manualshive.com logo in svg

Systimax AirSPEED AP542, User Manual

Share
Download
Systimax AirSPEED AP542 User Manual Download Page 14

Introduction

 

SYSTIMAX® AirSPEED™ AP542

 User Guide

14

SNMP Management

In addition to the HTTP and the CLI interfaces, you can also manage and configure an AP using the Simple Network 
Management Protocol (SNMP). Note that this requires an SNMP manager program, like HP Openview or Castlerock’s 
SNMPc. The AP supports several Management Information Base (MIB) files that describe the parameters that can be 
viewed and/or configured over SNMP:

MIB-II (RFC 1213)

Bridge MIB (RFC 1493)

Ethernet-like MIB (RFC 1643)

802.11 MIB

AirSPEED Enterprise MIB

SYSTIMAX provides these MIB files on the CD-ROM included with each Access Point. You need to compile one or 
more of the above MIBs into your SNMP program’s database before you can manage an Access Point using SNMP. 
Refer to the documentation that came with your SNMP manager for instructions on how to compile MIBs.

The Enterprise MIB defines the read and read-write objects that can be viewed or configured using SNMP. These 
objects correspond to most of the settings and statistics that are available with the other management interfaces. Refer 
to the Enterprise MIB for more information; the MIB can be opened with any text editor, such as Microsoft Word, 
Notepad, or WordPad.

SNMPv3 Secure Management

SNMPv3 is based on the existing SNMP framework, but addresses security requirements for device and network 
management. 

The security threats addressed by Secure Management are:

Modification of information

: An entity could alter an in-transit message generated by an authorized entity in such a 

way as to effect unauthorized management operations, including the setting of object values. The essence of this 
threat is that an unauthorized entity could change any management parameter, including those related to 
configuration, operations, and accounting.

Masquerade

: Management operations that are not authorized for some entity may be attempted by that entity by 

assuming the identity of an authorized entity. 

Message stream modification

: SNMP is designed to operate over a connectionless transport protocol. There is a 

threat that SNMP messages could be reordered, delayed, or replayed (duplicated) to effect unauthorized 
management operations. For example, a message to reboot a device could be copied and replayed later. 

Disclosure

: An entity could observe exchanges between a manager and an agent and thereby could learn of 

notifiable events and the values of managed objects. For example, the observation of a set command that changes 
passwords would enable an attacker to learn the new passwords.

To address the security threats listed above, SNMPv3 provides the following when secure management is enabled:

Authentication: Provides data integrity and data origin authentication.

Privacy (a.k.a Encryption): Protects against disclosure of message payload.

Access Control: Controls and authorizes access to managed objects.

The default SNMPv3 username is 

administrator

, with SHA authentication, and DES privacy protocol.

SSH (Secure Shell) Management

You may also securely manage the AP using SSH (Secure Shell). The AP supports SSH version 2, for secure remote 
CLI (Telnet) sessions. SSH provides strong authentication and encryption of session data.

The SSH server (AP) has

 host keys

 - a pair of asymmetric keys - a 

private key

 that resides on the AP and a 

public 

key

 that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, 

the client can verify that it is communicating with the correct SSH server. 

NOTE

The remainder of this guide describes how to configure an AP using the HTTP Web interface or the CLI 
interface. For information on how to manage devices using SNMP or SSH, refer to the documentation that 
came with your SNMP or SSH program. Also, refer to the MIB files for information on the parameters available 
via SNMP and SSH.

Summary of Contents for AirSPEED AP542

Page 1: ...SYSTIMAX AirSPEED AP542 User Guide www systimax com SYSTIMAX Structured Connectivity Solutions ...

Page 2: ...ription 15 Antenna Diversity Options 16 Power over Ethernet PoE 16 LED Indicators 16 Installation in the Plenum North America Only 17 Prerequisites for AP Configuration Only 17 Product Package 19 System Requirements 19 Regulatory Compliance and Safety Instructions 19 Initialization 20 ScanTool 20 ScanTool Instructions 20 Setup Wizard 22 Setup Wizard Instructions 22 Latest Software Availability 25 ...

Page 3: ... CTS Medium Reservation 45 Wireless Service Status 45 Multicast Rate 46 Wireless Distribution System WDS 48 Ethernet 50 Management 51 Passwords 51 IP Access Table 51 Services 52 Secure Management 52 SNMP Settings 52 HTTP Access 52 HTTPS Access Secure Socket Layer 52 Telnet Configuration Settings 54 Secure Shell SSH Settings 54 SSH Session Setup 54 SSH Clients 54 Configuring SSH 54 Serial Configura...

Page 4: ...ing 73 Continuous Scanning Mode 73 Background Scanning Mode 74 Rogue Scan Data Collection 74 Rogue Scan 75 Bridge 77 Spanning Tree 77 Storm Threshold 77 Intra BSS 77 Packet Forwarding 78 Configuring Interfaces for Packet Forwarding 78 QoS 79 Wireless Multimedia Extensions WMM Quality of Service QoS 79 QoS Policies 79 Priority Mapping 81 Enhanced Distributed Channel Access EDCA 83 STA EDCA Table an...

Page 5: ...rity Profiles 96 MAC Access 99 Wireless A or Wireless B 100 Adding or Modifying an SSID VLAN with VLAN Protocol Disabled 100 Adding or Modifying an SSID VLAN with VLAN Protocol Enabled 103 Broadcast SSID and Closed System 106 5 Monitoring the AirSPEED AP542 107 Version 108 ICMP 109 IP ARP Table 109 Learn Table 110 IAPP 110 RADIUS 111 Interfaces 112 Station Statistics 113 Enabling and Viewing Stati...

Page 6: ...Cannot Connect 126 AP Has Incorrect IP Address 126 HTTP browser or Telnet Interface Does Not Work 127 HTML Help Files Do Not Appear 127 Telnet CLI Does Not Work 127 TFTP Server Does Not Work 127 Client Connection Problems 128 Client Software Finds No Connection 128 Client PC Card Does Not Work 128 Intermittent Loss of Connection 128 Client Does Not Receive an IP Address Cannot Connect to Internet ...

Page 7: ...igation and Special Keys 137 CLI Error Messages 137 Command Line Interface CLI Variations 137 Bootloader CLI 138 CLI Command Types 139 Operational CLI Commands 139 List Commands 139 done exit quit 141 download 141 help 141 history 142 passwd 142 reboot 142 search 142 upload 143 Parameter Control Commands 143 show CLI Command 143 set CLI Command 144 Configuring Objects that Require Reboot 144 set a...

Page 8: ...tain Client Connections using Link Integrity 154 Change your Wireless Interface Settings 154 Set Ethernet Speed and Transmission Mode 156 Set Interface Management Services 156 Configure Syslog 157 Configure Intra BSS 158 Configure MAC Access Control 158 Set RADIUS Parameters 158 Set Rogue Scan Parameters 159 Set Hardware Configuration Reset Parameters 159 Set VLAN SSID Parameters 160 CLI Monitorin...

Page 9: ...ering 177 Alarms Parameters 178 SNMP Table Host Table Parameters 178 Syslog Parameters 178 Bridge Parameters 179 Spanning Tree Parameters 179 Storm Threshold Parameters 179 Intra BSS Subscriber Blocking 180 Packet Forwarding Parameters 180 RADIUS Parameters 180 Security Parameters 181 MAC Access Control Parameters 181 Rogue Scan Configuration Table 181 Hardware Configuration Reset 182 VLAN SSID Pa...

Page 10: ...Features 190 Number of Stations per BSS 190 Management Functions 190 Advanced Bridging Functions 191 Medium Access Control MAC Functions 191 Security Functions 191 Network Functions 192 Hardware Specifications for the SYSTIMAX AirSPEED AP542 192 Physical Specifications 192 Electrical Specifications 192 Environmental Specifications 192 Ethernet Interface 192 Serial Port Interface 192 Power over Eth...

Page 11: ...damage to hardware or loss of data and tells you how to avoid the problem Introduction to Wireless Networking An Access Point AP is a device used to extend the existing Ethernet network structured cabling to mobile clients i e laptops PDAs enabling mobility productivity collaboration and flexibility Mobile clients can connect to a single Access Point or move between multiple Access Points located ...

Page 12: ...tween If an AP has Closed System enabled a client must have the same Network Name as the Access Point to communicate see Interfaces for details All Access Points and clients must have matching security settings to communicate The Access Points cells should overlap to ensure that there are no gaps in coverage and to ensure that the roaming client will always have a connection available All Access P...

Page 13: ...TPS Interface Command Line Interface SNMP Management SSH Secure Shell Management HTTP HTTPS Interface The HTTP interface Web browser interface provides easy access to configuration settings and network statistics from any computer on the network You can access the HTTP interface over your LAN switch hub etc over the Internet or with a crossover Ethernet cable connected directly to your computer s ...

Page 14: ...gement operations that are not authorized for some entity may be attempted by that entity by assuming the identity of an authorized entity Message stream modification SNMP is designed to operate over a connectionless transport protocol There is a threat that SNMP messages could be reordered delayed or replayed duplicated to effect unauthorized management operations For example a message to reboot ...

Page 15: ...02 11a only radio SYSTIMAX recommends powering the AirSPEED AP542 with Power over Ethernet 802 3af alternatively an external DC power source using the power cord may be used to power the device The AirSPEED AP542 includes a power jack a 10 100 base T Ethernet port and an RS 232 serial data communication port The AirSPEED AP542 cable cover allows access to the power cord and cables and to the reset...

Page 16: ... over Ethernet delivers both data and power to the Access Point over a single Ethernet cable SYSTIMAX recommends using a midspan Power over Ethernet device to power the AP as an alternative to the power adaptor The use of such device will not affect the operation of the AP The Power over Ethernet PoE integrated module receives 48 VDC over a standard Category 5e 6 Ethernet cable To use PoE you must...

Page 17: ...Ethernet interface is connected at 10 Mbps with no traffic Blinking Yellow n a n a n a The Ethernet interface is connected at 10 Mbps with traffic Solid Amber The Bootloader is loading the application software n a n a n a Blinking Amber The AP is reloading n a n a n a Solid Red Power On Self Test POST running n a n a n a Blinking Red Rebooting n a n a n a Network Information Description Network Na...

Page 18: ...both passwords must be the same and is typically provided by the network administrator Authentication Server Authentication Port This is a port number default is 1812 and is typically provided by the network administrator Client IP Address Pool Allocation Scheme The Access Point can automatically provide IP addresses to clients as they sign on The network administrator typically provides the IP Po...

Page 19: ...rements To begin using an AP you must have the following minimum requirements A 10Base T Ethernet or 100Base TX Fast Ethernet switch or hub or cross over Ethernet cord At least one of the following IEEE 802 11 compliant devices An 802 11a 802 11b or 802 11b g client device A computer that is connected to the same IP network as the AP and has one of the following Web browsers installed Microsoft In...

Page 20: ...cally from a network Dynamic Host Configuration Protocol DHCP server during boot up If your network contains a DHCP server you can run ScanTool to find out what IP address the AP has been assigned If your network does not contain a DHCP server the Access Point s IP address defaults to 169 254 128 132 In this case you can use ScanTool to assign the AP a static IP address that is valid on your netwo...

Page 21: ... click the Rescan button to update the display If the unit still does not appear in the list see Troubleshooting the AirSPEED AP542 for suggestions Note that after rebooting an Access Point it may take up to five minutes for the unit to appear in the Scan List 8 Do one of the following If the AP has been assigned an IP address by a DHCP server on the network write down the IP address and click Can...

Page 22: ...you connect to an AP s HTTP interface the Setup Wizard launches automatically The Setup Wizard provides step by step instructions for how to configure the Access Point s basic operating parameter such as Network Name IP parameters system parameters and management passwords Setup Wizard Instructions Follow these steps to access the Access Point s HTTP interface and launch the Setup Wizard 1 Open a ...

Page 23: ...n Exit option Click this link to close the Setup Wizard at any time CAUTION If you exit from the Setup Wizard any changes you submitted by clicking the Save Next button up to that point will be saved to the unit but will not take effect until it is rebooted 6 Configure the System Configuration settings and click Save Next See System for more information 7 Configure the Access Point s basic IP Conf...

Page 24: ... operating channel When Auto Channel Select is disabled you can specify the Access Point s channel If you decide to manually set the unit s channel ensure that nearby devices do not use the same frequency Available channels vary based on regulatory domain See Dynamic Frequency Selection DFS for more information and Radio Specifications for a list of available channels Transmit Rate Use the drop do...

Page 25: ...Transmit and Receive files with no automatic shutdown or time out Download Updates from your TFTP Server using the Web Interface 1 Download the latest software from http www systimax com 2 Copy the latest software updates to your TFTP server 3 In the Web Interface click the Commands button and select the Update AP tab 4 Enter the IP address of your TFTP server in the field provided 5 Enter the Fil...

Page 26: ...necessary disable the Internet proxy settings For Internet Explorer users follow these steps Select Tools Internet Options Click the Connections tab Click LAN Settings If necessary remove the check mark from the Use a proxy server box Click OK twice to save your changes and return to Internet Explorer 3 Enter the Access Point s IP address in the browser s Address field and press Enter NOTE The def...

Page 27: ...elps you configure the basic AP settings required to get the unit up and running The AP supports many other configuration and management options The remainder of this User Guide describes these options in detail See Performing Advanced Configuration for information on configuration options that are available within the Access Point s HTTP interface See Monitoring the AirSPEED AP542 for information...

Page 28: ...ide the following information System Status This area provides system level information including the unit s IP address and contact information See System for information on these settings System Alarms System traps if any appear in this area Each trap identifies a specific severity level Critical Major Minor and Informational See Alarms for a list of possible alarms From this screen you can also ...

Page 29: ...ol filters Static MAC Address filters Advanced filters and Port filters Alarms Configure the Alarm SNMP Trap Groups the Alarm Host Table and the Syslog features Bridge Configure the Spanning Tree Protocol Storm Threshold protection Intra BSS traffic and Packet Forwarding QoS Configure Wi Fi Multimedia Quality of Service parameters and QoS policies RADIUS Profiles Configure RADIUS features such as ...

Page 30: ...on located on the left hand side of the screen The main Configure screen will be displayed Figure 4 1 Configure Main Screen 2 Click the tab that corresponds to the parameter you want to configure For example click Network to configure the Access Point s TCP IP settings Each Configure tab is described in the remainder of this chapter ...

Page 31: ...ber current image software version and current bootloader software version Up Time This is a read only field that displays how long the Access Point has been running since its last reboot Figure 4 2 System Screen Dynamic DNS Support DNS is a distributed database mapping the user readable names and IP addresses and more of every registered system on the Internet Dynamic DNS is a lightweight mechani...

Page 32: ...ss Currently the system name length is limited to 32 bytes Image upgrades could cause the system to boot with an older system name format that is not DNS compliant To prevent problems with dynamic DNS after an image upgrade the system name will automatically be converted to a DNS compliant system name The rules of conversion of older system names are If the length is greater than 63 characters the...

Page 33: ...iew the following parameters within the IP Configuration sub tab NOTE You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters to take effect Basic IP Parameters IP Address Assignment Type Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration Protocol DHCP client the Access Point will obtain IP settings from a network ...

Page 34: ...priate network IP address You can use this DNS Client functionality to identify RADIUS servers by host name Enable DNS Client Place a check mark in the box provided to enable DNS client functionality Note that this option must be enabled before you can configure the other DNS Client parameters DNS Primary Server IP Address The IP address of the network s primary DNS server DNS Secondary Server IP ...

Page 35: ...le DHCP Server Place a check mark in the box provided to enable DHCP Server functionality NOTE You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table entry configured Subnet Mask This field is read only and reports the Access Point s current subnet mask DHCP clients that receive dynamic addresses from the AP will be assigned this same subnet mask Gateway IP Addr...

Page 36: ...arameters take effect DHCP Relay Agent When enabled the DHCP relay agent forwards DHCP requests to the set DHCP server Click the Configure Network tab DHCP R A to configure DHCP Relay Agent servers and enable the DHCP Relay Agent NOTE At least one DHCP server must be enabled before DHCP Relay Agent can be enabled The DHCP Relay functionality of the AP supports Option 82 and sends the system name o...

Page 37: ...ure and view the following parameters within the Link Integrity Configuration screen Enable Link Integrity Place a check mark in the box provided to enable Link Integrity Poll Interval milliseconds The interval between link integrity checks Range is 500 15000 ms in increments of 500 ms default is 500 ms Poll Retransmissions The number of times a poll should be retransmitted before the link is cons...

Page 38: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 38 Figure 4 8 Link Integrity Configuration Screen ...

Page 39: ...b tabs Operational Mode Super Mode and Turbo Mode Enable 802 11d enables IEEE 802 11d support for additional regulatory domains Refer to the IEEE 802 11d Support for Additional Regulatory Domains and Configuring 802 11d Support sections ISO IEC 3166 1 Country Code the country regulatory domain where the AP is located Enable TX Power Control enables TX Power Control to control transmit power of 802...

Page 40: ... and channels pull down menus are updated with the valid values When Turbo mode is enabled only a subset of the wireless channels on both the 2 4 GHz and 5 0 GHz spectrum can be used Turbo mode can be enabled only when Super Mode has already been enabled The Super 802 11g mode Super 802 11a mode and Turbo 802 11g mode are supported in all regulatory domains However Turbo 802 11a mode is not availa...

Page 41: ...f the radio in the AP is set to the configured transmit power level The power level is advertised in Beacon and Probe Response frames as the 802 11d maximum transmit power level When an 802 11d enabled client learns the regulatory domain related information from Beacon and Probe Response frames it learns the power level advertised in Beacon and Probe response frames as the maximum transmit power o...

Page 42: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 42 Figure 4 9 Operational Mode Screen ...

Page 43: ...r Orthogonal Frequency Division Multiplexing this is the name for the radio technology used by 802 11a devices DSSS stands for Direct Sequence Spread Spectrum this is the name for the radio technology used by 802 11b devices MAC Address This is a read only field that displays the unique MAC Media Access Control address for the Access Point s wireless interface The MAC address is assigned at the fa...

Page 44: ...s sec DTIM Period The Deferred Traffic Indicator Map DTIM is used with clients that have power management enabled DTIM should be left at 1 the default value if any clients have power management enabled This parameter supports a range between 1 and 255 RTS CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances Range is 0 to 2347 When ...

Page 45: ...adds overhead to the radio network it is particularly useful for large packets that take longer to resend after a collision occurs RTS CTS Medium Reservation is an advanced parameter and supports a range between 0 and 2347 bytes When set to 2347 the default setting the RTS CTS mechanism is disabled When set to 0 the RTS CTS mechanism is used for all packets When set to a value between 0 and 2347 t...

Page 46: ...dcast and multicast packets are transmitted by the Access Point to the wireless network Stations that are closer to the Access Point can receive multicast packets at a faster data rate than stations that are farther away from the AP Therefore you should set the Multicast Rate based on the size of the Access Point s cell NOTE Multicast Rate cannot be set by the HTTP interface but must be set via CL...

Page 47: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 47 Figure 4 11 1 Mbits s and 11 Mbits s Multicast Rates ...

Page 48: ...separate security settings for clients and WDS links The same WDS link security mode must be configured currently we only support none or WEP on each Access Point in the WDS and the same WEP key must be configured The WDS link shares the communication bandwidth with the clients Therefore while the maximum data rate for the Access Point s cell is 54 Mbits s 802 11a 802 11g only or 802 b g modes or ...

Page 49: ...ish to include in the Wireless Distribution System 3 Click Configure Interfaces Wireless A or Wireless B 4 Scroll down to the Wireless Distribution System heading Figure 4 13 WDS Configuration 5 Click the Edit button to update the Wireless Distribution System WDS Table Figure 4 14 Adding WDS Links 6 Select whether to use encryption in the WDS by checking the Enable WDS Security Mode checkbox 7 If ...

Page 50: ... can transmit at a time and full duplex allows both sides of the link to transmit When set to auto duplex the AP negotiates with its switch or hub to automatically select the highest throughput option supported by both sides Figure 4 15 Ethernet Configuration For best results SYSTIMAX recommends that you configure the Ethernet setting to match the speed and transmission mode of the device the Acce...

Page 51: ... interface via serial or Telnet Enter a password in both the Password field and the Confirm field Passwords must be between 6 and 32 characters The default password is public HTTP Web Password The password for the Web browser HTTP interface Enter a password in both the Password field and the Confirm field Passwords must be between 6 and 32 characters The default password is public NOTE For securit...

Page 52: ...TP Port HTTP Wizard Status The Setup Wizard appears automatically the first time you access the HTTP interface If you exited out of the Setup Wizard and want to relaunch it enable this option click OK and then close your browser or reboot the AP The Setup Wizard will appear the next time you access the HTTP interface HTTPS Access Secure Socket Layer HTTPS Secure Web Status The user can access the ...

Page 53: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 53 Figure 4 16 Management Services Configuration Screen ...

Page 54: ... client authentication is performed as follows Using a username password pair if RADIUS Based Management is enabled otherwise using a password to authenticate the user over a secure channel created using SSH SSH Session Setup An SSH session is setup through the following process The SSH server public key is transferred to the client using out of band or in band mechanisms The SSH client verifies t...

Page 55: ... the AP You must upload both the SSH public key and SSH private key for SSH to work 1 Verify that the host keys have been externally generated The OpenSSH client has been verified to interoperate with AP s SSH server 2 Click Commands Update AP via HTTP or via TFTP Figure 4 17 Uploading an Externally Generated SSH Public Key and SSH Private Key 3 Select SSH Public Key from the File Type drop down m...

Page 56: ... sensitive A user is considered a super user if the value of the filter id attribute returned in the RADIUS Accept packet for the user is super user not case sensitive Limited User A limited user has access to only a limited set of functionality on a management interface All users who are not super users are considered limited users However a limited user is configured in the RADIUS server by sett...

Page 57: ...ed by the AP the CLI Batch file contains CLI executable commands used to set AP parameters The AP detects whether the uploaded file is LTV format or a CLI Batch file If the AP detects an LTV file it stores the file in the AP s flash memory If the AP detects a CLI Batch file a file with an extension of cli the AP executes the commands contained in the file immediately The AP will reboot after execu...

Page 58: ... the AP to send Auto Configuration success and failure messages to a Syslog server NOTE The configuration filename and TFTP server IP address are configured only when the AP is configured for Static IP If the AP is configured for Dynamic IP these parameters are not used and obtained from DHCP 1 Click Configure Management AutoConfig The Automatic Configuration Screen appears 2 Check Enable Auto Con...

Page 59: ... 11 0 0 7 6 Set the value of the Bootfile Name parameter to the Configuration filename for example AP Config Figure 4 20 DHCP Options Setting the Boot File Name 7 If using Syslog set the Log server IP address option 7 Log Servers 8 Reboot the AP When the AP reboots it receives the new configuration information and must reboot one additional time If a Syslog server was configured the following mess...

Page 60: ...oes not have any effect on the functionality of the reload button to delete the AP image during AP boot loaded execution The default hardware configuration reset status is enabled When disabling hardware configuration reset the user is recommended to configure a configuration reset password A configuration reset option appears on the serial port during boot up before the AP reads its configuration...

Page 61: ... is disabled Procedure to Reset Configuration via the Serial Interface 1 During boot up observe the message output on the serial interface The AP prompts the user with the message Press ctrl R in 3 seconds to choose configuration reset option 2 Enter ctrl R within 3 seconds after being prompted The AP prompts the user with Press ctrl Z to continue with normal boot up or enter password to reset con...

Page 62: ...ned at both interfaces Disabled The filter is not used 2 Select the Filter Operation Type If set to Passthru only the enabled Ethernet Protocols listed in the Filter Table will pass through the bridge If set to Block the bridge will block enabled Ethernet Protocols listed in the Filter Table 3 Configure the Ethernet Protocol Filter Table This table is pre populated with existing Ethernet Protocol ...

Page 63: ...exadecimal digits 0 and F in the Mask where 0 is any value and F is the value specified in the MAC address A Mask of 00 00 00 00 00 00 corresponds to all MAC addresses and a Mask of FF FF FF FF FF FF applies only to the specified MAC Address For example if the MAC Address is 00 20 A6 12 54 C3 and the Mask is FF FF FF 00 00 00 the AP will examine the source and destination addresses of each packet ...

Page 64: ...FF Result Traffic between the Wired Server and Wireless Client 1 is blocked Wireless Clients 2 and 3 can still communicate with the Wired Server Prevent Multiple Wireless Devices From Communicating With a Single Wired Device Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Server Wired MAC Address 00 40 F4 1C DB 6A Wired Mask FF FF FF FF FF FF ...

Page 65: ...cess Point blocks all traffic between Wireless Client 3 and the Ethernet network Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN If there are devices on your Ethernet network that use multicast packets to communicate and these packets are not required by your wireless clients you can set up a Static MAC filter to preserve wireless bandwidth For exa...

Page 66: ...able IP ARP Filtering Place a check mark in the box provided to allow IP ARP filtering based on the IP ARP Filtering Address and IP Mask Leave the box unchecked to prevent filtering If enabled you should also configure the IP ARP Filtering Address and IP ARP IP Mask IP ARP Filtering Address Enter the Network filtering IP Address IP ARP IP Mask Enter the Network Mask IP Address The following protoc...

Page 67: ...ort Filtering 2 Click Add under the TCP UDP Port Filter Table heading 3 In the TCP UDP Port Filter Table enter the Protocol Names to filter 4 Set the destination Port Number a value between 1 and 65535 to filter See the IANA Web site at http www iana org assignments port numbers for a list of assigned port numbers and their descriptions 5 Set the Port Type for the protocol TCP UDP or both TCP UDP ...

Page 68: ...vities the AP is performing Configuration Trap Group Security Trap Group Trap Name Description Severity Level DNS IP Address not Configured oriTrapDNSIPNotConfigured Major RADIUS Authentication not Configured oriTrapRADIUSAuthenticationNotConfigured Major RADIUS Accounting not Configured oriTrapRADIUSAccountingNotConfigured Major Duplicate IP Address Encountered oriTrapDuplicateIPAddressEncountere...

Page 69: ...odule Not Initialized oriTrapModuleNotInitialized Major Device Rebooting oriTrapDeviceRebooting Informational Task Suspended oriTrapTaskSuspended Critical BootP Failed oriTrapBootPFailed Major DHCP Client Failed oriTrapDHCPFailed Major DNS Client Lookup Failure oriTrapDNSClientLookupFailure Major SSL Initialization Failure oriTrapSSLInitializationFailure Major Wireless Service Shutdown oriTrapWire...

Page 70: ...ration Major TFTP Operation Initiated oriTrapTFTPOperationInitiated Informational TFTP Operation Completed oriTrapTFTPOperationCompleted Informational Trap Name Description Severity Level Zero Size Image oriTrapZeroSizeImage Major Invalid Image oriTrapInvalidImage Major Image Too Large oriTrapImageTooLarge Major Incompatible Image oriTrapIncompatibleImage Major Invalid Image Digital Signature oriT...

Page 71: ... every event the system encounters Determine which events to log by selecting a priority defined by the following scale Configuring Syslog Event Notifications You can configure the following Syslog settings from the HTTP interface Enable Syslog Place a check mark in the box provided to enable system logging Syslog Port Number This field is read only and displays the port number 514 assigned for sy...

Page 72: ...t Comment Enter an optional comment such as the host name Status The entry is enabled automatically when saved so the Status field is only visible when editing an entry You can also disable or delete entries by changing this field s value Syslog Messages The following messages are supported in the AP Message Severity Auto Configuration via DHCP Informational Auto Configuration for static IP Inform...

Page 73: ... and proceeds to prevent the Rogue AP attack by blocking this switch s port Multi Band Scanning Rogue Scan detects Rogue stations in all bands i e 2 4 GHz and 5 GHz for interfaces that support 802 11a and 802 11g multi band operation During Rogue Scan the AP scans every channel in its configured regulatory domain the AP scans both the 2 4 GHz and 5 GHz bands for wireless interfaces supporting 802 ...

Page 74: ...els in the scan channel list as follows channel scan time scan cycle time channel scan time number of channels in the scan list number of channels in the scan list Rogue Scan Data Collection The AP stores information gathered about detected stations during scanning in a Rogue Scan result table The Rogue Scan result table can store a maximum of 2000 entries When the table fills the oldest entry get...

Page 75: ...on that interface In Background Scanning mode the AP performs background scanning while doing normal AP operation on that interface 5 If the Scan Mode is Background Scanning then enter the Scan Interval The Scan Interval specifies the time period in minutes between scans in Background Scanning mode and can be set to any value between 1 and 1440 minutes 6 Configure the Scan Result Table Ageing Time...

Page 76: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 76 Figure 4 25 Rogue Scan Screen ...

Page 77: ...tup option that you can use to protect the network against data overload by Specifying a maximum number of frames per second as received from a single network device identified by its MAC address Specifying an absolute maximum number of messages per port The Storm Threshold parameters allow you to specify a set of thresholds for each port of the AP identifying separate values for the number of bro...

Page 78: ...affic will be redirected should be a node on the Ethernet network It should not be a wireless client Configuring Interfaces for Packet Forwarding Configure your AP to forward packets by specifying interface port s to which packets are redirected and a destination MAC address 1 Within the Packet Forwarding Configuration screen check the box labeled Enable Packet Forwarding 2 Specify a destination P...

Page 79: ...otocol actions channel access mechanisms differentiated control of access to medium and network elements QoS WMM aware APs STAs and configuration management WMM supports Enhanced Distributed Channel Access EDCA for prioritized QoS services The WMM QoS feature can be enabled or disabled per wireless interface QoS Policies Perform the following procedure to enable QoS and add QoS policies 1 Click Co...

Page 80: ...bound traffic direction Layer 2 traffic type outlayer3 inbound traffic direction Layer 3 traffic type spectralink SpectraLink traffic 7 Enter the Priority Mapping Index For layer 2 policies an index from the 802 1p to 802 1d mapping table should be specified For layer 3 policies an index from the 802 1p to IP DSCP mapping table should be specified No mapping index is required for SpectraLink 8 Ena...

Page 81: ...p to 802 1d priority mappings for layer 2 policies and IP DSCP to 802 1d priority mappings for layer 3 policies The first entry in each table contains the recommended priority mappings Custom entries can be added to each table with different priority mappings 1 Click Configure QoS Priority Mapping Figure 4 28 Priority Mapping ...

Page 82: ... Table Figure 4 29 Add Priority Mapping Entry 3 Select the 802 1p Priority from 0 7 for 802 1d Priorities 0 7 4 Click OK 5 Click Add in the IP Precedence DSCP ranges and 802 1d Priority table 6 Select the IP DSCP Range for each 802 1d Priority 7 Click OK NOTE Changes to Priority Mapping require a reboot of the AP to take effect ...

Page 83: ... among themselves for access to the wireless medium in addition to contending with other clients STA EDCA Table and AP EDCA Table This page is used to configure the client STA and AP Enhanced Distributed Channel Access EDCA parameters The EDCA parameter set provides information needed by the client stations for proper QoS operation during the wireless contention period These parameters are used by...

Page 84: ...e sequence onto the wireless medium The Tx OP Limit defines the upper limit placed on the value of Tx OP a wireless entity can obtain for a particular access category Configurable range is 0 to 65535 Admission Control Mandatory Possible values are True or False Admission control defines if an Access Point accepts or rejects a requested traffic stream with certain QoS specifications based on availa...

Page 85: ...EAP 802 1x authentication Primary Accounting Server Back up Accounting Server The back up servers are optional but when configured the AP will communicate with the back up server if the primary server is off line After the AP has switched to the backup server it will periodically check the status of the primary RADIUS server every five 5 minutes Once the primary RADIUS server is again online the A...

Page 86: ... A RADIUS server Profile consists of a Primary and a Secondary RADIUS server that get assigned to act as either MAC Authentication servers 802 1x EAP Authentication servers or Accounting Servers in the VLAN Configuration Refer to Configuring Security Profiles The RADIUS Profiles Sub tab allows you to add new RADIUS profiles or modify or delete existing profiles Figure 4 33 RADIUS Server Profiles A...

Page 87: ...P will not send Accounting Update messages Accounting inactivity timer Enter the accounting inactivity timer This parameter supports a value from 1 60 minutes The default is 5 minutes Authorization lifetime Enter the time in seconds each client session may be active before being automatically re authenticated This parameter supports a value between 900 and 43200 seconds The default is 900 sec Serv...

Page 88: ...a primary EAP 802 1x Authentication server to use 802 1x security A back up server is optional NOTE Each VLAN can be configured to use a separate RADIUS server and backup server for 802 1x authentication 802 1x authentication EAP authentication can be separately enabled for each VLAN RADIUS Accounting Using an external RADIUS server the AP can track and record the length of client sessions on the ...

Page 89: ...erval in place of accounting inactivity time for timing out clients Calling Station Id MAC address of the client getting authenticated Called Station Id The AP sends the MAC address of its own wireless interface with which the client getting authenticated is getting associated appended with the SSID If VLAN is enabled the SSID and corresponding VLAN ID get appended Acct Interim Interval Obtained d...

Page 90: ... AP configured to support its assigned SSID VLAN AP devices are fully VLAN ready however by default VLAN support is disabled Before enabling VLAN support certain network settings should be configured and network resources such as a VLAN aware switch a RADIUS server and possibly a DHCP server should be available Once enabled VLANs are used to conveniently efficiently and easily manage your network ...

Page 91: ...only sent on the wireless interface associated with that same VLAN This eliminates unnecessary traffic on the wireless LAN conserving bandwidth and maximizing throughput In addition to enhancing wireless traffic management the VLAN capable AP supports easy assignment of wireless users to workgroups In a typical scenario each user VLAN represents a workgroup for example one VLAN could be used for a...

Page 92: ...strict management of the AP to members of the same VLAN CAUTION If a non zero management VLAN ID is configured then management access to the AP is restricted to wired or wireless hosts that are members of the same VLAN Ensure your management platform or host is a member of the same VLAN before attempting to manage the AP 1 Click Configure SSID VLAN Security Mgmt VLAN 2 Set the VLAN Management ID t...

Page 93: ...sily be upgraded to keep pace with future EAP types Popular EAP types include EAP Message Digest 5 MD5 Username Password based authentication does not support automatic key distribution EAP Transport Layer Security TLS Certificate based authentication a certificate is required on the server and each client supports automatic key distribution EAP Tunneled Transport Layer Security TTLS Certificate b...

Page 94: ...s networks WPA provides the following new security measures not available with WEP Improved packet encryption using the Temporal Key Integrity Protocol TKIP and the Michael Message Integrity Check MIC Per user per session dynamic encryption keys Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP A client s key is different for every session it changes eac...

Page 95: ...dual APs MAC Access Control Lists If you have both 802 1x and MAC authentication enabled the 802 1x results will take effect This is required in order to propagate the WEP keys to the clients in such cases Once you disable 802 1x on the AP you will see the effects of MAC authentication VLANs and Security Profiles The AirSPEED AP542 allows you to segment wireless networks into multiple sub networks...

Page 96: ...ile Table to create a new entry To Modify an existing profile select the profile and click Edit To delete an existing profile select the profile and click Delete You cannot delete a Security Profile used in an SSID Note that the first Security Profile index 1 1 to 1 7 cannot be deleted 3 Configure one or more types of wireless stations security modes that are allowed access to the AP under the sec...

Page 97: ...ecommended a passphrase of at least 13 characters including both letters and numbers and upper and lower case characters to ensure that the generated key cannot be easily deciphered by network infiltrators 802 11i Station Authentication Mode 802 1x Cipher AES 802 11i PSK Station Authentication Mode PSK Cipher AES PSK Passphrase an 8 63 character user defined phrase It is recommended a passphrase o...

Page 98: ...Performing Advanced Configuration SYSTIMAX AirSPEED AP542 User Guide 98 Figure 4 38 Security Profile Table Add Entries ...

Page 99: ...y Profile Operation Type Choose between Passthru and Block This determines how the stations identified in the MAC Access Control Table are filtered If set to Passthru only the addresses listed in the Control Table will pass through the bridge If set to Block the bridge will block traffic to or from the addresses listed in the Control Table MAC Access Control Table Click Add to create a new entry C...

Page 100: ...Security Wireless A or Wireless B This tab allows you to select the index of the SSID VLAN to be added or edited It also allows you to configure the RADIUS Authentication Status the MAC ACL Status the Security Profile for the VLAN the RADIUS Server Profiles and gives you the option to enable or disable RADIUS accounting and SSID authorization in the VLAN 2 Scroll down to the SSID and VLAN table an...

Page 101: ... from 1 to 4094 A value of 1 means that an entry is untagged You can set the VLAN ID to 1 or untagged if you do not want clients that are using a specific SSID to be members of a VLAN workgroup Only one untagged VLAN ID is allowed per interface The VLAN ID must match an ID used by your network contact your network administrator if you need assistance defining the VLAN IDs 5 If editing an entry ena...

Page 102: ...n Status drop down menu 10 Enable or disable MAC Access Control List status on the VLAN SSID under the MAC ACL Status drop down menu 11 Enter the Rekeying Interval in seconds The default interval is 900 seconds 12 Enter the Security Profile used by the VLAN in the Security Profile field Refer to the Security Profile section for more information NOTE If you have two or more SSIDs per interface usin...

Page 103: ...by default MAC Authentication EAP Authentication Accounting and Management 14 Reboot the AP Adding or Modifying an SSID VLAN with VLAN Protocol Enabled 1 Click SSID VLAN Security Wireless A or Wireless B This tab allows you to select the index of the SSID VLAN to be added or edited It also allows you to configure the RADIUS Authentication Status the MAC ACL Status the Security Profile for the VLAN...

Page 104: ...dvanced Configuration SYSTIMAX AirSPEED AP542 User Guide 104 The Add Entries or Edit Entries screen appears See Figure 4 45 below and Figure 4 46 on page 105 Figure 4 45 SSID VLAN Add Entries VLAN Protocol Enabled ...

Page 105: ...h an ID used by your network contact your network administrator if you need assistance defining the VLAN IDs 6 If editing an entry enable or disable the VLAN using the VLAN Status drop down menu If adding this drop down menu will not appear 7 Enable or disable the SSID Authorization status from the drop down menu SSID Authorization is the RADIUS based authorization of the SSID for a particular cli...

Page 106: ...nd associate all VLANs to that profile Four profiles are created by default MAC Authentication EAP Authentication Accounting and Management 14 Specify a QoS Profile Refer to the QoS Policies section for more information 15 Reboot the AP Broadcast SSID and Closed System Broadcast SSID allows the broadcast of a single SSID when the AP is configured for multiple SSIDs Broadcast SSID may only be enabl...

Page 107: ...Station Statistics Displays statistics for stations and Wireless Distribution System links To monitor the AP using the HTTP HTTPS interface you must first log in to a web browser See Logging into the HTTP Interface for instructions You may also monitor the AP using the command line interface Refer to Using the Command Line Interface CLI for more information To monitor the AP via HTTP HTTPS 1 Click...

Page 108: ...loaded This screen displays the following information for each Access Point component Serial Number The component s serial number if applicable Component Name ID The AP identifies a system component based on its ID Each component has a unique identifier Variant Several variants may exist of the same component for example a hardware component may have two variants one with more memory than the othe...

Page 109: ...ed and transmitted messages directed to the AP Not all ICMP traffic on the network is counted in the ICMP Internet Control Message Protocol statistics Figure 5 3 ICMP Monitoring IP ARP Table This tab provides information based on the Address Resolution Protocol ARP which relates MAC Address and IP Addresses Figure 5 4 IP ARP Table ...

Page 110: ...g It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected There can be up 10 000 entries in the Learn Table Figure 5 5 Learn Table IAPP This tab displays statistics relating to client handovers and communications between AirSPEED Access Points Figure 5 6 IAPP ...

Page 111: ... authentication and accounting information for both the Primary and Backup RADIUS servers for each RADIUS Server Profile NOTE Separate RADIUS servers can be configured for each RADIUS Server Profile Select the RADIUS Server Profile to view statistics on from the Select Server Profile drop down menu Figure 5 7 RADIUS Monitoring ...

Page 112: ...PEED AP542 SYSTIMAX AirSPEED AP542 User Guide 112 Interfaces This tab displays statistics for the Ethernet and wireless interfaces The Operational Status can be up down or testing Figure 5 8 Wireless Interface Monitoring ...

Page 113: ...ll now be shown on the screen Refreshing Station Statistics Click on the Refresh button in the browser window to view the latest statistics If any new clients associate to the AP you can see the statistics of the new clients after you click the refresh button Figure 5 9 Station Statistics Description of Station Statistics The following stations statistics are displayed MAC Address The MAC address ...

Page 114: ...r Interface but can be viewed from a MIB browser Octets Received The number of octets received from the associated wireless station or WDS link partner by the AP Unicast Frames Received The number of Unicast frames received from the associated wireless station or WDS link partner by the AP Non Unicast Frames Received The number of Non Unicast frames received i e broadcast or multicast from the ass...

Page 115: ...rm commands using the HTTP HTTPS interface you must first log in to a web browser See Logging into the HTTP Interface for instructions You may also perform commands using the command line interface Refer to Using the Command Line Interface CLI for more information To perform commands via HTTP HTTPS 1 Click the Commands button located on the left hand side of the screen The main Commands screen wil...

Page 116: ...ement and Secure Socket Layer HTTP transfers that use SSL may take additional time NOTE SSL requires Internet Explorer version 6 128 bit encryption Service Pack 1 and patch Q323308 Image Error Checking during File Transfer The Access Point performs checks to verify that an image downloaded through HTTP or TFTP is valid The following checks are performed on the downloaded image Zero Image size Larg...

Page 117: ...oint the Access Point to the AP Image file File Name Enter the name of the file to be downloaded including the file extension Copy the updated AP Image file to the TFTP server s root folder The default AP Image is located at C Program Files AirSPEED AP542 File Type Select the proper file type Choices include Config for configuration information such as System Name Contact Name and so on Image for ...

Page 118: ... Bootloader software CLI Batch File a CLI Batch file that contains CLI commands to configure the AP This file will be executed by the AP immediately after being uploaded Refer to CLI Batch File for more information SSH Public Key the public key in SSH communications Refer to Secure Shell SSH for more information SSH Private Key the private key in SSH communications Refer to Secure Shell SSH for mo...

Page 119: ...e operation completes successfully the following screen appears Figure 6 5 Update AP Successful Message If the operation does not complete successfully the following screen appears and the reason for the failure is displayed Figure 6 6 Update AP Unsuccessful Message ...

Page 120: ...mation as described below Server IP Address Enter the TFTP server IP Address Double click the TFTP server icon on your desktop and locate the IP address assigned to the TFTP server File Name Enter the name of the file to be uploaded File Type Select the type of file to be uploaded Config file CLI Batch File or CLI Batch Error Log Use the following procedure to retrieve a file from an AP to a TFTP ...

Page 121: ... on the Retrieve File button to initiate the operation Figure 6 8 Retrieve File via HTTP Command Screen A confirmation message gets displayed that asks if the user wants to proceed with retrieving the file Click OK to continue with the operation or Cancel to abort the operation Figure 6 9 Retrieve File Confirmation Dialog Figure 6 10 File Download Dialog Box On clicking the Save button the followi...

Page 122: ...ering a value of 0 zero seconds causes an immediate reboot Note that Reset described below does not save configuration changes CAUTION Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation Figure 6 11 Reboot Command Screen ...

Page 123: ...s will reset the Access Point s current IP address a new IP address must be assigned Refer to Recovery Procedures for more information Figure 6 12 Pressing the Reset Button CAUTION Resetting the AP to its factory default configuration will permanently overwrite all changes that have made to the unit The AP will reboot automatically after this command has been issued Figure 6 13 Reset to Factory De...

Page 124: ...ogram Files AirSPEED AP542 HTML NOTE Use the forward slash character rather than the backslash character when configuring the Help Link location NOTE Add the AP s management IP address into the Internet Explorer list of Trusted Sites If you want to place these files on a shared drive copy the Help Folder to the new location and then specify the new path in the Help Link box Figure 6 14 Help Link C...

Page 125: ...ss of your unit If a DHCP server is not active on your subnet then use ScanTool to assign a static IP address to the unit The Trivial File Transfer Protocol TFTP provides a means to download and upload files These files include the AP Image executable program and configuration files If the AP password is lost or forgotten you will need to reset to default values The Reset to Factory Default Proced...

Page 126: ...For example if your switch operates at 100 Mbits s Full Duplex manually configure the Access Point to use these settings see Ethernet If you cannot access the unit over Ethernet then use the CLI interface over the serial port to configure the Ethernet port see Using the Command Line Interface CLI and Set Ethernet Speed and Transmission Mode 3 Perform network infrastructure troubleshooting check sw...

Page 127: ... empty and enter the HTTP password in the Password field The default HTTP password is public 3 Use the CLI over the serial port to check the IP Access Table which can be restricting access to Telnet and HTTP HTML Help Files Do Not Appear 1 Verify that the HTML Help files are installed in the default directory C Program Files AirSPEED AP542 HTML 2 If the Help files are not located in this folder co...

Page 128: ...ng Power over Ethernet make sure you are not using a crossover Ethernet cable between the AP and the midspan POE device VLAN Operation Issues Verifying Proper Operation of the VLAN Feature The correct VLAN configuration can be verified by pinging both wired and wireless hosts from both sides of the AP device and the network switch Traffic can be sniffed on both the wired Ethernet and wireless WDS ...

Page 129: ...that the Ethernet cable is a minimum Category 5e 6 UTP cable and is less than 100 meters 325 feet in length from the Ethernet source to the AP 4 Try to connect a different device to the same port on the midspan PoE device if it works and a link is established there is likely a faulty data link in the AP 5 Try to re connect the AP to a different output port remember to move the input port according...

Page 130: ...w executable AP Image NOTE This does not delete the AP s configuration in other words the Forced Reload Procedure does not reset the device to factory defaults If you need to force the AP to the factory default state after loading a new AP image use the Reset to Factory Default Procedure above For this procedure you will first erase the AP Image currently installed on the unit and then use either ...

Page 131: ...for the AP you want to update and click Change 5 Set IP Address Type to Static NOTE You need to assign static IP information temporarily to the Access Point since its DHCP client functionality is not available when no image is installed on the device 6 Enter an unused IP address that is valid on your network in the IP Address field You may need to contact your network administrator to get this add...

Page 132: ...the image to be downloaded Download Procedure 1 Download the latest software from http www systimax com 2 Copy the latest software updates to your TFTP server s default directory 3 Use a straight through serial cable to connect the Access Point s serial port to your computer s serial port 4 Open your terminal emulation program like HyperTerminal and set the following connection properties Com Port...

Page 133: ...nload process is complete configure the AP as described in Getting Started and Performing Advanced Configuration Setting IP Address using Serial Port Use the following procedure to set an IP address over the serial port using the CLI The network administrator typically provides the AP IP address Hardware and Software Requirements Standard straight through serial data RS 232 cable with a one male D...

Page 134: ... 1 Result of show ip CLI Command 6 Change the IP address and other network values using set and reboot CLI commands similar to the example below use your own IP address and subnet mask Note that IP Address Type is set to Dynamic by default If you have a DHCP server on your network you should not need to manually configure the Access Point s IP address the Access Point will obtain an IP address fro...

Page 135: ...ansfer Protocol TFTP server allows you to transfer files across a network You can upload configuration files from the AP for backup or copying and you can download configuration files or new software images The TFTP software is located on the AirSPEED AP Installation CD ROM If a TFTP server is not configured and running you will not be able to download and upload images and configuration files to ...

Page 136: ... Parameters using CLI Commands Other Network Settings CLI Monitoring Parameters Parameter Tables CLI Batch File General Notes Prerequisite Skills and Knowledge To use this document effectively you should have a working knowledge of Local Area Networking LAN concepts network access infrastructures and client server relationships In addition you should be familiar with software setup procedures for ...

Page 137: ...e Bootloader CLI and the normal CLI The Bootloader CLI provides a limited command set and is used when the current AP Image is bad or missing The Bootloader CLI allows you to assign an IP Address and download a new image Once the image is downloaded and running the Access Point uses the normal CLI This guide covers the normal CLI unless otherwise specified Key Combination Operation Delete or Backs...

Page 138: ...elp command in the Bootloader CLI Figure A 1 Results of help Bootloader CLI Command The following lists display the results of using the show command in the Bootloader CLI Figure A 2 Results of show Bootloader CLI Command bootloader help Bootloader Commands help cr Display this message reboot cr Reboots the wireless device set parameter value cr Change the value of the specified parameter to the v...

Page 139: ...commands to help avoid re entering complex statements passwd Sets the Access Point s CLI password reboot Reboots the Access Point in the specified time search Lists the parameters in a specified Table upload Uses TFTP server to upload config files from Access Point to TFTP default directory or specified path List Commands This command can be used in a number of ways to display available commands a...

Page 140: ... of set CLI Command Example 3b Display parameters based on letter sequence This example shows entries for parameters that start with the letter i The more letters you enter the fewer the results returned Notice that there is no space between the letters and the question mark Device Name show ipa Figure A 6 Result of show ipa CLI Command Device Name show iparp Figure A 7 Result of show iparp CLI Co...

Page 141: ...ownload 192 168 0 101 apimage file type config img bootloader Device Name download 192 168 0 101 apimage img CR done exit quit Each of the following commands ends a CLI session Device Name done Device Name exit Device Name quit download Downloads the specified file from a TFTP server to the Access Point Executing download in combination with the asterisks character will make use of the previously ...

Page 142: ...earch Lists the parameters supported by the specified table This list corresponds to the table information displayed in the HTTP interface In this example the CLI returns the list of parameters that make up an entry in the IP Access Table Device Name search mgmtipaccesstbl Device Name help Type at the command prompt for a command list Complete command description and command usage can be provided ...

Page 143: ...veral tables showing parameter properties These commands allow you to view show all parameters and statistics and to change set parameters show To see any Parameter or Statistic value you can specify a single parameter a Group or a Table set Use this CLI Command to change parameter values You can use a single CLI statement to modify Tables or you can modify each parameter separately show CLI Comma...

Page 144: ...Device Name set ipaddr 135 114 73 10 The following elements require reboot ipaddr Example 2 Executing the exit quit or done commands when an object that requires reboot has been configured In addition to the above informational message the CLI also provides a message as a result of the exit quit or done command if changes have been made to objects that require reboot If you make changes to objects...

Page 145: ... also modify several elements in the table entry Enter the index number and specific table elements you would like to modify Hint Use the search Command to see the elements that belong to the table Device Name set mgmtipaccesstbl 1 ipaddr 10 0 0 12 ipmask 255 255 255 248 cmt First Row Example 4 Enable Disable or Delete a table entry or row The following example illustrates how to manage the second...

Page 146: ... specified as in the example below Device Name set mgmtipaccesstbl 0 ipaddr 10 0 0 10 ipmask 255 255 0 0 Below are the rules for creating modifying enabling disabling and deleting table entries Creation The table name is required The table index is required for table entry instance creation the index is always zero 0 The order in which the table arguments or objects are entered in not important Pa...

Page 147: ... the beginning and at the end of the string For example Device Name set sysname Lobby Does not need quote marks Device Name set sysname Front Lobby Requires quote marks The scenarios supported by this CLI are The string delimiter does not have to be used for every string object The single quote or double quote only has to be used for string objects that contain blank space characters If the string...

Page 148: ...ely To perform this operation using CLI commands refer to Change Passwords Set Basic Configuration Parameters using CLI Commands There are a few basic configuration parameters that you may want to setup right away when you receive the AP For example Set System Name Location and Contact Information Set Static IP Address for the AP Download an AP Configuration File from your TFTP Server Set up Auto ...

Page 149: ...v3 authentication password Device Name set snmpv3privpasswd New Password SNMPv3 privacy password Device Name reboot 0 CAUTION SYSTIMAX strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel If you lose or forget your password settings you can always perform the Reset to Factory Default Procedure Set Network Names for the Wireless Inter...

Page 150: ...ted Multicast Rates 6 12 24 Multicast Rate 24 Closed System disable Load Balancing Not Supported Medium Density Distribution Not Supported MAC Address 00 20 A6 53 17 E1 Supported Data Rates 0 6 9 12 18 24 36 48 54 Transmit Rate 0 Physical Layer Type OFDM Regulatory Domain List USA FCC TurboMode Not Supported Supported Operational Modes dot11a only Operational Mode dot11a only Short Slot Time Statu...

Page 151: ...rael IL Qatar QA Belarus BY Italy IT Romania RO Belgium BE Jamaica JM Russia RU Belize BZ Japan JP Samoa WS Bolivia BO Japan2 J2 Saudi Arabia SA Brazil BR Jordan JO Singapore SG Brunei Darussalam BN Kazakhstan KZ Slovak Republic SK Bulgaria BG North Korea KP Slovenia SI Canada CA Korea Republic KR South Africa ZA Chile CL Korea Republic2 K2 South Korea KR China CN Kuwait KW Spain ES Colombia CO La...

Page 152: ...tbl 3 1 ssid accesspt1 vlanid 22 ssidauth enable acctstatus enable secprofile 1 radmacprofile MAC Authentication radeapprofile EAP Authentication radacctprofile Accounting radmacauthstatus enable aclstatus enable Device Name set wifssidtbl 4 1 ssid accesspt1 vlanid 22 ssidauth enable acctstatus enable secprofile 1 radmacprofile MAC Authentication radeapprofile EAP Authentication radacctprofile Acc...

Page 153: ...toconfigTFTPaddr IP address Enter the TFTP server address that is used if the AP is configured for Static IP Other Network Settings There are other configuration settings that you may want to set for the AP Some of them are listed below Configure the AP as a DHCP Server Configure the DNS Client Configure DHCP Relay and Configure DHCP Relay Servers Maintain Client Connections using Link Integrity C...

Page 154: ... Perform the following command to configure and enable a DHCP Relay Server The AP allows the configuration of a maximum of 10 server settings in the DHCP Relay Agents server table Device Name set dhcprlyindex 1 dhcprlyipaddr ip address dhcprlycmt comment dhcprlystatus 1 1 to enable 2 to disable 3 to delete 4 to create Maintain Client Connections using Link Integrity Device Name show linkinttbl thi...

Page 155: ... set wif index multrate 1 2 5 5 6 11 12 24 Mbits s see below Enable Disable Super Mode 802 11a mode and 802 11g mode only Device Name set wif index super enable disable Enable Disable Turbo Mode 802 11a mode and 802 11g mode only Device Name set wif index turbo enable disable NOTE Super mode must be enabled on the interface before Turbo mode can be enabled Configure Antenna Diversity Device Name s...

Page 156: ...number default is 23 Configure Secure Socket Layer HTTPS Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface Value Distance Between APs 1 Large 2 Medium 3 Small 4 Mini 5 Micro Ethernet Speed and Transmission Mode Value 10 Mbits s half duplex 10halfduplex 10 Mbits s full duplex 10fullduplex 10 Mbits s auto duplex 10auto...

Page 157: ...e issues leave Flow Control at the default setting none unless you are sure what this setting should be Device Name set serbaudrate 2400 4800 9600 19200 38400 57600 Device Name set serflowctrl none xonxoff Device Name show serial Figure A 16 Result of show serial CLI Command Configure Syslog Device Name set syslogpriority 1 7 default is 6 Device Name set syslogstatus enable disable Device Name set...

Page 158: ... Server Profile index is specified by the index parameter and the subindex parameter specifies whether you are configuring a primary or secondary RADIUS server Device Name set radiustbl Index profname Profile Name seraddrfmt 1 IP Address 2 Name sernameorip IP Address or Name port value ssecret value responsetm value maxretx value acctupdtintrvl value macaddrfmt value authlifetm value radaccinactiv...

Page 159: ...set during boot up To disable hardware configuration reset enter Device Name set hwconfigresetstatus disable To enable hardware configuration reset enter Device Name set hwconfigresetstatus enable To define the Configuration Reset Password to be used for configuration reset during boot up enter the following command Device Name set configresetpasswd password Device Name show radiustbl Index 1 Prim...

Page 160: ...s inaccessible and the hardware configuration reset functionality is disabled Set VLAN SSID Parameters Enable VLAN Management Device Name set vlanstatus enable Device Name set vlanmgmtid 1 4094 Device Name show wifssidtbl to review your settings Device Name reboot 0 Disable VLAN Management Device Name set vlanstatus disable Device Name set vlanmgmtid 0 Device Name reboot 0 Add a Entry to the WIFSS...

Page 161: ...ment Information Hardware firmware and software version information Network Parameters IP and network settings IP Configuration Parameters Configure the Access Point s IP settings DNS Client for RADIUS Name Resolution Configure the Access Point as a DNS client DHCP Server Parameters Enable or disable dynamic host configuration Link Integrity Parameters Monitor link status Interface Parameters Conf...

Page 162: ...cking Enable or disable peer to peer traffic on the same AP Packet Forwarding Parameters Redirect traffic from wireless clients to a specified MAC address RADIUS Parameters Set RADIUS Parameters Configure RADIUS Servers and assign them to VLANs Security Parameters Access Point security settings MAC Access Control Parameters Control wireless access based on MAC address Rogue Scan Configuration Tabl...

Page 163: ...sctemail Contact Phone DisplayString User Defined max 254 characters RW sysctphone FLASH Backup Interval Integer 0 65535 seconds RW sysflashbckint Flash Update 0 1 RW sysflashupdate System OID DisplayString N A R sysoid Descriptor DisplayString System Name flash version S N bootloader version R sysdescr Up Time Integer dd hh mm ss dd days hh hours mm minutes ss seconds R sysuptime Emergency Restor...

Page 164: ...ameters display the same information IP Address IpAddress User Defined RW ipaddr IP Mask IpAddress User Defined RW ipmask Default Router IP Address IpAddress User Defined RW ipgw Default TTL Integer User Defined seconds 0 255 64 default RW ipttl Address Type Integer static dynamic default RW ipaddrtype Name Type Values Access CLI Parameter DNS Client Group N A R dns DNS Client status Integer enabl...

Page 165: ...hcppridnsipaddr Secondary DNS IP Address IpAddress User Defined RW dhcpsecdnsipaddr Number of IP Pool Table Entries Integer32 N A R dhcpippooltblent Name Type Values Access CLI Parameter DHCP Server IP Address Pool Table Table N A R dhcpippooltbl Table Index Integer User Defined N A index Start IP Address IpAddress User Defined RW startipaddr End IP Address IpAddress User Defined RW endipaddr Widt...

Page 166: ...e Entry Comment DisplayString User Defined RW dhcprlycmt DHCP Relay Server Table Entry Status Integer enable 1 disable 2 delete 3 create 4 RW dhcprlystatus Name Type Values Access CLI Parameter Link Integrity Group N A R linkint Link Integrity Status Integer enable disable default RW linkintstatus Link Integrity Poll Interval Integer 500 15000 ms in increments of 500ms 500 ms default RW linkintpol...

Page 167: ...Interfaces Group N A R wif Table Index Integer 3 Wireless Interface A or 4 Wireless Interface B R index Network Name DisplayString 1 32 characters My Wireless Network default RW netname Auto Channel Select ACS 1 Integer enable default disable RW autochannel DTIM Period Integer 1 255 1 default RW dtimperiod RTS CTS Medium Reservation Integer 0 2347 Default is 2347 off RW medres MAC Address PhyAddre...

Page 168: ...nsmit Rate Integer32 0 Auto Fallback default 6 Mbits s 9 Mbits s 12 Mbits s 18 Mbits s 24 Mbits s 36 Mbits s 48 Mbits s 54 Mbits s RW txrate Physical Layer Type Integer OFDM orthogonal frequency division multiplexing for 802 11a R phytype Super Mode Integer enable disable default RW supermode Turbo Mode1 Integer enable disable default RW turbomode Regulatory Domain List DisplayString FCC U S Canad...

Page 169: ...losedsys MAC Address PhyAddress 12 hex digits R macaddr Supported Data Rates Octet String 1 Mbits s 2 Mbits s 5 5 Mbits s 11 Mbits s R suppdatarates Transmit Rate Integer32 0 auto fallback default 1 Mbits s 2 Mbits s 5 5 Mbits s 11 Mbits s RW txrate Physical Layer Type Integer DSSS direct sequence spread spectrum for 802 11b R phytype Regulatory Domain List DisplayString FCC U S Canada Mexico Arge...

Page 170: ...Mbits s 12 Mbits s 18 Mbits s 24 Mbits s 36 Mbits s 48 Mbits s 54 Mbits s For 802 11b g mode 0 auto fallback default 1 Mbits s 2 Mbits s 5 5 Mbits s 11 Mbits s 6 Mbits s 9 Mbits s 12 Mbits s 18 Mbits s 24 Mbits s 36 Mbits s 48 Mbits s 54 Mbits s RW txrate Physical Layer Type Integer ERP Extended Rate Protocol R phytype Super Mode Integer enable disable default RW supermode Turbo Mode1 Integer enab...

Page 171: ...x R ssidindex SSID DisplayString 1 32 characters RW ssid VLAN ID VlanId 1 4094 RW vlanid Table Row Status RowStatus enable disable delete RW status SSID Authorization Status per VLAN Integer enable disable RW ssidauth RADIUS Accounting Status per VLAN Integer enable disable RW acctstatus MAC ACL Status per VLAN Integer enable disable RW aclstatus Security Profile Integer 1 32 RW secprofile RADIUS ...

Page 172: ...r enable disable RW securemgmtstatus Name Type Values Access CLI Parameter SNMP Group N A R snmp SNMP Management Interface Bitmask Interface Bitmask 0 or 2 No interfaces disable 1 or 3 Ethernet 4 or 6 Wireless A 8 or 10 Wireless B 12 Wireless A B 13 or 15 All interfaces default is 15 RW snmpifbitmask Read Password DisplayString User Defined public default 6 32 characters W snmprpasswd Read Write P...

Page 173: ...ayString User Defined RW httphelplink SSL Status Integer enable disable RW sslstatus SSL Certificate Passphrase DisplayString User Defined W sslpassphrase Name Type Values Access CLI Parameter Telnet Group N A R telnet Telnet Management Interface Bitmask Interface Bitmask 0 or 2 No interfaces disable 1 or 3 Ethernet 4 or 6 Wireless A 8 or 10 Wireless B 12 Wireless A B 13 or 15 all interfaces defau...

Page 174: ... which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process Name Type Values Access CLI Parameter Radius Local User Status Integer enable disable RW radlocaluserstatus Radius Local User Password DisplayString User Defined RW radlocaluserpasswd HTTP Radius Management Access Integer enable disable RW httpradiusmgmtacce...

Page 175: ...ters Ethernet Protocol Filtering Parameters Name Type Values Access CLI Parameter TFTP Group N A R tftp TFTP Server IP Address IpAddress User Defined RW tftpipaddr TFTP File Name DisplayString User Defined RW tftpfilename TFTP File Type Integer img config bootloader sslcertificate sslprivatekey sshprivatekey sshpublickey clibatchfile CLI Batch File cbflog CLI Batch Error Log RW tftpfiletype Name T...

Page 176: ... MAC Address Filter Table Table N A R staticmactbl Table Index N A N A R index Static MAC Address on Wired Network PhysAddress User Defined RW wiredmacaddr Static MAC Address Mask on Wired Network PhysAddress User Defined RW wiredmask Static MAC Address on Wireless Network PhysAddress User Defined RW wirelessmacaddr Static MAC Address Mask on Wireless Network PhysAddress User Defined RW wirelessma...

Page 177: ...lt disable RW portfltstatus Name Type Values Access CLI Parameter Port Filtering Table Table N A R portflttbl Table Index N A User Defined there are also 4 pre defined indices see Port Number below for more information R index Port Type Octet String tcp udp tcp udp RW porttype Port Number Octet String User Defined there are also 4 pre defined protocols Index 1 NetBios Name Service 137 Index 2 NetB...

Page 178: ...ble Table N A R snmptraphosttbl Table Index Integer User Defined N A index IP Address IpAddress User Defined RW ipaddr Password DisplayString User Defined up to 64 characters W passwd Comment optional DisplayString User Defined up to 254 characters RW cmt Status optional Integer enable default disable delete RW status Name Type Values Access CLI Parameter Syslog Group N A R syslog Syslog Status In...

Page 179: ...to 30 seconds 1500 default RW stpfwddelay Name Type Values Access CLI Parameter Spanning Tree Table Table N A R stpbl Table Index Port N A 1 15 R index Priority Integer 0 255 128 default RW priority Path Cost Integer 1 65535 100 default RW pathcost State Integer disable blocking listening learning forwarding broken R state Status Integer enable disable RW status Name Type Values Access CLI Paramet...

Page 180: ... Access CLI Parameter Packet Forwarding MAC Address Group N A R pktfwd Packet Forwarding MAC Address MacAddress User Defined RW pktfwdmacaddr Packet Forwarding Status Integer enable disable default RW pktfwdstatus Packet Forwarding Interface Port Integer 0 any default 1 Ethernet 2 WDS 1 3 WDS 2 4 WDS 3 5 WDS 4 6 WDS 5 7 WDS 6 RW pktfwdif Name Type Values Access CLI Parameter RADIUS Group N A R rad...

Page 181: ...thlifetm RADIUS Accounting Update Interval Integer32 10 3600 minutes RW radacctupdinterval VLAN ID vlanID 1 4094 RW radvlanid Name Type Values Access CLI Parameter MAC Address Control Group N A R macacl Status Integer enable disable default RW aclstatus Operation Type Integer passthru default block RW macacloptype Name Type Values Access CLI Parameter MAC Address Control Table Table N A R macacltb...

Page 182: ... disable 2 R hwconfigresetstatus Configuration Reset Password DisplayString User Defined RW configresetpasswd Name Type Values Access CLI Parameter VLAN Group N A R vlan Status Integer enable disable default RW vlanstatus Management ID VlanId 1 untagged or 1 4094 RW vlanmgmtid Name Type Values Access CLI Parameter Security Profile Table Table N A R secprofiletbl Table Index Integer 1 1 to 32 5 R i...

Page 183: ...evice Name set secprofiletbl 4 secmode 802 1x rekeyint 900 status enable Configuring a Security Profile with WPA Security Mode set secprofiletbl index secmode wpa rekeyint 900 status enable Example Device Name set secprofiletbl 5 secmode wpa rekeyint 900 status enable Configuring a Security Profile with WPA PSK Security Mode set secprofiletbl index secmode wpa psk passphrase value status enable Ex...

Page 184: ...rface Properties table Enabling QoS Name Type Values Access CLI Parameter IAPP Group N A R iapp IAPP Status Integer enable default disable RW iappstatus Periodic Announce Interval seconds Integer 80 120 default 160 200 RW iappannint Announce Response Time Integer 2 seconds R iappannresp Handover Time out Integer 410 ms 512 ms default 614 ms 717 ms 819 ms RW iapphandtout Max Handover Retransmission...

Page 185: ...nd 802 1D priorities Name Type Values Access CLI Parameter QoS Group Group N A N A qos QoS Policy Table Table N A N A qospolicytbl Table Primary Index Integer N A R index Table Secondary Index Integer N A R secindex Policy Name Display String 0 32 characters RW policyname Policy Type Integer inlayer2 inlayer3 outlayer2 outlayer3 spectralink RW type Priority Mapping Index Integer See Note RW mapind...

Page 186: ... for a Wireless Interface SSID The QoS Policy object configures the QoS policy to be used per wireless interface SSID This object is part of the Wireless Interface SSID Table the CLI command for this table is wifssidtbl NOTE A QoS Policy number needs to be specified in the SSID table This depends on the QoS policies configured by the user Once the user has configured QoS policies the user should s...

Page 187: ...s LTV format or a CLI Batch file If the AP detects a CLI Batch file a file with extension cli the AP executes the file immediately The AP will reboot after executing the CLI Batch file Auto Configuration will not result in repeated reboots if the CLI Batch file contains rebootable parameters CLI Batch File Format and Syntax The CLI Batch file must be named with a cli extension to be recognized by ...

Page 188: ... File Error Log If there is any error during the execution of the CLI Batch file the AP will stop executing the file The AP generates traps for all errors and each trap contains the following information Start of execution Original filename of the uploaded file End of execution along with the status of execution Line number and description of failures that occurred during execution The AP logs all...

Page 189: ...tion Keys It also lists the Hexadecimal equivalent for each ASCII character ASCII Character Hex Equivalent ASCII Character Hex Equivalent ASCII Character Hex Equivalent ASCII Character Hex Equivalent 21 9 39 Q 51 i 69 22 3A R 52 j 6A 23 3B S 53 k 6B 24 3C T 54 l 6C 25 3D U 55 m 6D 26 3E V 56 n 6E 27 3F W 57 o 6F 28 40 X 58 p 70 29 A 41 Y 59 q 71 2A B 42 Z 5A r 72 2B C 43 5B s 73 2C D 44 5C t 74 2D...

Page 190: ...ment Functions Advanced Bridging Functions Medium Access Control MAC Functions Security Functions Network Functions Number of Stations per BSS Management Functions Feature Supported by AirSPEED AP542 Without encryption up to 64 With WEP encryption up to 64 With 802 1x Authentication up to 64 With WPA up to 27 Feature Supported by AirSPEED AP542 Web User Interface yes Telnet CLI yes SNMP Agent yes ...

Page 191: ...th MAC based authentication and 802 1x authentication Feature Supported by AirSPEED AP542 IEEE 802 1d Bridging yes WDS Relay yes Roaming yes Protocol Filtering yes Multicast Broadcast Storm Filtering yes Proxy ARP yes TCP UDP Port Filtering yes Blocking Intra BSS Clients yes Packet Forwarding yes Feature Supported by AirSPEED AP542 Automatic Channel Selection ACS yes Dynamic Frequency Selection DF...

Page 192: ...185 F 5 to 95 relative humidity non condensing at 5 C and 85 C Ethernet Interface 10 100 Base TX RJ45 female socket Serial Port Interface Standard RS 232C interface with DB 9 female connector Power over Ethernet Interface Use a Category 5e or better Cat 6 UTP cable Standard 802 3af pin assignments HTTP Interface Microsoft Internet Explorer 6 with Service Pack 1 or later Netscape 7 1 or later Featu...

Page 193: ...SPEED AP542 User Guide 193 Radio Specifications 802 11a Channel Frequencies 802 11b g Channel Frequencies Wireless Communication Range NOTE Refer to the Regulatory Flyer included with the AP for the latest regulatory information ...

Page 194: ... The Web interface and CLI display the available channels for a radio s particular regulatory domain In the CLI any channels that are not available are labeled Not Supported Note 1 Channel 34 is the default channel for Japan Frequency Band Channel ID FCC GHz ETSI GHz TELEC GHz SG GHz ASIA GHz TW GHz Lower Band 36 default 34 5 170 1 36 5 180 5 180 5 180 38 5 190 40 5 200 5 200 5 200 42 5 210 44 5 2...

Page 195: ... in the Communications Range Chart are typical distances as calculated by the SYSTIMAX development team for FCC certified products These values provide a rule of thumb and may vary according to the actual radio conditions at the location where the product is used The range of your wireless devices can be affected when the antennas are placed near metal surfaces and solid high density materials Ran...

Page 196: ...5 m 410 ft 134 m 440 ft Closed Office 22 m 72 ft 29 m 95 ft 39 m 128 ft 52 m 171 ft 64 m 210 ft 80 m 262 ft 86 m 282 ft 92 m 302 ft Tx Power dBm 16 16 16 16 16 16 16 16 Receiver Sensitivity dBm 69 73 77 81 84 87 88 89 Antenna Gain 0 dBi integrated diversity antennas 5 15 5 85 GHz Range 54 Mbits s 48 Mbits s 36 Mbits s 24 Mbits s 18 Mbits s 12 Mbits s 9 Mbits s 6 Mbits s 11 Mbits s 5 5 Mbits s 2 Mb...

Page 197: ...rtner for more information SYSTIMAX Solutions is a trademark of CommScope All trademarks identified by or are registered trademarks or trademarks respectively of CommScope This document is for planning purposes only and is not intended to modify or supplement any specifications or warranties relating to SYSTIMAX Solutions products or services 2 05 UG AP542 1 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands