO Antenna 4 75 5 5 NOTE An additional adapter is required to use ML 2499 11PNA2 01 and ML 2499 BYGA2 01 model antennae Please contact Motorola for...

Page 50: ...NA1 01R Panel Antenna 13 ML 5299 HPA1 01R Wide Band Omni Directional Antenna 5 0 ML 2452 APA2 01 Dual Band 3 4 ML 2452 PTA2M3X3 1 Facade with 6 Element Antenna Module 4 75 5 5 ML 2452 PTA3M3 036 3 Port MIMO Antenna 5 5 ML 2452 APA6J 01 Dipole 2 4GHz Peak Gain 5 76dBi 5GHz Peak Gain band 1 3 77dBi band 2 3 38dBi band 3 2 84dBi band 4 2 94dBi CAUTION An AP 7131N FGR cannot use the AP 5131 recommende...

Page 51: ...or each access point comprising the network An AP 7131 and AP 7131N can also be used with the 3af power injector AP PSBIAS 1P2 AFR However AP functionality is limited when powered by an AP PSBIAS 1P2 AFR since the AP has Ethernet connectivity limited to only the GE1 port The Motorola access point Power Supply Part No 50 14000 247R is not included with the access point and is orderable separately a...

Page 52: ...d using the unit s wall mounting key holes The following guidelines should be adhered to before cabling the Power Injector to an Ethernet source and access point Do not block or cover airflow to the Power Injector Keep the unit away from excessive heat humidity vibration and dust CAUTION The access point supports any standards based compliant power source including non Motorola power sources Howev...

Page 53: ...On Off power switch The Power Injector receives power and is ready for access point connection and operation as soon as AC power is applied Refer to the Installation Guide shipped with the Power Injector for a description of the device s LED behavior 3 Verify all cable connections are complete before supplying power to the access point CAUTION To avoid problematic performance and restarts disable ...

Page 54: ...ll Mounted Installations Wall mounting requires hanging the access point along its width or length using the pair of slots on the bottom of the unit and using the access point mounting template for the screws The hardware and tools customer provided required to install the access point on a wall consists of Two Phillips pan head self tapping screws ANSI Standard 6 18 X 0 875in Type A or AB Self Ta...

Page 55: ...Hardware Installation 2 11 ...

Page 56: ...d stop when there is 1mm between the screw head and the wall If pre drilling a hole the recommended hole size is 2 8mm 0 11in if the screws are going directly into the wall and 6mm 0 23in if wall anchors are being used 6 If required install and attach a security cable to the access point s lock port 7 Attach the antennas to their correct connectors For more information on available antennas see An...

Page 57: ...or CAT6 Ethernet cable between the network data supply host and the access point s GE1 POE port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the access point e Plug the power adapter into an outlet 11 Verify the behavior of the access point s LE...

Page 58: ...urce to the Power Injector and access point does not exceed 100 meters 333 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Power Injector System on page 2 7 For standard 48 Volt Power Adapter Part No 50 14000 247R and line cord installations a Connect a RJ 45 CAT5e or CAT6 Etherne...

Page 59: ...ystem Configuration on page 4 1 2 7 3 Above the Ceiling Plenum Installations An above the ceiling installation requires placing the access point above a suspended ceiling and installing the provided light pipe under the ceiling tile for viewing the rear panel status LEDs of the unit An above the ceiling installation enables installations compliant with drop ceilings suspended ceilings and industry...

Page 60: ... tile 6 Use a drill to make a hole in the tile the approximate size of the LED light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe NOTE The AP 7131N FGR is Plenum rated to UL2043 and NEC1999 to support above the ceiling installations CAUTION Motorola does not recommend mounting the access point directly to any suspended ceiling tile with a thickness less than 12 7m...

Page 61: ...nt or security cable if used to the access point s lock port 13 Align the ceiling tile into its former ceiling space 14 Cable the access point using either a Power Injector or approved line cord and power supply For Power Injector installations a Connect a RJ 45 CAT5e or CAT6 Ethernet cable between the network data supply host and the Power Injector Data In connector b Connect a RJ 45 CAT5e or CAT...

Page 62: ...ady to configure For information on an access point default configuration see Getting Started on page 3 1 For specific details on system configurations see System Configuration on page 4 1 2 8 LED Indicators An AP 7131N FGR model access point has six LEDs on the top of the access point housing and one optional LED light pipe at the bottom of the unit However an AP 7131N FGR model access point does...

Page 63: ...ble in wall and below ceiling installations The top housing LEDs have the following display and functionality NOTE Depending on how the 5 GHz and 2 4 GHz radios are configured the LEDs will blink at different intervals between amber and yellow 5 GHz radio and emerald and yellow 2 4 GHz radio ...

Page 64: ...tivity A 5 second Amber and Yellow blink rate defines 802 11an activity A 2 second Amber and Yellow blink rate defines 802 11an 40 MHz activity When functioningas a sensor LED alternates between Amber and Yellow The blink interval is 0 5 seconds It s 1 second when no Server is connected Blinking Emerald indicates 802 11bg activity A 5 second Emerald and Yellow blink rate defines 802 11bgn activity...

Page 65: ...page 3 20 Refer to the LA 5030 LA 5033 Wireless Networker PC Card and PCI Adapter Users Guide available from the Motorola Web site for installing drivers and client software if operating in an 802 11a g network environment Refer to the Spectrum24 LA 4121 PC Card LA 4123 PCI Adapter LA 4137 Wireless Networker User Guide available from the Motorola Web site for installing drivers and client software...

Page 66: ...s point s settings to support legacy 802 11a bg operation using Windows XP 1 Select My Network Places 2 Right click and select Properties The Network Connections screen displays 3 Select right click on the adapter supporting 802 11n operation with the access point and select Properties 4 Click on the Configure button The Network Connection screen displays supporting the 802 11n adapter 5 Select th...

Page 67: ...ick OK to save the updates to the adapter s configuration NOTE If re enabling the adapter for 802 11 support ensure additional 802 11n settings Aggregation Channel Width Guard Interval etc are also enabled to ensure optimal operation ...

Page 68: ...AP 7131N FGR Access Point Product Reference Guide 2 24 ...

Page 69: ...er options outlined in Hardware Installation See the following sections for more details Installing the Access Point Configuration Options Basic Configuration 3 1 Installing the Access Point Make the required cable and power connections before mounting the access point in its final operating position Test the access point with an associated MU before mounting and securing the access point Carefull...

Page 70: ...ng connection methods to manage the network Secure Java Based WEB UI use Sun Microsystems JRE 1 5 or higher available from Sun s Web site Disable Microsoft s Java Virtual Machine if installed For information on using the Web UI to set access point default configuration see Basic Configuration on page 3 4 or chapters 4 through 7 of this guide Command Line Interface CLI via Serial Telnet and SSH The...

Page 71: ...ss point 3 3 2 Connecting to the Access Point using the LAN Port To initially connect to the access point using the access point s LAN port 1 The LAN or GE1 POE port default is set to DHCP Connect the access point s GE1 POE port to a DHCP server The access point will receive its IP address automatically 2 To view the IP address connect one end of a null modem serial cable to the access point and t...

Page 72: ... 1 Configuring Your Browser for AP 7131N FGR Support An AP 7131N FGR model access point is compliant with the FIPS140 2 standard The AP 7131N FGR is only accessible using browsers that support the TLS 1 0 protocol The AP 7131N FGR is not accessible by browsers supporting the SSL 2 0 or SSL 3 0 protocols Additionally ensure JRE version 1 6 or above is installed on the computer accessing the AP 7131...

Page 73: ...ult password If the default login is successful the Change Admin Password window displays It is strongly recommended you immediately change the password to optimize device security For more information see Configuring the Access Point on page 3 6 3 4 1 2 Accessing the AP 7131N FGR Using Mozilla Firefox To define the browser settings needed to access the AP 7131N FGR using Mozilla Firefox 1 Open th...

Page 74: ...GE1 POE port s default setting is static with a default IP address of 192 168 0 1 For this example the access point s WAN interface will be used to connect to the access point The default WAN IP address is 10 1 1 1 For optimal viewing of the Web UI the screen resolution should be set to 1024 x 768 pixels or greater Remember Internet Explorer and Mozilla Firefox require unique settings be defined i...

Page 75: ... a country Proceed to Configuring Device Settings on page 3 8 to validate the country setting The export function will always export the encrypted Admin User password The import function will import the Admin Password only if the access point is set to factory default If the access point is not configured to factory default settings the Admin User password WILL NOT get imported NOTE Though the acc...

Page 76: ...rom the menu tree if the Quick Setup screen is not already displayed 2 Select the System Configuration tab to define the access point s system WIPS server and radio configuration NOTE Beginning with the 4 0 release of the access point firmware a new scheme for radio configuration and WIPS server management has been implemented within the Quick Setup GUI applet These radio buttons define how WLAN a...

Page 77: ...rompts for the correct country code on the first login A warning message also displays stating an incorrect country setting may result in illegal radio operation Selecting the correct country is central to legally operating the access point Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted To ensure comp...

Page 78: ...ting a synchronization interval for the access point to adjust its displayed time WIPS Servers Define a primary and alternate WIPS server IP Address for WIPS Server 1 and 2 These are the addresses of the primary and secondary WIPS console server WIPS support requires a Motorola AirDefense WIPS Server on the network WIPS functionality is not provided by the access point alone The access point works...

Page 79: ...orld through the WAN port Disable this option to effectively isolate the access point s WAN connection No connections to a larger network or the Internet will be possible MUs cannot communicate beyond the configured subnets b Select the This Interface is a DHCP Client checkbox to enable DHCP for the access point s WAN connection This is useful if the larger corporate network or Internet Service Pr...

Page 80: ...et PPPoE for a high speed connection that supports this protocol Most DSL providers are currently using or deploying this protocol PPPoE is a data link protocol for dialup connections PPPoE will allow the access point to use a broadband modem DSL cable modem etc for access to high speed data networks h Select the Keep Alive checkbox to enable occasional communications over the WAN port even when c...

Page 81: ...of hosts within a larger network These values help divide a network into subnetworks and simplify routing and data transmission e If using the static or DHCP Server option enter a Default Gateway to define the numerical IP address of a router the access point uses on the Ethernet as its default gateway f If using the static or DHCP Server option enter the Primary DNS Server numerical IP address g ...

Page 82: ... in respect to the 2 4 or 5 GHz 802 11b g n or 802 11a n radio traffic and anticipated gain of the antennas 9 Click Apply to save any changes to the access point Quick Setup screen Navigating away from the screen without clicking Apply results in all changes to the screens being lost NOTE A maximum of 16 WLANs are configurable within the Wireless Configuration screen The limitation of 16 WLANs CAU...

Page 83: ...cy entered suits the intended configuration or function of the policy Multiple WLANs can share the same security policy so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy Motorola recommends naming the policy after the attributes of the authentication or encryption type selected 3 Select the WPA2 CCMP 802 11i checkbox NOTE A VPN tunnel must al...

Page 84: ...raffic will be alternatively rotated on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keys every 300 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 360...

Page 85: ...s of the external NTP syslog or Raidus resource is known as it must be supplied to the access point for the access point to properly access and communicate with the external resource To define the attributes of the VPN tunnel 1 Select Network Configuration WAN VPN from the access point menu tree 256 bit Key Enter 16 hexadecimal characters into each of the four fields displayed Pre Authentication S...

Page 86: ...r the VPN tunnel Tunnel Name Enter a name to define the VPN tunnel The tunnel name is used to uniquely identify each tunnel Interface Name Use the drop down menu to specify the LAN1 LAN2 or WAN connection used for routing VPN traffic Remember only one LAN connection can be active on the access point Ethernet port at a time Local WAN IP Enter the WAN s numerical non DNS IP address in order for the ...

Page 87: ...ttings on page 6 33 and Configuring IKE Key Settings on page 6 36 8 Click Apply to save the configuration of the new tunnel External NTP syslog and Radius resources are now reachable from the access point s secure VPN tunnel However you must supply the access point with the IP address of the NTP syslog or Radius server for the access point to connect to those external resources For information on ...

Page 88: ... the number of responses from the MU versus the number of ping packets transmitted by the access point Use the ratio of packets sent versus the number of packets received the link quality between the MU and the access point Click the OK button to exit the Echo Test screen and return to the MU Stats Summary screen NOTE Before testing for connectivity the target MU needs to be set to the same ESSID ...

Page 89: ...gurations and device firmware updates see Chapter 4 System Configuration on page 4 1 For detailed information on configuring access point LAN interface subnet and WAN interface see Chapter 5 Network Management on page 5 1 For detailed information on configuring specific encryption and authentication security schemes for individual access point WLANs see Chapter 6 Configuring Access Point Security ...

Page 90: ...AP 7131N FGR Access Point Product Reference Guide 3 22 ...

Page 91: ... Internet Explorer 5 0 or later or Netscape Navigator 6 0 or later To connect to the access point an IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1 The default password is motorola If connected to the access point using the LAN port the default setting is DHCP client The user is required to know the IP address to connect to the ...

Page 92: ...ings screen to specify the name and location of the access point assign an email address for the network administrator restore the AP s default configuration or restart the AP To configure System Settings for the access point 1 Select System Configuration System Settings from the access point menu tree CAUTION The access point s country of operation is set from within the System Settings screen If...

Page 93: ...n one of the radios is configured as a sensor and the WIPS functionality connects to the WIPS server The WIPS module only accepts names with up to 20 characters keep that if intending to use this AP as a sensor System Location Enter the location of the access point The System Location parameter acts as a reminder of where the AP can be found Use the System Name field as a specific identifier of de...

Page 94: ...rmation to determine if the access point is running the most recent firmware available from Motorola Use the Firmware Update screen to keep the AP s firmware up to date For more information see Updating Device Firmware on page 4 53 System Uptime Displays the current uptime of the access point defined in the System Name field System Uptime is the cumulative time since the access point was last rebo...

Page 95: ...lt Configuration Select the Restore Partial Default Configuration button to restore a default configuration with the exception of the current LAN WAN SNMP settings and IP address used to launch the browser If selected a message displays warning the user all current configuration settings will be lost with the exception of WAN and SNMP settings Before using this feature Motorola recommends using th...

Page 96: ...vailable and other status information One of the primary functions of the CPLD is to determine the access point s maximum power budget When the AP is powered on or performing a cold reset the CPLD determines the maximum power provided by the POE device and the budget available to the access point The CPLD also determines the access point hardware SKU and the number of radios If the access point s ...

Page 97: ...s power status is 3at and 27 watts when its power status is Full Power CAUTION The power modes described in the section are only obtainable using the 48 Volt Power Supply Part No 50 14000 247R designed for an AP 7131N FGR or using the single port Power Injector Part No AP PSBIAS 1P3 AFR NOTE Radio transmit power is not used as one of the factors to determine the available power budget If an extern...

Page 98: ...11 16 HT20 40 23 19 MCS4 MCS12 19 HT20 40 22 19 MCS5 MCS13 22 HT20 40 22 18 MCS6 MCS14 25 HT20 40 21 17 MCS7 MCS15 28 HT20 40 20 17 CAUTION Exceeding the limits listed below can cause damage to the access point or cause the radio to operate unpredictably Thus these values should be viewed as the safe limit for the access point s radio and should not be exceeded in either af or at mode Rates Mbps M...

Page 99: ...11 16 HT20 40 21 17 MCS4 MCS12 19 HT20 40 20 17 MCS5 MCS13 22 HT20 40 19 16 MCS6 MCS14 25 HT20 40 18 15 MCS7 MCS15 28 HT20 40 17 15 NOTE The access point could allow the operation of only one radio depending on the POE power level provided When only one radio is operational it is configured as either a WIPS or WLAN radio Consequently if the access point transitions from dual to single radio operat...

Page 100: ...ed on the different power resources available to that access point s SKU For 3af and 3at choose between Default and Option as best suited to that AP 7131N FGR hardware SKU For example if Option is selected for 3af Power and the access point is a dual radio model the following configuration is set LAN port ON 1000 BAST T WAN port OFF Radio 1 2 4 on 2x3 mode with maximum transmit power 18dBm Radio 2...

Page 101: ...he system determines the power budget available to the access point Using the Auto setting default setting the access point automatically determines the best power configuration based on the available power budget If 3af is selected the AP assumes 12 95 watts are available If the mode is changed the access point requires a reset to implement the change 3af Power If 3af is selected the AP is config...

Page 102: ...scussion of how an access point discovers a switch to creates a secure data tunnel for adaptive AP operation see Adaptive AP on page 10 1 NOTE AAP functionality is only supported on a Motorola WS5100 model switch running firmware version 3 1 or higher and a Motorola RFS7000 model switch running firmware version 1 1 or higher NOTE The Adaptive AP Setup screen does not display the AAP s adoption sta...

Page 103: ... Add a complete switch fully qualified domain name FQDN to add a switch to the 12 available switch IP addresses available for connection The access point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the access point fails to obtain an IP address using DHCP PSK Before the access point sends a packet requesting its mode and configuration the s...

Page 104: ...iscovery adoption process using DHCP first then a user provided domain name lastly using static IP addresses This setting is disabled by default When disabled the AP functions as a standalone access point without trying to adopt a switch Consequently the access point will not be able to obtain an AAP configuration For an overview of AAP and instructions on how to setup the AP and switch see Adapti...

Page 105: ...ic interfaces Use the Access screen checkboxes to enable or disable LAN1 LAN2 and or WAN access using the protocols and ports listed If access is disabled this effectively locks out the administrator from configuring the access point using that interface To avoid jeopardizing the network data managed by the access point Motorola recommends enabling only those interfaces used in the routine daily m...

Page 106: ...t HTTPS port 443 Select the LAN1 LAN2 and or WAN checkboxes to enable access to the access point configuration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI SSH2 port 22 Select the LAN1 LAN2 and or WAN checkboxes to enable access to the access point CLI using the SSH Secure Shell protocol SNMP port 161 Select the LAN1 LAN2 and or WAN checkboxes to enable access to the acc...

Page 107: ...ult is 0 and no messages will be sent to the client until a non zero value is set Defining a Keepalive interval is important otherwise programs running on a server may never notice if the other end of a connection is rebooted Local The access point verifies the authentication connection Radius Designates that a Radius server is used in the authentication credential verification If using this optio...

Page 108: ...password Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to create a text message Once displayed select the Enable Login Message checkbox to allow your customized message to be displayed when the user is logging into the access point If the checkbox is not selected as is the case by default the user will encount...

Page 109: ...he access point Access Point applet A prompt displays confirming the logout before the applet is closed 4 5 Managing Certificate Authority CA Certificates Certificate management includes the following sections Importing a CA Certificate Creating Self Certificates for Accessing the VPN 4 5 1 Importing a CA Certificate A certificate authority CA is a network authority that issues and manages securit...

Page 110: ... import a CA certificate 1 Select System Configuration Certificate Mgmt CA Certificates from the menu tree CAUTION Loaded and signed CA certificates will be lost when changing the access point s firmware version using either the GUI or CLI After a certificate has been successfully loaded export it to a secure location to ensure its availability after a firmware update If restoring the access point...

Page 111: ...ate ID within the View Imported root CA Certificates field to view the certificate issuer name subject and certificate expiration data 5 To delete a certificate select the Id from the drop down menu and click the Del button 4 5 2 Creating Self Certificates for Accessing the VPN The access point requires two kinds of certificates for accessing the VPN CA certificates and self certificates Self cert...

Page 112: ...he Add button to create the certificate request The Certificate Request screen displays 3 Complete the request form with the pertinent information Only 4 values are required the others optional CAUTION Self certificates can only be generated using the access point GUI and CLI interfaces No functionality exists for creating a self certificate using the access point s SNMP configuration option ...

Page 113: ...ertificates The name can be up to 7 characters in length Subject The required Subject value contains important information about the certificate Contact the CA signing the certificate to determine the content of the Subject parameter Signature Algorithm Use the drop down menu to select the signature algorithm used for the certificate Options include MD5 RSA Message Digest 5 algorithm in combinatio...

Page 114: ... CA paste the content of the request into the body of the message and send it to the CA The CA signs the certificate and will send it back Once received copy the content from the email into the clipboard 7 Click the Paste from clipboard button The content of the email displays in the window Click the Load Certificate button to import the certificate and make it available for use as a VPN authentic...

Page 115: ...ate a self certificate for on board Radius authentication 1 Select System Configuration Certificate Mgmt Self Certificates from the access point menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request form with the pertinent information NOTE If the access point is restarted after a certificate request has been generated b...

Page 116: ...enter the name of the Postal Zip Code where the access point using the certificate resides Country Code Optionally enter the access point s Country Code Email Enter a organizational email address avoid using a personal address if possible to associate the request with the proper requesting organization Domain Name Ensure the Domain name is the name of the CA Server This value must be set correctly...

Page 117: ...ced Certificate Requests screen select the Submit a certificate request using a base 64 encoded PKCS 10 file or a renewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen If you do not have administrative privileges ensure the Web Server option has been selected from the Ce...

Page 118: ...nfiguring SNMP Settings Simple Network Management Protocol SNMP facilitates the exchange of management information between network devices SNMP uses Management Information Bases MIBs to manage the device configuration and monitor Internet devices in potentially remote locations MIB information accessed via SNMP is defined by a set of managed objects called object identifiers OIDs An object identif...

Page 119: ...nel Configuration Symbol CC WS2000 MIB 2 0 QOS Configuration Symbol AP_MIB VPN Tunnel status Symbol CC WS2000 MIB 2 0 Radio Configuration Symbol AP_MIB Content Filtering Symbol CC WS2000 MIB 2 0 Bandwidth Management Symbol AP_MIB Rogue AP Detection Symbol CC WS2000 MIB 2 0 SNMP Trap Selection Symbol AP_MIB Firewall Configuration Symbol CC WS2000 MIB 2 0 SNMP RF Trap Thresholds Symbol AP_MIB LAN to...

Page 120: ...the SNMP Access screen to define SNMP v1 v2c community definitions and SNMP v3 user definitions SNMP version 1 v1 provides a strong network management system but its security is relatively weak The improvements in SNMP version 2c v2c do not include the attempted security enhancements of other version 2 protocols Instead SNMP v2c defaults to SNMP standard community strings for read only and read wr...

Page 121: ...remote device to modify settings Motorola recommends considering adding a community definition using a site appropriate name and access level Set up a read write definition at a minimum to facilitate full access by the access point administrator 2 Configure the SNMP v1 v2 Configuration field if SNMP v1 v2 is used to add or delete community definitions name the community specify the OID and define ...

Page 122: ... OID field uses numbers expressed in dot notation Access Use the Access pull down list to specify read only R access or read write RW access for the community Read only access allows a remote device to retrieve access point information while read write access allows a remote device to modify access point settings Add Click Add to create a new entry for an SNMP v3 user Delete Select Delete to remov...

Page 123: ...ter the same password on both pages Access Use the Access pull down list to specify read only R access or read write RW access for a user Read only access permits a user to retrieve access point information while read write access allows a user to modify access pointsettings SNMP Access Control Click the SNMP Access Control button to display the SNMP Access Control screen for specifying which user...

Page 124: ...es if necessary to undo any changes made Undo Changes reverts the settings displayed on the SNMP Access screen to the last saved configuration 8 Click Logout to securely exit the access point Access Point applet A prompt displays confirming the logout before the applet is closed For additional SNMP configuration information see Configuring SNMP Access Control Enabling SNMP Traps Configuring Specif...

Page 125: ...o limit by Internet Protocol IP address who can access the access point SNMP interface To configure SNMP user access control for the access point 1 Select System Configuration SNMP Access from the access point menu tree Click on the SNMP Access Control button from within the SNMP Access screen 2 Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access N...

Page 126: ... IP and End IP addresses numerical addresses only no DNS names supported to specify a range of user that can access the access point SNMP interface An SNMP capable client can be set up whereby only the administrator for example can use a read write community definition Use just the Starting IP Address column to specify a SNMP user Use both the Starting IP Address and Ending IP Address columns to s...

Page 127: ...lowing CAUTION Ensure IPSec has been properly configured to protect communications with the external SNMP server Changes will not be applied otherwise Add Click Add to create a new SNMP v1 v2c Trap Configuration entry Delete Click Delete to remove a selected SNMP v1 v2c Trap Configuration entry Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by t...

Page 128: ...lete Select Delete to remove an entry for an SNMP v3 user Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SNMP agent Port Specify a destination User Datagram Protocol UDP port for receiving traps Username Enter a username specific to the SNMP capable client receiving the traps Security Level Use the Security Level drop down me...

Page 129: ...v2c and v3 trap configurations function independently In a mixed SNMP environment traps can be sent using configurations for both SNMP v1 v2c and v3 To configure specific SNMP traps on the access point 1 Select System Configuration SNMP Access SNMP Traps from the menu tree Passwords Select Passwords to display the Password Settings screen for specifying authentication and password settings for an ...

Page 130: ...U unassociated Generates a trap when an MU becomes unassociated with or gets dropped from one of the access point s WLANs MU denied association Generates a trap when an MU is denied association to a access point WLAN Can be caused when the maximum number of MUs for a WLAN is exceeded or when an MU violates the access point s Access Control List ACL MU denied authentication Generates a trap when an...

Page 131: ...ent functions or data due to an Access Control List ACL violation This can result from a missing incorrect IP address entered within the SNMP Access Control screen Physical port status change Generates a trap whenever the status changes on the access point The physical port status changes when a link is lost between the access point and a connected device DynDNS Update Generates a trap whenever do...

Page 132: ...yed for the access point WLAN selected radio and the associated MU To configure specific SNMP RF Traps on the access point 1 Select System Configuration SNMP Access SNMP RF Trap Thresholds from the menu tree Rogue AP Detection Generates a trap if a Rogue AP is detected by the access point AP Radar Detection Generates a trap if an AP is detected using a form of radar detection WPA Counter Measure G...

Page 133: ...yptable are not access point statistics Pkts s Enter a maximum threshold for the total throughput in Pps Packets per second Throughput Set a maximum threshold for the total throughput in Mbps Megabits per second Average Bit Speed Enter a minimum threshold for the average bit speed in Mbps Megabits per second Average Signal Enter a minimum threshold for the average signal strength in dBm for each d...

Page 134: ...on The access point an NTP client periodically synchronizes its clock with a master clock an NTP server For example the access point resets its clock to 07 04 59 upon reading a time of 07 04 59 from its designated NTP server Average Retries Set a maximum threshold for the average number of retries for each device Dropped Enter a maximum threshold for the total percentage of packets dropped for eac...

Page 135: ...de the access point the correct time or the correct time is manually set the access point displays 1970 01 01 00 00 00 as the default time CAUTION If using the Radius time based authentication feature to authenticate access point user permissions ensure UTC has been selected from the Date and Time Settings screen s Time Zone field If UTC is not selected time based authentication will not work prop...

Page 136: ...nd date advancing 3 Select the Set Date Time button to display the Manual Date Time Setting screen This screen enables the user to manually enter the access point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be viewed as a second means to define the access point system time 4 If using the Manual Dat...

Page 137: ...hentication will not work properly For information on configuring Radius time based authentication see Defining User Access Permissions by Group on page 6 67 EnableNTPonaccess point Select the Enable NTP on access point checkbox to allow a connection between the access point and one or more specified NTP servers A preferred first alternate and second alternate NTP server cannot be defined unless t...

Page 138: ...nfiguration screen to set the desired logging level standard syslog levels and view or save the current access point system log To configure event logging for the access point 1 Select System Configuration Logging Configuration from the access point menu tree 2 Configure the Log Options field to save event logs set the log level and optionally port the access point s log to an external server CAUT...

Page 139: ... access point While the AP is in operation log data temporarily resides in memory AP memory is completely cleared each time the AP reboots Logging Level Use the Logging Level drop down menu to select the desired log level for tracking system events Eight logging levels 0 to 7 are available Log Level 6 Info is the access point default log level These are the standard UNIX LINUX syslog levels The le...

Page 140: ...y the imported file Therefore the imported configuration is not a merge with the configuration of the target access point The exported file can be edited with any document editor if necessary The export function will always export the encrypted Admin User password The import function will import the Admin Password only if the access point is set to factory default If the access point is not config...

Page 141: ...menu tree 2 Configure the SFTP Import Export field to import export configuration settings CAUTION Motorola discourages importing a 1 0 baseline configuration file to a 1 1 version access point Similarly a 1 1 baseline configuration file should not be imported to a 1 0 version access point Importing configuration files between different versions results in broken configurations since new features ...

Page 142: ...ation button to export the configuration file from the server with the assigned filename and login information If the IP mode is set to DHCP Client IP address information is not exported true for both LAN1 LAN2 and the WAN port For LAN1 and LAN2 IP address information is only exported when the IP mode is set to either static or DHCP Server For the WAN port IP address information is only exported w...

Page 143: ...ss point and the firmware file located on the server The configuration file is automatically updated when the configuration file name on the server is different than the name of the file previously loaded on the access point or when the file version on the server is different than the version currently in use on the access point Additionally the configuration version can be manually changed in the...

Page 144: ...ower version the access point automatically reverts to default settings of the lower version regardless of whether you are downloading the firmware manually or using the automatic download feature The automatic feature allows the user to download the configuration file at the same time but since the firmware reverts to the default settings of the lower version the configuration file is ignored CAU...

Page 145: ...vailable after the firmware is updated Refer to Importing Exporting Configurations on page 4 50 for instructions on exporting the access point s current configuration to have it available after the firmware is updated 2 Select System Configuration Firmware Update from the access point menu tree CAUTION Make sure a copy of the access point s configuration is exported before updating the firmware ...

Page 146: ...s point 9 Click Apply to save the filename and filepath information entered into the Firmware Update screen The Apply button does not execute the firmware only saves the update settings entered 10 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on Firmware Update screen to the last saved configuration CAUTION If using a Linux server configured t...

Page 147: ...System Configuration 4 57 11 Click Logout to securely exit the access point Access Point applet A prompt displays confirming the logout before the applet is closed ...

Page 148: ...AP 7131N FGR Access Point Product Reference Guide 4 58 ...

Page 149: ... LANs WLANs Configuring Router Settings Configuring IP Filtering 5 1 Configuring the LAN Interface The AP 7131N FGR has one physical LAN port supporting two unique LAN interfaces The AP 7131N FGR LAN port has its own MAC address The LAN port MAC address is always the value of the access point WAN port MAC address plus 1 The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats...

Page 150: ... names define which LAN is currently active on the access point Ethernet port and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval To configure the access point LAN interface 1 Select Network Configuration LAN from the access point menu tree 2 Configure the LAN Settings field to enable the access point LAN1 and or LAN2 interface assign a...

Page 151: ...led by default LAN Name Use the LAN Name field to modify the existing LAN name LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port radio buttons allow you to select one of the two available LANs as the LAN actively transmitting over the access point s LAN port Both LANs can be active at any given time but only one can transmit over th...

Page 152: ...electing Auto Negotiate disables the Mbps and duplex checkbox options 1000 Mbps Select this option to establish a 1000 Mbps data transfer rate for the selected half duplex or full duplex transmission over the access point s LAN port This option is not available if Auto Negotiation is selected 100 Mbps Select this option to establish a 100 Mbps data transfer rate for the selected half duplex or ful...

Page 153: ...point An administrator can map 16 WLANs to 16 VLANs and enable or disable dynamic VLAN assignment VLANs enable organizations to share network resources in various network segments within large areas airports shopping malls etc A VLAN is a group of clients with a common set of requirements independent of their physical location VLANs have the same attributes as physical LANs but they enable system ...

Page 154: ...assigned to it If it is not in the database it simply uses a default VLAN assignment The VLAN assignment is sent to the access point The access point then maps the target WLAN for the assigned VLAN and traffic passes normally allowing for the completion of the DHCP request and further traffic To create new VLANs or edit the properties of an existing VLAN 1 Select Network Configuration LAN from the...

Page 155: ...f 1 and a default VLAN ID of 1 display The VLAN name is auto generated once the user assigns a VLAN ID However the user has the option of re assigning a name to the VLAN using New VLAN and Edit VLAN screens To create a new VLAN click the Add button to edit the properties of an existing VLAN click the Edit button ...

Page 156: ...ivity but it requires VLAN numbering be managed carefully to avoid conflicts between two VLANs with the same ID 5 Define a 32 character maximum VLAN Name Enter a unique name that identifies members of the VLAN Motorola recommends selecting the name carefully as the VLAN name should signify a group of clients with a common set of requirements independent of their physical location 6 Click Apply to ...

Page 157: ... separate server as a VMPS server When a frame arrives on the access point it queries the VMPS for the VLAN assignment based on the source MAC address of the arriving frame If statically mapping VLANs leave the Dynamic checkbox specific to the target WLAN and its intended VLAN unselected The administrator is then required to configure VLAN memberships manually The Dynamic checkbox is enabled only ...

Page 158: ...e information see Setting the Type Filter Configuration on page 5 15 To configure unique settings for either LAN1 or LAN2 1 Select Network Configuration LAN LAN1 or LAN2 from the access point menu tree 2 Configure the DHCP Configuration field to define the DHCP settings used for the LAN NOTE When setting the LAN interface to be a DHCP Server and adding an IP address the primary DNS IP address migh...

Page 159: ...rmation via this LAN1 or LAN2 connection When selected only BOOTP responses are accepted by the access point If both DHCP and BOOTP services are required do not select BOOTP Client This interface uses static IP Address Select the This interface uses static IP Address button and manually enter static network address information in the areas provided This interface is a DHCP Server The access point ...

Page 160: ... DNS numerical non DNS name IP address Secondary DNS Server Motorola recommends entering the numerical IP address of an additional DNS server if available used if the primary DNS server goes down A maximum of two DNS servers can be used WINS Server Enter the numerical non DNS name IP address of the WINS server WINS is a Microsoft NetBIOS name server Using a WINS server eliminates the broadcasts ne...

Page 161: ...server can grant an IP address for as long as it remains in active use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more computers than available IP addresses This is useful for example in education and customer environments where MU users change frequently...

Page 162: ... create a new table entry within the Reserved Clients field If a statically mapped IP address is within the IP address range in use by the DHCP server that IP address may still be assigned to another client To avoid this ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHCP server If multiple entries exist within the Reserved Clients field use the scrol...

Page 163: ...nt in order to improve throughput These include certain broadcast frames from devices that consume bandwidth but are unnecessary to access point operations Use the Ethernet Type Filter Configuration screen to build a list of filter types and configure them as either allowed or denied for use with the this particular LAN To configure type filtering on the access point 1 Select Network Configuration...

Page 164: ...op down menu to designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this screen to add one type filter option at a time for a list of up to 16 entries ...

Page 165: ...s to the screens being lost 6 Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes 7 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 5 2 Configuring WAN Settings A Wide Area Network WAN is a widely dispersed telecommunications network The AP 7131N FGR includes o...

Page 166: ...d not both be configured as DHCP clients Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the access point and a larger network or outside world through the WAN port Disable this option to effectively isolate the access point s WAN No connections to a larger network or the Internet are possible MUs cannot communicate beyond the LAN By default the WAN por...

Page 167: ...s a series of four numbers expressed in dot notation for example 190 188 12 1 Subnet Mask Specify a subnet mask for the access point s WAN connection This number is available from the ISP for a DSL or cable modem connection or from an administrator if the access point connects to a larger network A subnet mask uses a series of four numbers expressed in dot notation similar to an IP address For exa...

Page 168: ...k address information displayed within the WAN IP Configuration field Auto Negotiation Select the Auto Negotiation checkbox to enable the access point to automatically exchange information over its WAN port about data transmission speed and duplex capabilities Auto negotiation is helpful when using the access point in an environment where different devices are connected and disconnected on a regul...

Page 169: ... incorrectly carry over previously configured static IP information and maintain two connected routes once it gets an IP address from a PPPOE connection Enable Use the checkbox to enable Point to Point over Ethernet PPPoE for a high speed connection that supports this protocol Most DSL providers are currently using or deploying this protocol PPPoE is a data link protocol for dialup connections PPP...

Page 170: ...ains active after outbound and inbound traffic is not detected The Idle Time field is grayed out if Keep Alive is enabled Authentication Type Use the Authentication Type menu to specify the authentication protocol s for the WAN connection Choices include None PAP or CHAP PAP or CHAP Password Authentication Protocol PAP and Challenge Handshake Authentication Protocol CHAP are competing identify ver...

Page 171: ...use it allows the authentication of incoming and outgoing requests and minimizes the number of WAN IP addresses needed when a range of local IP addresses is mapped to each WAN IP address NAT can be applied in one of two ways One to one mapping with a private side IP address The private side IP address can belong to any of the private side subnets One to many mapping with a configurable range of pr...

Page 172: ...pe as 1 to 1 to map a WAN IP address to a single host local IP address 1 to 1 mapping is useful when users need dedicated addresses and for public facing servers connected to the access point Set the NAT Type as 1 to Many to map a WAN IP address to multiple local IP addresses This displays the mappings button in the adjacent Outbound Mappings field This button displays a screen for mapping the LAN...

Page 173: ...ny from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area Outbound Mappings When 1 to 1 NAT is selected a single IP address can be entered in the Outbound Mappings area This address provides a 1 to 1 mapping of the WAN IP address to the specified IP address When 1 to Many is selected as the NAT Type the Outbound Mappings area displays a 1 to Many Ma...

Page 174: ...orwarded The name can be any alphanumeric string and is used for identification of the service Transport Use the Transport pull down menu to specify the transport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter the port number in the Start Port area To sp...

Page 175: ...ervice and traffic for the specified domain s is routed to the new IP address To configure dynamic DNS for the access point 1 Select Network Configuration WAN DynDNS from the access point menu tree IP Address Enter the numerical non DNS name IP address to which the specified service is forwarded This address must be within the specified NAT range for the associated WAN IP address Translation Port ...

Page 176: ...ion to be updated 3 Enter the DynDNS Username for the account you wish to use for the access point 4 Enter the DynDNS Password for the account you wish to use for the access point 5 Provide the Hostname for the DynDNS account you wish to use for the access point 6 Click the Update DynDNS button to update the access point s current WAN IP address with the DynDNS service NOTE The username password a...

Page 177: ...m that flexibly extends the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable Within the WLAN roaming users can be handed off from one access point to another like a cellular phone system WLANs can therefore be configured around the needs of specific groups of users even when they are not in physical proximity Use the acc...

Page 178: ... radio designation VLAN ID and security policy of existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individual WLANs on page 5 32 to change the name of a WLAN ESSID Displays the Extended Services Set Identification ESSID associated with each WLAN The ESSID can...

Page 179: ...ly exit the Access Point applet A prompt displays confirming the logout before the applet is closed Radio The Radio field displays the name of the access point radio the WLAN is mapped to either the 802 11a n radio or the 802 11b g n radio To change the radio designation for a specific WLAN see Creating Editing Individual WLANs on page 5 32 VLAN The VLAN field displays the specific VLAN the target...

Page 180: ...WLAN or edit the properties of an existing WLAN 1 Select Network Configuration Wireless from the access point menu tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlight a WLAN and click the Edit button to modify an existing WLAN Either the New WLAN or Edit WLAN screen displays NOTE Before editing the properties of an existing WLAN ensure it ...

Page 181: ...ation field as required for the WLAN CAUTION When using the access point s hotspot functionality ensure MUs are re authenticated when changes are made to the characteristics of a hotspot enabled WLAN as MUs within the WLAN will be dropped from device association ...

Page 182: ...cess point is to be configured as a base bridge or repeater base and client bridge on the radio If the radio for the WLAN is to be defined as a client bridge only the Available On checkbox should not be selected For more information on defining a WLAN for mesh support see Configuring a WLAN for Mesh Networking Support on page 9 9 Max MUs Use the Max MUs field to define the number of MUs permitted ...

Page 183: ...a screen wherein the parameters of the hotspot can be defined For information on configuring a target WLAN for hotspot support see Configuring WLAN Hotspot Support on page 5 48 For an overview of what a hotspot is and what it can provide your wireless network see Hotspot Support on page 1 20 CAUTION A WLAN cannot be enabled for both mesh and hotspot support at the same time Only one of these two o...

Page 184: ...ss point is currently using Sites with heightened security requirements may want to leave the checkbox unselected and configure each MU with an ESSID The default is selected enable Rate Limiting Select this checkbox to set MU rate limiting values for this WLAN in both the upstream and downstream direction Once selected two fields display enabling you to set MU radio bandwidth for each associated M...

Page 185: ...icy can be used by more than one WLAN if its logical to do so For example there may be two or more WLANs within close proximity of each other requiring the same data protection scheme To create a new security policy or modify an existing policy 1 Select Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears with existing policies and their...

Page 186: ...31N FGR model access points and how to configure them see to Configuring Security Options on page 6 2 2 Click Logout to exit the Security Configuration screen 5 3 1 2 Configuring a WLAN Access Control List ACL An Access Control List ACL affords a system administrator the ability to grant or restrict MU access by specifying a MU MAC address or range of MAC addresses to either include or exclude fro...

Page 187: ...requirements of the particular WLANs they may map to However be careful not to name policies after specific WLANs as individual ACL policies can be used by more than one WLAN For detailed information on assigning ACL policies to specific WLANs see Creating Editing Individual WLANs on page 5 32 To create or edit ACL policies for WLANs 1 Select Network Configuration Wireless MU ACL from the access p...

Page 188: ...int Product Reference Guide 5 40 2 Click the Create button to configure a new ACL policy or select a policy and click the Edit button to modify an existing ACL policy The access point supports a maximum of 16 MU ACL policies ...

Page 189: ...cess Control List field to allow or deny MU access to the access point The MU adoption list identifies MUs by their MAC address The MAC address is the MU s unique Media Access Control number printed on the device for example 00 09 5B 45 9B 07 by the manufacturer A maximum of 200 MU MAC addresses can be added to the New Edit MU ACL Policy screen Access for the listed Mobile Units Use the drop down ...

Page 190: ...to define the QoS policies for advanced network traffic management and multimedia applications support If the existing QoS policies are insufficient a new policy can be created or an existing policy can be modified using the New QoS Policy or Edit QoS Policy screens Once new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based o...

Page 191: ...d click the Edit button to modify an existing QoS policy The access point supports a maximum of 16 QoS policies NOTE When the access point is first launched a single QoS policy default is available and mapped to WLAN 1 It is anticipated additional QoS policies will be created as the list of WLANs grows ...

Page 192: ...prioritization Certain products may not receive priority over other voice or data traffic Consequently ensure the Support Voice Prioritization checkbox is selected if using products that do not support Wi Fi Multimedia WMM to provide preferred queuing for these VOIP products If the Support Voice Prioritization checkbox is selected the access point will detect non WMM capable legacy phones that con...

Page 193: ...n this WLAN Only advanced users should manually configure the Access Categories as setting them inappropriately could negatively impact the access point s performance 11ag wifi Use this setting for high end multimedia devices that using the high rate 802 11a or 802 11g radio 11b wifi Use this setting for high end devices multimedia devices that use the 802 11b radio 11ag default Use this setting f...

Page 194: ...eo traffic includes music streaming and application traffic requiring priority over all other types of network traffic Voice Voice traffic includes VoIP traffic and typically receives priority over Background and Best Effort traffic CW Min The contention window minimum value is the least amount of time the MU waits before transmitting when there is no other data traffic on the network The longer t...

Page 195: ...c stream is detected The MU then buffers frames from the voice traffic stream and sends a VoIP frame with an implicit poll request to its associated access point The access point responds to the poll request with buffered VoIP stream frame s When a voice enabled MU wakes up at a designated VoIP frame interval it sends a VoIP frame with an implicit poll request to its associated access point The ac...

Page 196: ...ied by the Hotspot provider User authentication Authenticates users using a Radius server Walled garden support Enables a list of IP address not domain names accessed without authentication Billing system integration Sends accounting records to a Radius accounting server To configure hotspot functionality for an access point WLAN 1 Ensure the Enable Hotspot checkbox is selected from within the tar...

Page 197: ...n field to specify how the Login Welcome and Fail pages are maintained for this specific WLAN The pages can be hosted locally or remotely Use Default Files Select the Use Default Files checkbox if the login welcome and fail pages reside on the access point ...

Page 198: ...users to access the login welcome and fail pages To create a redirected page you need to have a TCP termination locally On receiving the user credentials from the login page the access point connects to a radius server determines the identity of the connected wireless user and allows the user to access the Internet based on successful authentication NOTE If an external URL is used the external Web...

Page 199: ... be entered in the White List Enable Accounting Select the Enable Accounting checkbox to enable a Radius Accounting Server used for Radius authentication for a target hotspot user Server Address Specify an IP address for the external Radius Accounting server used to provide Radius accounting for the hotspot If using this option an internal Radius server cannot be used The IP address of the interna...

Page 200: ... server is to be used for the primary server Pri Server IP Define the IP address of the primary Radius server This is the address of your first choice for Radius server Pri Port Enter the TCP IP port number for the server acting as the primary Radius server The default port is 1812 Pri Secret Enter the shared secret password used with the primary Radius Server Sec Server IP Define the IP address o...

Page 201: ...signed so the submit action always posts the login data on the access point To define the White List for a target WLAN 1 Click the White List Entries button from within the WLAN s Hotspot Config screen 2 Click the Add button to define an IP address for an allowed destination IP address 3 Select a White List entry and click the Del button to remove the address from the White List 4 Click OK to retu...

Page 202: ...ection to disconnect Wireless Sniffing All received frames are reported to the WIPS server This feature provides the WIPS server with visibility into the activity on the wireless network The WIPS server processes the received traffic and provides the IT administrator with useful information about the 802 11 RF activities in the enterprise Spectrum Analysis The data needed to provide the current RF...

Page 203: ...evice which automatically limits the data to the specific device your choose The Radio Configuration screen displays with tabs for each access point radio Verify tabs are selected and configured separately to enable the radio s and optionally set their mesh network definitions To set the access point radio configuration 1 Select Network Configuration Wireless Radio Configuration from the access po...

Page 204: ...s 12 with 24 representing the maximum for dual radio models Once the settings within the Radio Configuration screen are applied for an initial deployment the current number of client bridge connections for this specific radio displays NOTE This section describes mesh networking setting the radio s base and client bridge configuration at a high level For a detailed overview on the theory of mesh ne...

Page 205: ...h network these values update in real time 6 Click the Advanced button to define a prioritized list of access points to define Mesh Connection links For a detailed overview on mesh networking and how to configure the radio for mesh networking support see Configuring Mesh Networking Support on page 9 6 7 With dual radio model AP 7131N FGR access points refer to the Mesh Timeout drop down menu to de...

Page 206: ...econd radio as soon as the first mesh connection is established However if the client bridge radio loses its uplink connection the second radio shuts down immediately Uplink detect is the recommended setting within a multi hop mesh network Enabled If the mesh connection is down on one radio radio 1 the other radio radio 2 is brought down and stops beaconing after the timeout period 45 65535 second...

Page 207: ... the Radio Configuration menu item Use the radio configuration screen to set the radio s placement properties define the radio s threshold and QoS settings set the radio s channel and antenna settings and define beacon and DTIM intervals To configure the access point s 802 11a n or 802 11b g n radio 1 Select Network Configuration Wireless Radio Configuration Radio1 default name from the access poi...

Page 208: ...es has a unique hardware encoded Media Access Control MAC or IEEE address MAC addresses determine the device sending or receiving data A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons For example 00 A0 F8 24 9A C8 For additional information on access point MAC address assignments see MAC Address Assignment on page 1 28 Radio Type The Radio Type parameter simply...

Page 209: ... legacy clients or transmits in the 2 4 Ghz band for 802 11g n clients Selecting b and g enables the access point to transmit to both b and g clients if legacy clients 802 11b partially comprise the network Select accordingly based on the MU requirements of the network The rates for the access point s 2 4 GHz radio are as follows B G and N Allows only basic rates default setting B and G Allows 11b...

Page 210: ...election The following channel selection options exist User Selected This is the default setting If 20 40 MHz is selected as the Channel Width supporting 11n the Secondary Channel drop down menu becomes enabled The user must define the primary channel first Then depending on the primary channel defined the secondary channel list is filled with channels making the combination of primary and seconda...

Page 211: ...nal supported rates Enable the Support Short Guard Interval checkbox to set a guard interval for interference protection for 20 MHz and 40 MHz channel widths When enabled the AP s radio defines values to enable a packet to be transmitted with guard interval based on the configuration and capabilities of associated clients Clients can associate to an access point regardless of whether they support ...

Page 212: ...AP 7131N FGR Access Point Product Reference Guide 5 64 4 Configure the Performance field to set the preamble thresholds values and QoS values for the radio ...

Page 213: ... parameters for the radio Do not confuse with the QoS configuration screen used for a WLAN The Set RF QoS screen initially appears with default values displayed Select manual from the Select Parameter set drop down menu to edit the CW min and CW max contention window AIFSN Arbitrary Inter Frame Space Number and TXOPs Time for each Access Category These are the QoS policies for the 802 11a n or 802...

Page 214: ...SDU packets are transmitted by the access point Select the Enable Transmit A MPDU checkbox within the A MPDU Aggregation field to allow the aggregation of MAC Protocol frames When enabled long frames can be both sent and received up to 64 KB When enabled define an A MPDU Transmit Size Limit default is 2 bytes A MPDU Receive Size Limit default is 65535 bytes and an A MPDU Minimum Spacing Time defau...

Page 215: ...The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines how often broadcast frames are delivered for each of the four access point BSSIDs If a system has an abundance of broadcast traffic and it needs to be delivered quickly Motorola recommends decreasing the DTIM interval for that specific BSSID However decreasing the DTIM in...

Page 216: ...ID assignment Primary WLANs can Enable QBSS load element When enabled the access point communicates channel usage data to associated devices using an interval you define The QBSS load represents the percentage of time the channel is in use by the access point and the access point s MU count This information is helpful in assessing the access point s overall load on a channel its availability for a...

Page 217: ...being lost 10 Click Undo Changes if necessary to undo any changes made to the screen and its sub screens Undo Changes reverts the settings to the last saved configuration NOTE When using a AP 7131N FGR dual radio access point 4 BSSIDs for the 802 11b g n radio and 4 BSSIDs for the 802 11a n radio are available WLAN Lists the WLAN names available to the 802 11a n or 802 11b g n radio that can be as...

Page 218: ...e MU rate limit allotted to individual WLANs MU rate limiting enables an administrator to determine how much radio bandwidth is allowed to each MU within any one of the 16 supported AP WLANs To define MU rate limits for specific WLANs on an access point radio 1 Select Network Configuration Wireless Rate Limit from the access point menu tree 2 Select the enable Rate Limiting option to globally enab...

Page 219: ...layed on the Bandwidth Management screen to the last saved configuration 6 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 5 4 Configuring Router Settings The access point router uses routing tables and protocols to forward data packets from one network to another The access point router manages traffic within the network an...

Page 220: ... subnet mask or network mask and gateway settings are those belonging to each subnet Displayed interfaces are those associated with destination IP addresses To change any of the network address information within the WAN screen see Configuring WAN Settings on page 5 17 3 From the Use Default Gateway drop down menu select the WAN or either of the two LANs if enabled to server as the default gateway...

Page 221: ...ate a new table entry b Highlight an entry and click the Del delete button to remove an entry c Specify the destination IP address subnet mask and gateway information for the internal static route d Select an enabled subnet from the Interface s column s drop down menu to complete the table entry Information in the Metric column is a user defined value from 1 to 65535 used by router protocols to de...

Page 222: ...nt manages a private LAN RIP v1 RIP version 1 is a mature stable and widely supported protocol It is well suited for use in stub networks and in small autonomous systems that do not have enough redundant paths to warrant the overhead of a more sophisticated protocol RIP v2 v1 compat RIP version 2 compatible with version 1 is an extension of RIP v1 s capabilities but it is still compatible with RIP...

Page 223: ...N or LAN firewall Select Yes to acknowledge the risk and continue or No to return to the Router screen None This option disables the RIP authentication Simple This option enable RIP version 2 s simple authentication mechanism This setting activates the Password Simple Authentication field MD5 This option enables the MD5 algorithm for data verification MD5 takes as input a message of arbitrary leng...

Page 224: ...GUI or CLI filtering rules can be enforced on the access point s LAN1 or LAN2 interfaces and within any of the 16 access point WLANs An additional default action is also available denying traffic when filter rules fail Lastly imported and exported configurations retain their defined IP filtering configurations IP filtering is a network layer facility The IP filtering mechanism does not know anythi...

Page 225: ...cy apply it to an interface in either an incoming or outgoing direction Traffic entering the access point s LAN1 LAN2 or WLAN 1 16 from a client is classified as Incoming traffic Traffic leaving the access point s LAN1 LAN2 or WLAN 1 16 in route to a client is classified as Outgoing traffic To filter packets to better segregate desired versus undesired data traffic 1 Select Network Configuration I...

Page 226: ...ange either allowed or denied permission to the target LAN1 LAN2 or WLAN Port End Defines the socket number or port number representing the ending protocol port range either allowed or denied permission to the target LAN1 LAN2 or WLAN Src Start Creates a range beginning source IP address to be either allowed or denied IP packet forwarding The source address is where the packet originated Setting t...

Page 227: ...n a Select Network Configuration LAN LAN1 or LAN2 from the access point menu tree b Select the Enable IP Filtering button in the lower right hand side of the screen c Select the IP Filtering button From the Wireless screen a Select Network Configuration Wireless from the access point menu tree b Click the Create button to apply the filter to a new WLAN or highlight an existing WLAN and click the E...

Page 228: ...orwarded as the default deny settings have precedence 2 Use the Filter name drop menu to select an existing filter 3 Set the Direction as Incoming or Outgoing as required 4 Apply an Action of Allow or Deny to permit or restrict the rules of this filter in the direction selected 5 Select Add to apply the filter s and their rules and permissions to the LAN or WLAN 6 Click OK add the IP filter to the...

Page 229: ...access point Sixteen separate ESSIDs WLANs can be supported on an access point and must be managed if necessary between the 802 11a n and 802 11b g n radio The user has the capability of configuring separate security policies for each WLAN Each security policy can be configured based on the authentication 802 1x EAP or encryption WPA2 CCMP scheme best suited to the coverage area that security poli...

Page 230: ...e 6 14 To create VPN tunnels allowing traffic to route securely through a IPSEC tunnel to a private network see Configuring VPN Tunnels on page 6 23 To configure the access point to block transmissions with devices detected as Rogue AP s hostile devices see Configuring Rogue AP Detection on page 6 44 6 2 Setting Passwords Before setting the access point security parameters verify an administrative...

Page 231: ...s required to know the IP address to connect to the access point using a Web browser The access point Login screen displays 4 Log in using the admin as the default Username and motorola as the default Password If the default login is successful the Change Admin Password window displays Change the default login and password to significantly decrease the likelihood of hacking NOTE For optimum compat...

Page 232: ...n the event of a password reset requirement go to http www symbol com contactsupport 6 3 Enabling Authentication and Encryption Schemes To complement the built in firewall filters on the WAN side of the access point the WLAN side of the access point supports authentication and encryption schemes Authentication is a challenge response procedure for validating user credentials such as username passw...

Page 233: ...e a logical security policy name Remember multiple WLANs can share the same security policy so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy Motorola recommends naming the policy after the attributes of the authentication or encryption type selected 4 Enable and configure an Authentication option if necessary for the target security policy C...

Page 234: ...both wired and wireless LAN applications The EAP process begins when an unauthenticated supplicant client device tries to connect with an authenticator in this case the authentication server The access point passes EAP packets from the client to an authentication server on the wired side of the access point All other packet types are blocked until the authentication server typically a Radius serve...

Page 235: ...o authentication or encryption options selected 3 Select the 802 1x EAP radio button The 802 1x EAP Settings field displays within the New Security Policy screen 4 Ensure the Name of the security policy entered suits the intended configuration or function of the policy 5 If using the access point s Internal Radius server leave the Radius Server drop down menu in the default setting of Internal If ...

Page 236: ...the numerical non DNS IP address of a primary Remote Dial In User Service Radius server Optionally specify the IP address of a secondary server The secondary server acts as a failover server if the primary server cannot be contacted An ISP or a network administrator provides these addresses Radius is a client server protocol and software enabling remote access clients to communicate with a server ...

Page 237: ...er drop down menu RADIUS Shared Secret Specify a shared secret for authentication on the Internal or Primary Radius server External Radius Server only The shared secret is required to match the shared secret on the Radius server Optionally specify a shared secret for a secondary failover server Use shared secrets to verify Radius messages with the exception of the Access Request message sent by a ...

Page 238: ...rver MU Timeout Specify the time in seconds for the access point s retransmission of EAP Request packets The default is 10 seconds If this time is exceeded the authentication session is terminated Retries Specify the number of retries for the MU to retransmit a missed frame to the Radius server before it times out of the authentication session The default is 2 retries Enable Syslog Select the Enab...

Page 239: ... the recommended values Do not change these values unless consulted otherwise by an administrator MU Quiet Period 1 65535 secs Specify an idle time in seconds between MU authentication attempts as required by the authentication server The default is 10 seconds MU Timeout 1 255 secs Define the time in seconds for the access point s retransmission of EAP Request packets The default is 10 seconds MU ...

Page 240: ...256 bit block of data The end result is an encryption scheme as secure as any the access point provides To configure WPA2 CCMP on the AP 7131N FGR 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting WPA2 CCMP exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by...

Page 241: ...d on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keys every 300 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 3600 seconds for tighter broadcast tra...

Page 242: ...ngs The access point s firewall is a set of related programs located in the gateway on the WAN side of the access point The firewall uses a collection of filters to screen information packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable 256 bit Key Enter 16 hexadecimal characters into each of the four fields displayed Pre Aut...

Page 243: ...ryption parameters To configure the access point firewall settings 1 Select Network Configuration Firewall from the access point menu tree 2 Refer to the Global Firewall Disable field to enable or disable the access point firewall Disable Firewall Select the Disable Firewall checkbox to disable all firewall functions on the access point This includes firewall filters NAT VP content filtering and s...

Page 244: ...ce routing attack specifies an exact route for a packet s travel through a network while exploiting the use of an intermediate host to gain access to a private host Winnuke Attack Check A Win nuking attack uses the IP address of a destination host to send junk packets to its receiving port FTP Bounce Attack Check An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary po...

Page 245: ...onging to those interfaces by creating access policies To configure access point subnet access 1 Select Network Configuration Firewall Subnet Access from the access point menu tree 2 Refer to the Overview field to view rectangles representing subnet associations The three possible colors indicate the current access level as defined for each subnet association Color Access Type Description Green Fu...

Page 246: ...llow or Deny all protocols except Use the drop down menu to select either Allow or Deny The selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the table For example if the adoption rule is to Deny access to all protocols except those listed access is allowed only to those selected protocols ...

Page 247: ... TCP port 21 SMTP Simple Mail Transfer Protocol is a TCP IP protocol for sending and receiving email Due to its limited ability to queue messages at the receiving end SMTP is often used with POP3 or IMAP SMTP sends the email and POP3 or IMAP receives the email SMTP uses TCP port 25 POP Post Office Protocol is a TCP IP protocol intended to permit a workstation to dynamically access a maildrop on a ...

Page 248: ...p of Internet Protocol IP networks Unlike TCP IP UDP IP provides few error recovery services UDP offers a way to directly connect and then send and receive datagrams over an IP network ICMP Internet Control Message Protocol is tightly integrated with IP ICMP messages are used for out of band messages related to network operation ICMP packet delivery is unreliable Hosts cannot count on receiving IC...

Page 249: ...works across an Internet using globally assigned IP addresses 6 6 2 Configuring Advanced Subnet Access Use the Advanced Subnet Access screen to configure complex access rules and filtering based on source port destination port and transport protocol To enable advanced subnet access the subnet access rules must be overridden However the Advanced Subnet Access screen allows you to import existing su...

Page 250: ...eration cannot be undone Inbound or Outbound Select Inbound or Outbound from the drop down menu to specify if a firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface Add Click the Add button to insert a new rule at the bottom of the table Click on a row to display a new window with configuration options for that field Insert Click the Insert button t...

Page 251: ...IP range defines the origin address or address range for the firewall rule To configure the Source IP range click on the field A new window displays for entering the IP address and range Destination IP The Destination IP range determines the target address or address range for the firewall rule To configure the Destination IP range click on the field A new window displays for entering the IP addre...

Page 252: ... VPN tunnel select it from the list in the VPN Tunnels field The selected tunnel s configuration displays in a VPN Tunnel Config field To configure a VPN tunnel on the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels list tunnel network address information and display key excha...

Page 253: ...emote Subnet column lists the remote subnet for each tunnel The remote subnet is the subnet the remote network uses for connection Remote Gateway The Remote Gateway column lists a remote gateway IP address for each tunnel The numeric remote gateway is the gateway IP address on the remote network the VPN tunnel connects to Ensure the address is the same as the WAN port address of the target gateway...

Page 254: ...for the tunnel s remote network for the tunnel The remote subnet mask is the subnet setting for the remote network the tunnel connects to Remote Gateway Enter a numerical non DNS remote gateway IP address for the tunnel The remote gateway IP address is the gateway address on the remote network the VPN tunnel connects to Default Gateway Displays the WAN interface s default gateway IP address Manual...

Page 255: ...plet A prompt displays confirming the logout before the applet is closed 6 7 1 Creating a VPN Tunnel between Two Access Points This section describes how to define a simple configuration using two access points to create an IPSec tunnel To create a IPSec VPN tunnel between two access points Auto Key Settings Select the Auto IKE Key Exchange checkbox and click the Auto Key Settings button to open a...

Page 256: ... IP address of AP 2 in the Remote Gateway field 7 Click Add to add the tunnel to the list 8 Select the Auto IKE Key Exchange button 9 Select Auto Key Settings 10 Select ESP with Authentication and AES 128 bit Click OK 11 Select the IKE Settings button 12 Select Pre Shared Key PSK 13 Enter the Passphrase Passphrases must match on both VPN devices 14 Select AES 128 bit 15 Select Group 2 16 Click OK ...

Page 257: ...20 Once both tunnels are established ping each side to ensure connectivity 6 7 2 Configuring Manual Key Settings A transform set is a combination of security protocols and algorithms applied to IPSec protected traffic During security association SA negotiation both gateways agree to use a particular transform set to protect data flow A transform set specifies one or two IPSec security protocols ei...

Page 258: ...nsform set the combination of protocols algorithms and other settings must match a transform set at the remote end of the gateway Use the Manual Key Settings screen to specify the transform sets used for VPN access To configure manual key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select the Manual Key...

Page 259: ...onfigure a key for computing the integrity check on inbound traffic with the selected authentication algorithm The key must be 32 40 hexadecimal 0 9 A F characters in length The key value must match the corresponding outbound key on the remote security gateway Outbound AH Authentication Key Configure a key for computing the integrity check on outbound traffic with the selected authentication algor...

Page 260: ...of the key is determined by the selected encryption algorithm The key must match the outbound key at the remote gateway Outbound ESP Encryption Key Define a key for outbound traffic The length of the key is determined by the selected encryption algorithm The key must match the inbound key at the remote gateway ESP Authentication Algorithm This option is available only when ESP with Authentication ...

Page 261: ...To manually specify keys cancel out of the Auto Key Settings screen select the Manual Key Exchange radio button and set the keys within the Manual Key Setting screen To configure auto key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the Auto Key Set...

Page 262: ...erfect Forward Secrecy Security Association Life Time The Security Association Life Time is the configurable interval used to timeout association requests that exceed the defined interval The available range is from 300 to 65535 seconds The default is 300 seconds AH Authentication AH provides data authentication and anti replay services for the VPN tunnel Select the desired authentication method f...

Page 263: ...e this menu to select the encryption and authentication algorithms for this VPN tunnel 3DES Selects the 3DES algorithm No keys are required to be manually provided AES 128 bit Selects the Advanced Encryption Standard algorithm with 128 bit No keys are required to be manually provided AES 192 bit Selects the Advanced Encryption Standard algorithm with 192 bit No keys are required to be manually pro...

Page 264: ... means of negotiation and authentication for communication between two or more parties In essence IKE manages IPSec keys automatically for the parties To configure IKE key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the IKE Settings button 3 Config...

Page 265: ...as johndoe motorola com Local ID Data Specify the FQDN or UFQDN based on the Local ID type assigned Remote ID Type Select the type of ID to be used for the access point end of the tunnel from the Remote ID Type drop down menu IP Select the IP option if the remote ID type is the IP address specified as part of the tunnel FQDN Select FQDN if the remote ID type is a fully qualified domain name such a...

Page 266: ...dvanced Encryption Standard algorithm with 192 bit No keys are required to be manually provided AES 256 bit Uses the Advanced Encryption Standard algorithm with 256 bit No keys are required to be manually provided Key Lifetime The number of seconds the key is valid At the end of the lifetime the key is renegotiated The access point forces renegotiation every 3600 seconds There is no way to change ...

Page 267: ...The VPN Status screen is read only with no configurable parameters To configure a VPN tunnel use the VPN configuration screen in the WAN section of the access point menu tree To view VPN status 1 Select Network Configuration WAN VPN VPN Status from the access point menu tree 2 Reference the Security Associations field to view the following Tunnel Name The Tunnel Name column lists the names of all ...

Page 268: ...y the access point to identify a security association There are unique outbound and inbound SPIs Life Time Use the Life Time column to view the lifetime associated with a particular Security Association SA Each SA has a finite lifetime defined When the lifetime expires the SA can no longer be used to protect data traffic The maximum SA lifetime is 65535 seconds Tx Bytes The Tx Bytes column lists t...

Page 269: ...inistrators selective control on the content proliferating the network and is a powerful data and network screening tool Content filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound requests To configure content filtering for the access point 1 Select Network Configuration WAN Content Filtering from the access point menu tree Remaining Life Lis...

Page 270: ...P commands going outbound on the access point WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following user selectable outgoing HTTP requests Web Proxy Blocks the use of Web proxies by clients ActiveX Blocks all outgoing ActiveX requests by clients Selecting ActiveX only blocks traffic scripting language with an ocx extension Block Outbound URL ...

Page 271: ...ntifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with an OK reply and terminate communication with the sender SEND Initiates a mail transaction where mail is sent to one or more remote terminals SAML Send and Mail Initiates a transaction where mail data is sent to one or more local mailb...

Page 272: ...fined interval the access point waits to search for rogue APs Additionally the access point does not detect rogue APs on illegal channels channels not allowed by the regulatory requirements of the country the access point is operating in Block Outbound FTP Actions File Transfer Protocol FTP is the Internet standard for host to host mail transport FTP generally operates over TCP port 20 and 21 FTP ...

Page 273: ...rogue AP A longer interval will have less of an impact to the MU s but it will increase the amount of time used to detect rogue APs Therefore the interval should be set according to the perceived risk of rogue devices and the criticality of MU performance To configure Rogue AP detection for the access point 1 Select Network Configuration Wireless Rogue AP Detection from the access point menu tree ...

Page 274: ...s point and define the 802 11a n or 802 11b g n radio to conduct the rogue AP search CAUTION Users cannot define a rogue detection method when one of the access point radios is functioning as a WIPS sensor To use one of the radios as a detector you must disable WIPS sensor mode first then set a radio for the desired detection method ...

Page 275: ... If the access point is a dual radio model select the RF Scan by Detector Radio checkbox to enable the selected 11a or 11b g radio to scan for rogue APs For example if 11b g is selected the existing 11a radio would act as the detector radio scanning on all 11b g channels while the existing 11b g radio continues to service MUs The assumption is when planning to do an all channel scan on one band th...

Page 276: ... 1 Select Network Configuration Wireless Rogue AP Detection Active APs from the access point menu tree Del Delete Click the Delete button to remove the highlighted line from the Rule Management field The MAC and ESS address information previously defined is no longer applicable unless the previous configuration is restored Delete All Click the Delete All button to remove all entries from the Rule ...

Page 277: ...he approved AP list permanently 3 Enter a value in minutes in the Rogue APs Age Out Time field to indicate the number of elapsed minutes before an AP will be removed from the rogue AP list and reevaluated A zero 0 for this value default value indicates an AP can remain on the rogue AP list permanently 4 Highlight an AP from within the Rogue APs table and click the Add to Allowed APs List button to...

Page 278: ...ve any changes to the Active APs screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Active APs screen to the last saved configuration 10 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout ...

Page 279: ...d the device should be defined as an allowed AP ESSID Displays the ESSID of the rogue AP This information could be useful if the ESSID is determined to be non hostile and the device should be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The higher the RSSI the closer the rogue AP If multiple access po...

Page 280: ...ction area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the access point menu tree The On Demand MU Scan screen displays with associated MUs with rogue AP detection enabled Detection Method Displays the RF Scan by MU RF On Channel Detection or RF Scan by Detector Radio method selec...

Page 281: ...ESSID and RSSI values to determine the device listed in the table is truly a rogue device or one inadvertently detected as a rogue AP 3 If necessary highlight an individual MU from within the Scan Result field and click the Add to Allowed AP List button to move the AP into the Allowed APs table within the Active APs screen 4 Additionally if necessary click the Add All to Allowed APs List button to...

Page 282: ... Servers AAA Servers to provide user database information and user authentication 6 10 1 Configuring the Radius Server The Radius Server screen enables an administrator to define data sources and specify authentication information for the Radius Server To configure the Radius Server 1 Select System Configuration User Authentication Radius Server from the menu tree CAUTION Ensure IPSec has been pro...

Page 283: ...source Use the User Database screen to enter the user data For more information see Managing the Local User Database on page 6 63 LDAP If LDAP is selected the switch will use the data in an LDAP server Configure the LDAP server settings on the LDAP screen under Radius Server on the menu tree For more information see Configuring LDAP Authentication on page 6 58 NOTE When using LDAP only PEAP GTC an...

Page 284: ... TLS layer on top of EAP as a carrier for other EAP modules PEAP is an ideal choice for networks using legacy EAP authentication methods TTLS Select the TTLS checkbox to enable all three TTLS types MD5 PAP and MSCHAP V2 available to the access point TTLS is similar to EAP TLS but the client authentication portion of the protocol is not performed until after a secure transport tunnel is established...

Page 285: ...data verification MD5 takes as input a message of arbitrary length and produces a 128 bit fingerprint The MD5 algorithm is intended for digital signature applications in which a large file must be compressed in a secure manner before being encrypted with a private secret key under a public key cryptographic system MSCHAP V2 Microsoft CHAP MSCHAP V2 is an encrypted authentication method based on Mi...

Page 286: ...he Radius Server on page 6 54 the LDAP screen is used to configure the properties of the external LDAP server To configure the LDAP server 1 Select System Configuration User Authentication RADIUS Server LDAP from the menu tree WARNING If you have imported a Server or CA certificate the certificate will not be saved when updating the access point s firmware Export your certificates before upgrading...

Page 287: ...the user has to be present in a group within the organizational unit The same group must be present within the onboard Radius server s database The group configured within the onboard Radius server is used for group policy configuration to support a new Time Based Rule restriction feature NOTE The LDAP screen displays with unfamiliar alphanumeric characters if new to LDAP configuration Motorola re...

Page 288: ... source for the Radius server The LDAP server must be accessible from the WAN port or from the access point s active subnet Port Enter the TCP IP port number for the LDAP server acting as a data source for the Radius The default port is 389 Login Attribute Specify the login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory use...

Page 289: ...Specify the distinguished name used to bind with the LDAP server Password Enter a valid password for the LDAP server Base Distinguished Name Enter a name that establishes the base object for the search The base object is the point in the LDAP tree at which to start searching Group Attribute Define the group attribute used by the LDAP server Group Filter Specify the group filters used by the LDAP s...

Page 290: ...on field to define the proxy server s retry count and timeout values CAUTION When configuring the credentials of an MU ensure its login or user name is a Fully Qualified Domain Name FQDN or it cannot be authenticated by the access point s proxy server For example ap7131 2kserver FUSCIA com CAUTION Ensure IPSec has been properly configured to protect communications with the external Proxy server Ch...

Page 291: ... Radius Server screen For information on selecting Local as the Data Source see Configuring the Radius Server on page 6 54 To add groups to the User database Retry Count Enter a value between 3 and 6 to indicate the number of times the access point attempts to reach a proxy server before giving up Timeout Enter a value between 5 and 10 to indicate the number of elapsed seconds causing the access p...

Page 292: ...o edit a group name 2 Click the Add button and enter the name of the group in the new blank field in the Groups table 3 To remove a group select the group from the table and click the Del Delete key The Users table displays the entire list of users Up to 100 users can be entered here The users are listed in the order added Users can be added and deleted but there is no capability to edit the name ...

Page 293: ...he Access Point applet A prompt displays confirming the logout before the applet is closed 6 10 4 1 Mapping Users to Groups Once users have been created within the Users screen their access privileges need to be configured for inclusion to one some or all of the groups also created within the Users screen To map users to groups for group authentication privileges 1 If you are not already in the Us...

Page 294: ...on Assigned users will display within the Assigned table Map one or more groups as needed for group authentication access for this particular user 4 To remove the user from a group select the group in the Assigned list on the left and click the Delete button 5 Click the OK button to save your user and group mapping assignments and return to the Users screen ...

Page 295: ...screen displays in the Access Policy screen within the groups column Similarly existing WLANs can be individually mapped to user groups by clicking the WLANs button to the right of each group name For more information on creating groups and users see Managing the Local User Database on page 6 63 For information on creating a new WLAN or editing the properties of an existing WLAN see Creating Editi...

Page 296: ...ntervals for specific days and hours A mechanism also exists for mapping specific WLANs to these intervals For more information see Editing Group Access Permissions on page 6 69 For information on creating a new group see Managing the Local User Database on page 6 63 Time of Access The Time of Access field displays the days of the week and the hours defined for group access to access point resourc...

Page 297: ...for any day of the week and include any hour of the day Ten unique access intervals can be defined for each existing group To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the menu tree 2 Select an existing group from within the groups field 3 Select the Edit button The Edit Access Policy screen displays Associated WLANs The Associated WLANs fiel...

Page 298: ...for which each policy applies If continual access is required select the All Days option If continual access is required during Monday through Friday but not Saturday or Sunday select the Weekdays option Use the Start Time and End Time values to define the access interval in HHMM format for each access policy Each policy for a given group should have unique intervals Policies can be created for di...

Page 299: ...ccess Policy screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 7 Click Cancel if necessary to undo any changes made Undo Changes reverts the settings displayed on the Edit Access Policy screen to the last saved configuration NOTE Groups have a strict start and end time as defined using the Edit Access Policy screen Only during this period...

Page 300: ...AP 7131N FGR Access Point Product Reference Guide 6 72 ...

Page 301: ...n and 802 11b g n radios An advanced radio statistics page is also available to display retry histograms for specific data packet retry information Associated MU stats can be displayed collectively for associated MUs and individually for specific MUs An echo ping test is also available to ping specific MUs to assess the strength of the AP association Finally the access point can detect and display...

Page 302: ...o view real time statistics for monitoring the access point activity through its Wide Area Network WAN port The Information field of the WAN Stats screen displays basic WAN information generated from settings on the WAN screen The Received and Transmitted fields display statistics for the cumulative packets bytes and errors received and transmitted through the WAN interface since it was last enabl...

Page 303: ...n displays no connection information and statistics To enable the WAN connection see Configuring WAN Settings on page 5 17 HW Address The Media Access Control MAC address of the access point WAN port The WAN port MAC address is hard coded at the factory and cannot be changed For more information on how access point MAC addresses are assigned see MAC Address Assignment on page 1 28 IP Addresses The...

Page 304: ... over the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted RX Bytes RX bytes are bytes of information received over the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted To restart the access point to begin a new data collection see Co...

Page 305: ...llection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the WAN connection The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Errors TX errors include dropped data packets buffer overruns and carrier ...

Page 306: ...d and Transmitted fields of the screen display statistics for the cumulative packets bytes and errors received and transmitted over the LAN1 or LAN2 port since it was last enabled or the access point was last restarted The LAN Stats screen is view only with no user configurable data fields To view access point LAN connection stats 1 Select Status and Statistics LAN Stats LAN1 Stats or LAN2 Stats f...

Page 307: ...his information to assess the current connection status of LAN 1 or LAN2 Speed The LAN 1 or LAN 2 connection speed is displayed in Megabits per second Mbps for example 54Mbps If the throughput speed is not achieved examine the number of transmit and receive errors or consider increasing the supported data rate To change the data rate of the 802 11a n or 802 11b g n radio see Configuring the 802 11...

Page 308: ...X packets are data packets sent over the access point LAN port The displayed number is a cumulative total since the LAN connection was last enabled or the access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the LAN port The displayed number is a cumulative total since the LAN Connection was ...

Page 309: ...bility to track its own unique STP statistics Refer to the LAN STP Stats page when assessing mesh networking functionality for each of the two access point LANs Access points in bridge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bridge fails neighboring bridges detect a lack of configuration messaging and initiate a spanning tree recalculation when spann...

Page 310: ...on to occur when the bridge is powered up or when a topology change is detected Designated Root Displays the access point MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen For information on defining an access point as a root bridge see Setting the LAN Configuration for Mesh Networking Support on page 9 6 Bridge ID The Bridge ID identifies the priority and...

Page 311: ...n tuned between 1 and 10 sec For information on setting the Bridge Hello Time see Setting the LAN Configuration for Mesh Networking Support on page 9 6 The 802 1d specification recommends the Hello Time be set to a value less than half of the Max Message age value Bridge Forward Delay The Bridge Forward Delay value is the time spent in a listening and learning state This time is equal to 15 sec by...

Page 312: ... WLANs on page 5 29 to enable the WLAN For information on configuring the properties of individual WLANs see Creating Editing Individual WLANs on page 5 32 To view access point WLAN Statistics 1 Select Status and Statistics Wireless Stats from the access point menu tree Designated Bridge There is only one root bridge within each mesh network All other bridges are designated bridges that look to th...

Page 313: ...Displays the total number of MUs currently associated with each enabled WLAN Use this information to assess if the MUs are properly grouped by function within each enabled WLAN To adjust the maximum number of MUs permissible per WLAN see Creating Editing Individual WLANs on page 5 32 T put Displays the total throughput in Megabits per second Mbps for each active WLAN ABS Displays the Average Bit S...

Page 314: ...ng activity or risk losing all data calculations to that point Total pkts per second Displays the average number of RF packets sent per second across all active WLANs on the access point The number in black represents packets for the last 30 seconds and the number in blue represents total pkts per second for the last hour Total bits per second Displays the average bits sent per second across all a...

Page 315: ...n RF traffic and throughput The RF Status field displays information on RF signal averages from the associated MUs The Error field displays RF traffic errors based on retries dropped packets and undecryptable packets The WLAN Stats screen is view only with no user configurable data fields To view statistics for an individual WLAN 1 Select Status and Statistics Wireless Stats WLANx Stats x target W...

Page 316: ...f MUs currently associated with the WLAN If this number seems excessive consider segregating MU s to other WLANs if appropriate Pkts per second The Total column displays the average total packets per second crossing the selected WLAN The Rx column displays the average total packets per second received on the selected WLAN The Tx column displays the average total packets per second sent on the sele...

Page 317: ...ackets for the last hour Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU No...

Page 318: ... displayed as well by selecting a specific radio from within the access point menu tree To view high level access point radio statistics 1 Select Status and Statistics Radio Stats from the access point menu tree Dropped Packets Displays the percentage of packets which the AP gave up on for all MUs associated with the selected WLAN The number in black represents this statistic for the last 30 secon...

Page 319: ...n on page 5 54 MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for each access point radio listed To adjust the data rate for a specific radio see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 ABS Displays the Average Bit Speed ABS in Megabits per second Mbps for each access point r...

Page 320: ...n field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and transmitted The Traffic field does not add retry information to the stats displayed Refer to the RF Status field for an average MU signal noise and signal to noise ratio information Finally the Errors field disp...

Page 321: ...the factory and can be found on the bottom of the access point For more information on how access point MAC addresses are assigned see MAC Address Assignment on page 1 28 Radio Type Displays the radio type either 802 11a n or 802 11b g n Power The power level in milliwatts mW for RF signal strength To change the power setting for the radio see Configuring the 802 11a n or 802 11b g n Radio on page...

Page 322: ... Throughput The Total column displays average throughput on the radio TheRx column displays average throughput in Mbps for packets received The Tx column displays average throughput for packets transmitted The number in black represents statistics for the last 30 seconds and the number in blue represents statistics for the last hour Use this information to assess whether the current throughput is ...

Page 323: ... last 30 seconds and the number in blue represents MU noise for the last hour If MU noise is excessive consider moving the MU closer to the access point or in area with less conflicting network traffic Avg MU SNR Displays the average Signal to Noise Ratio SNR for all MUs associated with the access point radio The Signal to Noise Ratio is an indication of overall RF performance on your wireless net...

Page 324: ...ay a Retry Histogram screen for an access point radio 1 Select Status and Statistics Radio Stats Radio1 802 11b g n Stats Retry Histogram from the access point menu tree A Radio Histogram screen is available for each access point radio regardless of single or dual radio model The table s first column shows 0 under Retries The value under the Packets column directly to the right shows the number of...

Page 325: ... confirming the logout before the applet is closed 7 5 Viewing MU Statistics Summary Use the MU Stats Summary screen to display overview statistics for mobile units MUs associated with the access point The MU List field displays basic information such as IP Address and total throughput for each associated MU The MU Stats screen is view only with no user configurable data fields However individual ...

Page 326: ...ssociated MU WLAN Displays the WLAN name each MU is interoperating with Radio Displays the name of the 802 11a n or 802 11b g n radio each MU is associated with T put Displays the total throughput in Megabits per second Mbps for each associated MU ABS Displays the Average Bit Speed ABS in Megabits per second Mbps for each associated MU Retries Displays the average number of retries per packet A hi...

Page 327: ...o securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 1 Viewing MU Details Use the MU Details screen to display throughput signal strength and transmit error information for a specific MU associated with the access point The MU Details screen is separated into four fields MU Properties MU Traffic MU Signal and MU Errors The MU Properties fi...

Page 328: ...ffic Motorola recommends CAM for those MUs transmitting with the AP frequently and for periods of time of two hours HW Address Displays the Media Access Control MAC address for the MU Radio Association Displays the name of the AP MU is currently associated with If the name of the access point requires modification see Configuring System Settings on page 4 2 QoS Client Type Displays the data type t...

Page 329: ...a rate of the AP if the current bit speed does not meet network requirements For more information see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 The associated MU must also be set to the higher rate to interoperate with the access point at that data rate of Non unicast pkts Displays the percentage of the total packets for the selected mobile unit that are non unicast Non unicast p...

Page 330: ...d on for the selected MU The number in black represents the percentage of packets for the last 30 seconds and the number in blue represents the percentage of packets for the last hour of Undecryptable Pkts Displays the percentage of undecryptable packets for the MU The number in black represents the percentage of undecryptable packets for the last 30 seconds and the number in blue represents the p...

Page 331: ...t the Echo Test screen and return to the MU Stats Summary screen 7 5 3 MU Authentication Statistics The access point can access and display authentication statistics for individual MUs To view access point authentication statistics for a specific MU 1 Select Status and Statistics MU Stats from the access point menu tree 2 Highlight a target MU from within the MU List field 3 Click the MU Authentic...

Page 332: ...on is used to create a list of known wireless bridges To view detected mesh network statistics 1 Select Status and Statistics Mesh Stats from the access point menu tree The Mesh Statistics Summary screen displays the following information Conn Type Displays whether the bridge has been defined as a base bridge or a client bridge For information on defining configuring the access point as either a b...

Page 333: ...station identifier This value is hard coded at the factory by the manufacturer and cannot be changed WLAN Displays the WLAN name each wireless bridge is interoperating with Radio Displays the name of the 802 11a n or 802 11b g n radio each bridge is associated with T put Displays the total throughput in Megabits per second Mbps for each associated bridge ABS Displays the Average Bit Speed ABS in M...

Page 334: ...int applet A prompt displays confirming the logout before the applet is closed 7 7 Viewing Known Access Point Statistics The access point has the capability of detecting and displaying the properties of other Motorola access points located within its coverage area Detected access point s transmit a WNMP message ...

Page 335: ...nown AP Stats from the access point menu tree The Known AP Statistics screen displays the following information NOTE The Known AP Statistics screen only displays statistics for access points located on the same subnet IP Address The network assigned Internet Protocol address of the located AP MAC Address The unique 48 bit hard coded Media Access Control address known as the devices station identif...

Page 336: ...point address and radio information The Known AP Details screen displays the target AP s MAC address IP address radio channel number of associated MUs packet throughput per second radio type s model MUs The number MUs associated with the located access point Unit Name Displays the name assigned to the access point using the System Settings screen For information on changing the unit name see Confi...

Page 337: ...devices displayed within the Known AP Statistics screen When an access point is highlighted and the Start Flash button is selected the LEDs on the selected access point flash When the Stop Flash button is selected the LEDs on the selected access point go back to normal operation 7 Click the Logout button to securely exit the Access Point applet A prompt displays confirming the logout before the ap...

Page 338: ...AP 7131N FGR Access Point Product Reference Guide 7 38 ...

Page 339: ...ccess point CLI follows the same conventions as the Web based user interface The CLI does however provide an escape sequence to provide diagnostics for problem identification and resolution The CLI treats the following as invalid characters In order to avoid problems when using the CLI these characters should be avoided ...

Page 340: ...lt username of admin and the default password of motorola If this is your first time logging into the access point you are unable to access any of the access point s commands until the country code is set A new password will also need to be created 8 1 2 Accessing the CLI via Telnet To connect to the access point CLI through a Telnet connection 1 If this is your first time connecting to your acces...

Page 341: ...e shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to the system submenu stats Goes to the stats submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 342: ...n argument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forwards in command history Note 1 commands can be incomplete Eg sh sho show 2 introduces a comment and gets no resposne from CLI admin help Displays command line help using combinations of function keys ...

Page 343: ...ormation on configuring passwords using the applet GUI see Setting Passwords on page 6 2 passwd Changes the admin password for access point access This requires typing the old admin password and entering a new password and confirming it Passwords can be between 8 and11 characters The access point CLI treats the following as invalid characters In order to avoid problems when using the access point ...

Page 344: ...nd 5 0 GHz VLAN VLAN1 Security Policy Default QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 0 0 0 0 LAN1 Mask 0 0 0 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP 192 235 1 1 LAN2 Mask 255 255 255 0 LAN2 DHCP Mode client WAN Interface IP Address Network Mask Default Gateway DHCP Client enable 172 20 23 10 255 255 255 192 172 20 23 20 enable For ...

Page 345: ...on Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory structure Example admin network lan admin network ...

Page 346: ...7131N admin Description Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in the directory structure Example admin network lan admin ...

Page 347: ...l of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save command works at all levels of the CLI The save command must be issued before leaving the CLI for updated settings to be retained ...

Page 348: ...iption Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the quit command is executed the login prompt displays again Example admin quit ...

Page 349: ...the LAN submenu wan Goes to the WAN submenu wireless Goes to the Wireless Configuration submenu firewall Goes to the Firewall submenu router Goes to the Router submenu ipfilter Goes to the IP Filter submenu Goes to the parent menu Goes to the root menu save Saves the current configuration to the system flash quit Quits the CLI and exits the current session ...

Page 350: ...UI see Configuring the LAN Interface on page 5 1 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping Goes to the WLAN Lan Vlan Mapping submenu dhcp Goes to the LAN DHCP submenu type filter Goes to the Ethernet Type Filter submenu ipfpolicy Goes to the LAN IP Filter Policy submenu Goes to the parent menu Goes to the root ...

Page 351: ...admin Password Auto negoitation disable Speed 100M Duplex full LAN1 Information LAN Name LAN1 LAN Interface enable 802 11q Trunking disable LAN IP mode DHCP client IP Address 192 168 0 1 Network Mask 255 255 255 255 Default Gateway 192 168 0 1 Domain Name Primary DNS Server 192 168 0 1 Secondary DNS Server 192 168 0 2 WINS Server 192 168 0 254 LAN2 Information LAN Name LAN2 LAN Interface disable 8...

Page 352: ...68 1 1 Network Mask 255 255 255 255 Default Gateway 192 168 1 1 Domain Name Primary DNS Server 192 168 0 2 Secondary DNS Server 192 168 0 3 WINS Server 192 168 0 255 admin network lan For information on displaying LAN information using the applet GUI see Configuring the LAN Interface on page 5 1 ...

Page 353: ... seconds Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trunking over the access point LAN port auto negotiation mode Enables or disables auto negotiation for the access point LAN port speed mbps Defines the access point LAN port speed as either 10 Mbps or 100 Mbps dup...

Page 354: ...w of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 show Displays the mesh configuration parameters for the access point s LANs set Sets the mesh configuration parameters for the access point s LANs Moves to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI and exits the session ...

Page 355: ...essage Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 show Displays mesh bridge con...

Page 356: ...Entry Ageout Time seconds 300 LAN2 Mesh Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 set priority LAN idx seconds Sets bridge priority time in seconds 0 65535 for specified ...

Page 357: ...ow Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties of an existing access point VLAN delete Deletes a VLAN lan map Maps access point existing WLANs to an enabled LAN vlan map Maps access point existing WLANs to VLANs Moves to the parent menu Goes to the root menu save Saves th...

Page 358: ...LAN ID VLAN Name 1 1 VLAN_1 2 2 VLAN_2 3 3 VLAN_3 4 4 VLAN_4 admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 1 1 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 show name Displays the existing list of VLAN names vlan cfg Shows WLAN VLAN mapping and VLAN configu...

Page 359: ...information Do you want to continue n y y WLAN1 WLAN Name WLAN1 ESSID 101 Radio Bands 2 4 and 5 0 GHz VLAN Security Policy Default QoS Policy Default Rate Limiting disabled For information on displaying the VLAN screens using the applet GUI see Configuring VLAN Support on page 5 5 ...

Page 360: ...ng set mode 1 static admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 10 12 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static For information on configuring VLANs using the applet GUI see Configuring VLAN Support on page 5 5 set mgmt tag id Defines the Management VLAN tag index 1 or 2 to tag number 1 4095 native tag id Sets the Native VLAN tag index 1 o...

Page 361: ...ntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on page 5 5 create vlan id id Defines the VLAN ID 1 4095 vlan name name Specifies the name of the VLAN 1 31 characters in length ...

Page 362: ...pping edit Description Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 5 5 edit name name Modifies an exisiting VLAN name 1 31 characters in length id id Modifies an existing VLAN ID 1 4095 characters in length ...

Page 363: ...g delete Description Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 5 5 delete VLANid Deletes a specific VLAN ID 1 16 all Deletes all defined VLAN entries ...

Page 364: ...nt VLAN to a WLAN Syntax admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 lan map wlanname Maps an existing WLAN to an enabled LAN All names and IDs are case sensitive lanname Defines enabled LAN name All names and IDs are case sensitive ...

Page 365: ...n network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 vlan map wlanname Maps an existing WLAN to an enabled LAN All names and IDs are case sensitive vlanname Defines the existing VLAN name All names and IDs are case sensitive ...

Page 366: ...submenu The items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static DHCP address assignments Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI and exits the session ...

Page 367: ...68 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet GUI see Configuring the LAN Interface on page 5 1 show Displays DHCP parameter settings for the access point These parameters are defined with the set com...

Page 368: ...lan dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet GUI see Configuring the LAN Interface on page 5 1 set range LAN idx ip1 ip2 Sets the DHCP assignment range from IP address ip1 to IP address ip2 for the specified LAN 1 lan1 2 lan2 lease LAN idx lea...

Page 369: ... add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 add LAN idx mac ip Adds a reserved static IP address to a MAC address for the specified LAN ...

Page 370: ...8112236 192 169 24 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhcp delete 1 all index mac address ip address For information on deleting client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 de...

Page 371: ...33 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 list LAN idx cr Lists the static DHCP address assignments for the specified LAN 1 LAN1 2 LAN2 ...

Page 372: ...oint Type Filter submenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry delete Removes an Ethernet Type Filter entry Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 373: ...ion Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration using the applet see Setting the Type Filter Configuration on page 5 15 show LAN idx Displays the existing Type Filter configuration for the specified LAN ...

Page 374: ...lter configuration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 15 set mode LAN idx mode allow or deny Allows or denies the access point from processing a specified Ethernet data type for the specified LAN ...

Page 375: ...0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 15 add LAN idx type Adds entered Ethernet Type to list of data types either allowed or denied access point processing permissions for the specif...

Page 376: ...how 1 Ethernet Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet type For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 15 delete LAN idx index Deletes the specified Ethernet Type ...

Page 377: ...PPoE configuration set Defines the access point s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can be defined vpn Goes to the VPN submenu where the access point VPN tunnel configuration can be set content Goes to the outbound content filtering menu dyndns Displays the Dynamic DNS submenu wherein dyndns settings can be defined Goes to the parent ...

Page 378: ...ation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name JohnDoe PPPoE Password PPPoE keepalive mode enable PPPoE Idle Time 600 PPPoE Authentication Type chap PPPoE State admin network wan For an overview of the WAN configuration options available using the applet GU...

Page 379: ...e Enables or disables the access point WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b c d for the access point WAN interface mask a b c d Sets the subnet mask for the access point WAN interface dgw a b c d Sets the default gateway IP address to a b c d dns idx a b c d Sets the IP address of one or two DNS...

Page 380: ...he NAT configuration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 23 show Displays the access point s current NAT parameters for the specified index set Defines the access point NAT settings add Adds NAT entries delete Deletes NAT entries list Lists NAT entries Goes to the parent menu Goes to the root menu save Saves the configuration to...

Page 381: ...ings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235 91 2 admin network wan nat For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 23 show idx cr Displays access point NAT parameters for the specified ...

Page 382: ... one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 23 set type index type Sets the type of NAT translation for WAN address index idx 1 8 to type none 1 to 1 or 1 to many ip index ip Sets NAT IP mapping associated with WAN address idx to the specified IP...

Page 383: ...rk Address Translation NAT Settings on page 5 23 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is the name of the entry 1 to 7 characters tran is the transport protocol one of tcp udp icmp ah esp gre or all port1 is the starting port number in a port range port2 is the ending port number in a port range ip is the internal I...

Page 384: ...delete 1 1 admin network wan nat list 1 index name Transport start port end port internal ip translation Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 23 delete idx entry Deletes a specified NAT index entry entry associated with the WAN idx all Deletes all NAT entries associated with the WAN add...

Page 385: ...rt internal ip translation 1 special tcp 20 21 192 168 42 16 21 Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 23 list idx Lists the inbound NAT entries associated with the WAN index 1 8 delete Deletes inbound NAT entries from the list add Adds entries to the list of inbound NAT entries ...

Page 386: ...ble using the applet GUI see Configuring VPN Tunnels on page 6 23 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all VPN tunnels stats Lists security association status for the VPN tunnels ikestate Displays an Internet Key Exchange IKE summary Goes to the parent menu Goes to the root menu save Saves the conf...

Page 387: ...alues and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 23 add name idx LWanIP RSubnetIP RSubnetMask RGatewayIP Creates a tunnel name 1 to 13 characters to gain access through local WAN IP LWanIP from the remote subnet with address RSubnetIP and subnet mask RSubnetMask using the re...

Page 388: ...m Options include DES 3DES AES128 AES192 or AES256 esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on the encryption algorithm 16 hex characters for DES 48 hex characters for 3DES 32 hex characters for AES128 48 hex characters for AES192 64 hex characters for AES256 esp authalgo name authalgo ...

Page 389: ...e Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP authtype name authtype Sets the IKE Authentication type for name to authtype PSK or RSA authalgo name authalgo Sets the IKE Authentication Al...

Page 390: ... 24 192 168 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway Local WAN IP SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 2...

Page 391: ...vpn list SJSharkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209 239 160 55 AH Algorithm None Encryption Type ESP Encryption Algorithm DES ESP Inbound SPI 0x00000100 ESP Outbound SPI 0x00000100 For information on displaying VPN information using the ...

Page 392: ... vpn reset Description Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 23 reset Resets all VPN tunnel states ...

Page 393: ...els Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displaying VPN information using the applet GUI see Viewing VPN Status on page 6 39 stats Display statistics for all VPN tunnels ...

Page 394: ...KE State Dest IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 6 36 ikestate Displays status about Internet Key Exchange IKE for all tunnels In particular the table indicates whether IKE is connected for any of the tunnels it provides the destination IP address...

Page 395: ...e items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic list Lists application control commands Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 396: ...nd traffic proxy Adds a Web proxy command activex Adds activex files file Adds Web URL extensions 10 files maximum smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcpt rcpt command data data command quit quit command send send command saml saml command reset reset command vrfy vrfy command expn expn command ftp Adds FTP commands to block outbound traffic put s...

Page 397: ... proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail mail command rcpt rcpt command data data command quit quit command send send command saml saml command reset reset command vrfy vrfy command expn expn command ftp Deletes FTP commands to block outbound traffic put store command ge...

Page 398: ...ork wan content list smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing Files deny Retreiving Files allow Directory Files allow Create Directory allow Change Directory allow Passive Operation allow list web Lists WEB application control record smtp Lists SMTP applica...

Page 399: ...his command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 27 set Sets Dynamic DNS parameters update Sets key exchange parameters show Shows the Dynamic DNS configuration Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 400: ...n network wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 27 set mode enable disable Enables or disbales the Dynamic DNS service for the access point username name Enter a 1 32 character username for the account used for the access point password password Enter a 1 32 character password for the account u...

Page 401: ...th the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 27 update Updates the access point s current WAN IP address with the DynDNS service ...

Page 402: ...This will display secure information Do you want to continue n y y DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 27 show Shows the access point s current Dynamic DNS configura...

Page 403: ...U access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a n or 802 11b g radio is used with specific WLANs qos Displays the Quality of Service QoS submenu to prioritize specific kinds of data traffic within a WLAN rate limiting Displays the Rate Limiting submenu rogue ap Displays the Rogue AP submenu to configure devices located by the access poi...

Page 404: ...on options available to the using the applet GUI see Enabling Wireless LANs WLANs on page 5 29 show Displays the access point s current WLAN configuration create Defines the parameters of a new WLAN edit Modifies the properties of an existing WLAN delete Deletes an existing WLAN hotspot Displays the WLAN hotspot menu ipfpolicy Goes to the WLAN IP Filter Policy menu Goes to the parent menu Goes to ...

Page 405: ...1 WLAN Name Lobby 802 11n 5 0 GHz Radio available 802 11n 2 4 GHz Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 MU Idle Timeout 30 Security Policy Default MU Access Control Default disallow MU to MU Communication disable Use Secure Beacon disable answer Broadcast ESSID enable QoS Policy Default per mu rate limiting disabled per mu rate limit wired ...

Page 406: ...ax mu number Defines the maximum number of MU able to operate within the WLAN default 127 MUs idle timeout minutes Sets the interval the access point uses to timeout idle MUs from WLAN inclusion Set between 1 65532 minutes Default is 30 minutes security name Sets the security policy to the WLAN 1 32 acl name Sets the MU ACL policy to the WLAN 1 32 passwd ascii string Defines a password used if the...

Page 407: ...measure enable admin network wireless wlan create show acl ACL Policy Name Associated WLANs 1 Default Front Lobby 2 Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy Name Associated WLANs 1 Default Front Lobby 2 Voice Audio Dept 3 Video Video Dept The CLI treats the following as invalid characters thus they should not be used in the creation of an ESSID o...

Page 408: ...g a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 32 edit index Edits the properties of an existing and specified WLAN policy 1 16 show Displays the WLANs pamaters and summary set Edits the same WLAN parameters that can be modified using the create command change Completes the WLAN edits and exits the CLI session Cancel the WLAN edits and exit the CLI session ...

Page 409: ...tion Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 32 delete wlan name Deletes a target WLAN using the name supplied all Deletes all WLANs defined except default WLAN ...

Page 410: ...ion on configuring the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 5 48 show Show hotspot parameters redirection Goes to the hotspot redirection menu radius Goes to the hotspot Radius menu white list Goes to the hotspot white list menu save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu...

Page 411: ...Ip adr 157 235 21 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Accounting Server Port 1813 Accounting Server Secret Accoutning Timeout 10 Accoutning Retry count 3 Session Timeout Mode enable Session Timeout 15 Whitelist Rules Idx IP Address 1 157 23...

Page 412: ...information on configuring the hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 48 redirection set page loc Sets the hotspot http re direction by index 1 16 for the specified URL exturl Shows hotspot http redirection details for specifiec index 1 16 for specified page login welcome fail and target URL show Shows hotspot http redirect...

Page 413: ... configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 48 set Sets the Radius hotspot configuration show Shows Radius hotspot server details save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 414: ...e Hotspot options available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 5 48 set server idx srvr_type ipadr Sets the Radius hotpost server IP address per wlan index 1 16 port idx srvr_type port Sets the Radius hotpost server port per wlan index 1 16 secret idx srvr_type secret Sets the Radius hotspot server shared secret password acct mode idx mode Sets the ...

Page 415: ...1812 Primary Server Secret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Secret Accounting Timeout 10 Accounting Retry count 3 Session Timeout Mode enable admin network wireless wlan hotspot radius For information on configuring the Hotspot options available to the access point ...

Page 416: ...iteList Rules Idx IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 48 white list add rule Adds hotspot whitelist rules by index 1 16 for specified IP address clear Clears hotspot whitelist rules for specified index 1 16 show Shows hotspot whitelist rules for specified inde...

Page 417: ...configuration options available to the access point using the applet GUI see Configuring Security Options on page 6 2 show Displays the access point s current security configuration create Creates a security policy edit Edits the properties of an existing security policy delete Removes a specific security policy Goes to the parent menu Goes to the root menu save Saves the configuration to system f...

Page 418: ... continue n y y Secu Policy Name Authen Encryption Associated WLANs 1 Default 802 1x WPA2 CCMP Lobby 3 Open 802 1x WPA2 CCMP 1st Floor WPA Countermeasure enable Related Commands For information displaying existing WLAN security settings using the applet GUI see Enabling Authentication and Encryption Schemes on page 6 4 show summary Displays list of existing security policies 1 16 policy id Display...

Page 419: ...ry or 2 secondary The default password is now motorola instead of symbol Be cognizant of this when importing a configuration from the 1 1 baseline as this shared secret will have to be changed to motorola after the import to avoid MU authentication failures This change can only be made using the access point CLI reauth mode mode Enables or disables EAP reauthentication period time Sets the reauthe...

Page 420: ...count Sets the EAP maximum number of MU retries to count 1 10 svr timeout time Sets the server timeout time in seconds 1 255 svr retry count Sets the maximum number of server retries to count 1 255 enc idx type Sets the encryption type to type for the WLAN idx ccmp rotate mode mode Enables or disabled the broadcast key interval time Sets the broadcast key rotation interval to time in seconds 300 6...

Page 421: ...ts Disregards the policy creation and exits the CLI session CAUTION If importing a 1 1 or earlier baseline configuration the 802 1x EAP Radius shared secret password will remain symbol instead of motorola as now required If the shared secret password is not changed to motorola there will be a shared secret mis match resulting in MU authentication failures The password cannot be set using the acces...

Page 422: ...to continue n y y For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 show Displays the new or modified security policy parameters set index Edits security policy parameters The values subject to modification are the same ones created using the AP7131N admin network wireless securit...

Page 423: ...nformation on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 delete sec name Removes the specified security policy from the list of supported policies all Removes all security policies except the default policy ...

Page 424: ...t Access Control List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an existing MU ACL policy delete Removes an MU ACL policy Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 425: ...ministration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 show summary Displays the list of existing MU ACL policies policy index Disp...

Page 426: ...s acl create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 create show acl name Displays the parameters of a new ACL policy set acl name index Sets the MU ACL policy name mode acl mode Sets the ACL mode for the defined index 1 16 Allowed MUs can access the access point managed...

Page 427: ...e applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy add addr Adds an MU ACL table entry delete Deletes an MU ACL table entry including starting and ending MAC address ranges change Completes the changes made and exits the session Cancels the changes made and exits the sessio...

Page 428: ...elete Description Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 delete idx Deletes a partilcular MU ACL policy index all Deletes all MU ACL policies ...

Page 429: ...tems available under this command include show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 2 4 GHz radio submenu radio2 Displays the 5 0 GHz radio submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 430: ...idge Mode disable Client Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable Radio Function WIPS RF Band of Operation 802 11n 5 GHz Roaming Client Bridge Mode disabled Wireless Mesh Configuration Base Bridge Mode enable Max Wireless AP Clients 5 Client Bridge Mode disable Roaming Client Bridge Mode enable Client Bridge WLAN WLAN1 Mesh Connection Timeout enable D...

Page 431: ...aximum number of MUs assigned to the specified radio idx 1 or 2 The range can be defined between 0 and 127 This command does not apply to single radio access points mesh base mode Enables or disables base bridge mode mesh max clients Sets the maximum number of wireless bridge clients mesh client mode Enables or Disables client bridge mode mesh roaming client mode Enables or disables the mesh roami...

Page 432: ...o the access point see Setting the WLAN s Radio Configuration on page 5 54 set radio config value 1 7 1 Radio 1 WLAN Radio 2 WIPS 2 Radio 1 WIPS Radio 2 WLAN 3 Radio 1 WLAN Radio 2 WLAN 4 Radio 1 WIPS Radio 2 WIPS 5 Radio 1 WLAN Radio 2 Disabled 6 Radio 1 Disabled Radio 2 WLAN 7 Radio 1 Disabled Radio 2 Disabled ...

Page 433: ...n options available to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 5 54 show Displays 802 11n 2 4 GHz radio settings set Defines specific 802 11n 2 4 GHz radio parameters advanced Displays the Adavanced radio settings submenu mesh Goes to the Wireless AP Connections submenu Goes to the parent menu Goes to the root menu save Saves the configuration to sy...

Page 434: ...tection Mode Pure HT Channel Setting user selection Power Level 5 dbm 4 mW 802 11 rate compatibility mode B G and N Beacon Interval 100 K usec DTIM Interval 10 beacon intvls short preamble disable RTS Threshold 2341 bytes QBSS Channel Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Anetenna disable show radio Displays specific 802 11n 2 4 GHz radio settings rates Displays...

Page 435: ... 0 Mbps 8 Supported 13 0 Mbps 27 0 Mbps 9 Supported 26 0 Mbps 54 0 Mbps 10 Supported 39 0 Mbps 81 0 Mbps 11 Supported 52 0 Mbps 108 0 Mbps 12 Supported 78 0 Mbps 162 0 Mbps 13 Supported 104 0 Mbps 216 0 Mbps 14 Supported 117 0 Mbps 243 0 Mbps 15 Supported 130 0 Mbps 270 0 Mbps admin network wireless radio 802 11n 2 4 GHz admin network wireless radio 802 11n 2 4 GHz show aggr Radio Aggregation Sett...

Page 436: ...15 1 94 3 008 Voice 3 7 1 47 1 504 For information on configuring the Radio 1 configuration options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 CAUTION If you do NOT include the index number for example set dtim 50 the DTIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number...

Page 437: ...10 admin network wireless radio 802 11n 2 4 GHz set qbss mode enable For information on configuring the Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 set placement Defines the access point radio placement as indoors or outdoors ch mode Determines how the radio channel is selected user auto 20 or auto...

Page 438: ...e advanced submenu for the 802 11n 2 4 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 2 4 GHz radio set Defines advanced parameters for the 802 11n 2 4 GHz radio Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 439: ... Lobby 2 HR 3 Office admin network wireless radio 802 11n 2 4 GHz advanced show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN name WLAN1 ESS ID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disabled For information on configuring Radio 1 Configuration options available to the access point using the ...

Page 440: ...o 802 11n 2 4 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 2 4 GHz advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 set wlan wlan name bssid Defines advanced WLAN to BSSID mapping for the target radio bss bss id wlan nam...

Page 441: ...er this command include Syntax show Displays mesh settings and status for the 802 11n 2 4 GHz radio set Defines mesh parameters for the 802 11n 2 4 GHz radio add Adds a 802 11n 2 4 GHz radio mesh connection delete Deletes a 802 11n 2 4 GHz radio mesh connection Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 442: ... 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 2 4 GHz mesh show status idx AP MAC Address Channel Signal dBm admin network wireless radio 802 11n 2 4 GHz mesh show config Displays the connection list configuration status Shows the available mesh connection status ...

Page 443: ...h parameters for the 802 11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh set auto select enable admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable set auto select Enables or disables auto select mesh connections ...

Page 444: ...twork wireless radio 802 11n 2 4 GHz mesh add Description Adds a 802 11n 2 4 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh add 2 AA21DCDD12DE add priority Defines the connection priority 1 16 mac Sets the access point MAC address ...

Page 445: ...Description Deletes a 802 11n 2 4 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh delete 2 delete idx Deletes a mesh connection by specified index 1 16 all Removes all mesh connections ...

Page 446: ...submenu The items available under this command include Syntax show Displays 802 11n 5 0 GHz radio settings set Defines specific 802 11n 5 0 GHz radio parameters advanced Displays the Advanced radio settings submenu mesh Goes to the Mesh Connections submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 447: ...nnel Setting uniform spreading Power Level 20 dbm 100 mW 802 11 rate compatibility mode A and N Beacon Interval 100 K usec DTIM Interval 10 beacon intvls RTS Threshold 2341 bytes QBSS Channel Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Antenna disable show radio Displays specific 802 11n 5 0 GHz radio settings rates Displays specific 802 11n 5 0 GHz radio rate setting...

Page 448: ...orted 65 0 Mbps 135 0 Mbps 8 Supported 13 0 Mbps 27 0 Mbps 9 Supported 26 0 Mbps 54 0 Mbps 10 Supported 39 0 Mbps 81 0 Mbps 11 Supported 52 0 Mbps 108 0 Mbps 12 Supported 78 0 Mbps 162 0 Mbps 13 Supported 104 0 Mbps 216 0 Mbps 14 Supported 117 0 Mbps 243 0 Mbps 15 Supported 130 0 Mbps 270 0 Mbps admin network wireless radio 802 11n 5 0 GHz admin network wireless radio 802 11n 5 0 GHz show aggr Rad...

Page 449: ...Min CWMax AIFSN TXOPs 32 usec TXOPs ms Background 15 1023 7 0 0 000 Best Effort 15 63 3 31 0 992 Video 7 15 1 94 3 008 Voice 3 7 1 47 1 504 For information on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 38 ...

Page 450: ...na disable For information on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 set placement Defines the access point radio placement as indoors or outdoors ch mode Determines how the radio channel is selected channel Defines the actual channel used by the radio Channel allowed depends o...

Page 451: ...e 802 11n 5 0 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 5 0 GHz radio set Defines advanced parameters for the 802 11n 5 0 GHz radio Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 452: ...on is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 5 0 GHz advanced show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disable For information on configuring the Radio 2 Configuration options available to th...

Page 453: ...t wlan demoroom 1 admin network wireless radio 802 11n 5 0 GHz advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 59 set wlan wlan name bssid Defines advanced WLAN to BSSID mapping for the target 5 0 GHz radio bss bss id wlan name Sets the BSSID to p...

Page 454: ...o The items available under this command include Syntax show Displays mesh settings and status for the 802 11n 5 0 GHz radio set Defines mesh parameters for the 802 11n 5 0 GHz radio add Adds a 802 11n 5 0 GHz radio mesh connection delete Deletes a 802 11n 5 0 GHz radio mesh connection Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 455: ...mple admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 5 0 GHz mesh show status idx AP MAC Address Channel Signal dBm admin network wireless radio 802 11n 5 0 GHz mesh show config Displays the connection list configuration status Shows the available mesh connection status ...

Page 456: ...t Description Defines mesh parameters for the 802 11n 5 0 GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh set auto select enable admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable set auto select Enables or disables auto select mesh connections ...

Page 457: ...11n 5 0 GHz mesh add Description Adds a 802 11n 5 0 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh add 2 AA21DCDD12DE add priority Defines the connection priority 1 16 mac Sets the access point MAC address ...

Page 458: ... 11n 5 0 GHz mesh delete Description Deletes a 802 11n 5 0 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh delete 2 delete idx Deletes a mesh connection by specified index 1 16 all Removes all mesh connections ...

Page 459: ... submenu The items available under this command include show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an existing QoS policy delete Removes an existing QoS policy Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 460: ...ept admin network wireless qos show policy 1 Policy Name Default Support Voice Prioritization disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode disable WMM QOS Parameter Set 11ag default For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5 42...

Page 461: ... policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voice 11b voice or manual for advanced users cwmin access category index Defines Minimum Contention Window CW Min for specified access categoiry and index cwmax access category index Defines Maximum Contention Window CW Max...

Page 462: ...ta type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voice 11b voice or manual for advanced users cwmin access category index Defines the Minimum Contention Window CW Min for specified access categoiry and index cwmax access category index Defines the...

Page 463: ...cy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5 42 delete qos name all Deletes the specified QoS polciy index or all of the policies except default policy ...

Page 464: ...on Displays the access point Rate Limiting submenu The items available under this command include show Displays Rate Limiting information for how data is processed by the access point set Defines Rate Limiting parameters for the access point Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 465: ...g show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN Name WLAN1 ESSID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disable For information on configuring the Rate Limiting options available to the access point using the applet GUI see Configuring MU Rate Limiting on page 5 70 show summary Displays ...

Page 466: ...ate limiting set Description Defines the access point Rate Limiting configuration Syntax For information on configuring the Rate Limiting options available to the access point using the applet GUI see Configuring MU Rate Limiting on page 5 70 set mode mode Enables or disables Rate Limiting ...

Page 467: ...nt access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List submenu active list Goes the Rogue AP Active List submenu rogue list Goes the Rogue AP List submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 468: ...ogue ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Motorola APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 show Displays the current access point Rogue AP det...

Page 469: ...tector Radio Scan disable Auto Authorize Motorola APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 set mu scan mode Enables or disables to permit MUs to scan for rogue APs interval minutes Define an interval for associated MUs t...

Page 470: ...scription Displays the Rogue AP mu scan submenu Syntax add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 471: ...Initiates an MU scan from a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 start mu mac Initiates MU scan from user provided MAC address ...

Page 472: ...wireless rogue ap mu scan show Description Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 show Displays all APs located by the MU scan ...

Page 473: ...AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed list Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 474: ...yntax Example admin network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 show Displays the rogue AP allowed list ...

Page 475: ...less rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 add mac addr ess id Adds an AP MAC address and ESSID to existing allowed list fffffffffffffffff ...

Page 476: ...ription Deletes an AP MAC address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 44 delete idx 1 50 all Deletes an AP MAC address and ESSID or all addresses from the allowed list ...

Page 477: ... the WIPS submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 478: ...WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips show Warning This will display secure information Do you want to continue n y y WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 1 1 1 admin network wireless wips show Displays the WLAN Intrusion Prevention configuration ...

Page 479: ...ription Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip Defines the WLAN Intrusion Prevention Server IP Address for server IPs 1 and 2 ...

Page 480: ...ireless mu locationing Description Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 481: ...show Description Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 admin network wireless mu locationing show Displays the MU probe table configuration ...

Page 482: ...r locating MUs Syntax Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu locationing set Defines the MU probe table configuration mode Enables disables a mu probe scan size Defines the number of MUs in the table the maximum allowed is 200 ...

Page 483: ...e show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and WAN ports advanced Displays interoperaility rules between the LAN and WAN ports Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 484: ...attack filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 bytes max mime headers 16 headers For information on configuring the Firewall options available to the access point using the applet GUI see Confi...

Page 485: ...enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enables or disables the firewall nat timeout interval Defines the NAT timeout value syn mode Enables or disables SYN flood attack check src mode Enables or disables source routing check win mode Enables or disables Winnuke attack ...

Page 486: ...2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settings on page 6 14 show Displays LAN to WAN access rules set Sets LAN to WAN access rules add Adds LAN to WAN exception rules delete Deletes LAN to WAN access exception rules list Displays LAN to WAN access ...

Page 487: ...5535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settings on page 6 14 show Shows advanced subnet access parameters set Sets advanced subnet access parameters import Imports rules from subnet access inb...

Page 488: ...r submenu The items available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined routes list Lists user defined routes Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 489: ...5 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 168 24 0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255 255 0 192 168 24 1 wan 1 Default gateway Interface wan For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 71 show Shows the access point ...

Page 490: ...uring Router Settings on page 5 71 set auth Sets the RIP authentication type none simple or MD5 dir Sets RIP direction rx tx or both id Sets MD5 authetication ID 1 256 for specific index 1 2 key Sets MD5 authetication key up to 16 characters for specified inded 1 2 passwd Sets the password up to 16 characters for simple authentication type Defines the RIP type off ripv1 ripv2 or ripv1v2 dgw iface ...

Page 491: ...gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 71 add dest netmask gw iface metric Adds a route with destination IP address dest IP netmask netmask destination gateway IP address gw interface LAN1 LAN2 or WAN iface and metric set me...

Page 492: ... lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 admin network router For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on...

Page 493: ...gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 71 list Displays a list of user defined routes ...

Page 494: ...s to the Power Settings submenu aap setup Goes to the Adaptive AP Settings submenu access Goes to the access point access submenu where access point access methods can be enabled cmgr Goes the Certificate Manager submenu snmp Goes to the SNMP submenu userdb Goes to the user database submenu radius Goes to the Radius submenu ntp Goes to the Network Time Protocol submenu logs Displays the log file s...

Page 495: ...resetting Are you sure you want to restart the AP 7131N yes no AP 7131N Boot Firmware Version 4 0 0 0 002GDN Copyright c Motorola 2009 All rights reserved Press escape key to run boot firmware Power On Self Test testing ram pass testing nor flash pass testing nand flash pass testing ethernet pass For information on restarting the access point using the applet GUI see Configuring System Settings on...

Page 496: ...stem name AP 7131N system location Atlanta Field Office admin email address johndoe mycompany com system uptime 0 days 4 hours 41 minutes AP 7131N firmware version 4 0 0 0 002GDN country code us ap mode independent serial number 05224520500336 admin system For information on displaying System Settings using the applet GUI see Configuring System Settings on page 4 2 show Displays access point syste...

Page 497: ...rs The access point does not allow intermediate space characters between characters within the system name For example AP7131N sales must be changed to AP7131Nsales to be a valid system name loc loc Sets the access point system location to loc 1 to 59 characters email email Sets the access point admin email address to email 1 to 59 characters cc code Sets the access point country code using two le...

Page 498: ... 160 AP7131N admin system lastpw Description Displays last expired debug password Example admin system lastpw AP 7131N MAC Address is 00 15 70 02 7A 66 Last debug password was motorola Current debug password used 0 times valid 4 more time s admin system ...

Page 499: ... 61 A8 C 157 235 92 179 ether 00 14 22 F3 D7 39 C 157 235 92 248 ether 00 11 25 B2 09 60 C 157 235 92 180 ether 00 0D 60 D0 06 90 C 157 235 92 3 ether 00 D0 2B A0 D4 FC C 157 235 92 181 ether 00 15 C5 0C 19 27 C 157 235 92 80 ether 00 11 25 B2 0D 06 C 157 235 92 95 ether 00 14 22 F9 12 AD C 157 235 92 161 ether 00 06 5B 97 BD 6D C 157 235 92 126 ether 00 11 25 B2 29 64 C admin system ...

Page 500: ...ion on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 show Displays the current power setting configuration set Defines the access point s power setting configuration Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Page 501: ...min system power setup show Power Mode 3af Power Status Mid Power 3af Power Option option 3at Power Option default Default Radio Radio2 admin system power setup For information on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 show Displays the access point s current power configuration ...

Page 502: ...et mode Auto admin system power setup set power option 3af option admin system power setup set def radio 1 For information on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 set mode Sets the power mode to either Auto or 3af power option Defines the power option def radio Defines the radio receiving access port resource priority 1 Radio1 2 Radio2 ...

Page 503: ... on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 show Displays Adaptive AP information set Defines the Adaptive AP configuration delete Deletes static switch address assignments Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current sessi...

Page 504: ... 4 0 0 0 0 IP Address 5 0 0 0 0 IP Address 6 0 0 0 0 IP Address 7 0 0 0 0 IP Address 8 0 0 0 0 IP Address 9 0 0 0 0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Switch disable AC Keepalive 5 Load Balancing enable Current Switch 157 235 22 11 AP Adoption State AAP not adopted admin system aap setup For information on configuring adaptive AP using the applet GUI see Ad...

Page 505: ...sing the applet GUI see Adaptive AP Setup on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 set auto discovery Sets the switch auto discovery mode enable disable ipadr Defines the switch IP address used name Defines the switch name for DNS lookups up to 127 characters port Sets the port passphrase Defines the pass phrase or key for switch c...

Page 506: ... Example admin system aap setup delete 1 admin system aap setup For information on configuring Adaptive AP using the applet GUI see Adaptive AP Setup on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 delete idx Deletes static switch address assignments by selected index all Deletes all assignments ...

Page 507: ...ss point access submenu show Displays access point system access capabilities set Goes to the access point system access submenu Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Page 508: ...nterface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout minutes Inactivity interval resulting in the AP terminating its connection Default is 120 minutes snmp Sets SNMP access parameters for the AP s LAN and WAN ports admin auth Designates a Radius server is used in the authentication verification server ip Specifies the IP address the Remote Dia...

Page 509: ...telnet access enable enable enable cli ssh access enable enable enable snmp access enable enable enable http s timeout 0 ssh server authetnication timeout 120 ssh server inactivity timeout 120 admin authetnication mode local Login Message Mode disable Login Message Related Commands For information on configuring access point access settings using the applet GUI see Configuring Data Access on page ...

Page 510: ...ads a Self Certificate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded showreq Displays a certificate request in PEM format delprivkey Deletes the private key listprivkey Lists names of private keys expcert Exports the certificaqte file impcert Imports the certificate ...

Page 511: ...vcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management settings using the applet GUI see Managing Certificate Authority CA Certificates on page 4 19 genreq IDname Subject ou OrgUnit on OrgName cn City st State p PostCode cc CCode e Email d Domain i IP sa SAlgo Generates a se...

Page 512: ...f Description Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 4 21 delself IDname Deletes the self certificate named IDname ...

Page 513: ...tificate signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 4 21 loadself IDname Load the self certificate signed by the CA with name IDname ...

Page 514: ...system cmgr listself Description Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 4 21 listself Lists all self certificates that are loaded ...

Page 515: ...sted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 19 loadca Loads the trusted certificate in PEM format only that is pasted into the command line ...

Page 516: ...e 8 178 AP7131N admin system cmgr delca Description Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 19 delca IDname Deletes the trusted certificate ...

Page 517: ...cmgr listca Description Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 19 listca Lists the loaded trusted certificates ...

Page 518: ... showreq Description Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 19 showreq IDname Displays a certificate request named IDname generated from the genreq command ...

Page 519: ...rivkey Description Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 4 21 delprivkey IDname Deletes private key named IDname ...

Page 520: ... system cmgr listprivkey Description Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 19 listprivkey Lists all private keys and displays their certificate associations ...

Page 521: ... delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate delca deletes the root CA certificate listca lists the loaded root CA certificate showreq displays certificate request in PEM format delprivkey deletes the private key listprivkey lists the names of the private keys expcer...

Page 522: ...ate a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate delca deletes the root CA certificate listca lists the loaded root CA certificate showreq displays certificate request in PEM format delprivkey deletes the private key listprivkey lists the names o...

Page 523: ...on Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 524: ...scription Displays the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SNMP access entries Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 525: ... Syntax Example admin system snmp access show eid AP 7131N snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 35 show eid Shows the SNMP v3 Engine ID ...

Page 526: ...hars E g 1 3 6 1 v3 user access oid sec auth pass1 priv pass2 user username 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security none auth auth priv auth algorithm md5 sha1 required only if sec is auth auth priv pass1 auth password 8 to 31 chars required only if sec is auth auth priv priv algorithm des aes required only if sec is auth priv pass2 priv...

Page 527: ...dex start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 35 delete acl idx Deletes entry idx 1 10 from the access control list all Deletes all entries from the access control list v1v2c idx Deletes entry idx 1 10 from the v1 v2 configuration list all Deletes all entries from the v1 v2 configuration list v3 idx Delete...

Page 528: ...e read write 1 3 6 1 admin system snmp access list v3 2 Warning This will display secure information Do you want to continue n y y index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password privacy algorithm des privacy password For information on configuring SNMP access settings using the applet GUI see Configuring SNMP A...

Page 529: ...u The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list Lists SNMP trap entries Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 530: ...P Network Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable rogue ap detection disable ap radar detection disable wpa counter measure disable mu hotspot status disable vlan disable lan monitor disable DynDNS Update enable wlan kerb auth failed disable For informati...

Page 531: ...ce trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disables a configuration changes trap rogue ap enable disable Enables disables a trap when a rogue ap is detected ap radar enable disable Enables disables the AP Radar Detection trap wpa counter enable disable Enables disables the WPA counter measure...

Page 532: ...Configuring SNMP RF Trap Thresholds on page 4 42 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port the community string set to comm 1 to 31 characters and the SNMP version set to ver v3 ip port user sec auth pass1 priv pass2 Adds an entry to the SNMP v3 access list with the destination IP address set...

Page 533: ...information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 4 28 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Deletes all entries from the v1v2c access control list v3 idx Deletes entry idx from the v3 access control list all Deletes all entries from the v3 access control list ...

Page 534: ...1 admin system snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level none auth algorithm md5 auth password privacy algorithm des privacy password For information on configuring SNMP traps using the applet GUI see Configuring SNMP RF Trap Thresholds on page 4 42 list v1v2c Li...

Page 535: ...se submenu Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 user Goes to the user submenu group Goes to the group submenu save Saves the configuration to system flash Goes to the parent menu Goes to the root menu ...

Page 536: ...words Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 add Adds a new user delete Deletes a new user clearall Removes all existing user IDs from the system set Sets a password for a user show Displays the current user database configuration save Saves the configuration to system flash Goes to the parent ...

Page 537: ...Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 add Adds a new user ID id and password pw string 8 19 characters to the user database ...

Page 538: ...new user to the user database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 delete Removes a user ID id and password pw string from the user database ...

Page 539: ... IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 clearall Removes all existing user IDs from the system ...

Page 540: ...rd for a user Syntax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 set user pw Sets user id and password pw string 8 19 characters for a specific user ...

Page 541: ...permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 create Creates a group name delete Deletes a group name clearall Removes all existing group names from the system add Adds a user to an existing group remove Removes a user from an existing group show Displays existing groups save Saves the configuration to system flash Goes to the parent menu Moves back to...

Page 542: ...e defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 create Creates a group name string Once defined users can be added to the group ...

Page 543: ...existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 delete Deletes an existing group name string ...

Page 544: ...oves all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 clearall Removes all existing group names from the system ...

Page 545: ...oup Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 add userid group Adds a user userid to an existing group group ...

Page 546: ...ser from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 remove userid group Removes a user userid from an existing group group ...

Page 547: ...rmation Do you want to continue n y y List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 show Displays existing groups and users users Displays configured user IDs for a group groups Displays configured groups ...

Page 548: ... using the applet GUI see Configuring User Authentication on page 6 54 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu client Goes to the client submenu set Sets Radius parameters show Displays Radius parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root ...

Page 549: ...ntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring Radius using the applet GUI see Configuring User Authentication on page 6 54 set Sets the Radius user database show all Displays the Radius user database ...

Page 550: ...uring EAP Radius using the applet GUI see Configuring User Authentication on page 6 54 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defines EAP parameters show Displays the EAP configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 551: ... For information on configuring PEAP Radius using the applet GUI see Configuring User Authentication on page 6 54 set Defines Peap parameters show Displays the Peap configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 552: ...ys Peap parameters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP Radius values using the applet GUI see Configuring User Authentication on page 6 54 set Sets the Peap authentication type show Displays the Peap authentication type ...

Page 553: ...nformation on configuring EAP TTLS Radius values using the applet GUI see Configuring User Authentication on page 6 54 set Defines TTLS parameters show Displays the TTLS configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 554: ...TLS parameters Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS Radius values using the applet GUI see Configuring User Authentication on page 6 54 set Sets the default TTLS authentication type show Displays the TTLS authentication type ...

Page 555: ...ng Radius access policies using the applet GUI see Configuring User Authentication on page 6 54 set Sets a group s WLAN access policy access time Goes to the time based login submenu show Displays the group s access policy save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 556: ...s policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring Radius WLAN policy values using the applet GUI see Configuring User Authentication on page 6 54 set group name wlan name Defines the group s group name WLAN access policy defined as a string delimited by a space ...

Page 557: ...missions Access time is in DayDDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Description system radius policy access time set start time group value group Valid group name value 4 digit value representing HHMM 0000 2359 allowed system radius policy access time ...

Page 558: ... radius policy show Warning This will display secure information Do you want to continue n y y List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configuring Radius WLAN policy values using the applet GUI see Configuring User Authentication on page 6 54 show Displays a group s access policy ...

Page 559: ...ormation on configuring a Radius LDAP server using the applet GUI see Configuring LDAP Authentication on page 6 58 set Defines the LDAP parameters show all Displays existing LDAP parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 560: ...t groupname 0 0 0 0 admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a Radius LDAP server using the applet GUI see Configuring LDAP Authentication on page 6 58 set Defines the LDAP parameters ipadr Sets LDAP IP address binddn Sets LDAP bind distinguished name basedn Sets LDAP base distinguished n...

Page 561: ...AP Base DN 0 trion LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue cn LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass GroupOfUniqueNames uniquemember Ldap UserDn LDAP Group Membership Attribute radiusGroupName admin system radius ldap For information on configuring a Radius LDAP server using the apple...

Page 562: ... Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 61 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets proxy server parameters show Displays current Radius proxy server parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 563: ... add lancelot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 61 add Adds a proxy realm name name Realm name ip1 ip1 Authentication server IP address sec sec Shared secret password ...

Page 564: ... proxy delete Description Adds a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 61 delete name Deletes a realm name ...

Page 565: ...records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 61 clearall Removes all proxy server records from the system ...

Page 566: ...dius proxy set delay 10 admin system radius proxy set count 5 admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 61 set Sets Radius proxy server parameters delay Defines retry delay time in seconds for the proxy server count Defines retry count value for the proxy server ...

Page 567: ...nt values using the applet GUI see Configuring the Radius Server on page 6 54 add Adds a Radius client to list of available clients delete Deletes a Radius client from list of available clients show Displays a list of configured clients save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Page 568: ...us server Syntax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 54 add Adds a proxy ip ip Client s IP address mask ip1 Network mask address of the client secret sec Shared secret password ...

Page 569: ...the Radius server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 54 delete ip Removes a specified Radius client ipadr from those available to the Radius server ...

Page 570: ...us client show Warning This will display secure information Do you want to continue n y y Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 54 show Removes a specified Radius client from those available to the Radius server ...

Page 571: ...ccurately on the access point Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 44 show Shows NTP parameters settings date zone Show date time and time zone zone list Displays list of time zones set Sets NTP parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Page 572: ...me Zone ntp mode enable preferred Time server ip 203 21 37 18 preferred Time server port 123 first alternate server ip 203 21 37 19 first alternate server port 123 second alternate server ip 0 0 0 0 second alternate server port 123 synchronization interval 15 minutes For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 44 show Shows all NTP se...

Page 573: ...me and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone UTC For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 44 date zone Show date time and time zone ...

Page 574: ...iption Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 44 zone list Displays list of time zone indexes for every known zone ...

Page 575: ...onfiguring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 44 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address intrvl period Defines the clock synchronization interval used between the access point and the NTP server in minutes 15 65535 time time Sets the current system time yyyy year mm month dd day of the month hh hour of the day ...

Page 576: ...ogs Description Displays the access point log submenu Logging options include Syntax show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log Goes to the parent menu Goes to the root menu save Saves configuration to system flash quit Quits the CLI ...

Page 577: ...ings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 48 show Displays the current access point logging configuration ...

Page 578: ...tion on configuring logging settings using the applet GUI see Logging Configuration on page 4 48 set level level Sets the level of the events that will be logged All events with a level at or above level L0 L7 will be saved to the system log L0 Emergency L1 Alert L2 Critical L3 Errors L4 Warning L5 Notice L6 Info default setting L7 Debug mode mode Enables or disables syslog server logging ipadr ip...

Page 579: ...16 01 none CC 4 16pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16 16 13 none klogd ps log fc queue maintenance Jan 7 16 16 44 none klogd ps log fc queue maintenance Jan 7 16 17 15 none klogd ps log fc q...

Page 580: ...7131N admin system logs delete Description Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 48 delete Deletes the access point system log file ...

Page 581: ...ial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exports access point configuration to a designated system import Imports configuration to the access point transfer_keys Exports SSH keys to turn off interactive mode Goes to the parent menu Goes to the root menu save Saves the configuration to access point...

Page 582: ...tory default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 50 default Restores the access point to the original factory configuration ...

Page 583: ...ettings are uneffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP 7131N yes no For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 50 default Restores a partial access point configuration ...

Page 584: ...yntax Example admin system config show Warning This will display secure information Do you want to continue n y y cfg filename cfg txt cfg filepath sftp server ip address 192 268 0 10 sftp user name For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 50 show Shows all import export parameters ...

Page 585: ... function X wips wlan where X is 1 or 2 is never be generated For configuration file import the legacy command set rf function X wips wlan is processed as it has historically There is no CLI menu allowing the user to enter set rf function X wips wlan where X is 1 or 2 Instead the command set radio configX where X is 1 2 3 4 5 6 7 or 8 is created in the configuration files for export For informatio...

Page 586: ... File transfer Done Export Operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 50 export sftp Exports the access point configuration to the SFTP server Use the set command to set the server user password and file name before using this command CAUTION Make sure a copy of the access point s current c...

Page 587: ... Importing Exporting Configurations on page 4 50 import sftp Imports the access point configuration file from the SFTP server Use the set command to set the server user password and file CAUTION A single radio model access point cannot import export its configuration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radio ...

Page 588: ...s Description Exports SSH keys in order to turn off interactive mode Syntax Example admin system config transfer_keys Transfer of ssh public key in progress ssh cxonnexct to host 157 235 112 21 port 22 Done admin system config transfer_keys Exports SSH keys in order to turn off interactive mode xx ...

Page 589: ...ccessfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings set Defines the access point firmware update parameters update Executes the firmware update Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits th...

Page 590: ... fw update show Warning This will display secure information Do you want to continue n y y firmware filename apn bin firmware path sftpboot sftp server ip address 168 197 2 2 sftp user name jsmith For information on updating access point device firmware using the applet GUI see Updating Device Firmware on page 4 53 show Shows the current system firmware update settings for the access point ...

Page 591: ... 22 admin system fw update set user mudskipper For information on updating access point device firmware using the applet GUI see Updating Device Firmware on page 4 53 set file name Defines the firmware file name 1 to 39 characters path path Specifies a path for the file 1 to 39 characters server ip The IP address for the SFTP server used for the firmware and or config file update user name Specifi...

Page 592: ...pdating access point device firmware using the applet GUI see Updating Device Firmware on page 4 53 update mode iface Defines the sftp mode used to conduct the firmware update Specifies whether the update is executed over the access point s WAN LAN1 or LAN2 interface iface NOTE The access point must complete the reboot process to successfully update the device firmware regardless of whether the re...

Page 593: ... command are shown below testccmp Performs ccmp self test zeroisekeys Zeroization of critical security parameters showlog Displays the PoST Log File success or error status Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Page 594: ...Reference Guide 8 256 AP7131N admin system fips test testccmp Description Execute this command to perform a ccmp self test Syntax admin system fips test testccmp CCMP Test Passed admin system fips test testccmp Conducts a ccmp self test ...

Page 595: ...new more secure passowrd will then be required Syntax admin system fips test zeroisekeys System will now reset for restoring default configuration After the system restarts you will need to set the country code for correctc operation admin system fips test zeroisekeys Conducts a zeroization of critical security parameters The country code must be supplied to continue with the CLI session ...

Page 596: ...uide 8 258 AP7131N admin system fips test showlog Description Displays the PoST Logs File file success or error state Syntax admin system fips test showlog admin system fips test showlog file Displays the PoST Logs File file success or error state ...

Page 597: ...another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash all leds Starts and stops the flashing of all access point LEDs echo Defines the parameters for pinging a designated station ping Iniates a ping test Moves to the parent menu Goes to the root menu save Saves the current con...

Page 598: ...Statistics Summary on page 7 25 For information on displaying Mesh statistics using the applet GUI see Viewing the Mesh Statistics Summary on page 7 32 For information on displaying Known AP statistics using the applet GUI see Viewing Known Access Point Statistics on page 7 34 show wan Displays stats for the access point WAN port lan Displays stats for the access point LAN port stp Displays LAN Sp...

Page 599: ...her access point using the applet GUI see Viewing Known Access Point Statistics on page 7 34 send cfg ap index Copies the access point s configuration to the access points within the known AP table Mesh configuration attributes do not get copied using this command and must be configured manually NOTE The send cfg ap command copies all existing configuration parameters except Mesh settings LAN IP d...

Page 600: ... all admin stats For information on copying the access point config to another access point using the applet GUI see Viewing Known Access Point Statistics on page 7 34 send cfg all Copies the access point s configuration to all of the access points within the known AP table NOTE The send cfg all command copies all existing configuration parameters except Mesh settings LAN IP data WAN IP data and D...

Page 601: ... either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access point radio summary information radio1 Clears statistics counters specific to radio1 radio2 Clears statistics counters specific to radio2 all mu Clears all MU statistic counters mu Clears MU statistics counters known ap Cle...

Page 602: ...s Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing Known Access Point Statistics on page 7 34 flash all leds index Defines the Known AP index number of the target AP to flash stop start Begins or terminates the flash activity ...

Page 603: ...r information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters and result set Determines echo test packet data start Begins echoing the defined station Goes to parent menu Goes to root menu quit Quits CLI session ...

Page 604: ...obile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows Mobile Unit Statistics Summary ...

Page 605: ... Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 list Lists echo test parameters and results ...

Page 606: ...he echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 set station mac Defines MU target MAC address request num Sets number of echo packets to transmit 1 539 length num Determines echo packet length in bytes 1 539 data hex Defines the particular packet data ...

Page 607: ...admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 start Initiates the echo test ...

Page 608: ...t to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 ping show Shows Known AP Summary details list Defines ping test packet length set Determines ping test packet data start Begins pinging the defined station Goes to parent menu Goes to root menu quit Quits CLI session ...

Page 609: ...ats ping show Description Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 access point show Shows Known AP Summary Details ...

Page 610: ...g test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 list Lists ping test parameters and results ...

Page 611: ...est 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 set station Defines the AP target MAC address request Sets number of ping packets to transmit 1 539 length Determines ping packet length in bytes 1 539 data Defines the particular packet data ...

Page 612: ...the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 start Initiates the ping test ...

Page 613: ...locate other access points using the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This association process is identical to the access point s current MU association process Once the association and authentication process is complete the wireless client adds the connection as a port on its...

Page 614: ...ocked Once the client bridge establishes at least one wireless connection it begins establishing other wireless connections as it finds them available Thus the client bridge is able to establish simultaneous redundant links A mesh network must use one of the two access point LANs If intending to use the access point for mesh networking support Motorola recommends configuring at least one WLAN of t...

Page 615: ...red preferred connection list The association and authentication process is identical to the MU association process The client access point sends 802 11 authentication and association frames to the base access point The base access point responds as if the client is an actual mobile unit Depending on the security policy the two access point s engage in the normal handshake mechanism to establish k...

Page 616: ...ibed with the following configurations AP 1 base bridge AP 2 repeater both a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the base bridge configuration Therefore when a radio is configured as a repeater AP 2 the base bridge configuration takes effect only after the client bridge connection to AP 1 is established Thus AP 2 k...

Page 617: ...Networking and the Access Point s Two Subnets The access point now has a second subnet on the LAN side of the system This means wireless clients communicating through the same radio can reside on different subnets The addition of this feature adds another layer of complexity to the access point s mesh networking functionality With a second LAN introduced the LAN s Ethernet port and any of the 16 W...

Page 618: ...ation parameters will get sent or saved to other access points However if using the Known AP Statistics screen s Send Cfg to APs functionality auto select and preferred list settings do not get imported 9 2 Configuring Mesh Networking Support Configuring the access point for Mesh Bridging support entails Setting the LAN Configuration for Mesh Networking Support Configuring a WLAN for Mesh Networki...

Page 619: ...onfigured as client bridges or additional base bridges with a higher priority value To define a LAN s Mesh STP Configuration 1 Select Network Configuration LAN from the AP 7131 menu tree 2 Enable the LAN used to support the mesh network Verify the enabled LAN is named appropriately in respect to its intended function in supporting the mesh network 3 Select Network Configuration LAN LAN1 or LAN2 fr...

Page 620: ...ed for a port and to ensure the information is discarded when it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data unit sent This time is equal to 2 seconds sec by default but you can tune the time to be between 1 and 10 sec If you drop the hello time from 2 sec to 1 sec you double the number of bridge protocol data unit...

Page 621: ...r mesh networking support Motorola recommends configuring at least one WLAN of the 16 WLANs available specifically for mesh networking support To define the attributes of the WLAN shared by the members of the mesh network 1 Select Network Configuration Wireless from the AP 7131 menu tree The Wireless Configuration screen displays with those existing WLANs displayed within the table 2 Select the Cr...

Page 622: ...t will share when using this WLAN within their mesh network Motorola recommends assigning a unique name to a WLAN supporting a mesh network to differentiate it from WLANs defined for non mesh support The name assigned to the WLAN is what is selected from the Radio Configuration screen for use within the mesh network ...

Page 623: ...Client Bridge Backhaul checkbox to make this WLAN available in the Mesh Network Name drop down menu within the Radio Configuration screen Only WLANs defined for mesh networking support should have this checkbox selected in order to keep the list of WLANs available within the Radio Configuration screen restricted to just WLANs configured specifically with mesh attributes 7 Refer to the Security Pol...

Page 624: ... network see Configuring a WLAN Access Control List ACL on page 5 38 9 Select the Disallow MU to MU Communication checkbox to restrict MUs from interacting with each other both within this WLAN as well as other WLANs Selecting this option could be a good idea if restricting device chatter improves mesh network performance If base bridges and client bridges are added at any given time to extent the...

Page 625: ...this option as it would prevent the AP from answering to blank ESSID probes from other mobile units 12 If there are certain requirements for the types of data proliferating the mesh network select an existing policy or configure a new QoS policy best suiting the requirements of the mesh network To define a new QoS policy select the Create button to the right of the Quality Of Service Policy drop d...

Page 626: ...he dual radio model AP 7131N FGR affords users better optimization of the mesh network feature by allowing the access point to transmit to other access points in base or client bridge mode using one independent radio and transmit with its associated devices using the second independent radio A single radio access point has its channel utilization and throughput degraded in a mesh network as the AP...

Page 627: ...ions for this specific radio displays within the CBs Connected field If this is an existing radio within a mesh network this value updates in real time NOTE With this 4 0 release of the access point firmware a new scheme for radio configuration and WIPS server management has been implemented within the Quick Setup GUI applet Up to eight radio buttons are now available depending on the number radio...

Page 628: ...from non Mesh supported WLANs For more information see Configuring a WLAN for Mesh Networking Support on page 9 9 Once the settings within the Radio Configuration screen are applied for an initial deployment the current number of base bridges visible to the radio displays within the BBs Visible field and the number of base bridges currently connected to the radio displays within the BBs Connected ...

Page 629: ...ear on the Available Base Bridge List there is no way it can be moved to Preferred Base Bridge List as the device has not yet been seen NOTE Auto link selection is based on the RSSI and load The client bridge will select the best available link when the Automatic Link Selection checkbox is selected Motorola recommends you do not disable this option as when enabled the access point will select the ...

Page 630: ...e Radio Configuration screen click Apply to save any changes made within the Advanced Client Bridge Settings screen 15 Click Cancel to undo any changes made within the Advanced Client Bridge Settings screen This reverts all settings for the screen to the last saved configuration 16 If using a dual radio model access point refer to the Mesh Timeout drop down menu from within the Radio Configuration...

Page 631: ...imeout period 45 seconds This allows the client bridge radio 1 to roam without dropping the MU s associated to radio 2 The disadvantage is that radio 2 may beacon for the 45 second timeout period and have to drop associated MU s because radio 1 could not establish its uplink NOTE The Mesh Time Out variable overrides the Ethernet Port Time Out EPTO setting on the LAN page when the access point is i...

Page 632: ...d base bridge and client bridge mode and a client bridge 9 3 1 Scenario 1 Two Base Bridges and One Client Bridge In scenario 1 the following three access point configurations will be deployed within the mesh network AP 1 An active base bridge AP 2 A redundant base bridge AP 3 A client bridge connecting to both AP 1 and AP 2 simultaneously AP 1 and AP 2 will be configured somewhat the same However ...

Page 633: ...Mesh Networking 9 21 2 Assign a Mesh STP Priority of 40000 to LAN1 Interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via DHCP ...

Page 634: ...AP 7131N FGR Access Point Product Reference Guide 9 22 3 Define a mesh supported WLAN 4 Enable base bridge functionality on the 802 11a n radio Radio 2 ...

Page 635: ...Configuring Mesh Networking 9 23 5 Define a channel of operation for the 802 11a n radio ...

Page 636: ...face different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority of 50000 In this example different values are used to force AP 1 to be the forwarding link since it s a small mesh network of only three APs with AP within close proximity of one another NOTE Ensure AP 1 and AP 2...

Page 637: ... 3 1 3 Configuring AP 3 To define the configuration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the LAN1 interface 2 Assign the maximum value 65535 for the Mesh STP Priority ...

Page 638: ... down menu to select the name of the WLAN created in step 3 5 If needed create another WLAN mapped to the 802 11b g n radio if 802 11b g n support is required for MUs on that 802 11 band NOTE This WLAN should not be mapped to any radio Therefore leave both of the Available On radio options unselected NOTE You don t need to configure channel settings on the client bridge AP 3 It automatically finds...

Page 639: ...nt links If member APs are not far apart in physical distance the algorithm intelligently chooses a single hop link to forward data To force APs to use multiple hops for demonstrations use manual links In scenario 2 the following three AP configurations comprise the mesh network AP 1 is a base bridge AP 2 is a repeater client bridge base bridge combination AP 3 is a client b ridge 9 3 2 1 Configur...

Page 640: ...Reference Guide 9 28 9 3 2 2 Configuring AP 2 AP 2 requires the following modifications from AP 2 in the previous scenario to function in base bridge client bridge repeater mode 1 Enable client bridge backhaul on the mesh supported WLAN ...

Page 641: ...on the 802 11a n radio 9 3 2 3 Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Link Selection option Click the Advanced button within the Mesh Client Bridge Settings field ...

Page 642: ...S1 on the 802 11a n radio if each AP The Radio MAC Address the BSSID 1 MAC Address is used for the AP 2 Preferred Base Bridge List Ensure both the AP 1 and AP 2 Radio MAC Addresses are in the Available Base Bridge List Add the AP 2 MAC Address into the Preferred Base Bridge List 3 Determine the Radio MAC Address and BSSID MAC Addresses ...

Page 643: ...ng Mesh Network Functionality for Scenario 2 You now have a three AP demo multi hop mesh network ready to demonstrate Associate an MU on the WLANs configured on the 802 11b g n radio for each AP and pass traffic among the members of the mesh network ...

Page 644: ...lient Bridge Connectivity You have configured three access points in mesh mode one base bridge AP1 one client bridge base bridge AP2 and one client bridge AP3 However the client bridge AP3 is connecting to both AP1 and AP2 and using its link to base bridge AP1 to forward traffic Resolution This is valid behavior you see this when your mesh APs are close enough in proximity so the client bridge can...

Page 645: ... mesh backhaul supported WLAN In fact it is a Motorola recommended practice Mesh Deployment Issue 6 Is my mesh topology complete How can I determine if all my mesh APs are connected and the mesh topology is complete Resolution Each mesh AP has a Known AP Table available in the applet CLI and SNMP All APs whether they are supporting mesh or not periodically exchange ID messages notifying their pres...

Page 646: ...n AP 7131N FGR support wireless firmware updates Mesh Deployment Issue 12 Can I perform firmware configuration file updates with DHCP options Can I use the AP s Automatic Firmware Configuration update functionalities with DHCP Options on the AP for mesh nodes as well Resolution Yes mesh nodes also support Automatic Firmware Configuration updates using DHCP Options Make sure you create DHCP reserva...

Page 647: ...ridges perform periodic background scanning both passively by sniffing the air for beacons and actively by sending Probe Requests Therefore a client bridge automatically detects the presence of a new base bridge or repeater added to the mesh network topology and forms a seam less connection without affecting current operation Mesh Deployment Issue 15 Can a mesh supported AP react to changing RF co...

Page 648: ...AP 7131N FGR Access Point Product Reference Guide 9 36 ...

Page 649: ...its AAP configuration An AAP provides local 802 11 traffic termination local encryption decryption local traffic bridging the tunneling of centralized traffic to the wireless switch An AAP s switch connection can be secured using IP UDP or IPSec depending on whether a secure WAN link from a remote site to the central site already exists The switch can be discovered using one of the following mecha...

Page 650: ...sting infrastructure 10 1 1 Where to Go From Here Refer to the following for a further understanding of AAP operation Adaptive AP Management Licensing Switch Discovery Securing a Configuration Channel Between Switch and AP Adaptive AP WLAN Topology Configuration Updates Securing Data Tunnels between the Switch and AAP Adaptive AP Switch Failure Remote Site Survivability RSS Adaptive Mesh Support F...

Page 651: ... must ensure the license used by the switch supports the number of radio ports both AP300s and AAPs you intend to adopt 10 1 4 Switch Discovery For an access point to function as an AAP regardless of mode it needs to connect to a switch to receive its configuration There are two methods of switch discovery Auto Discovery using DHCP Manual Adoption Configurationv NOTE To support AAP functionality a...

Page 652: ...cryption key to hash passphrases and security keys To obtain the passphrase configure an access point with the passphrase and export the configuration file Code Data Type List of Switch IP addresses separate by comma semi colon or space delimited 188 String Switch FQDN 190 String AP 7131N FGR Encryption IPSec Passphrase Hashed 191 String AP 7131N FGR switch discovery mode 1 auto discovery enable 2...

Page 653: ...yment of the network If the switch is on the access point s LAN ensure the LAN subnet is on a secure channel The AP will connect to the switch and request a configuration 10 1 6 Adaptive AP WLAN Topology An AAP can be deployed in the following WLAN topologies Extended WLANs Extended WLANs are the centralized WLANs created on the switch Independent WLANs Independent WLANs are local to an AAP and ca...

Page 654: ...s with no secure link to the central location an AAP can be configured to use an IPSec tunnel with AES 256 encryption for adoption The tunnel configuration is automatic on the AAP side and requires no manual VPN policy be configured On the switch side configuration updates are required to adopt the AAP using an IPSec tunnel To review a sample AAP configuration see Sample Switch Configuration File ...

Page 655: ...rcing associated MUs to be deauthenticated and the Mesh link will go down MUs are able to quickly associate but the Mesh link will need to be re established before MUs can pass traffic This typically takes about 90 to 180 seconds depending on the size of the mesh topology For an overview of mesh networking and how to configure an access point to support mesh see Configuring Mesh Networking on page...

Page 656: ...me of adoption from the wireless switch Instead the firmware is upgraded using the firmware update procedure manually or using the DHCP Auto Update feature An AAP can use its LAN1 interface or WAN interface for adoption The default gateway interface is set to LAN1 If the WAN Interface is used explicitly configure WAN as the default gateway interface Motorola recommends using the LAN1 interface for...

Page 657: ...traffic is tunneled back to the switch Each extended WLAN is mapped to the access point s LAN1 interface The only traffic between the switch and the AAP are control messages for example heartbeats statistics and configuration updates 10 2 4 Extended WLANs with Independent WLANs An AAP can have both extended WLANs and independent WLANs operating in conjunction When used together MU traffic from ext...

Page 658: ...ter the AP downloads a configuration file from the switch it obtains the version number of the image it should be running The switch does not have the capacity to hold the access point s firmware image and configuration The access point image must be downloaded using a means outside the switch If there is still an image version mismatch between what the switch expects and what the AAP is running t...

Page 659: ...ion on configuring the switch for AAP support see http support symbol com support product manuals do To adopt an AAP on a switch 1 Ensure enough licenses are available on the switch to adopt the required number of AAPs 2 As soon as the AAP displays in the adopted list Adjust each AAP s radio configuration as required This includes WLAN radio mappings and radio parameters WLAN VLAN mappings and WLA...

Page 660: ...uration file consisting of the adaptive parameters pushed to the access point or adopted using DHCP options Each of these adoption techniques is described in the sections that follow 10 4 1 1 Adopting an Adaptive AP Manually To manually enable the access point s switch discovery method and connection medium required for adoption 1 Select System Configuration Adaptive AP Setup from the access point...

Page 661: ...ill begin establishing a connection with the first addresses in the list If unsuccessful the AP will continue down the list in order until a connection is established 4 If a numerical IP address is unknown but you know a switch s fully qualified domain name FQDN enter the name as the Switch FQDN value 5 Select the Enable AP Switch Tunnel option to allow AAP configuration data to reach a switch usi...

Page 662: ...s on page 4 50 For information on updating the access point s firmware see Updating Device Firmware on page 4 53 10 4 1 3 Adopting an Adaptive AP Using DHCP Options An AAP can be adopted to a wireless switch by providing the following options in the DHCP Offer NOTE The manual AAP adoption described above can also be conducted using the access point s CLI interface using the admin system aapsetup c...

Page 663: ...omatic adoption on the switch 1 Select Network Access Port Radios from the switch main menu tree 2 Select the Configuration tab should be displayed be default and click the Global Settings button 3 Ensure the Adopt unconfigured radios automatically option is NOT selected When disabled there is no automatic adoption of non configured radios on the network Additionally default radio settings will NO...

Page 664: ...eckbox designates the WLAN as independent and prevents traffic from being forwarded to the switch Independent WLANs behave like WLANs as used on a a standalone access point Leave this option unselected as is by default to keep this WLAN an extended WLAN a typical centralized WLAN created on the switch NOTE Additionally a WLAN can be defined as independent using the wlan index independent command f...

Page 665: ...Adaptive AP 10 17 Once an AAP is adopted by the switch it displays within the switch Access Port Radios screen under the Network parent menu item as an access point within the AP Type column ...

Page 666: ...d appropriate management and native VLANs are configured The WLAN used for mesh backhaul must always be an independent WLAN The switch configures an AAP If manually changing wireless settings on the AP they are not updated on the switch It s a one way configuration from the switch to the AP An AAP always requires a router between the AP and the switch An AAP can be used behind a NAT An AAP uses UD...

Page 667: ...aa authentication login default none service prompt crash info hostname RFS7000 1 username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f To configure the ACL to be used in the CRYPTO MAP ip access list extended AAP ACL permit ip host 10 10 10 250 any rule precedence 20 spanning tree...

Page 668: ... the AAP change here as well crypto isakmp key 0 12345678 address 255 255 255 255 ip http server ip http secure trustpoint default trustpoint ip http secure server ip ssh no service pm sys restart timezone America Los_Angeles license AP xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxxyxyxyx wireless no adopt unconf radio enable manual wlan mapping enable wlan ...

Page 669: ...9 30 11bg aap7131 radio 1 bss 1 3 radio 1 bss 2 4 radio 1 bss 3 2 radio 1 channel power indoor 11 8 radio 1 rss enable radio add 2 00 15 70 00 79 30 11a aap7131 radio 2 bss 1 5 radio 2 bss 2 1 radio 2 bss 3 2 radio 2 channel power indoor 48 8 radio 2 rss enable radio 2 base bridge max clients 12 radio 2 base bridge enable radio add 3 00 15 70 00 79 12 11bg aap7131 radio 3 bss 1 3 radio 3 bss 2 4 r...

Page 670: ...rypto ipsec transform set AAP TFSET esp aes 256 esp sha hmac mode tunnel To create a Crypto Map add a remote peer set the mode add a ACL rule to match and transform and set to the Crypto Map crypto map AAP CRYPTOMAP 10 ipsec isakmp set peer 255 255 255 255 set mode aggressive match address AAP ACL set transform set AAP TFSET interface ge1 switchport mode trunk switchport trunk native vlan 1 switch...

Page 671: ...ort access vlan 1 interface me1 ip address dhcp interface sa1 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan none switchport trunk allowed vlan add 1 9 100 110 120 130 140 150 160 170 switchport trunk allowed vlan add 180 190 200 210 220 230 240 250 interface vlan1 ip address dhcp To attach a Crypto Map to a VLAN Interface crypto map AAP CRYPTOMAP sole ip route ...

Page 672: ...AP 7131N FGR Access Point Product Reference Guide 10 24 line con 0 line vty 0 24 end ...

Page 673: ...Technical Specifications This appendix provides technical specifications for the following Physical Characteristics Electrical Characteristics Radio Characteristics Country Codes ...

Page 674: ...nsions 5 50 in Depth x 7 88 in Width x 1 38 in Height 14 cm Depth x 20 32 cm Width x 3 5 cm Height Housing Metal plenum rated housing UL2043 Weight 2 7 lbs Operating Temperature 4 F to 122 F 20 C to 50 C Storage Temperature 40 F to 158 F 40 C to 70 C Altitude 8000 ft 2438 m 82 F 28 C Operating 15000 ft 4572 m 53 F 12 C Storage Humidity 5 to 95 RH non condensing Electrostatic Discharge 15kV air 8kV...

Page 675: ...nd 54Mbps 802 11n MCS 0 15 up to 300Mbps Wireless Medium Direct Sequence Spread Spectrum DSSS Orthogonal Frequency Division Multiplexing OFDM Spatial multiplexing MIMO Network Standards 802 11a 802 11b 802 11g 802 3 802 11n Draft 2 0 Maximum Available Transmit Power Maximum available conducted transmit power per chain 2 4Ghz 23dBm Maximum available conducted transmit power all chains 2 4GHz 27 7dB...

Page 676: ...ia AT Morocco MA Bahamas BS Nambia NA Bahrain BH Netherlands NL Barbados BB Netherlands Antilles AN Belarus BY New Zealand NZ Belgium BE Nicaragua NI Bermuda BM Norfolk Island NF Bolivia BO Northern Mariana Islands MP Botswana BW Norway NO Botznia Herzegovina BA Oman OM Brazil BR Pakistan PK Bulgaria BG Panama PA Canada CA Paraguay PY Cayman Islands KY Peru PE Chile CL Philippines PH China CN Pola...

Page 677: ...ds FK Spain ES Finland FI Sri Lanka LK France FR Sweden SE French Guiana GF Switzerland CH Germany DE Taiwan TW Greece GR Thailand TH Guadeloupe GP Trinidad and Tobago TT Guam GU Tunisia TN Guyana GY Turkey TR Haiti HT Ukraine UA Honduras HN UAE AE Hong Kong HK United Kingdom GB Hungary HU USA US Iceland IS Uruguay UY India IN Venezuela VE Indonesia ID Vietnam VN Ireland IE Virgin Islands British ...

Page 678: ...roduct Reference Guide A 6 Italy IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macedonia MK Malaysia MY Malta MT Martinique MQ Country Code Country Code ...

Page 679: ... using a DHCP or Linux BootP Server Configuring an IPSEC Tunnel and VPN FAQs B 1 Configuring Automatic Updates using a DHCP or Linux BootP Server This section provides specific details for configuring either a DHCP or Linux BootP Server to send firmware or configuration file updates to an access point The AutoUpdate feature updates the access point firmware and or configuration automatically when ...

Page 680: ...ly checks the two characters after the third hyphen 01 when making a comparison Change the last two characters to update the configuration The two characters can be alpha numeric B 1 1 Windows DHCP Server Configuration See the following sections for information on these DHCP server configurations in the Windows environment Embedded Options Using Option 43 Global Options Using Extended Standard Opt...

Page 681: ...appropriate directory on the SFTP Server 4 Restart the access point 5 While the access point boots verify the access point Obtains and applies the expected IP Address from the DHCP Server Downloads both the firmware and configuration files from the SFTP Server and updates both as needed Verify the file versions within the System Settings screen B 1 1 2 Global Options Using Extended Standard Option...

Page 682: ...the General tab check all 3 options mentioned within the Extended Options table and enter a value for each option 3 Copy both the firmware and configuration files to the appropriate directory on the SFTP Server Extended Options Code Data type Access point SFTP Server IP Address Note Use any one option 181 186 IP address String Access point Firmware File Name 187 String Access point Config File Nam...

Page 683: ...le versions within the System Settings screen B 1 1 3 DHCP Priorities The following flowchart indicates the priorities used by the access point when the DHCP server is configured for multiple options NOTE If the firmware files are the same the firmware will not get updated If the configuration file name matches the last used configuration file on the access point or if the configuration file versi...

Page 684: ...y if the DHCP Server is configured for options 187 and 67 for the firmware file the access point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global options the embedded options take precedence B 1 2 Linux BootP Server Configuration See the following sections for information on these BootP server configurations in the Linux environment BootP Option...

Page 685: ...et segment 2 Configure the bootptab file etc bootptab on the Linux Unix BootP Server in any one of the formats that follows Using options 186 187 and 188 Using options 66 67 and 129 AP 7131 ha 00a0f88aa6d8 LA N M AC Address sm 255 255 255 0 Subnet M ask ip 157 235 93 128 IP A ddress gw 157 235 93 2 gatew ay T186 157 235 93 250 TFTP Server IP T187 apfw bin Firm w are file T188 cfg txt Configuration...

Page 686: ...36 is provided by the server the access point strips off the SFTP root directory from the fully qualified configuration file name to obtain a relative file name For example if using bf opt sftpdir sftp dist ap cfg and T136 opt sftpdir the config file name is sftp dist ap cfg T136 is only used for this purpose It is NOT used to append to the config file name or the firmware file name If T136 is not...

Page 687: ...ilarly if the BootP Server is configured for options 188 and 129 for the configuration file the AP uses the file name configured for option 188 NOTE If the firmware files are the same the firmware will not get updated If the configuration file name matches the last used configuration file on the access point or if the configuration file versions are the same the access point configuration will not...

Page 688: ...o Access Points Configuring a Cisco VPN Device Frequently Asked VPN Questions B 2 1 Configuring a VPN Tunnel Between Two Access Points The access point can connect to a non AP device supporting IPSec such as a Cisco VPN device labeled as Device 2 For this usage scenario the following components are required 2 access points 1 PC on each side of the access point s LAN To configure a VPN tunnel betwe...

Page 689: ...2 7 Enter the WAN port IP address of AP 2 Device 2 for a Remote Gateway 8 Click Apply to save the changes 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button NOTE For this example Auto IKE Key Exchange is used Any key exchange can be used depending on the security needed as long as both devices on each end of the tunnel are configured exactly the same ...

Page 690: ...r the ESP Type select ESP with Authentication and use AES 128 bit as the ESP encryption algorithm and SH1 as the ESP authentication algorithm Click OK 12 Select the IKE Settings button 13 Select Pre Shared Key PSK from the IKE Authentication Mode drop down menu ...

Page 691: ...y B 2 2 Configuring a Cisco VPN Device This section includes general instructions for configuring a Cisco PIX Firewall 506 series device For the usage scenario described in this section you will require the following 1 Cisco VPN device 1 PC connected to the LAN side of the access point and the Cisco PIX Below is how the access point VPN Status screen should look if the entire configuration is setu...

Page 692: ...AP 7131N FGR Access Point Product Reference Guide B 14 ...

Page 693: ... a wildcard entry of 0 0 0 0 is entered in the Remote Subnet field in the VPN configuration page can the AP access multiple subnets on the other end of a VPN concentrator for the APs LAN WAN side No Using a 0 0 0 0 wildcard is an unsupported configuration In order to access multiple subnets the steps in Question 1 must be followed Question 3 Can the AP be accessed via its LAN interface of AP 1 fro...

Page 694: ...lso make sure you are using NTP when attempting to use the certificate manager Certificates are time sensitive Configure the following on the IKE Settings page Local ID type refers to the way that IKE selects a local certificate to use IP tries the match the local WAN IP to the IP addresses specified in a local certificate FQDN tries to match the user entered local ID data string to the domain nam...

Page 695: ...ault gateway when the two addresses are on the same subnet As a workaround point the access point s WAN default gateway to be the other VPN gateway and vice versa Question 10 I have setup my tunnel and the status still says Not Connected What should I do now VPN tunnels are negotiated on an as needed basis If you have not sent any traffic between the two subnets the tunnel will not get established...

Page 696: ...Question 12 My tunnel works fine when I use the LAN WAN Access page to configure my firewall Now that I use Advanced LAN Access my VPN stops working What am I doing wrong VPN requires certain packets to be passed through the firewall Subnet Access automatically inserts these rules for you when you do VPN Advanced Subnet Access requires these rules to be in effect for each tunnel An allow inbound r...

Page 697: ... should be configured first before other rules are configured Question 13 Do I need to add any special routes on the access point to get my VPN tunnel to work No However clients could need extra routing information Clients on the local LAN side should either use the access point as their gateway or have a route entry tell them to use the access point as the gateway to reach the remote subnet Scr R...

Page 698: ...AP 7131N FGR Access Point Product Reference Guide B 20 ...

Page 699: ...al provides our customers with a wealth of information and online assistance including developer tools software downloads product manuals and online repair requests When contacting the Motorola Support Center please provide the following information serial number of unit model number or product name software type and version number ...

Page 700: ...t for warranty and service information telephone 1 800 653 5350 fax 631 738 5410 Email emb support motorola com International Contacts Outside North America Motorola inc Symbol Place Winnersh Triangle Berkshire RG41 5TP United Kingdom 0800 328 2424 Inside UK 44 118 945 7529 Outside UK ...

Page 701: ...product softwaredownloads do Manuals https support symbol com support product FIPS_and_CC_Compliant_Products html Additional Information Obtain additional information by contacting Motorola at 1 800 722 6234 inside North America 1 516 738 5200 in outside North America http www motorola com ...

Page 702: ...AP 7131N FGR Access Point Product Reference Guide C 4 ...

Page 703: ... placement 2 3 AP 7131N FGR statistical displays 1 17 association process beacon 1 16 RSSI 1 26 available protocols 6 20 B Bandwidth Management 5 69 basic device configuration 3 4 beacon 1 16 CAM stations 1 16 PSP stations 1 16 BSSID 1 10 bullets use of viii C CA certificate 4 19 CAM 1 16 certificate authority 4 19 certificate management 4 19 CLI ACL commands 8 86 CLI common commands 8 3 CLI conne...

Page 704: ... conventions notational vii country codes 4 4 A 4 customer support viii B 1 D data access configuring 4 15 data encryption 1 11 data security 1 11 device firmware 4 54 device settings 3 6 DHCP support 1 18 DHCP advanced settings 5 13 direct sequence spread spectrum 1 25 Document Conventions 1 vii E EAP 1 12 EAP authentication 1 12 electrical characteristics A 2 event logging 1 17 F firewall 1 13 F...

Page 705: ...ations 1 16 beacon 1 16 MU 1 16 Q QoS support 1 11 Quality of Service QoS 1 11 R radio options 1 9 radio retry histogram 7 24 radio statistics 7 18 restore default configuration 4 5 roaming across routers TIM 1 16 rogue AP detection 6 44 rogue AP detection allowed APs 6 48 rogue AP details 6 51 Routing Information Protocol RIP 1 21 S security content filtering 6 41 security firewall 6 15 security ...

Page 706: ...3 transmit power control 1 17 type filter configuration 5 15 V VLAN support 1 14 VLAN configuring 5 5 VLAN management tag 5 8 VLAN name 5 3 VLAN native tag 5 8 Voice prioritization 1 16 VPN 1 13 VPN Tunnels 1 13 VPN auto key settings 6 33 6 34 VPN configuring 6 23 VPN IKE key settings 6 36 VPN manual key settings 6 29 VPN status 6 39 W wall mounting 2 10 WAN port 1 9 WAN configuring 5 16 WAN port ...

Page 707: ......

Page 708: ...MOTOROLA INC 1303 E ALGONQUIN ROAD SCHAUMBURG IL 60196 http www motorola com 72E 126727 01 Revision A September 2009 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands