manualshive.com logo in svg

Symbol AP-51xx, Product Reference Manual, Page: 165 / 622

Share
Download
Symbol AP-51xx Product Reference Manual Download Page 165

Network Management

5-21

5.

Click 

Apply 

to save any changes to the WAN screen. Navigating away from the screen 

without clicking the Apply button results in all changes to the screen being lost.

6.

Click 

Undo Changes

 (if necessary) to undo any changes made. Undo Changes reverts the 

settings displayed on the WAN screen to the last saved configuration.

7.

Click 

Logout 

to securely exit the access point Symbol Access Point applet. A prompt 

displays confirming the logout before the applet is closed.

5.2.1 Configuring Network Address Translation (NAT) Settings

Network Address Translation (NAT) 

converts an IP address in one network to a different IP address or 

set of IP addresses in another network. The access point router maps its local (inside) network 
addresses to WAN (outside) IP addresses, and translates the WAN IP addresses on incoming packets 
to local IP addresses. NAT is useful because it allows the authentication of incoming and outgoing 

Idle Time (seconds)

Specify an idle time in seconds to limit how long the 

access 

point

’s WAN connection remains active after outbound and 

inbound traffic is not detected. The Idle Time field is grayed out if 

Keep-Alive

 is enabled.

Authentication Type

Use the 

Authentication Type

 menu to specify the authentication 

protocol(s) for the WAN connection. Choices include 

None,

 

PAP or 

CHAP, PAP,

 or 

CHAP.

Password Authentication Protocol (PAP)

 and 

Challenge Handshake 

Authentication Protocol (CHAP) 

are competing identify-verification 

methods.

PAP

 sends a username and password over a network to a server 

that compares the username and password to a table of authorized 
users. If the username and password are matched in the table, 
server access is authorized. WatchGuard products do not support 
the PAP protocol because the username and password are sent as 
clear text that a hacker can read.

CHAP 

uses secret information and mathematical algorithms to 

send a derived numeric value for login. The login server knows the 
secret information and performs the same mathematical 
operations to derive a numeric value. If the results match, server 
access is authorized. After login, one of the numbers in the 
mathematical operation is changed to secure the connection. This 
prevents any intruder from trying to copy a valid authentication 
session and replaying it later to log in.

Summary of Contents for AP-51xx

Page 1: ...AP 51xx Access Point Product Reference Guide...

Page 2: ......

Page 3: ...AP 51xx Access Point Product Reference Guide 72E 92949 01 Revision A January 2007...

Page 4: ......

Page 5: ...k from a licensed program or use a licensed program in a network without written permission from Symbol The user agrees to maintain Symbol s copyright notice on the licensed programs delivered hereund...

Page 6: ......

Page 7: ...ns viii Service Information viii Chapter 1 Introduction New Features 1 2 Mesh Networking 1 2 Additional LAN Subnet 1 3 On board Radius Server Authentication 1 4 Hotspot Support 1 4 Routing Information...

Page 8: ...Encryption 1 12 WPA2 CCMP 802 11i Encryption 1 12 Firewall Security 1 13 VPN Tunnels 1 13 Content Filtering 1 13 VLAN Support 1 13 Multiple Management Accessibility Options 1 14 Updatable Firmware 1...

Page 9: ...Options 2 9 AP 5131 Power Options 2 9 AP 5181 Power Options 2 9 Symbol Power Injector and Power Tap Systems 2 10 Installing the Power Injector or Power Tap 2 10 Preparing for Site Installation 2 11 C...

Page 10: ...2 Configuring Data Access 4 6 Managing Certificate Authority CA Certificates 4 10 Importing a CA Certificate 4 10 Creating Self Certificates for Accessing the VPN 4 13 Creating a Certificate for Onboa...

Page 11: ...ent Settings 5 63 Configuring Router Settings 5 65 Setting the RIP Configuration 5 66 Chapter 6 Configuring Access Point Security Configuring Security Options 6 2 Setting Passwords 6 3 Resetting the A...

Page 12: ...ser Access Policy 6 74 Chapter 7 Monitoring Statistics Viewing WAN Statistics 7 2 Viewing LAN Statistics 7 6 Viewing a LAN s STP Statistics 7 10 Viewing Wireless Statistics 7 12 Viewing WLAN Statistic...

Page 13: ...Commands 8 90 Network Quality of Service QoS Commands 8 107 Network Bandwith Management Commands 8 112 Network Rogue AP Commands 8 115 Network Firewall Commands 8 125 Network Router Commands 8 130 Sy...

Page 14: ...Mesh Networking Support 9 9 Configuring the Access Point Radio for Mesh Support 9 13 Usage Scenario Trion Enterprises 9 20 Trion s Initial Deployment 9 20 Adding 2 Client Bridges to Expand the Coverag...

Page 15: ...sing Extended Standard Options B 4 DHCP Priorities B 5 Linux BootP Server Configuration B 6 BootP Options B 7 BootP Priorities B 9 Configuring an IPSEC Tunnel and VPN FAQs B 9 Configuring a VPN Tunnel...

Page 16: ...AP 51xx Access Point Product Reference Guide xii...

Page 17: ...model access points For the purposes of this guide the devices will be called AP 51xx or the generic term access point when identical conifiguration activities are applied to both models Document Con...

Page 18: ...Symbol Customer Support Refer to Appendix C for contact information Before calling have the model number and serial number at hand If the problem cannot be solved over the phone you may need to retur...

Page 19: ...onstructed to support outdoor installations while the AP 5131 model is constructed primarily for indoor deployments The AP 5131 is available in numerous single and dual radio SKUs while an AP 5181 is...

Page 20: ...w features have been introduced to the existing feature set Mesh Networking Additional LAN Subnet On board Radius Server Authentication Hotspot Support Routing Information Protocol RIP Manual Date and...

Page 21: ...in client bridge mode can establish up to 3 simultaneous wireless connections with other AP 5131s or AP 5181s A client bridge always initiates the connections and the base bridge is always the accepto...

Page 22: ...based on the WLAN configurations For detailed information on configuring the access point for AAA Radius Server support see Configuring User Authentication on page 6 64 1 1 4 Hotspot Support The acce...

Page 23: ...nt time using a Year Month Day HH MM SS format For detailed information on manually setting the access point s system time see Configuring Network Time Protocol NTP on page 4 36 1 1 7 Dynamic DNS The...

Page 24: ...figurable WLANs Support for 4 BSSIDs per Radio Quality of Service QoS Support Industry Leading Data Security VLAN Support Multiple Management Accessibility Options Updatable Firmware Programmable SNMP...

Page 25: ...rnet device when connected to the LAN port For detailed information on configuring the access point LAN port see Configuring the LAN Interface on page 5 1 A Wide Area Network WAN is a widely dispersed...

Page 26: ...ies of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable for wireless networking Roaming users can be handed off from one access point to anot...

Page 27: ...m the access point QoS implementation The WiFi Multimedia QOS Extensions WMM implementation used by the access point shortens the time between transmitting higher priority data traffic and is thus des...

Page 28: ...is necessary Symbol uses the Kerberos authentication service protocol specified in RFC 1510 to authenticate users clients in a wireless network environment and to securely distribute the encryption k...

Page 29: ...la for scrambling the data A key is the specific code used by the algorithm to encrypt or decrypt the data Decryption is the decoding and unscrambling of received encrypted data The same device host c...

Page 30: ...knesses of WEP by including a per packet key mixing function a message integrity check an extended initialization vector with sequencing rules a re keying mechanism WPA uses an encryption method calle...

Page 31: ...p is extended from one LAN across the public network to another LAN without sacrificing security A VPN behaves like a private network however because the data travels through the public network it nee...

Page 32: ...le imported via FTP or TFTP MIB Management Information Base Command Line Interface CLI accessed via RS 232 or Telnet Use the access point DB 9 serial port for direct access to the command line interfa...

Page 33: ...in obscure locations In the past a dedicated power source was required for each access point in addition to the Ethernet infrastructure This often required an electrical contractor to install power dr...

Page 34: ...normally receive over other data traffic Voice prioritization allows the access point to assign priority to voice traffic over data traffic and if necessary assign legacy voice supported devices non W...

Page 35: ...ss point has a configurable power level for each radio This enables the network administrator to define the antenna s transmission power level in respect to the access point s placement or network req...

Page 36: ...on The access point can be set to only accept replies from DHCP or BOOTP servers or both this is the default setting Disabling DHCP disables BOOTP and DHCP and requires network settings to be set manu...

Page 37: ...s A receiving antenna on the MU in the path of the waves absorbs the waves as electrical signals The receiving MU interprets demodulates the signal by reapplying the direct sequence chipping code This...

Page 38: ...es its association statistics The user can configure the ESSID to correspond to up to 16 WLANs on each 802 11a or 802 11b g radio A Wireless Local Area Network WLAN is a data communications system tha...

Page 39: ...a direct sequence system each cell can operates independently Adding cells to the network provides increased coverage area and total system capacity The RS 232 serial port provides a Command Line Int...

Page 40: ...e with an access point based on the following conditions Signal strength between the access pointand MU Number of MUs currently associated with the access point MUs encryption and authentication capab...

Page 41: ...access point functions as a layer 2 bridge similar to Symbol s existing AP 4131 access point The wired uplink can operate as a trunk and support multiple VLANs Up to 16 WLANs can be defined and mappe...

Page 42: ...ser The AP 5131 or AP 5181 downloads site contains the following 2 MIB files Symbol CC WS2000 MIB 2 0 standard Symbol MIB file Symbol AP 5131 MIB AP 5131 AP 5181 MIB file Make configuration changes to...

Page 43: ...Introduction 1 25 BSS2 Base radio MAC address 1 BSS3 Base radio MAC address 2 BSS4 Base radio MAC address 3...

Page 44: ...AP 51xx Access Point Product Reference Guide 1 26...

Page 45: ...tion connecting antennae and applying power Installation procedures vary for different environments See the following sections for more details Precautions Requirements Access Point Placement Power Op...

Page 46: ...l recommends conducting a radio site survey prior to installing the access point A site survey is an excellent method of documenting areas of radio interference and providing a tool for device placeme...

Page 47: ...5131 802 11a g Single Radio Access Point AP 5131 Install Guide Software and Documentation CD ROM Accessories Bag AP 5131 40021 WWR AP 5131 802 11a g Single Radio Access Point AP 5131 Install Guide So...

Page 48: ...or specific information Symbol Part Description AP 5181 13040 WWR 1 AP 5181 802 11a g Dual Radio Access Point 1 AP 5181 Install Guide 1 WEEE Regulatory Addendum 1 set of cable connectors 3 antenna dus...

Page 49: ...age Antenna coverage is analogous to lighting Users might find an area lit from far away to be not bright enough An area lit sharply might minimize coverage and create dark areas Uniform antenna place...

Page 50: ...ormance and signal reception Symbol supports two antenna suites for the AP 5131 One antenna suite supporting the 2 4 GHz band and another antenna suite supporting the 5 2 GHz band Select an antenna mo...

Page 51: ...ctional 8 5 ML 2499 HPA3 01R Omni Directional Antenna 3 3 ML 2499 BYGA2 01R Yagi Antenna 13 9 ML 2452 APA2 01 Dual Band 3 0 NOTE An additional adapter is required to use ML 2499 11PNA2 01 and ML 2499...

Page 52: ...signal reception Symbol supports two antenna suites for the AP 5181 One antenna suite supporting the 2 4 GHz band and another antenna suite supporting the 5 2 GHz band Select an antenna model best su...

Page 53: ...2 PNA5 01R Sector Antenna Dual Band 6 0 2 3 2 4 4 9 5 9 GHz 120 deg Sector Type N connector with pigtail Part Number Antenna Type Nominal Net Gain dBi Description ML 5299 FHPA6 01R Omni Directional An...

Page 54: ...AC power to combine low voltage DC with Ethernet data in a single cable connecting to the access point The access point can only use a Power Injector or Power Tap when connecting the unit to the acce...

Page 55: ...ta source and access point 1 Connect an RJ 45 Ethernet cable between the network data supply host and the Power Injector s Data In or the Power Tap s DATA IN connector 2 Connect an RJ 45 Ethernet cabl...

Page 56: ...ns are complete before supplying power to the access point 2 6 1 3 Power Injector LED Indicators The Power Injector demonstrates the following LED behavior under normal and or problematic operating co...

Page 57: ...o their correct connectors The antenna protection plate cannot be used in a desk mount configuration as the plate only allows antennas to be positioned in a downward orientation 3 Remove the backings...

Page 58: ...3 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Symbol Power Injector and Power...

Page 59: ...ts of Two Phillips pan head self tapping screws ANSI Standard 6 18 X 0 875in Type A or AB Self Tapping screw or ANSI Standard Metric M3 5 X 0 6 X 20mm Type D Self Tapping screw Two wall anchors Securi...

Page 60: ...tandard Symbol 48 Volt Power Adapter Part No 50 24000 050 and line cord installations a Connect RJ 45 Ethernet cable between the network data supply host and the AP 5131 LAN port b Verify the power ad...

Page 61: ...optional To install the AP 5131 on a ceiling T bar 1 If required loop a safety wire with a diameter of at least 1 01 mm 04 in but no more than 0 158 mm 0625 in through the tie post above the AP 5131 s...

Page 62: ...d line cord installations a Connect RJ 45 Ethernet cable between the network data supply host and the AP 5131 LAN port b Verify the power adapter is correctly rated according the country of operation...

Page 63: ...stallation requires placing the AP 5131 above a suspended ceiling and installing the provided light pipe under the ceiling tile for viewing the rear panel status LEDs of the unit An above the ceiling...

Page 64: ...l to make a hole in the tile the approximate size of the AP 5131 LED light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8 Connect the light pipe to the bottom of the...

Page 65: ...eiling space 15 Cable the AP 5131 using either the Symbol Power Injector solution or an approved line cord and power supply CAUTION Both the Dual and Single Radio model AP 5131s use RSMA type antenna...

Page 66: ...rk data supply host and the AP 5131 LAN port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the pow...

Page 67: ...he following color display and functionality Power Status Solid white indicates the AP 5131 is adequately powered Error Conditions Solid red indicates theAP 5131is experiencing a problem condition req...

Page 68: ...steps to mount the AP 5181 to a 1 5 to 18 inch diameter steel pole or tube using the mounting bracket 1 Fit the edges of the V shaped clamp parts into the slots on the flat side of the rectangular pl...

Page 69: ...using the provided nuts 6 Attach the radio antenna to their correct connectors NOTE The AP 5181 tilt angle may need to be adjusted during the antenna alignment process Verify the antenna polarization...

Page 70: ...e Ensure the cable length from the Ethernet source host to the Power Tap or Power Injector and AP 5181 does not exceed 100 meters 333 ft Neither the Power Tap or Power injector has an On Off power sw...

Page 71: ...mounting bracket 1 Attach the bracket to a wall with flat side flush against the wall see the illustration below Position the bracket in the intended location and mark the positions of the four mounti...

Page 72: ...tween the network data supply host and the Power Tap s DATA IN connector or the Power Injector s Data In connector NOTE Once ready for the final positioning of the access point ensure the RJ45 cable c...

Page 73: ...ector has an On Off power switch Each receives power as soon as AC power is applied For more information on using the see Symbol Power Injector and Power Tap Systems on page 2 10 8 Use the supplied ca...

Page 74: ...iate attention Ethernet Activity Flashing white indicates data transfers and Ethernet activity 802 11a Radio Activity Flickering amber indicates beacons and data transfers over the AP 5131 802 11a rad...

Page 75: ...Adapter Users Guide available from the Symbol Web site for installing drivers and client software if operating in an 802 11a g network environment Refer to the Spectrum24 LA 4121 PC Card LA 4123 PCI A...

Page 76: ...AP 51xx Access Point Product Reference Guide 2 32...

Page 77: ...r options outlined in Hardware Installation See the following sections for more details Installing the Access Point Configuration Options Basic Device Configuration 3 1 Installing the Access Point Mak...

Page 78: ...et and power in one cable to an AP 5131 model access point see Symbol Power Injector and Power Tap Systems on page 2 10 To verify AP 5131 LED behavior once installed see AP 5131 LED Indicators on page...

Page 79: ...P 5131 and AP 5181 model access point an AP 5181 does not have its own MIB 3 3 Default Configuration Changes for the Access Point The following table illustrates the changes made to the access point d...

Page 80: ...point using the access point s LAN port 1 The LAN port default is set to DHCP Connect the access point s LAN port to a DHCP server The access point will receive its IP address automatically 2 To view...

Page 81: ...ation of the access point 3 5 Basic Device Configuration For the basic setup described in this section the Java based Web UI will be used to configure the access point Use the access point s LAN inter...

Page 82: ...uccessful the Change Admin Password window displays Change the password Enter the current password and a new admin password in fields provided and click Apply Once the admin password has been updated...

Page 83: ...e When you change the settings in the Quick Setup screen the values also change within the screen where these parameters also exist Additionally if the values are updated in these other screens the va...

Page 84: ...h country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted To ensure compliance with national and local laws be sure...

Page 85: ...the Internet will be possible MUs cannot communicate beyond the configured subnets b Select the This Interface is a DHCP Client checkbox to enable DHCP for the access point WAN connection This is usef...

Page 86: ...to the ISP b Specify a Username entered when connecting to the ISP When the Internet session begins the ISP authenticates the username c Specify a Password entered when connecting to the ISP When the...

Page 87: ...er client To avoid this ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHCP server For additional access point LAN port configuration options see Configu...

Page 88: ...save any changes to the access point Quick Setup screen Navigating away from the screen without clicking Apply results in all changes to the screens being lost 11 Click Undo Changes if necessary to un...

Page 89: ...gs field displays within the New Security Policy screen 4 Configure the WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys Pass Key Specify a 4 to 32 character pas...

Page 90: ...Key 1 4 fields to specify key numbers The key can be either a hexidecimal or ASCII depending on which option is selected from the drop down menu For WEP 64 40 bit key the keys are 10 hexadecimal chara...

Page 91: ...d the users it supports Refer to the following For detailed information on access point device access SNMP settings network time importing exporting device configurations and device firmware updates s...

Page 92: ...AP 51xx Access Point Product Reference Guide 3 16...

Page 93: ...5 0 or later or Netscape Navigator 6 0 or later To connect to the access point the IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1...

Page 94: ...l NTP Logging Configuration Importing Exporting Configurations Updating Device Firmware 4 1 Configuring System Settings Use the System Settings screen to specify the name and location of the access po...

Page 95: ...the access point supports engineering retail etc System Location Enter the location of the access point The System Location parameter acts as a reminder of where the AP can be found Use the System Nam...

Page 96: ...rrent version of the device firmware Use this information to determine if the access point is running the most recent firmware available from Symbol Use the Firmware Update screen to keep the AP s fir...

Page 97: ...t the Restore Partial Default Configuration button to restore a default configuration with the exception of the current LAN WAN SNMP settings and IP address used to launch the browser If selected a me...

Page 98: ...isable LAN1 LAN2 and or WAN access using the protocols and ports listed If access is disabled this effectively locks out the administrator from configuring the access point using that interface To avo...

Page 99: ...xes to enable access to the access point configuration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI TELNET port 23 Select the LAN1 LAN2 and or WAN checkboxes to enable acces...

Page 100: ...client SSH sends a message through the encrypted channel to request a response from the client The default is 0 and no messages will be sent to the client until a non zero value is set Defining a Kee...

Page 101: ...splay a screen for updating the AP administrator password Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to crea...

Page 102: ...saved configuration 11 Click Logout to securely exit the access point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 4 3 Managing Certificate Authority...

Page 103: ...select the IKE settings to use either RSA or DES certificates For additional information on configuring VPN tunnels see Configuring VPN Tunnels on page 6 36 Refer to your network administrator to obta...

Page 104: ...e displays in the Import a root CA Certificate field 3 Click the Import root CA Certificate button to import it into the CA Certificate list 4 Once in the list select the certificate ID within the Vie...

Page 105: ...hority CA to be signed then import the signed certificate into the management system To create a self certificate 1 Select System Configuration Certificate Mgmt Self Certificates from the access point...

Page 106: ...4 values are required the others optional Key ID Enter a logical name for the certificate to help distinguish between certificates The name can be up to 7 characters in length Subject The required Su...

Page 107: ...ate Request button The generated certificate request displays in Self Certificates screen text box 6 Click the Copy to Clipboard button Signature Algorithm Use the drop down menu to select the signatu...

Page 108: ...dius Server to generate certificates to authenticate MUs for use with the access point In addition a Windows 2000 or 2003 Server is used to sign the certificate before downloading it back to the acces...

Page 109: ...ganization Organization Optionally enter the name of your organization for supporting information for the certificate request City Optionally enter the name of the City where the access point using th...

Page 110: ...ck Next to continue 10 Select the Advanced request checkbox from within the Choose Request Type screen and click Next to continue 11 From within the Advanced Certificate Requests screen select the Sub...

Page 111: ...e from Clipboard button The certificate is now ready to be loaded into the access point s flash memory 17 Click the Import root CA Certificate button from within the CA Certificates screen 18 Verify t...

Page 112: ...re the AP 5131 use the table below to locate the MIB where the feature can be configured NOTE The Symbol AP 5131 MIB contains the majority of the information contained within the Symbol CC WS2000 MIB...

Page 113: ...MIB LAN to WAN Access Symbol CC WS2000 MIB 2 0 Config Import Export Symbol AP 5131 MIB AdvancedLANAccess Symbol CC WS2000 MIB 2 0 MU Authentication Stats Symbol AP 5131 MIB Router Configuration Symbol...

Page 114: ...cess Control sub screen Use the SNMP Access screen to define SNMP v1 v2c community definitions and SNMP v3 user definitions SNMP version 1 v1 provides a strong network management system but its securi...

Page 115: ...lows a remote device to modify settings Symbol recommends considering adding a community definition using a site appropriate name and access level Set up a read write definition at a minimum to facili...

Page 116: ...access allows a remote device to retrieve access point information while read write access allows a remote device to modify access point settings Add Click Add to create a new entry for an SNMP v3 use...

Page 117: ...rd on both pages Access Use the Access pull down list to specify read only R access or read write RW access for a user Read only access permits a user to retrieve access point information while read w...

Page 118: ...4 1 Configuring SNMP Access Control Use the SNMP Access Control screen as launched from the SNMP Access screen to specify which users can read SNMP generated information and if capable modify related...

Page 119: ...an use a read write community definition Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addr...

Page 120: ...e settings for reporting this information Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed S...

Page 121: ...Delete Click Delete to remove a selected SNMP v1 v2c Trap Configuration entry Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SN...

Page 122: ...u to specify a security level of noAuth no authorization AuthNoPriv authorization without privacy or AuthPriv authorization with privacy The NoAuth setting specifies no login authorization or encrypti...

Page 123: ...A prompt displays confirming the logout before the applet is closed 4 4 3 Configuring Specific SNMP Traps Use the SNMP Traps screen to enable specific traps on the access point Symbol recommends defi...

Page 124: ...es unassociated with or gets dropped from one of the access point s WLANs MU denied association Generates a trap when an MU is denied association to a access point WLAN Can be caused when the maximum...

Page 125: ...the IP address associated with that domain being modified Denial of service DOS attempts Generates a trap whenever a Denial of Service DOS attack is detected by the access point firewall A new trap i...

Page 126: ...and the access point s radio and associated MU performance SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field of the SNMP RF Traps screen Thresholds are...

Page 127: ...Enter a minimum threshold for the average bit speed in Mbps Megabits per second Average Signal Enter a minimum threshold for the average signal strength in dBm for each device Average Retries Set a ma...

Page 128: ...s clock to 07 04 59 upon reading a time of 07 04 59 from its designated NTP server Time synchronization is recommended for the access point s network operations For sites using Kerberos authentication...

Page 129: ...g 3 Select the Set Date Time button to display the Manual Date Time Setting screen This screen enables the user to manually enter the access point s system time using a Year Month Day HH MM SS format...

Page 130: ...d one or more specified NTP servers A preferred first alternate and second alternate NTP server cannot be defined unless this checkbox is selected Disable this option uncheck the checkbox if Kerberos...

Page 131: ...ss point managed Local Area Network LAN Use the Logging Configuration screen to set the desired logging level standard syslog levels and view or save the current access point system log To configure e...

Page 132: ...aved in the access point While the AP is in operation log data temporarily resides in memory AP memory is completely cleared each time the AP reboots Logging Level Use the Logging Level drop down menu...

Page 133: ...erge with the configuration of the target access point The exported file can be edited with any document editor if necessary The export function will always export the encrypted Admin User password Th...

Page 134: ...1 version access point Similarly a 1 1 baseline configuration file should not be imported to a 1 0 version access point Importing configuration files between different version access point s results i...

Page 135: ...r must log out of the access point after the operation completes for the changes to take effect Click Yes to continue the operation Click No to cancel the configuration file import Export Configuratio...

Page 136: ...loads exports to be successful pop up messages must be disabled Upload and Apply A Configuration File Click the Upload and Apply A Configuration File button to upload a configuration file to this acce...

Page 137: ...t operation done 2 Import operation failed 3 Export operation failed 4 File transfer in progress 5 File transfer failed 6 File transfer done Auto cfg update Error in applying config Auto cfg update Er...

Page 138: ...are is automatically updated each time firmware versions are found to be different between what is running on the access point and the firmware file located on the server The configuration file is aut...

Page 139: ...1 If a firmware update is required use the Firmware Update screen to specify a filename and define a file location for updating the firmware CAUTION If downgrading firmware from a 1 1 to a 1 0 versio...

Page 140: ...the access point s current configuration to have it available after the firmware is updated 2 Select System Configuration Firmware Update from the access point menu tree 3 Configure the DHCP Options...

Page 141: ...ent between what is running on the access point and the firmware that resides on the server A firmware update will only occur if the access point is reset or when the access point does a DHCP request...

Page 142: ...one of the following error messages will display FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authentication FAIL connection time out FAI...

Page 143: ...tain functionalities may not be available to the user after an upgrade downgrade When downgrading from 1 1 1 1 1 to 1 0 the access point is configured to default values After a downgrade from 1 1 1 1...

Page 144: ...t upgrades a single download will suffice Using Auto Update the access point will automatically update itself twice when upgrading Upgrading from v1 0 to v1 1 v1 1 1 retains existing settings Symbol r...

Page 145: ...Settings 5 1 Configuring the LAN Interface The access point has one physical LAN port supporting two unique LAN interfaces The access point LAN port has its own MAC address The LAN port MAC address i...

Page 146: ...gure the access point LAN interface 1 Select Network Configuration LAN from the access point menu tree 2 Configure the LAN Settings field to enable the access point LAN1 and or LAN2 interface assign a...

Page 147: ...e 6 5 LAN Name Use the LAN Name field to modify the existing name of LAN1 and LAN2 LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port r...

Page 148: ...ices are connected and disconnected on a regular basis Selecting Auto Negotiate disables the Mbps and duplex checkbox options 100 Mbps Select this option to establish a 100 Mbps data transfer rate for...

Page 149: ...ten referred to as memberships for individual WLANs Both methods have their advantages and disadvantages Static VLAN membership is perhaps the most widely used method because of the relatively small a...

Page 150: ...s point and carry traffic for all those VLANs Trunking is a function that must be enabled on both sides of a link 3 Select the VLAN Name button The VLAN name screen displays The first time the screen...

Page 151: ...AN between the locations An access point managed infrastructure could provide this connectivity but it requires VLAN numbering be managed carefully to avoid conflicts between two VLANs with the same I...

Page 152: ...LAN1 and LAN2 A trunk port configured with 802 1Q tagging can receive both tagged and untagged traffic By default the access point forwards untagged traffic with the native VLAN configured for the po...

Page 153: ...porting the sales area then WLAN1 should be mapped to sales if a sales VLAN has been already been created 13 Click Apply to return to the VLAN Name screen Click OK to return to the LAN screen Once at...

Page 154: ...mation via this LAN1 or LAN2 connection This is recommended if the access point resides within a large corporate network or the Internet Service Provider ISP uses DHCP This setting is enabled for LAN1...

Page 155: ...the IP address range specified that IP address could still be assigned to another client To avoid this ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHC...

Page 156: ...ed for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more computers than Secondary DNS Server Symbol recommends entering the num...

Page 157: ...nds for available IP addresses using the DHCP Lease Time Seconds parameter An IP address is reserved for re connection for the length of time you specify The default interval is 86400 seconds 4 Click...

Page 158: ...ards The Type Filtering feature prevents specific a potentially unneccesary frames from being processed by the access point in order to improve throughput These include certain broadcast frames from d...

Page 159: ...designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this...

Page 160: ...hanges to the screens being lost 6 Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes 7 Click Logout to securely exit the access point...

Page 161: ...figured as DHCP clients Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the access point and a larger network or outside world through the WAN port Disable...

Page 162: ...address uses a series of four numbers expressed in dot notation for example 190 188 12 1 Subnet Mask Specify a subnet mask for the access point s WAN connection This number is available from the ISP f...

Page 163: ...he IP address is a numerical non DNS name Refresh Click the Refresh button to update the network address information displayed within the WAN IP Configuration field Auto Negotiation Select the Auto Ne...

Page 164: ...currently using or deploying this protocol PPPoE is a data link protocol for dialup connections PPPoE allows a host PC to use a broadband modem DSL for access to high speed data networks Username Spe...

Page 165: ...ins active after outbound and inbound traffic is not detected The Idle Time field is grayed out if Keep Alive is enabled Authentication Type Use the Authentication Type menu to specify the authenticat...

Page 166: ...side subnets One to many mapping with a configurable range of private side IP addresses Ranges can be specified from each of the private side subnets To configure IP address mappings for the access po...

Page 167: ...s field This button displays a screen for mapping the LAN IP addresses that are associated with each subnet Define the NAT Type as none when routable IP addresses are used on the internal network Outb...

Page 168: ...elect 1 to 1 or 1 to Many from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area 4 Configure the Port Forwarding screen to modify the following Add Cli...

Page 169: ...choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter the port number in the Start Port area T...

Page 170: ...and hostname must be specified for domain name information to be updated 3 Enter the DynDNS Username for the account you wish to use for the access point 4 Enter the DynDNS Password for the account y...

Page 171: ...s the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable Within the WLAN roaming users can be handed off from one access poi...

Page 172: ...io designation VLAN ID and security policy of existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configu...

Page 173: ...5 3 1 Creating Editing Individual WLANs If the WLANs displayed within the Wireless Configuration screen do not satisfy your network requirements you can either create a new WLAN or edit the propertie...

Page 174: ...tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlight a WLAN and click the Edit button to modify an existing WLAN Either the New WLAN or Edit...

Page 175: ...ion field as required for the WLAN ESSID Enter the Extended Services Set Identification ESSID associated with the WLAN The WLAN name is auto generated using the ESSID until changed by the user The max...

Page 176: ...each access point can only support a maximum 127 MUs spanned across its 16 available WLANs If you intend to define numerous WLANs ensure each is using a portion of the 127 available MUs and the sum of...

Page 177: ...nu to select the security scheme best suited for the new or revised WLAN Click the Create button to jump to the New Security Policy screen where a new policy can be created to suit the needs of the WL...

Page 178: ...it the access point s ESSID If a hacker tries to find an ESSID via an MU the ESSID does not display since the ESSID is not in the beacon Symbol recommends keeping the option enabled to reduce the like...

Page 179: ...elect Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears with existing policies and their attributes displayed Configuring a WLAN securit...

Page 180: ...defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Symbol recommends using the New MU ACL Policy or Edit...

Page 181: ...Management 5 37 2 Click the Create button to configure a new ACL policy or select a policy and click the Edit button to modify an existing ACL policy The access point supports a maximum of 16 MU ACL p...

Page 182: ...bile Unit Access Control List field to allow or deny MU access to the access point The MU adoption list identifies MUs by their MAC address The MAC address is the MU s unique Media Access Control numb...

Page 183: ...ine the QoS policies for advanced network traffic management and multimedia applications support If the existing QoS policies are insufficient a new policy can be created or an existing policy can be...

Page 184: ...a policy and click the Edit button to modify an existing QoS policy The access point supports a maximum of 16 QoS policies NOTE When the access point is first launched a single QoS policy default is...

Page 185: ...oducts that do not support Wi Fi Multimedia WMM to provide preferred queuing for these VOIP products If the Support Voice Prioritization checkbox is selected the access point will detect non WMM capab...

Page 186: ...he access point s performance 11ag wifi Use this setting for high end multimedia devices that using the s high rate 802 11a or 802 11g radio 11b wifi Use this setting for high end devices multimedia d...

Page 187: ...o a smaller increment for higher priority traffic Reduce the value when traffic on the WLAN is anticipated as being smaller CW Max The contention window maximum value is the maximum amount of time the...

Page 188: ...des a periodic frame exchange between a voice capable MU and the access point during a VoIP call while legacy power management is still utilized for typical data frame exchanges The access point and i...

Page 189: ...unauthenticated users to a specific page specified by the Hotspot provider User authentication Authenticates users using a Radius server Walled garden support Enables a list of IP address not domain...

Page 190: ...P Redirection field to specify how the Login Welcome and Fail pages are maintained for this specific WLAN The pages can be hosted locally or remotely Use Default Files Select the Use Default Files che...

Page 191: ...cted page you need to have a TCP termination locally On receiving the user credentials from the login page the access point connects to a radius server determines the identity of the connected wireles...

Page 192: ...ternal Web server and the access point s WAN IP address should be entered in the White List Enable Accounting Select the Enable Accounting checkbox to enable a Radius Accounting Server used for Radius...

Page 193: ...used for the primary server Pri Server IP Define the IP address of the primary Radius server This is the address of your first choice for Radius server Pri Port Enter the TCP IP port number for the s...

Page 194: ...e is designed so the submit action always posts the login data on the access point To define the White List for a target WLAN 1 Click the White List Entries button from within the WLAN s Hotspot Confi...

Page 195: ...sing a dual radio access point individual 802 11a and 802 11b g radios can be enabled or disabled using the Radio Configuration screen checkboxes The Radio Configuration screen displays with two tabs...

Page 196: ...in real time 3 Select the Base Bridge checkbox to allow the access point radio to accept client bridge connections from other access points in client bridge mode The base bridge is the acceptor of me...

Page 197: ...ttings within the Radio Configuration screen are applied for an initial deployment the current number of base bridges visible to the radio displays within the BBs Visible field and the number of base...

Page 198: ...dio radio 2 is not affected Radio 2 continues to beacon and associate MUs but MU s can only communicate amongst themselves using the access point Disabled is the default value Uplink Detect When Uplin...

Page 199: ...below as a sub menu item under the Radio Configuration menu item Use the radio configuration screen to set the radio s placement properties define the radio s threshold and QoS settings set the radio...

Page 200: ...he country of operation selected for the access point MAC Address The access point like other Ethernet devices has a unique hardware encoded Media Access Control MAC or IEEE address MAC addresses dete...

Page 201: ...channel for the intended country of operation The drop down menu is not available if this option is not selected Automatic Selection When the access point is booted the access point scans non overlap...

Page 202: ...ameter does not apply to access point 802 11a radios Set Rates Click the Set Rates button to display a window for selecting minimum and maximum data transmit rates for the radio At least one Basic Rat...

Page 203: ...The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines how often broadcast frames are delivered for each of the four access po...

Page 204: ...Click the Set RF QoS button to display the Set RF QOS screen to set QoS parameters for the radio Do not confuse with the QoS configuration screen used for a WLAN The Set RF QoS screen initially appea...

Page 205: ...Network Management 5 61 6 Select the Advanced Settings tab to strategically map BSSIDs to WLANs in order to define them as primary WLANs...

Page 206: ...ny changes to the Radio Settings and Advanced Settings screens Navigating away from the screen without clicking Apply results in changes to the screens being lost NOTE If using a single radio access p...

Page 207: ...t Settings The access point can be configured to grant individual WLAN s network bandwidth priority levels Use the Bandwidth Management screen to control the network bandwidth allotted to WLANs Symbol...

Page 208: ...from the access point on a first come first served basis This is the default setting Round Robin Each WLAN receives access point services in turn as long the access point has data traffic to forward W...

Page 209: ...uter s connected routes To access the Router screen 1 Select Network Configuration Router from the access point menu tree 2 Refer to the access point Router Table field to view existing routes NOTE Th...

Page 210: ...interior gateway protocol that specifies how routers exchange routing table information The Router screen also allows the administrator to select the type of RIP and the type of RIP authentication us...

Page 211: ...a mature stable and widely supported protocol It is well suited for use in stub networks and in small autonomous systems that do not have enough redundant paths to warrant the overhead of a more sophi...

Page 212: ...ed specify a password of up to 15 alphanumeric characters in the Password Simple Authentication area None This option disables the RIP authentication Simple This option enable RIP version 2 s simple a...

Page 213: ...the Key 1 field Key 2 is optional Enter any numeric value between 0 and 256 into the MD5 ID area Enter a string consisting of up to 16 alphanumeric characters in the MD5 Auth Key area 6 Click the OK b...

Page 214: ...AP 51xx Access Point Product Reference Guide 5 70...

Page 215: ...teen separate ESSIDs WLANs can be supported on an access point and must be managed if necessary between the 802 11a and 802 11b g radio The user has the capability of configuring separate security pol...

Page 216: ...page 6 16 To configure a security policy supporting KeyGuard see Configuring KeyGuard Encryption on page 6 18 To define a security policy supporting WPA TKIP see Configuring WPA WPA2 Using TKIP on pa...

Page 217: ...default IP address in the address field To connect to the access point the IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1 The defa...

Page 218: ...ptions on page 6 2 to determine which access point security feature to configure next 6 2 1 Resetting the Access Point Password The access point Command Line Interface CLI enables users who forget the...

Page 219: ...swd default 8 Reset the access point by typing the following at the boot prompt reset system When the access point re boots again the password will return to its default value of symbol You can now ac...

Page 220: ...policy does not satisfy the data protection requirements of a specific WLAN a new security policy using the authentication and encryption schemes discussed above can be created To enable an existing...

Page 221: ...EAP button to display the 802 1x EAP Settings field within the New Security Policy screen For specific information on configuring EAP see Configuring 802 1x EAP Authentication on page 6 11 No Encrypt...

Page 222: ...1 To create a security policy supporting WPA2 CCMP see Configuring WPA2 CCMP 802 11i on page 6 24 7 Click Cancel to return to the target WLAN screen without keeping any of the changes made within the...

Page 223: ...Kerberos exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy...

Page 224: ...r A realm name functions similarly to a DNS domain name In theory the realm name is arbitrary However in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with h...

Page 225: ...authentication on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting 802 1x EAP exist they appear within the Security Con...

Page 226: ...licy 5 If using the access point s Internal Radius server leave the Radius Server drop down menu in the default setting of Internal If an external Radius server is used select External from the drop d...

Page 227: ...listen on ports 1812 and 1813 Port 1645 or 1812 is used for authentication Port 1646 or 1813 is used for accounting The ISP or a network administrator needs to confirm the appropriate primary and sec...

Page 228: ...MU Timeout Specify the time in seconds for the access point s retransmission of EAP Request packets The default is 10 seconds If this time is exceeded the authetnication session is terminated Retries...

Page 229: ...iet Period 1 65535 secs Specify an idle time in seconds between MU authentication attempts as required by the authentication server The default is 10 seconds MU Timeout 1 255 secs Define the time in s...

Page 230: ...standard alone offers administrators no effective method to update keys To configure WEP on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If securit...

Page 231: ...s point and its MU to encrypt packets between the two devices Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key can be any alphanumeric string The access point o...

Page 232: ...finalization of WPA TKIP This encryption implementation is based on the IEEE Wireless Fidelity Wi Fi standard 802 11i WPA2 CCMP not KeyGuard offers the highest level of security among the encryption m...

Page 233: ...d by clicking the Edit button To configure a new security policy supporting KeyGuard continue to step 2 2 Click the Create button to configure a new policy supporting KeyGuard The New Security Policy...

Page 234: ...een 8 Click the Cancel button to undo any changes made within the KeyGuard Setting field and return to the WLAN screen This reverts all settings to the last saved configuration Pass Key Specify a 4 to...

Page 235: ...andard AES instead of TKIP AES supports 128 bit 192 bit and 256 bit keys WPA WPA2 also provide strong user authentication based on 802 1x EAP To configure WPA WPA2 encryption on the access point 1 Sel...

Page 236: ...atively rotated on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default...

Page 237: ...character spaces The access point converts the string to a numeric value This passphrase saves the administrator from entering the 256 bit key each time keys are generated 256 bit Key To use a hexade...

Page 238: ...eys the administrator provides are used to derive other keys Messages are encrypted using a 128 bit secret key and a 128 bit block of data The end result is an encryption scheme as secure as any the a...

Page 239: ...on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadca...

Page 240: ...256 bit key each time keys are generated 256 bit Key To use a hexadecimal value and not an ASCII passphrase select the checkbox and enter 16 hexadecimal characters into each of the four fields display...

Page 241: ...rmation packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable Use the access point s Firewall screen to enable or disable the co...

Page 242: ...This includes firewall filters NAT VP content filtering and subnet access Disabling the access point firewall makes the access point vulnerable to data attacks and is not recommended during normal ope...

Page 243: ...network while exploiting the use of an intermediate host to gain access to a private host Winnuke Attack Check A Win nuking attack uses the IP address of a destination host to send junk packets to it...

Page 244: ...et access 1 Select Network Configuration Firewall Subnet Access from the access point menu tree 2 Refer to the Overview table to view rectangles representing subnet associations The three possible col...

Page 245: ...eny all protocols except Use the drop down menu to select either Allow or Deny The selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the t...

Page 246: ...uses TCP port 21 SMTP Simple Mail Transfer Protocol is a TCP IP protocol for sending and receiving email Due to its limited ability to queue messages at the receiving end SMTP is often used with POP3...

Page 247: ...top of Internet Protocol IP networks Unlike TCP IP UDP IP provides few error recovery services UDP offers a way to directly connect and then send and receive datagrams over an IP network ICMP Internet...

Page 248: ...networks across an Internet using globally assigned IP addresses 6 10 2 Configuring Advanced Subnet Access Use the Advanced Subnet Access screen to configure complex access rules and filtering based...

Page 249: ...annot be undone Inbound or Outbound Select Inbound or Outbound from the drop down menu to specify if a firewall rule is intended for inbound traffic to an interface or outbound traffic from that inter...

Page 250: ...is decrypted Source IP The Source IP range defines the origin address or address range for the firewall rule To configure the Source IP range click on the field A new window displays for entering the...

Page 251: ...figuration WAN VPN from the access point menu tree 2 Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels list tunnel network address information and display key exchan...

Page 252: ...column lists a remote gateway IP address for each tunnel The numeric remote gateway is the gateway IP address on the remote network the VPN tunnel connects to Ensure the address is the same as the WAN...

Page 253: ...way address on the remote network the VPN tunnel connects to Default Gateway Displays the WAN interface s default gateway IP address Manual Key Exchange Selecting Manual Key Exchange requires you to m...

Page 254: ...to protect data flow A transform set specifies one or two IPSec security protocols either AH ESP or both and specifies the algorithms to use for the selected security protocol If you specify an ESP p...

Page 255: ...ncryption or authentication keys an error message could display stating the keys provided are weak Some WEP attack tools invoke a dictionary to hack WEP keys based on commonly used words To avoid ente...

Page 256: ...rity check on outbound traffic with the selected authentication algorithm The key must be 32 40 for MD5 SHA1 hexadecimal 0 9 A F characters in length The key value must match the corresponding inbound...

Page 257: ...length of the key is determined by the selected encryption algorithm The key must match the inbound key at the remote gateway ESP Authentication Algorithm Select the authentication algorithm to use w...

Page 258: ...the keys To manually specify keys cancel out of the Auto Key Settings screen select the Manual Key Exchange radio button and set the keys within the Manual Key Setting screen To configure auto key se...

Page 259: ...The Security Association Life Time is the configurable interval used to timeout association requests that exceed the defined interval The available range is from 300 to 65535 seconds The default is 3...

Page 260: ...ption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are required to be manually provided 3DES Selects the 3DE...

Page 261: ...automatically for the parties To configure IKE key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select th...

Page 262: ...symbol com UFQDN Select UFQDN if the local ID is a user fully qualified email such as johndoe symbol com Local ID Data Specify the FQDN or UFQDN based on the Local ID type assigned Remote ID Type Sel...

Page 263: ...thentication mode you must provide a passphrase IKE Encryption Algorithm Select the encryption and authentication algorithms for the VPN tunnel from the drop down menu DES Uses the DES encryption algo...

Page 264: ...configure a VPN tunnel use the VPN configuration screen in the WAN section of the access point menu tree To view VPN status 1 Select Network Configuration WAN VPN VPN Status from the access point menu...

Page 265: ...When the tunnel is not in use the status reads NOT_ACTIVE When the tunnel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each...

Page 266: ...Time Use the Life Time column to view the lifetime associated with a particular Security Association SA Each SA has a finite lifetime defined When the lifetime expires the SA can no longer be used to...

Page 267: ...HTTP is the protocol used to transfer information to and from Web sites HTTP Blocking allows for blocking of specific HTTP commands going outbound on the access point WAN port HTTP blocks commands on...

Page 268: ...he SMTP sender to the SMTP receiver MAIL Initiates a mail transaction where data is delivered to one or more mailboxes on the local server RCPT Recipient Identifies a recipient of mail data DATA Tells...

Page 269: ...ined interval the access point waits to search for rogue APs Additionally the access point does not detect rogue APs on illegal channels channels not allowed by the regulatory requirements of the coun...

Page 270: ...r a rogue AP A longer interval will have less of an impact to the MU s but it will increase the amount of time used to detect rogue APs Therefore the interval should be set according to the perceived...

Page 271: ...n Select the RF On Channel Detection checkbox to enable the access point to detect rogue APs on its current legal channel setting RF Scan by Detector Radio If the access point supports a dual radio SK...

Page 272: ...n the Rogue AP Detection screen inadvertently detect and define a device as a rogue AP To move detected rogue APs into a list of allowed APs 1 Select Network Configuration Wireless Rogue AP Detection...

Page 273: ...e approved AP list permanently 3 Enter a value in minutes in the Rogue APs Age Out Time field to indicate the number of elapsed minutes before an AP will be removed from the rogue AP list and reevalua...

Page 274: ...to the Active APs screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes...

Page 275: ...the device should be defined as an allowed AP ESSID Displays the ESSID of the rogue AP This information could be useful if the ESSID is determined to be non hostile and the device should be defined as...

Page 276: ...on area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the access point menu tree Th...

Page 277: ...n the table is truly a rogue device or one inadvertently detected as a rogue AP 3 If necessary highlight an individual MU from within the Scan Result field and click the Add to Allowed AP List button...

Page 278: ...rmation and user authentication 6 14 1 Configuring the Radius Server The Radius Server screen enables an administrator to define data sources and specify authentication information for the RADIUS Serv...

Page 279: ...orted EAP Type Use the EAP Type checkboxes to enable the default EAP type s for the RADIUS server Options include PEAP Select the PEAP checkbox to enable both PEAP types GTC and MSCHAP V2 available to...

Page 280: ...for data verification MD5 takes as input a message of arbitrary length and produces a 128 bit fingerprint The MD5 algorithm is intended for digital signature applications in which a large file must be...

Page 281: ...use an external LDAP server see Configuring the Radius Server on page 6 64 the LDAP screen is used to configure the properties of the external LDAP server To configure the LDAP server WARNING If you h...

Page 282: ...values in this screen NOTE The LDAP screen displays with unfamiliar alphanumeric characters if new to LDAP configuration Symbol recommends only qualified administrators change the default values displ...

Page 283: ...gin attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory users must use sAMAccountName as their login attribute to successfully log...

Page 284: ...ry count and timeout values CAUTION If using a proxy server for Radius authentication the Data Source field within the Radius server screen must be set to Local If set to LDAP the proxy server will no...

Page 285: ...cal is selected as the Data Source from the Radius Server screen For information on selecting Local as the Data Source see Configuring the Radius Server on page 6 64 To add groups to the User database...

Page 286: ...roups table 3 To remove a group select the group from the table and click the Del Delete key The Users table displays the entire list of users Up to 100 users can be entered here The users are listed...

Page 287: ...he logout before the applet is closed 6 14 4 1 Mapping Users to Groups Once users have been created within the Users screen their access privileges need to be configured for inclusion to one some or a...

Page 288: ...ist on the left and click the Delete button 5 Click the OK button to save your user and group mapping assignments and return to the Users screen 6 14 5 Defining the User Access Policy Refer to the Acc...

Page 289: ...ys with the name of the user group appearing on the top of the screen and the names of existing WLANs displaying within the screen Each WLAN has a checkbox to the left of it for mapping the WLAN to th...

Page 290: ...ssary to undo any changes made Undo Changes reverts the settings displayed on the Access Policy screen to the last saved configuration 7 Click Logout to securely exit the access point Symbol Access Po...

Page 291: ...and 802 11b g radios An advanced radio statistics page is also available to display retry histograms for specific data packet retry information Associated MU stats can be displayed collectively for a...

Page 292: ...iew real time statistics for monitoring the access point activity through its Wide Area Network WAN port The Information field of the WAN Stats screen displays basic WAN information generated from set...

Page 293: ...plays no connection information and statistics To enable the WAN connection see Configuring WAN Settings on page 5 16 HW Address The Media Access Control MAC address of the access point WAN port The W...

Page 294: ...the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted RX Bytes RX bytes are bytes of information received over the WA...

Page 295: ...n a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the WAN connection The displayed number is a cumulative total since the WAN int...

Page 296: ...Transmitted fields of the screen display statistics for the cumulative packets bytes and errors received and transmitted over the LAN1 or LAN2 port since it was last enabled or the access point was l...

Page 297: ...e lists the WLANs using this LAN Either LAN1 or LAN2 as their LAN interface RX Packets RX packets are data packets received over the access point LAN port The number is a cumulative total since the LA...

Page 298: ...access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the LAN port The displayed number is a...

Page 299: ...Monitoring Statistics 7 9 6 Click the Logout button to securely exit the access point Symbol Access Point applet There will be a prompt confirming logout before the applet is closed...

Page 300: ...ge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bridge fails neighboring bridges detect a lack of configuration messaging and initiate a spanning tree recalc...

Page 301: ...ot path cost represents the distance cost from the sending bridge to the root bridge Bridge Max Msg Age The Max Msg Age measures the age of received protocol information recorded for a port and to ens...

Page 302: ...guration message was sent State Displays whether a bridge is forwarding traffic to other members of the mesh network over this port or blocking traffic Each viable member of the mesh network must forw...

Page 303: ...on the access point For information on enabling a WLAN see Enabling Wireless LANs WLANs on page 5 27 MUs Displays the total number of MUs currently associated with each enabled WLAN Use this informat...

Page 304: ...r the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point Total pkts per second Displays the average number of RF packets sent per second...

Page 305: ...RF traffic and throughput The RF Status field displays information on RF signal averages from the associated MUs The Error field displays RF traffic errors based on retries dropped packets and undecr...

Page 306: ...mber of MUs currently associated with the WLAN If this number seems excessive consider segregating MU s to other WLANs if appropriate Pkts per second The Total column displays the average total packet...

Page 307: ...ckets for the last hour Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN The number in black represents this statistic for the last 30 seconds...

Page 308: ...can be displayed as well by selecting a specific radio from within the access point menu tree To view high level access point radio statistics 1 Select Status and Statistics Radio Stats from the acce...

Page 309: ...on page 5 51 MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for each access point radio listed...

Page 310: ...rmation field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and trans...

Page 311: ...e factory and can be found on the bottom of the access point For more information on how access point MAC addresses are assigned see AP 51xx MAC Address Assignment on page 1 24 Radio Type Displays the...

Page 312: ...The Total column displays average throughput on the radio TheRx column displays average throughput in Mbps for packets received The Tx column displays average throughput for packets transmitted The n...

Page 313: ...he last 30 seconds and the number in blue represents MU noise for the last hour If MU noise is excessive consider moving the MU closer to the access point or in area with less conflicting network traf...

Page 314: ...ts screen to assess overall radio performance To display a Retry Histogram screen for an access point radio 1 Select Status and Statistics Radio Stats Radio1 802 11b g Stats Retry Histogram from the a...

Page 315: ...cess point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 Viewing MU Statistics Summary Use the MU Stats Summary screen to display overview statisti...

Page 316: ...sociated MU WLAN Displays the WLAN name each MU is interoperating with Radio Displays the name of the 802 11a or 802 11b g radio each MU is associated with T put Displays the total throughput in Megab...

Page 317: ...ss point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 1 Viewing MU Details Use the MU Details screen to display throughput signal strength and tra...

Page 318: ...g with the AP frequently and for periods of time of two hours HW Address Displays the Media Access Control MAC address for the MU Radio Association Displays the name of the AP MU is currently associat...

Page 319: ...ta rate of the AP if the current bit speed does not meet network requirements For more information see Configuring the 802 11a or 802 11b g Radio on page 5 55 The associated MU must also be set to the...

Page 320: ...n for the selected MU The number in black represents the percentage of packets for the last 30 seconds and the number in blue represents the percentage of packets for the last hour of Undecryptable Pk...

Page 321: ...the Echo Test screen and return to the MU Stats Summary screen 7 5 3 MU Authentication Statistics The access point can access and display authentication statistics for individual MUs To view access p...

Page 322: ...s used to create a list of known wireless bridges To view detected mesh network statistics 1 Select Status and Statistics Mesh Stats from the access point menu tree The Mesh Statistics Summary screen...

Page 323: ...rsion etc This information is used to create a known AP list The list has field indicating the properties of the access point discovered To view detected access point statistics 1 Select Status and St...

Page 324: ...information IP Address The network assigned Internet Protocol address of the located AP MAC Address The unique 48 bit hard coded Media Access Control address known as the devices station identifier T...

Page 325: ...information to determine whether this AP provides better MU association support than the locating access point or warrants consideration as a member of a different mesh network 4 Click the Ping butto...

Page 326: ...is highlighted and the Start Flash button is selected the LEDs on the selected access point flash When the Stop Flash button is selected the LEDs on the selected access point go back to normal operat...

Page 327: ...I 8 1 1 Accessing the CLI through the Serial Port To connect to the access point CLI through the serial port 1 Connect one end of a null modem serial cable to the access point s serial connector 2 Att...

Page 328: ...LI via Telnet To connect to the access point CLI through a Telnet connection 1 If this is your first time connecting to your access point keep in mind the access point uses a static IP WAN address 10...

Page 329: ...this command are shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to the sy...

Page 330: ...gument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forwards...

Page 331: ...nformation on configuring passwords using the applet GUI see Setting Passwords on page 6 3 passwd Changes the admin password for access point access This requires typing the old admin password and ent...

Page 332: ...S Ploicy Default LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 0 0 0 0 LAN1 Mask 0 0 0 0 LAN1 Mask client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP 192 235 1 1 LAN2 Mask 255 255 255 0 LAN2 Mask client WAN Int...

Page 333: ...admin Description Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory struc...

Page 334: ...x admin Description Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in t...

Page 335: ...d appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save command...

Page 336: ...on Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the...

Page 337: ...mmand are shown below lan Goes to the LAN submenu wan Goes to the WAN submenu wireless Goes to the Wireless Configuration submenu firewall Goes to the firewall submenu router Goes to the router submen...

Page 338: ...ons using the applet GUI see Configuring the LAN Interface on page 5 1 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping...

Page 339: ...able Speed 100M Duplex full LAN1 Information LAN Name LAN1 LAN Interface enable 802 11q Trunking disable LAN IP mode DHCP client IP Address 192 168 0 1 Network Mask 255 255 255 255 Default Gateway 192...

Page 340: ...Mask 255 255 255 255 Default Gateway 192 168 1 1 Domain Name Primary DNS Server 192 168 0 2 Secondary DNS Server 192 168 0 3 WINS Server 192 168 0 255 admin network lan For information on displaying L...

Page 341: ...Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trunking over the acce...

Page 342: ...int Product Reference Guide 8 16 Related Commands For information on configuring the LAN using the applet GUI see Configuring the LAN Interface on page 5 1 show Shows the current settings for the acce...

Page 343: ...ccess point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 show Displays the mesh configuration parameters for the access point s LANs set Sets the mesh con...

Page 344: ...lo Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds...

Page 345: ...ut Time seconds 300 LAN2 Mesh Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the ac...

Page 346: ...upport on page 5 5 show Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties of a...

Page 347: ...ID VLAN Name 1 1 VLAN_1 2 2 VLAN_2 3 3 VLAN_3 4 4 VLAN_4 admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static admin n...

Page 348: ...e 8 22 admin network lan wlan mapping show wlan WLAN1 WLAN Name WLAN1 ESSID 101 Radio VLAN Security Policy Default QoS Policy Default For information on displaying the VLAN screens using the applet GU...

Page 349: ...network lan wlan mapping set mode 1 static admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static For information on con...

Page 350: ...r the access point Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Page 351: ...Description Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 5 5 edit name name Modifies an exisiting VLAN name 1 31 cha...

Page 352: ...n network lan wlan mapping delete Description Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 5 5 delete VLANid...

Page 353: ...on Maps an access point VLAN to a WLAN Syntax admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 lan map w...

Page 354: ...ription Maps an access point VLAN to a WLAN Syntax admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 vl...

Page 355: ...e items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static D...

Page 356: ...ting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lea...

Page 357: ...dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet G...

Page 358: ...dmin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding clien...

Page 359: ...192 169 24 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhc...

Page 360: ...ddress IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing cli...

Page 361: ...ilter submenu The items available under this command include e show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry...

Page 362: ...e Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration using...

Page 363: ...nfiguration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page...

Page 364: ...ork wireless type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type fi...

Page 365: ...t Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet type Fo...

Page 366: ...configuration and the access point s current PPPoE configuration set Defines the access point s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can b...

Page 367: ...ation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name JohnDoe PP...

Page 368: ...set wan enable disable Enables or disables the access point WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b...

Page 369: ...figuration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 21 show Displays the access point s current NAT parameters for the specified index...

Page 370: ...7 235 91 2 NAT Type 1 to many One to many nat mapping LAN1 LAN2 Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 admin network wan...

Page 371: ...g mode enable unspecified port fwd ip address 111 223 222 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 21 set...

Page 372: ...see Configuring Network Address Translation NAT Settings on page 5 21 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is the na...

Page 373: ...admin network wan nat list 1 index name prot start port end port internal ip translation port Related Commands For an overview of the NAT options available using the applet GUI see Configuring Networ...

Page 374: ...port start port end port internal ip translation port 1 special tcp 20 21 192 168 42 16 21 Related Commands 1 For an overview of the NAT options available using the applet GUI see Configuring Network...

Page 375: ...the applet GUI see Configuring VPN Tunnels on page 6 36 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all VP...

Page 376: ...Manual proper SPI values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 36 add...

Page 377: ...include DES 3DES AES128 AES192 or AES256 esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on th...

Page 378: ...a name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authenticat...

Page 379: ...8 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway L...

Page 380: ...tail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209 239 16...

Page 381: ...set Description Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI...

Page 382: ...s for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displaying VPN i...

Page 383: ...est IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 6 46 ike...

Page 384: ...ems available under this command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set Sets Dynamic DNS parameters update Sets...

Page 385: ...wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set mode enable disable Enables or disbales the Dynami...

Page 386: ...ent WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the a...

Page 387: ...an dyndns show DynDNS Configuration Mode 157 235 91 231 Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview of...

Page 388: ...trol List ACL submenu to restrict or allow MU access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a or 802 11b g radio is used with specific WLANs...

Page 389: ...ess configuration options available to the using the applet GUI see Enabling Wireless LANs WLANs on page 5 27 show Displays the access point s current WLAN configuration create Defines the parameters...

Page 390: ...Radio available 802 11b g Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 Security Policy Default MU Access Control Default Kerberos User Name 101 Kerb...

Page 391: ...o the access point 802 11b g radio mesh mode Enables or disables the Client Bridge Mesh Backhaul option hotspot mode Enables or disables the Hotspot mode max mu number Defines the maximum number of MU...

Page 392: ...Floor admin network wireless wlan create show acl ACL Policy Name Associated WLANs 1 Default Front Lobby 2 Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy...

Page 393: ...g a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 edit index Edits the properties of an existing WLAN policy show Displays the WLANs pamaters and summary set Edits the s...

Page 394: ...etwork wireless wlan delete Description Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 delete wlan name Dele...

Page 395: ...nfiguring the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 show Show hotspot parameters redirection Goes to the hotspot redirection menu radi...

Page 396: ...1 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Ac...

Page 397: ...ring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 redirection set page loc Sets the hotspot http re direction by index 1 16...

Page 398: ...ax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set Sets the Radius hotspot configuration sho...

Page 399: ...ptions available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set server idx srvr_type ipadr Sets the Radius hotpost server IP address per wlan index 1 16 p...

Page 400: ...condary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Primary Server Secret Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1812 Accounting Server Secret Accoun...

Page 401: ...57 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 white list add rule Adds hotspot wh...

Page 402: ...e security configuration options available to the access point using the applet GUI see Configuring Security Options on page 6 2 show Displays the access point s current security configuration create...

Page 403: ...d Floor 3 Open Manual no encrypt 1st Floor admin network wireless security show policy 1 Policy Name Default Authentication Manual Pre shared key No Authentication Encryption type no encryption Relate...

Page 404: ...AP 51xx Access Point Product Reference Guide 8 78 AP51xx admin network wireless security create Description Defines the parameter of access point security policies...

Page 405: ...ros server sidx 1 primary 2 backup or 3 remote to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in...

Page 406: ...g server IP address adv mu quiet time Set the EAP MU supplicant quiet period to time seconds 1 65535 mu timeout timeout Sets the EAP MU supplicant timeout in seconds 1 255 mu tx time Sets the EAP MU s...

Page 407: ...ables or disabled the broadcast key interval time Sets the broadcast key rotation interval to time in seconds 300 604800 allow wpa2 tkip mode Enables or disables the interoperation with wpa2 tkip clie...

Page 408: ...ailable to the access point using the applet GUI see Configuring Security Options on page 6 2 mixed mode mode Enables or disables mixed mode allowing WPA TKIP clients preauth mode Enables or disables...

Page 409: ...Authentication Manual Pre shared key No Authentication Encryption type no encryption For information on configuring the encryption and authentication options available to the access point using the a...

Page 410: ...ecurity policy Syntax For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 delete se...

Page 411: ...ontrol List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an existi...

Page 412: ...Lobby 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Front Lobby Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For informatio...

Page 413: ...te add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 create show acl name Display...

Page 414: ...access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy ad...

Page 415: ...cription Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 d...

Page 416: ...Radio submenu The items available under this command include e show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 802 11...

Page 417: ...P Clients 6 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable RF Band of Operation 802 11a 5 GHz Wireless AP Configuration Base B...

Page 418: ...ode enable RF Band of Operation 802 11b g 2 4 GHz Wireless AP Configuration Base Bridge Mode enable Max Wireless AP Clients 11 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeou...

Page 419: ...Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 5 51 show Displays 802 11b g radio settings set Defines specific 802 11b g r...

Page 420: ...5920 Radio Type 802 11b g ERP Protection Off Channel Setting user selection Antenna Diversity full Power Level 5 dbm 4 mW 802 11b g mode B Only Basic Rates 1 2 5 5 11 Supported Rates 1 2 5 5 11 Beacon...

Page 421: ...Voice 3 7 1 47 1 504 For information on configuring the Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a or 802 11b g Radio on page 5 55 CAU...

Page 422: ...ble to the access point using the applet GUI see Configuring the 802 11a or 802 11b g Radio on page 5 55 set placement Defines the access point radio placement as indoors or outdoors ch mode Determine...

Page 423: ...anced submenu for the 802 11b g radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11b g radio set Defines advanced parameters for the 802 11...

Page 424: ...configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 11...

Page 425: ...bg advanced set wlan demoroom 1 admin network wireless radio 802 11bg advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access point using the a...

Page 426: ...he items available under this command include Syntax show Displays 802 11a radio settings set Defines specific 802 11a radio parameters advanced Displays the Advanced radio settings submenu mesh Goes...

Page 427: ...ndoor MAC Address 00A0F8715920 Radio Type 802 11a Channel Setting user selection Antenna Diversity full Power Level 5 dbm 4 mW Basic Rates 6 12 24 Supported Rates 6 9 12 18 24 36 48 54 Beacon Interval...

Page 428: ...t Access Category CWMin CWMax AIFSN TXOPs 32 sec TXOPs ms Background 15 1023 7 0 0 000 Best Effort 15 63 3 31 0 992 Video 7 15 1 94 3 008 Voice 3 7 1 47 1 504 For information on configuring Radio 2 Co...

Page 429: ...work wireless radio 802 11bg set qos param set 11a default For information on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 1...

Page 430: ...s the advanced submenu for the 802 11a radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11a radio set Defines advanced parameters for the 8...

Page 431: ...configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio VLA...

Page 432: ...802 11a advanced set wlan demoroom 1 admin network wireless radio 802 11a advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using t...

Page 433: ...of Service QoS submenu The items available under this command include e show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Page 434: ...Vidio Dept admin network wireless qos show policy 1 Policy Name IP Phones Support Legacy Voice Mode disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode di...

Page 435: ...ed with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voice 11...

Page 436: ...data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi...

Page 437: ...ription Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5...

Page 438: ...access point Bandwidth Management submenu The items available under this command include e show Displays Bandwidth Management information for how data is processed by the access point set Defines Ban...

Page 439: ...ntax Example admin network wireless bandwidth show Bandwidth Share Mode First In First Out For information on configuring the Bandwidth Management options available to the access point using the apple...

Page 440: ...ng the Bandwidth Management options available to the access point using the applet GUI see Configuring Bandwidth Management Settings on page 5 63 set mode bw mode Defines bandwidth share mode of First...

Page 441: ...splays the current access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List...

Page 442: ...e ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Symbol APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For inf...

Page 443: ...able Detector Radio Scan disable Detector Radio Band none Auto Authorize Symbol APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP option...

Page 444: ...less rogue ap mu scan Description Displays the Rogue AP mu scan submenu Syntax show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to the parent menu Goes to t...

Page 445: ...rt Description Initiates an MU scan from a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue...

Page 446: ...less rogue ap mu scan show Description Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Page 447: ...lays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed list Goe...

Page 448: ...List Syntax Example admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring the Rogue...

Page 449: ...00A0F83161BB 103 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on c...

Page 450: ...iption Deletes an AP MAC address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue...

Page 451: ...command include show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and WAN...

Page 452: ...k filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood...

Page 453: ...attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enables or disa...

Page 454: ...n wan HTTP tcp 80 80 2 lan wan abc udp 0 0 3 lan wan 123456 ah 1440 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the a...

Page 455: ...4 2 2 2 2 all 1 1 0 0 0 0 deny 255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuri...

Page 456: ...bmenu The items available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined route...

Page 457: ...etric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 168 24 0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255...

Page 458: ...ng the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 65 set auth Sets the RIP authentication type dir Sets RIP direction id Sets MD5 authe...

Page 459: ...tination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Config...

Page 460: ...2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 1...

Page 461: ...nation netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on configur...

Page 462: ...rmation lastpw Displays last debug password exec Goes to a Linux command menu arp Dispalys the access point s arp table access Goes to the access point access submenu where access point access methods...

Page 463: ...fore resetting Are you sure you want to restart the access point yes no access point Boot Firmware Version 1 1 0 0 xxx Copyright c Symbol Technologies Inc 2006 All rights reserved Press escape key to...

Page 464: ...e BldgC system location Atlanta Field Office admin email address johndoe mycompany com system uptime 0 days 4 hours 41 minutes access point firmware version 1 1 0 0 30D country code us serial number 0...

Page 465: ...t GUI see Configuring System Settings on page 4 2 Refer to Appendix A for information on the two character country codes set name name Sets the access point system name to name 1 to 59 characters The...

Page 466: ...for field service use only and should not be used by unqualified personnel Example admin system debug Debug Password access point MAC Address is 00 A0 F8 71 6A 74 Last Password was symbol12 AP51xx adm...

Page 467: ...14 61 A8 C ixp1 157 235 92 179 ether 00 14 22 F3 D7 39 C ixp1 157 235 92 248 ether 00 11 25 B2 09 60 C ixp1 157 235 92 180 ether 00 0D 60 D0 06 90 C ixp1 157 235 92 3 ether 00 D0 2B A0 D4 FC C ixp1 1...

Page 468: ...ion Displays the access point access submenu show Displays access point system access capabilities set Goes to the access point system access submenu Goes to the parent menu Goes to the root menu save...

Page 469: ...s parameters ssh Sets the CLI SSH access parameters auth timout seconds Disables the radio interface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout...

Page 470: ...e enable cli telnet access enable enable enable cli ssh access enable enable enable snmp access enable enable enable http s timeout 0 ssh server authetnication timeout 120 ssh server inactivity timeou...

Page 471: ...Certificate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded showreq...

Page 472: ...ABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management setti...

Page 473: ...ion Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessi...

Page 474: ...tion Loads a self certificate signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the...

Page 475: ...r listself Description Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on p...

Page 476: ...Description Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 loadc...

Page 477: ...P51xx admin system cmgr delca Description Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 delc...

Page 478: ...AP51xx admin system cmgr listca Description Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Page 479: ...escription Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 showreq IDname Displ...

Page 480: ...dmin system cmgr delprivkey Description Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on pa...

Page 481: ...AP51xx admin system cmgr listprivkey Description Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Page 482: ...x admin system cmgr expcert Description Exports the certificaqte file Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 expcer...

Page 483: ...x admin system cmgr impcert Description Imports the target certificate file Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10...

Page 484: ...system snmp Description Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent...

Page 485: ...Displays the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SNMP access...

Page 486: ...e SNMP v3 engine ID Syntax Example admin system snmp access show eid access point snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access setting...

Page 487: ...access set to ro read only or rw read write and the Object Identifier oid a string of 1 127 numbers separated by dot such as 2 3 4 5 6 v3 user access oid sec auth pass1 priv pass2 Adds an SNMP v3 use...

Page 488: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 26 delete acl idx Deletes entry idx 1 10...

Page 489: ...rite 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password privacy algorithm...

Page 490: ...the SNMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries...

Page 491: ...e SNMP Network Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable...

Page 492: ...disable Enables disables the denial of service trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disab...

Page 493: ...g SNMP RF Trap Thresholds on page 4 34 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port the communit...

Page 494: ...delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 4 20 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Del...

Page 495: ...ystem snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level none auth algor...

Page 496: ...correct network time is required for numerous functions to be configured accuaretly on the access point Syntax set show Shows NTP parameters settings date zone Show date time and time zone zone list D...

Page 497: ...p mode enable preferred Time server ip 203 21 37 18 preferred Time server port 123 first alternate server ip 203 21 37 19 first alternate server port 123 second alternate server ip 0 0 0 0 second alte...

Page 498: ...eference Guide 8 172 AP51xx admin system ntp date zone Description Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone date zon...

Page 499: ...nce 8 173 AP51xx admin system ntp zone list Description Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list zone list Displays list of tim...

Page 500: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 36 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines...

Page 501: ...ess point log submenu Logging options include Syntax show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the designated...

Page 502: ...current access point logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring loggin...

Page 503: ...gging Configuration on page 4 39 set level level Sets the level of the events that will be logged All events with a level at or above level L0 L7 will be saved to the system log L0 Emergency L1 Alert...

Page 504: ...6pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf...

Page 505: ...n system logs delete Description Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configuration on page 4...

Page 506: ...ransfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 39 send Sends the system log file via...

Page 507: ...s point configuration partial Restores a partial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exports acce...

Page 508: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Page 509: ...and SNMP settings are uneffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default the access point yes no For information on importing expo...

Page 510: ...configuration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing e...

Page 511: ...ip address 192 168 22 12 ftp user name myadmin ftp password For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 41...

Page 512: ...figuration file Done File transfer In progress File transfer Done Export Operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting...

Page 513: ...operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 41 import ftp Imports the access point configur...

Page 514: ...reboot process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings s...

Page 515: ...are upgrade enable automatic config upgrade enable automatic upgrade interface WAN firmware filename APFW bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name pkeegan ftp pa...

Page 516: ...to mode When enabled updates device configuration file each time the confif file versions are found to be different between the access point and the specified LAN or WAN interface iface wan lan1 lan2...

Page 517: ...ice firmware using the applet GUI see Updating Device Firmware on page 4 46 update mode iface Defines the ftp ot tftp mode used to conduct the firmware update Specifies whether the update is executed...

Page 518: ...nds a config file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash al...

Page 519: ...Summary on page 7 25 For information on displaying Mesh statistics using the applet GUI see Viewing the Mesh Statistics Summary on page 7 32 For information on displaying Known AP statistics using th...

Page 520: ...point config to another access point using the applet GUI see Viewing Known Access Point Statistics on page 7 33 send cfg ap index Copies the access point s configuration to the access points within...

Page 521: ...stats For information on copying the access point config to another access point using the applet GUI see Viewing Known Access Point Statistics on page 7 33 send cfg all Copies the access point s con...

Page 522: ...rs LAN statistics counters all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access point radio summary information...

Page 523: ...xample admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing Known Access...

Page 524: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows the Mobile Unit Statistics Summary list Defines echo test parameter...

Page 525: ...admin stats echo show Description Shows Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo...

Page 526: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Page 527: ...st Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 set station mac Defines MU target MAC address request num Sets number of echo packets t...

Page 528: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Page 529: ...with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 ping show Shows Known AP Summary details list Defines ping test packet length...

Page 530: ...8 204 AP51xx admin stats ping show Description Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 acc...

Page 531: ...ameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known AP tests using...

Page 532: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30...

Page 533: ...est Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For information on Known...

Page 534: ...AP 51xx Access Point Product Reference Guide 8 208...

Page 535: ...te other access points using the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This associ...

Page 536: ...hereby a network loop is not created and then the connection is not blocked Once the client bridge establishes at least one wireless connection it begins establishing other wireless connections as it...

Page 537: ...referred connection list The association and authentication process is identical to the MU association process The client access point sends 802 11 authentication and association frames to the base ac...

Page 538: ...ed with the following configurations AP 1 base bridge AP 2 repeater both a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the b...

Page 539: ...sh Networking and the AP 51xx s Two Subnets The access point now has a second subnet on the LAN side of the system This means wireless clients communicating through the same radio can reside on differ...

Page 540: ...n parameters will get sent or saved to other access points However if using the Known AP Statistics screen s Send Cfg to APs functionality auto select and preferred list settings do not get imported 9...

Page 541: ...Members of the mesh network can be configured as client bridges or additional base bridges with a higher priority value To define a LAN s Mesh STP Configuration 1 Select Network Configuration LAN fro...

Page 542: ...point starts with a default bridge priority of 32768 Maximum Message age The Maximum Message age timer is used with the Message Age timer The Message Age timer is used to measure the age of the receiv...

Page 543: ...ers of the mesh network 1 Select Network Configuration Wireless from the AP 5131 menu tree The Wireless Configuration screen displays with those existing WLANs displayed within the table 2 Select the...

Page 544: ...D and Name to the WLAN that each access point will share when using this WLAN within their mesh network Symbol recommends assigning a unique name to a WLAN supporting a mesh network to differentiate i...

Page 545: ...twork and setting it too high could prohibit other WLANs from granting access to the all the devices needed 6 Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in the Mesh...

Page 546: ...esh network For information on defining an ACL for use with the WLAN assigned to the mesh network see Configuring a WLAN Access Control List ACL on page 5 36 9 Select the Disallow MU to MU Communicati...

Page 547: ...this option as it would prevent the AP from answering to blank ESSID probes from other mobile units 12 If there are certain requirements for the types of data proliferating the mesh network select an...

Page 548: ...e settings are applied within this Radio Configuration screen the NOTE The dual radio model access point affords users better optimization of the mesh network feature by allowing the access point to t...

Page 549: ...connections for this specific radio displays within the CBs Connected field If this is an existing radio within a mesh network this value updates in real time 5 Select the Client Bridge checkbox to e...

Page 550: ...an initial deployment the current number of base bridges visible to the radio displays within the BBs Visible field and the number of base bridges currently connected to the radio displays within the...

Page 551: ...the MAC Address corresponding to that Base Bridge you can add that to the Preferred List using the add button NOTE Auto link selection is based on the RSSI and load The client bridge will select the b...

Page 552: ...hin the Advanced Client Bridge Settings screen 15 Click Cancel to undo any changes made within the Advanced Client Bridge Settings screen This reverts all settings for the screen to the last saved con...

Page 553: ...ht down and stops beaconing after the timeout period 45 seconds This allows the client bridge radio 1 to roam without dropping the MU s associated to radio 2 The disadvantage is that radio 2 may beaco...

Page 554: ...ping yard AP2 is intended to be a client bridge associated to AP1 and be placed on a wall of a receiving shack a remote building in the shipping yard with antennas oriented into the shipping yard AP2...

Page 555: ...ll with the antennas orienting outward into the shipping and receiving yard The team then installs the AP2 on a wall on the receiving shack in the shipping yard The Trion IT department follows the ins...

Page 556: ...Enable checkbox 5 The Trion IT department then selects Network Configuration LAN trion from the AP 5131 menu tree NOTE In this fictional mesh network deployment for Trion Enterprises AP1 and AP2 shou...

Page 557: ...s the Forward Delay the time the access point LAN is spent in a listening and learning state to the factory default of 15 seconds Since only one additional access point is to be added to this point to...

Page 558: ...the Wireless Page they determine the existing default WLAN should be left as is and a new WLAN should be created that can be dedicated to the mesh network supporting the shipping yard 10 The team sel...

Page 559: ...e 14 The team wants to limit the number of MUs connecting to the mesh WLAN Therefore the team sets the Maximum MUs field to 10 and will use the Radio Configuration page to control the number of client...

Page 560: ...elected and the team enters 16 hexadecimal characters into each of the four fields displayed Once completed the Apply button is selected and the access point applet returns to the WLAN screen 21 The t...

Page 561: ...is known to the IT Team they select the Deny drop down menu option as the team wants to deny access to all MAC addresses except their own known range of device MAC addresses 25 The IT team then select...

Page 562: ...he initial 2 AP mesh network deployment 27 The team selects the Use Secure Beacon checkbox from the Edit WLAN screen to not transmit the AP 5131 s ESSID between AP1 and AP2 If a hacker tries to find a...

Page 563: ...ould have proliferated the WLAN the team would have selected 11ag wifi or 11ag voice However since simple data transfers are planned the 11ag default setting is appropriate 34 The IT Team clicks Apply...

Page 564: ...ork Name drop down menu to assign the trion mesh WLAN to the radio 1 client bridge This is the WLAN the AP1 and AP2 radios will use to interoperate with the mesh network devices populating the shippin...

Page 565: ...he addition of two additional access points AP3 and AP4 to be configured as repeaters both client and base bridges Configuring AP3 and AP4 as repeaters entails configuring an AP3 and an AP4 radio as b...

Page 566: ...he instructions in Wall Mounted Installations on page 2 15 to install AP3 and AP4 3 The Trion IT department selects Network Configuration LAN from the AP 5131 menu tree 4 The Trion IT department verif...

Page 567: ...m their default values The team clicks OK from within the Mesh STP Configuration screen and Apply from within the trion LAN1 screen to save the settings The Trion IT team now intends to assign WLANs t...

Page 568: ...1 and AP2 should be able to see AP3 and AP4 as soon as they are deployed 11 The team assigns the name of trion mesh to the WLAN to be consistent with the WLAN supporting mesh networking on AP1 and AP2...

Page 569: ...0 It is assumed all of the existing MU traffic defined for AP1 and AP2 will also be used in the extended coverage area for AP3 and AP4 with no known additions to the MU traffic at this time Thus the I...

Page 570: ...ow the team defined the AP1 and AP2 QoS policy starting on step 25 within Trion s Initial Deployment on page 9 20 The WLAN configuration has now been set for both AP3 and AP4 The team now needs to def...

Page 571: ...ct the Advanced button within the AP3 and AP4 WLAP Client Bridge Settings field 27 The Trion IT Team clicks Apply within both the AP3 and AP4 Radio Configuration screens to complete the mesh network c...

Page 572: ...rage to the outer portion of the shipping yard without having to provide base bridge or repeater support to new members of the mesh network The remaining AP5 and AP5 radio can support shipping yard MU...

Page 573: ...The Trion IT department verifies the LAN used to support the mesh network is enabled for both AP5 and AP6 by selecting the Enable checkbox 5 The Trion IT department then selects Network Configuration...

Page 574: ...guration screen and Apply from within the trion LAN1 screen to save the settings The Trion IT team now intends to assign WLANs to use with the trion LAN that can be dedicated to their mesh network wit...

Page 575: ...of 103 to be consistent with the trion mesh WLAN ESSID of the other four access points within the mesh network 11 The team assigns the name of trion mesh to the WLAN to be consistent with the WLAN sup...

Page 576: ...1 4 and defines an ACL exactly like it for AP5 and AP6 The team also remembers to go to the ACL for AP1 AP3 and AP4 and add AP5 and AP6 in order for each device in the mesh network to communicate with...

Page 577: ...esh WLAN to radio 1 25 As with APs 1 4 the IT Team decides to not select the Advanced button within the WLAP Client Bridge Settings field 26 The Trion IT Team clicks Apply within both the AP5 and AP6...

Page 578: ...cess Point Product Reference Guide 9 44 coverage area But for now the 802 11a radio of both AP5 and AP6 can remain defined as a client bridge to support the outer fringes of the Trion Enterprises ship...

Page 579: ...hnical Specifications This appendix provides technical specifications in the following areas Physical Characteristics Electrical Characteristics Radio Characteristics Antenna Specifications Country Co...

Page 580: ...Plenum Housing UL2043 Weight 1 95 lbs 0 88 Kg single radio model 2 05 lbs 0 93 Kg dual radio model Operating Temperature 20 to 50 Celsius Storage Temperature 40 to 70 Celsius Altitude 8 000 feet 2438...

Page 581: ...40 to 85 Celsius Altitude 8 000 feet 2438 m 28 Celsius operating 15 000 feet 4572 m 12 Celsius storage Vibration Vibration to withstand 02g Hz random sine 20 2k Hz Humidity 5 to 95 operating 5 to 95...

Page 582: ...ever Symbol does recommend the AP PSBIAS 5181 01R model power supply for use the AP 5181 Operating Voltage 48Vdc Nom Operating Current 200mA Peak 48Vdc 170mA Nom 48Vdc Operating Channels 802 11a radio...

Page 583: ...Mbit Sec 802 11b radio 1 2 5 5 11 Mbps Wireless Medium Direct Sequence Spread Spectrum DSSS Orthogonal Frequency Division Multiplexing OFDM CAUTION The antenna models described below are rated just f...

Page 584: ...cessory s connector and cable type plus the length Symbol Part Number Antenna Type Nominal Net Gain dBi ML 5299 WPNA1 01R Panel Antenna 13 0 ML 5299 HPA1 01R Wide Band Omni Directional Antenna 5 0 ML...

Page 585: ...enna Type Nominal Net Gain dBi Description ML 2499 FHPA5 01R Omni Directional Antenna 5 0 2 4 GHz Type N connector no pigtail ML 2499 FHPA9 01R Omni Directional Antenna 9 0 2 4 GHz Type N connector no...

Page 586: ...nna suite includes the following models Part Number Antenna Type Nominal Net Gain dBi Description ML 5299 FHPA6 01R Omni Directional Antenna 7 0 4 900 5 850 GHz Type N connector no pigtail ML 5299 FHP...

Page 587: ...o MA Bahamas BS Netherlands NL Bahrain BH Netherlands Antilles AN Barbados BB New Zealand NZ Belarus BY Nicaragua NI Bermuda BM Norfolk Island NF Belgium BE Norway NO Bolivia BO Oman OM Botswana BW Pa...

Page 588: ...Egypt EG Sri Lanka LK Falkland Islands FK Sweden SE Finland FI Switzerland CH France FR Taiwan TW Germany DE Thailand TH Greece GR Trinidad and Tobago TT Guam GU Turkey TR Guatemala GT Ukraine UA Guin...

Page 589: ...Technical Specifications A 11 Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macedonia MK Malaysia MY Malta MT Martinique MQ...

Page 590: ...AP 51xx Access Point Product Reference Guide A 12...

Page 591: ...using a DHCP or Linux BootP Server Configuring an IPSEC Tunnel and VPN FAQs B 1 Configuring Automatic Updates using a DHCP or Linux BootP Server This section provides specific details for configuring...

Page 592: ...is cfg version 1 1 01 The access point only checks the two characters after the third hyphen 01 when making a comparison Change the last two characters to update the configuration The two characters c...

Page 593: ...ction menu select Set Predefined Options e Add the following 3 new options under AP51xx Options class f Highlight Scope Options from the tree and select Configure Options g Go to the Advanced tab From...

Page 594: ...Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example apfw symbol com From the Action menu select Set Predefined Options b Add the follow...

Page 595: ...rify the file versions within the System Settings screen B 1 1 3 DHCP Priorities The following flowchart indicates the priorities used by the access point when the DHCP server is configured for multip...

Page 596: ...the DHCP Server is configured for options 187 and 67 for the firmware file the access point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global optio...

Page 597: ...thernet segment 2 Configure the bootptab file etc bootptab on the Linux Unix BootP Server in any one of the formats that follows Using options 186 187 and 188 Using options 66 67 and 129 AP 5131 ha 00...

Page 598: ...is provided by the server the access point strips off the TFTP root directory from the fully qualified configuration file name to obtain a relative file name For example if using bf opt tftpdir ftp d...

Page 599: ...e capability to create a tunnel between an access point and a VPN endpoint The access point can also create a tunnel from one access point to another access point The following instruction assumes the...

Page 600: ...ed as Device 2 For this usage scenario the following components are required 2 access points either an AP 5131 or AP 5181 model 1 PC on each side of the access point s LAN To configure a VPN tunnel be...

Page 601: ...Click Apply to save the changes 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button 11 For the ESP Type select ESP with Authentication and use AES 128 bit as the ESP...

Page 602: ...the changes 18 Check the VPN Status screen Notice the status displays NOT_ACTIVE This screen automatically refreshes to get the current status of the VPN tunnel Once the tunnel is active the IKE_STAT...

Page 603: ...o PIX Below is how the access point VPN Status screen should look if the entire configuration is setup correctly once the VPN tunnel is active The status field should display ACTIVE NOTE The Cisco PIX...

Page 604: ...um of 25 tunnels When using the Remote Subnet IP Address with an appropriate subnet mask the AP can access multiple subnets on the remote end For example If creating a tunnel using 192 168 0 0 16 for...

Page 605: ...hentication scheme used The VPN tunnel can be established only when these corresponding keys match Ensure the Inbound Outbound SPI and ESP Authentication Keys have been properly specified Question 5 C...

Page 606: ...l ID type refers to the way that IKE selects a local certificate to use IP tries the match the local WAN IP to the IP addresses specified in a local certificate FQDN tries to match the user entered lo...

Page 607: ...two addresses are on the same subnet As a workaround point the access point s WAN default gateway to be the other VPN gateway and vice versa Question 10 I have setup my tunnel and the status still sa...

Page 608: ...ure my firewall Now that I use Advanced LAN Access my VPN stops working What am I doing wrong VPN requires certain packets to be passed through the firewall Subnet Access automatically inserts these r...

Page 609: ...LAN Access These rules should be configured first before other rules are configured Question 13 Do I need to add any special routes on the access point to get my VPN tunnel to work No However clients...

Page 610: ...s only one LAN port and it is defaulted to DHCP BOOTP enabled The AP 5131 and AP 5181 are optimized for single cell deployment so the customer to use either as a drop in replacement for an existing AP...

Page 611: ...mer Support specialists cannot solve a problem access to all technical disciplines within Symbol becomes available for further assistance and support Symbol Customer Support responds to calls by email...

Page 612: ...Telephone 1 631 738 2400 1 800 SCAN 234 Fax 1 631 738 5990 Symbol Support Center for warranty and service information telephone 1 800 653 5350 fax 631 738 5410 Email support symbol com International C...

Page 613: ...e http symbol com services Manual Updates http symbol com legacy_manuals wire accesspoints html Symbol Developer Program http devzone symbol com Additional Information Obtain additional information by...

Page 614: ...AP 51xx Access Point Product Reference Guide C 4...

Page 615: ...splays 1 17 AP 5131 version 4 4 AP 5131 13040 WW 2 2 2 4 AP 5131 13041 WW 2 2 AP 5131 13042 WW 2 2 AP 5131 13043 WW 2 3 AP 5131 40020 WW 2 3 AP 5131 40021 WW 2 3 AP 5131 40022 WW 2 3 AP 5131 40023 WW...

Page 616: ...ics 8 192 CLI system access commands 8 142 CLI system commands 8 136 CLI telnet 8 2 CLI type filter commands 8 35 CLI WAN commands 8 40 CLI WAN NAT commands 8 43 CLI WAN VLAN Commands 8 49 8 58 Comman...

Page 617: ...al radio AP 5131 9 3 STP 9 4 topology 9 5 use case 9 20 mesh overview 9 1 MIB 3 3 ML 2499 11PNA2 01 2 7 2 8 A 7 ML 2499 BYGA2 01 2 7 ML 2499 HPA3 01 2 7 2 8 A 7 ML 5299 WBPBX1 01 2 7 A 6 ML 5299 WPNA1...

Page 618: ...4 SNMP v3 4 24 SNMP access control 4 26 SNMP RF trap thresholds 4 34 SNMP specific traps 4 31 SNMP traps 4 28 SNMP v1 v2c 4 29 SNMP v3 user definitions 4 24 statistics AP 5131 7 33 statistics LAN 7 6...

Page 619: ...rwarding 5 24 WAN statistics 7 2 WEP 1 11 WEP encryption 1 9 1 11 Wi Fi Protected Access WPA 1 12 WLAN ACL 5 36 WLAN creating 5 29 WLAN editing 5 29 WLAN enabling 5 27 WLAN security 5 34 WLAN statisti...

Page 620: ...AP 51xx Access Point Product Reference Guide IN 10...

Page 621: ......

Page 622: ...Symbol Technologies Inc One Symbol Plaza Holtsville New York 11742 1300 http www symbol com 72E 92949 01 Revision A January 2007...

Reviews:

No comments